rpms/krb5/devel krb5.spec, 1.188, 1.189 krb5-1.6.3-spnego-crash.patch, 1.1, NONE

Tue Apr 7 18:16:58 UTC 2009

Author: nalin

Update of /cvs/extras/rpms/krb5/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14391/devel

Modified Files:
	krb5.spec 
Removed Files:
	krb5-1.6.3-spnego-crash.patch 
Log Message:
- remove obsolete patch for CVE-2009-0845
- add patches for read overflow and null pointer dereference in the
  implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
- add patch for attempt to free uninitialized pointer in libkrb5
  (CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)



Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.188
retrieving revision 1.189
diff -u -r1.188 -r1.189

--- krb5.spec	6 Apr 2009 20:33:44 -0000	1.188
+++ krb5.spec	7 Apr 2009 18:16:28 -0000	1.189
@@ -13,7 +13,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.6.3
-Release: 100%{?dist}
+Release: 101%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -97,7 +97,9 @@
 Patch78: krb5-1.6.3-lucid-acceptor.patch
 Patch79: krb5-trunk-ftp_mget_case.patch
 Patch80: krb5-trunk-preauth-master.patch
-Patch81: krb5-1.6.3-spnego-crash.patch
+Patch82: krb5-CVE-2009-0844-0845-2.patch
+Patch83: krb5-CVE-2009-0846.patch
+Patch84: krb5-CVE-2009-0847.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -226,6 +228,15 @@
 certificate.
 
 %changelog
+* Tue Apr  7 2009 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-101
+- add patches for read overflow and null pointer dereference in the
+  implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
+- add patch for attempt to free uninitialized pointer in libkrb5
+  (CVE-2009-0846)
+- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
+- put the krb5-user .info file into just -workstation and not also
+  -workstation-clients
+
 * Mon Apr  6 2009 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-100
 - turn off krb4 support (it won't be part of the 1.7 release, but do it now)
 - use triggeruns to properly shut down and disable krb524d when -server and
@@ -1212,7 +1223,7 @@
 - apply second set of buffer overflow fixes from Tom Yu
 - fix from Dirk Husung for a bug in buffer cleanups in the test suite
 - work around possibly broken rev binary in running test suite
-- move default realm configs from /var/kerberos to %{_var}/kerberos
+- move default realm configs from /var/kerberos to %%{_var}/kerberos
 
 * Tue Jun  6 2000 Nalin Dahyabhai <nalin at redhat.com>
 - make ksu and v4rcp owned by root
@@ -1408,7 +1419,9 @@
 %patch78 -p0 -b .lucid_acceptor
 %patch79 -p0 -b .ftp_mget_case
 %patch80 -p0 -b .preauth_master
-%patch81 -p0 -b .spnego-crash
+%patch82 -p1 -b .CVE-2009-0844-0845-2
+%patch83 -p1 -b .CVE-2009-0846
+%patch84 -p1 -b .CVE-2009-0847
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -1674,7 +1687,7 @@
 /sbin/install-info %{_infodir}/krb5-user.info %{_infodir}/dir
 exit 0
 
-%preun workstation
+%postun workstation
 if [ "$1" -eq "0" ] ; then
 	/sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir
 fi
@@ -1730,7 +1743,6 @@
 %docdir %{krb5prefix}/man
 %doc doc/{ftp,rcp,rlogin,rsh,telnet}.html
 %attr(0755,root,root) %doc src/config-files/convert-config-files
-%{_infodir}/krb5-user.info*
 
 %dir %{krb5prefix}
 %dir %{krb5prefix}/bin


--- krb5-1.6.3-spnego-crash.patch DELETED ---


