rpms/krb5/F-13 krb5.spec,1.241,1.242 krb5-1.7-pam.patch,1.4,1.5
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Mar 3 16:09:50 UTC 2010
Author: nalin
Update of /cvs/extras/rpms/krb5/F-13
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29800/F-13
Modified Files:
krb5.spec krb5-1.7-pam.patch
Log Message:
- fix a null pointer dereference and crash introduced in our PAM patch that
would happen if ftpd was given the name of a user who wasn't known to the
local system, limited to being triggerable by gssapi-authenticated clients by
the default xinetd config (Olivier Fourdan, #569472)
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-13/krb5.spec,v
retrieving revision 1.241
retrieving revision 1.242
diff -u -p -r1.241 -r1.242
--- krb5.spec 2 Mar 2010 23:01:24 -0000 1.241
+++ krb5.spec 3 Mar 2010 16:09:49 -0000 1.242
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7.1
-Release: 4%{?dist}
+Release: 5%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -224,6 +224,12 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Wed Mar 3 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-5
+- fix a null pointer dereference and crash introduced in our PAM patch that
+ would happen if ftpd was given the name of a user who wasn't known to the
+ local system, limited to being triggerable by gssapi-authenticated clients by
+ the default xinetd config (Olivier Fourdan, #569472)
+
* Tue Mar 2 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-4
- fix a regression (not labeling a kdb database lock file correctly, #569902)
krb5-1.7-pam.patch:
aclocal.m4 | 83 ++++++++
appl/bsd/Makefile.in | 11 -
appl/bsd/configure.in | 1
appl/bsd/krshd.c | 64 +++++-
appl/bsd/login.c | 61 ++++++
appl/bsd/pam.c | 433 +++++++++++++++++++++++++++++++++++++++++++
appl/bsd/pam.h | 65 ++++++
appl/gssftp/configure.in | 1
appl/gssftp/ftpd/Makefile.in | 8
appl/gssftp/ftpd/ftpd.c | 72 ++++++-
clients/ksu/Makefile.in | 7
clients/ksu/main.c | 75 +++++++
config/pre.in | 1
configure.in | 2
14 files changed, 862 insertions(+), 22 deletions(-)
Index: krb5-1.7-pam.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-13/krb5-1.7-pam.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- krb5-1.7-pam.patch 3 Dec 2009 23:23:54 -0000 1.4
+++ krb5-1.7-pam.patch 3 Mar 2010 16:09:49 -0000 1.5
@@ -937,7 +937,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/f
+#ifdef USE_PAM
+ if (appl_pam_enabled(kcontext, "ftpd")) {
+ if (appl_pam_acct_mgmt(FTP_PAM_SERVICE, 0,
-+ pw->pw_name, "",
++ name, "",
+ hostname,
+ NULL,
+ FTP_PAM_SERVICE) != 0) {
@@ -971,7 +971,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/f
- if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
- (want_creds || !*pw->pw_passwd ||
- strcmp(xpasswd, pw->pw_passwd)))) {
-+ if ((pw == NULL) ||
++ if ((pw == NULL) || (
+#ifdef USE_PAM
+ appl_pam_enabled(kcontext, "ftpd") ?
+ (appl_pam_authenticate(FTP_PAM_SERVICE, 0,
@@ -983,7 +983,7 @@ diff -up krb5-1.7/src/appl/gssftp/ftpd/f
+ (!kpass(pw->pw_name, passwd) &&
+ (want_creds ||
+ !*pw->pw_passwd ||
-+ strcmp(xpasswd, pw->pw_passwd)))) {
++ strcmp(xpasswd, pw->pw_passwd))))) {
pw = NULL;
sleep(5);
if (++login_attempts >= 3) {
More information about the scm-commits
mailing list