[krb5] update to 1.11.3

Nalin Dahyabhai nalin at fedoraproject.org
Tue Jun 4 15:23:35 UTC 2013 

commit 7b66f600ef20913038550aa2da492ab6a52526ad
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Tue Jun 4 11:07:24 2013 -0400

    update to 1.11.3
    
    - update to 1.11.3
      - drop patch for RT#7605, fixed in this release
      - drop patch for CVE-2002-2443, fixed in this release
      - drop patch for RT#7369, fixed in this release
    - pull upstream fix for breaking t_skew.py by adding the patch for #961221

 krb5-1.11.2-gss_transited.patch    |   81 ------------------------------------
 krb5-1.11.2-kpasswd_pingpong.patch |   64 ----------------------------
 krb5-1.11.3-skew3.patch            |   28 ++++++++++++
 krb5-fast-msg_type.patch           |   28 ------------
 krb5.spec                          |   21 +++++----
 sources                            |    6 +-
 6 files changed, 43 insertions(+), 185 deletions(-)
---
diff --git a/krb5-1.11.3-skew3.patch b/krb5-1.11.3-skew3.patch
new file mode 100644
index 0000000..0fe0b28
--- /dev/null
+++ b/krb5-1.11.3-skew3.patch
@@ -0,0 +1,28 @@
+commit 3b1b31a57cd932eda928932e67f5f2857929f429
+Author: Greg Hudson <ghudson at mit.edu>
+Date:   Sun Jun 2 15:36:40 2013 -0400
+
+    Fix spurious clock skew caused by preauth delay
+    
+    Commit 37b0e55e21926c7875b7176e24e13005920915a6 (#7063) prevented
+    clock skew caused by preauth delay by recording the time of the
+    initial request.  However, it failed to take into account delay
+    between requests due to prompting during preauthentication.  Fix this
+    by recording the request time for each request.
+    
+    ticket: 7656 (new)
+
+diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
+index ff455d3..0dd497e 100644
+--- a/src/lib/krb5/krb/get_in_tkt.c
++++ b/src/lib/krb5/krb/get_in_tkt.c
+@@ -1256,6 +1256,9 @@ init_creds_step_request(krb5_context context,
+         }
+     }
+ 
++    /* Remember when we sent this request (after any preauth delay). */
++    ctx->request_time = time(NULL);
++
+     if (ctx->encoded_previous_request != NULL) {
+         krb5_free_data(context, ctx->encoded_previous_request);
+         ctx->encoded_previous_request = NULL;
diff --git a/krb5.spec b/krb5.spec
index 6bab4cc..b4637e3 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -29,10 +29,10 @@
 
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.11.2
-Release: 10%{?dist}
+Version: 1.11.3
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.2-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 # Use a dummy krb5-%{version}-pdf.tar.xz the first time through, then
@@ -75,10 +75,7 @@ Patch105: krb5-kvno-230379.patch
 Patch113: krb5-1.11-alpha1-init.patch
 Patch116: http://ausil.fedorapeople.org/aarch64/krb5/krb5-aarch64.patch
 Patch117: krb5-1.11-gss-client-keytab.patch
-Patch119: krb5-fast-msg_type.patch
-Patch120: krb5-1.11.2-kpasswd_pingpong.patch
 Patch121: krb5-cccol-primary.patch
-Patch122: krb5-1.11.2-gss_transited.patch
 Patch123: krb5-1.11.2-empty_passwords.patch
 Patch124: krb5-1.11.2-arcfour_short.patch
 Patch125: krb5-1.11.2-skew1.patch
@@ -86,6 +83,7 @@ Patch126: krb5-1.11.2-skew2.patch
 Patch127: krb5-master-test_gss_no_udp.patch
 Patch128: krb5-master-test_no_pmap.patch 
 Patch130: krb5-master-init_referral.patch
+Patch131: krb5-1.11.3-skew3.patch
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -303,10 +301,7 @@ ln -s NOTICE LICENSE
 %patch113 -p1 -b .init
 %patch116 -p1 -b .aarch64
 %patch117 -p1 -b .gss-client-keytab
-%patch119 -p1 -b .fast-msg_type
-%patch120 -p1 -b .kpasswd_pingpong
 %patch121 -p1 -b .cccol-primary
-%patch122 -p1 -b .gss_transited
 %patch123 -p1 -b .empty_passwords
 %patch124 -p1 -b .arcfour_short
 %patch125 -p1 -b .skew1
@@ -314,6 +309,7 @@ ln -s NOTICE LICENSE
 %patch127 -p1 -b .test_gss_no_udp
 %patch128 -p1 -b .test_no_pmap
 %patch130 -p1 -b .init_referral
+%patch131 -p1 -b .skew3
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -839,6 +835,13 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Tue Jun  4 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.3-1
+- update to 1.11.3
+  - drop patch for RT#7605, fixed in this release
+  - drop patch for CVE-2002-2443, fixed in this release
+  - drop patch for RT#7369, fixed in this release
+- pull upstream fix for breaking t_skew.py by adding the patch for #961221
+
 * Fri May 31 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.2-10
 - respin with updated version of patch for RT#7650 (#969331)
 
diff --git a/sources b/sources
index d676249..caccaa5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-7db8ba98dcc1503fe6925aea2238b896  krb5-1.11.2.tar.gz
-10b368a774933177f64e154b12976820  krb5-1.11.2.tar.gz.asc
-d5c8774506d7f67fb096e0b3ac7cb03d  krb5-1.11.2-pdf.tar.xz
+017285971f1038a32261b15c128502f0  krb5-1.11.3.tar.gz
+a9dc7e280af5ac23833d0c951fe44036  krb5-1.11.3.tar.gz.asc
+731b6fa7c98b88920fc8f5b934a6187a  krb5-1.11.3-pdf.tar.xz

More information about the scm-commits mailing list