Changeset 35775


Ignore:
Timestamp:
2013-02-25T13:45:58+01:00 (5 years ago)
Author:
jogo
Message:

AA: packages: krb5: update to 1.11

Backport of r35700.

Signed-off-by: Jonas Gorski <jogo@…>

Location:
branches/packages_12.09/net/krb5
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed
  • branches/packages_12.09/net/krb5/Makefile

    r32361 r35775  
    22 
    33PKG_NAME:=krb5 
    4 PKG_VERSION:=1.8 
    5 PKG_RELEASE:=2 
     4PKG_VERSION:=1.11 
     5PKG_RELEASE:=1 
    66 
    77PKG_SOURCE:=krb5-$(PKG_VERSION)-signed.tar 
    88PKG_SOURCE_URL:=http://web.mit.edu/kerberos/dist/krb5/$(PKG_VERSION)/ 
    9 PKG_MD5SUM:=74257d68373a8df8b9391fc093d594be 
     9PKG_MD5SUM:=1a13c53899806c4da99a798a04d25545 
    1010 
    1111PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) 
     
    4848endef 
    4949 
    50 define Package/krb5/decription 
     50define Package/krb5/description 
    5151        Kerberos 
    5252endef 
     
    5757        tar xf "$(DL_DIR)/$(PKG_SOURCE)" -C "$(BUILD_DIR)" 
    5858        tar xzf "$(BUILD_DIR)/krb5-$(PKG_VERSION).tar.gz" -C "$(BUILD_DIR)" 
    59         patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-krb5kdc-dir-to-etc.patch" 
    60         patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/002-MITKRB5-SA-2011-002.patch" 
     59        patch -p1 -d "$(PKG_BUILD_DIR)" < "$(PATCH_DIR)/001-fix-build-warning.patch" 
    6160endef 
    6261 
     
    7271 
    7372CONFIGURE_ARGS += \ 
    74         --enable-thread-support \ 
    75         --without-krb4 \ 
    7673        --without-tcl \ 
    77         --disable-ipv6 
     74        --without-libedit \ 
     75        --localstatedir=/etc 
    7876 
    7977define Build/InstallDev 
     
    114112        $(INSTALL_DIR) $(1)/etc/init.d 
    115113        $(INSTALL_BIN) ./files/krb5kdc $(1)/etc/init.d/krb5kdc 
    116         $(INSTALL_DIR) $(1)/usr/bin 
    117         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin 
     114#       $(INSTALL_DIR) $(1)/usr/bin 
     115#       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sclient $(1)/usr/bin 
    118116        $(INSTALL_DIR) $(1)/usr/sbin 
    119117        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmin.local $(1)/usr/sbin 
    120 #       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin 
     118        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kadmind $(1)/usr/sbin 
    121119        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kdb5_util $(1)/usr/sbin 
    122120#       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/kprop $(1)/usr/sbin 
  • branches/packages_12.09/net/krb5/files/krb5kdc

    r19124 r35775  
    1111         
    1212        /usr/sbin/krb5kdc 
     13        /usr/sbin/kadmind 
    1314} 
    1415 
    1516stop() { 
    1617        killall krb5kdc 2> /dev/null 
     18        killall kadmind 2> /dev/null 
    1719} 
  • branches/packages_12.09/net/krb5/patches/001-krb5kdc-dir-to-etc.patch

    r23471 r35775  
    1 diff -u --recursive krb5-1.8-vanilla/src/include/osconf.hin krb5-1.8/src/include/osconf.hin 
    2 --- krb5-1.8-vanilla/src/include/osconf.hin     2010-04-01 16:28:29.408661301 -0500 
    3 +++ krb5-1.8/src/include/osconf.hin     2010-04-01 16:30:52.235467788 -0500 
    4 @@ -61,14 +61,14 @@ 
    5  #define DEFAULT_LNAME_FILENAME  "@PREFIX/lib/krb5.aname" 
    6  #endif /* _WINDOWS  */ 
    7   
    8 -#define DEFAULT_KDB_FILE        "@LOCALSTATEDIR/krb5kdc/principal" 
    9 -#define DEFAULT_KEYFILE_STUB    "@LOCALSTATEDIR/krb5kdc/.k5." 
    10 -#define KRB5_DEFAULT_ADMIN_ACL  "@LOCALSTATEDIR/krb5kdc/krb5_adm.acl" 
    11 +#define DEFAULT_KDB_FILE        "/etc/krb5kdc/principal" 
    12 +#define DEFAULT_KEYFILE_STUB    "/etc/krb5kdc/.k5." 
    13 +#define KRB5_DEFAULT_ADMIN_ACL  "/etc/krb5kdc/krb5_adm.acl" 
    14  /* Used by old admin server */ 
    15 -#define DEFAULT_ADMIN_ACL       "@LOCALSTATEDIR/krb5kdc/kadm_old.acl" 
    16 +#define DEFAULT_ADMIN_ACL       "/etc/krb5kdc/kadm_old.acl" 
    17   
    18  /* Location of KDC profile */ 
    19 -#define DEFAULT_KDC_PROFILE     "@LOCALSTATEDIR/krb5kdc/kdc.conf" 
    20 +#define DEFAULT_KDC_PROFILE     "/etc/krb5kdc/kdc.conf" 
    21  #define KDC_PROFILE_ENV         "KRB5_KDC_PROFILE" 
    22   
    23  #if TARGET_OS_MAC 
    24 @@ -97,8 +97,8 @@ 
    25  /* 
    26   * Defaults for the KADM5 admin system. 
    27   */ 
    28 -#define DEFAULT_KADM5_KEYTAB    "@LOCALSTATEDIR/krb5kdc/kadm5.keytab" 
    29 -#define DEFAULT_KADM5_ACL_FILE  "@LOCALSTATEDIR/krb5kdc/kadm5.acl" 
    30 +#define DEFAULT_KADM5_KEYTAB    "/etc/krb5kdc/kadm5.keytab" 
    31 +#define DEFAULT_KADM5_ACL_FILE  "/etc/krb5kdc/kadm5.acl" 
    32  #define DEFAULT_KADM5_PORT      749 /* assigned by IANA */ 
    33   
    34  #define KRB5_DEFAULT_SUPPORTED_ENCTYPES                 \ 
    35 @@ -123,13 +123,13 @@ 
    36   * krb5 slave support follows 
    37   */ 
    38   
    39 -#define KPROP_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/slave_datatrans" 
    40 -#define KPROPD_DEFAULT_FILE "@LOCALSTATEDIR/krb5kdc/from_master" 
    41 +#define KPROP_DEFAULT_FILE "/etc/krb5kdc/slave_datatrans" 
    42 +#define KPROPD_DEFAULT_FILE "/etc/krb5kdc/from_master" 
    43  #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util" 
    44  #define KPROPD_DEFAULT_KDB5_EDIT "@SBINDIR/kdb5_edit" 
    45  #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop" 
    46  #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE 
    47 -#define KPROPD_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kpropd.acl" 
    48 +#define KPROPD_ACL_FILE "/etc/krb5kdc/kpropd.acl" 
    49   
    50  /* 
    51   * GSS mechglue 
  • branches/packages_12.09/net/krb5/patches/002-MITKRB5-SA-2011-002.patch

    r25549 r35775  
    1 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h 
    2 index 1ca09b4..60caf3d 100644 
    3 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h 
    4 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h 
    5 @@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er 
    6  #define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) 
    7   
    8  #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \ 
    9 -    do {                                                                \ 
    10 -        st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ 
    11 -        if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ 
    12 -            tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ 
    13 -            if (ldap_server_handle)                                     \ 
    14 -                ld = ldap_server_handle->ldap_handle;                   \ 
    15 -        }                                                               \ 
    16 -    }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ 
    17 +    tempst = 0;                                                         \ 
    18 +    st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL,     \ 
    19 +                           NULL, &timelimit, LDAP_NO_LIMIT, &result);   \ 
    20 +    if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ 
    21 +        tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle);   \ 
    22 +        if (ldap_server_handle)                                         \ 
    23 +            ld = ldap_server_handle->ldap_handle;                       \ 
    24 +        if (tempst == 0)                                                \ 
    25 +            st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0,   \ 
    26 +                                   NULL, NULL, &timelimit,              \ 
    27 +                                   LDAP_NO_LIMIT, &result);             \ 
    28 +    }                                                                   \ 
    29                                                                          \ 
    30      if (status_check != IGNORE_STATUS) {                                \ 
    31          if (tempst != 0) {                                              \ 
    32 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c 
    33 index 82b0333..84e80ee 100644 
    34 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c 
    35 +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c 
    36 @@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context, 
    37  { 
    38      krb5_ldap_server_handle     *handle = *ldap_server_handle; 
    39   
    40 +    ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); 
    41      if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) 
    42          || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) 
    43          return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); 
    44 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 
    45 index f549e23..b70940f 100644 
    46 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 
    47 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 
    48 @@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context, 
    49       * portion, then the first portion of the principal name SHOULD be 
    50       * "krbtgt".  All this check is done in the immediate block. 
    51       */ 
    52 -    if (searchfor->length == 2) 
    53 -        if ((strncasecmp(searchfor->data[0].data, "krbtgt", 
    54 -                         FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && 
    55 -            (strncasecmp(searchfor->data[1].data, defrealm, 
    56 -                         FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) 
    57 +    if (searchfor->length == 2) { 
    58 +        if (data_eq_string(searchfor->data[0], "krbtgt") && 
    59 +            data_eq_string(searchfor->data[1], defrealm)) 
    60              return 0; 
    61 +    } 
    62   
    63      /* first check the length, if they are not equal, then they are not same */ 
    64      if (strlen(defrealm) != searchfor->realm.length) 
    65 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 
    66 index 7ad31da..626ed1f 100644 
    67 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 
    68 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 
    69 @@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, 
    70                          unsigned int flags, krb5_db_entry *entries, 
    71                          int *nentries, krb5_boolean *more) 
    72  { 
    73 -    char                        *user=NULL, *filter=NULL, **subtree=NULL; 
    74 +    char                        *user=NULL, *filter=NULL, *filtuser=NULL; 
    75      unsigned int                tree=0, ntrees=1, princlen=0; 
    76      krb5_error_code             tempst=0, st=0; 
    77 -    char                        **values=NULL, *cname=NULL; 
    78 +    char                        **values=NULL, **subtree=NULL, *cname=NULL; 
    79      LDAP                        *ld=NULL; 
    80      LDAPMessage                 *result=NULL, *ent=NULL; 
    81      krb5_ldap_context           *ldap_context=NULL; 
    82 @@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, 
    83      if ((st=krb5_ldap_unparse_principal_name(user)) != 0) 
    84          goto cleanup; 
    85   
    86 -    princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */ 
    87 +    filtuser = ldap_filter_correct(user); 
    88 +    if (filtuser == NULL) { 
    89 +        st = ENOMEM; 
    90 +        goto cleanup; 
    91 +    } 
    92 + 
    93 +    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */ 
    94      if ((filter = malloc(princlen)) == NULL) { 
    95          st = ENOMEM; 
    96          goto cleanup; 
    97      } 
    98 -    snprintf(filter, princlen, FILTER"%s))", user); 
    99 +    snprintf(filter, princlen, FILTER"%s))", filtuser); 
    100   
    101      if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) 
    102          goto cleanup; 
    103 @@ -231,6 +237,9 @@ cleanup: 
    104      if (user) 
    105          free(user); 
    106   
    107 +    if (filtuser) 
    108 +        free(filtuser); 
    109 + 
    110      if (cname) 
    111          free(cname); 
    112   
Note: See TracChangeset for help on using the changeset viewer.