From 0b6ebaab007ece723116e6726d957e0092dd4b1c Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Fri, 17 Jan 2014 09:59:39 -0500 Subject: Drop obsolete patch --- ...ster-ignore-empty-unnecessary-final-token.patch | 37 ---------------------- krb5.spec | 3 +- 2 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 krb5-master-ignore-empty-unnecessary-final-token.patch diff --git a/krb5-master-ignore-empty-unnecessary-final-token.patch b/krb5-master-ignore-empty-unnecessary-final-token.patch deleted file mode 100644 index 3ebb888..0000000 --- a/krb5-master-ignore-empty-unnecessary-final-token.patch +++ /dev/null @@ -1,37 +0,0 @@ -commit 37af638b742dbd642eb70092e4f7781c3f69d86d -Author: Greg Hudson -Date: Tue Dec 10 12:04:18 2013 -0500 - - Fix SPNEGO one-hop interop against old IIS - - IIS 6.0 and similar return a zero length reponse buffer in the last - SPNEGO packet when context initiation is performed without mutual - authentication. In this case the underlying Kerberos mechanism has - already completed successfully on the first invocation, and SPNEGO - does not expect a mech response token in the answer. If we get an - empty mech response token when the mech is complete during - negotiation, ignore it. - - [ghudson@mit.edu: small code style and commit message changes] - - ticket: 7797 (new) - target_version: 1.12.1 - tags: pullup - -diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c -index 3937662..d82934b 100644 ---- a/src/lib/gssapi/spnego/spnego_mech.c -+++ b/src/lib/gssapi/spnego/spnego_mech.c -@@ -760,6 +760,12 @@ init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, - map_errcode(minor_status); - ret = GSS_S_DEFECTIVE_TOKEN; - } -+ } else if ((*responseToken)->length == 0 && sc->mech_complete) { -+ /* Handle old IIS servers returning empty token instead of -+ * null tokens in the non-mutual auth case. */ -+ *negState = ACCEPT_COMPLETE; -+ *tokflag = NO_TOKEN_SEND; -+ ret = GSS_S_COMPLETE; - } else if (sc->mech_complete) { - /* Reject spurious mech token. */ - ret = GSS_S_DEFECTIVE_TOKEN; diff --git a/krb5.spec b/krb5.spec index 32b42bf..02309ba 100644 --- a/krb5.spec +++ b/krb5.spec @@ -90,7 +90,6 @@ Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch Patch129: krb5-1.11-run_user_0.patch Patch134: krb5-1.11-kpasswdtest.patch -Patch136: krb5-master-ignore-empty-unnecessary-final-token.patch Patch137: krb5-master-gss_oid_leak.patch Patch138: krb5-master-keytab_close.patch Patch139: krb5-1.12-copy_context.patch @@ -315,7 +314,6 @@ ln -s NOTICE LICENSE %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} %patch86 -p0 -b .debuginfo %patch105 -p1 -b .kvno -%patch136 -p1 -b .ignore-empty-unnecessary-final-token %patch137 -p1 -b .gss_oid_leak %patch138 -p1 -b .keytab_close %patch139 -p1 -b .copy_context @@ -979,6 +977,7 @@ exit 0 * Fri Jan 17 2014 Nalin Dahyabhai - 1.12.1-1 - update to 1.12.1 - drop patch for RT#7794, included now + - drop patch for RT#7797, included now * Mon Jan 13 2014 Nalin Dahyabhai - 1.12-11 - update the PIC patch for iaesx86.s to not use ELF relocations to the version -- cgit