aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch')
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch65
1 files changed, 0 insertions, 65 deletions
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch b/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
deleted file mode 100644
index aa9fcfa0dd..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Copied from Debian.
-
-From 18c512ebdcc5cacc777e9dbcc6817f83c301ad93 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Wed, 4 Nov 2015 21:29:10 -0500
-Subject: Fix SPNEGO context import
-
-The patches for CVE-2015-2695 did not implement a SPNEGO
-gss_import_sec_context() function, under the erroneous belief than an
-exported SPNEGO context would be tagged with the underlying context
-mechanism. Implement it now to allow SPNEGO contexts to be
-successfully exported and imported after establishment.
-
-ticket: 8273
-(cherry picked from commit fbb565f913c52eba9bea82f1694aba7a8c90e93d)
-
-Patch-Category: upstream
----
- src/lib/gssapi/spnego/spnego_mech.c | 33 +++++++++++++++++++++++++++------
- 1 file changed, 27 insertions(+), 6 deletions(-)
-
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index a1072b0..02284a1 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -2256,12 +2256,33 @@ spnego_gss_import_sec_context(
- const gss_buffer_t interprocess_token,
- gss_ctx_id_t *context_handle)
- {
-- /*
-- * Until we implement partial context exports, there are no SPNEGO
-- * exported context tokens, only tokens for underlying mechs. So just
-- * return an error for now.
-- */
-- return GSS_S_UNAVAILABLE;
-+ OM_uint32 ret, tmpmin;
-+ gss_ctx_id_t mctx;
-+ spnego_gss_ctx_id_t sc;
-+ int initiate, opened;
-+
-+ ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
-+ if (ret != GSS_S_COMPLETE)
-+ return ret;
-+
-+ ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
-+ &initiate, &opened);
-+ if (ret != GSS_S_COMPLETE || !opened) {
-+ /* We don't currently support importing partially established
-+ * contexts. */
-+ (void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
-+ return GSS_S_FAILURE;
-+ }
-+
-+ sc = create_spnego_ctx(initiate);
-+ if (sc == NULL) {
-+ (void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
-+ return GSS_S_FAILURE;
-+ }
-+ sc->ctx_handle = mctx;
-+ sc->opened = 1;
-+ *context_handle = (gss_ctx_id_t)sc;
-+ return GSS_S_COMPLETE;
- }
- #endif /* LEAN_CLIENT */
-
generated by cgit v1.2.3 (git 2.45.0) at 2024-12-19 15:13:02 +0000