rpms
/
krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Revert OL modifications

This commit is contained in:
Andrew Lukoshko 2023-06-22 15:22:06 +00:00
parent 1529e89a5f
commit 14a14fc29a
2 changed files with 1 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
SOURCES/1000-Fix_race_condition.patch
View File

@ -1,61 +0,0 @@
From 4dd6f0ef98a89f7066a4c07b5d5e2165108332de Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 3 Oct 2022 08:01:07 -0700
Subject: [PATCH] Fix race condition
Orabug: 33609767
Signed-off-by: Darren Archibald <darren.archibald@oracle.com>
---
src/include/k5-int.h | 1 +
src/lib/krb5/os/changepw.c | 12 ++++++++++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 46f2ce2..d59812b 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -186,6 +186,7 @@ typedef unsigned char u_char;
#define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names"
#define KRB5_CONF_CANONICALIZE "canonicalize"
#define KRB5_CONF_CCACHE_TYPE "ccache_type"
+#define KRB5_CONF_CHANGE_PW_NO_UDP "change_pw_no_udp"
#define KRB5_CONF_CLOCKSKEW "clockskew"
#define KRB5_CONF_DATABASE_NAME "database_name"
#define KRB5_CONF_DB_MODULE_DIR "db_module_dir"
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index c592325..c6429c0 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -216,7 +216,8 @@ change_set_password(krb5_context context,
GETSOCKNAME_ARG3_TYPE addrlen;
krb5_error_code code = 0;
char *code_string;
- int local_result_code;
+ int local_result_code,tmp = 0;
+ k5_transport_strategy strategy = UDP_LAST;
struct sendto_callback_context callback_ctx;
struct sendto_callback_info callback_info;
@@ -255,10 +256,17 @@ change_set_password(krb5_context context,
callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
krb5_free_data_contents(callback_ctx.context, &chpw_rep);
+ code = profile_get_integer(context->profile,
+ KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CHANGE_PW_NO_UDP, 0,
+ 0, &tmp);
+
+ if ((!code) && (tmp == 1))
+ strategy = NO_UDP;
+
/* UDP retransmits may be seen as replays. Only try UDP after other
* transports fail completely. */
code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm,
- &sl, NO_UDP, &callback_info, &chpw_rep,
+ &sl, strategy, &callback_info, &chpw_rep,
ss2sa(&remote_addr), &addrlen, NULL, NULL, NULL);
if (code == KRB5_KDC_UNREACH) {
code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm,
--
2.27.0

8
SPECS/krb5.spec
View File

@ -62,7 +62,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: %{krb5_version}
Release: %{krb5_release}.0.1%{?dist}
Release: %{krb5_release}%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
@ -105,9 +105,6 @@ Patch19: 0019-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch
Patch20: 0020-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
Patch21: 0021-Enable-PKINIT-if-at-least-one-group-is-available.patch
#Oracle Patches
Patch1000: 1000-Fix_race_condition.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
@ -671,9 +668,6 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Wed Jun 21 2023 EL Errata <el-errata_ww@oracle.com> - 1.20.1-9.0.1
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
* Fri Jun 02 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
- Do not disable PKINIT if some of the well-known DH groups are unavailable
- Resolves: rhbz#2209715