From ddde7d0f6e9d32b1107b40fc85210a45c3844fad Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Tue, 1 Apr 2008 20:53:54 +0000
Subject: [PATCH] - libgssapi_krb5: properly export the acceptor subkey when
 creating a lucid     context (Kevin Coffman, via the nfs4 mailing list)

---
 krb5-1.6.3-lucid-acceptor.patch | 13 +++++++++++++
 krb5.spec                       |  6 ++++++
 2 files changed, 19 insertions(+)
 create mode 100644 krb5-1.6.3-lucid-acceptor.patch

diff --git a/krb5-1.6.3-lucid-acceptor.patch b/krb5-1.6.3-lucid-acceptor.patch
new file mode 100644
index 0000000..2dec700
--- /dev/null
+++ b/krb5-1.6.3-lucid-acceptor.patch
@@ -0,0 +1,13 @@
+From Kevin Coffman, via the nfs4 mailing list.
+diff -up src/lib/gssapi/krb5/lucid_context.c ./src/lib/gssapi/krb5/lucid_context.c
+--- src/lib/gssapi/krb5/lucid_context.c	2008-04-01 16:28:11.000000000 -0400
++++ src/lib/gssapi/krb5/lucid_context.c	2008-04-01 16:28:01.000000000 -0400
+@@ -231,7 +231,7 @@ make_external_lucid_ctx_v1(
+ 	    				&lctx->cfx_kd.ctx_key)))
+ 	    goto error_out;
+ 	if (gctx->have_acceptor_subkey) {
+-	    if ((retval = copy_keyblock_to_lucid_key(gctx->enc,
++	    if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey,
+ 	    				&lctx->cfx_kd.acceptor_subkey)))
+ 		goto error_out;
+ 	    lctx->cfx_kd.have_acceptor_subkey = 1;
diff --git a/krb5.spec b/krb5.spec
index 8179a24..a053697 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -100,6 +100,7 @@ Patch74: krb5-CVE-2008-0062,0063.patch
 Patch75: krb5-CVE-2008-0947.patch
 Patch76: krb5-CVE-2007-5901.patch
 Patch77: krb5-CVE-2007-5971.patch
+Patch78: krb5-1.6.3-lucid-acceptor.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -230,6 +231,10 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Tue Apr  1 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-11
+- libgssapi_krb5: properly export the acceptor subkey when creating a lucid
+  context (Kevin Coffman, via the nfs4 mailing list)
+
 * Tue Mar 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-10
 - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
   when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
@@ -1349,6 +1354,7 @@ popd
 %patch75 -p0 -b .2008-0947
 %patch76 -p0 -b .2007-5901
 %patch77 -p0 -b .2007-5971
+%patch78 -p0 -b .lucid_acceptor
 cp src/krb524/README README.krb524
 gzip doc/*.ps