Hello community, here is the log from the commit of package python-kerberos for openSUSE:Factory checked in at 2015-07-21 13:27:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-kerberos (Old) and /work/SRC/openSUSE:Factory/.python-kerberos.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-kerberos" Changes: -------- --- /work/SRC/openSUSE:Factory/python-kerberos/python-kerberos.changes 2015-06-15 17:47:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-kerberos.new/python-kerberos.changes 2015-07-21 13:29:10.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Jul 15 09:23:35 UTC 2015 - [email protected] + +- Add: 0001-Initialise-pydelegatestate-variable-to-NULL.patch + Fix segmentation fault in authGSSClientInit caused by a NULL value + of pydelegatestate. + +------------------------------------------------------------------- New: ---- 0001-Initialise-pydelegatestate-variable-to-NULL.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-kerberos.spec ++++++ --- /var/tmp/diff_new_pack.UmsiL9/_old 2015-07-21 13:29:11.000000000 +0200 +++ /var/tmp/diff_new_pack.UmsiL9/_new 2015-07-21 13:29:11.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-kerberos # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -13,19 +13,21 @@ # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Name: python-kerberos Version: 1.2.2 Release: 0 -License: Apache-2.0 Summary: Kerberos high-level interface -Url: http://www.calendarserver.org/ +License: Apache-2.0 Group: Development/Languages/Python +Url: http://www.calendarserver.org/ Source: https://pypi.python.org/packages/source/k/kerberos/kerberos-%{version}.tar.gz +Patch1: 0001-Initialise-pydelegatestate-variable-to-NULL.patch +BuildRequires: krb5-devel BuildRequires: python-devel BuildRequires: python-setuptools -BuildRequires: krb5-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitearch: %global python_sitearch %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} @@ -40,6 +42,7 @@ %prep %setup -q -n kerberos-%{version} +%patch1 -p1 %build CFLAGS="%{optflags}" python setup.py build ++++++ 0001-Initialise-pydelegatestate-variable-to-NULL.patch ++++++ Date: 2015-07-16 Author: Howard Guo <[email protected]> A bug in the python module was discovered when using FreeIPA. FreeIPA administrative utility "ipa" calls authGSSClientInit without offering delegatestate parameter, causing segfault in the python module due to missing initialisation and checks. diff -rupN kerberos-1.2.2/src/kerberos.c kerberos-1.2.2-patched/src/kerberos.c --- kerberos-1.2.2/src/kerberos.c 2015-03-27 00:13:12.000000000 +0100 +++ kerberos-1.2.2-patched/src/kerberos.c 2015-07-15 11:17:11.793577875 +0200 @@ -132,7 +132,7 @@ static PyObject* authGSSClientInit(PyObj gss_client_state *state; PyObject *pystate; gss_server_state *delegatestate = NULL; - PyObject *pydelegatestate; + PyObject *pydelegatestate = NULL; static char *kwlist[] = { "service", "principal", "gssflags", "delegated", NULL }; @@ -149,7 +149,7 @@ static PyObject* authGSSClientInit(PyObj state = (gss_client_state *) malloc(sizeof(gss_client_state)); pystate = PyCObject_FromVoidPtr(state, NULL); - if (PyCObject_Check(pydelegatestate)) { + if (pydelegatestate && PyCObject_Check(pydelegatestate)) { delegatestate = PyCObject_AsVoidPtr(pydelegatestate); }
