rpms/krb5/F-13 2010-004-patch.txt,NONE,1.1 krb5.spec,1.247,1.248

Nalin Dahyabhai nalin at fedoraproject.org
Tue Apr 20 18:26:29 UTC 2010 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv28226/F-13

Modified Files:
	krb5.spec 
Added Files:
	2010-004-patch.txt 
Log Message:
- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)



--- NEW FILE 2010-004-patch.txt ---
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index b2f0655..76ca94a 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -543,6 +543,7 @@ tgt_again:
            to the caller */
         ticket_reply = *(header_ticket);
         enc_tkt_reply = *(header_ticket->enc_part2);
+        enc_tkt_reply.authorization_data = NULL;
         clear(enc_tkt_reply.flags, TKT_FLG_INVALID);
     }
 
@@ -554,6 +555,7 @@ tgt_again:
            to the caller */
         ticket_reply = *(header_ticket);
         enc_tkt_reply = *(header_ticket->enc_part2);
+        enc_tkt_reply.authorization_data = NULL;
 
         old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime;
 


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-13/krb5.spec,v
retrieving revision 1.247
retrieving revision 1.248
diff -u -p -r1.247 -r1.248
--- krb5.spec	8 Apr 2010 19:14:12 -0000	1.247
+++ krb5.spec	20 Apr 2010 18:26:28 -0000	1.248
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -87,6 +87,7 @@ Patch97: http://web.mit.edu/kerberos/adv
 Patch98: krb5-1.7.1-kpasswd_ccache.patch
 Patch99: krb5-1.7.1-kpasswd_ipv6.patch
 Patch100: 2010-002-1.7-patch.txt
+Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -225,6 +226,9 @@ to obtain initial credentials from a KDC
 certificate.
 
 %changelog
+* Tue Apr 20 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-8
+- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)
+
 * Thu Apr  8 2010 Nalin Dahyabhai <nalin at redhat.com>
 - drop patch to suppress key expiration warnings sent from the KDC in
   the last-req field, as the KDC is expected to just be configured to either
@@ -1617,6 +1621,7 @@ popd
 %patch98 -p1 -b .kpasswd-ccache
 %patch99 -p0 -b .kpasswd-ipv6
 %patch100 -p0 -b .2010-002
+%patch101 -p1 -b .2010-004
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex

More information about the scm-commits mailing list