diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2015-12-12 11:42:12 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2015-12-12 11:48:46 +0100 |
| commit | e82e55e58c67b0215e768c4612ca542bc670f633 (patch) | |
| tree | 856c4512fa1fbde59c1d9845c5a763ef8c4a14b4 /gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch | |
| parent | 98bd851ee891ca4a84e061fe1e78ba78c292b096 (diff) | |
| parent | e35dff973375266db253747140ddf25084ecddc2 (diff) | |
| download | gnu-guix-e82e55e58c67b0215e768c4612ca542bc670f633.tar gnu-guix-e82e55e58c67b0215e768c4612ca542bc670f633.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch')
| -rw-r--r-- | gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch b/gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch new file mode 100644 index 0000000000..67545e4c16 --- /dev/null +++ b/gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch @@ -0,0 +1,43 @@ +Copied from Debian. + +From 1a8bdc6d81dcd7dd8a4d42e8de6d2cacf1dd4408 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Tue, 27 Oct 2015 00:44:24 -0400 +Subject: Fix two IAKERB comments + +The comment explaining why there is no iakerb_gss_import_sec_context() +erroneously referenced SPNEGO instead of IAKERB (noticed by Ben +Kaduk). The comment above iakerb_gss_delete_sec_context() is out of +date after the last commit. + +(cherry picked from commit 92d6dd045dfc06cc03d20b327a6ee7a71e6bc24d) + +Patch-Category: upstream +--- + src/lib/gssapi/krb5/iakerb.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c +index 4662bd9..e25862d 100644 +--- a/src/lib/gssapi/krb5/iakerb.c ++++ b/src/lib/gssapi/krb5/iakerb.c +@@ -727,10 +727,6 @@ cleanup: + return code; + } + +-/* +- * Delete an IAKERB context. This can also accept Kerberos context +- * handles. The heuristic is similar to SPNEGO's delete_sec_context. +- */ + OM_uint32 KRB5_CALLCONV + iakerb_gss_delete_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, +@@ -1077,7 +1073,7 @@ iakerb_gss_export_sec_context(OM_uint32 *minor_status, + } + + /* +- * Until we implement partial context exports, there are no SPNEGO exported ++ * Until we implement partial context exports, there are no IAKERB exported + * context tokens, only tokens for the underlying krb5 context. So we do not + * need to implement an iakerb_gss_import_sec_context() yet; it would be + * unreachable except via a manually constructed token. |