16114c3494
* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch, gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch, gnu/packages/patches/mit-krb5-CVE-2015-2696.patch, gnu/packages/patches/mit-krb5-CVE-2015-2697.patch, gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch, gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: Delete files. * gnu/packages/patches/mit-krb5-CVE-2015-8629.patch, gnu/packages/patches/mit-krb5-CVE-2015-8630.patch, gnu/packages/patches/mit-krb5-CVE-2015-8631.patch, gnu/packages/patches/mit-krb5-init-context-null-spnego.patch: New files. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/mit-krb5.scm (mit-krb5): Update to 1.13.3. [source]: Update URI to download conventional .tar.gz file. Add patches. [native-inputs]: Remove old patches-as-inputs. [arguments]: Remove hacks needed to cope with the older unconventional tarball that contained an inner source tarball and signature: Remove #:modules argument, and the custom 'unpack' and 'apply-patches' phases.
50 lines
1.9 KiB
Diff
50 lines
1.9 KiB
Diff
Copied from Fedora.
|
|
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22
|
|
|
|
From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
|
|
From: Simo Sorce <simo@redhat.com>
|
|
Date: Tue, 5 Jan 2016 12:11:59 -0500
|
|
Subject: [PATCH] Check internal context on init context errors
|
|
|
|
If the mechanism deletes the internal context handle on error, the
|
|
mechglue must do the same with the union context, to avoid crashes if
|
|
the application calls other functions with this invalid union context.
|
|
|
|
[ghudson@mit.edu: edit commit message and code comment]
|
|
|
|
ticket: 8337 (new)
|
|
target_version: 1.14-next
|
|
target_version: 1.13-next
|
|
tags: pullup
|
|
---
|
|
src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
|
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
|
|
index aaae767..9f154b8 100644
|
|
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
|
|
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
|
|
@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
|
|
|
|
if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
|
|
/*
|
|
- * the spec says (the preferred) method is to delete all
|
|
- * context info on the first call to init, and on all
|
|
- * subsequent calls make the caller responsible for
|
|
- * calling gss_delete_sec_context
|
|
+ * The spec says the preferred method is to delete all context info on
|
|
+ * the first call to init, and on all subsequent calls make the caller
|
|
+ * responsible for calling gss_delete_sec_context. However, if the
|
|
+ * mechanism decided to delete the internal context, we should also
|
|
+ * delete the union context.
|
|
*/
|
|
map_error(minor_status, mech);
|
|
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
|
|
+ *context_handle = GSS_C_NO_CONTEXT;
|
|
if (*context_handle == GSS_C_NO_CONTEXT) {
|
|
free(union_ctx_id->mech_type->elements);
|
|
free(union_ctx_id->mech_type);
|
|
--
|
|
2.6.4
|
|
|