OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web openpkg$ Date: 10-Sep-2003 20:01:55
Branch: HEAD Handle: 2003091019015203
Modified files:
openpkg-re/vcheck vc.kerberos
openpkg-src/kerberos kerberos.patch kerberos.spec
openpkg-web news.txt
Log:
upgrading package: kerberos 1.2.8 -> 1.3.1
Summary:
Revision Changes Path
1.5 +4 -3 openpkg-re/vcheck/vc.kerberos
1.5 +20 -323 openpkg-src/kerberos/kerberos.patch
1.35 +3 -4 openpkg-src/kerberos/kerberos.spec
1.6491 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-re/vcheck/vc.kerberos
============================================================================
$ cvs diff -u -r1.4 -r1.5 vc.kerberos
--- openpkg-re/vcheck/vc.kerberos 10 Apr 2003 16:24:34 -0000 1.4
+++ openpkg-re/vcheck/vc.kerberos 10 Sep 2003 18:01:52 -0000 1.5
@@ -1,8 +1,9 @@
- config = {
+config = {
}
prog kerberos = {
- version = 1.2.8
- url =
http://www.mirrors.wiretapped.net/security/cryptography/apps/kerberos/krb5-mit/unix/
+ version = 1.3.1
+ url = http://www.crypto-publish.org/mit-kerberos5/index.html
regex = krb5-(__VER__)\.tar\.gz
}
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/kerberos/kerberos.patch
============================================================================
$ cvs diff -u -r1.4 -r1.5 kerberos.patch
--- openpkg-src/kerberos/kerberos.patch 28 Jul 2003 20:44:56 -0000 1.4
+++ openpkg-src/kerberos/kerberos.patch 10 Sep 2003 18:01:55 -0000 1.5
@@ -1,64 +1,16 @@
---- krb5-1.2.8/src/appl/telnet/telnet/commands.c.dist 2003-05-16
12:24:35.000000000 +0200
-+++ krb5-1.2.8/src/appl/telnet/telnet/commands.c 2003-05-16 12:31:39.000000000
+0200
-@@ -60,7 +60,7 @@
- #include <netdb.h>
- #include <ctype.h>
- #include <pwd.h>
--#include <varargs.h>
-+#include <stdarg.h>
+diff -ru3 krb5-1.3.1.orig/src/appl/gssftp/ftp/cmds.c
krb5-1.3.1/src/appl/gssftp/ftp/cmds.c
+--- krb5-1.3.1.orig/src/appl/gssftp/ftp/cmds.c 2003-06-17 00:37:39.000000000
+0200
++++ krb5-1.3.1/src/appl/gssftp/ftp/cmds.c 2003-09-10 19:45:29.000000000 +0200
+@@ -65,6 +65,7 @@
#include <errno.h>
- #ifdef HAVE_VFORK_H
- #include <vfork.h>
-@@ -115,7 +115,7 @@
- extern char **genget();
- extern int Ambiguous();
-
--static call();
-+static call(void *va_alist, ...);
-
- typedef struct {
- char *name; /* command name */
-@@ -2698,8 +2698,7 @@
-
- /*VARARGS1*/
- static
--call(va_alist)
-- va_dcl
-+call(void *va_alist, ...)
- {
- va_list ap;
- typedef int (*intrtn_t)();
-@@ -2707,8 +2706,8 @@
- char *args[100];
- int argno = 0;
-
-- va_start(ap);
-- routine = (va_arg(ap, intrtn_t));
-+ va_start(ap, va_alist);
-+ routine = (intrtn_t) va_alist;
- while ((args[argno++] = va_arg(ap, char *)) != 0) {
- ;
- }
---- krb5-1.2.8/src/appl/gssftp/ftp/cmds.c.dist Wed Jun 25 17:41:28 2003
-+++ krb5-1.2.8/src/appl/gssftp/ftp/cmds.c Wed Jun 25 17:43:54 2003
-@@ -52,6 +52,7 @@
- #include <netdb.h>
#include <ctype.h>
#include <time.h>
+#include <limits.h>
- #include <netinet/in.h>
#ifdef HAVE_GETCWD
-@@ -69,6 +70,7 @@
- extern char **ftpglob();
- extern char *home;
- extern char *remglob();
-+static int checkglob(int fd, const char *pattern);
- extern char *getenv();
- #ifndef HAVE_STRERROR
- #define strerror(error) (sys_errlist[error])
-@@ -88,6 +90,64 @@
- extern int do_auth();
+ #define getwd(x) getcwd(x,MAXPATHLEN)
+@@ -101,6 +102,30 @@
+ static char *domap (char *);
/*
+ * pipeprotect: protect against "special" local filenames by prepending
@@ -85,44 +37,10 @@
+}
+
+/*
-+ * Look for embedded ".." in a pathname and change it to "!!", printing
-+ * a warning.
-+ */
-+static char *pathprotect(char *name)
-+{
-+ int gotdots=0, i, len;
-+
-+ /* Convert null terminator to trailing / to catch a trailing ".." */
-+ len = strlen(name)+1;
-+ name[len-1] = '/';
-+
-+ /*
-+ * State machine loop. gotdots is < 0 if not looking at dots,
-+ * 0 if we just saw a / and thus might start getting dots,
-+ * and the count of dots seen so far if we have seen some.
-+ */
-+ for (i=0; i<len; i++) {
-+ if (name[i]=='.' && gotdots>=0) gotdots++;
-+ else if (name[i]=='/' && gotdots<0) gotdots=0;
-+ else if (name[i]=='/' && gotdots==2) {
-+ printf("Warning: embedded .. in %.*s (changing to !!)\n",
-+ len-1, name);
-+ name[i-1] = '!';
-+ name[i-2] = '!';
-+ gotdots = 0;
-+ }
-+ else if (name[i]=='/') gotdots = 0;
-+ else gotdots = -1;
-+ }
-+ name[len-1] = 0;
-+ return name;
-+}
-+
-+/*
* `Another' gets another argument, and stores the new argc and argv.
* It reverts to the top level (via main.c's intr()) on EOF/error.
*
-@@ -832,7 +892,15 @@
+@@ -844,7 +869,15 @@
if (argc == 2) {
argc++;
@@ -139,29 +57,7 @@
loc++;
}
if (argc < 2 && !another(&argc, &argv, "remote-file"))
-@@ -1007,8 +1075,19 @@
- if (mapflag) {
- tp = domap(tp);
- }
-- recvrequest("RETR", tp, cp, "w",
-- tp != cp || !interactive);
-+ /* Reject embedded ".." */
-+ tp = pathprotect(tp);
-+
-+ /* Prepend ./ to "-" or "!*" or leading "/" */
-+ tp = pipeprotect(tp);
-+ if (tp == NULL) {
-+ /* hmm... how best to handle this? */
-+ mflag = 0;
-+ }
-+ else {
-+ recvrequest("RETR", tp, cp, "w",
-+ tp != cp || !interactive);
-+ }
- if (!mflag && fromatty) {
- ointer = interactive;
- interactive = 1;
-@@ -1024,16 +1103,14 @@
+@@ -1033,16 +1066,14 @@
}
char *
@@ -170,223 +66,24 @@
- int doswitch;
+remglob(char *argv[], int doswitch)
{
+ #ifdef _WIN32
+ char *temp = NULL;
+ #else
char temp[16];
+ #endif
- static char buf[MAXPATHLEN];
-+ static char buf[PATH_MAX];
++ static char buf[PATH_MAX];
static FILE *ftemp = NULL;
static char **args;
-- int oldverbose, oldhash;
-- char *cp, *mode;
-+ int oldverbose, oldhash, badglob = 0;
-+ char *cp;
-
- if (!mflag) {
- if (!doglob) {
-@@ -1055,36 +1132,154 @@
- return (cp);
- }
- if (ftemp == NULL) {
-- (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
-- temp[sizeof(temp) - 1] = '\0';
-- (void) mktemp(temp);
-+ int oldumask, fd;
-+ (void) strcpy(temp, _PATH_TMP);
-+
-+ /* libc 5.2.18 creates with mode 0666, which is dumb */
-+ oldumask = umask(077);
-+ fd = mkstemp(temp);
-+ umask(oldumask);
-+
-+ if (fd<0) {
-+ printf("Error creating temporary file, oops\n");
-+ return NULL;
-+ }
-+
- oldverbose = verbose, verbose = 0;
- oldhash = hash, hash = 0;
- if (doswitch) {
- pswitch(!proxy);
- }
-- for (mode = "w"; *++argv != NULL; mode = "a")
-- recvrequest ("NLST", temp, *argv, mode, 0);
-+ while (*++argv != NULL) {
-+ int dupfd = dup(fd);
-+
-+ recvrequest ("NLST", temp, *argv, "a", 0);
-+ if (!checkglob(dupfd, *argv)) {
-+ badglob = 1;
-+ break;
-+ }
-+ }
-+ unlink(temp);
-+
- if (doswitch) {
- pswitch(!proxy);
- }
- verbose = oldverbose; hash = oldhash;
-- ftemp = fopen(temp, "r");
-- (void) unlink(temp);
-+ if (badglob) {
-+ printf("Refusing to handle insecure file list\n");
-+ close(fd);
-+ return NULL;
-+ }
-+ ftemp = fdopen(fd, "r");
- if (ftemp == NULL) {
- printf("can't find list of remote files, oops\n");
- return (NULL);
- }
-+ rewind(ftemp);
- }
- if (fgets(buf, sizeof (buf), ftemp) == NULL) {
- (void) fclose(ftemp), ftemp = NULL;
- return (NULL);
- }
-- if ((cp = strchr(buf, '\n')) != NULL)
-+ if ((cp = index(buf, '\n')) != NULL)
- *cp = '\0';
- return (buf);
- }
-
-+/*
-+ * Check whether given pattern matches `..'
-+ * We assume only a glob pattern starting with a dot will match
-+ * dot entries on the server.
-+ */
-+static int
-+isdotdotglob(const char *pattern)
-+{
-+ int havedot = 0;
-+ char c;
-+
-+ if (*pattern++ != '.')
-+ return 0;
-+ while ((c = *pattern++) != '\0' && c != '/') {
-+ if (c == '*' || c == '?')
-+ continue;
-+ if (c == '.' && havedot++)
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+/*
-+ * This function makes sure the list of globbed files returned from
-+ * the server doesn't contain anything dangerous such as
-+ * /home/<yourname>/.forward, or ../.forward,
-+ * or |mail [EMAIL PROTECTED] </etc/passwd, etc.
-+ * Covered areas:
-+ * - returned name starts with / but glob pattern doesn't
-+ * - glob pattern starts with / but returned name doesn't
-+ * - returned name starts with |
-+ * - returned name contains .. in a position where glob
-+ * pattern doesn't match ..
-+ * I.e. foo/.* allows foo/../bar but not foo/.bar/../fly
-+ *
-+ * Note that globbed names starting with / should really be stored
-+ * under the current working directory; this is handled in mget above.
-+ * --okir
-+ */
-+static int
-+checkglob(int fd, const char *pattern)
-+{
-+ const char *sp;
-+ char buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
-+ int okay = 1, nrslash, initial, nr;
-+ FILE *fp;
-+
-+ /* Find slashes in glob pattern, and verify whether component
-+ * matches `..'
-+ */
-+ initial = (pattern[0] == '/');
-+ for (sp = pattern, nrslash = 0; sp != 0; sp = strchr(sp, '/')) {
-+ while (*sp == '/')
-+ sp++;
-+ if (nrslash >= MAXPATHLEN) {
-+ printf("Incredible pattern: %s\n", pattern);
-+ return 0;
-+ }
-+ dotdot[nrslash++] = isdotdotglob(sp);
-+ }
-+
-+ fp = fdopen(fd, "r");
-+ while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
-+ char *sp;
-+
-+ if ((sp = strchr(buffer, '\n')) != 0) {
-+ *sp = '\0';
-+ } else {
-+ printf("Extremely long filename from server: %s",
-+ buffer);
-+ okay = 0;
-+ break;
-+ }
-+ if (buffer[0] == '|'
-+ || (buffer[0] != '/' && initial)
-+ || (buffer[0] == '/' && !initial))
-+ okay = 0;
-+ for (sp = buffer, nr = 0; sp; sp = strchr(sp, '/'), nr++) {
-+ while (*sp == '/')
-+ sp++;
-+ if (sp[0] == '.' && !strncmp(sp, "../", 3)
-+ && (nr >= nrslash || !dotdot[nr]))
-+ okay = 0;
-+ }
-+ }
-+
-+ if (!okay)
-+ printf("Filename provided by server "
-+ "doesn't match pattern `%s': %s\n", pattern, buffer);
-+
-+ fclose(fp);
-+ return okay;
-+}
-+
- char *
- onoff(bool)
- int bool;
---- krb5-1.2.8/src/util/ss/pager.c.dist 2003-07-28 22:14:13.000000000 +0200
-+++ krb5-1.2.8/src/util/ss/pager.c 2003-07-28 22:14:44.000000000 +0200
-@@ -10,6 +10,7 @@
- #include "ss_internal.h"
+ int oldverbose, oldhash;
+diff -ru3 krb5-1.3.1.orig/src/util/ss/pager.c krb5-1.3.1/src/util/ss/pager.c
+--- krb5-1.3.1.orig/src/util/ss/pager.c 2003-01-06 00:28:05.000000000 +0100
++++ krb5-1.3.1/src/util/ss/pager.c 2003-09-10 19:11:35.000000000 +0200
+@@ -11,6 +11,7 @@
#include "copyright.h"
+ #include <errno.h>
#include <stdio.h>
+#include <errno.h>
#include <sys/types.h>
#include <sys/file.h>
#include <signal.h>
-@@ -17,7 +18,6 @@
- static char MORE[] = "more";
- extern char *_ss_pager_name;
- extern char *getenv();
--extern int errno;
-
- /*
- * this needs a *lot* of work....
---- krb5-1.2.8/src/util/ss/help.c.dist 2003-07-28 22:14:19.000000000 +0200
-+++ krb5-1.2.8/src/util/ss/help.c 2003-07-28 22:14:33.000000000 +0200
-@@ -8,12 +8,11 @@
- #include <sys/types.h>
- #include <sys/file.h>
- #include <fcntl.h> /* just for O_* */
-+#include <errno.h>
- #include <sys/wait.h>
- #include "ss_internal.h"
- #include "copyright.h"
-
--extern int errno;
--
- void ss_help (argc, argv, sci_idx, info_ptr)
- int argc;
- char const * const *argv;
---- krb5-1.2.8/src/util/ss/parse.c.dist 2003-07-28 22:30:57.000000000 +0200
-+++ krb5-1.2.8/src/util/ss/parse.c 2003-07-28 22:31:49.000000000 +0200
-@@ -7,6 +7,8 @@
- #include "ss_internal.h"
- #include "copyright.h"
-
-+#include <errno.h>
-+
-
- enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING };
-
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/kerberos/kerberos.spec
============================================================================
$ cvs diff -u -r1.34 -r1.35 kerberos.spec
--- openpkg-src/kerberos/kerberos.spec 26 Aug 2003 15:49:56 -0000 1.34
+++ openpkg-src/kerberos/kerberos.spec 10 Sep 2003 18:01:55 -0000 1.35
@@ -32,14 +32,14 @@
Distribution: OpenPKG [PLUS]
Group: Cryptography
License: MIT
-Version: 1.2.8
-Release: 20030826
+Version: 1.3.1
+Release: 20030910
# package options
%option with_fsl yes
# list of sources
-Source0:
http://www.mirrors.wiretapped.net/security/cryptography/apps/kerberos/krb5-mit/unix/krb5-%{version}.tar.gz
+Source0:
http://www.crypto-publish.org/dist/mit-kerberos5/krb5-%{version}.tar.gz
Source1: rc.kerberos
Source2: fsl.kerberos
Source3: krb5.conf
@@ -143,7 +143,6 @@
$RPM_BUILD_ROOT%{l_prefix}/libexec/kerberos/
rmdir $RPM_BUILD_ROOT%{l_prefix}/sbin
- rmdir $RPM_BUILD_ROOT%{l_prefix}/include/asn.1
mv \
$RPM_BUILD_ROOT%{l_prefix}/include/*.h \
$RPM_BUILD_ROOT%{l_prefix}/include/gssapi \
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6490 -r1.6491 news.txt
--- openpkg-web/news.txt 10 Sep 2003 17:11:34 -0000 1.6490
+++ openpkg-web/news.txt 10 Sep 2003 18:01:53 -0000 1.6491
@@ -1,3 +1,4 @@
+10-Sep-2003: Upgraded package: P<kerberos-1.3.1-20030910>
10-Sep-2003: Upgraded package: P<postfix-2.0.15-20030910>
10-Sep-2003: Upgraded package: P<spread-3.17.1-20030910>
10-Sep-2003: Upgraded package: P<samhain-1.7.11-20030910>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
