summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEray Aslan <eras@gentoo.org>2011-10-18 06:55:20 +0000
committerEray Aslan <eras@gentoo.org>2011-10-18 06:55:20 +0000
commit5a0ee1038b27c9432d4db5af2209d7c992a98f42 (patch)
tree21fecf7a4f9728986a21036aa454f773e0133444 /app-crypt
parentx86 stable wrt bug #387333 (diff)
downloadgentoo-2-5a0ee1038b27c9432d4db5af2209d7c992a98f42.tar.gz
gentoo-2-5a0ee1038b27c9432d4db5af2209d7c992a98f42.tar.bz2
gentoo-2-5a0ee1038b27c9432d4db5af2209d7c992a98f42.zip
patch for fd leak in kadmin - bug #387485
(Portage version: 2.1.10.27/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/mit-krb5/ChangeLog8
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch65
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild122
3 files changed, 194 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog
index 674b9a047601..7de1d0ae5add 100644
--- a/app-crypt/mit-krb5/ChangeLog
+++ b/app-crypt/mit-krb5/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-crypt/mit-krb5
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.290 2011/10/11 17:36:47 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.291 2011/10/18 06:55:19 eras Exp $
+
+*mit-krb5-1.9.1-r1 (18 Oct 2011)
+
+ 18 Oct 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.1-r1.ebuild,
+ +files/mit-krb5-1.9.1-fd-leak.patch:
+ patch for fd leak in kadmin - bug #387485
11 Oct 2011; Jeroen Roovers <jer@gentoo.org> mit-krb5-1.9.1.ebuild:
Stable for HPPA (bug #374119).
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch b/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch
new file mode 100644
index 000000000000..9eeb17a94cc6
--- /dev/null
+++ b/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch
@@ -0,0 +1,65 @@
+bug #387485
+
+Index: trunk/src/lib/kadm5/clnt/client_init.c
+===================================================================
+diff -u -N -r24978 -r25115
+--- trunk/src/lib/kadm5/clnt/client_init.c (.../client_init.c) (revision 24978)
++++ trunk/src/lib/kadm5/clnt/client_init.c (.../client_init.c) (revision 25115)
+@@ -155,7 +155,7 @@
+ kadm5_config_params *params_in, krb5_ui_4 struct_version,
+ krb5_ui_4 api_version, char **db_args, void **server_handle)
+ {
+- int fd;
++ int fd = -1;
+
+ krb5_boolean iprop_enable;
+ int port;
+@@ -192,6 +192,7 @@
+ handle->struct_version = struct_version;
+ handle->api_version = api_version;
+ handle->clnt = 0;
++ handle->client_socket = -1;
+ handle->cache_name = 0;
+ handle->destroy_cache = 0;
+ handle->context = 0;
+@@ -301,7 +302,9 @@
+ #endif
+ goto error;
+ }
++ handle->client_socket = fd;
+ handle->lhandle->clnt = handle->clnt;
++ handle->lhandle->client_socket = fd;
+
+ /* now that handle->clnt is set, we can check the handle */
+ if ((code = _kadm5_check_handle((void *) handle)))
+@@ -372,6 +375,8 @@
+ AUTH_DESTROY(handle->clnt->cl_auth);
+ if(handle->clnt)
+ clnt_destroy(handle->clnt);
++ if (fd != -1)
++ close(fd);
+
+ kadm5_free_config_params(handle->context, &handle->params);
+
+@@ -796,6 +801,8 @@
+ AUTH_DESTROY(handle->clnt->cl_auth);
+ if (handle->clnt)
+ clnt_destroy(handle->clnt);
++ if (handle->client_socket != -1)
++ close(handle->client_socket);
+ if (handle->lhandle)
+ free (handle->lhandle);
+
+Index: trunk/src/lib/kadm5/clnt/client_internal.h
+===================================================================
+diff -u -N -r23100 -r25115
+--- trunk/src/lib/kadm5/clnt/client_internal.h (.../client_internal.h) (revision 23100)
++++ trunk/src/lib/kadm5/clnt/client_internal.h (.../client_internal.h) (revision 25115)
+@@ -72,6 +72,7 @@
+ char * cache_name;
+ int destroy_cache;
+ CLIENT * clnt;
++ int client_socket;
+ krb5_context context;
+ kadm5_config_params params;
+ struct _kadm5_server_handle_t *lhandle;
diff --git a/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild
new file mode 100644
index 000000000000..8ded6d0a753b
--- /dev/null
+++ b/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild,v 1.1 2011/10/18 06:55:19 eras Exp $
+
+EAPI=3
+
+inherit eutils flag-o-matic versionator
+
+MY_P="${P/mit-}"
+P_DIR=$(get_version_component_range 1-2)
+DESCRIPTION="MIT Kerberos V"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="doc +keyutils openldap +pkinit +threads test xinetd"
+
+RDEPEND="!!app-crypt/heimdal
+ >=sys-libs/e2fsprogs-libs-1.41.0
+ keyutils? ( sys-apps/keyutils )
+ openldap? ( net-nds/openldap )
+ xinetd? ( sys-apps/xinetd )"
+DEPEND="${RDEPEND}
+ virtual/yacc
+ doc? ( virtual/latex-base )
+ test? ( dev-lang/tcl
+ dev-lang/python
+ dev-util/dejagnu )"
+
+S=${WORKDIR}/${MY_P}/src
+
+src_unpack() {
+ unpack ${A}
+ unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-fd-leak.patch"
+}
+
+src_configure() {
+ append-flags "-I${EPREFIX}/usr/include/et"
+ # QA
+ append-flags -fno-strict-aliasing
+ append-flags -fno-strict-overflow
+ use keyutils || export ac_cv_header_keyutils_h=no
+ econf \
+ $(use_with openldap ldap) \
+ "$(use_with test tcl "${EPREFIX}/usr")" \
+ $(use_enable pkinit) \
+ $(use_enable threads thread-support) \
+ --without-krb4 \
+ --without-hesiod \
+ --enable-shared \
+ --with-system-et \
+ --with-system-ss \
+ --enable-dns-for-realm \
+ --enable-kdc-lookaside-cache \
+ --disable-rpath
+}
+
+src_compile() {
+ emake -j1 || die "emake failed"
+
+ if use doc ; then
+ cd ../doc
+ for dir in api implement ; do
+ emake -C "${dir}" || die "doc emake failed"
+ done
+ fi
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
+ install || die "install failed"
+
+ # default database dir
+ keepdir /var/lib/krb5kdc
+
+ cd ..
+ dodoc NOTICE README
+ dodoc doc/*.{ps,txt}
+ doinfo doc/*.info*
+ dohtml -r doc/*.html
+
+ # die if we cannot respect a USE flag
+ if use doc ; then
+ dodoc doc/{api,implement}/*.ps || die "dodoc failed"
+ fi
+
+ newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die
+ newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die
+ newinitd "${FILESDIR}"/mit-krb5kpropd.initd mit-krb5kpropd || die
+
+ insinto /etc
+ newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
+ insinto /var/lib/krb5kdc
+ newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
+
+ if use openldap ; then
+ insinto /etc/openldap/schema
+ doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die
+ fi
+
+ if use xinetd ; then
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}/kpropd.xinetd" kpropd || die
+ fi
+}
+
+pkg_preinst() {
+ if has_version "<${CATEGORY}/${PN}-1.8.0" ; then
+ elog "MIT split the Kerberos applications from the base Kerberos"
+ elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp,"
+ elog "ftp clients and telnet, ftp deamons now live in"
+ elog "\"app-crypt/mit-krb5-appl\" package."
+ fi
+}