[packages/krb5] - up to 1.18.5
qboosh
qboosh at pld-linux.org
Fri Feb 9 21:44:20 CET 2024
commit d49e38d4d3ffc62cbbdbc3fff73a52af60f48ac0
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Fri Feb 9 21:36:17 2024 +0100
- up to 1.18.5
krb5-audit.patch | 22 +++++++++---------
krb5-config.patch | 12 +++++-----
krb5-ktany.patch | 16 ++++++-------
krb5-manpages.patch | 10 ++++-----
krb5-openssl.patch | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++
krb5-tests.patch | 16 +++++++------
krb5.spec | 12 +++++-----
7 files changed, 111 insertions(+), 42 deletions(-)
---
diff --git a/krb5.spec b/krb5.spec
index 34841c8..7af926d 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,12 +18,12 @@
Summary: Kerberos V5 System
Summary(pl.UTF-8): System Kerberos V5
Name: krb5
-Version: 1.18
+Version: 1.18.5
Release: 0.1
License: MIT
Group: Networking
Source0: http://web.mit.edu/kerberos/dist/krb5/1.18/%{name}-%{version}.tar.gz
-# Source0-md5: 69a5b165dac5754a5094627ee6df0def
+# Source0-md5: f7106ab1b5ee31c469f44ac0e64fadd8
Source2: %{name}kdc.init
Source4: kadm5.acl
Source5: kerberos.logrotate
@@ -40,6 +40,7 @@ Patch0: %{name}-manpages.patch
Patch1: %{name}-audit.patch
Patch2: %{name}-db185.patch
Patch3: %{name}-as-needed.patch
+Patch4: %{name}-openssl.patch
# http://lite.mit.edu/
Patch6: %{name}-ktany.patch
Patch11: %{name}-brokenrev.patch
@@ -337,8 +338,8 @@ Group: Libraries
Requires(post): /sbin/ldconfig
Requires(post,preun): grep
Requires(preun): coreutils
-Obsoletes: krb5-configs
-Obsoletes: krb5-lib
+Obsoletes: krb5-configs < 1.3
+Obsoletes: krb5-lib < 1.3
Conflicts: heimdal-libs < 0.8-0.rc7.2
%description libs
@@ -356,7 +357,7 @@ Requires: keyutils-devel
Requires: libcom_err-devel
Requires: libverto-devel
Conflicts: heimdal-devel
-Obsoletes: krb5-static
+Obsoletes: krb5-static < 1.15
%description devel
Header files for Kerberos V5 libraries and development documentation.
@@ -393,6 +394,7 @@ Dokumentacja systemu MIT Kerberos V5 w formacie HTML.
%patch1 -p1
%{?with_system_db:%patch2 -p1}
%patch3 -p1
+%patch4 -p1
%patch6 -p1
%patch11 -p1
%patch12 -p1
diff --git a/krb5-audit.patch b/krb5-audit.patch
index 24c3612..4b3a483 100644
--- a/krb5-audit.patch
+++ b/krb5-audit.patch
@@ -16,9 +16,9 @@
STOBJLISTS= OBJS.ST ../OBJS.ST
STLIBOBJS= au_simple_main.o
---- krb5-1.15/src/config/pre.in.orig 2016-12-01 23:31:24.000000000 +0100
-+++ krb5-1.15/src/config/pre.in 2017-02-18 20:50:40.537328544 +0100
-@@ -217,6 +217,8 @@
+--- krb5-1.18.5/src/config/pre.in.orig 2022-03-11 07:34:10.000000000 +0100
++++ krb5-1.18.5/src/config/pre.in 2024-02-09 17:12:29.044891572 +0100
+@@ -220,6 +220,8 @@ KRB5_PA_MODULE_DIR = $(MODULE_DIR)/preau
KRB5_AD_MODULE_DIR = $(MODULE_DIR)/authdata
KRB5_LIBKRB5_MODULE_DIR = $(MODULE_DIR)/libkrb5
KRB5_TLS_MODULE_DIR = $(MODULE_DIR)/tls
@@ -27,23 +27,23 @@
KRB5_LOCALEDIR = @localedir@
GSS_MODULE_DIR = @libdir@/gss
KRB5_INCSUBDIRS = \
-@@ -445,6 +445,8 @@
- TLS_IMPL_CFLAGS = @TLS_IMPL_CFLAGS@
- TLS_IMPL_LIBS = @TLS_IMPL_LIBS@
+@@ -447,6 +449,8 @@ TLS_IMPL_LIBS = @TLS_IMPL_LIBS@
+ # SPAKE preauth back-end libraries
+ SPAKE_OPENSSL_LIBS = @SPAKE_OPENSSL_LIBS@
+AUDIT_IMPL_LIBS = @AUDIT_IMPL_LIBS@
+
# Whether we have the SASL header file for the LDAP KDB module
HAVE_SASL = @HAVE_SASL@
---- krb5-1.15/src/Makefile.in.orig 2016-12-01 23:31:24.000000000 +0100
-+++ krb5-1.15/src/Makefile.in 2017-02-18 22:24:54.577263986 +0100
-@@ -64,7 +64,7 @@
+--- krb5-1.18.5/src/Makefile.in.orig 2024-02-09 17:09:02.332678095 +0100
++++ krb5-1.18.5/src/Makefile.in 2024-02-09 17:13:51.677777244 +0100
+@@ -70,7 +70,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO
$(KRB5_LIBDIR) $(KRB5_INCDIR) \
$(KRB5_DB_MODULE_DIR) $(KRB5_PA_MODULE_DIR) \
$(KRB5_AD_MODULE_DIR) \
- $(KRB5_LIBKRB5_MODULE_DIR) $(KRB5_TLS_MODULE_DIR) \
+ $(KRB5_LIBKRB5_MODULE_DIR) $(KRB5_TLS_MODULE_DIR) $(KRB5_AUDIT_MODULE_DIR) \
- @localstatedir@ @localstatedir@/krb5kdc \
- @runstatedir@ @runstatedir@/krb5kdc \
+ $(localstatedir) $(localstatedir)/krb5kdc \
+ $(runstatedir) $(runstatedir)/krb5kdc \
$(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \
diff --git a/krb5-config.patch b/krb5-config.patch
index ca1b7f2..81d89f4 100644
--- a/krb5-config.patch
+++ b/krb5-config.patch
@@ -1,12 +1,12 @@
---- krb5-1.12.1/src/build-tools/krb5-config.in.orig 2007-06-24 18:32:29.495026000 +0200
-+++ krb5-1.12.1/src/build-tools/krb5-config.in 2007-06-24 18:34:33.354085216 +0200
-@@ -35,7 +35,8 @@
- KRB4_LIB=@KRB4_LIB@
- DES425_LIB=@DES425_LIB@
+--- krb5-1.18.5/src/build-tools/krb5-config.in.orig 2024-02-09 18:34:31.674890065 +0100
++++ krb5-1.18.5/src/build-tools/krb5-config.in 2024-02-09 18:49:52.946565774 +0100
+@@ -33,7 +33,8 @@ includedir=@includedir@
+ libdir=@libdir@
+ CC_LINK='@CC_LINK@'
KDB5_DB_LIB=@KDB5_DB_LIB@
-LDFLAGS='@LDFLAGS@'
+LDFLAGS=
+CFLAGS=
RPATH_FLAG='@RPATH_FLAG@'
+ PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
- DL_LIB='@DL_LIB@'
diff --git a/krb5-ktany.patch b/krb5-ktany.patch
index b6c1764..bf4ebee 100644
--- a/krb5-ktany.patch
+++ b/krb5-ktany.patch
@@ -316,29 +316,29 @@
+ free(data->choices);
+ free(data);
+}
---- krb5-1.4/src/lib/krb5/keytab/Makefile.in.ktany 2004-05-27 23:44:32.000000000 -0400
-+++ krb5-1.4/src/lib/krb5/keytab/Makefile.in 2005-02-18 10:38:09.000000000 -0500
-@@ -14,6 +14,7 @@
+--- krb5-1.18.5/src/lib/krb5/keytab/Makefile.in.orig 2024-02-09 17:14:18.800963639 +0100
++++ krb5-1.18.5/src/lib/krb5/keytab/Makefile.in 2024-02-09 17:15:19.937299102 +0100
+@@ -12,6 +12,7 @@ STLIBOBJS= \
ktfr_entry.o \
ktremove.o \
ktfns.o \
+ kt_any.o \
kt_file.o \
- kt_srvtab.o \
+ kt_memory.o \
read_servi.o
-@@ -25,6 +26,7 @@
+@@ -23,6 +24,7 @@ OBJS= \
$(OUTPRE)ktfr_entry.$(OBJEXT) \
$(OUTPRE)ktremove.$(OBJEXT) \
$(OUTPRE)ktfns.$(OBJEXT) \
+ $(OUTPRE)kt_any.$(OBJEXT) \
$(OUTPRE)kt_file.$(OBJEXT) \
- $(OUTPRE)kt_srvtab.$(OBJEXT) \
+ $(OUTPRE)kt_memory.$(OBJEXT) \
$(OUTPRE)read_servi.$(OBJEXT)
-@@ -36,6 +38,7 @@
+@@ -34,6 +36,7 @@ SRCS= \
$(srcdir)/ktfr_entry.c \
$(srcdir)/ktremove.c \
$(srcdir)/ktfns.c \
+ $(srcdir)/kt_any.c \
$(srcdir)/kt_file.c \
- $(srcdir)/kt_srvtab.c \
+ $(srcdir)/kt_memory.c \
$(srcdir)/read_servi.c
diff --git a/krb5-manpages.patch b/krb5-manpages.patch
index 7ab533a..0d1cd4e 100644
--- a/krb5-manpages.patch
+++ b/krb5-manpages.patch
@@ -9,9 +9,9 @@
.ft P
.fi
.UNINDENT
---- krb5-1.15/src/man/kpropd.man.orig 2016-12-01 23:31:25.000000000 +0100
-+++ krb5-1.15/src/man/kpropd.man 2017-02-01 21:32:44.744070801 +0100
-@@ -65,7 +65,7 @@
+--- krb5-1.18.5/src/man/kpropd.man.orig 2022-03-11 07:34:10.000000000 +0100
++++ krb5-1.18.5/src/man/kpropd.man 2024-02-09 17:07:52.703055311 +0100
+@@ -67,7 +67,7 @@ the \fB/etc/inetd.conf\fP file which loo
.sp
.nf
.ft C
@@ -20,12 +20,12 @@
.ft P
.fi
.UNINDENT
-@@ -146,7 +146,7 @@
+@@ -152,7 +152,7 @@ kpropd uses the following environment va
.TP
.B kpropd.acl
Access file for kpropd; the default location is
-\fB/usr/local/var/krb5kdc/kpropd.acl\fP\&. Each entry is a line
+\fB/var/lib/kerberos/krb5kdc/kpropd.acl\fP\&. Each entry is a line
containing the principal of a host from which the local machine
- will allow Kerberos database propagation via \fIkprop(8)\fP\&.
+ will allow Kerberos database propagation via kprop(8)\&.
.UNINDENT
diff --git a/krb5-openssl.patch b/krb5-openssl.patch
new file mode 100644
index 0000000..c4972b9
--- /dev/null
+++ b/krb5-openssl.patch
@@ -0,0 +1,65 @@
+--- krb5-1.18.5/src/tests/softpkcs11/main.c.orig 2022-03-11 07:34:10.000000000 +0100
++++ krb5-1.18.5/src/tests/softpkcs11/main.c 2024-02-09 19:44:41.605416248 +0100
+@@ -427,7 +427,7 @@ add_pubkey_info(struct st_object *o, CK_
+ RSA *rsa;
+ const BIGNUM *n, *e;
+
+- rsa = EVP_PKEY_get0_RSA(key);
++ rsa = (RSA*)EVP_PKEY_get0_RSA(key);
+ RSA_get0_key(rsa, &n, &e, NULL);
+ modulus_bits = BN_num_bits(n);
+
+@@ -680,7 +680,7 @@ add_certificate(char *label,
+ /* XXX verify keytype */
+
+ if (key_type == CKK_RSA)
+- RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
++ RSA_set_method((RSA*)EVP_PKEY_get0_RSA(o->u.private_key.key),
+ RSA_PKCS1_OpenSSL());
+
+ if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
+@@ -1224,7 +1224,7 @@ C_Login(CK_SESSION_HANDLE hSession,
+ }
+
+ /* XXX check keytype */
+- RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
++ RSA_set_method((RSA*)EVP_PKEY_get0_RSA(o->u.private_key.key),
+ RSA_PKCS1_OpenSSL());
+
+ if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) {
+@@ -1512,7 +1512,7 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
+ return CKR_ARGUMENTS_BAD;
+ }
+
+- rsa = EVP_PKEY_get0_RSA(o->u.public_key);
++ rsa = (RSA*)EVP_PKEY_get0_RSA(o->u.public_key);
+
+ if (rsa == NULL)
+ return CKR_ARGUMENTS_BAD;
+@@ -1663,7 +1663,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+ return CKR_ARGUMENTS_BAD;
+ }
+
+- rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
++ rsa = (RSA*)EVP_PKEY_get0_RSA(o->u.private_key.key);
+
+ if (rsa == NULL)
+ return CKR_ARGUMENTS_BAD;
+@@ -1822,7 +1822,7 @@ C_Sign(CK_SESSION_HANDLE hSession,
+ return CKR_ARGUMENTS_BAD;
+ }
+
+- rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
++ rsa = (RSA*)EVP_PKEY_get0_RSA(o->u.private_key.key);
+
+ if (rsa == NULL)
+ return CKR_ARGUMENTS_BAD;
+@@ -1969,7 +1969,7 @@ C_Verify(CK_SESSION_HANDLE hSession,
+ return CKR_ARGUMENTS_BAD;
+ }
+
+- rsa = EVP_PKEY_get0_RSA(o->u.public_key);
++ rsa = (RSA*)EVP_PKEY_get0_RSA(o->u.public_key);
+
+ if (rsa == NULL)
+ return CKR_ARGUMENTS_BAD;
diff --git a/krb5-tests.patch b/krb5-tests.patch
index 8b36a1d..d8db5f8 100644
--- a/krb5-tests.patch
+++ b/krb5-tests.patch
@@ -13,11 +13,11 @@
install:
---- krb5-1.6.3/src/plugins/kdb/db2/libdb2/test/run.test~ 2007-11-21 17:52:04.000000000 +0100
-+++ krb5-1.6.3/src/plugins/kdb/db2/libdb2/test/run.test 2007-11-21 17:58:16.000000000 +0100
-@@ -12,17 +12,7 @@
- TMP2=${TMPDIR-.}/t2
+--- krb5-1.18.5/src/plugins/kdb/db2/libdb2/test/run.test.orig 2024-02-09 17:15:55.150441669 +0100
++++ krb5-1.18.5/src/plugins/kdb/db2/libdb2/test/run.test 2024-02-09 18:29:53.379731052 +0100
+@@ -15,17 +15,7 @@ main()
TMP3=${TMPDIR-.}/t3
+ BINFILES=${TMPDIR-.}/binfiles
- if [ \! -z "$WORDLIST" -a -f "$WORDLIST" ]; then
- DICT=$WORDLIST
@@ -110,9 +110,9 @@
ccinit: ccinit.o $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o ccinit ccinit.o $(KRB5_BASE_LIBS)
---- krb5-1.18/src/tests/Makefile.in.orig 2020-02-28 17:33:18.939450491 +0100
-+++ krb5-1.18/src/tests/Makefile.in 2020-02-28 18:37:16.285328472 +0100
-@@ -98,87 +98,91 @@
+--- krb5-1.18.5/src/tests/Makefile.in.orig 2024-02-09 18:30:44.222788945 +0100
++++ krb5-1.18.5/src/tests/Makefile.in 2024-02-09 18:33:57.485075287 +0100
+@@ -98,88 +98,92 @@ krb5.conf: Makefile
mv krb5.new krb5.conf
kdb_check: kdc.conf krb5.conf
@@ -197,6 +197,7 @@
- $(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
- $(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS)
- $(RUNPYTEST) $(srcdir)/t_cve-2013-1417.py $(PYTESTFLAGS)
+- $(RUNPYTEST) $(srcdir)/t_cve-2021-36222.py $(PYTESTFLAGS)
- $(RM) au.log
- $(RUNPYTEST) $(srcdir)/t_audit.py $(PYTESTFLAGS)
+ if [ "$(OFFLINE)" = no ]; then \
@@ -237,6 +238,7 @@
+ $(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS) && \
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS) && \
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1417.py $(PYTESTFLAGS) && \
++ $(RUNPYTEST) $(srcdir)/t_cve-2021-36222.py $(PYTESTFLAGS) && \
+ $(RM) au.log && \
+ $(RUNPYTEST) $(srcdir)/t_audit.py $(PYTESTFLAGS) && \
$(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/krb5.git/commitdiff/d49e38d4d3ffc62cbbdbc3fff73a52af60f48ac0
More information about the pld-cvs-commit
mailing list