diff options
| -rw-r--r-- | krb5-1.7.1-explife.patch | 28 | ||||
| -rw-r--r-- | krb5-trunk-explife.patch | 28 | ||||
| -rw-r--r-- | krb5.spec | 7 |
3 files changed, 33 insertions, 30 deletions
diff --git a/krb5-1.7.1-explife.patch b/krb5-1.7.1-explife.patch new file mode 100644 index 0000000..b6cf93d --- /dev/null +++ b/krb5-1.7.1-explife.patch @@ -0,0 +1,28 @@ +Rob Crittenden noticed that, in populate_krb5_db_entry(), key +expirations weren't being computed as expected. It turns out +that neither KDB_PRINC_EXPIRE_TIME_ATTR nor KDB_PWD_EXPIRE_TIME_ATTR +is defined to 1, so the check for their bits could never succeed as +written. RT#6762. + +Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +=================================================================== +--- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c (revision 24252) ++++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c (working copy) +@@ -2087,7 +2087,7 @@ + goto cleanup; + + if (attr_present == TRUE) { +- if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) { ++ if (mask & KDB_PRINC_EXPIRE_TIME_ATTR) { + if (expiretime < entry->expiration) + entry->expiration = expiretime; + } else { +@@ -2127,7 +2127,7 @@ + if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0) + goto cleanup; + +- if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) { ++ if (mask & KDB_PWD_EXPIRE_TIME_ATTR) { + if ((last_pw_changed + pw_max_life) < entry->pw_expiration) + entry->pw_expiration = last_pw_changed + pw_max_life; + } else diff --git a/krb5-trunk-explife.patch b/krb5-trunk-explife.patch deleted file mode 100644 index ddcf143..0000000 --- a/krb5-trunk-explife.patch +++ /dev/null @@ -1,28 +0,0 @@ -Rob Crittenden noticed that, in populate_krb5_db_entry(), key -expirations weren't being computed as expected. It turns out -that neither KDB_PRINC_EXPIRE_TIME_ATTR nor KDB_PWD_EXPIRE_TIME_ATTR -is defined to 1, so the check for their bits could never succeed as -written. RT#6762. - -Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -=================================================================== ---- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c (revision 24252) -+++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c (working copy) -@@ -2087,7 +2087,7 @@ - goto cleanup; - - if (attr_present == TRUE) { -- if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) { -+ if (mask & KDB_PRINC_EXPIRE_TIME_ATTR) { - if (expiretime < entry->expiration) - entry->expiration = expiretime; - } else { -@@ -2127,7 +2127,7 @@ - if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0) - goto cleanup; - -- if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) { -+ if (mask & KDB_PWD_EXPIRE_TIME_ATTR) { - if ((last_pw_changed + pw_max_life) < entry->pw_expiration) - entry->pw_expiration = last_pw_changed + pw_max_life; - } else @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7.1 -Release: 12%{?dist} +Release: 13%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -90,7 +90,7 @@ Patch100: 2010-002-1.7-patch.txt Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt Patch102: krb5-CVE-2010-1321-1.7.1.patch Patch103: krb5-1.7.1-24139.patch -Patch104: krb5-trunk-explife.patch +Patch104: krb5-1.7.1-explife.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -229,6 +229,9 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Wed Aug 25 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-13 +- adjust the last patch to apply properly to 1.7.1 + * Tue Aug 24 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-12 - fix a logic bug in computing key expiration times (RT#6762, #627022) |