From 61b6c314dce6d6a6b5e2ce3e2bdd57d9d8824636 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 1 Apr 2014 12:27:53 +0000
Subject: [PATCH] main/krb5: upgrade to 1.12.1
---
main/krb5/APKBUILD | 22 +++---
main/krb5/CVE-2002-2443.patch | 69 -----------------
main/krb5/mit-krb5-1.11_uninitialized.patch | 81 --------------------
main/krb5/mit-krb5_krb5-config_LDFLAGS.patch | 4 +-
4 files changed, 11 insertions(+), 165 deletions(-)
delete mode 100644 main/krb5/CVE-2002-2443.patch
delete mode 100644 main/krb5/mit-krb5-1.11_uninitialized.patch
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD
index 8e0d5a35b5d9..f609e40ab639 100644
--- a/main/krb5/APKBUILD
+++ b/main/krb5/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=krb5
-pkgver=1.11.4
+pkgver=1.12.1
pkgrel=0
pkgdesc="The Kerberos network authentication system"
url="http://web.mit.edu/kerberos/www/"
@@ -13,8 +13,7 @@ makedepends="$depends_dev libverto-dev openldap-dev openssl-dev
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-server
$pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs"
-source="http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-$pkgver-signed.tar
- mit-krb5-1.11_uninitialized.patch
+source="http://web.mit.edu/kerberos/dist/krb5/${pkgver%.*}/krb5-$pkgver-signed.tar
mit-krb5_krb5-config_LDFLAGS.patch
fix-includes.patch
@@ -33,7 +32,6 @@ unpack() {
prepare() {
local i
cd "$_builddir"
- update_config_sub || return 1
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
@@ -45,6 +43,7 @@ build() {
cd "$_builddir"/src
./configure \
CPPFLAGS="$CPPFLAGS -fPIC -I/usr/include/et" \
+ WARN_CFLAGS= \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
@@ -114,23 +113,20 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ || return 1
}
-md5sums="138628ae154ff449bc41602c8de78e8b krb5-1.11.4-signed.tar
-597cd7ab74a8113b86e3405c15ccfecb mit-krb5-1.11_uninitialized.patch
-656e242de9b5ada1edf398983db51eef mit-krb5_krb5-config_LDFLAGS.patch
+md5sums="524b1067b619cb5bf780759b6884c3f5 krb5-1.12.1-signed.tar
+c84a0c7d8014e3528524956ffdd1c3e9 mit-krb5_krb5-config_LDFLAGS.patch
2ad9ee0493e4bc376e317d9f76202c75 fix-includes.patch
29906e70e15025dda8b315d8209cab4c krb5kadmind.initd
47efe7f24c98316d38ea46ad629b3517 krb5kdc.initd
3e0b8313c1e5bfb7625f35e76a5e53f1 krb5kpropd.initd"
-sha256sums="5c294612dcaf830958786056e898384931490eaf7b3290c3af5d2def2312fb97 krb5-1.11.4-signed.tar
-81a0d432b6d1686587b25b6ce70f0b8558e0c693da4c63b9de881962ae01c043 mit-krb5-1.11_uninitialized.patch
-9ebfc38cc167bbf451105807512845cd961f839d64b7e2904a6c4e722e41fe2b mit-krb5_krb5-config_LDFLAGS.patch
+sha256sums="72f1b6c166cb42c0b03814ab7ea10f91926d8a665a5ba1cee430a3f31e62c580 krb5-1.12.1-signed.tar
+84007c7423f67db7a8b248b9643c49ef25f2d56ce15c2574eb41ecbf51bcd3f2 mit-krb5_krb5-config_LDFLAGS.patch
2eaa327bb57408558ed20279b0ba8078c826210c861af0c83a0c22d26c9b1b3a fix-includes.patch
c7a1ec03472996daaaaf1a4703566113c80f72ee8605d247098a25a13dad1f5f krb5kadmind.initd
709309dea043aa306c2fcf0960e0993a6db540c220de64cf92d6b85f1cca23c5 krb5kdc.initd
86b15d691e32b331ac756ee368b7364de6ab238dcae5adfed2a00b57d1b64ef4 krb5kpropd.initd"
-sha512sums="03d4d77681d7ba6f0324dc45f8457f6a5e3be23198c8ffa19fc9542b4455ec0738f78131a054e6d501396d3f66a29677d374726d068a83f6dddf7b7b7db18c6c krb5-1.11.4-signed.tar
-4d2ea5189971df13bf874d29bcf89fa3bfeb1d25b3bd9245ee7c88f5c4834e950c5978ce13df3b8fc05f98dd7d5510dad43af0440436958fa23f9e1a51f60f76 mit-krb5-1.11_uninitialized.patch
-8118518e359cb5e69e3321b7438b200d5d74ceeac16b4623bf4e4bfb4ead6c656de6fa153f9bcc454097b45a512bc8cd0798b1f062a2c4a09f75253b204a7a17 mit-krb5_krb5-config_LDFLAGS.patch
+sha512sums="bdb1541f6906e86fb00336a8d7c58f32c1203d1b23fe72bf6e943197a0d85a48a0b847cc2cf18388d3eec0b22aecc206ce804fd1009bb73423bac76900052a9e krb5-1.12.1-signed.tar
+5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch
aa33bcd481f85f7456fe9cfaa3842d86a08d8cdc9c30523f7524586d706e9ad905c63f1514173a209a2fc1071443a5c23d530b0960d0d5e0a6c32133fb7a0e9a fix-includes.patch
561af06b4e0f0e130dda345ad934bcdb9984ec00cc38d871df1d3bb3f9e1c7d86f06db5b03229707c88b96ad324e3a2222420f8494aa431002cacea0246b1153 krb5kadmind.initd
d6d0076886ce284fc395fafc2dc253b4b3ee97b2986dea51388d96a1e1294680fb171f475efc7844559e2c6aac44b26678a9255921db9a58dcf2e7164f0aeec5 krb5kdc.initd
diff --git a/main/krb5/CVE-2002-2443.patch b/main/krb5/CVE-2002-2443.patch
deleted file mode 100644
index 3ef88155c5a1..000000000000
--- a/main/krb5/CVE-2002-2443.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001
-From: Tom Yu <tlyu@mit.edu>
-Date: Fri, 3 May 2013 16:26:46 -0400
-Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443]
-
-The kpasswd service provided by kadmind was vulnerable to a UDP
-"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
-they pass some basic validation, and don't respond to our own error
-packets.
-
-Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
-attack or UDP ping-pong attacks in general, but there is discussion
-leading toward narrowing the definition of CVE-1999-0103 to the echo,
-chargen, or other similar built-in inetd services.
-
-Thanks to Vincent Danen for alerting us to this issue.
-
-CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
-
-ticket: 7637 (new)
-target_version: 1.11.3
-tags: pullup
----
- src/kadmin/server/schpw.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
-index 15b0ab5..7f455d8 100644
---- a/src/kadmin/server/schpw.c
-+++ b/src/kadmin/server/schpw.c
-@@ -52,7 +52,7 @@
- ret = KRB5KRB_AP_ERR_MODIFIED;
- numresult = KRB5_KPASSWD_MALFORMED;
- strlcpy(strresult, "Request was truncated", sizeof(strresult));
-- goto chpwfail;
-+ goto bailout;
- }
-
- ptr = req->data;
-@@ -67,7 +67,7 @@
- numresult = KRB5_KPASSWD_MALFORMED;
- strlcpy(strresult, "Request length was inconsistent",
- sizeof(strresult));
-- goto chpwfail;
-+ goto bailout;
- }
-
- /* verify version number */
-@@ -80,7 +80,7 @@
- numresult = KRB5_KPASSWD_BAD_VERSION;
- snprintf(strresult, sizeof(strresult),
- "Request contained unknown protocol version number %d", vno);
-- goto chpwfail;
-+ goto bailout;
- }
-
- /* read, check ap-req length */
-@@ -93,7 +93,7 @@
- numresult = KRB5_KPASSWD_MALFORMED;
- strlcpy(strresult, "Request was truncated in AP-REQ",
- sizeof(strresult));
-- goto chpwfail;
-+ goto bailout;
- }
-
- /* verify ap_req */
---
-1.8.1.6
-
diff --git a/main/krb5/mit-krb5-1.11_uninitialized.patch b/main/krb5/mit-krb5-1.11_uninitialized.patch
deleted file mode 100644
index a32d01d51fa0..000000000000
--- a/main/krb5/mit-krb5-1.11_uninitialized.patch
+++ /dev/null
@@ -1,81 +0,0 @@
---- a/src/slave/kprop.c
-+++ b/src/slave/kprop.c
-@@ -91,7 +91,7 @@ main(argc, argv)
- int argc;
- char **argv;
- {
-- int fd, database_fd, database_size;
-+ int fd = -1, database_fd, database_size;
- krb5_error_code retval;
- krb5_context context;
- krb5_creds *my_creds;
---- a/src/kadmin/ktutil/ktutil_funcs.c
-+++ b/src/kadmin/ktutil/ktutil_funcs.c
-@@ -64,7 +64,7 @@
- krb5_kt_list *list;
- int idx;
- {
-- krb5_kt_list lp, prev;
-+ krb5_kt_list lp, prev = NULL;
- int i;
-
- for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) {
---- a/src/lib/kadm5/alt_prof.c
-+++ b/src/lib/kadm5/alt_prof.c
-@@ -164,7 +164,7 @@
- char **values;
- char *valp;
- int idx;
-- krb5_boolean val;
-+ krb5_boolean val = 0;
-
- kret = krb5_aprof_getvals (acontext, hierarchy, &values);
- if (kret)
---- a/src/lib/krb5/unicode/ucstr.c
-+++ b/src/lib/krb5/unicode/ucstr.c
-@@ -109,7 +109,7 @@
- krb5_data ** newdataptr,
- unsigned flags)
- {
-- int i, j, len, clen, outpos, ucsoutlen, outsize;
-+ int i, j, len, clen, outpos = 0, ucsoutlen, outsize;
- char *out = NULL, *outtmp, *s;
- krb5_ucs4 *ucs = NULL, *p, *ucsout = NULL;
- krb5_data *newdata;
-diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c
-index 7dc5b47..cd90db8 100644
---- a/src/util/profile/prof_init.c
-+++ b/src/util/profile/prof_init.c
-@@ -255,7 +255,7 @@ copy_vtable_profile(profile_t profile, profile_t *ret_new_profile)
- {
- errcode_t err;
- void *cbdata;
-- profile_t new_profile;
-+ profile_t new_profile = NULL;
-
- *ret_new_profile = NULL;
-
---- a/src/lib/krb5/krb/preauth2.c 2012-12-24 12:39:18.432678497 +0100
-+++ b/src/lib/krb5/krb/preauth2.c 2012-12-24 12:50:49.444099126 +0100
-@@ -956,7 +956,7 @@
- size_t i, h;
- int out_pa_list_size = 0;
- krb5_pa_data **out_pa_list = NULL;
-- krb5_error_code ret, module_ret;
-+ krb5_error_code ret, module_ret = 0;
- krb5_responder_fn responder = opte->opt_private->responder;
- static const int paorder[] = { PA_INFO, PA_REAL };
-
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.orig 2013-02-15 14:38:43.742293824 +0000
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2013-02-15 14:41:06.806870075 +0000
-@@ -1359,8 +1359,8 @@
- goto cleanup;
-
- for (i=0; bvalues[i] != NULL; ++i) {
-- krb5_int16 n_kd;
-- krb5_key_data *kd;
-+ krb5_int16 n_kd = 0;
-+ krb5_key_data *kd = NULL;
- krb5_data in;
-
- if (bvalues[i]->bv_len == 0)
diff --git a/main/krb5/mit-krb5_krb5-config_LDFLAGS.patch b/main/krb5/mit-krb5_krb5-config_LDFLAGS.patch
index 0b300cb44a37..1b850867398b 100644
--- a/main/krb5/mit-krb5_krb5-config_LDFLAGS.patch
+++ b/main/krb5/mit-krb5_krb5-config_LDFLAGS.patch
@@ -1,6 +1,6 @@
Bug #448778
---- krb5-1.11/src/krb5-config.in 2012-12-18 02:47:04.000000000 +0000
-+++ krb5-1.11/src/krb5-config.in 2012-12-28 07:13:16.582693363 +0000
+--- krb5-1.11/src/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000
++++ krb5-1.11/src/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000
@@ -217,7 +217,7 @@
-e 's#\$(PROG_RPATH)#'$libdir'#' \
-e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \
--
GitLab