diff options
| -rw-r--r-- | krb5-1.7.1-kpasswd_ccache.patch | 32 | ||||
| -rw-r--r-- | krb5.spec | 8 |
2 files changed, 39 insertions, 1 deletions
diff --git a/krb5-1.7.1-kpasswd_ccache.patch b/krb5-1.7.1-kpasswd_ccache.patch new file mode 100644 index 0000000..959c6ee --- /dev/null +++ b/krb5-1.7.1-kpasswd_ccache.patch @@ -0,0 +1,32 @@ +If we encounter any errors reading the user's principal name from the default +ccache, fall back to the default of using the current user's name. +--- krb5/src/clients/kpasswd/kpasswd.c ++++ krb5/src/clients/kpasswd/kpasswd.c +@@ -84,21 +84,23 @@ int main(int argc, char *argv[]) + exit(1); + } + } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) { ++ princ = NULL; ++ + if (ret) { + com_err(argv[0], ret, "opening default ccache"); +- exit(1); + } ++ else + + if ((ret = krb5_cc_get_principal(context, ccache, &princ))) { + com_err(argv[0], ret, "getting principal from ccache"); +- exit(1); + } ++ else + + if ((ret = krb5_cc_close(context, ccache))) { + com_err(argv[0], ret, "closing ccache"); +- exit(1); + } +- } else { ++ } ++ if (princ == NULL) { + get_name_from_passwd_file(argv[0], context, &princ); + } + @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7.1 -Release: 2%{?dist} +Release: 3%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -85,6 +85,7 @@ Patch93: krb5-1.7-create_on_load.patch Patch95: krb5-1.7-opte.patch Patch96: krb5-1.7-exp_warn.patch Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt +Patch98: krb5-1.7.1-kpasswd_ccache.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -223,6 +224,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Wed Feb 17 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-3 +- pull up the change to make kpasswd's behavior better match the docs + when there's no ccache (#563431) + * Tue Feb 16 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-2 - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, #566002) @@ -1588,6 +1593,7 @@ popd %patch95 -p1 -b .opte %patch96 -p1 -b .exp_warn %patch97 -p1 -b .2010-001 +%patch98 -p1 -b .kpasswd-ccache gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex |