[Pkg-freeipa-devel] [Git][freeipa-team/mod-auth-gssapi][master] 7 commits: Fix a crash bug when s4u2proxy is configured
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Sun Aug 6 20:16:11 BST 2023
Timo Aaltonen pushed to branch master at FreeIPA packaging / mod-auth-gssapi
Commits:
463d9328 by Simo Sorce at 2022-08-29T06:24:10-04:00
Fix a crash bug when s4u2proxy is configured
If no cred store options are present at all the code now crashes trying
to access the structure that should hold the options as it is NULL.
Also add ifdefs that were missed in the original patch.
Signed-off-by: Simo Sorce <simo at redhat.com>
- - - - -
3d82ddf9 by Simo Sorce at 2022-08-29T06:24:10-04:00
OpenSSL 3.0 deprecated low level HMAC and other
So we need to disable -Werror until we can replace those functions
with calls to the EVP api or internal code.
Signed-off-by: Simo Sorce <simo at redhat.com>
- - - - -
796000ae by Simo Sorce at 2022-08-29T06:28:02-04:00
Release version 1.6.5
Signed-off-by: Simo Sorce <simo at redhat.com>
- - - - -
f3a8c58b by Timo Aaltonen at 2022-09-06T17:28:37+03:00
Merge branch 'upstream'
- - - - -
c0245ce9 by Timo Aaltonen at 2022-09-06T17:28:55+03:00
version bump
- - - - -
8fbc3886 by Timo Aaltonen at 2022-09-06T17:29:41+03:00
releasing package libapache2-mod-auth-gssapi version 1.6.5-1
- - - - -
74bb373b by Timo Aaltonen at 2023-02-25T12:25:18+02:00
control, copyright, watch: Update upstream repo url.
- - - - -
7 changed files:
- ci/ci.sh
- debian/changelog
- debian/control
- debian/copyright
- debian/watch
- src/mod_auth_gssapi.c
- version.m4
Changes:
=====================================
ci/ci.sh
=====================================
@@ -26,7 +26,9 @@ if [ x$FLAKE == xyes ]; then
flake8
fi
-CFLAGS="-Werror"
+#Disable -Werror until we can replace the HMAC stuff which gives warnings
+#because it has been deprecated in OpenSSL 3.0
+#CFLAGS="-Werror"
if [ x$COMPILER == xclang ]; then
CFLAGS+=" -Wno-missing-field-initializers"
CFLAGS+=" -Wno-missing-braces -Wno-cast-align"
=====================================
debian/changelog
=====================================
@@ -1,3 +1,16 @@
+libapache2-mod-auth-gssapi (1.6.5-2) UNRELEASED; urgency=medium
+
+ * control, copyright, watch: Update upstream repo url.
+ (Closes: #985744)
+
+ -- Timo Aaltonen <tjaalton at debian.org> Wed, 22 Feb 2023 12:44:51 +0200
+
+libapache2-mod-auth-gssapi (1.6.5-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Tue, 06 Sep 2022 17:29:36 +0300
+
libapache2-mod-auth-gssapi (1.6.4-2) unstable; urgency=medium
* Clean up cruft to fix FTBFS.
=====================================
debian/control
=====================================
@@ -16,7 +16,7 @@ Build-Depends:
libssl-dev,
pkg-config,
Standards-Version: 4.5.1
-Homepage: https://github.com/modauthgssapi/mod_auth_gssapi
+Homepage: https://github.com/gssapi/mod_auth_gssapi
Vcs-Git: https://salsa.debian.org/freeipa-team/mod-auth-gssapi.git
Vcs-Browser: https://salsa.debian.org/freeipa-team/mod-auth-gssapi
=====================================
debian/copyright
=====================================
@@ -1,6 +1,6 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: libapache2-mod-auth-gssapi
-Source: https://github.com/modauthgssapi/mod_auth_gssapi
+Source: https://github.com/gssapi/mod_auth_gssapi
Files: *
Copyright: 2014, Red Hat, Inc.
=====================================
debian/watch
=====================================
@@ -1,3 +1,3 @@
version=3
opts="filenamemangle=s/(?:.*)?v/libapache2-mod-auth-gssapi-/" \
-https://github.com/modauthgssapi/mod_auth_gssapi/tags (?:.*/)?v?(\d[\d\.]*)\.tar\.gz
+https://github.com/gssapi/mod_auth_gssapi/tags (?:.*/)?v?(\d[\d\.]*)\.tar\.gz
=====================================
src/mod_auth_gssapi.c
=====================================
@@ -714,8 +714,9 @@ void mag_verify_config(request_rec *req, struct mag_config *cfg)
/* we check only once */
if (cfg->verified) return;
+#ifdef HAVE_CRED_STORE
/* Check if cred store config is consistent with use_s4u2proxy.
- * Although not strictly required it is generally adivsable to
+ * Although not strictly required it is generally advisable to
* set keytab, client_keytab, and ccache in the cred_store when
* use_s4u2proxy is set, this is to avoid easy mistakes that are
* very difficult to diagnose */
@@ -724,14 +725,16 @@ void mag_verify_config(request_rec *req, struct mag_config *cfg)
bool has_client_keytab = false;
bool has_ccache = false;
- for (int i = 0; i < cfg->cred_store->count; i++) {
- const char *key = cfg->cred_store->elements[i].key;
- if (strcmp(key, "keytab") == 0) {
- has_keytab = true;
- } else if (strcmp(key, "client_keytab") == 0) {
- has_client_keytab = true;
- } else if (strcmp(key, "ccache") == 0) {
- has_ccache = true;
+ if (cfg->cred_store) {
+ for (int i = 0; i < cfg->cred_store->count; i++) {
+ const char *key = cfg->cred_store->elements[i].key;
+ if (strcmp(key, "keytab") == 0) {
+ has_keytab = true;
+ } else if (strcmp(key, "client_keytab") == 0) {
+ has_client_keytab = true;
+ } else if (strcmp(key, "ccache") == 0) {
+ has_ccache = true;
+ }
}
}
@@ -751,6 +754,7 @@ void mag_verify_config(request_rec *req, struct mag_config *cfg)
"GssapiCredStore", "ccache");
}
}
+#endif
cfg->verified = true;
}
=====================================
version.m4
=====================================
@@ -1 +1 @@
-m4_define([VERSION_NUMBER], [1.6.4])
+m4_define([VERSION_NUMBER], [1.6.5])
View it on GitLab: https://salsa.debian.org/freeipa-team/mod-auth-gssapi/-/compare/b8a4001e5cc6120b9f610aed6a82e7fe8cd4e890...74bb373bc658c21f055cb5c2842a1829d47d47bb
--
View it on GitLab: https://salsa.debian.org/freeipa-team/mod-auth-gssapi/-/compare/b8a4001e5cc6120b9f610aed6a82e7fe8cd4e890...74bb373bc658c21f055cb5c2842a1829d47d47bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230806/0d3f62de/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list