- update to 1.8.2
- drop patches for CVE-2010-1320, CVE-2010-1321
This commit is contained in:
parent
1313c14673
commit
e067cf87fe
@ -39,3 +39,5 @@ krb5-1.8-pdf.tar.gz
|
||||
krb5-1.8.1.tar.gz
|
||||
krb5-1.8.1.tar.gz.asc
|
||||
krb5-1.8.1-pdf.tar.gz
|
||||
krb5-1.8.2.tar.gz.asc
|
||||
krb5-1.8.2-pdf.tar.gz
|
||||
|
@ -1,20 +0,0 @@
|
||||
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
|
||||
index b2f0655..76ca94a 100644
|
||||
--- a/src/kdc/do_tgs_req.c
|
||||
+++ b/src/kdc/do_tgs_req.c
|
||||
@@ -543,6 +543,7 @@ tgt_again:
|
||||
to the caller */
|
||||
ticket_reply = *(header_ticket);
|
||||
enc_tkt_reply = *(header_ticket->enc_part2);
|
||||
+ enc_tkt_reply.authorization_data = NULL;
|
||||
clear(enc_tkt_reply.flags, TKT_FLG_INVALID);
|
||||
}
|
||||
|
||||
@@ -554,6 +555,7 @@ tgt_again:
|
||||
to the caller */
|
||||
ticket_reply = *(header_ticket);
|
||||
enc_tkt_reply = *(header_ticket->enc_part2);
|
||||
+ enc_tkt_reply.authorization_data = NULL;
|
||||
|
||||
old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime;
|
||||
|
@ -1,18 +0,0 @@
|
||||
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
|
||||
index ce3075f..6241055 100644
|
||||
--- a/src/lib/gssapi/krb5/accept_sec_context.c
|
||||
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
|
||||
@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
|
||||
}
|
||||
#endif
|
||||
|
||||
+ if (authdat->checksum == NULL) {
|
||||
+ /* missing checksum counts as "inappropriate type" */
|
||||
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
||||
+ major_status = GSS_S_FAILURE;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
|
||||
/* Samba does not send 0x8003 GSS-API checksums */
|
||||
krb5_boolean valid;
|
16
krb5.spec
16
krb5.spec
@ -4,10 +4,10 @@
|
||||
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.8.1
|
||||
Release: 6%{?dist}
|
||||
Version: 1.8.2
|
||||
Release: 1%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.1-signed.tar
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
Source1: krb5-%{version}.tar.gz.asc
|
||||
Source2: kpropd.init
|
||||
@ -45,8 +45,6 @@ Patch61: krb5-1.8-manpaths.patch
|
||||
Patch63: krb5-1.8-selinux-label.patch
|
||||
Patch70: krb5-trunk-kpasswd_tcp2.patch
|
||||
Patch71: krb5-1.8-dirsrv-accountlock.patch
|
||||
Patch72: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
|
||||
Patch73: http://web.mit.edu/kerberos/advisories/2010-005-patch.txt
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -182,8 +180,6 @@ ln -s NOTICE LICENSE
|
||||
%patch59 -p1 -b .kpasswd_tcp
|
||||
#%patch70 -p0 -b .kpasswd_tcp2
|
||||
%patch71 -p1 -b .dirsrv-accountlock
|
||||
%patch72 -p1 -b .2010-004
|
||||
%patch73 -p1 -b .2010-005
|
||||
gzip doc/*.ps
|
||||
|
||||
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
|
||||
@ -217,7 +213,7 @@ doc/kadm5 api-server-design
|
||||
EOF
|
||||
|
||||
# Fix the LDIF file.
|
||||
if test %{version} != 1.8.1 ; then
|
||||
if test %{version} != 1.8.2 ; then
|
||||
# Hopefully this was fixed later.
|
||||
exit 1
|
||||
fi
|
||||
@ -625,6 +621,10 @@ exit 0
|
||||
%{_sbindir}/uuserver
|
||||
|
||||
%changelog
|
||||
* Thu Jun 10 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-1
|
||||
- update to 1.8.2
|
||||
- drop patches for CVE-2010-1320, CVE-2010-1321
|
||||
|
||||
* Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- ksu: move session management calls to before we drop privileges, like
|
||||
su does (#596887), and don't skip the PAM account check for root or the
|
||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
275409c607933d81db69922e68bfab2d krb5-1.8.1.tar.gz
|
||||
787e4f86775bcfbb90ee8c6e7cb53fc9 krb5-1.8.1.tar.gz.asc
|
||||
afdfd2e81345e6cd978dd37d76c3b0a2 krb5-1.8.1-pdf.tar.gz
|
||||
ccba1279ff11200f7cefa903578c2f73 krb5-1.8.2.tar.gz
|
||||
3adcca83db07d0ff36def494cb9412df krb5-1.8.2.tar.gz.asc
|
||||
2e22c362076db938d654031ea303aac3 krb5-1.8.2-pdf.tar.gz
|
||||
|
Loading…
Reference in New Issue
Block a user