Changes 1.10.4:

This is a bugfix release.
Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016, CVE-2013-1415]
Prevent the KDC from returning a host-based service principal referral to the local realm.

6 files changed, 10 insertions, 244 deletions

diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index c9c3e2f0830..5eab6180ee5 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2013/02/28 14:19:36 tez Exp $
+# $NetBSD: Makefile,v 1.66 2013/03/13 12:35:40 adam Exp $
 
-DISTNAME=	krb5-1.10.3
+DISTNAME=	krb5-1.10.4
 PKGNAME=	mit-${DISTNAME}
-PKGREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=	.tar
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 61c22e3b053..8e1781d8d99 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.39 2013/02/28 14:19:36 tez Exp $
+$NetBSD: distinfo,v 1.40 2013/03/13 12:35:40 adam Exp $
 
-SHA1 (krb5-1.10.3-signed.tar) = 04ab9837e5d1958158bcb30bd6480201089a0cbb
-RMD160 (krb5-1.10.3-signed.tar) = a1c370c8d39106e8e27651f78520e1cc93154731
-Size (krb5-1.10.3-signed.tar) = 11530240 bytes
+SHA1 (krb5-1.10.4-signed.tar) = 2b4a0743b95b09cb433d25909e599de27c352f10
+RMD160 (krb5-1.10.4-signed.tar) = 1dbf18f1a02744941ebde3b1db93b2e63e59afcd
+Size (krb5-1.10.4-signed.tar) = 11632640 bytes
 SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d
 SHA1 (patch-ad) = b56a7218007560470179dd811c84b8c690c966ac
 SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd
@@ -20,7 +20,4 @@ SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b
 SHA1 (patch-ck) = 37bfef80329f8ae0fb35c35e70032a0040ba5591
 SHA1 (patch-kadmin_dbutil_dump.c) = 4b49c116dbed9e6be4a0bf0a731c3ae82808d82e
 SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7
-SHA1 (patch-lib_krb5_krb_deltat.c) = 149f4301d2a2ceff17a038c318c2f2f64a2621e4
-SHA1 (patch-lib_krb5_krb_x-deltat.y) = 7857c9f374d747f494ebb248f34a17599ccf791f
-SHA1 (patch-util_k5ev_verto-k5ev.c) = e8f78ec46543793b284c321a6b7362af9f527489
-SHA1 (patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c) = 9aee85446b80dcc7b54cad27364bebff90c7751b
+SHA1 (patch-util_k5ev_verto-k5ev.c) = 79a2be64fa4f9b0dc3a333271e8a3ff7944e5c18
diff --git a/security/mit-krb5/patches/patch-lib_krb5_krb_deltat.c b/security/mit-krb5/patches/patch-lib_krb5_krb_deltat.c
deleted file mode 100644
index 448355f8c3d..00000000000
--- a/security/mit-krb5/patches/patch-lib_krb5_krb_deltat.c
+++ /dev/null
@@ -1,192 +0,0 @@
-$NetBSD: patch-lib_krb5_krb_deltat.c,v 1.1 2012/10/12 08:06:25 marino Exp $
-
-Required for gcc 4.7 (taken from upstream)
-
---- lib/krb5/krb/deltat.c.orig	2012-08-08 22:27:56.000000000 +0000
-+++ lib/krb5/krb/deltat.c
-@@ -77,6 +77,7 @@
- #ifdef __GNUC__
- #pragma GCC diagnostic push
- #pragma GCC diagnostic ignored "-Wuninitialized"
-+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
- #endif
- 
- #include <ctype.h>
-@@ -163,7 +164,7 @@ static int yyparse (void *);
- 
- 
- /* Line 189 of yacc.c  */
--#line 167 "deltat.c"
-+#line 168 "deltat.c"
- 
- /* Enabling traces.  */
- #ifndef YYDEBUG
-@@ -204,12 +205,12 @@ typedef union YYSTYPE
- {
- 
- /* Line 214 of yacc.c  */
--#line 134 "x-deltat.y"
-+#line 135 "x-deltat.y"
-  int val;
- 
- 
- /* Line 214 of yacc.c  */
--#line 213 "deltat.c"
-+#line 214 "deltat.c"
- } YYSTYPE;
- # define YYSTYPE_IS_TRIVIAL 1
- # define yystype YYSTYPE /* obsolescent; will be withdrawn */
-@@ -221,7 +222,7 @@ typedef union YYSTYPE
- 
- 
- /* Line 264 of yacc.c  */
--#line 225 "deltat.c"
-+#line 226 "deltat.c"
- 
- #ifdef short
- # undef short
-@@ -512,9 +513,9 @@ static const yytype_int8 yyrhs[] =
- /* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
- static const yytype_uint8 yyrline[] =
- {
--       0,   145,   145,   146,   146,   147,   147,   148,   148,   149,
--     150,   152,   153,   154,   155,   156,   157,   158,   159,   163,
--     164,   167,   168,   171,   172
-+       0,   146,   146,   147,   147,   148,   148,   149,   149,   150,
-+     151,   153,   154,   155,   156,   157,   158,   159,   160,   164,
-+     165,   168,   169,   172,   173
- };
- #endif
- 
-@@ -1442,84 +1443,84 @@ yyreduce:
-         case 6:
- 
- /* Line 1464 of yacc.c  */
--#line 147 "x-deltat.y"
-+#line 148 "x-deltat.y"
-     { (yyval.val) = - (yyvsp[(2) - (2)].val); ;}
-     break;
- 
-   case 9:
- 
- /* Line 1464 of yacc.c  */
--#line 149 "x-deltat.y"
-+#line 150 "x-deltat.y"
-     { (yyval.val) = (yyvsp[(2) - (2)].val); ;}
-     break;
- 
-   case 10:
- 
- /* Line 1464 of yacc.c  */
--#line 150 "x-deltat.y"
-+#line 151 "x-deltat.y"
-     { YYERROR; ;}
-     break;
- 
-   case 11:
- 
- /* Line 1464 of yacc.c  */
--#line 152 "x-deltat.y"
-+#line 153 "x-deltat.y"
-     { DO ((yyvsp[(1) - (3)].val),  0,  0, (yyvsp[(3) - (3)].val)); ;}
-     break;
- 
-   case 12:
- 
- /* Line 1464 of yacc.c  */
--#line 153 "x-deltat.y"
-+#line 154 "x-deltat.y"
-     { DO ( 0, (yyvsp[(1) - (3)].val),  0, (yyvsp[(3) - (3)].val)); ;}
-     break;
- 
-   case 13:
- 
- /* Line 1464 of yacc.c  */
--#line 154 "x-deltat.y"
-+#line 155 "x-deltat.y"
-     { DO ( 0,  0, (yyvsp[(1) - (3)].val), (yyvsp[(3) - (3)].val)); ;}
-     break;
- 
-   case 14:
- 
- /* Line 1464 of yacc.c  */
--#line 155 "x-deltat.y"
-+#line 156 "x-deltat.y"
-     { DO ( 0,  0,  0, (yyvsp[(1) - (2)].val)); ;}
-     break;
- 
-   case 15:
- 
- /* Line 1464 of yacc.c  */
--#line 156 "x-deltat.y"
-+#line 157 "x-deltat.y"
-     { DO ((yyvsp[(1) - (7)].val), (yyvsp[(3) - (7)].val), (yyvsp[(5) - (7)].val), (yyvsp[(7) - (7)].val)); ;}
-     break;
- 
-   case 16:
- 
- /* Line 1464 of yacc.c  */
--#line 157 "x-deltat.y"
-+#line 158 "x-deltat.y"
-     { DO ( 0, (yyvsp[(1) - (5)].val), (yyvsp[(3) - (5)].val), (yyvsp[(5) - (5)].val)); ;}
-     break;
- 
-   case 17:
- 
- /* Line 1464 of yacc.c  */
--#line 158 "x-deltat.y"
-+#line 159 "x-deltat.y"
-     { DO ( 0, (yyvsp[(1) - (3)].val), (yyvsp[(3) - (3)].val),  0); ;}
-     break;
- 
-   case 18:
- 
- /* Line 1464 of yacc.c  */
--#line 159 "x-deltat.y"
-+#line 160 "x-deltat.y"
-     { DO ( 0,  0,  0, (yyvsp[(1) - (1)].val)); ;}
-     break;
- 
-   case 20:
- 
- /* Line 1464 of yacc.c  */
--#line 164 "x-deltat.y"
-+#line 165 "x-deltat.y"
-     { if (HOUR_NOT_OK((yyvsp[(1) - (3)].val))) YYERROR;
- 	                                  DO_SUM((yyval.val), (yyvsp[(1) - (3)].val) * 3600, (yyvsp[(3) - (3)].val)); ;}
-     break;
-@@ -1527,7 +1528,7 @@ yyreduce:
-   case 22:
- 
- /* Line 1464 of yacc.c  */
--#line 168 "x-deltat.y"
-+#line 169 "x-deltat.y"
-     { if (MIN_NOT_OK((yyvsp[(1) - (3)].val))) YYERROR;
- 	                                  DO_SUM((yyval.val), (yyvsp[(1) - (3)].val) * 60, (yyvsp[(3) - (3)].val)); ;}
-     break;
-@@ -1535,14 +1536,14 @@ yyreduce:
-   case 23:
- 
- /* Line 1464 of yacc.c  */
--#line 171 "x-deltat.y"
-+#line 172 "x-deltat.y"
-     { (yyval.val) = 0; ;}
-     break;
- 
- 
- 
- /* Line 1464 of yacc.c  */
--#line 1546 "deltat.c"
-+#line 1547 "deltat.c"
-       default: break;
-     }
-   YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-@@ -1754,7 +1755,7 @@ yyreturn:
- 
- 
- /* Line 1684 of yacc.c  */
--#line 174 "x-deltat.y"
-+#line 175 "x-deltat.y"
- 
- 
- #ifdef __GNUC__
diff --git a/security/mit-krb5/patches/patch-lib_krb5_krb_x-deltat.y b/security/mit-krb5/patches/patch-lib_krb5_krb_x-deltat.y
deleted file mode 100644
index 05d6d9606e0..00000000000
--- a/security/mit-krb5/patches/patch-lib_krb5_krb_x-deltat.y
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-lib_krb5_krb_x-deltat.y,v 1.1 2012/10/12 08:06:25 marino Exp $
-
-Required for gcc 4.7 at least (taken from upstream)
-
---- lib/krb5/krb/x-deltat.y.orig	2012-08-08 22:27:56.000000000 +0000
-+++ lib/krb5/krb/x-deltat.y
-@@ -44,6 +44,7 @@
- #ifdef __GNUC__
- #pragma GCC diagnostic push
- #pragma GCC diagnostic ignored "-Wuninitialized"
-+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
- #endif
- 
- #include <ctype.h>
diff --git a/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
deleted file mode 100644
index 4d09543ce03..00000000000
--- a/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c,v 1.1 2013/02/28 14:19:36 tez Exp $
-
-Patch for CVE-2013-1415 from
-http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570
-
---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig	2013-02-27 22:15:40.286439500 +0000
-+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -3242,7 +3242,7 @@ pkinit_check_kdc_pkid(krb5_context conte
-     pkiDebug("found kdcPkId in AS REQ\n");
-     is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len);
-     if (is == NULL)
--        goto cleanup;
-+        return retval;
- 
-     status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer);
-     if (!status) {
-@@ -3252,7 +3252,6 @@ pkinit_check_kdc_pkid(krb5_context conte
-     }
- 
-     retval = 0;
--cleanup:
-     X509_NAME_free(is->issuer);
-     ASN1_INTEGER_free(is->serial);
-     free(is);
diff --git a/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c b/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c
index d2c8090204f..c1d355f02c2 100644
--- a/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c
+++ b/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c
@@ -1,8 +1,8 @@
-$NetBSD: patch-util_k5ev_verto-k5ev.c,v 1.1 2012/07/16 19:12:33 adam Exp $
+$NetBSD: patch-util_k5ev_verto-k5ev.c,v 1.2 2013/03/13 12:35:40 adam Exp $
 
 Fix include file path
 
---- util/k5ev/verto-k5ev.c.orig	2012-06-27 13:41:58.000000000 +0000
+--- util/k5ev/verto-k5ev.c.orig	2013-03-02 01:05:38.000000000 +0000
 +++ util/k5ev/verto-k5ev.c
 @@ -34,7 +34,7 @@
  
@@ -12,4 +12,4 @@ Fix include file path
 +#include "gssrpc/rename.h"
  #include "autoconf.h"
  #define EV_STANDALONE 1
- /* Avoids using clock_gettime; we probably shouldn't have to do this. */
+ /* Avoid using clock_gettime, which would create a dependency on librt. */