rpms/krb5/devel krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.163, 1.164
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Tue Mar 18 18:14:04 UTC 2008
- Previous message (by thread): rpms/krb5/F-8 krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.152, 1.153
- Next message (by thread): rpms/graphviz/devel graphviz.spec,1.46,1.47
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29556/devel
Modified Files:
krb5.spec
Added Files:
krb5-CVE-2007-5901.patch krb5-CVE-2007-5971.patch
krb5-CVE-2008-0062,0063.patch krb5-CVE-2008-0947.patch
Log Message:
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
#432620, #432621)
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351)
krb5-CVE-2007-5901.patch:
--- NEW FILE krb5-CVE-2007-5901.patch ---
Patch for CVE-2007-5901, pulled from SVN per #415321.
diff -up src/lib/gssapi/mechglue/g_initialize.c src/lib/gssapi/mechglue/g_initialize.c
--- src/lib/gssapi/mechglue/g_initialize.c 2008-03-04 16:29:13.000000000 -0500
+++ src/lib/gssapi/mechglue/g_initialize.c 2008-03-04 16:29:16.000000000 -0500
@@ -210,7 +210,7 @@ gss_OID_set *mechSet;
free((*mechSet)->elements[j].elements);
}
free((*mechSet)->elements);
- free(mechSet);
+ free(*mechSet);
*mechSet = NULL;
return (GSS_S_FAILURE);
}
krb5-CVE-2007-5971.patch:
--- NEW FILE krb5-CVE-2007-5971.patch ---
Patch for CVE-2007-5971, pulled from SVN per #415351.
diff -up src/lib/gssapi/krb5/k5sealv3.c src/lib/gssapi/krb5/k5sealv3.c
--- src/lib/gssapi/krb5/k5sealv3.c 2008-03-04 16:22:29.000000000 -0500
+++ src/lib/gssapi/krb5/k5sealv3.c 2008-03-04 16:22:22.000000000 -0500
@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_con
plain.data = 0;
if (err) {
zap(outbuf,bufsize);
- free(outbuf);
goto error;
}
if (sum.length != ctx->cksum_size)
***** Not enough context to create diffstat for file: krb5-CVE-2008-0062,0063.patch,NONE,1.1
***** Not enough context to create diff for file: krb5-CVE-2008-0062,0063.patch,NONE,1.1
krb5-CVE-2008-0947.patch:
--- NEW FILE krb5-CVE-2008-0947.patch ---
Patch from MITKRB5-SA-2008-002.
=== src/lib/rpc/svc.c
==================================================================
--- src/lib/rpc/svc.c (revision 1666)
+++ src/lib/rpc/svc.c (local)
@@ -109,15 +109,17 @@
if (sock < FD_SETSIZE) {
xports[sock] = xprt;
FD_SET(sock, &svc_fdset);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#else
if (sock < NOFILE) {
xports[sock] = xprt;
svc_fds |= (1 << sock);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#endif /* def FD_SETSIZE */
- if (sock > svc_maxfd)
- svc_maxfd = sock;
}
/*
=== src/lib/rpc/svc_tcp.c
==================================================================
--- src/lib/rpc/svc_tcp.c (revision 1666)
+++ src/lib/rpc/svc_tcp.c (local)
@@ -54,6 +54,14 @@
extern errno;
*/
+#ifndef FD_SETSIZE
+#ifdef NBBY
+#define NOFILE (sizeof(int) * NBBY)
+#else
+#define NOFILE (sizeof(int) * 8)
+#endif
+#endif
+
/*
* Ops vector for TCP/IP based rpc service handle
*/
@@ -215,6 +223,19 @@
register SVCXPRT *xprt;
register struct tcp_conn *cd;
+#ifdef FD_SETSIZE
+ if (fd >= FD_SETSIZE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#else
+ if (fd >= NOFILE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#endif
xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
if (xprt == (SVCXPRT *)NULL) {
(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
@@ -271,6 +292,10 @@
* make a new transporter (re-uses xprt)
*/
xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+ if (xprt == NULL) {
+ close(sock);
+ return (FALSE);
+ }
xprt->xp_raddr = addr;
xprt->xp_addrlen = len;
xprt->xp_laddr = laddr;
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- krb5.spec 18 Mar 2008 15:35:39 -0000 1.163
+++ krb5.spec 18 Mar 2008 18:13:22 -0000 1.164
@@ -16,7 +16,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.3
-Release: 9%{?dist}
+Release: 10%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -96,6 +96,10 @@
Patch71: krb5-1.6.2-dirsrv-accountlock.patch
Patch72: krb5-1.6.3-ftp_fdleak.patch
Patch73: krb5-1.6.3-ftp_glob_runique.patch
+Patch74: krb5-CVE-2008-0062,0063.patch
+Patch75: krb5-CVE-2008-0947.patch
+Patch76: krb5-CVE-2007-5901.patch
+Patch77: krb5-CVE-2007-5971.patch
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
@@ -226,6 +230,17 @@
certificate.
%changelog
+* Tue Mar 18 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-10
+- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
+ when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
+ #432620, #432621)
+- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
+ high-numbered descriptors are used (CVE-2008-0947, #433596)
+- add backport bug fix for an attempt to free non-heap memory in
+ libgssapi_krb5 (CVE-2007-5901, #415321)
+- add backport bug fix for a double-free in out-of-memory situations in
+ libgssapi_krb5 (CVE-2007-5971, #415351)
+
* Tue Mar 18 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-9
- rework file labeling patch to not depend on fragile preprocessor trickery,
in another attempt at fixing #428355 and friends
@@ -1330,6 +1345,10 @@
%patch71 -p1 -b .dirsrv-accountlock
%patch72 -p1 -b .ftp_fdleak
%patch73 -p1 -b .ftp_glob_runique
+%patch74 -p0 -b .2008-0062,0063
+%patch75 -p0 -b .2008-0947
+%patch76 -p0 -b .2007-5901
+%patch77 -p0 -b .2007-5971
cp src/krb524/README README.krb524
gzip doc/*.ps
- Previous message (by thread): rpms/krb5/F-8 krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.152, 1.153
- Next message (by thread): rpms/graphviz/devel graphviz.spec,1.46,1.47
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list