Update to 1.12 beta

2013-11-19 18:08:43 -05:00 · 2013-11-19 18:08:43 -05:00 · 88c0c528bd
commit 88c0c528bd
parent 3c08a1616e
4 changed files with 17 additions and 140 deletions
--- a/.gitignore
+++ b/.gitignore
@ -95,3 +95,6 @@ krb5-1.8.3-pdf.tar.gz
 /krb5-1.11.4.tar.gz
 /krb5-1.11.4.tar.gz.asc
 /krb5-1.11.4-pdf.tar.xz
+/krb5-1.12-beta1.tar.gz
+/krb5-1.12-beta1.tar.gz.asc
+/krb5-1.12-beta1-pdf.tar.xz
--- a/krb5-1.12-alpha-gss-ccache-import.patch
+++ b/krb5-1.12-alpha-gss-ccache-import.patch
@ -1,129 +0,0 @@
-commit 48dd01f29b893a958a64dcf6eb0b734e8463425b
-Author: Greg Hudson <ghudson@mit.edu>
-Date:   Mon Oct 7 09:51:56 2013 -0400
-
-    Fix GSSAPI krb5 cred ccache import
-    
-    json_to_ccache was incorrectly indexing the JSON array when restoring
-    a memory ccache.  Fix it.
-    
-    Add test coverage for a multi-cred ccache by exporting/importing the
-    synthesized S4U2Proxy delegated cred in t_s4u2proxy_krb5.c; move
-    export_import_cred from t_export_cred.c to common.c to facilitate
-    this.  Make a note in t_export_cred.py that this case is covered in
-    t_s4u.py.
-    
-    ticket: 7706
-    target_version: 1.11.4
-
-diff --git a/src/lib/gssapi/krb5/import_cred.c b/src/lib/gssapi/krb5/import_cred.c
-index 973b9d0..f0a0373 100644
--- a/src/lib/gssapi/krb5/import_cred.c
-+++ b/src/lib/gssapi/krb5/import_cred.c
-@@ -486,7 +486,7 @@ json_to_ccache(krb5_context context, k5_json_value v, krb5_ccache *ccache_out,
- 
-     /* Add remaining array entries to the ccache as credentials. */
-     for (i = 1; i < len; i++) {
-        if (json_to_creds(context, k5_json_array_get(array, 1), &creds))
-+        if (json_to_creds(context, k5_json_array_get(array, i), &creds))
-             goto invalid;
-         ret = krb5_cc_store_cred(context, ccache, &creds);
-         krb5_free_cred_contents(context, &creds);
-diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
-index 19a781a..231f44a 100644
--- a/src/tests/gssapi/common.c
-+++ b/src/tests/gssapi/common.c
-@@ -149,6 +149,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
- }
- 
- void
-+export_import_cred(gss_cred_id_t *cred)
-+{
-+    OM_uint32 major, minor;
-+    gss_buffer_desc buf;
-+
-+    major = gss_export_cred(&minor, *cred, &buf);
-+    check_gsserr("gss_export_cred", major, minor);
-+    (void)gss_release_cred(&minor, cred);
-+    major = gss_import_cred(&minor, &buf, cred);
-+    check_gsserr("gss_import_cred", major, minor);
-+    (void)gss_release_buffer(&minor, &buf);
-+}
-+
-+void
- display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
- {
-     gss_name_t canon;
-diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h
-index 54c0d36..ae11b51 100644
--- a/src/tests/gssapi/common.h
-+++ b/src/tests/gssapi/common.h
-@@ -62,6 +62,10 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred,
-                         gss_name_t *src_name, gss_OID *amech,
-                         gss_cred_id_t *deleg_cred);
- 
-+/* Export *cred to a token, then release *cred and replace it by re-importing
-+ * the token. */
-+void export_import_cred(gss_cred_id_t *cred);
-+
- /* Display name as canonicalized to mech, preceded by tag. */
- void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
- 
-diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c
-index 5214cd5..4d7c028 100644
--- a/src/tests/gssapi/t_export_cred.c
-+++ b/src/tests/gssapi/t_export_cred.c
-@@ -37,22 +37,6 @@ usage(void)
-     exit(1);
- }
- 
-/* Export *cred to a token, then release *cred and replace it by re-importing
- * the token. */
-static void
-export_import_cred(gss_cred_id_t *cred)
-{
-    OM_uint32 major, minor;
-    gss_buffer_desc buf;
-
-    major = gss_export_cred(&minor, *cred, &buf);
-    check_gsserr("gss_export_cred", major, minor);
-    (void)gss_release_cred(&minor, cred);
-    major = gss_import_cred(&minor, &buf, cred);
-    check_gsserr("gss_import_cred", major, minor);
-    (void)gss_release_buffer(&minor, &buf);
-}
-
- int
- main(int argc, char *argv[])
- {
-diff --git a/src/tests/gssapi/t_export_cred.py b/src/tests/gssapi/t_export_cred.py
-index 53dd13c..6988359 100644
--- a/src/tests/gssapi/t_export_cred.py
-+++ b/src/tests/gssapi/t_export_cred.py
-@@ -1,7 +1,10 @@
- #!/usr/bin/python
- from k5test import *
- 
-# Test gss_export_cred and gss_import_cred.
-+# Test gss_export_cred and gss_import_cred for initiator creds,
-+# acceptor creds, and traditional delegated creds.  t_s4u.py tests
-+# exporting and importing a synthesized S4U2Proxy delegated
-+# credential.
- 
- # Make up a filename to hold user's initial credentials.
- def ccache_savefile(realm):
-diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c
-index 3ad1086..483d915 100644
--- a/src/tests/gssapi/t_s4u2proxy_krb5.c
-+++ b/src/tests/gssapi/t_s4u2proxy_krb5.c
-@@ -117,6 +117,10 @@ main(int argc, char *argv[])
-         goto cleanup;
-     }
- 
-+    /* Take the opportunity to test cred export/import on the synthesized
-+     * S4U2Proxy delegated cred. */
-+    export_import_cred(&deleg_cred);
-+
-     /* Store the delegated credentials. */
-     ret = krb5_cc_resolve(context, storage_ccname, &storage_ccache);
-     check_k5err(context, "krb5_cc_resolve", ret);
--- a/krb5.spec
+++ b/krb5.spec
@ -41,15 +41,15 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.12
-Release: 0%{?dist}.alpha1.0
+Release: 0%{?dist}.beta1.0
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-alpha1-signed.tar
-Source0: krb5-%{version}-alpha1.tar.gz
-Source1: krb5-%{version}-alpha1.tar.gz.asc
+# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-beta1-signed.tar
+Source0: krb5-%{version}-beta1.tar.gz
+Source1: krb5-%{version}-beta1.tar.gz.asc
 # Use a dummy krb5-%{version}-pdf.tar.xz the first time through, then
 #  tar cvJf $RPM_SOURCE_DIR/krb5-%%{version}-pdf.tar.xz build-pdf/*.pdf
 # after the build phase finishes.
-Source3: krb5-%{version}-alpha1-pdf.tar.xz
+Source3: krb5-%{version}-beta1-pdf.tar.xz
 Source2: kprop.service
 Source4: kadmin.service
 Source5: krb5kdc.service
@ -92,7 +92,6 @@ Patch129: krb5-1.11-run_user_0.patch
 Patch134: krb5-1.11-kpasswdtest.patch
 Patch138: krb5-master-keyring-offsets.patch
 Patch139: krb5-master-keyring-expiration.patch
-Patch140: krb5-1.12-alpha-gss-ccache-import.patch

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -284,7 +283,7 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.

 %prep
-%setup -q -n %{name}-%{version}-alpha1 -a 3 -a 100
+%setup -q -n %{name}-%{version}-beta1 -a 3 -a 100
 ln -s NOTICE LICENSE

 %patch60 -p1 -b .pam
@ -311,7 +310,6 @@ ln -s NOTICE LICENSE
 %patch134 -p1 -b .kpasswdtest
 %patch138 -p1 -b .keyring-offsets
 %patch139 -p1 -b .keyring-expiration
-%patch140 -p1 -b .gss-ccache-import

 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt
@ -960,6 +958,11 @@ exit 0
 %{_sbindir}/uuserver

 %changelog
+* Tue Nov 19 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.12-beta1.0
+- rebase to master
+- update to beta1
+  - drop obsolete backport of fix for RT#7706
+
 * Mon Nov 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.4-2
 - pull in fix to store KDC time offsets in keyring credential caches (RT#7768,
  #1030607)
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-81d38859182c1388c7126bdb975c678b  krb5-1.11.4.tar.gz
-1ac1512ea788e1747464d250d7734f1d  krb5-1.11.4.tar.gz.asc
-bcbc071bd1267fef501cf5c95d399305  krb5-1.11.4-pdf.tar.xz
+f0f5329199f62d9fcf68e02780c8e2e3  krb5-1.12-beta1.tar.gz
+1d812e9438bcc73e8d15ed8836cb1510  krb5-1.12-beta1.tar.gz.asc
+8b4dc313aded04f51f16605c898005d6  krb5-1.12-beta1-pdf.tar.xz
 0d676f5babfc3c5f9e685d6538850021  nss_wrapper-0.0-20130719153839Z.git6cb59864.bz2