Chakra_Linux/lib32
1
0
Fork 0
mirror of https://gitdl.cn/https://github.com/chakralinux/lib32.git synced 2025-01-23 17:33:34 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

added lib32-krb5

Browse Source
This commit is contained in:
Giuseppe 2012-02-12 12:35:16 +00:00
parent 507830eceb
commit 2d9dd2d689
2 changed files with 109 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
lib32-krb5/PKGBUILD Normal file
View File

@ -0,0 +1,69 @@
# Lib32 Packages for Chakra, part of chakra-project.org
#
# maintainer (x86_64): Giuseppe Calà <jiveaxe@gmail.com>
# maintainer (x86_64): Anke Boersma <abveritas[at]chakra-project[dot]org>
_pkgbasename=krb5
pkgname=lib32-$_pkgbasename
pkgver=1.9.1
pkgrel=1
pkgdesc="The Kerberos network authentication system (32-bit)"
arch=('x86_64')
url="http://web.mit.edu/kerberos/"
license=('custom')
depends=('lib32-e2fsprogs' 'lib32-libldap' lib32-keyutils $_pkgbasename)
makedepends=('perl' gcc-multilib)
provides=('lib32-heimdal')
replaces=('lib32-heimdal')
conflicts=('lib32-heimdal')
source=(http://web.mit.edu/kerberos/dist/${_pkgbasename}/1.9/${_pkgbasename}-${pkgver}-signed.tar
krb5-1.9.1-2011-007.patch)
sha1sums=('e23a1795a237521493da9cf3443ac8b98a90c066'
'31a130542e92b70c807b2dbe6f9b182dc14f5e9f')
options=('!emptydirs')
build() {
tar zxvf ${_pkgbasename}-${pkgver}.tar.gz
cd "${srcdir}/${_pkgbasename}-${pkgver}/src"
# Apply upstream patch to fix a null pointer dereference when processing TGS requests
# CVE-2011-1530
# see http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt
patch -Np2 -i ${srcdir}/krb5-1.9.1-2011-007.patch
export CC="gcc -m32"
export CXX="g++ -m32"
export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
export CPPFLAGS+=" -I/usr/include/et"
./configure --prefix=/usr \
--sysconfdir=/etc/krb5 \
--mandir=/usr/share/man \
--localstatedir=/var/lia \
--libdir=/usr/lib32 \
--enable-shared \
--with-system-et \
--with-system-ss \
--disable-rpath \
--without-tcl \
--enable-dns-for-realm \
--with-ldap
make
}
check() {
# We can't do this in the build directory.
cd "${srcdir}/${_pkgbasename}-${pkgver}"
make -C src check
}
package() {
cd "${srcdir}/${_pkgbasename}-${pkgver}/src"
make DESTDIR="${pkgdir}" install
rm -rf "${pkgdir}"/usr/{include,share,bin,sbin}
mkdir -p "$pkgdir/usr/share/licenses"
ln -s $_pkgbasename "$pkgdir/usr/share/licenses/$pkgname"
}

40
lib32-krb5/krb5-1.9.1-2011-007.patch Normal file
View File

@ -0,0 +1,40 @@
diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in
index f46cad3..102fbaa 100644
--- a/src/kdc/Makefile.in
+++ b/src/kdc/Makefile.in
@@ -67,6 +67,7 @@ check-unix:: rtest
check-pytests::
$(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS)
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index c169c54..840a2ef 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -243,7 +243,8 @@ tgt_again:
if (!tgs_1 || !data_eq(*server_1, *tgs_1)) {
errcode = find_alternate_tgs(request, &server);
firstpass = 0;
- goto tgt_again;
+ if (errcode == 0)
+ goto tgt_again;
}
}
status = "UNKNOWN_SERVER";
diff --git a/src/kdc/t_emptytgt.py b/src/kdc/t_emptytgt.py
new file mode 100644
index 0000000..1760bcd
--- /dev/null
+++ b/src/kdc/t_emptytgt.py
@@ -0,0 +1,8 @@
+#!/usr/bin/python
+from k5test import *
+
+realm = K5Realm(start_kadmind=False, create_host=False)
+output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1)
+if 'not found in Kerberos database' not in output:
+ fail('TGT lookup for empty realm failed in unexpected way')
+success('Empty tgt lookup.')