[Ipcop-svn] SF.net SVN: ipcop:[6037] ipcop/trunk/src/patches

Sun, 06 Nov 2011 11:25:26 -0800 

Revision: 6037
          http://ipcop.svn.sourceforge.net/ipcop/?rev=6037&view=rev
Author:   gespinasse
Date:     2011-11-06 19:25:14 +0000 (Sun, 06 Nov 2011)
Log Message:
-----------
Remove krb5 patches as 1.9.2 has been released

Removed Paths:
-------------
    ipcop/trunk/src/patches/krb5-1.9.1_MITKRB5-SA-2011-006.patch
    ipcop/trunk/src/patches/krb5-1.9.1_fd-leak.patch

Deleted: ipcop/trunk/src/patches/krb5-1.9.1_MITKRB5-SA-2011-006.patch
===================================================================
--- ipcop/trunk/src/patches/krb5-1.9.1_MITKRB5-SA-2011-006.patch        
2011-11-06 18:12:53 UTC (rev 6036)
+++ ipcop/trunk/src/patches/krb5-1.9.1_MITKRB5-SA-2011-006.patch        
2011-11-06 19:25:14 UTC (rev 6037)
@@ -1,82 +0,0 @@
-Fedora borrowed
-So much patches to follow http://pkgs.fedoraproject.org/gitweb/?p=krb5.git
-- apply upstream patch to fix a null pointer dereference with the LDAP kdb 
backend...
-[krb5.git] / krb5-1.9-MITKRB5-SA-2011-006.patch
-
-(Gentoo has the same)
-
-diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c
-index b473611..50c60b7 100644
---- a/src/plugins/kdb/db2/lockout.c
-+++ b/src/plugins/kdb/db2/lockout.c
-@@ -169,6 +169,9 @@ krb5_db2_lockout_audit(krb5_context context,
-         return 0;
-     }
- 
-+    if (entry == NULL)
-+        return 0;
-+
-     if (!db_ctx->disable_lockout) {
-         code = lookup_lockout_policy(context, entry, &max_fail,
-                                      &failcnt_interval, &lockout_duration);
-@@ -176,6 +179,15 @@ krb5_db2_lockout_audit(krb5_context context,
-             return code;
-     }
- 
-+    /*
-+     * Don't continue to modify the DB for an already locked account.
-+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
-+     * this check is unneeded, but in rare cases, we can fail with an
-+     * integrity error or preauth failure before a policy check.)
-+     */
-+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
-+        return 0;
-+
-     /* Only mark the authentication as successful if the entry
-      * required preauthentication, otherwise we have no idea. */
-     if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 
b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index 552e39a..c2f44ab 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -105,6 +105,7 @@ krb5_ldap_get_principal(krb5_context context, 
krb5_const_principal searchfor,
-     CHECK_LDAP_HANDLE(ldap_context);
- 
-     if (is_principal_in_realm(ldap_context, searchfor) != 0) {
-+        st = KRB5_KDB_NOENTRY;
-         krb5_set_error_message (context, st, "Principal does not belong to 
realm");
-         goto cleanup;
-     }
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c 
b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
-index a218dc7..fd164dd 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
-@@ -165,6 +165,9 @@ krb5_ldap_lockout_audit(krb5_context context,
-         return 0;
-     }
- 
-+    if (entry == NULL)
-+        return 0;
-+
-     if (!ldap_context->disable_lockout) {
-         code = lookup_lockout_policy(context, entry, &max_fail,
-                                      &failcnt_interval,
-@@ -173,9 +176,16 @@ krb5_ldap_lockout_audit(krb5_context context,
-             return code;
-     }
- 
--    entry->mask = 0;
-+    /*
-+     * Don't continue to modify the DB for an already locked account.
-+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
-+     * this check is unneeded, but in rare cases, we can fail with an
-+     * integrity error or preauth failure before a policy check.)
-+     */
-+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
-+        return 0;
- 
--    assert (!locked_check_p(context, stamp, max_fail, lockout_duration, 
entry));
-+    entry->mask = 0;
- 
-     /* Only mark the authentication as successful if the entry
-      * required preauthentication, otherwise we have no idea. */

Deleted: ipcop/trunk/src/patches/krb5-1.9.1_fd-leak.patch
===================================================================
--- ipcop/trunk/src/patches/krb5-1.9.1_fd-leak.patch    2011-11-06 18:12:53 UTC 
(rev 6036)
+++ ipcop/trunk/src/patches/krb5-1.9.1_fd-leak.patch    2011-11-06 19:25:14 UTC 
(rev 6037)
@@ -1,66 +0,0 @@
-Gentoo borrowed bug #387485
-http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch?revision=1.1
-
-Index: trunk/src/lib/kadm5/clnt/client_init.c
-===================================================================
-diff -u -N -r24978 -r25115
---- trunk/src/lib/kadm5/clnt/client_init.c     (.../client_init.c)     
(revision 24978)
-+++ trunk/src/lib/kadm5/clnt/client_init.c     (.../client_init.c)     
(revision 25115)
-@@ -155,7 +155,7 @@
-          kadm5_config_params *params_in, krb5_ui_4 struct_version,
-          krb5_ui_4 api_version, char **db_args, void **server_handle)
- {
--    int fd;
-+    int fd = -1;
- 
-     krb5_boolean iprop_enable;
-     int port;
-@@ -192,6 +192,7 @@
-     handle->struct_version = struct_version;
-     handle->api_version = api_version;
-     handle->clnt = 0;
-+    handle->client_socket = -1;
-     handle->cache_name = 0;
-     handle->destroy_cache = 0;
-     handle->context = 0;
-@@ -301,7 +302,9 @@
- #endif
-         goto error;
-     }
-+    handle->client_socket = fd;
-     handle->lhandle->clnt = handle->clnt;
-+    handle->lhandle->client_socket = fd;
- 
-     /* now that handle->clnt is set, we can check the handle */
-     if ((code = _kadm5_check_handle((void *) handle)))
-@@ -372,6 +375,8 @@
-         AUTH_DESTROY(handle->clnt->cl_auth);
-     if(handle->clnt)
-         clnt_destroy(handle->clnt);
-+    if (fd != -1)
-+        close(fd);
- 
-     kadm5_free_config_params(handle->context, &handle->params);
- 
-@@ -796,6 +801,8 @@
-         AUTH_DESTROY(handle->clnt->cl_auth);
-     if (handle->clnt)
-         clnt_destroy(handle->clnt);
-+    if (handle->client_socket != -1)
-+        close(handle->client_socket);
-     if (handle->lhandle)
-         free (handle->lhandle);
- 
-Index: trunk/src/lib/kadm5/clnt/client_internal.h
-===================================================================
-diff -u -N -r23100 -r25115
---- trunk/src/lib/kadm5/clnt/client_internal.h (.../client_internal.h) 
(revision 23100)
-+++ trunk/src/lib/kadm5/clnt/client_internal.h (.../client_internal.h) 
(revision 25115)
-@@ -72,6 +72,7 @@
-     char *          cache_name;
-     int             destroy_cache;
-     CLIENT *        clnt;
-+    int             client_socket;
-     krb5_context    context;
-     kadm5_config_params params;
-     struct _kadm5_server_handle_t *lhandle;

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

Reply via email to