From d859fd05565f48d18afd03324ec44aca2e6944db Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Fri, 18 Aug 2006 16:50:54 +0000 Subject: [PATCH] - switch to the updated patch for MITKRB-SA-2006-001 --- 2006-001-patch_1.5.txt | 27 +++++++++++++-------------- krb5.spec | 5 ++++- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/2006-001-patch_1.5.txt b/2006-001-patch_1.5.txt index cc7dca8..cc47dec 100644 --- a/2006-001-patch_1.5.txt +++ b/2006-001-patch_1.5.txt @@ -1,6 +1,6 @@ Index: appl/gssftp/ftpd/ftpd.c =================================================================== -*** appl/gssftp/ftpd/ftpd.c (revision 18419) +*** appl/gssftp/ftpd/ftpd.c (revision 18440) --- appl/gssftp/ftpd/ftpd.c (working copy) *************** *** 1367,1373 **** @@ -61,7 +61,7 @@ Index: appl/gssftp/ftpd/ftpd.c goto pasv_error; Index: appl/bsd/v4rcp.c =================================================================== -*** appl/bsd/v4rcp.c (revision 18419) +*** appl/bsd/v4rcp.c (revision 18440) --- appl/bsd/v4rcp.c (working copy) *************** *** 436,442 **** @@ -105,7 +105,7 @@ Index: appl/bsd/v4rcp.c Index: appl/bsd/krcp.c =================================================================== -*** appl/bsd/krcp.c (revision 18419) +*** appl/bsd/krcp.c (revision 18440) --- appl/bsd/krcp.c (working copy) *************** *** 620,626 **** @@ -159,7 +159,7 @@ Index: appl/bsd/krcp.c } Index: appl/bsd/login.c =================================================================== -*** appl/bsd/login.c (revision 18419) +*** appl/bsd/login.c (revision 18440) --- appl/bsd/login.c (working copy) *************** *** 1648,1654 **** @@ -183,7 +183,7 @@ Index: appl/bsd/login.c /* This call MUST succeed */ Index: appl/bsd/krshd.c =================================================================== -*** appl/bsd/krshd.c (revision 18419) +*** appl/bsd/krshd.c (revision 18440) --- appl/bsd/krshd.c (working copy) *************** *** 1403,1411 **** @@ -214,26 +214,25 @@ Index: appl/bsd/krshd.c char **findtz = environ; Index: clients/ksu/main.c =================================================================== -*** clients/ksu/main.c (revision 18419) +*** clients/ksu/main.c (revision 18440) --- clients/ksu/main.c (working copy) *************** -*** 892,900 **** - const char * cc_name; +*** 893,900 **** struct stat st_temp; -! krb5_seteuid(0); + krb5_seteuid(0); ! krb5_seteuid(target_uid); ! cc_name = krb5_cc_get_name(context, cc); if ( ! stat(cc_name, &st_temp)){ if ((retval = krb5_cc_destroy(context, cc))){ ---- 892,903 ---- - const char * cc_name; +--- 893,904 ---- struct stat st_temp; -! if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) { + krb5_seteuid(0); +! if (krb5_seteuid(target_uid) < 0) { ! com_err(prog_name, errno, -! "while returning to source uid for destroying ccache"); +! "while changing to target uid for destroying ccache"); ! exit(1); ! } ! @@ -242,7 +241,7 @@ Index: clients/ksu/main.c if ((retval = krb5_cc_destroy(context, cc))){ Index: lib/krb4/kuserok.c =================================================================== -*** lib/krb4/kuserok.c (revision 18419) +*** lib/krb4/kuserok.c (revision 18440) --- lib/krb4/kuserok.c (working copy) *************** *** 159,167 **** diff --git a/krb5.spec b/krb5.spec index 4cc7c3a..90b7911 100644 --- a/krb5.spec +++ b/krb5.spec @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.5 -Release: 5 +Release: 6 # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar Source0: krb5-%{version}.tar.gz @@ -132,6 +132,9 @@ network uses Kerberos, this package should be installed on every workstation. %changelog +* Fri Aug 18 2006 Nalin Dahyabhai - 1.5-6 +- switch to the updated patch for MITKRB-SA-2006-001 + * Tue Aug 8 2006 Nalin Dahyabhai - 1.5-5 - apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)