Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-01-08 23:01:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-09-03 20:09:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-01-08 23:01:08.000000000 +0100 @@ -1,0 +2,36 @@ +Tue Jan 6 07:20:54 UTC 2015 - [email protected] + +- Update to krb5 1.13 + * Add support for accessing KDCs via an HTTPS proxy server using the + MS-KKDCP protocol. + * Add support for hierarchical incremental propagation, where slaves + can act as intermediates between an upstream master and other downstream + slaves. + * Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf + files in addition to /etc/gss/mech. + * Add support to the LDAP KDB module for binding to the LDAP server using + SASL. + * The KDC listens for TCP connections by default. + * Fix a minor key disclosure vulnerability where using the "keepold" option + to the kadmin randkey operation could return the old keys. [CVE-2014-5351] + * Add client support for the Kerberos Cache Manager protocol. If the host + is running a Heimdal kcm daemon, caches served by the daemon can be + accessed with the KCM: cache type. + * When built on OS X 10.7 and higher, use "KCM:" as the default cache type, + unless overridden by command-line options or krb5-config values. + * Add support for doing unlocked database dumps for the DB2 KDC back end, + which would allow the KDC and kadmind to continue accessing the database + during lengthy database dumps. +- Removed patches, useless or upstreamed + * krb5-1.9-kprop-mktemp.patch + * krb5-1.10-ksu-access.patch + * krb5-1.12-doxygen.patch + * bnc#897874-CVE-2014-5351.diff + * krb5-1.13-work-around-replay-cache-creation-race.patch + * krb5-1.10-kpasswd_tcp.patch +- Refreshed patches + * krb5-1.12-pam.patch + * krb5-1.12-selinux-label.patch + * krb5-1.7-doublelog.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2014-10-05 20:27:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-01-08 23:01:08.000000000 +0100 @@ -1,0 +2,36 @@ +Tue Jan 6 07:12:29 UTC 2015 - [email protected] + +- Update to krb5 1.13 + * Add support for accessing KDCs via an HTTPS proxy server using the + MS-KKDCP protocol. + * Add support for hierarchical incremental propagation, where slaves + can act as intermediates between an upstream master and other downstream + slaves. + * Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf + files in addition to /etc/gss/mech. + * Add support to the LDAP KDB module for binding to the LDAP server using + SASL. + * The KDC listens for TCP connections by default. + * Fix a minor key disclosure vulnerability where using the "keepold" option + to the kadmin randkey operation could return the old keys. [CVE-2014-5351] + * Add client support for the Kerberos Cache Manager protocol. If the host + is running a Heimdal kcm daemon, caches served by the daemon can be + accessed with the KCM: cache type. + * When built on OS X 10.7 and higher, use "KCM:" as the default cache type, + unless overridden by command-line options or krb5-config values. + * Add support for doing unlocked database dumps for the DB2 KDC back end, + which would allow the KDC and kadmind to continue accessing the database + during lengthy database dumps. +- Removed patches, useless or upstreamed + * krb5-1.9-kprop-mktemp.patch + * krb5-1.10-ksu-access.patch + * krb5-1.12-doxygen.patch + * bnc#897874-CVE-2014-5351.diff + * krb5-1.13-work-around-replay-cache-creation-race.patch + * krb5-1.10-kpasswd_tcp.patch +- Refreshed patches + * krb5-1.12-pam.patch + * krb5-1.12-selinux-label.patch + * krb5-1.7-doublelog.patch + +------------------------------------------------------------------- Old: ---- bnc#897874-CVE-2014-5351.diff krb5-1.10-kpasswd_tcp.patch krb5-1.10-ksu-access.patch krb5-1.12-doxygen.patch krb5-1.12.2.tar.gz krb5-1.13-work-around-replay-cache-creation-race.patch krb5-1.9-kprop-mktemp.patch New: ---- krb5-1.13.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.MFJ7W8/_old 2015-01-08 23:01:10.000000000 +0100 +++ /var/tmp/diff_new_pack.MFJ7W8/_new 2015-01-08 23:01:10.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.12.2 +%define srcRoot krb5-1.13 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.12.2 +Version: 1.13 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -72,17 +72,13 @@ Patch2: krb5-1.9-manpaths.dif Patch3: krb5-1.12-buildconf.patch Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch5: krb5-1.10-kpasswd_tcp.patch Patch6: krb5-1.6.3-ktutil-manpage.dif Patch7: krb5-1.7-doublelog.patch Patch8: krb5-1.12-api.patch -Patch9: krb5-1.9-kprop-mktemp.patch -Patch10: krb5-1.10-ksu-access.patch Patch11: krb5-1.12-ksu-path.patch Patch12: krb5-1.12-selinux-label.patch Patch13: krb5-1.9-debuginfo.patch Patch14: krb5-kvno-230379.patch -Patch20: krb5-1.12-doxygen.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -192,17 +188,13 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p0 %patch14 -p1 -%patch20 -p1 %build # needs to be re-generated @@ -276,6 +268,7 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 +mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ @@ -471,8 +464,6 @@ %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr -/usr/lib/mit/share/gnats -%{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 @@ -487,6 +478,7 @@ %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 +%dir %{_libdir}/krb5/plugins/tls %dir %{_localstatedir}/lib/kerberos/ %dir %{_localstatedir}/lib/kerberos/krb5kdc %dir %{_localstatedir}/lib/kerberos/krb5 @@ -522,6 +514,7 @@ %{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* +%{_libdir}/krb5/plugins/tls/* #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind @@ -578,6 +571,7 @@ %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 +%dir %{_libdir}/krb5/plugins/tls # add log directory %attr(0700,root,root) %dir /var/log/krb5 %doc %{krb5docdir}/README @@ -617,6 +611,7 @@ %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb +%dir %{_libdir}/krb5/plugins/tls %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict @@ -635,6 +630,7 @@ /usr/lib/mit/sbin/sserver /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so +%{_libdir}/krb5/plugins/tls/*.so %{_mandir}/man5/kdc.conf.5* %{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.MFJ7W8/_old 2015-01-08 23:01:10.000000000 +0100 +++ /var/tmp/diff_new_pack.MFJ7W8/_new 2015-01-08 23:01:10.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.12.2 +%define srcRoot krb5-1.13 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.12.2 +Version: 1.13 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -72,19 +72,13 @@ Patch2: krb5-1.9-manpaths.dif Patch3: krb5-1.12-buildconf.patch Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch5: krb5-1.10-kpasswd_tcp.patch Patch6: krb5-1.6.3-ktutil-manpage.dif Patch7: krb5-1.7-doublelog.patch Patch8: krb5-1.12-api.patch -Patch9: krb5-1.9-kprop-mktemp.patch -Patch10: krb5-1.10-ksu-access.patch Patch11: krb5-1.12-ksu-path.patch Patch12: krb5-1.12-selinux-label.patch Patch13: krb5-1.9-debuginfo.patch Patch14: krb5-kvno-230379.patch -Patch20: krb5-1.12-doxygen.patch -Patch21: bnc#897874-CVE-2014-5351.diff -Patch22: krb5-1.13-work-around-replay-cache-creation-race.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -194,19 +188,13 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p0 %patch14 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 %build # needs to be re-generated @@ -280,6 +268,7 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 +mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ @@ -475,8 +464,6 @@ %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr -/usr/lib/mit/share/gnats -%{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 @@ -491,6 +478,7 @@ %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 +%dir %{_libdir}/krb5/plugins/tls %dir %{_localstatedir}/lib/kerberos/ %dir %{_localstatedir}/lib/kerberos/krb5kdc %dir %{_localstatedir}/lib/kerberos/krb5 @@ -526,6 +514,7 @@ %{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* +%{_libdir}/krb5/plugins/tls/* #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind @@ -582,6 +571,7 @@ %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 +%dir %{_libdir}/krb5/plugins/tls # add log directory %attr(0700,root,root) %dir /var/log/krb5 %doc %{krb5docdir}/README @@ -621,6 +611,7 @@ %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb +%dir %{_libdir}/krb5/plugins/tls %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict @@ -639,6 +630,7 @@ /usr/lib/mit/sbin/sserver /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so +%{_libdir}/krb5/plugins/tls/*.so %{_mandir}/man5/kdc.conf.5* %{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* ++++++ krb5-1.12-pam.patch ++++++ --- /var/tmp/diff_new_pack.MFJ7W8/_old 2015-01-08 23:01:10.000000000 +0100 +++ /var/tmp/diff_new_pack.MFJ7W8/_new 2015-01-08 23:01:10.000000000 +0100 @@ -11,10 +11,9 @@ Originally RT#5939, though it's changed since then to perform the account and session management before dropping privileges. -diff -Naur krb5/src/aclocal.m4 krb5/src/aclocal.m4 ---- krb5/src/aclocal.m4 2014-01-13 17:12:47.509022000 +0100 -+++ krb5/src/aclocal.m4 2014-01-13 17:13:24.552689000 +0100 -@@ -1668,3 +1668,70 @@ +--- krb5-1.13.orig/src/aclocal.m4 ++++ krb5-1.13/src/aclocal.m4 +@@ -1671,3 +1671,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[ ])) ])dnl dnl @@ -85,9 +84,8 @@ +AC_SUBST(PAM_MAN) +AC_SUBST(NON_PAM_MAN) +])dnl -diff -Naur krb5/src/clients/ksu/main.c krb5/src/clients/ksu/main.c ---- krb5/src/clients/ksu/main.c 2014-01-13 17:12:44.864970000 +0100 -+++ krb5/src/clients/ksu/main.c 2014-01-13 17:13:24.563692000 +0100 +--- krb5-1.13.orig/src/clients/ksu/main.c ++++ krb5-1.13/src/clients/ksu/main.c @@ -26,6 +26,7 @@ * KSU was writen by: Ari Medvinsky, [email protected] */ @@ -107,15 +105,15 @@ /* globals */ char * prog_name; int auth_debug =0; -@@ -40,6 +45,7 @@ +@@ -40,6 +45,7 @@ char k5login_path[MAXPATHLEN]; char k5users_path[MAXPATHLEN]; char * gb_err = NULL; int quiet = 0; +int force_fork = 0; /***********/ - #define _DEF_CSH "/bin/csh" -@@ -584,6 +590,25 @@ + #define KS_TEMPORARY_CACHE "MEMORY:_ksu" +@@ -519,6 +525,25 @@ main (argc, argv) prog_name,target_user,client_name, source_user,ontty()); @@ -141,8 +139,8 @@ /* Run authorization as target.*/ if (krb5_seteuid(target_uid)) { com_err(prog_name, errno, _("while switching to target for " -@@ -648,6 +673,26 @@ - sweep_up(ksu_context, cc_target); +@@ -587,6 +612,26 @@ main (argc, argv) + com_err(prog_name,retval, _("while calling cc_filter")); exit(1); } +#ifdef USE_PAM @@ -167,8 +165,8 @@ +#endif } - if( some_rest_copy){ -@@ -717,6 +762,32 @@ + if (all_rest_copy){ +@@ -636,6 +681,32 @@ main (argc, argv) exit(1); } @@ -201,7 +199,7 @@ /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { perror("ksu: setgid"); -@@ -789,7 +860,7 @@ +@@ -733,7 +804,7 @@ main (argc, argv) fprintf(stderr, "program to be execed %s\n",params[0]); } @@ -210,7 +208,7 @@ execv(params[0], params); com_err(prog_name, errno, _("while trying to execv %s"), params[0]); sweep_up(ksu_context, cc_target); -@@ -819,16 +890,35 @@ +@@ -763,16 +834,35 @@ main (argc, argv) if (ret_pid == -1) { com_err(prog_name, errno, _("while calling waitpid")); } @@ -247,10 +245,9 @@ exit (1); } } -diff -Naur krb5/src/clients/ksu/Makefile.in krb5/src/clients/ksu/Makefile.in ---- krb5/src/clients/ksu/Makefile.in 2014-01-13 17:12:44.868981000 +0100 -+++ krb5/src/clients/ksu/Makefile.in 2014-01-13 17:13:24.580690000 +0100 -@@ -3,12 +3,14 @@ +--- krb5-1.13.orig/src/clients/ksu/Makefile.in ++++ krb5-1.13/src/clients/ksu/Makefile.in +@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S).. DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' KSU_LIBS=@KSU_LIBS@ @@ -265,7 +262,7 @@ $(srcdir)/heuristic.c \ $(srcdir)/xmalloc.c \ $(srcdir)/setenv.c -@@ -17,13 +19,17 @@ +@@ -17,13 +19,17 @@ OBJS = \ ccache.o \ authorization.o \ main.o \ @@ -284,9 +281,8 @@ clean:: $(RM) ksu -diff -Naur krb5/src/clients/ksu/pam.c krb5/src/clients/ksu/pam.c ---- krb5/src/clients/ksu/pam.c 1970-01-01 01:00:00.000000000 +0100 -+++ krb5/src/clients/ksu/pam.c 2014-01-13 17:13:24.589692000 +0100 +--- /dev/null ++++ krb5-1.13/src/clients/ksu/pam.c @@ -0,0 +1,389 @@ +/* + * src/clients/ksu/pam.c @@ -677,9 +673,8 @@ + return ret; +} +#endif -diff -Naur krb5/src/clients/ksu/pam.h krb5/src/clients/ksu/pam.h ---- krb5/src/clients/ksu/pam.h 1970-01-01 01:00:00.000000000 +0100 -+++ krb5/src/clients/ksu/pam.h 2014-01-13 17:13:24.595690000 +0100 +--- /dev/null ++++ krb5-1.13/src/clients/ksu/pam.h @@ -0,0 +1,57 @@ +/* + * src/clients/ksu/pam.h @@ -738,10 +733,9 @@ +int appl_pam_cred_init(void); +void appl_pam_cleanup(void); +#endif -diff -Naur krb5/src/configure.in krb5/src/configure.in ---- krb5/src/configure.in 2014-01-13 17:12:48.401059000 +0100 -+++ krb5/src/configure.in 2014-01-13 17:13:24.603693000 +0100 -@@ -1281,6 +1281,8 @@ +--- krb5-1.13.orig/src/configure.in ++++ krb5-1.13/src/configure.in +@@ -1285,6 +1285,8 @@ AC_SUBST([VERTO_VERSION]) AC_PATH_PROG(GROFF, groff) ++++++ krb5-1.12-selinux-label.patch ++++++ --- /var/tmp/diff_new_pack.MFJ7W8/_old 2015-01-08 23:01:10.000000000 +0100 +++ /var/tmp/diff_new_pack.MFJ7W8/_new 2015-01-08 23:01:10.000000000 +0100 @@ -31,9 +31,9 @@ Red Hat #273081), so switching to using them instead of matchpathcon(), which we used earlier, is some improvement. ---- krb5/src/aclocal.m4 -+++ krb5/src/aclocal.m4 -@@ -103,6 +103,7 @@ AC_SUBST_FILE(libnodeps_frag) +--- krb5-1.13.orig/src/aclocal.m4 ++++ krb5-1.13/src/aclocal.m4 +@@ -87,6 +87,7 @@ AC_SUBST_FILE(libnodeps_frag) dnl KRB5_AC_PRAGMA_WEAK_REF WITH_LDAP @@ -41,7 +41,7 @@ KRB5_LIB_PARAMS KRB5_AC_INITFINI KRB5_AC_ENABLE_THREADS -@@ -1791,3 +1792,51 @@ AC_SUBST(manlocalstatedir) +@@ -1738,3 +1739,51 @@ AC_SUBST(PAM_LIBS) AC_SUBST(PAM_MAN) AC_SUBST(NON_PAM_MAN) ])dnl @@ -93,9 +93,9 @@ +LIBS="$old_LIBS" +AC_SUBST(SELINUX_LIBS) +])dnl ---- krb5/src/config/pre.in -+++ krb5/src/config/pre.in -@@ -180,6 +180,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PREFIX@ +--- krb5-1.13.orig/src/config/pre.in ++++ krb5-1.13/src/config/pre.in +@@ -174,6 +174,7 @@ LD = $(PURE) @LD@ KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ @@ -103,7 +103,7 @@ INSTALL=@INSTALL@ INSTALL_STRIP= -@@ -379,7 +380,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) +@@ -394,7 +395,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) # HESIOD_LIBS is -lhesiod... HESIOD_LIBS = @HESIOD_LIBS@ @@ -112,9 +112,9 @@ KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on Mac OS X! ---- krb5/src/configure.in -+++ krb5/src/configure.in -@@ -1053,6 +1053,8 @@ fi +--- krb5-1.13.orig/src/configure.in ++++ krb5-1.13/src/configure.in +@@ -1287,6 +1287,8 @@ AC_PATH_PROG(GROFF, groff) KRB5_WITH_PAM @@ -123,18 +123,18 @@ # Make localedir work in autoconf 2.5x. if test "${localedir+set}" != set; then localedir='$(datadir)/locale' ---- krb5/src/include/k5-int.h -+++ krb5/src/include/k5-int.h -@@ -133,6 +133,7 @@ typedef unsigned char u_char; - typedef UINT64_TYPE krb5_ui_8; - typedef INT64_TYPE krb5_int64; +--- krb5-1.13.orig/src/include/k5-int.h ++++ krb5-1.13/src/include/k5-int.h +@@ -127,6 +127,7 @@ typedef unsigned char u_char; + #endif /* HAVE_SYS_TYPES_H */ + #endif /* KRB5_SYSTYPES__ */ +#include "k5-label.h" - #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ - #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ ---- krb5/src/include/k5-label.h -+++ krb5/src/include/k5-label.h + #include "k5-platform.h" + +--- /dev/null ++++ krb5-1.13/src/include/k5-label.h @@ -0,0 +1,32 @@ +#ifndef _KRB5_LABEL_H +#define _KRB5_LABEL_H @@ -168,8 +168,8 @@ +#define THREEPARAMOPEN(x,y,z) open(x,y,z) +#endif +#endif ---- krb5/src/include/krb5/krb5.hin -+++ krb5/src/include/krb5/krb5.hin +--- krb5-1.13.orig/src/include/krb5/krb5.hin ++++ krb5-1.13/src/include/krb5/krb5.hin @@ -87,6 +87,12 @@ #define THREEPARAMOPEN(x,y,z) open(x,y,z) #endif @@ -183,9 +183,9 @@ #define KRB5_OLD_CRYPTO #include <stdlib.h> ---- krb5/src/kadmin/dbutil/dump.c -+++ krb5/src/kadmin/dbutil/dump.c -@@ -376,12 +376,21 @@ create_ofile(char *ofile, char **tmpname +--- krb5-1.13.orig/src/kadmin/dbutil/dump.c ++++ krb5-1.13/src/kadmin/dbutil/dump.c +@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname { int fd = -1; FILE *f; @@ -207,7 +207,7 @@ if (fd == -1) goto error; -@@ -514,7 +514,7 @@ prep_ok_file(krb5_context context, char +@@ -194,7 +203,7 @@ prep_ok_file(krb5_context context, char return 0; } @@ -216,9 +216,9 @@ if (*fd == -1) { com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); exit_status++; ---- krb5/src/build-tools/krb5-config.in -+++ krb5/src/build-tools/krb5-config.in -@@ -38,6 +38,7 @@ RPATH_FLAG='@RPATH_FLAG@' +--- krb5-1.13.orig/src/build-tools/krb5-config.in ++++ krb5-1.13/src/build-tools/krb5-config.in +@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' DEFCCNAME='@DEFCCNAME@' DEFKTNAME='@DEFKTNAME@' DEFCKTNAME='@DEFCKTNAME@' @@ -226,7 +226,7 @@ LIBS='@LIBS@' GEN_LIB=@GEN_LIB@ -@@ -218,7 +219,7 @@ +@@ -262,7 +263,7 @@ if test -n "$do_libs"; then fi # If we ever support a flag to generate output suitable for static @@ -235,9 +235,9 @@ # here. echo $lib_flags ---- krb5/src/lib/kadm5/logger.c -+++ krb5/src/lib/kadm5/logger.c -@@ -425,7 +425,7 @@ krb5_klog_init(krb5_context kcontext, ch +--- krb5-1.13.orig/src/lib/kadm5/logger.c ++++ krb5-1.13/src/lib/kadm5/logger.c +@@ -423,7 +423,7 @@ krb5_klog_init(krb5_context kcontext, ch * Check for append/overwrite, then open the file. */ if (cp[4] == ':' || cp[4] == '=') { @@ -246,7 +246,7 @@ if (f) { set_cloexec_file(f); log_control.log_entries[i].lfu_filep = f; -@@ -961,7 +961,7 @@ krb5_klog_reopen(krb5_context kcontext) +@@ -959,7 +959,7 @@ krb5_klog_reopen(krb5_context kcontext) * In case the old logfile did not get moved out of the * way, open for append to prevent squashing the old logs. */ @@ -255,9 +255,9 @@ if (f) { set_cloexec_file(f); log_control.log_entries[lindex].lfu_filep = f; ---- krb5/src/lib/krb5/keytab/kt_file.c -+++ krb5/src/lib/krb5/keytab/kt_file.c -@@ -1050,7 +1050,7 @@ krb5_ktfileint_open(krb5_context context +--- krb5-1.13.orig/src/lib/krb5/keytab/kt_file.c ++++ krb5-1.13/src/lib/krb5/keytab/kt_file.c +@@ -1024,7 +1024,7 @@ krb5_ktfileint_open(krb5_context context KTCHECKLOCK(id); errno = 0; @@ -266,7 +266,7 @@ (mode == KRB5_LOCKMODE_EXCLUSIVE) ? fopen_mode_rbplus : fopen_mode_rb); if (!KTFILEP(id)) { -@@ -1058,7 +1058,7 @@ krb5_ktfileint_open(krb5_context context +@@ -1032,7 +1032,7 @@ krb5_ktfileint_open(krb5_context context /* try making it first time around */ k5_create_secure_file(context, KTFILENAME(id)); errno = 0; @@ -275,9 +275,9 @@ if (!KTFILEP(id)) goto report_errno; writevno = 1; ---- krb5/src/plugins/kdb/db2/adb_openclose.c -+++ krb5/src/plugins/kdb/db2/adb_openclose.c -@@ -201,7 +201,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char +--- krb5-1.13.orig/src/plugins/kdb/db2/adb_openclose.c ++++ krb5-1.13/src/plugins/kdb/db2/adb_openclose.c +@@ -147,7 +147,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char * POSIX systems */ lockp->lockinfo.filename = strdup(lockfilename); @@ -286,17 +286,17 @@ /* * maybe someone took away write permission so we could only * get shared locks? ---- krb5/src/plugins/kdb/db2/libdb2/btree/bt_open.c -+++ krb5/src/plugins/kdb/db2/libdb2/btree/bt_open.c +--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c ++++ krb5-1.13/src/plugins/kdb/db2/libdb2/btree/bt_open.c @@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8. - - #include "k5-platform.h" /* mkstemp? */ + #include <string.h> + #include <unistd.h> +#include "k5-int.h" #include "db-int.h" #include "btree.h" -@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, +@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, goto einval; } @@ -305,9 +305,9 @@ goto err; } else { ---- krb5/src/plugins/kdb/db2/libdb2/hash/hash.c -+++ krb5/src/plugins/kdb/db2/libdb2/hash/hash.c -@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 +--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/hash/hash.c ++++ krb5-1.13/src/plugins/kdb/db2/libdb2/hash/hash.c +@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 #include <assert.h> #endif @@ -324,9 +324,9 @@ RETURN_ERROR(errno, error0); (void)fcntl(hashp->fp, F_SETFD, 1); } ---- krb5/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -+++ krb5/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -@@ -179,7 +179,7 @@ done: +--- krb5-1.13.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c ++++ krb5-1.13/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +@@ -178,7 +178,7 @@ done: /* set password in the file */ old_mode = umask(0177); @@ -335,7 +335,7 @@ if (pfile == NULL) { com_err(me, errno, _("Failed to open file %s: %s"), file_name, strerror (errno)); -@@ -220,6 +220,9 @@ done: +@@ -219,6 +219,9 @@ done: * Delete the existing entry and add the new entry */ FILE *newfile; @@ -345,7 +345,7 @@ mode_t omask; -@@ -231,7 +234,13 @@ done: +@@ -230,7 +233,13 @@ done: } omask = umask(077); @@ -359,36 +359,8 @@ umask (omask); if (newfile == NULL) { com_err(me, errno, _("Error creating file %s"), tmp_file); ---- krb5/src/slave/kpropd.c -+++ krb5/src/slave/kpropd.c -@@ -437,6 +437,9 @@ void doit(fd) - krb5_enctype etype; - int database_fd; - char host[INET6_ADDRSTRLEN+1]; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - signal_wrapper(SIGALRM, alarm_handler); - alarm(params.iprop_resync_timeout); -@@ -515,9 +518,15 @@ void doit(fd) - free(name); - exit(1); - } -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(file); -+#endif - omask = umask(077); - lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600); - (void) umask(omask); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif - retval = krb5_lock_file(kpropd_context, lock_fd, - KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK); - if (retval) { ---- krb5/src/util/profile/prof_file.c -+++ krb5/src/util/profile/prof_file.c +--- krb5-1.13.orig/src/util/profile/prof_file.c ++++ krb5-1.13/src/util/profile/prof_file.c @@ -30,6 +30,7 @@ #endif @@ -397,7 +369,7 @@ struct global_shared_profile_data { /* This is the head of the global list of shared trees */ -@@ -418,7 +419,7 @@ static errcode_t write_data_to_file(prf_ +@@ -411,7 +412,7 @@ static errcode_t write_data_to_file(prf_ errno = 0; @@ -406,9 +378,9 @@ if (!f) { retval = errno; if (retval == 0) ---- krb5/src/util/support/Makefile.in -+++ krb5/src/util/support/Makefile.in -@@ -54,6 +54,7 @@ IPC_SYMS= \ +--- krb5-1.13.orig/src/util/support/Makefile.in ++++ krb5-1.13/src/util/support/Makefile.in +@@ -59,6 +59,7 @@ IPC_SYMS= \ STLIBOBJS= \ threads.o \ @@ -416,7 +388,7 @@ init-addrinfo.o \ plugins.o \ errors.o \ -@@ -108,7 +109,7 @@ SRCS=\ +@@ -131,7 +132,7 @@ SRCS=\ SHLIB_EXPDEPS = # Add -lm if dumping thread stats, for sqrt. @@ -425,8 +397,8 @@ DEPLIBS= ---- krb5/src/util/support/selinux.c -+++ krb5/src/util/support/selinux.c +--- /dev/null ++++ krb5-1.13/src/util/support/selinux.c @@ -0,0 +1,381 @@ +/* + * Copyright 2007,2008,2009,2011,2012,2013 Red Hat, Inc. All Rights Reserved. @@ -809,9 +781,9 @@ +} + +#endif ---- krb5/src/lib/krb5/rcache/rc_dfl.c -+++ krb5/src/lib/krb5/rcache/rc_dfl.c -@@ -813,6 +813,9 @@ krb5_rc_dfl_expunge_locked(krb5_context +--- krb5-1.13.orig/src/lib/krb5/rcache/rc_dfl.c ++++ krb5-1.13/src/lib/krb5/rcache/rc_dfl.c +@@ -794,6 +794,9 @@ krb5_rc_dfl_expunge_locked(krb5_context krb5_error_code retval = 0; krb5_rcache tmp; krb5_deltat lifespan = t->lifespan; /* save original lifespan */ @@ -821,7 +793,7 @@ if (! t->recovering) { name = t->name; -@@ -834,7 +837,17 @@ krb5_rc_dfl_expunge_locked(krb5_context +@@ -815,7 +818,17 @@ krb5_rc_dfl_expunge_locked(krb5_context retval = krb5_rc_resolve(context, tmp, 0); if (retval) goto cleanup; @@ -839,9 +811,9 @@ if (retval) goto cleanup; for (q = t->a; q; q = q->na) { ---- krb5/src/lib/krb5/ccache/cc_dir.c -+++ krb5/src/lib/krb5/ccache/cc_dir.c -@@ -185,10 +185,19 @@ write_primary_file(const char *primary_p +--- krb5-1.13.orig/src/lib/krb5/ccache/cc_dir.c ++++ krb5-1.13/src/lib/krb5/ccache/cc_dir.c +@@ -183,10 +183,19 @@ write_primary_file(const char *primary_p char *newpath = NULL; FILE *fp = NULL; int fd = -1, status; @@ -861,7 +833,7 @@ if (fd < 0) goto cleanup; #ifdef HAVE_CHMOD -@@ -223,10 +232,23 @@ +@@ -221,10 +230,23 @@ static krb5_error_code verify_dir(krb5_context context, const char *dirname) { struct stat st; @@ -884,12 +856,12 @@ + if (status == 0) + return 0; + } - krb5_set_error_message(context, KRB5_FCC_NOFILE, - _("Credential cache directory %s does not " - "exist"), dirname); ---- krb5/src/lib/krb5/os/trace.c -+++ krb5/src/lib/krb5/os/trace.c -@@ -401,7 +401,7 @@ krb5_set_trace_filename(krb5_context con + k5_setmsg(context, KRB5_FCC_NOFILE, + _("Credential cache directory %s does not exist"), + dirname); +--- krb5-1.13.orig/src/lib/krb5/os/trace.c ++++ krb5-1.13/src/lib/krb5/os/trace.c +@@ -397,7 +397,7 @@ krb5_set_trace_filename(krb5_context con fd = malloc(sizeof(*fd)); if (fd == NULL) return ENOMEM; @@ -898,9 +870,9 @@ if (*fd == -1) { free(fd); return errno; ---- krb5/src/plugins/kdb/db2/kdb_db2.c -+++ krb5/src/plugins/kdb/db2/kdb_db2.c -@@ -683,8 +683,8 @@ +--- krb5-1.13.orig/src/plugins/kdb/db2/kdb_db2.c ++++ krb5-1.13/src/plugins/kdb/db2/kdb_db2.c +@@ -695,8 +695,8 @@ ctx_create_db(krb5_context context, krb5 if (retval) return retval; @@ -911,9 +883,9 @@ if (dbc->db_lf_file < 0) { retval = errno; goto cleanup; ---- krb5/src/plugins/kdb/db2/libdb2/recno/rec_open.c -+++ krb5/src/plugins/kdb/db2/libdb2/recno/rec_open.c -@@ -51,6 +51,7 @@ +--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c ++++ krb5-1.13/src/plugins/kdb/db2/libdb2/recno/rec_open.c +@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8 #include <stdio.h> #include <unistd.h> @@ -921,7 +893,7 @@ #include "db-int.h" #include "recno.h" -@@ -68,7 +69,8 @@ +@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo, int rfd = -1, sverrno; /* Open the user's file -- if this fails, we're done. */ @@ -931,9 +903,9 @@ return (NULL); if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { ---- krb5/src/kdc/main.c -+++ krb5/src/kdc/main.c -@@ -905,7 +905,7 @@ write_pid_file(const char *path) +--- krb5-1.13.orig/src/kdc/main.c ++++ krb5-1.13/src/kdc/main.c +@@ -847,7 +847,7 @@ write_pid_file(const char *path) FILE *file; unsigned long pid; @@ -942,20 +914,9 @@ if (file == NULL) return errno; pid = (unsigned long) getpid(); ---- krb5/src/lib/kdb/kdb_log.c -+++ krb5/src/lib/kdb/kdb_log.c -@@ -566,7 +566,7 @@ ulog_map(krb5_context context, const cha - if (caller == FKPROPLOG) - return errno; - -- ulogfd = open(logname, O_RDWR | O_CREAT, 0600); -+ ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600); - if (ulogfd == -1) - return errno; - ---- krb5/src/util/gss-kernel-lib/Makefile.in -+++ krb5/src/util/gss-kernel-lib/Makefile.in -@@ -60,6 +60,7 @@ HEADERS= \ +--- krb5-1.13.orig/src/util/gss-kernel-lib/Makefile.in ++++ krb5-1.13/src/util/gss-kernel-lib/Makefile.in +@@ -61,6 +61,7 @@ HEADERS= \ gssapi_err_generic.h \ k5-int.h \ k5-int-pkinit.h \ @@ -963,7 +924,7 @@ k5-thread.h \ k5-platform.h \ k5-buf.h \ -@@ -166,10 +167,12 @@ gssapi_generic.h: $(GSS_GENERIC)/gssapi_ +@@ -162,10 +163,12 @@ gssapi_generic.h: $(GSS_GENERIC)/gssapi_ $(CP) $(GSS_GENERIC)/gssapi_generic.h $@ gssapi_err_generic.h: $(GSS_GENERIC_BUILD)/gssapi_err_generic.h $(CP) $(GSS_GENERIC_BUILD)/gssapi_err_generic.h $@ @@ -977,3 +938,43 @@ k5-thread.h: $(INCLUDE)/k5-thread.h $(CP) $(INCLUDE)/k5-thread.h $@ k5-platform.h: $(INCLUDE)/k5-platform.h +--- krb5-1.13.orig/src/lib/kdb/kdb_log.c ++++ krb5-1.13/src/lib/kdb/kdb_log.c +@@ -464,7 +464,7 @@ ulog_map(krb5_context context, const cha + if (extend_file_to(ulogfd, filesize) < 0) + return errno; + } else { +- ulogfd = open(logname, O_RDWR, 0600); ++ ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600); + if (ulogfd == -1) + return errno; + } +--- krb5-1.13.orig/src/slave/kpropd.c ++++ krb5-1.13/src/slave/kpropd.c +@@ -460,7 +460,9 @@ doit(int fd) + krb5_enctype etype; + int database_fd; + char host[INET6_ADDRSTRLEN + 1]; +- ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + signal_wrapper(SIGALRM, alarm_handler); + alarm(params.iprop_resync_timeout); + fromlen = sizeof(from); +@@ -516,9 +518,15 @@ doit(int fd) + free(name); + exit(1); + } ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(file); ++#endif + omask = umask(077); + lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600); + (void)umask(omask); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif + retval = krb5_lock_file(kpropd_context, lock_fd, + KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK); + if (retval) { ++++++ krb5-1.12.2.tar.gz -> krb5-1.13.tar.gz ++++++ /work/SRC/openSUSE:Factory/krb5/krb5-1.12.2.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.13.tar.gz differ: char 5, line 1 ++++++ krb5-1.7-doublelog.patch ++++++ --- /var/tmp/diff_new_pack.MFJ7W8/_old 2015-01-08 23:01:10.000000000 +0100 +++ /var/tmp/diff_new_pack.MFJ7W8/_new 2015-01-08 23:01:10.000000000 +0100 @@ -5,13 +5,11 @@ src/include/Makefile.in | 2 ++ 1 file changed, 2 insertions(+) -Index: krb5-1.12.2/src/include/Makefile.in -=================================================================== ---- krb5-1.12.2.orig/src/include/Makefile.in 2014-08-30 23:08:41.000000000 +0100 -+++ krb5-1.12.2/src/include/Makefile.in 2014-08-30 23:09:04.000000000 +0100 -@@ -68,6 +68,8 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$( - -e "s+@GSSMODULEDIR+$(GSS_MODULE_DIR)+" \ +--- krb5-1.13.orig/src/include/Makefile.in ++++ krb5-1.13/src/include/Makefile.in +@@ -70,6 +70,8 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$( -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ + -e 's+@RUNSTATEDIR+$(RUNSTATEDIR)+' \ -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' \ + -e 's+:/etc/krb5.conf:/etc/krb5.conf"+:/etc/krb5.conf"+' \ + -e 's+"/etc/krb5.conf:/etc/krb5.conf"+"/etc/krb5.conf"+' \ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
