diff options
author | tez <tez@pkgsrc.org> | 2014-11-25 23:40:49 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2014-11-25 23:40:49 +0000 |
commit | 33902e3662d252d09e44e98c36a9098e5722e3c7 (patch) | |
tree | 55616934753c78cc6df6063fe9a281d81f5e5432 /security/mit-krb5 | |
parent | 7c297b2dabc0cad04fcf529a8b3026fdf0e86d5b (diff) | |
download | pkgsrc-33902e3662d252d09e44e98c36a9098e5722e3c7.tar.gz |
Add patch for CVE-2014-5351 from:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff
Diffstat (limited to 'security/mit-krb5')
-rw-r--r-- | security/mit-krb5/Makefile | 4 | ||||
-rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-CVE-2014-5351 | 51 |
3 files changed, 55 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 15233677abb..61a45bb4e12 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.76 2014/08/28 22:23:05 tez Exp $ +# $NetBSD: Makefile,v 1.77 2014/11/25 23:40:49 tez Exp $ DISTNAME= krb5-1.10.7 PKGNAME= mit-${DISTNAME} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/ EXTRACT_SUFX= .tar diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index ccc9b532649..abeb8602a2c 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.48 2014/08/28 22:23:05 tez Exp $ +$NetBSD: distinfo,v 1.49 2014/11/25 23:40:49 tez Exp $ SHA1 (2014-001-patch.txt) = 919402bf3b7c289e847e9adc03a7c30f26966769 RMD160 (2014-001-patch.txt) = a39c8e12e79ab273d562b04c1e7811c414dd70e8 @@ -9,6 +9,7 @@ Size (krb5-1.10.7-signed.tar) = 11632640 bytes SHA1 (patch-CVE-2014-4341) = 97b316fb3c5dfc626827a13baa5dcf623d67da3c SHA1 (patch-CVE-2014-4343) = e7d4604d81671f71c9cd9461b65a9e87b5982baa SHA1 (patch-CVE-2014-4344) = b7ae530beaffcf1c095e6f94bdf608b7a140b064 +SHA1 (patch-CVE-2014-5351) = 2948e2a9f7adb97b8cb70bb8f0043c45e5822465 SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d SHA1 (patch-ad) = b56a7218007560470179dd811c84b8c690c966ac SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd diff --git a/security/mit-krb5/patches/patch-CVE-2014-5351 b/security/mit-krb5/patches/patch-CVE-2014-5351 new file mode 100644 index 00000000000..49534c6c8b5 --- /dev/null +++ b/security/mit-krb5/patches/patch-CVE-2014-5351 @@ -0,0 +1,51 @@ +$NetBSD: patch-CVE-2014-5351,v 1.1 2014/11/25 23:40:49 tez Exp $ + +Patch for CVE-2014-5351 from: +http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018 +https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff + + +--- lib/kadm5/srv/svr_principal.c.orig 2014-11-25 17:09:26.278975276 -0600 ++++ lib/kadm5/srv/svr_principal.c 2014-11-25 17:11:45.406746599 -0600 +@@ -200,6 +200,20 @@ + *passptr = NULL; + } + ++/* Return the number of keys with the newest kvno. Assumes that all key data ++ * with the newest kvno are at the front of the key data array. */ ++static int ++count_new_keys(int n_key_data, krb5_key_data *key_data) ++{ ++ int n; ++ ++ for (n = 1; n < n_key_data; n++) { ++ if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno) ++ return n; ++ } ++ return n_key_data; ++} ++ + kadm5_ret_t + kadm5_create_principal(void *server_handle, + kadm5_principal_ent_t entry, long mask, +@@ -1581,7 +1595,7 @@ + osa_princ_ent_rec adb; + krb5_int32 now; + kadm5_policy_ent_rec pol; +- int ret, last_pwd, have_pol = 0; ++ int ret, last_pwd, n_new_keys, have_pol = 0; + kadm5_server_handle_t handle = server_handle; + krb5_keyblock *act_mkey; + +@@ -1667,8 +1681,9 @@ + kdb->fail_auth_count = 0; + + if (keyblocks) { +- ret = decrypt_key_data(handle->context, +- kdb->n_key_data, kdb->key_data, ++ /* Return only the new keys added by krb5_dbe_crk. */ ++ n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data); ++ ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data, + keyblocks, n_keys); + if (ret) + goto done; |