diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2012-07-31 14:26:22 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@redhat.com> | 2012-07-31 14:26:22 -0400 |
| commit | 420f11337ff10e725c67ecfc5be4e4442b62c82c (patch) | |
| tree | eb80060c292b46feb6302d3793167db53e62d2b2 | |
| parent | 96d17196a3b39e351746d229746718bfb617b622 (diff) | |
| parent | 718a1573e15d4bb8ca52a2fca678d655fc29e2f9 (diff) | |
| download | krb5-420f11337ff10e725c67ecfc5be4e4442b62c82c.tar.gz krb5-420f11337ff10e725c67ecfc5be4e4442b62c82c.tar.xz krb5-420f11337ff10e725c67ecfc5be4e4442b62c82c.zip | |
Merge remote-tracking branch 'origin/master' into f17
| -rw-r--r-- | 2012-001-patch.txt | 61 | ||||
| -rw-r--r-- | krb5.spec | 31 |
2 files changed, 88 insertions, 4 deletions
diff --git a/2012-001-patch.txt b/2012-001-patch.txt new file mode 100644 index 0000000..938b565 --- /dev/null +++ b/2012-001-patch.txt @@ -0,0 +1,61 @@ +diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c +index 23623fe..8ada9d0 100644 +--- a/src/kdc/do_as_req.c ++++ b/src/kdc/do_as_req.c +@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, + krb5_enctype useenctype; + struct as_req_state *state; + +- state = malloc(sizeof(*state)); ++ state = calloc(sizeof(*state), 1); + if (!state) { + (*respond)(arg, ENOMEM, NULL); + return; +@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, + state->authtime = 0; + state->c_flags = 0; + state->req_pkt = req_pkt; ++ state->inner_body = NULL; + state->rstate = NULL; + state->sname = 0; + state->cname = 0; +diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c +index 9d8cb34..d4ece3f 100644 +--- a/src/kdc/kdc_preauth.c ++++ b/src/kdc/kdc_preauth.c +@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request, + continue; + + } +- if (request_contains_enctype(context, request, db_etype)) { ++ if (krb5_is_permitted_enctype(context, db_etype) && ++ request_contains_enctype(context, request, db_etype)) { + retval = _make_etype_info_entry(context, client->princ, + client_key, db_etype, + &entry[i], etype_info2); +diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c +index a43b291..94dad3a 100644 +--- a/src/kdc/kdc_util.c ++++ b/src/kdc/kdc_util.c +@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, + return 0; + pa.magic = KV5M_PA_DATA; + pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; ++ memset(&checksum, 0, sizeof(checksum)); + retval = krb5_c_make_checksum(kdc_context,0, reply_key, + KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum); + if (retval != 0) +diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c +index c4bf92e..367c894 100644 +--- a/src/lib/kdb/kdb_default.c ++++ b/src/lib/kdb/kdb_default.c +@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) + krb5_boolean saw_non_permitted = FALSE; + + ret = 0; ++ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype)) ++ return KRB5_KDB_NO_PERMITTED_KEY; ++ + if (kvno == -1 && stype == -1 && ktype == -1) + kvno = 0; + @@ -11,16 +11,16 @@ %global WITH_SYSVERTO 0 %endif %if 0%{?fedora} >= 17 || 0%{?rhel} > 6 -%global no_separate_usr 1 +%global separate_usr 0 %else -%global no_separate_usr 0 +%global separate_usr 1 %endif %global gettext_domain mit-krb5 Summary: The Kerberos network authentication system Name: krb5 Version: 1.10.2 -Release: 3%{?dist} +Release: 5%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -69,6 +69,7 @@ Patch103: krb5-1.10-gcc47.patch Patch105: krb5-kvno-230379.patch Patch106: krb5-1.10.2-keytab-etype.patch Patch107: krb5-trunk-pkinit-anchorsign.patch +Patch108: http://web.mit.edu/kerberos/advisories/2012-001-patch.txt License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -247,6 +248,7 @@ ln -s NOTICE LICENSE %patch105 -p1 -b .kvno %patch106 -p1 -b .keytab-etype %patch107 -p1 -b .pkinit-anchorsign +%patch108 -p1 -b .2012-001 rm src/lib/krb5/krb/deltat.c gzip doc/*.ps @@ -441,7 +443,7 @@ make -C src DESTDIR=$RPM_BUILD_ROOT EXAMPLEDIR=%{_docdir}/krb5-libs-%{version}/e # list of link flags, and it helps prevent file conflicts on multilib systems. sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config -%if %{no_separate_usr} +%if %{separate_usr} # Move specific libraries from %{_libdir} to /%{_lib}, and fixup the symlinks. touch $RPM_BUILD_ROOT/rootfile rellibdir=.. @@ -684,14 +686,25 @@ exit 0 /%{_mandir}/man5/k5identity.5* /%{_mandir}/man5/k5login.5* /%{_mandir}/man5/krb5.conf.5* +%if %{separate_usr} /%{_lib}/libgssapi_krb5.so.* /%{_lib}/libgssrpc.so.* /%{_lib}/libk5crypto.so.* +%else +%{_libdir}/libgssapi_krb5.so.* +%{_libdir}/libgssrpc.so.* +%{_libdir}/libk5crypto.so.* +%endif %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkdb5.so.* +%if %{separate_usr} /%{_lib}/libkrb5.so.* /%{_lib}/libkrb5support.so.* +%else +%{_libdir}/libkrb5.so.* +%{_libdir}/libkrb5support.so.* +%endif %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/* @@ -755,6 +768,16 @@ exit 0 %{_sbindir}/uuserver %changelog +* Tue Jul 31 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-5 +- add upstream patch to fix freeing an uninitialized pointer and dereferencing + another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014 + and CVE-2012-1015, #838012) +- fix a thinko in whether or not we mess around with devel .so symlinks on + systems without a separate /usr (sbose) + +* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Fri Jun 22 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-3 - backport a fix to allow a PKINIT client to handle SignedData from a KDC that's signed with a certificate that isn't in the SignedData, but which |