summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortez <tez@pkgsrc.org>2010-12-03 20:11:31 +0000
committertez <tez@pkgsrc.org>2010-12-03 20:11:31 +0000
commita8072ebeb69d09430cec114e2bb34e7993d35187 (patch)
treef8d0105d64a7586e084a6f4ce71b5688964254ca
parent01ee1f80217dfe3769165e27c1da814228e95dde (diff)
downloadpkgsrc-a8072ebeb69d09430cec114e2bb34e7993d35187.tar.gz
add fix for CVE-2010-1323 from
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt
-rw-r--r--security/mit-krb5/Makefile4
-rw-r--r--security/mit-krb5/distinfo6
-rw-r--r--security/mit-krb5/patches/patch-ca22
-rw-r--r--security/mit-krb5/patches/patch-cb15
-rw-r--r--security/mit-krb5/patches/patch-cc25
-rw-r--r--security/mit-krb5/patches/patch-cd39
6 files changed, 108 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index bf8a31d7849..35ce0e42992 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2010/05/20 14:21:23 tez Exp $
+# $NetBSD: Makefile,v 1.50 2010/12/03 20:11:31 tez Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 10
+PKGREVISION= 11
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 8b130601106..8600f3ac5e2 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2010/05/20 14:21:23 tez Exp $
+$NetBSD: distinfo,v 1.26 2010/12/03 20:11:31 tez Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -53,3 +53,7 @@ SHA1 (patch-bu) = bf0688bd703c3dcfa27934e0a6bc43230251512e
SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00
SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9
SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24
+SHA1 (patch-ca) = 93c234c007f2dafa0221d1bd1d3ed4953fc116c9
+SHA1 (patch-cb) = 9d892ed2993178085dd7df565afb794fe18f0f06
+SHA1 (patch-cc) = 6fe639b33da7756f6e9ad1a03e2f40d74ddb9c6d
+SHA1 (patch-cd) = 8339ac4305865b8e540a0f1bb14c1f1478447c0b
diff --git a/security/mit-krb5/patches/patch-ca b/security/mit-krb5/patches/patch-ca
new file mode 100644
index 00000000000..cca444783d2
--- /dev/null
+++ b/security/mit-krb5/patches/patch-ca
@@ -0,0 +1,22 @@
+$NetBSD: patch-ca,v 1.1 2010/12/03 20:11:31 tez Exp $
+
+CVE-2010-1323 fix
+
+--- lib/crypto/keyed_checksum_types.c.orig 2010-12-03 11:36:00.476825900 -0600
++++ lib/crypto/keyed_checksum_types.c 2010-12-03 11:37:44.915328600 -0600
+@@ -51,6 +51,15 @@
+ {
+ unsigned int i, c;
+
++ if (enctype == ENCTYPE_ARCFOUR_HMAC ||
++ enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
++ *count = 1;
++ if ((*cksumtypes = malloc(sizeof(krb5_cksumtype))) == NULL)
++ return(ENOMEM);
++ (*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
++ return(0);
++ }
++
+ c = 0;
+ for (i=0; i<krb5_cksumtypes_length; i++) {
+ if ((krb5_cksumtypes_list[i].keyhash &&
diff --git a/security/mit-krb5/patches/patch-cb b/security/mit-krb5/patches/patch-cb
new file mode 100644
index 00000000000..a23d93ae113
--- /dev/null
+++ b/security/mit-krb5/patches/patch-cb
@@ -0,0 +1,15 @@
+$NetBSD: patch-cb,v 1.1 2010/12/03 20:11:31 tez Exp $
+
+CVE-2010-1323 fix
+
+--- lib/crypto/dk/derive.c.orig 2010-12-03 11:38:08.683111800 -0600
++++ lib/crypto/dk/derive.c 2010-12-03 11:38:50.395857000 -0600
+@@ -40,6 +40,8 @@
+ keybytes = enc->keybytes;
+ keylength = enc->keylength;
+
++ if (blocksize == 1)
++ return(KRB5_BAD_ENCTYPE);
+ if ((inkey->length != keylength) ||
+ (outkey->length != keylength))
+ return(KRB5_CRYPTO_INTERNAL);
diff --git a/security/mit-krb5/patches/patch-cc b/security/mit-krb5/patches/patch-cc
new file mode 100644
index 00000000000..3868c38dc8b
--- /dev/null
+++ b/security/mit-krb5/patches/patch-cc
@@ -0,0 +1,25 @@
+$NetBSD: patch-cc,v 1.1 2010/12/03 20:11:31 tez Exp $
+
+CVE-2010-1323 fix
+
+--- lib/krb5/krb/preauth2.c.orig 2010-12-03 11:39:40.124063600 -0600
++++ lib/krb5/krb/preauth2.c 2010-12-03 11:41:33.300010400 -0600
+@@ -665,7 +665,9 @@
+
+ cksum = sc2->sam_cksum;
+
+- while (*cksum) {
++ for (; *cksum; cksum++) {
++ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
++ continue;
+ /* Check this cksum */
+ retval = krb5_c_verify_checksum(context, as_key,
+ KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
+@@ -679,7 +681,6 @@
+ }
+ if (valid_cksum)
+ break;
+- cksum++;
+ }
+
+ if (!valid_cksum) {
diff --git a/security/mit-krb5/patches/patch-cd b/security/mit-krb5/patches/patch-cd
new file mode 100644
index 00000000000..81163f62103
--- /dev/null
+++ b/security/mit-krb5/patches/patch-cd
@@ -0,0 +1,39 @@
+$NetBSD: patch-cd,v 1.1 2010/12/03 20:11:31 tez Exp $
+
+CVE-2010-1323 fix
+
+--- lib/krb5/krb/mk_safe.c.orig 2010-12-03 11:41:53.890970000 -0600
++++ lib/krb5/krb/mk_safe.c 2010-12-03 11:44:00.588325800 -0600
+@@ -212,10 +212,29 @@
+ for (i = 0; i < nsumtypes; i++)
+ if (auth_context->safe_cksumtype == sumtypes[i])
+ break;
+- if (i == nsumtypes)
+- i = 0;
+- sumtype = sumtypes[i];
+ krb5_free_cksumtypes (context, sumtypes);
++ if (i < nsumtypes)
++ sumtype = auth_context->safe_cksumtype;
++ else {
++ switch (keyblock->enctype) {
++ case ENCTYPE_DES_CBC_MD4:
++ sumtype = CKSUMTYPE_RSA_MD4_DES;
++ break;
++ case ENCTYPE_DES_CBC_MD5:
++ case ENCTYPE_DES_CBC_CRC:
++ sumtype = CKSUMTYPE_RSA_MD5_DES;
++ break;
++ default:
++ retval = krb5int_c_mandatory_cksumtype(context,
++ keyblock->enctype,
++ &sumtype);
++ if (retval) {
++ CLEANUP_DONE();
++ goto error;
++ }
++ break;
++ }
++ }
+ }
+ if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata,
+ plocal_fulladdr, premote_fulladdr,