Changeset 1069


Ignore:
Timestamp:
Apr 8, 2009, 7:11:17 AM (13 years ago)
Author:
mitchb
Message:
Updates to the build system for krb5
Allow us to build with patches for CVE-2009-0844 through CVE-2009-0847
Location:
server
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • server/common/patches/krb5-kuserok-scripts.patch

    r125 r1069  
    1818# See /COPYRIGHT in this repository for more information.
    1919#
    20 --- krb5-1.4.3/src/lib/krb5/os/kuserok.c.old    2006-09-09 19:03:33.000000000 -0400
    21 +++ krb5-1.4.3/src/lib/krb5/os/kuserok.c        2006-09-09 19:50:48.000000000 -0400
     20--- krb5-1.6.3/src/lib/krb5/os/kuserok.c.old    2009-04-08 06:17:06.000000000 -0400
     21+++ krb5-1.6.3/src/lib/krb5/os/kuserok.c        2009-04-08 06:17:18.000000000 -0400
    2222@@ -31,6 +31,7 @@
    2323 #if !defined(_WIN32)           /* Not yet for Windows */
     
    2828 #if defined(_AIX) && defined(_IBMR2)
    2929 #include <sys/access.h>
    30 @@ -64,7 +65,6 @@
     30@@ -71,7 +72,6 @@
    3131 {
    3232     struct stat sbuf;
     
    3636     FILE *fp;
    3737     char kuser[MAX_USERNAME];
    38 @@ -72,70 +72,35 @@
     38@@ -79,70 +79,35 @@
    3939     char linebuf[BUFSIZ];
    4040     char *newline;
     
    8080-       free(princname);
    8181-       return(FALSE);
    82 -    }
     82+    if ((pid = fork()) == -1) {
     83+       free(princname);
     84+       return(FALSE);
     85     }
    8386-    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
    8487-       fclose(fp);
    8588-       free(princname);
    8689-       return(FALSE);
    87 -    }
     90+    if (pid == 0) {
     91+       char *args[4];
     92+#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
     93+       args[0] = ADMOF_PATH;
     94+       args[1] = (char *) luser;
     95+       args[2] = princname;
     96+       args[3] = NULL;
     97+       execv(ADMOF_PATH, args);
     98+       exit(1);
     99     }
    88100-
    89101-    /* check each line */
     
    102114-       if (!newline)
    103115-           while (((gobble = getc(fp)) != EOF) && gobble != '\n');
    104 -    }
    105 +    if ((pid = fork()) == -1) {
    106 +       free(princname);
    107 +       return(FALSE);
    108 +    }
    109 +    if (pid == 0) {
    110 +       char *args[4];
    111 +#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
    112 +       args[0] = ADMOF_PATH;
    113 +       args[1] = (char *) luser;
    114 +       args[2] = princname;
    115 +       args[3] = NULL;
    116 +       execv(ADMOF_PATH, args);
    117 +       exit(1);
    118 +    }
    119116+    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) {
    120117+       isok=TRUE;
    121 +    }
     118     }
    122119+   
    123120     free(princname);
  • server/fedora/specs/krb5.spec.patch

    r956 r1069  
    1 --- krb5.spec.old       2008-08-05 13:46:07.000000000 -0400
    2 +++ krb5.spec   2009-01-27 21:30:00.000000000 -0500
     1--- krb5.spec.old       2009-04-08 06:26:23.000000000 -0400
     2+++ krb5.spec   2009-04-08 06:29:20.000000000 -0400
    33@@ -16,7 +16,7 @@
    44 Summary: The Kerberos network authentication system.
     
    1010 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
    1111 Source0: krb5-%{version}.tar.gz
    12 @@ -102,6 +102,8 @@
    13  Patch78: krb5-1.6.3-lucid-acceptor.patch
    14  Patch79: krb5-trunk-ftp_mget_case.patch
     12@@ -105,6 +105,8 @@
     13 Patch82: krb5-CVE-2009-0846.patch
     14 Patch83: krb5-CVE-2009-0847.patch
    1515 
    1616+Patch1000: krb5-kuserok-scripts.patch
    1717+
    18  License: MIT
     18 License: MIT, freely distributable.
    1919 URL: http://web.mit.edu/kerberos/www/
    2020 Group: System Environment/Libraries
    21 @@ -143,6 +145,7 @@
     21@@ -146,6 +148,7 @@
    2222 Group: System Environment/Libraries
    2323 Prereq: grep, /sbin/ldconfig, sh-utils
     
    2727 %description libs
    2828 Kerberos is a network authentication system. The krb5-libs package
    29 @@ -1383,6 +1386,7 @@
    30  %patch77 -p0 -b .2007-5971
    31  %patch78 -p0 -b .lucid_acceptor
    32  %patch79 -p0 -b .ftp_mget_case
     29@@ -1389,6 +1392,7 @@
     30 %patch81 -p1 -b .CVE-2009-0844-0845-2
     31 %patch82 -p1 -b .CVE-2009-0846
     32 %patch83 -p1 -b .CVE-2009-0847
    3333+%patch1000 -p1 -b .kuserok
    3434 cp src/krb524/README README.krb524
Note: See TracChangeset for help on using the changeset viewer.