rpms/krb5/F-8 krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.152, 1.153
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Tue Mar 18 18:13:51 UTC 2008
- Previous message (by thread): rpms/krb5/F-7 krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.125, 1.126
- Next message (by thread): rpms/krb5/devel krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.163, 1.164
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29556/F-8
Modified Files:
krb5.spec
Added Files:
krb5-CVE-2007-5901.patch krb5-CVE-2007-5971.patch
krb5-CVE-2008-0062,0063.patch krb5-CVE-2008-0947.patch
Log Message:
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
#432620, #432621)
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351)
krb5-CVE-2007-5901.patch:
--- NEW FILE krb5-CVE-2007-5901.patch ---
Patch for CVE-2007-5901, pulled from SVN per #415321.
diff -up src/lib/gssapi/mechglue/g_initialize.c src/lib/gssapi/mechglue/g_initialize.c
--- src/lib/gssapi/mechglue/g_initialize.c 2008-03-04 16:29:13.000000000 -0500
+++ src/lib/gssapi/mechglue/g_initialize.c 2008-03-04 16:29:16.000000000 -0500
@@ -210,7 +210,7 @@ gss_OID_set *mechSet;
free((*mechSet)->elements[j].elements);
}
free((*mechSet)->elements);
- free(mechSet);
+ free(*mechSet);
*mechSet = NULL;
return (GSS_S_FAILURE);
}
krb5-CVE-2007-5971.patch:
--- NEW FILE krb5-CVE-2007-5971.patch ---
Patch for CVE-2007-5971, pulled from SVN per #415351.
diff -up src/lib/gssapi/krb5/k5sealv3.c src/lib/gssapi/krb5/k5sealv3.c
--- src/lib/gssapi/krb5/k5sealv3.c 2008-03-04 16:22:29.000000000 -0500
+++ src/lib/gssapi/krb5/k5sealv3.c 2008-03-04 16:22:22.000000000 -0500
@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_con
plain.data = 0;
if (err) {
zap(outbuf,bufsize);
- free(outbuf);
goto error;
}
if (sum.length != ctx->cksum_size)
***** Not enough context to create diffstat for file: krb5-CVE-2008-0062,0063.patch,NONE,1.1
***** Not enough context to create diff for file: krb5-CVE-2008-0062,0063.patch,NONE,1.1
krb5-CVE-2008-0947.patch:
--- NEW FILE krb5-CVE-2008-0947.patch ---
Patch from MITKRB5-SA-2008-002.
=== src/lib/rpc/svc.c
==================================================================
--- src/lib/rpc/svc.c (revision 1666)
+++ src/lib/rpc/svc.c (local)
@@ -109,15 +109,17 @@
if (sock < FD_SETSIZE) {
xports[sock] = xprt;
FD_SET(sock, &svc_fdset);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#else
if (sock < NOFILE) {
xports[sock] = xprt;
svc_fds |= (1 << sock);
+ if (sock > svc_maxfd)
+ svc_maxfd = sock;
}
#endif /* def FD_SETSIZE */
- if (sock > svc_maxfd)
- svc_maxfd = sock;
}
/*
=== src/lib/rpc/svc_tcp.c
==================================================================
--- src/lib/rpc/svc_tcp.c (revision 1666)
+++ src/lib/rpc/svc_tcp.c (local)
@@ -54,6 +54,14 @@
extern errno;
*/
+#ifndef FD_SETSIZE
+#ifdef NBBY
+#define NOFILE (sizeof(int) * NBBY)
+#else
+#define NOFILE (sizeof(int) * 8)
+#endif
+#endif
+
/*
* Ops vector for TCP/IP based rpc service handle
*/
@@ -215,6 +223,19 @@
register SVCXPRT *xprt;
register struct tcp_conn *cd;
+#ifdef FD_SETSIZE
+ if (fd >= FD_SETSIZE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#else
+ if (fd >= NOFILE) {
+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+ xprt = NULL;
+ goto done;
+ }
+#endif
xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
if (xprt == (SVCXPRT *)NULL) {
(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
@@ -271,6 +292,10 @@
* make a new transporter (re-uses xprt)
*/
xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+ if (xprt == NULL) {
+ close(sock);
+ return (FALSE);
+ }
xprt->xp_raddr = addr;
xprt->xp_addrlen = len;
xprt->xp_laddr = laddr;
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-8/krb5.spec,v
retrieving revision 1.152
retrieving revision 1.153
diff -u -r1.152 -r1.153
--- krb5.spec 18 Mar 2008 18:11:41 -0000 1.152
+++ krb5.spec 18 Mar 2008 18:13:07 -0000 1.153
@@ -96,6 +96,11 @@
Patch69: krb5-1.6.1-gic_opt_chg_pwd_prmpt.patch
Patch70: krb5-1.6.2-dirsrv-accountlock.patch
+Patch73: krb5-CVE-2008-0062,0063.patch
+Patch74: krb5-CVE-2008-0947.patch
+Patch75: krb5-CVE-2007-5901.patch
+Patch76: krb5-CVE-2007-5971.patch
+
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
@@ -212,6 +217,15 @@
%changelog
* Tue Mar 18 2008 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-14
+- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
+ when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
+ #432620, #432621)
+- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
+ high-numbered descriptors are used (CVE-2008-0947, #433596)
+- add backport bug fix for an attempt to free non-heap memory in
+ libgssapi_krb5 (CVE-2007-5901, #415321)
+- add backport bug fix for a double-free in out-of-memory situations in
+ libgssapi_krb5 (CVE-2007-5971, #415351)
- fix calculation of the length of relative filenames when looking up the
SELinux labels they should be given (Pawel Salek, #436345)
@@ -1284,6 +1298,10 @@
%patch68 -p0 -b .spnego_delegation
%patch69 -p1 -b .gic_opt_chg_pwd_prmpt
%patch70 -p1 -b .dirsrv_accountlock
+%patch73 -p0 -b .2008-0062,0063
+%patch74 -p0 -b .2008-0947
+%patch75 -p0 -b .2007-5901
+%patch76 -p0 -b .2007-5971
cp src/krb524/README README.krb524
gzip doc/*.ps
- Previous message (by thread): rpms/krb5/F-7 krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.125, 1.126
- Next message (by thread): rpms/krb5/devel krb5-CVE-2007-5901.patch, NONE, 1.1 krb5-CVE-2007-5971.patch, NONE, 1.1 krb5-CVE-2008-0062, 0063.patch, NONE, 1.1 krb5-CVE-2008-0947.patch, NONE, 1.1 krb5.spec, 1.163, 1.164
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list