Index: trunk/server/common/patches/ghostscript-CVE-2010-1628.patch =================================================================== --- trunk/server/common/patches/ghostscript-CVE-2010-1628.patch (revision 1602) +++ (revision ) @@ -1,127 +1,0 @@ -Index: gs/psi/idosave.h -=================================================================== ---- gs/psi/idosave.h (revision 11306) -+++ gs/psi/idosave.h (working copy) -@@ -18,6 +18,22 @@ - # define idosave_INCLUDED - - /* -+ * Structure for saved change chain for save/restore. Because of the -+ * garbage collector, we need to distinguish the cases where the change -+ * is in a static object, a dynamic ref, or a dynamic struct. -+ */ -+typedef struct alloc_change_s alloc_change_t; -+struct alloc_change_s { -+ alloc_change_t *next; -+ ref_packed *where; -+ ref contents; -+#define AC_OFFSET_STATIC (-2) /* static object */ -+#define AC_OFFSET_REF (-1) /* dynamic ref */ -+#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */ -+ short offset; /* if >= 0, offset within struct */ -+}; -+ -+/* - * Save a change that must be undone by restore. We have to pass the - * pointer to the containing object to alloc_save_change for two reasons: - * -@@ -29,6 +45,7 @@ - * relocate the pointer to it from the change record during garbage - * collection. - */ -+ - int alloc_save_change(gs_dual_memory_t *dmem, const ref *pcont, - ref_packed *ptr, client_name_t cname); - int alloc_save_change_in(gs_ref_memory_t *mem, const ref *pcont, -@@ -36,6 +53,6 @@ - /* Remove an AC_OFFSET_ALLOCATED element. */ - void alloc_save_remove(gs_ref_memory_t *mem, ref_packed *obj, client_name_t cname); - /* Allocate a structure for recording an allocation event. */ --int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr); -+int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp); - - #endif /* idosave_INCLUDED */ -Index: gs/psi/isave.c -=================================================================== ---- gs/psi/isave.c (revision 11306) -+++ gs/psi/isave.c (working copy) -@@ -156,22 +156,6 @@ - /* A link to igcref.c . */ - ptr_proc_reloc(igc_reloc_ref_ptr_nocheck, ref_packed); - --/* -- * Structure for saved change chain for save/restore. Because of the -- * garbage collector, we need to distinguish the cases where the change -- * is in a static object, a dynamic ref, or a dynamic struct. -- */ --typedef struct alloc_change_s alloc_change_t; --struct alloc_change_s { -- alloc_change_t *next; -- ref_packed *where; -- ref contents; --#define AC_OFFSET_STATIC (-2) /* static object */ --#define AC_OFFSET_REF (-1) /* dynamic ref */ --#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */ -- short offset; /* if >= 0, offset within struct */ --}; -- - static - CLEAR_MARKS_PROC(change_clear_marks) - { -@@ -519,7 +503,7 @@ - - /* Allocate a structure for recording an allocation event. */ - int --alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr) -+alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp) - { - register alloc_change_t *cp; - -@@ -533,8 +517,7 @@ - cp->where = 0; - cp->offset = AC_OFFSET_ALLOCATED; - make_null(&cp->contents); -- mem->changes = cp; -- *ppr = &cp->where; -+ *pcp = cp; - return 1; - } - -Index: gs/psi/ialloc.c -=================================================================== ---- gs/psi/ialloc.c (revision 11306) -+++ gs/psi/ialloc.c (working copy) -@@ -185,7 +185,14 @@ - */ - chunk_t *pcc = mem->pcc; - ref *end; -+ alloc_change_t *cp = 0; -+ int code = 0; - -+ if ((gs_memory_t *)mem != mem->stable_memory) { -+ code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &cp); -+ if (code < 0) -+ return code; -+ } - obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1, - ref, &st_refs, cname); - if (obj == 0) -@@ -210,14 +217,10 @@ - chunk_locate_ptr(obj, &cl); - cl.cp->has_refs = true; - } -- if ((gs_memory_t *)mem != mem->stable_memory) { -- ref_packed **ppr = 0; -- int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr); -- if (code < 0) -- return code; -- if (ppr) -- *ppr = (ref_packed *)obj; -- } -+ if (cp) { -+ mem->changes = cp; -+ cp->where = (ref_packed *)obj; -+ } - } - make_array(parr, attrs | mem->space, num_refs, obj); - return 0; Index: trunk/server/common/patches/krb5-kuserok-scripts.patch =================================================================== --- trunk/server/common/patches/krb5-kuserok-scripts.patch (revision 1602) +++ trunk/server/common/patches/krb5-kuserok-scripts.patch (revision 1693) @@ -36,5 +36,5 @@ FILE *fp; char kuser[MAX_USERNAME]; -@@ -79,70 +79,35 @@ +@@ -79,71 +79,35 @@ char linebuf[BUFSIZ]; char *newline; @@ -72,4 +72,5 @@ - return(FALSE); - } +- set_cloexec_file(fp); - /* - * For security reasons, the .k5login file must be owned either by Index: trunk/server/common/patches/openafs-release-glock.patch =================================================================== --- trunk/server/common/patches/openafs-release-glock.patch (revision 1602) +++ (revision ) @@ -1,14 +1,0 @@ -diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c -index 77c4440..1d83549 100644 ---- a/src/afs/LINUX/osi_vnodeops.c -+++ b/src/afs/LINUX/osi_vnodeops.c -@@ -308,7 +308,9 @@ afs_linux_readdir(struct file *fp, void *dirbuf, filldir_t filldir) - /* clean up from afs_FindVCache */ - afs_PutVCache(tvc); - } -+ AFS_GUNLOCK(); - code = (*filldir) (dirbuf, de->name, len, offset, ino, type); -+ AFS_GLOCK(); - } - #else - code = (*filldir) (dirbuf, de->name, len, offset, ino); Index: trunk/server/common/patches/openafs-scripts.patch =================================================================== --- trunk/server/common/patches/openafs-scripts.patch (revision 1602) +++ trunk/server/common/patches/openafs-scripts.patch (revision 1693) @@ -134,5 +134,5 @@ --- openafs-1.4/src/afs/afs_osi_pag.c +++ openafs-1.4+scripts/src/afs/afs_osi_pag.c -@@ -51,6 +51,8 @@ +@@ -49,6 +49,8 @@ #endif /* Local variables */ @@ -143,5 +143,5 @@ * Pags are implemented as follows: the set of groups whose long * representation is '41XXXXXX' hex are used to represent the pags. -@@ -458,6 +460,15 @@ +@@ -449,6 +451,15 @@ av->uid = acred->cr_ruid; /* default when no pag is set */ #endif @@ -156,7 +156,7 @@ + } + - av->initd = 0; return 0; } + diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c --- openafs-1.4/src/afs/afs_pioctl.c Index: trunk/server/common/patches/openssh-4.5p1-multihomed.patch =================================================================== --- trunk/server/common/patches/openssh-4.5p1-multihomed.patch (revision 1602) +++ (revision ) @@ -1,61 +1,0 @@ -diff -ur openssh-4.5p1.orig/gss-genr.c openssh-4.5p1/gss-genr.c ---- openssh-4.5p1.orig/gss-genr.c 2006-08-29 21:08:04.000000000 -0400 -+++ openssh-4.5p1/gss-genr.c 2007-09-10 16:19:50.000000000 -0400 -@@ -235,22 +235,11 @@ - ssh_gssapi_acquire_cred(Gssctxt *ctx) - { - OM_uint32 status; -- char lname[MAXHOSTNAMELEN]; - gss_OID_set oidset; - - gss_create_empty_oid_set(&status, &oidset); - gss_add_oid_set_member(&status, ctx->oid, &oidset); - -- if (gethostname(lname, MAXHOSTNAMELEN)) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -- -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -- } -- - if ((ctx->major = gss_acquire_cred(&ctx->minor, - ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) - ssh_gssapi_error(ctx); -diff -ur openssh-4.5p1.orig/gss-serv.c openssh-4.5p1/gss-serv.c ---- openssh-4.5p1.orig/gss-serv.c 2006-09-01 01:38:36.000000000 -0400 -+++ openssh-4.5p1/gss-serv.c 2007-09-10 16:19:50.000000000 -0400 -@@ -102,6 +102,8 @@ - { - OM_uint32 status; - gss_OID mech; -+ gss_name_t acceptor_name = GSS_C_NO_NAME; -+ gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER; - - ctx->major = gss_accept_sec_context(&ctx->minor, - &ctx->context, ctx->creds, recv_tok, -@@ -116,6 +118,22 @@ - else - debug("Got no client credentials"); - -+ ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL); -+ -+ if (GSS_ERROR(ctx->major)) { -+ ssh_gssapi_error(ctx); -+ } else { -+ ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL); -+ -+ if (GSS_ERROR(ctx->major)) { -+ ssh_gssapi_error(ctx); -+ } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) { -+ debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value); -+ ctx->major = GSS_S_BAD_NAME; -+ } -+ } -+ gss_release_buffer(&status, &acceptor_name_buffer); -+ gss_release_name(&status, &acceptor_name); - status = ctx->major; - - /* Now, if we're complete and we have the right flags, then Index: trunk/server/common/patches/openssh-5.0p1-multihomed.patch =================================================================== --- trunk/server/common/patches/openssh-5.0p1-multihomed.patch (revision 1602) +++ (revision ) @@ -1,62 +1,0 @@ -# OpenSSH multihomed patch -# -# Anders Kaseorg -# ported from 4.5 to 5.0 by Joe Presbrey -diff -ur openssh-5.0p1.orig/gss-serv.c openssh-5.0p1/gss-serv.c ---- openssh-5.0p1.orig/gss-serv.c 2008-05-20 00:00:00.000000000 -0400 -+++ openssh-5.0p1/gss-serv.c 2008-05-20 00:00:00.000000000 -0400 -@@ -77,22 +77,11 @@ - ssh_gssapi_acquire_cred(Gssctxt *ctx) - { - OM_uint32 status; -- char lname[MAXHOSTNAMELEN]; - gss_OID_set oidset; - - gss_create_empty_oid_set(&status, &oidset); - gss_add_oid_set_member(&status, ctx->oid, &oidset); - -- if (gethostname(lname, MAXHOSTNAMELEN)) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -- -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -- } -- - if ((ctx->major = gss_acquire_cred(&ctx->minor, - ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) - ssh_gssapi_error(ctx); -@@ -102,6 +102,8 @@ - { - OM_uint32 status; - gss_OID mech; -+ gss_name_t acceptor_name = GSS_C_NO_NAME; -+ gss_buffer_desc acceptor_name_buffer = GSS_C_EMPTY_BUFFER; - - ctx->major = gss_accept_sec_context(&ctx->minor, - &ctx->context, ctx->creds, recv_tok, -@@ -116,6 +118,22 @@ - else - debug("Got no client credentials"); - -+ ctx->major = gss_inquire_context(&ctx->minor, ctx->context, NULL, &acceptor_name, NULL, NULL, NULL, NULL, NULL); -+ -+ if (GSS_ERROR(ctx->major)) { -+ ssh_gssapi_error(ctx); -+ } else { -+ ctx->major = gss_display_name(&ctx->minor, acceptor_name, &acceptor_name_buffer, NULL); -+ -+ if (GSS_ERROR(ctx->major)) { -+ ssh_gssapi_error(ctx); -+ } else if (acceptor_name_buffer.length < 5 || strncmp(acceptor_name_buffer.value, "host@", 5) != 0 && strncmp(acceptor_name_buffer.value, "host/", 5) != 0) { -+ debug("Accepting credential '%s' was not for the host service.", acceptor_name_buffer.value); -+ ctx->major = GSS_S_BAD_NAME; -+ } -+ } -+ gss_release_buffer(&status, &acceptor_name_buffer); -+ gss_release_name(&status, &acceptor_name); - status = ctx->major; - - /* Now, if we're complete and we have the right flags, then