[krb5/f15] - update to 1.9.2, incorporating the recent security update and some of the things we were previousl
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Nov 15 17:54:23 UTC 2011
commit 70ead97bd4178d282b878f44227d5028ca9c6690
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Nov 15 12:54:07 2011 -0500
- update to 1.9.2, incorporating the recent security update and some of the things we were previously backporting, among other fixes
krb5-1.9-MITKRB5-SA-2011-006.patch | 75 ----------------------------------
krb5-1.9-canonicalize-fallback.patch | 59 --------------------------
krb5-1.9-crossrealm.patch | 14 ------
krb5-1.9-selinux-label.patch | 22 ++++++++--
krb5-trunk-gss_delete_sec.patch | 27 ------------
krb5-trunk-kadmin-oldproto.patch | 39 -----------------
krb5.spec | 18 +++-----
sources | 6 +-
8 files changed, 26 insertions(+), 234 deletions(-)
---
diff --git a/krb5-1.9-selinux-label.patch b/krb5-1.9-selinux-label.patch
index 03e58c4..950254b 100644
--- a/krb5-1.9-selinux-label.patch
+++ b/krb5-1.9-selinux-label.patch
@@ -501,7 +501,7 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s
diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c
--- krb5-1.8/src/util/support/selinux.c.selinux-label 2010-03-05 10:57:23.000000000 -0500
+++ krb5-1.8/src/util/support/selinux.c 2010-03-05 10:57:23.000000000 -0500
-@@ -0,0 +1,362 @@
+@@ -0,0 +1,374 @@
+/*
+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved.
+ *
@@ -725,16 +725,28 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
+krb5int_push_fscreatecon_for(const char *pathname)
+{
+ struct stat st;
-+ if (stat(pathname, &st) != 0) {
-+ st.st_mode = S_IRUSR | S_IWUSR;
++ void *retval;
++ k5_once(&labeled_once, label_mutex_init);
++ if (k5_mutex_lock(&labeled_mutex) == 0) {
++ if (stat(pathname, &st) != 0) {
++ st.st_mode = S_IRUSR | S_IWUSR;
++ }
++ retval = push_fscreatecon(pathname, st.st_mode);
++ return retval ? retval : (void *) -1;
++ } else {
++ return NULL;
+ }
-+ return push_fscreatecon(pathname, st.st_mode);
+}
+
+void
+krb5int_pop_fscreatecon(void *con)
+{
-+ pop_fscreatecon(con);
++ if (con != NULL) {
++ if (con != (void *) -1) {
++ pop_fscreatecon(con);
++ }
++ k5_mutex_unlock(&labeled_mutex);
++ }
+}
+
+FILE *
diff --git a/krb5.spec b/krb5.spec
index a83391b..5f09492 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -5,8 +5,8 @@
Summary: The Kerberos network authentication system
Name: krb5
-Version: 1.9.1
-Release: 14%{?dist}
+Version: 1.9.2
+Release: 1%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -53,17 +53,12 @@ Patch75: krb5-pkinit-debug.patch
Patch77: krb5-1.9-paren.patch
Patch78: krb5-trunk-chpw-err.patch
Patch79: krb5-klist_s.patch
-Patch80: krb5-trunk-kadmin-oldproto.patch
-Patch81: krb5-1.9-canonicalize-fallback.patch
Patch82: krb5-1.9.1-ai_addrconfig.patch
Patch83: krb5-1.9.1-ai_addrconfig2.patch
Patch84: krb5-1.9.1-sendto_poll.patch
-Patch85: krb5-trunk-gss_delete_sec.patch
Patch86: krb5-1.9-debuginfo.patch
Patch87: krb5-1.9.1-sendto_poll2.patch
-Patch88: krb5-1.9-crossrealm.patch
Patch89: krb5-1.9.1-sendto_poll3.patch
-Patch90: krb5-1.9-MITKRB5-SA-2011-006.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -210,17 +205,12 @@ ln -s NOTICE LICENSE
%patch77 -p1 -b .paren
%patch78 -p0 -b .chpw-err
%patch79 -p1 -b .klist_s
-%patch80 -p0 -b .kadmin-oldproto
-%patch81 -p1 -b .canonicalize-fallback
%patch82 -p0 -b .ai_addrconfig
%patch83 -p0 -b .ai_addrconfig2
%patch84 -p0 -b .sendto_poll
-%patch85 -p1 -b .gss_delete_sec
%patch86 -p0 -b .debuginfo
%patch87 -p1 -b .sendto_poll2
-%patch88 -p1 -b .crossrealm
%patch89 -p1 -b .sendto_poll3
-%patch90 -p1 -b .2011-006
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -682,6 +672,10 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Wed Nov 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-1
+- update to 1.9.2, incorporating the recent security update and some of the
+ things we were previously backporting, among other fixes
+
* Tue Oct 18 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-14
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb
diff --git a/sources b/sources
index 3dcb78d..9c9e46f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-88d7bbb869849cd0cce1af3165ac0cc6 krb5-1.9.1.tar.gz
-a0bd0c8ff1a2d7e41be77b80e713c319 krb5-1.9.1.tar.gz.asc
-9d214707c921ba0887f92fb5408d0370 krb5-1.9.1-pdf.tar.bz2
+178dc5707db4139cbdf34b324dfbafb2 krb5-1.9.2.tar.gz
+687aa6ae280e6bded82f8c81eb12928b krb5-1.9.2.tar.gz.asc
+016f9f00cd2426eb0c83077aa47bfae2 krb5-1.9.2-pdf.tar.bz2
More information about the scm-commits
mailing list