kerberos 1.10.2-1 màj port

5 files changed, 101 insertions, 14 deletions

diff --git a/kerberos/.md5sum.i686 b/kerberos/.md5sum.i686
index 4b4b47f9b..9f5121d1f 100644
--- a/kerberos/.md5sum.i686
+++ b/kerberos/.md5sum.i686
@@ -1 +1,3 @@
-43d6a2f6f4f96fbf8423732065b49f0f  krb5-1.10.1-signed.tar
+5a49a07530bbf3bccd3df3f1ca159988  MITKRB5-SA-2012-001.patch
+7e60a15f40ab92acf969216aa1bf5bb7  gcc4.7.patch
+ddacb6ad7399681ad1506f435a2683b6  krb5-1.10.2-signed.tar
diff --git a/kerberos/.md5sum.x86_64 b/kerberos/.md5sum.x86_64
index 4b4b47f9b..9f5121d1f 100644
--- a/kerberos/.md5sum.x86_64
+++ b/kerberos/.md5sum.x86_64
@@ -1 +1,3 @@
-43d6a2f6f4f96fbf8423732065b49f0f  krb5-1.10.1-signed.tar
+5a49a07530bbf3bccd3df3f1ca159988  MITKRB5-SA-2012-001.patch
+7e60a15f40ab92acf969216aa1bf5bb7  gcc4.7.patch
+ddacb6ad7399681ad1506f435a2683b6  krb5-1.10.2-signed.tar
diff --git a/kerberos/MITKRB5-SA-2012-001.patch b/kerberos/MITKRB5-SA-2012-001.patch
new file mode 100644
index 000000000..9a2f4dc77
--- /dev/null
+++ b/kerberos/MITKRB5-SA-2012-001.patch
@@ -0,0 +1,60 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 23623fe..8ada9d0 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+     krb5_enctype useenctype;
+     struct as_req_state *state;
+
+-    state = malloc(sizeof(*state));
++    state = calloc(sizeof(*state), 1);
+     if (!state) {
+         (*respond)(arg, ENOMEM, NULL);
+         return;
+@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+     state->authtime = 0;
+     state->c_flags = 0;
+     state->req_pkt = req_pkt;
++    state->inner_body = NULL;
+     state->rstate = NULL;
+     state->sname = 0;
+     state->cname = 0;
+diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
+index 9d8cb34..d4ece3f 100644
+--- a/src/kdc/kdc_preauth.c
++++ b/src/kdc/kdc_preauth.c
+@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
+                 continue;
+
+             }
+-            if (request_contains_enctype(context, request, db_etype)) {
++            if (krb5_is_permitted_enctype(context, db_etype) &&
++                request_contains_enctype(context, request, db_etype)) {
+                 retval = _make_etype_info_entry(context, client->princ,
+                                                 client_key, db_etype,
+                                                 &entry[i], etype_info2);
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index a43b291..94dad3a 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
+         return 0;
+     pa.magic = KV5M_PA_DATA;
+     pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
++    memset(&checksum, 0, sizeof(checksum));
+     retval = krb5_c_make_checksum(kdc_context,0, reply_key,
+                                   KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
+     if (retval != 0)
+diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
+index c4bf92e..367c894 100644
+--- a/src/lib/kdb/kdb_default.c
++++ b/src/lib/kdb/kdb_default.c
+@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
+     krb5_boolean        saw_non_permitted = FALSE;
+
+     ret = 0;
++    if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
++        return KRB5_KDB_NO_PERMITTED_KEY;
++
+     if (kvno == -1 && stype == -1 && ktype == -1)
+         kvno = 0;
diff --git a/kerberos/Pkgfile b/kerberos/Pkgfile
index 844ef37bd..f0aa85c29 100644
--- a/kerberos/Pkgfile
+++ b/kerberos/Pkgfile
@@ -4,22 +4,35 @@
 # Maintainer: thierryn1 at hispeed
 
 name=kerberos
-version=1.10.1
+version=1.10.2
 release=1
-source=(http://web.mit.edu/$name/www/dist/krb5/${version%.*}/krb5-$version-signed.tar)
+source=(http://web.mit.edu/$name/www/dist/krb5/${version%.*}/krb5-$version-signed.tar
+	MITKRB5-SA-2012-001.patch
+	gcc4.7.patch)
 
 build()  {
 	tar xf krb5-${version}-signed.tar
 	tar xzf krb5-${version}.tar.gz
 	cd krb5-$version/src
-	./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
-            --prefix=/usr \
-            --sysconfdir=/etc/krb5 \
-            --localstatedir=/var/lib \
-            --with-system-et \
-            --with-system-ss \
-            --enable-dns-for-realm \
-            --mandir=/usr/share/man
+
+	patch -p2 < $SRC/gcc4.7.patch
+	rm lib/krb5/krb/deltat.c
+
+	sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
+	patch -p2 < $SRC/MITKRB5-SA-2012-001.patch
+
+	export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
+	export CPPFLAGS+=" -I/usr/include/et"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/krb5 \
+		--localstatedir=/var/lib \
+		--enable-shared \
+		--enable-dns-for-realm \
+		--disable-rpath \
+		--with-system-et \
+		--with-system-ss \
+		--mandir=/usr/share/man
 
 	make
 	make DESTDIR=$PKG install
@@ -35,5 +48,4 @@ build()  {
 	ln -v -sf ../../lib/libkrb5.so.3.3 $PKG/usr/lib/libkrb5.so
 	ln -v -sf ../../lib/libk5crypto.so.3.1 $PKG/usr/lib/libk5crypto.so
 	ln -v -sf ../../lib/libkrb5support.so.0.1 $PKG/usr/lib/libkrb5support.so
-}	
-
+}
diff --git a/kerberos/gcc4.7.patch b/kerberos/gcc4.7.patch
new file mode 100644
index 000000000..a759d33fd
--- /dev/null
+++ b/kerberos/gcc4.7.patch
@@ -0,0 +1,11 @@
+diff -Naur krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y krb5-1.10.1/src/lib/krb5/krb/x-deltat.y
+--- krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y	2011-09-06 07:34:32.000000000 -0400
++++ krb5-1.10.1/src/lib/krb5/krb/x-deltat.y	2012-03-24 13:15:11.543551318 -0400
+@@ -44,6 +44,7 @@
+ #ifdef __GNUC__
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wuninitialized"
++#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
+ #endif
+
+ #include <ctype.h>