summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron>2013-03-04 23:35:37 +0000
committertron <tron>2013-03-04 23:35:37 +0000
commit2e6c800e6fbc1d984456e935f0808a0955797924 (patch)
treed39ccaaedebba1c505e7ba336869ff3a80d68218
parente2761a76263fa74638292187798a1547f67865f1 (diff)
downloadpkgsrc-2e6c800e6fbc1d984456e935f0808a0955797924.tar.gz
Pullup ticket #4087 - requested by tez
security/mit-krb5: security patch Revisions pulled up: - security/mit-krb5/Makefile 1.65 via patch - security/mit-krb5/distinfo 1.39 - security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c 1.1 --- Module Name: pkgsrc Committed By: tez Date: Thu Feb 28 14:19:37 UTC 2013 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/ patches: patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c Log Message: Add patch for CVE-2013-1415 (SA52390)
Diffstat
-rw-r--r--security/mit-krb5/Makefile4
-rw-r--r--security/mit-krb5/distinfo3
-rw-r--r--security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c24
3 files changed, 28 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index 4f574408374..8bc5e895a6b 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.63 2012/12/22 02:27:56 joerg Exp $
+# $NetBSD: Makefile,v 1.63.2.1 2013/03/04 23:35:37 tron Exp $
DISTNAME= krb5-1.10.3
PKGNAME= mit-${DISTNAME}
-PKGREVISION= 2
+PKGREVISION= 4
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/
EXTRACT_SUFX= .tar
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 28809bde284..5ca22666c02 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2012/12/22 02:27:57 joerg Exp $
+$NetBSD: distinfo,v 1.38.2.1 2013/03/04 23:35:37 tron Exp $
SHA1 (krb5-1.10.3-signed.tar) = 04ab9837e5d1958158bcb30bd6480201089a0cbb
RMD160 (krb5-1.10.3-signed.tar) = a1c370c8d39106e8e27651f78520e1cc93154731
@@ -23,3 +23,4 @@ SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7
SHA1 (patch-lib_krb5_krb_deltat.c) = 149f4301d2a2ceff17a038c318c2f2f64a2621e4
SHA1 (patch-lib_krb5_krb_x-deltat.y) = 7857c9f374d747f494ebb248f34a17599ccf791f
SHA1 (patch-util_k5ev_verto-k5ev.c) = e8f78ec46543793b284c321a6b7362af9f527489
+SHA1 (patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c) = 9aee85446b80dcc7b54cad27364bebff90c7751b
diff --git a/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
new file mode 100644
index 00000000000..278c94bf7b6
--- /dev/null
+++ b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c,v 1.1.2.2 2013/03/04 23:35:37 tron Exp $
+
+Patch for CVE-2013-1415 from
+http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570
+
+--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2013-02-27 22:15:40.286439500 +0000
++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -3242,7 +3242,7 @@ pkinit_check_kdc_pkid(krb5_context conte
+ pkiDebug("found kdcPkId in AS REQ\n");
+ is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len);
+ if (is == NULL)
+- goto cleanup;
++ return retval;
+
+ status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer);
+ if (!status) {
+@@ -3252,7 +3252,6 @@ pkinit_check_kdc_pkid(krb5_context conte
+ }
+
+ retval = 0;
+-cleanup:
+ X509_NAME_free(is->issuer);
+ ASN1_INTEGER_free(is->serial);
+ free(is);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 22:43:10 +0000