[arch-commits] Commit in krb5/trunk (3 files)
Eric Bélanger
eric at nymeria.archlinux.org
Mon Nov 18 06:16:56 UTC 2013
Date: Monday, November 18, 2013 @ 07:16:55
Author: eric
Revision: 199882
upgpkg: krb5 1.11.4-1
Upstream update, Add prepare function, Remove old patches
Modified:
krb5/trunk/PKGBUILD
Deleted:
krb5/trunk/CVE-2002-2443.patch
krb5/trunk/krb5-1.10.1-gcc47.patch
-------------------------+
CVE-2002-2443.patch | 69 ----------------------------------------------
PKGBUILD | 28 +++++++-----------
krb5-1.10.1-gcc47.patch | 11 -------
3 files changed, 11 insertions(+), 97 deletions(-)
Deleted: CVE-2002-2443.patch
===================================================================
--- CVE-2002-2443.patch 2013-11-18 00:53:32 UTC (rev 199881)
+++ CVE-2002-2443.patch 2013-11-18 06:16:55 UTC (rev 199882)
@@ -1,69 +0,0 @@
-From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001
-From: Tom Yu <tlyu at mit.edu>
-Date: Fri, 3 May 2013 16:26:46 -0400
-Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443]
-
-The kpasswd service provided by kadmind was vulnerable to a UDP
-"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
-they pass some basic validation, and don't respond to our own error
-packets.
-
-Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
-attack or UDP ping-pong attacks in general, but there is discussion
-leading toward narrowing the definition of CVE-1999-0103 to the echo,
-chargen, or other similar built-in inetd services.
-
-Thanks to Vincent Danen for alerting us to this issue.
-
-CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
-
-ticket: 7637 (new)
-target_version: 1.11.3
-tags: pullup
----
- src/kadmin/server/schpw.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
-index 15b0ab5..7f455d8 100644
---- a/src/kadmin/server/schpw.c
-+++ b/src/kadmin/server/schpw.c
-@@ -52,7 +52,7 @@
- ret = KRB5KRB_AP_ERR_MODIFIED;
- numresult = KRB5_KPASSWD_MALFORMED;
- strlcpy(strresult, "Request was truncated", sizeof(strresult));
-- goto chpwfail;
-+ goto bailout;
- }
-
- ptr = req->data;
-@@ -67,7 +67,7 @@
- numresult = KRB5_KPASSWD_MALFORMED;
- strlcpy(strresult, "Request length was inconsistent",
- sizeof(strresult));
-- goto chpwfail;
-+ goto bailout;
- }
-
- /* verify version number */
-@@ -80,7 +80,7 @@
- numresult = KRB5_KPASSWD_BAD_VERSION;
- snprintf(strresult, sizeof(strresult),
- "Request contained unknown protocol version number %d", vno);
-- goto chpwfail;
-+ goto bailout;
- }
-
- /* read, check ap-req length */
-@@ -93,7 +93,7 @@
- numresult = KRB5_KPASSWD_MALFORMED;
- strlcpy(strresult, "Request was truncated in AP-REQ",
- sizeof(strresult));
-- goto chpwfail;
-+ goto bailout;
- }
-
- /* verify ap_req */
---
-1.8.1.6
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-11-18 00:53:32 UTC (rev 199881)
+++ PKGBUILD 2013-11-18 06:16:55 UTC (rev 199882)
@@ -2,7 +2,7 @@
# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
pkgname=krb5
-pkgver=1.11.3
+pkgver=1.11.4
pkgrel=1
pkgdesc="The Kerberos network authentication system"
arch=('i686' 'x86_64')
@@ -11,8 +11,8 @@
depends=('e2fsprogs' 'libldap' 'keyutils')
makedepends=('perl')
backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
-source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.11/${pkgname}-${pkgver}-signed.tar
- CVE-2002-2443.patch
+options=('!emptydirs')
+source=(http://web.mit.edu/kerberos/dist/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}-signed.tar
krb5-config_LDFLAGS.patch
krb5-kadmind.service
krb5-kdc.service
@@ -19,8 +19,7 @@
krb5-kpropd.service
krb5-kpropd at .service
krb5-kpropd.socket)
-sha1sums=('df708a530a22ed09c7825742c108180319b10463'
- '78ec307c2b5e32481a6da401013c428e0b867f36'
+sha1sums=('a432489410efa3ff27ac0ae54f55edeede3ed63f'
'09e478cddfb9d46d2981dd25ef96b8c3fd91e1aa'
'59bbc7e686cbb4bcefddf0f134d928d7bd5e7722'
'2ef2476a8673b3b702e829d8f451c839c2273b02'
@@ -27,29 +26,24 @@
'74d66aefd291f22dd80799f0437cc03d83083ed5'
'6787c6ce2783b3f980c423e2dd4abf5236af670b'
'f3677d30dbbd7106c581379c2c6ebb1bf7738912')
-options=('!emptydirs')
-build() {
- tar zxvf ${pkgname}-${pkgver}.tar.gz
- cd "${srcdir}/${pkgname}-${pkgver}/src"
-
+prepare() {
+ tar -xf ${pkgname}-${pkgver}.tar.gz
+ cd ${pkgname}-${pkgver}/src
# cf https://bugs.gentoo.org/show_bug.cgi?id=448778
patch -Np2 -i "${srcdir}"/krb5-config_LDFLAGS.patch
- # Fix kpasswd UDP ping-pong (CVE-2002-2443)
- #patch -Np2 -i "${srcdir}"/CVE-2002-2443.patch
-
- rm lib/krb5/krb/deltat.c
-
# FS#25384
sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
+}
+build() {
+ cd ${pkgname}-${pkgver}/src
export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
export CPPFLAGS+=" -I/usr/include/et"
./configure --prefix=/usr \
--sbindir=/usr/bin \
--sysconfdir=/etc \
- --mandir=/usr/share/man \
--localstatedir=/var/lib \
--enable-shared \
--with-system-et \
@@ -63,7 +57,7 @@
}
package() {
- cd "${srcdir}/${pkgname}-${pkgver}/src"
+ cd ${pkgname}-${pkgver}/src
make DESTDIR="${pkgdir}" EXAMPLEDIR=/usr/share/doc/${pkgname}/examples install
# Fix FS#29889
Deleted: krb5-1.10.1-gcc47.patch
===================================================================
--- krb5-1.10.1-gcc47.patch 2013-11-18 00:53:32 UTC (rev 199881)
+++ krb5-1.10.1-gcc47.patch 2013-11-18 06:16:55 UTC (rev 199882)
@@ -1,11 +0,0 @@
-diff -Naur krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y krb5-1.10.1/src/lib/krb5/krb/x-deltat.y
---- krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y 2011-09-06 07:34:32.000000000 -0400
-+++ krb5-1.10.1/src/lib/krb5/krb/x-deltat.y 2012-03-24 13:15:11.543551318 -0400
-@@ -44,6 +44,7 @@
- #ifdef __GNUC__
- #pragma GCC diagnostic push
- #pragma GCC diagnostic ignored "-Wuninitialized"
-+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
- #endif
-
- #include <ctype.h>
More information about the arch-commits
mailing list