[krb5] update to 1.11.3
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Jun 4 15:23:35 UTC 2013
commit 7b66f600ef20913038550aa2da492ab6a52526ad
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Jun 4 11:07:24 2013 -0400
update to 1.11.3
- update to 1.11.3
- drop patch for RT#7605, fixed in this release
- drop patch for CVE-2002-2443, fixed in this release
- drop patch for RT#7369, fixed in this release
- pull upstream fix for breaking t_skew.py by adding the patch for #961221
krb5-1.11.2-gss_transited.patch | 81 ------------------------------------
krb5-1.11.2-kpasswd_pingpong.patch | 64 ----------------------------
krb5-1.11.3-skew3.patch | 28 ++++++++++++
krb5-fast-msg_type.patch | 28 ------------
krb5.spec | 21 +++++----
sources | 6 +-
6 files changed, 43 insertions(+), 185 deletions(-)
---
diff --git a/krb5-1.11.3-skew3.patch b/krb5-1.11.3-skew3.patch
new file mode 100644
index 0000000..0fe0b28
--- /dev/null
+++ b/krb5-1.11.3-skew3.patch
@@ -0,0 +1,28 @@
+commit 3b1b31a57cd932eda928932e67f5f2857929f429
+Author: Greg Hudson <ghudson at mit.edu>
+Date: Sun Jun 2 15:36:40 2013 -0400
+
+ Fix spurious clock skew caused by preauth delay
+
+ Commit 37b0e55e21926c7875b7176e24e13005920915a6 (#7063) prevented
+ clock skew caused by preauth delay by recording the time of the
+ initial request. However, it failed to take into account delay
+ between requests due to prompting during preauthentication. Fix this
+ by recording the request time for each request.
+
+ ticket: 7656 (new)
+
+diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
+index ff455d3..0dd497e 100644
+--- a/src/lib/krb5/krb/get_in_tkt.c
++++ b/src/lib/krb5/krb/get_in_tkt.c
+@@ -1256,6 +1256,9 @@ init_creds_step_request(krb5_context context,
+ }
+ }
+
++ /* Remember when we sent this request (after any preauth delay). */
++ ctx->request_time = time(NULL);
++
+ if (ctx->encoded_previous_request != NULL) {
+ krb5_free_data(context, ctx->encoded_previous_request);
+ ctx->encoded_previous_request = NULL;
diff --git a/krb5.spec b/krb5.spec
index 6bab4cc..b4637e3 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -29,10 +29,10 @@
Summary: The Kerberos network authentication system
Name: krb5
-Version: 1.11.2
-Release: 10%{?dist}
+Version: 1.11.3
+Release: 1%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.2-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
Source0: krb5-%{version}.tar.gz
Source1: krb5-%{version}.tar.gz.asc
# Use a dummy krb5-%{version}-pdf.tar.xz the first time through, then
@@ -75,10 +75,7 @@ Patch105: krb5-kvno-230379.patch
Patch113: krb5-1.11-alpha1-init.patch
Patch116: http://ausil.fedorapeople.org/aarch64/krb5/krb5-aarch64.patch
Patch117: krb5-1.11-gss-client-keytab.patch
-Patch119: krb5-fast-msg_type.patch
-Patch120: krb5-1.11.2-kpasswd_pingpong.patch
Patch121: krb5-cccol-primary.patch
-Patch122: krb5-1.11.2-gss_transited.patch
Patch123: krb5-1.11.2-empty_passwords.patch
Patch124: krb5-1.11.2-arcfour_short.patch
Patch125: krb5-1.11.2-skew1.patch
@@ -86,6 +83,7 @@ Patch126: krb5-1.11.2-skew2.patch
Patch127: krb5-master-test_gss_no_udp.patch
Patch128: krb5-master-test_no_pmap.patch
Patch130: krb5-master-init_referral.patch
+Patch131: krb5-1.11.3-skew3.patch
# Patches for otp plugin backport
Patch201: krb5-1.11.2-keycheck.patch
@@ -303,10 +301,7 @@ ln -s NOTICE LICENSE
%patch113 -p1 -b .init
%patch116 -p1 -b .aarch64
%patch117 -p1 -b .gss-client-keytab
-%patch119 -p1 -b .fast-msg_type
-%patch120 -p1 -b .kpasswd_pingpong
%patch121 -p1 -b .cccol-primary
-%patch122 -p1 -b .gss_transited
%patch123 -p1 -b .empty_passwords
%patch124 -p1 -b .arcfour_short
%patch125 -p1 -b .skew1
@@ -314,6 +309,7 @@ ln -s NOTICE LICENSE
%patch127 -p1 -b .test_gss_no_udp
%patch128 -p1 -b .test_no_pmap
%patch130 -p1 -b .init_referral
+%patch131 -p1 -b .skew3
%patch201 -p1 -b .keycheck
%patch202 -p1 -b .otp
@@ -839,6 +835,13 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Tue Jun 4 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.3-1
+- update to 1.11.3
+ - drop patch for RT#7605, fixed in this release
+ - drop patch for CVE-2002-2443, fixed in this release
+ - drop patch for RT#7369, fixed in this release
+- pull upstream fix for breaking t_skew.py by adding the patch for #961221
+
* Fri May 31 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.2-10
- respin with updated version of patch for RT#7650 (#969331)
diff --git a/sources b/sources
index d676249..caccaa5 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-7db8ba98dcc1503fe6925aea2238b896 krb5-1.11.2.tar.gz
-10b368a774933177f64e154b12976820 krb5-1.11.2.tar.gz.asc
-d5c8774506d7f67fb096e0b3ac7cb03d krb5-1.11.2-pdf.tar.xz
+017285971f1038a32261b15c128502f0 krb5-1.11.3.tar.gz
+a9dc7e280af5ac23833d0c951fe44036 krb5-1.11.3.tar.gz.asc
+731b6fa7c98b88920fc8f5b934a6187a krb5-1.11.3-pdf.tar.xz
More information about the scm-commits
mailing list