Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2024-07-08 19:06:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.2080 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Mon Jul 8 19:06:50 2024 rev:174 rq:1185764 version:1.21.3 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2024-04-04 22:24:04.470486279 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.2080/krb5-mini.changes 2024-07-08 19:06:56.995864817 +0200 @@ -1,0 +2,19 @@ +Mon Jul 1 07:50:59 UTC 2024 - Samuel Cabrero <[email protected]> + +- Update to 1.21.3 + * Fix vulnerabilities in GSS message token handling: + * CVE-2024-37370, bsc#1227186 + * CVE-2024-37371, bsc#1227187 + * Fix a potential bad pointer free in krb5_cccol_have_contents() + * Fix a memory leak in the macOS ccache type +- Update patch 0009-Fix-three-memory-leaks.patch + +------------------------------------------------------------------- +Fri Mar 22 09:19:41 UTC 2024 - Samuel Cabrero <[email protected]> + +- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch + * CVE-2024-26458, bsc#1220770 + * CVE-2024-26461, bsc#1220771 + * CVE-2024-26462, bsc#1220772 + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2024-05-21 18:34:19.105740898 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.2080/krb5.changes 2024-07-08 19:06:57.175871400 +0200 @@ -1,0 +2,11 @@ +Mon Jul 1 07:50:59 UTC 2024 - Samuel Cabrero <[email protected]> + +- Update to 1.21.3 + * Fix vulnerabilities in GSS message token handling: + * CVE-2024-37370, bsc#1227186 + * CVE-2024-37371, bsc#1227187 + * Fix a potential bad pointer free in krb5_cccol_have_contents() + * Fix a memory leak in the macOS ccache type +- Update patch 0009-Fix-three-memory-leaks.patch + +------------------------------------------------------------------- Old: ---- krb5-1.21.2.tar.gz krb5-1.21.2.tar.gz.asc New: ---- krb5-1.21.3.tar.gz krb5-1.21.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.D2LJyR/_old 2024-07-08 19:06:58.467918653 +0200 +++ /var/tmp/diff_new_pack.D2LJyR/_new 2024-07-08 19:06:58.471918799 +0200 @@ -24,7 +24,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version: 1.21.2 +Version: 1.21.3 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT @@ -44,6 +44,7 @@ Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch +Patch9: 0009-Fix-three-memory-leaks.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: pkgconfig ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.D2LJyR/_old 2024-07-08 19:06:58.503919969 +0200 +++ /var/tmp/diff_new_pack.D2LJyR/_new 2024-07-08 19:06:58.503919969 +0200 @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version: 1.21.2 +Version: 1.21.3 Release: 0 Summary: MIT Kerberos5 implementation License: MIT ++++++ 0009-Fix-three-memory-leaks.patch ++++++ --- /var/tmp/diff_new_pack.D2LJyR/_old 2024-07-08 19:06:58.547921579 +0200 +++ /var/tmp/diff_new_pack.D2LJyR/_new 2024-07-08 19:06:58.551921724 +0200 @@ -1,46 +1,3 @@ -From 2aaffa96269b56fe09abf81851c40c9c4a3587f0 Mon Sep 17 00:00:00 2001 -From: Greg Hudson <[email protected]> -Date: Tue, 5 Mar 2024 17:38:49 -0500 -Subject: [PATCH 1/2] Fix leak in KDC NDR encoding - -If the KDC tries to encode a principal containing encode invalid UTF-8 -sequences for inclusion in a PAC delegation info buffer, it will leak -a small amount of memory in enc_wchar_pointer() before failing. Fix -the leak. - -ticket: 9115 (new) -tags: pullup -target_version: 1.21-next - -(cherry picked from commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe) ---- - src/kdc/ndr.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c -index 48395abe52..d438408ee2 100644 ---- a/src/kdc/ndr.c -+++ b/src/kdc/ndr.c -@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out) - size_t utf16len, num_wchars; - uint8_t *utf16; - -- k5_buf_init_dynamic(&b); -- - ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len); - if (ret) - return ret; - - num_wchars = utf16len / 2; - -+ k5_buf_init_dynamic(&b); - k5_buf_add_uint32_le(&b, num_wchars + 1); - k5_buf_add_uint32_le(&b, 0); - k5_buf_add_uint32_le(&b, num_wchars); --- -2.44.0 - - From 489deee29f427f22e2a26de729319bdb70819c37 Mon Sep 17 00:00:00 2001 From: Greg Hudson <[email protected]> Date: Tue, 5 Mar 2024 19:53:07 -0500 ++++++ krb5-1.21.2.tar.gz -> krb5-1.21.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/krb5/krb5-1.21.2.tar.gz /work/SRC/openSUSE:Factory/.krb5.new.2080/krb5-1.21.3.tar.gz differ: char 5, line 1
