[krb5-appl] - update to 1.0.2 - drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly dif

Nalin Dahyabhai nalin at fedoraproject.org
Mon Jul 11 21:39:59 UTC 2011 

commit e2eab4de77ba238fe782f19e81cd9a78443a2fae
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Mon Jul 11 17:39:17 2011 -0400

    - update to 1.0.2
      - drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly
        differently than in the advisory
      - drop patch for RT#6773, included
      - drop patch for RT#6889, included

 .gitignore                                |    2 +
 krb5-appl-1.0-manpaths.patch              |   10 ++--
 krb5-appl-1.0-pam.patch                   |    4 +-
 krb5-appl-1.0.1-2011-005.patch            |   58 -----------------------------
 krb5-appl-1.0.1-largefile.patch           |    6 +-
 krb5-appl-1.0.1-nmax-is-ut_namesize.patch |   38 -------------------
 krb5-appl-trunk-ftpusers.patch            |   16 --------
 krb5-appl.spec                            |   19 +++++----
 sources                                   |    4 +-
 9 files changed, 24 insertions(+), 133 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b7bb52a..c4f7092 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 krb5-appl-1.0.tar.gz
 krb5-appl-1.0.1.tar.gz
 krb5-appl-1.0.1.tar.gz.asc
+/krb5-appl-1.0.2.tar.gz
+/krb5-appl-1.0.2.tar.gz.asc
diff --git a/krb5-appl-1.0-manpaths.patch b/krb5-appl-1.0-manpaths.patch
index 0820c69..beb5732 100644
--- a/krb5-appl-1.0-manpaths.patch
+++ b/krb5-appl-1.0-manpaths.patch
@@ -38,8 +38,8 @@ diff -up krb5-appl-1.0/bsd/klogind.M.manpaths krb5-appl-1.0/bsd/klogind.M
  the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
  configuration line for \fIklogind\fP might be:
  
--klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
-+klogin stream tcp nowait root @mansbindir@/klogind klogind -e5c
+-klogin stream tcp nowait root /usr/local/sbin/klogind klogind \-e5c
++klogin stream tcp nowait root @mansbindir@/klogind klogind \-e5c
  
  When a service request is received, the following protocol is initiated:
  
@@ -50,7 +50,7 @@ diff -up krb5-appl-1.0/bsd/kshd.M.manpaths krb5-appl-1.0/bsd/kshd.M
  .SH NAME
  kshd \- kerberized remote shell server
  .SH SYNOPSIS
--.B /usr/local/sbin/kshd 
+-.B kshd 
 +.B @mansbindir@/kshd 
  [
  .B \-kr45ec
@@ -90,7 +90,7 @@ diff -up krb5-appl-1.0/gssftp/ftpd/ftpd.M.manpaths krb5-appl-1.0/gssftp/ftpd/ftp
  .SH SYNOPSIS
 -.B ftpd
 +.B @mansbindir@/ftpd
- [\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB-E\fP]
+ [\fB\-A \fP|\fB\-a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-E\fP]
  [\fB\-l\fP] [\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP]
  [\fB\-p\fP \fIport\fP] [\fB\-U\fP \fIftpusers-file\fP] [\fB\-u\fP \fIumask\fP]
 diff -up krb5-appl-1.0/telnet/telnetd/telnetd.8.manpaths krb5-appl-1.0/telnet/telnetd/telnetd.8
@@ -100,7 +100,7 @@ diff -up krb5-appl-1.0/telnet/telnetd/telnetd.8.manpaths krb5-appl-1.0/telnet/te
  .SM DARPA TELNET
  protocol server
  .SH SYNOPSIS
--.B /usr/libexec/telnetd
+-.B telnetd
 +.B @mansbindir@/telnetd
  [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
  [\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
diff --git a/krb5-appl-1.0-pam.patch b/krb5-appl-1.0-pam.patch
index 2cc2faf..a80e245 100644
--- a/krb5-appl-1.0-pam.patch
+++ b/krb5-appl-1.0-pam.patch
@@ -1012,8 +1012,8 @@ diff -up krb5-appl-1.0/gssftp/ftpd/ftpd.c.pam krb5-appl-1.0/gssftp/ftpd/ftpd.c
 +	}
 +#endif
  
- 	if (krb5_setegid((gid_t)pw->pw_gid) < 0) {
- 		reply(550, "Can't set egid.");
+ 	if (setgid((gid_t)pw->pw_gid) < 0) {
+ 		reply(550, "Can't set gid.");
 @@ -1966,6 +2028,10 @@ dologout(status)
  		krb5_cc_destroy(kcontext, ccache);
  #endif
diff --git a/krb5-appl-1.0.1-largefile.patch b/krb5-appl-1.0.1-largefile.patch
index a9edef7..81baece 100644
--- a/krb5-appl-1.0.1-largefile.patch
+++ b/krb5-appl-1.0.1-largefile.patch
@@ -37,9 +37,9 @@ diff -up krb5-appl-1.0.1/configure.ac krb5-appl-1.0.1/configure.ac
 +AC_FUNC_FSEEKO
 +AC_TYPE_LONG_LONG_INT
 +AC_TYPE_UNSIGNED_LONG_LONG_INT
- AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp)
- AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg)
- AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af)
+ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gethostbyname_r getservbyname_r)
+ AC_CHECK_FUNCS(gettosbyname getusershell getutmp getutmpx grantpt inet_aton)
+ AC_CHECK_FUNCS(initgroups isatty killpg killpg line_push ptsname revoke)
 diff -up krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y
 --- krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y	2009-11-05 15:15:06.000000000 -0500
 +++ krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y	2010-05-24 10:16:57.688293200 -0400
diff --git a/krb5-appl.spec b/krb5-appl.spec
index b7d2526..38c0fb2 100644
--- a/krb5-appl.spec
+++ b/krb5-appl.spec
@@ -9,10 +9,10 @@
 
 Summary: Kerberos-aware versions of telnet, ftp, rsh, and rlogin
 Name: krb5-appl
-Version: 1.0.1
-Release: 9%{?dist}
+Version: 1.0.2
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5-appl/1.0/krb5-appl-1.0.1-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5-appl/1.0/krb5-appl-1.0.2-signed.tar
 Source0: krb5-appl-%{version}.tar.gz
 Source1: krb5-appl-%{version}.tar.gz.asc
 Source7: krb5.sh
@@ -45,9 +45,6 @@ Patch73: krb5-1.6.3-ftp_glob_runique.patch
 Patch79: krb5-trunk-ftp_mget_case.patch
 Patch88: krb5-1.7-sizeof.patch
 Patch89: krb5-appl-1.0.1-largefile.patch
-Patch90: krb5-appl-1.0.1-nmax-is-ut_namesize.patch
-Patch91: krb5-appl-trunk-ftpusers.patch
-Patch92: krb5-appl-1.0.1-2011-005.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -90,7 +87,6 @@ in most environments, they remain in use in others.
 %setup -q
 ln -s NOTICE LICENSE
 
-%patch92 -p1 -b .2011-005
 %patch160 -p1 -b .pam
 %patch161 -p1 -b .manpaths
 %patch3  -p3 -b .netkit-rsh
@@ -106,8 +102,6 @@ ln -s NOTICE LICENSE
 %patch79 -p2 -b .ftp_mget_case
 %patch88 -p3 -b .sizeof
 %patch89 -p1 -b .largefile
-%patch90 -p1 -b .nmax-is-ut_namesize
-%patch91 -p0 -b .ftpusers
 
 # Rename the man pages so that they'll get generated correctly.  Uses the
 # "krb5-appl-1.0-manpaths.txt" source file.
@@ -257,6 +251,13 @@ exit 0
 %{krb5prefix}/man/man8/telnetd.8*
 
 %changelog
+* Mon Jul 11 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.2-1
+- update to 1.0.2
+  - drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly
+    differently than in the advisory
+  - drop patch for RT#6773, included
+  - drop patch for RT#6889, included
+
 * Tue Jul  5 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.1-9
 - ftpd: add candidate patch to detect setegid/setregid/setresgid and check
   for errors when calling them (MITKRB5-SA-2011-005, CVE-2011-1526, #713341)
diff --git a/sources b/sources
index fad4e95..b48e4eb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-0783a9e7fa8eb3a99346e89ec00e7589  krb5-appl-1.0.1.tar.gz
-9501420dd83a6fb0a6c54a16f69d5240  krb5-appl-1.0.1.tar.gz.asc
+960402d1916c599db4292a56a329d712  krb5-appl-1.0.2.tar.gz
+85104be323bbc5bf917575655784b36c  krb5-appl-1.0.2.tar.gz.asc

More information about the scm-commits mailing list