diff options
author | tron <tron> | 2010-05-20 22:23:50 +0000 |
---|---|---|
committer | tron <tron> | 2010-05-20 22:23:50 +0000 |
commit | 4eff028a50bc234ad3b39517d0afeab5d8f9d990 (patch) | |
tree | 65ac7e958b50b58dc6014d5843a4878feaeff65f | |
parent | e79b9ef6076ba819a76a851bc60d996cf268e1fc (diff) | |
download | pkgsrc-4eff028a50bc234ad3b39517d0afeab5d8f9d990.tar.gz |
Pullup ticket #3127 - requested by tez
security/mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.49
- security/mit-krb5/distinfo 1.25
- security/mit-krb5/patches/patch-bx 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Thu May 20 14:21:23 UTC 2010
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bx
Log Message:
fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership
-rw-r--r-- | security/mit-krb5/Makefile | 6 | ||||
-rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-bx | 19 |
3 files changed, 24 insertions, 4 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 704c63cfee4..d93565a4496 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,14 +1,14 @@ -# $NetBSD: Makefile,v 1.48 2010/03/26 21:44:59 joerg Exp $ +# $NetBSD: Makefile,v 1.48.2.1 2010/05/20 22:23:50 tron Exp $ DISTNAME= krb5-1.4.2 PKGNAME= mit-${DISTNAME:S/-signed$//} -PKGREVISION= 9 +PKGREVISION= 10 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} EXTRACT_SUFX= .tar -MAINTAINER= pkgsrc-users@NetBSD.org +MAINTAINER= tez@NetBSD.org HOMEPAGE= http://web.mit.edu/kerberos/www/ COMMENT= MIT Kerberos 5 authentication system diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index a2a7f43f68a..70c0b145b52 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2010/03/26 21:44:59 joerg Exp $ +$NetBSD: distinfo,v 1.24.2.1 2010/05/20 22:23:50 tron Exp $ SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f @@ -52,3 +52,4 @@ SHA1 (patch-bt) = 1398369698cc9c029957723c25dbdf53754cf373 SHA1 (patch-bu) = bf0688bd703c3dcfa27934e0a6bc43230251512e SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00 SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9 +SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24 diff --git a/security/mit-krb5/patches/patch-bx b/security/mit-krb5/patches/patch-bx new file mode 100644 index 00000000000..831723af105 --- /dev/null +++ b/security/mit-krb5/patches/patch-bx @@ -0,0 +1,19 @@ +$NetBSD: patch-bx,v 1.1.2.2 2010/05/20 22:23:50 tron Exp $ +fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt + +--- lib/gssapi/krb5/accept_sec_context.c.orig 2010-05-20 07:13:48.258046700 -0500 ++++ lib/gssapi/krb5/accept_sec_context.c 2010-05-20 07:16:20.228175200 -0500 +@@ -423,6 +423,13 @@ + } + #endif + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + { + /* gss krb5 v1 */ + |