rpms/krb5/F-12 2009-003-patch.txt,NONE,1.1 krb5.spec,1.215,1.216
Nalin Dahyabhai
nalin at fedoraproject.org
Mon Jan 4 15:56:16 UTC 2010
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18291/F-12
Modified Files:
krb5.spec
Added Files:
2009-003-patch.txt
Log Message:
- add upstream patch for KDC crash during referral processing (CVE-2009-3295),
via Tom Yu
--- NEW FILE 2009-003-patch.txt ---
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 298e132..12180ff 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ)
free(temp_buf);
if (retval) {
/* no match found */
- kdc_err(kdc_context, retval, 0);
+ kdc_err(kdc_context, retval, "unable to find realm of host");
goto cleanup;
}
if (realms == 0) {
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index efff818..ef3735a 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
char *cp;
char *syslogp;
+ if (whoami == NULL || format == NULL)
+ return;
+
/* Make the header */
snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
/*
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5.spec,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -p -r1.215 -r1.216
--- krb5.spec 21 Dec 2009 19:43:57 -0000 1.215
+++ krb5.spec 4 Jan 2010 15:56:16 -0000 1.216
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7
-Release: 14%{?dist}
+Release: 15%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -80,6 +80,7 @@ Patch88: krb5-1.7-sizeof.patch
Patch89: krb5-1.7-largefile.patch
Patch90: krb5-1.7-openssl-1.0.patch
Patch91: krb5-1.7-spnego-deleg.patch
+Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -216,6 +217,10 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Mon Jan 4 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-15
+- add upstream patch for KDC crash during referral processing (CVE-2009-3295),
+ via Tom Yu
+
* Mon Dec 21 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-14
- refresh patch for #542868 from trunk
@@ -1520,6 +1525,7 @@ popd
%patch89 -p1 -b .largefile
%patch90 -p0 -b .openssl-1.0
%patch91 -p0 -b .spnego-deleg
+%patch92 -p1 -b .2009-003
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
More information about the fedora-extras-commits
mailing list