import mod_auth_gssapi-1.6.3-7.el9

2022-05-17 05:48:09 -04:00 · 2022-05-17 05:48:09 -04:00 · 88646c9ed1
commit 88646c9ed1
4 changed files with 243 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 SOURCES/mod_auth_gssapi-1.6.3.tar.gz
--- a/.mod_auth_gssapi.metadata
+++ b/.mod_auth_gssapi.metadata
@ -0,0 +1 @@
 7ee7ca772b2fbfedbb98a7dc59edeb7bede27bf0 SOURCES/mod_auth_gssapi-1.6.3.tar.gz
--- a/SOURCES/crypto-Handle-EVP-changes-in-OpenSSL-3.patch
+++ b/SOURCES/crypto-Handle-EVP-changes-in-OpenSSL-3.patch
@ -0,0 +1,36 @@
 From 74fd6dc6c3ba65e48c625d4724878721c46a5e6f Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 24 Aug 2021 15:04:13 -0400
 Subject: [PATCH] crypto: Handle EVP changes in OpenSSL 3
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 OpenSSL 3 changes the padding behavior of EVP_DecryptFinal_ex(), which
 causes our decryption to fail.  It is the opnion of the OpenSSL
 developers that mod_auth_gssapi's use of this function was incorrect.
 Patch suggested by Tomáš Mráz.
 Related: https://github.com/openssl/openssl/issues/16351
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 (cherry picked from commit 06d1f7d36d2455747e6e8231d28e6524ea1181f1)
 (cherry picked from commit 915a3d7fca3beefadd751562abe2d481354a2a9c)
 ---
 src/crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/crypto.c b/src/crypto.c
 index 3f372a0..b3f7fd9 100644
 --- a/src/crypto.c
 +++ b/src/crypto.c
@@ -262,7 +262,7 @@ apr_status_t UNSEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
     totlen += outlen;
     outlen = plain->length - totlen;
 -    ret = EVP_DecryptFinal_ex(ctx, plain->value, &outlen);
 +    ret = EVP_DecryptFinal_ex(ctx, plain->value + totlen, &outlen);
     if (ret == 0) goto done;
     totlen += outlen;
--- a/SPECS/mod_auth_gssapi.spec
+++ b/SPECS/mod_auth_gssapi.spec
@ -0,0 +1,205 @@
 Name:           mod_auth_gssapi
 Version:        1.6.3
 Release:        7%{?dist}
 Summary:        A GSSAPI Authentication module for Apache
 License:        MIT
 URL:            https://github.com/gssapi/mod_auth_gssapi
 Source0:        https://github.com/gssapi/%{name}/releases/download/v%{version}/%name-%{version}.tar.gz
 BuildRequires:  httpd-devel, krb5-devel, openssl-devel
 BuildRequires:  autoconf, automake, libtool, bison, flex, make
 BuildRequires:  git
 Requires:       httpd-mmn = %{_httpd_mmn}
 Requires:       krb5-libs >= 1.11.5
 Patch0: crypto-Handle-EVP-changes-in-OpenSSL-3.patch
 # If you're reading this: NTLM is insecure.  Migrate off it.
 %if 0%{?rhel}
 %else
 BuildRequires: gssntlmssp-devel
 %endif
 %description
 The mod_auth_gssapi module is an authentication service that implements the
 SPNEGO based HTTP Authentication protocol defined in RFC4559.
 %prep
 %autosetup -S git_am
 %build
 export APXS=%{_httpd_apxs}
 autoreconf -fi
 %configure
 make %{?_smp_mflags}
 %install
 mkdir -p %{buildroot}%{_httpd_moddir}
 install -m 755 src/.libs/%{name}.so %{buildroot}%{_httpd_moddir}
 # Apache configuration for the module
 echo "LoadModule auth_gssapi_module modules/mod_auth_gssapi.so" > 10-auth_gssapi.conf
 mkdir -p %{buildroot}%{_httpd_modconfdir}
 install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir}
 %files
 %doc
 %defattr(-,root,root)
 %doc README COPYING
 %config(noreplace) %{_httpd_modconfdir}/10-auth_gssapi.conf
 %{_httpd_moddir}/mod_auth_gssapi.so
 %changelog
 * Wed Aug 25 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-7
 - crypto: Handle EVP changes in OpenSSL 3
 - Resolves: #1992648
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-5
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-4
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Mar 16 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-3
 - Build dep adjustments; no Fedora code changes
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Aug 05 2020 Robbie Harwood <rharwood@redhat.com> - 1.6.3-1
 - New upstream release (1.6.3)
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Apr 27 2020 Robbie Harwood <rharwood@redhat.com> - 1.6.2-1
 - New upstream release (1.6.2)
 - Resolves: #1828142
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Mon Mar 18 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-6
 - Test suite fixes for virtualenv and clang
 * Tue Feb 19 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-5
 - Fix integer sizes used with ap_set_flag_slot()
 - Resolves: #1678872
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Thu Jan 03 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-3
 - Fix tests to work with python3
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Mon Apr 23 2018 Robbie Harwood <rharwood@redhat.com> - 1.6.1-1
 - Release 1.6.1
 - Resolves: #1570271
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Mon Nov 06 2017 Robbie Harwood <rharwood@redhat.com> - 1.6.0-1
 - Release 1.6.0
 * Fri Oct 27 2017 Robbie Harwood <rharwood@redhat.com> - 1.5.1-6
 - Document gssapi-no-negotiate
 * Tue Oct 03 2017 Robbie Harwood <rharwood@redhat.com> - 1.5.1-5
 - Handle extra large NSS entries
 - Resolves: #1498175
 * Mon Oct 02 2017 Robbie Harwood <rharwood@redhat.com> - 1.5.1-4
 - Allow admins to selectively suppress negotiation
 - Migrate to autosetup
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Thu Mar  9 2017 Simo Sorce <simo@redhat.com> - 1.5.1-1
 - Korabl-Sputnik 4 launch (1.5.1)
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Mon Jan 16 2017 Simo Sorce <simo@redhat.com> - 1.5.0-1
 - Last listoff of Space Shuttle Columbia release (1.5.0)
 * Mon Nov 14 2016 Joe Orton <jorton@redhat.com> - 1.4.1-2
 - rebuild for new OpenSSL
 * Mon Aug 15 2016 Robbie Harwood <rharwood@redhat.com> 1.4.1-1
 - Mishka & Chizhik fly on a rocket release (1.4.1)
 - Fix bogus changelog date
 * Fri Jun 17 2016 Simo Sorce <simo@redhat.com> 1.4.0-1
 - Lunar Reconnaissance Orbiter (2009) release (1.4.0)
 * Mon Feb 22 2016 Simo Sorce <simo@redhat.com> 1.3.2-1
 - NEAR Shoemaker launch (1996) release (1.3.2)
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Thu Sep  3 2015 Simo Sorce <simo@redhat.com> 1.3.1-1
 - Viking 2 landing (1976) release (1.3.1)
 * Tue Jul  7 2015 Simo Sorce <simo@redhat.com> 1.3.0-2
 - Fix annoying incorrect behavior with simple configuration where
  GssapiAllowedMech is not used.
 * Sat Jul  4 2015 Simo Sorce <simo@redhat.com> 1.3.0-1
 - US Independence Day Release
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Tue Apr 21 2015 Simo Sorce <simo@redhat.com> 1.2.0-1
 - New minor release 1.2.0
 - Adds delegation support on Basic Auth
 - Response fix, send last auth token on successful auth
 * Tue Mar 31 2015 Simo Sorce <simo@redhat.com> 1.1.0-3
 - Fix some authentication issues
 * Thu Mar 26 2015 Simo Sorce <simo@redhat.com> 1.1.0-2
 - Fix saving delegated credentials for SPNs
 * Thu Mar 12 2015 Simo Sorce <simo@redhat.com> 1.1.0-1
 - New minor release 1.1.0
 - New feature: Basic Auth support
 - Improvements: Better crypto for sesison cookies
 * Sat Nov  8 2014 Simo Sorce <simo@redhat.com> 1.0.4-1
 - Patch release 1.0.4
 - logging initialization fixes
 - additional build fixes
 * Sat Oct 11 2014 Simo Sorce <simo@redhat.com> 1.0.3-1
 - Patch release 1.0.3
 - fixes some build issues on various distros
 * Wed Aug 27 2014 Simo Sorce <simo@redhat.com> 1.0.2-1
 - Adds documntation to README
 - fixes bad bug that crippled configuration
 * Thu Aug 14 2014 Simo Sorce <simo@redhat.com> 1.0.1-1
 - Patch release 1.0.1
 * Mon Aug  4 2014 Simo Sorce <simo@redhat.com> 1.0.0-1
 - First release
		`@ -0,0 +1 @@`
							`7ee7ca772b2fbfedbb98a7dc59edeb7bede27bf0 SOURCES/mod_auth_gssapi-1.6.3.tar.gz`