commit: 433bedfe250303e35202bcaacc054a157e409a57 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Dec 29 08:45:39 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Dec 29 08:46:42 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=433bedfe
www-apache/mod_auth_kerb: add use-after-free patch Closes: https://bugs.gentoo.org/673066 Signed-off-by: Sam James <sam <AT> gentoo.org> .../mod_auth_kerb-5.4-krb5pwd-double-free.patch | 22 ++++++++++++++++++++++ ...b-5.4-r4.ebuild => mod_auth_kerb-5.4-r5.ebuild} | 5 ++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-krb5pwd-double-free.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-krb5pwd-double-free.patch new file mode 100644 index 000000000000..aa8ced49c103 --- /dev/null +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-krb5pwd-double-free.patch @@ -0,0 +1,22 @@ +https://sources.debian.org/src/libapache-mod-auth-kerb/5.4-2.5/debian/patches/mod_auth_kerb-krb5_kt_close.patch/ +https://bugs.gentoo.org/673066 + +Description: fix use after free in authenticate_user_krb5pwd() +Origin: https://sourceforge.net/p/modauthkerb/bugs/61/attachment/mod_auth_kerb-krb5_kt_close.patch +Bug: https://sourceforge.net/p/modauthkerb/bugs/61/ +Bug-Debian: https://bugs.debian.org/934043 +Author: Johan Ymerson (https://sourceforge.net/u/ymerson/) +--- a/src/mod_auth_kerb.c ++++ b/src/mod_auth_kerb.c +@@ -799,11 +799,9 @@ + "failed to verify krb5 credentials: %s", + krb5_get_err_text(context, ret)); + krb5_kt_end_seq_get(context, keytab, &cursor); +- krb5_kt_close(context, keytab); + goto end; + } + krb5_kt_end_seq_get(context, keytab, &cursor); +- krb5_kt_close(context, keytab); + } + else { + if ((ret = verify_krb5_init_creds(r, context, &creds, server, keytab))) { diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild similarity index 93% rename from www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild rename to www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild index c8e1b13352e1..59a03c89f542 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild @@ -37,6 +37,8 @@ PATCHES=( # bug #830208 "${FILESDIR}"/${P}-api-change-krb5.patch + # bug #673066 + "${FILESDIR}"/${P}-krb5pwd-double-free.patch ) # Work around Bug #616612 @@ -55,7 +57,8 @@ src_compile() { src_install() { apache-module_src_install - dotmpfiles "${FILESDIR}/${PN}.conf" + + dotmpfiles "${FILESDIR}"/${PN}.conf } pkg_postinst() {
