!70 回合补丁

From: @zhouchenchen123 Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
2022-12-21 06:06:59 +00:00 · 2022-12-21 06:06:59 +00:00 · ef9228fde8
commit ef9228fde8
parent d8a7fa08fc 51abf77b63
3 changed files with 1104 additions and 1 deletions
--- a/backport-Fix-many-unlikely-memory-leaks.patch
+++ b/backport-Fix-many-unlikely-memory-leaks.patch
--- a/backport-Free-verto-context-later-in-KDC-cleanup.patch
+++ b/backport-Free-verto-context-later-in-KDC-cleanup.patch
@ -0,0 +1,44 @@
+From 8dcace04945723cd6a3c8ea2c1ba467c22eb6584 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 3 Jun 2022 14:38:45 -0400
+Subject: [PATCH] Free verto context later in KDC cleanup
+
+The KDC supplies the verto context to kdcpreauth modules via the loop
+method (added in commit 83b4ecd20e50ad330cd761977d5dadefe30a785b).
+This context should remain valid until kdcpreauth modules are
+unloaded, as modules might refer to it during cleanup.  In particular,
+the OTP module references the verto context when freeing the RADIUS
+client object (commit e89abc2d4ea1fea1ec28d470f297514b828e4842), which
+can cause a memory error during KDC shutdown without this change.
+
+ticket: 9064 (new)
+tags: pullup
+target_version: 1.20-next
+target_version: 1.19-next
+---
+ src/kdc/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/kdc/main.c b/src/kdc/main.c
+index be6e361b8..bfdfef5c4 100644
+--- a/src/kdc/main.c
+++ b/src/kdc/main.c
+@@ -1037,7 +1037,6 @@ int main(int argc, char **argv)
+     kau_kdc_start(kcontext, TRUE);
+ 
+     verto_run(ctx);
+-    loop_free(ctx);
+     kau_kdc_stop(kcontext, TRUE);
+     krb5_klog_syslog(LOG_INFO, _("shutting down"));
+     unload_preauth_plugins(kcontext);
+@@ -1051,6 +1050,7 @@ int main(int argc, char **argv)
+ #ifndef NOCACHE
+     kdc_free_lookaside(kcontext);
+ #endif
+    loop_free(ctx);
+     krb5_free_context(kcontext);
+     return errout;
+ }
+-- 
+2.32.0.windows.1
+
--- a/krb5.spec
+++ b/krb5.spec
@ -3,7 +3,7 @@

 Name:     krb5
 Version:  1.19.2
-Release:  5
+Release:  6
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@ -31,6 +31,8 @@ Patch8: Fix-CVE-2022-42898-integer-overflows-in-PAC-parsing.patch
 Patch9: backport-Fix-profile-crash-on-memory-exhaustion.patch
 Patch10: backport-Fix-preauth-crash-on-memory-exhaustion.patch
 Patch11: backport-Fix-gic_keytab-crash-on-memory-exhaustion.patch
+Patch12: backport-Fix-many-unlikely-memory-leaks.patch
+Patch13: backport-Free-verto-context-later-in-KDC-cleanup.patch

 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@ -323,6 +325,9 @@ make -C src check || :


 %changelog
+* Wed Dec 21 2022 zhouchenchen <zhouchenchen@huawei.com> - 1.19.2-6
+- backport some patches
+
 * Tue Dec 20 2022 zhouchenchen <zhouchenchen@huawei.com> - 1.19.2-5
 - fix some coredump