rpms/krb5/F-9 krb5-1.6.3-login-lpass.patch, NONE, 1.1 krb5-1.6.1-pam.patch, 1.6, 1.7 krb5-CVE-2008-0947.patch, 1.1, 1.2 krb5-trunk-doublelog.patch, 1.1, 1.2 krb5-trunk-manpaths.patch, 1.1, 1.2 krb5.spec, 1.170, 1.171 krb5-1.2.7-login-lpass.patch, 1.2, NONE krb5-1.2.7-reject-bad-transited.patch, 1.5, NONE

Mon Apr 6 22:47:25 UTC 2009

Author: nalin

Update of /cvs/extras/rpms/krb5/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26304

Modified Files:
	krb5-1.6.1-pam.patch krb5-CVE-2008-0947.patch 
	krb5-trunk-doublelog.patch krb5-trunk-manpaths.patch krb5.spec 
Added Files:
	krb5-1.6.3-login-lpass.patch 
Removed Files:
	krb5-1.2.7-login-lpass.patch 
	krb5-1.2.7-reject-bad-transited.patch 
Log Message:
- pull in a couple of defuzzed patches from the F-10 version of this package,
  dropping a redundant man page patch in the process


krb5-1.6.3-login-lpass.patch:

--- NEW FILE krb5-1.6.3-login-lpass.patch ---
The local crypt() may support hash types which use more than the first 8
characters.  It also doesn't modify the input string, so we should just
stop truncating it.  Are there platforms where the input string *is* modified?

--- krb5-1.2.7/src/appl/bsd/login.c	2005-11-15 16:20:34.000000000 -0500
+++ krb5-1.2.7/src/appl/bsd/login.c	2005-11-15 16:20:29.000000000 -0500
@@ -461,17 +461,14 @@
 static int unix_passwd_okay (pass)
     char *pass;
 {
-    char user_pwcopy[9], *namep;
+    char *namep;
     char *crypt ();
 
     assert (pwd != 0);
 
-    /* copy the first 8 chars of the password for unix crypt */
-    strncpy(user_pwcopy, pass, sizeof(user_pwcopy));
-    user_pwcopy[sizeof(user_pwcopy) - 1]='\0';
-    namep = crypt(user_pwcopy, salt);
-    memset (user_pwcopy, 0, sizeof(user_pwcopy));
-    /* ... and wipe the copy now that we have the string */
+    namep = crypt(pass, salt);
+    if (strlen(namep) < 13)
+	return 0;
 
     /* verify the local password string */
 #ifdef HAVE_SHADOW

krb5-1.6.1-pam.patch:

Index: krb5-1.6.1-pam.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-9/krb5-1.6.1-pam.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- krb5-1.6.1-pam.patch	25 Feb 2008 18:33:34 -0000	1.6
+++ krb5-1.6.1-pam.patch	6 Apr 2009 22:47:25 -0000	1.7
@@ -941,8 +941,8 @@
 +KRB5_WITH_PAM
 +
  AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
+ V5_AC_OUTPUT_MAKEFILE(.
  
- mansysconfdir=$sysconfdir
 --- krb5-1.6.1/src/config/pre.in	2007-06-21 17:39:57.000000000 -0400
 +++ krb5-1.6.1/src/config/pre.in	2007-06-21 17:39:57.000000000 -0400
 @@ -180,6 +180,7 @@ SRVLIBS = @SRVLIBS@

krb5-CVE-2008-0947.patch:

Index: krb5-CVE-2008-0947.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-9/krb5-CVE-2008-0947.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- krb5-CVE-2008-0947.patch	18 Mar 2008 18:13:22 -0000	1.1
+++ krb5-CVE-2008-0947.patch	6 Apr 2009 22:47:25 -0000	1.2
@@ -21,7 +21,7 @@
 -	if (sock > svc_maxfd)
 -		svc_maxfd = sock;
  }
-  
+ 
  /*
 === src/lib/rpc/svc_tcp.c
 ==================================================================

krb5-trunk-doublelog.patch:

Index: krb5-trunk-doublelog.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-9/krb5-trunk-doublelog.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- krb5-trunk-doublelog.patch	25 Feb 2008 20:53:41 -0000	1.1
+++ krb5-trunk-doublelog.patch	6 Apr 2009 22:47:25 -0000	1.2
@@ -5,7 +5,7 @@
 ===================================================================
 --- src/include/Makefile.in	(revision 20235)
 +++ src/include/Makefile.in	(working copy)
-@@ -67,7 +67,9 @@
+@@ -61,7 +61,9 @@
  		  -e "s+ at SBINDIR+$(SBINDIR)+" \
  		  -e "s+ at MODULEDIR+$(MODULE_DIR)+" \
  	-e 's+ at LOCALSTATEDIR+$(LOCALSTATEDIR)+' \
@@ -14,5 +14,5 @@
 +	-e 's+:/etc/krb5.conf:/etc/krb5.conf"+:/etc/krb5.conf"+' \
 +	-e 's+"/etc/krb5.conf:/etc/krb5.conf"+"/etc/krb5.conf"+'
  
- OSCONFSRC = $(srcdir)/osconf.hin
+ OSCONFSRC = $(srcdir)/stock/osconf.h
  

krb5-trunk-manpaths.patch:

Index: krb5-trunk-manpaths.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-9/krb5-trunk-manpaths.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- krb5-trunk-manpaths.patch	22 Jun 2007 22:02:16 -0000	1.1
+++ krb5-trunk-manpaths.patch	6 Apr 2009 22:47:25 -0000	1.2
@@ -52,7 +52,7 @@
 --- configure.in	(revision 19589)
 +++ configure.in	(working copy)
 @@ -986,6 +986,73 @@
- AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet)
+ KRB5_WITH_PAM
  
  AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
 +


Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-9/krb5.spec,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- krb5.spec	17 Mar 2009 22:21:04 -0000	1.170
+++ krb5.spec	6 Apr 2009 22:47:25 -0000	1.171
@@ -61,7 +61,6 @@
 Patch13: krb5-1.3-large-file.patch
 Patch14: krb5-1.3-ftp-glob.patch
 Patch16: krb5-1.6-buildconf.patch
-Patch18: krb5-1.2.7-reject-bad-transited.patch
 Patch23: krb5-1.3.1-dns.patch
 Patch26: krb5-1.3.2-efence.patch
 Patch27: krb5-1.3.3-rcp-sendlarge.patch
@@ -73,7 +72,7 @@
 Patch36: krb5-1.3.3-rcp-markus.patch
 Patch39: krb5-1.4.1-api.patch
 Patch40: krb5-1.4.1-telnet-environ.patch
-Patch41: krb5-1.2.7-login-lpass.patch
+Patch41: krb5-1.6.3-login-lpass.patch
 Patch44: krb5-1.4.3-enospc.patch
 Patch47: krb5-1.6-sort-of-static.patch
 Patch51: krb5-1.6-ldap-init.patch
@@ -233,6 +232,10 @@
 certificate.
 
 %changelog
+* Mon Apr  6 2009 Nalin Dahyabhai <nalin at redhat.com>
+- pull in a couple of defuzzed patches from the F-10 version of this package,
+  dropping a redundant man page patch in the process
+
 * Tue Mar 17 2009 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-15
 - libgssapi_krb5: backport fix for some errors which can occur when
   we fail to set up the server half of a context (CVE-2009-0845)
@@ -1336,7 +1339,6 @@
 %patch13 -p1 -b .large-file
 %patch14 -p1 -b .ftp-glob
 %patch16 -p1 -b .buildconf
-%patch18 -p1 -b .reject-bad-transited
 %patch23 -p1 -b .dns
 # Removes a malloc(0) case, nothing more.
 # %patch26 -p1 -b .efence


--- krb5-1.2.7-login-lpass.patch DELETED ---


--- krb5-1.2.7-reject-bad-transited.patch DELETED ---


