From 621f3cf2e61c8a32b1f23057e3cf24d99347defa Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 20 Jan 2017 22:37:32 +0000 Subject: [PATCH] Add free hook to KDB; increments KDB version Add KDB version flag. All patches are touched because git made the hash lengths in patches longer. --- Add-free_principal_e_data-KDB-method.patch | 80 ++++++++++++ ...-Werror-implicit-int-where-supported.patch | 2 +- Explicitly-copy-KDB-vtable-fields.patch | 121 ++++++++++++++++++ krb5-1.11-kpasswdtest.patch | 2 +- krb5-1.11-run_user_0.patch | 2 +- krb5-1.12-api.patch | 2 +- krb5-1.12-ksu-path.patch | 2 +- krb5-1.12-ktany.patch | 6 +- krb5-1.12.1-pam.patch | 12 +- krb5-1.13-dirsrv-accountlock.patch | 6 +- krb5-1.15-beta1-buildconf.patch | 6 +- krb5-1.15-beta1-selinux-label.patch | 50 ++++---- krb5-1.3.1-dns.patch | 2 +- krb5-1.9-debuginfo.patch | 4 +- krb5.spec | 12 +- 15 files changed, 260 insertions(+), 49 deletions(-) create mode 100644 Add-free_principal_e_data-KDB-method.patch create mode 100644 Explicitly-copy-KDB-vtable-fields.patch diff --git a/Add-free_principal_e_data-KDB-method.patch b/Add-free_principal_e_data-KDB-method.patch new file mode 100644 index 0000000..d8a5eca --- /dev/null +++ b/Add-free_principal_e_data-KDB-method.patch @@ -0,0 +1,80 @@ +From f784c4726c4223108170fe7398601b8cc8c775c9 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 18 Jan 2017 11:52:48 +0100 +Subject: [PATCH] Add free_principal_e_data KDB method + +Add an optional method to kdb_vftabl to free e_data pointer in a +principal entry, in case it was populated by a module using a more +complex structure than a single memory region. + +[ghudson@mit.edu: handled minor version bump; simplified code; rewrote +commit message] + +ticket: 8538 +target_version: 1.15-next +tags: pullup + +(cherry picked from commit 87d8d1c6da227ff9410413de39ee64e4566429e5) +--- + src/include/kdb.h | 11 +++++++++++ + src/lib/kdb/kdb5.c | 14 +++++++++++++- + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/src/include/kdb.h b/src/include/kdb.h +index e9d1a84ba..da04724fc 100644 +--- a/src/include/kdb.h ++++ b/src/include/kdb.h +@@ -1382,6 +1382,17 @@ typedef struct _kdb_vftabl { + krb5_const_principal client, + const krb5_db_entry *server, + krb5_const_principal proxy); ++ ++ /* End of minor version 0. */ ++ ++ /* ++ * Optional: Free the e_data pointer of a database entry. If this method ++ * is not implemented, the e_data pointer in principal entries will be ++ * freed with free() as seen by libkdb5. ++ */ ++ void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data); ++ ++ /* End of minor version 1 for major version 6. */ + } kdb_vftabl; + + #endif /* !defined(_WIN32) */ +diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c +index ee4127231..4adf0fcbb 100644 +--- a/src/lib/kdb/kdb5.c ++++ b/src/lib/kdb/kdb5.c +@@ -323,6 +323,12 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out) + out->refresh_config = in->refresh_config; + out->check_allowed_to_delegate = in->check_allowed_to_delegate; + ++ /* Copy fields for minor version 1 (major version 6). */ ++ assert(KRB5_KDB_DAL_MAJOR_VERSION == 6); ++ out->free_principal_e_data = NULL; ++ if (in->min_ver >= 1) ++ out->free_principal_e_data = in->free_principal_e_data; ++ + /* Set defaults for optional fields. */ + if (out->fetch_master_key == NULL) + out->fetch_master_key = krb5_db_def_fetch_mkey; +@@ -820,11 +826,17 @@ free_tl_data(krb5_tl_data *list) + void + krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry) + { ++ kdb_vftabl *v; + int i; + + if (entry == NULL) + return; +- free(entry->e_data); ++ if (entry->e_data != NULL) { ++ if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL) ++ v->free_principal_e_data(kcontext, entry->e_data); ++ else ++ free(entry->e_data); ++ } + krb5_free_principal(kcontext, entry->princ); + free_tl_data(entry->tl_data); + for (i = 0; i < entry->n_key_data; i++) diff --git a/Build-with-Werror-implicit-int-where-supported.patch b/Build-with-Werror-implicit-int-where-supported.patch index 4244dce..47caf32 100644 --- a/Build-with-Werror-implicit-int-where-supported.patch +++ b/Build-with-Werror-implicit-int-where-supported.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Build with -Werror-implicit-int where supported 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 2bfb994..da1d6d8 100644 +index 2bfb99496..da1d6d8b4 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -529,7 +529,7 @@ if test "$GCC" = yes ; then diff --git a/Explicitly-copy-KDB-vtable-fields.patch b/Explicitly-copy-KDB-vtable-fields.patch new file mode 100644 index 0000000..4ee86a1 --- /dev/null +++ b/Explicitly-copy-KDB-vtable-fields.patch @@ -0,0 +1,121 @@ +From f6dce77d8f1606c3443f47517ef101a6f1978d69 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Wed, 18 Jan 2017 11:40:49 -0500 +Subject: [PATCH] Explicitly copy KDB vtable fields + +In preparation for bumping the kdb_vftabl minor version, use explicit +field assignments when copying the module vtable to the internal copy, +so that we can conditionalize assignments for minor versions greater +than 0. + +ticket: 8538 +(cherry picked from commit 50605efa5058583667227223a75ca44a512f4796) +--- + src/lib/kdb/kdb5.c | 79 +++++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 58 insertions(+), 21 deletions(-) + +diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c +index a3139a7dc..ee4127231 100644 +--- a/src/lib/kdb/kdb5.c ++++ b/src/lib/kdb/kdb5.c +@@ -283,24 +283,63 @@ clean_n_exit: + } + + static void +-kdb_setup_opt_functions(db_library lib) ++copy_vtable(const kdb_vftabl *in, kdb_vftabl *out) + { +- if (lib->vftabl.fetch_master_key == NULL) +- lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; +- if (lib->vftabl.fetch_master_key_list == NULL) +- lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; +- if (lib->vftabl.store_master_key_list == NULL) +- lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; +- if (lib->vftabl.dbe_search_enctype == NULL) +- lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; +- if (lib->vftabl.change_pwd == NULL) +- lib->vftabl.change_pwd = krb5_dbe_def_cpw; +- if (lib->vftabl.decrypt_key_data == NULL) +- lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data; +- if (lib->vftabl.encrypt_key_data == NULL) +- lib->vftabl.encrypt_key_data = krb5_dbe_def_encrypt_key_data; +- if (lib->vftabl.rename_principal == NULL) +- lib->vftabl.rename_principal = krb5_db_def_rename_principal; ++ /* Copy fields for minor version 0. */ ++ out->maj_ver = in->maj_ver; ++ out->min_ver = in->min_ver; ++ out->init_library = in->init_library; ++ out->fini_library = in->fini_library; ++ out->init_module = in->init_module; ++ out->fini_module = in->fini_module; ++ out->create = in->create; ++ out->destroy = in->destroy; ++ out->get_age = in->get_age; ++ out->lock = in->lock; ++ out->unlock = in->unlock; ++ out->get_principal = in->get_principal; ++ out->put_principal = in->put_principal; ++ out->delete_principal = in->delete_principal; ++ out->rename_principal = in->rename_principal; ++ out->iterate = in->iterate; ++ out->create_policy = in->create_policy; ++ out->get_policy = in->get_policy; ++ out->put_policy = in->put_policy; ++ out->iter_policy = in->iter_policy; ++ out->delete_policy = in->delete_policy; ++ out->fetch_master_key = in->fetch_master_key; ++ out->fetch_master_key_list = in->fetch_master_key_list; ++ out->store_master_key_list = in->store_master_key_list; ++ out->dbe_search_enctype = in->dbe_search_enctype; ++ out->change_pwd = in->change_pwd; ++ out->promote_db = in->promote_db; ++ out->decrypt_key_data = in->decrypt_key_data; ++ out->encrypt_key_data = in->encrypt_key_data; ++ out->sign_authdata = in->sign_authdata; ++ out->check_transited_realms = in->check_transited_realms; ++ out->check_policy_as = in->check_policy_as; ++ out->check_policy_tgs = in->check_policy_tgs; ++ out->audit_as_req = in->audit_as_req; ++ out->refresh_config = in->refresh_config; ++ out->check_allowed_to_delegate = in->check_allowed_to_delegate; ++ ++ /* Set defaults for optional fields. */ ++ if (out->fetch_master_key == NULL) ++ out->fetch_master_key = krb5_db_def_fetch_mkey; ++ if (out->fetch_master_key_list == NULL) ++ out->fetch_master_key_list = krb5_def_fetch_mkey_list; ++ if (out->store_master_key_list == NULL) ++ out->store_master_key_list = krb5_def_store_mkey_list; ++ if (out->dbe_search_enctype == NULL) ++ out->dbe_search_enctype = krb5_dbe_def_search_enctype; ++ if (out->change_pwd == NULL) ++ out->change_pwd = krb5_dbe_def_cpw; ++ if (out->decrypt_key_data == NULL) ++ out->decrypt_key_data = krb5_dbe_def_decrypt_key_data; ++ if (out->encrypt_key_data == NULL) ++ out->encrypt_key_data = krb5_dbe_def_encrypt_key_data; ++ if (out->rename_principal == NULL) ++ out->rename_principal = krb5_db_def_rename_principal; + } + + #ifdef STATIC_PLUGINS +@@ -334,8 +373,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) + return ENOMEM; + + strlcpy(lib->name, lib_name, sizeof(lib->name)); +- memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl)); +- kdb_setup_opt_functions(lib); ++ copy_vtable(vftabl_addr, &lib->vftabl); + + status = lib->vftabl.init_library(); + if (status) +@@ -433,8 +471,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib) + goto clean_n_exit; + } + +- memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl)); +- kdb_setup_opt_functions(*lib); ++ copy_vtable(vftabl_addrs[0], &(*lib)->vftabl); + + if ((status = (*lib)->vftabl.init_library())) + goto clean_n_exit; diff --git a/krb5-1.11-kpasswdtest.patch b/krb5-1.11-kpasswdtest.patch index 8419cdf..68b9464 100644 --- a/krb5-1.11-kpasswdtest.patch +++ b/krb5-1.11-kpasswdtest.patch @@ -8,7 +8,7 @@ Subject: [PATCH] krb5-1.11-kpasswdtest.patch 1 file changed, 1 insertion(+) diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto -index 00c4429..9c4bc1d 100644 +index 00c442978..9c4bc1de7 100644 --- a/src/kadmin/testing/proto/krb5.conf.proto +++ b/src/kadmin/testing/proto/krb5.conf.proto @@ -9,6 +9,7 @@ diff --git a/krb5-1.11-run_user_0.patch b/krb5-1.11-run_user_0.patch index 10af564..3a2d7b6 100644 --- a/krb5-1.11-run_user_0.patch +++ b/krb5-1.11-run_user_0.patch @@ -11,7 +11,7 @@ it, too. 1 file changed, 14 insertions(+) diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c -index 73f0fe6..4850c0d 100644 +index 73f0fe62d..4850c0d07 100644 --- a/src/lib/krb5/ccache/cc_dir.c +++ b/src/lib/krb5/ccache/cc_dir.c @@ -61,6 +61,8 @@ diff --git a/krb5-1.12-api.patch b/krb5-1.12-api.patch index 3bf695e..0bdd534 100644 --- a/krb5-1.12-api.patch +++ b/krb5-1.12-api.patch @@ -11,7 +11,7 @@ crashing if applications don't check ahead of time. 1 file changed, 7 insertions(+) diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c -index a693610..0ed7883 100644 +index a6936107d..0ed78833b 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context, diff --git a/krb5-1.12-ksu-path.patch b/krb5-1.12-ksu-path.patch index a2ef186..d093b24 100644 --- a/krb5-1.12-ksu-path.patch +++ b/krb5-1.12-ksu-path.patch @@ -9,7 +9,7 @@ Set the default PATH to the one set by login. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in -index 5755bb5..9d58f29 100644 +index 5755bb58a..9d58f29b5 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -1,6 +1,6 @@ diff --git a/krb5-1.12-ktany.patch b/krb5-1.12-ktany.patch index 6bd6bd8..e4a22f0 100644 --- a/krb5-1.12-ktany.patch +++ b/krb5-1.12-ktany.patch @@ -14,7 +14,7 @@ the contents of the first keytab. create mode 100644 src/lib/krb5/keytab/kt_any.c diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in -index 2a8fceb..ffd179f 100644 +index 2a8fceb00..ffd179fb2 100644 --- a/src/lib/krb5/keytab/Makefile.in +++ b/src/lib/krb5/keytab/Makefile.in @@ -12,6 +12,7 @@ STLIBOBJS= \ @@ -43,7 +43,7 @@ index 2a8fceb..ffd179f 100644 $(srcdir)/kt_srvtab.c \ diff --git a/src/lib/krb5/keytab/kt_any.c b/src/lib/krb5/keytab/kt_any.c new file mode 100644 -index 0000000..1b9b776 +index 000000000..1b9b7765b --- /dev/null +++ b/src/lib/krb5/keytab/kt_any.c @@ -0,0 +1,292 @@ @@ -340,7 +340,7 @@ index 0000000..1b9b776 + free(data); +} diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c -index 0d39b29..6534d7c 100644 +index 0d39b2940..6534d7c52 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -57,14 +57,19 @@ extern const krb5_kt_ops krb5_ktf_ops; diff --git a/krb5-1.12.1-pam.patch b/krb5-1.12.1-pam.patch index 17d29b0..113d98e 100644 --- a/krb5-1.12.1-pam.patch +++ b/krb5-1.12.1-pam.patch @@ -28,7 +28,7 @@ changes we're proposing for how it handles cache collections. create mode 100644 src/clients/ksu/pam.h diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 9c46da4..508e5fe 100644 +index 9c46da4b5..508e5fe90 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -1675,3 +1675,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[ @@ -103,7 +103,7 @@ index 9c46da4..508e5fe 100644 +AC_SUBST(NON_PAM_MAN) +])dnl diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in -index b2fcbf2..5755bb5 100644 +index b2fcbf240..5755bb58a 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S).. @@ -141,7 +141,7 @@ index b2fcbf2..5755bb5 100644 clean: $(RM) ksu diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c -index 28342c2..cab0c18 100644 +index 28342c2d7..cab0c1806 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -26,6 +26,7 @@ @@ -299,7 +299,7 @@ index 28342c2..cab0c18 100644 } diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c new file mode 100644 -index 0000000..cbfe487 +index 000000000..cbfe48704 --- /dev/null +++ b/src/clients/ksu/pam.c @@ -0,0 +1,389 @@ @@ -694,7 +694,7 @@ index 0000000..cbfe487 +#endif diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h new file mode 100644 -index 0000000..0ab7656 +index 000000000..0ab76569c --- /dev/null +++ b/src/clients/ksu/pam.h @@ -0,0 +1,57 @@ @@ -756,7 +756,7 @@ index 0000000..0ab7656 +void appl_pam_cleanup(void); +#endif diff --git a/src/configure.in b/src/configure.in -index 037c9f3..daabd12 100644 +index 037c9f316..daabd12c8 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1336,6 +1336,8 @@ AC_SUBST([VERTO_VERSION]) diff --git a/krb5-1.13-dirsrv-accountlock.patch b/krb5-1.13-dirsrv-accountlock.patch index 168b9ba..84f914a 100644 --- a/krb5-1.13-dirsrv-accountlock.patch +++ b/krb5-1.13-dirsrv-accountlock.patch @@ -12,7 +12,7 @@ original version filed as RT#5891. 3 files changed, 29 insertions(+) diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index f5667c3..2bfb994 100644 +index f5667c35f..2bfb99496 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -1656,6 +1656,15 @@ if test "$with_ldap" = yes; then @@ -32,7 +32,7 @@ index f5667c3..2bfb994 100644 dnl dnl If libkeyutils exists (on Linux) include it and use keyring ccache diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index 32efc4f..af8b2db 100644 +index 32efc4f54..af8b2db7b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -1674,6 +1674,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context, @@ -60,7 +60,7 @@ index 32efc4f..af8b2db 100644 ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname); if (ret) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -index d722dbf..5e8e9a8 100644 +index d722dbfa6..5e8e9a897 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname", diff --git a/krb5-1.15-beta1-buildconf.patch b/krb5-1.15-beta1-buildconf.patch index d573750..5fcee09 100644 --- a/krb5-1.15-beta1-buildconf.patch +++ b/krb5-1.15-beta1-buildconf.patch @@ -15,7 +15,7 @@ not just assume that the compiler supports using these flags. 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index c17cb5e..1891dea 100755 +index c17cb5eb5..1891dea99 100755 --- a/src/build-tools/krb5-config.in +++ b/src/build-tools/krb5-config.in @@ -226,6 +226,13 @@ if test -n "$do_libs"; then @@ -33,7 +33,7 @@ index c17cb5e..1891dea 100755 lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" library=krb5 diff --git a/src/config/pre.in b/src/config/pre.in -index fcea229..d961b56 100644 +index fcea229bd..d961b5621 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) @@ -46,7 +46,7 @@ index fcea229..d961b56 100644 ## ${prefix}. prefix=@prefix@ diff --git a/src/config/shlib.conf b/src/config/shlib.conf -index 3e4af6c..2b20c3f 100644 +index 3e4af6c02..2b20c3fda 100644 --- a/src/config/shlib.conf +++ b/src/config/shlib.conf @@ -423,7 +423,7 @@ mips-*-netbsd*) diff --git a/krb5-1.15-beta1-selinux-label.patch b/krb5-1.15-beta1-selinux-label.patch index d743c3b..03e7770 100644 --- a/krb5-1.15-beta1-selinux-label.patch +++ b/krb5-1.15-beta1-selinux-label.patch @@ -66,7 +66,7 @@ which we used earlier, is some improvement. create mode 100644 src/util/support/selinux.c diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 508e5fe..607859f 100644 +index 508e5fe90..607859f17 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag) @@ -130,7 +130,7 @@ index 508e5fe..607859f 100644 +AC_SUBST(SELINUX_LIBS) +])dnl diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index f6184da..c17cb5e 100755 +index f6184da3f..c17cb5eb5 100755 --- a/src/build-tools/krb5-config.in +++ b/src/build-tools/krb5-config.in @@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' @@ -151,7 +151,7 @@ index f6184da..c17cb5e 100755 echo $lib_flags diff --git a/src/config/pre.in b/src/config/pre.in -index e062632..fcea229 100644 +index e0626320c..fcea229bd 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -177,6 +177,7 @@ LD = $(PURE) @LD@ @@ -172,7 +172,7 @@ index e062632..fcea229 100644 GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on Mac OS X! diff --git a/src/configure.in b/src/configure.in -index daabd12..acf3a45 100644 +index daabd12c8..acf3a458b 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1338,6 +1338,8 @@ AC_PATH_PROG(GROFF, groff) @@ -185,7 +185,7 @@ index daabd12..acf3a45 100644 if test "${localedir+set}" != set; then localedir='$(datadir)/locale' diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index 6499173..173cb02 100644 +index 64991738a..173cb0264 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -128,6 +128,7 @@ typedef unsigned char u_char; @@ -198,7 +198,7 @@ index 6499173..173cb02 100644 #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ diff --git a/src/include/k5-label.h b/src/include/k5-label.h new file mode 100644 -index 0000000..dfaaa84 +index 000000000..dfaaa847c --- /dev/null +++ b/src/include/k5-label.h @@ -0,0 +1,32 @@ @@ -235,7 +235,7 @@ index 0000000..dfaaa84 +#endif +#endif diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin -index ac22f4c..cf60d6c 100644 +index ac22f4c55..cf60d6c41 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -87,6 +87,12 @@ @@ -252,7 +252,7 @@ index ac22f4c..cf60d6c 100644 #include diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c -index f7889bd..cad53cf 100644 +index f7889bd23..cad53cfbf 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname) @@ -287,7 +287,7 @@ index f7889bd..cad53cf 100644 com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); exit_status++; diff --git a/src/kdc/main.c b/src/kdc/main.c -index ebc852b..a4dffb2 100644 +index ebc852bba..a4dffb29a 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -872,7 +872,7 @@ write_pid_file(const char *path) @@ -300,7 +300,7 @@ index ebc852b..a4dffb2 100644 return errno; pid = (unsigned long) getpid(); diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c -index ce79fab..c53a574 100644 +index ce79fabf7..c53a5743f 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -414,7 +414,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do @@ -322,7 +322,7 @@ index ce79fab..c53a574 100644 set_cloexec_file(f); log_control.log_entries[lindex].lfu_filep = f; diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c -index 766d300..6466417 100644 +index 766d3002a..6466417b7 100644 --- a/src/lib/kdb/kdb_log.c +++ b/src/lib/kdb/kdb_log.c @@ -476,7 +476,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries) @@ -335,7 +335,7 @@ index 766d300..6466417 100644 return errno; diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c -index bba64e5..73f0fe6 100644 +index bba64e516..73f0fe62d 100644 --- a/src/lib/krb5/ccache/cc_dir.c +++ b/src/lib/krb5/ccache/cc_dir.c @@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents) @@ -385,7 +385,7 @@ index bba64e5..73f0fe6 100644 _("Credential cache directory %s does not exist"), dirname); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c -index 6a42f26..674d88b 100644 +index 6a42f267d..674d88bab 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1022,14 +1022,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) @@ -406,7 +406,7 @@ index 6a42f26..674d88b 100644 goto report_errno; writevno = 1; diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c -index 83c8d4d..a192461 100644 +index 83c8d4db8..a19246128 100644 --- a/src/lib/krb5/os/trace.c +++ b/src/lib/krb5/os/trace.c @@ -397,7 +397,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename) @@ -419,7 +419,7 @@ index 83c8d4d..a192461 100644 free(fd); return errno; diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c -index c4d2c74..c0f12ed 100644 +index c4d2c744d..c0f12ed9d 100644 --- a/src/lib/krb5/rcache/rc_dfl.c +++ b/src/lib/krb5/rcache/rc_dfl.c @@ -794,6 +794,9 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) @@ -451,7 +451,7 @@ index c4d2c74..c0f12ed 100644 goto cleanup; for (q = t->a; q; q = q->na) { diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c -index 7db30a3..2b9d019 100644 +index 7db30a33b..2b9d01921 100644 --- a/src/plugins/kdb/db2/adb_openclose.c +++ b/src/plugins/kdb/db2/adb_openclose.c @@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename, @@ -464,7 +464,7 @@ index 7db30a3..2b9d019 100644 * maybe someone took away write permission so we could only * get shared locks? diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c -index 4c4036e..d90bdea 100644 +index 4c4036eb4..d90bdeaba 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc) @@ -479,7 +479,7 @@ index 4c4036e..d90bdea 100644 retval = errno; goto cleanup; diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c -index 2977b17..d5809a5 100644 +index 2977b17f3..d5809a5a9 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c @@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95"; @@ -500,7 +500,7 @@ index 2977b17..d5809a5 100644 } else { diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c -index 76f5d47..1fa8b83 100644 +index 76f5d4709..1fa8b8389 100644 --- a/src/plugins/kdb/db2/libdb2/hash/hash.c +++ b/src/plugins/kdb/db2/libdb2/hash/hash.c @@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95"; @@ -521,7 +521,7 @@ index 76f5d47..1fa8b83 100644 (void)fcntl(hashp->fp, F_SETFD, 1); } diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c -index d8b26e7..b0daa7c 100644 +index d8b26e701..b0daa7c02 100644 --- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c +++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c @@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94"; @@ -543,7 +543,7 @@ index d8b26e7..b0daa7c 100644 if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -index 022156a..3d6994c 100644 +index 022156a5e..3d6994c67 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -203,7 +203,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) @@ -580,7 +580,7 @@ index 022156a..3d6994c 100644 if (newfile == NULL) { com_err(me, errno, _("Error creating file %s"), tmp_file); diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c -index 056c31a..b78c3d9 100644 +index 056c31a42..b78c3d9e5 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -464,6 +464,9 @@ doit(int fd) @@ -610,7 +610,7 @@ index 056c31a..b78c3d9 100644 KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK); if (retval) { diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c -index 907c119..0f5462a 100644 +index 907c119bb..0f5462aea 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -33,6 +33,7 @@ @@ -631,7 +631,7 @@ index 907c119..0f5462a 100644 retval = errno; if (retval == 0) diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in -index 6239e41..17bcd2a 100644 +index 6239e4176..17bcd2a67 100644 --- a/src/util/support/Makefile.in +++ b/src/util/support/Makefile.in @@ -69,6 +69,7 @@ IPC_SYMS= \ @@ -653,7 +653,7 @@ index 6239e41..17bcd2a 100644 diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c new file mode 100644 -index 0000000..2302634 +index 000000000..230263421 --- /dev/null +++ b/src/util/support/selinux.c @@ -0,0 +1,406 @@ diff --git a/krb5-1.3.1-dns.patch b/krb5-1.3.1-dns.patch index 211e661..c08c228 100644 --- a/krb5-1.3.1-dns.patch +++ b/krb5-1.3.1-dns.patch @@ -9,7 +9,7 @@ We want to be able to use --with-netlib and --enable-dns at the same time. 1 file changed, 1 insertion(+) diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 607859f..f5667c3 100644 +index 607859f17..f5667c35f 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -703,6 +703,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library), diff --git a/krb5-1.9-debuginfo.patch b/krb5-1.9-debuginfo.patch index a67ecd3..f748d3b 100644 --- a/krb5-1.9-debuginfo.patch +++ b/krb5-1.9-debuginfo.patch @@ -12,7 +12,7 @@ could mess up people working in the tree on other things. 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in -index adfea6e..d1327e4 100644 +index adfea6e2b..d1327e400 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -37,3 +37,8 @@ clean-unix:: @@ -25,7 +25,7 @@ index adfea6e..d1327e4 100644 + $(YACC.y) $< + $(CP) y.tab.c $@ diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in -index 8669c24..a22f23c 100644 +index 8669c2436..a22f23c02 100644 --- a/src/plugins/kdb/ldap/ldap_util/Makefile.in +++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in @@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE) diff --git a/krb5.spec b/krb5.spec index 65138a1..3a4d63f 100644 --- a/krb5.spec +++ b/krb5.spec @@ -11,11 +11,14 @@ # leave empty or set to e.g., -beta2 %global prerelease %{nil} +# Should be in form 5.0, 6.1, etc. +%global kdbversion 6.1 + Summary: The Kerberos network authentication system Name: krb5 Version: 1.15 # for prerelease, should be e.g., 0.3.beta2%{?dist} -Release: 4%{?dist} +Release: 5%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -59,6 +62,8 @@ Patch9: krb5-1.9-debuginfo.patch Patch10: krb5-1.11-run_user_0.patch Patch11: krb5-1.11-kpasswdtest.patch Patch12: Build-with-Werror-implicit-int-where-supported.patch +Patch13: Explicitly-copy-KDB-vtable-fields.patch +Patch14: Add-free_principal_e_data-KDB-method.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -144,6 +149,7 @@ Group: System Environment/Libraries Requires: coreutils, gawk, grep, sed Requires: keyutils-libs >= 1.5.8 Requires: /etc/crypto-policies/back-ends/krb5.config +Provides: krb5-kdb-version = %{kdbversion} %description libs Kerberos is a network authentication system. The krb5-libs package @@ -712,6 +718,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Fri Jan 20 2017 Robbie Harwood - 1.15-5 +- Add free hook to KDB; increments KDB version +- Add KDB version flag + * Mon Dec 05 2016 Robbie Harwood - 1.15-4 - New upstream release