From 2b45410356d1241ee68d6ac7fc0e2f994110942b Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Wed, 25 Aug 2010 11:10:06 -0400
Subject: - adjust the last patch to apply properly to 1.7.1

---
 krb5-1.7.1-explife.patch | 28 ++++++++++++++++++++++++++++
 krb5-trunk-explife.patch | 28 ----------------------------
 krb5.spec                |  9 ++++++---
 3 files changed, 34 insertions(+), 31 deletions(-)
 create mode 100644 krb5-1.7.1-explife.patch
 delete mode 100644 krb5-trunk-explife.patch

diff --git a/krb5-1.7.1-explife.patch b/krb5-1.7.1-explife.patch
new file mode 100644
index 0000000..b6cf93d
--- /dev/null
+++ b/krb5-1.7.1-explife.patch
@@ -0,0 +1,28 @@
+Rob Crittenden noticed that, in populate_krb5_db_entry(), key
+expirations weren't being computed as expected.  It turns out
+that neither KDB_PRINC_EXPIRE_TIME_ATTR nor KDB_PWD_EXPIRE_TIME_ATTR
+is defined to 1, so the check for their bits could never succeed as
+written.  RT#6762.
+
+Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+===================================================================
+--- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c	(revision 24252)
++++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c	(working copy)
+@@ -2087,7 +2087,7 @@
+ 	    goto cleanup;
+ 
+ 	if (attr_present == TRUE) {
+-	    if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
++	    if (mask & KDB_PRINC_EXPIRE_TIME_ATTR) {
+ 		if (expiretime < entry->expiration)
+ 		    entry->expiration = expiretime;
+ 	    } else {
+@@ -2127,7 +2127,7 @@
+ 	    if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
+ 		goto cleanup;
+ 
+-	    if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
++	    if (mask & KDB_PWD_EXPIRE_TIME_ATTR) {
+ 		if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
+ 		    entry->pw_expiration = last_pw_changed + pw_max_life;
+ 	    } else
diff --git a/krb5-trunk-explife.patch b/krb5-trunk-explife.patch
deleted file mode 100644
index ddcf143..0000000
--- a/krb5-trunk-explife.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Rob Crittenden noticed that, in populate_krb5_db_entry(), key
-expirations weren't being computed as expected.  It turns out
-that neither KDB_PRINC_EXPIRE_TIME_ATTR nor KDB_PWD_EXPIRE_TIME_ATTR
-is defined to 1, so the check for their bits could never succeed as
-written.  RT#6762.
-
-Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-===================================================================
---- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c	(revision 24252)
-+++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c	(working copy)
-@@ -2087,7 +2087,7 @@
-             goto cleanup;
- 
-         if (attr_present == TRUE) {
--            if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
-+            if (mask & KDB_PRINC_EXPIRE_TIME_ATTR) {
-                 if (expiretime < entry->expiration)
-                     entry->expiration = expiretime;
-             } else {
-@@ -2127,7 +2127,7 @@
-             if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
-                 goto cleanup;
- 
--            if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
-+            if (mask & KDB_PWD_EXPIRE_TIME_ATTR) {
-                 if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
-                     entry->pw_expiration = last_pw_changed + pw_max_life;
-             } else
diff --git a/krb5.spec b/krb5.spec
index a36a3ca..7161bca 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -89,7 +89,7 @@ Patch100: 2010-002-1.7-patch.txt
 Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
 Patch102: krb5-CVE-2010-1321-1.7.1.patch
 Patch103: krb5-1.7.1-24139.patch
-Patch104: krb5-trunk-explife.patch
+Patch104: krb5-1.7.1-explife.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -228,6 +228,9 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Wed Aug 24 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-13
+- adjust the last patch to apply properly to 1.7.1
+
 * Wed Aug 24 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-12
 - bump release
 
@@ -1647,7 +1650,7 @@ popd
 %patch101 -p1 -b .2010-004
 %patch102 -p1 -b .CVE-2010-1321
 %patch103 -p1 -b .24139
-%patch104 -p1 -b .explife
+%patch104 -p0 -b .explife
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
-- 
cgit