- update to 1.8.2

- drop patches for CVE-2010-1320, CVE-2010-1321
2010-06-10 22:21:43 +00:00 · 2010-06-10 22:21:43 +00:00 · e067cf87fe
commit e067cf87fe
parent 1313c14673
5 changed files with 13 additions and 49 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -39,3 +39,5 @@ krb5-1.8-pdf.tar.gz
 krb5-1.8.1.tar.gz
 krb5-1.8.1.tar.gz.asc
 krb5-1.8.1-pdf.tar.gz
+krb5-1.8.2.tar.gz.asc
+krb5-1.8.2-pdf.tar.gz
--- a/2010-004-patch.txt
+++ b/2010-004-patch.txt
@ -1,20 +0,0 @@
-diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
-index b2f0655..76ca94a 100644
--- a/src/kdc/do_tgs_req.c
-+++ b/src/kdc/do_tgs_req.c
-@@ -543,6 +543,7 @@ tgt_again:
-            to the caller */
-         ticket_reply = *(header_ticket);
-         enc_tkt_reply = *(header_ticket->enc_part2);
-+        enc_tkt_reply.authorization_data = NULL;
-         clear(enc_tkt_reply.flags, TKT_FLG_INVALID);
-     }
- 
-@@ -554,6 +555,7 @@ tgt_again:
-            to the caller */
-         ticket_reply = *(header_ticket);
-         enc_tkt_reply = *(header_ticket->enc_part2);
-+        enc_tkt_reply.authorization_data = NULL;
- 
-         old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime;
- 
--- a/2010-005-patch.txt
+++ b/2010-005-patch.txt
@ -1,18 +0,0 @@
-diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
-index ce3075f..6241055 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
-+++ b/src/lib/gssapi/krb5/accept_sec_context.c
-@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
-     }
- #endif
- 
-+    if (authdat->checksum == NULL) {
-+        /* missing checksum counts as "inappropriate type" */
-+        code = KRB5KRB_AP_ERR_INAPP_CKSUM;
-+        major_status = GSS_S_FAILURE;
-+        goto fail;
-+    }
-+
-     if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
-         /* Samba does not send 0x8003 GSS-API checksums */
-         krb5_boolean valid;
--- a/krb5.spec
+++ b/krb5.spec
@ -4,10 +4,10 @@

 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.8.1
-Release: 6%{?dist}
+Version: 1.8.2
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.1-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@ -45,8 +45,6 @@ Patch61: krb5-1.8-manpaths.patch
 Patch63: krb5-1.8-selinux-label.patch
 Patch70: krb5-trunk-kpasswd_tcp2.patch
 Patch71: krb5-1.8-dirsrv-accountlock.patch
-Patch72: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
-Patch73: http://web.mit.edu/kerberos/advisories/2010-005-patch.txt

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -182,8 +180,6 @@ ln -s NOTICE LICENSE
 %patch59 -p1 -b .kpasswd_tcp
 #%patch70 -p0 -b .kpasswd_tcp2
 %patch71 -p1 -b .dirsrv-accountlock
-%patch72 -p1 -b .2010-004
-%patch73 -p1 -b .2010-005
 gzip doc/*.ps

 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -217,7 +213,7 @@ doc/kadm5     api-server-design
 EOF

 # Fix the LDIF file.
-if test %{version} != 1.8.1 ; then
+if test %{version} != 1.8.2 ; then
 	# Hopefully this was fixed later.
 	exit 1
 fi
@ -625,6 +621,10 @@ exit 0
 %{_sbindir}/uuserver

 %changelog
+* Thu Jun 10 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-1
+- update to 1.8.2
+  - drop patches for CVE-2010-1320, CVE-2010-1321
+
 * Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com>
 - ksu: move session management calls to before we drop privileges, like
  su does (#596887), and don't skip the PAM account check for root or the
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-275409c607933d81db69922e68bfab2d  krb5-1.8.1.tar.gz
-787e4f86775bcfbb90ee8c6e7cb53fc9  krb5-1.8.1.tar.gz.asc
-afdfd2e81345e6cd978dd37d76c3b0a2  krb5-1.8.1-pdf.tar.gz
+ccba1279ff11200f7cefa903578c2f73  krb5-1.8.2.tar.gz
+3adcca83db07d0ff36def494cb9412df  krb5-1.8.2.tar.gz.asc
+2e22c362076db938d654031ea303aac3  krb5-1.8.2-pdf.tar.gz