main/apache-mod-auth-kerb: merged gentoo patch

Patch picked from gentoo for "krb5_rc_dfl_init: symbol not found" error
Related to issue: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11973

3 files changed, 118 insertions, 1 deletions

diff --git a/main/apache-mod-auth-kerb/APKBUILD b/main/apache-mod-auth-kerb/APKBUILD
index 9cc1751f069..69aaac30948 100644
--- a/main/apache-mod-auth-kerb/APKBUILD
+++ b/main/apache-mod-auth-kerb/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=apache-mod-auth-kerb
 _pkgname=mod_auth_kerb
 pkgver=5.4
-pkgrel=7
+pkgrel=8
 pkgdesc="A Kerberos authentication module for the Apache Http Server"
 url="https://sourceforge.net/projects/modauthkerb/"
 arch="all"
@@ -15,6 +15,8 @@ source="https://downloads.sourceforge.net/project/modauthkerb/mod_auth_kerb/mod_
 	mod_auth_kerb-5.4-httpd24.patch
 	mod_auth_kerb_compile.patch
 	krb5-1.18-fix.patch
+	mod_auth_kerb-5.4-rcopshack.patch
+	mod_auth_kerb-5.4-fixes.patch
 	mod-auth-kerb.conf
 	"
 builddir="$srcdir"/$_pkgname-$pkgver
@@ -41,4 +43,6 @@ sha512sums="93fdf0e43af1c24e8c8204d09240b708747068ef99dd8d21b45cb4d132d31e6d582d
 fb7c8b18adce99c1bd200a8c1dd7794d0ecee49aa6308180b03537be160ea4426150f1421be9e2462f036296fbd220aa823a2689023899c66817baea8416aad9  mod_auth_kerb-5.4-httpd24.patch
 f8fd9cce15593592995a53374a7dbbf6171c4f5e9e82d5bf59953fcfa6fa81cf6890ec4c9ddc2e0963060ea34e98b590f037b1f0274c284085350e6bc4792748  mod_auth_kerb_compile.patch
 f375dd027eb4b2094a39d321379dade5449a6daac0306eae9bc517344df4e5e65b59ba7b84617df328b00141740da5e515d3f20a448100ee1d95aab9f60e1152  krb5-1.18-fix.patch
+4da4e51baec036fdf035ee6f215453129b4b93a7733887834c08c0c5a7610ebe8e0981ad34a5cd5ed86af58c926bd65417fe09f64ce42d56b41e5051b96f6ca5  mod_auth_kerb-5.4-rcopshack.patch
+4881deb0accbd1ebff88a210036f2c66d443625727580ca25a8a403a96a8fa39edc2a01769584a474d1a1dbf028438a754319c3e318b2bef9114db754d542112  mod_auth_kerb-5.4-fixes.patch
 b6cfa12dbfd37f98de4d5b23f16462efbfa394d4e9dd6a15772aa18fbec0704c3d9f6e5d242d501a8f1c3091abf893de261115ee54ea31d9d9e0a4d1724473a4  mod-auth-kerb.conf"
diff --git a/main/apache-mod-auth-kerb/mod_auth_kerb-5.4-fixes.patch b/main/apache-mod-auth-kerb/mod_auth_kerb-5.4-fixes.patch
new file mode 100644
index 00000000000..b86be697ae0
--- /dev/null
+++ b/main/apache-mod-auth-kerb/mod_auth_kerb-5.4-fixes.patch
@@ -0,0 +1,40 @@
+
+Compiler warning fixes.
+
+--- mod_auth_kerb-5.4/src/mod_auth_kerb.c.fixes
++++ mod_auth_kerb-5.4/src/mod_auth_kerb.c
+@@ -677,7 +677,8 @@ end:
+ static krb5_error_code
+ verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
+       		 const char *password, krb5_principal server,
+-		 krb5_keytab keytab, int krb_verify_kdc, char *krb_service_name, krb5_ccache *ccache)
++		 krb5_keytab keytab, int krb_verify_kdc, 
++                 const char *krb_service_name, krb5_ccache *ccache)
+ {
+    krb5_creds creds;
+    krb5_get_init_creds_opt options;
+@@ -1280,6 +1281,7 @@ get_gss_creds(request_rec *r,
+    return 0;
+ }
+ 
++#ifndef GSSAPI_SUPPORTS_SPNEGO
+ static int
+ cmp_gss_type(gss_buffer_t token, gss_OID oid)
+ {
+@@ -1306,6 +1308,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID
+ 
+    return memcmp(p, oid->elements, oid->length);
+ }
++#endif
+ 
+ static int
+ authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
+@@ -1722,7 +1725,7 @@ kerb_authenticate_user(request_rec *r)
+    return ret;
+ }
+ 
+-int
++static int
+ have_rcache_type(const char *type)
+ {
+    krb5_error_code ret;
diff --git a/main/apache-mod-auth-kerb/mod_auth_kerb-5.4-rcopshack.patch b/main/apache-mod-auth-kerb/mod_auth_kerb-5.4-rcopshack.patch
new file mode 100644
index 00000000000..abbf4dba47b
--- /dev/null
+++ b/main/apache-mod-auth-kerb/mod_auth_kerb-5.4-rcopshack.patch
@@ -0,0 +1,73 @@
+
+Remove the Krb5 1.3.x-specific hack which mucks about with
+libkrb5 internals, and shouldn't.
+
+--- mod_auth_kerb-5.4/src/mod_auth_kerb.c.rcopshack
++++ mod_auth_kerb-5.4/src/mod_auth_kerb.c
+@@ -285,34 +285,6 @@ mkstemp(char *template)
+ }
+ #endif
+ 
+-#if defined(KRB5) && !defined(HEIMDAL)
+-/* Needed to work around problems with replay caches */
+-#include "mit-internals.h"
+-
+-/* This is our replacement krb5_rc_store function */
+-static krb5_error_code KRB5_LIB_FUNCTION
+-mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache,
+-                       krb5_donot_replay_internal *donot_replay)
+-{
+-   return 0;
+-}
+-
+-/* And this is the operations vector for our replay cache */
+-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
+-  0,
+-  "dfl",
+-  krb5_rc_dfl_init,
+-  krb5_rc_dfl_recover,
+-  krb5_rc_dfl_destroy,
+-  krb5_rc_dfl_close,
+-  mod_auth_kerb_rc_store,
+-  krb5_rc_dfl_expunge,
+-  krb5_rc_dfl_get_span,
+-  krb5_rc_dfl_get_name,
+-  krb5_rc_dfl_resolve
+-};
+-#endif
+-
+ /*************************************************************************** 
+  Auth Configuration Initialization
+  ***************************************************************************/
+@@ -1252,31 +1224,6 @@ get_gss_creds(request_rec *r,
+       return HTTP_INTERNAL_SERVER_ERROR;
+    }
+ 
+-#ifndef HEIMDAL
+-   /*
+-    * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as
+-    * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to
+-    * the replay cache.
+-    * This allows us to override the replay cache function vector with
+-    * our own one.
+-    * Note that this is a dirty hack to get things working and there may
+-    * well be unknown side-effects.
+-    */
+-   {
+-      krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds;
+-
+-      /* First we try to verify we are linked with 1.3.x to prevent from
+-         crashing when linked with 1.4.x */
+-      if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) {
+-	 if (gss_creds->rcache && gss_creds->rcache->ops &&
+-	     gss_creds->rcache->ops->type &&  
+-	     memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
+-          /* Override the rcache operations */
+-	 gss_creds->rcache->ops = &mod_auth_kerb_rc_ops;
+-      }
+-   }
+-#endif
+-   
+    return 0;
+ }
+