Overview

File project.diff of Package krb5

--- bug-888697-CVE-2014-4343-Fix-double-free-in-SPNEGO.dif.orig
+++ bug-888697-CVE-2014-4343-Fix-double-free-in-SPNEGO.dif
@@ -53,7 +53,7 @@ diff --git a/src/lib/gssapi/spnego/spneg
 index 173c6d2..8f829d8 100644
 --- a/src/lib/gssapi/spnego/spnego_mech.c
 +++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -818,7 +818,6 @@ init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+@@ -773,7 +773,6 @@ init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
  	OM_uint32 tmpmin;
  	size_t i;
  
--- bug-888697-CVE-2014-4344-fix-null-deref-in-SPNEGO-acceptor.dif.orig
+++ bug-888697-CVE-2014-4344-fix-null-deref-in-SPNEGO-acceptor.dif
@@ -35,7 +35,7 @@ diff --git a/src/lib/gssapi/spnego/spneg
 index 8f829d8..2aa6810 100644
 --- a/src/lib/gssapi/spnego/spnego_mech.c
 +++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -1468,7 +1468,7 @@ acc_ctx_cont(OM_uint32 *minstat,
+@@ -1420,7 +1420,7 @@ acc_ctx_cont(OM_uint32 *minstat,
  
  	ptr = bufstart = buf->value;
  #define REMAIN (buf->length - (ptr - bufstart))
--- bug-891082-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.dif.orig
+++ bug-891082-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.dif
@@ -2,7 +2,7 @@ diff --git a/src/plugins/kdb/ldap/libkdb
 index ce851ea..df5934c 100644
 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
 +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
+@@ -436,7 +436,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
              j++;
              last = i + 1;
 
--- krb5-1.10-selinux-label.patch.orig
+++ krb5-1.10-selinux-label.patch
@@ -43,7 +43,7 @@ Index: krb5-1.10.2/src/aclocal.m4
  KRB5_LIB_PARAMS
  KRB5_AC_INITFINI
  KRB5_AC_ENABLE_THREADS
-@@ -1764,3 +1765,51 @@ AC_SUBST(manlocalstatedir)
+@@ -1767,3 +1768,51 @@ AC_SUBST(manlocalstatedir)
  AC_SUBST(manlibexecdir)
  AC_CONFIG_FILES($1)
  ])
@@ -133,7 +133,7 @@ Index: krb5-1.10.2/src/include/k5-int.h
 ===================================================================
 --- krb5-1.10.2.orig/src/include/k5-int.h
 +++ krb5-1.10.2/src/include/k5-int.h
-@@ -135,6 +135,7 @@ typedef unsigned char   u_char;
+@@ -134,6 +134,7 @@ typedef unsigned char   u_char;
  typedef UINT64_TYPE krb5_ui_8;
  typedef INT64_TYPE krb5_int64;
  
@@ -912,7 +912,7 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/k
 ===================================================================
 --- krb5-1.10.2.orig/src/plugins/kdb/db2/kdb_db2.c
 +++ krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c
-@@ -683,8 +683,8 @@ ctx_create_db(krb5_context context, krb5
+@@ -687,8 +687,8 @@ ctx_create_db(krb5_context context, krb5
      if (retval)
          return retval;
  
@@ -949,7 +949,7 @@ Index: krb5-1.10.2/src/kdc/main.c
 ===================================================================
 --- krb5-1.10.2.orig/src/kdc/main.c
 +++ krb5-1.10.2/src/kdc/main.c
-@@ -909,7 +909,7 @@ write_pid_file(const char *path)
+@@ -913,7 +913,7 @@ write_pid_file(const char *path)
      FILE *file;
      unsigned long pid;
  
--- krb5-1.10-spin-loop.patch.orig
+++ krb5-1.10-spin-loop.patch
@@ -18,7 +18,7 @@ Index: krb5-1.10.2/src/lib/krb5/os/sendt
 ===================================================================
 --- krb5-1.10.2.orig/src/lib/krb5/os/sendto_kdc.c
 +++ krb5-1.10.2/src/lib/krb5/os/sendto_kdc.c
-@@ -1287,7 +1287,7 @@ k5_sendto(krb5_context context, const kr
+@@ -1291,7 +1291,7 @@ k5_sendto(krb5_context context, const kr
              continue;
          if (maybe_send(context, state, sel_state, callback_info))
              continue;
--- krb5-1.8-pam.patch.orig
+++ krb5-1.8-pam.patch
@@ -15,7 +15,7 @@ Index: krb5-1.10.2/src/aclocal.m4
 ===================================================================
 --- krb5-1.10.2.orig/src/aclocal.m4
 +++ krb5-1.10.2/src/aclocal.m4
-@@ -1676,3 +1676,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
+@@ -1679,3 +1679,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
        ]))
  ])dnl
  dnl
--- krb5-1.9-manpaths.dif.orig
+++ krb5-1.9-manpaths.dif
@@ -7,7 +7,7 @@ Index: krb5-1.10.2/src/aclocal.m4
 ===================================================================
 --- krb5-1.10.2.orig/src/aclocal.m4
 +++ krb5-1.10.2/src/aclocal.m4
-@@ -1743,3 +1743,24 @@ AC_SUBST(PAM_LIBS)
+@@ -1746,3 +1746,24 @@ AC_SUBST(PAM_LIBS)
  AC_SUBST(PAM_MAN)
  AC_SUBST(NON_PAM_MAN)
  ])dnl
--- krb5-doc.spec.orig
+++ krb5-doc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package krb5-doc
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,9 +20,9 @@ Name:           krb5-doc
 BuildRequires:  ghostscript-library
 BuildRequires:  texinfo
 BuildRequires:  texlive-dvips
-Version:        1.10.2
+Version:        1.10.7
 Release:        0
-%define srcRoot krb5-1.10.2
+%define srcRoot krb5-1.10.7
 Summary:        MIT Kerberos5 Implementation--Documentation
 License:        MIT
 Group:          Documentation/Other
--- krb5-mini.spec.orig
+++ krb5-mini.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package krb5-mini
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 %define build_mini 1
-%define srcRoot krb5-1.10.2
+%define srcRoot krb5-1.10.7
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
 
@@ -30,7 +30,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.10.2
+Version:        1.10.7
 Release:        0
 Summary:        MIT Kerberos5 Implementation--Libraries
 License:        MIT
@@ -63,14 +63,8 @@ Patch12:        krb5-1.8-api.patch
 Patch13:        krb5-1.8-pam.patch
 Patch18:        krb5-1.9-kprop-mktemp.patch
 Patch19:        krb5-1.9-ksu-path.patch
-Patch20:        krb5-1.10-gcc47.patch
 Patch21:        krb5-1.10-selinux-label.patch
 Patch22:        krb5-1.10-spin-loop.patch
-Patch23:        bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
-Patch24:        bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
-Patch25:        bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif
-Patch26:        bug-825985-CVE-2002-2443-fix-UDP-ping-pong.dif
-Patch27:        bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif
 Patch28:        bug-886016-CVE-2014-4341-CVE-2014-4342-denial-of-service-flaws-when-handling-RFC-1964-tokens.dif
 Patch29:        bug-888697-CVE-2014-4343-Fix-double-free-in-SPNEGO.dif
 Patch30:        bug-888697-CVE-2014-4344-fix-null-deref-in-SPNEGO-acceptor.dif
@@ -168,13 +162,7 @@ Include Files for Development
 %patch12 -p1
 %patch18 -p1
 %patch19 -p1
-%patch20
 %patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
--- krb5.changes.orig
+++ krb5.changes
@@ -21,6 +21,42 @@ Tue Jul 15 09:37:09 UTC 2014 - ckornacke
   bug-886016-CVE-2014-4341-CVE-2014-4342-denial-of-service-flaws-when-handling-RFC-1964-tokens.dif
 
 -------------------------------------------------------------------
+Mon Jun 16 12:54:06 UTC 2014 - lmuelle@suse.com
+
+- update to version 1.10.7
+  * Fix a KDC locking issue that could lead to the KDC process holding a
+    persistent lock, preventing administrative actions such as password
+	 changes.
+  * Fix a number of bugs related to KDC master key rollover.
+  * Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs
+    that serve multiple realms.
+- update to version 1.10.6
+  * Fix a UDP ping-pong vulnerability in the kpasswd (password changing)
+    service. [CVE-2002-2443]
+  * Improve interoperability with some Windows native PKINIT clients.
+- update to version 1.10.5
+  * Fix KDC null pointer dereference in TGS-REQ handling [CVE-2013-1416]
+  * Incremental propagation could erroneously act as if a slave's database
+    were current after the slave received a full dump that failed to load.
+- update to version 1.10.4
+  * Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016,
+    CVE-2013-1415]
+  * Prevent the KDC from returning a host-based service principal referral to
+    the local realm.
+- update to version 1.10.3
+  * Fix KDC uninitialized pointer vulnerabilities that could lead to a denial
+    of service [CVE-2012-1014] or remote code execution [CVE-2012-1015].
+  * Correctly use default_tgs_enctypes instead of default_tkt_enctypes for TGS
+    requests.
+- obsolted patches:
+  * krb5-1.10-gcc47.patch
+  * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
+  * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
+  * bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif
+  * bug-825985-CVE-2002-2443-fix-UDP-ping-pong.dif
+  * bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif
+
+-------------------------------------------------------------------
 Fri Nov  8 14:17:39 UTC 2013 - ckornacker@suse.de
 
 - fix Multi-realm KDC null deref
--- krb5.spec.orig
+++ krb5.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package krb5
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 %define build_mini 0
-%define srcRoot krb5-1.10.2
+%define srcRoot krb5-1.10.7
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
 
@@ -30,7 +30,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.10.2
+Version:        1.10.7
 Release:        0
 Summary:        MIT Kerberos5 Implementation--Libraries
 License:        MIT
@@ -63,14 +63,8 @@ Patch12:        krb5-1.8-api.patch
 Patch13:        krb5-1.8-pam.patch
 Patch18:        krb5-1.9-kprop-mktemp.patch
 Patch19:        krb5-1.9-ksu-path.patch
-Patch20:        krb5-1.10-gcc47.patch
 Patch21:        krb5-1.10-selinux-label.patch
 Patch22:        krb5-1.10-spin-loop.patch
-Patch23:        bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
-Patch24:        bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
-Patch25:        bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif
-Patch26:        bug-825985-CVE-2002-2443-fix-UDP-ping-pong.dif
-Patch27:        bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif
 Patch28:        bug-886016-CVE-2014-4341-CVE-2014-4342-denial-of-service-flaws-when-handling-RFC-1964-tokens.dif
 Patch29:        bug-888697-CVE-2014-4343-Fix-double-free-in-SPNEGO.dif
 Patch30:        bug-888697-CVE-2014-4344-fix-null-deref-in-SPNEGO-acceptor.dif
@@ -168,13 +162,7 @@ Include Files for Development
 %patch12 -p1
 %patch18 -p1
 %patch19 -p1
-%patch20
 %patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
-%patch26 -p1
-%patch27 -p1
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
openSUSE Build Service is sponsored by
Places