diff --git a/krb5-1.10.2-replay.patch b/krb5-1.10.2-replay.patch deleted file mode 100644 index d6dfff0..0000000 --- a/krb5-1.10.2-replay.patch +++ /dev/null @@ -1,17 +0,0 @@ -Backport from ticket 7229. ---- krb5-1.10.2/src/lib/krb5/krb/vfy_increds.c -+++ krb5-1.10.2/src/lib/krb5/krb/vfy_increds.c -@@ -194,6 +194,13 @@ krb5_verify_init_creds(krb5_context cont - authcon = NULL; - } - -+ /* Build an auth context that won't bother with replay checks -- it's -+ * not as if we're going to mount a replay attack on ourselves here. */ -+ if (ret = krb5_auth_con_init(context, &authcon)) -+ goto cleanup; -+ if (ret = krb5_auth_con_setflags(context, authcon, 0)) -+ goto cleanup; -+ - /* verify the ap_req */ - - if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab, diff --git a/krb5.spec b/krb5.spec index ae53dd9..b7503d5 100644 --- a/krb5.spec +++ b/krb5.spec @@ -73,7 +73,6 @@ Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch Patch106: krb5-1.10.2-keytab-etype.patch Patch107: krb5-trunk-pkinit-anchorsign.patch -Patch108: krb5-1.10.2-replay.patch Patch109: krb5-1.10.3-as_rep_skew.patch Patch110: krb5-1.10.3-keytab-etype-corners-prep.patch Patch111: krb5-1.10.3-keytab-etype-corners.patch @@ -267,7 +266,6 @@ ln -s NOTICE LICENSE %patch105 -p1 -b .kvno %patch106 -p1 -b .keytab-etype %patch107 -p1 -b .pkinit-anchorsign -%patch108 -p1 -b .replay %patch109 -p1 -b .as_rep_skew %patch110 -p1 -b .keytab-etype-corners-prep %patch111 -p1 -b .keytab-etype-corners @@ -830,6 +828,8 @@ exit 0 - the new docs system generates PDFs, so stop including them - drop backported patch to allow deltat.y to build with the usual warning flags and the current gcc + - drop backported fix for disabling use of a replay cache when verifying + initial credentials * Wed Oct 17 2012 Nalin Dahyabhai 1.10.3-7 - tag a couple of other patches which we still need to be applied during