From 6580e8c91af9836a7eff71981b0624f1c6dd51640ca27e3c968789d88f5110a1 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Thu, 17 Nov 2022 16:22:59 +0000 Subject: [PATCH] Accepting request 1036182 from home:scabrero:branches:network - Update to 1.20.1; (bsc#1205126); (CVE-2022-42898); * Fix integer overflows in PAC parsing [CVE-2022-42898]. * Fix null deref in KDC when decoding invalid NDR. * Fix memory leak in OTP kdcpreauth module. * Fix PKCS11 module path search. - Update to 1.20.1; (bsc#1205126); (CVE-2022-42898); * Fix integer overflows in PAC parsing [CVE-2022-42898]. * Fix null deref in KDC when decoding invalid NDR. * Fix memory leak in OTP kdcpreauth module. * Fix PKCS11 module path search. OBS-URL: https://build.opensuse.org/request/show/1036182 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=262 --- krb5-1.20.1.tar.gz | 3 +++ krb5-1.20.1.tar.gz.asc | 16 ++++++++++++++++ krb5-1.20.tar.gz | 3 --- krb5-1.20.tar.gz.asc | 16 ---------------- krb5-mini.changes | 9 +++++++++ krb5-mini.spec | 2 +- krb5.changes | 9 +++++++++ krb5.spec | 2 +- 8 files changed, 39 insertions(+), 21 deletions(-) create mode 100644 krb5-1.20.1.tar.gz create mode 100644 krb5-1.20.1.tar.gz.asc delete mode 100644 krb5-1.20.tar.gz delete mode 100644 krb5-1.20.tar.gz.asc diff --git a/krb5-1.20.1.tar.gz b/krb5-1.20.1.tar.gz new file mode 100644 index 0000000..aad5861 --- /dev/null +++ b/krb5-1.20.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851 +size 8661660 diff --git a/krb5-1.20.1.tar.gz.asc b/krb5-1.20.1.tar.gz.asc new file mode 100644 index 0000000..8f477a9 --- /dev/null +++ b/krb5-1.20.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNvED8ACgkQDLoIV1+D +ct9uKw/8C5GS8mdh335lB+bkfjYYCZLD+oQToDAAbdCddrIcuLftvnTfXJ8cMtMc +UT2hsp8u7ZupjJRevdhaH7fFwomc0V8iSES5J2cQHTNd9aK93j/W6NaMoqWLrQWg +jx99oqLn7orvp8N5RufEQcNMNWhFIX4XSfrA3vPfHbbffA2vkjJzOGno4UHi8zUn +6nye7jbrBpiQIeFIJSS3VPsvGrKdRgb9BqGTUsqPIuFvr3Qvo42lKr5X8CWYSXjK +0aKlOpfbWdkteEe2o84/wyMpuGvmYkmOgaMB5xQ3jfEuvPNAWX2CWHNDamiqwBT/ +YxwhZimNa1B9r3P1yDHvpUu8cJaRzw2UDRi2f3Kztrmn2jlqzmoZ31WBALJA7lmL +SrVFdXi7AcWwppMp1kbe9SvurCXID8/Q4n+qAdzSvqrXbeWerVUkdYFvtxQ1bMJR +jnqN11iZFYaoCaaR2lFEhjoMdR80jUa2m6vdF7a7xhH1UvuPHDnzLT9X/TiPvx0R +Itrp5MMIrUQHcZUL9hM5hrg3nxEsGsSCnjB0zWDmgXdLGwd4CvcOF4HPQR3BBlEH +CLtAa27bBXMJTYVvmmKt06hw+U3ALDfUlFrV6ZNLr9ug69l29n7JoChAbZ97Hx1m +twPwJpKd8AiUz+j3KCfgGU21qMbHNP3jEn3q9tkq0qcs/z7RCmU= +=1WIq +-----END PGP SIGNATURE----- diff --git a/krb5-1.20.tar.gz b/krb5-1.20.tar.gz deleted file mode 100644 index ba94426..0000000 --- a/krb5-1.20.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7e022bdd3c851830173f9faaa006a230a0e0fdad4c953e85bff4bf0da036e12f -size 8660756 diff --git a/krb5-1.20.tar.gz.asc b/krb5-1.20.tar.gz.asc deleted file mode 100644 index 3c411f0..0000000 --- a/krb5-1.20.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmKO3iYACgkQDLoIV1+D -ct/OCxAAvGE7Qi/GMlft3t56wK4FwIwENHJ7cnDJw1tkah94zO3hytphYqvCMSu/ -9OnLOynuI/XEU518avHdk5eqWI0oe2XRLbAfXuXH0Uccyun2kP/H5Smvw2JVxiOO -O5DhhMXvjB/ifpfK3u12RFSBHEZsxV79eeVAgQV3LPyokceHH3uOeAlMPYAgzmnp -0drDTYIErmlxhUxGUWvVvckz5wOR8TXt4nKJ2+zixBeOYQu1WZ+WJLlc4nVG4e/I -3otns5aYPPbPMSDq3BZeaUCYqjxMJ0LgqFRZMJGAAeE9HR3tmxhfUMpAQnQgc/MZ -6Nf3rrCj5AETZ2CtiTcKoICEa6MDG4CYhGMIW9R+5eQke1Oq+V9NVu3RdaD0R4rq -snMYk69zF/QhiSOK3ulRm+t8RHAquDimpFlpMinl0DbK5h+A/kgfC7fyfxEHe1dj -H2vCj946LNS2OgqJ5WbV867Fk7+unP0AZ1cy3+hedODRjqNfcu1MuLhxs/e0eLy5 -MmBDSZtJc27IVEs1IUntBy14WuJt3csjGb0jzMnWrbDcjvWAGC5yV4b5HfvZvOt8 -E2HCVWMycTuNFZHgtITqvmb2tYOc9bSOYUCRp7clCn9vvFtAKKzZiGzUsnyshLqq -N6a1sTudU9otnIR52+K5v1rLlChS2UlIek0Nj6ejlTcTk9Go6aw= -=z5Ek ------END PGP SIGNATURE----- diff --git a/krb5-mini.changes b/krb5-mini.changes index 935783d..fa2ebd7 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Nov 16 07:49:09 UTC 2022 - Samuel Cabrero + +- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898); + * Fix integer overflows in PAC parsing [CVE-2022-42898]. + * Fix null deref in KDC when decoding invalid NDR. + * Fix memory leak in OTP kdcpreauth module. + * Fix PKCS11 module path search. + ------------------------------------------------------------------- Sun May 29 19:14:02 UTC 2022 - Dirk Müller diff --git a/krb5-mini.spec b/krb5-mini.spec index f5b922c..3ac203c 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -24,7 +24,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version: 1.20 +Version: 1.20.1 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT diff --git a/krb5.changes b/krb5.changes index dfd868e..07400eb 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Nov 16 07:49:09 UTC 2022 - Samuel Cabrero + +- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898); + * Fix integer overflows in PAC parsing [CVE-2022-42898]. + * Fix null deref in KDC when decoding invalid NDR. + * Fix memory leak in OTP kdcpreauth module. + * Fix PKCS11 module path search. + ------------------------------------------------------------------- Sun May 29 19:14:02 UTC 2022 - Dirk Müller diff --git a/krb5.spec b/krb5.spec index 4035ca4..2736110 100644 --- a/krb5.spec +++ b/krb5.spec @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version: 1.20 +Version: 1.20.1 Release: 0 Summary: MIT Kerberos5 implementation License: MIT