Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-04-05 09:26:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-03-08 11:20:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-04-05 09:26:20.000000000 +0200 @@ -1,0 +2,44 @@ +Thu Apr 4 15:10:19 CEST 2013 - [email protected] + +- add conflicts between krb5-mini-devel and krb5-devel + +------------------------------------------------------------------- +Tue Apr 2 17:32:08 CEST 2013 - [email protected] + +- add conflicts between krb5-mini and krb5 and krb5-client + +------------------------------------------------------------------- +Wed Mar 27 11:36:00 CET 2013 - [email protected] + +- enable selinux and set openssl as crypto implementation + +------------------------------------------------------------------- +Fri Mar 22 10:34:55 CET 2013 - [email protected] + +- fix path to executables in service files + (bnc#810926) + +------------------------------------------------------------------- +Fri Mar 15 11:14:21 CET 2013 - [email protected] + +- update to version 1.11.1 + * Improve ASN.1 support code, making it table-driven for + decoding as well as encoding + * Refactor parts of KDC + * Documentation consolidation + * build docs in the main package + * bugfixing +- changes of patches: + * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif: + upstream + * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif: + upstream + * krb5-1.10-gcc47.patch: upstream + * krb5-1.10-selinux-label.patch replaced by + krb5-1.11-selinux-label.patch + * krb5-1.10-spin-loop.patch: upstream + * krb5-1.3.5-perlfix.dif: the tool was removed from upstream + * krb5-1.8-pam.patch replaced by + krb5-1.11-pam.patch + +------------------------------------------------------------------- krb5.changes: same change Old: ---- bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif krb5-1.10-gcc47.patch krb5-1.10-selinux-label.patch krb5-1.10-spin-loop.patch krb5-1.10.2.tar.bz2 krb5-1.3.5-perlfix.dif krb5-1.8-manpaths.txt krb5-1.8-pam.patch krb5-doc-rpmlintrc krb5-doc.changes krb5-doc.spec New: ---- krb5-1.10-ksu-access.patch krb5-1.11-pam.patch krb5-1.11-selinux-label.patch krb5-1.11.1.tar.bz2 krb5-1.9-debuginfo.patch krb5-kvno-230379.patch krb5-lookup_etypes-leak.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.r2SnbF/_old 2013-04-05 09:26:24.000000000 +0200 +++ /var/tmp/diff_new_pack.r2SnbF/_new 2013-04-05 09:26:24.000000000 +0200 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.10.2 +%define srcRoot krb5-1.11.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -25,12 +25,13 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison +BuildRequires: doxygen BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.10.2 +Version: 1.11.1 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -39,6 +40,10 @@ BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +BuildRequires: python-Cheetah +BuildRequires: python-Sphinx +BuildRequires: python-libxml2 +BuildRequires: python-lxml %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(systemd) %endif @@ -46,28 +51,30 @@ %ifarch ppc64 Obsoletes: krb5-64bit %endif -# +Conflicts: krb5-mini +%else # -mini +Conflicts: krb5 +Conflicts: krb5-client %endif Source: krb5-%{version}.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc -Source10: krb5-1.8-manpaths.txt -Patch1: krb5-1.10-buildconf.patch -Patch3: krb5-1.9-manpaths.dif -Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch6: krb5-1.10-kpasswd_tcp.patch -Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch10: krb5-1.7-doublelog.patch -Patch12: krb5-1.8-api.patch -Patch13: krb5-1.8-pam.patch -Patch18: krb5-1.9-kprop-mktemp.patch -Patch19: krb5-1.9-ksu-path.patch -Patch20: krb5-1.10-gcc47.patch -Patch21: krb5-1.10-selinux-label.patch -Patch22: krb5-1.10-spin-loop.patch -Patch23: bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif -Patch24: bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif +Patch1: krb5-1.11-pam.patch +Patch2: krb5-1.9-manpaths.dif +Patch3: krb5-1.10-buildconf.patch +Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch5: krb5-1.10-kpasswd_tcp.patch +Patch6: krb5-1.6.3-ktutil-manpage.dif +Patch7: krb5-1.7-doublelog.patch +Patch8: krb5-1.8-api.patch +Patch9: krb5-1.9-kprop-mktemp.patch +Patch10: krb5-1.10-ksu-access.patch +Patch11: krb5-1.9-ksu-path.patch +Patch12: krb5-1.11-selinux-label.patch +Patch13: krb5-1.9-debuginfo.patch +Patch14: krb5-kvno-230379.patch +Patch15: krb5-lookup_etypes-leak.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -80,6 +87,7 @@ %if ! %{build_mini} %package client +Conflicts: krb5-mini Summary: MIT Kerberos5 implementation - client programs Group: Productivity/Networking/Security @@ -124,6 +132,16 @@ which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin. +%package doc +Summary: MIT Kerberos5 Implementation--Documentation +Group: Documentation/Other + +%description doc +Kerberos V5 is a trusted-third-party network authentication +system,which can improve your network's security by eliminating the +insecurepractice of clear text passwords. This package includes +extended documentation for MIT Kerberos. + %endif #! build_mini %package devel @@ -138,6 +156,9 @@ %endif %if %{build_mini} Provides: krb5-devel = %{version} +Conflicts: krb5-devel +%else +Conflicts: krb5-mini-devel %endif # @@ -150,27 +171,21 @@ %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch13 -p1 -%patch3 -p1 -%patch21 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 %patch10 -p1 +%patch11 -p1 %patch12 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -# Rename the man pages so that they'll get generated correctly. -pushd src -cat %{SOURCE10} | while read manpage ; do - mv "$manpage" "$manpage".in -done -popd +%patch13 -p0 +%patch14 -p1 +%patch15 -p1 %build # needs to be re-generated @@ -196,14 +211,21 @@ --with-ldap \ --with-pam \ --enable-pkinit \ - --with-selinux \ + --with-pkinit-crypto-impl=openssl \ %else --disable-pkinit \ --without-pam \ %endif + --with-selinux \ --with-system-et \ --with-system-ss make %{?jobs:-j%jobs} +%if ! 0%{?build_mini} +cd doc +make %{?jobs:-j%jobs} substhtml +cp -a html_subst ../../html +cd .. +%endif %install cd src @@ -279,8 +301,10 @@ # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* +#rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share/examples rm -rf %{buildroot}/usr/lib/mit/share/locale + ##################################################### # krb5(-mini) pre/post/postun ##################################################### @@ -356,13 +380,11 @@ %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libverto.so -%{_libdir}/libverto-k5ev.so %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr /usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* -%{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} @@ -401,7 +423,6 @@ %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %{_libdir}/krb5/plugins/kdb/* #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local @@ -438,7 +459,6 @@ %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/ksu.1* %{_mandir}/man1/sclient.1* %{_mandir}/man1/kadmin.1* @@ -474,7 +494,6 @@ %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %files server %defattr(-,root,root) @@ -514,6 +533,7 @@ /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so %{_mandir}/man5/kdc.conf.5* +%{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* @@ -549,7 +569,6 @@ %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/kadmin.1* %{_mandir}/man1/ktutil.1* %{_mandir}/man1/k5srvutil.1* @@ -582,6 +601,11 @@ %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so + +%files doc +%defattr(-,root,root) +%doc html doc/CHANGES doc/README + %endif #build_mini %changelog ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.r2SnbF/_old 2013-04-05 09:26:24.000000000 +0200 +++ /var/tmp/diff_new_pack.r2SnbF/_new 2013-04-05 09:26:24.000000000 +0200 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.10.2 +%define srcRoot krb5-1.11.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -25,12 +25,13 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison +BuildRequires: doxygen BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.10.2 +Version: 1.11.1 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -39,6 +40,10 @@ BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +BuildRequires: python-Cheetah +BuildRequires: python-Sphinx +BuildRequires: python-libxml2 +BuildRequires: python-lxml %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(systemd) %endif @@ -46,28 +51,30 @@ %ifarch ppc64 Obsoletes: krb5-64bit %endif -# +Conflicts: krb5-mini +%else # -mini +Conflicts: krb5 +Conflicts: krb5-client %endif Source: krb5-%{version}.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc -Source10: krb5-1.8-manpaths.txt -Patch1: krb5-1.10-buildconf.patch -Patch3: krb5-1.9-manpaths.dif -Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch6: krb5-1.10-kpasswd_tcp.patch -Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch10: krb5-1.7-doublelog.patch -Patch12: krb5-1.8-api.patch -Patch13: krb5-1.8-pam.patch -Patch18: krb5-1.9-kprop-mktemp.patch -Patch19: krb5-1.9-ksu-path.patch -Patch20: krb5-1.10-gcc47.patch -Patch21: krb5-1.10-selinux-label.patch -Patch22: krb5-1.10-spin-loop.patch -Patch23: bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif -Patch24: bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif +Patch1: krb5-1.11-pam.patch +Patch2: krb5-1.9-manpaths.dif +Patch3: krb5-1.10-buildconf.patch +Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch5: krb5-1.10-kpasswd_tcp.patch +Patch6: krb5-1.6.3-ktutil-manpage.dif +Patch7: krb5-1.7-doublelog.patch +Patch8: krb5-1.8-api.patch +Patch9: krb5-1.9-kprop-mktemp.patch +Patch10: krb5-1.10-ksu-access.patch +Patch11: krb5-1.9-ksu-path.patch +Patch12: krb5-1.11-selinux-label.patch +Patch13: krb5-1.9-debuginfo.patch +Patch14: krb5-kvno-230379.patch +Patch15: krb5-lookup_etypes-leak.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -80,6 +87,7 @@ %if ! %{build_mini} %package client +Conflicts: krb5-mini Summary: MIT Kerberos5 implementation - client programs Group: Productivity/Networking/Security @@ -124,6 +132,16 @@ which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin. +%package doc +Summary: MIT Kerberos5 Implementation--Documentation +Group: Documentation/Other + +%description doc +Kerberos V5 is a trusted-third-party network authentication +system,which can improve your network's security by eliminating the +insecurepractice of clear text passwords. This package includes +extended documentation for MIT Kerberos. + %endif #! build_mini %package devel @@ -138,6 +156,9 @@ %endif %if %{build_mini} Provides: krb5-devel = %{version} +Conflicts: krb5-devel +%else +Conflicts: krb5-mini-devel %endif # @@ -150,27 +171,21 @@ %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch13 -p1 -%patch3 -p1 -%patch21 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 %patch10 -p1 +%patch11 -p1 %patch12 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -# Rename the man pages so that they'll get generated correctly. -pushd src -cat %{SOURCE10} | while read manpage ; do - mv "$manpage" "$manpage".in -done -popd +%patch13 -p0 +%patch14 -p1 +%patch15 -p1 %build # needs to be re-generated @@ -196,14 +211,21 @@ --with-ldap \ --with-pam \ --enable-pkinit \ - --with-selinux \ + --with-pkinit-crypto-impl=openssl \ %else --disable-pkinit \ --without-pam \ %endif + --with-selinux \ --with-system-et \ --with-system-ss make %{?jobs:-j%jobs} +%if ! 0%{?build_mini} +cd doc +make %{?jobs:-j%jobs} substhtml +cp -a html_subst ../../html +cd .. +%endif %install cd src @@ -279,8 +301,10 @@ # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* +#rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share/examples rm -rf %{buildroot}/usr/lib/mit/share/locale + ##################################################### # krb5(-mini) pre/post/postun ##################################################### @@ -356,13 +380,11 @@ %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libverto.so -%{_libdir}/libverto-k5ev.so %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr /usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* -%{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} @@ -401,7 +423,6 @@ %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %{_libdir}/krb5/plugins/kdb/* #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local @@ -438,7 +459,6 @@ %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/ksu.1* %{_mandir}/man1/sclient.1* %{_mandir}/man1/kadmin.1* @@ -474,7 +494,6 @@ %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %files server %defattr(-,root,root) @@ -514,6 +533,7 @@ /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so %{_mandir}/man5/kdc.conf.5* +%{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* @@ -549,7 +569,6 @@ %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/kadmin.1* %{_mandir}/man1/ktutil.1* %{_mandir}/man1/k5srvutil.1* @@ -582,6 +601,11 @@ %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so + +%files doc +%defattr(-,root,root) +%doc html doc/CHANGES doc/README + %endif #build_mini %changelog ++++++ krb5-1.10-buildconf.patch ++++++ --- /var/tmp/diff_new_pack.r2SnbF/_old 2013-04-05 09:26:24.000000000 +0200 +++ /var/tmp/diff_new_pack.r2SnbF/_new 2013-04-05 09:26:24.000000000 +0200 @@ -4,10 +4,10 @@ apps which just want to link with the libraries. FIXME: needs to check and not just assume that the compiler supports using these flags. -Index: krb5-1.10.2/src/config/shlib.conf +Index: krb5-1.11/src/config/shlib.conf =================================================================== ---- krb5-1.10.2.orig/src/config/shlib.conf -+++ krb5-1.10.2/src/config/shlib.conf +--- krb5-1.11.orig/src/config/shlib.conf ++++ krb5-1.11/src/config/shlib.conf @@ -419,7 +419,7 @@ mips-*-netbsd*) SHLIBEXT=.so # Linux ld doesn't default to stuffing the SONAME field... @@ -27,11 +27,11 @@ CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' -Index: krb5-1.10.2/src/krb5-config.in +Index: krb5-1.11/src/krb5-config.in =================================================================== ---- krb5-1.10.2.orig/src/krb5-config.in -+++ krb5-1.10.2/src/krb5-config.in -@@ -189,6 +189,13 @@ if test -n "$do_libs"; then +--- krb5-1.11.orig/src/krb5-config.in ++++ krb5-1.11/src/krb5-config.in +@@ -221,6 +221,13 @@ if test -n "$do_libs"; then -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ -e 's#\$(CFLAGS)##'` @@ -45,11 +45,11 @@ if test $library = 'kdb'; then lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" library=krb5 -Index: krb5-1.10.2/src/config/pre.in +Index: krb5-1.11/src/config/pre.in =================================================================== ---- krb5-1.10.2.orig/src/config/pre.in -+++ krb5-1.10.2/src/config/pre.in -@@ -190,7 +190,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST +--- krb5-1.11.orig/src/config/pre.in ++++ krb5-1.11/src/config/pre.in +@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST INSTALL_SCRIPT=@INSTALL_PROGRAM@ INSTALL_DATA=@INSTALL_DATA@ INSTALL_SHLIB=@INSTALL_SHLIB@ ++++++ krb5-1.10-ksu-access.patch ++++++ The idea is to not complain about problems in the default ticket file if we couldn't read it, because the client would be able to tell if it's there or not, and we're implicitly letting the client tell us where it is. Still needs work, I think. Index: krb5-1.11.1/src/clients/ksu/ccache.c =================================================================== --- krb5-1.11.1.orig/src/clients/ksu/ccache.c +++ krb5-1.11.1/src/clients/ksu/ccache.c @@ -77,7 +77,7 @@ krb5_error_code krb5_ccache_copy (contex cc_def_name = krb5_cc_get_name(context, cc_def); cc_other_name = krb5_cc_get_name(context, *cc_other); - if ( ! stat(cc_def_name, &st_temp)){ + if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){ if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){ return retval; } Index: krb5-1.11.1/src/clients/ksu/heuristic.c =================================================================== --- krb5-1.11.1.orig/src/clients/ksu/heuristic.c +++ krb5-1.11.1/src/clients/ksu/heuristic.c @@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont cc_source_name = krb5_cc_get_name(context, cc); - if ( ! stat(cc_source_name, &st_temp)){ + if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){ retval = find_ticket(context, cc, client, end_server, &temp_found); if (retval) @@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe cc_source_name = krb5_cc_get_name(context, cc_source); - if (! stat(cc_source_name, &st_temp)) { + if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) { retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ); if (retval) return retval; Index: krb5-1.11.1/src/clients/ksu/main.c =================================================================== --- krb5-1.11.1.orig/src/clients/ksu/main.c +++ krb5-1.11.1/src/clients/ksu/main.c @@ -271,7 +271,7 @@ main (argc, argv) if ( strchr(cc_source_tag, ':')){ cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1; - if( stat( cc_source_tag_tmp, &st_temp)){ + if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){ com_err(prog_name, errno, _("while looking for credentials file %s"), cc_source_tag_tmp); ++++++ krb5-1.8-pam.patch -> krb5-1.11-pam.patch ++++++ --- /work/SRC/openSUSE:Factory/krb5/krb5-1.8-pam.patch 2012-06-10 21:52:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.11-pam.patch 2013-04-05 09:26:19.000000000 +0200 @@ -11,11 +11,11 @@ Originally RT#5939, though it's changed since then to perform the account and session management before dropping privileges. -Index: krb5-1.10.2/src/aclocal.m4 +Index: krb5-1.11.1/src/aclocal.m4 =================================================================== ---- krb5-1.10.2.orig/src/aclocal.m4 -+++ krb5-1.10.2/src/aclocal.m4 -@@ -1676,3 +1676,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[ +--- krb5-1.11.1.orig/src/aclocal.m4 ++++ krb5-1.11.1/src/aclocal.m4 +@@ -1664,3 +1664,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[ ])) ])dnl dnl @@ -86,10 +86,10 @@ +AC_SUBST(PAM_MAN) +AC_SUBST(NON_PAM_MAN) +])dnl -Index: krb5-1.10.2/src/clients/ksu/main.c +Index: krb5-1.11.1/src/clients/ksu/main.c =================================================================== ---- krb5-1.10.2.orig/src/clients/ksu/main.c -+++ krb5-1.10.2/src/clients/ksu/main.c +--- krb5-1.11.1.orig/src/clients/ksu/main.c ++++ krb5-1.11.1/src/clients/ksu/main.c @@ -26,6 +26,7 @@ * KSU was writen by: Ari Medvinsky, [email protected] */ @@ -249,10 +249,10 @@ exit (1); } } -Index: krb5-1.10.2/src/clients/ksu/Makefile.in +Index: krb5-1.11.1/src/clients/ksu/Makefile.in =================================================================== ---- krb5-1.10.2.orig/src/clients/ksu/Makefile.in -+++ krb5-1.10.2/src/clients/ksu/Makefile.in +--- krb5-1.11.1.orig/src/clients/ksu/Makefile.in ++++ krb5-1.11.1/src/clients/ksu/Makefile.in @@ -7,12 +7,14 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) @@ -287,10 +287,10 @@ clean:: $(RM) ksu -Index: krb5-1.10.2/src/clients/ksu/pam.c +Index: krb5-1.11.1/src/clients/ksu/pam.c =================================================================== --- /dev/null -+++ krb5-1.10.2/src/clients/ksu/pam.c ++++ krb5-1.11.1/src/clients/ksu/pam.c @@ -0,0 +1,389 @@ +/* + * src/clients/ksu/pam.c @@ -681,10 +681,10 @@ + return ret; +} +#endif -Index: krb5-1.10.2/src/clients/ksu/pam.h +Index: krb5-1.11.1/src/clients/ksu/pam.h =================================================================== --- /dev/null -+++ krb5-1.10.2/src/clients/ksu/pam.h ++++ krb5-1.11.1/src/clients/ksu/pam.h @@ -0,0 +1,57 @@ +/* + * src/clients/ksu/pam.h @@ -743,16 +743,16 @@ +int appl_pam_cred_init(void); +void appl_pam_cleanup(void); +#endif -Index: krb5-1.10.2/src/configure.in +Index: krb5-1.11.1/src/configure.in =================================================================== ---- krb5-1.10.2.orig/src/configure.in -+++ krb5-1.10.2/src/configure.in -@@ -1246,6 +1246,8 @@ if test "${localedir+set}" != set; then - fi - AC_SUBST(localedir) +--- krb5-1.11.1.orig/src/configure.in ++++ krb5-1.11.1/src/configure.in +@@ -1244,6 +1244,8 @@ AC_SUBST([VERTO_VERSION]) + + AC_PATH_PROG(GROFF, groff) +KRB5_WITH_PAM + - AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) - V5_AC_OUTPUT_MAKEFILE(. - + # Make localedir work in autoconf 2.5x. + if test "${localedir+set}" != set; then + localedir='$(datadir)/locale' ++++++ krb5-1.10-selinux-label.patch -> krb5-1.11-selinux-label.patch ++++++ ++++ 697 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/krb5/krb5-1.10-selinux-label.patch ++++ and /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.11-selinux-label.patch ++++++ krb5-1.10.2.tar.bz2 -> krb5-1.11.1.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/krb5/krb5-1.10.2.tar.bz2 /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.11.1.tar.bz2 differ: char 11, line 1 ++++++ krb5-1.6.3-ktutil-manpage.dif ++++++ --- /var/tmp/diff_new_pack.r2SnbF/_old 2013-04-05 09:26:24.000000000 +0200 +++ /var/tmp/diff_new_pack.r2SnbF/_new 2013-04-05 09:26:24.000000000 +0200 @@ -1,11 +1,11 @@ -Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M +Index: krb5-1.11/src/man/ktutil.man =================================================================== ---- krb5-1.6.3.orig/src/kadmin/ktutil/ktutil.M -+++ krb5-1.6.3/src/kadmin/ktutil/ktutil.M -@@ -63,5 +63,17 @@ Quits - Aliases: - .BR exit , - .BR q . +--- krb5-1.11.orig/src/man/ktutil.man ++++ krb5-1.11/src/man/ktutil.man +@@ -158,6 +158,18 @@ ktutil: + .fi + .UNINDENT + .UNINDENT +.SH REMARKS +Changes to the keytab are appended to the keytab file (i.e., the keytab file +is never overwritten). To directly modify a keytab, save the changes to a @@ -19,4 +19,5 @@ +ktutil> q +# mv /tmp/krb5.newtab /etc/krb5.keytab .SH SEE ALSO - kadmin(8), kdb5_util(8) + .sp + \fIkadmin(1)\fP, \fIkdb5_util(8)\fP ++++++ krb5-1.9-debuginfo.patch ++++++ We want to keep these y.tab.c files around because the debuginfo points to them. It would be more elegant at the end to use symbolic links, but that could mess up people working in the tree on other things. Index: src/kadmin/cli/Makefile.in =================================================================== --- src/kadmin/cli/Makefile.in.orig +++ src/kadmin/cli/Makefile.in @@ -40,3 +40,8 @@ clean-unix:: # CC_LINK is not meant for compilation and this use may break in the future. datetest: getdate.c $(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c + +%.c: %.y + $(RM) y.tab.c $@ + $(YACC.y) $< + $(CP) y.tab.c $@ Index: src/plugins/kdb/ldap/ldap_util/Makefile.in =================================================================== --- src/plugins/kdb/ldap/ldap_util/Makefile.in.orig +++ src/plugins/kdb/ldap/ldap_util/Makefile.in @@ -22,7 +22,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KR getdate.c: $(GETDATE) $(RM) getdate.c y.tab.c $(YACC) $(GETDATE) - $(MV) y.tab.c getdate.c + $(CP) y.tab.c getdate.c install:: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) ++++++ krb5-1.9-kprop-mktemp.patch ++++++ --- /var/tmp/diff_new_pack.r2SnbF/_old 2013-04-05 09:26:24.000000000 +0200 +++ /var/tmp/diff_new_pack.r2SnbF/_new 2013-04-05 09:26:24.000000000 +0200 @@ -1,10 +1,10 @@ Use an in-memory ccache to silence a compiler warning, for RT#6414. -Index: krb5-1.10.2/src/slave/kprop.c +Index: krb5-1.11/src/slave/kprop.c =================================================================== ---- krb5-1.10.2.orig/src/slave/kprop.c -+++ krb5-1.10.2/src/slave/kprop.c -@@ -186,9 +186,8 @@ void PRS(argc, argv) +--- krb5-1.11.orig/src/slave/kprop.c ++++ krb5-1.11/src/slave/kprop.c +@@ -187,9 +187,8 @@ void PRS(argc, argv) void get_tickets(context) krb5_context context; { @@ -15,7 +15,7 @@ krb5_keytab keytab = NULL; /* -@@ -229,11 +228,8 @@ void get_tickets(context) +@@ -230,11 +229,8 @@ void get_tickets(context) #endif /* ++++++ krb5-1.9-manpaths.dif ++++++ --- /var/tmp/diff_new_pack.r2SnbF/_old 2013-04-05 09:26:24.000000000 +0200 +++ /var/tmp/diff_new_pack.r2SnbF/_new 2013-04-05 09:26:24.000000000 +0200 @@ -3,206 +3,16 @@ these files should be renamed to their ".in" counterparts, and then the configure scripts should be rebuilt. Originally RT#6525 -Index: krb5-1.10.2/src/aclocal.m4 +Index: krb5-1.11/src/man/kpropd.man =================================================================== ---- krb5-1.10.2.orig/src/aclocal.m4 -+++ krb5-1.10.2/src/aclocal.m4 -@@ -1743,3 +1743,24 @@ AC_SUBST(PAM_LIBS) - AC_SUBST(PAM_MAN) - AC_SUBST(NON_PAM_MAN) - ])dnl -+AC_DEFUN(V5_AC_OUTPUT_MANPAGE,[ -+mansysconfdir=$sysconfdir -+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"` -+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"` -+mansbindir=$sbindir -+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"` -+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"` -+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"` -+manlocalstatedir=$localstatedir -+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"` -+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"` -+manlibexecdir=$libexecdir -+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"` -+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"` -+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"` -+AC_SUBST(mansysconfdir) -+AC_SUBST(mansbindir) -+AC_SUBST(manlocalstatedir) -+AC_SUBST(manlibexecdir) -+AC_CONFIG_FILES($1) -+]) -Index: krb5-1.10.2/src/configure.in -=================================================================== ---- krb5-1.10.2.orig/src/configure.in -+++ krb5-1.10.2/src/configure.in -@@ -1249,6 +1249,17 @@ AC_SUBST(localedir) - KRB5_WITH_PAM - - AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) -+ -+V5_AC_OUTPUT_MANPAGE([ -+ appl/sample/sserver/sserver.M -+ config-files/kdc.conf.M -+ config-files/krb5.conf.M -+ gen-manpages/kerberos.M -+ kadmin/cli/kadmin.M -+ slave/kpropd.M -+ slave/kprop.M -+]) -+ - V5_AC_OUTPUT_MAKEFILE(. - - util util/support util/profile util/profile/testmod util/send-pr -Index: krb5-1.10.2/src/appl/sample/sserver/sserver.M -=================================================================== ---- krb5-1.10.2.orig/src/appl/sample/sserver/sserver.M -+++ krb5-1.10.2/src/appl/sample/sserver/sserver.M -@@ -59,7 +59,7 @@ option allows for a different keytab tha - using a line in - /etc/inetd.conf that looks like this: - .PP --sample stream tcp nowait root /usr/local/sbin/sserver sserver -+sample stream tcp nowait root @mansbindir@/sserver sserver - .PP - Since \fBsample\fP is normally not a port defined in /etc/services, you will - usually have to add a line to /etc/services which looks like this: -Index: krb5-1.10.2/src/config-files/kdc.conf.M -=================================================================== ---- krb5-1.10.2.orig/src/config-files/kdc.conf.M -+++ krb5-1.10.2/src/config-files/kdc.conf.M -@@ -92,14 +92,14 @@ This - .B string - specifies the location of the access control list (acl) file that - kadmin uses to determine which principals are allowed which permissions --on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl. -+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl. - - .IP admin_keytab - This - .B string - Specifies the location of the keytab file that kadmin uses to - authenticate to the database. The default value is --/usr/local/var/krb5kdc/kadm5.keytab. -+@manlocalstatedir@/krb5kdc/kadm5.keytab. - - .IP database_name - This -@@ -274,7 +274,7 @@ tickets should be checked against the tr - realm names and the [capaths] section of its krb5.conf file - - .SH FILES --/usr/local/var/krb5kdc/kdc.conf -+@manlocalstatedir@/krb5kdc/kdc.conf - - .SH SEE ALSO - krb5.conf(5), krb5kdc(8) -Index: krb5-1.10.2/src/config-files/krb5.conf.M -=================================================================== ---- krb5-1.10.2.orig/src/config-files/krb5.conf.M -+++ krb5-1.10.2/src/config-files/krb5.conf.M -@@ -808,6 +808,6 @@ This module implements the encrypted cha - This module implements the encrypted timestamp mechanism. - - .SH FILES --/etc/krb5.conf -+@mansysconfdir@/krb5.conf - .SH SEE ALSO - syslog(3) -Index: krb5-1.10.2/src/gen-manpages/kerberos.M -=================================================================== ---- krb5-1.10.2.orig/src/gen-manpages/kerberos.M -+++ krb5-1.10.2/src/gen-manpages/kerberos.M -@@ -125,7 +125,7 @@ default is /etc/krb5.conf. - Specifies the location of the KDC configuration file, which contains - additional configuration directives for the Key Distribution Center - daemon and associated programs. The default is --/usr/local/var/krb5kdc/kdc.conf. -+@manlocalstatedir@/krb5kdc/kdc.conf. - .TP - .B KRB5RCACHETYPE - Specifies the default type of replay cache to use for servers. Valid -Index: krb5-1.10.2/src/kadmin/cli/kadmin.M -=================================================================== ---- krb5-1.10.2.orig/src/kadmin/cli/kadmin.M -+++ krb5-1.10.2/src/kadmin/cli/kadmin.M -@@ -924,9 +924,9 @@ option is specified, less verbose status - .RS - .TP - EXAMPLE: --kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin -+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin - Entry for principal kadmin/admin with kvno 3 removed -- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. -+ from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab. - kadmin: - .RE +--- krb5-1.11.orig/src/man/kpropd.man ++++ krb5-1.11/src/man/kpropd.man +@@ -63,7 +63,7 @@ the \fB/etc/inetd.conf\fP file which loo + .sp + .nf + .ft C +-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd ++kprop stream tcp nowait root @SBINDIR@/kpropd kpropd + .ft P .fi -Index: krb5-1.10.2/src/slave/kpropd.M -=================================================================== ---- krb5-1.10.2.orig/src/slave/kpropd.M -+++ krb5-1.10.2/src/slave/kpropd.M -@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of - This is done by adding a line to the inetd.conf file which looks like - this: - --kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd -+kprop stream tcp nowait root @mansbindir@/kpropd kpropd - - However, kpropd can also run as a standalone daemon, if the - .B \-S -@@ -111,13 +111,13 @@ is used. - \fB\-f\fP \fIfile\fP - specifies the filename where the dumped principal database file is to be - stored; by default the dumped database file is KPROPD_DEFAULT_FILE --(normally /usr/local/var/krb5kdc/from_master). -+(normally @manlocalstatedir@/krb5kdc/from_master). - .TP - .B \-p - allows the user to specify the pathname to the - .IR kdb5_util (8) - program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL --(normally /usr/local/sbin/kdb5_util). -+(normally @mansbindir@/kdb5_util). - .TP - .B \-S - turn on standalone mode. Normally, kpropd is invoked out of -@@ -148,14 +148,14 @@ mode. - allows the user to specify the path to the - kpropd.acl - file; by default the path used is KPROPD_ACL_FILE --(normally /usr/local/var/krb5kdc/kpropd.acl). -+(normally @manlocalstatedir@/krb5kdc/kpropd.acl). - .SH FILES - .TP "\w'kpropd.acl\ \ 'u" - kpropd.acl - Access file for - .BR kpropd ; - the default location is KPROPD_ACL_FILE (normally --/usr/local/var/krb5kdc/kpropd.acl). -+@manlocalstatedir@/krb5kdc/kpropd.acl). - Each entry is a line containing the principal of a host from which the - local machine will allow Kerberos database propagation via kprop. - .SH SEE ALSO -Index: krb5-1.10.2/src/slave/kprop.M -=================================================================== ---- krb5-1.10.2.orig/src/slave/kprop.M -+++ krb5-1.10.2/src/slave/kprop.M -@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv - This is done by transmitting the dumped database file to the slave - server over an encrypted, secure channel. The dump file must be created - by kdb5_util, and is normally KPROP_DEFAULT_FILE --(/usr/local/var/krb5kdc/slave_datatrans). -+(@manlocalstatedir@/krb5kdc/slave_datatrans). - .SH OPTIONS - .TP - \fB\-r\fP \fIrealm\fP -@@ -51,7 +51,7 @@ is used. - \fB\-f\fP \fIfile\fP - specifies the filename where the dumped principal database file is to be - found; by default the dumped database file is KPROP_DEFAULT_FILE --(normally /usr/local/var/krb5kdc/slave_datatrans). -+(normally @manlocalstatedir@/krb5kdc/slave_datatrans). - .TP - \fB\-P\fP \fIport\fP - specifies the port to use to contact the + .UNINDENT ++++++ krb5-kvno-230379.patch ++++++ >From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349, at http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted as needed to apply to 1.10. FIXME: I'd like to better handle cases where we have a new key with the right version stored later in the keytab file. Currently, we're setting up to overlook that possibility. Note that this only affects the path taken when krb5_rd_rep() is passed a server principal name, as without a server principal name it already tries all of the keys it finds in the keytab, regardless of version numbers. Index: krb5-1.11.1/src/kadmin/ktutil/ktutil.c =================================================================== --- krb5-1.11.1.orig/src/kadmin/ktutil/ktutil.c +++ krb5-1.11.1/src/kadmin/ktutil/ktutil.c @@ -140,7 +140,7 @@ void ktutil_add_entry(argc, argv) char *princ = NULL; char *enctype = NULL; krb5_kvno kvno = 0; - int use_pass = 0, use_key = 0, i; + int use_pass = 0, use_key = 0, use_kvno = 0, i; for (i = 1; i < argc; i++) { if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { @@ -149,6 +149,7 @@ void ktutil_add_entry(argc, argv) } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { kvno = (krb5_kvno) atoi(argv[++i]); + use_kvno++; continue; } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { @@ -165,7 +166,7 @@ void ktutil_add_entry(argc, argv) } } - if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) { + if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) { fprintf(stderr, _("usage: %s (-key | -password) -p principal " "-k kvno -e enctype\n"), argv[0]); return; Index: krb5-1.11.1/src/lib/krb5/keytab/kt_file.c =================================================================== --- krb5-1.11.1.orig/src/lib/krb5/keytab/kt_file.c +++ krb5-1.11.1/src/lib/krb5/keytab/kt_file.c @@ -376,7 +376,7 @@ krb5_ktfile_get_entry(krb5_context conte higher than that. Short-term workaround: only compare the low 8 bits. */ - if (new_entry.vno == (kvno & 0xff)) { + if (new_entry.vno == (kvno & 0xff) || new_entry.vno == IGNORE_VNO) { krb5_kt_free_entry(context, &cur_entry); cur_entry = new_entry; break; ++++++ krb5-lookup_etypes-leak.patch ++++++ Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(), we don't free entries when we're finished examining them. Ensure that when krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we exit the current loop iteration. (RT#7586) --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, goto cleanup; if (!krb5_c_valid_enctype(entry.key.enctype)) - continue; + goto next_entry; if (!krb5_principal_compare(context, entry.principal, client)) - continue; + goto next_entry; /* Make sure our list is for the highest kvno found for client. */ if (entry.vno > max_kvno) { free(etypes); @@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, count = 0; max_kvno = entry.vno; } else if (entry.vno != max_kvno) - continue; + goto next_entry; /* Leave room for the terminator and possibly a second entry. */ p = realloc(etypes, (count + 3) * sizeof(*etypes)); if (p == NULL) { + krb5_free_keytab_entry_contents(context, &entry); ret = ENOMEM; goto cleanup; } @@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab, entry.key.enctype == ENCTYPE_DES_CBC_MD4) etypes[count++] = ENCTYPE_DES_CBC_CRC; etypes[count] = 0; +next_entry: + krb5_free_keytab_entry_contents(context, &entry); } ret = 0; ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/kadmind.service new/vendor-files/kadmind.service --- old/vendor-files/kadmind.service 2012-10-05 15:20:26.000000000 +0200 +++ new/vendor-files/kadmind.service 2013-03-22 10:33:12.000000000 +0100 @@ -7,7 +7,7 @@ Type=forking PIDFile=/var/run/kadmind.pid EnvironmentFile=-/etc/sysconfig/kadmind -ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS +ExecStart=/usr/lib/mit/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS ExecReload=/bin/kill -HUP $MAINPID [Install] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/kpropd.service new/vendor-files/kpropd.service --- old/vendor-files/kpropd.service 2012-10-05 15:20:48.000000000 +0200 +++ new/vendor-files/kpropd.service 2013-03-22 10:34:00.000000000 +0100 @@ -5,7 +5,7 @@ [Service] Type=forking -ExecStart=/usr/sbin/kpropd -S +ExecStart=/usr/lib/mit/sbin/kpropd -S [Install] WantedBy=multi-user.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/krb5kdc.service new/vendor-files/krb5kdc.service --- old/vendor-files/krb5kdc.service 2012-10-05 15:11:08.000000000 +0200 +++ new/vendor-files/krb5kdc.service 2013-03-22 10:33:41.000000000 +0100 @@ -6,7 +6,7 @@ Type=forking PIDFile=/var/run/krb5kdc.pid EnvironmentFile=-/etc/sysconfig/krb5kdc -ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS +ExecStart=/usr/lib/mit/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS ExecReload=/bin/kill -HUP $MAINPID [Install] -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
