diff options
author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-01-15 20:24:36 +0000 |
---|---|---|
committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-01-15 20:24:36 +0000 |
commit | da536a59743f4cdc85f30be14fd26e642eba5e44 (patch) | |
tree | 5b2a00d22cf2ae7ea107a280952ea9e2a6042e52 | |
parent | 2baf72c02fb2833535a3a8b6b7036200f37a3a96 (diff) | |
download | krb5-da536a59743f4cdc85f30be14fd26e642eba5e44.tar.gz krb5-da536a59743f4cdc85f30be14fd26e642eba5e44.tar.xz krb5-da536a59743f4cdc85f30be14fd26e642eba5e44.zip |
- krb5_get_init_creds_password: check opte->flags instead of options->flags
when checking whether or not we get to use the prompter callback
(#555875)
-rw-r--r-- | krb5-1.7-opte.patch | 14 | ||||
-rw-r--r-- | krb5.spec | 8 |
2 files changed, 21 insertions, 1 deletions
diff --git a/krb5-1.7-opte.patch b/krb5-1.7-opte.patch new file mode 100644 index 0000000..538a19e --- /dev/null +++ b/krb5-1.7-opte.patch @@ -0,0 +1,14 @@ +Check opte->flags instead of options->flags, because we know that opte has +been initialized to the library defaults if options was NULL. +diff -up krb5-1.7/src/lib/krb5/krb/gic_pwd.c krb5-1.7/src/lib/krb5/krb/gic_pwd.c +--- krb5-1.7/src/lib/krb5/krb/gic_pwd.c 2010-01-15 15:07:52.000000000 -0500 ++++ krb5-1.7/src/lib/krb5/krb/gic_pwd.c 2010-01-15 15:07:56.000000000 -0500 +@@ -200,7 +200,7 @@ krb5_get_init_creds_password(krb5_contex + * to prompt. Prompting is only disabled if the option has been set + * and the value has been set to false. + */ +- if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) ++ if (!(opte->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) + goto cleanup; + + /* ok, we have an expired password. Give the user a few chances @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7 -Release: 19%{?dist} +Release: 20%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar Source0: krb5-%{version}.tar.gz @@ -84,6 +84,7 @@ Patch91: krb5-1.7-spnego-deleg.patch Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt Patch93: krb5-1.7-create_on_load.patch Patch94: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt +Patch95: krb5-1.7-opte.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -222,6 +223,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Fri Jan 15 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-20 +- krb5_get_init_creds_password: check opte->flags instead of options->flags + when checking whether or not we get to use the prompter callback (#555875) + * Thu Jan 14 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-19 - use portreserve to make sure the KDC can always bind to the kerberos-iv port, kpropd can always bind to the krb5_prop port, and that kadmind can @@ -1556,6 +1561,7 @@ popd %patch92 -p1 -b .2009-003 %patch93 -p1 -b .create_on_load %patch94 -p0 -b .2009-004 +%patch95 -p1 -b .opte gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex |