Pullup ticket #3127 - requested by tez

security/mit-krb5: security patch Revisions pulled up: - security/mit-krb5/Makefile 1.49 - security/mit-krb5/distinfo 1.25 - security/mit-krb5/patches/patch-bx 1.1 --- Module Name: pkgsrc Committed By: tez Date: Thu May 20 14:21:23 UTC 2010 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-bx Log Message: fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership
author: tron <tron> 2010-05-20 22:23:50 +0000
committer: tron <tron> 2010-05-20 22:23:50 +0000
commit: 4eff028a50bc234ad3b39517d0afeab5d8f9d990 (patch)
tree: 65ac7e958b50b58dc6014d5843a4878feaeff65f /security/mit-krb5/patches/patch-bx
parent: e79b9ef6076ba819a76a851bc60d996cf268e1fc (diff)
download: pkgsrc-4eff028a50bc234ad3b39517d0afeab5d8f9d990.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/security/mit-krb5/patches/patch-bx b/security/mit-krb5/patches/patch-bx
new file mode 100644
index 00000000000..831723af105
--- /dev/null
+++ b/security/mit-krb5/patches/patch-bx
@@ -0,0 +1,19 @@
+$NetBSD: patch-bx,v 1.1.2.2 2010/05/20 22:23:50 tron Exp $
+fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
+
+--- lib/gssapi/krb5/accept_sec_context.c.orig	2010-05-20 07:13:48.258046700 -0500
++++ lib/gssapi/krb5/accept_sec_context.c	2010-05-20 07:16:20.228175200 -0500
+@@ -423,6 +423,13 @@
+    }
+ #endif
+ 
++   if (authdat->checksum == NULL) {
++      /* missing checksum counts as "inappropriate type" */
++      code = KRB5KRB_AP_ERR_INAPP_CKSUM;
++      major_status = GSS_S_FAILURE;
++      goto fail;
++    }
++
+    {
+        /* gss krb5 v1 */
+
author	tron <tron>	2010-05-20 22:23:50 +0000
committer	tron <tron>	2010-05-20 22:23:50 +0000
commit	4eff028a50bc234ad3b39517d0afeab5d8f9d990 (patch)
tree	65ac7e958b50b58dc6014d5843a4878feaeff65f /security/mit-krb5/patches/patch-bx
parent	e79b9ef6076ba819a76a851bc60d996cf268e1fc (diff)
download	pkgsrc-4eff028a50bc234ad3b39517d0afeab5d8f9d990.tar.gz