Accepting request 1185764 from network

- Update to 1.21.3 * Fix vulnerabilities in GSS message token handling: * CVE-2024-37370, bsc#1227186 * CVE-2024-37371, bsc#1227187 * Fix a potential bad pointer free in krb5_cccol_have_contents() * Fix a memory leak in the macOS ccache type - Update patch 0009-Fix-three-memory-leaks.patch - Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch * CVE-2024-26458, bsc#1220770 * CVE-2024-26461, bsc#1220771 * CVE-2024-26462, bsc#1220772 - Update to 1.21.3 * Fix vulnerabilities in GSS message token handling: * CVE-2024-37370, bsc#1227186 * CVE-2024-37371, bsc#1227187 * Fix a potential bad pointer free in krb5_cccol_have_contents() * Fix a memory leak in the macOS ccache type - Update patch 0009-Fix-three-memory-leaks.patch OBS-URL: https://build.opensuse.org/request/show/1185764 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=174
2024-07-08 17:06:50 +00:00 · 2024-07-08 17:06:50 +00:00 · 3ee57d14de
commit 3ee57d14de
parent 09c6d1fd49 193f91051e
9 changed files with 52 additions and 64 deletions
--- a/0009-Fix-three-memory-leaks.patch
+++ b/0009-Fix-three-memory-leaks.patch
@ -1,46 +1,3 @@
-From 2aaffa96269b56fe09abf81851c40c9c4a3587f0 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Tue, 5 Mar 2024 17:38:49 -0500
-Subject: [PATCH 1/2] Fix leak in KDC NDR encoding
-
-If the KDC tries to encode a principal containing encode invalid UTF-8
-sequences for inclusion in a PAC delegation info buffer, it will leak
-a small amount of memory in enc_wchar_pointer() before failing.  Fix
-the leak.
-
-ticket: 9115 (new)
-tags: pullup
-target_version: 1.21-next
-
-(cherry picked from commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe)
---
- src/kdc/ndr.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c
-index 48395abe52..d438408ee2 100644
--- a/src/kdc/ndr.c
-+++ b/src/kdc/ndr.c
-@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out)
-     size_t utf16len, num_wchars;
-     uint8_t *utf16;
- 
-    k5_buf_init_dynamic(&b);
-
-     ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len);
-     if (ret)
-         return ret;
- 
-     num_wchars = utf16len / 2;
- 
-+    k5_buf_init_dynamic(&b);
-     k5_buf_add_uint32_le(&b, num_wchars + 1);
-     k5_buf_add_uint32_le(&b, 0);
-     k5_buf_add_uint32_le(&b, num_wchars);
-- 
-2.44.0
-
-
 From 489deee29f427f22e2a26de729319bdb70819c37 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Tue, 5 Mar 2024 19:53:07 -0500
--- a/krb5-1.21.2.tar.gz
+++ b/krb5-1.21.2.tar.gz
--- a/krb5-1.21.2.tar.gz.asc
+++ b/krb5-1.21.2.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmTbET4ACgkQDLoIV1+D
-ct8zBQ/+LugwKy9Y9b3lVaLxPM/qxntLi4Bq5C2GVQ+bED7YCvUiL8aIzJbuTVpf
-GLWLtVuf6vxKz2V17JKOluVMqRDBZDexHZv9EvVjhanqMpvV32tSa60HF4e7lER+
-3iP/bIjSi2U9ixOcNICNnK2DeFGY601C1KT4cLs3H76pfb1miPItm7p79UNicz1o
-V6KgG0J5F4ktYiTonb0TXYdCAvY/3ROEYwmmRpCjtkBCzTdr9tVXU0n6Yc0wsfBD
-AXkyqlUhisMWxqGrLZMnkIx3LA83nMHG8nY/doqOYzKuE9a4cBe69+Bl6e9NRY7G
-ysD2J1cZ2imCYoalUcxrLfnd3fwPpcrlnuwH5DKJtcJGEUNwydjyWZeMl87pbhb1
-lOggcn8DL6l3vqBpkTBE4IQw3s+B1+BylpjXBsvzxGYHerpffIqsHzHywguiJutT
-bkP5ktjZ0QHAZ6PYA6NleGjPbBg/Jeywg1Mjrx+2IdBAYnS0KtTSa72Zqqb8eGmQ
-iCVpy9gK7zX7UCLm33M6HVtC9ffJ4vajcShk25u8uKuomTQgK3lGoN0wX55OE+sO
-AkMSuFxPNsNheMI53Zjutc4NzEscy09G8VxHwGqcEwD+NF7+2GpPuOq9ot9nH+Jd
-xoVYjhqxeb5Uq6lgp0B8sILLqwg1+gEXWdA+rR5Tx+ykv8HESxg=
-=aMVp
-----END PGP SIGNATURE-----
--- a/krb5-1.21.3.tar.gz
+++ b/krb5-1.21.3.tar.gz
--- a/krb5-1.21.3.tar.gz.asc
+++ b/krb5-1.21.3.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmZ8eHkACgkQDLoIV1+D
+ct//gw//bmvy6zXbKL6epNaExVgRdqzfQWm6WqeyGNxg59BQyJwsRsArsQRbSTZl
+uUExbV4HDTI/SemnYT8MfNOUtGZBCcAMYUr79Zmwi9S2pc30ZHIGcOf5E7HvIj6y
+ZZUvddoxWvxpruCuJHb9dP4ZUPE0iU2rJnLsXR/H4E574WlrWBjXu3gimLen7+yg
+aCLxIvw6lk4f/X8l+aqbK+haWHwMnca+kWSPbmL2iblHVqmoJVEmWhy7/9WjiT5S
+5HhDJIObO2qn1pbE1ZTQqfGOfFgOUVxTl2myMxX1RXEDVFzdLDdnoUJRt4o4GG27
+Y0WfLtmN6NisVF91dkl2+F7js+xVI3m9uZnpeccKO2Uq6BQRrfOMWUAHVKMUJZjh
+h0GMeTzOhw7qGKitAiuhauyDMMTgMx78bC0DpLYtq24fp7BSvD0jNZnfjUXVCk8D
+al9cfxC5m843aKiJ01Of13PziZsTQFz/TUsOrcpx4h7+qY7nldrovkQBiyVbbtn4
+MncYq8d84G/0vsbJ/6ftJ6Y+OL20jyzfC5xgmKtK/y1D987aum2BSudISUCylOOt
+j5/KiTRe0rWUjBNtoCjrtw4xlSbygmjuiE/xtcow0CHXDtMjlo8PrDi8W+xccBv2
+zQ2B+e9ywkF4uC/M91s/bVSMkOtxv2JCoUUHOMF4ku5vzKSOhyk=
+=TH0A
+-----END PGP SIGNATURE-----
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Mon Jul  1 07:50:59 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
+
+- Update to 1.21.3
+  * Fix vulnerabilities in GSS message token handling:
+    * CVE-2024-37370, bsc#1227186
+    * CVE-2024-37371, bsc#1227187
+  * Fix a potential bad pointer free in krb5_cccol_have_contents()
+  * Fix a memory leak in the macOS ccache type
+- Update patch 0009-Fix-three-memory-leaks.patch
+
+-------------------------------------------------------------------
+Fri Mar 22 09:19:41 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
+
+- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
+  * CVE-2024-26458, bsc#1220770
+  * CVE-2024-26461, bsc#1220771
+  * CVE-2024-26462, bsc#1220772
+
 -------------------------------------------------------------------
 Thu Feb 29 10:07:57 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -24,7 +24,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           krb5-mini
-Version:        1.21.2
+Version:        1.21.3
 Release:        0
 Summary:        MIT Kerberos5 implementation and libraries with minimal dependencies
 License:        MIT
@ -44,6 +44,7 @@ Patch5:         0005-krb5-1.6.3-ktutil-manpage.patch
 Patch6:         0006-krb5-1.12-api.patch
 Patch7:         0007-SELinux-integration.patch
 Patch8:         0008-krb5-1.9-debuginfo.patch
+Patch9:         0009-Fix-three-memory-leaks.patch
 BuildRequires:  autoconf
 BuildRequires:  bison
 BuildRequires:  pkgconfig
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Jul  1 07:50:59 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
+
+- Update to 1.21.3
+  * Fix vulnerabilities in GSS message token handling:
+    * CVE-2024-37370, bsc#1227186
+    * CVE-2024-37371, bsc#1227187
+  * Fix a potential bad pointer free in krb5_cccol_have_contents()
+  * Fix a memory leak in the macOS ccache type
+- Update patch 0009-Fix-three-memory-leaks.patch
+
 -------------------------------------------------------------------
 Mon May 13 14:06:29 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>

--- a/krb5.spec
+++ b/krb5.spec
@ -21,7 +21,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           krb5
-Version:        1.21.2
+Version:        1.21.3
 Release:        0
 Summary:        MIT Kerberos5 implementation
 License:        MIT