[krb5/f13/master] - adjust the last patch to apply properly to 1.7.1
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Aug 25 15:34:40 UTC 2010
commit 1a269b2e461c691d619196a13c0a9efb8f4dd671
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Wed Aug 25 11:09:45 2010 -0400
- adjust the last patch to apply properly to 1.7.1
krb5-1.7.1-explife.patch | 28 ++++++++++++++++++++++++++++
krb5-trunk-explife.patch | 28 ----------------------------
krb5.spec | 7 +++++--
3 files changed, 33 insertions(+), 30 deletions(-)
---
diff --git a/krb5-1.7.1-explife.patch b/krb5-1.7.1-explife.patch
new file mode 100644
index 0000000..b6cf93d
--- /dev/null
+++ b/krb5-1.7.1-explife.patch
@@ -0,0 +1,28 @@
+Rob Crittenden noticed that, in populate_krb5_db_entry(), key
+expirations weren't being computed as expected. It turns out
+that neither KDB_PRINC_EXPIRE_TIME_ATTR nor KDB_PWD_EXPIRE_TIME_ATTR
+is defined to 1, so the check for their bits could never succeed as
+written. RT#6762.
+
+Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+===================================================================
+--- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c (revision 24252)
++++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c (working copy)
+@@ -2087,7 +2087,7 @@
+ goto cleanup;
+
+ if (attr_present == TRUE) {
+- if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
++ if (mask & KDB_PRINC_EXPIRE_TIME_ATTR) {
+ if (expiretime < entry->expiration)
+ entry->expiration = expiretime;
+ } else {
+@@ -2127,7 +2127,7 @@
+ if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
+ goto cleanup;
+
+- if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
++ if (mask & KDB_PWD_EXPIRE_TIME_ATTR) {
+ if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
+ entry->pw_expiration = last_pw_changed + pw_max_life;
+ } else
diff --git a/krb5.spec b/krb5.spec
index dc1794c..7937b91 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7.1
-Release: 12%{?dist}
+Release: 13%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -90,7 +90,7 @@ Patch100: 2010-002-1.7-patch.txt
Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
Patch102: krb5-CVE-2010-1321-1.7.1.patch
Patch103: krb5-1.7.1-24139.patch
-Patch104: krb5-trunk-explife.patch
+Patch104: krb5-1.7.1-explife.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -229,6 +229,9 @@ to obtain initial credentials from a KDC using a private key and a
certificate.
%changelog
+* Wed Aug 25 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-13
+- adjust the last patch to apply properly to 1.7.1
+
* Tue Aug 24 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-12
- fix a logic bug in computing key expiration times (RT#6762, #627022)
More information about the scm-commits
mailing list