Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-10-05 20:27:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "krb5" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2014-09-28 19:56:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-10-05 20:27:21.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com + +- Work around replay cache creation race; (bnc#898439). + krb5-1.13-work-around-replay-cache-creation-race.patch + +------------------------------------------------------------------- New: ---- krb5-1.13-work-around-replay-cache-creation-race.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.5WykFm/_old 2014-10-05 20:27:23.000000000 +0200 +++ /var/tmp/diff_new_pack.5WykFm/_new 2014-10-05 20:27:23.000000000 +0200 @@ -84,6 +84,7 @@ Patch14: krb5-kvno-230379.patch Patch20: krb5-1.12-doxygen.patch Patch21: bnc#897874-CVE-2014-5351.diff +Patch22: krb5-1.13-work-around-replay-cache-creation-race.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -205,6 +206,7 @@ %patch14 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %build # needs to be re-generated ++++++ krb5-1.13-work-around-replay-cache-creation-race.patch ++++++
From 99e08376c14240e2141c6fa9289fafab8245c754 Mon Sep 17 00:00:00 2001 From: Greg Hudson
Date: Wed, 17 Sep 2014 10:45:28 -0400 Subject: [PATCH] Work around replay cache creation race
If two processes try to initialize the same replay cache at the same time, krb5_rc_io_creat can race between unlink and open, leading to a KRB5_RC_IO_PERM error. When this happens, make the losing process retry so that it can continue. This does not solve the replay cache creation race, nor is that the only replay cache race issue. It simply prevents the race from causing a spurious failure. (cherry picked from commit c61e8c0c6ad5fda8d23dd896c4aed0ac5b470020) ticket: 3498 version_fixed: 1.13 status: resolved --- src/lib/krb5/rcache/rc_io.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 7e3b7e9..b9859fe 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -158,7 +158,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) { krb5_int16 rc_vno = htons(KRB5_RC_VNO); krb5_error_code retval = 0; - int do_not_unlink = 0; + int flags, do_not_unlink = 0; char *dir; size_t dirlen; @@ -166,9 +166,13 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) if (fn && *fn) { if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0) return KRB5_RC_IO_MALLOC; - unlink(d->fn); - d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | - O_BINARY, 0600); + d->fd = -1; + do { + if (unlink(d->fn) == -1 && errno != ENOENT) + break; + flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY; + d->fd = THREEPARAMOPEN(d->fn, flags, 0600); + } while (d->fd == -1 && errno == EEXIST); } else { retval = krb5_rc_io_mkstemp(context, d, dir); if (retval) -- 1.8.4.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org