rpms/krb5/F-11 krb5.spec,1.191,1.192 krb5-1.6.1-pam.patch,1.7,1.8
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Mar 3 16:09:48 UTC 2010
Author: nalin
Update of /cvs/extras/rpms/krb5/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29800/F-11
Modified Files:
krb5.spec krb5-1.6.1-pam.patch
Log Message:
- fix a null pointer dereference and crash introduced in our PAM patch that
would happen if ftpd was given the name of a user who wasn't known to the
local system, limited to being triggerable by gssapi-authenticated clients by
the default xinetd config (Olivier Fourdan, #569472)
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-11/krb5.spec,v
retrieving revision 1.191
retrieving revision 1.192
diff -u -p -r1.191 -r1.192
--- krb5.spec 2 Mar 2010 23:02:44 -0000 1.191
+++ krb5.spec 3 Mar 2010 16:09:47 -0000 1.192
@@ -16,7 +16,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.3
-Release: 26%{?dist}
+Release: 27%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -242,6 +242,12 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Wed Mar 3 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.6.3-27
+- fix a null pointer dereference and crash introduced in our PAM patch that
+ would happen if ftpd was given the name of a user who wasn't known to the
+ local system, limited to being triggerable by gssapi-authenticated clients by
+ the default xinetd config (Olivier Fourdan, #569472)
+
* Tue Mar 2 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.6.3-26
- fix a regression (not labeling a kdb database lock file correctly, #569902)
- add a workaround to build with OpenSSL 1.0, which changed the signature
krb5-1.6.1-pam.patch:
aclocal.m4 | 79 ++++++++
appl/bsd/Makefile.in | 11 -
appl/bsd/configure.in | 1
appl/bsd/krshd.c | 62 +++++-
appl/bsd/login.c | 58 ++++++
appl/bsd/pam.c | 414 +++++++++++++++++++++++++++++++++++++++++++
appl/bsd/pam.h | 61 ++++++
appl/gssftp/configure.in | 1
appl/gssftp/ftpd/Makefile.in | 8
appl/gssftp/ftpd/ftpd.c | 58 +++++-
config/pre.in | 1
configure.in | 2
12 files changed, 737 insertions(+), 19 deletions(-)
Index: krb5-1.6.1-pam.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-11/krb5-1.6.1-pam.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- krb5-1.6.1-pam.patch 16 Jul 2008 18:09:47 -0000 1.7
+++ krb5-1.6.1-pam.patch 3 Mar 2010 16:09:48 -0000 1.8
@@ -832,7 +832,7 @@ When enabled, ftpd, krshd, and login.krb
+#ifdef USE_PAM
+ if (appl_pam_enabled(kcontext, "ftpd")) {
+ if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
-+ pw->pw_name, "",
++ name, "",
+ FTP_PAM_SERVICE) != 0) {
+ reply(530, "Login incorrect.");
+ return;
@@ -860,7 +860,7 @@ When enabled, ftpd, krshd, and login.krb
- if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
- (want_creds || !*pw->pw_passwd ||
- strcmp(xpasswd, pw->pw_passwd)))) {
-+ if ((pw == NULL) ||
++ if ((pw == NULL) || (
+#ifdef USE_PAM
+ appl_pam_enabled(kcontext, "ftpd") ?
+ (appl_pam_authenticate(FTP_PAM_SERVICE, 0,
@@ -870,7 +870,7 @@ When enabled, ftpd, krshd, and login.krb
+ (!kpass(pw->pw_name, passwd) &&
+ (want_creds ||
+ !*pw->pw_passwd ||
-+ strcmp(xpasswd, pw->pw_passwd)))) {
++ strcmp(xpasswd, pw->pw_passwd))))) {
pw = NULL;
sleep(5);
if (++login_attempts >= 3) {
More information about the scm-commits
mailing list