- Fix FTBS due to Samba having removed

talloc_strackframe.h and memory.h (#1678670)
- Fix CA setup when fs.protected_regular=1 (#1677027)

fedora-30-fs.protected_regular.patch

@@ -0,0 +1,22 @@
+diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
+index 48479f30c..01c166a86 100644
+--- a/ipaserver/install/cainstance.py
++++ b/ipaserver/install/cainstance.py
+@@ -483,7 +483,6 @@ class CAInstance(DogtagInstance):
+         (cfg_fd, cfg_file) = tempfile.mkstemp()
+         os.close(cfg_fd)
+         pent = pwd.getpwnam(self.service_user)
+-        os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
+ 
+         # Create CA configuration
+         config = RawConfigParser()
+@@ -647,6 +646,9 @@ class CAInstance(DogtagInstance):
+         with open(cfg_file, "w") as f:
+             config.write(f)
+ 
++        # Finally chown the config file (rhbz#1677027)
++        os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
++
+         self.backup_state('installed', True)
+         try:
+             DogtagInstance.spawn_instance(

fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch

@@ -0,0 +1,52 @@
+diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
+index b1e0294e3..6eb63f1c6 100644
+--- a/daemons/ipa-sam/ipa_sam.c
++++ b/daemons/ipa-sam/ipa_sam.c
+@@ -19,7 +19,6 @@
+ #include <util/data_blob.h>
+ #include <util/time.h>
+ #include <util/debug.h>
+-#include <util/talloc_stack.h>
+ 
+ #ifndef _SAMBA_UTIL_H_
+ bool trim_string(char *s, const char *front, const char *back);
+@@ -880,9 +879,13 @@ static bool ipasam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
+ 	struct dom_sid *user_sid = NULL;
+ 	int rc;
+ 	enum idmap_error_code err;
+-	TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ 	struct unixid id;
+ 
++	TALLOC_CTX *tmp_ctx = talloc_new(priv);
++	if (tmp_ctx == NULL) {
++		goto done;
++	}
++
+ 	/* Fast fail if we get a request for uidNumber=0 because it currently
+ 	 * will never exist in the directory
+ 	 * Saves an expensive LDAP call of which failure will never be cached
+@@ -967,9 +970,13 @@ static bool ipasam_gid_to_sid(struct pdb_methods *methods, gid_t gid,
+ 	size_t c;
+ 	int rc;
+ 	enum idmap_error_code err;
+-	TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ 	struct unixid id;
+ 
++	TALLOC_CTX *tmp_ctx = talloc_new(priv);
++	if (tmp_ctx == NULL) {
++		goto done;
++	}
++
+ 	filter = talloc_asprintf(tmp_ctx,
+ 				 "(|(&(gidNumber=%u)"
+ 				     "(objectClass=%s))"
+@@ -3620,7 +3627,8 @@ static void ipasam_free_private_data(void **vp)
+ 		(*ipasam_state)->result = NULL;
+ 	}
+ 	if ((*ipasam_state)->domain_dn != NULL) {
+-		SAFE_FREE((*ipasam_state)->domain_dn);
++		free((*ipasam_state)->domain_dn);
++		(*ipasam_state)->domain_dn = NULL;
+ 	}
+ 
+ 	*ipasam_state = NULL;

freeipa.spec

@@ -142,7 +142,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPLv3+
@@ -150,6 +150,8 @@ URL:            http://www.freeipa.org/
 Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
 Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
 Patch0001:      freeipa-git-master-build-fixes.patch
+Patch0002:      fedora-30-fs.protected_regular.patch
+Patch0003:      fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch
 
 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@@ -1735,6 +1737,11 @@ fi
 
 
 %changelog
+* Tue Feb 19 2019 François Cami <fcami@redhat.com> - 4.7.2-5
+- Fix FTBS due to Samba having removed talloc_strackframe.h
+  and memory.h (#1678670)
+- Fix CA setup when fs.protected_regular=1 (#1677027)
+
 * Mon Feb 11 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-4
 - Disable python dependency generator in Rawhide as not all required packages support it yet
 - Require python-kdcproxy 0.4.1 or later on Rawhide