From 820248384a44922eb10a07d2e2859b971a9d9fc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=86=AF=E5=B7=9D=E4=B8=8010346279?= Date: Fri, 17 May 2024 16:18:42 +0800 Subject: [PATCH] a23.0 --- 0018-fix-CVE-2024-26462.patch | 20 ++++++++++++++++++++ krb5.spec | 6 +++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 0018-fix-CVE-2024-26462.patch diff --git a/0018-fix-CVE-2024-26462.patch b/0018-fix-CVE-2024-26462.patch new file mode 100644 index 0000000..80d839a --- /dev/null +++ b/0018-fix-CVE-2024-26462.patch @@ -0,0 +1,20 @@ +diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c +index 48395ab..d438408 100644 +--- a/src/kdc/ndr.c ++++ b/src/kdc/ndr.c +@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out) + size_t utf16len, num_wchars; + uint8_t *utf16; + +- k5_buf_init_dynamic(&b); +- + ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len); + if (ret) + return ret; + + num_wchars = utf16len / 2; + ++ k5_buf_init_dynamic(&b); + k5_buf_add_uint32_le(&b, num_wchars + 1); + k5_buf_add_uint32_le(&b, 0); + k5_buf_add_uint32_le(&b, num_wchars); diff --git a/krb5.spec b/krb5.spec index 03fefa4..90da143 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 # Set this so that find-lang.sh will recognize the .po files. %global gettext_domain mit-krb5 @@ -50,6 +50,7 @@ Patch14: 0014-downstream-Include-missing-OpenSSL-FIPS-header.patch Patch15: 0015-downstream-Do-not-set-root-as-ksu-file-owner.patch Patch16: 0016-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch Patch17: 0017-Add-PAC-full-checksums.patch +Patch18: 0018-fix-CVE-2024-26462.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -685,6 +686,9 @@ exit 0 %{_datarootdir}/%{name}-tests/ %changelog +* Fri May 17 2024 Chuanyi Feng - 1.20.2-2 +- Fix CVE-2024-26462 + * Thu Aug 10 2023 Funda Wang - 1.20.2-1 - New version 1.20.2 -- Gitee