diff options
| author | Sam Hartman <hartmans@debian.org> | 2018-12-31 15:25:00 -0500 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2018-12-31 15:25:01 -0500 |
| commit | e4fbe7f9136633f942c3e09683b835b5d02186b1 (patch) | |
| tree | 7cbfa8556b5446932c9ceab3f1ac395aeb812069 | |
| parent | e51ccb4b71f06b0056a2a533fcd3dcf8389a9adf (diff) | |
| parent | 2de32da21c17e0daa9a47d610c3fab3f10a58513 (diff) | |
merge patched into master
| -rw-r--r-- | debian/.git-dpm | 4 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rw-r--r-- | debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch | 43 | ||||
| -rw-r--r-- | src/kdc/kdc_preauth.c | 1 |
4 files changed, 46 insertions, 3 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 7139a6a35..c06208f34 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -bfee7ec7d0e66b80bf034609bfd34cb76bc07137 -bfee7ec7d0e66b80bf034609bfd34cb76bc07137 +2de32da21c17e0daa9a47d610c3fab3f10a58513 +2de32da21c17e0daa9a47d610c3fab3f10a58513 4fc7671a4f4a9b775762bceb5453d4478735e3b5 4fc7671a4f4a9b775762bceb5453d4478735e3b5 krb5_1.16.2.orig.tar.gz diff --git a/debian/patches/series b/debian/patches/series index e63244523..c2160d09e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ debian-local/0005-gssapi-never-unload-mechanisms.patch debian-local/0006-Add-substpdf-target.patch debian-local/0007-Fix-pkg-config-library-include-paths.patch debian-local/0008-Use-isystem-for-include-paths.patch +upstream/0009-Remove-incorrect-KDC-assertion.patch diff --git a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch b/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch new file mode 100644 index 000000000..7b4868fdf --- /dev/null +++ b/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch @@ -0,0 +1,43 @@ +From 2de32da21c17e0daa9a47d610c3fab3f10a58513 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris <iboukris@gmail.com> +Date: Sat, 15 Dec 2018 11:56:36 +0200 +Subject: Remove incorrect KDC assertion + +The assertion in return_enc_padata() is reachable because +kdc_make_s4u2self_rep() may have previously added encrypted padata. +It is no longer necessary because the code uses add_pa_data_element() +instead of allocating a new list. + +CVE-2018-20217: + +In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT +using an older encryption type (DES, DES3, or RC4) can cause an +assertion failure in the KDC by sending an S4U2Self request. + +[ghudson@mit.edu: rewrote commit message with CVE description] + +ticket: 8767 (new) +tags: pullup +target_version: 1.17 +target_version: 1.16-next +target_version: 1.15-next + +(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def) + +Patch-Category: upstream +--- + src/kdc/kdc_preauth.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c +index 81d0b8cffd..787a09684c 100644 +--- a/src/kdc/kdc_preauth.c ++++ b/src/kdc/kdc_preauth.c +@@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, + krb5_error_code code = 0; + /* This should be initialized and only used for Win2K compat and other + * specific standardized uses such as FAST negotiation. */ +- assert(reply_encpart->enc_padata == NULL); + if (is_referral) { + code = return_referral_enc_padata(context, reply_encpart, server); + if (code) diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 81d0b8cff..787a09684 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, krb5_error_code code = 0; /* This should be initialized and only used for Win2K compat and other * specific standardized uses such as FAST negotiation. */ - assert(reply_encpart->enc_padata == NULL); if (is_referral) { code = return_referral_enc_padata(context, reply_encpart, server); if (code) |