rpms/krb5/F-12 krb5-1.7-create_on_load.patch, NONE, 1.1 krb5.spec, 1.217, 1.218

Thu Jan 7 20:20:48 UTC 2010

Author: nalin

Update of /cvs/pkgs/rpms/krb5/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7515

Modified Files:
	krb5.spec 
Added Files:
	krb5-1.7-create_on_load.patch 
Log Message:
- pull in fix for #551764 ('kdb5_util load' fails without preexisting database)
  from devel branch


krb5-1.7-create_on_load.patch:
 kdb_db2.c |   28 +++-------------------------
 1 file changed, 3 insertions(+), 25 deletions(-)

--- NEW FILE krb5-1.7-create_on_load.patch ---
When we are about to rename the database, try to create one first, just in
case it's already there.  Ignore errors that crop up if there's actually one
there.  Pulled down from trunk.
diff -up krb5-1.7/src/plugins/kdb/db2/adb_openclose.c krb5-1.7/src/plugins/kdb/db2/adb_openclose.c
diff -up krb5-1.7/src/plugins/kdb/db2/kdb_db2.c krb5-1.7/src/plugins/kdb/db2/kdb_db2.c
--- krb5-1.7/src/plugins/kdb/db2/kdb_db2.c	2010-01-05 18:17:24.000000000 -0500
+++ krb5-1.7/src/plugins/kdb/db2/kdb_db2.c	2010-01-05 18:35:24.000000000 -0500
@@ -1745,13 +1745,10 @@ krb5_db2_db_rename(context, from, to)
      * files must exist because krb5_db2_db_lock, called below,
      * will fail otherwise.
      */
-    db = k5db2_dbopen(db_ctx, to, O_RDWR|O_CREAT, 0600, 0);
-    if (db == NULL) {
-	retval = errno;
+    retval = krb5_db2_db_create(context, to, 0);
+    if (retval != 0 && retval != EEXIST)
 	goto errout;
-    }
-    else
-	(*db->close)(db);
+
     /*
      * Set the database to the target, so that other processes sharing
      * the target will stop their activity, and notice the new database.
@@ -1764,25 +1761,6 @@ krb5_db2_db_rename(context, from, to)
     if (retval)
 	goto errout;
 
-    {
-	/* Ugly brute force hack.
-
-	   Should be going through nice friendly helper routines for
-	   this, but it's a mess of jumbled so-called interfaces right
-	   now.  */
-	char    policy[2048], new_policy[2048];
-	assert (strlen(db_ctx->db_name) < 2000);
-	snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
-	snprintf(new_policy, sizeof(new_policy),
-		 "%s~.kadm5", db_ctx->db_name);
-	if (0 != rename(new_policy, policy)) {
-	    retval = errno;
-	    goto errout;
-	}
-	strlcat(new_policy, ".lock",sizeof(new_policy));
-	(void) unlink(new_policy);
-    }
-
     db_ctx->db_lf_name = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT);
     if (db_ctx->db_lf_name == NULL) {
 	retval = ENOMEM;


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5.spec,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -p -r1.217 -r1.218
--- krb5.spec	4 Jan 2010 15:58:50 -0000	1.217
+++ krb5.spec	7 Jan 2010 20:20:48 -0000	1.218
@@ -1,16 +1,16 @@
-%define WITH_LDAP 1
-%define WITH_OPENSSL 1
-%define WITH_DIRSRV 1
+%global WITH_LDAP 1
+%global WITH_OPENSSL 1
+%global WITH_DIRSRV 1
 
-%define krb5prefix %{_prefix}/kerberos
+%global krb5prefix %{_prefix}/kerberos
 
 # For consistency with regular login.
-%define login_pam_service remote
+%global login_pam_service remote
 
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7
-Release: 15%{?dist}
+Release: 17%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -81,13 +81,14 @@ Patch89: krb5-1.7-largefile.patch
 Patch90: krb5-1.7-openssl-1.0.patch
 Patch91: krb5-1.7-spnego-deleg.patch
 Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
+Patch93: krb5-1.7-create_on_load.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf, bison, flex, gawk
-%if 0%{?fedora} >= 12
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 BuildRequires: libcom_err-devel, libss-devel
 %endif
 BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
@@ -112,7 +113,7 @@ practice of cleartext passwords.
 Summary: Development files needed to compile Kerberos 5 programs
 Group: Development/Libraries
 Requires: %{name}-libs = %{version}-%{release}
-%if 0%{?fedora} >= 12
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 Requires: libcom_err-devel
 %endif
 Requires: keyutils-libs-devel, libselinux-devel
@@ -217,6 +218,19 @@ to obtain initial credentials from a KDC
 certificate.
 
 %changelog
+* Wed Jan  6 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-17
+- put the conditional back for the -devel subpackage
+- back down to the earlier version of the patch for #551764; the backported
+  alternate version was incomplete
+
+* Tue Jan  5 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-16
+- use %%global instead of %%define
+- pull up proposed patch for creating previously-not-there lock files for
+  kdb databases when 'kdb5_util' is called to 'load' (#551764)
+
+* Mon Jan  4 2010 Dennis Gregorovic <dgregor at redhat.com>
+- fix conditional for future RHEL
+
 * Mon Jan  4 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-15
 - add upstream patch for KDC crash during referral processing (CVE-2009-3295),
   via Tom Yu (#545002)
@@ -1526,6 +1540,7 @@ popd
 %patch90 -p0 -b .openssl-1.0
 %patch91 -p0 -b .spnego-deleg
 %patch92 -p1 -b .2009-003
+%patch93 -p1 -b .create_on_load
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex


