pool/krb5
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 174393 from network

Browse Source 
- let krb5-mini conflict with all main packages

- add conflicts between krb5-mini and krb5-server

- update to version 1.11.2
  * Incremental propagation could erroneously act as if a slave's
    database were current after the slave received a full dump
    that failed to load.
  * gss_import_sec_context incorrectly set internal state that
    identifies whether an imported context is from an interposer
    mechanism or from the underlying mechanism. 
- upstream fix obsolete krb5-lookup_etypes-leak.patch

- let krb5-mini conflict with all main packages

- add conflicts between krb5-mini and krb5-server

- update to version 1.11.2
  * Incremental propagation could erroneously act as if a slave's
    database were current after the slave received a full dump
    that failed to load.
  * gss_import_sec_context incorrectly set internal state that
    identifies whether an imported context is from an interposer
    mechanism or from the underlying mechanism. 
- upstream fix obsolete krb5-lookup_etypes-leak.patch

OBS-URL: https://build.opensuse.org/request/show/174393
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=91
This commit is contained in:
Stephan Kulow 2013-05-03 11:37:02 +00:00 committed by Git OBS Bridge
commit 0e86d6c70f
7 changed files with 59 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
krb5-1.11.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7994928de3fbaeaef4862798ad1608c8bd886b91cc15de7b49d6c3c3cadc1d0d
size 9433869

3
krb5-1.11.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:562e6cbbdfa6025082dbb847e7cc992d51e189e34a26fb8b528a9ce42ccbe50f
size 9438890

42
krb5-lookup_etypes-leak.patch
View File

@ -1,42 +0,0 @@
Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
we don't free entries when we're finished examining them. Ensure that when
krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
exit the current loop iteration. (RT#7586)
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
goto cleanup;
if (!krb5_c_valid_enctype(entry.key.enctype))
- continue;
+ goto next_entry;
if (!krb5_principal_compare(context, entry.principal, client))
- continue;
+ goto next_entry;
/* Make sure our list is for the highest kvno found for client. */
if (entry.vno > max_kvno) {
free(etypes);
@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
count = 0;
max_kvno = entry.vno;
} else if (entry.vno != max_kvno)
- continue;
+ goto next_entry;
/* Leave room for the terminator and possibly a second entry. */
p = realloc(etypes, (count + 3) * sizeof(*etypes));
if (p == NULL) {
+ krb5_free_keytab_entry_contents(context, &entry);
ret = ENOMEM;
goto cleanup;
}
@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
entry.key.enctype == ENCTYPE_DES_CBC_MD4)
etypes[count++] = ENCTYPE_DES_CBC_CRC;
etypes[count] = 0;
+next_entry:
+ krb5_free_keytab_entry_contents(context, &entry);
}
ret = 0;

22
krb5-mini.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Fri May 3 09:43:47 CEST 2013 - mc@suse.de
- let krb5-mini conflict with all main packages
-------------------------------------------------------------------
Thu May 2 16:43:16 CEST 2013 - mc@suse.de
- add conflicts between krb5-mini and krb5-server
-------------------------------------------------------------------
Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de
- update to version 1.11.2
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump
that failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
- upstream fix obsolete krb5-lookup_etypes-leak.patch
-------------------------------------------------------------------
Thu Apr 4 15:10:19 CEST 2013 - mc@suse.de

10
krb5-mini.spec
View File

@ -17,7 +17,7 @@
%define build_mini 1
%define srcRoot krb5-1.11.1
%define srcRoot krb5-1.11.2
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -31,7 +31,7 @@ BuildRequires: keyutils-devel
BuildRequires: libcom_err-devel
BuildRequires: libselinux-devel
BuildRequires: ncurses-devel
Version: 1.11.1
Version: 1.11.2
Release: 0
Summary: MIT Kerberos5 Implementation--Libraries
License: MIT
@ -55,6 +55,9 @@ Conflicts: krb5-mini
%else # -mini
Conflicts: krb5
Conflicts: krb5-client
Conflicts: krb5-server
Conflicts: krb5-plugin-kdb-ldap
Conflicts: krb5-plugin-preauth-pkinit
%endif
Source: krb5-%{version}.tar.bz2
Source1: vendor-files.tar.bz2
@ -74,7 +77,6 @@ Patch11: krb5-1.9-ksu-path.patch
Patch12: krb5-1.11-selinux-label.patch
Patch13: krb5-1.9-debuginfo.patch
Patch14: krb5-kvno-230379.patch
Patch15: krb5-lookup_etypes-leak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -185,7 +187,6 @@ Include Files for Development
%patch12 -p1
%patch13 -p0
%patch14 -p1
%patch15 -p1
%build
# needs to be re-generated
@ -385,6 +386,7 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
/usr/lib/mit/sbin/krb5-send-pr
/usr/lib/mit/share/gnats
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%{_datadir}/aclocal/ac_check_krb5.m4
%if %{build_mini}

22
krb5.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Fri May 3 09:43:47 CEST 2013 - mc@suse.de
- let krb5-mini conflict with all main packages
-------------------------------------------------------------------
Thu May 2 16:43:16 CEST 2013 - mc@suse.de
- add conflicts between krb5-mini and krb5-server
-------------------------------------------------------------------
Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de
- update to version 1.11.2
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump
that failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
- upstream fix obsolete krb5-lookup_etypes-leak.patch
-------------------------------------------------------------------
Thu Apr 4 15:10:19 CEST 2013 - mc@suse.de

10
krb5.spec
View File

@ -17,7 +17,7 @@
%define build_mini 0
%define srcRoot krb5-1.11.1
%define srcRoot krb5-1.11.2
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -31,7 +31,7 @@ BuildRequires: keyutils-devel
BuildRequires: libcom_err-devel
BuildRequires: libselinux-devel
BuildRequires: ncurses-devel
Version: 1.11.1
Version: 1.11.2
Release: 0
Summary: MIT Kerberos5 Implementation--Libraries
License: MIT
@ -55,6 +55,9 @@ Conflicts: krb5-mini
%else # -mini
Conflicts: krb5
Conflicts: krb5-client
Conflicts: krb5-server
Conflicts: krb5-plugin-kdb-ldap
Conflicts: krb5-plugin-preauth-pkinit
%endif
Source: krb5-%{version}.tar.bz2
Source1: vendor-files.tar.bz2
@ -74,7 +77,6 @@ Patch11: krb5-1.9-ksu-path.patch
Patch12: krb5-1.11-selinux-label.patch
Patch13: krb5-1.9-debuginfo.patch
Patch14: krb5-kvno-230379.patch
Patch15: krb5-lookup_etypes-leak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -185,7 +187,6 @@ Include Files for Development
%patch12 -p1
%patch13 -p0
%patch14 -p1
%patch15 -p1
%build
# needs to be re-generated
@ -385,6 +386,7 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
/usr/lib/mit/sbin/krb5-send-pr
/usr/lib/mit/share/gnats
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%{_datadir}/aclocal/ac_check_krb5.m4
%if %{build_mini}