- remove obsolete patch for CVE-2009-0845
- add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846) - add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
This commit is contained in:
parent
ebb2e9030e
commit
f51ed46fff
@ -1,16 +0,0 @@
|
||||
Upstream change #22099, triggered by report from Marcus Granado, fix by Tom Yu.
|
||||
In a nutshell, when return_token is neither NO_TOKEN_SEND nor CHECK_MIC, we
|
||||
might still not want a reply token, for example if it's ERROR_TOKEN_SEND.
|
||||
diff -up src/lib/gssapi/spnego/spnego_mech.c src/lib/gssapi/spnego/spnego_mech.c
|
||||
--- src/lib/gssapi/spnego/spnego_mech.c 2009-03-17 16:47:10.000000000 -0400
|
||||
+++ src/lib/gssapi/spnego/spnego_mech.c 2009-03-17 16:47:14.000000000 -0400
|
||||
@@ -1248,7 +1248,8 @@ spnego_gss_accept_sec_context(void *ct,
|
||||
&negState, &return_token);
|
||||
}
|
||||
cleanup:
|
||||
- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
|
||||
+ if (return_token == INIT_TOKEN_SEND ||
|
||||
+ return_token == CONT_TOKEN_SEND) {
|
||||
tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech,
|
||||
&mechtok_out, mic_out,
|
||||
return_token,
|
24
krb5.spec
24
krb5.spec
@ -13,7 +13,7 @@
|
||||
Summary: The Kerberos network authentication system
|
||||
Name: krb5
|
||||
Version: 1.6.3
|
||||
Release: 100%{?dist}
|
||||
Release: 101%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -97,7 +97,9 @@ Patch77: krb5-CVE-2007-5971.patch
|
||||
Patch78: krb5-1.6.3-lucid-acceptor.patch
|
||||
Patch79: krb5-trunk-ftp_mget_case.patch
|
||||
Patch80: krb5-trunk-preauth-master.patch
|
||||
Patch81: krb5-1.6.3-spnego-crash.patch
|
||||
Patch82: krb5-CVE-2009-0844-0845-2.patch
|
||||
Patch83: krb5-CVE-2009-0846.patch
|
||||
Patch84: krb5-CVE-2009-0847.patch
|
||||
|
||||
License: MIT
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -226,6 +228,15 @@ to obtain initial credentials from a KDC using a private key and a
|
||||
certificate.
|
||||
|
||||
%changelog
|
||||
* Tue Apr 7 2009 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-101
|
||||
- add patches for read overflow and null pointer dereference in the
|
||||
implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
|
||||
- add patch for attempt to free uninitialized pointer in libkrb5
|
||||
(CVE-2009-0846)
|
||||
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
|
||||
- put the krb5-user .info file into just -workstation and not also
|
||||
-workstation-clients
|
||||
|
||||
* Mon Apr 6 2009 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-100
|
||||
- turn off krb4 support (it won't be part of the 1.7 release, but do it now)
|
||||
- use triggeruns to properly shut down and disable krb524d when -server and
|
||||
@ -1212,7 +1223,7 @@ certificate.
|
||||
- apply second set of buffer overflow fixes from Tom Yu
|
||||
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
|
||||
- work around possibly broken rev binary in running test suite
|
||||
- move default realm configs from /var/kerberos to %{_var}/kerberos
|
||||
- move default realm configs from /var/kerberos to %%{_var}/kerberos
|
||||
|
||||
* Tue Jun 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- make ksu and v4rcp owned by root
|
||||
@ -1408,7 +1419,9 @@ popd
|
||||
%patch78 -p0 -b .lucid_acceptor
|
||||
%patch79 -p0 -b .ftp_mget_case
|
||||
%patch80 -p0 -b .preauth_master
|
||||
%patch81 -p0 -b .spnego-crash
|
||||
%patch82 -p1 -b .CVE-2009-0844-0845-2
|
||||
%patch83 -p1 -b .CVE-2009-0846
|
||||
%patch84 -p1 -b .CVE-2009-0847
|
||||
gzip doc/*.ps
|
||||
|
||||
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
|
||||
@ -1674,7 +1687,7 @@ exit 0
|
||||
/sbin/install-info %{_infodir}/krb5-user.info %{_infodir}/dir
|
||||
exit 0
|
||||
|
||||
%preun workstation
|
||||
%postun workstation
|
||||
if [ "$1" -eq "0" ] ; then
|
||||
/sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir
|
||||
fi
|
||||
@ -1730,7 +1743,6 @@ exit 0
|
||||
%docdir %{krb5prefix}/man
|
||||
%doc doc/{ftp,rcp,rlogin,rsh,telnet}.html
|
||||
%attr(0755,root,root) %doc src/config-files/convert-config-files
|
||||
%{_infodir}/krb5-user.info*
|
||||
|
||||
%dir %{krb5prefix}
|
||||
%dir %{krb5prefix}/bin
|
||||
|
Loading…
Reference in New Issue
Block a user