Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=58844eed8c9768c1e5872c24484e355f0b4342ea
commit 58844eed8c9768c1e5872c24484e355f0b4342ea Author: kikadf <[email protected]> Date: Wed Aug 20 11:11:33 2014 +0200 krb5-1.10.1-2arcturus1-x86_64 * Fix CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, * CVE-2014-4345 diff --git a/source/lib-extra/krb5/CVE-2014-4341-4342.patch b/source/lib-extra/krb5/CVE-2014-4341-4342.patch new file mode 100644 index 0000000..e788db0 --- /dev/null +++ b/source/lib-extra/krb5/CVE-2014-4341-4342.patch @@ -0,0 +1,169 @@ +From fa1dd97d0e0919a446d7bc95ec8d79a544ac41ab Mon Sep 17 00:00:00 2001 +From: Greg Hudson <[email protected]> +Date: Thu, 19 Jun 2014 13:49:16 -0400 +Subject: Handle invalid RFC 1964 tokens [CVE-2014-4341...] + +Detect the following cases which would otherwise cause invalid memory +accesses and/or integer underflow: + +* An RFC 1964 token being processed by an RFC 4121-only context + [CVE-2014-4342] + +* A header with fewer than 22 bytes after the token ID or an + incomplete checksum [CVE-2014-4341 CVE-2014-4342] + +* A ciphertext shorter than the confounder [CVE-2014-4341] + +* A declared padding length longer than the plaintext [CVE-2014-4341] + +If we detect a bad pad byte, continue on to compute the checksum to +avoid creating a padding oracle, but treat the checksum as invalid +even if it compares equal. + +CVE-2014-4341: + +In MIT krb5, an unauthenticated remote attacker with the ability to +inject packets into a legitimately established GSSAPI application +session can cause a program crash due to invalid memory references +when attempting to read beyond the end of a buffer. + + CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C + +CVE-2014-4342: + +In MIT krb5 releases krb5-1.7 and later, an unauthenticated remote +attacker with the ability to inject packets into a legitimately +established GSSAPI application session can cause a program crash due +to invalid memory references when reading beyond the end of a buffer +or by causing a null pointer dereference. + + CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C + +[[email protected]: CVE summaries, CVSS] + +ticket: 7949 (new) +subject: Handle invalid RFC 1964 tokens [CVE-2014-4341 CVE-2014-4342] +taget_version: 1.12.2 +tags: pullup + +(cherry picked from commit fb99962cbd063ac04c9a9d2cc7c75eab73f3533d) + +Patch-Category: upstream +--- + src/lib/gssapi/krb5/k5unseal.c | 41 +++++++++++++++++++++++++++++++-------- + src/lib/gssapi/krb5/k5unsealiov.c | 9 ++++++++- + 2 files changed, 41 insertions(+), 9 deletions(-) + +diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c +index 9351980..98da0d2 100644 +--- a/src/lib/gssapi/krb5/k5unseal.c ++++ b/src/lib/gssapi/krb5/k5unseal.c +@@ -74,6 +74,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + int conflen = 0; + int signalg; + int sealalg; ++ int bad_pad = 0; + gss_buffer_desc token; + krb5_checksum cksum; + krb5_checksum md5cksum; +@@ -86,6 +87,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + krb5_ui_4 seqnum; + OM_uint32 retval; + size_t sumlen; ++ size_t padlen; + krb5_keyusage sign_usage = KG_USAGE_SIGN; + + if (toktype == KG_TOK_SEAL_MSG) { +@@ -93,18 +95,23 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + message_buffer->value = NULL; + } + +- /* get the sign and seal algorithms */ +- +- signalg = ptr[0] + (ptr[1]<<8); +- sealalg = ptr[2] + (ptr[3]<<8); +- + /* Sanity checks */ + +- if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) { ++ if (ctx->seq == NULL) { ++ /* ctx was established using a newer enctype, and cannot process RFC ++ * 1964 tokens. */ ++ *minor_status = 0; ++ return GSS_S_DEFECTIVE_TOKEN; ++ } ++ ++ if ((bodysize < 22) || (ptr[4] != 0xff) || (ptr[5] != 0xff)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + ++ signalg = ptr[0] + (ptr[1]<<8); ++ sealalg = ptr[2] + (ptr[3]<<8); ++ + if ((toktype != KG_TOK_SEAL_MSG) && + (sealalg != 0xffff)) { + *minor_status = 0; +@@ -153,6 +160,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + return GSS_S_DEFECTIVE_TOKEN; + } + ++ if ((size_t)bodysize < 14 + cksum_len) { ++ *minor_status = 0; ++ return GSS_S_DEFECTIVE_TOKEN; ++ } ++ + /* get the token parameters */ + + if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction, +@@ -210,7 +222,20 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + token.length = tmsglen; + } else { + conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype); +- token.length = tmsglen - conflen - plain[tmsglen-1]; ++ if (tmsglen < conflen) { ++ if (sealalg != 0xffff) ++ xfree(plain); ++ *minor_status = 0; ++ return(GSS_S_DEFECTIVE_TOKEN); ++ } ++ padlen = plain[tmsglen - 1]; ++ if (tmsglen - conflen < padlen) { ++ /* Don't error out yet, to avoid padding oracle attacks. We will ++ * treat this as a checksum failure later on. */ ++ padlen = 0; ++ bad_pad = 1; ++ } ++ token.length = tmsglen - conflen - padlen; + } + + if (token.length) { +@@ -423,7 +448,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + + /* compare the computed checksum against the transmitted checksum */ + +- if (code) { ++ if (code || bad_pad) { + if (toktype == KG_TOK_SEAL_MSG) + gssalloc_free(token.value); + *minor_status = 0; +diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c +index 986ee06..84ccd6b 100644 +--- a/src/lib/gssapi/krb5/k5unsealiov.c ++++ b/src/lib/gssapi/krb5/k5unsealiov.c +@@ -71,7 +71,14 @@ kg_unseal_v1_iov(krb5_context context, + return GSS_S_DEFECTIVE_TOKEN; + } + +- if (header->buffer.length < token_wrapper_len + 14) { ++ if (ctx->seq == NULL) { ++ /* ctx was established using a newer enctype, and cannot process RFC ++ * 1964 tokens. */ ++ *minor_status = 0; ++ return GSS_S_DEFECTIVE_TOKEN; ++ } ++ ++ if (header->buffer.length < token_wrapper_len + 22) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } diff --git a/source/lib-extra/krb5/CVE-2014-4343.patch b/source/lib-extra/krb5/CVE-2014-4343.patch new file mode 100644 index 0000000..587ca20 --- /dev/null +++ b/source/lib-extra/krb5/CVE-2014-4343.patch @@ -0,0 +1,67 @@ +From 95f0b44a98823ffb4e2f3084d6c1be190f664ab3 Mon Sep 17 00:00:00 2001 +From: David Woodhouse <[email protected]> +Date: Tue, 15 Jul 2014 12:54:15 -0400 +Subject: Fix double-free in SPNEGO [CVE-2014-4343] + +In commit cd7d6b08 ("Verify acceptor's mech in SPNEGO initiator") the +pointer sc->internal_mech became an alias into sc->mech_set->elements, +which should be considered constant for the duration of the SPNEGO +context. So don't free it. + +CVE-2014-4343: + +In MIT krb5 releases 1.10 and newer, an unauthenticated remote +attacker with the ability to spoof packets appearing to be from a +GSSAPI acceptor can cause a double-free condition in GSSAPI initiators +(clients) which are using the SPNEGO mechanism, by returning a +different underlying mechanism than was proposed by the initiator. At +this stage of the negotiation, the acceptor is unauthenticated, and +the acceptor's response could be spoofed by an attacker with the +ability to inject traffic to the initiator. + +Historically, some double-free vulnerabilities can be translated into +remote code execution, though the necessary exploits must be tailored +to the individual application and are usually quite +complicated. Double-frees can also be exploited to cause an +application crash, for a denial of service. However, most GSSAPI +client applications are not vulnerable, as the SPNEGO mechanism is not +used by default (when GSS_C_NO_OID is passed as the mech_type argument +to gss_init_sec_context()). The most common use of SPNEGO is for +HTTP-Negotiate, used in web browsers and other web clients. Most such +clients are believed to not offer HTTP-Negotiate by default, instead +requiring a whitelist of sites for which it may be used to be +configured. If the whitelist is configured to only allow +HTTP-Negotiate over TLS connections ("https://";), a successful +attacker must also spoof the web server's SSL certificate, due to the +way the WWW-Authenticate header is sent in a 401 (Unauthorized) +response message. Unfortunately, many instructions for enabling +HTTP-Negotiate in common web browsers do not include a TLS +requirement. + + CVSSv2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C + +[[email protected]: CVE summary and CVSSv2 vector] + +ticket: 7969 (new) +target_version: 1.12.2 +tags: pullup + +(cherry picked from commit f18ddf5d82de0ab7591a36e465bc24225776940f) + +Patch-Category: upstream +--- + src/lib/gssapi/spnego/spnego_mech.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index babb310..3539d8f 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -776,7 +776,6 @@ init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, + OM_uint32 tmpmin; + size_t i; + +- generic_gss_release_oid(&tmpmin, &sc->internal_mech); + gss_delete_sec_context(&tmpmin, &sc->ctx_handle, + GSS_C_NO_BUFFER); + diff --git a/source/lib-extra/krb5/CVE-2014-4344.patch b/source/lib-extra/krb5/CVE-2014-4344.patch new file mode 100644 index 0000000..06b373b --- /dev/null +++ b/source/lib-extra/krb5/CVE-2014-4344.patch @@ -0,0 +1,50 @@ +From d1896029b4ea918122215ab0e228bacffc8a330e Mon Sep 17 00:00:00 2001 +From: Greg Hudson <[email protected]> +Date: Tue, 15 Jul 2014 12:56:01 -0400 +Subject: Fix null deref in SPNEGO acceptor [CVE-2014-4344] + +When processing a continuation token, acc_ctx_cont was dereferencing +the initial byte of the token without checking the length. This could +result in a null dereference. + +CVE-2014-4344: + +In MIT krb5 1.5 and newer, an unauthenticated or partially +authenticated remote attacker can cause a NULL dereference and +application crash during a SPNEGO negotiation by sending an empty +token as the second or later context token from initiator to acceptor. +The attacker must provide at least one valid context token in the +security context negotiation before sending the empty token. This can +be done by an unauthenticated attacker by forcing SPNEGO to +renegotiate the underlying mechanism, or by using IAKERB to wrap an +unauthenticated AS-REQ as the first token. + + CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C + +[[email protected]: CVE summary, CVSSv2 vector] + +ticket: 7970 (new) +subject: NULL dereference in SPNEGO acceptor for continuation tokens [CVE-2014-4344] +target_version: 1.12.2 +tags: pullup + +(cherry picked from commit 524688ce87a15fc75f87efc8c039ba4c7d5c197b) + +Patch-Category: upstream +--- + src/lib/gssapi/spnego/spnego_mech.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index 3539d8f..c49f8ca 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -1423,7 +1423,7 @@ acc_ctx_cont(OM_uint32 *minstat, + + ptr = bufstart = buf->value; + #define REMAIN (buf->length - (ptr - bufstart)) +- if (REMAIN > INT_MAX) ++ if (REMAIN == 0 || REMAIN > INT_MAX) + return GSS_S_DEFECTIVE_TOKEN; + + /* diff --git a/source/lib-extra/krb5/CVE-2014-4345.patch b/source/lib-extra/krb5/CVE-2014-4345.patch new file mode 100644 index 0000000..843558a --- /dev/null +++ b/source/lib-extra/krb5/CVE-2014-4345.patch @@ -0,0 +1,65 @@ +From 7ba845148c0fd299c60eef68812628189ee718e7 Mon Sep 17 00:00:00 2001 +From: Tomas Kuthan <[email protected]> +Date: Fri, 1 Aug 2014 15:25:50 +0200 +Subject: Fix LDAP key data segmentation [CVE-2014-4345] + +For principal entries having keys with multiple kvnos (due to use of +-keepold), the LDAP KDB module makes an attempt to store all the keys +having the same kvno into a single krbPrincipalKey attribute value. +There is a fencepost error in the loop, causing currkvno to be set to +the just-processed value instead of the next kvno. As a result, the +second and all following groups of multiple keys by kvno are each +stored in two krbPrincipalKey attribute values. Fix the loop to use +the correct kvno value. + +CVE-2014-4345: + +In MIT krb5, when kadmind is configured to use LDAP for the KDC +database, an authenticated remote attacker can cause it to perform an +out-of-bounds write (buffer overrun) by performing multiple cpw +-keepold operations. An off-by-one error while copying key +information to the new database entry results in keys sharing a common +kvno being written to different array buckets, in an array whose size +is determined by the number of kvnos present. After sufficient +iterations, the extra writes extend past the end of the +(NULL-terminated) array. The NULL terminator is always written after +the end of the loop, so no out-of-bounds data is read, it is only +written. + +Historically, it has been possible to convert an out-of-bounds write +into remote code execution in some cases, though the necessary +exploits must be tailored to the individual application and are +usually quite complicated. Depending on the allocated length of the +array, an out-of-bounds write may also cause a segmentation fault +and/or application crash. + + CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C + +[[email protected]: clarified commit message] +[[email protected]: CVE summary, CVSSv2 vector] + +ticket: 7980 (new) +target_version: 1.12.2 +tags: pullup + +(cherry picked from commit 81c332e29f10887c6b9deb065f81ba259f4c7e03) + +Patch-Category: upstream +--- + src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +index 5546ba0..d5dbd46 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +@@ -436,7 +436,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, + j++; + last = i + 1; + +- currkvno = key_data[i].key_data_kvno; ++ if (i < n_key_data - 1) ++ currkvno = key_data[i + 1].key_data_kvno; + } + } + ret[num_versions] = NULL; diff --git a/source/lib-extra/krb5/FrugalBuild b/source/lib-extra/krb5/FrugalBuild index 3ea2246..0811dd2 100644 --- a/source/lib-extra/krb5/FrugalBuild +++ b/source/lib-extra/krb5/FrugalBuild @@ -3,7 +3,7 @@ pkgname=krb5 pkgver=1.10.1 -pkgrel=1 +pkgrel=2arcturus1 pkgdesc="Kerberos: The Network Authentication Protocol" url="http://web.mit.edu/kerberos/"; license="MIT licence" @@ -24,15 +24,28 @@ subdepends=('e2fsprogs db libgssglue') subgroups=('lib') subarchs=('i686 x86_64 arm') +# FSA fix *** +source=(${source[@]} CVE-2014-4341-4342.patch CVE-2014-4343.patch + CVE-2014-4344.patch CVE-2014-4345.patch + gcc47fix.patch) +sha1sums=(${sha1sums[@]} 'f6c18abd4d1c98af1090b2ae898e4c0f8920f3ad' \ + '2f3bd4fdd0f7f2be4c594e18e06bb9e328ae313d' \ + '73f008acdeacb3fc2ae27aff0c83ffc1548024cd' \ + 'c0ccb48f104a4be55f332c59462e5349804e318b' \ + '5f7fab402a03a63ff5e80ecfdb72cfbd13346f50') +# *********** + + build() { Fextract $pkgname-$pkgver.tar.gz - Fcd $pkgname-$pkgver/src + Fpatchall + cd src || Fdie export CPPFLAGS="$CPPFLAGS -I/usr/include/et" - Fbuild \ + Fmake \ --with-system-et \ --with-system-ss # --with-system-db \ - + Fmakeinstall Fsplit libkrb5 usr/lib/libgssapi_krb5.so* Fsplit libkrb5 usr/lib/libk5* Fsplit libkrb5 usr/lib/libkrb5.so.* diff --git a/source/lib-extra/krb5/gcc47fix.patch b/source/lib-extra/krb5/gcc47fix.patch new file mode 100644 index 0000000..d141d30 --- /dev/null +++ b/source/lib-extra/krb5/gcc47fix.patch @@ -0,0 +1,204 @@ +Index: trunk/src/lib/krb5/krb/deltat.c +=================================================================== +diff -u -N -r25163 -r25665 +--- trunk/src/lib/krb5/krb/deltat.c (.../deltat.c) (revision 25163) ++++ trunk/src/lib/krb5/krb/deltat.c (.../deltat.c) (revision 25665) +@@ -77,6 +77,7 @@ + #ifdef __GNUC__ + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wuninitialized" ++#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" + #endif + + #include <ctype.h> +@@ -163,7 +164,7 @@ + + + /* Line 189 of yacc.c */ +-#line 167 "deltat.c" ++#line 168 "deltat.c" + + /* Enabling traces. */ + #ifndef YYDEBUG +@@ -204,12 +205,12 @@ + { + + /* Line 214 of yacc.c */ +-#line 134 "x-deltat.y" ++#line 135 "x-deltat.y" + int val; + + + /* Line 214 of yacc.c */ +-#line 213 "deltat.c" ++#line 214 "deltat.c" + } YYSTYPE; + # define YYSTYPE_IS_TRIVIAL 1 + # define yystype YYSTYPE /* obsolescent; will be withdrawn */ +@@ -221,7 +222,7 @@ + + + /* Line 264 of yacc.c */ +-#line 225 "deltat.c" ++#line 226 "deltat.c" + + #ifdef short + # undef short +@@ -512,9 +513,9 @@ + /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ + static const yytype_uint8 yyrline[] = + { +- 0, 145, 145, 146, 146, 147, 147, 148, 148, 149, +- 150, 152, 153, 154, 155, 156, 157, 158, 159, 163, +- 164, 167, 168, 171, 172 ++ 0, 146, 146, 147, 147, 148, 148, 149, 149, 150, ++ 151, 153, 154, 155, 156, 157, 158, 159, 160, 164, ++ 165, 168, 169, 172, 173 + }; + #endif + +@@ -1442,107 +1443,107 @@ + case 6: + + /* Line 1464 of yacc.c */ +-#line 147 "x-deltat.y" ++#line 148 "x-deltat.y" + { (yyval.val) = - (yyvsp[(2) - (2)].val); ;} + break; + + case 9: + + /* Line 1464 of yacc.c */ +-#line 149 "x-deltat.y" ++#line 150 "x-deltat.y" + { (yyval.val) = (yyvsp[(2) - (2)].val); ;} + break; + + case 10: + + /* Line 1464 of yacc.c */ +-#line 150 "x-deltat.y" ++#line 151 "x-deltat.y" + { YYERROR; ;} + break; + + case 11: + + /* Line 1464 of yacc.c */ +-#line 152 "x-deltat.y" ++#line 153 "x-deltat.y" + { DO ((yyvsp[(1) - (3)].val), 0, 0, (yyvsp[(3) - (3)].val)); ;} + break; + + case 12: + + /* Line 1464 of yacc.c */ +-#line 153 "x-deltat.y" ++#line 154 "x-deltat.y" + { DO ( 0, (yyvsp[(1) - (3)].val), 0, (yyvsp[(3) - (3)].val)); ;} + break; + + case 13: + + /* Line 1464 of yacc.c */ +-#line 154 "x-deltat.y" ++#line 155 "x-deltat.y" + { DO ( 0, 0, (yyvsp[(1) - (3)].val), (yyvsp[(3) - (3)].val)); ;} + break; + + case 14: + + /* Line 1464 of yacc.c */ +-#line 155 "x-deltat.y" ++#line 156 "x-deltat.y" + { DO ( 0, 0, 0, (yyvsp[(1) - (2)].val)); ;} + break; + + case 15: + + /* Line 1464 of yacc.c */ +-#line 156 "x-deltat.y" ++#line 157 "x-deltat.y" + { DO ((yyvsp[(1) - (7)].val), (yyvsp[(3) - (7)].val), (yyvsp[(5) - (7)].val), (yyvsp[(7) - (7)].val)); ;} + break; + + case 16: + + /* Line 1464 of yacc.c */ +-#line 157 "x-deltat.y" ++#line 158 "x-deltat.y" + { DO ( 0, (yyvsp[(1) - (5)].val), (yyvsp[(3) - (5)].val), (yyvsp[(5) - (5)].val)); ;} + break; + + case 17: + + /* Line 1464 of yacc.c */ +-#line 158 "x-deltat.y" ++#line 159 "x-deltat.y" + { DO ( 0, (yyvsp[(1) - (3)].val), (yyvsp[(3) - (3)].val), 0); ;} + break; + + case 18: + + /* Line 1464 of yacc.c */ +-#line 159 "x-deltat.y" ++#line 160 "x-deltat.y" + { DO ( 0, 0, 0, (yyvsp[(1) - (1)].val)); ;} + break; + + case 20: + + /* Line 1464 of yacc.c */ +-#line 164 "x-deltat.y" ++#line 165 "x-deltat.y" + { if (HOUR_NOT_OK((yyvsp[(1) - (3)].val))) YYERROR; + DO_SUM((yyval.val), (yyvsp[(1) - (3)].val) * 3600, (yyvsp[(3) - (3)].val)); ;} + break; + + case 22: + + /* Line 1464 of yacc.c */ +-#line 168 "x-deltat.y" ++#line 169 "x-deltat.y" + { if (MIN_NOT_OK((yyvsp[(1) - (3)].val))) YYERROR; + DO_SUM((yyval.val), (yyvsp[(1) - (3)].val) * 60, (yyvsp[(3) - (3)].val)); ;} + break; + + case 23: + + /* Line 1464 of yacc.c */ +-#line 171 "x-deltat.y" ++#line 172 "x-deltat.y" + { (yyval.val) = 0; ;} + break; + + + + /* Line 1464 of yacc.c */ +-#line 1546 "deltat.c" ++#line 1547 "deltat.c" + default: break; + } + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); +@@ -1754,7 +1755,7 @@ + + + /* Line 1684 of yacc.c */ +-#line 174 "x-deltat.y" ++#line 175 "x-deltat.y" + + + #ifdef __GNUC__ +Index: trunk/src/lib/krb5/krb/x-deltat.y +=================================================================== +diff -u -N -r25163 -r25665 +--- trunk/src/lib/krb5/krb/x-deltat.y (.../x-deltat.y) (revision 25163) ++++ trunk/src/lib/krb5/krb/x-deltat.y (.../x-deltat.y) (revision 25665) +@@ -44,6 +44,7 @@ + #ifdef __GNUC__ + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wuninitialized" ++#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" + #endif + + #include <ctype.h> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
