rpms/krb5/devel 2007-004-patch.txt, NONE, 1.1 2007-005-patch.txt, NONE, 1.1 krb5.spec, 1.120, 1.121
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Wed Jun 27 06:08:36 UTC 2007
Author: nalin
Update of /cvs/extras/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13575
Modified Files:
krb5.spec
Added Files:
2007-004-patch.txt 2007-005-patch.txt
Log Message:
- incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005
--- NEW FILE 2007-004-patch.txt ---
*** src/lib/rpc/svc_auth_gssapi.c (revision 20015)
--- src/lib/rpc/svc_auth_gssapi.c (local)
***************
*** 149,154 ****
--- 149,156 ----
rqst->rq_xprt->xp_auth = &svc_auth_none;
memset((char *) &call_res, 0, sizeof(call_res));
+ creds.client_handle.length = 0;
+ creds.client_handle.value = NULL;
cred = &msg->rm_call.cb_cred;
verf = &msg->rm_call.cb_verf;
*** src/lib/rpc/svc_auth_unix.c (revision 20015)
--- src/lib/rpc/svc_auth_unix.c (local)
***************
*** 64,71 ****
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
! u_int auth_len;
! int str_len, gid_len;
register int i;
rqst->rq_xprt->xp_auth = &svc_auth_none;
--- 64,70 ----
char area_machname[MAX_MACHINE_NAME+1];
int area_gids[NGRPS];
} *area;
! u_int auth_len, str_len, gid_len;
register int i;
rqst->rq_xprt->xp_auth = &svc_auth_none;
***************
*** 74,80 ****
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
! auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, (int)auth_len);
if (buf != NULL) {
--- 73,81 ----
aup = &area->area_aup;
aup->aup_machname = area->area_machname;
aup->aup_gids = area->area_gids;
! auth_len = msg->rm_call.cb_cred.oa_length;
! if (auth_len > INT_MAX)
! return AUTH_BADCRED;
xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
buf = XDR_INLINE(&xdrs, (int)auth_len);
if (buf != NULL) {
***************
*** 84,90 ****
stat = AUTH_BADCRED;
goto done;
}
! memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / BYTES_PER_XDR_UNIT;
--- 85,91 ----
stat = AUTH_BADCRED;
goto done;
}
! memmove(aup->aup_machname, buf, str_len);
aup->aup_machname[str_len] = 0;
str_len = RNDUP(str_len);
buf += str_len / BYTES_PER_XDR_UNIT;
***************
*** 104,110 ****
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
! (void) printf("bad auth_len gid %d str %d auth %d\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
--- 105,111 ----
* timestamp, hostname len (0), uid, gid, and gids len (0).
*/
if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
! (void) printf("bad auth_len gid %u str %u auth %u\n",
gid_len, str_len, auth_len);
stat = AUTH_BADCRED;
goto done;
--- NEW FILE 2007-005-patch.txt ---
*** src/kadmin/server/server_stubs.c (revision 20024)
--- src/kadmin/server/server_stubs.c (local)
***************
*** 545,557 ****
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
- char prime_arg[BUFSIZ];
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
char *errmsg;
xdr_free(xdr_generic_ret, &ret);
--- 545,558 ----
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
char *errmsg;
+ size_t tlen1, tlen2, clen, slen;
+ char *tdots1, *tdots2, *cdots, *sdots;
xdr_free(xdr_generic_ret, &ret);
***************
*** 572,578 ****
ret.code = KADM5_BAD_PRINCIPAL;
goto exit_func;
}
! sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
--- 573,586 ----
ret.code = KADM5_BAD_PRINCIPAL;
goto exit_func;
}
! tlen1 = strlen(prime_arg1);
! trunc_name(&tlen1, &tdots1);
! tlen2 = strlen(prime_arg2);
! trunc_name(&tlen2, &tdots2);
! clen = client_name.length;
! trunc_name(&clen, &cdots);
! slen = service_name.length;
! trunc_name(&slen, &sdots);
ret.code = KADM5_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
***************
*** 590,597 ****
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
! log_unauth("kadm5_rename_principal", prime_arg,
! &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
--- 598,612 ----
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
! krb5_klog_syslog(LOG_NOTICE,
! "Unauthorized request: kadm5_rename_principal, "
! "%.*s%s to %.*s%s, "
! "client=%.*s%s, service=%.*s%s, addr=%s",
! tlen1, prime_arg1, tdots1,
! tlen2, prime_arg2, tdots2,
! clen, client_name.value, cdots,
! slen, service_name.value, sdots,
! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
***************
*** 600,607 ****
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
! log_done("kadm5_rename_principal", prime_arg, errmsg,
! &client_name, &service_name, rqstp);
}
free_server_handle(handle);
free(prime_arg1);
--- 615,629 ----
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
! krb5_klog_syslog(LOG_NOTICE,
! "Request: kadm5_rename_principal, "
! "%.*s%s to %.*s%s, %s, "
! "client=%.*s%s, service=%.*s%s, addr=%s",
! tlen1, prime_arg1, tdots1,
! tlen2, prime_arg2, tdots2, errmsg,
! clen, client_name.value, cdots,
! slen, service_name.value, sdots,
! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
}
free_server_handle(handle);
free(prime_arg1);
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- krb5.spec 25 Jun 2007 01:16:51 -0000 1.120
+++ krb5.spec 27 Jun 2007 06:08:01 -0000 1.121
@@ -14,7 +14,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.1
-Release: 5
+Release: 8%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -88,6 +88,9 @@
Patch62: krb5-any-fixup-patch.txt
Patch63: krb5-1.6.1-selinux-label.patch
+Patch70: http://web.mit.edu/kerberos/advisories/2007-004-patch.txt
+Patch71: http://web.mit.edu/kerberos/advisories/2007-005-patch.txt
+
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
@@ -203,6 +206,18 @@
%endif
%changelog
+* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-8
+- incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005
+
+* Mon Jun 25 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-7
+- reintroduce missing %%postun for the non-split_workstation case
+
+* Mon Jun 25 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-6
+- rebuild
+
+* Mon Jun 25 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-5.1
+- rebuild
+
* Sun Jun 24 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-5
- add missing pam-devel build requirement, force selinux-or-fail build
@@ -264,6 +279,9 @@
the part of the default/example kdc.conf where they'll actually have
an effect (#236417)
+* Thu Apr 5 2007 Nalin Dahyabhai <nalin at redhat.com> 1.5-24
+- merge security fixes from RHSA-2007:0095
+
* Tue Apr 3 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6-3
- add patch to correct unauthorized access via krb5-aware telnet
daemon (#229782, CVE-2007-0956)
@@ -278,10 +296,24 @@
- add buildrequires: on keyutils-libs-devel to enable use of keyring ccaches,
dragging keyutils-libs in as a dependency
+* Mon Mar 19 2007 Nalin Dahyabhai <nalin at redhat.com> 1.5-23
+- fix bug ID in changelog
+
+* Thu Mar 15 2007 Nalin Dahyabhai <nalin at redhat.com> 1.5-22
+
+* Thu Mar 15 2007 Nalin Dahyabhai <nalin at redhat.com> 1.5-21
+- add preliminary patch to fix buffer overflow in krb5kdc and kadmind
+ (#231528, CVE-2007-0957)
+- add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)
+
* Wed Feb 28 2007 Nalin Dahyabhai <nalin at redhat.com>
- add patch to build semi-useful static libraries, but don't apply it unless
we need them
+* Tue Feb 27 2007 Nalin Dahyabhai <nalin at redhat.com> - 1.5-20
+- temporarily back out %%post changes, fix for #143289 for security update
+- add preliminary patch to correct unauthorized access via krb5-aware telnet
+
* Mon Feb 19 2007 Nalin Dahyabhai <nalin at redhat.com>
- make profile.d scriptlets mode 644 instead of 755 (part of #225974)
@@ -1164,6 +1196,8 @@
#%patch55 -p1 -b .empty
%patch56 -p0 -b .get_opt_fixup
%patch57 -p1 -b .ftp-nospew
+%patch70 -p0 -b .2007-004
+%patch71 -p0 -b .2007-005
cp src/krb524/README README.krb524
gzip doc/*.ps
@@ -1375,13 +1409,20 @@
/sbin/service krb524 condrestart > /dev/null 2>&1 || :
/sbin/service kprop condrestart > /dev/null 2>&1 || :
fi
+exit 0
%if %{split_workstation}
%post workstation-servers
/sbin/service xinetd reload > /dev/null 2>&1 || :
+exit 0
%postun workstation-servers
/sbin/service xinetd reload > /dev/null 2>&1 || :
+exit 0
+%else
+%postun workstation
+/sbin/service xinetd reload > /dev/null 2>&1 || :
+exit 0
%endif
%post workstation
More information about the fedora-extras-commits
mailing list