diff options
| author | asau <asau> | 2012-02-27 12:39:11 +0000 |
|---|---|---|
| committer | asau <asau> | 2012-02-27 12:39:11 +0000 |
| commit | a57ec402d53b9dfb48c5d8b8decef303f8b0e4d6 (patch) | |
| tree | a1cab82ab7dd7525c1b4222d6ff2124e6be1be5f /security/heimdal | |
| parent | b5c01d041c0773ca71a2822ba737d4747515185d (diff) | |
| download | pkgsrc-a57ec402d53b9dfb48c5d8b8decef303f8b0e4d6.tar.gz | |
Update to Heimdal 1.5.2
Release Notes - Heimdal - Version Heimdal 1.5.2
Security fixes
- CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
- Check that key types strictly match - denial of service
Release Notes - Heimdal - Version Heimdal 1.5.1
Bug fixes
- Fix building on Solaris, requires c99
- Fix building on Windows
- Build system updates
Release Notes - Heimdal - Version Heimdal 1.5
New features
- Support GSS name extensions/attributes
- SHA512 support
- No Kerberos 4 support
- Basic support for MIT Admin protocol (SECGSS flavor)
in kadmind (extract keytab)
- Replace editline with libedit
Diffstat (limited to 'security/heimdal')
| -rw-r--r-- | security/heimdal/Makefile | 6 | ||||
| -rw-r--r-- | security/heimdal/PLIST | 37 | ||||
| -rw-r--r-- | security/heimdal/distinfo | 12 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c | 19 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-ar | 16 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-lib_otp_Makefile.in | 25 |
6 files changed, 41 insertions, 74 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 79fdfc73fa4..01202f794e5 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.86 2012/02/15 22:39:54 asau Exp $ +# $NetBSD: Makefile,v 1.87 2012/02/27 12:39:11 asau Exp $ -DISTNAME= heimdal-1.4 -PKGREVISION= 3 +DISTNAME= heimdal-1.5.2 CATEGORIES= security MASTER_SITES= http://www.h5l.org/dist/src/ @@ -88,5 +87,6 @@ pre-configure: .include "../../devel/readline/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" .include "../../mk/bdb.buildlink3.mk" +.include "../../mk/curses.buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/heimdal/PLIST b/security/heimdal/PLIST index ee11a431fde..11bc1ac87c4 100644 --- a/security/heimdal/PLIST +++ b/security/heimdal/PLIST @@ -1,10 +1,10 @@ -@comment $NetBSD: PLIST,v 1.20 2011/09/14 17:33:00 hans Exp $ +@comment $NetBSD: PLIST,v 1.21 2012/02/27 12:39:11 asau Exp $ bin/afslog bin/compile_et -bin/gss +bin/gsstool bin/hxtool bin/idn-lookup -bin/kauth +bin/kcc bin/kdestroy bin/kf bin/kftp @@ -42,6 +42,7 @@ include/krb5/gssapi/gkrb5_err.h include/krb5/gssapi/gssapi.h include/krb5/gssapi/gssapi_krb5.h include/krb5/gssapi/gssapi_ntlm.h +include/krb5/gssapi/gssapi_oid.h include/krb5/gssapi/gssapi_spnego.h ${PLIST.hcrypto}include/krb5/hcrypto/aes.h ${PLIST.hcrypto}include/krb5/hcrypto/bn.h @@ -73,6 +74,7 @@ include/krb5/hdb_err.h include/krb5/heim-ipc.h include/krb5/heim_asn1.h include/krb5/heim_err.h +include/krb5/heimbase.h include/krb5/heimntlm-protos.h include/krb5/heimntlm.h include/krb5/hex.h @@ -93,6 +95,7 @@ include/krb5/krb5-private.h include/krb5/krb5-protos.h include/krb5/krb5-types.h include/krb5/krb5.h +include/krb5/krb5/ccache_plugin.h include/krb5/krb5/locate_plugin.h include/krb5/krb5/send_to_kdc_plugin.h include/krb5/krb5/windc_plugin.h @@ -100,6 +103,7 @@ include/krb5/krb5_asn1.h include/krb5/krb5_ccapi.h include/krb5/krb5_err.h include/krb5/kx509_asn1.h +include/krb5/ntlm_err.h include/krb5/ocsp_asn1.h include/krb5/otp.h include/krb5/parse_bytes.h @@ -127,6 +131,7 @@ lib/libcom_err.la lib/libgssapi.la ${PLIST.hcrypto}lib/libhcrypto.la lib/libhdb.la +lib/libheimbase.la lib/libheimntlm.la lib/libhx509.la lib/libkadm5clnt.la @@ -187,13 +192,10 @@ man/man1/xnlock.1 man/man3/HDB.3 man/man3/__gss_c_attr_stream_sizes_oid_desc.3 man/man3/arg_printusage.3 -man/man3/challange.3 +man/man3/challenge.3 man/man3/context.3 man/man3/data.3 -man/man3/dnsdomainname.3 -man/man3/dnsservername.3 man/man3/domain.3 -man/man3/domainname.3 man/man3/ecalloc.3 man/man3/emalloc.3 man/man3/eread.3 @@ -222,11 +224,13 @@ man/man3/gss_import_name.3 man/man3/gss_import_sec_context.3 man/man3/gss_indicate_mechs.3 man/man3/gss_init_sec_context.3 +man/man3/gss_inquire_attrs_for_mech.3 man/man3/gss_inquire_context.3 man/man3/gss_inquire_cred.3 man/man3/gss_inquire_cred_by_mech.3 man/man3/gss_inquire_mechs_for_name.3 man/man3/gss_inquire_names_for_mech.3 +man/man3/gss_inquire_saslname_for_mech.3 man/man3/gss_krb5_ccache_name.3 man/man3/gss_krb5_compat_des3_mic.3 man/man3/gss_krb5_copy_ccache.3 @@ -270,9 +274,11 @@ man/man3/hdb__put.3 man/man3/hdb_auth_status.3 man/man3/hdb_check_constrained_delegation.3 man/man3/hdb_check_pkinit_ms_upn_match.3 +man/man3/hdb_check_s4u2self.3 man/man3/hdb_close.3 man/man3/hdb_destroy.3 -man/man3/hdb_fetch.3 +man/man3/hdb_entry_ex.3 +man/man3/hdb_fetch_kvno.3 man/man3/hdb_firstkey.3 man/man3/hdb_free.3 man/man3/hdb_get_realms.3 @@ -286,6 +292,8 @@ man/man3/hdb_rename.3 man/man3/hdb_store.3 man/man3/hdb_unlock.3 man/man3/heim_ntlm_build_ntlm1_master.3 +man/man3/heim_ntlm_build_ntlm2_master.3 +man/man3/heim_ntlm_calculate_lm2.3 man/man3/heim_ntlm_calculate_ntlm1.3 man/man3/heim_ntlm_calculate_ntlm2.3 man/man3/heim_ntlm_decode_targetinfo.3 @@ -298,6 +306,7 @@ man/man3/heim_ntlm_free_targetinfo.3 man/man3/heim_ntlm_free_type1.3 man/man3/heim_ntlm_free_type2.3 man/man3/heim_ntlm_free_type3.3 +man/man3/heim_ntlm_keyex_unwrap.3 man/man3/heim_ntlm_nt_key.3 man/man3/heim_ntlm_ntlmv2_key.3 man/man3/heim_ntlm_verify_ntlm2.3 @@ -625,6 +634,7 @@ man/man3/krb5_checksumsize.3 man/man3/krb5_cksumtype_to_enctype.3 man/man3/krb5_cksumtype_valid.3 man/man3/krb5_clear_error_message.3 +man/man3/krb5_clear_error_string.3 man/man3/krb5_closelog.3 man/man3/krb5_compare_creds.3 man/man3/krb5_config_file_free.3 @@ -679,6 +689,7 @@ man/man3/krb5_crypto_overhead.3 man/man3/krb5_data_alloc.3 man/man3/krb5_data_cmp.3 man/man3/krb5_data_copy.3 +man/man3/krb5_data_ct_cmp.3 man/man3/krb5_data_free.3 man/man3/krb5_data_realloc.3 man/man3/krb5_data_zero.3 @@ -762,11 +773,15 @@ man/man3/krb5_free_krbhst.3 man/man3/krb5_free_principal.3 man/man3/krb5_free_salt.3 man/man3/krb5_free_ticket.3 +man/man3/krb5_free_unparsed_name.3 man/man3/krb5_fwd_tgt_creds.3 man/man3/krb5_generate_random_block.3 +man/man3/krb5_generate_subkey.3 man/man3/krb5_generate_subkey_extended.3 man/man3/krb5_get_all_client_addrs.3 man/man3/krb5_get_all_server_addrs.3 +man/man3/krb5_get_cred_from_kdc.3 +man/man3/krb5_get_cred_from_kdc_opt.3 man/man3/krb5_get_credentials.3 man/man3/krb5_get_credentials_with_flags.3 man/man3/krb5_get_creds.3 @@ -847,7 +862,6 @@ man/man3/krb5_init_creds_set_password.3 man/man3/krb5_init_creds_set_service.3 man/man3/krb5_init_creds_step.3 man/man3/krb5_init_ets.3 -man/man3/krb5_init_etype.3 man/man3/krb5_initlog.3 man/man3/krb5_introduction.3 man/man3/krb5_is_config_principal.3 @@ -884,6 +898,7 @@ man/man3/krb5_kt_get_entry.3 man/man3/krb5_kt_get_full_name.3 man/man3/krb5_kt_get_name.3 man/man3/krb5_kt_get_type.3 +man/man3/krb5_kt_have_content.3 man/man3/krb5_kt_next_entry.3 man/man3/krb5_kt_read_service_key.3 man/man3/krb5_kt_register.3 @@ -1022,6 +1037,7 @@ man/man3/krb5_storage_seek.3 man/man3/krb5_storage_set_byteorder.3 man/man3/krb5_storage_set_eof_code.3 man/man3/krb5_storage_set_flags.3 +man/man3/krb5_storage_set_max_alloc.3 man/man3/krb5_storage_to_data.3 man/man3/krb5_storage_truncate.3 man/man3/krb5_storage_write.3 @@ -1086,6 +1102,7 @@ man/man3/krb5_verify_user_lrealm.3 man/man3/krb5_verify_user_opt.3 man/man3/krb5_vlog.3 man/man3/krb5_vlog_msg.3 +man/man3/krb5_vset_error_string.3 man/man3/krb5_vwarn.3 man/man3/krb_afslog.3 man/man3/krb_afslog_uid.3 @@ -1094,7 +1111,6 @@ man/man3/lm.3 man/man3/ntlm.3 man/man3/ntlm_buf.3 man/man3/ntlm_core.3 -man/man3/ntlm_targetinfo.3 man/man3/ntlm_type1.3 man/man3/ntlm_type2.3 man/man3/ntlm_type3.3 @@ -1132,7 +1148,6 @@ man/man3/rtbl_set_column_prefix.3 man/man3/rtbl_set_flags.3 man/man3/rtbl_set_prefix.3 man/man3/rtbl_set_separator.3 -man/man3/servername.3 man/man3/sessionkey.3 man/man3/targetinfo.3 man/man3/targetname.3 diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo index b777a285ec2..bf987c6d2c8 100644 --- a/security/heimdal/distinfo +++ b/security/heimdal/distinfo @@ -1,14 +1,12 @@ -$NetBSD: distinfo,v 1.33 2011/12/30 18:59:05 tez Exp $ +$NetBSD: distinfo,v 1.34 2012/02/27 12:39:11 asau Exp $ -SHA1 (heimdal-1.4.tar.gz) = b4c876df3637a11deea72f87a6e54f6caf501679 -RMD160 (heimdal-1.4.tar.gz) = 055288f1ab37781f1533299bdff9b0d1e264d470 -Size (heimdal-1.4.tar.gz) = 6095377 bytes +SHA1 (heimdal-1.5.2.tar.gz) = dd0920a181d18236432e4b3e5eab6e468cda4b89 +RMD160 (heimdal-1.5.2.tar.gz) = 1ab2f835309a916dfbba667d3d0d38a57c312fde +Size (heimdal-1.5.2.tar.gz) = 6798615 bytes SHA1 (patch-ad) = 37c2a7cdc4dba695a84057b40aae3c5a971cb546 SHA1 (patch-al) = 022d5f3723bd1db7fe5e92eea5d0106851a5d424 -SHA1 (patch-appl_telnet_libtelnet_encrypt.c) = b8cd432dee8758b8c5790c6fe214f11397446cd8 -SHA1 (patch-ar) = 0a3e7bbd3cb04deb0f6772afd9a6b6b5353463d3 SHA1 (patch-kdc_version-script.map) = 42b0417a16b19a680f30ae34cfffd082f609d4a6 SHA1 (patch-lib_hcrypto_libtommath_tommath.h) = 60f223bb23145854f2a144da9e0a9484728b618a SHA1 (patch-lib_hcrypto_libtommath_tommath_class.h) = 8c7b1e8d30cda79fd59a8ef83094a611b47a43df SHA1 (patch-lib_hcrypto_libtommath_tommath_superclass.h) = 141e75b5b310446694769b16a977fa5b25160fbd -SHA1 (patch-lib_otp_Makefile.in) = 830f0e536a103478d147bb03e7752d5d38ddf03b +SHA1 (patch-lib_otp_Makefile.in) = 0fe1426000824614f0e31d3ab2348948f3f414d3 diff --git a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c b/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c deleted file mode 100644 index c63a37e8c68..00000000000 --- a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-appl_telnet_libtelnet_encrypt.c,v 1.1 2011/12/30 18:59:06 tez Exp $ - -Fix for CVE-2011-4862 from FreeBSD - -When an encryption key is supplied via the TELNET protocol, its length -is not validated before the key is copied into a fixed-size buffer. - ---- appl/telnet/libtelnet/encrypt.c.orig 2011-12-30 11:55:11.373531000 -0600 -+++ appl/telnet/libtelnet/encrypt.c 2011-12-30 11:56:35.109601000 -0600 -@@ -736,6 +736,9 @@ - int dir = kp->dir; - int ret = 0; - -+ if (len > MAXKEYLEN) -+ len = MAXKEYLEN; -+ - if (!(ep = (*kp->getcrypt)(*kp->modep))) { - if (len == 0) - return; diff --git a/security/heimdal/patches/patch-ar b/security/heimdal/patches/patch-ar deleted file mode 100644 index 22a22514305..00000000000 --- a/security/heimdal/patches/patch-ar +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ar,v 1.3 2011/07/08 09:49:22 adam Exp $ - -Why should anyone want to install the libtool wrapper for a library, but -not the library itself? - ---- lib/auth/afskauthlib/Makefile.in.orig 2008-01-24 08:14:21.000000000 -0500 -+++ lib/auth/afskauthlib/Makefile.in -@@ -361,7 +361,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk - @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la - @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la - foodir = $(libdir) --foo_DATA = afskauthlib.so -+foo_DATA = .libs/afskauthlib.so - SRCS = verify.c - OBJS = verify.o - CLEANFILES = $(foo_DATA) $(OBJS) so_locations diff --git a/security/heimdal/patches/patch-lib_otp_Makefile.in b/security/heimdal/patches/patch-lib_otp_Makefile.in index 4adbb09ebdb..26de0c7e7e3 100644 --- a/security/heimdal/patches/patch-lib_otp_Makefile.in +++ b/security/heimdal/patches/patch-lib_otp_Makefile.in @@ -1,23 +1,12 @@ -$NetBSD: patch-lib_otp_Makefile.in,v 1.1 2011/07/08 09:49:22 adam Exp $ +$NetBSD: patch-lib_otp_Makefile.in,v 1.2 2012/02/27 12:39:12 asau Exp $ -Fix linking. - ---- lib/otp/Makefile.in.orig 2011-06-25 11:48:35.000000000 +0000 +--- lib/otp/Makefile.in.orig 2012-01-11 13:04:29.000000000 +0000 +++ lib/otp/Makefile.in -@@ -47,7 +47,6 @@ DIST_COMMON = $(include_HEADERS) $(srcdi - $(top_srcdir)/cf/Makefile.am.common ChangeLog - noinst_PROGRAMS = otptest$(EXEEXT) - check_PROGRAMS = otptest$(EXEEXT) --@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +@@ -50,7 +50,6 @@ check_PROGRAMS = otptest$(EXEEXT) + @HAVE_DB1_TRUE@am__append_1 = $(LIB_db_create) + @HAVE_DB1_FALSE@@HAVE_DB3_TRUE@am__append_2 = $(LIB_db_create) + @HAVE_DB1_FALSE@@HAVE_DB3_FALSE@am__append_3 = $(LIB_NDBM) +-@versionscript_TRUE@am__append_4 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map subdir = lib/otp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ -@@ -404,7 +403,7 @@ otptest_LDADD = libotp.la - include_HEADERS = otp.h - lib_LTLIBRARIES = libotp.la - libotp_la_LDFLAGS = -version-info 1:5:1 $(am__append_1) --libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) -+libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) $(DBLIB) - @HAVE_DB3_FALSE@ndbm_wrap = - @HAVE_DB3_TRUE@ndbm_wrap = ndbm_wrap.c ndbm_wrap.h - dist_libotp_la_SOURCES = \ |