RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

+++ This bug was initially created as a clone of Bug #1044735 +++

This was originally seen while debugging a problem in FreeRADIUS. Upstream FreeRADIUS developer Arran Cudbard-Bell has posted 3 pull requests to fix the issue.

https://github.com/krb5/krb5/pull/36
https://github.com/krb5/krb5/pull/37
https://github.com/krb5/krb5/pull/38

I combined these into a single patch and built and tested for F20. Everything seems to work. It seems like a pretty obvious bug in the krb5 libs.

This is an important patch to get in otherwise the radius server will segfault if it attempts to perform authentication via kerberos.

I've attached the patch.

--- Additional comment from John Dennis on 2013-12-18 16:49:51 EST ---

diff --git a/krb5.spec b/krb5.spec
index 41c70d3..dd85f23 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -113,6 +113,7 @@ Patch140: krb5-CVE-2013-1417.patch
 Patch141: krb5-1.11.3-client-loop.patch
 Patch142: krb5-master-keyring-offsets.patch
 Patch143: krb5-master-keyring-expiration.patch
+Patch144: krb5-copy-ctx.patch
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -365,6 +366,7 @@ ln -s NOTICE LICENSE
 %patch141 -p1 -b .client-loop
 %patch142 -p1 -b .keyring-offsets
 %patch143 -p1 -b .keyring-expiration
+%patch144 -p1 -b .copy-ctx
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp

John, I'm trying to pull in the fixes as they landed in upstream, so they don't look exactly the same as what's in the mentioned pull requests (not the etypes list part, anyway).  If you have a chance, can you give krb5-1.11.3-40.el7 a quick run on your test setup?

re comment #4

My test environment was actually an F20 system. A quick look at the updates in Koji suggests that krb5-libs-1.11.3-38.fc20.x86_64 has the same fix as krb5-1.11.3-40.el7 based on the changlog. Assuming both packages have the same patch then a quick test on F20 suggests we're good.

Yes, they have the same patch.  Thanks!

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.