rpms/krb5/F-12 krb5-1.7-create_on_load.patch, NONE, 1.1 krb5.spec, 1.217, 1.218
Nalin Dahyabhai
nalin at fedoraproject.org
Thu Jan 7 20:20:48 UTC 2010
- Previous message (by thread): rpms/nss_compat_ossl/F-12 .cvsignore, 1.8, 1.9 nss_compat_ossl.spec, 1.18, 1.19 sources, 1.8, 1.9 nss_compat_ossl-rootcert.patch, 1.1, NONE
- Next message (by thread): rpms/krb5/F-12 krb5-1.7-create_on_load.patch,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7515
Modified Files:
krb5.spec
Added Files:
krb5-1.7-create_on_load.patch
Log Message:
- pull in fix for #551764 ('kdb5_util load' fails without preexisting database)
from devel branch
krb5-1.7-create_on_load.patch:
kdb_db2.c | 28 +++-------------------------
1 file changed, 3 insertions(+), 25 deletions(-)
--- NEW FILE krb5-1.7-create_on_load.patch ---
When we are about to rename the database, try to create one first, just in
case it's already there. Ignore errors that crop up if there's actually one
there. Pulled down from trunk.
diff -up krb5-1.7/src/plugins/kdb/db2/adb_openclose.c krb5-1.7/src/plugins/kdb/db2/adb_openclose.c
diff -up krb5-1.7/src/plugins/kdb/db2/kdb_db2.c krb5-1.7/src/plugins/kdb/db2/kdb_db2.c
--- krb5-1.7/src/plugins/kdb/db2/kdb_db2.c 2010-01-05 18:17:24.000000000 -0500
+++ krb5-1.7/src/plugins/kdb/db2/kdb_db2.c 2010-01-05 18:35:24.000000000 -0500
@@ -1745,13 +1745,10 @@ krb5_db2_db_rename(context, from, to)
* files must exist because krb5_db2_db_lock, called below,
* will fail otherwise.
*/
- db = k5db2_dbopen(db_ctx, to, O_RDWR|O_CREAT, 0600, 0);
- if (db == NULL) {
- retval = errno;
+ retval = krb5_db2_db_create(context, to, 0);
+ if (retval != 0 && retval != EEXIST)
goto errout;
- }
- else
- (*db->close)(db);
+
/*
* Set the database to the target, so that other processes sharing
* the target will stop their activity, and notice the new database.
@@ -1764,25 +1761,6 @@ krb5_db2_db_rename(context, from, to)
if (retval)
goto errout;
- {
- /* Ugly brute force hack.
-
- Should be going through nice friendly helper routines for
- this, but it's a mess of jumbled so-called interfaces right
- now. */
- char policy[2048], new_policy[2048];
- assert (strlen(db_ctx->db_name) < 2000);
- snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
- snprintf(new_policy, sizeof(new_policy),
- "%s~.kadm5", db_ctx->db_name);
- if (0 != rename(new_policy, policy)) {
- retval = errno;
- goto errout;
- }
- strlcat(new_policy, ".lock",sizeof(new_policy));
- (void) unlink(new_policy);
- }
-
db_ctx->db_lf_name = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT);
if (db_ctx->db_lf_name == NULL) {
retval = ENOMEM;
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5.spec,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -p -r1.217 -r1.218
--- krb5.spec 4 Jan 2010 15:58:50 -0000 1.217
+++ krb5.spec 7 Jan 2010 20:20:48 -0000 1.218
@@ -1,16 +1,16 @@
-%define WITH_LDAP 1
-%define WITH_OPENSSL 1
-%define WITH_DIRSRV 1
+%global WITH_LDAP 1
+%global WITH_OPENSSL 1
+%global WITH_DIRSRV 1
-%define krb5prefix %{_prefix}/kerberos
+%global krb5prefix %{_prefix}/kerberos
# For consistency with regular login.
-%define login_pam_service remote
+%global login_pam_service remote
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7
-Release: 15%{?dist}
+Release: 17%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -81,13 +81,14 @@ Patch89: krb5-1.7-largefile.patch
Patch90: krb5-1.7-openssl-1.0.patch
Patch91: krb5-1.7-spnego-deleg.patch
Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
+Patch93: krb5-1.7-create_on_load.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, bison, flex, gawk
-%if 0%{?fedora} >= 12
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
BuildRequires: libcom_err-devel, libss-devel
%endif
BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
@@ -112,7 +113,7 @@ practice of cleartext passwords.
Summary: Development files needed to compile Kerberos 5 programs
Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}
-%if 0%{?fedora} >= 12
+%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
Requires: libcom_err-devel
%endif
Requires: keyutils-libs-devel, libselinux-devel
@@ -217,6 +218,19 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Wed Jan 6 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-17
+- put the conditional back for the -devel subpackage
+- back down to the earlier version of the patch for #551764; the backported
+ alternate version was incomplete
+
+* Tue Jan 5 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-16
+- use %%global instead of %%define
+- pull up proposed patch for creating previously-not-there lock files for
+ kdb databases when 'kdb5_util' is called to 'load' (#551764)
+
+* Mon Jan 4 2010 Dennis Gregorovic <dgregor at redhat.com>
+- fix conditional for future RHEL
+
* Mon Jan 4 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-15
- add upstream patch for KDC crash during referral processing (CVE-2009-3295),
via Tom Yu (#545002)
@@ -1526,6 +1540,7 @@ popd
%patch90 -p0 -b .openssl-1.0
%patch91 -p0 -b .spnego-deleg
%patch92 -p1 -b .2009-003
+%patch93 -p1 -b .create_on_load
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
- Previous message (by thread): rpms/nss_compat_ossl/F-12 .cvsignore, 1.8, 1.9 nss_compat_ossl.spec, 1.18, 1.19 sources, 1.8, 1.9 nss_compat_ossl-rootcert.patch, 1.1, NONE
- Next message (by thread): rpms/krb5/F-12 krb5-1.7-create_on_load.patch,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list