SLFO-pool/krb5
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main krb5 revision 359cd3b1e0d86779682f96066cf143d2

Browse Source
This commit is contained in:
Adrian Schröter 2024-08-02 15:14:31 +02:00
parent 07bc48df51
commit 517a34ae6c
9 changed files with 52 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0009-Fix-three-memory-leaks.patch
View File

@ -1,46 +1,3 @@
From 2aaffa96269b56fe09abf81851c40c9c4a3587f0 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 5 Mar 2024 17:38:49 -0500
Subject: [PATCH 1/2] Fix leak in KDC NDR encoding
If the KDC tries to encode a principal containing encode invalid UTF-8
sequences for inclusion in a PAC delegation info buffer, it will leak
a small amount of memory in enc_wchar_pointer() before failing. Fix
the leak.
ticket: 9115 (new)
tags: pullup
target_version: 1.21-next
(cherry picked from commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe)
---
src/kdc/ndr.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c
index 48395abe52..d438408ee2 100644
--- a/src/kdc/ndr.c
+++ b/src/kdc/ndr.c
@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out)
size_t utf16len, num_wchars;
uint8_t *utf16;
- k5_buf_init_dynamic(&b);
-
ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len);
if (ret)
return ret;
num_wchars = utf16len / 2;
+ k5_buf_init_dynamic(&b);
k5_buf_add_uint32_le(&b, num_wchars + 1);
k5_buf_add_uint32_le(&b, 0);
k5_buf_add_uint32_le(&b, num_wchars);
--
2.44.0
From 489deee29f427f22e2a26de729319bdb70819c37 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 5 Mar 2024 19:53:07 -0500

BIN
krb5-1.21.2.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
krb5-1.21.2.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmTbET4ACgkQDLoIV1+D
ct8zBQ/+LugwKy9Y9b3lVaLxPM/qxntLi4Bq5C2GVQ+bED7YCvUiL8aIzJbuTVpf
GLWLtVuf6vxKz2V17JKOluVMqRDBZDexHZv9EvVjhanqMpvV32tSa60HF4e7lER+
3iP/bIjSi2U9ixOcNICNnK2DeFGY601C1KT4cLs3H76pfb1miPItm7p79UNicz1o
V6KgG0J5F4ktYiTonb0TXYdCAvY/3ROEYwmmRpCjtkBCzTdr9tVXU0n6Yc0wsfBD
AXkyqlUhisMWxqGrLZMnkIx3LA83nMHG8nY/doqOYzKuE9a4cBe69+Bl6e9NRY7G
ysD2J1cZ2imCYoalUcxrLfnd3fwPpcrlnuwH5DKJtcJGEUNwydjyWZeMl87pbhb1
lOggcn8DL6l3vqBpkTBE4IQw3s+B1+BylpjXBsvzxGYHerpffIqsHzHywguiJutT
bkP5ktjZ0QHAZ6PYA6NleGjPbBg/Jeywg1Mjrx+2IdBAYnS0KtTSa72Zqqb8eGmQ
iCVpy9gK7zX7UCLm33M6HVtC9ffJ4vajcShk25u8uKuomTQgK3lGoN0wX55OE+sO
AkMSuFxPNsNheMI53Zjutc4NzEscy09G8VxHwGqcEwD+NF7+2GpPuOq9ot9nH+Jd
xoVYjhqxeb5Uq6lgp0B8sILLqwg1+gEXWdA+rR5Tx+ykv8HESxg=
=aMVp
-----END PGP SIGNATURE-----

BIN
krb5-1.21.3.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
krb5-1.21.3.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmZ8eHkACgkQDLoIV1+D
ct//gw//bmvy6zXbKL6epNaExVgRdqzfQWm6WqeyGNxg59BQyJwsRsArsQRbSTZl
uUExbV4HDTI/SemnYT8MfNOUtGZBCcAMYUr79Zmwi9S2pc30ZHIGcOf5E7HvIj6y
ZZUvddoxWvxpruCuJHb9dP4ZUPE0iU2rJnLsXR/H4E574WlrWBjXu3gimLen7+yg
aCLxIvw6lk4f/X8l+aqbK+haWHwMnca+kWSPbmL2iblHVqmoJVEmWhy7/9WjiT5S
5HhDJIObO2qn1pbE1ZTQqfGOfFgOUVxTl2myMxX1RXEDVFzdLDdnoUJRt4o4GG27
Y0WfLtmN6NisVF91dkl2+F7js+xVI3m9uZnpeccKO2Uq6BQRrfOMWUAHVKMUJZjh
h0GMeTzOhw7qGKitAiuhauyDMMTgMx78bC0DpLYtq24fp7BSvD0jNZnfjUXVCk8D
al9cfxC5m843aKiJ01Of13PziZsTQFz/TUsOrcpx4h7+qY7nldrovkQBiyVbbtn4
MncYq8d84G/0vsbJ/6ftJ6Y+OL20jyzfC5xgmKtK/y1D987aum2BSudISUCylOOt
j5/KiTRe0rWUjBNtoCjrtw4xlSbygmjuiE/xtcow0CHXDtMjlo8PrDi8W+xccBv2
zQ2B+e9ywkF4uC/M91s/bVSMkOtxv2JCoUUHOMF4ku5vzKSOhyk=
=TH0A
-----END PGP SIGNATURE-----

19
krb5-mini.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Mon Jul 1 07:50:59 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
-------------------------------------------------------------------
Fri Mar 22 09:19:41 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
-------------------------------------------------------------------
Thu Feb 29 10:07:57 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

3
krb5-mini.spec
View File

@ -24,7 +24,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: krb5-mini
Version: 1.21.2
Version: 1.21.3
Release: 0
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
License: MIT
@ -44,6 +44,7 @@ Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch
Patch6: 0006-krb5-1.12-api.patch
Patch7: 0007-SELinux-integration.patch
Patch8: 0008-krb5-1.9-debuginfo.patch
Patch9: 0009-Fix-three-memory-leaks.patch
BuildRequires: autoconf
BuildRequires: bison
BuildRequires: pkgconfig

11
krb5.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Mon Jul 1 07:50:59 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
-------------------------------------------------------------------
Mon May 13 14:06:29 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>

2
krb5.spec
View File

@ -21,7 +21,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: krb5
Version: 1.21.2
Version: 1.21.3
Release: 0
Summary: MIT Kerberos5 implementation
License: MIT