diff --git a/Do-not-reload-a-modified-profile-data-object.patch b/Do-not-reload-a-modified-profile-data-object.patch new file mode 100644 index 0000000000000000000000000000000000000000..d1a2172609a27c19eb597486f478185bcb3a39fa --- /dev/null +++ b/Do-not-reload-a-modified-profile-data-object.patch @@ -0,0 +1,51 @@ +From 9b2fb80ad24006784170875709a04dc79e03b401 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 16 Apr 2024 02:14:29 -0400 +Subject: [PATCH] Do not reload a modified profile data object + +The profile library normally attempts to reload a profile data tree if +the backing file has changed. Reloading a dirty profile object +discards any modifications made by the caller. If we assume that the +modifications are destined to be flushed back out to the backing file, +then there is no good answer--one or the other set of changes will be +lost. But the caller may have a different intended use for the +modified tree (profile_flush_to_file(), profile_flush_to_buffer(), +krb5_init_context_profile()), for which the caller's modifications may +be critical. Avoid discarding in-memory edits to ensure the +correctness of these use cases. + +ticket: 9118 + +--- + src/util/profile/prof_file.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c +index 79f9500..c051f14 100644 +--- a/src/util/profile/prof_file.c ++++ b/src/util/profile/prof_file.c +@@ -274,8 +274,13 @@ errcode_t profile_update_file_data_locked(prf_data_t data, char **ret_modspec) + FILE *f; + int isdir = 0; + ++ /* Don't reload if the backing file isn't a regular file. */ + if ((data->flags & PROFILE_FILE_NO_RELOAD) && data->root != NULL) + return 0; ++ /* Don't reload a modified data object, as the modifications may be ++ * important for this object's use. */ ++ if (data->flags & PROFILE_FILE_DIRTY) ++ return 0; + + #ifdef HAVE_STAT + now = time(0); +@@ -331,7 +336,6 @@ errcode_t profile_update_file_data_locked(prf_data_t data, char **ret_modspec) + } + + data->upd_serial++; +- data->flags &= ~PROFILE_FILE_DIRTY; + + if (isdir) { + retval = profile_process_directory(data->filespec, &data->root); +-- +2.27.0 + diff --git a/krb5.spec b/krb5.spec index 45c50d89251bc78bd3d949bef8e00795044fc9d8..140d543a1c6218e431a014de20bd7546a88b045c 100644 --- a/krb5.spec +++ b/krb5.spec @@ -3,7 +3,7 @@ Name: krb5 Version: 1.21.2 -Release: 1 +Release: 2 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -27,6 +27,7 @@ Patch3: netlib-and-dns.patch Patch4: fix-debuginfo-with-y.tab.c.patch Patch5: Remove-3des-support.patch Patch6: Fix-krb5_cccol_have_content-bad-pointer-free.patch +Patch7: Do-not-reload-a-modified-profile-data-object.patch BuildRequires: gettext BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc @@ -325,6 +326,9 @@ make -C src check || : %{_mandir}/man8/* %changelog +* Tue Apr 30 2024 yanshuai - 1.21.2-2 +- Do not reload a modified profile data object + * Tue Jan 2 2024 xuraoqing - 1.21.2-1 - update to 1.21.2