summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobbie Harwood <rharwood@redhat.com>2017-01-20 22:37:32 +0000
committerRobbie Harwood <rharwood@redhat.com>2017-01-20 18:07:42 -0500
commit621f3cf2e61c8a32b1f23057e3cf24d99347defa (patch)
tree7696494e28c563901da97daa359ee42eb40ab415
parentbe80cb98618aa41d96ec79aec5b9f7a60c18c41e (diff)
downloadkrb5-621f3cf2e61c8a32b1f23057e3cf24d99347defa.tar.gz
krb5-621f3cf2e61c8a32b1f23057e3cf24d99347defa.tar.xz
krb5-621f3cf2e61c8a32b1f23057e3cf24d99347defa.zip
Add free hook to KDB; increments KDB version
Add KDB version flag. All patches are touched because git made the hash lengths in patches longer.
-rw-r--r--Add-free_principal_e_data-KDB-method.patch80
-rw-r--r--Build-with-Werror-implicit-int-where-supported.patch2
-rw-r--r--Explicitly-copy-KDB-vtable-fields.patch121
-rw-r--r--krb5-1.11-kpasswdtest.patch2
-rw-r--r--krb5-1.11-run_user_0.patch2
-rw-r--r--krb5-1.12-api.patch2
-rw-r--r--krb5-1.12-ksu-path.patch2
-rw-r--r--krb5-1.12-ktany.patch6
-rw-r--r--krb5-1.12.1-pam.patch12
-rw-r--r--krb5-1.13-dirsrv-accountlock.patch6
-rw-r--r--krb5-1.15-beta1-buildconf.patch6
-rw-r--r--krb5-1.15-beta1-selinux-label.patch50
-rw-r--r--krb5-1.3.1-dns.patch2
-rw-r--r--krb5-1.9-debuginfo.patch4
-rw-r--r--krb5.spec12
15 files changed, 260 insertions, 49 deletions
diff --git a/Add-free_principal_e_data-KDB-method.patch b/Add-free_principal_e_data-KDB-method.patch
new file mode 100644
index 0000000..d8a5eca
--- /dev/null
+++ b/Add-free_principal_e_data-KDB-method.patch
@@ -0,0 +1,80 @@
+From f784c4726c4223108170fe7398601b8cc8c775c9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 18 Jan 2017 11:52:48 +0100
+Subject: [PATCH] Add free_principal_e_data KDB method
+
+Add an optional method to kdb_vftabl to free e_data pointer in a
+principal entry, in case it was populated by a module using a more
+complex structure than a single memory region.
+
+[ghudson@mit.edu: handled minor version bump; simplified code; rewrote
+commit message]
+
+ticket: 8538
+target_version: 1.15-next
+tags: pullup
+
+(cherry picked from commit 87d8d1c6da227ff9410413de39ee64e4566429e5)
+---
+ src/include/kdb.h | 11 +++++++++++
+ src/lib/kdb/kdb5.c | 14 +++++++++++++-
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/src/include/kdb.h b/src/include/kdb.h
+index e9d1a84ba..da04724fc 100644
+--- a/src/include/kdb.h
++++ b/src/include/kdb.h
+@@ -1382,6 +1382,17 @@ typedef struct _kdb_vftabl {
+ krb5_const_principal client,
+ const krb5_db_entry *server,
+ krb5_const_principal proxy);
++
++ /* End of minor version 0. */
++
++ /*
++ * Optional: Free the e_data pointer of a database entry. If this method
++ * is not implemented, the e_data pointer in principal entries will be
++ * freed with free() as seen by libkdb5.
++ */
++ void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data);
++
++ /* End of minor version 1 for major version 6. */
+ } kdb_vftabl;
+
+ #endif /* !defined(_WIN32) */
+diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
+index ee4127231..4adf0fcbb 100644
+--- a/src/lib/kdb/kdb5.c
++++ b/src/lib/kdb/kdb5.c
+@@ -323,6 +323,12 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
+ out->refresh_config = in->refresh_config;
+ out->check_allowed_to_delegate = in->check_allowed_to_delegate;
+
++ /* Copy fields for minor version 1 (major version 6). */
++ assert(KRB5_KDB_DAL_MAJOR_VERSION == 6);
++ out->free_principal_e_data = NULL;
++ if (in->min_ver >= 1)
++ out->free_principal_e_data = in->free_principal_e_data;
++
+ /* Set defaults for optional fields. */
+ if (out->fetch_master_key == NULL)
+ out->fetch_master_key = krb5_db_def_fetch_mkey;
+@@ -820,11 +826,17 @@ free_tl_data(krb5_tl_data *list)
+ void
+ krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry)
+ {
++ kdb_vftabl *v;
+ int i;
+
+ if (entry == NULL)
+ return;
+- free(entry->e_data);
++ if (entry->e_data != NULL) {
++ if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL)
++ v->free_principal_e_data(kcontext, entry->e_data);
++ else
++ free(entry->e_data);
++ }
+ krb5_free_principal(kcontext, entry->princ);
+ free_tl_data(entry->tl_data);
+ for (i = 0; i < entry->n_key_data; i++)
diff --git a/Build-with-Werror-implicit-int-where-supported.patch b/Build-with-Werror-implicit-int-where-supported.patch
index 4244dce..47caf32 100644
--- a/Build-with-Werror-implicit-int-where-supported.patch
+++ b/Build-with-Werror-implicit-int-where-supported.patch
@@ -9,7 +9,7 @@ Subject: [PATCH] Build with -Werror-implicit-int where supported
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 2bfb994..da1d6d8 100644
+index 2bfb99496..da1d6d8b4 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -529,7 +529,7 @@ if test "$GCC" = yes ; then
diff --git a/Explicitly-copy-KDB-vtable-fields.patch b/Explicitly-copy-KDB-vtable-fields.patch
new file mode 100644
index 0000000..4ee86a1
--- /dev/null
+++ b/Explicitly-copy-KDB-vtable-fields.patch
@@ -0,0 +1,121 @@
+From f6dce77d8f1606c3443f47517ef101a6f1978d69 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Wed, 18 Jan 2017 11:40:49 -0500
+Subject: [PATCH] Explicitly copy KDB vtable fields
+
+In preparation for bumping the kdb_vftabl minor version, use explicit
+field assignments when copying the module vtable to the internal copy,
+so that we can conditionalize assignments for minor versions greater
+than 0.
+
+ticket: 8538
+(cherry picked from commit 50605efa5058583667227223a75ca44a512f4796)
+---
+ src/lib/kdb/kdb5.c | 79 +++++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 58 insertions(+), 21 deletions(-)
+
+diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
+index a3139a7dc..ee4127231 100644
+--- a/src/lib/kdb/kdb5.c
++++ b/src/lib/kdb/kdb5.c
+@@ -283,24 +283,63 @@ clean_n_exit:
+ }
+
+ static void
+-kdb_setup_opt_functions(db_library lib)
++copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
+ {
+- if (lib->vftabl.fetch_master_key == NULL)
+- lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
+- if (lib->vftabl.fetch_master_key_list == NULL)
+- lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
+- if (lib->vftabl.store_master_key_list == NULL)
+- lib->vftabl.store_master_key_list = krb5_def_store_mkey_list;
+- if (lib->vftabl.dbe_search_enctype == NULL)
+- lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
+- if (lib->vftabl.change_pwd == NULL)
+- lib->vftabl.change_pwd = krb5_dbe_def_cpw;
+- if (lib->vftabl.decrypt_key_data == NULL)
+- lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data;
+- if (lib->vftabl.encrypt_key_data == NULL)
+- lib->vftabl.encrypt_key_data = krb5_dbe_def_encrypt_key_data;
+- if (lib->vftabl.rename_principal == NULL)
+- lib->vftabl.rename_principal = krb5_db_def_rename_principal;
++ /* Copy fields for minor version 0. */
++ out->maj_ver = in->maj_ver;
++ out->min_ver = in->min_ver;
++ out->init_library = in->init_library;
++ out->fini_library = in->fini_library;
++ out->init_module = in->init_module;
++ out->fini_module = in->fini_module;
++ out->create = in->create;
++ out->destroy = in->destroy;
++ out->get_age = in->get_age;
++ out->lock = in->lock;
++ out->unlock = in->unlock;
++ out->get_principal = in->get_principal;
++ out->put_principal = in->put_principal;
++ out->delete_principal = in->delete_principal;
++ out->rename_principal = in->rename_principal;
++ out->iterate = in->iterate;
++ out->create_policy = in->create_policy;
++ out->get_policy = in->get_policy;
++ out->put_policy = in->put_policy;
++ out->iter_policy = in->iter_policy;
++ out->delete_policy = in->delete_policy;
++ out->fetch_master_key = in->fetch_master_key;
++ out->fetch_master_key_list = in->fetch_master_key_list;
++ out->store_master_key_list = in->store_master_key_list;
++ out->dbe_search_enctype = in->dbe_search_enctype;
++ out->change_pwd = in->change_pwd;
++ out->promote_db = in->promote_db;
++ out->decrypt_key_data = in->decrypt_key_data;
++ out->encrypt_key_data = in->encrypt_key_data;
++ out->sign_authdata = in->sign_authdata;
++ out->check_transited_realms = in->check_transited_realms;
++ out->check_policy_as = in->check_policy_as;
++ out->check_policy_tgs = in->check_policy_tgs;
++ out->audit_as_req = in->audit_as_req;
++ out->refresh_config = in->refresh_config;
++ out->check_allowed_to_delegate = in->check_allowed_to_delegate;
++
++ /* Set defaults for optional fields. */
++ if (out->fetch_master_key == NULL)
++ out->fetch_master_key = krb5_db_def_fetch_mkey;
++ if (out->fetch_master_key_list == NULL)
++ out->fetch_master_key_list = krb5_def_fetch_mkey_list;
++ if (out->store_master_key_list == NULL)
++ out->store_master_key_list = krb5_def_store_mkey_list;
++ if (out->dbe_search_enctype == NULL)
++ out->dbe_search_enctype = krb5_dbe_def_search_enctype;
++ if (out->change_pwd == NULL)
++ out->change_pwd = krb5_dbe_def_cpw;
++ if (out->decrypt_key_data == NULL)
++ out->decrypt_key_data = krb5_dbe_def_decrypt_key_data;
++ if (out->encrypt_key_data == NULL)
++ out->encrypt_key_data = krb5_dbe_def_encrypt_key_data;
++ if (out->rename_principal == NULL)
++ out->rename_principal = krb5_db_def_rename_principal;
+ }
+
+ #ifdef STATIC_PLUGINS
+@@ -334,8 +373,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
+ return ENOMEM;
+
+ strlcpy(lib->name, lib_name, sizeof(lib->name));
+- memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl));
+- kdb_setup_opt_functions(lib);
++ copy_vtable(vftabl_addr, &lib->vftabl);
+
+ status = lib->vftabl.init_library();
+ if (status)
+@@ -433,8 +471,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
+ goto clean_n_exit;
+ }
+
+- memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl));
+- kdb_setup_opt_functions(*lib);
++ copy_vtable(vftabl_addrs[0], &(*lib)->vftabl);
+
+ if ((status = (*lib)->vftabl.init_library()))
+ goto clean_n_exit;
diff --git a/krb5-1.11-kpasswdtest.patch b/krb5-1.11-kpasswdtest.patch
index 8419cdf..68b9464 100644
--- a/krb5-1.11-kpasswdtest.patch
+++ b/krb5-1.11-kpasswdtest.patch
@@ -8,7 +8,7 @@ Subject: [PATCH] krb5-1.11-kpasswdtest.patch
1 file changed, 1 insertion(+)
diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
-index 00c4429..9c4bc1d 100644
+index 00c442978..9c4bc1de7 100644
--- a/src/kadmin/testing/proto/krb5.conf.proto
+++ b/src/kadmin/testing/proto/krb5.conf.proto
@@ -9,6 +9,7 @@
diff --git a/krb5-1.11-run_user_0.patch b/krb5-1.11-run_user_0.patch
index 10af564..3a2d7b6 100644
--- a/krb5-1.11-run_user_0.patch
+++ b/krb5-1.11-run_user_0.patch
@@ -11,7 +11,7 @@ it, too.
1 file changed, 14 insertions(+)
diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
-index 73f0fe6..4850c0d 100644
+index 73f0fe62d..4850c0d07 100644
--- a/src/lib/krb5/ccache/cc_dir.c
+++ b/src/lib/krb5/ccache/cc_dir.c
@@ -61,6 +61,8 @@
diff --git a/krb5-1.12-api.patch b/krb5-1.12-api.patch
index 3bf695e..0bdd534 100644
--- a/krb5-1.12-api.patch
+++ b/krb5-1.12-api.patch
@@ -11,7 +11,7 @@ crashing if applications don't check ahead of time.
1 file changed, 7 insertions(+)
diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c
-index a693610..0ed7883 100644
+index a6936107d..0ed78833b 100644
--- a/src/lib/krb5/krb/princ_comp.c
+++ b/src/lib/krb5/krb/princ_comp.c
@@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context,
diff --git a/krb5-1.12-ksu-path.patch b/krb5-1.12-ksu-path.patch
index a2ef186..d093b24 100644
--- a/krb5-1.12-ksu-path.patch
+++ b/krb5-1.12-ksu-path.patch
@@ -9,7 +9,7 @@ Set the default PATH to the one set by login.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
-index 5755bb5..9d58f29 100644
+index 5755bb58a..9d58f29b5 100644
--- a/src/clients/ksu/Makefile.in
+++ b/src/clients/ksu/Makefile.in
@@ -1,6 +1,6 @@
diff --git a/krb5-1.12-ktany.patch b/krb5-1.12-ktany.patch
index 6bd6bd8..e4a22f0 100644
--- a/krb5-1.12-ktany.patch
+++ b/krb5-1.12-ktany.patch
@@ -14,7 +14,7 @@ the contents of the first keytab.
create mode 100644 src/lib/krb5/keytab/kt_any.c
diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
-index 2a8fceb..ffd179f 100644
+index 2a8fceb00..ffd179fb2 100644
--- a/src/lib/krb5/keytab/Makefile.in
+++ b/src/lib/krb5/keytab/Makefile.in
@@ -12,6 +12,7 @@ STLIBOBJS= \
@@ -43,7 +43,7 @@ index 2a8fceb..ffd179f 100644
$(srcdir)/kt_srvtab.c \
diff --git a/src/lib/krb5/keytab/kt_any.c b/src/lib/krb5/keytab/kt_any.c
new file mode 100644
-index 0000000..1b9b776
+index 000000000..1b9b7765b
--- /dev/null
+++ b/src/lib/krb5/keytab/kt_any.c
@@ -0,0 +1,292 @@
@@ -340,7 +340,7 @@ index 0000000..1b9b776
+ free(data);
+}
diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
-index 0d39b29..6534d7c 100644
+index 0d39b2940..6534d7c52 100644
--- a/src/lib/krb5/keytab/ktbase.c
+++ b/src/lib/krb5/keytab/ktbase.c
@@ -57,14 +57,19 @@ extern const krb5_kt_ops krb5_ktf_ops;
diff --git a/krb5-1.12.1-pam.patch b/krb5-1.12.1-pam.patch
index 17d29b0..113d98e 100644
--- a/krb5-1.12.1-pam.patch
+++ b/krb5-1.12.1-pam.patch
@@ -28,7 +28,7 @@ changes we're proposing for how it handles cache collections.
create mode 100644 src/clients/ksu/pam.h
diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 9c46da4..508e5fe 100644
+index 9c46da4b5..508e5fe90 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -1675,3 +1675,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[
@@ -103,7 +103,7 @@ index 9c46da4..508e5fe 100644
+AC_SUBST(NON_PAM_MAN)
+])dnl
diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
-index b2fcbf2..5755bb5 100644
+index b2fcbf240..5755bb58a 100644
--- a/src/clients/ksu/Makefile.in
+++ b/src/clients/ksu/Makefile.in
@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S)..
@@ -141,7 +141,7 @@ index b2fcbf2..5755bb5 100644
clean:
$(RM) ksu
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
-index 28342c2..cab0c18 100644
+index 28342c2d7..cab0c1806 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -26,6 +26,7 @@
@@ -299,7 +299,7 @@ index 28342c2..cab0c18 100644
}
diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c
new file mode 100644
-index 0000000..cbfe487
+index 000000000..cbfe48704
--- /dev/null
+++ b/src/clients/ksu/pam.c
@@ -0,0 +1,389 @@
@@ -694,7 +694,7 @@ index 0000000..cbfe487
+#endif
diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h
new file mode 100644
-index 0000000..0ab7656
+index 000000000..0ab76569c
--- /dev/null
+++ b/src/clients/ksu/pam.h
@@ -0,0 +1,57 @@
@@ -756,7 +756,7 @@ index 0000000..0ab7656
+void appl_pam_cleanup(void);
+#endif
diff --git a/src/configure.in b/src/configure.in
-index 037c9f3..daabd12 100644
+index 037c9f316..daabd12c8 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1336,6 +1336,8 @@ AC_SUBST([VERTO_VERSION])
diff --git a/krb5-1.13-dirsrv-accountlock.patch b/krb5-1.13-dirsrv-accountlock.patch
index 168b9ba..84f914a 100644
--- a/krb5-1.13-dirsrv-accountlock.patch
+++ b/krb5-1.13-dirsrv-accountlock.patch
@@ -12,7 +12,7 @@ original version filed as RT#5891.
3 files changed, 29 insertions(+)
diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index f5667c3..2bfb994 100644
+index f5667c35f..2bfb99496 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -1656,6 +1656,15 @@ if test "$with_ldap" = yes; then
@@ -32,7 +32,7 @@ index f5667c3..2bfb994 100644
dnl
dnl If libkeyutils exists (on Linux) include it and use keyring ccache
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-index 32efc4f..af8b2db 100644
+index 32efc4f54..af8b2db7b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -1674,6 +1674,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
@@ -60,7 +60,7 @@ index 32efc4f..af8b2db 100644
ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname);
if (ret)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
-index d722dbf..5e8e9a8 100644
+index d722dbfa6..5e8e9a897 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname",
diff --git a/krb5-1.15-beta1-buildconf.patch b/krb5-1.15-beta1-buildconf.patch
index d573750..5fcee09 100644
--- a/krb5-1.15-beta1-buildconf.patch
+++ b/krb5-1.15-beta1-buildconf.patch
@@ -15,7 +15,7 @@ not just assume that the compiler supports using these flags.
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
-index c17cb5e..1891dea 100755
+index c17cb5eb5..1891dea99 100755
--- a/src/build-tools/krb5-config.in
+++ b/src/build-tools/krb5-config.in
@@ -226,6 +226,13 @@ if test -n "$do_libs"; then
@@ -33,7 +33,7 @@ index c17cb5e..1891dea 100755
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
library=krb5
diff --git a/src/config/pre.in b/src/config/pre.in
-index fcea229..d961b56 100644
+index fcea229bd..d961b5621 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
@@ -46,7 +46,7 @@ index fcea229..d961b56 100644
## ${prefix}.
prefix=@prefix@
diff --git a/src/config/shlib.conf b/src/config/shlib.conf
-index 3e4af6c..2b20c3f 100644
+index 3e4af6c02..2b20c3fda 100644
--- a/src/config/shlib.conf
+++ b/src/config/shlib.conf
@@ -423,7 +423,7 @@ mips-*-netbsd*)
diff --git a/krb5-1.15-beta1-selinux-label.patch b/krb5-1.15-beta1-selinux-label.patch
index d743c3b..03e7770 100644
--- a/krb5-1.15-beta1-selinux-label.patch
+++ b/krb5-1.15-beta1-selinux-label.patch
@@ -66,7 +66,7 @@ which we used earlier, is some improvement.
create mode 100644 src/util/support/selinux.c
diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 508e5fe..607859f 100644
+index 508e5fe90..607859f17 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag)
@@ -130,7 +130,7 @@ index 508e5fe..607859f 100644
+AC_SUBST(SELINUX_LIBS)
+])dnl
diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
-index f6184da..c17cb5e 100755
+index f6184da3f..c17cb5eb5 100755
--- a/src/build-tools/krb5-config.in
+++ b/src/build-tools/krb5-config.in
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
@@ -151,7 +151,7 @@ index f6184da..c17cb5e 100755
echo $lib_flags
diff --git a/src/config/pre.in b/src/config/pre.in
-index e062632..fcea229 100644
+index e0626320c..fcea229bd 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -177,6 +177,7 @@ LD = $(PURE) @LD@
@@ -172,7 +172,7 @@ index e062632..fcea229 100644
GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X!
diff --git a/src/configure.in b/src/configure.in
-index daabd12..acf3a45 100644
+index daabd12c8..acf3a458b 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1338,6 +1338,8 @@ AC_PATH_PROG(GROFF, groff)
@@ -185,7 +185,7 @@ index daabd12..acf3a45 100644
if test "${localedir+set}" != set; then
localedir='$(datadir)/locale'
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
-index 6499173..173cb02 100644
+index 64991738a..173cb0264 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -128,6 +128,7 @@ typedef unsigned char u_char;
@@ -198,7 +198,7 @@ index 6499173..173cb02 100644
#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
diff --git a/src/include/k5-label.h b/src/include/k5-label.h
new file mode 100644
-index 0000000..dfaaa84
+index 000000000..dfaaa847c
--- /dev/null
+++ b/src/include/k5-label.h
@@ -0,0 +1,32 @@
@@ -235,7 +235,7 @@ index 0000000..dfaaa84
+#endif
+#endif
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
-index ac22f4c..cf60d6c 100644
+index ac22f4c55..cf60d6c41 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -87,6 +87,12 @@
@@ -252,7 +252,7 @@ index ac22f4c..cf60d6c 100644
#include <stdlib.h>
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
-index f7889bd..cad53cf 100644
+index f7889bd23..cad53cfbf 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname)
@@ -287,7 +287,7 @@ index f7889bd..cad53cf 100644
com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
exit_status++;
diff --git a/src/kdc/main.c b/src/kdc/main.c
-index ebc852b..a4dffb2 100644
+index ebc852bba..a4dffb29a 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -872,7 +872,7 @@ write_pid_file(const char *path)
@@ -300,7 +300,7 @@ index ebc852b..a4dffb2 100644
return errno;
pid = (unsigned long) getpid();
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
-index ce79fab..c53a574 100644
+index ce79fabf7..c53a5743f 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -414,7 +414,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
@@ -322,7 +322,7 @@ index ce79fab..c53a574 100644
set_cloexec_file(f);
log_control.log_entries[lindex].lfu_filep = f;
diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
-index 766d300..6466417 100644
+index 766d3002a..6466417b7 100644
--- a/src/lib/kdb/kdb_log.c
+++ b/src/lib/kdb/kdb_log.c
@@ -476,7 +476,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries)
@@ -335,7 +335,7 @@ index 766d300..6466417 100644
return errno;
diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
-index bba64e5..73f0fe6 100644
+index bba64e516..73f0fe62d 100644
--- a/src/lib/krb5/ccache/cc_dir.c
+++ b/src/lib/krb5/ccache/cc_dir.c
@@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents)
@@ -385,7 +385,7 @@ index bba64e5..73f0fe6 100644
_("Credential cache directory %s does not exist"),
dirname);
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
-index 6a42f26..674d88b 100644
+index 6a42f267d..674d88bab 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -1022,14 +1022,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
@@ -406,7 +406,7 @@ index 6a42f26..674d88b 100644
goto report_errno;
writevno = 1;
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
-index 83c8d4d..a192461 100644
+index 83c8d4db8..a19246128 100644
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -397,7 +397,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename)
@@ -419,7 +419,7 @@ index 83c8d4d..a192461 100644
free(fd);
return errno;
diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
-index c4d2c74..c0f12ed 100644
+index c4d2c744d..c0f12ed9d 100644
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -794,6 +794,9 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id)
@@ -451,7 +451,7 @@ index c4d2c74..c0f12ed 100644
goto cleanup;
for (q = t->a; q; q = q->na) {
diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
-index 7db30a3..2b9d019 100644
+index 7db30a33b..2b9d01921 100644
--- a/src/plugins/kdb/db2/adb_openclose.c
+++ b/src/plugins/kdb/db2/adb_openclose.c
@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
@@ -464,7 +464,7 @@ index 7db30a3..2b9d019 100644
* maybe someone took away write permission so we could only
* get shared locks?
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
-index 4c4036e..d90bdea 100644
+index 4c4036eb4..d90bdeaba 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc)
@@ -479,7 +479,7 @@ index 4c4036e..d90bdea 100644
retval = errno;
goto cleanup;
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
-index 2977b17..d5809a5 100644
+index 2977b17f3..d5809a5a9 100644
--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c
+++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95";
@@ -500,7 +500,7 @@ index 2977b17..d5809a5 100644
} else {
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c
-index 76f5d47..1fa8b83 100644
+index 76f5d4709..1fa8b8389 100644
--- a/src/plugins/kdb/db2/libdb2/hash/hash.c
+++ b/src/plugins/kdb/db2/libdb2/hash/hash.c
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95";
@@ -521,7 +521,7 @@ index 76f5d47..1fa8b83 100644
(void)fcntl(hashp->fp, F_SETFD, 1);
}
diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c
-index d8b26e7..b0daa7c 100644
+index d8b26e701..b0daa7c02 100644
--- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c
+++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94";
@@ -543,7 +543,7 @@ index d8b26e7..b0daa7c 100644
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
-index 022156a..3d6994c 100644
+index 022156a5e..3d6994c67 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -203,7 +203,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
@@ -580,7 +580,7 @@ index 022156a..3d6994c 100644
if (newfile == NULL) {
com_err(me, errno, _("Error creating file %s"), tmp_file);
diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
-index 056c31a..b78c3d9 100644
+index 056c31a42..b78c3d9e5 100644
--- a/src/slave/kpropd.c
+++ b/src/slave/kpropd.c
@@ -464,6 +464,9 @@ doit(int fd)
@@ -610,7 +610,7 @@ index 056c31a..b78c3d9 100644
KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK);
if (retval) {
diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
-index 907c119..0f5462a 100644
+index 907c119bb..0f5462aea 100644
--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
@@ -33,6 +33,7 @@
@@ -631,7 +631,7 @@ index 907c119..0f5462a 100644
retval = errno;
if (retval == 0)
diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in
-index 6239e41..17bcd2a 100644
+index 6239e4176..17bcd2a67 100644
--- a/src/util/support/Makefile.in
+++ b/src/util/support/Makefile.in
@@ -69,6 +69,7 @@ IPC_SYMS= \
@@ -653,7 +653,7 @@ index 6239e41..17bcd2a 100644
diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c
new file mode 100644
-index 0000000..2302634
+index 000000000..230263421
--- /dev/null
+++ b/src/util/support/selinux.c
@@ -0,0 +1,406 @@
diff --git a/krb5-1.3.1-dns.patch b/krb5-1.3.1-dns.patch
index 211e661..c08c228 100644
--- a/krb5-1.3.1-dns.patch
+++ b/krb5-1.3.1-dns.patch
@@ -9,7 +9,7 @@ We want to be able to use --with-netlib and --enable-dns at the same time.
1 file changed, 1 insertion(+)
diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 607859f..f5667c3 100644
+index 607859f17..f5667c35f 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -703,6 +703,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library),
diff --git a/krb5-1.9-debuginfo.patch b/krb5-1.9-debuginfo.patch
index a67ecd3..f748d3b 100644
--- a/krb5-1.9-debuginfo.patch
+++ b/krb5-1.9-debuginfo.patch
@@ -12,7 +12,7 @@ could mess up people working in the tree on other things.
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in
-index adfea6e..d1327e4 100644
+index adfea6e2b..d1327e400 100644
--- a/src/kadmin/cli/Makefile.in
+++ b/src/kadmin/cli/Makefile.in
@@ -37,3 +37,8 @@ clean-unix::
@@ -25,7 +25,7 @@ index adfea6e..d1327e4 100644
+ $(YACC.y) $<
+ $(CP) y.tab.c $@
diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in
-index 8669c24..a22f23c 100644
+index 8669c2436..a22f23c02 100644
--- a/src/plugins/kdb/ldap/ldap_util/Makefile.in
+++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in
@@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE)
diff --git a/krb5.spec b/krb5.spec
index 65138a1..3a4d63f 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -11,11 +11,14 @@
# leave empty or set to e.g., -beta2
%global prerelease %{nil}
+# Should be in form 5.0, 6.1, etc.
+%global kdbversion 6.1
+
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.15
# for prerelease, should be e.g., 0.3.beta2%{?dist}
-Release: 4%{?dist}
+Release: 5%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
# - The sources below are stored in a lookaside cache. Upload with
@@ -59,6 +62,8 @@ Patch9: krb5-1.9-debuginfo.patch
Patch10: krb5-1.11-run_user_0.patch
Patch11: krb5-1.11-kpasswdtest.patch
Patch12: Build-with-Werror-implicit-int-where-supported.patch
+Patch13: Explicitly-copy-KDB-vtable-fields.patch
+Patch14: Add-free_principal_e_data-KDB-method.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -144,6 +149,7 @@ Group: System Environment/Libraries
Requires: coreutils, gawk, grep, sed
Requires: keyutils-libs >= 1.5.8
Requires: /etc/crypto-policies/back-ends/krb5.config
+Provides: krb5-kdb-version = %{kdbversion}
%description libs
Kerberos is a network authentication system. The krb5-libs package
@@ -712,6 +718,10 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri Jan 20 2017 Robbie Harwood <rharwood@redhat.com> - 1.15-5
+- Add free hook to KDB; increments KDB version
+- Add KDB version flag
+
* Mon Dec 05 2016 Robbie Harwood <rharwood@redhat.com> - 1.15-4
- New upstream release