* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1

- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads the installed shared libraries instead the ones from the build")
2015-05-22 16:28:26 +02:00 · 2015-05-22 16:28:26 +02:00 · 8c2cea93bb
commit 8c2cea93bb
parent 9997960299
2 changed files with 103 additions and 1 deletions
--- a/krb5-tests_use_libs_from_build.patch
+++ b/krb5-tests_use_libs_from_build.patch
@ -0,0 +1,96 @@
+#
+# krb5-tests_use_libs_from_build.patch - patch to ensure the tests
+# in the upstream sources use the libraries from the local tree
+# and not those from the underlying build system.
+3
+# Originally repoted as RedHat Bug #1164304 ("Upstream unit tests loads
+# the installed shared libraries instead the ones from the build")
+# 
+# 
+# Description of problem:
+# krb5-1.12.2/src/lib/kadm5/unit-test fails (segfaults) when
+# krb5-pkinit is installed on the sysytem.
+# Monitoring via audit showed that unit tests from this directory
+# loads pkinit.so from the installed package and not the one that
+# was built.
+# On top of that, monitoring showed that libs from the installed
+# krb5-libs (whatever version installed) are loaded too.
+# This questions the effectiveness of upstream testing.
+# 
+# Version-Release number of selected component (if applicable):
+# krb5-libs-1.12.2-8.el7
+# 
+# How reproducible:
+# always
+# 
+# Steps to Reproduce:
+# 
+# # rpm -qa krb5\*
+# krb5-devel-1.11.3-49.el7.ppc64
+# krb5-libs-1.11.3-49.el7.ppc64
+# krb5-pkinit-1.11.3-49.el7.ppc64
+# #
+# # rpm -ivh krb5-1.12.2-8.el7.src.rpm 
+# ... snip ...
+# # rpmbuild -bc ~/rpmbuild/SPECS/krb5.spec 
+# ... snip ...
+# #
+# # cd ~/rpmbuild/BUILD/krb5-1.12.2/src/
+# # make runenv.py
+# LD_LIBRARY_PATH=`echo -L./lib | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;  \
+# for i in LD_LIBRARY_PATH; do \
+# 	eval echo 'env['\\\'$i\\\''] = '\\\'\$$i\\\'; \
+# done > pyrunenv.vals
+# echo "proxy_tls_impl = 'openssl'" >> pyrunenv.vals
+# echo 'env = {}' > runenv.py
+# cat pyrunenv.vals >> runenv.py
+# # cd lib/kadm5/unit-test/
+# # make check
+# .. snip ...
+# 	KINIT=../../../clients/kinit/kinit \
+# 	KDESTROY=../../../clients/kdestroy/kdestroy \
+# 	KADMIN_LOCAL=../../../kadmin/cli/kadmin.local \
+# 	PRIOCNTL_HACK=0 VALGRIND="" \
+# 	
+# WARNING: Couldn't find the global config file.
+# WARNING: Couldn't find tool init file
+# Test Run By root on Fri Nov 14 10:30:35 2014
+# Native configuration is powerpc64-redhat-linux-gnu
+# 
+# 		=== api tests ===
+# 
+# Schedule of variations:
+#     unix
+# 
+# Running target unix
+# Using /usr/share/dejagnu/baseboards/unix.exp as board description file for target.
+# Using /usr/share/dejagnu/config/unix.exp as generic interface file for target.
+# Using ./config/unix.exp as tool-and-target-specific interface file.
+# Running ./api.2/crte-policy.exp ...
+# FAIL: create-policy 1: eof
+# ERROR: create-policy 1: unexpected failure in init
+# ERROR: create-policy 2: unexpected failure in init
+# ERROR: create-policy 3: unexpected failure in init
+# 
+diff -ur krb5/src/kadmin/testing/proto/krb5.conf.proto krb5/src/kadmin/testing/proto/krb5.conf.proto
+--- krb5/src/kadmin/testing/proto/krb5.conf.proto	2014-11-14 10:16:22.106948323 -0500
+++ krb5/src/kadmin/testing/proto/krb5.conf.proto	2014-11-14 10:14:16.955948323 -0500
+@@ -2,6 +2,7 @@
+ 	default_realm = __REALM__
+ 	default_keytab_name = FILE:__K5ROOT__/v5srvtab
+ 	dns_fallback = no
+	plugin_base_dir = __PLUGIN_DIR__
+ 
+ [realms]
+ 	__REALM__ = {
+diff -ur krb5/src/kadmin/testing/scripts/start_servers krb5/src/kadmin/testing/scripts/start_servers
+--- krb5/src/kadmin/testing/scripts/start_servers	2014-08-11 18:46:27.000000000 -0400
+++ krb5/src/kadmin/testing/scripts/start_servers	2014-11-14 10:14:56.409948323 -0500
+@@ -40,6 +40,7 @@
+ 		-e "s/__KDCHOST__/$hostname/g" \
+ 		-e "s/__LOCALHOST__/$localname/g" \
+ 		-e "s#__MODDIR__#$TOP/../plugins/kdb#g"\
+		-e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\
+ 		< $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
+ 
+ # Using /usr/ucb/rsh and getting rid of "-k $REALM" until we get
--- a/krb5.spec
+++ b/krb5.spec
@ -43,7 +43,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.13.2
-Release: 0%{?dist}
+Release: 1%{?dist}
 # - Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
 # - The sources below are stored in a lookaside cache. Upload with
@ -94,6 +94,7 @@ Patch129: krb5-1.11-run_user_0.patch
 Patch134: krb5-1.11-kpasswdtest.patch
 Patch136: krb5-socket_wrapper_eventfd_prototype_mismatch.patch
 Patch140: krb5-1.14-Support-KDC_ERR_MORE_PREAUTH_DATA_REQUIRED.patch
+Patch143: krb5-tests_use_libs_from_build.patch

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -318,6 +319,7 @@ ln NOTICE LICENSE
 %endif

 %patch140 -p1 -b .krb5-1.14-support-kdc_err_more_preauth_data_required
+%patch143 -p1 -b .krb5-tests_use_libs_from_build

 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
@ -1009,6 +1011,10 @@ exit 0


 %changelog
+* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
+- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
+  the installed shared libraries instead the ones from the build")
+
 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
 - Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2