diff options
author | Eray Aslan <eras@gentoo.org> | 2011-10-18 06:55:20 +0000 |
---|---|---|
committer | Eray Aslan <eras@gentoo.org> | 2011-10-18 06:55:20 +0000 |
commit | 5a0ee1038b27c9432d4db5af2209d7c992a98f42 (patch) | |
tree | 21fecf7a4f9728986a21036aa454f773e0133444 /app-crypt | |
parent | x86 stable wrt bug #387333 (diff) | |
download | gentoo-2-5a0ee1038b27c9432d4db5af2209d7c992a98f42.tar.gz gentoo-2-5a0ee1038b27c9432d4db5af2209d7c992a98f42.tar.bz2 gentoo-2-5a0ee1038b27c9432d4db5af2209d7c992a98f42.zip |
patch for fd leak in kadmin - bug #387485
(Portage version: 2.1.10.27/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 8 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch | 65 | ||||
-rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild | 122 |
3 files changed, 194 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 674b9a047601..7de1d0ae5add 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.290 2011/10/11 17:36:47 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.291 2011/10/18 06:55:19 eras Exp $ + +*mit-krb5-1.9.1-r1 (18 Oct 2011) + + 18 Oct 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.1-r1.ebuild, + +files/mit-krb5-1.9.1-fd-leak.patch: + patch for fd leak in kadmin - bug #387485 11 Oct 2011; Jeroen Roovers <jer@gentoo.org> mit-krb5-1.9.1.ebuild: Stable for HPPA (bug #374119). diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch b/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch new file mode 100644 index 000000000000..9eeb17a94cc6 --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch @@ -0,0 +1,65 @@ +bug #387485 + +Index: trunk/src/lib/kadm5/clnt/client_init.c +=================================================================== +diff -u -N -r24978 -r25115 +--- trunk/src/lib/kadm5/clnt/client_init.c (.../client_init.c) (revision 24978) ++++ trunk/src/lib/kadm5/clnt/client_init.c (.../client_init.c) (revision 25115) +@@ -155,7 +155,7 @@ + kadm5_config_params *params_in, krb5_ui_4 struct_version, + krb5_ui_4 api_version, char **db_args, void **server_handle) + { +- int fd; ++ int fd = -1; + + krb5_boolean iprop_enable; + int port; +@@ -192,6 +192,7 @@ + handle->struct_version = struct_version; + handle->api_version = api_version; + handle->clnt = 0; ++ handle->client_socket = -1; + handle->cache_name = 0; + handle->destroy_cache = 0; + handle->context = 0; +@@ -301,7 +302,9 @@ + #endif + goto error; + } ++ handle->client_socket = fd; + handle->lhandle->clnt = handle->clnt; ++ handle->lhandle->client_socket = fd; + + /* now that handle->clnt is set, we can check the handle */ + if ((code = _kadm5_check_handle((void *) handle))) +@@ -372,6 +375,8 @@ + AUTH_DESTROY(handle->clnt->cl_auth); + if(handle->clnt) + clnt_destroy(handle->clnt); ++ if (fd != -1) ++ close(fd); + + kadm5_free_config_params(handle->context, &handle->params); + +@@ -796,6 +801,8 @@ + AUTH_DESTROY(handle->clnt->cl_auth); + if (handle->clnt) + clnt_destroy(handle->clnt); ++ if (handle->client_socket != -1) ++ close(handle->client_socket); + if (handle->lhandle) + free (handle->lhandle); + +Index: trunk/src/lib/kadm5/clnt/client_internal.h +=================================================================== +diff -u -N -r23100 -r25115 +--- trunk/src/lib/kadm5/clnt/client_internal.h (.../client_internal.h) (revision 23100) ++++ trunk/src/lib/kadm5/clnt/client_internal.h (.../client_internal.h) (revision 25115) +@@ -72,6 +72,7 @@ + char * cache_name; + int destroy_cache; + CLIENT * clnt; ++ int client_socket; + krb5_context context; + kadm5_config_params params; + struct _kadm5_server_handle_t *lhandle; diff --git a/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild new file mode 100644 index 000000000000..8ded6d0a753b --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild,v 1.1 2011/10/18 06:55:19 eras Exp $ + +EAPI=3 + +inherit eutils flag-o-matic versionator + +MY_P="${P/mit-}" +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="doc +keyutils openldap +pkinit +threads test xinetd" + +RDEPEND="!!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.41.0 + keyutils? ( sys-apps/keyutils ) + openldap? ( net-nds/openldap ) + xinetd? ( sys-apps/xinetd )" +DEPEND="${RDEPEND} + virtual/yacc + doc? ( virtual/latex-base ) + test? ( dev-lang/tcl + dev-lang/python + dev-util/dejagnu )" + +S=${WORKDIR}/${MY_P}/src + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/${P}-fd-leak.patch" +} + +src_configure() { + append-flags "-I${EPREFIX}/usr/include/et" + # QA + append-flags -fno-strict-aliasing + append-flags -fno-strict-overflow + use keyutils || export ac_cv_header_keyutils_h=no + econf \ + $(use_with openldap ldap) \ + "$(use_with test tcl "${EPREFIX}/usr")" \ + $(use_enable pkinit) \ + $(use_enable threads thread-support) \ + --without-krb4 \ + --without-hesiod \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-lookaside-cache \ + --disable-rpath +} + +src_compile() { + emake -j1 || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ + install || die "install failed" + + # default database dir + keepdir /var/lib/krb5kdc + + cd .. + dodoc NOTICE README + dodoc doc/*.{ps,txt} + doinfo doc/*.info* + dohtml -r doc/*.html + + # die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die + newinitd "${FILESDIR}"/mit-krb5kpropd.initd mit-krb5kpropd || die + + insinto /etc + newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use openldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd || die + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + fi +} |