[krb5] we'll need this until the next upstream refresh
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Nov 15 17:46:53 UTC 2011
commit 17a1f736bde4a20a14d404856cd166fbde23eb79
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Nov 9 14:39:29 2011 -0500
we'll need this until the next upstream refresh
krb5-1.10-alpha1-uninit.patch | 59 +++++++++++++++++++++++++++++++++++++++++
1 files changed, 59 insertions(+), 0 deletions(-)
---
diff --git a/krb5-1.10-alpha1-uninit.patch b/krb5-1.10-alpha1-uninit.patch
new file mode 100644
index 0000000..252d708
--- /dev/null
+++ b/krb5-1.10-alpha1-uninit.patch
@@ -0,0 +1,59 @@
+commit 47cccb49b34ce88def9e171cef475f1b193fb4e5
+Author: ghudson <ghudson at dc483132-0cff-0310-8789-dd5450dbe970>
+Date: Mon Nov 7 00:47:20 2011 +0000
+
+ ticket: 6999
+ target_version: 1.10
+ tags: pullup
+
+ Fix warnings and version check for NSS pkinit
+
+ From nalin at redhat.com.
+
+ git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25445 dc483132-0cff-0310-8789-dd5450dbe970
+
+diff --git a/src/configure.in b/src/configure.in
+index e5de903..6aae2f5 100644
+--- a/src/configure.in
++++ b/src/configure.in
+@@ -162,12 +162,10 @@ nss)
+ CFLAGS="$CFLAGS $CRYPTO_IMPL_CFLAGS"
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+ #include <nss.h>
+-#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 12)
+-#error
+-#elif NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH < 9
++#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 13)
+ #error
+ #endif
+- ])], [], [AC_MSG_ERROR([NSS version 3.12.9 or later required.])])
++ ])], [], [AC_MSG_ERROR([NSS version 3.13 or later required.])])
+ CFLAGS=$save_CFLAGS
+ ;;
+ *)
+diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+index 7955324..1a83083 100644
+--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
++++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+@@ -2190,7 +2190,7 @@ crypto_get_pem_slot(struct _pkinit_identity_crypto_context *id)
+ /* Resolve any ambiguities from having a duplicate nickname in the PKCS12
+ * bundle and in the database, or the bag not providing a nickname. Note: you
+ * might expect "arg" to be a wincx, but it's actually a certificate! (Mozilla
+- * bug #321584) */
++ * bug #321584, fixed in 3.12, documented by #586163, in 3.13.) */
+ static SECItem *
+ crypto_nickname_c_cb(SECItem *old_nickname, PRBool *cancel, void *arg)
+ {
+@@ -3527,10 +3527,10 @@ pkinit_create_td_trusted_certifiers(krb5_context context,
+ !CERT_LIST_END(node, sclist);
+ node = CERT_LIST_NEXT(node)) {
+ /* If we have no trust for it, we can't trust it. */
+- if (cert->trust == NULL)
++ if (node->cert->trust == NULL)
+ continue;
+ /* We need to trust it to issue client certs. */
+- trustf = SEC_GET_TRUST_FLAGS(cert->trust, trustSSL);
++ trustf = SEC_GET_TRUST_FLAGS(node->cert->trust, trustSSL);
+ if (!(trustf & CERTDB_TRUSTED_CLIENT_CA))
+ continue;
+ /* DestroyCertList frees all of the certs in the list,
More information about the scm-commits
mailing list