rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity

4.6.1-2: Rebuild against krb5-1.16

Browse Source 
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
Tomas Krizek 2017-10-06 10:12:05 +02:00
parent c777305290
commit 28ce588c87
No known key found for this signature in database
GPG Key ID: 22A2A94B5E49415A
2 changed files with 82 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
0002-ipa-kdb-support-KDB-DAL-version-7.0.patch Normal file
View File

@ -0,0 +1,75 @@
From f940bd8923f04d5646c3915b453c9cfe5e0507c4 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 9 Oct 2017 11:39:09 -0400
Subject: [PATCH] ipa-kdb: support KDB DAL version 7.0
krb5-1.16 includes DAL version 7, which changes the signature of
audit_as_req to include local and remote address parameters.
This patch just enables building against the new DAL version, but
doesn't use the new information for anything.
---
daemons/ipa-kdb/ipa_kdb.c | 9 ++++++---
daemons/ipa-kdb/ipa_kdb.h | 4 ++++
daemons/ipa-kdb/ipa_kdb_audit_as.c | 4 ++++
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index c0f1e276ca32ecb318add3a0d36f57acc3d17d51..b11153eccdcc70e86e109a0106ef548f0594835d 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -709,7 +709,9 @@ kdb_vftabl kdb_function_table = {
};
#endif
-#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
+#if ((KRB5_KDB_DAL_MAJOR_VERSION == 6) || \
+ (KRB5_KDB_DAL_MAJOR_VERSION == 7)) && \
+ defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
kdb_vftabl kdb_function_table = {
.maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
.min_ver = 1,
@@ -742,7 +744,8 @@ kdb_vftabl kdb_function_table = {
};
#endif
-#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && (KRB5_KDB_DAL_MAJOR_VERSION != 6)
+#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && \
+ (KRB5_KDB_DAL_MAJOR_VERSION != 6) && \
+ (KRB5_KDB_DAL_MAJOR_VERSION != 7)
#error unsupported DAL major version
#endif
-
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 72573a61adecfae152796d61b88b6c43b3a975a3..be2f457522bfb172fa887645de3df4c77b5c82ee 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -326,6 +326,10 @@ krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext,
void ipadb_audit_as_req(krb5_context kcontext,
krb5_kdc_req *request,
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
+ const krb5_address *local_addr,
+ const krb5_address *remote_addr,
+#endif
krb5_db_entry *client,
krb5_db_entry *server,
krb5_timestamp authtime,
diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c
index 5f59bf33a761905d69d2d3167a206766457796fb..c68a67aa2a0ca9a2dc9e7a2d39c60d8b105fcc06 100644
--- a/daemons/ipa-kdb/ipa_kdb_audit_as.c
+++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c
@@ -26,6 +26,10 @@
void ipadb_audit_as_req(krb5_context kcontext,
krb5_kdc_req *request,
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
+ const krb5_address *local_addr,
+ const krb5_address *remote_addr,
+#endif
krb5_db_entry *client,
krb5_db_entry *server,
krb5_timestamp authtime,
--
2.13.3

9
freeipa.spec
View File

@ -68,7 +68,7 @@
Name: freeipa Name: freeipa
Version: %{VERSION} Version: %{VERSION}
Release: 1%{?dist} Release: 2%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
Group: System Environment/Base Group: System Environment/Base
@ -79,6 +79,8 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.as
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
# https://github.com/freeipa/freeipa/pull/1137
Patch0002: 0002-ipa-kdb-support-KDB-DAL-version-7.0.patch
# For the timestamp trick in patch application # For the timestamp trick in patch application
BuildRequires: diffstat BuildRequires: diffstat
@ -88,7 +90,7 @@ BuildRequires: openldap-devel
# will cause the build to fail due to unsatisfied dependencies. # will cause the build to fail due to unsatisfied dependencies.
# DAL version change may cause code crash or memory leaks, it is better to fail early. # DAL version change may cause code crash or memory leaks, it is better to fail early.
%if 0%{?fedora} > 25 %if 0%{?fedora} > 25
BuildRequires: krb5-kdb-version = 6.1 BuildRequires: krb5-kdb-version = 7.0
%endif %endif
BuildRequires: krb5-devel >= %{krb5_version} BuildRequires: krb5-devel >= %{krb5_version}
# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation # 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation
@ -1711,6 +1713,9 @@ fi
%endif # with_ipatests %endif # with_ipatests
%changelog %changelog
* Fri Oct 06 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-2
- Rebuild against krb5-1.16
* Fri Sep 22 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-1 * Fri Sep 22 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-1
- Fixes #1491053 Firefox reports insecure TLS configuration when visiting - Fixes #1491053 Firefox reports insecure TLS configuration when visiting
FreeIPA web UI after standard server deployment FreeIPA web UI after standard server deployment