This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
8254c4844e
commit
2b46d13d41
@ -1,7 +1,7 @@
|
||||
Index: src/include/k5-int.h
|
||||
===================================================================
|
||||
--- src/include/k5-int.h (.../tags/krb5-1-6-1-final) (Revision 19540)
|
||||
+++ src/include/k5-int.h (.../branches/krb5-1-6) (Revision 19540)
|
||||
--- src/include/k5-int.h (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/include/k5-int.h (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -1048,9 +1048,9 @@
|
||||
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
|
||||
|
||||
@ -16,8 +16,8 @@ Index: src/include/k5-int.h
|
||||
typedef struct _krb5_gic_opt_private {
|
||||
Index: src/appl/gssftp/ftp/cmds.c
|
||||
===================================================================
|
||||
--- src/appl/gssftp/ftp/cmds.c (.../tags/krb5-1-6-1-final) (Revision 19540)
|
||||
+++ src/appl/gssftp/ftp/cmds.c (.../branches/krb5-1-6) (Revision 19540)
|
||||
--- src/appl/gssftp/ftp/cmds.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/appl/gssftp/ftp/cmds.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -168,9 +168,7 @@
|
||||
}
|
||||
port = htons(iport);
|
||||
@ -65,10 +65,337 @@ Index: src/appl/gssftp/ftp/cmds.c
|
||||
overbose = verbose;
|
||||
if (debug == 0)
|
||||
verbose = -1;
|
||||
Index: src/kadmin/server/server_stubs.c
|
||||
===================================================================
|
||||
--- src/kadmin/server/server_stubs.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/kadmin/server/server_stubs.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -545,13 +545,14 @@
|
||||
static generic_ret ret;
|
||||
char *prime_arg1,
|
||||
*prime_arg2;
|
||||
- char prime_arg[BUFSIZ];
|
||||
gss_buffer_desc client_name,
|
||||
service_name;
|
||||
OM_uint32 minor_stat;
|
||||
kadm5_server_handle_t handle;
|
||||
restriction_t *rp;
|
||||
char *errmsg;
|
||||
+ size_t tlen1, tlen2, clen, slen;
|
||||
+ char *tdots1, *tdots2, *cdots, *sdots;
|
||||
|
||||
xdr_free(xdr_generic_ret, &ret);
|
||||
|
||||
@@ -572,7 +573,14 @@
|
||||
ret.code = KADM5_BAD_PRINCIPAL;
|
||||
goto exit_func;
|
||||
}
|
||||
- sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
|
||||
+ tlen1 = strlen(prime_arg1);
|
||||
+ trunc_name(&tlen1, &tdots1);
|
||||
+ tlen2 = strlen(prime_arg2);
|
||||
+ trunc_name(&tlen2, &tdots2);
|
||||
+ clen = client_name.length;
|
||||
+ trunc_name(&clen, &cdots);
|
||||
+ slen = service_name.length;
|
||||
+ trunc_name(&slen, &sdots);
|
||||
|
||||
ret.code = KADM5_OK;
|
||||
if (! CHANGEPW_SERVICE(rqstp)) {
|
||||
@@ -590,8 +598,15 @@
|
||||
} else
|
||||
ret.code = KADM5_AUTH_INSUFFICIENT;
|
||||
if (ret.code != KADM5_OK) {
|
||||
- log_unauth("kadm5_rename_principal", prime_arg,
|
||||
- &client_name, &service_name, rqstp);
|
||||
+ krb5_klog_syslog(LOG_NOTICE,
|
||||
+ "Unauthorized request: kadm5_rename_principal, "
|
||||
+ "%.*s%s to %.*s%s, "
|
||||
+ "client=%.*s%s, service=%.*s%s, addr=%s",
|
||||
+ tlen1, prime_arg1, tdots1,
|
||||
+ tlen2, prime_arg2, tdots2,
|
||||
+ clen, client_name.value, cdots,
|
||||
+ slen, service_name.value, sdots,
|
||||
+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
|
||||
} else {
|
||||
ret.code = kadm5_rename_principal((void *)handle, arg->src,
|
||||
arg->dest);
|
||||
@@ -600,8 +615,15 @@
|
||||
else
|
||||
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
|
||||
|
||||
- log_done("kadm5_rename_principal", prime_arg, errmsg,
|
||||
- &client_name, &service_name, rqstp);
|
||||
+ krb5_klog_syslog(LOG_NOTICE,
|
||||
+ "Request: kadm5_rename_principal, "
|
||||
+ "%.*s%s to %.*s%s, %s, "
|
||||
+ "client=%.*s%s, service=%.*s%s, addr=%s",
|
||||
+ tlen1, prime_arg1, tdots1,
|
||||
+ tlen2, prime_arg2, tdots2, errmsg,
|
||||
+ clen, client_name.value, cdots,
|
||||
+ slen, service_name.value, sdots,
|
||||
+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
|
||||
}
|
||||
free_server_handle(handle);
|
||||
free(prime_arg1);
|
||||
Index: src/lib/rpc/svc_auth_unix.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/svc_auth_unix.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/lib/rpc/svc_auth_unix.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -64,8 +64,7 @@
|
||||
char area_machname[MAX_MACHINE_NAME+1];
|
||||
int area_gids[NGRPS];
|
||||
} *area;
|
||||
- u_int auth_len;
|
||||
- int str_len, gid_len;
|
||||
+ u_int auth_len, str_len, gid_len;
|
||||
register int i;
|
||||
|
||||
rqst->rq_xprt->xp_auth = &svc_auth_none;
|
||||
@@ -74,7 +73,9 @@
|
||||
aup = &area->area_aup;
|
||||
aup->aup_machname = area->area_machname;
|
||||
aup->aup_gids = area->area_gids;
|
||||
- auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
|
||||
+ auth_len = msg->rm_call.cb_cred.oa_length;
|
||||
+ if (auth_len > INT_MAX)
|
||||
+ return AUTH_BADCRED;
|
||||
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
|
||||
buf = XDR_INLINE(&xdrs, (int)auth_len);
|
||||
if (buf != NULL) {
|
||||
@@ -84,7 +85,7 @@
|
||||
stat = AUTH_BADCRED;
|
||||
goto done;
|
||||
}
|
||||
- memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
|
||||
+ memmove(aup->aup_machname, buf, str_len);
|
||||
aup->aup_machname[str_len] = 0;
|
||||
str_len = RNDUP(str_len);
|
||||
buf += str_len / BYTES_PER_XDR_UNIT;
|
||||
@@ -104,7 +105,7 @@
|
||||
* timestamp, hostname len (0), uid, gid, and gids len (0).
|
||||
*/
|
||||
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
|
||||
- (void) printf("bad auth_len gid %d str %d auth %d\n",
|
||||
+ (void) printf("bad auth_len gid %u str %u auth %u\n",
|
||||
gid_len, str_len, auth_len);
|
||||
stat = AUTH_BADCRED;
|
||||
goto done;
|
||||
Index: src/lib/rpc/svc_auth_gssapi.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/svc_auth_gssapi.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/lib/rpc/svc_auth_gssapi.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -149,6 +149,8 @@
|
||||
rqst->rq_xprt->xp_auth = &svc_auth_none;
|
||||
|
||||
memset((char *) &call_res, 0, sizeof(call_res));
|
||||
+ creds.client_handle.length = 0;
|
||||
+ creds.client_handle.value = NULL;
|
||||
|
||||
cred = &msg->rm_call.cb_cred;
|
||||
verf = &msg->rm_call.cb_verf;
|
||||
Index: src/lib/krb5/krb/rd_req_dec.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/rd_req_dec.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/lib/krb5/krb/rd_req_dec.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -87,14 +87,39 @@
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
-krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, const krb5_ap_req *req, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket, int check_valid_flag)
|
||||
+krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
|
||||
+ const krb5_ap_req *req, krb5_const_principal server,
|
||||
+ krb5_keytab keytab, krb5_flags *ap_req_options,
|
||||
+ krb5_ticket **ticket, int check_valid_flag)
|
||||
{
|
||||
krb5_error_code retval = 0;
|
||||
krb5_timestamp currenttime;
|
||||
+ krb5_principal_data princ_data;
|
||||
+
|
||||
+ req->ticket->enc_part2 == NULL;
|
||||
+ if (server && krb5_is_referral_realm(&server->realm)) {
|
||||
+ char *realm;
|
||||
+ princ_data = *server;
|
||||
+ server = &princ_data;
|
||||
+ retval = krb5_get_default_realm(context, &realm);
|
||||
+ if (retval)
|
||||
+ return retval;
|
||||
+ princ_data.realm.data = realm;
|
||||
+ princ_data.realm.length = strlen(realm);
|
||||
+ }
|
||||
+ if (server && !krb5_principal_compare(context, server, req->ticket->server)) {
|
||||
+ char *found_name = 0, *wanted_name = 0;
|
||||
+ if (krb5_unparse_name(context, server, &wanted_name) == 0
|
||||
+ && krb5_unparse_name(context, req->ticket->server, &found_name) == 0)
|
||||
+ krb5_set_error_message(context, KRB5KRB_AP_WRONG_PRINC,
|
||||
+ "Wrong principal in request (found %s, wanted %s)",
|
||||
+ found_name, wanted_name);
|
||||
+ krb5_free_unparsed_name(context, wanted_name);
|
||||
+ krb5_free_unparsed_name(context, found_name);
|
||||
+ retval = KRB5KRB_AP_WRONG_PRINC;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
- if (server && !krb5_principal_compare(context, server, req->ticket->server))
|
||||
- return KRB5KRB_AP_WRONG_PRINC;
|
||||
-
|
||||
/* if (req->ap_options & AP_OPTS_USE_SESSION_KEY)
|
||||
do we need special processing here ? */
|
||||
|
||||
@@ -102,12 +127,12 @@
|
||||
if ((*auth_context)->keyblock) { /* User to User authentication */
|
||||
if ((retval = krb5_decrypt_tkt_part(context, (*auth_context)->keyblock,
|
||||
req->ticket)))
|
||||
- return retval;
|
||||
+goto cleanup;
|
||||
krb5_free_keyblock(context, (*auth_context)->keyblock);
|
||||
(*auth_context)->keyblock = NULL;
|
||||
} else {
|
||||
if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, keytab)))
|
||||
- return retval;
|
||||
+ goto cleanup;
|
||||
}
|
||||
|
||||
/* XXX this is an evil hack. check_valid_flag is set iff the call
|
||||
@@ -241,15 +266,21 @@
|
||||
if ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_PERMIT_ALL) {
|
||||
/* no etype check needed */;
|
||||
} else if ((*auth_context)->permitted_etypes == NULL) {
|
||||
+ int etype;
|
||||
/* check against the default set */
|
||||
if ((!krb5_is_permitted_enctype(context,
|
||||
- req->ticket->enc_part.enctype)) ||
|
||||
+ etype = req->ticket->enc_part.enctype)) ||
|
||||
(!krb5_is_permitted_enctype(context,
|
||||
- req->ticket->enc_part2->session->enctype)) ||
|
||||
+ etype = req->ticket->enc_part2->session->enctype)) ||
|
||||
(((*auth_context)->authentp->subkey) &&
|
||||
!krb5_is_permitted_enctype(context,
|
||||
- (*auth_context)->authentp->subkey->enctype))) {
|
||||
+ etype = (*auth_context)->authentp->subkey->enctype))) {
|
||||
+ char enctype_name[30];
|
||||
retval = KRB5_NOPERM_ETYPE;
|
||||
+ if (krb5_enctype_to_string(etype, enctype_name, sizeof(enctype_name)) == 0)
|
||||
+ krb5_set_error_message(context, retval,
|
||||
+ "Encryption type %s not permitted",
|
||||
+ enctype_name);
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
@@ -261,7 +292,13 @@
|
||||
req->ticket->enc_part.enctype)
|
||||
break;
|
||||
if (!(*auth_context)->permitted_etypes[i]) {
|
||||
+ char enctype_name[30];
|
||||
retval = KRB5_NOPERM_ETYPE;
|
||||
+ if (krb5_enctype_to_string(req->ticket->enc_part.enctype,
|
||||
+ enctype_name, sizeof(enctype_name)) == 0)
|
||||
+ krb5_set_error_message(context, retval,
|
||||
+ "Encryption type %s not permitted",
|
||||
+ enctype_name);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -270,7 +307,13 @@
|
||||
req->ticket->enc_part2->session->enctype)
|
||||
break;
|
||||
if (!(*auth_context)->permitted_etypes[i]) {
|
||||
+ char enctype_name[30];
|
||||
retval = KRB5_NOPERM_ETYPE;
|
||||
+ if (krb5_enctype_to_string(req->ticket->enc_part2->session->enctype,
|
||||
+ enctype_name, sizeof(enctype_name)) == 0)
|
||||
+ krb5_set_error_message(context, retval,
|
||||
+ "Encryption type %s not permitted",
|
||||
+ enctype_name);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -280,7 +323,14 @@
|
||||
(*auth_context)->authentp->subkey->enctype)
|
||||
break;
|
||||
if (!(*auth_context)->permitted_etypes[i]) {
|
||||
+ char enctype_name[30];
|
||||
retval = KRB5_NOPERM_ETYPE;
|
||||
+ if (krb5_enctype_to_string((*auth_context)->authentp->subkey->enctype,
|
||||
+ enctype_name,
|
||||
+ sizeof(enctype_name)) == 0)
|
||||
+ krb5_set_error_message(context, retval,
|
||||
+ "Encryption type %s not permitted",
|
||||
+ enctype_name);
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
@@ -327,17 +377,23 @@
|
||||
retval = 0;
|
||||
|
||||
cleanup:
|
||||
+ if (server == &princ_data)
|
||||
+ krb5_free_default_realm(context, princ_data.realm.data);
|
||||
if (retval) {
|
||||
/* only free if we're erroring out...otherwise some
|
||||
applications will need the output. */
|
||||
- krb5_free_enc_tkt_part(context, req->ticket->enc_part2);
|
||||
+ if (req->ticket->enc_part2)
|
||||
+ krb5_free_enc_tkt_part(context, req->ticket->enc_part2);
|
||||
req->ticket->enc_part2 = NULL;
|
||||
}
|
||||
return retval;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
-krb5_rd_req_decoded(krb5_context context, krb5_auth_context *auth_context, const krb5_ap_req *req, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket)
|
||||
+krb5_rd_req_decoded(krb5_context context, krb5_auth_context *auth_context,
|
||||
+ const krb5_ap_req *req, krb5_const_principal server,
|
||||
+ krb5_keytab keytab, krb5_flags *ap_req_options,
|
||||
+ krb5_ticket **ticket)
|
||||
{
|
||||
krb5_error_code retval;
|
||||
retval = krb5_rd_req_decoded_opt(context, auth_context,
|
||||
@@ -348,7 +404,11 @@
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
-krb5_rd_req_decoded_anyflag(krb5_context context, krb5_auth_context *auth_context, const krb5_ap_req *req, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket)
|
||||
+krb5_rd_req_decoded_anyflag(krb5_context context,
|
||||
+ krb5_auth_context *auth_context,
|
||||
+ const krb5_ap_req *req,
|
||||
+ krb5_const_principal server, krb5_keytab keytab,
|
||||
+ krb5_flags *ap_req_options, krb5_ticket **ticket)
|
||||
{
|
||||
krb5_error_code retval;
|
||||
retval = krb5_rd_req_decoded_opt(context, auth_context,
|
||||
@@ -359,7 +419,8 @@
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
-decrypt_authenticator(krb5_context context, const krb5_ap_req *request, krb5_authenticator **authpp, int is_ap_req)
|
||||
+decrypt_authenticator(krb5_context context, const krb5_ap_req *request,
|
||||
+ krb5_authenticator **authpp, int is_ap_req)
|
||||
{
|
||||
krb5_authenticator *local_auth;
|
||||
krb5_error_code retval;
|
||||
@@ -390,4 +451,3 @@
|
||||
clean_scratch();
|
||||
return retval;
|
||||
}
|
||||
-
|
||||
Index: src/lib/krb5/krb/walk_rtree.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/walk_rtree.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/lib/krb5/krb/walk_rtree.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -167,6 +167,9 @@
|
||||
links++;
|
||||
}
|
||||
}
|
||||
+ if (cap_nodes[links] != NULL)
|
||||
+ krb5_xfree(cap_nodes[links]);
|
||||
+
|
||||
cap_nodes[links] = cap_server; /* put server on end of list */
|
||||
/* this simplifies the code later and make */
|
||||
/* cleanup eaiser as well */
|
||||
Index: src/lib/krb5/krb/gc_frm_kdc.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-1-final) (Revision 19540)
|
||||
+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19540)
|
||||
--- src/lib/krb5/krb/gc_frm_kdc.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/lib/krb5/krb/gc_frm_kdc.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -1043,6 +1043,7 @@
|
||||
krb5_free_creds(context, (*tgts)[i]);
|
||||
}
|
||||
@ -79,8 +406,8 @@ Index: src/lib/krb5/krb/gc_frm_kdc.c
|
||||
retval = krb5_cc_retrieve_cred(context, ccache, RETR_FLAGS,
|
||||
Index: src/lib/krb5/krb/gic_opt.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/krb/gic_opt.c (.../tags/krb5-1-6-1-final) (Revision 19540)
|
||||
+++ src/lib/krb5/krb/gic_opt.c (.../branches/krb5-1-6) (Revision 19540)
|
||||
--- src/lib/krb5/krb/gic_opt.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/lib/krb5/krb/gic_opt.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -206,8 +206,18 @@
|
||||
oe = krb5int_gic_opte_alloc(context);
|
||||
if (NULL == oe)
|
||||
@ -104,8 +431,8 @@ Index: src/lib/krb5/krb/gic_opt.c
|
||||
|
||||
Index: src/util/profile/prof_parse.c
|
||||
===================================================================
|
||||
--- src/util/profile/prof_parse.c (.../tags/krb5-1-6-1-final) (Revision 19540)
|
||||
+++ src/util/profile/prof_parse.c (.../branches/krb5-1-6) (Revision 19540)
|
||||
--- src/util/profile/prof_parse.c (.../tags/krb5-1-6-1-final) (Revision 19657)
|
||||
+++ src/util/profile/prof_parse.c (.../branches/krb5-1-6) (Revision 19657)
|
||||
@@ -306,8 +306,10 @@
|
||||
*/
|
||||
static int need_double_quotes(char *str)
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library latex2html texlive
|
||||
Version: 1.6.1
|
||||
Release: 29
|
||||
Release: 31
|
||||
%define srcRoot krb5-1.6.1
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: X11/MIT
|
||||
|
||||
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 2 11:39:54 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 9 15:31:08 CEST 2007 - mc@suse.de
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
|
||||
Name: krb5-plugins
|
||||
Version: 1.6.1
|
||||
Release: 7
|
||||
Release: 8
|
||||
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
|
||||
%define srcRoot krb5-1.6.1
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
@ -207,6 +207,16 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 02 2007 - mc@suse.de
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
* Wed May 09 2007 - mc@suse.de
|
||||
- fix uninitialized salt length
|
||||
- add extra check for keytab file
|
||||
|
||||
13
krb5.changes
13
krb5.changes
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
||||
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
||||
|
||||
|
||||
12
krb5.spec
12
krb5.spec
@ -12,7 +12,7 @@
|
||||
|
||||
Name: krb5
|
||||
Version: 1.6.1
|
||||
Release: 24
|
||||
Release: 26
|
||||
BuildRequires: bison libcom_err ncurses-devel
|
||||
%if %{suse_version} > 1010
|
||||
BuildRequires: keyutils keyutils-devel
|
||||
@ -511,6 +511,16 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 02 2007 - mc@suse.de
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
* fix buffer overflow in kadmind
|
||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||
[#278689]
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
* Thu Jun 14 2007 - mc@suse.de
|
||||
- fix unstripped-binary-or-object rpmlint warning
|
||||
* Mon Jun 11 2007 - sschober@suse.de
|
||||
|
||||
Loading…
Reference in New Issue
Block a user