patch for fd leak in kadmin - bug #387485

Package-Manager: portage-2.1.10.27/cvs/Linux x86_64

4 files changed, 211 insertions, 6 deletions

diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog
index 674b9a047601..7de1d0ae5add 100644
--- a/app-crypt/mit-krb5/ChangeLog
+++ b/app-crypt/mit-krb5/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/mit-krb5
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.290 2011/10/11 17:36:47 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.291 2011/10/18 06:55:19 eras Exp $
+
+*mit-krb5-1.9.1-r1 (18 Oct 2011)
+
+  18 Oct 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.1-r1.ebuild,
+  +files/mit-krb5-1.9.1-fd-leak.patch:
+  patch for fd leak in kadmin - bug #387485
 
   11 Oct 2011; Jeroen Roovers <jer@gentoo.org> mit-krb5-1.9.1.ebuild:
   Stable for HPPA (bug #374119).
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
index a74c1120c879..2b502c2957d5 100644
--- a/app-crypt/mit-krb5/Manifest
+++ b/app-crypt/mit-krb5/Manifest
@@ -1,5 +1,5 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
 AUX CVE-2010-1322.patch 1066 RMD160 fc262a23e9aa118262a4258f74832445062444e4 SHA1 600f0890de65f96112f267b56317a4fd0166cba0 SHA256 7d9fbfffdaa0cde0ca499ccbb2cf09a6c7253e537755bbf6da9e08715fd9a474
 AUX CVE-2010-1323.1324.4020.patch 7908 RMD160 848b776218473200e5a54beb4f3adfc3db915cf4 SHA1 a6fbc3b6ab15ca98c1aa1521fd42dad1f5003ee8 SHA256 ec08fca9738b5fae619154379ae0158531cb630b6f25551c14d87313c2d2a5f0
@@ -10,6 +10,7 @@ AUX CVE-2011-0285.patch 1154 RMD160 a635a940613663f6fe07534d08c7781090fcc9f0 SHA
 AUX kpropd.xinetd 194 RMD160 5772b04bf7f6b8a5588331a4d9dca03738756f15 SHA1 a9c84a4197ba133144e754d68847cece6203ed4a SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736
 AUX mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch 6130 RMD160 23cb2560f0d87e6128cdbb12f1e7d8aae85f85f5 SHA1 574a3c82ad7d3c9a1c9c62c6ff95c2d6f0e0fc96 SHA256 7831c9a9553404b41774f40f3fc0df6769342c1923c5b1177062710fd5f0f2bb
 AUX mit-krb5-1.8.3-CVE-2011-0285.patch 1136 RMD160 03d06d5c88505688eb4dbcd516144999ecb89a70 SHA1 7853bcbdf0dba6f0fce15fc3b475f86d692287b2 SHA256 88f8d015f2bce8f54a6a0321716ed887aef587aeae3017d47c7c18de26189f02
+AUX mit-krb5-1.9.1-fd-leak.patch 2178 RMD160 1ccfac11299058c5eb24393d0ef10e8ad53016dc SHA1 d99f865813833c3aa4a1e1c012656525bf716b97 SHA256 6f7a099e9527a5544f095e6ec0946218124a6c8b41a3a9f75522d58d2040a56a
 AUX mit-krb5_testsuite.patch 3069 RMD160 59af8c128fbaeadc472111c4bef4dfe3ac7567f0 SHA1 e0896cac3d99a3e4f9d06afdab58a6d5cda82e7a SHA256 3c8cfdb012a5388b1a92658437dce619593b91f0b0c582ef66194347274b26f9
 AUX mit-krb5kadmind.initd 687 RMD160 7602d12d570e80edf24953befbe4ec03d247e4ba SHA1 753a5875659d3bef63c1a50bb0228f1c3c06bdf9 SHA256 427953b3a2dbe0a8f85bee1294a348c97dbbdac4741f06c2a3768170ba29161a
 AUX mit-krb5kdc.initd 656 RMD160 8c4c508273f9d715ac0e0a8d9c54e36f63526b9b SHA1 62017fc3a2f5adbd6e0c1421041593a268a6252d SHA256 d813dbf3ee89f0da6b73455fd8759898223529c4cf7c1c2ec64a3128363194e2
@@ -19,13 +20,24 @@ DIST krb5-1.8.4-signed.tar 11642880 RMD160 34d6df8248007bac0321400b2650c2aca774a
 DIST krb5-1.9.1-signed.tar 11888640 RMD160 8de31bc83c2fede038780a4375e29a6b4281581f SHA1 e23a1795a237521493da9cf3443ac8b98a90c066 SHA256 525e258aa7401427a5a9edee0051f83b6151bf96a979ca526393932c90484c8e
 EBUILD mit-krb5-1.8.3-r5.ebuild 3005 RMD160 03197bd078cf6ec9fec6298454097540c0e5441d SHA1 d200ce0577d366cfe742901b29a68658bf2776aa SHA256 ace5c2b1bae0933fcea265497ec5b3498fe27e482625324ed2225bc36eeb112c
 EBUILD mit-krb5-1.8.4.ebuild 2720 RMD160 96195f1bcfbbb08993985aa6447e5b9dc5828547 SHA1 0ab22e1bdd4afb2bc552c24abdabc975a976d8da SHA256 a05060443e6d6937acfa7c0efc6be2c67e51392565eb9084ae4a3511bae4a8a2
+EBUILD mit-krb5-1.9.1-r1.ebuild 3155 RMD160 67ef7c96e863a93b7a361596a176983304692768 SHA1 77250096143f68c0a756318a25d18543ce33c0b4 SHA256 b1b044759fd765c06b50929b9ae00a77ee2e12d689ca9cfde9c6bfd0ae446c19
 EBUILD mit-krb5-1.9.1.ebuild 3081 RMD160 1fb3e78f9f50167b1f7fdb18094943c4452aef7b SHA1 96d6364657ef0cc8d7a5e2b63bd0258f92a8fcee SHA256 36c41b682da975b1585409b6f383ca66601e58a0f59bd8f596519d14d2d4426d
-MISC ChangeLog 45534 RMD160 d0957fe7e35265dfc3bf66aa095748346d636222 SHA1 45540ecfc83d72ec99e0721d3441c1a604c897b7 SHA256 b06e1540af7dd3cee61addffcddadcf8cec02bfaef2ed837609267613b932ac0
+MISC ChangeLog 45724 RMD160 6bfe23ece676aad6167a1d778fadcf01f108f0fb SHA1 562073f60aa93cea7d8de99eb0755e8f20eeb135 SHA256 8ea4af81e8c0e924163a098e217e8b3cc080b13cb07567064f4c9f1e1a21094b
 MISC metadata.xml 668 RMD160 825e73c2b8d1bdcfffb6c5cfa2110f596d7940ae SHA1 b9fca90e7a86fea05d8174d824e939cf61905310 SHA256 da5862dde92f34b882870961cb9f1e4aa8209fc549e32a43d99770a9de8b232d
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEARECAAYFAk6UfrUACgkQVWmRsqeSphMjfACfZ+6sSO5VLpJBu725ZwUTeRme
-LZQAnjGD3UW/eh90WqQSL1AqwTgdVqi1
-=WDGJ
+iQIcBAEBCAAGBQJOnSLmAAoJEHfx8XVYajsfmF8P/1Xvzy0F2AOiJjfF+PLINpgm
+ARnEymQYSg4cHV10zQ4BgKkp8we3cYiepoFFGdBEu34GI2iQ0eSpdHR0S9kV/HL3
+SsC8tnY2FwkB0RTUx3TM36+7tUJ1yptkPoOCM8h3E7oghFbsOwIoslSwqJwgtPg8
+dl+S4ViBUpAh+UwsWhK0MAO7iEgzTNfQod2yZkb/n+l44T2d8p1TpvmWw8CT51cV
+Gt7Fl+hN6MbyItfh0eBXGQAbfbifID7ajYSmdNdBoSThdaDd60EjSRuPmWiQZ8/u
+e8HDIeQloeDWwdTZ1XgS/wUIgb9+mTlM1BEHBS6fMRlbxjnhPP0tDMjb6S9YOgVM
+WMB+VWXp9QFInk2rFmioT+RiFKU7fbzCuWQxn8G7AV0IOz5GwpiCvKRM76f/r4N1
+892LzS5+LaYzu3v54ySs6cFbzWh1tvPE37vrepFBdOfXZRMYJuYw7Rpd90QrZdbE
+tJmeEc4K2uqK5he9YeIKdsMjxqZbB3K5EpX+Mb0zDzoofj2ZAlQ/642Mew1pEdCK
+lAlp8USxnm9bOfuvllPAlt/CmMKSkFSeX6BFea5XnBPDEjYJPcF2IiIWrsOo7kcF
+N9Z9TqyW8WkaaZLq6gnXdx2rhEuf+TbtLyBq9J83VhyWAAiQnhQEMGYxFbL2y1nR
+xapBgHCJ0te1rFTbRxtY
+=RyRw
 -----END PGP SIGNATURE-----
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch b/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch
new file mode 100644
index 000000000000..9eeb17a94cc6
--- /dev/null
+++ b/app-crypt/mit-krb5/files/mit-krb5-1.9.1-fd-leak.patch
@@ -0,0 +1,65 @@
+bug #387485
+
+Index: trunk/src/lib/kadm5/clnt/client_init.c
+===================================================================
+diff -u -N -r24978 -r25115
+--- trunk/src/lib/kadm5/clnt/client_init.c	(.../client_init.c)	(revision 24978)
++++ trunk/src/lib/kadm5/clnt/client_init.c	(.../client_init.c)	(revision 25115)
+@@ -155,7 +155,7 @@
+          kadm5_config_params *params_in, krb5_ui_4 struct_version,
+          krb5_ui_4 api_version, char **db_args, void **server_handle)
+ {
+-    int fd;
++    int fd = -1;
+ 
+     krb5_boolean iprop_enable;
+     int port;
+@@ -192,6 +192,7 @@
+     handle->struct_version = struct_version;
+     handle->api_version = api_version;
+     handle->clnt = 0;
++    handle->client_socket = -1;
+     handle->cache_name = 0;
+     handle->destroy_cache = 0;
+     handle->context = 0;
+@@ -301,7 +302,9 @@
+ #endif
+         goto error;
+     }
++    handle->client_socket = fd;
+     handle->lhandle->clnt = handle->clnt;
++    handle->lhandle->client_socket = fd;
+ 
+     /* now that handle->clnt is set, we can check the handle */
+     if ((code = _kadm5_check_handle((void *) handle)))
+@@ -372,6 +375,8 @@
+         AUTH_DESTROY(handle->clnt->cl_auth);
+     if(handle->clnt)
+         clnt_destroy(handle->clnt);
++    if (fd != -1)
++        close(fd);
+ 
+     kadm5_free_config_params(handle->context, &handle->params);
+ 
+@@ -796,6 +801,8 @@
+         AUTH_DESTROY(handle->clnt->cl_auth);
+     if (handle->clnt)
+         clnt_destroy(handle->clnt);
++    if (handle->client_socket != -1)
++        close(handle->client_socket);
+     if (handle->lhandle)
+         free (handle->lhandle);
+ 
+Index: trunk/src/lib/kadm5/clnt/client_internal.h
+===================================================================
+diff -u -N -r23100 -r25115
+--- trunk/src/lib/kadm5/clnt/client_internal.h	(.../client_internal.h)	(revision 23100)
++++ trunk/src/lib/kadm5/clnt/client_internal.h	(.../client_internal.h)	(revision 25115)
+@@ -72,6 +72,7 @@
+     char *          cache_name;
+     int             destroy_cache;
+     CLIENT *        clnt;
++    int             client_socket;
+     krb5_context    context;
+     kadm5_config_params params;
+     struct _kadm5_server_handle_t *lhandle;
diff --git a/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild
new file mode 100644
index 000000000000..8ded6d0a753b
--- /dev/null
+++ b/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.9.1-r1.ebuild,v 1.1 2011/10/18 06:55:19 eras Exp $
+
+EAPI=3
+
+inherit eutils flag-o-matic versionator
+
+MY_P="${P/mit-}"
+P_DIR=$(get_version_component_range 1-2)
+DESCRIPTION="MIT Kerberos V"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="doc +keyutils openldap +pkinit +threads test xinetd"
+
+RDEPEND="!!app-crypt/heimdal
+	>=sys-libs/e2fsprogs-libs-1.41.0
+	keyutils? ( sys-apps/keyutils )
+	openldap? ( net-nds/openldap )
+	xinetd? ( sys-apps/xinetd )"
+DEPEND="${RDEPEND}
+	virtual/yacc
+	doc? ( virtual/latex-base )
+	test? ( dev-lang/tcl
+	        dev-lang/python
+			dev-util/dejagnu )"
+
+S=${WORKDIR}/${MY_P}/src
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-fd-leak.patch"
+}
+
+src_configure() {
+	append-flags "-I${EPREFIX}/usr/include/et"
+	# QA
+	append-flags -fno-strict-aliasing
+	append-flags -fno-strict-overflow
+	use keyutils || export ac_cv_header_keyutils_h=no
+	econf \
+		$(use_with openldap ldap) \
+		"$(use_with test tcl "${EPREFIX}/usr")" \
+		$(use_enable pkinit) \
+		$(use_enable threads thread-support) \
+		--without-krb4 \
+		--without-hesiod \
+		--enable-shared \
+		--with-system-et \
+		--with-system-ss \
+		--enable-dns-for-realm \
+		--enable-kdc-lookaside-cache \
+		--disable-rpath
+}
+
+src_compile() {
+	emake -j1 || die "emake failed"
+
+	if use doc ; then
+		cd ../doc
+		for dir in api implement ; do
+			emake -C "${dir}" || die "doc emake failed"
+		done
+	fi
+}
+
+src_install() {
+	emake \
+		DESTDIR="${D}" \
+		EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
+		install || die "install failed"
+
+	# default database dir
+	keepdir /var/lib/krb5kdc
+
+	cd ..
+	dodoc NOTICE README
+	dodoc doc/*.{ps,txt}
+	doinfo doc/*.info*
+	dohtml -r doc/*.html
+
+	# die if we cannot respect a USE flag
+	if use doc ; then
+	    dodoc doc/{api,implement}/*.ps || die "dodoc failed"
+	fi
+
+	newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die
+	newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die
+	newinitd "${FILESDIR}"/mit-krb5kpropd.initd mit-krb5kpropd || die
+
+	insinto /etc
+	newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
+	insinto /var/lib/krb5kdc
+	newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
+
+	if use openldap ; then
+		insinto /etc/openldap/schema
+		doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die
+	fi
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/kpropd.xinetd" kpropd || die
+	fi
+}
+
+pkg_preinst() {
+	if has_version "<${CATEGORY}/${PN}-1.8.0" ; then
+		elog "MIT split the Kerberos applications from the base Kerberos"
+		elog "distribution.  Kerberized versions of telnet, rlogin, rsh, rcp,"
+		elog "ftp clients and telnet, ftp deamons now live in"
+		elog "\"app-crypt/mit-krb5-appl\" package."
+	fi
+}