6 changed files with 7 additions and 118 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 SOURCES/GSSAPI-0.28.tar.gz
 /GSSAPI-0.28.tar.gz
--- a/.perl-GSSAPI.metadata
+++ b/.perl-GSSAPI.metadata
@ -0,0 +1 @@
 c857485532e92e266a75b56ed247284f94b2d3d4 SOURCES/GSSAPI-0.28.tar.gz
--- a/GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch
+++ b/GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch
@ -1,79 +0,0 @@
 From 159042c71bbdd5909f792208dcdffffb1674ecfe Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
 Date: Thu, 19 Aug 2021 16:07:06 +0200
 Subject: [PATCH] Fix a crash in gss_release_oid() when destructing out_mech
 returned by gss_accept_sec_context()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 If Perl GSSAPI was built against MIT krb5, an example gss-server.pl
 script crashed like this:
    Program terminated with signal SIGSEGV, Segmentation fault.
    #0  0x00007f27f3d48b23 in __GI___libc_free (mem=<optimized out>)
        at malloc.c:3131
    3131	  ar_ptr = arena_for_chunk (p);
    (gdb) bt
    #0  0x00007f27f3d48b23 in __GI___libc_free (mem=<optimized out>)
        at malloc.c:3131
    #1  0x00007f27f2fe17c6 in generic_gss_release_oid (
        minor_status=minor_status@entry=0x7fffc750333c,
        oid=oid@entry=0x7fffc7503340) at oid_ops.c:102
    #2  0x00007f27f2fee6df in gss_release_oid (
        minor_status=minor_status@entry=0x7fffc750333c,
        oid=oid@entry=0x7fffc7503340) at g_initialize.c:202
    #3  0x00007f27f322f5cf in XS_GSSAPI__OID_DESTROY (my_perl=<optimized out>,
        cv=0x564037c87130) at ./xs/OID.xs:24
    #4  0x00007f27f4f58149 in Perl_pp_entersub (my_perl=0x5640378d42a0)
        at pp_hot.c:4227
 The cause is that gss_accept_sec_context() returns a pointer to
 a static storage in out_mech argument. When GSSAPI passed out_mech to
 a desctructor, the invoked gss_release_oid() crashed when freeing the
 memory.
 Accoding to RFC 2744, the static storage is correct. Hence the flaw is
 on Perl GSSAPI side. This patch fixes it by copying the out_mech OID
 object on a heap which is then correctly processed by
 gss_release_oid().
 CPAN RT#121873.
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 xs/Context.xs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 diff --git a/xs/Context.xs b/xs/Context.xs
 index d176f08..4549595 100644
 --- a/xs/Context.xs
 +++ b/xs/Context.xs
@@ -80,6 +80,24 @@ accept(context, acc_cred, in_token, binding, out_name, out_mech, out_token, out_
 				       &in_token, binding, out_name, out_mech,
 				       &out_token, out_flags, out_time,
 				       delegated_cred);
 +#if !defined(HEIMDAL)
 +	if (out_mech && *out_mech) {
 +		/* RFC 2744 documents that the returned *out_mech is a pointer
 +		 * to static data. To prevent from freeing them when destructing
 +		 * out_mech, we change *out_mech into a pointer to a heap-allocated
 +		 * buffer with the same content. Otherwise, MITKRB5-provided
 +		 * gss_release_oid() deallocator which cannot recognize this static
 +		 * storage would crash. We use malloc() because gss_release_oid() used
 +		 * free(). */
 +		GSSAPI__OID copy = malloc(sizeof(*copy));
 +		if (!copy) croak("Not enough memory for copying out_mech!");
 +		copy->elements = malloc((*out_mech)->length);
 +		if (!copy->elements) croak("Not enough memory for copying out_mech!");
 +		memcpy(copy->elements, (*out_mech)->elements, (*out_mech)->length);
 +		copy->length = (*out_mech)->length;
 +		*out_mech = copy;
 +    }
 +#endif
     OUTPUT:
 	RETVAL
 	context
 -- 
 2.31.1
--- a/SPECS/perl-GSSAPI.spec
+++ b/SPECS/perl-GSSAPI.spec
@ -6,16 +6,12 @@
 Name:           perl-GSSAPI
 Version:        0.28
-Release:        25%{?dist}
+Release:        18%{?dist}
 Summary:        Perl extension providing access to the GSSAPIv2 library
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/GSSAPI/
 Source0:        http://www.cpan.org/authors/id/A/AG/AGROLMS/GSSAPI-%{version}.tar.gz
 # Fix a crash in gss_release_oid() when destructing out_mech (rhbz #1937764, CPAN RT#121873)
 Patch0:         GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch
 BuildRequires:  findutils
 BuildRequires:  gcc
 BuildRequires:  krb5-devel
 BuildRequires:  which
 %{?_with_testsuite:BuildRequires: perl(constant)}
@ -23,8 +19,7 @@ BuildRequires:  which
 %{?_with_testsuite:BuildRequires: perl(Exporter)}
 BuildRequires:  perl-devel
 BuildRequires:  perl-generators
-BuildRequires:  perl-interpreter
+BuildRequires:  perl(ExtUtils::MakeMaker)
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 %{?_with_testsuite:BuildRequires: perl(ExtUtils::testlib)}
 BuildRequires:  perl(Getopt::Long)
 %{?_with_testsuite:BuildRequires: perl(Test::More)}
@ -39,16 +34,17 @@ distribution from MIT.
 %prep
 %setup -q -n GSSAPI-%{version}
 %patch0 -p1
 chmod -c a-x examples/*.pl
 %build
-perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" NO_PACKLIST=1
+perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"
 make %{?_smp_mflags}
 %install
 make pure_install DESTDIR=%{buildroot}
-find %{buildroot} -type f -name '*.bs' -empty -delete
+find %{buildroot} -type f -name .packlist -exec rm -f {} \;
 find %{buildroot} -type f -name '*.bs' -empty -exec rm -f {} \;
 find %{buildroot} -depth -type d -exec rmdir {} 2>/dev/null \;
 %{_fixperms} %{buildroot}/*
 %check
@ -62,27 +58,6 @@ find %{buildroot} -type f -name '*.bs' -empty -delete
 %{_mandir}/man3/*
 %changelog
 * Thu Aug 19 2021 Jitka Plesnikova <jplesnik@redhat.com> - 0.28-25
 - Resolves: rhbz#1937764 - Fix a crash in gss_release_oid() when destructing out_mech
 * Mon Aug 16 2021 Jitka Plesnikova <jplesnik@redhat.com> - 0.28-24
 - Resolves: rhbz#1937764 - Fix comparison of OID structure
 * Mon Feb 19 2018 Jitka Plesnikova <jplesnik@redhat.com> - 0.28-23
 - Add build-require gcc
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.28-22
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.28-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.28-20
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 0.28-19
 - Perl 5.26 rebuild
 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.28-18
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-8
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/1
+++ b/1
@ -1 +0,0 @@
 SHA512 (GSSAPI-0.28.tar.gz) = 4bae4729c216da099f6f0479ef34874fa62c1afc57bf56860e1ce082e9e6a902ec072f9e976ab2f1914df1bbad6b6689af04a9867b3ca1a9f11d0287e58aa204
`@ -1,2 +1 @@`
	`SOURCES/GSSAPI-0.28.tar.gz`	`SOURCES/GSSAPI-0.28.tar.gz`
	`/GSSAPI-0.28.tar.gz`
		`@ -0,0 +1 @@`
							`c857485532e92e266a75b56ed247284f94b2d3d4 SOURCES/GSSAPI-0.28.tar.gz`
		`@ -1 +0,0 @@`
			`SHA512 (GSSAPI-0.28.tar.gz) = 4bae4729c216da099f6f0479ef34874fa62c1afc57bf56860e1ce082e9e6a902ec072f9e976ab2f1914df1bbad6b6689af04a9867b3ca1a9f11d0287e58aa204`