libgssglue: update to 0.7

LIC_FILE_CHKSUM changes to to indentations changes. use bootstrap to setup config properly. Drop libgssglue-fix-CVE-2011-2709.patch, libgssglue-g-initialize.patch now included in update. and ibgssglue-mglueP.patch now included in update. Drop libgssglue-gss-inq-cred.patch still pending after 5 yrs. Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2022-09-25 13:27:39 -0400
committer: Armin Kuster <akuster808@gmail.com> 2022-09-25 13:37:57 -0400
commit: b29ce7d47d8024151177113221bf87dbd07b9c41 (patch)
tree: e018316d5fee8336d53285e34b6b595f06b78d21
parent: 852daaf67b4f548beca959dea10baf6a20ffad6a (diff)
download: meta-security-b29ce7d47d8024151177113221bf87dbd07b9c41.tar.gz
5 files changed, 13 insertions, 125 deletions
diff --git a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
deleted file mode 100644
index 6aa1a65..0000000
--- a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Use secure_getenv instead of getenv for setuid programs
-(bnc#694598 CVE-2011-2709 bnc#831805)
-import from:
-https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
-Upstream-Status: Pending
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-diff --git a/src/g_initialize.c b/src/g_initialize.c
-index 200f173..935a9fa 100644
--- a/src/g_initialize.c
-+++ b/src/g_initialize.c
-@@ -26,6 +26,7 @@
-  * This function will initialize the gssapi mechglue library
-  */
- 
-+#define _GNU_SOURCE
- #include "mglueP.h"
- #include <stdlib.h>
- 
-@@ -197,8 +198,7 @@ static void solaris_initialize ()
-     void *dl;
-     gss_mechanism (*sym)(void), mech;
- 
-    if ((getuid() != geteuid()) ||
-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
-+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
-        filename = MECH_CONF;
- 
-     if ((conffile = fopen(filename, "r")) == NULL) {
-@@ -274,8 +274,7 @@ static void linux_initialize ()
-     void *dl;
-     gss_mechanism (*sym)(void), mech;
- 
-    if ((getuid() != geteuid()) ||
-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
-+    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
-        filename = MECH_CONF;
- 
-     if ((conffile = fopen(filename, "r")) == NULL) {
diff --git a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
deleted file mode 100644
index 4a9ba33..0000000
--- a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Fix the warning for getuid, geteuid
-g_initialize.c: In function 'linux_initialize':
-g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
-g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
-diff --git a/src/g_initialize.c b/src1/g_initialize.c
-index 82fcce1..200f173 100644
--- a/src/g_initialize.c
-+++ b/src/g_initialize.c
-@@ -29,6 +29,8 @@
- #include "mglueP.h"
- #include <stdlib.h>
- 
-+#include <unistd.h>   /*getuid, geteuid */
-+#include <sys/types.h>
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
diff --git a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
deleted file mode 100644
index 6dce3e7..0000000
--- a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-1) add free if malloc failed for (*mechanisms)->elements
-2) g_inq_cred.c: In function 'gss_inquire_cred':
-g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
--- a/src/g_inq_cred.c
-+++ b/src/g_inq_cred.c
-@@ -152,13 +152,15 @@ gss_OID_set *             mechanisms;
-                             union_cred->count);
-        if ((*mechanisms)->elements == NULL) {
-            *minor_status = ENOMEM;
-+           free(*mechanisms);
-+           *mechanisms = GSS_C_NO_OID_SET;
-            return (GSS_S_FAILURE);
-        }
- 
-        for (i=0; i < union_cred->count; i++) {
-           status = generic_gss_copy_oid(minor_status,
-+           status = generic_gss_add_oid_set_member(minor_status,
-                                          &union_cred->mechs_array[i],
-                                         &((*mechanisms)->elements[i]));
-+                                         mechanisms);
-            if (status != GSS_S_COMPLETE)
-                break;
-        }
diff --git a/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/recipes-security/libgssglue/files/libgssglue-mglueP.patch
deleted file mode 100644
index 6c9ebf0..0000000
--- a/recipes-security/libgssglue/files/libgssglue-mglueP.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-fix the warning:
-warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
--- a/src/mglueP.h
-+++ b/src/mglueP.h
-@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
-            gss_OID *           /* new_oid */
-            );
- 
-+OM_uint32 generic_gss_copy_oid_set
-+          (OM_uint32 *minor_status,    /* minor_status */
-+           const gss_OID_set_desc * const oidset,      /* oid */
-+           gss_OID_set *new_oidset                     /* new_oid */
-+          );
-+
- OM_uint32 generic_gss_create_empty_oid_set
-           (OM_uint32 *,        /* minor_status */
-            gss_OID_set *       /* oid_set */
diff --git a/recipes-security/libgssglue/libgssglue_0.4.bb b/recipes-security/libgssglue/libgssglue_0.7.bb
index 3085ee6..26bd2f3 100644
--- a/recipes-security/libgssglue/libgssglue_0.4.bb
+++ b/recipes-security/libgssglue/libgssglue_0.7.bb
@@ -15,27 +15,24 @@ LICENSE = "BSD-3-Clause | HPND"
 #Copyright 1995 by the Massachusetts Institute of Technology.  HPND without Disclaimer
 #Copyright 1993 by OpenVision Technologies, Inc.               HPND
 LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
-                    file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \
+                    file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=da8ca7a37bd26e576c23874d453751d2\
                    file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
-                    file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \
+                    file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0\
-                    file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \
+                    file://src/oid_ops.c;beginline=378;endline=398;md5=d77a5c03e91908fac453c08bbeaddce1\
 "
-SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.bz2 \
+SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.gz \
           file://libgssglue-canon-name.patch  \
-           file://libgssglue-gss-inq-cred.patch  \
-           file://libgssglue-mglueP.patch \
-           file://libgssglue-g-initialize.patch \
-           file://libgssglue-fix-CVE-2011-2709.patch \
 "
-SRC_URI[md5sum] = "5ce81940965fa68c7635c42dcafcddfe"
+SRC_URI[sha256sum] = "bcd618ae0bc69f12815d77295658a760e7edc20706b9a731a81da8993f5c970a"
-SRC_URI[sha256sum] = "bb47b2de78409f461811d0db8595c66e6631a9879c3621a35e4434b104ee52f5"
-# gssglue can use krb5, spkm3... as gssapi library, configurable
+inherit autotools-brokensep
-RRECOMMENDS:${PN} += "krb5"
-inherit autotools
+do_configure:prepend() {
+    cd ${S}
+    ./bootstrap
+}
 do_install:append() {
    # install some docs
@@ -49,3 +46,6 @@ do_install:append() {
    # change the libgssapi_krb5.so path and name(it is .so.2)
    sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
 }
+# gssglue can use krb5, spkm3... as gssapi library, configurable
+RRECOMMENDS:${PN} += "krb5"
author	Armin Kuster <akuster808@gmail.com>	2022-09-25 13:27:39 -0400
committer	Armin Kuster <akuster808@gmail.com>	2022-09-25 13:37:57 -0400
commit	b29ce7d47d8024151177113221bf87dbd07b9c41 (patch)
tree	e018316d5fee8336d53285e34b6b595f06b78d21
parent	852daaf67b4f548beca959dea10baf6a20ffad6a (diff)
download	meta-security-b29ce7d47d8024151177113221bf87dbd07b9c41.tar.gz

diff --git a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch deleted file mode 100644 index 6aa1a65..0000000 --- a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch +++ /dev/null
@@ -1,43 +0,0 @@
1	Use secure_getenv instead of getenv for setuid programs
2
3	(bnc#694598 CVE-2011-2709 bnc#831805)
4
5	import from:
6	https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
7
8	Upstream-Status: Pending
9
10	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
11
12	diff --git a/src/g_initialize.c b/src/g_initialize.c
13	index 200f173..935a9fa 100644
14	--- a/src/g_initialize.c
15	+++ b/src/g_initialize.c
16	@@ -26,6 +26,7 @@
17	* This function will initialize the gssapi mechglue library
18	*/
19
20	+#define _GNU_SOURCE
21	#include "mglueP.h"
22	#include <stdlib.h>
23
24	@@ -197,8 +198,7 @@ static void solaris_initialize ()
25	void *dl;
26	gss_mechanism (*sym)(void), mech;
27
28	- if ((getuid() != geteuid()) \|\|
29	- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
30	+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
31	filename = MECH_CONF;
32
33	if ((conffile = fopen(filename, "r")) == NULL) {
34	@@ -274,8 +274,7 @@ static void linux_initialize ()
35	void *dl;
36	gss_mechanism (*sym)(void), mech;
37
38	- if ((getuid() != geteuid()) \|\|
39	- ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
40	+ if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
41	filename = MECH_CONF;
42
43	if ((conffile = fopen(filename, "r")) == NULL) {


diff --git a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch deleted file mode 100644 index 4a9ba33..0000000 --- a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch +++ /dev/null
@@ -1,21 +0,0 @@
1	Fix the warning for getuid, geteuid
2	g_initialize.c: In function 'linux_initialize':
3	g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
4	g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
5
6	Upstream-Status: Pending
7	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
8
9	diff --git a/src/g_initialize.c b/src1/g_initialize.c
10	index 82fcce1..200f173 100644
11	--- a/src/g_initialize.c
12	+++ b/src/g_initialize.c
13	@@ -29,6 +29,8 @@
14	#include "mglueP.h"
15	#include <stdlib.h>
16
17	+#include <unistd.h> /getuid, geteuid /
18	+#include <sys/types.h>
19	#include <stdio.h>
20	#include <string.h>
21	#include <ctype.h>


diff --git a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch deleted file mode 100644 index 6dce3e7..0000000 --- a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch +++ /dev/null
@@ -1,27 +0,0 @@
1	1) add free if malloc failed for (*mechanisms)->elements
2	2) g_inq_cred.c: In function 'gss_inquire_cred':
3	g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
4
5	Upstream-Status: Pending
6	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
7
8	--- a/src/g_inq_cred.c
9	+++ b/src/g_inq_cred.c
10	@@ -152,13 +152,15 @@ gss_OID_set * mechanisms;
11	union_cred->count);
12	if ((*mechanisms)->elements == NULL) {
13	*minor_status = ENOMEM;
14	+ free(*mechanisms);
15	+ *mechanisms = GSS_C_NO_OID_SET;
16	return (GSS_S_FAILURE);
17	}
18
19	for (i=0; i < union_cred->count; i++) {
20	- status = generic_gss_copy_oid(minor_status,
21	+ status = generic_gss_add_oid_set_member(minor_status,
22	&union_cred->mechs_array[i],
23	- &((*mechanisms)->elements[i]));
24	+ mechanisms);
25	if (status != GSS_S_COMPLETE)
26	break;
27	}


diff --git a/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/recipes-security/libgssglue/files/libgssglue-mglueP.patch deleted file mode 100644 index 6c9ebf0..0000000 --- a/recipes-security/libgssglue/files/libgssglue-mglueP.patch +++ /dev/null
@@ -1,21 +0,0 @@
1	fix the warning:
2	warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
3
4	Upstream-Status: Pending
5	Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
6
7	--- a/src/mglueP.h
8	+++ b/src/mglueP.h
9	@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
10	gss_OID * /* new_oid */
11	);
12
13	+OM_uint32 generic_gss_copy_oid_set
14	+ (OM_uint32 minor_status, / minor_status */
15	+ const gss_OID_set_desc * const oidset, /* oid */
16	+ gss_OID_set new_oidset / new_oid */
17	+ );
18	+
19	OM_uint32 generic_gss_create_empty_oid_set
20	(OM_uint32 , / minor_status */
21	gss_OID_set * /* oid_set */


diff --git a/recipes-security/libgssglue/libgssglue_0.4.bb b/recipes-security/libgssglue/libgssglue_0.7.bb index 3085ee6..26bd2f3 100644 --- a/recipes-security/libgssglue/libgssglue_0.4.bb +++ b/recipes-security/libgssglue/libgssglue_0.7.bb
@@ -15,27 +15,24 @@ LICENSE = "BSD-3-Clause \| HPND"
15	#Copyright 1995 by the Massachusetts Institute of Technology. HPND without Disclaimer	15	#Copyright 1995 by the Massachusetts Institute of Technology. HPND without Disclaimer
16	#Copyright 1993 by OpenVision Technologies, Inc. HPND	16	#Copyright 1993 by OpenVision Technologies, Inc. HPND
17	LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \	17	LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
18	file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \	18	file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=da8ca7a37bd26e576c23874d453751d2\
19	file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \	19	file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
20	file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \	20	file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0\
21	file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \	21	file://src/oid_ops.c;beginline=378;endline=398;md5=d77a5c03e91908fac453c08bbeaddce1\
22	"	22	"
23		23
24	SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.bz2 \	24	SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.gz \
25	file://libgssglue-canon-name.patch \	25	file://libgssglue-canon-name.patch \
26	file://libgssglue-gss-inq-cred.patch \
27	file://libgssglue-mglueP.patch \
28	file://libgssglue-g-initialize.patch \
29	file://libgssglue-fix-CVE-2011-2709.patch \
30	"	26	"
31		27
32	SRC_URI[md5sum] = "5ce81940965fa68c7635c42dcafcddfe"	28	SRC_URI[sha256sum] = "bcd618ae0bc69f12815d77295658a760e7edc20706b9a731a81da8993f5c970a"
33	SRC_URI[sha256sum] = "bb47b2de78409f461811d0db8595c66e6631a9879c3621a35e4434b104ee52f5"
34		29
35	# gssglue can use krb5, spkm3... as gssapi library, configurable	30	inherit autotools-brokensep
36	RRECOMMENDS:${PN} += "krb5"
37		31
38	inherit autotools	32	do_configure:prepend() {
		33	cd ${S}
		34	./bootstrap
		35	}
39		36
40	do_install:append() {	37	do_install:append() {
41	# install some docs	38	# install some docs
@@ -49,3 +46,6 @@ do_install:append() {
49	# change the libgssapi_krb5.so path and name(it is .so.2)	46	# change the libgssapi_krb5.so path and name(it is .so.2)
50	sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf	47	sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
51	}	48	}
		49
		50	# gssglue can use krb5, spkm3... as gssapi library, configurable
		51	RRECOMMENDS:${PN} += "krb5"