[krb5/f15] - update to 1.9.2, incorporating the recent security update and some of the things we were previousl

Nalin Dahyabhai nalin at fedoraproject.org
Tue Nov 15 17:54:23 UTC 2011 

commit 70ead97bd4178d282b878f44227d5028ca9c6690
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Tue Nov 15 12:54:07 2011 -0500

    - update to 1.9.2, incorporating the recent security update and some of the things we were previously backporting, among other fixes

 krb5-1.9-MITKRB5-SA-2011-006.patch   |   75 ----------------------------------
 krb5-1.9-canonicalize-fallback.patch |   59 --------------------------
 krb5-1.9-crossrealm.patch            |   14 ------
 krb5-1.9-selinux-label.patch         |   22 ++++++++--
 krb5-trunk-gss_delete_sec.patch      |   27 ------------
 krb5-trunk-kadmin-oldproto.patch     |   39 -----------------
 krb5.spec                            |   18 +++-----
 sources                              |    6 +-
 8 files changed, 26 insertions(+), 234 deletions(-)
---
diff --git a/krb5-1.9-selinux-label.patch b/krb5-1.9-selinux-label.patch
index 03e58c4..950254b 100644
--- a/krb5-1.9-selinux-label.patch
+++ b/krb5-1.9-selinux-label.patch
@@ -501,7 +501,7 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s
 diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c
 --- krb5-1.8/src/util/support/selinux.c.selinux-label	2010-03-05 10:57:23.000000000 -0500
 +++ krb5-1.8/src/util/support/selinux.c	2010-03-05 10:57:23.000000000 -0500
-@@ -0,0 +1,362 @@
+@@ -0,0 +1,374 @@
 +/*
 + * Copyright 2007,2008,2009,2011 Red Hat, Inc.  All Rights Reserved.
 + *
@@ -725,16 +725,28 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
 +krb5int_push_fscreatecon_for(const char *pathname)
 +{
 +	struct stat st;
-+	if (stat(pathname, &st) != 0) {
-+		st.st_mode = S_IRUSR | S_IWUSR;
++	void *retval;
++	k5_once(&labeled_once, label_mutex_init);
++	if (k5_mutex_lock(&labeled_mutex) == 0) {
++		if (stat(pathname, &st) != 0) {
++			st.st_mode = S_IRUSR | S_IWUSR;
++		}
++		retval = push_fscreatecon(pathname, st.st_mode);
++		return retval ? retval : (void *) -1;
++	} else {
++		return NULL;
 +	}
-+	return push_fscreatecon(pathname, st.st_mode);
 +}
 +
 +void
 +krb5int_pop_fscreatecon(void *con)
 +{
-+	pop_fscreatecon(con);
++	if (con != NULL) {
++		if (con != (void *) -1) {
++			pop_fscreatecon(con);
++		}
++		k5_mutex_unlock(&labeled_mutex);
++	}
 +}
 +
 +FILE *
diff --git a/krb5.spec b/krb5.spec
index a83391b..5f09492 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -5,8 +5,8 @@
 
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.9.1
-Release: 14%{?dist}
+Version: 1.9.2
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -53,17 +53,12 @@ Patch75: krb5-pkinit-debug.patch
 Patch77: krb5-1.9-paren.patch
 Patch78: krb5-trunk-chpw-err.patch
 Patch79: krb5-klist_s.patch
-Patch80: krb5-trunk-kadmin-oldproto.patch
-Patch81: krb5-1.9-canonicalize-fallback.patch
 Patch82: krb5-1.9.1-ai_addrconfig.patch
 Patch83: krb5-1.9.1-ai_addrconfig2.patch
 Patch84: krb5-1.9.1-sendto_poll.patch
-Patch85: krb5-trunk-gss_delete_sec.patch
 Patch86: krb5-1.9-debuginfo.patch
 Patch87: krb5-1.9.1-sendto_poll2.patch
-Patch88: krb5-1.9-crossrealm.patch
 Patch89: krb5-1.9.1-sendto_poll3.patch
-Patch90: krb5-1.9-MITKRB5-SA-2011-006.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -210,17 +205,12 @@ ln -s NOTICE LICENSE
 %patch77 -p1 -b .paren
 %patch78 -p0 -b .chpw-err
 %patch79 -p1 -b .klist_s
-%patch80 -p0 -b .kadmin-oldproto
-%patch81 -p1 -b .canonicalize-fallback
 %patch82 -p0 -b .ai_addrconfig
 %patch83 -p0 -b .ai_addrconfig2
 %patch84 -p0 -b .sendto_poll
-%patch85 -p1 -b .gss_delete_sec
 %patch86 -p0 -b .debuginfo
 %patch87 -p1 -b .sendto_poll2
-%patch88 -p1 -b .crossrealm
 %patch89 -p1 -b .sendto_poll3
-%patch90 -p1 -b .2011-006
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -682,6 +672,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Wed Nov 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-1
+- update to 1.9.2, incorporating the recent security update and some of the
+  things we were previously backporting, among other fixes
+
 * Tue Oct 18 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-14
 - apply upstream patch to fix a null pointer dereference with the LDAP kdb
   backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb
diff --git a/sources b/sources
index 3dcb78d..9c9e46f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-88d7bbb869849cd0cce1af3165ac0cc6  krb5-1.9.1.tar.gz
-a0bd0c8ff1a2d7e41be77b80e713c319  krb5-1.9.1.tar.gz.asc
-9d214707c921ba0887f92fb5408d0370  krb5-1.9.1-pdf.tar.bz2
+178dc5707db4139cbdf34b324dfbafb2  krb5-1.9.2.tar.gz
+687aa6ae280e6bded82f8c81eb12928b  krb5-1.9.2.tar.gz.asc
+016f9f00cd2426eb0c83077aa47bfae2  krb5-1.9.2-pdf.tar.bz2

More information about the scm-commits mailing list