rpms/krb5/F-7 krb5-1.6-manpage-paths.patch, NONE, 1.1 krb5-1.6.1-empty.patch, NONE, 1.1 krb5-1.6.1-ftp-nospew.patch, NONE, 1.1 krb5-1.6.1-get_opt_fixup.patch, NONE, 1.1 kadmind.init, 1.9, 1.10 krb5.spec, 1.108, 1.109
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Wed Jun 27 18:15:00 UTC 2007
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2781
Modified Files:
kadmind.init krb5.spec
Added Files:
krb5-1.6-manpage-paths.patch krb5-1.6.1-empty.patch
krb5-1.6.1-ftp-nospew.patch krb5-1.6.1-get_opt_fixup.patch
Log Message:
- pull up 1.6.1-2 from the devel branch
krb5-1.6-manpage-paths.patch:
--- NEW FILE krb5-1.6-manpage-paths.patch ---
--- krb5-1.3/src/appl/bsd/klogind.M
+++ krb5-1.3/src/appl/bsd/klogind.M
@@ -27,7 +27,7 @@
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIklogind\fP might be:
-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
+klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c
When a service request is received, the following protocol is initiated:
--- krb5-1.3/src/appl/bsd/kshd.M
+++ krb5-1.3/src/appl/bsd/kshd.M
@@ -8,7 +8,7 @@
.SH NAME
kshd \- kerberized remote shell server
.SH SYNOPSIS
-.B /usr/local/sbin/kshd
+.B /usr/kerberos/sbin/kshd
[
.B \-kr45ec
]
@@ -30,7 +30,7 @@
on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIkrshd\fP might be:
-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c
+kshell stream tcp nowait root /usr/kerberos/sbin/kshd kshd -5c
When a service request is received, the following protocol is initiated:
--- krb5-1.3/src/appl/sample/sserver/sserver.M
+++ krb5-1.3/src/appl/sample/sserver/sserver.M
@@ -59,7 +59,7 @@
using a line in
/etc/inetd.conf that looks like this:
.PP
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
+sample stream tcp nowait root /usr/kerberos/sbin/sserver sserver
.PP
Since \fBsample\fP is normally not a port defined in /etc/services, you will
usually have to add a line to /etc/services which looks like this:
--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8
+++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8
@@ -37,7 +37,7 @@
.SM DARPA TELNET
protocol server
.SH SYNOPSIS
-.B /usr/libexec/telnetd
+.B /usr/kerberos/sbin/telnetd
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
[\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
--- krb5-1.3/src/config-files/kdc.conf.M
+++ krb5-1.3/src/config-files/kdc.conf.M
@@ -235,7 +235,7 @@
realm names and the [capaths] section of its krb5.conf file
.SH FILES
-/usr/local/var/krb5kdc/kdc.conf
+/var/kerberos/krb5kdc/kdc.conf
.SH SEE ALSO
krb5.conf(5), krb5kdc(8)
--- krb5-1.3/src/kadmin/cli/kadmin.M
+++ krb5-1.3/src/kadmin/cli/kadmin.M
@@ -733,9 +733,9 @@
.RS
.TP
EXAMPLE:
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
+kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
Entry for principal kadmin/admin with kvno 3 removed
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
+ from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
kadmin:
.RE
.fi
--- krb5-1.3/src/slave/kprop.M
+++ krb5-1.3/src/slave/kprop.M
@@ -39,7 +39,7 @@
This is done by transmitting the dumped database file to the slave
server over an encrypted, secure channel. The dump file must be created
by kdb5_util, and is normally KPROP_DEFAULT_FILE
-(/usr/local/var/krb5kdc/slave_datatrans).
+(/var/kerberos/krb5kdc/slave_datatrans).
.SH OPTIONS
.TP
\fB\-r\fP \fIrealm\fP
@@ -51,7 +51,7 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
found; by default the dumped database file is KPROP_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/slave_datatrans).
+(normally /var/kerberos/krb5kdc/slave_datatrans).
.TP
\fB\-P\fP \fIport\fP
specifies the port to use to contact the
--- krb5-1.3/src/slave/kpropd.M
+++ krb5-1.3/src/slave/kpropd.M
@@ -69,7 +69,7 @@
This is done by adding a line to the inetd.conf file which looks like
this:
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
+kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the
.B \-S
@@ -87,13 +87,13 @@
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/from_master).
+(normally /var/kerberos/krb5kdc/from_master).
.TP
.B \-p
allows the user to specify the pathname to the
.IR kdb5_util (8)
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
-(normally /usr/local/sbin/kdb5_util).
+(normally /usr/kerberos/sbin/kdb5_util).
.TP
.B \-S
turn on standalone mode. Normally, kpropd is invoked out of
@@ -124,14 +124,14 @@
allows the user to specify the path to the
.KR kpropd.acl
file; by default the path used is KPROPD_ACL_FILE
-(normally /usr/local/var/krb5kdc/kpropd.acl).
+(normally /var/kerberos/krb5kdc/kpropd.acl).
.SH FILES
.TP "\w'kpropd.acl\ \ 'u"
kpropd.acl
Access file for
.BR kpropd ;
the default location is KPROPD_ACL_FILE (normally
-/usr/local/var/krb5kdc/kpropd.acl).
+/var/kerberos/krb5kdc/kpropd.acl).
Each entry is a line containing the principal of a host from which the
local machine will allow Kerberos database propagation via kprop.
.SH SEE ALSO
krb5-1.6.1-empty.patch:
--- NEW FILE krb5-1.6.1-empty.patch ---
Treat empty values of KRB5CCNAME (and other variables which can't usefully
be set to empty values) as if they were not set.
diff -ur krb5-1.6.1/src/appl/bsd/krshd.c krb5-1.6.1/src/appl/bsd/krshd.c
--- krb5-1.6.1/src/appl/bsd/krshd.c 2006-10-15 03:50:16.000000000 -0400
+++ krb5-1.6.1/src/appl/bsd/krshd.c 2007-05-18 19:51:18.000000000 -0400
@@ -1438,7 +1438,7 @@
* child's environment. This can't really have
* a fixed position because tz may or may not be set.
*/
- if (getenv("KRB5CCNAME")) {
+ if (getenv("KRB5CCNAME") && getenv("KRB5CCNAME")[0]) {
int i;
char *buf2 = (char *)malloc(strlen(getenv("KRB5CCNAME"))
+strlen("KRB5CCNAME=")+1);
diff -ur krb5-1.6.1/src/appl/bsd/login.c krb5-1.6.1/src/appl/bsd/login.c
--- krb5-1.6.1/src/appl/bsd/login.c 2006-08-08 15:26:40.000000000 -0400
+++ krb5-1.6.1/src/appl/bsd/login.c 2007-05-18 19:49:32.000000000 -0400
@@ -528,7 +528,7 @@
login_get_kconf(kcontext);
/* Set up the credential cache environment variable */
- if (!getenv(KRB5_ENV_CCNAME)) {
+ if (!getenv(KRB5_ENV_CCNAME) || !getenv(KRB5_ENV_CCNAME)[0]) {
sprintf(ccfile, "FILE:/tmp/krb5cc_p%ld", (long) getpid());
setenv(KRB5_ENV_CCNAME, ccfile, 1);
krb5_cc_set_default_name(kcontext, ccfile);
@@ -1763,7 +1763,7 @@
setenv ("TZ", tz, 1);
#endif
- if (ccname)
+ if (ccname && ccname[0])
setenv("KRB5CCNAME", ccname, 1);
setenv("HOME", pwd->pw_dir, 1);
diff -ur krb5-1.6.1/src/appl/bsd/v4rcp.c krb5-1.6.1/src/appl/bsd/v4rcp.c
--- krb5-1.6.1/src/appl/bsd/v4rcp.c 2006-08-08 15:26:40.000000000 -0400
+++ krb5-1.6.1/src/appl/bsd/v4rcp.c 2007-05-18 19:50:40.000000000 -0400
@@ -1060,7 +1060,7 @@
fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n");
exit(1);
}
- if ((envaddr = getenv("KRB5REMOTEADDR"))) {
+ if ((envaddr = getenv("KRB5REMOTEADDR")) && envaddr[0]) {
#ifdef HAVE_INET_ATON
inet_aton(envaddr, &foreign.sin_addr);
#else
@@ -1068,7 +1068,7 @@
#endif
foreign.sin_family = AF_INET;
envaddr = getenv("KRB5REMOTEPORT");
- if (envaddr)
+ if (envaddr && envaddr[0])
foreign.sin_port = htons(atoi(envaddr));
else
foreign.sin_port = 0;
diff -ur krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c
--- krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c 2006-12-01 16:27:28.000000000 -0500
+++ krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c 2007-05-18 19:48:51.000000000 -0400
@@ -205,7 +205,7 @@
return;
ccname = getenv("KRB5CCNAME");
- if (ccname) {
+ if (ccname && ccname[0]) {
retval = krb5_cc_resolve(telnet_context, ccname, &ccache);
if (!retval)
retval = krb5_cc_destroy(telnet_context, ccache);
diff -ur krb5-1.6.1/src/lib/kadm5/alt_prof.c krb5-1.6.1/src/lib/kadm5/alt_prof.c
--- krb5-1.6.1/src/lib/kadm5/alt_prof.c 2006-05-15 21:45:00.000000000 -0400
+++ krb5-1.6.1/src/lib/kadm5/alt_prof.c 2007-05-18 19:17:53.000000000 -0400
@@ -82,7 +82,8 @@
if (i > 0)
krb5_config_len--;
if (envname == NULL
- || (kdc_config = getenv(envname)) == NULL)
+ || (kdc_config = getenv(envname)) == NULL
+ || (kdc_config[0] == '\0'))
kdc_config = fname;
if (kdc_config == NULL)
kdc_config_len = 0;
@@ -494,7 +495,8 @@
!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
params.admin_keytab = svalue;
- } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) {
+ } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME")) &&
+ (params.admin_keytab[0] != '\0')) {
params.admin_keytab = strdup(params.admin_keytab);
if (params.admin_keytab)
params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
diff -ur krb5-1.6.1/src/lib/krb4/g_cnffile.c krb5-1.6.1/src/lib/krb4/g_cnffile.c
--- krb5-1.6.1/src/lib/krb4/g_cnffile.c 2003-06-06 10:44:33.000000000 -0400
+++ krb5-1.6.1/src/lib/krb4/g_cnffile.c 2007-05-18 19:57:48.000000000 -0400
@@ -89,7 +89,7 @@
/* standard V4 override first */
s = getenv("KRB_CONF");
- if (s) cnffile = fopen(s,"r");
+ if (s && s[0]) cnffile = fopen(s,"r");
/* if that's wrong, use V5 config */
if (!cnffile) cnffile = krb__v5_get_file("krb4_config");
/* and if V5 config doesn't have it, go to hard-coded values */
@@ -109,7 +109,7 @@
/* standard (not really) V4 override first */
s = getenv("KRB_REALMS");
- if (s) realmsfile = fopen(s,"r");
+ if (s && s[0]) realmsfile = fopen(s,"r");
if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms");
if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r");
diff -ur krb5-1.6.1/src/lib/krb4/tkt_string.c krb5-1.6.1/src/lib/krb4/tkt_string.c
--- krb5-1.6.1/src/lib/krb4/tkt_string.c 2006-03-11 17:23:28.000000000 -0500
+++ krb5-1.6.1/src/lib/krb4/tkt_string.c 2007-05-18 19:57:57.000000000 -0400
@@ -67,7 +67,7 @@
if (!*krb_ticket_string) {
env = getenv("KRBTKFILE");
- if (env) {
+ if (env && env[0]) {
(void) strncpy(krb_ticket_string, env,
sizeof(krb_ticket_string)-1);
krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
diff -ur krb5-1.6.1/src/lib/krb5/ccache/cccursor.c krb5-1.6.1/src/lib/krb5/ccache/cccursor.c
--- krb5-1.6.1/src/lib/krb5/ccache/cccursor.c 2006-11-07 15:18:31.000000000 -0500
+++ krb5-1.6.1/src/lib/krb5/ccache/cccursor.c 2007-05-18 19:19:11.000000000 -0400
@@ -136,7 +136,7 @@
/* fall through */
case CCCURSOR_ENV:
name = getenv(KRB5_ENV_CCNAME);
- if (name != NULL) {
+ if ((name != NULL) && (name[0] != '\0')) {
cursor->pos = CCCURSOR_OS;
ret = cccol_do_resolve(context, cursor, name, ccache);
if (ret)
diff -ur krb5-1.6.1/src/lib/krb5/os/ccdefname.c krb5-1.6.1/src/lib/krb5/os/ccdefname.c
--- krb5-1.6.1/src/lib/krb5/os/ccdefname.c 2007-03-29 20:36:20.000000000 -0400
+++ krb5-1.6.1/src/lib/krb5/os/ccdefname.c 2007-05-18 18:32:20.000000000 -0400
@@ -292,7 +292,7 @@
/* try the environment variable first */
new_ccname = getenv(KRB5_ENV_CCNAME);
- if (new_ccname == NULL) {
+ if ((new_ccname == NULL) || (new_ccname[0] == '\0')) {
/* fall back on the default ccache name for the OS */
new_ccname = new_ccbuf;
err = get_from_os (new_ccbuf, sizeof (new_ccbuf));
diff -ur krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c
--- krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c 2007-04-10 17:51:46.000000000 -0400
+++ krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c 2007-05-18 18:32:20.000000000 -0400
@@ -196,7 +196,7 @@
if (!secure)
{
char *env = getenv("KRB5_CONFIG");
- if (env)
+ if (env && env[0])
{
name = malloc(strlen(env) + 1);
if (!name) return ENOMEM;
@@ -250,7 +250,7 @@
filepath = DEFAULT_SECURE_PROFILE_PATH;
} else {
filepath = getenv("KRB5_CONFIG");
- if (!filepath) filepath = DEFAULT_PROFILE_PATH;
+ if (!filepath || !(filepath[0])) filepath = DEFAULT_PROFILE_PATH;
}
/* count the distinct filename components */
@@ -297,7 +297,7 @@
profile_filespec_t *newfiles;
file = getenv(KDC_PROFILE_ENV);
- if (file == NULL)
+ if ((file == NULL) || (file[0] == '\0'))
file = DEFAULT_KDC_PROFILE;
for (count = 0; (*pfiles)[count]; count++)
diff -ur krb5-1.6.1/src/lib/krb5/os/ktdefname.c krb5-1.6.1/src/lib/krb5/os/ktdefname.c
--- krb5-1.6.1/src/lib/krb5/os/ktdefname.c 2002-09-03 15:29:37.000000000 -0400
+++ krb5-1.6.1/src/lib/krb5/os/ktdefname.c 2007-05-18 19:19:28.000000000 -0400
@@ -47,7 +47,7 @@
return KRB5_CONFIG_NOTENUFSPACE;
strcpy(name, krb5_overridekeyname);
} else if ((context->profile_secure == FALSE) &&
- (cp = getenv("KRB5_KTNAME"))) {
+ (cp = getenv("KRB5_KTNAME")) && (cp[0] != '\0')) {
if ((size_t) namesize < (strlen(cp)+1))
return KRB5_CONFIG_NOTENUFSPACE;
strcpy(name, cp);
diff -ur krb5-1.6.1/src/lib/krb5/rcache/rc_base.c krb5-1.6.1/src/lib/krb5/rcache/rc_base.c
--- krb5-1.6.1/src/lib/krb5/rcache/rc_base.c 2006-06-08 16:01:44.000000000 -0400
+++ krb5-1.6.1/src/lib/krb5/rcache/rc_base.c 2007-05-18 19:18:48.000000000 -0400
@@ -94,7 +94,7 @@
char * krb5_rc_default_type(krb5_context context)
{
char *s;
- if ((s = getenv("KRB5RCACHETYPE")))
+ if ((s = getenv("KRB5RCACHETYPE")) && (s[0] != '\0'))
return s;
else
return "dfl";
@@ -103,7 +103,7 @@
char * krb5_rc_default_name(krb5_context context)
{
char *s;
- if ((s = getenv("KRB5RCACHENAME")))
+ if ((s = getenv("KRB5RCACHENAME")) && (s[0] != '\0'))
return s;
else
return (char *) 0;
diff -ur krb5-1.6.1/src/lib/krb5/rcache/rc_io.c krb5-1.6.1/src/lib/krb5/rcache/rc_io.c
--- krb5-1.6.1/src/lib/krb5/rcache/rc_io.c 2006-12-18 18:11:28.000000000 -0500
+++ krb5-1.6.1/src/lib/krb5/rcache/rc_io.c 2007-05-18 18:32:20.000000000 -0400
@@ -47,7 +47,7 @@
{
char *dir;
- if (!(dir = getenv("KRB5RCACHEDIR"))) {
+ if (!(dir = getenv("KRB5RCACHEDIR")) || !dir[0]) {
#if defined(_WIN32)
if (!(dir = getenv("TEMP")))
if (!(dir = getenv("TMP")))
krb5-1.6.1-ftp-nospew.patch:
--- NEW FILE krb5-1.6.1-ftp-nospew.patch ---
diff -uNr krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c krb5-1-6/src/appl/gssftp/ftp/cmds.c
--- krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c 2007-05-24 11:19:27.000000000 -0400
+++ krb5-1-6/src/appl/gssftp/ftp/cmds.c 2007-05-24 11:17:37.000000000 -0400
@@ -168,9 +168,7 @@
}
port = htons(iport);
}
-printf("%s: at line %d\n", __FILE__, __LINE__);
host = hookup(argv[1], port);
-printf("%s: at line %d\n", __FILE__, __LINE__);
if (host) {
int overbose;
@@ -185,28 +183,20 @@
mode = MODE_S;
stru = STRU_F;
(void) strcpy(bytename, "8"), bytesize = 8;
-printf("%s: at line %d\n", __FILE__, __LINE__);
if (autoauth) {
-printf("%s: at line %d\n", __FILE__, __LINE__);
if (do_auth() && autoencrypt) {
-printf("%s: at line %d\n", __FILE__, __LINE__);
clevel = PROT_P;
setpbsz(1<<20);
if (command("PROT P") == COMPLETE)
dlevel = PROT_P;
else
fprintf(stderr, "ftp: couldn't enable encryption\n");
-printf("%s: at line %d\n", __FILE__, __LINE__);
}
-printf("%s: at line %d\n", __FILE__, __LINE__);
if(auth_type && clevel == PROT_C)
clevel = PROT_S;
-printf("%s: at line %d\n", __FILE__, __LINE__);
if(autologin)
(void) login(argv[1]);
-printf("%s: at line %d\n", __FILE__, __LINE__);
}
-printf("%s: at line %d\n", __FILE__, __LINE__);
#ifndef unix
/* sigh */
@@ -221,7 +211,6 @@
* this ifdef is to keep someone form "porting" this to an incompatible
* system and not checking this out. This way they have to think about it.
*/
-printf("%s: at line %d\n", __FILE__, __LINE__);
overbose = verbose;
if (debug == 0)
verbose = -1;
krb5-1.6.1-get_opt_fixup.patch:
--- NEW FILE krb5-1.6.1-get_opt_fixup.patch ---
Index: src/include/k5-int.h
===================================================================
--- src/include/k5-int.h (revision 19537)
+++ src/include/k5-int.h (revision 19538)
@@ -1048,9 +1048,9 @@
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
#define krb5_gic_opt_is_extended(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
#define krb5_gic_opt_is_shadowed(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
typedef struct _krb5_gic_opt_private {
Index: src/lib/krb5/krb/gic_opt.c
===================================================================
--- src/lib/krb5/krb/gic_opt.c (revision 19537)
+++ src/lib/krb5/krb/gic_opt.c (revision 19538)
@@ -206,8 +206,18 @@
oe = krb5int_gic_opte_alloc(context);
if (NULL == oe)
return ENOMEM;
- memcpy(oe, opt, sizeof(*opt));
- /* Fix these -- overwritten by the copy */
+
+ if (opt)
+ memcpy(oe, opt, sizeof(*opt));
+
+ /*
+ * Fix the flags -- the EXTENDED flag would have been
+ * overwritten by the copy if there was one. The
+ * SHADOWED flag is necessary to ensure that the
+ * krb5_gic_opt_ext structure that was allocated
+ * here will be freed by the library because the
+ * application is unaware of its existence.
+ */
oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
KRB5_GET_INIT_CREDS_OPT_SHADOWED);
Index: kadmind.init
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-7/kadmind.init,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- kadmind.init 18 Oct 2006 21:36:40 -0000 1.9
+++ kadmind.init 27 Jun 2007 18:14:25 -0000 1.10
@@ -30,7 +30,11 @@
# Shell functions to cut down on useless shell instances.
start() {
if [ ! -f /var/kerberos/krb5kdc/principal ] ; then
- echo $"Error. Default principal database does not exist."
+ # Make an educated guess -- if they're using kldap somewhere,
+ # then we don't know for sure that this is an error.
+ if [ ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ] ; then
+ echo $"Error. Default principal database does not exist."
+ fi
exit 0
fi
if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then
@@ -39,7 +43,10 @@
else
if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then
echo -n $"Extracting kadm5 Service Keys: "
+ # This should always work.
/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure
+ # It's probably okay if this fails.
+ /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success
echo
fi
fi
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-7/krb5.spec,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- krb5.spec 16 May 2007 19:48:19 -0000 1.108
+++ krb5.spec 27 Jun 2007 18:14:25 -0000 1.109
@@ -14,8 +14,8 @@
Summary: The Kerberos network authentication system.
Name: krb5
-Version: 1.6
-Release: 6
+Version: 1.6.1
+Release: 2
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -46,7 +46,7 @@
Source23: krb5-%{version}-pdf.tar.gz
Source24: krb5-tex-pdf.sh
-Patch2: krb5-1.3-manpage-paths.patch
+Patch2: krb5-1.6-manpage-paths.patch
Patch3: krb5-1.3-netkit-rsh.patch
Patch4: krb5-1.3-rlogind-environ.patch
Patch5: krb5-1.3-ksu-access.patch
@@ -74,14 +74,13 @@
Patch41: krb5-1.2.7-login-lpass.patch
Patch44: krb5-1.4.3-enospc.patch
Patch45: krb5-1.5-gssinit.patch
-Patch46: krb5-1.6-fix-sendto_kdc-memset.dif
Patch47: krb5-1.6-sort-of-static.patch
-Patch48: krb5-1.6-CVE-2007-0956-prelim.patch
-Patch49: krb5-1.6-CVE-2007-0957-prelim.patch
-Patch50: krb5-1.6-CVE-2007-1216-prelim.patch
Patch51: krb5-1.6-ldap-init.patch
Patch52: krb5-1.6-ldap-man.patch
Patch53: krb5-1.6-nodeplibs.patch
+Patch55: krb5-1.6.1-empty.patch
+Patch56: krb5-1.6.1-get_opt_fixup.patch
+Patch57: krb5-1.6.1-ftp-nospew.patch
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
@@ -196,6 +195,25 @@
%endif
%changelog
+* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2
+- pull up from devel HEAD's 1.6.1-2
+
+* Thu May 24 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2
+- pull patch from svn to undo unintentional chattiness in ftp
+- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
+ better in a couple of places where they're expected
+
+* Wed May 23 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-1
+- update to 1.6.1
+ - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216
+ - drop patch for sendto bug in 1.6, fixed in 1.6.1
+
+* Fri May 18 2007 Nalin Dahyabhai <nalin at redhat.com>
+- kadmind.init: don't fail outright if the default principal database
+ isn't there if it looks like we might be using the kldap plugin
+- kadmind.init: attempt to extract the key for the host-specific kadmin
+ service when we try to create the keytab
+
* Wed May 16 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6-6
- omit dependent libraries from the krb5-config --libs output, as using
shared libraries (no more static libraries) makes them unnecessary and
@@ -1103,16 +1121,15 @@
%patch41 -p1 -b .login-lpass
%patch44 -p1 -b .enospc
%patch45 -p1 -b .gssinit
-%patch46 -p0 -b .kpasswd
%if %{build_static}
%patch47 -p1 -b .sort-of-static
%endif
-%patch48 -p0 -b .CVE-2007-0956
-%patch49 -p0 -b .CVE-2007-0957
-%patch50 -p0 -b .CVE-2007-1216
%patch51 -p0 -b .ldap_init
%patch52 -p0 -b .ldap_man
%patch53 -p1 -b .nodeplibs
+#%patch55 -p1 -b .empty
+%patch56 -p0 -b .get_opt_fixup
+%patch57 -p1 -b .ftp-nospew
cp src/krb524/README README.krb524
gzip doc/*.ps
More information about the scm-commits
mailing list