- update to 1.10.3, rolling in MITKRB5-SA-2012-001
This commit is contained in:
parent
5d6308abab
commit
81ca63cffc
3
.gitignore
vendored
3
.gitignore
vendored
@ -72,3 +72,6 @@ krb5-1.8.3-pdf.tar.gz
|
|||||||
/krb5-1.10.2.tar.gz
|
/krb5-1.10.2.tar.gz
|
||||||
/krb5-1.10.2.tar.gz.asc
|
/krb5-1.10.2.tar.gz.asc
|
||||||
/krb5-1.10.2-pdf.tar.xz
|
/krb5-1.10.2-pdf.tar.xz
|
||||||
|
/krb5-1.10.3.tar.gz
|
||||||
|
/krb5-1.10.3.tar.gz.asc
|
||||||
|
/krb5-1.10.3-pdf.tar.xz
|
||||||
|
@ -1,61 +0,0 @@
|
|||||||
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
|
|
||||||
index 23623fe..8ada9d0 100644
|
|
||||||
--- a/src/kdc/do_as_req.c
|
|
||||||
+++ b/src/kdc/do_as_req.c
|
|
||||||
@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
|
|
||||||
krb5_enctype useenctype;
|
|
||||||
struct as_req_state *state;
|
|
||||||
|
|
||||||
- state = malloc(sizeof(*state));
|
|
||||||
+ state = calloc(sizeof(*state), 1);
|
|
||||||
if (!state) {
|
|
||||||
(*respond)(arg, ENOMEM, NULL);
|
|
||||||
return;
|
|
||||||
@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
|
|
||||||
state->authtime = 0;
|
|
||||||
state->c_flags = 0;
|
|
||||||
state->req_pkt = req_pkt;
|
|
||||||
+ state->inner_body = NULL;
|
|
||||||
state->rstate = NULL;
|
|
||||||
state->sname = 0;
|
|
||||||
state->cname = 0;
|
|
||||||
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
|
|
||||||
index 9d8cb34..d4ece3f 100644
|
|
||||||
--- a/src/kdc/kdc_preauth.c
|
|
||||||
+++ b/src/kdc/kdc_preauth.c
|
|
||||||
@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
|
|
||||||
continue;
|
|
||||||
|
|
||||||
}
|
|
||||||
- if (request_contains_enctype(context, request, db_etype)) {
|
|
||||||
+ if (krb5_is_permitted_enctype(context, db_etype) &&
|
|
||||||
+ request_contains_enctype(context, request, db_etype)) {
|
|
||||||
retval = _make_etype_info_entry(context, client->princ,
|
|
||||||
client_key, db_etype,
|
|
||||||
&entry[i], etype_info2);
|
|
||||||
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
|
|
||||||
index a43b291..94dad3a 100644
|
|
||||||
--- a/src/kdc/kdc_util.c
|
|
||||||
+++ b/src/kdc/kdc_util.c
|
|
||||||
@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
|
|
||||||
return 0;
|
|
||||||
pa.magic = KV5M_PA_DATA;
|
|
||||||
pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
|
|
||||||
+ memset(&checksum, 0, sizeof(checksum));
|
|
||||||
retval = krb5_c_make_checksum(kdc_context,0, reply_key,
|
|
||||||
KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
|
|
||||||
if (retval != 0)
|
|
||||||
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
|
|
||||||
index c4bf92e..367c894 100644
|
|
||||||
--- a/src/lib/kdb/kdb_default.c
|
|
||||||
+++ b/src/lib/kdb/kdb_default.c
|
|
||||||
@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
|
|
||||||
krb5_boolean saw_non_permitted = FALSE;
|
|
||||||
|
|
||||||
ret = 0;
|
|
||||||
+ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
|
|
||||||
+ return KRB5_KDB_NO_PERMITTED_KEY;
|
|
||||||
+
|
|
||||||
if (kvno == -1 && stype == -1 && ktype == -1)
|
|
||||||
kvno = 0;
|
|
||||||
|
|
11
krb5.spec
11
krb5.spec
@ -19,10 +19,10 @@
|
|||||||
|
|
||||||
Summary: The Kerberos network authentication system
|
Summary: The Kerberos network authentication system
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.10.2
|
Version: 1.10.3
|
||||||
Release: 7%{?dist}
|
Release: 1%{?dist}
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.3-signed.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
Source1: krb5-%{version}.tar.gz.asc
|
Source1: krb5-%{version}.tar.gz.asc
|
||||||
Source2: kprop.service
|
Source2: kprop.service
|
||||||
@ -69,7 +69,6 @@ Patch103: krb5-1.10-gcc47.patch
|
|||||||
Patch105: krb5-kvno-230379.patch
|
Patch105: krb5-kvno-230379.patch
|
||||||
Patch106: krb5-1.10.2-keytab-etype.patch
|
Patch106: krb5-1.10.2-keytab-etype.patch
|
||||||
Patch107: krb5-trunk-pkinit-anchorsign.patch
|
Patch107: krb5-trunk-pkinit-anchorsign.patch
|
||||||
Patch108: http://web.mit.edu/kerberos/advisories/2012-001-patch.txt
|
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://web.mit.edu/kerberos/www/
|
URL: http://web.mit.edu/kerberos/www/
|
||||||
@ -248,7 +247,6 @@ ln -s NOTICE LICENSE
|
|||||||
%patch105 -p1 -b .kvno
|
%patch105 -p1 -b .kvno
|
||||||
%patch106 -p1 -b .keytab-etype
|
%patch106 -p1 -b .keytab-etype
|
||||||
%patch107 -p1 -b .pkinit-anchorsign
|
%patch107 -p1 -b .pkinit-anchorsign
|
||||||
%patch108 -p1 -b .2012-001
|
|
||||||
rm src/lib/krb5/krb/deltat.c
|
rm src/lib/krb5/krb/deltat.c
|
||||||
|
|
||||||
gzip doc/*.ps
|
gzip doc/*.ps
|
||||||
@ -768,6 +766,9 @@ exit 0
|
|||||||
%{_sbindir}/uuserver
|
%{_sbindir}/uuserver
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 9 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.3-1
|
||||||
|
- update to 1.10.3, rolling in the fixes from MITKRB5-SA-2012-001
|
||||||
|
|
||||||
* Thu Aug 2 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-7
|
* Thu Aug 2 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-7
|
||||||
- selinux: hang on to the list of selinux contexts, freeing and reloading
|
- selinux: hang on to the list of selinux contexts, freeing and reloading
|
||||||
it only when the file we read it from is modified, freeing it when the
|
it only when the file we read it from is modified, freeing it when the
|
||||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
73c89ed430f92df7d10c49167eec889b krb5-1.10.2.tar.gz
|
c6b949ce23768b4b8533b33c3343b1d1 krb5-1.10.3.tar.gz
|
||||||
53994fb4ccbeaf6d017d657942093502 krb5-1.10.2.tar.gz.asc
|
4862ae1729ec2b762de0ae47a4db1240 krb5-1.10.3.tar.gz.asc
|
||||||
ddebe423b4d60fe957ab7c22dbc8a7ea krb5-1.10.2-pdf.tar.xz
|
1756846900b598ed4544d22491952f41 krb5-1.10.3-pdf.tar.xz
|
||||||
|
Loading…
Reference in New Issue
Block a user