diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2011-11-30 15:03:53 -0500 |
---|---|---|
committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2011-11-30 15:03:53 -0500 |
commit | d161b26c4183f46f10e84965511fc930a28caa56 (patch) | |
tree | 568edea0ee1e6c34a7931ad3db87c9479aefef72 | |
parent | 10814235e4eadcb2b99ab9f32e481df9607835a0 (diff) | |
download | krb5-d161b26c4183f46f10e84965511fc930a28caa56.tar.gz krb5-d161b26c4183f46f10e84965511fc930a28caa56.tar.xz krb5-d161b26c4183f46f10e84965511fc930a28caa56.zip |
- correct a bug in the fix for #754001 so that the file creation context is consistently resetkrb5-1.9.2-3.fc16
-rw-r--r-- | krb5-1.9-aes-hmac.patch | 12 | ||||
-rw-r--r-- | krb5-1.9-selinux-label.patch | 6 | ||||
-rw-r--r-- | krb5.spec | 12 |
3 files changed, 25 insertions, 5 deletions
diff --git a/krb5-1.9-aes-hmac.patch b/krb5-1.9-aes-hmac.patch new file mode 100644 index 0000000..0ab33f3 --- /dev/null +++ b/krb5-1.9-aes-hmac.patch @@ -0,0 +1,12 @@ +Early pull of the patch for RT#6994. +--- krb5/src/lib/crypto/krb/checksum/hmac_md5.c ++++ krb5/src/lib/crypto/krb/checksum/hmac_md5.c +@@ -61,7 +61,7 @@ krb5_error_code krb5int_hmacmd5_checksum + ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds); + if (ret) + goto cleanup; +- ks.length = key->keyblock.length; ++ ks.length = ds.length; + ks.contents = (krb5_octet *) ds.data; + keyblock = &ks; + } else /* For md5-hmac, just use the key. */ diff --git a/krb5-1.9-selinux-label.patch b/krb5-1.9-selinux-label.patch index 950254b..e149e93 100644 --- a/krb5-1.9-selinux-label.patch +++ b/krb5-1.9-selinux-label.patch @@ -501,7 +501,7 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c --- krb5-1.8/src/util/support/selinux.c.selinux-label 2010-03-05 10:57:23.000000000 -0500 +++ krb5-1.8/src/util/support/selinux.c 2010-03-05 10:57:23.000000000 -0500 -@@ -0,0 +1,374 @@ +@@ -0,0 +1,372 @@ +/* + * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved. + * @@ -742,9 +742,7 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup +krb5int_pop_fscreatecon(void *con) +{ + if (con != NULL) { -+ if (con != (void *) -1) { -+ pop_fscreatecon(con); -+ } ++ pop_fscreatecon((con == (void *) -1) ? NULL : con); + k5_mutex_unlock(&labeled_mutex); + } +} @@ -6,7 +6,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.9.2 -Release: 1%{?dist} +Release: 3%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -59,6 +59,7 @@ Patch84: krb5-1.9.1-sendto_poll.patch Patch86: krb5-1.9-debuginfo.patch Patch87: krb5-1.9.1-sendto_poll2.patch Patch89: krb5-1.9.1-sendto_poll3.patch +Patch90: krb5-1.9-aes-hmac.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -215,6 +216,7 @@ ln -s NOTICE LICENSE %patch86 -p0 -b .debuginfo %patch87 -p1 -b .sendto_poll2 %patch89 -p1 -b .sendto_poll3 +%patch90 -p1 -b .aes-hmac gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex @@ -693,6 +695,14 @@ exit 0 %{_sbindir}/uuserver %changelog +* Wed Nov 30 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-3 +- correct a bug in the fix for #754001 so that the file creation context is + consistently reset + +* Tue Nov 22 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-2 +- pull patch from trunk so that when computing an HMAC, we don't assume that + the HMAC output size is the same as the input key length (RT#6994, #756139) + * Wed Nov 15 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-1 - update to 1.9.2, incorporating the recent security update and some of the things we were previously backporting, among other fixes |