diff --git a/krb5-1.10.2-selinux-label.patch b/krb5-1.10.2-selinux-label.patch index 565c04f..978167b 100644 --- a/krb5-1.10.2-selinux-label.patch +++ b/krb5-1.10.2-selinux-label.patch @@ -465,7 +465,7 @@ which we used earlier, is some improvement. --- krb5/src/util/support/selinux.c +++ krb5/src/util/support/selinux.c -@@ -0,0 +1,402 @@ +@@ -0,0 +1,405 @@ +/* + * Copyright 2007,2008,2009,2011,2012 Red Hat, Inc. All Rights Reserved. + * @@ -597,7 +597,8 @@ which we used earlier, is some improvement. +#endif + configuredsc = NULL; +#ifdef HAVE_SELINUX_LABEL_H -+ if (selabel_ctx != NULL) { ++ if ((selabel_ctx != NULL) || ++ (selabel_last_changed == 0)) { + const char *cpath; + struct stat st; + int i = -1; @@ -605,8 +606,10 @@ which we used earlier, is some improvement. + if ((cpath == NULL) || + ((i = stat(cpath, &st)) != 0) || + (st.st_mtime != selabel_last_changed)) { -+ selabel_close(selabel_ctx); -+ selabel_ctx = NULL; ++ if (selabel_ctx != NULL) { ++ selabel_close(selabel_ctx); ++ selabel_ctx = NULL; ++ } + selabel_last_changed = i ? + time(NULL) : + st.st_mtime; diff --git a/krb5.spec b/krb5.spec index 812cd1f..da04192 100644 --- a/krb5.spec +++ b/krb5.spec @@ -29,7 +29,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.10.3 -Release: 3%{?dist} +Release: 4%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.3-signed.tar Source0: krb5-%{version}.tar.gz @@ -839,6 +839,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Thu Sep 6 2012 Nalin Dahyabhai 1.10.3-4 +- cut down the number of times we load SELinux labeling configuration from + a minimum of two times to actually one (more of #845125) + * Thu Aug 30 2012 Nalin Dahyabhai 1.10.3-3 - backport patch to disable replay detection in krb5_verify_init_creds() while reading the AP-REQ that's generated in the same function (RT#7229)