[pkgsrc/trunk]: pkgsrc/security/sudo On some hosts, this package's configure ...

[tls <tls%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a3909543e8f7
branches:  trunk
changeset: 530582:a3909543e8f7
user:      tls <tls%pkgsrc.org@localhost>
date:      Mon Jul 02 06:04:01 2007 +0000

description:
On some hosts, this package's configure script fails to detech Heimdal
(in fact, it's not clear that there is a good way to do so).  The resulting
configuration works fine *except* if it encounters a host that has 3DES
but no DES service keys in its keytab.

Fix this by explicitly passing 0 ("default enctype") to Kerberos.

diffstat:

 security/sudo/Makefile         |   4 ++--
 security/sudo/distinfo         |   4 ++--
 security/sudo/patches/patch-ai |  12 +++++++++---
 3 files changed, 13 insertions(+), 7 deletions(-)

diffs (58 lines):

diff -r 6a1be2f5df08 -r a3909543e8f7 security/sudo/Makefile
--- a/security/sudo/Makefile    Mon Jul 02 02:08:20 2007 +0000
+++ b/security/sudo/Makefile    Mon Jul 02 06:04:01 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.90 2007/06/25 09:53:42 tls Exp $
+# $NetBSD: Makefile,v 1.91 2007/07/02 06:04:01 tls Exp $
 #
 
 DISTNAME=              sudo-1.6.8p12
 PKGNAME=               sudo-1.6.8pl12
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            security
 MASTER_SITES=          http://www.courtesan.com/sudo/dist/ \
                        ftp://ftp.courtesan.com/pub/sudo/ \
diff -r 6a1be2f5df08 -r a3909543e8f7 security/sudo/distinfo
--- a/security/sudo/distinfo    Mon Jul 02 02:08:20 2007 +0000
+++ b/security/sudo/distinfo    Mon Jul 02 06:04:01 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36 2007/06/26 15:05:50 jlam Exp $
+$NetBSD: distinfo,v 1.37 2007/07/02 06:04:02 tls Exp $
 
 SHA1 (sudo-1.6.8p12.tar.gz) = a79631e9e1c0d0d3f2aa88ae685628e5fde61982
 RMD160 (sudo-1.6.8p12.tar.gz) = d7ff9f18ca0973615258c2e975300b94567451d5
@@ -7,4 +7,4 @@
 SHA1 (patch-af) = 245761812dc600b3d2752fa135ba367bb0223370
 SHA1 (patch-ag) = 87c3263674ec98ccc9cc33f2108a2456eddaecc5
 SHA1 (patch-ah) = 142a8884aebdc1cffc256c3ca0ee9addc34f8054
-SHA1 (patch-ai) = 2523a87dc8af7d09573569c7b3e7068d8d927097
+SHA1 (patch-ai) = 13ae982ea999a24b8ddc9d643cd788db84e2cfbd
diff -r 6a1be2f5df08 -r a3909543e8f7 security/sudo/patches/patch-ai
--- a/security/sudo/patches/patch-ai    Mon Jul 02 02:08:20 2007 +0000
+++ b/security/sudo/patches/patch-ai    Mon Jul 02 06:04:01 2007 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ai,v 1.1 2007/06/25 23:53:28 tls Exp $
+$NetBSD: patch-ai,v 1.2 2007/07/02 06:04:03 tls Exp $
 
 --- auth/kerb5.c.orig  2005-03-29 23:38:36.000000000 -0500
-+++ auth/kerb5.c       2007-06-25 04:51:20.000000000 -0400
++++ auth/kerb5.c       2007-07-02 01:44:01.000000000 -0400
 @@ -57,7 +57,7 @@
  #ifdef HAVE_HEIMDAL
  # define extract_name(c, p)           krb5_principal_get_comp_string(c, p, 1)
@@ -11,7 +11,13 @@
  #else
  # define extract_name(c, p)           (krb5_princ_component(c, p, 1)->data)
  #endif
-@@ -274,7 +274,6 @@
+@@ -269,12 +269,11 @@
+      * and enctype is currently ignored anyhow.)
+      */
+     if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
+-                                       ENCTYPE_DES_CBC_MD5, &keyblock))) {
++                                       0, &keyblock))) {
+       /* Keytab or service key does not exist. */
        log_error(NO_EXIT,
                  "%s: host service key not found: %s", auth_name,
                  error_message(error));