From 136cc250876a3143864ab8d79ca6b414b4ccedd1 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Aug 15 2016 17:33:33 +0000 Subject: Turn OFD locks back on with glibc workaround Resolves: #1274922 --- diff --git a/krb5-1.14.4-ofd-lock-workaround.patch b/krb5-1.14.4-ofd-lock-workaround.patch new file mode 100644 index 0000000..3786afd --- /dev/null +++ b/krb5-1.14.4-ofd-lock-workaround.patch @@ -0,0 +1,73 @@ +From 65110210b75d38908cdd84cb202cf013ccf6ed0e Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Sun, 14 Aug 2016 12:08:16 -0400 +Subject: [PATCH] Work around glibc OFD lock bug on 32-bit Linux + +A bug in Gnu libc causes OFD locking to fail unpredictably on 32-bit +Linux, typically leading to deadlocks. Work around this bug by using +the fcntl64 system call and struct flock64. + +See also: https://sourceware.org/bugzilla/show_bug.cgi?id=20251 + +ticket: 8474 +target_version: 1.14-next +tags: pullup +--- + src/lib/krb5/os/lock_file.c | 26 ++++++++++++++++++++++++-- + 1 file changed, 24 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krb5/os/lock_file.c b/src/lib/krb5/os/lock_file.c +index a2f247c..2360c96 100644 +--- a/src/lib/krb5/os/lock_file.c ++++ b/src/lib/krb5/os/lock_file.c +@@ -43,7 +43,29 @@ + + #if defined(HAVE_FCNTL_H) && defined(F_SETLKW) && defined(F_RDLCK) + #define POSIX_FILE_LOCKS ++ ++/* ++ * Gnu libc bug 20251, currently unfixed, breaks OFD lock support on ++ * 32-bit platforms. Work around this bug by explicitly using the ++ * fcntl64 system call and struct flock64. ++ */ ++#if defined(__linux__) && __WORDSIZE == 32 ++#include ++#ifdef SYS_fcntl64 ++#define USE_FCNTL64 + #endif ++#endif ++#ifdef USE_FCNTL64 ++/* Use the fcntl64 system call and struct flock64. (Gnu libc does not ++ * define a fcntl64() function, so we must use syscall().) */ ++#define fcntl(fd, cmd, arg) syscall(SYS_fcntl64, fd, cmd, arg) ++typedef struct flock64 fcntl_lock_st; ++#else ++/* Use regular fcntl() and struct flock. */ ++typedef struct flock fcntl_lock_st; ++#endif ++ ++#endif /* defined(HAVE_FCNTL_H) && defined(F_SETLKW) && defined(F_RDLCK) */ + + #ifdef HAVE_FLOCK + #ifndef sysvimp +@@ -66,7 +88,7 @@ + * older kernel than we were built with. + */ + static int +-ofdlock(int fd, int cmd, struct flock *lock_arg) ++ofdlock(int fd, int cmd, fcntl_lock_st *lock_arg) + { + #ifdef F_OFD_SETLKW + int st, ofdcmd; +@@ -89,7 +111,7 @@ krb5_lock_file(krb5_context context, int fd, int mode) + krb5_error_code retval = 0; + #ifdef POSIX_FILE_LOCKS + int lock_cmd = F_SETLKW; +- struct flock lock_arg = { 0 }; ++ fcntl_lock_st lock_arg = { 0 }; + #endif + + switch (mode & ~KRB5_LOCKMODE_DONTBLOCK) { +-- +2.8.1 + diff --git a/krb5.spec b/krb5.spec index 440c059..6abb731 100644 --- a/krb5.spec +++ b/krb5.spec @@ -13,7 +13,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.14.3 -Release: 4%{?dist} +Release: 5%{?dist} # - Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar # - The sources below are stored in a lookaside cache. Upload with @@ -56,7 +56,7 @@ Patch71: krb5-1.13-dirsrv-accountlock.patch Patch86: krb5-1.9-debuginfo.patch Patch129: krb5-1.11-run_user_0.patch Patch134: krb5-1.11-kpasswdtest.patch -Patch148: krb5-disable_ofd_locks.patch +Patch148: krb5-1.14.4-ofd-lock-workaround.patch Patch150: krb5-acquire_cred_interposer.patch Patch153: krb5-1.14.1-log_file_permissions.patch @@ -264,7 +264,7 @@ ln NOTICE LICENSE %patch134 -p1 -b .kpasswdtest -%patch148 -p1 -b .disable_ofd_locks +%patch148 -p1 -b .ofd-lock-workaround %patch150 -p1 -b .fix_interposer %patch153 -p1 -b .log_file_permissions @@ -742,6 +742,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Mon Aug 15 2016 Robbie Harwood - 1.14.3-5 +- Turn OFD locks back on with glibc workaround +- Resolves: #1274922 + * Wed Aug 10 2016 Robbie Harwood - 1.14.3-4 - Fix use of KKDCPP with SNI - Resolves: #1365027