rpms/krb5/F-7 CVE-2007-3999.patch, NONE, 1.1 CVE-2007-4000.patch, NONE, 1.1 krb5.spec, 1.113, 1.114
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Tue Sep 4 18:10:53 UTC 2007
- Previous message (by thread): rpms/bug-buddy/devel .cvsignore, 1.35, 1.36 bug-buddy.spec, 1.78, 1.79 sources, 1.35, 1.36
- Next message (by thread): rpms/krb5/devel CVE-2007-3999.patch, NONE, 1.1 CVE-2007-4000.patch, NONE, 1.1 krb5.spec, 1.131, 1.132
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23417/F-7
Modified Files:
krb5.spec
Added Files:
CVE-2007-3999.patch CVE-2007-4000.patch
Log Message:
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
CVE-2007-3999.patch:
--- NEW FILE CVE-2007-3999.patch ---
*** src/lib/rpc/svc_auth_gss.c (revision 20254)
--- src/lib/rpc/svc_auth_gss.c (local)
***************
*** 339,345 ****
oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
! if (oa->oa_length) {
memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
buf += RNDUP(oa->oa_length) / sizeof(int32_t);
}
--- 339,345 ----
oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
! if (oa->oa_length && oa->oa_length <= sizeof(rpchdr)) {
memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
buf += RNDUP(oa->oa_length) / sizeof(int32_t);
}
CVE-2007-4000.patch:
--- NEW FILE CVE-2007-4000.patch ---
*** src/lib/kadm5/srv/svr_policy.c (revision 20254)
--- src/lib/kadm5/srv/svr_policy.c (local)
***************
*** 211,218 ****
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
! ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
! if( ret && (cnt==0) )
return KADM5_UNK_POLICY;
if ((mask & KADM5_PW_MAX_LIFE))
--- 211,219 ----
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
! if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
! return ret;
! if (cnt != 1)
return KADM5_UNK_POLICY;
if ((mask & KADM5_PW_MAX_LIFE))
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-7/krb5.spec,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- krb5.spec 27 Jun 2007 18:41:04 -0000 1.113
+++ krb5.spec 4 Sep 2007 18:10:20 -0000 1.114
@@ -11,7 +11,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.1
-Release: 2.1%{?dist}
+Release: 3%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -77,6 +77,8 @@
Patch55: krb5-1.6.1-empty.patch
Patch56: krb5-1.6.1-get_opt_fixup.patch
Patch57: krb5-1.6.1-ftp-nospew.patch
+Patch58: CVE-2007-3999.patch
+Patch59: CVE-2007-4000.patch
Patch62: krb5-any-fixup-patch.txt
@@ -196,6 +198,9 @@
%endif
%changelog
+* Tue Sep 4 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-3
+- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
+
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.1
- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
and MITKRB5-SA-2007-005 (CVE-2007-2798)
@@ -1142,6 +1147,8 @@
#%patch55 -p1 -b .empty
%patch56 -p0 -b .get_opt_fixup
%patch57 -p1 -b .ftp-nospew
+%patch58 -p0 -b .2007-3999
+%patch59 -p0 -b .2007-4000
%patch70 -p0 -b .2007-004
%patch71 -p0 -b .2007-005
cp src/krb524/README README.krb524
- Previous message (by thread): rpms/bug-buddy/devel .cvsignore, 1.35, 1.36 bug-buddy.spec, 1.78, 1.79 sources, 1.35, 1.36
- Next message (by thread): rpms/krb5/devel CVE-2007-3999.patch, NONE, 1.1 CVE-2007-4000.patch, NONE, 1.1 krb5.spec, 1.131, 1.132
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list