Index: branches/fc15-dev/server/common/patches/krb5-kuserok-scripts.patch =================================================================== --- branches/fc15-dev/server/common/patches/krb5-kuserok-scripts.patch (revision 1806) +++ branches/fc15-dev/server/common/patches/krb5-kuserok-scripts.patch (revision 1807) @@ -1,4 +1,5 @@ # scripts.mit.edu krb5 kuserok patch # Copyright (C) 2006 Tim Abbott +# 2011 Alexander Chernyakhovsky # # This program is free software; you can redistribute it and/or @@ -18,8 +19,8 @@ # See /COPYRIGHT in this repository for more information. # ---- krb5-1.6.3/src/lib/krb5/os/kuserok.c.old 2009-04-08 06:17:06.000000000 -0400 -+++ krb5-1.6.3/src/lib/krb5/os/kuserok.c 2009-04-08 06:17:18.000000000 -0400 -@@ -31,6 +31,7 @@ - #if !defined(_WIN32) /* Not yet for Windows */ +--- krb5-1.9/src/lib/krb5/os/kuserok.c.old 2011-04-16 19:09:58.000000000 -0400 ++++ krb5-1.9/src/lib/krb5/os/kuserok.c 2011-04-16 19:34:23.000000000 -0400 +@@ -32,6 +32,7 @@ + #if !defined(_WIN32) /* Not yet for Windows */ #include #include @@ -28,98 +29,67 @@ #if defined(_AIX) && defined(_IBMR2) #include -@@ -71,7 +72,6 @@ - { +@@ -100,6 +101,7 @@ struct stat sbuf; - struct passwd *pwd; -- char pbuf[MAXPATHLEN]; - krb5_boolean isok = FALSE; - FILE *fp; - char kuser[MAX_USERNAME]; -@@ -79,71 +79,35 @@ - char linebuf[BUFSIZ]; - char *newline; - int gobble; + struct passwd pwx, *pwd; + FILE *fp = NULL; + int pid, status; - /* no account => no access */ - char pwbuf[BUFSIZ]; - struct passwd pwx; + if (profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_K5LOGIN_AUTHORITATIVE, NULL, TRUE, +@@ -110,41 +112,27 @@ if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) - return(FALSE); -- (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); -- pbuf[sizeof(pbuf) - 1] = '\0'; -- (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf)); + goto cleanup; + +- if (get_k5login_filename(context, luser, pwd->pw_dir, &filename) != 0) +- goto cleanup; - -- if (access(pbuf, F_OK)) { /* not accessible */ -- /* -- * if he's trying to log in as himself, and there is no .k5login file, -- * let him. To find out, call -- * krb5_aname_to_localname to convert the principal to a name -- * which we can string compare. -- */ -- if (!(krb5_aname_to_localname(context, principal, -- sizeof(kuser), kuser)) -- && (strcmp(kuser, luser) == 0)) { -- return(TRUE); -- } +- if (access(filename, F_OK) != 0) { +- result = PASS; +- goto cleanup; - } - if (krb5_unparse_name(context, principal, &princname)) - return(FALSE); /* no hope of matching */ +- + if (krb5_unparse_name(context, principal, &princname) != 0) + goto cleanup; -- /* open ~/.k5login */ -- if ((fp = fopen(pbuf, "r")) == NULL) { -- free(princname); -- return(FALSE); -- } +- fp = fopen(filename, "r"); +- if (fp == NULL) ++ if ((pid = fork()) == -1) + goto cleanup; - set_cloexec_file(fp); -- /* -- * For security reasons, the .k5login file must be owned either by -- * the user himself, or by root. Otherwise, don't grant access. -- */ -- if (fstat(fileno(fp), &sbuf)) { -- fclose(fp); -- free(princname); -- return(FALSE); -+ if ((pid = fork()) == -1) { -+ free(princname); -+ return(FALSE); +- +- /* For security reasons, the .k5login file must be owned either by +- * the user or by root. */ +- if (fstat(fileno(fp), &sbuf)) +- goto cleanup; +- if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) +- goto cleanup; +- +- /* Check each line. */ +- while (result != ACCEPT && (fgets(linebuf, sizeof(linebuf), fp) != NULL)) { +- newline = strrchr(linebuf, '\n'); +- if (newline != NULL) +- *newline = '\0'; +- if (strcmp(linebuf, princname) == 0) +- result = ACCEPT; +- /* Clean up the rest of the line if necessary. */ +- if (newline == NULL) +- while (((gobble = getc(fp)) != EOF) && gobble != '\n'); ++ ++ if (pid == 0) { ++ char *args[4]; ++#define ADMOF_PATH "/usr/local/sbin/ssh-admof" ++ args[0] = ADMOF_PATH; ++ args[1] = (char *) luser; ++ args[2] = princname; ++ args[3] = NULL; ++ execv(ADMOF_PATH, args); ++ exit(1); } -- if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) { -- fclose(fp); -- free(princname); -- return(FALSE); -+ if (pid == 0) { -+ char *args[4]; -+#define ADMOF_PATH "/usr/local/sbin/ssh-admof" -+ args[0] = ADMOF_PATH; -+ args[1] = (char *) luser; -+ args[2] = princname; -+ args[3] = NULL; -+ execv(ADMOF_PATH, args); -+ exit(1); - } -- -- /* check each line */ -- while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) { -- /* null-terminate the input string */ -- linebuf[BUFSIZ-1] = '\0'; -- newline = NULL; -- /* nuke the newline if it exists */ -- if ((newline = strchr(linebuf, '\n'))) -- *newline = '\0'; -- if (!strcmp(linebuf, princname)) { -- isok = TRUE; -- continue; -- } -- /* clean up the rest of the line if necessary */ -- if (!newline) -- while (((gobble = getc(fp)) != EOF) && gobble != '\n'); + + if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) { -+ isok=TRUE; - } ++ result = ACCEPT; ++ } + + cleanup: free(princname); -- fclose(fp); - return(isok); - } - + free(filename); Index: branches/fc15-dev/server/fedora/Makefile =================================================================== --- branches/fc15-dev/server/fedora/Makefile (revision 1806) +++ branches/fc15-dev/server/fedora/Makefile (revision 1807) @@ -19,5 +19,5 @@ # See /COPYRIGHT in this repository for more information. -upstream_yum = krb5 krb5.i686 httpd openssh 389-ds-base +upstream_yum = krb5 krb5.i686 httpd openssh hackage = MonadCatchIO-mtl-0.3.0.1 cgi-3001.1.8.1 unix-handle-0.0.0 upstream_hackage = ghc-MonadCatchIO-mtl ghc-cgi ghc-unix-handle @@ -45,5 +45,5 @@ heartbeat_url = "http://kojipkgs.fedoraproject.org/packages/heartbeat/3.0.0/0.5.0daab7da36a8.hg.fc12/src/heartbeat-3.0.0-0.5.0daab7da36a8.hg.fc12.src.rpm" pacemaker_url = "http://kojipkgs.fedoraproject.org/packages/pacemaker/1.0.5/5.fc12/src/pacemaker-1.0.5-5.fc12.src.rpm" -zephyr_url = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.tar.gz" +zephyr_url = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.1.tar.gz" PKG = $(patsubst %.i686,%,$@) Index: branches/fc15-dev/server/fedora/specs/389-ds-base.spec.patch =================================================================== --- branches/fc15-dev/server/fedora/specs/389-ds-base.spec.patch (revision 1806) +++ (revision ) @@ -1,45 +1,0 @@ ---- 389-ds-base.spec.orig 2010-12-16 12:22:05.000000000 -0500 -+++ 389-ds-base.spec 2010-12-23 21:19:49.000000000 -0500 -@@ -13,7 +13,7 @@ - Summary: 389 Directory Server (base) - Name: 389-ds-base - Version: 1.2.7.5 --Release: %{?relprefix}1%{?prerel}%{?dist} -+Release: %{?relprefix}1%{?prerel}.scripts.%{scriptsversion}%{?dist} - License: GPLv2 with exceptions - URL: http://port389.org/ - Group: System Environment/Daemons -@@ -83,11 +83,15 @@ - Requires(preun): /sbin/chkconfig - Requires(preun): /sbin/service - -+Provides: scripts-389-ds -+ - Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2 - # 389-ds-git.sh should be used to generate the source tarball from git - Source1: %{name}-git.sh - Source2: %{name}-devel.README - -+Patch0: 389-ds-base-fix-changelog-paths.patch -+ - %description - 389 Directory Server is an LDAPv3 compliant server. The base package includes - the LDAP server and command line utilities for server administration. -@@ -109,6 +113,7 @@ - - %prep - %setup -q -n %{name}-%{version}%{?prerel} -+%patch0 -p1 -b .fix-changelog-paths - cp %{SOURCE2} README.devel - - %build -@@ -300,6 +305,9 @@ - %{_libdir}/%{pkgname}/*.so - - %changelog -+* Thu Dec 23 2010 Mitchell E Berger - 1.2.7.5-1.scripts -+- Correct changelog path logic in MMR plugin -+ - * Thu Dec 16 2010 Rich Megginson - 1.2.7.5-1 - - 1.2.7.5 release - git tag 389-ds-base-1.2.7.5 - - Bug 663597 - Memory leaks in normalization code Index: branches/fc15-dev/server/fedora/specs/httpd.spec.patch =================================================================== --- branches/fc15-dev/server/fedora/specs/httpd.spec.patch (revision 1806) +++ branches/fc15-dev/server/fedora/specs/httpd.spec.patch (revision 1807) @@ -1,16 +1,16 @@ --- httpd.spec.orig 2010-10-27 08:26:15.000000000 -0400 +++ httpd.spec 2010-11-18 18:20:43.000000000 -0500 -@@ -7,7 +7,7 @@ +@@ -8,7 +8,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.2.17 --Release: 1%{?dist}.1 -+Release: 1%{?dist}.1.scripts.%{scriptsversion} +-Release: 10%{?dist}.1 ++Release: 10%{?dist}.1.scripts.%{scriptsversion} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html -@@ -55,6 +55,14 @@ - Conflicts: pcre < 4.0 - Requires: httpd-tools = %{version}-%{release}, apr-util-ldap +@@ -54,6 +54,14 @@ + Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa} + Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units +Provides: scripts-httpd @@ -25,5 +25,5 @@ The Apache HTTP Server is a powerful, efficient, and extensible web server. -@@ -65,6 +73,7 @@ +@@ -64,6 +72,7 @@ Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel Requires: apr-devel, apr-util-devel, pkgconfig @@ -33,13 +33,13 @@ %description devel The httpd-devel package contains the APXS binary and other files -@@ -103,6 +112,7 @@ - Requires(post): openssl >= 0.9.7f-4, /bin/cat +@@ -102,6 +102,7 @@ + Requires(post): openssl, /bin/cat Requires(pre): httpd - Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn} + Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} +Provides: scripts-mod_ssl Obsoletes: stronghold-mod_ssl %description -n mod_ssl -@@ -130,6 +140,13 @@ +@@ -129,6 +139,13 @@ # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 @@ -55,5 +55,5 @@ vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` if test "x${vmmn}" != "x%{mmn}"; then -@@ -177,10 +194,12 @@ +@@ -176,10 +193,12 @@ --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \ Index: branches/fc15-dev/server/fedora/specs/krb5.spec.patch =================================================================== --- branches/fc15-dev/server/fedora/specs/krb5.spec.patch (revision 1806) +++ branches/fc15-dev/server/fedora/specs/krb5.spec.patch (revision 1807) @@ -1,16 +1,16 @@ --- krb5.spec.orig 2011-03-25 17:29:24.000000000 -0400 +++ krb5.spec 2011-03-25 17:31:15.000000000 -0400 -@@ -10,7 +10,7 @@ +@@ -6,7 +6,7 @@ Summary: The Kerberos network authentication system Name: krb5 - Version: 1.7.1 --Release: 18%{?dist} -+Release: 18%{?dist}.scripts.%{scriptsversion} + Version: 1.9 +-Release: 6%{?dist} ++Release: 6%{?dist}.scripts.%{scriptsversion} # Maybe we should explode from the now-available-to-everybody tarball instead? - # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar + # http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9-signed.tar Source0: krb5-%{version}.tar.gz -@@ -96,6 +96,8 @@ - Patch107: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt - Patch108: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt +@@ -53,6 +53,8 @@ + Patch74: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt + Patch75: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt +Patch1000: krb5-kuserok-scripts.patch @@ -19,5 +19,5 @@ URL: http://web.mit.edu/kerberos/www/ Group: System Environment/Libraries -@@ -140,6 +142,7 @@ +@@ -97,6 +99,7 @@ %package libs Summary: The shared libraries used by Kerberos 5 @@ -27,8 +27,8 @@ %description libs Kerberos is a network authentication system. The krb5-libs package -@@ -1684,6 +1687,7 @@ - %patch106 -p1 -b .2011-001 - %patch107 -p1 -b .2011-002 - %patch108 -p1 -b .2011-003 +@@ -192,6 +195,7 @@ + %patch73 -p1 -b .2011-001 + %patch74 -p1 -b .2011-002 + %patch75 -p1 -b .2011-003 +%patch1000 -p1 -b .kuserok gzip doc/*.ps Index: branches/fc15-dev/server/fedora/specs/scripts-base.spec =================================================================== --- branches/fc15-dev/server/fedora/specs/scripts-base.spec (revision 1806) +++ branches/fc15-dev/server/fedora/specs/scripts-base.spec (revision 1807) @@ -31,5 +31,4 @@ Requires: httpdmods Requires: %{all_archs nss_nonlocal} -Requires: scripts-389-ds %define debug_package %{nil} Index: branches/fc15-dev/server/fedora/specs/zephyr.spec =================================================================== --- branches/fc15-dev/server/fedora/specs/zephyr.spec (revision 1806) +++ branches/fc15-dev/server/fedora/specs/zephyr.spec (revision 1807) @@ -1,4 +1,4 @@ Name: zephyr -Version: 3.0 +Version: 3.0.1 Release: 0.%{scriptsversion}%{?dist} Summary: Client programs for the Zephyr real-time messaging system @@ -139,4 +139,7 @@ %changelog +* Sat Apr 16 2011 Alexander Chernyakhovsky 3.0.1-0 +- Zephyr 3.0.1 + * Sun Sep 19 2010 Anders Kaseorg - 3.0-0 - Decrease version below a hypothetical Fedora package.