From b8fda33ba531f9c30989f2dfbcbd649a4322fa67 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 30 Apr 2013 14:44:19 +0000
Subject: main/libtirpc: upgrade to 0.2.3 and switch to MIT krb

ref #1609
---
 main/libtirpc/APKBUILD              |  29 ++++++---
 main/libtirpc/gssglue.patch         | 113 ++++++++++++++++++++++++++++++++++++
 main/libtirpc/libtirpc-no-des.patch |  31 ++++------
 3 files changed, 145 insertions(+), 28 deletions(-)
 create mode 100644 main/libtirpc/gssglue.patch

(limited to 'main')

diff --git a/main/libtirpc/APKBUILD b/main/libtirpc/APKBUILD
index 9ba43179d..029d7d33d 100644
--- a/main/libtirpc/APKBUILD
+++ b/main/libtirpc/APKBUILD
@@ -1,27 +1,28 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libtirpc
-pkgver=0.2.2
-pkgrel=3
+pkgver=0.2.3
+pkgrel=0
 pkgdesc="Transport Independent RPC library (SunRPC replacement)"
 url="http://libtirpc.sourceforge.net/"
 arch="all"
 license="GPL2"
 depends=
-makedepends="libgssglue-dev heimdal-dev autoconf automake libtool"
+depends_dev="krb5-dev"
+makedepends="$depends_dev autoconf automake libtool"
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2
 	nis.h
+	gssglue.patch
 	libtirpc-no-des.patch
 	automake.patch"
 
-depends_dev="libgssglue-dev heimdal-dev"
 prepare() {
 	cd "$srcdir"/$pkgname-$pkgver
 	for i in $source; do
 		case $i in
 		*.patch)
 			msg "Applying $i"
-			patch -p1 -i "$srcdir"/$i || return 1
+			patch -N -p1 -i "$srcdir"/$i || return 1
 			;;
 		esac
 	done
@@ -36,7 +37,8 @@ prepare() {
 build() {
 	cd "$srcdir"/$pkgname-$pkgver
 	./configure --prefix=/usr \
-		--enable-gss
+		--enable-gss \
+		|| return 1
 	make || return 1
 }
 
@@ -46,7 +48,18 @@ package() {
 	rm "$pkgdir"/usr/lib/*.la || return 1
 	install -D -m644 doc/etc_netconfig "$pkgdir"/etc/netconfig
 }
-md5sums="74c41c15c2909f7d11d9c7bfa7db6273  libtirpc-0.2.2.tar.bz2
+md5sums="b70e6c12a369a91e69fcc3b9feb23d61  libtirpc-0.2.3.tar.bz2
 082dff1bc78bdcbac6d305c1534fe3c0  nis.h
-1f1afd528c327975e40ffe77b2d9e13d  libtirpc-no-des.patch
+7c50e2381f103cc9b84a86fad9b8eac5  gssglue.patch
+80e8f54aab0f5bed37e58ad79fe4ff2b  libtirpc-no-des.patch
 5cac96c765922f33de61a215aa264a7f  automake.patch"
+sha256sums="4f29ea0491b4ca4c29f95f3c34191b857757873bbbf4b069f9dd4da01a6a923c  libtirpc-0.2.3.tar.bz2
+7149d53da167168cbad9e75cbab302768f659e59e208763b1bf5df2a6ff3bfdb  nis.h
+02658756777563dccb3904a00e87fa562eddeab0fe15ef0c6c21893b2d8619aa  gssglue.patch
+5b7c8f6d19f17541902dfd1b1132f2b07e4cc0987152d4e8007243e776d4d47f  libtirpc-no-des.patch
+6188b7236b1f9088ad09749eed6407bd7b75fe37d1569a19977f44d15ec6a10c  automake.patch"
+sha512sums="dd480fcb6feda4a2bba7e5a5dc9b1f523697a39ddaa44a5742405f66d202996d99a562a31dbf6daf06e9b7ce5d82dfd1cce7b76a34466b92f84176e77498163d  libtirpc-0.2.3.tar.bz2
+15edac1e30cc1aa65ca495bae14c6c7455d65ca539b7e5c865c3fbd5a51c76966b37dd34e9a6483aadcaea3602aefb0b48cdb46f877dae1c65dfa6840dfd8c54  nis.h
+3dd3d4a082b1b9bb82c358a5b74e6c5f23fdd522ea2875fc27a7b1035e04b14aeec30db08aa3ce5c0168df325e540799bf6f55c3a67226e05cf52de11968ad86  gssglue.patch
+9a984a7741deb943f92cd8a9f23d1a0e09a01e91aa88268456ccbb7998b24f50ad431e26400def3a8ba9d6cd345e5abccf5acf9c59708ce8f0653275c2ea5d61  libtirpc-no-des.patch
+dcbc55ed5551703799e6a690e65dbdbd9cc0293c0392a1a3c2d52bc9e91e8b0e18b89fa146f78fea8476c04409b766b6cdbde38a5f226d32043987ca1471634c  automake.patch"
diff --git a/main/libtirpc/gssglue.patch b/main/libtirpc/gssglue.patch
new file mode 100644
index 000000000..d16f815bc
--- /dev/null
+++ b/main/libtirpc/gssglue.patch
@@ -0,0 +1,113 @@
+From 9151a39539145e1f62f8b30168d1cdeb19299dac Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 26 Mar 2013 11:13:05 -0400
+Subject: [PATCH 1/2] Switch to use standard GSSAPI by default
+
+Make libgssglue configurable still but disabled by default.
+There is no reason to use libgssglue anymore, and modern gssapi
+supports all needed features for libtirpc and its dependencies.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ configure.ac    | 23 +++++++++++++++++++----
+ src/Makefile.am |  4 ++--
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 40dce96..4a4adba 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -5,15 +5,30 @@ AC_CONFIG_SRCDIR([src/auth_des.c])
+ AC_CONFIG_MACRO_DIR([m4])
+ 
+ AC_ARG_ENABLE(gss,[  --enable-gss            Turn on gss api], [case "${enableval}" in
+-        yes) gss=true ; AC_CHECK_LIB([gssapi],[gss_init_sec_context]) ;;
++        yes) gss=true ;;
+         no)  gss=false ;;
+         *) AC_MSG_ERROR(bad value ${enableval} for --enable-gss) ;;
+       esac],[gss=false])
+ AM_CONDITIONAL(GSS, test x$gss = xtrue)
++AC_ARG_WITH(gssglue,
++		[  --with-gssglue        Use libgssglue],
++		 [case "${enableval}" in
++		  yes) gssglue=true ;;
++		  no)  gssglue=false ;;
++		  *) AC_MSG_ERROR(bad value ${enableval} for --with-gssglue) ;;
++		  esac],
++		[gssglue=false])
++AM_CONDITIONAL(USEGSSGLUE, test x$gssglue = xtrue)
+ if test x$gss = xtrue; then
+-	AC_DEFINE(HAVE_LIBGSSAPI, 1, [])
+-	PKG_CHECK_MODULES(GSSGLUE, libgssglue, [],
+-	AC_MSG_ERROR([Unable to locate information required to use libgssglue.]))
++	if test x$gssglue = xtrue; then
++		PKG_CHECK_MODULES(GSSAPI, libgssglue, [],
++		AC_MSG_ERROR([Unable to locate information required to use libgssglue.]))
++	else
++		GSSAPI_CFLAGS=`krb5-config --cflags gssapi`
++		GSSAPI_LIBS=`krb5-config --libs gssapi`
++		AC_SUBST([GSSAPI_CFLAGS])
++		AC_SUBST([GSSAPI_LIBS])
++	fi
+ fi
+ AC_ARG_ENABLE(ipv6,
+ 	[AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])],
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 66350f5..2dd7768 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -58,8 +58,8 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_ref
+ ## Secure-RPC
+ if GSS
+     libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c
+-    libtirpc_la_LDFLAGS += $(GSSGLUE_LIBS)
+-    libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSGLUE_CFLAGS)
++    libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
++    libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
+ endif
+ 
+ ## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
+-- 
+1.8.1.4
+
+
+From 4072a0bb8b619cab027bb3833785768681da4ed5 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 10 Apr 2013 11:38:14 -0400
+Subject: [PATCH 2/2] gss: Fix private data giveaway
+
+When the private data is given away the gss context also needs to go,
+because the caller may destroy it, such as when the context is exported
+into a lucid context to hand it to the kernel.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/auth_gss.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/auth_gss.c b/src/auth_gss.c
+index 81ae8ae..703bc3f 100644
+--- a/src/auth_gss.c
++++ b/src/auth_gss.c
+@@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
+ 	 * send an RPCSEC_GSS_DESTROY request which might inappropriately
+ 	 * destroy the context.
+ 	 */
++        gd->ctx = GSS_C_NO_CONTEXT;
+ 	gd->gc.gc_ctx.length = 0;
+ 	gd->gc.gc_ctx.value = NULL;
+ 
+@@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss_private_data *pd)
+ 	if (!pd)
+ 		return (FALSE);
+ 
+-	pd->pd_ctx = NULL;
++	if (pd->pd_ctx != GSS_C_NO_CONTEXT)
++		gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL);
+ 	gss_release_buffer(&min_stat, &pd->pd_ctx_hndl);
+ 	memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl));
+ 	pd->pd_seq_win = 0;
+-- 
+1.8.1.4
+
diff --git a/main/libtirpc/libtirpc-no-des.patch b/main/libtirpc/libtirpc-no-des.patch
index 7ebb6447c..cfbdc0f15 100644
--- a/main/libtirpc/libtirpc-no-des.patch
+++ b/main/libtirpc/libtirpc-no-des.patch
@@ -1,23 +1,3 @@
---- libtirpc-0.2.2.orig/src/Makefile.am
-+++ libtirpc-0.2.2/src/Makefile.am
-@@ -40,7 +40,7 @@
- # release number of your package. This is an abuse that only fosters
- # misunderstanding of the purpose of library versions."
- #
--libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:10:0
-+libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
- 
- libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
-         clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
-@@ -50,7 +50,7 @@
-         rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
-         rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_generic.c \
-         svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
--        auth_time.c auth_des.c authdes_prot.c des_crypt.c
-+        auth_time.c
- 
- ## XDR
- libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
 --- libtirpc-0.2.2.orig/src/rpc_soc.c
 +++ libtirpc-0.2.2/src/rpc_soc.c
 @@ -515,6 +515,7 @@
@@ -36,3 +16,14 @@
  
  /*
   * Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
+--- ./src/Makefile.am.orig	2013-04-30 13:04:37.238373230 +0000
++++ ./src/Makefile.am	2013-04-30 13:04:52.498522653 +0000
+@@ -50,7 +50,7 @@
+         rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
+         rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
+         svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
+-        auth_time.c auth_des.c authdes_prot.c
++        auth_time.c
+ 
+ ## XDR
+ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
-- 
cgit v1.2.3