Suppress static analyzer warning in FIPS override

2021-05-04 15:02:53 -04:00 · 2021-05-04 15:02:53 -04:00 · e9fb111a11
commit e9fb111a11
parent 1c2362203e
5 changed files with 13 additions and 8 deletions
--- a/Add-APIs-for-marshalling-credentials.patch
+++ b/Add-APIs-for-marshalling-credentials.patch
@ -1,4 +1,4 @@
-From 4505316756e42db02b6dabe0a6b075fe52852371 Mon Sep 17 00:00:00 2001
+From c1fe1c8fa3df7f50c7e28d52263d0d24afb4b3a1 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 14 Jan 2021 18:13:09 -0500
 Subject: [PATCH] Add APIs for marshalling credentials
--- a/Add-hostname-canonicalization-helper-to-k5test.py.patch
+++ b/Add-hostname-canonicalization-helper-to-k5test.py.patch
@ -1,4 +1,4 @@
-From d898d94cef8e1a8772a91cd3a62255c33f109636 Mon Sep 17 00:00:00 2001
+From 3e78bc5d48513fe38f3bc4228b12abcdc0733ee2 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 15 Jan 2021 14:43:34 -0500
 Subject: [PATCH] Add hostname canonicalization helper to k5test.py
--- a/Support-host-based-GSS-initiator-names.patch
+++ b/Support-host-based-GSS-initiator-names.patch
@ -1,4 +1,4 @@
-From 8c57937f3ca793fe3f8fdd636be0bc11c24069bc Mon Sep 17 00:00:00 2001
+From 3133e5e24e94bf060e23a4d97cbdf74e934d010f Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 15 Jan 2021 13:51:34 -0500
 Subject: [PATCH] Support host-based GSS initiator names
--- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
@ -1,4 +1,4 @@
-From 4a62aeae7b747cd289548949f940525365fe0947 Mon Sep 17 00:00:00 2001
+From 852e9efad17e3ef6ea54f91044a279bb34020ecf Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 9 Nov 2018 15:12:21 -0500
 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
@ -19,6 +19,8 @@ post6 restores MD4 (and therefore keygen-only RC4).

 post7 restores MD5 and adds radius_md5_fips_override.

+post8 silences a static analyzer warning.
+
 Last-updated: krb5-1.17
 ---
 doc/admin/conf_files/krb5_conf.rst            |  6 +++
@ -349,7 +351,7 @@ index 03c613716..d89982a13 100644
             return retval;
 
 diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h
-index 0143d155a..223ffd730 100644
+index 0143d155a..57672982f 100644
 --- a/src/lib/krad/internal.h
 +++ b/src/lib/krad/internal.h
@@ -39,6 +39,8 @@
@ -407,7 +409,7 @@ index 0143d155a..223ffd730 100644
 +    if (!FIPS_mode())
 +        return 0;
 +
-+    profile_get_boolean(ctx->profile, "libdefaults",
+    (void)profile_get_boolean(ctx->profile, "libdefaults",
 +                              "radius_md5_fips_override", NULL, 0, &val);
 +    return !val;
 +}
--- a/krb5.spec
+++ b/krb5.spec
@ -42,7 +42,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.19.1
-Release: %{?zdpd}4%{?dist}
+Release: %{?zdpd}5%{?dist}

 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@ -635,6 +635,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*

 %changelog
+* Tue May 04 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-5
+- Suppress static analyzer warning in FIPS override
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.19.1-3.1
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.