diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..65394e7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/GSSAPI-0.28.tar.gz diff --git a/.perl-GSSAPI.metadata b/.perl-GSSAPI.metadata new file mode 100644 index 0000000..98fb750 --- /dev/null +++ b/.perl-GSSAPI.metadata @@ -0,0 +1 @@ +c857485532e92e266a75b56ed247284f94b2d3d4 SOURCES/GSSAPI-0.28.tar.gz diff --git a/SOURCES/GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch b/SOURCES/GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch new file mode 100644 index 0000000..a85b332 --- /dev/null +++ b/SOURCES/GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch @@ -0,0 +1,79 @@ +From 159042c71bbdd5909f792208dcdffffb1674ecfe Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 19 Aug 2021 16:07:06 +0200 +Subject: [PATCH] Fix a crash in gss_release_oid() when destructing out_mech + returned by gss_accept_sec_context() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If Perl GSSAPI was built against MIT krb5, an example gss-server.pl +script crashed like this: + + Program terminated with signal SIGSEGV, Segmentation fault. + #0 0x00007f27f3d48b23 in __GI___libc_free (mem=) + at malloc.c:3131 + 3131 ar_ptr = arena_for_chunk (p); + (gdb) bt + #0 0x00007f27f3d48b23 in __GI___libc_free (mem=) + at malloc.c:3131 + #1 0x00007f27f2fe17c6 in generic_gss_release_oid ( + minor_status=minor_status@entry=0x7fffc750333c, + oid=oid@entry=0x7fffc7503340) at oid_ops.c:102 + #2 0x00007f27f2fee6df in gss_release_oid ( + minor_status=minor_status@entry=0x7fffc750333c, + oid=oid@entry=0x7fffc7503340) at g_initialize.c:202 + #3 0x00007f27f322f5cf in XS_GSSAPI__OID_DESTROY (my_perl=, + cv=0x564037c87130) at ./xs/OID.xs:24 + #4 0x00007f27f4f58149 in Perl_pp_entersub (my_perl=0x5640378d42a0) + at pp_hot.c:4227 + +The cause is that gss_accept_sec_context() returns a pointer to +a static storage in out_mech argument. When GSSAPI passed out_mech to +a desctructor, the invoked gss_release_oid() crashed when freeing the +memory. + +Accoding to RFC 2744, the static storage is correct. Hence the flaw is +on Perl GSSAPI side. This patch fixes it by copying the out_mech OID +object on a heap which is then correctly processed by +gss_release_oid(). + +CPAN RT#121873. + +Signed-off-by: Petr Písař +--- + xs/Context.xs | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/xs/Context.xs b/xs/Context.xs +index d176f08..4549595 100644 +--- a/xs/Context.xs ++++ b/xs/Context.xs +@@ -80,6 +80,24 @@ accept(context, acc_cred, in_token, binding, out_name, out_mech, out_token, out_ + &in_token, binding, out_name, out_mech, + &out_token, out_flags, out_time, + delegated_cred); ++#if !defined(HEIMDAL) ++ if (out_mech && *out_mech) { ++ /* RFC 2744 documents that the returned *out_mech is a pointer ++ * to static data. To prevent from freeing them when destructing ++ * out_mech, we change *out_mech into a pointer to a heap-allocated ++ * buffer with the same content. Otherwise, MITKRB5-provided ++ * gss_release_oid() deallocator which cannot recognize this static ++ * storage would crash. We use malloc() because gss_release_oid() used ++ * free(). */ ++ GSSAPI__OID copy = malloc(sizeof(*copy)); ++ if (!copy) croak("Not enough memory for copying out_mech!"); ++ copy->elements = malloc((*out_mech)->length); ++ if (!copy->elements) croak("Not enough memory for copying out_mech!"); ++ memcpy(copy->elements, (*out_mech)->elements, (*out_mech)->length); ++ copy->length = (*out_mech)->length; ++ *out_mech = copy; ++ } ++#endif + OUTPUT: + RETVAL + context +-- +2.31.1 + diff --git a/SPECS/perl-GSSAPI.spec b/SPECS/perl-GSSAPI.spec new file mode 100644 index 0000000..85ddb02 --- /dev/null +++ b/SPECS/perl-GSSAPI.spec @@ -0,0 +1,236 @@ +# +# Rebuild option: +# +# --with testsuite - run the test suite +# + +Name: perl-GSSAPI +Version: 0.28 +Release: 37%{?dist} +Summary: Perl extension providing access to the GSSAPIv2 library +License: GPL+ or Artistic +URL: https://metacpan.org/release/GSSAPI +Source0: https://cpan.metacpan.org/authors/id/A/AG/AGROLMS/GSSAPI-%{version}.tar.gz +# Fix a crash in gss_release_oid() when destructing out_mech (rhbz #1994263, CPAN RT#121873) +Patch0: GSSAPI-0.28-Fix-a-crash-in-gss_release_oid-when-destructing-out_.patch +BuildRequires: make +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: krb5-devel +BuildRequires: which +%{?_with_testsuite:BuildRequires: perl(constant)} +%{?_with_testsuite:BuildRequires: perl(Carp)} +%{?_with_testsuite:BuildRequires: perl(Exporter)} +BuildRequires: perl-devel +BuildRequires: perl-generators +BuildRequires: perl-interpreter +BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 +%{?_with_testsuite:BuildRequires: perl(ExtUtils::testlib)} +BuildRequires: perl(Getopt::Long) +%{?_with_testsuite:BuildRequires: perl(Test::More)} +%{?_with_testsuite:BuildRequires: perl(Test::Pod) >= 1.00} +%{?_with_testsuite:BuildRequires: perl(XSLoader)} +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) + +%description +This module gives access to the routines of the GSSAPI library, as +described in rfc2743 and rfc2744 and implemented by the Kerberos-1.2 +distribution from MIT. + +%prep +%setup -q -n GSSAPI-%{version} +%patch0 -p1 +chmod -c a-x examples/*.pl + +%build +perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" NO_PACKLIST=1 NO_PERLLOCAL=1 +%{make_build} + +%install +%{make_install} +find %{buildroot} -type f -name '*.bs' -empty -delete +%{_fixperms} %{buildroot}/* + +%check +# fails a couple of tests if network not available +%{?_with_testsuite:make test} + +%files +%doc Changes README examples/ +%{perl_vendorarch}/auto/* +%{perl_vendorarch}/GSSAPI* +%{_mandir}/man3/* + +%changelog +* Thu Aug 19 2021 Jitka Plesnikova - 0.28-37 +- Resolves: rhbz#1994263 - Fix a crash in gss_release_oid() when destructing out_mech + +* Mon Aug 16 2021 Jitka Plesnikova - 0.28-36 +- Resolves: rhbz#1994263 - Fix comparison of OID structure + +* Mon Aug 09 2021 Mohan Boddu - 0.28-35 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.28-34 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 0.28-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0.28-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jun 22 2020 Jitka Plesnikova - 0.28-31 +- Perl 5.32 rebuild + +* Tue Feb 04 2020 Tom Stellard - 0.28-30 +- Spec file cleanups: Use make_build and make_install macros +- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make +- https://fedoraproject.org/wiki/Perl/Tips#ExtUtils::MakeMake + +* Thu Jan 30 2020 Fedora Release Engineering - 0.28-29 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 0.28-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu May 30 2019 Jitka Plesnikova - 0.28-27 +- Perl 5.30 rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 0.28-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 0.28-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jun 27 2018 Jitka Plesnikova - 0.28-24 +- Perl 5.28 rebuild + +* Mon Feb 19 2018 Jitka Plesnikova - 0.28-23 +- Add build-require gcc + +* Thu Feb 08 2018 Fedora Release Engineering - 0.28-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.28-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.28-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 04 2017 Jitka Plesnikova - 0.28-19 +- Perl 5.26 rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 0.28-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun May 15 2016 Jitka Plesnikova - 0.28-17 +- Perl 5.24 rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 0.28-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 0.28-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Jitka Plesnikova - 0.28-14 +- Perl 5.22 rebuild + +* Wed Aug 27 2014 Jitka Plesnikova - 0.28-13 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 0.28-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.28-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 0.28-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 0.28-9 +- Perl 5.18 rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 0.28-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Nov 06 2012 Petr Šabata - 0.28-7 +- Modernize the spec a bit and fix the deps + +* Fri Jul 20 2012 Fedora Release Engineering - 0.28-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Petr Pisar - 0.28-5 +- Perl 5.16 rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 0.28-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sun Jun 19 2011 Marcela Mašláňová - 0.28-3 +- Perl mass rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 0.28-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Dec 27 2010 Steven Pritchard 0.28-1 +- Update to 0.28. + +* Fri Dec 17 2010 Marcela Maslanova - 0.26-7 +- 661697 rebuild for fixing problems with vendorach/lib + +* Thu Jun 3 2010 Petr Pisar - 0.26-6 +- Do not source /etc/profile.d/krb5-devel.sh as krb5-devel-1.8.1-6 does not + provide it and places executables into standard PATH. + +* Sun May 02 2010 Marcela Maslanova - 0.26-5 +- Mass rebuild with perl-5.12.0 + +* Mon Dec 7 2009 Stepan Kasal - 0.26-4 +- rebuild against perl 5.10.1 + +* Sat Jul 25 2009 Fedora Release Engineering - 0.26-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 0.26-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu May 15 2008 Steven Pritchard 0.26-1 +- Update to 0.26. +- Cleanup a little to more closely match cpanspec output. +- BR ExtUtils::MakeMaker. + +* Mon Mar 3 2008 Tom "spot" Callaway 0.24-6 +- rebuild for new perl (again) + +* Tue Feb 19 2008 Fedora Release Engineering - 0.24-5 +- Autorebuild for GCC 4.3 + +* Thu Feb 07 2008 Tom "spot" Callaway 0.24-4 +- rebuild for new perl + +* Thu Jan 03 2008 Steven Pritchard 0.24-3 +- Use sysconfdir macro instead of hard-coding /etc. + +* Sat Dec 08 2007 Steven Pritchard 0.24-2 +- Update License tag. +- Use fixperms macro instead of our own chmod incantation. +- Source in /etc/profile.d/krb5-devel.sh to get our path right. + +* Thu Feb 22 2007 Jose Pedro Oliveira - 0.24-1 +- Update to 0.24. + +* Sun Sep 10 2006 Jose Pedro Oliveira - 0.23-2 +- Rebuild for FC6. + +* Thu Aug 3 2006 Jose Pedro Oliveira - 0.23-1 +- Update to 0.23. + +* Mon May 29 2006 Jose Pedro Oliveira - 0.22-1 +- Update to 0.22. + +* Thu Apr 6 2006 Jose Pedro Oliveira - 0.21-1 +- Update to 0.21. + +* Fri Mar 31 2006 Jose Pedro Oliveira - 0.20-1 +- First build.