diff options
| author | tez <tez> | 2013-02-28 14:19:36 +0000 |
|---|---|---|
| committer | tez <tez> | 2013-02-28 14:19:36 +0000 |
| commit | 328cbbcb919cd95008a5f10f38676a838ebc5989 (patch) | |
| tree | 0a699452d39e70b41daea8e719d19e50414be1ee /security/mit-krb5 | |
| parent | 1797b8f749cf66506d0c9fef538ea6ebcf87020a (diff) | |
| download | pkgsrc-328cbbcb919cd95008a5f10f38676a838ebc5989.tar.gz | |
Add patch for CVE-2013-1415 (SA52390)
Diffstat (limited to 'security/mit-krb5')
| -rw-r--r-- | security/mit-krb5/Makefile | 4 | ||||
| -rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c | 24 |
3 files changed, 28 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 2b6c8d64c73..c9c3e2f0830 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.64 2013/02/06 23:23:39 jperkin Exp $ +# $NetBSD: Makefile,v 1.65 2013/02/28 14:19:36 tez Exp $ DISTNAME= krb5-1.10.3 PKGNAME= mit-${DISTNAME} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/ EXTRACT_SUFX= .tar diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 28809bde284..61c22e3b053 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.38 2012/12/22 02:27:57 joerg Exp $ +$NetBSD: distinfo,v 1.39 2013/02/28 14:19:36 tez Exp $ SHA1 (krb5-1.10.3-signed.tar) = 04ab9837e5d1958158bcb30bd6480201089a0cbb RMD160 (krb5-1.10.3-signed.tar) = a1c370c8d39106e8e27651f78520e1cc93154731 @@ -23,3 +23,4 @@ SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7 SHA1 (patch-lib_krb5_krb_deltat.c) = 149f4301d2a2ceff17a038c318c2f2f64a2621e4 SHA1 (patch-lib_krb5_krb_x-deltat.y) = 7857c9f374d747f494ebb248f34a17599ccf791f SHA1 (patch-util_k5ev_verto-k5ev.c) = e8f78ec46543793b284c321a6b7362af9f527489 +SHA1 (patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c) = 9aee85446b80dcc7b54cad27364bebff90c7751b diff --git a/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c new file mode 100644 index 00000000000..4d09543ce03 --- /dev/null +++ b/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c @@ -0,0 +1,24 @@ +$NetBSD: patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c,v 1.1 2013/02/28 14:19:36 tez Exp $ + +Patch for CVE-2013-1415 from +http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570 + +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2013-02-27 22:15:40.286439500 +0000 ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -3242,7 +3242,7 @@ pkinit_check_kdc_pkid(krb5_context conte + pkiDebug("found kdcPkId in AS REQ\n"); + is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len); + if (is == NULL) +- goto cleanup; ++ return retval; + + status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer); + if (!status) { +@@ -3252,7 +3252,6 @@ pkinit_check_kdc_pkid(krb5_context conte + } + + retval = 0; +-cleanup: + X509_NAME_free(is->issuer); + ASN1_INTEGER_free(is->serial); + free(is); |