diff options
| author | asau <asau> | 2012-02-27 12:39:11 +0000 |
|---|---|---|
| committer | asau <asau> | 2012-02-27 12:39:11 +0000 |
| commit | b6394f12441190934d8c0b54940f9023bff5f45b (patch) | |
| tree | a1cab82ab7dd7525c1b4222d6ff2124e6be1be5f /security/heimdal/patches | |
| parent | 27c1373be2c3bee5e52c2ae8f40085dd639d4626 (diff) | |
| download | pkgsrc-b6394f12441190934d8c0b54940f9023bff5f45b.tar.gz | |
Update to Heimdal 1.5.2
Release Notes - Heimdal - Version Heimdal 1.5.2
Security fixes
- CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
- Check that key types strictly match - denial of service
Release Notes - Heimdal - Version Heimdal 1.5.1
Bug fixes
- Fix building on Solaris, requires c99
- Fix building on Windows
- Build system updates
Release Notes - Heimdal - Version Heimdal 1.5
New features
- Support GSS name extensions/attributes
- SHA512 support
- No Kerberos 4 support
- Basic support for MIT Admin protocol (SECGSS flavor)
in kadmind (extract keytab)
- Replace editline with libedit
Diffstat (limited to 'security/heimdal/patches')
| -rw-r--r-- | security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c | 19 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-ar | 16 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-lib_otp_Makefile.in | 25 |
3 files changed, 7 insertions, 53 deletions
diff --git a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c b/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c deleted file mode 100644 index c63a37e8c68..00000000000 --- a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-appl_telnet_libtelnet_encrypt.c,v 1.1 2011/12/30 18:59:06 tez Exp $ - -Fix for CVE-2011-4862 from FreeBSD - -When an encryption key is supplied via the TELNET protocol, its length -is not validated before the key is copied into a fixed-size buffer. - ---- appl/telnet/libtelnet/encrypt.c.orig 2011-12-30 11:55:11.373531000 -0600 -+++ appl/telnet/libtelnet/encrypt.c 2011-12-30 11:56:35.109601000 -0600 -@@ -736,6 +736,9 @@ - int dir = kp->dir; - int ret = 0; - -+ if (len > MAXKEYLEN) -+ len = MAXKEYLEN; -+ - if (!(ep = (*kp->getcrypt)(*kp->modep))) { - if (len == 0) - return; diff --git a/security/heimdal/patches/patch-ar b/security/heimdal/patches/patch-ar deleted file mode 100644 index 22a22514305..00000000000 --- a/security/heimdal/patches/patch-ar +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ar,v 1.3 2011/07/08 09:49:22 adam Exp $ - -Why should anyone want to install the libtool wrapper for a library, but -not the library itself? - ---- lib/auth/afskauthlib/Makefile.in.orig 2008-01-24 08:14:21.000000000 -0500 -+++ lib/auth/afskauthlib/Makefile.in -@@ -361,7 +361,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk - @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la - @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la - foodir = $(libdir) --foo_DATA = afskauthlib.so -+foo_DATA = .libs/afskauthlib.so - SRCS = verify.c - OBJS = verify.o - CLEANFILES = $(foo_DATA) $(OBJS) so_locations diff --git a/security/heimdal/patches/patch-lib_otp_Makefile.in b/security/heimdal/patches/patch-lib_otp_Makefile.in index 4adbb09ebdb..26de0c7e7e3 100644 --- a/security/heimdal/patches/patch-lib_otp_Makefile.in +++ b/security/heimdal/patches/patch-lib_otp_Makefile.in @@ -1,23 +1,12 @@ -$NetBSD: patch-lib_otp_Makefile.in,v 1.1 2011/07/08 09:49:22 adam Exp $ +$NetBSD: patch-lib_otp_Makefile.in,v 1.2 2012/02/27 12:39:12 asau Exp $ -Fix linking. - ---- lib/otp/Makefile.in.orig 2011-06-25 11:48:35.000000000 +0000 +--- lib/otp/Makefile.in.orig 2012-01-11 13:04:29.000000000 +0000 +++ lib/otp/Makefile.in -@@ -47,7 +47,6 @@ DIST_COMMON = $(include_HEADERS) $(srcdi - $(top_srcdir)/cf/Makefile.am.common ChangeLog - noinst_PROGRAMS = otptest$(EXEEXT) - check_PROGRAMS = otptest$(EXEEXT) --@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +@@ -50,7 +50,6 @@ check_PROGRAMS = otptest$(EXEEXT) + @HAVE_DB1_TRUE@am__append_1 = $(LIB_db_create) + @HAVE_DB1_FALSE@@HAVE_DB3_TRUE@am__append_2 = $(LIB_db_create) + @HAVE_DB1_FALSE@@HAVE_DB3_FALSE@am__append_3 = $(LIB_NDBM) +-@versionscript_TRUE@am__append_4 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map subdir = lib/otp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ -@@ -404,7 +403,7 @@ otptest_LDADD = libotp.la - include_HEADERS = otp.h - lib_LTLIBRARIES = libotp.la - libotp_la_LDFLAGS = -version-info 1:5:1 $(am__append_1) --libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) -+libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) $(DBLIB) - @HAVE_DB3_FALSE@ndbm_wrap = - @HAVE_DB3_TRUE@ndbm_wrap = ndbm_wrap.c ndbm_wrap.h - dist_libotp_la_SOURCES = \ |