pool/libheimdal
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 560558 from home:enzokiel:branches:network

Browse Source 
- Update to version 7.5.0
  - Security
    - Fix CVE-2017-17439, which is a remote denial of service
      vulnerability:
      In Heimdal 7.1 through 7.4, remote unauthenticated attackers
      are able to crash the KDC by sending a crafted UDP packet
      containing empty data fields for client name or realm.
  - Bug fixes
    - Handle long input lines when reloading database dumps.
    - In pre-forked mode (default on Unix), correctly clear the
      process ids of exited children, allowing new child processes
      to replace the old.
    - Fixed incorrect KDC response when no-cross realm TGT exists,
      allowing client requests to fail quickly rather than time
      out after trying to get a correct answer from each KDC.
- Fixed heimdal-patched.diff.
- Removed Avoid_NULL_structure_pointer_member_dereference.patch,
  fixed upstream.

OBS-URL: https://build.opensuse.org/request/show/560558
OBS-URL: https://build.opensuse.org/package/show/network/libheimdal?expand=0&rev=19
This commit is contained in:
Jörg Lorenzen 2017-12-29 13:46:40 +00:00 committed by Git OBS Bridge
parent c581032039
commit 544cfdcdbc
6 changed files with 27 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Avoid_NULL_structure_pointer_member_dereference.patch
View File

@ -1,23 +0,0 @@
--- kdc/kerberos5.c.orig
+++ kdc/kerberos5.c
@@ -2226,15 +2226,17 @@
/*
* In case of a non proxy error, build an error message.
*/
- if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
+ if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
ret = _kdc_fast_mk_error(context, r,
&error_method,
r->armor_crypto,
&req->req_body,
ret, r->e_text,
r->server_princ,
- &r->client_princ->name,
- &r->client_princ->realm,
+ r->client_princ ?
+ &r->client_princ->name : NULL,
+ r->client_princ ?
+ &r->client_princ->realm : NULL,
NULL, NULL,
reply);
if (ret)

3
heimdal-7.4.0-patched.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f49a302ab803b536dbc2c1c0e33d9b35ab859fc8e8785908d7e1cb1a78afabe0
size 7457572

3
heimdal-7.5.0-patched.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2a77570b72566f4dcc67c6d159017eb2baf927995441fea3a872f527e8089328
size 7632037

2
heimdal-patched.diff
View File

@ -4,7 +4,7 @@ diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac
@@ -3,7 +3,6 @@ @@ -3,7 +3,6 @@
AC_PREREQ(2.62) AC_PREREQ(2.62)
test -z "$CFLAGS" && CFLAGS="-g" test -z "$CFLAGS" && CFLAGS="-g"
AC_INIT([Heimdal],[7.4.0],[https://github.com/heimdal/heimdal/issues]) AC_INIT([Heimdal],[7.5.0],[https://github.com/heimdal/heimdal/issues])
-AC_CONFIG_SRCDIR([kuser/kinit.c]) -AC_CONFIG_SRCDIR([kuser/kinit.c])
AC_CONFIG_HEADERS(include/config.h) AC_CONFIG_HEADERS(include/config.h)
AC_CONFIG_MACRO_DIR([cf]) AC_CONFIG_MACRO_DIR([cf])

22
libheimdal.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Fri Dec 29 13:16:21 UTC 2017 - joerg.lorenzen@ki.tng.de
- Update to version 7.5.0
- Security
- Fix CVE-2017-17439, which is a remote denial of service
vulnerability:
In Heimdal 7.1 through 7.4, remote unauthenticated attackers
are able to crash the KDC by sending a crafted UDP packet
containing empty data fields for client name or realm.
- Bug fixes
- Handle long input lines when reloading database dumps.
- In pre-forked mode (default on Unix), correctly clear the
process ids of exited children, allowing new child processes
to replace the old.
- Fixed incorrect KDC response when no-cross realm TGT exists,
allowing client requests to fail quickly rather than time
out after trying to get a correct answer from each KDC.
- Fixed heimdal-patched.diff.
- Removed Avoid_NULL_structure_pointer_member_dereference.patch,
fixed upstream.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Dec 07 15:17:23 UTC 2017 - joerg.lorenzen@ki.tng.de Thu Dec 07 15:17:23 UTC 2017 - joerg.lorenzen@ki.tng.de

4
libheimdal.spec
View File

@ -20,7 +20,7 @@ Name: libheimdal
Summary: The Heimdal implementation of the Kerberos 5 protocol Summary: The Heimdal implementation of the Kerberos 5 protocol
License: BSD-3-Clause License: BSD-3-Clause
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Version: 7.4.0 Version: 7.5.0
Release: 0 Release: 0
Url: http://www.h5l.org Url: http://www.h5l.org
# patched source can be created with script heimdal-patch-source.sh: # patched source can be created with script heimdal-patch-source.sh:
@ -28,7 +28,6 @@ Url: http://www.h5l.org
Source0: heimdal-%{version}-patched.tar.bz2 Source0: heimdal-%{version}-patched.tar.bz2
Source2: heimdal-patch-source.sh Source2: heimdal-patch-source.sh
Patch0: heimdal-patched.diff Patch0: heimdal-patched.diff
Patch1: Avoid_NULL_structure_pointer_member_dereference.patch
%if 0%{?sles_version} == 11 %if 0%{?sles_version} == 11
BuildRequires: libcom_err-devel BuildRequires: libcom_err-devel
BuildRequires: sqlite3-devel BuildRequires: sqlite3-devel
@ -99,7 +98,6 @@ libraries are required by 64-bit package of ICAClient version 13.2.
%prep %prep
%setup -q -n heimdal-%{version} %setup -q -n heimdal-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p0
%build %build
autoreconf -fi autoreconf -fi