From c291c188ad4c55153242b1aa3d32a220e658e6d1 Mon Sep 17 00:00:00 2001 From: xuraoqing <609179072@qq.com> Date: Thu, 8 Jun 2023 07:46:28 +0000 Subject: [PATCH] backport patch Signed-off-by: xuraoqing <609179072@qq.com> --- ...-variable-warnings-in-kdb5_ldap_util.patch | 174 ++++++++++++++++++ krb5.spec | 7 +- 2 files changed, 180 insertions(+), 1 deletion(-) create mode 100644 backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch diff --git a/backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch b/backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch new file mode 100644 index 0000000..a8fe53b --- /dev/null +++ b/backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch @@ -0,0 +1,174 @@ +From 73ad8716ccecbaf3e7502f53fb8feade2e62a498 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 4 Apr 2023 17:31:00 -0400 +Subject: [PATCH] Squash unused variable warnings in kdb5_ldap_util + +Reference:https://github.com/krb5/krb5/commit/73ad8716ccecbaf3e7502f53fb8feade2e62a498 +Conflict:NA + +--- + .../kdb/ldap/ldap_util/kdb5_ldap_realm.c | 40 ++++++++----------- + 1 file changed, 16 insertions(+), 24 deletions(-) + +diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +index bb5bae5ba..bba550ac7 100644 +--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c ++++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +@@ -135,20 +135,17 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + time_t now; + int mask = 0; + krb5_error_code retval = 0; +- krb5_boolean no_msg = FALSE; +- +- krb5_boolean print_usage = FALSE; + char *me = progname; + + time(&now); + if (!strcmp(argv[*i], "-maxtktlife")) { + if (++(*i) > argc-1) +- goto err_usage; ++ return 0; + date = get_date(argv[*i]); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err(me, retval, _("while providing time specification")); +- goto err_nomsg; ++ return 0; + } + rparams->max_life = date-now; + mask |= LDAP_REALM_MAXTICKETLIFE; +@@ -157,13 +154,13 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + + else if (!strcmp(argv[*i], "-maxrenewlife")) { + if (++(*i) > argc-1) +- goto err_usage; ++ return 0; + + date = get_date(argv[*i]); + if (date == (time_t)(-1)) { + retval = EINVAL; + com_err(me, retval, _("while providing time specification")); +- goto err_nomsg; ++ return 0; + } + rparams->max_renewable_life = date-now; + mask |= LDAP_REALM_MAXRENEWLIFE; +@@ -173,7 +170,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) { +@@ -183,7 +180,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_renewable")) { +@@ -192,7 +189,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) { +@@ -201,7 +198,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) { +@@ -210,7 +207,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } +@@ -221,7 +218,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH); + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) { +@@ -230,7 +227,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH); + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_svr")) { +@@ -239,7 +236,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_SVR; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) { +@@ -248,7 +245,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "allow_tix")) { +@@ -257,7 +254,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX; + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "needchange")) { +@@ -266,7 +263,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE); + else +- goto err_usage; ++ return 0; + + mask |= LDAP_REALM_KRBTICKETFLAGS; + } else if (!strcmp((argv[*i] + 1), "password_changing_service")) { +@@ -275,15 +272,10 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[], + else if (*(argv[*i]) == '-') + rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE); + else +- goto err_usage; ++ return 0; + + mask |=LDAP_REALM_KRBTICKETFLAGS; + } +-err_usage: +- print_usage = TRUE; +- +-err_nomsg: +- no_msg = TRUE; + + return mask; + } +-- +2.33.0 + \ No newline at end of file diff --git a/krb5.spec b/krb5.spec index 9f19b65..d669e2f 100644 --- a/krb5.spec +++ b/krb5.spec @@ -3,7 +3,7 @@ Name: krb5 Version: 1.19.2 -Release: 6 +Release: 7 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -27,12 +27,14 @@ Patch4: fix-debuginfo-with-y.tab.c.patch Patch5: Remove-3des-support.patch Patch6: FIPS-with-PRNG-and-RADIUS-and-MD4.patch Patch7: backport-CVE-2021-37750.patch + Patch8: Fix-CVE-2022-42898-integer-overflows-in-PAC-parsing.patch Patch9: backport-Fix-profile-crash-on-memory-exhaustion.patch Patch10: backport-Fix-preauth-crash-on-memory-exhaustion.patch Patch11: backport-Fix-gic_keytab-crash-on-memory-exhaustion.patch Patch12: backport-Fix-many-unlikely-memory-leaks.patch Patch13: backport-Free-verto-context-later-in-KDC-cleanup.patch +Patch14: backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch BuildRequires: gettext BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc @@ -325,6 +327,9 @@ make -C src check || : %changelog +* Thu Jun 8 2023 xuraoqing - 1.19.2-7 +- backport some patches + * Wed Dec 21 2022 zhouchenchen - 1.19.2-6 - backport some patches -- Gitee