diff options
author | root <root@rshg054.dnsready.net> | 2011-10-04 23:14:30 +0000 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2011-10-04 23:14:30 +0000 |
commit | 3567a49f79d2dbf828b723ab54982fa6c7ea1c80 (patch) | |
tree | 15fc309d3681df4da7a56189050fd5aa16fa9794 /core/krb5 | |
parent | 57d05f7209f022aa99a8850aafbeec4cb85c3b5b (diff) |
Tue Oct 4 23:14:30 UTC 2011
Diffstat (limited to 'core/krb5')
-rw-r--r-- | core/krb5/PKGBUILD | 24 | ||||
-rw-r--r-- | core/krb5/krb5-1.9.1-canonicalize-fallback.patch | 58 | ||||
-rw-r--r-- | core/krb5/krb5-1.9.1-config-script.patch | 18 |
3 files changed, 86 insertions, 14 deletions
diff --git a/core/krb5/PKGBUILD b/core/krb5/PKGBUILD index 94356ab28..b86c0a91c 100644 --- a/core/krb5/PKGBUILD +++ b/core/krb5/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 133509 2011-07-28 19:16:56Z stephane $ +# $Id: PKGBUILD 139635 2011-10-03 23:42:42Z stephane $ # Maintainer: Stéphane Gaudreault <stephane@archlinux.org> pkgname=krb5 pkgver=1.9.1 -pkgrel=3 +pkgrel=4 pkgdesc="The Kerberos network authentication system" arch=('i686' 'x86_64') url="http://web.mit.edu/kerberos/" @@ -17,11 +17,13 @@ backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf') source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar krb5-kadmind krb5-kdc - krb5-1.9.1-config-script.patch) + krb5-1.9.1-config-script.patch + krb5-1.9.1-canonicalize-fallback.patch) sha1sums=('e23a1795a237521493da9cf3443ac8b98a90c066' '2aa229369079ed1bbb201a1ef72c47bf143f4dbe' '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393' - '8d1ec8bdb39fec230caace112d1a41ad792f7d97') + '7342410760cf44bfa01bb99bb4c49e12496cb46f' + '238c268fa6cb42fc7324ab54db9abda5cd77f833') options=('!emptydirs') build() { @@ -30,14 +32,21 @@ build() { # - Make krb5-config suppress CFLAGS output when called with --libs # cf https://bugzilla.redhat.com/show_bug.cgi?id=544391 - # http://pkgs.fedoraproject.org/gitweb/?p=krb5.git;a=blob;f=krb5-1.7-buildconf.patch # # - Omit extra libraries because their interfaces are not exposed to applications # by libkrb5, unless do_deps is set to 1, which indicates that the caller # wants the whole list. - # cf http://pkgs.fedoraproject.org/gitweb/?p=krb5.git;a=blob;f=krb5-1.7-nodeplibs.patch + # + # Patch from upstream : + # http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236 patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch + # FS#25515 + patch -Np2 -i ${srcdir}/krb5-1.9.1-canonicalize-fallback.patch + + # FS#25384 + sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4 + export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all" export CPPFLAGS+=" -I/usr/include/et" ./configure --prefix=/usr \ @@ -69,5 +78,8 @@ package() { install -m 755 ../../krb5-kdc "${pkgdir}"/etc/rc.d install -m 755 ../../krb5-kadmind "${pkgdir}"/etc/rc.d + install -dm 755 "${pkgdir}"/usr/share/aclocal + install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal + install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE } diff --git a/core/krb5/krb5-1.9.1-canonicalize-fallback.patch b/core/krb5/krb5-1.9.1-canonicalize-fallback.patch new file mode 100644 index 000000000..e5a38498f --- /dev/null +++ b/core/krb5/krb5-1.9.1-canonicalize-fallback.patch @@ -0,0 +1,58 @@ +diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c +--- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c 2011-02-09 16:55:36.000000000 -0500 ++++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c 2011-09-26 18:42:01.465190278 -0400 +@@ -470,13 +470,10 @@ + + /***** STATE_REFERRALS *****/ + +-/* +- * Possibly retry a request in the fallback realm after a referral request +- * failure in the local realm. Expects ctx->reply_code to be set to the error +- * from a referral request. +- */ ++/* Possibly try a non-referral request after a referral request failure. ++ * Expects ctx->reply_code to be set to the error from a referral request. */ + static krb5_error_code +-try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx) ++try_fallback(krb5_context context, krb5_tkt_creds_context ctx) + { + krb5_error_code code; + char **hrealms; +@@ -485,9 +482,10 @@ + if (ctx->referral_count > 1) + return ctx->reply_code; + +- /* Only fall back if the original request used the referral realm. */ ++ /* If the request used a specified realm, make a non-referral request to ++ * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */ + if (!krb5_is_referral_realm(&ctx->req_server->realm)) +- return ctx->reply_code; ++ return begin_non_referral(context, ctx); + + if (ctx->server->length < 2) { + /* We need a type/host format principal to find a fallback realm. */ +@@ -500,10 +498,10 @@ + if (code != 0) + return code; + +- /* Give up if the fallback realm isn't any different. */ ++ /* If the fallback realm isn't any different, use the existing TGT. */ + if (data_eq_string(ctx->server->realm, hrealms[0])) { + krb5_free_host_realm(context, hrealms); +- return ctx->reply_code; ++ return begin_non_referral(context, ctx); + } + + /* Rewrite server->realm to be the fallback realm. */ +@@ -540,9 +538,9 @@ + krb5_error_code code; + const krb5_data *referral_realm; + +- /* Possibly retry with the fallback realm on error. */ ++ /* Possibly try a non-referral fallback request on error. */ + if (ctx->reply_code != 0) +- return try_fallback_realm(context, ctx); ++ return try_fallback(context, ctx); + + if (krb5_principal_compare(context, ctx->reply_creds->server, + ctx->server)) { diff --git a/core/krb5/krb5-1.9.1-config-script.patch b/core/krb5/krb5-1.9.1-config-script.patch index 96ee6b001..a72a75edf 100644 --- a/core/krb5/krb5-1.9.1-config-script.patch +++ b/core/krb5/krb5-1.9.1-config-script.patch @@ -1,25 +1,27 @@ diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in --- krb5-1.9.1.ori/src/krb5-config.in 2010-01-19 13:44:57.000000000 -0500 -+++ krb5-1.9.1/src/krb5-config.in 2011-07-28 14:32:00.546990621 -0400 ++++ krb5-1.9.1/src/krb5-config.in 2011-09-26 18:27:09.018487087 -0400 @@ -186,7 +186,7 @@ -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ - -e 's#\$(CFLAGS)#'"$CFLAGS"'#'` -+ -e 's#\$(CFLAGS)##'` ++ -e 's#\$(CFLAGS)##'` if test $library = 'kdb'; then lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" -@@ -214,7 +214,11 @@ +@@ -214,9 +214,13 @@ fi if test $library = 'krb5'; then - lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" -+ if test 0$do_deps -eq 1 ; then -+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" -+ else -+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err" -+ fi ++ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err" fi ++ # If we ever support a flag to generate output suitable for static ++ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB" ++ # here. ++ echo $lib_flags + fi + |