From 3567a49f79d2dbf828b723ab54982fa6c7ea1c80 Mon Sep 17 00:00:00 2001
From: root <root@rshg054.dnsready.net>
Date: Tue, 4 Oct 2011 23:14:30 +0000
Subject: Tue Oct  4 23:14:30 UTC 2011

---
 core/krb5/PKGBUILD                               | 24 +++++++---
 core/krb5/krb5-1.9.1-canonicalize-fallback.patch | 58 ++++++++++++++++++++++++
 core/krb5/krb5-1.9.1-config-script.patch         | 18 ++++----
 3 files changed, 86 insertions(+), 14 deletions(-)
 create mode 100644 core/krb5/krb5-1.9.1-canonicalize-fallback.patch

(limited to 'core/krb5')

diff --git a/core/krb5/PKGBUILD b/core/krb5/PKGBUILD
index 94356ab28..b86c0a91c 100644
--- a/core/krb5/PKGBUILD
+++ b/core/krb5/PKGBUILD
@@ -1,9 +1,9 @@
-# $Id: PKGBUILD 133509 2011-07-28 19:16:56Z stephane $
+# $Id: PKGBUILD 139635 2011-10-03 23:42:42Z stephane $
 # Maintainer: Stéphane Gaudreault <stephane@archlinux.org>
 
 pkgname=krb5
 pkgver=1.9.1
-pkgrel=3
+pkgrel=4
 pkgdesc="The Kerberos network authentication system"
 arch=('i686' 'x86_64')
 url="http://web.mit.edu/kerberos/"
@@ -17,11 +17,13 @@ backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
 source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.9/${pkgname}-${pkgver}-signed.tar
         krb5-kadmind
         krb5-kdc
-        krb5-1.9.1-config-script.patch)
+        krb5-1.9.1-config-script.patch
+        krb5-1.9.1-canonicalize-fallback.patch)
 sha1sums=('e23a1795a237521493da9cf3443ac8b98a90c066'
           '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
           '77d2312ecd8bf12a6e72cc8fd871a8ac93b23393'
-          '8d1ec8bdb39fec230caace112d1a41ad792f7d97')
+          '7342410760cf44bfa01bb99bb4c49e12496cb46f'
+          '238c268fa6cb42fc7324ab54db9abda5cd77f833')
 options=('!emptydirs')
 
 build() {
@@ -30,14 +32,21 @@ build() {
 
    # - Make krb5-config suppress CFLAGS output when called with --libs
    #   cf https://bugzilla.redhat.com/show_bug.cgi?id=544391
-   #      http://pkgs.fedoraproject.org/gitweb/?p=krb5.git;a=blob;f=krb5-1.7-buildconf.patch
    #
    # - Omit extra libraries because their interfaces are not exposed to applications
    #   by libkrb5, unless do_deps is set to 1, which indicates that the caller
    #   wants the whole list.
-   #   cf http://pkgs.fedoraproject.org/gitweb/?p=krb5.git;a=blob;f=krb5-1.7-nodeplibs.patch
+   #
+   #   Patch from upstream : 
+   #   http://anonsvn.mit.edu/viewvc/krb5/trunk/src/krb5-config.in?r1=23662&r2=25236
    patch -Np2 -i ${srcdir}/krb5-1.9.1-config-script.patch
 
+   # FS#25515
+   patch -Np2 -i ${srcdir}/krb5-1.9.1-canonicalize-fallback.patch
+
+   # FS#25384
+   sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
+
    export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
    export CPPFLAGS+=" -I/usr/include/et"
    ./configure --prefix=/usr \
@@ -69,5 +78,8 @@ package() {
    install -m 755 ../../krb5-kdc "${pkgdir}"/etc/rc.d
    install -m 755 ../../krb5-kadmind  "${pkgdir}"/etc/rc.d
 
+   install -dm 755 "${pkgdir}"/usr/share/aclocal
+   install -m 644 util/ac_check_krb5.m4 "${pkgdir}"/usr/share/aclocal
+
    install -Dm644 "${srcdir}"/${pkgname}-${pkgver}/NOTICE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
 }
diff --git a/core/krb5/krb5-1.9.1-canonicalize-fallback.patch b/core/krb5/krb5-1.9.1-canonicalize-fallback.patch
new file mode 100644
index 000000000..e5a38498f
--- /dev/null
+++ b/core/krb5/krb5-1.9.1-canonicalize-fallback.patch
@@ -0,0 +1,58 @@
+diff -Naur krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c krb5-1.9.1/src/lib/krb5/krb/get_creds.c
+--- krb5-1.9.1.ori/src/lib/krb5/krb/get_creds.c	2011-02-09 16:55:36.000000000 -0500
++++ krb5-1.9.1/src/lib/krb5/krb/get_creds.c	2011-09-26 18:42:01.465190278 -0400
+@@ -470,13 +470,10 @@
+ 
+ /***** STATE_REFERRALS *****/
+ 
+-/*
+- * Possibly retry a request in the fallback realm after a referral request
+- * failure in the local realm.  Expects ctx->reply_code to be set to the error
+- * from a referral request.
+- */
++/* Possibly try a non-referral request after a referral request failure.
++ * Expects ctx->reply_code to be set to the error from a referral request. */
+ static krb5_error_code
+-try_fallback_realm(krb5_context context, krb5_tkt_creds_context ctx)
++try_fallback(krb5_context context, krb5_tkt_creds_context ctx)
+ {
+     krb5_error_code code;
+     char **hrealms;
+@@ -485,9 +482,10 @@
+     if (ctx->referral_count > 1)
+         return ctx->reply_code;
+ 
+-    /* Only fall back if the original request used the referral realm. */
++    /* If the request used a specified realm, make a non-referral request to
++     * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */
+     if (!krb5_is_referral_realm(&ctx->req_server->realm))
+-        return ctx->reply_code;
++        return begin_non_referral(context, ctx);
+ 
+     if (ctx->server->length < 2) {
+         /* We need a type/host format principal to find a fallback realm. */
+@@ -500,10 +498,10 @@
+     if (code != 0)
+         return code;
+ 
+-    /* Give up if the fallback realm isn't any different. */
++    /* If the fallback realm isn't any different, use the existing TGT. */
+     if (data_eq_string(ctx->server->realm, hrealms[0])) {
+         krb5_free_host_realm(context, hrealms);
+-        return ctx->reply_code;
++        return begin_non_referral(context, ctx);
+     }
+ 
+     /* Rewrite server->realm to be the fallback realm. */
+@@ -540,9 +538,9 @@
+     krb5_error_code code;
+     const krb5_data *referral_realm;
+ 
+-    /* Possibly retry with the fallback realm on error. */
++    /* Possibly try a non-referral fallback request on error. */
+     if (ctx->reply_code != 0)
+-        return try_fallback_realm(context, ctx);
++        return try_fallback(context, ctx);
+ 
+     if (krb5_principal_compare(context, ctx->reply_creds->server,
+                                ctx->server)) {
diff --git a/core/krb5/krb5-1.9.1-config-script.patch b/core/krb5/krb5-1.9.1-config-script.patch
index 96ee6b001..a72a75edf 100644
--- a/core/krb5/krb5-1.9.1-config-script.patch
+++ b/core/krb5/krb5-1.9.1-config-script.patch
@@ -1,25 +1,27 @@
 diff -Naur krb5-1.9.1.ori/src/krb5-config.in krb5-1.9.1/src/krb5-config.in
 --- krb5-1.9.1.ori/src/krb5-config.in	2010-01-19 13:44:57.000000000 -0500
-+++ krb5-1.9.1/src/krb5-config.in	2011-07-28 14:32:00.546990621 -0400
++++ krb5-1.9.1/src/krb5-config.in	2011-09-26 18:27:09.018487087 -0400
 @@ -186,7 +186,7 @@
  	    -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
  	    -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
  	    -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
 -	    -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
-+       -e 's#\$(CFLAGS)##'`
++	    -e 's#\$(CFLAGS)##'`
  
      if test $library = 'kdb'; then
  	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
-@@ -214,7 +214,11 @@
+@@ -214,9 +214,13 @@
      fi
  
      if test $library = 'krb5'; then
 -	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
-+       if test 0$do_deps -eq 1 ; then
-+	        lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
-+       else
-+           lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err"
-+       fi
++	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err"
      fi
  
++    # If we ever support a flag to generate output suitable for static
++    # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
++    # here.
++
      echo $lib_flags
+ fi
+ 
-- 
cgit v1.2.3-54-g00ecf