[arch-commits] Commit in krb5/trunk (2 files)
Eric Bélanger
eric at archlinux.org
Wed Aug 13 00:13:56 UTC 2014
Date: Wednesday, August 13, 2014 @ 02:13:55
Author: eric
Revision: 219636
upgpkg: krb5 1.12.2-1
Upstream update, Remove old patch
Modified:
krb5/trunk/PKGBUILD
Deleted:
krb5/trunk/krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch
-----------------------------------------------------+
PKGBUILD | 13 +--
krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch | 64 ------------------
2 files changed, 5 insertions(+), 72 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-08-13 00:13:13 UTC (rev 219635)
+++ PKGBUILD 2014-08-13 00:13:55 UTC (rev 219636)
@@ -2,8 +2,8 @@
# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
pkgname=krb5
-pkgver=1.12.1
-pkgrel=2
+pkgver=1.12.2
+pkgrel=1
pkgdesc="The Kerberos network authentication system"
arch=('i686' 'x86_64')
url="http://web.mit.edu/kerberos/"
@@ -18,16 +18,14 @@
krb5-kdc.service
krb5-kpropd.service
krb5-kpropd at .service
- krb5-kpropd.socket
- krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch)
-sha1sums=('d59e8dc0fc9e1890e109cd033756539984e3d3fe'
+ krb5-kpropd.socket)
+sha1sums=('281ab1be7e8cf2b38134c330f0d2b3bc88da7915'
'f125824ed37f31e6fd2fdb6a437be8ff1c3700ab'
'59bbc7e686cbb4bcefddf0f134d928d7bd5e7722'
'2ef2476a8673b3b702e829d8f451c839c2273b02'
'74d66aefd291f22dd80799f0437cc03d83083ed5'
'6787c6ce2783b3f980c423e2dd4abf5236af670b'
- 'f3677d30dbbd7106c581379c2c6ebb1bf7738912'
- '8273976824137df1d42a4f9c7bafdfbd92f27d0a')
+ 'f3677d30dbbd7106c581379c2c6ebb1bf7738912')
prepare() {
# the signature and source are bundled together, so signature check needs to be done here
@@ -37,7 +35,6 @@
cd ${pkgname}-${pkgver}
# cf https://bugs.gentoo.org/show_bug.cgi?id=448778
patch -p1 -i "${srcdir}"/krb5-config_LDFLAGS.patch
- patch -p1 -i "${srcdir}"/krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch
# FS#25384
sed -i "/KRB5ROOT=/s/\/local//" src/util/ac_check_krb5.m4
Deleted: krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch
===================================================================
--- krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch 2014-08-13 00:13:13 UTC (rev 219635)
+++ krb5-81c332e29f10887c6b9deb065f81ba259f4c7e03.patch 2014-08-13 00:13:55 UTC (rev 219636)
@@ -1,64 +0,0 @@
-From 81c332e29f10887c6b9deb065f81ba259f4c7e03 Mon Sep 17 00:00:00 2001
-From: Tomas Kuthan <tkuthan at gmail.com>
-Date: Fri, 1 Aug 2014 15:25:50 +0200
-Subject: [PATCH] Fix LDAP key data segmentation [CVE-2014-4345]
-
-For principal entries having keys with multiple kvnos (due to use of
--keepold), the LDAP KDB module makes an attempt to store all the keys
-having the same kvno into a single krbPrincipalKey attribute value.
-There is a fencepost error in the loop, causing currkvno to be set to
-the just-processed value instead of the next kvno. As a result, the
-second and all following groups of multiple keys by kvno are each
-stored in two krbPrincipalKey attribute values. Fix the loop to use
-the correct kvno value.
-
-CVE-2014-4345:
-
-In MIT krb5, when kadmind is configured to use LDAP for the KDC
-database, an authenticated remote attacker can cause it to perform an
-out-of-bounds write (buffer overrun) by performing multiple cpw
--keepold operations. An off-by-one error while copying key
-information to the new database entry results in keys sharing a common
-kvno being written to different array buckets, in an array whose size
-is determined by the number of kvnos present. After sufficient
-iterations, the extra writes extend past the end of the
-(NULL-terminated) array. The NULL terminator is always written after
-the end of the loop, so no out-of-bounds data is read, it is only
-written.
-
-Historically, it has been possible to convert an out-of-bounds write
-into remote code execution in some cases, though the necessary
-exploits must be tailored to the individual application and are
-usually quite complicated. Depending on the allocated length of the
-array, an out-of-bounds write may also cause a segmentation fault
-and/or application crash.
-
- CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
-
-[ghudson at mit.edu: clarified commit message]
-[kaduk at mit.edu: CVE summary, CVSSv2 vector]
-
-ticket: 7980 (new)
-target_version: 1.12.2
-tags: pullup
----
- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index ce851ea..df5934c 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
- j++;
- last = i + 1;
-
-- currkvno = key_data[i].key_data_kvno;
-+ if (i < n_key_data - 1)
-+ currkvno = key_data[i + 1].key_data_kvno;
- }
- }
- ret[num_versions] = NULL;
---
-2.0.3
-
More information about the arch-commits
mailing list