- update to 1.6.2

- add "buildrequires: texinfo-tex" to get texi2pdf
2007-07-19 16:50:28 +00:00 · 2007-07-19 16:50:28 +00:00 · c0cd730c79
commit c0cd730c79
parent 56d1413f95
7 changed files with 14 additions and 301 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -19,3 +19,6 @@ krb5-1.6-pdf.tar.gz
 krb5-1.6.1.tar.gz
 krb5-1.6.1.tar.gz.asc
 krb5-1.6.1-pdf.tar.gz
+krb5-1.6.2.tar.gz
+krb5-1.6.2.tar.gz.asc
+krb5-1.6.2-pdf.tar.gz
--- a/2007-004-patch.txt
+++ b/2007-004-patch.txt
@ -1,86 +0,0 @@
-*** src/lib/rpc/svc_auth_gssapi.c	(revision 20015)
--- src/lib/rpc/svc_auth_gssapi.c	(local)
-***************
-*** 149,154 ****
--- 149,156 ----
-       rqst->rq_xprt->xp_auth = &svc_auth_none;
-       
-       memset((char *) &call_res, 0, sizeof(call_res));
-+      creds.client_handle.length = 0;
-+      creds.client_handle.value = NULL;
-       
-       cred = &msg->rm_call.cb_cred;
-       verf = &msg->rm_call.cb_verf;
-*** src/lib/rpc/svc_auth_unix.c	(revision 20015)
--- src/lib/rpc/svc_auth_unix.c	(local)
-***************
-*** 64,71 ****
-  		char area_machname[MAX_MACHINE_NAME+1];
-  		int area_gids[NGRPS];
-  	} *area;
-! 	u_int auth_len;
-! 	int str_len, gid_len;
-  	register int i;
-  
-  	rqst->rq_xprt->xp_auth = &svc_auth_none;
--- 64,70 ----
-  		char area_machname[MAX_MACHINE_NAME+1];
-  		int area_gids[NGRPS];
-  	} *area;
-! 	u_int auth_len, str_len, gid_len;
-  	register int i;
-  
-  	rqst->rq_xprt->xp_auth = &svc_auth_none;
-***************
-*** 74,80 ****
-  	aup = &area->area_aup;
-  	aup->aup_machname = area->area_machname;
-  	aup->aup_gids = area->area_gids;
-! 	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
-  	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
-  	buf = XDR_INLINE(&xdrs, (int)auth_len);
-  	if (buf != NULL) {
--- 73,81 ----
-  	aup = &area->area_aup;
-  	aup->aup_machname = area->area_machname;
-  	aup->aup_gids = area->area_gids;
-! 	auth_len = msg->rm_call.cb_cred.oa_length;
-! 	if (auth_len > INT_MAX)
-! 		return AUTH_BADCRED;
-  	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
-  	buf = XDR_INLINE(&xdrs, (int)auth_len);
-  	if (buf != NULL) {
-***************
-*** 84,90 ****
-  			stat = AUTH_BADCRED;
-  			goto done;
-  		}
-! 		memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
-  		aup->aup_machname[str_len] = 0;
-  		str_len = RNDUP(str_len);
-  		buf += str_len / BYTES_PER_XDR_UNIT;
--- 85,91 ----
-  			stat = AUTH_BADCRED;
-  			goto done;
-  		}
-! 		memmove(aup->aup_machname, buf, str_len);
-  		aup->aup_machname[str_len] = 0;
-  		str_len = RNDUP(str_len);
-  		buf += str_len / BYTES_PER_XDR_UNIT;
-***************
-*** 104,110 ****
-  		 * timestamp, hostname len (0), uid, gid, and gids len (0).
-  		 */
-  		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
-! 			(void) printf("bad auth_len gid %d str %d auth %d\n",
-  			    gid_len, str_len, auth_len);
-  			stat = AUTH_BADCRED;
-  			goto done;
--- 105,111 ----
-  		 * timestamp, hostname len (0), uid, gid, and gids len (0).
-  		 */
-  		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
-! 			(void) printf("bad auth_len gid %u str %u auth %u\n",
-  			    gid_len, str_len, auth_len);
-  			stat = AUTH_BADCRED;
-  			goto done;
--- a/2007-005-patch.txt
+++ b/2007-005-patch.txt
@ -1,108 +0,0 @@
-*** src/kadmin/server/server_stubs.c	(revision 20024)
--- src/kadmin/server/server_stubs.c	(local)
-***************
-*** 545,557 ****
-      static generic_ret		ret;
-      char			*prime_arg1,
-  				*prime_arg2;
-     char			prime_arg[BUFSIZ];
-      gss_buffer_desc		client_name,
-  				service_name;
-      OM_uint32			minor_stat;
-      kadm5_server_handle_t	handle;
-      restriction_t		*rp;
-      char                        *errmsg;
-  
-      xdr_free(xdr_generic_ret, &ret);
-  
--- 545,558 ----
-      static generic_ret		ret;
-      char			*prime_arg1,
-  				*prime_arg2;
-      gss_buffer_desc		client_name,
-  				service_name;
-      OM_uint32			minor_stat;
-      kadm5_server_handle_t	handle;
-      restriction_t		*rp;
-      char                        *errmsg;
-+     size_t			tlen1, tlen2, clen, slen;
-+     char			*tdots1, *tdots2, *cdots, *sdots;
-  
-      xdr_free(xdr_generic_ret, &ret);
-  
-***************
-*** 572,578 ****
-  	 ret.code = KADM5_BAD_PRINCIPAL;
-  	 goto exit_func;
-      }
-!     sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
-  
-      ret.code = KADM5_OK;
-      if (! CHANGEPW_SERVICE(rqstp)) {
--- 573,586 ----
-  	 ret.code = KADM5_BAD_PRINCIPAL;
-  	 goto exit_func;
-      }
-!     tlen1 = strlen(prime_arg1);
-!     trunc_name(&tlen1, &tdots1);
-!     tlen2 = strlen(prime_arg2);
-!     trunc_name(&tlen2, &tdots2);
-!     clen = client_name.length;
-!     trunc_name(&clen, &cdots);
-!     slen = service_name.length;
-!     trunc_name(&slen, &sdots);
-  
-      ret.code = KADM5_OK;
-      if (! CHANGEPW_SERVICE(rqstp)) {
-***************
-*** 590,597 ****
-      } else
-  	 ret.code = KADM5_AUTH_INSUFFICIENT;
-      if (ret.code != KADM5_OK) {
-! 	 log_unauth("kadm5_rename_principal", prime_arg,
-! 		    &client_name, &service_name, rqstp);
-      } else {
-  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
-  						arg->dest);
--- 598,612 ----
-      } else
-  	 ret.code = KADM5_AUTH_INSUFFICIENT;
-      if (ret.code != KADM5_OK) {
-! 	 krb5_klog_syslog(LOG_NOTICE,
-! 			  "Unauthorized request: kadm5_rename_principal, "
-! 			  "%.*s%s to %.*s%s, "
-! 			  "client=%.*s%s, service=%.*s%s, addr=%s",
-! 			  tlen1, prime_arg1, tdots1,
-! 			  tlen2, prime_arg2, tdots2,
-! 			  clen, client_name.value, cdots,
-! 			  slen, service_name.value, sdots,
-! 			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-      } else {
-  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
-  						arg->dest);
-***************
-*** 600,607 ****
-  	 else
-  	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-  
-! 	 log_done("kadm5_rename_principal", prime_arg, errmsg,
-! 		  &client_name, &service_name, rqstp);
-      }
-      free_server_handle(handle);
-      free(prime_arg1);
--- 615,629 ----
-  	 else
-  	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-  
-! 	 krb5_klog_syslog(LOG_NOTICE,
-! 			  "Request: kadm5_rename_principal, "
-! 			  "%.*s%s to %.*s%s, %s, "
-! 			  "client=%.*s%s, service=%.*s%s, addr=%s",
-! 			  tlen1, prime_arg1, tdots1,
-! 			  tlen2, prime_arg2, tdots2, errmsg,
-! 			  clen, client_name.value, cdots,
-! 			  slen, service_name.value, sdots,
-! 			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-      }
-      free_server_handle(handle);
-      free(prime_arg1);
--- a/krb5-1.6.1-ftp-nospew.patch
+++ b/krb5-1.6.1-ftp-nospew.patch
@ -1,50 +0,0 @@
-diff -uNr krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c krb5-1-6/src/appl/gssftp/ftp/cmds.c
--- krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c	2007-05-24 11:19:27.000000000 -0400
-+++ krb5-1-6/src/appl/gssftp/ftp/cmds.c	2007-05-24 11:17:37.000000000 -0400
-@@ -168,9 +168,7 @@
- 		}
- 		port = htons(iport);
- 	}
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 	host = hookup(argv[1], port);
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 	if (host) {
- 		int overbose;
- 
-@@ -185,28 +183,20 @@
- 		mode = MODE_S;
- 		stru = STRU_F;
- 		(void) strcpy(bytename, "8"), bytesize = 8;
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 		if (autoauth) {
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 			if (do_auth() && autoencrypt) {
-printf("%s: at line %d\n", __FILE__, __LINE__);
-  				clevel = PROT_P;
- 				setpbsz(1<<20);
- 				if (command("PROT P") == COMPLETE)
- 					dlevel = PROT_P;
- 				else
- 					fprintf(stderr, "ftp: couldn't enable encryption\n");
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 			}
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 			if(auth_type && clevel == PROT_C)
- 				clevel = PROT_S;
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 			if(autologin)
- 				(void) login(argv[1]);
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 		}
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 
- #ifndef unix
- /* sigh */
-@@ -221,7 +211,6 @@
-  * this ifdef is to keep someone form "porting" this to an incompatible
-  * system and not checking this out. This way they have to think about it.
-  */
-printf("%s: at line %d\n", __FILE__, __LINE__);
- 		overbose = verbose;
- 		if (debug == 0)
- 			verbose = -1;
--- a/krb5-1.6.1-get_opt_fixup.patch
+++ b/krb5-1.6.1-get_opt_fixup.patch
@ -1,41 +0,0 @@
-Index: src/include/k5-int.h
-===================================================================
--- src/include/k5-int.h	(revision 19537)
-+++ src/include/k5-int.h	(revision 19538)
-@@ -1048,9 +1048,9 @@
- #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
- 
- #define krb5_gic_opt_is_extended(s) \
-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
-+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
- #define krb5_gic_opt_is_shadowed(s) \
-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
-+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
- 
- 
- typedef struct _krb5_gic_opt_private {
-Index: src/lib/krb5/krb/gic_opt.c
-===================================================================
--- src/lib/krb5/krb/gic_opt.c	(revision 19537)
-+++ src/lib/krb5/krb/gic_opt.c	(revision 19538)
-@@ -206,8 +206,18 @@
-     oe = krb5int_gic_opte_alloc(context);
-     if (NULL == oe)
- 	return ENOMEM;
-    memcpy(oe, opt, sizeof(*opt));
-    /* Fix these -- overwritten by the copy */
-+
-+    if (opt)
-+        memcpy(oe, opt, sizeof(*opt));
-+
-+    /*
-+     * Fix the flags -- the EXTENDED flag would have been
-+     * overwritten by the copy if there was one.  The
-+     * SHADOWED flag is necessary to ensure that the
-+     * krb5_gic_opt_ext structure that was allocated
-+     * here will be freed by the library because the
-+     * application is unaware of its existence.
-+     */
-     oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
- 		   KRB5_GET_INIT_CREDS_OPT_SHADOWED);
- 
--- a/krb5.spec
+++ b/krb5.spec
@ -13,10 +13,10 @@

 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.6.1
-Release: 8%{?dist}
+Version: 1.6.2
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@ -80,24 +80,19 @@ Patch51: krb5-1.6-ldap-init.patch
 Patch52: krb5-1.6-ldap-man.patch
 Patch53: krb5-1.6-nodeplibs.patch
 Patch55: krb5-1.6.1-empty.patch
-Patch56: krb5-1.6.1-get_opt_fixup.patch
-Patch57: krb5-1.6.1-ftp-nospew.patch

 Patch60: krb5-1.6.1-pam.patch
 Patch61: krb5-trunk-manpaths.patch
 Patch62: krb5-any-fixup-patch.txt
 Patch63: krb5-1.6.1-selinux-label.patch

-Patch70: http://web.mit.edu/kerberos/advisories/2007-004-patch.txt
-Patch71: http://web.mit.edu/kerberos/advisories/2007-005-patch.txt
-
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Prereq: grep, info, sh-utils, /sbin/install-info
 BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex
-BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar
+BuildPrereq: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
 BuildRequires: tetex-latex
 BuildRequires: keyutils-libs-devel
 BuildRequires: libselinux-devel
@ -206,6 +201,10 @@ installed on systems which are meant provide these services.
 %endif

 %changelog
+* Thu Jul 17 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-1
+- update to 1.6.2
+- add "buildrequires: texinfo-tex" to get texi2pdf
+
 * Wed Jun 27 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-8
 - incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
  and MITKRB5-SA-2007-005 (CVE-2007-2798)
@ -1195,10 +1194,6 @@ popd
 %patch52 -p0 -b .ldap_man
 %patch53 -p1 -b .nodeplibs
 #%patch55 -p1 -b .empty
-%patch56 -p0 -b .get_opt_fixup
-%patch57 -p1 -b .ftp-nospew
-%patch70 -p0 -b .2007-004
-%patch71 -p0 -b .2007-005
 cp src/krb524/README README.krb524
 gzip doc/*.ps

--- a/6
+++ b/6
@ -1,3 +1,3 @@
-165bfd13e77d63e623810a3abe43ad61  krb5-1.6.1.tar.gz
-8249f522570f8b17f056bc8a5408678d  krb5-1.6.1.tar.gz.asc
-06835fe8a0ac3455dfaf9c6073f1f54c  krb5-1.6.1-pdf.tar.gz
+41d8c0cdb6c3e59171234b0464ec3c47  krb5-1.6.2.tar.gz
+8a5c577ea2907ecebdc03b7ccbf4d534  krb5-1.6.2.tar.gz.asc
+c6c5380e4bfdb787f3b196b66cd96bed  krb5-1.6.2-pdf.tar.gz