From 9cf5a63a52b7e54ae2c24b9ac3c94fb1cb1c1b51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Tue, 19 Feb 2019 11:44:17 +0100 Subject: [PATCH] - Fix FTBS due to Samba having removed talloc_strackframe.h and memory.h (#1678670) - Fix CA setup when fs.protected_regular=1 (#1677027) --- fedora-30-fs.protected_regular.patch | 22 ++++++++ ...ove-dep-on-talloc_strackframe-memory.patch | 52 +++++++++++++++++++ freeipa.spec | 9 +++- 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 fedora-30-fs.protected_regular.patch create mode 100644 fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch diff --git a/fedora-30-fs.protected_regular.patch b/fedora-30-fs.protected_regular.patch new file mode 100644 index 0000000..d79626a --- /dev/null +++ b/fedora-30-fs.protected_regular.patch @@ -0,0 +1,22 @@ +diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py +index 48479f30c..01c166a86 100644 +--- a/ipaserver/install/cainstance.py ++++ b/ipaserver/install/cainstance.py +@@ -483,7 +483,6 @@ class CAInstance(DogtagInstance): + (cfg_fd, cfg_file) = tempfile.mkstemp() + os.close(cfg_fd) + pent = pwd.getpwnam(self.service_user) +- os.chown(cfg_file, pent.pw_uid, pent.pw_gid) + + # Create CA configuration + config = RawConfigParser() +@@ -647,6 +646,9 @@ class CAInstance(DogtagInstance): + with open(cfg_file, "w") as f: + config.write(f) + ++ # Finally chown the config file (rhbz#1677027) ++ os.chown(cfg_file, pent.pw_uid, pent.pw_gid) ++ + self.backup_state('installed', True) + try: + DogtagInstance.spawn_instance( diff --git a/fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch b/fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch new file mode 100644 index 0000000..1b675ee --- /dev/null +++ b/fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch @@ -0,0 +1,52 @@ +diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c +index b1e0294e3..6eb63f1c6 100644 +--- a/daemons/ipa-sam/ipa_sam.c ++++ b/daemons/ipa-sam/ipa_sam.c +@@ -19,7 +19,6 @@ + #include + #include + #include +-#include + + #ifndef _SAMBA_UTIL_H_ + bool trim_string(char *s, const char *front, const char *back); +@@ -880,9 +879,13 @@ static bool ipasam_uid_to_sid(struct pdb_methods *methods, uid_t uid, + struct dom_sid *user_sid = NULL; + int rc; + enum idmap_error_code err; +- TALLOC_CTX *tmp_ctx = talloc_stackframe(); + struct unixid id; + ++ TALLOC_CTX *tmp_ctx = talloc_new(priv); ++ if (tmp_ctx == NULL) { ++ goto done; ++ } ++ + /* Fast fail if we get a request for uidNumber=0 because it currently + * will never exist in the directory + * Saves an expensive LDAP call of which failure will never be cached +@@ -967,9 +970,13 @@ static bool ipasam_gid_to_sid(struct pdb_methods *methods, gid_t gid, + size_t c; + int rc; + enum idmap_error_code err; +- TALLOC_CTX *tmp_ctx = talloc_stackframe(); + struct unixid id; + ++ TALLOC_CTX *tmp_ctx = talloc_new(priv); ++ if (tmp_ctx == NULL) { ++ goto done; ++ } ++ + filter = talloc_asprintf(tmp_ctx, + "(|(&(gidNumber=%u)" + "(objectClass=%s))" +@@ -3620,7 +3627,8 @@ static void ipasam_free_private_data(void **vp) + (*ipasam_state)->result = NULL; + } + if ((*ipasam_state)->domain_dn != NULL) { +- SAFE_FREE((*ipasam_state)->domain_dn); ++ free((*ipasam_state)->domain_dn); ++ (*ipasam_state)->domain_dn = NULL; + } + + *ipasam_state = NULL; diff --git a/freeipa.spec b/freeipa.spec index 46b1135..3527fe7 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -142,7 +142,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 4%{?dist} +Release: 5%{?dist} Summary: The Identity, Policy and Audit system License: GPLv3+ @@ -150,6 +150,8 @@ URL: http://www.freeipa.org/ Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc Patch0001: freeipa-git-master-build-fixes.patch +Patch0002: fedora-30-fs.protected_regular.patch +Patch0003: fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch # For the timestamp trick in patch application BuildRequires: diffstat @@ -1735,6 +1737,11 @@ fi %changelog +* Tue Feb 19 2019 François Cami - 4.7.2-5 +- Fix FTBS due to Samba having removed talloc_strackframe.h + and memory.h (#1678670) +- Fix CA setup when fs.protected_regular=1 (#1677027) + * Mon Feb 11 2019 Alexander Bokovoy - 4.7.2-4 - Disable python dependency generator in Rawhide as not all required packages support it yet - Require python-kdcproxy 0.4.1 or later on Rawhide