[krb5/f15] - correct a bug in the fix for #754001 so that the file creation context is consistently reset
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Nov 30 20:07:46 UTC 2011
commit 35a1c496ac8469e47f164d632ff798f9093667be
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Nov 30 15:03:56 2011 -0500
- correct a bug in the fix for #754001 so that the file creation context is consistently reset
krb5-1.9-aes-hmac.patch | 12 ++++++++++++
krb5-1.9-selinux-label.patch | 6 ++----
krb5.spec | 12 +++++++++++-
3 files changed, 25 insertions(+), 5 deletions(-)
---
diff --git a/krb5-1.9-aes-hmac.patch b/krb5-1.9-aes-hmac.patch
new file mode 100644
index 0000000..0ab33f3
--- /dev/null
+++ b/krb5-1.9-aes-hmac.patch
@@ -0,0 +1,12 @@
+Early pull of the patch for RT#6994.
+--- krb5/src/lib/crypto/krb/checksum/hmac_md5.c
++++ krb5/src/lib/crypto/krb/checksum/hmac_md5.c
+@@ -61,7 +61,7 @@ krb5_error_code krb5int_hmacmd5_checksum
+ ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
+ if (ret)
+ goto cleanup;
+- ks.length = key->keyblock.length;
++ ks.length = ds.length;
+ ks.contents = (krb5_octet *) ds.data;
+ keyblock = &ks;
+ } else /* For md5-hmac, just use the key. */
diff --git a/krb5-1.9-selinux-label.patch b/krb5-1.9-selinux-label.patch
index 950254b..e149e93 100644
--- a/krb5-1.9-selinux-label.patch
+++ b/krb5-1.9-selinux-label.patch
@@ -501,7 +501,7 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s
diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c
--- krb5-1.8/src/util/support/selinux.c.selinux-label 2010-03-05 10:57:23.000000000 -0500
+++ krb5-1.8/src/util/support/selinux.c 2010-03-05 10:57:23.000000000 -0500
-@@ -0,0 +1,374 @@
+@@ -0,0 +1,372 @@
+/*
+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved.
+ *
@@ -742,9 +742,7 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
+krb5int_pop_fscreatecon(void *con)
+{
+ if (con != NULL) {
-+ if (con != (void *) -1) {
-+ pop_fscreatecon(con);
-+ }
++ pop_fscreatecon((con == (void *) -1) ? NULL : con);
+ k5_mutex_unlock(&labeled_mutex);
+ }
+}
diff --git a/krb5.spec b/krb5.spec
index 5f09492..8913f08 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -6,7 +6,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.9.2
-Release: 1%{?dist}
+Release: 3%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -59,6 +59,7 @@ Patch84: krb5-1.9.1-sendto_poll.patch
Patch86: krb5-1.9-debuginfo.patch
Patch87: krb5-1.9.1-sendto_poll2.patch
Patch89: krb5-1.9.1-sendto_poll3.patch
+Patch90: krb5-1.9-aes-hmac.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -211,6 +212,7 @@ ln -s NOTICE LICENSE
%patch86 -p0 -b .debuginfo
%patch87 -p1 -b .sendto_poll2
%patch89 -p1 -b .sendto_poll3
+%patch90 -p1 -b .aes-hmac
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -672,6 +674,14 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Wed Nov 30 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-3
+- correct a bug in the fix for #754001 so that the file creation context is
+ consistently reset
+
+* Tue Nov 22 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-2
+- pull patch from trunk so that when computing an HMAC, we don't assume that
+ the HMAC output size is the same as the input key length (RT#6994, #756139)
+
* Wed Nov 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-1
- update to 1.9.2, incorporating the recent security update and some of the
things we were previously backporting, among other fixes
More information about the scm-commits
mailing list