- update to 1.6.2

- add "buildrequires: texinfo-tex" to get texi2pdf

.cvsignore

@@ -19,3 +19,6 @@ krb5-1.6-pdf.tar.gz
 krb5-1.6.1.tar.gz
 krb5-1.6.1.tar.gz.asc
 krb5-1.6.1-pdf.tar.gz
+krb5-1.6.2.tar.gz
+krb5-1.6.2.tar.gz.asc
+krb5-1.6.2-pdf.tar.gz

2007-004-patch.txt

@@ -1,86 +0,0 @@
-*** src/lib/rpc/svc_auth_gssapi.c	(revision 20015)
---- src/lib/rpc/svc_auth_gssapi.c	(local)
-***************
-*** 149,154 ****
---- 149,156 ----
-       rqst->rq_xprt->xp_auth = &svc_auth_none;
-       
-       memset((char *) &call_res, 0, sizeof(call_res));
-+      creds.client_handle.length = 0;
-+      creds.client_handle.value = NULL;
-       
-       cred = &msg->rm_call.cb_cred;
-       verf = &msg->rm_call.cb_verf;
-*** src/lib/rpc/svc_auth_unix.c	(revision 20015)
---- src/lib/rpc/svc_auth_unix.c	(local)
-***************
-*** 64,71 ****
-  		char area_machname[MAX_MACHINE_NAME+1];
-  		int area_gids[NGRPS];
-  	} *area;
-! 	u_int auth_len;
-! 	int str_len, gid_len;
-  	register int i;
-  
-  	rqst->rq_xprt->xp_auth = &svc_auth_none;
---- 64,70 ----
-  		char area_machname[MAX_MACHINE_NAME+1];
-  		int area_gids[NGRPS];
-  	} *area;
-! 	u_int auth_len, str_len, gid_len;
-  	register int i;
-  
-  	rqst->rq_xprt->xp_auth = &svc_auth_none;
-***************
-*** 74,80 ****
-  	aup = &area->area_aup;
-  	aup->aup_machname = area->area_machname;
-  	aup->aup_gids = area->area_gids;
-! 	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
-  	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
-  	buf = XDR_INLINE(&xdrs, (int)auth_len);
-  	if (buf != NULL) {
---- 73,81 ----
-  	aup = &area->area_aup;
-  	aup->aup_machname = area->area_machname;
-  	aup->aup_gids = area->area_gids;
-! 	auth_len = msg->rm_call.cb_cred.oa_length;
-! 	if (auth_len > INT_MAX)
-! 		return AUTH_BADCRED;
-  	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
-  	buf = XDR_INLINE(&xdrs, (int)auth_len);
-  	if (buf != NULL) {
-***************
-*** 84,90 ****
-  			stat = AUTH_BADCRED;
-  			goto done;
-  		}
-! 		memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
-  		aup->aup_machname[str_len] = 0;
-  		str_len = RNDUP(str_len);
-  		buf += str_len / BYTES_PER_XDR_UNIT;
---- 85,91 ----
-  			stat = AUTH_BADCRED;
-  			goto done;
-  		}
-! 		memmove(aup->aup_machname, buf, str_len);
-  		aup->aup_machname[str_len] = 0;
-  		str_len = RNDUP(str_len);
-  		buf += str_len / BYTES_PER_XDR_UNIT;
-***************
-*** 104,110 ****
-  		 * timestamp, hostname len (0), uid, gid, and gids len (0).
-  		 */
-  		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
-! 			(void) printf("bad auth_len gid %d str %d auth %d\n",
-  			    gid_len, str_len, auth_len);
-  			stat = AUTH_BADCRED;
-  			goto done;
---- 105,111 ----
-  		 * timestamp, hostname len (0), uid, gid, and gids len (0).
-  		 */
-  		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
-! 			(void) printf("bad auth_len gid %u str %u auth %u\n",
-  			    gid_len, str_len, auth_len);
-  			stat = AUTH_BADCRED;
-  			goto done;

2007-005-patch.txt

@@ -1,108 +0,0 @@
-*** src/kadmin/server/server_stubs.c	(revision 20024)
---- src/kadmin/server/server_stubs.c	(local)
-***************
-*** 545,557 ****
-      static generic_ret		ret;
-      char			*prime_arg1,
-  				*prime_arg2;
--     char			prime_arg[BUFSIZ];
-      gss_buffer_desc		client_name,
-  				service_name;
-      OM_uint32			minor_stat;
-      kadm5_server_handle_t	handle;
-      restriction_t		*rp;
-      char                        *errmsg;
-  
-      xdr_free(xdr_generic_ret, &ret);
-  
---- 545,558 ----
-      static generic_ret		ret;
-      char			*prime_arg1,
-  				*prime_arg2;
-      gss_buffer_desc		client_name,
-  				service_name;
-      OM_uint32			minor_stat;
-      kadm5_server_handle_t	handle;
-      restriction_t		*rp;
-      char                        *errmsg;
-+     size_t			tlen1, tlen2, clen, slen;
-+     char			*tdots1, *tdots2, *cdots, *sdots;
-  
-      xdr_free(xdr_generic_ret, &ret);
-  
-***************
-*** 572,578 ****
-  	 ret.code = KADM5_BAD_PRINCIPAL;
-  	 goto exit_func;
-      }
-!     sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
-  
-      ret.code = KADM5_OK;
-      if (! CHANGEPW_SERVICE(rqstp)) {
---- 573,586 ----
-  	 ret.code = KADM5_BAD_PRINCIPAL;
-  	 goto exit_func;
-      }
-!     tlen1 = strlen(prime_arg1);
-!     trunc_name(&tlen1, &tdots1);
-!     tlen2 = strlen(prime_arg2);
-!     trunc_name(&tlen2, &tdots2);
-!     clen = client_name.length;
-!     trunc_name(&clen, &cdots);
-!     slen = service_name.length;
-!     trunc_name(&slen, &sdots);
-  
-      ret.code = KADM5_OK;
-      if (! CHANGEPW_SERVICE(rqstp)) {
-***************
-*** 590,597 ****
-      } else
-  	 ret.code = KADM5_AUTH_INSUFFICIENT;
-      if (ret.code != KADM5_OK) {
-! 	 log_unauth("kadm5_rename_principal", prime_arg,
-! 		    &client_name, &service_name, rqstp);
-      } else {
-  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
-  						arg->dest);
---- 598,612 ----
-      } else
-  	 ret.code = KADM5_AUTH_INSUFFICIENT;
-      if (ret.code != KADM5_OK) {
-! 	 krb5_klog_syslog(LOG_NOTICE,
-! 			  "Unauthorized request: kadm5_rename_principal, "
-! 			  "%.*s%s to %.*s%s, "
-! 			  "client=%.*s%s, service=%.*s%s, addr=%s",
-! 			  tlen1, prime_arg1, tdots1,
-! 			  tlen2, prime_arg2, tdots2,
-! 			  clen, client_name.value, cdots,
-! 			  slen, service_name.value, sdots,
-! 			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-      } else {
-  	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
-  						arg->dest);
-***************
-*** 600,607 ****
-  	 else
-  	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-  
-! 	 log_done("kadm5_rename_principal", prime_arg, errmsg,
-! 		  &client_name, &service_name, rqstp);
-      }
-      free_server_handle(handle);
-      free(prime_arg1);
---- 615,629 ----
-  	 else
-  	     errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
-  
-! 	 krb5_klog_syslog(LOG_NOTICE,
-! 			  "Request: kadm5_rename_principal, "
-! 			  "%.*s%s to %.*s%s, %s, "
-! 			  "client=%.*s%s, service=%.*s%s, addr=%s",
-! 			  tlen1, prime_arg1, tdots1,
-! 			  tlen2, prime_arg2, tdots2, errmsg,
-! 			  clen, client_name.value, cdots,
-! 			  slen, service_name.value, sdots,
-! 			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-      }
-      free_server_handle(handle);
-      free(prime_arg1);

krb5-1.6.1-ftp-nospew.patch

@@ -1,50 +0,0 @@
-diff -uNr krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c krb5-1-6/src/appl/gssftp/ftp/cmds.c
---- krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c	2007-05-24 11:19:27.000000000 -0400
-+++ krb5-1-6/src/appl/gssftp/ftp/cmds.c	2007-05-24 11:17:37.000000000 -0400
-@@ -168,9 +168,7 @@
- 		}
- 		port = htons(iport);
- 	}
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 	host = hookup(argv[1], port);
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 	if (host) {
- 		int overbose;
- 
-@@ -185,28 +183,20 @@
- 		mode = MODE_S;
- 		stru = STRU_F;
- 		(void) strcpy(bytename, "8"), bytesize = 8;
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 		if (autoauth) {
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 			if (do_auth() && autoencrypt) {
--printf("%s: at line %d\n", __FILE__, __LINE__);
-  				clevel = PROT_P;
- 				setpbsz(1<<20);
- 				if (command("PROT P") == COMPLETE)
- 					dlevel = PROT_P;
- 				else
- 					fprintf(stderr, "ftp: couldn't enable encryption\n");
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 			}
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 			if(auth_type && clevel == PROT_C)
- 				clevel = PROT_S;
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 			if(autologin)
- 				(void) login(argv[1]);
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 		}
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 
- #ifndef unix
- /* sigh */
-@@ -221,7 +211,6 @@
-  * this ifdef is to keep someone form "porting" this to an incompatible
-  * system and not checking this out. This way they have to think about it.
-  */
--printf("%s: at line %d\n", __FILE__, __LINE__);
- 		overbose = verbose;
- 		if (debug == 0)
- 			verbose = -1;

krb5-1.6.1-get_opt_fixup.patch

@@ -1,41 +0,0 @@
-Index: src/include/k5-int.h
-===================================================================
---- src/include/k5-int.h	(revision 19537)
-+++ src/include/k5-int.h	(revision 19538)
-@@ -1048,9 +1048,9 @@
- #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
- 
- #define krb5_gic_opt_is_extended(s) \
--    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
-+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
- #define krb5_gic_opt_is_shadowed(s) \
--    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
-+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
- 
- 
- typedef struct _krb5_gic_opt_private {
-Index: src/lib/krb5/krb/gic_opt.c
-===================================================================
---- src/lib/krb5/krb/gic_opt.c	(revision 19537)
-+++ src/lib/krb5/krb/gic_opt.c	(revision 19538)
-@@ -206,8 +206,18 @@
-     oe = krb5int_gic_opte_alloc(context);
-     if (NULL == oe)
- 	return ENOMEM;
--    memcpy(oe, opt, sizeof(*opt));
--    /* Fix these -- overwritten by the copy */
-+
-+    if (opt)
-+        memcpy(oe, opt, sizeof(*opt));
-+
-+    /*
-+     * Fix the flags -- the EXTENDED flag would have been
-+     * overwritten by the copy if there was one.  The
-+     * SHADOWED flag is necessary to ensure that the
-+     * krb5_gic_opt_ext structure that was allocated
-+     * here will be freed by the library because the
-+     * application is unaware of its existence.
-+     */
-     oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
- 		   KRB5_GET_INIT_CREDS_OPT_SHADOWED);
- 

krb5.spec

@@ -13,10 +13,10 @@
 
 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.6.1
+Version: 1.6.2
-Release: 8%{?dist}
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@@ -80,24 +80,19 @@ Patch51: krb5-1.6-ldap-init.patch
 Patch52: krb5-1.6-ldap-man.patch
 Patch53: krb5-1.6-nodeplibs.patch
 Patch55: krb5-1.6.1-empty.patch
-Patch56: krb5-1.6.1-get_opt_fixup.patch
-Patch57: krb5-1.6.1-ftp-nospew.patch
 
 Patch60: krb5-1.6.1-pam.patch
 Patch61: krb5-trunk-manpaths.patch
 Patch62: krb5-any-fixup-patch.txt
 Patch63: krb5-1.6.1-selinux-label.patch
 
-Patch70: http://web.mit.edu/kerberos/advisories/2007-004-patch.txt
-Patch71: http://web.mit.edu/kerberos/advisories/2007-005-patch.txt
-
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Prereq: grep, info, sh-utils, /sbin/install-info
 BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex
-BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar
+BuildPrereq: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
 BuildRequires: tetex-latex
 BuildRequires: keyutils-libs-devel
 BuildRequires: libselinux-devel
@@ -206,6 +201,10 @@ installed on systems which are meant provide these services.
 %endif
 
 %changelog
+* Thu Jul 17 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-1
+- update to 1.6.2
+- add "buildrequires: texinfo-tex" to get texi2pdf
+
 * Wed Jun 27 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-8
 - incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
   and MITKRB5-SA-2007-005 (CVE-2007-2798)
@@ -1195,10 +1194,6 @@ popd
 %patch52 -p0 -b .ldap_man
 %patch53 -p1 -b .nodeplibs
 #%patch55 -p1 -b .empty
-%patch56 -p0 -b .get_opt_fixup
-%patch57 -p1 -b .ftp-nospew
-%patch70 -p0 -b .2007-004
-%patch71 -p0 -b .2007-005
 cp src/krb524/README README.krb524
 gzip doc/*.ps
 

sources

@@ -1,3 +1,3 @@
-165bfd13e77d63e623810a3abe43ad61  krb5-1.6.1.tar.gz
+41d8c0cdb6c3e59171234b0464ec3c47  krb5-1.6.2.tar.gz
-8249f522570f8b17f056bc8a5408678d  krb5-1.6.1.tar.gz.asc
+8a5c577ea2907ecebdc03b7ccbf4d534  krb5-1.6.2.tar.gz.asc
-06835fe8a0ac3455dfaf9c6073f1f54c  krb5-1.6.1-pdf.tar.gz
+c6c5380e4bfdb787f3b196b66cd96bed  krb5-1.6.2-pdf.tar.gz