diff options
| author | tron <tron@pkgsrc.org> | 2013-04-30 18:50:00 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2013-04-30 18:50:00 +0000 |
| commit | 40959bb13487fe6734c119702618502444af4bc4 (patch) | |
| tree | b4f558a6d9fd9840e8cccfbeee63865f4933ff8a | |
| parent | 9d40b5d4fd860356450a2449fed28e3528af0eac (diff) | |
| download | pkgsrc-40959bb13487fe6734c119702618502444af4bc4.tar.gz | |
Pullup ticket #4128 - requested by tez
security/mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.68
- security/mit-krb5/distinfo 1.41
- security/mit-krb5/patches/patch-kdc_do_tgs_req.c 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Apr 23 22:09:44 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-kdc_do_tgs_req.c
Log Message:
Fix for CVE-2013-1416 from:
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
| -rw-r--r-- | security/mit-krb5/Makefile | 3 | ||||
| -rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-kdc_do_tgs_req.c | 27 |
3 files changed, 31 insertions, 2 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 319b5e8aba6..415fd0850ac 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.67 2013/03/14 13:53:18 tez Exp $ +# $NetBSD: Makefile,v 1.67.2.1 2013/04/30 18:50:00 tron Exp $ DISTNAME= krb5-1.10.4 +PKGREVISION= 1 PKGNAME= mit-${DISTNAME} CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/ diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 8e1781d8d99..890866ed344 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.40 2013/03/13 12:35:40 adam Exp $ +$NetBSD: distinfo,v 1.40.2.1 2013/04/30 18:50:00 tron Exp $ SHA1 (krb5-1.10.4-signed.tar) = 2b4a0743b95b09cb433d25909e599de27c352f10 RMD160 (krb5-1.10.4-signed.tar) = 1dbf18f1a02744941ebde3b1db93b2e63e59afcd @@ -19,5 +19,6 @@ SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970 SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b SHA1 (patch-ck) = 37bfef80329f8ae0fb35c35e70032a0040ba5591 SHA1 (patch-kadmin_dbutil_dump.c) = 4b49c116dbed9e6be4a0bf0a731c3ae82808d82e +SHA1 (patch-kdc_do_tgs_req.c) = a7c89338eab17f98c5e2b5d426b3696cc9b4b081 SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7 SHA1 (patch-util_k5ev_verto-k5ev.c) = 79a2be64fa4f9b0dc3a333271e8a3ff7944e5c18 diff --git a/security/mit-krb5/patches/patch-kdc_do_tgs_req.c b/security/mit-krb5/patches/patch-kdc_do_tgs_req.c new file mode 100644 index 00000000000..30ae4a2ee85 --- /dev/null +++ b/security/mit-krb5/patches/patch-kdc_do_tgs_req.c @@ -0,0 +1,27 @@ +$NetBSD: patch-kdc_do_tgs_req.c,v 1.1.2.2 2013/04/30 18:50:01 tron Exp $ + +Fix for CVE-2013-1416 from: + http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600 + +--- kdc/do_tgs_req.c.orig 2013-04-17 20:50:13.528009200 +0000 ++++ kdc/do_tgs_req.c +@@ -1141,7 +1141,8 @@ prep_reprocess_req(krb5_kdc_req *request + retval = ENOMEM; + goto cleanup; + } +- strlcpy(comp1_str,comp1->data,comp1->length+1); ++ if (comp1->data != NULL) ++ memcpy(comp1_str, comp1->data, comp1->length); + + if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST || + krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_INST || +@@ -1164,7 +1165,8 @@ prep_reprocess_req(krb5_kdc_req *request + retval = ENOMEM; + goto cleanup; + } +- strlcpy(temp_buf, comp2->data,comp2->length+1); ++ if (comp2->data != NULL) ++ memcpy(temp_buf, comp2->data, comp2->length); + retval = krb5int_get_domain_realm_mapping(kdc_context, temp_buf, &realms); + free(temp_buf); + if (retval) { |