[krb5-appl] - update to 1.0.2 - drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly dif
Nalin Dahyabhai
nalin at fedoraproject.org
Mon Jul 11 21:39:59 UTC 2011
commit e2eab4de77ba238fe782f19e81cd9a78443a2fae
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Mon Jul 11 17:39:17 2011 -0400
- update to 1.0.2
- drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly
differently than in the advisory
- drop patch for RT#6773, included
- drop patch for RT#6889, included
.gitignore | 2 +
krb5-appl-1.0-manpaths.patch | 10 ++--
krb5-appl-1.0-pam.patch | 4 +-
krb5-appl-1.0.1-2011-005.patch | 58 -----------------------------
krb5-appl-1.0.1-largefile.patch | 6 +-
krb5-appl-1.0.1-nmax-is-ut_namesize.patch | 38 -------------------
krb5-appl-trunk-ftpusers.patch | 16 --------
krb5-appl.spec | 19 +++++----
sources | 4 +-
9 files changed, 24 insertions(+), 133 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b7bb52a..c4f7092 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
krb5-appl-1.0.tar.gz
krb5-appl-1.0.1.tar.gz
krb5-appl-1.0.1.tar.gz.asc
+/krb5-appl-1.0.2.tar.gz
+/krb5-appl-1.0.2.tar.gz.asc
diff --git a/krb5-appl-1.0-manpaths.patch b/krb5-appl-1.0-manpaths.patch
index 0820c69..beb5732 100644
--- a/krb5-appl-1.0-manpaths.patch
+++ b/krb5-appl-1.0-manpaths.patch
@@ -38,8 +38,8 @@ diff -up krb5-appl-1.0/bsd/klogind.M.manpaths krb5-appl-1.0/bsd/klogind.M
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
configuration line for \fIklogind\fP might be:
--klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
-+klogin stream tcp nowait root @mansbindir@/klogind klogind -e5c
+-klogin stream tcp nowait root /usr/local/sbin/klogind klogind \-e5c
++klogin stream tcp nowait root @mansbindir@/klogind klogind \-e5c
When a service request is received, the following protocol is initiated:
@@ -50,7 +50,7 @@ diff -up krb5-appl-1.0/bsd/kshd.M.manpaths krb5-appl-1.0/bsd/kshd.M
.SH NAME
kshd \- kerberized remote shell server
.SH SYNOPSIS
--.B /usr/local/sbin/kshd
+-.B kshd
+.B @mansbindir@/kshd
[
.B \-kr45ec
@@ -90,7 +90,7 @@ diff -up krb5-appl-1.0/gssftp/ftpd/ftpd.M.manpaths krb5-appl-1.0/gssftp/ftpd/ftp
.SH SYNOPSIS
-.B ftpd
+.B @mansbindir@/ftpd
- [\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB-E\fP]
+ [\fB\-A \fP|\fB\-a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-E\fP]
[\fB\-l\fP] [\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP]
[\fB\-p\fP \fIport\fP] [\fB\-U\fP \fIftpusers-file\fP] [\fB\-u\fP \fIumask\fP]
diff -up krb5-appl-1.0/telnet/telnetd/telnetd.8.manpaths krb5-appl-1.0/telnet/telnetd/telnetd.8
@@ -100,7 +100,7 @@ diff -up krb5-appl-1.0/telnet/telnetd/telnetd.8.manpaths krb5-appl-1.0/telnet/te
.SM DARPA TELNET
protocol server
.SH SYNOPSIS
--.B /usr/libexec/telnetd
+-.B telnetd
+.B @mansbindir@/telnetd
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
[\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
diff --git a/krb5-appl-1.0-pam.patch b/krb5-appl-1.0-pam.patch
index 2cc2faf..a80e245 100644
--- a/krb5-appl-1.0-pam.patch
+++ b/krb5-appl-1.0-pam.patch
@@ -1012,8 +1012,8 @@ diff -up krb5-appl-1.0/gssftp/ftpd/ftpd.c.pam krb5-appl-1.0/gssftp/ftpd/ftpd.c
+ }
+#endif
- if (krb5_setegid((gid_t)pw->pw_gid) < 0) {
- reply(550, "Can't set egid.");
+ if (setgid((gid_t)pw->pw_gid) < 0) {
+ reply(550, "Can't set gid.");
@@ -1966,6 +2028,10 @@ dologout(status)
krb5_cc_destroy(kcontext, ccache);
#endif
diff --git a/krb5-appl-1.0.1-largefile.patch b/krb5-appl-1.0.1-largefile.patch
index a9edef7..81baece 100644
--- a/krb5-appl-1.0.1-largefile.patch
+++ b/krb5-appl-1.0.1-largefile.patch
@@ -37,9 +37,9 @@ diff -up krb5-appl-1.0.1/configure.ac krb5-appl-1.0.1/configure.ac
+AC_FUNC_FSEEKO
+AC_TYPE_LONG_LONG_INT
+AC_TYPE_UNSIGNED_LONG_LONG_INT
- AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp)
- AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg)
- AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af)
+ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gethostbyname_r getservbyname_r)
+ AC_CHECK_FUNCS(gettosbyname getusershell getutmp getutmpx grantpt inet_aton)
+ AC_CHECK_FUNCS(initgroups isatty killpg killpg line_push ptsname revoke)
diff -up krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y
--- krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y 2009-11-05 15:15:06.000000000 -0500
+++ krb5-appl-1.0.1/gssftp/ftpd/ftpcmd.y 2010-05-24 10:16:57.688293200 -0400
diff --git a/krb5-appl.spec b/krb5-appl.spec
index b7d2526..38c0fb2 100644
--- a/krb5-appl.spec
+++ b/krb5-appl.spec
@@ -9,10 +9,10 @@
Summary: Kerberos-aware versions of telnet, ftp, rsh, and rlogin
Name: krb5-appl
-Version: 1.0.1
-Release: 9%{?dist}
+Version: 1.0.2
+Release: 1%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5-appl/1.0/krb5-appl-1.0.1-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5-appl/1.0/krb5-appl-1.0.2-signed.tar
Source0: krb5-appl-%{version}.tar.gz
Source1: krb5-appl-%{version}.tar.gz.asc
Source7: krb5.sh
@@ -45,9 +45,6 @@ Patch73: krb5-1.6.3-ftp_glob_runique.patch
Patch79: krb5-trunk-ftp_mget_case.patch
Patch88: krb5-1.7-sizeof.patch
Patch89: krb5-appl-1.0.1-largefile.patch
-Patch90: krb5-appl-1.0.1-nmax-is-ut_namesize.patch
-Patch91: krb5-appl-trunk-ftpusers.patch
-Patch92: krb5-appl-1.0.1-2011-005.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -90,7 +87,6 @@ in most environments, they remain in use in others.
%setup -q
ln -s NOTICE LICENSE
-%patch92 -p1 -b .2011-005
%patch160 -p1 -b .pam
%patch161 -p1 -b .manpaths
%patch3 -p3 -b .netkit-rsh
@@ -106,8 +102,6 @@ ln -s NOTICE LICENSE
%patch79 -p2 -b .ftp_mget_case
%patch88 -p3 -b .sizeof
%patch89 -p1 -b .largefile
-%patch90 -p1 -b .nmax-is-ut_namesize
-%patch91 -p0 -b .ftpusers
# Rename the man pages so that they'll get generated correctly. Uses the
# "krb5-appl-1.0-manpaths.txt" source file.
@@ -257,6 +251,13 @@ exit 0
%{krb5prefix}/man/man8/telnetd.8*
%changelog
+* Mon Jul 11 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.2-1
+- update to 1.0.2
+ - drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly
+ differently than in the advisory
+ - drop patch for RT#6773, included
+ - drop patch for RT#6889, included
+
* Tue Jul 5 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.1-9
- ftpd: add candidate patch to detect setegid/setregid/setresgid and check
for errors when calling them (MITKRB5-SA-2011-005, CVE-2011-1526, #713341)
diff --git a/sources b/sources
index fad4e95..b48e4eb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-0783a9e7fa8eb3a99346e89ec00e7589 krb5-appl-1.0.1.tar.gz
-9501420dd83a6fb0a6c54a16f69d5240 krb5-appl-1.0.1.tar.gz.asc
+960402d1916c599db4292a56a329d712 krb5-appl-1.0.2.tar.gz
+85104be323bbc5bf917575655784b36c krb5-appl-1.0.2.tar.gz.asc
More information about the scm-commits
mailing list