From 517a34ae6cb909b7d00215efa702257bb9461e3ab142470fb7db79ed5aafadd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 2 Aug 2024 15:14:31 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main krb5 revision 359cd3b1e0d86779682f96066cf143d2 --- 0009-Fix-three-memory-leaks.patch | 43 ------------------------------- krb5-1.21.2.tar.gz | 3 --- krb5-1.21.2.tar.gz.asc | 16 ------------ krb5-1.21.3.tar.gz | 3 +++ krb5-1.21.3.tar.gz.asc | 16 ++++++++++++ krb5-mini.changes | 19 ++++++++++++++ krb5-mini.spec | 3 ++- krb5.changes | 11 ++++++++ krb5.spec | 2 +- 9 files changed, 52 insertions(+), 64 deletions(-) delete mode 100644 krb5-1.21.2.tar.gz delete mode 100644 krb5-1.21.2.tar.gz.asc create mode 100644 krb5-1.21.3.tar.gz create mode 100644 krb5-1.21.3.tar.gz.asc diff --git a/0009-Fix-three-memory-leaks.patch b/0009-Fix-three-memory-leaks.patch index 355cddc..49ffd73 100644 --- a/0009-Fix-three-memory-leaks.patch +++ b/0009-Fix-three-memory-leaks.patch @@ -1,46 +1,3 @@ -From 2aaffa96269b56fe09abf81851c40c9c4a3587f0 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Tue, 5 Mar 2024 17:38:49 -0500 -Subject: [PATCH 1/2] Fix leak in KDC NDR encoding - -If the KDC tries to encode a principal containing encode invalid UTF-8 -sequences for inclusion in a PAC delegation info buffer, it will leak -a small amount of memory in enc_wchar_pointer() before failing. Fix -the leak. - -ticket: 9115 (new) -tags: pullup -target_version: 1.21-next - -(cherry picked from commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe) ---- - src/kdc/ndr.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c -index 48395abe52..d438408ee2 100644 ---- a/src/kdc/ndr.c -+++ b/src/kdc/ndr.c -@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out) - size_t utf16len, num_wchars; - uint8_t *utf16; - -- k5_buf_init_dynamic(&b); -- - ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len); - if (ret) - return ret; - - num_wchars = utf16len / 2; - -+ k5_buf_init_dynamic(&b); - k5_buf_add_uint32_le(&b, num_wchars + 1); - k5_buf_add_uint32_le(&b, 0); - k5_buf_add_uint32_le(&b, num_wchars); --- -2.44.0 - - From 489deee29f427f22e2a26de729319bdb70819c37 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 5 Mar 2024 19:53:07 -0500 diff --git a/krb5-1.21.2.tar.gz b/krb5-1.21.2.tar.gz deleted file mode 100644 index b66c0e8..0000000 --- a/krb5-1.21.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491 -size 8622513 diff --git a/krb5-1.21.2.tar.gz.asc b/krb5-1.21.2.tar.gz.asc deleted file mode 100644 index a3d76fd..0000000 --- a/krb5-1.21.2.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmTbET4ACgkQDLoIV1+D -ct8zBQ/+LugwKy9Y9b3lVaLxPM/qxntLi4Bq5C2GVQ+bED7YCvUiL8aIzJbuTVpf -GLWLtVuf6vxKz2V17JKOluVMqRDBZDexHZv9EvVjhanqMpvV32tSa60HF4e7lER+ -3iP/bIjSi2U9ixOcNICNnK2DeFGY601C1KT4cLs3H76pfb1miPItm7p79UNicz1o -V6KgG0J5F4ktYiTonb0TXYdCAvY/3ROEYwmmRpCjtkBCzTdr9tVXU0n6Yc0wsfBD -AXkyqlUhisMWxqGrLZMnkIx3LA83nMHG8nY/doqOYzKuE9a4cBe69+Bl6e9NRY7G -ysD2J1cZ2imCYoalUcxrLfnd3fwPpcrlnuwH5DKJtcJGEUNwydjyWZeMl87pbhb1 -lOggcn8DL6l3vqBpkTBE4IQw3s+B1+BylpjXBsvzxGYHerpffIqsHzHywguiJutT -bkP5ktjZ0QHAZ6PYA6NleGjPbBg/Jeywg1Mjrx+2IdBAYnS0KtTSa72Zqqb8eGmQ -iCVpy9gK7zX7UCLm33M6HVtC9ffJ4vajcShk25u8uKuomTQgK3lGoN0wX55OE+sO -AkMSuFxPNsNheMI53Zjutc4NzEscy09G8VxHwGqcEwD+NF7+2GpPuOq9ot9nH+Jd -xoVYjhqxeb5Uq6lgp0B8sILLqwg1+gEXWdA+rR5Tx+ykv8HESxg= -=aMVp ------END PGP SIGNATURE----- diff --git a/krb5-1.21.3.tar.gz b/krb5-1.21.3.tar.gz new file mode 100644 index 0000000..b00a46e --- /dev/null +++ b/krb5-1.21.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35 +size 9136145 diff --git a/krb5-1.21.3.tar.gz.asc b/krb5-1.21.3.tar.gz.asc new file mode 100644 index 0000000..2da42a5 --- /dev/null +++ b/krb5-1.21.3.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmZ8eHkACgkQDLoIV1+D +ct//gw//bmvy6zXbKL6epNaExVgRdqzfQWm6WqeyGNxg59BQyJwsRsArsQRbSTZl +uUExbV4HDTI/SemnYT8MfNOUtGZBCcAMYUr79Zmwi9S2pc30ZHIGcOf5E7HvIj6y +ZZUvddoxWvxpruCuJHb9dP4ZUPE0iU2rJnLsXR/H4E574WlrWBjXu3gimLen7+yg +aCLxIvw6lk4f/X8l+aqbK+haWHwMnca+kWSPbmL2iblHVqmoJVEmWhy7/9WjiT5S +5HhDJIObO2qn1pbE1ZTQqfGOfFgOUVxTl2myMxX1RXEDVFzdLDdnoUJRt4o4GG27 +Y0WfLtmN6NisVF91dkl2+F7js+xVI3m9uZnpeccKO2Uq6BQRrfOMWUAHVKMUJZjh +h0GMeTzOhw7qGKitAiuhauyDMMTgMx78bC0DpLYtq24fp7BSvD0jNZnfjUXVCk8D +al9cfxC5m843aKiJ01Of13PziZsTQFz/TUsOrcpx4h7+qY7nldrovkQBiyVbbtn4 +MncYq8d84G/0vsbJ/6ftJ6Y+OL20jyzfC5xgmKtK/y1D987aum2BSudISUCylOOt +j5/KiTRe0rWUjBNtoCjrtw4xlSbygmjuiE/xtcow0CHXDtMjlo8PrDi8W+xccBv2 +zQ2B+e9ywkF4uC/M91s/bVSMkOtxv2JCoUUHOMF4ku5vzKSOhyk= +=TH0A +-----END PGP SIGNATURE----- diff --git a/krb5-mini.changes b/krb5-mini.changes index 851675e..b17e384 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon Jul 1 07:50:59 UTC 2024 - Samuel Cabrero + +- Update to 1.21.3 + * Fix vulnerabilities in GSS message token handling: + * CVE-2024-37370, bsc#1227186 + * CVE-2024-37371, bsc#1227187 + * Fix a potential bad pointer free in krb5_cccol_have_contents() + * Fix a memory leak in the macOS ccache type +- Update patch 0009-Fix-three-memory-leaks.patch + +------------------------------------------------------------------- +Fri Mar 22 09:19:41 UTC 2024 - Samuel Cabrero + +- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch + * CVE-2024-26458, bsc#1220770 + * CVE-2024-26461, bsc#1220771 + * CVE-2024-26462, bsc#1220772 + ------------------------------------------------------------------- Thu Feb 29 10:07:57 UTC 2024 - Pedro Monreal diff --git a/krb5-mini.spec b/krb5-mini.spec index 043f32b..ef38d77 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -24,7 +24,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version: 1.21.2 +Version: 1.21.3 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT @@ -44,6 +44,7 @@ Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch +Patch9: 0009-Fix-three-memory-leaks.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: pkgconfig diff --git a/krb5.changes b/krb5.changes index 3c61f2b..295ac13 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Jul 1 07:50:59 UTC 2024 - Samuel Cabrero + +- Update to 1.21.3 + * Fix vulnerabilities in GSS message token handling: + * CVE-2024-37370, bsc#1227186 + * CVE-2024-37371, bsc#1227187 + * Fix a potential bad pointer free in krb5_cccol_have_contents() + * Fix a memory leak in the macOS ccache type +- Update patch 0009-Fix-three-memory-leaks.patch + ------------------------------------------------------------------- Mon May 13 14:06:29 UTC 2024 - Andreas Schneider diff --git a/krb5.spec b/krb5.spec index 9fa1974..bcd2217 100644 --- a/krb5.spec +++ b/krb5.spec @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version: 1.21.2 +Version: 1.21.3 Release: 0 Summary: MIT Kerberos5 implementation License: MIT