diff --git a/SOURCES/1000-Fix_race_condition.patch b/SOURCES/1000-Fix_race_condition.patch deleted file mode 100644 index ede0523..0000000 --- a/SOURCES/1000-Fix_race_condition.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 4dd6f0ef98a89f7066a4c07b5d5e2165108332de Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 3 Oct 2022 08:01:07 -0700 -Subject: [PATCH] Fix race condition - -Orabug: 33609767 - -Signed-off-by: Darren Archibald ---- - src/include/k5-int.h | 1 + - src/lib/krb5/os/changepw.c | 12 ++++++++++-- - 2 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index 46f2ce2..d59812b 100644 ---- a/src/include/k5-int.h -+++ b/src/include/k5-int.h -@@ -186,6 +186,7 @@ typedef unsigned char u_char; - #define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names" - #define KRB5_CONF_CANONICALIZE "canonicalize" - #define KRB5_CONF_CCACHE_TYPE "ccache_type" -+#define KRB5_CONF_CHANGE_PW_NO_UDP "change_pw_no_udp" - #define KRB5_CONF_CLOCKSKEW "clockskew" - #define KRB5_CONF_DATABASE_NAME "database_name" - #define KRB5_CONF_DB_MODULE_DIR "db_module_dir" -diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c -index c592325..c6429c0 100644 ---- a/src/lib/krb5/os/changepw.c -+++ b/src/lib/krb5/os/changepw.c -@@ -216,7 +216,8 @@ change_set_password(krb5_context context, - GETSOCKNAME_ARG3_TYPE addrlen; - krb5_error_code code = 0; - char *code_string; -- int local_result_code; -+ int local_result_code,tmp = 0; -+ k5_transport_strategy strategy = UDP_LAST; - - struct sendto_callback_context callback_ctx; - struct sendto_callback_info callback_info; -@@ -255,10 +256,17 @@ change_set_password(krb5_context context, - callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup; - krb5_free_data_contents(callback_ctx.context, &chpw_rep); - -+ code = profile_get_integer(context->profile, -+ KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CHANGE_PW_NO_UDP, 0, -+ 0, &tmp); -+ -+ if ((!code) && (tmp == 1)) -+ strategy = NO_UDP; -+ - /* UDP retransmits may be seen as replays. Only try UDP after other - * transports fail completely. */ - code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm, -- &sl, NO_UDP, &callback_info, &chpw_rep, -+ &sl, strategy, &callback_info, &chpw_rep, - ss2sa(&remote_addr), &addrlen, NULL, NULL, NULL); - if (code == KRB5_KDC_UNREACH) { - code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm, --- -2.27.0 - diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index 36ba4a7..1f38592 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -62,7 +62,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: %{krb5_version} -Release: %{krb5_release}.0.1%{?dist} +Release: %{krb5_release}%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz @@ -105,9 +105,6 @@ Patch19: 0019-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch Patch20: 0020-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch Patch21: 0021-Enable-PKINIT-if-at-least-one-group-is-available.patch -#Oracle Patches -Patch1000: 1000-Fix_race_condition.patch - License: MIT URL: https://web.mit.edu/kerberos/www/ BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed @@ -671,9 +668,6 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog -* Wed Jun 21 2023 EL Errata - 1.20.1-9.0.1 -- Fixed race condition in krb5_set_password() [Orabug: 33609767] - * Fri Jun 02 2023 Julien Rische - 1.20.1-9 - Do not disable PKINIT if some of the well-known DH groups are unavailable - Resolves: rhbz#2209715