[arch-commits] Commit in krb5/trunk (4 files)

Stéphane Gaudreault stephane at archlinux.org
Thu Mar 8 20:02:54 EST 2012


    Date: Thursday, March 8, 2012 @ 20:02:53
  Author: stephane
Revision: 152707

upgpkg: krb5 1.10.1-1

upstream update

Modified:
  krb5/trunk/PKGBUILD
Deleted:
  krb5/trunk/krb5-1.9.1-2011-007.patch
  krb5/trunk/krb5-1.9.1-canonicalize-fallback.patch
  krb5/trunk/krb5-1.9.1-config-script.patch

----------------------------------------+
 PKGBUILD                               |   35 ++++--------------
 krb5-1.9.1-2011-007.patch              |   40 ---------------------
 krb5-1.9.1-canonicalize-fallback.patch |   58 -------------------------------
 krb5-1.9.1-config-script.patch         |   27 --------------
 4 files changed, 8 insertions(+), 152 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2012-03-09 01:01:22 UTC (rev 152706)
+++ PKGBUILD	2012-03-09 01:02:53 UTC (rev 152707)
@@ -2,8 +2,8 @@
 # Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
 
 pkgname=krb5
-pkgver=1.9.2
-pkgrel=2
+pkgver=1.10.1
+pkgrel=1
 pkgdesc="The Kerberos network authentication system"
 arch=('i686' 'x86_64')
 url="http://web.mit.edu/kerberos/"
@@ -14,40 +14,20 @@
 replaces=('heimdal')
 conflicts=('heimdal')
 backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
-source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar
+source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.10/${pkgname}-${pkgver}-signed.tar
         krb5-kadmind
         krb5-kdc
-        krb5-kpropd
-        krb5-1.9.1-config-script.patch
-        krb5-1.9.1-2011-007.patch)
-sha1sums=('aa06f778ee1f9791cd4c5cf4c9e9465769ffec92'
+        krb5-kpropd)
+sha1sums=('f9f3b77173f68b268b43e4f9c29bf7c9f3fd1f0e'
           '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
           '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
-          '7f402078fa65bb9ff1beb6cbbbb017450df78560'
-          '7342410760cf44bfa01bb99bb4c49e12496cb46f'
-          'ec917dd1d1c96fa331f512331d5aa37c2e9b9df7')
+          '7f402078fa65bb9ff1beb6cbbbb017450df78560')
 options=('!emptydirs')
 
 build() {
    tar zxvf ${pkgname}-${pkgver}.tar.gz
    cd "${srcdir}/${pkgname}-${pkgver}/src"
 
-   # - Make krb5-config suppress CFLAGS output when called with --libs
-   #   cf https://bugzilla.redhat.com/show_bug.cgi?id=544391
-   #
-   # - Omit extra libraries because their interfaces are not exposed to applications
-   #   by libkrb5, unless do_deps is set to 1, which indicates that the caller
-   #   wants the whole list.
-   #
-   #   Patch from upstream :
-   #   http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236
-   patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch
-
-   # Apply upstream patch to fix a null pointer dereference when processing TGS requests
-   # CVE-2011-1530
-   # see http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
-   patch -Np2 -i ${srcdir}/krb5-1.9.1-2011-007.patch
-
    # FS#25384
    sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
 
@@ -62,7 +42,8 @@
                --disable-rpath \
                --without-tcl \
                --enable-dns-for-realm \
-               --with-ldap
+               --with-ldap \
+               --without-system-verto
    make
 }
 

Deleted: krb5-1.9.1-2011-007.patch
===================================================================
--- krb5-1.9.1-2011-007.patch	2012-03-09 01:01:22 UTC (rev 152706)
+++ krb5-1.9.1-2011-007.patch	2012-03-09 01:02:53 UTC (rev 152707)
@@ -1,40 +0,0 @@
-diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in
-index f46cad3..102fbaa 100644
---- a/src/kdc/Makefile.in
-+++ b/src/kdc/Makefile.in
-@@ -67,6 +67,7 @@ check-unix:: rtest
- 
- check-pytests::
- 	$(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS)
-+	$(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS)
- 
- install::
- 	$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
-diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
-index c169c54..840a2ef 100644
---- a/src/kdc/do_tgs_req.c
-+++ b/src/kdc/do_tgs_req.c
-@@ -243,7 +243,8 @@ tgt_again:
-                     if (!tgs_1 || !data_eq(*server_1, *tgs_1)) {
-                         errcode = find_alternate_tgs(request, &server);
-                         firstpass = 0;
--                        goto tgt_again;
-+                        if (errcode == 0)
-+                            goto tgt_again;
-                     }
-                 }
-                 status = "UNKNOWN_SERVER";
-diff --git a/src/kdc/t_emptytgt.py b/src/kdc/t_emptytgt.py
-new file mode 100644
-index 0000000..1760bcd
---- /dev/null
-+++ b/src/kdc/t_emptytgt.py
-@@ -0,0 +1,8 @@
-+#!/usr/bin/python
-+from k5test import *
-+
-+realm = K5Realm(start_kadmind=False, create_host=False)
-+output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1)
-+if 'not found in Kerberos database' not in output:
-+    fail('TGT lookup for empty realm failed in unexpected way')
-+success('Empty tgt lookup.')

Deleted: krb5-1.9.1-canonicalize-fallback.patch
===================================================================
--- krb5-1.9.1-canonicalize-fallback.patch	2012-03-09 01:01:22 UTC (rev 152706)
+++ krb5-1.9.1-canonicalize-fallback.patch	2012-03-09 01:02:53 UTC (rev 152707)
@@ -1,58 +0,0 @@
-diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c
---- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c	2011-02-09 16:55:36.000000000 -0500
-+++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c	2011-09-26 18:42:01.465190278 -0400
-@@ -470,13 +470,10 @@
- 
- /***** STATE_REFERRALS *****/
- 
--/*
-- * Possibly retry a request in the fallback realm after a referral request
-- * failure in the local realm.  Expects ctx->reply_code to be set to the error
-- * from a referral request.
-- */
-+/* Possibly try a non-referral request after a referral request failure.
-+ * Expects ctx->reply_code to be set to the error from a referral request. */
- static krb5_error_code
--try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx)
-+try_fallback(krb5_context context, krb5_tkt_creds_context ctx)
- {
-     krb5_error_code code;
-     char **hrealms;
-@@ -485,9 +482,10 @@
-     if (ctx->referral_count > 1)
-         return ctx->reply_code;
- 
--    /* Only fall back if the original request used the referral realm. */
-+    /* If the request used a specified realm, make a non-referral request to
-+     * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */
-     if (!krb5_is_referral_realm(&ctx->req_server->realm))
--        return ctx->reply_code;
-+        return begin_non_referral(context, ctx);
- 
-     if (ctx->server->length < 2) {
-         /* We need a type/host format principal to find a fallback realm. */
-@@ -500,10 +498,10 @@
-     if (code != 0)
-         return code;
- 
--    /* Give up if the fallback realm isn't any different. */
-+    /* If the fallback realm isn't any different, use the existing TGT. */
-     if (data_eq_string(ctx->server->realm, hrealms[0])) {
-         krb5_free_host_realm(context, hrealms);
--        return ctx->reply_code;
-+        return begin_non_referral(context, ctx);
-     }
- 
-     /* Rewrite server->realm to be the fallback realm. */
-@@ -540,9 +538,9 @@
-     krb5_error_code code;
-     const krb5_data *referral_realm;
- 
--    /* Possibly retry with the fallback realm on error. */
-+    /* Possibly try a non-referral fallback request on error. */
-     if (ctx->reply_code != 0)
--        return try_fallback_realm(context, ctx);
-+        return try_fallback(context, ctx);
- 
-     if (krb5_principal_compare(context, ctx->reply_creds->server,
-                                ctx->server)) {

Deleted: krb5-1.9.1-config-script.patch
===================================================================
--- krb5-1.9.1-config-script.patch	2012-03-09 01:01:22 UTC (rev 152706)
+++ krb5-1.9.1-config-script.patch	2012-03-09 01:02:53 UTC (rev 152707)
@@ -1,27 +0,0 @@
-diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in
---- krb5-1.9.1.ori/src/krb5-config.in	2010-01-19 13:44:57.000000000 -0500
-+++ krb5-1.9.1/src/krb5-config.in	2011-09-26 18:27:09.018487087 -0400
-@@ -186,7 +186,7 @@
- 	    -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
- 	    -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
- 	    -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
--	    -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
-+	    -e 's#\$(CFLAGS)##'`
- 
-     if test $library = 'kdb'; then
- 	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
-@@ -214,9 +214,13 @@
-     fi
- 
-     if test $library = 'krb5'; then
--	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
-+	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err"
-     fi
- 
-+    # If we ever support a flag to generate output suitable for static
-+    # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
-+    # here.
-+
-     echo $lib_flags
- fi
- 



More information about the arch-commits mailing list