gisburn pushed to krb5 (master). "* Thu May 21 2015 Roland Mainz <rmainz at redhat.com> - 1.13.2-1 (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri May 22 14:28:51 UTC 2015
From 8c2cea93bb3e352539264ac88fd5fcf87f13f636 Mon Sep 17 00:00:00 2001
From: Roland Mainz <rmainz at redhat.com>
Date: Fri, 22 May 2015 16:28:26 +0200
Subject: * Thu May 21 2015 Roland Mainz <rmainz at redhat.com> - 1.13.2-1 - Add
fix for RedHat Bug #1164304 ("Upstream unit tests loads the installed
shared libraries instead the ones from the build")
diff --git a/krb5-tests_use_libs_from_build.patch b/krb5-tests_use_libs_from_build.patch
new file mode 100644
index 0000000..4538b1d
--- /dev/null
+++ b/krb5-tests_use_libs_from_build.patch
@@ -0,0 +1,96 @@
+#
+# krb5-tests_use_libs_from_build.patch - patch to ensure the tests
+# in the upstream sources use the libraries from the local tree
+# and not those from the underlying build system.
+3
+# Originally repoted as RedHat Bug #1164304 ("Upstream unit tests loads
+# the installed shared libraries instead the ones from the build")
+#
+#
+# Description of problem:
+# krb5-1.12.2/src/lib/kadm5/unit-test fails (segfaults) when
+# krb5-pkinit is installed on the sysytem.
+# Monitoring via audit showed that unit tests from this directory
+# loads pkinit.so from the installed package and not the one that
+# was built.
+# On top of that, monitoring showed that libs from the installed
+# krb5-libs (whatever version installed) are loaded too.
+# This questions the effectiveness of upstream testing.
+#
+# Version-Release number of selected component (if applicable):
+# krb5-libs-1.12.2-8.el7
+#
+# How reproducible:
+# always
+#
+# Steps to Reproduce:
+#
+# # rpm -qa krb5\*
+# krb5-devel-1.11.3-49.el7.ppc64
+# krb5-libs-1.11.3-49.el7.ppc64
+# krb5-pkinit-1.11.3-49.el7.ppc64
+# #
+# # rpm -ivh krb5-1.12.2-8.el7.src.rpm
+# ... snip ...
+# # rpmbuild -bc ~/rpmbuild/SPECS/krb5.spec
+# ... snip ...
+# #
+# # cd ~/rpmbuild/BUILD/krb5-1.12.2/src/
+# # make runenv.py
+# LD_LIBRARY_PATH=`echo -L./lib | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH; \
+# for i in LD_LIBRARY_PATH; do \
+# eval echo 'env['\\\'$i\\\''] = '\\\'\$$i\\\'; \
+# done > pyrunenv.vals
+# echo "proxy_tls_impl = 'openssl'" >> pyrunenv.vals
+# echo 'env = {}' > runenv.py
+# cat pyrunenv.vals >> runenv.py
+# # cd lib/kadm5/unit-test/
+# # make check
+# .. snip ...
+# KINIT=../../../clients/kinit/kinit \
+# KDESTROY=../../../clients/kdestroy/kdestroy \
+# KADMIN_LOCAL=../../../kadmin/cli/kadmin.local \
+# PRIOCNTL_HACK=0 VALGRIND="" \
+#
+# WARNING: Couldn't find the global config file.
+# WARNING: Couldn't find tool init file
+# Test Run By root on Fri Nov 14 10:30:35 2014
+# Native configuration is powerpc64-redhat-linux-gnu
+#
+# === api tests ===
+#
+# Schedule of variations:
+# unix
+#
+# Running target unix
+# Using /usr/share/dejagnu/baseboards/unix.exp as board description file for target.
+# Using /usr/share/dejagnu/config/unix.exp as generic interface file for target.
+# Using ./config/unix.exp as tool-and-target-specific interface file.
+# Running ./api.2/crte-policy.exp ...
+# FAIL: create-policy 1: eof
+# ERROR: create-policy 1: unexpected failure in init
+# ERROR: create-policy 2: unexpected failure in init
+# ERROR: create-policy 3: unexpected failure in init
+#
+diff -ur krb5/src/kadmin/testing/proto/krb5.conf.proto krb5/src/kadmin/testing/proto/krb5.conf.proto
+--- krb5/src/kadmin/testing/proto/krb5.conf.proto 2014-11-14 10:16:22.106948323 -0500
++++ krb5/src/kadmin/testing/proto/krb5.conf.proto 2014-11-14 10:14:16.955948323 -0500
+@@ -2,6 +2,7 @@
+ default_realm = __REALM__
+ default_keytab_name = FILE:__K5ROOT__/v5srvtab
+ dns_fallback = no
++ plugin_base_dir = __PLUGIN_DIR__
+
+ [realms]
+ __REALM__ = {
+diff -ur krb5/src/kadmin/testing/scripts/start_servers krb5/src/kadmin/testing/scripts/start_servers
+--- krb5/src/kadmin/testing/scripts/start_servers 2014-08-11 18:46:27.000000000 -0400
++++ krb5/src/kadmin/testing/scripts/start_servers 2014-11-14 10:14:56.409948323 -0500
+@@ -40,6 +40,7 @@
+ -e "s/__KDCHOST__/$hostname/g" \
+ -e "s/__LOCALHOST__/$localname/g" \
+ -e "s#__MODDIR__#$TOP/../plugins/kdb#g"\
++ -e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\
+ < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
+
+ # Using /usr/ucb/rsh and getting rid of "-k $REALM" until we get
diff --git a/krb5.spec b/krb5.spec
index 5b39de9..7bf373a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -43,7 +43,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.13.2
-Release: 0%{?dist}
+Release: 1%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
# - The sources below are stored in a lookaside cache. Upload with
@@ -94,6 +94,7 @@ Patch129: krb5-1.11-run_user_0.patch
Patch134: krb5-1.11-kpasswdtest.patch
Patch136: krb5-socket_wrapper_eventfd_prototype_mismatch.patch
Patch140: krb5-1.14-Support-KDC_ERR_MORE_PREAUTH_DATA_REQUIRED.patch
+Patch143: krb5-tests_use_libs_from_build.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -318,6 +319,7 @@ ln NOTICE LICENSE
%endif
%patch140 -p1 -b .krb5-1.14-support-kdc_err_more_preauth_data_required
+%patch143 -p1 -b .krb5-tests_use_libs_from_build
# Take the execute bit off of documentation.
chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
@@ -1009,6 +1011,10 @@ exit 0
%changelog
+* Thu May 21 2015 Roland Mainz <rmainz at redhat.com> - 1.13.2-1
+- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
+ the installed shared libraries instead the ones from the build")
+
* Thu May 14 2015 Roland Mainz <rmainz at redhat.com> - 1.13.2-0
- Update to krb5-1.13.2
- drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/krb5.git/commit/?h=master&id=8c2cea93bb3e352539264ac88fd5fcf87f13f636
More information about the scm-commits
mailing list