- update to 1.6.2

- add "buildrequires: texinfo-tex" to get texi2pdf
This commit is contained in:
Nalin Dahyabhai 2007-07-19 16:50:28 +00:00
parent 56d1413f95
commit c0cd730c79
7 changed files with 14 additions and 301 deletions

View File

@ -19,3 +19,6 @@ krb5-1.6-pdf.tar.gz
krb5-1.6.1.tar.gz
krb5-1.6.1.tar.gz.asc
krb5-1.6.1-pdf.tar.gz
krb5-1.6.2.tar.gz
krb5-1.6.2.tar.gz.asc
krb5-1.6.2-pdf.tar.gz

View File

@ -1,86 +0,0 @@
*** src/lib/rpc/svc_auth_gssapi.c (revision 20015)
--- src/lib/rpc/svc_auth_gssapi.c (local)
***************
*** 149,154 ****
--- 149,156 ----
rqst->rq_xprt->xp_auth = &svc_auth_none;
memset((char *) &call_res, 0, sizeof(call_res));
+ creds.client_handle.length = 0;
+ creds.client_handle.value = NULL;
cred = &msg->rm_call.cb_cred;
verf = &msg->rm_call.cb_verf;
*** src/lib/rpc/svc_auth_unix.c (revision 20015)
--- src/lib/rpc/svc_auth_unix.c (local)
***************
*** 64,71 ****
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
! u_int auth_len;
! int str_len, gid_len;
register int i;
rqst->rq_xprt->xp_auth = &svc_auth_none;
--- 64,70 ----
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
! u_int auth_len, str_len, gid_len;
register int i;
rqst->rq_xprt->xp_auth = &svc_auth_none;
***************
*** 74,80 ****
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
! auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, (int)auth_len);
if (buf != NULL) {
--- 73,81 ----
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
! auth_len = msg->rm_call.cb_cred.oa_length;
! if (auth_len > INT_MAX)
! return AUTH_BADCRED;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, (int)auth_len);
if (buf != NULL) {
***************
*** 84,90 ****
stat = AUTH_BADCRED;
goto done;
}
! memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / BYTES_PER_XDR_UNIT;
--- 85,91 ----
stat = AUTH_BADCRED;
goto done;
}
! memmove(aup->aup_machname, buf, str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / BYTES_PER_XDR_UNIT;
***************
*** 104,110 ****
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
! (void) printf("bad auth_len gid %d str %d auth %d\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
--- 105,111 ----
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
! (void) printf("bad auth_len gid %u str %u auth %u\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;

View File

@ -1,108 +0,0 @@
*** src/kadmin/server/server_stubs.c (revision 20024)
--- src/kadmin/server/server_stubs.c (local)
***************
*** 545,557 ****
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
- char prime_arg[BUFSIZ];
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
char *errmsg;
xdr_free(xdr_generic_ret, &ret);
--- 545,558 ----
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
char *errmsg;
+ size_t tlen1, tlen2, clen, slen;
+ char *tdots1, *tdots2, *cdots, *sdots;
xdr_free(xdr_generic_ret, &ret);
***************
*** 572,578 ****
ret.code = KADM5_BAD_PRINCIPAL;
goto exit_func;
}
! sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
--- 573,586 ----
ret.code = KADM5_BAD_PRINCIPAL;
goto exit_func;
}
! tlen1 = strlen(prime_arg1);
! trunc_name(&tlen1, &tdots1);
! tlen2 = strlen(prime_arg2);
! trunc_name(&tlen2, &tdots2);
! clen = client_name.length;
! trunc_name(&clen, &cdots);
! slen = service_name.length;
! trunc_name(&slen, &sdots);
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
***************
*** 590,597 ****
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
! log_unauth("kadm5_rename_principal", prime_arg,
! &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
--- 598,612 ----
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
! krb5_klog_syslog(LOG_NOTICE,
! "Unauthorized request: kadm5_rename_principal, "
! "%.*s%s to %.*s%s, "
! "client=%.*s%s, service=%.*s%s, addr=%s",
! tlen1, prime_arg1, tdots1,
! tlen2, prime_arg2, tdots2,
! clen, client_name.value, cdots,
! slen, service_name.value, sdots,
! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
***************
*** 600,607 ****
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
! log_done("kadm5_rename_principal", prime_arg, errmsg,
! &client_name, &service_name, rqstp);
}
free_server_handle(handle);
free(prime_arg1);
--- 615,629 ----
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
! krb5_klog_syslog(LOG_NOTICE,
! "Request: kadm5_rename_principal, "
! "%.*s%s to %.*s%s, %s, "
! "client=%.*s%s, service=%.*s%s, addr=%s",
! tlen1, prime_arg1, tdots1,
! tlen2, prime_arg2, tdots2, errmsg,
! clen, client_name.value, cdots,
! slen, service_name.value, sdots,
! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
}
free_server_handle(handle);
free(prime_arg1);

View File

@ -1,50 +0,0 @@
diff -uNr krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c krb5-1-6/src/appl/gssftp/ftp/cmds.c
--- krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c 2007-05-24 11:19:27.000000000 -0400
+++ krb5-1-6/src/appl/gssftp/ftp/cmds.c 2007-05-24 11:17:37.000000000 -0400
@@ -168,9 +168,7 @@
}
port = htons(iport);
}
-printf("%s: at line %d\n", __FILE__, __LINE__);
host = hookup(argv[1], port);
-printf("%s: at line %d\n", __FILE__, __LINE__);
if (host) {
int overbose;
@@ -185,28 +183,20 @@
mode = MODE_S;
stru = STRU_F;
(void) strcpy(bytename, "8"), bytesize = 8;
-printf("%s: at line %d\n", __FILE__, __LINE__);
if (autoauth) {
-printf("%s: at line %d\n", __FILE__, __LINE__);
if (do_auth() && autoencrypt) {
-printf("%s: at line %d\n", __FILE__, __LINE__);
clevel = PROT_P;
setpbsz(1<<20);
if (command("PROT P") == COMPLETE)
dlevel = PROT_P;
else
fprintf(stderr, "ftp: couldn't enable encryption\n");
-printf("%s: at line %d\n", __FILE__, __LINE__);
}
-printf("%s: at line %d\n", __FILE__, __LINE__);
if(auth_type && clevel == PROT_C)
clevel = PROT_S;
-printf("%s: at line %d\n", __FILE__, __LINE__);
if(autologin)
(void) login(argv[1]);
-printf("%s: at line %d\n", __FILE__, __LINE__);
}
-printf("%s: at line %d\n", __FILE__, __LINE__);
#ifndef unix
/* sigh */
@@ -221,7 +211,6 @@
* this ifdef is to keep someone form "porting" this to an incompatible
* system and not checking this out. This way they have to think about it.
*/
-printf("%s: at line %d\n", __FILE__, __LINE__);
overbose = verbose;
if (debug == 0)
verbose = -1;

View File

@ -1,41 +0,0 @@
Index: src/include/k5-int.h
===================================================================
--- src/include/k5-int.h (revision 19537)
+++ src/include/k5-int.h (revision 19538)
@@ -1048,9 +1048,9 @@
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
#define krb5_gic_opt_is_extended(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
#define krb5_gic_opt_is_shadowed(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
typedef struct _krb5_gic_opt_private {
Index: src/lib/krb5/krb/gic_opt.c
===================================================================
--- src/lib/krb5/krb/gic_opt.c (revision 19537)
+++ src/lib/krb5/krb/gic_opt.c (revision 19538)
@@ -206,8 +206,18 @@
oe = krb5int_gic_opte_alloc(context);
if (NULL == oe)
return ENOMEM;
- memcpy(oe, opt, sizeof(*opt));
- /* Fix these -- overwritten by the copy */
+
+ if (opt)
+ memcpy(oe, opt, sizeof(*opt));
+
+ /*
+ * Fix the flags -- the EXTENDED flag would have been
+ * overwritten by the copy if there was one. The
+ * SHADOWED flag is necessary to ensure that the
+ * krb5_gic_opt_ext structure that was allocated
+ * here will be freed by the library because the
+ * application is unaware of its existence.
+ */
oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
KRB5_GET_INIT_CREDS_OPT_SHADOWED);

View File

@ -13,10 +13,10 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.1
Release: 8%{?dist}
Version: 1.6.2
Release: 1%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
Source1: krb5-%{version}.tar.gz.asc
Source2: kpropd.init
@ -80,24 +80,19 @@ Patch51: krb5-1.6-ldap-init.patch
Patch52: krb5-1.6-ldap-man.patch
Patch53: krb5-1.6-nodeplibs.patch
Patch55: krb5-1.6.1-empty.patch
Patch56: krb5-1.6.1-get_opt_fixup.patch
Patch57: krb5-1.6.1-ftp-nospew.patch
Patch60: krb5-1.6.1-pam.patch
Patch61: krb5-trunk-manpaths.patch
Patch62: krb5-any-fixup-patch.txt
Patch63: krb5-1.6.1-selinux-label.patch
Patch70: http://web.mit.edu/kerberos/advisories/2007-004-patch.txt
Patch71: http://web.mit.edu/kerberos/advisories/2007-005-patch.txt
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Prereq: grep, info, sh-utils, /sbin/install-info
BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex
BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar
BuildPrereq: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
BuildRequires: tetex-latex
BuildRequires: keyutils-libs-devel
BuildRequires: libselinux-devel
@ -206,6 +201,10 @@ installed on systems which are meant provide these services.
%endif
%changelog
* Thu Jul 17 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-1
- update to 1.6.2
- add "buildrequires: texinfo-tex" to get texi2pdf
* Wed Jun 27 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-8
- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
and MITKRB5-SA-2007-005 (CVE-2007-2798)
@ -1195,10 +1194,6 @@ popd
%patch52 -p0 -b .ldap_man
%patch53 -p1 -b .nodeplibs
#%patch55 -p1 -b .empty
%patch56 -p0 -b .get_opt_fixup
%patch57 -p1 -b .ftp-nospew
%patch70 -p0 -b .2007-004
%patch71 -p0 -b .2007-005
cp src/krb524/README README.krb524
gzip doc/*.ps

View File

@ -1,3 +1,3 @@
165bfd13e77d63e623810a3abe43ad61 krb5-1.6.1.tar.gz
8249f522570f8b17f056bc8a5408678d krb5-1.6.1.tar.gz.asc
06835fe8a0ac3455dfaf9c6073f1f54c krb5-1.6.1-pdf.tar.gz
41d8c0cdb6c3e59171234b0464ec3c47 krb5-1.6.2.tar.gz
8a5c577ea2907ecebdc03b7ccbf4d534 krb5-1.6.2.tar.gz.asc
c6c5380e4bfdb787f3b196b66cd96bed krb5-1.6.2-pdf.tar.gz