From 8c4df25456585c69b4f4369eeb60905d9cd2b05b Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Mon, 7 Aug 2006 17:52:52 +0000
Subject: [PATCH] - ensure that the gssapi library's been initialized before
 walking the     internal mechanism list in gss_release_oid(), needed if
 called from     gss_release_name() right after a gss_import_name() (#198092)

---
 krb5-1.5-gssinit.patch | 19 +++++++++++++++++++
 krb5.spec              |  9 ++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 krb5-1.5-gssinit.patch

diff --git a/krb5-1.5-gssinit.patch b/krb5-1.5-gssinit.patch
new file mode 100644
index 0000000..1c5845b
--- /dev/null
+++ b/krb5-1.5-gssinit.patch
@@ -0,0 +1,19 @@
+Don't crash in gss_release_oid() when the application is doing nothing
+more than importing a name and freeing it (gss_release_name() calls
+gss_release_oid(), but gss_import_name() doesn't initialize the library,
+so gss_release_oid() hits an assertion failure when it tries to lock the
+mechanism list).
+
+Upstream RT #4088/4096.
+
+--- krb5-1.5/src/lib/gssapi/mechglue/g_initialize.c	2006-08-07 13:10:19.000000000 -0400
++++ krb5-1.5/src/lib/gssapi/mechglue/g_initialize.c	2006-08-07 13:10:13.000000000 -0400
+@@ -91,6 +91,8 @@
+ 
+ 	if (minor_status == NULL)
+ 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
++	if (gssint_initialize_library())
++		return GSS_S_FAILURE;
+ 
+ 	*minor_status = 0;
+ 
diff --git a/krb5.spec b/krb5.spec
index 7d40c8d..d36643b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.5
-Release: 3
+Release: 4
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -65,6 +65,7 @@ Patch39: krb5-1.4.1-api.patch
 Patch40: krb5-1.4.1-telnet-environ.patch
 Patch41: krb5-1.2.7-login-lpass.patch
 Patch44: krb5-1.4.3-enospc.patch
+Patch45: krb5-1.5-gssinit.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -130,6 +131,11 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
+* Mon Aug  7 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-4
+- ensure that the gssapi library's been initialized before walking the
+  internal mechanism list in gss_release_oid(), needed if called from
+  gss_release_name() right after a gss_import_name() (#198092)
+
 * Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-3
 - rebuild
 
@@ -930,6 +936,7 @@ workstation.
 %patch40 -p1 -b .telnet-environ
 %patch41 -p1 -b .login-lpass
 %patch44 -p1 -b .enospc
+%patch45 -p1 -b .gssinit
 cp src/krb524/README README.krb524
 gzip doc/*.ps
 cd src