rpms/krb5/devel 2009-003-patch.txt,NONE,1.1 krb5.spec,1.223,1.224

Nalin Dahyabhai nalin at fedoraproject.org
Mon Jan 4 15:56:25 UTC 2010


Author: nalin

Update of /cvs/extras/rpms/krb5/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18334/devel

Modified Files:
	krb5.spec 
Added Files:
	2009-003-patch.txt 
Log Message:
- add upstream patch for KDC crash during referral processing (CVE-2009-3295),
  via Tom Yu



--- NEW FILE 2009-003-patch.txt ---
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 298e132..12180ff 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ)
             free(temp_buf);
             if (retval) {
                 /* no match found */
-                kdc_err(kdc_context, retval, 0);
+                kdc_err(kdc_context, retval, "unable to find realm of host");
                 goto cleanup;
             }
             if (realms == 0) {
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index efff818..ef3735a 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
     char	*cp;
     char	*syslogp;
 
+    if (whoami == NULL || format == NULL)
+        return;
+
     /* Make the header */
     snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
     /*


Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -p -r1.223 -r1.224
--- krb5.spec	21 Dec 2009 19:41:25 -0000	1.223
+++ krb5.spec	4 Jan 2010 15:56:24 -0000	1.224
@@ -10,7 +10,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.7
-Release: 14%{?dist}
+Release: 15%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -80,6 +80,7 @@ Patch88: krb5-1.7-sizeof.patch
 Patch89: krb5-1.7-largefile.patch
 Patch90: krb5-1.7-openssl-1.0.patch
 Patch91: krb5-1.7-spnego-deleg.patch
+Patch92: http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -216,6 +217,10 @@ to obtain initial credentials from a KDC
 certificate.
 
 %changelog
+* Mon Jan  4 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7-15
+- add upstream patch for KDC crash during referral processing (CVE-2009-3295),
+  via Tom Yu
+
 * Mon Dec 21 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-14
 - refresh patch for #542868 from trunk
 
@@ -1520,6 +1525,7 @@ popd
 %patch89 -p1 -b .largefile
 %patch90 -p0 -b .openssl-1.0
 %patch91 -p0 -b .spnego-deleg
+%patch92 -p1 -b .2009-003
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex




More information about the fedora-extras-commits mailing list