diff options
author | lha <lha@pkgsrc.org> | 2006-02-07 12:20:52 +0000 |
---|---|---|
committer | lha <lha@pkgsrc.org> | 2006-02-07 12:20:52 +0000 |
commit | ae3b03d6dd4b0c71a264ed7198aa0ada4c74c69c (patch) | |
tree | 9bf6e567bef616668555e8ce4870732f9d5d9f59 /security | |
parent | a67f880f33a60230a07cdd4c9d594ae4ddc0495f (diff) | |
download | pkgsrc-ae3b03d6dd4b0c71a264ed7198aa0ada4c74c69c.tar.gz |
http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
Changes in Heimdal 0.7.2
* Fix security problem in rshd that enable an attacker to overwrite
and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
in a NULL de-reference before the user logged in, resulting in inetd
turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
exists in the keytab before returning success. This allows servers
to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
uses subkey for sending for compatibility reasons, this will change
in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
successful logins.
* Bug fixes
Diffstat (limited to 'security')
-rw-r--r-- | security/heimdal/Makefile | 5 | ||||
-rw-r--r-- | security/heimdal/distinfo | 16 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ab | 30 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ae | 13 | ||||
-rw-r--r-- | security/heimdal/patches/patch-af | 12 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ag | 13 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ah | 99 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ai | 41 | ||||
-rw-r--r-- | security/heimdal/patches/patch-aj | 71 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ak | 14 |
10 files changed, 6 insertions, 308 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index b0873efa3d2..ed638b84ee2 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.53 2006/01/25 03:47:51 jlam Exp $ +# $NetBSD: Makefile,v 1.54 2006/02/07 12:20:52 lha Exp $ -DISTNAME= heimdal-0.7.1 -PKGREVISION= 2 +DISTNAME= heimdal-0.7.2 CATEGORIES= security MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/ diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo index 067928f6267..4a86593814c 100644 --- a/security/heimdal/distinfo +++ b/security/heimdal/distinfo @@ -1,15 +1,7 @@ -$NetBSD: distinfo,v 1.18 2005/10/29 21:05:28 tonio Exp $ +$NetBSD: distinfo,v 1.19 2006/02/07 12:20:52 lha Exp $ -SHA1 (heimdal-0.7.1.tar.gz) = ab3e6f5fe6de86f7ba7413f8600f9b1ed956b620 -RMD160 (heimdal-0.7.1.tar.gz) = 30373d227452e20187ca4bad1dc980c3f952be26 -Size (heimdal-0.7.1.tar.gz) = 4515175 bytes -SHA1 (patch-ab) = 50c526185cd64e48b7b60f154011e5efa6930570 +SHA1 (heimdal-0.7.2.tar.gz) = a902e6ad7c31d940b588dc0235b348936f0d719d +RMD160 (heimdal-0.7.2.tar.gz) = 0f028a9d5a6a66e8efc0397e4d8c8adc2183b409 +Size (heimdal-0.7.2.tar.gz) = 4525734 bytes SHA1 (patch-ac) = 313c0a1f91e4f9546ae906f981adae0d499dd9cf SHA1 (patch-ad) = a7cfc038e76f8c3da38f8eb0ee48a7f8c7a9c7df -SHA1 (patch-ae) = a9ec9b28a6291786631f900972fe231150d4afe0 -SHA1 (patch-af) = c8ef770eba0647d71f3bbbaca1d3fb0eaa7875d2 -SHA1 (patch-ag) = 003307136227d75729fc4d7f95a7debc7e91136e -SHA1 (patch-ah) = 797785f2f5f1530782d42393d2cc242f03fc20e6 -SHA1 (patch-ai) = 55276d0becee47ae62ccfe5cd837b0fd4d7e6ff6 -SHA1 (patch-aj) = ad30690ce7b7f11a80513df4d3e932bce095d863 -SHA1 (patch-ak) = cf9cf0dd7b40e7fe46efbd4954a66bc451179f4b diff --git a/security/heimdal/patches/patch-ab b/security/heimdal/patches/patch-ab deleted file mode 100644 index b67664f58be..00000000000 --- a/security/heimdal/patches/patch-ab +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-ab,v 1.2 2005/10/26 15:12:45 jlam Exp $ - ---- cf/install-catman.sh.orig 2005-09-09 08:12:22.000000000 -0400 -+++ cf/install-catman.sh -@@ -9,6 +9,7 @@ mkinstalldirs="$1"; shift - srcdir="$1"; shift - manbase="$1"; shift - suffix="$1"; shift -+catinstall="${INSTALL_CATPAGES-yes}" - - for f in "$@"; do - base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'` -@@ -17,7 +18,7 @@ for f in "$@"; do - catdir="$manbase/cat$section" - c="$base.cat$section" - -- if test -f "$srcdir/$c"; then -+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then - if test \! -d "$catdir"; then - eval "$mkinstalldirs $catdir" - fi -@@ -36,7 +37,7 @@ for f in "$@"; do - break - fi - done -- if test -f "$srcdir/$c"; then -+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then - target="$catdir/$link.$suffix" - for cmd in "ln -f $catdir/$base.$suffix $target" \ - "ln -fs $base.$suffix $target" \ diff --git a/security/heimdal/patches/patch-ae b/security/heimdal/patches/patch-ae deleted file mode 100644 index b964bddb558..00000000000 --- a/security/heimdal/patches/patch-ae +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ae,v 1.5 2005/10/26 15:12:45 jlam Exp $ - ---- lib/krb5/krb5_encrypt.3.orig 2005-09-09 08:12:13.000000000 -0400 -+++ lib/krb5/krb5_encrypt.3 -@@ -44,7 +44,7 @@ - .Nm krb5_decrypt_ivec , - .Nm krb5_decrypt_ticket , - .Nm krb5_encrypt , --.Nm krb5_encrypt_EncryptedData, -+.Nm krb5_encrypt_EncryptedData , - .Nm krb5_encrypt_ivec , - .Nm krb5_enctype_disable , - .Nm krb5_enctype_keysize , diff --git a/security/heimdal/patches/patch-af b/security/heimdal/patches/patch-af deleted file mode 100644 index 0fc76745dda..00000000000 --- a/security/heimdal/patches/patch-af +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-af,v 1.3 2005/10/26 15:12:45 jlam Exp $ - ---- lib/krb5/Makefile.in.orig 2005-09-09 08:17:31.000000000 -0400 -+++ lib/krb5/Makefile.in -@@ -737,6 +737,7 @@ man_MANS = \ - krb5_rcache.3 \ - krb5_rd_error.3 \ - krb5_set_default_realm.3 \ -+ krb5_set_password.3 \ - krb5_storage.3 \ - krb5_string_to_key.3 \ - krb5_ticket.3 \ diff --git a/security/heimdal/patches/patch-ag b/security/heimdal/patches/patch-ag deleted file mode 100644 index 6b2c87afc2a..00000000000 --- a/security/heimdal/patches/patch-ag +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ag,v 1.3 2005/10/26 16:44:24 jlam Exp $ - ---- lib/krb5/krb5.h.orig 2005-09-09 08:12:13.000000000 -0400 -+++ lib/krb5/krb5.h -@@ -657,7 +657,7 @@ typedef struct _krb5_get_init_creds_opt - krb5_preauthtype *preauth_list; - int preauth_list_length; - krb5_data *salt; -- struct _krb5_get_init_creds_opt_private *private; -+ struct _krb5_get_init_creds_opt_private *opt_private; - } krb5_get_init_creds_opt; - - #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 diff --git a/security/heimdal/patches/patch-ah b/security/heimdal/patches/patch-ah deleted file mode 100644 index 4f07d9acad2..00000000000 --- a/security/heimdal/patches/patch-ah +++ /dev/null @@ -1,99 +0,0 @@ -$NetBSD: patch-ah,v 1.3 2005/10/26 16:44:24 jlam Exp $ - ---- lib/krb5/init_creds.c.orig 2005-09-09 08:12:13.000000000 -0400 -+++ lib/krb5/init_creds.c -@@ -40,7 +40,7 @@ krb5_get_init_creds_opt_init(krb5_get_in - { - memset (opt, 0, sizeof(*opt)); - opt->flags = 0; -- opt->private = NULL; -+ opt->opt_private = NULL; - } - - krb5_error_code KRB5_LIB_FUNCTION -@@ -56,13 +56,13 @@ krb5_get_init_creds_opt_alloc(krb5_conte - return ENOMEM; - } - krb5_get_init_creds_opt_init(o); -- o->private = calloc(1, sizeof(*o->private)); -- if (o->private == NULL) { -+ o->opt_private = calloc(1, sizeof(*o->opt_private)); -+ if (o->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); - free(o); - return ENOMEM; - } -- o->private->refcount = 1; -+ o->opt_private->refcount = 1; - *opt = o; - return 0; - } -@@ -82,16 +82,16 @@ _krb5_get_init_creds_opt_copy(krb5_conte - } - if (in) - *opt = *in; -- if(opt->private == NULL) { -- opt->private = calloc(1, sizeof(*opt->private)); -- if (opt->private == NULL) { -+ if(opt->opt_private == NULL) { -+ opt->opt_private = calloc(1, sizeof(*opt->opt_private)); -+ if (opt->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); - free(opt); - return ENOMEM; - } -- opt->private->refcount = 1; -+ opt->opt_private->refcount = 1; - } else -- opt->private->refcount++; -+ opt->opt_private->refcount++; - *out = opt; - return 0; - } -@@ -99,13 +99,13 @@ _krb5_get_init_creds_opt_copy(krb5_conte - void KRB5_LIB_FUNCTION - krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) - { -- if (opt->private == NULL) -+ if (opt->opt_private == NULL) - return; -- if (opt->private->refcount < 1) /* abort ? */ -+ if (opt->opt_private->refcount < 1) /* abort ? */ - return; -- if (--opt->private->refcount == 0) { -+ if (--opt->opt_private->refcount == 0) { - _krb5_get_init_creds_opt_free_pkinit(opt); -- free(opt->private); -+ free(opt->opt_private); - } - memset(opt, 0, sizeof(*opt)); - free(opt); -@@ -293,7 +293,7 @@ require_ext_opt(krb5_context context, - krb5_get_init_creds_opt *opt, - const char *type) - { -- if (opt->private == NULL) { -+ if (opt->opt_private == NULL) { - krb5_set_error_string(context, "%s on non extendable opt", type); - return EINVAL; - } -@@ -310,8 +310,8 @@ krb5_get_init_creds_opt_set_pa_password( - ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password"); - if (ret) - return ret; -- opt->private->password = password; -- opt->private->key_proc = key_proc; -+ opt->opt_private->password = password; -+ opt->opt_private->key_proc = key_proc; - return 0; - } - -@@ -324,7 +324,7 @@ krb5_get_init_creds_opt_set_pac_request( - ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req"); - if (ret) - return ret; -- opt->private->req_pac = req_pac ? -+ opt->opt_private->req_pac = req_pac ? - KRB5_PA_PAC_REQ_TRUE : - KRB5_PA_PAC_REQ_FALSE; - return 0; diff --git a/security/heimdal/patches/patch-ai b/security/heimdal/patches/patch-ai deleted file mode 100644 index b50fb86df06..00000000000 --- a/security/heimdal/patches/patch-ai +++ /dev/null @@ -1,41 +0,0 @@ -$NetBSD: patch-ai,v 1.1 2005/10/26 16:44:24 jlam Exp $ - ---- lib/krb5/init_creds_pw.c.orig 2005-09-09 08:12:13.000000000 -0400 -+++ lib/krb5/init_creds_pw.c -@@ -274,11 +274,11 @@ get_init_creds_common(krb5_context conte - options = &default_opt; - } - -- if (options->private) { -- ctx->password = options->private->password; -- ctx->key_proc = options->private->key_proc; -- ctx->req_pac = options->private->req_pac; -- ctx->pk_init_ctx = options->private->pk_init_ctx; -+ if (options->opt_private) { -+ ctx->password = options->opt_private->password; -+ ctx->key_proc = options->opt_private->key_proc; -+ ctx->req_pac = options->opt_private->req_pac; -+ ctx->pk_init_ctx = options->opt_private->pk_init_ctx; - } else - ctx->req_pac = KRB5_PA_PAC_DONT_CARE; - -@@ -1458,8 +1458,8 @@ krb5_get_init_creds_password(krb5_contex - return ret; - - if (password == NULL && -- options->private->password == NULL && -- options->private->pk_init_ctx == NULL) -+ options->opt_private->password == NULL && -+ options->opt_private->pk_init_ctx == NULL) - { - krb5_prompt prompt; - krb5_data password_data; -@@ -1487,7 +1487,7 @@ krb5_get_init_creds_password(krb5_contex - password = password_data.data; - } - -- if (options->private->password == NULL) { -+ if (options->opt_private->password == NULL) { - ret = krb5_get_init_creds_opt_set_pa_password(context, options, - password, NULL); - if (ret) { diff --git a/security/heimdal/patches/patch-aj b/security/heimdal/patches/patch-aj deleted file mode 100644 index 19da1a78378..00000000000 --- a/security/heimdal/patches/patch-aj +++ /dev/null @@ -1,71 +0,0 @@ -$NetBSD: patch-aj,v 1.1 2005/10/26 16:44:24 jlam Exp $ - ---- lib/krb5/pkinit.c.orig 2005-09-09 08:12:14.000000000 -0400 -+++ lib/krb5/pkinit.c -@@ -2469,9 +2469,9 @@ _krb5_get_init_creds_opt_free_pkinit(krb - #ifdef PKINIT - krb5_pk_init_ctx ctx; - -- if (opt->private == NULL || opt->private->pk_init_ctx == NULL) -+ if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL) - return; -- ctx = opt->private->pk_init_ctx; -+ ctx = opt->opt_private->pk_init_ctx; - if (ctx->dh) - DH_free(ctx->dh); - ctx->dh = NULL; -@@ -2490,7 +2490,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb - free(ctx->id); - ctx->id = NULL; - } -- opt->private->pk_init_ctx = NULL; -+ opt->opt_private->pk_init_ctx = NULL; - #endif - } - -@@ -2508,28 +2508,28 @@ krb5_get_init_creds_opt_set_pkinit(krb5_ - #ifdef PKINIT - krb5_error_code ret; - -- if (opt->private == NULL) { -+ if (opt->opt_private == NULL) { - krb5_set_error_string(context, "PKINIT: on non extendable opt"); - return EINVAL; - } - -- opt->private->pk_init_ctx = malloc(sizeof(*opt->private->pk_init_ctx)); -- if (opt->private->pk_init_ctx == NULL) { -+ opt->opt_private->pk_init_ctx = malloc(sizeof(*opt->opt_private->pk_init_ctx)); -+ if (opt->opt_private->pk_init_ctx == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } -- opt->private->pk_init_ctx->dh = NULL; -- opt->private->pk_init_ctx->id = NULL; -+ opt->opt_private->pk_init_ctx->dh = NULL; -+ opt->opt_private->pk_init_ctx->id = NULL; - ret = _krb5_pk_load_openssl_id(context, -- &opt->private->pk_init_ctx->id, -+ &opt->opt_private->pk_init_ctx->id, - user_id, - x509_anchors, - prompter, - prompter_data, - password); - if (ret) { -- free(opt->private->pk_init_ctx); -- opt->private->pk_init_ctx = NULL; -+ free(opt->opt_private->pk_init_ctx); -+ opt->opt_private->pk_init_ctx = NULL; - } - - /* XXX */ -@@ -2556,7 +2556,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_ - _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; - } -- opt->private->pk_init_ctx->dh = dh; -+ opt->opt_private->pk_init_ctx->dh = dh; - if (!BN_hex2bn(&dh->p, P)) { - _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; diff --git a/security/heimdal/patches/patch-ak b/security/heimdal/patches/patch-ak deleted file mode 100644 index 319ce83d4bb..00000000000 --- a/security/heimdal/patches/patch-ak +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-ak,v 1.2 2005/10/29 21:05:28 tonio Exp $ - ---- kcm/connect.c.orig 2005-10-29 17:36:00.000000000 +0200 -+++ kcm/connect.c -@@ -32,4 +32,9 @@ - */ - -+#if defined(__DragonFly__) || defined(__APPLE__) -+#include <sys/param.h> -+#include <sys/ucred.h> -+#endif -+ - #include "kcm_locl.h" - |