This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
47047c041c
commit
c1c1df81b9
@ -1,7 +1,184 @@
|
||||
Index: src/clients/kvno/kvno.M
|
||||
===================================================================
|
||||
--- src/clients/kvno/kvno.M (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/clients/kvno/kvno.M (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -55,6 +55,15 @@
|
||||
specifies that Kerberos version 4 tickets should be acquired and
|
||||
described. This option is only available if Kerberos 4 support was
|
||||
enabled at compilation time.
|
||||
+.TP
|
||||
+.B \-S sname
|
||||
+specifies that krb5_sname_to_principal() will be used to build
|
||||
+principal names. If this flag is specified, the
|
||||
+.B service1 service2 ...
|
||||
+arguments are interpreted as hostnames (rather than principal names),
|
||||
+and
|
||||
+.B sname
|
||||
+is interpreted as the service name.
|
||||
.SH ENVIRONMENT
|
||||
.B Kvno
|
||||
uses the following environment variable:
|
||||
Index: src/clients/kvno/kvno.c
|
||||
===================================================================
|
||||
--- src/clients/kvno/kvno.c (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/clients/kvno/kvno.c (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -41,10 +41,10 @@
|
||||
{
|
||||
#ifdef KRB5_KRB4_COMPAT
|
||||
fprintf(stderr,
|
||||
- "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ...\n",
|
||||
+ "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab] [-S sname]] service1 service2 ...\n",
|
||||
prog);
|
||||
#else
|
||||
- fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] service1 service2 ...\n",
|
||||
+ fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] [-S sname] service1 service2 ...\n",
|
||||
prog);
|
||||
#endif
|
||||
exit(1);
|
||||
@@ -54,7 +54,8 @@
|
||||
|
||||
static void do_v4_kvno (int argc, char *argv[]);
|
||||
static void do_v5_kvno (int argc, char *argv[],
|
||||
- char *ccachestr, char *etypestr, char *keytab_name);
|
||||
+ char *ccachestr, char *etypestr, char *keytab_name,
|
||||
+ char *sname);
|
||||
|
||||
#include <com_err.h>
|
||||
static void extended_com_err_fn (const char *, errcode_t, const char *,
|
||||
@@ -64,6 +65,7 @@
|
||||
{
|
||||
int option;
|
||||
char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL;
|
||||
+ char *sname = NULL;
|
||||
int v4 = 0;
|
||||
|
||||
set_com_err_hook (extended_com_err_fn);
|
||||
@@ -71,7 +73,7 @@
|
||||
prog = strrchr(argv[0], '/');
|
||||
prog = prog ? (prog + 1) : argv[0];
|
||||
|
||||
- while ((option = getopt(argc, argv, "c:e:hk:q4")) != -1) {
|
||||
+ while ((option = getopt(argc, argv, "c:e:hk:q4S:")) != -1) {
|
||||
switch (option) {
|
||||
case 'c':
|
||||
ccachestr = optarg;
|
||||
@@ -91,6 +93,9 @@
|
||||
case '4':
|
||||
v4 = 1;
|
||||
break;
|
||||
+ case 'S':
|
||||
+ sname = optarg;
|
||||
+ break;
|
||||
default:
|
||||
xusage();
|
||||
break;
|
||||
@@ -103,10 +108,14 @@
|
||||
if ((ccachestr != NULL || etypestr != NULL || keytab_name != NULL) && v4)
|
||||
xusage();
|
||||
|
||||
+ if (sname != NULL && v4)
|
||||
+ xusage();
|
||||
+
|
||||
if (v4)
|
||||
do_v4_kvno(argc - optind, argv + optind);
|
||||
else
|
||||
- do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name);
|
||||
+ do_v5_kvno(argc - optind, argv + optind,
|
||||
+ ccachestr, etypestr, keytab_name, sname);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -172,7 +181,8 @@
|
||||
}
|
||||
|
||||
static void do_v5_kvno (int count, char *names[],
|
||||
- char * ccachestr, char *etypestr, char *keytab_name)
|
||||
+ char * ccachestr, char *etypestr, char *keytab_name,
|
||||
+ char *sname)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int i, errors;
|
||||
@@ -230,7 +240,13 @@
|
||||
|
||||
in_creds.client = me;
|
||||
|
||||
- ret = krb5_parse_name(context, names[i], &in_creds.server);
|
||||
+ if (sname != NULL) {
|
||||
+ ret = krb5_sname_to_principal(context, names[i],
|
||||
+ sname, KRB5_NT_SRV_HST,
|
||||
+ &in_creds.server);
|
||||
+ } else {
|
||||
+ ret = krb5_parse_name(context, names[i], &in_creds.server);
|
||||
+ }
|
||||
if (ret) {
|
||||
if (!quiet)
|
||||
com_err(prog, ret, "while parsing principal name %s", names[i]);
|
||||
Index: src/lib/crypto/prng.c
|
||||
===================================================================
|
||||
--- src/lib/crypto/prng.c (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/lib/crypto/prng.c (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -162,7 +162,7 @@
|
||||
krb5_data data;
|
||||
struct stat sb;
|
||||
int fd;
|
||||
- unsigned char buf[YARROW_SLOW_THRESH/8];
|
||||
+ unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
|
||||
int left;
|
||||
fd = open (device, O_RDONLY);
|
||||
if (fd == -1)
|
||||
@@ -173,14 +173,16 @@
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
- for (left = sizeof (buf); left > 0;) {
|
||||
+
|
||||
+ for (bp = &buf, left = sizeof (buf); left > 0;) {
|
||||
ssize_t count;
|
||||
- count = read (fd, &buf, (unsigned) left);
|
||||
+ count = read (fd, bp, (unsigned) left);
|
||||
if (count <= 0) {
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
left -= count;
|
||||
+ bp += count;
|
||||
}
|
||||
close (fd);
|
||||
data.length = sizeof (buf);
|
||||
@@ -199,7 +201,7 @@
|
||||
int unused;
|
||||
int *oursuccess = success?success:&unused;
|
||||
*oursuccess = 0;
|
||||
- /* If we are getting strong data then try that first. We aare
|
||||
+ /* If we are getting strong data then try that first. We are
|
||||
guaranteed to cause a reseed of some kind if strong is true and
|
||||
we have both /dev/random and /dev/urandom. We want the strong
|
||||
data included in the reseed so we get it first.*/
|
||||
Index: src/lib/gssapi/spnego/spnego_mech.c
|
||||
===================================================================
|
||||
--- src/lib/gssapi/spnego/spnego_mech.c (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/lib/gssapi/spnego/spnego_mech.c (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -61,7 +61,7 @@
|
||||
/* private routines for spnego_mechanism */
|
||||
static spnego_token_t make_spnego_token(char *);
|
||||
static gss_buffer_desc make_err_msg(char *);
|
||||
-static int g_token_size(gss_OID_const, OM_uint32);
|
||||
+static int g_token_size(gss_OID_const, unsigned int);
|
||||
static int g_make_token_header(gss_OID_const, unsigned int,
|
||||
unsigned char **, unsigned int);
|
||||
static int g_verify_token_header(gss_OID_const, unsigned int *,
|
||||
@@ -835,6 +835,7 @@
|
||||
ret = GSS_S_FAILURE;
|
||||
}
|
||||
}
|
||||
+ gss_release_buffer(&tmpmin, &mechtok_out);
|
||||
if (ret == GSS_S_COMPLETE) {
|
||||
/*
|
||||
* Now, switch the output context to refer to the
|
||||
Index: src/lib/krb5/ccache/cc_file.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19755)
|
||||
+++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19755)
|
||||
--- src/lib/krb5/ccache/cc_file.c (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/lib/krb5/ccache/cc_file.c (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -1954,6 +1954,9 @@
|
||||
char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
|
||||
NUL */
|
||||
@ -143,10 +320,79 @@ Index: src/lib/krb5/ccache/cc_file.c
|
||||
|
||||
err_out:
|
||||
krb5_xfree(((krb5_fcc_data *) lid->data)->filename);
|
||||
Index: src/lib/krb5/ccache/ccfns.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/ccache/ccfns.c (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/lib/krb5/ccache/ccfns.c (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* lib/krb5/ccache/ccfns.c
|
||||
*
|
||||
- * Copyright 2000 by the Massachusetts Institute of Technology.
|
||||
+ * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* Export of this software from the United States of America may
|
||||
@@ -65,7 +65,29 @@
|
||||
krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
|
||||
krb5_creds *creds)
|
||||
{
|
||||
- return cache->ops->store(context, cache, creds);
|
||||
+ krb5_error_code ret;
|
||||
+ krb5_ticket *tkt;
|
||||
+ krb5_principal s1, s2;
|
||||
+
|
||||
+ ret = cache->ops->store(context, cache, creds);
|
||||
+ if (ret) return ret;
|
||||
+
|
||||
+ /*
|
||||
+ * If creds->server and the server in the decoded ticket differ,
|
||||
+ * store both principals.
|
||||
+ */
|
||||
+ s1 = creds->server;
|
||||
+ ret = decode_krb5_ticket(&creds->ticket, &tkt);
|
||||
+ /* Bail out on errors in case someone is storing a non-ticket. */
|
||||
+ if (ret) return 0;
|
||||
+ s2 = tkt->server;
|
||||
+ if (!krb5_principal_compare(context, s1, s2)) {
|
||||
+ creds->server = s2;
|
||||
+ ret = cache->ops->store(context, cache, creds);
|
||||
+ creds->server = s1;
|
||||
+ }
|
||||
+ krb5_free_ticket(context, tkt);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_CALLCONV
|
||||
@@ -73,7 +95,23 @@
|
||||
krb5_flags flags, krb5_creds *mcreds,
|
||||
krb5_creds *creds)
|
||||
{
|
||||
- return cache->ops->retrieve(context, cache, flags, mcreds, creds);
|
||||
+ krb5_error_code ret;
|
||||
+ krb5_data tmprealm;
|
||||
+
|
||||
+ ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
|
||||
+ if (ret != KRB5_CC_NOTFOUND)
|
||||
+ return ret;
|
||||
+ if (!krb5_is_referral_realm(&mcreds->server->realm))
|
||||
+ return ret;
|
||||
+
|
||||
+ /*
|
||||
+ * Retry using client's realm if service has referral realm.
|
||||
+ */
|
||||
+ tmprealm = mcreds->server->realm;
|
||||
+ mcreds->server->realm = mcreds->client->realm;
|
||||
+ ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
|
||||
+ mcreds->server->realm = tmprealm;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
krb5_error_code KRB5_CALLCONV
|
||||
Index: src/lib/krb5/krb/gc_frm_kdc.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19755)
|
||||
+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19755)
|
||||
--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-2-final) (Revision 19931)
|
||||
+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19931)
|
||||
@@ -906,7 +906,6 @@
|
||||
/* Whether or not that succeeded, we're done. */
|
||||
goto cleanup;
|
||||
@ -204,4 +450,3 @@ Index: src/lib/krb5/krb/gc_frm_kdc.c
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
41
krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
Normal file
41
krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
Normal file
@ -0,0 +1,41 @@
|
||||
--- src/lib/kadm5/srv/svr_policy.c
|
||||
+++ src/lib/kadm5/srv/svr_policy.c 2007/08/24 14:32:34
|
||||
@@ -211,8 +211,9 @@
|
||||
if((mask & KADM5_POLICY))
|
||||
return KADM5_BAD_MASK;
|
||||
|
||||
- ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
|
||||
- if( ret && (cnt==0) )
|
||||
+ if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
|
||||
+ return ret;
|
||||
+ if (cnt != 1)
|
||||
return KADM5_UNK_POLICY;
|
||||
|
||||
if ((mask & KADM5_PW_MAX_LIFE))
|
||||
|
||||
--- src/lib/rpc/svc_auth_gss.c
|
||||
+++ src/lib/rpc/svc_auth_gss.c 2007/09/06 08:32:37
|
||||
@@ -355,6 +355,15 @@
|
||||
memset(rpchdr, 0, sizeof(rpchdr));
|
||||
|
||||
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
|
||||
+ oa = &msg->rm_call.cb_cred;
|
||||
+ if (oa->oa_length > MAX_AUTH_BYTES)
|
||||
+ return (FALSE);
|
||||
+
|
||||
+ /* 8 XDR units from the IXDR macro calls. */
|
||||
+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
|
||||
+ RNDUP(oa->oa_length)))
|
||||
+ return (FALSE);
|
||||
+
|
||||
buf = (int32_t *)(void *)rpchdr;
|
||||
IXDR_PUT_LONG(buf, msg->rm_xid);
|
||||
IXDR_PUT_ENUM(buf, msg->rm_direction);
|
||||
@@ -362,7 +371,6 @@
|
||||
IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
|
||||
IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
|
||||
IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
|
||||
- oa = &msg->rm_call.cb_cred;
|
||||
IXDR_PUT_ENUM(buf, oa->oa_flavor);
|
||||
IXDR_PUT_LONG(buf, oa->oa_length);
|
||||
if (oa->oa_length) {
|
||||
@ -13,7 +13,7 @@
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library latex2html texlive
|
||||
Version: 1.6.2
|
||||
Release: 12
|
||||
Release: 28
|
||||
%define srcRoot krb5-1.6.2
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: X11/MIT
|
||||
|
||||
@ -1,3 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 11 15:11:34 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 6 10:43:50 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 5 12:18:38 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 7 11:59:05 CEST 2007 - mc@suse.de
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
|
||||
Name: krb5-plugins
|
||||
Version: 1.6.2
|
||||
Release: 2
|
||||
Release: 3
|
||||
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
|
||||
%define srcRoot krb5-1.6.2
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
@ -45,6 +45,7 @@ Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
|
||||
Patch24: krb5-1.5.1-fix-strncat-warning.dif
|
||||
Patch25: krb5-1.6.1-init-salt-length.dif
|
||||
Patch26: krb5-1.4.3-extra-check-kt_file.c.dif
|
||||
Patch27: krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -110,6 +111,7 @@ fi
|
||||
%patch24
|
||||
%patch25
|
||||
%patch26
|
||||
%patch27
|
||||
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
|
||||
|
||||
%build
|
||||
@ -207,6 +209,20 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Tue Sep 11 2007 - mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
* Thu Sep 06 2007 - mc@suse.de
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
* Wed Sep 05 2007 - mc@suse.de
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
* Tue Aug 07 2007 - mc@suse.de
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
|
||||
23
krb5.changes
23
krb5.changes
@ -1,3 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 5 12:18:21 CEST 2007 - mc@suse.de
|
||||
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
||||
|
||||
|
||||
18
krb5.spec
18
krb5.spec
@ -12,7 +12,7 @@
|
||||
|
||||
Name: krb5
|
||||
Version: 1.6.2
|
||||
Release: 9
|
||||
Release: 18
|
||||
BuildRequires: bison libcom_err-devel ncurses-devel
|
||||
%if %{suse_version} > 1010
|
||||
BuildRequires: keyutils keyutils-devel
|
||||
@ -49,6 +49,7 @@ Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
|
||||
Patch24: krb5-1.5.1-fix-strncat-warning.dif
|
||||
Patch25: krb5-1.6.1-init-salt-length.dif
|
||||
Patch26: krb5-1.4.3-extra-check-kt_file.c.dif
|
||||
Patch27: krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch
|
||||
|
||||
@ -201,6 +202,7 @@ fi
|
||||
%patch24
|
||||
%patch25
|
||||
%patch26
|
||||
%patch27
|
||||
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
|
||||
|
||||
%build
|
||||
@ -511,6 +513,20 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
|
||||
%changelog
|
||||
* Tue Sep 11 2007 - mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
* Thu Sep 06 2007 - mc@suse.de
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
* Wed Sep 05 2007 - mc@suse.de
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
* Tue Aug 07 2007 - mc@suse.de
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
|
||||
Loading…
Reference in New Issue
Block a user