From bdcf5556d19f80a1d51c266f5c9fe877f90665aa Mon Sep 17 00:00:00 2001 From: tls Date: Mon, 2 Jul 2007 06:04:01 +0000 Subject: On some hosts, this package's configure script fails to detech Heimdal (in fact, it's not clear that there is a good way to do so). The resulting configuration works fine *except* if it encounters a host that has 3DES but no DES service keys in its keytab. Fix this by explicitly passing 0 ("default enctype") to Kerberos. --- security/sudo/Makefile | 4 ++-- security/sudo/distinfo | 4 ++-- security/sudo/patches/patch-ai | 12 +++++++++--- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'security/sudo') diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 36362f6e87e..3eb4fa04abe 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.90 2007/06/25 09:53:42 tls Exp $ +# $NetBSD: Makefile,v 1.91 2007/07/02 06:04:01 tls Exp $ # DISTNAME= sudo-1.6.8p12 PKGNAME= sudo-1.6.8pl12 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ diff --git a/security/sudo/distinfo b/security/sudo/distinfo index e036c96bd6a..a452351b3f5 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.36 2007/06/26 15:05:50 jlam Exp $ +$NetBSD: distinfo,v 1.37 2007/07/02 06:04:02 tls Exp $ SHA1 (sudo-1.6.8p12.tar.gz) = a79631e9e1c0d0d3f2aa88ae685628e5fde61982 RMD160 (sudo-1.6.8p12.tar.gz) = d7ff9f18ca0973615258c2e975300b94567451d5 @@ -7,4 +7,4 @@ SHA1 (patch-aa) = 02837d457786a4966c3a683918e0d592aaa32d2d SHA1 (patch-af) = 245761812dc600b3d2752fa135ba367bb0223370 SHA1 (patch-ag) = 87c3263674ec98ccc9cc33f2108a2456eddaecc5 SHA1 (patch-ah) = 142a8884aebdc1cffc256c3ca0ee9addc34f8054 -SHA1 (patch-ai) = 2523a87dc8af7d09573569c7b3e7068d8d927097 +SHA1 (patch-ai) = 13ae982ea999a24b8ddc9d643cd788db84e2cfbd diff --git a/security/sudo/patches/patch-ai b/security/sudo/patches/patch-ai index 9d76e6ecda0..c46ba75e8af 100644 --- a/security/sudo/patches/patch-ai +++ b/security/sudo/patches/patch-ai @@ -1,7 +1,7 @@ -$NetBSD: patch-ai,v 1.1 2007/06/25 23:53:28 tls Exp $ +$NetBSD: patch-ai,v 1.2 2007/07/02 06:04:03 tls Exp $ --- auth/kerb5.c.orig 2005-03-29 23:38:36.000000000 -0500 -+++ auth/kerb5.c 2007-06-25 04:51:20.000000000 -0400 ++++ auth/kerb5.c 2007-07-02 01:44:01.000000000 -0400 @@ -57,7 +57,7 @@ #ifdef HAVE_HEIMDAL # define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1) @@ -11,7 +11,13 @@ $NetBSD: patch-ai,v 1.1 2007/06/25 23:53:28 tls Exp $ #else # define extract_name(c, p) (krb5_princ_component(c, p, 1)->data) #endif -@@ -274,7 +274,6 @@ +@@ -269,12 +269,11 @@ + * and enctype is currently ignored anyhow.) + */ + if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0, +- ENCTYPE_DES_CBC_MD5, &keyblock))) { ++ 0, &keyblock))) { + /* Keytab or service key does not exist. */ log_error(NO_EXIT, "%s: host service key not found: %s", auth_name, error_message(error)); -- cgit v1.2.3