4.6.1-2: Rebuild against krb5-1.16

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
2017-10-06 10:12:05 +02:00 · 2017-10-06 10:12:05 +02:00 · 28ce588c87
commit 28ce588c87
parent c777305290
2 changed files with 82 additions and 2 deletions
--- a/0002-ipa-kdb-support-KDB-DAL-version-7.0.patch
+++ b/0002-ipa-kdb-support-KDB-DAL-version-7.0.patch
@ -0,0 +1,75 @@
+From f940bd8923f04d5646c3915b453c9cfe5e0507c4 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Mon, 9 Oct 2017 11:39:09 -0400
+Subject: [PATCH] ipa-kdb: support KDB DAL version 7.0
+
+krb5-1.16 includes DAL version 7, which changes the signature of
+audit_as_req to include local and remote address parameters.
+
+This patch just enables building against the new DAL version, but
+doesn't use the new information for anything.
+---
+ daemons/ipa-kdb/ipa_kdb.c          | 9 ++++++---
+ daemons/ipa-kdb/ipa_kdb.h          | 4 ++++
+ daemons/ipa-kdb/ipa_kdb_audit_as.c | 4 ++++
+ 3 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
+index c0f1e276ca32ecb318add3a0d36f57acc3d17d51..b11153eccdcc70e86e109a0106ef548f0594835d 100644
+--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
+@@ -709,7 +709,9 @@ kdb_vftabl kdb_function_table = {
+ };
+ #endif
+ 
+-#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
+#if ((KRB5_KDB_DAL_MAJOR_VERSION == 6) || \
+     (KRB5_KDB_DAL_MAJOR_VERSION == 7)) && \
+    defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
+ kdb_vftabl kdb_function_table = {
+     .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+     .min_ver = 1,
+@@ -742,7 +744,8 @@ kdb_vftabl kdb_function_table = {
+ };
+ #endif
+ 
+-#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && (KRB5_KDB_DAL_MAJOR_VERSION != 6)
+#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && \
+    (KRB5_KDB_DAL_MAJOR_VERSION != 6) && \
+    (KRB5_KDB_DAL_MAJOR_VERSION != 7)
+ #error unsupported DAL major version
+ #endif
+-
+diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
+index 72573a61adecfae152796d61b88b6c43b3a975a3..be2f457522bfb172fa887645de3df4c77b5c82ee 100644
+--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
+@@ -326,6 +326,10 @@ krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext,
+ 
+ void ipadb_audit_as_req(krb5_context kcontext,
+                         krb5_kdc_req *request,
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
+                        const krb5_address *local_addr,
+                        const krb5_address *remote_addr,
+#endif
+                         krb5_db_entry *client,
+                         krb5_db_entry *server,
+                         krb5_timestamp authtime,
+diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c
+index 5f59bf33a761905d69d2d3167a206766457796fb..c68a67aa2a0ca9a2dc9e7a2d39c60d8b105fcc06 100644
+--- a/daemons/ipa-kdb/ipa_kdb_audit_as.c
+++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c
+@@ -26,6 +26,10 @@
+ 
+ void ipadb_audit_as_req(krb5_context kcontext,
+                         krb5_kdc_req *request,
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
+                        const krb5_address *local_addr,
+                        const krb5_address *remote_addr,
+#endif
+                         krb5_db_entry *client,
+                         krb5_db_entry *server,
+                         krb5_timestamp authtime,
+-- 
+2.13.3
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -68,7 +68,7 @@

 Name:           freeipa
 Version:        %{VERSION}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Identity, Policy and Audit system

 Group:          System Environment/Base
@ -79,6 +79,8 @@ Source1:        https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.as
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 Patch0001:      0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
+# https://github.com/freeipa/freeipa/pull/1137
+Patch0002:      0002-ipa-kdb-support-KDB-DAL-version-7.0.patch

 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@ -88,7 +90,7 @@ BuildRequires:  openldap-devel
 # will cause the build to fail due to unsatisfied dependencies.
 # DAL version change may cause code crash or memory leaks, it is better to fail early.
 %if 0%{?fedora} > 25
-BuildRequires: krb5-kdb-version = 6.1
+BuildRequires: krb5-kdb-version = 7.0
 %endif
 BuildRequires:  krb5-devel >= %{krb5_version}
 # 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation
@ -1711,6 +1713,9 @@ fi
 %endif # with_ipatests

 %changelog
+* Fri Oct 06 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-2
+- Rebuild against krb5-1.16
+
 * Fri Sep 22 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-1
 - Fixes #1491053  Firefox reports insecure TLS configuration when visiting
  FreeIPA web UI after standard server deployment