head 1.21; access; symbols OPENPKG_E1_MP_HEAD:1.15 OPENPKG_E1_MP:1.15 OPENPKG_E1_MP_2_STABLE:1.13.2.1 OPENPKG_E1_FP:1.13.2.1 OPENPKG_2_STABLE_MP:1.18 OPENPKG_2_STABLE_20061018:1.13.2.1 OPENPKG_2_STABLE_20060622:1.13 OPENPKG_2_STABLE:1.13.0.2 OPENPKG_2_STABLE_BP:1.13 OPENPKG_2_5_RELEASE:1.11 OPENPKG_2_5_SOLID:1.11.0.6 OPENPKG_2_5_SOLID_BP:1.11 OPENPKG_2_4_RELEASE:1.11 OPENPKG_2_4_SOLID:1.11.0.4 OPENPKG_2_4_SOLID_BP:1.11 OPENPKG_CW_FP:1.11 OPENPKG_2_3_RELEASE:1.11 OPENPKG_2_3_SOLID:1.11.0.2 OPENPKG_2_3_SOLID_BP:1.11 OPENPKG_2_2_RELEASE:1.10 OPENPKG_2_2_SOLID:1.10.0.4 OPENPKG_2_2_SOLID_BP:1.10 OPENPKG_2_1_RELEASE:1.10 OPENPKG_2_1_SOLID:1.10.0.2 OPENPKG_2_1_SOLID_BP:1.10 OPENPKG_2_0_RELEASE:1.9 OPENPKG_2_0_SOLID:1.9.0.2 OPENPKG_2_0_SOLID_BP:1.9 OPENPKG_1_3_RELEASE:1.1.2.3 OPENPKG_1_3_SOLID:1.1.2.3.0.2 OPENPKG_1_3_SOLID_BP:1.1.2.3 OPENPKG_1_STABLE_MP:1.4 OPENPKG_1_1_SOLID:1.1.0.6 OPENPKG_1_2_SOLID:1.1.0.4 OPENPKG_1_STABLE:1.1.0.2; locks; strict; comment @# @; 1.21 date 2008.01.28.13.44.25; author rse; state Exp; branches; next 1.20; commitid D9rgXGTwAhLyzbPs; 1.20 date 2007.10.25.15.46.33; author cs; state Exp; branches; next 1.19; commitid chsJiKogyU1MiZCs; 1.19 date 2007.06.06.10.29.28; author rse; state Exp; branches; next 1.18; commitid cYhX9DfsJE705Qks; 1.18 date 2007.01.14.13.07.47; author rse; state Exp; branches; next 1.17; commitid JnWHqgwDUuWiyt2s; 1.17 date 2007.01.14.10.21.28; author rse; state Exp; branches; next 1.16; commitid enA6JxsVXr1fDs2s; 1.16 date 2007.01.10.07.37.28; author rse; state Exp; branches; next 1.15; commitid EGW5eH8MsPFWQV1s; 1.15 date 2006.10.16.07.19.53; author thl; state Exp; branches; next 1.14; commitid f0EeYWJMDJdjwSQr; 1.14 date 2006.10.12.16.04.43; author rse; state Exp; branches; next 1.13; commitid JSKl5QtOlsJjypQr; 1.13 date 2006.01.16.18.52.18; author rse; state Exp; branches 1.13.2.1; next 1.12; commitid 9sgqEUvN8IqU7Rhr; 1.12 date 2005.12.25.19.59.31; author rse; state Exp; branches; next 1.11; commitid U2lEYPBRGYoOc2fr; 1.11 date 2005.01.31.19.11.18; author ms; state Exp; branches; next 1.10; 1.10 date 2004.04.10.10.46.51; author rse; state Exp; branches; next 1.9; 1.9 date 2004.02.16.20.37.46; author thl; state Exp; branches 1.9.2.1; next 1.8; 1.8 date 2004.01.27.18.25.15; author ms; state Exp; branches; next 1.7; 1.7 date 2004.01.27.17.11.55; author ms; state Exp; branches; next 1.6; 1.6 date 2003.10.30.15.50.06; author ms; state Exp; branches; next 1.5; 1.5 date 2003.09.10.18.01.55; author rse; state Exp; branches; next 1.4; 1.4 date 2003.07.28.20.44.56; author mlelstv; state Exp; branches; next 1.3; 1.3 date 2003.06.27.08.55.56; author mlelstv; state Exp; branches; next 1.2; 1.2 date 2003.05.16.10.49.49; author mlelstv; state Exp; branches; next 1.1; 1.1 date 2003.03.05.15.35.53; author thl; state Exp; branches 1.1.2.1 1.1.4.1 1.1.6.1; next ; 1.13.2.1 date 2006.10.16.14.51.30; author rse; state Exp; branches; next 1.13.2.2; commitid iZxwRSmmWscPXUQr; 1.13.2.2 date 2007.01.10.07.38.38; author rse; state Exp; branches; next 1.13.2.3; commitid c5GcKHpx21NlRV1s; 1.13.2.3 date 2007.02.07.20.36.29; author thl; state Exp; branches; next ; commitid buiDpkvFRFCkgB5s; 1.9.2.1 date 2004.07.02.16.13.52; author thl; state Exp; branches; next ; 1.1.2.1 date 2003.03.05.15.38.16; author thl; state Exp; branches; next 1.1.2.2; 1.1.2.2 date 2003.07.24.20.49.51; author rse; state Exp; branches; next 1.1.2.3; 1.1.2.3 date 2003.07.29.10.11.40; author rse; state Exp; branches; next ; 1.1.4.1 date 2003.03.05.15.43.22; author thl; state Exp; branches; next ; 1.1.6.1 date 2003.03.05.15.46.35; author thl; state Exp; branches; next ; desc @@ 1.21 log @fix configure script @ text @Index: src/Makefile.in --- src/Makefile.in.orig 2007-09-18 05:38:17 +0200 +++ src/Makefile.in 2007-10-25 16:33:31 +0200 @@@@ -4,9 +4,8 @@@@ myfulldir=. mydir=. # Don't build sample by default: plugins/locate/python plugins/preauth/wpse plugins/preauth/cksum_body -SUBDIRS=util include lib @@krb524@@ kdc kadmin @@ldap_plugin_dir@@ slave clients \ +SUBDIRS=util include lib @@krb524@@ kdc kadmin slave clients \ plugins/kdb/db2 \ - plugins/preauth/pkinit \ appl tests \ config-files gen-manpages BUILDTOP=$(REL)$(C) @@@@ -100,10 +99,6 @@@@ done (w=`pwd`; cd util && $(MAKE) install DESTDIR="$$w/util/fakedest") (w=`pwd`; cd lib && $(MAKE) install DESTDIR="$$w/util/fakedest") - (w=`pwd`; cd plugins/kdb/db2 && $(MAKE) install DESTDIR="$$w/util/fakedest") - if test -r plugins/preauth/pkinit/Makefile; then \ - (w=`pwd`; cd plugins/preauth/pkinit && $(MAKE) install DESTDIR="$$w/util/fakedest"); \ - fi # (w=`pwd`; cd plugins/locate/python && $(MAKE) install DESTDIR="$$w/util/fakedest") Index: src/appl/Makefile.in --- src/appl/Makefile.in.orig 2004-03-08 08:20:55 +0100 +++ src/appl/Makefile.in 2007-10-25 16:34:05 +0200 @@@@ -3,5 +3,6 @@@@ mydir=. BUILDTOP=$(REL).. -LOCAL_SUBDIRS= sample simple user_user gss-sample +LOCAL_SUBDIRS= gss-sample +MY_SUBDIRS= gss-sample Index: src/appl/configure --- src/appl/configure.orig 2007-10-22 05:35:00 +0200 +++ src/appl/configure 2007-10-25 16:34:43 +0200 @@@@ -315,7 +315,7 @@@@ # include #endif" -ac_subdirs_all="$ac_subdirs_all libpty bsd gssftp telnet" +ac_subdirs_all="$ac_subdirs_all libpty" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS EXTRA_FILES CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT HAVE_GCC CPP LD KRB4_INCLUDES KRB4_LIBPATH KRB4_LIB KRB4_DEPLIB KRB_ERR_H_DEP DES425_DEPLIB DES425_LIB compile_et COM_ERR_VERSION SS_LIB SS_VERSION DB_HEADER DB_LIB DB_VERSION DB_HEADER_VERSION KDB5_DB_LIB HESIOD_DEFS HESIOD_LIBS MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CONFIG_RELTOPDIR subdirs OPENLDAP_PLUGIN build build_cpu build_vendor build_os host host_cpu host_vendor host_os krb5_cv_host acx_pthread_config PTHREAD_CC PTHREAD_LIBS PTHREAD_CFLAGS THREAD_SUPPORT DL_LIB EGREP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA GEN_LIB CC_LINK RPATH_FLAG DEPLIBEXT LIBOBJS LTLIBOBJS' ac_subst_files='lib_frag libobj_frag libnover_frag' @@@@ -7626,7 +7626,7 @@@@ -subdirs="$subdirs libpty bsd gssftp telnet" +subdirs="$subdirs libpty" ac_config_files="$ac_config_files ./Makefile:$srcdir/../config/pre.in:./Makefile.in:$srcdir/../config/post.in" Index: src/config/pre.in --- src/config/pre.in.orig 2006-10-15 20:19:28 +0200 +++ src/config/pre.in 2007-10-25 16:35:13 +0200 @@@@ -187,7 +187,7 @@@@ INSTALL_SCRIPT=@@INSTALL_PROGRAM@@ INSTALL_DATA=@@INSTALL_DATA@@ INSTALL_SHLIB=@@INSTALL_SHLIB@@ -INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root +INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 755 ## This is needed because autoconf will sometimes define @@exec_prefix@@ to be ## ${prefix}. prefix=@@prefix@@ Index: src/configure --- src/configure.orig 2007-10-22 05:35:16 +0200 +++ src/configure 2007-10-25 16:38:25 +0200 @@@@ -317,8 +317,7 @@@@ ac_subdirs_all="$ac_subdirs_all plugins/preauth/pkinit" ac_subdirs_all="$ac_subdirs_all util/ss" -ac_subdirs_all="$ac_subdirs_all plugins/kdb/ldap/libkdb_ldap" -ac_subdirs_all="$ac_subdirs_all lib/apputils plugins/kdb/db2 plugins/preauth/wpse plugins/preauth/cksum_body appl tests" +ac_subdirs_all="$ac_subdirs_all lib/apputils plugins/preauth/wpse plugins/preauth/cksum_body appl tests" ac_subdirs_all="$ac_subdirs_all plugins/locate/python" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS EXTRA_FILES CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT HAVE_GCC CPP LD KRB4_INCLUDES KRB4_LIBPATH KRB4_LIB KRB4_DEPLIB KRB_ERR_H_DEP DES425_DEPLIB DES425_LIB compile_et COM_ERR_VERSION SS_LIB SS_VERSION DB_HEADER DB_LIB DB_VERSION DB_HEADER_VERSION KDB5_DB_LIB HESIOD_DEFS HESIOD_LIBS MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CONFIG_RELTOPDIR subdirs OPENLDAP_PLUGIN build build_cpu build_vendor build_os host host_cpu host_vendor host_os krb5_cv_host acx_pthread_config PTHREAD_CC PTHREAD_LIBS PTHREAD_CFLAGS THREAD_SUPPORT DL_LIB EGREP KRB5_VERSION TCL_INCLUDES TCL_LIBS TCL_LIBPATH TCL_RPATH TCL_MAYBE_RPATH KRB4 krb524 OBJLISTS STOBJEXT SHOBJEXT PFOBJEXT PICFLAGS PROFFLAGS LN_S RANLIB ac_ct_RANLIB ARCHIVE ARADD INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AR PERL LIBLIST LIBLINKS MAKE_SHLIB_COMMAND SHLIB_EXPFLAGS SHLIB_EXPORT_FILE_DEP DYNOBJ_EXPDEPS DYNOBJ_EXPFLAGS INSTALL_SHLIB STLIBEXT SHLIBEXT SHLIBVEXT SHLIBSEXT DEPLIBEXT PFLIBEXT LIBINSTLIST DYNOBJEXT MAKE_DYNOBJ_COMMAND GEN_LIB CC_LINK RPATH_FLAG LIBUTIL AWK FAKEKA KRB5_RUN_ENV LEX LEXLIB LEX_OUTPUT_ROOT KSU_LIBS SETENVOBJ KRB5_RCTMPDIR maybe_kerberosIV DO_TCL YACC have_RUNTEST have_PERL DO_TEST DO_V4_TEST RBUILD S_TOP PERL_PATH EXPECT DO_ALL PRIOCNTL_HACK RUNTEST KRB_ERR_TXT KRB_ERR KRB_ERR_C include_stdint include_inttypes include_xom rpcent_define GSSRPC__SYS_SELECT_H GSSRPC__SYS_TIME_H GSSRPC__UNISTD_H GSSRPC__SYS_PARAM_H GSSRPC__NETDB_H GSSRPC__STDINT_H GSSRPC__INTTYPES_H GSSRPC__FAKE_UINT32 GSSRPC__BSD_TYPEALIASES PASS HOST_TYPE SUPPORTLIB_MAJOR ldap_plugin_dir LIBOBJS LTLIBOBJS' ac_subst_files='lib_frag libobj_frag libnover_frag' @@@@ -20475,9 +20474,7 @@@@ LIBS="$old_LIBS" -subdirs="$subdirs plugins/kdb/ldap/libkdb_ldap" - ac_config_files="$ac_config_files plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:$srcdir/./config/post.in" @@@@ -20491,7 +20488,7 @@@@ -subdirs="$subdirs lib/apputils plugins/kdb/db2 plugins/preauth/wpse plugins/preauth/cksum_body appl tests" +subdirs="$subdirs lib/apputils plugins/preauth/wpse plugins/preauth/cksum_body appl tests" if false; then Index: src/krb5-config.in --- src/krb5-config.in.orig 2006-06-16 02:26:49 +0200 +++ src/krb5-config.in 2007-10-25 16:39:36 +0200 @@@@ -217,7 +217,7 @@@@ fi if test $library = 'krb5'; then - lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" + lib_flags="$lib_flags -lkrb5 -lk5crypto -lkrb5support -lcom_err $GEN_LIB $LIBS $DL_LIB" fi echo $lib_flags Index: src/lib/krb5/os/hst_realm.c --- src/lib/krb5/os/hst_realm.c.orig 2007-04-10 23:52:23 +0200 +++ src/lib/krb5/os/hst_realm.c 2007-10-25 16:40:34 +0200 @@@@ -302,7 +302,7 @@@@ return EAFNOSUPPORT; case EAI_MEMORY: return ENOMEM; -#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME +#if (defined EAI_NODATA) && (defined EAI_NONAME) && (EAI_NODATA != EAI_NONAME) case EAI_NODATA: return KRB5_EAI_NODATA; #endif Index: src/lib/krb5/os/locate_kdc.c --- src/lib/krb5/os/locate_kdc.c.orig 2007-04-10 23:52:23 +0200 +++ src/lib/krb5/os/locate_kdc.c 2007-10-25 16:41:08 +0200 @@@@ -157,7 +157,7 @@@@ #ifdef EAI_ADDRFAMILY case EAI_ADDRFAMILY: #endif -#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME +#if (defined EAI_NODATA) && (defined EAI_NONAME) && (EAI_NODATA != EAI_NONAME) case EAI_NODATA: #endif case EAI_NONAME: Index: src/plugins/kdb/db2/Makefile.in --- src/plugins/kdb/db2/Makefile.in.orig 2007-09-18 06:22:24 +0200 +++ src/plugins/kdb/db2/Makefile.in 2007-10-25 16:41:47 +0200 @@@@ -30,10 +30,7 @@@@ RELDIR=../plugins/kdb/db2 # Depends on libk5crypto and libkrb5 # Also on gssrpc, for xdr stuff. -SHLIB_EXPDEPS = \ - $(GSSRPC_DEPLIBS) \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) +SHLIB_EXPDEPS = SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(SUPPORT_LIB) $(LIBS) SHLIB_DIRS=-L$(TOPLIBD) Index: src/plugins/kdb/ldap/ldap_util/Makefile.in --- src/plugins/kdb/ldap/ldap_util/Makefile.in.orig 2007-09-29 03:02:10 +0200 +++ src/plugins/kdb/ldap/ldap_util/Makefile.in 2007-10-25 16:42:41 +0200 @@@@ -19,7 +19,7 @@@@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(GETDATE) $(CC_LINK) -o $(PROG) $(OBJS) $(GETDATE) \ - $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) + $(KDB_DEP_LIB) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) install:: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) Index: src/plugins/kdb/ldap/libkdb_ldap/configure --- src/plugins/kdb/ldap/libkdb_ldap/configure.orig 2007-10-22 05:33:36 +0200 +++ src/plugins/kdb/ldap/libkdb_ldap/configure 2007-10-25 16:44:21 +0200 @@@@ -7617,7 +7617,7 @@@@ - ac_config_files="$ac_config_files ./Makefile:$srcdir/../../../../config/pre.in:./Makefile.in:$srcdir/../../../../config/post.in" + ac_config_files="$ac_config_files ./Makefile:$srcdir/../../../../config/pre.in:./Makefile.in:../Makefile.in:../ldap_util/Makefile.in:$srcdir/../../../../config/post.in" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@@@ -8170,7 +8170,7 @@@@ do case "$ac_config_target" in # Handling of arguments. - "./Makefile" ) CONFIG_FILES="$CONFIG_FILES ./Makefile:$srcdir/../../../../config/pre.in:./Makefile.in:$srcdir/../../../../config/post.in" ;; + "./Makefile" ) CONFIG_FILES="$CONFIG_FILES ./Makefile:$srcdir/../../../../config/pre.in:./Makefile.in:../Makefile.in:../ldap_util/Makefile.in:$srcdir/../../../../config/post.in" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; Index: src/plugins/preauth/pkinit/Makefile.in --- src/plugins/preauth/pkinit/Makefile.in.orig 2007-09-29 03:02:10 +0200 +++ src/plugins/preauth/pkinit/Makefile.in 2007-10-25 16:57:46 +0200 @@@@ -17,9 +17,7 @@@@ SO_EXT=.so RELDIR=../plugins/preauth/pkinit # Depends on libk5crypto and libkrb5 -SHLIB_EXPDEPS = \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) +SHLIB_EXPDEPS = LIBS+= -lcrypto SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -ldl $(SUPPORT_LIB) $(LIBS) Index: src/util/ss/pager.c --- src/util/ss/pager.c.orig 2003-01-06 00:28:05 +0100 +++ src/util/ss/pager.c 2007-10-25 16:44:40 +0200 @@@@ -11,6 +11,7 @@@@ #include "copyright.h" #include #include +#include #include #include #include Index: src/plugins/preauth/pkinit/configure --- src/plugins/preauth/pkinit/configure.orig 2007-10-22 05:33:20 +0200 +++ src/plugins/preauth/pkinit/configure 2008-01-28 14:41:36 +0100 @@@@ -6255,7 +6255,7 @@@@ fi -for ac_func in +for ac_func in dummy do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 @ 1.20 log @upgrading package: kerberos 1.6.2 -> 1.6.3 @ text @d211 12 @ 1.19 log @upgrade to Kerberos 1.6.1 and add a first cut for LDAP support (still doesn't fully work as expected) @ text @d2 3 a4 3 --- src/Makefile.in.orig 2007-03-29 23:36:26 +0200 +++ src/Makefile.in 2007-06-06 12:22:37 +0200 @@@@ -4,8 +4,7 @@@@ a8 1 - plugins/kdb/db2 \ d10 2 d15 1 a15 1 @@@@ -99,7 +98,6 @@@@ d20 3 d28 1 a28 1 +++ src/appl/Makefile.in 2007-06-06 12:22:37 +0200 d38 2 a39 2 --- src/appl/configure.orig 2007-04-21 01:40:32 +0200 +++ src/appl/configure 2007-06-06 12:22:37 +0200 d60 1 a60 1 +++ src/config/pre.in 2007-06-06 12:22:37 +0200 d71 3 a73 4 --- src/configure.orig 2007-04-21 01:40:48 +0200 +++ src/configure 2007-06-06 12:22:37 +0200 @@@@ -316,8 +316,7 @@@@ #endif" d75 1 d83 1 a83 1 @@@@ -20344,9 +20343,7 @@@@ d93 1 a93 1 @@@@ -20360,7 +20357,7 @@@@ d104 1 a104 1 +++ src/krb5-config.in 2007-06-06 12:22:37 +0200 d116 1 a116 1 +++ src/lib/krb5/os/hst_realm.c 2007-06-06 12:22:37 +0200 d128 1 a128 1 +++ src/lib/krb5/os/locate_kdc.c 2007-06-06 12:22:37 +0200 d139 2 a140 2 --- src/plugins/kdb/db2/Makefile.in.orig 2006-10-06 23:17:56 +0200 +++ src/plugins/kdb/db2/Makefile.in 2007-06-06 12:22:37 +0200 d154 2 a155 2 --- src/plugins/kdb/ldap/ldap_util/Makefile.in.orig 2007-01-04 01:27:06 +0100 +++ src/plugins/kdb/ldap/ldap_util/Makefile.in 2007-06-06 12:22:37 +0200 d166 2 a167 2 --- src/plugins/kdb/ldap/libkdb_ldap/configure.orig 2007-04-21 01:39:07 +0200 +++ src/plugins/kdb/ldap/libkdb_ldap/configure 2007-06-06 12:22:37 +0200 d186 14 d202 1 a202 1 +++ src/util/ss/pager.c 2007-06-06 12:22:37 +0200 @ 1.18 log @fix client linking by adding the missing libkrb5support.a to the krb5-config output; add support for a client-only installation by providing a with_server option which can be disabled @ text @d2 4 a5 3 --- src/Makefile.in.orig 2006-12-19 01:12:32 +0100 +++ src/Makefile.in 2007-01-14 11:12:48 +0100 @@@@ -5,7 +5,6 @@@@ d8 1 a8 1 SUBDIRS=util include lib @@krb524@@ kdc kadmin @@ldap_plugin_dir@@ slave clients \ d10 1 d14 1 a14 1 @@@@ -98,7 +97,6 @@@@ d24 1 a24 1 +++ src/appl/Makefile.in 2007-01-14 11:12:48 +0100 d34 2 a35 2 --- src/appl/configure.orig 2007-01-10 01:12:22 +0100 +++ src/appl/configure 2007-01-14 11:12:48 +0100 d56 1 a56 1 +++ src/config/pre.in 2007-01-14 11:12:48 +0100 d67 4 a70 3 --- src/configure.orig 2007-01-10 01:12:41 +0100 +++ src/configure 2007-01-14 11:12:48 +0100 @@@@ -317,7 +317,7 @@@@ d73 1 a73 1 ac_subdirs_all="$ac_subdirs_all plugins/kdb/ldap/libkdb_ldap" d79 11 a89 1 @@@@ -20360,7 +20360,7 @@@@ d100 1 a100 1 +++ src/krb5-config.in 2007-01-14 12:55:32 +0100 d111 2 a112 2 --- src/lib/krb5/os/hst_realm.c.orig 2006-10-15 15:23:48 +0200 +++ src/lib/krb5/os/hst_realm.c 2007-01-14 11:12:48 +0100 d117 1 a117 1 -#if EAI_NODATA != EAI_NONAME d123 2 a124 2 --- src/lib/krb5/os/locate_kdc.c.orig 2006-11-16 22:18:50 +0100 +++ src/lib/krb5/os/locate_kdc.c 2007-01-14 11:12:48 +0100 d129 1 a129 1 -#if EAI_NODATA != EAI_NONAME d136 1 a136 1 +++ src/plugins/kdb/db2/Makefile.in 2007-01-14 11:12:48 +0100 d149 33 d184 1 a184 1 +++ src/util/ss/pager.c 2007-01-14 11:12:48 +0100 @ 1.17 log @repair run-time by unlinking database plugin from static build-environment and then stand-alone building it dynamically; also remove the compile_et stuff (except for com_err.h as it mainly is required by Kerberos includes) as it is a Kerberos build-time functionality only @ text @d85 12 @ 1.16 log @upgrading package: kerberos 1.5.1 -> 1.6 @ text @d1 19 d22 1 a22 1 +++ src/appl/Makefile.in 2007-01-10 08:31:00 +0100 d33 1 a33 1 +++ src/appl/configure 2007-01-10 08:32:25 +0100 d54 1 a54 1 +++ src/config/pre.in 2007-01-10 08:31:00 +0100 d64 21 d87 1 a87 1 +++ src/lib/krb5/os/hst_realm.c 2007-01-10 08:31:00 +0100 d99 1 a99 1 +++ src/lib/krb5/os/locate_kdc.c 2007-01-10 08:31:00 +0100 d111 13 a123 24 +++ src/plugins/kdb/db2/Makefile.in 2007-01-10 08:31:00 +0100 @@@@ -64,7 +64,10 @@@@ pol_xdr.o \ db2_exp.o -all-unix:: $(LIBBASE)$(SO_EXT) +install-static: +db2.a: OBJS.ST + +all-unix:: $(LIBBASE).a install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Index: src/plugins/kdb/db2/configure --- src/plugins/kdb/db2/configure.orig 2007-01-10 01:11:11 +0100 +++ src/plugins/kdb/db2/configure 2007-01-10 08:31:00 +0100 @@@@ -1368,6 +1368,7 @@@@ build_dynobj=no enable_shared=yes +enable_static=yes build_dynobj=yes ac_reltopdir="../../.." if test ! -r "$srcdir/../../../aclocal.m4"; then d126 1 a126 1 +++ src/util/ss/pager.c 2007-01-10 08:31:00 +0100 @ 1.15 log @modifying package: kerberos-1.5.1 20061013 -> 20061016 @ text @d3 1 a3 1 +++ src/appl/Makefile.in 2006-08-27 11:24:46 +0200 d13 2 a14 2 --- src/appl/configure.orig 2006-08-24 02:21:57 +0200 +++ src/appl/configure 2006-08-27 11:24:46 +0200 d21 1 a21 1 ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS EXTRA_FILES CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT HAVE_GCC CPP LD KRB4_INCLUDES KRB4_LIBPATH KRB4_LIB KRB4_DEPLIB KRB_ERR_H_DEP DES425_DEPLIB DES425_LIB compile_et COM_ERR_VERSION SS_LIB SS_VERSION DB_HEADER DB_LIB DB_VERSION DB_HEADER_VERSION KDB5_DB_LIB HESIOD_DEFS HESIOD_LIBS MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CONFIG_RELTOPDIR subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os krb5_cv_host acx_pthread_config PTHREAD_CC PTHREAD_LIBS PTHREAD_CFLAGS THREAD_SUPPORT DL_LIB EGREP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA GEN_LIB CC_LINK RPATH_FLAG DEPLIBEXT LIBOBJS LTLIBOBJS' d24 1 a24 1 @@@@ -7346,7 +7346,7 @@@@ d34 2 a35 2 --- src/config/pre.in.orig 2006-06-16 00:21:58 +0200 +++ src/config/pre.in 2006-08-27 11:24:46 +0200 d46 3 a48 3 --- src/lib/krb5/os/hst_realm.c.orig 2006-06-16 08:58:42 +0200 +++ src/lib/krb5/os/hst_realm.c 2006-08-27 11:24:46 +0200 @@@@ -365,7 +365,7 @@@@ d58 2 a59 2 --- src/lib/krb5/os/locate_kdc.c.orig 2006-05-24 23:19:23 +0200 +++ src/lib/krb5/os/locate_kdc.c 2006-08-27 11:24:46 +0200 a68 24 Index: src/util/ss/pager.c --- src/util/ss/pager.c.orig 2003-01-06 00:28:05 +0100 +++ src/util/ss/pager.c 2006-08-27 11:24:46 +0200 @@@@ -11,6 +11,7 @@@@ #include "copyright.h" #include #include +#include #include #include #include Index: src/plugins/kdb/db2/configure --- src/plugins/kdb/db2/configure.orig 2006-08-27 11:54:48 +0200 +++ src/plugins/kdb/db2/configure 2006-08-27 12:10:15 +0200 @@@@ -1365,7 +1365,8 @@@@ build_dynobj=no -enable_shared=yes +enable_shared=yes +enable_static=yes build_dynobj=yes ac_reltopdir="../../.." if test ! -r "$srcdir/../../../aclocal.m4"; then d70 2 a71 2 --- src/plugins/kdb/db2/Makefile.in.orig 2006-08-24 02:14:09 +0200 +++ src/plugins/kdb/db2/Makefile.in 2006-10-16 09:00:47 +0200 d84 22 @ 1.14 log @blind upgrade to security-fixed Kerberos 1.5 in order to hand it over @ text @d93 15 @ 1.13 log @fix building if GNU shtool is not installed (then a vendor install will break) @ text @d1 44 d46 3 a48 3 --- src/lib/krb5/os/hst_realm.c.orig 2002-10-16 00:51:50.000000000 +0200 +++ src/lib/krb5/os/hst_realm.c 2004-04-10 12:36:57.000000000 +0200 @@@@ -366,7 +366,7 @@@@ d58 3 a60 3 --- src/lib/krb5/os/locate_kdc.c.orig 2004-01-06 03:30:15.000000000 +0100 +++ src/lib/krb5/os/locate_kdc.c 2004-04-10 12:36:57.000000000 +0200 @@@@ -186,7 +186,7 @@@@ d70 2 a71 2 --- src/util/ss/pager.c.orig 2003-01-06 00:28:05.000000000 +0100 +++ src/util/ss/pager.c 2004-04-10 12:36:57.000000000 +0200 d80 4 a83 17 Index: src/appl/Makefile.in --- src/appl/Makefile.in.orig 2004-03-08 08:20:55 +0100 +++ src/appl/Makefile.in 2005-12-25 20:46:56 +0100 @@@@ -3,5 +3,6 @@@@ mydir=. BUILDTOP=$(REL).. -LOCAL_SUBDIRS= sample simple user_user gss-sample +LOCAL_SUBDIRS= gss-sample +MY_SUBDIRS= gss-sample Index: src/appl/configure --- src/appl/configure.orig 2005-11-16 23:47:41 +0100 +++ src/appl/configure 2005-12-25 20:47:39 +0100 @@@@ -300,7 +300,6 @@@@ # include #endif" a84 1 -ac_subdirs_all="$ac_subdirs_all bsd gssftp telnet" d86 7 a92 22 # Initialize some variables set by options. ac_init_help= @@@@ -6418,7 +6417,6 @@@@ -subdirs="$subdirs bsd gssftp telnet" ac_config_files="$ac_config_files ./Makefile:$krb5_pre_in:./Makefile.in:$krb5_post_in" Index: src/config/pre.in --- src/config/pre.in.orig 2004-11-19 22:47:51 +0100 +++ src/config/pre.in 2006-01-16 19:46:48 +0100 @@@@ -180,7 +180,7 @@@@ INSTALL_SCRIPT=@@INSTALL_PROGRAM@@ INSTALL_DATA=@@INSTALL_DATA@@ INSTALL_SHLIB=@@INSTALL_SHLIB@@ -INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root +INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 755 ## This is needed because autoconf will sometimes define @@exec_prefix@@ to be ## ${prefix}. prefix=@@prefix@@ @ 1.13.2.1 log @Mass merge from CURRENT to 2-STABLE (all packages except those of JUNK class) @ text @d1 35 d38 1 a38 1 +++ src/appl/Makefile.in 2006-08-27 11:24:46 +0200 d48 3 a50 3 --- src/appl/configure.orig 2006-08-24 02:21:57 +0200 +++ src/appl/configure 2006-08-27 11:24:46 +0200 @@@@ -315,7 +315,7 @@@@ d54 1 a54 4 -ac_subdirs_all="$ac_subdirs_all libpty bsd gssftp telnet" +ac_subdirs_all="$ac_subdirs_all libpty" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS EXTRA_FILES CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT HAVE_GCC CPP LD KRB4_INCLUDES KRB4_LIBPATH KRB4_LIB KRB4_DEPLIB KRB_ERR_H_DEP DES425_DEPLIB DES425_LIB compile_et COM_ERR_VERSION SS_LIB SS_VERSION DB_HEADER DB_LIB DB_VERSION DB_HEADER_VERSION KDB5_DB_LIB HESIOD_DEFS HESIOD_LIBS MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CONFIG_RELTOPDIR subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os krb5_cv_host acx_pthread_config PTHREAD_CC PTHREAD_LIBS PTHREAD_CFLAGS THREAD_SUPPORT DL_LIB EGREP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA GEN_LIB CC_LINK RPATH_FLAG DEPLIBEXT LIBOBJS LTLIBOBJS' ac_subst_files='lib_frag libobj_frag libnover_frag' d56 3 a58 1 @@@@ -7346,7 +7346,7 @@@@ d62 1 a62 2 -subdirs="$subdirs libpty bsd gssftp telnet" +subdirs="$subdirs libpty" d65 1 a65 1 ac_config_files="$ac_config_files ./Makefile:$srcdir/../config/pre.in:./Makefile.in:$srcdir/../config/post.in" d67 3 a69 3 --- src/config/pre.in.orig 2006-06-16 00:21:58 +0200 +++ src/config/pre.in 2006-08-27 11:24:46 +0200 @@@@ -187,7 +187,7 @@@@ a77 63 Index: src/lib/krb5/os/hst_realm.c --- src/lib/krb5/os/hst_realm.c.orig 2006-06-16 08:58:42 +0200 +++ src/lib/krb5/os/hst_realm.c 2006-08-27 11:24:46 +0200 @@@@ -365,7 +365,7 @@@@ return EAFNOSUPPORT; case EAI_MEMORY: return ENOMEM; -#if EAI_NODATA != EAI_NONAME +#if (defined EAI_NODATA) && (defined EAI_NONAME) && (EAI_NODATA != EAI_NONAME) case EAI_NODATA: return KRB5_EAI_NODATA; #endif Index: src/lib/krb5/os/locate_kdc.c --- src/lib/krb5/os/locate_kdc.c.orig 2006-05-24 23:19:23 +0200 +++ src/lib/krb5/os/locate_kdc.c 2006-08-27 11:24:46 +0200 @@@@ -157,7 +157,7 @@@@ #ifdef EAI_ADDRFAMILY case EAI_ADDRFAMILY: #endif -#if EAI_NODATA != EAI_NONAME +#if (defined EAI_NODATA) && (defined EAI_NONAME) && (EAI_NODATA != EAI_NONAME) case EAI_NODATA: #endif case EAI_NONAME: Index: src/util/ss/pager.c --- src/util/ss/pager.c.orig 2003-01-06 00:28:05 +0100 +++ src/util/ss/pager.c 2006-08-27 11:24:46 +0200 @@@@ -11,6 +11,7 @@@@ #include "copyright.h" #include #include +#include #include #include #include Index: src/plugins/kdb/db2/configure --- src/plugins/kdb/db2/configure.orig 2006-08-27 11:54:48 +0200 +++ src/plugins/kdb/db2/configure 2006-08-27 12:10:15 +0200 @@@@ -1365,7 +1365,8 @@@@ build_dynobj=no -enable_shared=yes +enable_shared=yes +enable_static=yes build_dynobj=yes ac_reltopdir="../../.." if test ! -r "$srcdir/../../../aclocal.m4"; then Index: src/plugins/kdb/db2/Makefile.in --- src/plugins/kdb/db2/Makefile.in.orig 2006-08-24 02:14:09 +0200 +++ src/plugins/kdb/db2/Makefile.in 2006-10-16 09:00:47 +0200 @@@@ -64,7 +64,10 @@@@ pol_xdr.o \ db2_exp.o -all-unix:: $(LIBBASE)$(SO_EXT) +install-static: +db2.a: OBJS.ST + +all-unix:: $(LIBBASE).a install-unix:: install-libs clean-unix:: clean-libs clean-libobjs @ 1.13.2.2 log @MFC: security fixed version @ text @d3 1 a3 1 +++ src/appl/Makefile.in 2007-01-10 08:31:00 +0100 d13 2 a14 2 --- src/appl/configure.orig 2007-01-10 01:12:22 +0100 +++ src/appl/configure 2007-01-10 08:32:25 +0100 d21 1 a21 1 ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS EXTRA_FILES CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT HAVE_GCC CPP LD KRB4_INCLUDES KRB4_LIBPATH KRB4_LIB KRB4_DEPLIB KRB_ERR_H_DEP DES425_DEPLIB DES425_LIB compile_et COM_ERR_VERSION SS_LIB SS_VERSION DB_HEADER DB_LIB DB_VERSION DB_HEADER_VERSION KDB5_DB_LIB HESIOD_DEFS HESIOD_LIBS MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CONFIG_RELTOPDIR subdirs OPENLDAP_PLUGIN build build_cpu build_vendor build_os host host_cpu host_vendor host_os krb5_cv_host acx_pthread_config PTHREAD_CC PTHREAD_LIBS PTHREAD_CFLAGS THREAD_SUPPORT DL_LIB EGREP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA GEN_LIB CC_LINK RPATH_FLAG DEPLIBEXT LIBOBJS LTLIBOBJS' d24 1 a24 1 @@@@ -7626,7 +7626,7 @@@@ d34 2 a35 2 --- src/config/pre.in.orig 2006-10-15 20:19:28 +0200 +++ src/config/pre.in 2007-01-10 08:31:00 +0100 d46 3 a48 3 --- src/lib/krb5/os/hst_realm.c.orig 2006-10-15 15:23:48 +0200 +++ src/lib/krb5/os/hst_realm.c 2007-01-10 08:31:00 +0100 @@@@ -302,7 +302,7 @@@@ d58 2 a59 2 --- src/lib/krb5/os/locate_kdc.c.orig 2006-11-16 22:18:50 +0100 +++ src/lib/krb5/os/locate_kdc.c 2007-01-10 08:31:00 +0100 d69 24 d94 2 a95 2 --- src/plugins/kdb/db2/Makefile.in.orig 2006-10-06 23:17:56 +0200 +++ src/plugins/kdb/db2/Makefile.in 2007-01-10 08:31:00 +0100 a107 22 Index: src/plugins/kdb/db2/configure --- src/plugins/kdb/db2/configure.orig 2007-01-10 01:11:11 +0100 +++ src/plugins/kdb/db2/configure 2007-01-10 08:31:00 +0100 @@@@ -1368,6 +1368,7 @@@@ build_dynobj=no enable_shared=yes +enable_static=yes build_dynobj=yes ac_reltopdir="../../.." if test ! -r "$srcdir/../../../aclocal.m4"; then Index: src/util/ss/pager.c --- src/util/ss/pager.c.orig 2003-01-06 00:28:05 +0100 +++ src/util/ss/pager.c 2007-01-10 08:31:00 +0100 @@@@ -11,6 +11,7 @@@@ #include "copyright.h" #include #include +#include #include #include #include @ 1.13.2.3 log @MFC: make up leeway for 2_STABLE by virtue of build-time results @ text @a0 19 Index: src/Makefile.in --- src/Makefile.in.orig 2006-12-19 01:12:32 +0100 +++ src/Makefile.in 2007-01-14 11:12:48 +0100 @@@@ -5,7 +5,6 @@@@ mydir=. # Don't build sample by default: plugins/locate/python plugins/preauth/wpse plugins/preauth/cksum_body SUBDIRS=util include lib @@krb524@@ kdc kadmin @@ldap_plugin_dir@@ slave clients \ - plugins/kdb/db2 \ appl tests \ config-files gen-manpages BUILDTOP=$(REL)$(C) @@@@ -98,7 +97,6 @@@@ done (w=`pwd`; cd util && $(MAKE) install DESTDIR="$$w/util/fakedest") (w=`pwd`; cd lib && $(MAKE) install DESTDIR="$$w/util/fakedest") - (w=`pwd`; cd plugins/kdb/db2 && $(MAKE) install DESTDIR="$$w/util/fakedest") # (w=`pwd`; cd plugins/locate/python && $(MAKE) install DESTDIR="$$w/util/fakedest") d3 1 a3 1 +++ src/appl/Makefile.in 2007-01-14 11:12:48 +0100 d14 1 a14 1 +++ src/appl/configure 2007-01-14 11:12:48 +0100 d35 1 a35 1 +++ src/config/pre.in 2007-01-14 11:12:48 +0100 a44 33 Index: src/configure --- src/configure.orig 2007-01-10 01:12:41 +0100 +++ src/configure 2007-01-14 11:12:48 +0100 @@@@ -317,7 +317,7 @@@@ ac_subdirs_all="$ac_subdirs_all util/ss" ac_subdirs_all="$ac_subdirs_all plugins/kdb/ldap/libkdb_ldap" -ac_subdirs_all="$ac_subdirs_all lib/apputils plugins/kdb/db2 plugins/preauth/wpse plugins/preauth/cksum_body appl tests" +ac_subdirs_all="$ac_subdirs_all lib/apputils plugins/preauth/wpse plugins/preauth/cksum_body appl tests" ac_subdirs_all="$ac_subdirs_all plugins/locate/python" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS EXTRA_FILES CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT HAVE_GCC CPP LD KRB4_INCLUDES KRB4_LIBPATH KRB4_LIB KRB4_DEPLIB KRB_ERR_H_DEP DES425_DEPLIB DES425_LIB compile_et COM_ERR_VERSION SS_LIB SS_VERSION DB_HEADER DB_LIB DB_VERSION DB_HEADER_VERSION KDB5_DB_LIB HESIOD_DEFS HESIOD_LIBS MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CONFIG_RELTOPDIR subdirs OPENLDAP_PLUGIN build build_cpu build_vendor build_os host host_cpu host_vendor host_os krb5_cv_host acx_pthread_config PTHREAD_CC PTHREAD_LIBS PTHREAD_CFLAGS THREAD_SUPPORT DL_LIB EGREP KRB5_VERSION TCL_INCLUDES TCL_LIBS TCL_LIBPATH TCL_RPATH TCL_MAYBE_RPATH KRB4 krb524 OBJLISTS STOBJEXT SHOBJEXT PFOBJEXT PICFLAGS PROFFLAGS LN_S RANLIB ac_ct_RANLIB ARCHIVE ARADD INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AR PERL LIBLIST LIBLINKS MAKE_SHLIB_COMMAND SHLIB_EXPFLAGS SHLIB_EXPORT_FILE_DEP DYNOBJ_EXPDEPS DYNOBJ_EXPFLAGS INSTALL_SHLIB STLIBEXT SHLIBEXT SHLIBVEXT SHLIBSEXT DEPLIBEXT PFLIBEXT LIBINSTLIST DYNOBJEXT MAKE_DYNOBJ_COMMAND GEN_LIB CC_LINK RPATH_FLAG LIBUTIL AWK FAKEKA KRB5_RUN_ENV LEX LEXLIB LEX_OUTPUT_ROOT KSU_LIBS SETENVOBJ KRB5_RCTMPDIR maybe_kerberosIV DO_TCL YACC have_RUNTEST have_PERL DO_TEST DO_V4_TEST RBUILD S_TOP PERL_PATH EXPECT DO_ALL PRIOCNTL_HACK RUNTEST KRB_ERR_TXT KRB_ERR KRB_ERR_C include_stdint include_inttypes include_xom rpcent_define GSSRPC__SYS_SELECT_H GSSRPC__SYS_TIME_H GSSRPC__UNISTD_H GSSRPC__SYS_PARAM_H GSSRPC__NETDB_H GSSRPC__STDINT_H GSSRPC__INTTYPES_H GSSRPC__FAKE_UINT32 GSSRPC__BSD_TYPEALIASES PASS HOST_TYPE SUPPORTLIB_MAJOR ldap_plugin_dir LIBOBJS LTLIBOBJS' ac_subst_files='lib_frag libobj_frag libnover_frag' @@@@ -20360,7 +20360,7 @@@@ -subdirs="$subdirs lib/apputils plugins/kdb/db2 plugins/preauth/wpse plugins/preauth/cksum_body appl tests" +subdirs="$subdirs lib/apputils plugins/preauth/wpse plugins/preauth/cksum_body appl tests" if false; then Index: src/krb5-config.in --- src/krb5-config.in.orig 2006-06-16 02:26:49 +0200 +++ src/krb5-config.in 2007-01-14 12:55:32 +0100 @@@@ -217,7 +217,7 @@@@ fi if test $library = 'krb5'; then - lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" + lib_flags="$lib_flags -lkrb5 -lk5crypto -lkrb5support -lcom_err $GEN_LIB $LIBS $DL_LIB" fi echo $lib_flags d47 1 a47 1 +++ src/lib/krb5/os/hst_realm.c 2007-01-14 11:12:48 +0100 d59 1 a59 1 +++ src/lib/krb5/os/locate_kdc.c 2007-01-14 11:12:48 +0100 d71 24 a94 13 +++ src/plugins/kdb/db2/Makefile.in 2007-01-14 11:12:48 +0100 @@@@ -30,10 +30,7 @@@@ RELDIR=../plugins/kdb/db2 # Depends on libk5crypto and libkrb5 # Also on gssrpc, for xdr stuff. -SHLIB_EXPDEPS = \ - $(GSSRPC_DEPLIBS) \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) +SHLIB_EXPDEPS = SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(SUPPORT_LIB) $(LIBS) SHLIB_DIRS=-L$(TOPLIBD) d97 1 a97 1 +++ src/util/ss/pager.c 2007-01-14 11:12:48 +0100 @ 1.12 log @move PID files to run/ subdir; don't install Kerberos 4 to 5 doc; disable building and installation of network applications (they are badly maintained and partly unportable); reduce the patching to the minimum @ text @d66 12 @ 1.11 log @upgrading package: kerberos 1.3.6 -> 1.4 @ text @a0 194 Index: src/appl/gssftp/configure.in --- src/appl/gssftp/configure.in.orig 2004-09-23 00:59:44 +0200 +++ src/appl/gssftp/configure.in 2005-01-31 19:55:02 +0100 @@@@ -20,6 +20,7 @@@@ AC_REPLACE_FUNCS(getdtablesize) AC_CHECK_FUNCS(getcwd getdtablesize getusershell seteuid setreuid setresuid strerror getenv) AC_CHECK_LIB(crypt,crypt) dnl +AC_CHECK_TYPE(sig_t,[AC_DEFINE([HAVE_SIG_T])],,[#include ]) dnl KRB5_AC_LIBUTIL dnl dnl copied from appl/bsd/configure.in Index: src/appl/gssftp/configure --- src/appl/gssftp/configure.orig 2005-01-27 23:12:30 +0100 +++ src/appl/gssftp/configure 2005-01-31 19:57:12 +0100 @@@@ -8302,6 +8302,71 @@@@ fi + echo "$as_me:$LINENO: checking for sig_t" >&5 +echo $ECHO_N "checking for sig_t... $ECHO_C" >&6 +if test "${ac_cv_type_sig_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +int +main () +{ +if ((sig_t *) 0) + return 0; +if (sizeof (sig_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_sig_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_sig_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_sig_t" >&5 +echo "${ECHO_T}$ac_cv_type_sig_t" >&6 +if test $ac_cv_type_sig_t = yes; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_SIG_T 1 +_ACEOF + +fi + + echo "$as_me:$LINENO: checking setenv" >&5 echo $ECHO_N "checking setenv... $ECHO_C" >&6 if test "${krb5_cv_setenv+set}" = set; then Index: src/appl/gssftp/ftp/cmds.c --- src/appl/gssftp/ftp/cmds.c.orig 2003-06-17 00:37:39.000000000 +0200 +++ src/appl/gssftp/ftp/cmds.c 2004-04-10 12:36:57.000000000 +0200 @@@@ -65,6 +65,10 @@@@ #include #include #include +#include +#ifndef HAVE_SIG_T +typedef void (*sig_t) (int); +#endif #ifdef HAVE_GETCWD #define getwd(x) getcwd(x,MAXPATHLEN) @@@@ -101,6 +105,30 @@@@ static char *domap (char *); /* + * pipeprotect: protect against "special" local filenames by prepending + * "./". Special local filenames are "-" and "|..." AND "/...". + */ +static char *pipeprotect(char *name) +{ + char *nu; + if (strcmp(name, "-") && *name!='|' && *name!='/') { + return name; + } + + /* We're going to leak this memory. XXX. */ + nu = malloc(strlen(name)+3); + if (nu==NULL) { + perror("malloc"); + code = -1; + return NULL; + } + strcpy(nu, "."); + if (*name != '/') strcat(nu, "/"); + strcat(nu, name); + return nu; +} + +/* * `Another' gets another argument, and stores the new argc and argv. * It reverts to the top level (via main.c's intr()) on EOF/error. * @@@@ -844,7 +872,15 @@@@ if (argc == 2) { argc++; - argv[2] = argv[1]; + /* + * Protect the user from accidentally retrieving special + * local names. + */ + argv[2] = pipeprotect(argv[1]); + if (!argv[2]) { + code = -1; + return 0; + } loc++; } if (argc < 2 && !another(&argc, &argv, "remote-file")) @@@@ -1033,16 +1069,14 @@@@ } char * -remglob(argv,doswitch) - char *argv[]; - int doswitch; +remglob(char *argv[], int doswitch) { #ifdef _WIN32 char *temp = NULL; #else char temp[16]; #endif - static char buf[MAXPATHLEN]; + static char buf[PATH_MAX]; static FILE *ftemp = NULL; static char **args; int oldverbose, oldhash; Index: src/appl/gssftp/ftp/ftp.c --- src/appl/gssftp/ftp/ftp.c.orig 2003-06-17 00:37:40.000000000 +0200 +++ src/appl/gssftp/ftp/ftp.c 2004-04-10 12:36:57.000000000 +0200 @@@@ -99,6 +99,10 @@@@ #include #endif +#ifndef HAVE_SIG_T +typedef void (*sig_t) (int); +#endif + #include #include #include Index: src/appl/gssftp/ftp/ftp_var.h --- src/appl/gssftp/ftp/ftp_var.h.orig 2003-06-17 00:37:40.000000000 +0200 +++ src/appl/gssftp/ftp/ftp_var.h 2004-04-10 12:36:57.000000000 +0200 @@@@ -57,9 +57,7 @@@@ typedef void (*sig_t)(int); typedef void sigtype; #else -#define sig_t my_sig_t #define sigtype krb5_sigtype -typedef sigtype (*sig_t)(); #endif /* d36 30 @ 1.10 log @upgrading package: kerberos 1.3.1 -> 1.3.3 @ text @d2 4 a5 3 --- src/appl/gssftp/configure.in.orig 2003-06-06 01:54:14.000000000 +0200 +++ src/appl/gssftp/configure.in 2004-04-10 12:36:57.000000000 +0200 @@@@ -21,6 +21,7 @@@@ a7 1 AC_CHECK_LIB(util,logwtmp) dnl d9 1 a11 1 dnl d13 5 a17 4 --- src/appl/gssftp/configure.orig 2004-04-06 22:06:01.000000000 +0200 +++ src/appl/gssftp/configure 2004-04-10 12:36:57.000000000 +0200 @@@@ -7285,7 +7285,71 @@@@ LIBS="-lutil $LIBS" a18 2 fi - echo "$as_me:$LINENO: checking setenv" >&5 d83 2 a84 1 +echo "$as_me:$LINENO: checking setenv" >&5 a86 1 echo $ECHO_N "(cached) $ECHO_C" >&6 d198 1 a198 1 @@@@ -438,7 +438,7 @@@@ d210 1 a210 1 @@@@ -185,7 +185,7 @@@@ @ 1.9 log @fix kerberos (dv2-ix86-freebsd5.2 does not define EAI_NODATA) @ text @d1 3 a3 105 diff -ru3 krb5-1.3.1.orig/src/appl/gssftp/ftp/cmds.c krb5-1.3.1/src/appl/gssftp/ftp/cmds.c --- krb5-1.3.1.orig/src/appl/gssftp/ftp/cmds.c 2003-06-17 00:37:39.000000000 +0200 +++ krb5-1.3.1/src/appl/gssftp/ftp/cmds.c 2003-09-10 19:45:29.000000000 +0200 @@@@ -65,6 +65,7 @@@@ #include #include #include +#include #ifdef HAVE_GETCWD #define getwd(x) getcwd(x,MAXPATHLEN) @@@@ -101,6 +102,30 @@@@ static char *domap (char *); /* + * pipeprotect: protect against "special" local filenames by prepending + * "./". Special local filenames are "-" and "|..." AND "/...". + */ +static char *pipeprotect(char *name) +{ + char *nu; + if (strcmp(name, "-") && *name!='|' && *name!='/') { + return name; + } + + /* We're going to leak this memory. XXX. */ + nu = malloc(strlen(name)+3); + if (nu==NULL) { + perror("malloc"); + code = -1; + return NULL; + } + strcpy(nu, "."); + if (*name != '/') strcat(nu, "/"); + strcat(nu, name); + return nu; +} + +/* * `Another' gets another argument, and stores the new argc and argv. * It reverts to the top level (via main.c's intr()) on EOF/error. * @@@@ -844,7 +869,15 @@@@ if (argc == 2) { argc++; - argv[2] = argv[1]; + /* + * Protect the user from accidentally retrieving special + * local names. + */ + argv[2] = pipeprotect(argv[1]); + if (!argv[2]) { + code = -1; + return 0; + } loc++; } if (argc < 2 && !another(&argc, &argv, "remote-file")) @@@@ -1033,16 +1066,14 @@@@ } char * -remglob(argv,doswitch) - char *argv[]; - int doswitch; +remglob(char *argv[], int doswitch) { #ifdef _WIN32 char *temp = NULL; #else char temp[16]; #endif - static char buf[MAXPATHLEN]; + static char buf[PATH_MAX]; static FILE *ftemp = NULL; static char **args; int oldverbose, oldhash; diff -ru3 krb5-1.3.1.orig/src/util/ss/pager.c krb5-1.3.1/src/util/ss/pager.c --- krb5-1.3.1.orig/src/util/ss/pager.c 2003-01-06 00:28:05.000000000 +0100 +++ krb5-1.3.1/src/util/ss/pager.c 2003-09-10 19:11:35.000000000 +0200 @@@@ -11,6 +11,7 @@@@ #include "copyright.h" #include #include +#include #include #include #include diff -Nau krb5-1.3.1.orig/src/appl/gssftp/ftp/ftp_var.h krb5-1.3.1/src/appl/gssftp/ftp/ftp_var.h --- krb5-1.3.1.orig/src/appl/gssftp/ftp/ftp_var.h Tue Jun 17 00:37:40 2003 +++ krb5-1.3.1/src/appl/gssftp/ftp/ftp_var.h Thu Oct 30 16:21:17 2003 @@@@ -57,9 +57,7 @@@@ typedef void (*sig_t)(int); typedef void sigtype; #else -#define sig_t my_sig_t #define sigtype krb5_sigtype -typedef sigtype (*sig_t)(); #endif /* diff -Naur krb5-1.3.1.orig/src/appl/gssftp/configure.in krb5-1.3.1/src/appl/gssftp/configure.in --- krb5-1.3.1.orig/src/appl/gssftp/configure.in Fri Jun 6 01:54:14 2003 +++ krb5-1.3.1/src/appl/gssftp/configure.in Tue Jan 27 19:19:35 2004 d12 4 a15 4 diff -Naur krb5-1.3.1.orig/src/appl/gssftp/configure krb5-1.3.1/src/appl/gssftp/configure --- krb5-1.3.1.orig/src/appl/gssftp/configure 2004-01-27 14:52:16.496284102 +0100 +++ krb5-1.3.1/src/appl/gssftp/configure 2004-01-27 16:56:28.499089951 +0100 @@@@ -4966,7 +4966,71 @@@@ d88 6 a93 4 diff -Naur krb5-1.3.1.orig/src/appl/gssftp/ftp/cmds.c krb5-1.3.1/src/appl/gssftp/ftp/cmds.c --- krb5-1.3.1.orig/src/appl/gssftp/ftp/cmds.c 2004-01-27 17:29:25.019970000 +0100 +++ krb5-1.3.1/src/appl/gssftp/ftp/cmds.c 2004-01-27 17:38:12.186768053 +0100 @@@@ -67,6 +67,10 @@@@ d95 1 a95 2 #include d99 1 a99 1 + d102 61 d164 8 a171 3 diff -Naur krb5-1.3.1.orig/src/appl/gssftp/ftp/ftp.c krb5-1.3.1/src/appl/gssftp/ftp/ftp.c --- krb5-1.3.1.orig/src/appl/gssftp/ftp/ftp.c 2003-06-17 00:37:40.000000000 +0200 +++ krb5-1.3.1/src/appl/gssftp/ftp/ftp.c 2004-01-27 17:40:18.235260482 +0100 d183 16 a198 3 Index: lib/krb5/os/hst_realm.c --- krb5-1.3.1/src/lib/krb5/os/hst_realm.c.orig 2002-10-16 00:51:50.000000000 +0200 +++ krb5-1.3.1/src/lib/krb5/os/hst_realm.c 2004-02-16 21:13:19.000000000 +0100 d208 3 a210 3 Index: lib/krb5/os/locate_kdc.c --- krb5-1.3.1/src/lib/krb5/os/locate_kdc.c.orig 2003-06-09 23:27:56.000000000 +0200 +++ krb5-1.3.1/src/lib/krb5/os/locate_kdc.c 2004-02-16 21:15:04.000000000 +0100 d220 11 a230 1 @ 1.9.2.1 log @apply patch from MIT krb5 Security Advisory 2004-001; CAN-2004-0523 @ text @a242 173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523 Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. ESB-2004.0378 -- MIT krb5 Security Advisory 2004-001, 02 June 2004 buffer overflows in krb5_aname_to_localname Index: krb5-1.3.1/src/lib/krb5/os/an_to_ln.c --- krb5-1.3.1/src/lib/krb5/os/an_to_ln.c.orig 2002-09-03 21:29:34 +0200 +++ krb5-1.3.1/src/lib/krb5/os/an_to_ln.c 2004-07-02 16:46:37 +0200 @@@@ -270,9 +270,14 @@@@ * If no regcomp() then just return the input string verbatim in the output * string. */ -static void +#define use_bytes(x) \ + out_used += (x); \ + if (out_used > MAX_FORMAT_BUFFER) goto mem_err + +static int do_replacement(char *regexp, char *repl, int doall, char *in, char *out) { + size_t out_used = 0; #if HAVE_REGCOMP regex_t match_exp; regmatch_t match_match; @@@@ -287,17 +292,22 @@@@ do { if (!regexec(&match_exp, cp, 1, &match_match, 0)) { if (match_match.rm_so) { + use_bytes(match_match.rm_so); strncpy(op, cp, match_match.rm_so); op += match_match.rm_so; } + use_bytes(strlen(repl)); strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(op); cp += match_match.rm_eo; - if (!doall) + if (!doall) { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + } matched = 1; } else { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } @@@@ -322,17 +332,21 @@@@ sdispl = (size_t) (loc1 - cp); edispl = (size_t) (loc2 - cp); if (sdispl) { + use_bytes(sdispl); strncpy(op, cp, sdispl); op += sdispl; } + use_bytes(strlen(repl)); strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(repl); cp += edispl; if (!doall) + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 1; } else { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } @@@@ -340,7 +354,15 @@@@ #else /* HAVE_REGEXP_H */ memcpy(out, in, MAX_FORMAT_BUFFER); #endif /* HAVE_REGCOMP */ + return 1; + mem_err: +#ifdef HAVE_REGCMP + regfree(&match_exp); +#endif + return 0; + } +#undef use_bytes /* * aname_replacer() - Perform the specified substitutions on the input @@@@ -412,7 +434,12 @@@@ /* Do the replacemenbt */ memset(out, '\0', MAX_FORMAT_BUFFER); - do_replacement(rule, repl, doglobal, in, out); + if (!do_replacement(rule, repl, doglobal, in, out)) { + free(rule); + free(repl); + kret = KRB5_LNAME_NOTRANS; + break; + } free(rule); free(repl); @@@@ -459,6 +486,7 @@@@ char *fprincname; char *selstring = 0; int num_comps, compind; + size_t selstring_used; char *cout; krb5_data *datap; char *outstring; @@@@ -479,6 +507,7 @@@@ */ current = strchr(current, ':'); selstring = (char *) malloc(MAX_FORMAT_BUFFER); + selstring_used = 0; if (current && selstring) { current++; cout = selstring; @@@@ -497,6 +526,14 @@@@ aname, compind-1)) ) { + if ((datap->length < MAX_FORMAT_BUFFER) + && (selstring_used+datap->length + < MAX_FORMAT_BUFFER)) { + selstring_used += datap->length; + } else { + kret = ENOMEM; + goto errout; + } strncpy(cout, datap->data, (unsigned) datap->length); @@@@ -527,7 +564,7 @@@@ else kret = KRB5_CONFIG_BADFORMAT; - if (kret) + errout: if (kret) free(selstring); } } @@@@ -643,7 +680,7 @@@@ const char *hierarchy[5]; char **mapping_values; int i, nvalid; - char *cp; + char *cp, *s; char *typep, *argp; unsigned int lnsize; @@@@ -677,11 +714,14 @@@@ /* Just use the last one. */ /* Trim the value. */ - cp = &mapping_values[nvalid-1] - [strlen(mapping_values[nvalid-1])]; - while (isspace((int) (*cp))) cp--; - cp++; - *cp = '\0'; + s = mapping_values[nvalid-1]; + cp = s + strlen(s); + while (cp > s) { + cp--; + if (!isspace((int)(*cp))) + break; + *cp = '\0'; + } /* Copy out the value if there's enough room */ if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) @ 1.8 log @track autoconf source just to remember how AC_CHECK_TYPE helped us with sig_t problem @ text @d218 25 @ 1.7 log @more autoconf patching to detect presence of sig_t type, and get this building again on all platforms regardless of having it or not @ text @d103 11 @ 1.6 log @Fix conflicting sig_t identifier with sig_t type @ text @d103 104 @ 1.5 log @upgrading package: kerberos 1.2.8 -> 1.3.1 @ text @d90 13 @ 1.4 log @use standard errno.h header instead of refering to external symbol errno @ text @d1 4 a4 8 --- krb5-1.2.8/src/appl/telnet/telnet/commands.c.dist 2003-05-16 12:24:35.000000000 +0200 +++ krb5-1.2.8/src/appl/telnet/telnet/commands.c 2003-05-16 12:31:39.000000000 +0200 @@@@ -60,7 +60,7 @@@@ #include #include #include -#include +#include a5 36 #ifdef HAVE_VFORK_H #include @@@@ -115,7 +115,7 @@@@ extern char **genget(); extern int Ambiguous(); -static call(); +static call(void *va_alist, ...); typedef struct { char *name; /* command name */ @@@@ -2698,8 +2698,7 @@@@ /*VARARGS1*/ static -call(va_alist) - va_dcl +call(void *va_alist, ...) { va_list ap; typedef int (*intrtn_t)(); @@@@ -2707,8 +2706,8 @@@@ char *args[100]; int argno = 0; - va_start(ap); - routine = (va_arg(ap, intrtn_t)); + va_start(ap, va_alist); + routine = (intrtn_t) va_alist; while ((args[argno++] = va_arg(ap, char *)) != 0) { ; } --- krb5-1.2.8/src/appl/gssftp/ftp/cmds.c.dist Wed Jun 25 17:41:28 2003 +++ krb5-1.2.8/src/appl/gssftp/ftp/cmds.c Wed Jun 25 17:43:54 2003 @@@@ -52,6 +52,7 @@@@ #include a8 1 #include d11 3 a13 10 @@@@ -69,6 +70,7 @@@@ extern char **ftpglob(); extern char *home; extern char *remglob(); +static int checkglob(int fd, const char *pattern); extern char *getenv(); #ifndef HAVE_STRERROR #define strerror(error) (sys_errlist[error]) @@@@ -88,6 +90,64 @@@@ extern int do_auth(); a39 34 + * Look for embedded ".." in a pathname and change it to "!!", printing + * a warning. + */ +static char *pathprotect(char *name) +{ + int gotdots=0, i, len; + + /* Convert null terminator to trailing / to catch a trailing ".." */ + len = strlen(name)+1; + name[len-1] = '/'; + + /* + * State machine loop. gotdots is < 0 if not looking at dots, + * 0 if we just saw a / and thus might start getting dots, + * and the count of dots seen so far if we have seen some. + */ + for (i=0; i=0) gotdots++; + else if (name[i]=='/' && gotdots<0) gotdots=0; + else if (name[i]=='/' && gotdots==2) { + printf("Warning: embedded .. in %.*s (changing to !!)\n", + len-1, name); + name[i-1] = '!'; + name[i-2] = '!'; + gotdots = 0; + } + else if (name[i]=='/') gotdots = 0; + else gotdots = -1; + } + name[len-1] = 0; + return name; +} + +/* d43 1 a43 1 @@@@ -832,7 +892,15 @@@@ d60 1 a60 23 @@@@ -1007,8 +1075,19 @@@@ if (mapflag) { tp = domap(tp); } - recvrequest("RETR", tp, cp, "w", - tp != cp || !interactive); + /* Reject embedded ".." */ + tp = pathprotect(tp); + + /* Prepend ./ to "-" or "!*" or leading "/" */ + tp = pipeprotect(tp); + if (tp == NULL) { + /* hmm... how best to handle this? */ + mflag = 0; + } + else { + recvrequest("RETR", tp, cp, "w", + tp != cp || !interactive); + } if (!mflag && fromatty) { ointer = interactive; interactive = 1; @@@@ -1024,16 +1103,14 @@@@ d69 3 d73 1 d75 1 a75 1 + static char buf[PATH_MAX]; d78 5 a82 174 - int oldverbose, oldhash; - char *cp, *mode; + int oldverbose, oldhash, badglob = 0; + char *cp; if (!mflag) { if (!doglob) { @@@@ -1055,36 +1132,154 @@@@ return (cp); } if (ftemp == NULL) { - (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1); - temp[sizeof(temp) - 1] = '\0'; - (void) mktemp(temp); + int oldumask, fd; + (void) strcpy(temp, _PATH_TMP); + + /* libc 5.2.18 creates with mode 0666, which is dumb */ + oldumask = umask(077); + fd = mkstemp(temp); + umask(oldumask); + + if (fd<0) { + printf("Error creating temporary file, oops\n"); + return NULL; + } + oldverbose = verbose, verbose = 0; oldhash = hash, hash = 0; if (doswitch) { pswitch(!proxy); } - for (mode = "w"; *++argv != NULL; mode = "a") - recvrequest ("NLST", temp, *argv, mode, 0); + while (*++argv != NULL) { + int dupfd = dup(fd); + + recvrequest ("NLST", temp, *argv, "a", 0); + if (!checkglob(dupfd, *argv)) { + badglob = 1; + break; + } + } + unlink(temp); + if (doswitch) { pswitch(!proxy); } verbose = oldverbose; hash = oldhash; - ftemp = fopen(temp, "r"); - (void) unlink(temp); + if (badglob) { + printf("Refusing to handle insecure file list\n"); + close(fd); + return NULL; + } + ftemp = fdopen(fd, "r"); if (ftemp == NULL) { printf("can't find list of remote files, oops\n"); return (NULL); } + rewind(ftemp); } if (fgets(buf, sizeof (buf), ftemp) == NULL) { (void) fclose(ftemp), ftemp = NULL; return (NULL); } - if ((cp = strchr(buf, '\n')) != NULL) + if ((cp = index(buf, '\n')) != NULL) *cp = '\0'; return (buf); } +/* + * Check whether given pattern matches `..' + * We assume only a glob pattern starting with a dot will match + * dot entries on the server. + */ +static int +isdotdotglob(const char *pattern) +{ + int havedot = 0; + char c; + + if (*pattern++ != '.') + return 0; + while ((c = *pattern++) != '\0' && c != '/') { + if (c == '*' || c == '?') + continue; + if (c == '.' && havedot++) + return 0; + } + return 1; +} + +/* + * This function makes sure the list of globbed files returned from + * the server doesn't contain anything dangerous such as + * /home//.forward, or ../.forward, + * or |mail foe@@doe = MAXPATHLEN) { + printf("Incredible pattern: %s\n", pattern); + return 0; + } + dotdot[nrslash++] = isdotdotglob(sp); + } + + fp = fdopen(fd, "r"); + while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) { + char *sp; + + if ((sp = strchr(buffer, '\n')) != 0) { + *sp = '\0'; + } else { + printf("Extremely long filename from server: %s", + buffer); + okay = 0; + break; + } + if (buffer[0] == '|' + || (buffer[0] != '/' && initial) + || (buffer[0] == '/' && !initial)) + okay = 0; + for (sp = buffer, nr = 0; sp; sp = strchr(sp, '/'), nr++) { + while (*sp == '/') + sp++; + if (sp[0] == '.' && !strncmp(sp, "../", 3) + && (nr >= nrslash || !dotdot[nr])) + okay = 0; + } + } + + if (!okay) + printf("Filename provided by server " + "doesn't match pattern `%s': %s\n", pattern, buffer); + + fclose(fp); + return okay; +} + char * onoff(bool) int bool; --- krb5-1.2.8/src/util/ss/pager.c.dist 2003-07-28 22:14:13.000000000 +0200 +++ krb5-1.2.8/src/util/ss/pager.c 2003-07-28 22:14:44.000000000 +0200 @@@@ -10,6 +10,7 @@@@ #include "ss_internal.h" d84 1 a89 35 @@@@ -17,7 +18,6 @@@@ static char MORE[] = "more"; extern char *_ss_pager_name; extern char *getenv(); -extern int errno; /* * this needs a *lot* of work.... --- krb5-1.2.8/src/util/ss/help.c.dist 2003-07-28 22:14:19.000000000 +0200 +++ krb5-1.2.8/src/util/ss/help.c 2003-07-28 22:14:33.000000000 +0200 @@@@ -8,12 +8,11 @@@@ #include #include #include /* just for O_* */ +#include #include #include "ss_internal.h" #include "copyright.h" -extern int errno; - void ss_help (argc, argv, sci_idx, info_ptr) int argc; char const * const *argv; --- krb5-1.2.8/src/util/ss/parse.c.dist 2003-07-28 22:30:57.000000000 +0200 +++ krb5-1.2.8/src/util/ss/parse.c 2003-07-28 22:31:49.000000000 +0200 @@@@ -7,6 +7,8 @@@@ #include "ss_internal.h" #include "copyright.h" +#include + enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING }; @ 1.3 log @add correct include for PATH_MAX to patch @ text @d348 45 @ 1.2 log @fix build for gcc3.3 @ text @d1 52 a52 10 # taken from http://updates.redhat.com/8.0/en/os/SRPMS/krb5-1.2.5-8.src.rpm # Patch to add in missing protection against special characters and # malicious servers, backported from netkit ftp 0.17 sources, (There are # probably other security fixes that are missing from this old ftp # source too). Mark Cox, mjc@@redhat.com, Jan 2003 # http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041 --- krb5-1.2.5/src/appl/gssftp/ftp/cmds.c.ORIG 2003-01-20 10:21:41.000000000 +0000 +++ krb5-1.2.5/src/appl/gssftp/ftp/cmds.c 2003-01-20 11:03:40.000000000 +0000 @@@@ -69,6 +69,7 @@@@ d60 1 a60 1 @@@@ -88,6 +89,64 @@@@ d125 1 a125 1 @@@@ -832,7 +891,15 @@@@ d142 1 a142 1 @@@@ -1007,8 +1074,19 @@@@ d164 1 a164 1 @@@@ -1024,16 +1102,14 @@@@ d185 1 a185 1 @@@@ -1055,36 +1131,154 @@@@ a347 41 --- krb5-1.2.8/src/appl/telnet/telnet/commands.c.dist 2003-05-16 12:24:35.000000000 +0200 +++ krb5-1.2.8/src/appl/telnet/telnet/commands.c 2003-05-16 12:31:39.000000000 +0200 @@@@ -60,7 +60,7 @@@@ #include #include #include -#include +#include #include #ifdef HAVE_VFORK_H #include @@@@ -115,7 +115,7 @@@@ extern char **genget(); extern int Ambiguous(); -static call(); +static call(void *va_alist, ...); typedef struct { char *name; /* command name */ @@@@ -2698,8 +2698,7 @@@@ /*VARARGS1*/ static -call(va_alist) - va_dcl +call(void *va_alist, ...) { va_list ap; typedef int (*intrtn_t)(); @@@@ -2707,8 +2706,8 @@@@ char *args[100]; int argno = 0; - va_start(ap); - routine = (va_arg(ap, intrtn_t)); + va_start(ap, va_alist); + routine = (intrtn_t) va_alist; while ((args[argno++] = va_arg(ap, char *)) != 0) { ; } @ 1.1 log @CAN-2003-0041 @ text @d306 41 @ 1.1.6.1 log @MFS: CAN-2003-0041 @ text @@ 1.1.4.1 log @MFS: CAN-2003-0041 @ text @@ 1.1.2.1 log @MFC: CAN-2003-0041 @ text @@ 1.1.2.2 log @mass Merge-From-CURRENT (MFC) in preparation for OpenPKG 1.3 [class PLUS only] @ text @d1 10 a10 52 --- krb5-1.2.8/src/appl/telnet/telnet/commands.c.dist 2003-05-16 12:24:35.000000000 +0200 +++ krb5-1.2.8/src/appl/telnet/telnet/commands.c 2003-05-16 12:31:39.000000000 +0200 @@@@ -60,7 +60,7 @@@@ #include #include #include -#include +#include #include #ifdef HAVE_VFORK_H #include @@@@ -115,7 +115,7 @@@@ extern char **genget(); extern int Ambiguous(); -static call(); +static call(void *va_alist, ...); typedef struct { char *name; /* command name */ @@@@ -2698,8 +2698,7 @@@@ /*VARARGS1*/ static -call(va_alist) - va_dcl +call(void *va_alist, ...) { va_list ap; typedef int (*intrtn_t)(); @@@@ -2707,8 +2706,8 @@@@ char *args[100]; int argno = 0; - va_start(ap); - routine = (va_arg(ap, intrtn_t)); + va_start(ap, va_alist); + routine = (intrtn_t) va_alist; while ((args[argno++] = va_arg(ap, char *)) != 0) { ; } --- krb5-1.2.8/src/appl/gssftp/ftp/cmds.c.dist Wed Jun 25 17:41:28 2003 +++ krb5-1.2.8/src/appl/gssftp/ftp/cmds.c Wed Jun 25 17:43:54 2003 @@@@ -52,6 +52,7 @@@@ #include #include #include +#include #include #ifdef HAVE_GETCWD @@@@ -69,6 +70,7 @@@@ d18 1 a18 1 @@@@ -88,6 +90,64 @@@@ d83 1 a83 1 @@@@ -832,7 +892,15 @@@@ d100 1 a100 1 @@@@ -1007,8 +1075,19 @@@@ d122 1 a122 1 @@@@ -1024,16 +1103,14 @@@@ d143 1 a143 1 @@@@ -1055,36 +1132,154 @@@@ @ 1.1.2.3 log @MFC: all changes since last merge @ text @a347 45 --- krb5-1.2.8/src/util/ss/pager.c.dist 2003-07-28 22:14:13.000000000 +0200 +++ krb5-1.2.8/src/util/ss/pager.c 2003-07-28 22:14:44.000000000 +0200 @@@@ -10,6 +10,7 @@@@ #include "ss_internal.h" #include "copyright.h" #include +#include #include #include #include @@@@ -17,7 +18,6 @@@@ static char MORE[] = "more"; extern char *_ss_pager_name; extern char *getenv(); -extern int errno; /* * this needs a *lot* of work.... --- krb5-1.2.8/src/util/ss/help.c.dist 2003-07-28 22:14:19.000000000 +0200 +++ krb5-1.2.8/src/util/ss/help.c 2003-07-28 22:14:33.000000000 +0200 @@@@ -8,12 +8,11 @@@@ #include #include #include /* just for O_* */ +#include #include #include "ss_internal.h" #include "copyright.h" -extern int errno; - void ss_help (argc, argv, sci_idx, info_ptr) int argc; char const * const *argv; --- krb5-1.2.8/src/util/ss/parse.c.dist 2003-07-28 22:30:57.000000000 +0200 +++ krb5-1.2.8/src/util/ss/parse.c 2003-07-28 22:31:49.000000000 +0200 @@@@ -7,6 +7,8 @@@@ #include "ss_internal.h" #include "copyright.h" +#include + enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING }; @