Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at Fri Feb 11 02:27:12 CET 2011. -------- --- krb5/krb5-mini.changes 2010-12-01 17:34:52.000000000 +0100 +++ /mounts/work_src_done/STABLE/krb5/krb5-mini.changes 2011-02-09 10:12:26.000000000 +0100 @@ -1,0 +2,10 @@ +Wed Jan 19 14:42:27 CET 2011 - mc@suse.de + +- Fix kpropd denial of service + (MITKRB5-SA-2011-001, bnc#662665) + CVE-2010-4022 +- Fix KDC denial of service attacks with LDAP back end + (MITKRB5-SA-2011-002, bnc#663619) + CVE-2011-0281, CVE-2011-0282 + +------------------------------------------------------------------- krb5.changes: same change calling whatdependson for head-i586 New: ---- krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-doc.spec ++++++ --- /var/tmp/diff_new_pack.pEeAoI/_old 2011-02-11 02:26:56.000000000 +0100 +++ /var/tmp/diff_new_pack.pEeAoI/_new 2011-02-11 02:26:56.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package krb5-doc (Version 1.8.3) +# spec file for package krb5-doc # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.3 -Release: 3 +Release: 4 %define srcRoot krb5-1.8.3 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.pEeAoI/_old 2011-02-11 02:26:56.000000000 +0100 +++ /var/tmp/diff_new_pack.pEeAoI/_new 2011-02-11 02:26:56.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package krb5-mini (Version 1.8.3) +# spec file for package krb5-mini # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.3 -Release: 3 +Release: 4 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -57,6 +57,8 @@ Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif Patch13: MITKRB5-SA-2010-007-1.8.dif +Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif +Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -206,6 +208,8 @@ %patch8 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 +%patch15 -p0 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do krb5.spec: same change ++++++ krb5-1.8-MITKRB5-SA-2011-001.dif ++++++ Index: krb5-1.8.1/src/slave/kpropd.c =================================================================== --- krb5-1.8.1.orig/src/slave/kpropd.c +++ krb5-1.8.1/src/slave/kpropd.c @@ -404,11 +404,12 @@ retry: } close(s); - if (iproprole == IPROP_SLAVE) + if (iproprole == IPROP_SLAVE) { close(finet); - if ((ret = WEXITSTATUS(status)) != 0) - return (ret); + if ((ret = WEXITSTATUS(status)) != 0) + return (ret); + } } if (iproprole == IPROP_SLAVE) break; ++++++ krb5-1.8-MITKRB5-SA-2011-002.dif ++++++ Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c =================================================================== --- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.orig +++ src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context con unsigned int flags, krb5_db_entry *entries, int *nentries, krb5_boolean *more) { - char *user=NULL, *filter=NULL, **subtree=NULL; + char *user=NULL, *filter=NULL, *filtuser=NULL; unsigned int tree=0, ntrees=1, princlen=0; krb5_error_code tempst=0, st=0; - char **values=NULL, *cname=NULL; + char **values=NULL, **subtree=NULL, *cname=NULL; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; krb5_ldap_context *ldap_context=NULL; @@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context con if ((st=krb5_ldap_unparse_principal_name(user)) != 0) goto cleanup; - princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ + filtuser = ldap_filter_correct(user); + if (filtuser == NULL) { + st = ENOMEM; + goto cleanup; + } + + princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */ if ((filter = malloc(princlen)) == NULL) { st = ENOMEM; goto cleanup; } - snprintf(filter, princlen, FILTER"%s))", user); + snprintf(filter, princlen, FILTER"%s))", filtuser); if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) goto cleanup; @@ -231,6 +237,9 @@ cleanup: if (user) free(user); + if (filtuser) + free(filtuser); + if (cname) free(cname); Index: src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h =================================================================== --- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h.orig +++ src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_contex #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \ - do { \ - st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ - if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ - tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ - if (ldap_server_handle) \ - ld = ldap_server_handle->ldap_handle; \ - } \ - }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ + tempst = 0; \ + st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \ + NULL, &timelimit, LDAP_NO_LIMIT, &result); \ + if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ + tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ + if (ldap_server_handle) \ + ld = ldap_server_handle->ldap_handle; \ + if (tempst == 0) \ + st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \ + NULL, NULL, &timelimit, \ + LDAP_NO_LIMIT, &result); \ + } \ \ if (status_check != IGNORE_STATUS) { \ if (tempst != 0) { \ Index: src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c =================================================================== --- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c.orig +++ src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap { krb5_ldap_server_handle *handle = *ldap_server_handle; + ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); Index: src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c =================================================================== --- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c.orig +++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context * portion, then the first portion of the principal name SHOULD be * "krbtgt". All this check is done in the immediate block. */ - if (searchfor->length == 2) - if ((strncasecmp(searchfor->data[0].data, "krbtgt", - FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && - (strncasecmp(searchfor->data[1].data, defrealm, - FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) + if (searchfor->length == 2) { + if (data_eq_string(searchfor->data[0], "krbtgt") && + data_eq_string(searchfor->data[1], defrealm)) return 0; + } /* first check the length, if they are not equal, then they are not same */ if (strlen(defrealm) != searchfor->realm.length) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org