rpms/krb5/F-13 2010-004-patch.txt,NONE,1.1 krb5.spec,1.247,1.248
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Apr 20 18:26:29 UTC 2010
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv28226/F-13
Modified Files:
krb5.spec
Added Files:
2010-004-patch.txt
Log Message:
- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)
--- NEW FILE 2010-004-patch.txt ---
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index b2f0655..76ca94a 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -543,6 +543,7 @@ tgt_again:
to the caller */
ticket_reply = *(header_ticket);
enc_tkt_reply = *(header_ticket->enc_part2);
+ enc_tkt_reply.authorization_data = NULL;
clear(enc_tkt_reply.flags, TKT_FLG_INVALID);
}
@@ -554,6 +555,7 @@ tgt_again:
to the caller */
ticket_reply = *(header_ticket);
enc_tkt_reply = *(header_ticket->enc_part2);
+ enc_tkt_reply.authorization_data = NULL;
old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime;
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-13/krb5.spec,v
retrieving revision 1.247
retrieving revision 1.248
diff -u -p -r1.247 -r1.248
--- krb5.spec 8 Apr 2010 19:14:12 -0000 1.247
+++ krb5.spec 20 Apr 2010 18:26:28 -0000 1.248
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7.1
-Release: 7%{?dist}
+Release: 8%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -87,6 +87,7 @@ Patch97: http://web.mit.edu/kerberos/adv
Patch98: krb5-1.7.1-kpasswd_ccache.patch
Patch99: krb5-1.7.1-kpasswd_ipv6.patch
Patch100: 2010-002-1.7-patch.txt
+Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -225,6 +226,9 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Tue Apr 20 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-8
+- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)
+
* Thu Apr 8 2010 Nalin Dahyabhai <nalin at redhat.com>
- drop patch to suppress key expiration warnings sent from the KDC in
the last-req field, as the KDC is expected to just be configured to either
@@ -1617,6 +1621,7 @@ popd
%patch98 -p1 -b .kpasswd-ccache
%patch99 -p0 -b .kpasswd-ipv6
%patch100 -p0 -b .2010-002
+%patch101 -p1 -b .2010-004
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
More information about the scm-commits
mailing list