auto-import changelog data from krb5-1.3.4-7.src.rpmpresent-on-develkrb5-1_3_4-7

Tue Aug 31 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-7
- rebuild
Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6
- rebuild
Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5
- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
    CAN-2004-0772
Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-4
- rebuild
Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-3
- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
    (MITKRB5-SA-2004-002, #130732)
- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003,
    #130732)

3 files changed, 310 insertions, 5 deletions

diff --git a/2004-002-dblfree_patch.txt b/2004-002-dblfree_patch.txt
new file mode 100644
index 0000000..2703b0f
--- /dev/null
+++ b/2004-002-dblfree_patch.txt
@@ -0,0 +1,268 @@
+Index: src/clients/klist/klist.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/clients/klist/klist.c,v
+retrieving revision 5.63
+diff -c -r5.63 klist.c
+*** src/clients/klist/klist.c	11 Apr 2002 03:21:46 -0000	5.63
+--- src/clients/klist/klist.c	23 Aug 2004 03:37:26 -0000
+***************
+*** 614,619 ****
+--- 614,622 ----
+  
+      if (show_etype) {
+  	retval = krb5_decode_ticket(&cred->ticket, &tkt);
++ 	if (retval)
++ 	    goto err_tkt;
++ 
+  	if (!extra_field)
+  	    fputs("\t",stdout);
+  	else
+***************
+*** 622,629 ****
+  	       etype_string(cred->keyblock.enctype));
+  	printf("%s ",
+  	       etype_string(tkt->enc_part.enctype));
+- 	krb5_free_ticket(kcontext, tkt);
+  	extra_field++;
+      }
+  
+      /* if any additional info was printed, extra_field is non-zero */
+--- 625,635 ----
+  	       etype_string(cred->keyblock.enctype));
+  	printf("%s ",
+  	       etype_string(tkt->enc_part.enctype));
+  	extra_field++;
++ 
++     err_tkt:
++ 	if (tkt != NULL)
++ 	    krb5_free_ticket(kcontext, tkt);
+      }
+  
+      /* if any additional info was printed, extra_field is non-zero */
+Index: src/krb524/krb524d.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/krb524/krb524d.c,v
+retrieving revision 1.55.2.3
+diff -c -r1.55.2.3 krb524d.c
+*** src/krb524/krb524d.c	28 May 2003 04:06:31 -0000	1.55.2.3
+--- src/krb524/krb524d.c	23 Aug 2004 03:37:26 -0000
+***************
+*** 582,589 ****
+  	  printf("v4 credentials encoded\n");
+  
+   error:
+!      if (v5tkt->enc_part2)
+  	 krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
+  
+       if(v5_service_key.contents)
+         krb5_free_keyblock_contents(context, &v5_service_key);
+--- 582,591 ----
+  	  printf("v4 credentials encoded\n");
+  
+   error:
+!      if (v5tkt->enc_part2) {
+  	 krb5_free_enc_tkt_part(context, v5tkt->enc_part2);
++ 	 v5tkt->enc_part2 = NULL;
++      }
+  
+       if(v5_service_key.contents)
+         krb5_free_keyblock_contents(context, &v5_service_key);
+Index: src/lib/krb5/asn.1/asn1buf.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v
+retrieving revision 5.24
+diff -c -r5.24 asn1buf.c
+*** src/lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- src/lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:37:27 -0000
+***************
+*** 255,260 ****
+--- 255,261 ----
+    (*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char));
+    if ((*code)->data == NULL) {
+      free(*code);
++     *code = NULL;
+      return ENOMEM;
+    }
+    for(i=0; i < (*code)->length; i++)
+Index: src/lib/krb5/asn.1/krb5_decode.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/krb5_decode.c,v
+retrieving revision 5.40.2.5
+diff -c -r5.40.2.5 krb5_decode.c
+*** src/lib/krb5/asn.1/krb5_decode.c	10 Oct 2003 23:57:38 -0000	5.40.2.5
+--- src/lib/krb5/asn.1/krb5_decode.c	23 Aug 2004 03:37:27 -0000
+***************
+*** 183,190 ****
+  #define cleanup(cleanup_routine)\
+     return 0; \
+  error_out: \
+!    if (rep && *rep) \
+  	cleanup_routine(*rep); \
+     return retval;
+  
+  #define cleanup_none()\
+--- 183,192 ----
+  #define cleanup(cleanup_routine)\
+     return 0; \
+  error_out: \
+!    if (rep && *rep) { \
+  	cleanup_routine(*rep); \
++ 	*rep = NULL; \
++    } \
+     return retval;
+  
+  #define cleanup_none()\
+***************
+*** 233,238 ****
+--- 235,241 ----
+        free_field(*rep,checksum);
+        free_field(*rep,client);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 254,260 ****
+    { begin_structure();
+      { krb5_kvno kvno;
+        get_field(kvno,0,asn1_decode_kvno);
+!       if(kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO;
+      }
+      alloc_field((*rep)->server,krb5_principal_data);
+      get_field((*rep)->server,1,asn1_decode_realm);
+--- 257,263 ----
+    { begin_structure();
+      { krb5_kvno kvno;
+        get_field(kvno,0,asn1_decode_kvno);
+!       if(kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO);
+      }
+      alloc_field((*rep)->server,krb5_principal_data);
+      get_field((*rep)->server,1,asn1_decode_realm);
+***************
+*** 268,273 ****
+--- 271,277 ----
+    if (rep && *rep) {
+        free_field(*rep,server);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 320,325 ****
+--- 324,330 ----
+        free_field(*rep,session);
+        free_field(*rep,client);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 403,408 ****
+--- 408,414 ----
+    if (rep && *rep) {
+        free_field(*rep,ticket);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 451,456 ****
+--- 457,463 ----
+    if (rep && *rep) {
+        free_field(*rep,subkey);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 556,561 ****
+--- 563,569 ----
+    if (rep && *rep) {
+        free_field(*rep,checksum);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 614,619 ****
+--- 622,628 ----
+        free_field(*rep,r_address);
+        free_field(*rep,s_address);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 668,673 ****
+--- 677,683 ----
+        free_field(*rep,r_address);
+        free_field(*rep,s_address);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+***************
+*** 713,718 ****
+--- 723,729 ----
+        free_field(*rep,server);
+        free_field(*rep,client);
+        free(*rep);
++       *rep = NULL;
+    }
+    return retval;
+  }
+Index: src/lib/krb5/krb/rd_rep.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/rd_rep.c,v
+retrieving revision 5.33.2.2
+diff -c -r5.33.2.2 rd_rep.c
+*** src/lib/krb5/krb/rd_rep.c	14 Jun 2003 00:09:47 -0000	5.33.2.2
+--- src/lib/krb5/krb/rd_rep.c	23 Aug 2004 03:37:27 -0000
+***************
+*** 71,76 ****
+--- 71,78 ----
+  
+      /* now decode the decrypted stuff */
+      retval = decode_krb5_ap_rep_enc_part(&scratch, repl);
++     if (retval)
++ 	goto clean_scratch;
+  
+      /* Check reply fields */
+      if (((*repl)->ctime != auth_context->authentp->ctime) ||
+Index: src/lib/krb5/krb/send_tgs.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/send_tgs.c,v
+retrieving revision 5.55.2.1
+diff -c -r5.55.2.1 send_tgs.c
+*** src/lib/krb5/krb/send_tgs.c	13 May 2004 19:27:59 -0000	5.55.2.1
+--- src/lib/krb5/krb/send_tgs.c	23 Aug 2004 03:37:27 -0000
+***************
+*** 269,274 ****
+--- 269,276 ----
+  	    if (!tcp_only) {
+  		krb5_error *err_reply;
+  		retval = decode_krb5_error(&rep->response, &err_reply);
++ 		if (retval)
++ 		    goto send_tgs_error_3;
+  		if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
+  		    tcp_only = 1;
+  		    krb5_free_error(context, err_reply);
+***************
+*** 277,282 ****
+--- 279,286 ----
+  		    goto send_again;
+  		}
+  		krb5_free_error(context, err_reply);
++ 	    send_tgs_error_3:
++ 		;
+  	    }
+  	    rep->message_type = KRB5_ERROR;
+  	} else if (krb5_is_tgs_rep(&rep->response))
diff --git a/2004-003-patch_1.3.4.txt b/2004-003-patch_1.3.4.txt
new file mode 100644
index 0000000..57a9213
--- /dev/null
+++ b/2004-003-patch_1.3.4.txt
@@ -0,0 +1,17 @@
+Index: src/lib/krb5/asn.1/asn1buf.c
+===================================================================
+RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v
+retrieving revision 5.24
+*** src/lib/krb5/asn.1/asn1buf.c	12 Mar 2003 04:33:30 -0000	5.24
+--- src/lib/krb5/asn.1/asn1buf.c	23 Aug 2004 03:43:47 -0000
+***************
+*** 122,127 ****
+--- 122,129 ----
+        return ASN1_OVERRUN;
+    }
+    while (nestlevel > 0) {
++     if (buf->bound - buf->next + 1 <= 0)
++       return ASN1_OVERRUN;
+      retval = asn1_get_tag_2(buf, &t);
+      if (retval) return retval;
+      if (!t.indef) {
diff --git a/krb5.spec b/krb5.spec
index fc7f03a..c29e75b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -7,7 +7,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.3.4
-Release: 2
+Release: 7
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.4.tar
 Source0: krb5-%{version}.tar.gz
@@ -46,7 +46,6 @@ Patch15: krb5-1.3-check.patch
 Patch16: krb5-1.3.3-no-rpath.patch
 Patch17: krb5-1.3-pass-by-address.patch
 Patch18: krb5-1.2.7-reject-bad-transited.patch
-Patch19: krb5-1.2.7-krb524d-double-free.patch
 Patch20: krb5-1.3.1-varargs.patch
 Patch21: krb5-selinux.patch
 Patch22: krb5-1.3.1-32.patch
@@ -55,8 +54,8 @@ Patch24: krb5-1.3.1-server-sort.patch
 Patch25: krb5-1.3.1-null.patch
 Patch26: krb5-1.3.2-efence.patch
 Patch27: krb5-1.3.3-rcp-sendlarge.patch
-Patch28: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
-
+Patch28: http://web.mit.edu/kerberos/advisories/2004-002-dblfree_patch.txt
+Patch29: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
@@ -119,6 +118,24 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
+* Tue Aug 31 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-7
+- rebuild
+
+* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6
+- rebuild
+
+* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5
+- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
+  CAN-2004-0772
+
+* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-4
+- rebuild
+
+* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-3
+- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
+  (MITKRB5-SA-2004-002, #130732)
+- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732)
+
 * Tue Jul 27 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-2
 - fix indexing error in server sorting patch (#127336)
 
@@ -705,7 +722,8 @@ workstation.
 # Hopefully no longer needed to work around compiler bug.
 # %patch17 -p1 -b .pass-by-address
 %patch18 -p1 -b .reject-bad-transited
-%patch19 -p1 -b .double-free
+# Obsoleted by 2004-002-dblfree_patch, below.
+# %patch19 -p1 -b .double-free
 %patch20 -p1 -b .varargs
 %if %{WITH_SELINUX}
 %patch21 -p1 -b .selinux
@@ -718,6 +736,8 @@ workstation.
 # Removes a malloc(0) case, nothing more.
 # %patch26 -p1 -b .efence
 %patch27 -p1 -b .rcp-sendlarge
+%patch28 -p0 -b .dblfree-2004-002
+%patch29 -p0 -b .asn1buf-2004-003
 cp src/krb524/README README.krb524
 find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
 gzip doc/*.ps