From 5dab1b263d524adbbf62f0ae358057c75d2cf89ca68bf9702db7323a80bc62ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Str=C3=B6der?= <michael@stroeder.com>
Date: Fri, 4 May 2018 11:22:34 +0000
Subject: [PATCH] Accepting request 603974 from home:stroeder:branches:network

Security fixes in release 1.15.3

OBS-URL: https://build.opensuse.org/request/show/603974
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=206
---
 krb5-1.15.2.tar.gz     |  3 ---
 krb5-1.15.2.tar.gz.asc | 17 -----------------
 krb5-1.15.3.tar.gz     |  3 +++
 krb5-1.15.3.tar.gz.asc | 17 +++++++++++++++++
 krb5-mini.changes      | 17 +++++++++++++++++
 krb5-mini.spec         |  4 ++--
 krb5.changes           | 17 +++++++++++++++++
 krb5.spec              |  2 +-
 8 files changed, 57 insertions(+), 23 deletions(-)
 delete mode 100644 krb5-1.15.2.tar.gz
 delete mode 100644 krb5-1.15.2.tar.gz.asc
 create mode 100644 krb5-1.15.3.tar.gz
 create mode 100644 krb5-1.15.3.tar.gz.asc

diff --git a/krb5-1.15.2.tar.gz b/krb5-1.15.2.tar.gz
deleted file mode 100644
index 118cbc3..0000000
--- a/krb5-1.15.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1639e392edf25e3b6cfec2ae68f97eb53e07c2dbe74bfeede0108465d5d1c87e
-size 9380755
diff --git a/krb5-1.15.2.tar.gz.asc b/krb5-1.15.2.tar.gz.asc
deleted file mode 100644
index 29a77ee..0000000
--- a/krb5-1.15.2.tar.gz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIVAwUAWckx/Ay6CFdfg3LfAQJRSxAArp+ozTwvfosjtqbJ+jZzfSD3xebTyukh
-fhjXn+LJ5u8M2KDrWW8rS2ko31nI4vi+ETR6EGLedb0LvSADh4OQIMCsAAm8mPSk
-XVZwZ/xsHiHX8eX9gMjjn9ZViBK8VGOtkJ9vLhCuuzMOk8ZF++LBLjtbBiDpqF1Y
-v7QMBO/Jt3oqHwd0ZcZguhMXnSxm7Q0+MQcFAOF8tUbQvLsdNR/R9hReA4sF0a3k
-bVFyPe0FlmroL3lgEw72VYIA4r7f/VOu3wXJD1XRm05C3Xg2O4YXyD3ejZInoOdf
-+X6qJ58vtSL5tuI40vqZZ9LikGOL937Xk4Etx0XhaP15GmUoolDq4x0n+uzq8X8w
-EE8xkNymmU4wWpxe3+e8vfQhmfSshVuOOVTYbrTgymow0WMUHsMkC1SCevblQ33m
-1EKWadzsWJZAxYcuIkV5hxEXWN9FBTArc/OYrh3BPOS/EZkgAGt9viX3UQYX/8qh
-dCalFN1WEzud3hFsKxlcy089K/fnMpZ41rCBAMlyhWW4gdYpDwIrVfZvtLdedEhL
-GROXd6bZD8HS7nVSu16jY+datD2PHsq2diqgBMAEIpcLArxTUyD0JrIdxERtjesE
-LwttH5KhPdUGsOL51aaZYdoVKwcxG5TLAR3WVFKZbxNy1euiSnQ3iU4MME/AxNmS
-gAXLEZR2JPU=
-=nYjU
------END PGP SIGNATURE-----
diff --git a/krb5-1.15.3.tar.gz b/krb5-1.15.3.tar.gz
new file mode 100644
index 0000000..348ed87
--- /dev/null
+++ b/krb5-1.15.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:92bb5b613e42c62e3b693cd68ba1ea185eb26d5dcc2d168fce17706c150bebab
+size 9386670
diff --git a/krb5-1.15.3.tar.gz.asc b/krb5-1.15.3.tar.gz.asc
new file mode 100644
index 0000000..57e34ad
--- /dev/null
+++ b/krb5-1.15.3.tar.gz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIVAwUAWutaxAy6CFdfg3LfAQJB8g/+NiCVQakhrLJt8AKwoSYM+MkDReKJNGur
+4XY8uI0zDfvWH+fK+6KyNvjV0C4tbzEU7dC4pydLaR+5ptW3vOpNTaWoYiJMpSZQ
+HnpCtlaeBFTVPX3EpqZxwnFyt/FJSAcxQMImSwgUWq2sn1ZG0TQ0cW4USclpkaHP
+wn4tbAzITy9qxp71KOlc+H+Xghfgp46GOHA6qWfNF0uhaxmYOrGh/WtHnWiN66Cs
+LIZHCzxPX8iKuJKKG+awyl1XBb+eSdTzkFCAOH3mWYyt6FHbDnSpGd9lILeomtjs
+fZ7l9YEy9lMxQuj1QV29nkI37+SiX2rNGGheNXwiriqgQxGrLxyQBfDwJEQJFIM4
+HWVLhFTtE7nko0UGLat2XpfHHRUVNsDFqOHw8yPcfYfsE0h4YKz6O7PO3t8GLrYs
+LOSXPSIqgAciKmChhAxOGvJOk89LAQJpe664Agp5dD41lYEzGp/UUDWLMArqEB4x
+hLKi5gXfKrrA+OBP007j15dJGwBhaE61xeBkmVI8Ds6kDAgmpNlTsNukOHvvlUOq
+C6+OJUUSLI9f0fnPSOz0W7JAQsdp2D+5dYrTU8JgzIKU5r8vO1pzKkM9oNSSUUIA
+Y9AMaZh8uBDlhzvGtWRgDnAn3y0g8Qjf5DcWHqNeWQrMOg7ekn0XutmepnGGvXHN
+56JVACsg3Zw=
+=SYgQ
+-----END PGP SIGNATURE-----
diff --git a/krb5-mini.changes b/krb5-mini.changes
index 60d040a..d51ca9e 100644
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri May  4 09:48:36 UTC 2018 - michael@stroeder.com
+
+- Upgrade to 1.15.3
+  * Fix flaws in LDAP DN checking, including a null dereference KDC
+    crash which could be triggered by kadmin clients with administrative
+    privileges [CVE-2018-5729, CVE-2018-5730].
+  * Fix a KDC PKINIT memory leak.
+  * Fix a small KDC memory leak on transited or authdata errors when
+    processing TGS requests.
+  * Fix a null dereference when the KDC sends a large TGS reply.
+  * Fix "kdestroy -A" with the KCM credential cache type.
+  * Fix the handling of capaths "." values.
+  * Fix handling of repeated subsection specifications in profile files
+    (such as when multiple included files specify relations in the same
+    subsection).
+
 -------------------------------------------------------------------
 Wed Apr 25 21:56:35 UTC 2018 - luizluca@gmail.com
 
diff --git a/krb5-mini.spec b/krb5-mini.spec
index cd7650c..e05e85d 100644
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@@ -21,7 +21,7 @@
   %define _fillupdir /var/adm/fillup-templates
 %endif
 
-%define srcRoot krb5-1.15.2
+%define srcRoot krb5-1.15.3
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
 
@@ -34,7 +34,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.15.2
+Version:        1.15.3
 Release:        0
 Summary:        MIT Kerberos5 implementation and libraries with minimal dependencies
 License:        MIT
diff --git a/krb5.changes b/krb5.changes
index 249ac9d..2501d58 100644
--- a/krb5.changes
+++ b/krb5.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri May  4 09:48:36 UTC 2018 - michael@stroeder.com
+
+- Upgrade to 1.15.3
+  * Fix flaws in LDAP DN checking, including a null dereference KDC
+    crash which could be triggered by kadmin clients with administrative
+    privileges [CVE-2018-5729, CVE-2018-5730].
+  * Fix a KDC PKINIT memory leak.
+  * Fix a small KDC memory leak on transited or authdata errors when
+    processing TGS requests.
+  * Fix a null dereference when the KDC sends a large TGS reply.
+  * Fix "kdestroy -A" with the KCM credential cache type.
+  * Fix the handling of capaths "." values.
+  * Fix handling of repeated subsection specifications in profile files
+    (such as when multiple included files specify relations in the same
+    subsection).
+
 -------------------------------------------------------------------
 Wed Apr 25 21:54:39 UTC 2018 - luizluca@gmail.com
 
diff --git a/krb5.spec b/krb5.spec
index 5757685..651c600 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -30,7 +30,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.15.2
+Version:        1.15.3
 Release:        0
 Summary:        MIT Kerberos5 implementation
 License:        MIT