[arch-commits] Commit in krb5/repos (24 files)
Stéphane Gaudreault
stephane at archlinux.org
Tue Jul 31 18:56:30 UTC 2012
Date: Tuesday, July 31, 2012 @ 14:56:29
Author: stephane
Revision: 164358
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
krb5/repos/testing-i686/
krb5/repos/testing-i686/MITKRB5-SA-2012-001.patch
(from rev 164357, krb5/trunk/MITKRB5-SA-2012-001.patch)
krb5/repos/testing-i686/PKGBUILD
(from rev 164357, krb5/trunk/PKGBUILD)
krb5/repos/testing-i686/krb5-1.10.1-gcc47.patch
(from rev 164357, krb5/trunk/krb5-1.10.1-gcc47.patch)
krb5/repos/testing-i686/krb5-kadmind
(from rev 164357, krb5/trunk/krb5-kadmind)
krb5/repos/testing-i686/krb5-kadmind.service
(from rev 164357, krb5/trunk/krb5-kadmind.service)
krb5/repos/testing-i686/krb5-kdc
(from rev 164357, krb5/trunk/krb5-kdc)
krb5/repos/testing-i686/krb5-kdc.service
(from rev 164357, krb5/trunk/krb5-kdc.service)
krb5/repos/testing-i686/krb5-kpropd
(from rev 164357, krb5/trunk/krb5-kpropd)
krb5/repos/testing-i686/krb5-kpropd.service
(from rev 164357, krb5/trunk/krb5-kpropd.service)
krb5/repos/testing-i686/krb5-kpropd.socket
(from rev 164357, krb5/trunk/krb5-kpropd.socket)
krb5/repos/testing-i686/krb5-kpropd at .service
(from rev 164357, krb5/trunk/krb5-kpropd at .service)
krb5/repos/testing-x86_64/
krb5/repos/testing-x86_64/MITKRB5-SA-2012-001.patch
(from rev 164357, krb5/trunk/MITKRB5-SA-2012-001.patch)
krb5/repos/testing-x86_64/PKGBUILD
(from rev 164357, krb5/trunk/PKGBUILD)
krb5/repos/testing-x86_64/krb5-1.10.1-gcc47.patch
(from rev 164357, krb5/trunk/krb5-1.10.1-gcc47.patch)
krb5/repos/testing-x86_64/krb5-kadmind
(from rev 164357, krb5/trunk/krb5-kadmind)
krb5/repos/testing-x86_64/krb5-kadmind.service
(from rev 164357, krb5/trunk/krb5-kadmind.service)
krb5/repos/testing-x86_64/krb5-kdc
(from rev 164357, krb5/trunk/krb5-kdc)
krb5/repos/testing-x86_64/krb5-kdc.service
(from rev 164357, krb5/trunk/krb5-kdc.service)
krb5/repos/testing-x86_64/krb5-kpropd
(from rev 164357, krb5/trunk/krb5-kpropd)
krb5/repos/testing-x86_64/krb5-kpropd.service
(from rev 164357, krb5/trunk/krb5-kpropd.service)
krb5/repos/testing-x86_64/krb5-kpropd.socket
(from rev 164357, krb5/trunk/krb5-kpropd.socket)
krb5/repos/testing-x86_64/krb5-kpropd at .service
(from rev 164357, krb5/trunk/krb5-kpropd at .service)
------------------------------------------+
testing-i686/MITKRB5-SA-2012-001.patch | 61 ++++++++++++++++++
testing-i686/PKGBUILD | 97 +++++++++++++++++++++++++++++
testing-i686/krb5-1.10.1-gcc47.patch | 11 +++
testing-i686/krb5-kadmind | 40 +++++++++++
testing-i686/krb5-kadmind.service | 8 ++
testing-i686/krb5-kdc | 40 +++++++++++
testing-i686/krb5-kdc.service | 9 ++
testing-i686/krb5-kpropd | 40 +++++++++++
testing-i686/krb5-kpropd.service | 8 ++
testing-i686/krb5-kpropd.socket | 9 ++
testing-i686/krb5-kpropd at .service | 8 ++
testing-x86_64/MITKRB5-SA-2012-001.patch | 61 ++++++++++++++++++
testing-x86_64/PKGBUILD | 97 +++++++++++++++++++++++++++++
testing-x86_64/krb5-1.10.1-gcc47.patch | 11 +++
testing-x86_64/krb5-kadmind | 40 +++++++++++
testing-x86_64/krb5-kadmind.service | 8 ++
testing-x86_64/krb5-kdc | 40 +++++++++++
testing-x86_64/krb5-kdc.service | 9 ++
testing-x86_64/krb5-kpropd | 40 +++++++++++
testing-x86_64/krb5-kpropd.service | 8 ++
testing-x86_64/krb5-kpropd.socket | 9 ++
testing-x86_64/krb5-kpropd at .service | 8 ++
22 files changed, 662 insertions(+)
Copied: krb5/repos/testing-i686/MITKRB5-SA-2012-001.patch (from rev 164357, krb5/trunk/MITKRB5-SA-2012-001.patch)
===================================================================
--- testing-i686/MITKRB5-SA-2012-001.patch (rev 0)
+++ testing-i686/MITKRB5-SA-2012-001.patch 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,61 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 23623fe..8ada9d0 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ krb5_enctype useenctype;
+ struct as_req_state *state;
+
+- state = malloc(sizeof(*state));
++ state = calloc(sizeof(*state), 1);
+ if (!state) {
+ (*respond)(arg, ENOMEM, NULL);
+ return;
+@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ state->authtime = 0;
+ state->c_flags = 0;
+ state->req_pkt = req_pkt;
++ state->inner_body = NULL;
+ state->rstate = NULL;
+ state->sname = 0;
+ state->cname = 0;
+diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
+index 9d8cb34..d4ece3f 100644
+--- a/src/kdc/kdc_preauth.c
++++ b/src/kdc/kdc_preauth.c
+@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
+ continue;
+
+ }
+- if (request_contains_enctype(context, request, db_etype)) {
++ if (krb5_is_permitted_enctype(context, db_etype) &&
++ request_contains_enctype(context, request, db_etype)) {
+ retval = _make_etype_info_entry(context, client->princ,
+ client_key, db_etype,
+ &entry[i], etype_info2);
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index a43b291..94dad3a 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
+ return 0;
+ pa.magic = KV5M_PA_DATA;
+ pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
++ memset(&checksum, 0, sizeof(checksum));
+ retval = krb5_c_make_checksum(kdc_context,0, reply_key,
+ KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
+ if (retval != 0)
+diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
+index c4bf92e..367c894 100644
+--- a/src/lib/kdb/kdb_default.c
++++ b/src/lib/kdb/kdb_default.c
+@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
+ krb5_boolean saw_non_permitted = FALSE;
+
+ ret = 0;
++ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
++ return KRB5_KDB_NO_PERMITTED_KEY;
++
+ if (kvno == -1 && stype == -1 && ktype == -1)
+ kvno = 0;
+
Copied: krb5/repos/testing-i686/PKGBUILD (from rev 164357, krb5/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,97 @@
+# $Id$
+# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
+
+pkgname=krb5
+pkgver=1.10.2
+pkgrel=3
+pkgdesc="The Kerberos network authentication system"
+arch=('i686' 'x86_64')
+url="http://web.mit.edu/kerberos/"
+license=('custom')
+depends=('e2fsprogs' 'libldap' 'keyutils')
+makedepends=('perl')
+backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
+source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.10/${pkgname}-${pkgver}-signed.tar
+ krb5-1.10.1-gcc47.patch
+ krb5-kadmind
+ krb5-kadmind.service
+ krb5-kdc
+ krb5-kdc.service
+ krb5-kpropd
+ krb5-kpropd.service
+ krb5-kpropd at .service
+ krb5-kpropd.socket
+ MITKRB5-SA-2012-001.patch)
+sha1sums=('8b6e2c5bf0c65aacd368b3698add7888f2a7332d'
+ '78b759d566b1fdefd9bbcd06df14f07f12effe96'
+ '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
+ 'a2a01e7077d9e89cda3457ea0e216debb3dc353c'
+ '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
+ 'f5e4fa073e11b0fcb4e3098a5d58a4f791ec841e'
+ '7f402078fa65bb9ff1beb6cbbbb017450df78560'
+ '614401dd4ac18e310153240bb26eb32ff1e8cf5b'
+ '023a8164f8ee7066ac814486a68bc605e79f6101'
+ 'f3677d30dbbd7106c581379c2c6ebb1bf7738912'
+ '7b32dd24e68dc801efb8be280083e4d8067e392a')
+options=('!emptydirs')
+
+build() {
+ tar zxvf ${pkgname}-${pkgver}.tar.gz
+ cd "${srcdir}/${pkgname}-${pkgver}/src"
+
+ # With gcc47 : deltat.c:1694:12: error: 'yylval' may be used uninitialized
+ # in this function [-Werror=maybe-uninitialized]
+ # As this is generated code, just ignore the complaint.
+ patch -Np2 -i ../../krb5-1.10.1-gcc47.patch
+ rm lib/krb5/krb/deltat.c
+
+ # FS#25384
+ sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
+
+ # Fix KDC heap corruption and crash vulnerabilities
+ patch -Np2 -i ../../MITKRB5-SA-2012-001.patch
+
+ export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
+ export CPPFLAGS+=" -I/usr/include/et"
+ ./configure --prefix=/usr \
+ --mandir=/usr/share/man \
+ --localstatedir=/var/lib \
+ --enable-shared \
+ --with-system-et \
+ --with-system-ss \
+ --disable-rpath \
+ --without-tcl \
+ --enable-dns-for-realm \
+ --with-ldap \
+ --without-system-verto
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}/src"
+ make DESTDIR="${pkgdir}" EXAMPLEDIR=/usr/share/doc/${pkgname}/examples install
+
+ # Fix FS#29889
+ install -m 644 plugins/kdb/ldap/libkdb_ldap/kerberos.{ldif,schema} "${pkgdir}"/usr/share/doc/${pkgname}/examples
+
+ # Sample KDC config file
+ install -dm 755 "${pkgdir}"/var/lib/krb5kdc
+ install -pm 644 config-files/kdc.conf "${pkgdir}"/var/lib/krb5kdc/kdc.conf
+
+ # Default configuration file
+ install -dm 755 "${pkgdir}"/etc
+ install -pm 644 config-files/krb5.conf "${pkgdir}"/etc/krb5.conf
+
+ install -dm 755 "${pkgdir}"/etc/rc.d
+ install -m 755 ../../krb5-{kdc,kadmind,kpropd} "${pkgdir}"/etc/rc.d
+
+ install -dm 755 "${pkgdir}"/usr/share/aclocal
+ install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal
+
+ install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+
+ # systemd stuff
+ install -dm 755 "${pkgdir}"/usr/lib/systemd/system
+ install -m 644 ../../krb5-{kadmind.service,kdc.service,kpropd.service,kpropd at .service,kpropd.socket} \
+ "${pkgdir}"/usr/lib/systemd/system
+}
Copied: krb5/repos/testing-i686/krb5-1.10.1-gcc47.patch (from rev 164357, krb5/trunk/krb5-1.10.1-gcc47.patch)
===================================================================
--- testing-i686/krb5-1.10.1-gcc47.patch (rev 0)
+++ testing-i686/krb5-1.10.1-gcc47.patch 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,11 @@
+diff -Naur krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y krb5-1.10.1/src/lib/krb5/krb/x-deltat.y
+--- krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y 2011-09-06 07:34:32.000000000 -0400
++++ krb5-1.10.1/src/lib/krb5/krb/x-deltat.y 2012-03-24 13:15:11.543551318 -0400
+@@ -44,6 +44,7 @@
+ #ifdef __GNUC__
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wuninitialized"
++#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
+ #endif
+
+ #include <ctype.h>
Copied: krb5/repos/testing-i686/krb5-kadmind (from rev 164357, krb5/trunk/krb5-kadmind)
===================================================================
--- testing-i686/krb5-kadmind (rev 0)
+++ testing-i686/krb5-kadmind 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/kadmind`
+case "$1" in
+ start)
+ stat_busy "Starting Kerberos Admin Daemon"
+ if [ -z "$PID" ]; then
+ /usr/sbin/kadmind
+ fi
+ if [ ! -z "$PID" -o $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon krb5-kadmind
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Kerberos Admin Daemon"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon krb5-kadmind
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+ ;;
+esac
+exit 0
Copied: krb5/repos/testing-i686/krb5-kadmind.service (from rev 164357, krb5/trunk/krb5-kadmind.service)
===================================================================
--- testing-i686/krb5-kadmind.service (rev 0)
+++ testing-i686/krb5-kadmind.service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Kerberos 5 administration server
+
+[Service]
+ExecStart=/usr/sbin/kadmind -nofork
+
+[Install]
+WantedBy=multi-user.target
Copied: krb5/repos/testing-i686/krb5-kdc (from rev 164357, krb5/trunk/krb5-kdc)
===================================================================
--- testing-i686/krb5-kdc (rev 0)
+++ testing-i686/krb5-kdc 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/krb5kdc`
+case "$1" in
+ start)
+ stat_busy "Starting Kerberos Authentication"
+ if [ -z "$PID" ]; then
+ /usr/sbin/krb5kdc
+ fi
+ if [ ! -z "$PID" -o $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon krb5-kdc
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Kerberos Authentication"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon krb5-kdc
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+ ;;
+esac
+exit 0
Copied: krb5/repos/testing-i686/krb5-kdc.service (from rev 164357, krb5/trunk/krb5-kdc.service)
===================================================================
--- testing-i686/krb5-kdc.service (rev 0)
+++ testing-i686/krb5-kdc.service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,9 @@
+[Unit]
+Description=Kerberos 5 KDC
+
+[Service]
+ExecStart=/usr/sbin/krb5kdc -n
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
Copied: krb5/repos/testing-i686/krb5-kpropd (from rev 164357, krb5/trunk/krb5-kpropd)
===================================================================
--- testing-i686/krb5-kpropd (rev 0)
+++ testing-i686/krb5-kpropd 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/kpropd`
+case "$1" in
+ start)
+ stat_busy "Starting Kerberos Database Propagation Daemon"
+ if [ -z "$PID" ]; then
+ /usr/sbin/kpropd -S
+ fi
+ if [ ! -z "$PID" -o $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon kpropd
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Kerberos Database Propagation Daemon"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon kpropd
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+ ;;
+esac
+exit 0
Copied: krb5/repos/testing-i686/krb5-kpropd.service (from rev 164357, krb5/trunk/krb5-kpropd.service)
===================================================================
--- testing-i686/krb5-kpropd.service (rev 0)
+++ testing-i686/krb5-kpropd.service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Kerberos 5 propagation server
+
+[Service]
+ExecStart=/usr/sbin/kpropd -S
+
+[Install]
+WantedBy=multi-user.target
Copied: krb5/repos/testing-i686/krb5-kpropd.socket (from rev 164357, krb5/trunk/krb5-kpropd.socket)
===================================================================
--- testing-i686/krb5-kpropd.socket (rev 0)
+++ testing-i686/krb5-kpropd.socket 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,9 @@
+[Unit]
+Description=Kerberos 5 propagation server
+
+[Socket]
+ListenStream=754
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
Copied: krb5/repos/testing-i686/krb5-kpropd at .service (from rev 164357, krb5/trunk/krb5-kpropd at .service)
===================================================================
--- testing-i686/krb5-kpropd at .service (rev 0)
+++ testing-i686/krb5-kpropd at .service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Kerberos 5 propagation server
+Conflicts=krb5-kpropd.service
+
+[Service]
+ExecStart=/usr/sbin/kpropd
+StandardInput=socket
+StandardError=syslog
Copied: krb5/repos/testing-x86_64/MITKRB5-SA-2012-001.patch (from rev 164357, krb5/trunk/MITKRB5-SA-2012-001.patch)
===================================================================
--- testing-x86_64/MITKRB5-SA-2012-001.patch (rev 0)
+++ testing-x86_64/MITKRB5-SA-2012-001.patch 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,61 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 23623fe..8ada9d0 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ krb5_enctype useenctype;
+ struct as_req_state *state;
+
+- state = malloc(sizeof(*state));
++ state = calloc(sizeof(*state), 1);
+ if (!state) {
+ (*respond)(arg, ENOMEM, NULL);
+ return;
+@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+ state->authtime = 0;
+ state->c_flags = 0;
+ state->req_pkt = req_pkt;
++ state->inner_body = NULL;
+ state->rstate = NULL;
+ state->sname = 0;
+ state->cname = 0;
+diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
+index 9d8cb34..d4ece3f 100644
+--- a/src/kdc/kdc_preauth.c
++++ b/src/kdc/kdc_preauth.c
+@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
+ continue;
+
+ }
+- if (request_contains_enctype(context, request, db_etype)) {
++ if (krb5_is_permitted_enctype(context, db_etype) &&
++ request_contains_enctype(context, request, db_etype)) {
+ retval = _make_etype_info_entry(context, client->princ,
+ client_key, db_etype,
+ &entry[i], etype_info2);
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index a43b291..94dad3a 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
+ return 0;
+ pa.magic = KV5M_PA_DATA;
+ pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
++ memset(&checksum, 0, sizeof(checksum));
+ retval = krb5_c_make_checksum(kdc_context,0, reply_key,
+ KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
+ if (retval != 0)
+diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
+index c4bf92e..367c894 100644
+--- a/src/lib/kdb/kdb_default.c
++++ b/src/lib/kdb/kdb_default.c
+@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
+ krb5_boolean saw_non_permitted = FALSE;
+
+ ret = 0;
++ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
++ return KRB5_KDB_NO_PERMITTED_KEY;
++
+ if (kvno == -1 && stype == -1 && ktype == -1)
+ kvno = 0;
+
Copied: krb5/repos/testing-x86_64/PKGBUILD (from rev 164357, krb5/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,97 @@
+# $Id$
+# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
+
+pkgname=krb5
+pkgver=1.10.2
+pkgrel=3
+pkgdesc="The Kerberos network authentication system"
+arch=('i686' 'x86_64')
+url="http://web.mit.edu/kerberos/"
+license=('custom')
+depends=('e2fsprogs' 'libldap' 'keyutils')
+makedepends=('perl')
+backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
+source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.10/${pkgname}-${pkgver}-signed.tar
+ krb5-1.10.1-gcc47.patch
+ krb5-kadmind
+ krb5-kadmind.service
+ krb5-kdc
+ krb5-kdc.service
+ krb5-kpropd
+ krb5-kpropd.service
+ krb5-kpropd at .service
+ krb5-kpropd.socket
+ MITKRB5-SA-2012-001.patch)
+sha1sums=('8b6e2c5bf0c65aacd368b3698add7888f2a7332d'
+ '78b759d566b1fdefd9bbcd06df14f07f12effe96'
+ '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
+ 'a2a01e7077d9e89cda3457ea0e216debb3dc353c'
+ '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
+ 'f5e4fa073e11b0fcb4e3098a5d58a4f791ec841e'
+ '7f402078fa65bb9ff1beb6cbbbb017450df78560'
+ '614401dd4ac18e310153240bb26eb32ff1e8cf5b'
+ '023a8164f8ee7066ac814486a68bc605e79f6101'
+ 'f3677d30dbbd7106c581379c2c6ebb1bf7738912'
+ '7b32dd24e68dc801efb8be280083e4d8067e392a')
+options=('!emptydirs')
+
+build() {
+ tar zxvf ${pkgname}-${pkgver}.tar.gz
+ cd "${srcdir}/${pkgname}-${pkgver}/src"
+
+ # With gcc47 : deltat.c:1694:12: error: 'yylval' may be used uninitialized
+ # in this function [-Werror=maybe-uninitialized]
+ # As this is generated code, just ignore the complaint.
+ patch -Np2 -i ../../krb5-1.10.1-gcc47.patch
+ rm lib/krb5/krb/deltat.c
+
+ # FS#25384
+ sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
+
+ # Fix KDC heap corruption and crash vulnerabilities
+ patch -Np2 -i ../../MITKRB5-SA-2012-001.patch
+
+ export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
+ export CPPFLAGS+=" -I/usr/include/et"
+ ./configure --prefix=/usr \
+ --mandir=/usr/share/man \
+ --localstatedir=/var/lib \
+ --enable-shared \
+ --with-system-et \
+ --with-system-ss \
+ --disable-rpath \
+ --without-tcl \
+ --enable-dns-for-realm \
+ --with-ldap \
+ --without-system-verto
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}/src"
+ make DESTDIR="${pkgdir}" EXAMPLEDIR=/usr/share/doc/${pkgname}/examples install
+
+ # Fix FS#29889
+ install -m 644 plugins/kdb/ldap/libkdb_ldap/kerberos.{ldif,schema} "${pkgdir}"/usr/share/doc/${pkgname}/examples
+
+ # Sample KDC config file
+ install -dm 755 "${pkgdir}"/var/lib/krb5kdc
+ install -pm 644 config-files/kdc.conf "${pkgdir}"/var/lib/krb5kdc/kdc.conf
+
+ # Default configuration file
+ install -dm 755 "${pkgdir}"/etc
+ install -pm 644 config-files/krb5.conf "${pkgdir}"/etc/krb5.conf
+
+ install -dm 755 "${pkgdir}"/etc/rc.d
+ install -m 755 ../../krb5-{kdc,kadmind,kpropd} "${pkgdir}"/etc/rc.d
+
+ install -dm 755 "${pkgdir}"/usr/share/aclocal
+ install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal
+
+ install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+
+ # systemd stuff
+ install -dm 755 "${pkgdir}"/usr/lib/systemd/system
+ install -m 644 ../../krb5-{kadmind.service,kdc.service,kpropd.service,kpropd at .service,kpropd.socket} \
+ "${pkgdir}"/usr/lib/systemd/system
+}
Copied: krb5/repos/testing-x86_64/krb5-1.10.1-gcc47.patch (from rev 164357, krb5/trunk/krb5-1.10.1-gcc47.patch)
===================================================================
--- testing-x86_64/krb5-1.10.1-gcc47.patch (rev 0)
+++ testing-x86_64/krb5-1.10.1-gcc47.patch 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,11 @@
+diff -Naur krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y krb5-1.10.1/src/lib/krb5/krb/x-deltat.y
+--- krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y 2011-09-06 07:34:32.000000000 -0400
++++ krb5-1.10.1/src/lib/krb5/krb/x-deltat.y 2012-03-24 13:15:11.543551318 -0400
+@@ -44,6 +44,7 @@
+ #ifdef __GNUC__
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wuninitialized"
++#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
+ #endif
+
+ #include <ctype.h>
Copied: krb5/repos/testing-x86_64/krb5-kadmind (from rev 164357, krb5/trunk/krb5-kadmind)
===================================================================
--- testing-x86_64/krb5-kadmind (rev 0)
+++ testing-x86_64/krb5-kadmind 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/kadmind`
+case "$1" in
+ start)
+ stat_busy "Starting Kerberos Admin Daemon"
+ if [ -z "$PID" ]; then
+ /usr/sbin/kadmind
+ fi
+ if [ ! -z "$PID" -o $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon krb5-kadmind
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Kerberos Admin Daemon"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon krb5-kadmind
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+ ;;
+esac
+exit 0
Copied: krb5/repos/testing-x86_64/krb5-kadmind.service (from rev 164357, krb5/trunk/krb5-kadmind.service)
===================================================================
--- testing-x86_64/krb5-kadmind.service (rev 0)
+++ testing-x86_64/krb5-kadmind.service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Kerberos 5 administration server
+
+[Service]
+ExecStart=/usr/sbin/kadmind -nofork
+
+[Install]
+WantedBy=multi-user.target
Copied: krb5/repos/testing-x86_64/krb5-kdc (from rev 164357, krb5/trunk/krb5-kdc)
===================================================================
--- testing-x86_64/krb5-kdc (rev 0)
+++ testing-x86_64/krb5-kdc 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/krb5kdc`
+case "$1" in
+ start)
+ stat_busy "Starting Kerberos Authentication"
+ if [ -z "$PID" ]; then
+ /usr/sbin/krb5kdc
+ fi
+ if [ ! -z "$PID" -o $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon krb5-kdc
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Kerberos Authentication"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon krb5-kdc
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+ ;;
+esac
+exit 0
Copied: krb5/repos/testing-x86_64/krb5-kdc.service (from rev 164357, krb5/trunk/krb5-kdc.service)
===================================================================
--- testing-x86_64/krb5-kdc.service (rev 0)
+++ testing-x86_64/krb5-kdc.service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,9 @@
+[Unit]
+Description=Kerberos 5 KDC
+
+[Service]
+ExecStart=/usr/sbin/krb5kdc -n
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
Copied: krb5/repos/testing-x86_64/krb5-kpropd (from rev 164357, krb5/trunk/krb5-kpropd)
===================================================================
--- testing-x86_64/krb5-kpropd (rev 0)
+++ testing-x86_64/krb5-kpropd 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# general config
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+PID=`pidof -o %PPID /usr/sbin/kpropd`
+case "$1" in
+ start)
+ stat_busy "Starting Kerberos Database Propagation Daemon"
+ if [ -z "$PID" ]; then
+ /usr/sbin/kpropd -S
+ fi
+ if [ ! -z "$PID" -o $? -gt 0 ]; then
+ stat_fail
+ else
+ add_daemon kpropd
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Kerberos Database Propagation Daemon"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon kpropd
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+ ;;
+esac
+exit 0
Copied: krb5/repos/testing-x86_64/krb5-kpropd.service (from rev 164357, krb5/trunk/krb5-kpropd.service)
===================================================================
--- testing-x86_64/krb5-kpropd.service (rev 0)
+++ testing-x86_64/krb5-kpropd.service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Kerberos 5 propagation server
+
+[Service]
+ExecStart=/usr/sbin/kpropd -S
+
+[Install]
+WantedBy=multi-user.target
Copied: krb5/repos/testing-x86_64/krb5-kpropd.socket (from rev 164357, krb5/trunk/krb5-kpropd.socket)
===================================================================
--- testing-x86_64/krb5-kpropd.socket (rev 0)
+++ testing-x86_64/krb5-kpropd.socket 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,9 @@
+[Unit]
+Description=Kerberos 5 propagation server
+
+[Socket]
+ListenStream=754
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
Copied: krb5/repos/testing-x86_64/krb5-kpropd at .service (from rev 164357, krb5/trunk/krb5-kpropd at .service)
===================================================================
--- testing-x86_64/krb5-kpropd at .service (rev 0)
+++ testing-x86_64/krb5-kpropd at .service 2012-07-31 18:56:29 UTC (rev 164358)
@@ -0,0 +1,8 @@
+[Unit]
+Description=Kerberos 5 propagation server
+Conflicts=krb5-kpropd.service
+
+[Service]
+ExecStart=/usr/sbin/kpropd
+StandardInput=socket
+StandardError=syslog
More information about the arch-commits
mailing list