From 8195fa957d23bd7b56e892aade8977555f15e13c Mon Sep 17 00:00:00 2001 From: yanshuai01 Date: Fri, 10 Nov 2023 15:12:28 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dcreate=20keytabs=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fix-create-keytabs-failure.patch | 30 ++++++++++++++++++++++++++++++ krb5.spec | 6 +++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 fix-create-keytabs-failure.patch diff --git a/fix-create-keytabs-failure.patch b/fix-create-keytabs-failure.patch new file mode 100644 index 0000000..eaea863 --- /dev/null +++ b/fix-create-keytabs-failure.patch @@ -0,0 +1,30 @@ +From 5099377b29d9002c82b807eb8e3149a3acb29d10 Mon Sep 17 00:00:00 2001 +From: yanshuai01 +Date: Fri, 10 Nov 2023 15:03:40 +0800 +Subject: [PATCH] fix create keytabs failure + +--- + src/lib/kadm5/str_conv.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c +index 7cf51d3..7982956 100644 +--- a/src/lib/kadm5/str_conv.c ++++ b/src/lib/kadm5/str_conv.c +@@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps, + while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) { + /* Pass a null pointer to subsequent calls to strtok_r(). */ + p = NULL; +- ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype); +- if (ret) +- goto cleanup; ++ ++ /* Discard unrecognized keysalts. */ ++ if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0) ++ continue; + + /* Ignore duplicate keysalts if caller asks. */ + if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) +-- +2.27.0 + diff --git a/krb5.spec b/krb5.spec index 95f6c0e..9946ba8 100644 --- a/krb5.spec +++ b/krb5.spec @@ -3,7 +3,7 @@ Name: krb5 Version: 1.18.2 -Release: 8 +Release: 9 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -31,6 +31,7 @@ Patch8: backport-CVE-2021-36222.patch Patch9: backport-CVE-2021-37750.patch Patch10: Fix-CVE-2022-42898-integer-overflows-in-PAC-parsing.patch Patch11: CVE-2023-36054.patch +Patch12: fix-create-keytabs-failure.patch BuildRequires: gettext BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc @@ -322,6 +323,9 @@ make -C src check || : %{_mandir}/man8/* %changelog +* Fri Nov 10 2023 yanshuai - 1.18.2-9 +- fix the problem of failure to create keytabs + * Tue Aug 15 2023 liningjie - 1.18.2-8 - fix CVE-2023-36054 -- Gitee