From f1cb770b53923018ec6c35e981d160db219286f9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon, 29 Feb 2016 23:45:34 +0000
Subject: New rawhide, new upstream version
- Drop CVE patches
- Rename fix_interposer.patch to acquire_cred_interposer.patch
- Update acquire_cred_interposer.patch to apply to new source
---
.gitignore | 3 +
krb5-1.14.1-interpose-accept_sec_context.patch | 39 --
krb5-CVE-2015-8629.patch | 48 ---
krb5-CVE-2015-8630.patch | 78 ----
krb5-CVE-2015-8631.patch | 573 -------------------------
krb5-acquire_cred_interposer.patch | 222 ++++++++++
krb5-fix_interposer.patch | 222 ----------
krb5-init_context_null_spnego.patch | 46 --
krb5.spec | 23 +-
sources | 6 +-
10 files changed, 237 insertions(+), 1023 deletions(-)
delete mode 100644 krb5-1.14.1-interpose-accept_sec_context.patch
delete mode 100644 krb5-CVE-2015-8629.patch
delete mode 100644 krb5-CVE-2015-8630.patch
delete mode 100644 krb5-CVE-2015-8631.patch
create mode 100644 krb5-acquire_cred_interposer.patch
delete mode 100644 krb5-fix_interposer.patch
delete mode 100644 krb5-init_context_null_spnego.patch
diff --git a/.gitignore b/.gitignore
index 3d18229..f2aef73 100644
--- a/.gitignore
+++ b/.gitignore
@@ -130,3 +130,6 @@ krb5-1.8.3-pdf.tar.gz
/krb5-1.14-pdfs.tar
/krb5-1.14.tar.gz
/krb5-1.14.tar.gz.asc
+/krb5-1.14.1-pdfs.tar
+/krb5-1.14.1.tar.gz
+/krb5-1.14.1.tar.gz.asc
diff --git a/krb5-1.14.1-interpose-accept_sec_context.patch
b/krb5-1.14.1-interpose-accept_sec_context.patch
deleted file mode 100644
index 333d388..0000000
--- a/krb5-1.14.1-interpose-accept_sec_context.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0b43d10333f4c4b29896cebc9447d8866b661217 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood(a)redhat.com>
-Date: Wed, 16 Dec 2015 19:31:22 -0500
-Subject: [PATCH] Fix interposed gss_accept_sec_context()
-
-If gss_accept_sec_context() is interposed, selected_mech will be an
-interposer OID. In this situation, pass the corresponding public OID
-to gss_inquire_attrs_for_mech() to determine whether the mech is
-allowed by default.
-
-[ghudson(a)mit.edu: pared down from larger commit; rewrote commit message]
-
-ticket: 8338 (new)
-target_version: 1.14-next
-tags: pullup
----
- src/lib/gssapi/mechglue/g_accept_sec_context.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c
b/src/lib/gssapi/mechglue/g_accept_sec_context.c
-index 6c72d1f..ddaf874 100644
---- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
-+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
-@@ -94,6 +94,12 @@ allow_mech_by_default(gss_OID mech)
- gss_OID_set attrs;
- int reject = 0, p;
-
-+ /* Whether we accept an interposer mech depends on whether we accept the
-+ * mech it interposes. */
-+ mech = gssint_get_public_oid(mech);
-+ if (mech == GSS_C_NO_OID)
-+ return 0;
-+
- status = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
- if (status)
- return 0;
---
-2.7.0
-
diff --git a/krb5-CVE-2015-8629.patch b/krb5-CVE-2015-8629.patch
deleted file mode 100644
index 2eb0edd..0000000
--- a/krb5-CVE-2015-8629.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Fri, 8 Jan 2016 12:45:25 -0500
-Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629]
-
-In xdr_nullstring(), check that the decoded string is terminated with
-a zero byte and does not contain any internal zero bytes.
-
-CVE-2015-8629:
-
-In all versions of MIT krb5, an authenticated attacker can cause
-kadmind to read beyond the end of allocated memory by sending a string
-without a terminating zero byte. Information leakage may be possible
-for an attacker with permission to modify the database.
-
- CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
-
-ticket: 8341 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
-index 2bef858..ba67084 100644
---- a/src/lib/kadm5/kadm_rpc_xdr.c
-+++ b/src/lib/kadm5/kadm_rpc_xdr.c
-@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
- return FALSE;
- }
- }
-- return (xdr_opaque(xdrs, *objp, size));
-+ if (!xdr_opaque(xdrs, *objp, size))
-+ return FALSE;
-+ /* Check that the unmarshalled bytes are a C string. */
-+ if ((*objp)[size - 1] != '\0')
-+ return FALSE;
-+ if (memchr(*objp, '\0', size - 1) != NULL)
-+ return FALSE;
-+ return TRUE;
-
- case XDR_ENCODE:
- if (size != 0)
---
-2.7.0.rc3
-
diff --git a/krb5-CVE-2015-8630.patch b/krb5-CVE-2015-8630.patch
deleted file mode 100644
index 7908969..0000000
--- a/krb5-CVE-2015-8630.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Fri, 8 Jan 2016 12:52:28 -0500
-Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
-
-In kadm5_create_principal_3() and kadm5_modify_principal(), check for
-entry->policy being null when KADM5_POLICY is included in the mask.
-
-CVE-2015-8630:
-
-In MIT krb5 1.12 and later, an authenticated attacker with permission
-to modify a principal entry can cause kadmind to dereference a null
-pointer by supplying a null policy value but including KADM5_POLICY in
-the mask.
-
- CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8342 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
-index 5b95fa3..1d4365c 100644
---- a/src/lib/kadm5/srv/svr_principal.c
-+++ b/src/lib/kadm5/srv/svr_principal.c
-@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
- /*
- * Argument sanity checking, and opening up the DB
- */
-+ if (entry == NULL)
-+ return EINVAL;
- if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
- (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
- (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
- return KADM5_BAD_MASK;
- if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
- return KADM5_BAD_MASK;
-+ if((mask & KADM5_POLICY) && entry->policy == NULL)
-+ return KADM5_BAD_MASK;
- if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
- return KADM5_BAD_MASK;
- if((mask & ~ALL_PRINC_MASK))
- return KADM5_BAD_MASK;
-- if (entry == NULL)
-- return EINVAL;
-
- /*
- * Check to see if the principal exists
-@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
-
- krb5_clear_error_message(handle->context);
-
-+ if(entry == NULL)
-+ return EINVAL;
- if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
- (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
- (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
- return KADM5_BAD_MASK;
- if((mask & ~ALL_PRINC_MASK))
- return KADM5_BAD_MASK;
-+ if((mask & KADM5_POLICY) && entry->policy == NULL)
-+ return KADM5_BAD_MASK;
- if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
- return KADM5_BAD_MASK;
-- if(entry == (kadm5_principal_ent_t) NULL)
-- return EINVAL;
- if (mask & KADM5_TL_DATA) {
- tl_data_orig = entry->tl_data;
- while (tl_data_orig) {
---
-2.7.0.rc3
-
diff --git a/krb5-CVE-2015-8631.patch b/krb5-CVE-2015-8631.patch
deleted file mode 100644
index cd5efd5..0000000
--- a/krb5-CVE-2015-8631.patch
+++ /dev/null
@@ -1,573 +0,0 @@
-From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Fri, 8 Jan 2016 13:16:54 -0500
-Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631]
-
-In each kadmind server stub, initialize the client_name and
-server_name variables, and release them in the cleanup handler. Many
-of the stubs will otherwise leak the client and server name if
-krb5_unparse_name() fails. Also make sure to free the prime_arg
-variables in rename_principal_2_svc(), or we can leak the first one if
-unparsing the second one fails. Discovered by Simo Sorce.
-
-CVE-2015-8631:
-
-In all versions of MIT krb5, an authenticated attacker can cause
-kadmind to leak memory by supplying a null principal name in a request
-which uses one. Repeating these requests will eventually cause
-kadmind to exhaust all available memory.
-
- CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8343 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
- 1 file changed, 77 insertions(+), 74 deletions(-)
-
-diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
-index 1879dc6..6ac797e 100644
---- a/src/kadmin/server/server_stubs.c
-+++ b/src/kadmin/server/server_stubs.c
-@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- free_server_handle(handle);
- return &ret;
- }
-@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- free_server_handle(handle);
- return &ret;
- }
-@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
-
- }
- free(prime_arg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- free_server_handle(handle);
- return &ret;
- }
-@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -570,10 +572,9 @@ generic_ret *
- rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
-- char *prime_arg1,
-- *prime_arg2;
-- gss_buffer_desc client_name,
-- service_name;
-+ char *prime_arg1 = NULL, *prime_arg2 = NULL;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
-
- }
-+exit_func:
- free(prime_arg1);
- free(prime_arg2);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
- {
- static gprinc_ret ret;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
- {
- static gprincs_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
-
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
- krb5_keyblock *k;
- int nkeys;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
- krb5_keyblock *k;
- int nkeys;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
- static gpol_ret ret;
- kadm5_ret_t ret2;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_principal_ent_rec caller_ent;
- kadm5_server_handle_t handle;
-@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
- log_unauth(funcname, prime_arg,
- &client_name, &service_name, rqstp);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
-
-@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
- {
- static gpols_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1541,7 +1542,8 @@ exit_func:
- getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- {
- static getprivs_ret ret;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req
*rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
-
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
-
-@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
- {
- static gstrings_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1754,8 +1757,8 @@ exit_func:
- generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- kadm5_server_handle_t handle;
- OM_uint32 minor_stat;
- const char *errmsg = NULL;
-@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- rqstp->rq_cred.oa_flavor);
- if (errmsg != NULL)
- krb5_free_error_message(NULL, errmsg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- return(&ret);
- }
-
---
-2.7.0.rc3
-
diff --git a/krb5-acquire_cred_interposer.patch b/krb5-acquire_cred_interposer.patch
new file mode 100644
index 0000000..fa1c532
--- /dev/null
+++ b/krb5-acquire_cred_interposer.patch
@@ -0,0 +1,222 @@
+From b3901af6970fb7bde88eb16d51c8d05db6f37746 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo(a)redhat.com>
+Date: Fri, 13 Nov 2015 14:54:11 -0500
+Subject: [PATCH] Fix impersonate_name to work with interposers
+
+This follows the same modifications applied to
+gss_acquire_cred_with_password() when interposer plugins were
+introduced.
+
+[ghudson(a)mit.edu: minor whitespace changes; initialize out_mcred in
+spnego_gss_acquire_cred_impersonate_name() since it is released in the
+cleanup handler]
+
+ticket: 8280 (new)
+---
+ src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c | 58 +++++++++++++++--------
+ src/lib/gssapi/spnego/spnego_mech.c | 35 +++++++-------
+ 2 files changed, 54 insertions(+), 39 deletions(-)
+
+diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
b/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
+index 0dd4f87..9eab25e 100644
+--- a/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
++++ b/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
+@@ -334,6 +334,8 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+ gss_cred_id_t cred = NULL;
+ gss_OID new_mechs_array = NULL;
+ gss_cred_id_t * new_cred_array = NULL;
++ gss_OID_set target_mechs = GSS_C_NO_OID_SET;
++ gss_OID selected_mech = GSS_C_NO_OID;
+
+ status = val_add_cred_impersonate_name_args(minor_status,
+ input_cred_handle,
+@@ -350,7 +352,12 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+ if (status != GSS_S_COMPLETE)
+ return (status);
+
+- mech = gssint_get_mechanism(desired_mech);
++ status = gssint_select_mech_type(minor_status, desired_mech,
++ &selected_mech);
++ if (status != GSS_S_COMPLETE)
++ return status;
++
++ mech = gssint_get_mechanism(selected_mech);
+ if (!mech)
+ return GSS_S_BAD_MECH;
+ else if (!mech->gss_acquire_cred_impersonate_name)
+@@ -367,27 +374,26 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+ internal_name = GSS_C_NO_NAME;
+ } else {
+ union_cred = (gss_union_cred_t)input_cred_handle;
+- if (gssint_get_mechanism_cred(union_cred, desired_mech) !=
++ if (gssint_get_mechanism_cred(union_cred, selected_mech) !=
+ GSS_C_NO_CREDENTIAL)
+ return (GSS_S_DUPLICATE_ELEMENT);
+ }
+
+ mech_impersonator_cred =
+ gssint_get_mechanism_cred((gss_union_cred_t)impersonator_cred_handle,
+- desired_mech);
++ selected_mech);
+ if (mech_impersonator_cred == GSS_C_NO_CREDENTIAL)
+ return (GSS_S_NO_CRED);
+
+ /* may need to create a mechanism specific name */
+ union_name = (gss_union_name_t)desired_name;
+ if (union_name->mech_type &&
+- g_OID_equal(union_name->mech_type,
+- &mech->mech_type))
++ g_OID_equal(union_name->mech_type, selected_mech))
+ internal_name = union_name->mech_name;
+ else {
+ if (gssint_import_internal_name(minor_status,
+- &mech->mech_type, union_name,
+- &allocated_name) != GSS_S_COMPLETE)
++ selected_mech, union_name,
++ &allocated_name) != GSS_S_COMPLETE)
+ return (GSS_S_BAD_NAME);
+ internal_name = allocated_name;
+ }
+@@ -402,11 +408,21 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+ else
+ time_req = 0;
+
++ status = gss_create_empty_oid_set(minor_status, &target_mechs);
++ if (status != GSS_S_COMPLETE)
++ goto errout;
++
++ status = gss_add_oid_set_member(minor_status,
++ gssint_get_public_oid(selected_mech),
++ &target_mechs);
++ if (status != GSS_S_COMPLETE)
++ goto errout;
++
+ status = mech->gss_acquire_cred_impersonate_name(minor_status,
+ mech_impersonator_cred,
+ internal_name,
+ time_req,
+- GSS_C_NULL_OID_SET,
++ target_mechs,
+ cred_usage,
+ &cred,
+ NULL,
+@@ -445,19 +461,15 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+
+ new_cred_array[union_cred->count] = cred;
+ if ((new_mechs_array[union_cred->count].elements =
+- malloc(mech->mech_type.length)) == NULL)
++ malloc(selected_mech->length)) == NULL)
+ goto errout;
+
+- g_OID_copy(&new_mechs_array[union_cred->count],
+- &mech->mech_type);
++ g_OID_copy(&new_mechs_array[union_cred->count], selected_mech);
+
+ if (actual_mechs != NULL) {
+- gss_OID_set_desc oids;
+-
+- oids.count = union_cred->count + 1;
+- oids.elements = new_mechs_array;
+-
+- status = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs);
++ status = gssint_make_public_oid_set(minor_status, new_mechs_array,
++ union_cred->count + 1,
++ actual_mechs);
+ if (GSS_ERROR(status)) {
+ free(new_mechs_array[union_cred->count].elements);
+ goto errout;
+@@ -486,10 +498,12 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+ /* We're done with the internal name. Free it if we allocated it. */
+
+ if (allocated_name)
+- (void) gssint_release_internal_name(&temp_minor_status,
+- &mech->mech_type,
++ (void) gssint_release_internal_name(&temp_minor_status, selected_mech,
+ &allocated_name);
+
++ if (target_mechs)
++ (void) gss_release_oid_set(&temp_minor_status, &target_mechs);
++
+ return (GSS_S_COMPLETE);
+
+ errout:
+@@ -503,8 +517,10 @@ errout:
+
+ if (allocated_name)
+ (void) gssint_release_internal_name(&temp_minor_status,
+- &mech->mech_type,
+- &allocated_name);
++ selected_mech, &allocated_name);
++
++ if (target_mechs)
++ (void) gss_release_oid_set(&temp_minor_status, &target_mechs);
+
+ if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
+ free(union_cred);
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index e6703eb..28fb9b1 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -2619,10 +2619,10 @@ spnego_gss_acquire_cred_impersonate_name(OM_uint32
*minor_status,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec)
+ {
+- OM_uint32 status;
++ OM_uint32 status, tmpmin;
+ gss_OID_set amechs = GSS_C_NULL_OID_SET;
+ spnego_gss_cred_id_t imp_spcred = NULL, out_spcred = NULL;
+- gss_cred_id_t imp_mcred, out_mcred;
++ gss_cred_id_t imp_mcred, out_mcred = GSS_C_NO_CREDENTIAL;
+
+ dsyslog("Entering spnego_gss_acquire_cred_impersonate_name\n");
+
+@@ -2634,31 +2634,30 @@ spnego_gss_acquire_cred_impersonate_name(OM_uint32
*minor_status,
+
+ imp_spcred = (spnego_gss_cred_id_t)impersonator_cred_handle;
+ imp_mcred = imp_spcred ? imp_spcred->mcred : GSS_C_NO_CREDENTIAL;
+- if (desired_mechs == GSS_C_NO_OID_SET) {
+- status = gss_inquire_cred(minor_status, imp_mcred, NULL, NULL,
+- NULL, &amechs);
+- if (status != GSS_S_COMPLETE)
+- return status;
+-
+- desired_mechs = amechs;
+- }
++ status = gss_inquire_cred(minor_status, imp_mcred, NULL, NULL,
++ NULL, &amechs);
++ if (status != GSS_S_COMPLETE)
++ return status;
+
+ status = gss_acquire_cred_impersonate_name(minor_status, imp_mcred,
+ desired_name, time_req,
+- desired_mechs, cred_usage,
++ amechs, cred_usage,
+ &out_mcred, actual_mechs,
+ time_rec);
+-
+- if (amechs != GSS_C_NULL_OID_SET)
+- (void) gss_release_oid_set(minor_status, &amechs);
++ if (status != GSS_S_COMPLETE)
++ goto cleanup;
+
+ status = create_spnego_cred(minor_status, out_mcred, &out_spcred);
+- if (status != GSS_S_COMPLETE) {
+- gss_release_cred(minor_status, &out_mcred);
+- return (status);
+- }
++ if (status != GSS_S_COMPLETE)
++ goto cleanup;
++
++ out_mcred = GSS_C_NO_CREDENTIAL;
+ *output_cred_handle = (gss_cred_id_t)out_spcred;
+
++cleanup:
++ (void) gss_release_oid_set(&tmpmin, &amechs);
++ (void) gss_release_cred(&tmpmin, &out_mcred);
++
+ dsyslog("Leaving spnego_gss_acquire_cred_impersonate_name\n");
+ return (status);
+ }
+--
+2.6.2
+
diff --git a/krb5-fix_interposer.patch b/krb5-fix_interposer.patch
deleted file mode 100644
index 8a6aa19..0000000
--- a/krb5-fix_interposer.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From b3901af6970fb7bde88eb16d51c8d05db6f37746 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo(a)redhat.com>
-Date: Fri, 13 Nov 2015 14:54:11 -0500
-Subject: [PATCH] Fix impersonate_name to work with interposers
-
-This follows the same modifications applied to
-gss_acquire_cred_with_password() when interposer plugins were
-introduced.
-
-[ghudson(a)mit.edu: minor whitespace changes; initialize out_mcred in
-spnego_gss_acquire_cred_impersonate_name() since it is released in the
-cleanup handler]
-
-ticket: 8280 (new)
----
- src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c | 58 +++++++++++++++--------
- src/lib/gssapi/spnego/spnego_mech.c | 35 +++++++-------
- 2 files changed, 54 insertions(+), 39 deletions(-)
-
-diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
b/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
-index 0dd4f87..9eab25e 100644
---- a/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
-+++ b/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
-@@ -334,6 +334,8 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
- gss_cred_id_t cred = NULL;
- gss_OID new_mechs_array = NULL;
- gss_cred_id_t * new_cred_array = NULL;
-+ gss_OID_set target_mechs = GSS_C_NO_OID_SET;
-+ gss_OID selected_mech = GSS_C_NO_OID;
-
- status = val_add_cred_impersonate_name_args(minor_status,
- input_cred_handle,
-@@ -350,7 +352,12 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
- if (status != GSS_S_COMPLETE)
- return (status);
-
-- mech = gssint_get_mechanism(desired_mech);
-+ status = gssint_select_mech_type(minor_status, desired_mech,
-+ &selected_mech);
-+ if (status != GSS_S_COMPLETE)
-+ return status;
-+
-+ mech = gssint_get_mechanism(selected_mech);
- if (!mech)
- return GSS_S_BAD_MECH;
- else if (!mech->gss_acquire_cred)
-@@ -367,27 +374,26 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
- internal_name = GSS_C_NO_NAME;
- } else {
- union_cred = (gss_union_cred_t)input_cred_handle;
-- if (gssint_get_mechanism_cred(union_cred, desired_mech) !=
-+ if (gssint_get_mechanism_cred(union_cred, selected_mech) !=
- GSS_C_NO_CREDENTIAL)
- return (GSS_S_DUPLICATE_ELEMENT);
- }
-
- mech_impersonator_cred =
- gssint_get_mechanism_cred((gss_union_cred_t)impersonator_cred_handle,
-- desired_mech);
-+ selected_mech);
- if (mech_impersonator_cred == GSS_C_NO_CREDENTIAL)
- return (GSS_S_NO_CRED);
-
- /* may need to create a mechanism specific name */
- union_name = (gss_union_name_t)desired_name;
- if (union_name->mech_type &&
-- g_OID_equal(union_name->mech_type,
-- &mech->mech_type))
-+ g_OID_equal(union_name->mech_type, selected_mech))
- internal_name = union_name->mech_name;
- else {
- if (gssint_import_internal_name(minor_status,
-- &mech->mech_type, union_name,
-- &allocated_name) != GSS_S_COMPLETE)
-+ selected_mech, union_name,
-+ &allocated_name) != GSS_S_COMPLETE)
- return (GSS_S_BAD_NAME);
- internal_name = allocated_name;
- }
-@@ -402,11 +408,21 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
- else
- time_req = 0;
-
-+ status = gss_create_empty_oid_set(minor_status, &target_mechs);
-+ if (status != GSS_S_COMPLETE)
-+ goto errout;
-+
-+ status = gss_add_oid_set_member(minor_status,
-+ gssint_get_public_oid(selected_mech),
-+ &target_mechs);
-+ if (status != GSS_S_COMPLETE)
-+ goto errout;
-+
- status = mech->gss_acquire_cred_impersonate_name(minor_status,
- mech_impersonator_cred,
- internal_name,
- time_req,
-- GSS_C_NULL_OID_SET,
-+ target_mechs,
- cred_usage,
- &cred,
- NULL,
-@@ -445,19 +461,15 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
-
- new_cred_array[union_cred->count] = cred;
- if ((new_mechs_array[union_cred->count].elements =
-- malloc(mech->mech_type.length)) == NULL)
-+ malloc(selected_mech->length)) == NULL)
- goto errout;
-
-- g_OID_copy(&new_mechs_array[union_cred->count],
-- &mech->mech_type);
-+ g_OID_copy(&new_mechs_array[union_cred->count], selected_mech);
-
- if (actual_mechs != NULL) {
-- gss_OID_set_desc oids;
--
-- oids.count = union_cred->count + 1;
-- oids.elements = new_mechs_array;
--
-- status = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs);
-+ status = gssint_make_public_oid_set(minor_status, new_mechs_array,
-+ union_cred->count + 1,
-+ actual_mechs);
- if (GSS_ERROR(status)) {
- free(new_mechs_array[union_cred->count].elements);
- goto errout;
-@@ -486,10 +498,12 @@ gss_add_cred_impersonate_name(OM_uint32 *minor_status,
- /* We're done with the internal name. Free it if we allocated it. */
-
- if (allocated_name)
-- (void) gssint_release_internal_name(&temp_minor_status,
-- &mech->mech_type,
-+ (void) gssint_release_internal_name(&temp_minor_status, selected_mech,
- &allocated_name);
-
-+ if (target_mechs)
-+ (void) gss_release_oid_set(&temp_minor_status, &target_mechs);
-+
- return (GSS_S_COMPLETE);
-
- errout:
-@@ -503,8 +517,10 @@ errout:
-
- if (allocated_name)
- (void) gssint_release_internal_name(&temp_minor_status,
-- &mech->mech_type,
-- &allocated_name);
-+ selected_mech, &allocated_name);
-+
-+ if (target_mechs)
-+ (void) gss_release_oid_set(&temp_minor_status, &target_mechs);
-
- if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
- free(union_cred);
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index e6703eb..28fb9b1 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -2619,10 +2619,10 @@ spnego_gss_acquire_cred_impersonate_name(OM_uint32
*minor_status,
- gss_OID_set *actual_mechs,
- OM_uint32 *time_rec)
- {
-- OM_uint32 status;
-+ OM_uint32 status, tmpmin;
- gss_OID_set amechs = GSS_C_NULL_OID_SET;
- spnego_gss_cred_id_t imp_spcred = NULL, out_spcred = NULL;
-- gss_cred_id_t imp_mcred, out_mcred;
-+ gss_cred_id_t imp_mcred, out_mcred = GSS_C_NO_CREDENTIAL;
-
- dsyslog("Entering spnego_gss_acquire_cred_impersonate_name\n");
-
-@@ -2634,31 +2634,30 @@ spnego_gss_acquire_cred_impersonate_name(OM_uint32
*minor_status,
-
- imp_spcred = (spnego_gss_cred_id_t)impersonator_cred_handle;
- imp_mcred = imp_spcred ? imp_spcred->mcred : GSS_C_NO_CREDENTIAL;
-- if (desired_mechs == GSS_C_NO_OID_SET) {
-- status = gss_inquire_cred(minor_status, imp_mcred, NULL, NULL,
-- NULL, &amechs);
-- if (status != GSS_S_COMPLETE)
-- return status;
--
-- desired_mechs = amechs;
-- }
-+ status = gss_inquire_cred(minor_status, imp_mcred, NULL, NULL,
-+ NULL, &amechs);
-+ if (status != GSS_S_COMPLETE)
-+ return status;
-
- status = gss_acquire_cred_impersonate_name(minor_status, imp_mcred,
- desired_name, time_req,
-- desired_mechs, cred_usage,
-+ amechs, cred_usage,
- &out_mcred, actual_mechs,
- time_rec);
--
-- if (amechs != GSS_C_NULL_OID_SET)
-- (void) gss_release_oid_set(minor_status, &amechs);
-+ if (status != GSS_S_COMPLETE)
-+ goto cleanup;
-
- status = create_spnego_cred(minor_status, out_mcred, &out_spcred);
-- if (status != GSS_S_COMPLETE) {
-- gss_release_cred(minor_status, &out_mcred);
-- return (status);
-- }
-+ if (status != GSS_S_COMPLETE)
-+ goto cleanup;
-+
-+ out_mcred = GSS_C_NO_CREDENTIAL;
- *output_cred_handle = (gss_cred_id_t)out_spcred;
-
-+cleanup:
-+ (void) gss_release_oid_set(&tmpmin, &amechs);
-+ (void) gss_release_cred(&tmpmin, &out_mcred);
-+
- dsyslog("Leaving spnego_gss_acquire_cred_impersonate_name\n");
- return (status);
- }
---
-2.6.2
-
diff --git a/krb5-init_context_null_spnego.patch b/krb5-init_context_null_spnego.patch
deleted file mode 100644
index af147cd..0000000
--- a/krb5-init_context_null_spnego.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo(a)redhat.com>
-Date: Tue, 5 Jan 2016 12:11:59 -0500
-Subject: [PATCH] Check internal context on init context errors
-
-If the mechanism deletes the internal context handle on error, the
-mechglue must do the same with the union context, to avoid crashes if
-the application calls other functions with this invalid union context.
-
-[ghudson(a)mit.edu: edit commit message and code comment]
-
-ticket: 8337 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c
b/src/lib/gssapi/mechglue/g_init_sec_context.c
-index aaae767..9f154b8 100644
---- a/src/lib/gssapi/mechglue/g_init_sec_context.c
-+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
-@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
-
- if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
- /*
-- * the spec says (the preferred) method is to delete all
-- * context info on the first call to init, and on all
-- * subsequent calls make the caller responsible for
-- * calling gss_delete_sec_context
-+ * The spec says the preferred method is to delete all context info on
-+ * the first call to init, and on all subsequent calls make the caller
-+ * responsible for calling gss_delete_sec_context. However, if the
-+ * mechanism decided to delete the internal context, we should also
-+ * delete the union context.
- */
- map_error(minor_status, mech);
-+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
-+ *context_handle = GSS_C_NO_CONTEXT;
- if (*context_handle == GSS_C_NO_CONTEXT) {
- free(union_ctx_id->mech_type->elements);
- free(union_ctx_id->mech_type);
---
-2.6.4
-
diff --git a/krb5.spec b/krb5.spec
index 893f41c..15ca779 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -12,8 +12,8 @@
Summary: The Kerberos network authentication system
Name: krb5
-Version: 1.14
-Release: 23%{?dist}
+Version: 1.14.1
+Release: 1%{?dist}
# - Maybe we should explode from the now-available-to-everybody tarball instead?
#
http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
# - The sources below are stored in a lookaside cache. Upload with
@@ -57,14 +57,9 @@ Patch86: krb5-1.9-debuginfo.patch
Patch129: krb5-1.11-run_user_0.patch
Patch134: krb5-1.11-kpasswdtest.patch
Patch148: krb5-disable_ofd_locks.patch
-Patch150: krb5-fix_interposer.patch
-Patch152: krb5-init_context_null_spnego.patch
+Patch150: krb5-acquire_cred_interposer.patch
Patch153: krb5-1.14.1-log_file_permissions.patch
-Patch154: krb5-CVE-2015-8629.patch
-Patch155: krb5-CVE-2015-8630.patch
-Patch156: krb5-CVE-2015-8631.patch
-Patch157: krb5-1.14.1-interpose-accept_sec_context.patch
Patch158: krb5-1.14.1-interpose-enable-inquire_attrs_for_mech.patch
Patch159: krb5-1.14.1-interpose-fix-inquire_attrs_for_mech.patch
Patch160: krb5-1.14.1-interpose-inquire_saslname_for_mech.patch
@@ -243,14 +238,8 @@ ln NOTICE LICENSE
%patch148 -p1 -b .disable_ofd_locks
%patch150 -p1 -b .fix_interposer
-%patch152 -p1 -b .init_context_null_spnego
%patch153 -p1 -b .log_file_permissions
-%patch154 -p1 -b .CVE-2015-8629
-%patch155 -p1 -b .CVE-2015-8630
-%patch156 -p1 -b .CVE-2015-8631
-
-%patch157 -p1 -b .interpose-accept_sec_context
%patch158 -p1 -b .interpose-enable-inquire_attrs_for_mech
%patch159 -p1 -b .interpose-fix-inquire_attrs_for_mech
%patch160 -p1 -b .interpose-inquire_saslname_for_mech
@@ -777,6 +766,12 @@ exit 0
%changelog
+* Mon Feb 29 2016 Robbie Harwood <rharwood(a)redhat.com> - 1.14.1-1
+- New rawhide, new upstream version
+- Drop CVE patches
+- Rename fix_interposer.patch to acquire_cred_interposer.patch
+- Update acquire_cred_interposer.patch to apply to new source
+
* Mon Feb 22 2016 Robbie Harwood <rharwood(a)redhat.com> - 1.14-23
- Fix log file permissions patch with our selinux
- Resolves: #1309421
diff --git a/sources b/sources
index 74babf7..ce89c20 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-ac45469a7dc1aef4d03632dada893aca krb5-1.14-pdfs.tar
-0727968764d0208388b85ad31aafde24 krb5-1.14.tar.gz
-5206449ace5db12ef70856e4d5f3a064 krb5-1.14.tar.gz.asc
+ac45469a7dc1aef4d03632dada893aca krb5-1.14.1-pdfs.tar
+400de0cabbfbe85c2c36f60347bf7dc6 krb5-1.14.1.tar.gz
+98a82e313a0f23498122eba3338f7576 krb5-1.14.1.tar.gz.asc
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/krb5.git/commit/?h=master&id=f1cb7...