summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorlha <lha@pkgsrc.org>2006-02-07 12:20:52 +0000
committerlha <lha@pkgsrc.org>2006-02-07 12:20:52 +0000
commitae3b03d6dd4b0c71a264ed7198aa0ada4c74c69c (patch)
tree9bf6e567bef616668555e8ce4870732f9d5d9f59 /security
parenta67f880f33a60230a07cdd4c9d594ae4ddc0495f (diff)
downloadpkgsrc-ae3b03d6dd4b0c71a264ed7198aa0ada4c74c69c.tar.gz
http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes
Diffstat (limited to 'security')
-rw-r--r--security/heimdal/Makefile5
-rw-r--r--security/heimdal/distinfo16
-rw-r--r--security/heimdal/patches/patch-ab30
-rw-r--r--security/heimdal/patches/patch-ae13
-rw-r--r--security/heimdal/patches/patch-af12
-rw-r--r--security/heimdal/patches/patch-ag13
-rw-r--r--security/heimdal/patches/patch-ah99
-rw-r--r--security/heimdal/patches/patch-ai41
-rw-r--r--security/heimdal/patches/patch-aj71
-rw-r--r--security/heimdal/patches/patch-ak14
10 files changed, 6 insertions, 308 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index b0873efa3d2..ed638b84ee2 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.53 2006/01/25 03:47:51 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2006/02/07 12:20:52 lha Exp $
-DISTNAME= heimdal-0.7.1
-PKGREVISION= 2
+DISTNAME= heimdal-0.7.2
CATEGORIES= security
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/
diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
index 067928f6267..4a86593814c 100644
--- a/security/heimdal/distinfo
+++ b/security/heimdal/distinfo
@@ -1,15 +1,7 @@
-$NetBSD: distinfo,v 1.18 2005/10/29 21:05:28 tonio Exp $
+$NetBSD: distinfo,v 1.19 2006/02/07 12:20:52 lha Exp $
-SHA1 (heimdal-0.7.1.tar.gz) = ab3e6f5fe6de86f7ba7413f8600f9b1ed956b620
-RMD160 (heimdal-0.7.1.tar.gz) = 30373d227452e20187ca4bad1dc980c3f952be26
-Size (heimdal-0.7.1.tar.gz) = 4515175 bytes
-SHA1 (patch-ab) = 50c526185cd64e48b7b60f154011e5efa6930570
+SHA1 (heimdal-0.7.2.tar.gz) = a902e6ad7c31d940b588dc0235b348936f0d719d
+RMD160 (heimdal-0.7.2.tar.gz) = 0f028a9d5a6a66e8efc0397e4d8c8adc2183b409
+Size (heimdal-0.7.2.tar.gz) = 4525734 bytes
SHA1 (patch-ac) = 313c0a1f91e4f9546ae906f981adae0d499dd9cf
SHA1 (patch-ad) = a7cfc038e76f8c3da38f8eb0ee48a7f8c7a9c7df
-SHA1 (patch-ae) = a9ec9b28a6291786631f900972fe231150d4afe0
-SHA1 (patch-af) = c8ef770eba0647d71f3bbbaca1d3fb0eaa7875d2
-SHA1 (patch-ag) = 003307136227d75729fc4d7f95a7debc7e91136e
-SHA1 (patch-ah) = 797785f2f5f1530782d42393d2cc242f03fc20e6
-SHA1 (patch-ai) = 55276d0becee47ae62ccfe5cd837b0fd4d7e6ff6
-SHA1 (patch-aj) = ad30690ce7b7f11a80513df4d3e932bce095d863
-SHA1 (patch-ak) = cf9cf0dd7b40e7fe46efbd4954a66bc451179f4b
diff --git a/security/heimdal/patches/patch-ab b/security/heimdal/patches/patch-ab
deleted file mode 100644
index b67664f58be..00000000000
--- a/security/heimdal/patches/patch-ab
+++ /dev/null
@@ -1,30 +0,0 @@
-$NetBSD: patch-ab,v 1.2 2005/10/26 15:12:45 jlam Exp $
-
---- cf/install-catman.sh.orig 2005-09-09 08:12:22.000000000 -0400
-+++ cf/install-catman.sh
-@@ -9,6 +9,7 @@ mkinstalldirs="$1"; shift
- srcdir="$1"; shift
- manbase="$1"; shift
- suffix="$1"; shift
-+catinstall="${INSTALL_CATPAGES-yes}"
-
- for f in "$@"; do
- base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
-@@ -17,7 +18,7 @@ for f in "$@"; do
- catdir="$manbase/cat$section"
- c="$base.cat$section"
-
-- if test -f "$srcdir/$c"; then
-+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then
- if test \! -d "$catdir"; then
- eval "$mkinstalldirs $catdir"
- fi
-@@ -36,7 +37,7 @@ for f in "$@"; do
- break
- fi
- done
-- if test -f "$srcdir/$c"; then
-+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then
- target="$catdir/$link.$suffix"
- for cmd in "ln -f $catdir/$base.$suffix $target" \
- "ln -fs $base.$suffix $target" \
diff --git a/security/heimdal/patches/patch-ae b/security/heimdal/patches/patch-ae
deleted file mode 100644
index b964bddb558..00000000000
--- a/security/heimdal/patches/patch-ae
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ae,v 1.5 2005/10/26 15:12:45 jlam Exp $
-
---- lib/krb5/krb5_encrypt.3.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/krb5_encrypt.3
-@@ -44,7 +44,7 @@
- .Nm krb5_decrypt_ivec ,
- .Nm krb5_decrypt_ticket ,
- .Nm krb5_encrypt ,
--.Nm krb5_encrypt_EncryptedData,
-+.Nm krb5_encrypt_EncryptedData ,
- .Nm krb5_encrypt_ivec ,
- .Nm krb5_enctype_disable ,
- .Nm krb5_enctype_keysize ,
diff --git a/security/heimdal/patches/patch-af b/security/heimdal/patches/patch-af
deleted file mode 100644
index 0fc76745dda..00000000000
--- a/security/heimdal/patches/patch-af
+++ /dev/null
@@ -1,12 +0,0 @@
-$NetBSD: patch-af,v 1.3 2005/10/26 15:12:45 jlam Exp $
-
---- lib/krb5/Makefile.in.orig 2005-09-09 08:17:31.000000000 -0400
-+++ lib/krb5/Makefile.in
-@@ -737,6 +737,7 @@ man_MANS = \
- krb5_rcache.3 \
- krb5_rd_error.3 \
- krb5_set_default_realm.3 \
-+ krb5_set_password.3 \
- krb5_storage.3 \
- krb5_string_to_key.3 \
- krb5_ticket.3 \
diff --git a/security/heimdal/patches/patch-ag b/security/heimdal/patches/patch-ag
deleted file mode 100644
index 6b2c87afc2a..00000000000
--- a/security/heimdal/patches/patch-ag
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ag,v 1.3 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/krb5.h.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/krb5.h
-@@ -657,7 +657,7 @@ typedef struct _krb5_get_init_creds_opt
- krb5_preauthtype *preauth_list;
- int preauth_list_length;
- krb5_data *salt;
-- struct _krb5_get_init_creds_opt_private *private;
-+ struct _krb5_get_init_creds_opt_private *opt_private;
- } krb5_get_init_creds_opt;
-
- #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
diff --git a/security/heimdal/patches/patch-ah b/security/heimdal/patches/patch-ah
deleted file mode 100644
index 4f07d9acad2..00000000000
--- a/security/heimdal/patches/patch-ah
+++ /dev/null
@@ -1,99 +0,0 @@
-$NetBSD: patch-ah,v 1.3 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/init_creds.c.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/init_creds.c
-@@ -40,7 +40,7 @@ krb5_get_init_creds_opt_init(krb5_get_in
- {
- memset (opt, 0, sizeof(*opt));
- opt->flags = 0;
-- opt->private = NULL;
-+ opt->opt_private = NULL;
- }
-
- krb5_error_code KRB5_LIB_FUNCTION
-@@ -56,13 +56,13 @@ krb5_get_init_creds_opt_alloc(krb5_conte
- return ENOMEM;
- }
- krb5_get_init_creds_opt_init(o);
-- o->private = calloc(1, sizeof(*o->private));
-- if (o->private == NULL) {
-+ o->opt_private = calloc(1, sizeof(*o->opt_private));
-+ if (o->opt_private == NULL) {
- krb5_set_error_string(context, "out of memory");
- free(o);
- return ENOMEM;
- }
-- o->private->refcount = 1;
-+ o->opt_private->refcount = 1;
- *opt = o;
- return 0;
- }
-@@ -82,16 +82,16 @@ _krb5_get_init_creds_opt_copy(krb5_conte
- }
- if (in)
- *opt = *in;
-- if(opt->private == NULL) {
-- opt->private = calloc(1, sizeof(*opt->private));
-- if (opt->private == NULL) {
-+ if(opt->opt_private == NULL) {
-+ opt->opt_private = calloc(1, sizeof(*opt->opt_private));
-+ if (opt->opt_private == NULL) {
- krb5_set_error_string(context, "out of memory");
- free(opt);
- return ENOMEM;
- }
-- opt->private->refcount = 1;
-+ opt->opt_private->refcount = 1;
- } else
-- opt->private->refcount++;
-+ opt->opt_private->refcount++;
- *out = opt;
- return 0;
- }
-@@ -99,13 +99,13 @@ _krb5_get_init_creds_opt_copy(krb5_conte
- void KRB5_LIB_FUNCTION
- krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt)
- {
-- if (opt->private == NULL)
-+ if (opt->opt_private == NULL)
- return;
-- if (opt->private->refcount < 1) /* abort ? */
-+ if (opt->opt_private->refcount < 1) /* abort ? */
- return;
-- if (--opt->private->refcount == 0) {
-+ if (--opt->opt_private->refcount == 0) {
- _krb5_get_init_creds_opt_free_pkinit(opt);
-- free(opt->private);
-+ free(opt->opt_private);
- }
- memset(opt, 0, sizeof(*opt));
- free(opt);
-@@ -293,7 +293,7 @@ require_ext_opt(krb5_context context,
- krb5_get_init_creds_opt *opt,
- const char *type)
- {
-- if (opt->private == NULL) {
-+ if (opt->opt_private == NULL) {
- krb5_set_error_string(context, "%s on non extendable opt", type);
- return EINVAL;
- }
-@@ -310,8 +310,8 @@ krb5_get_init_creds_opt_set_pa_password(
- ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
- if (ret)
- return ret;
-- opt->private->password = password;
-- opt->private->key_proc = key_proc;
-+ opt->opt_private->password = password;
-+ opt->opt_private->key_proc = key_proc;
- return 0;
- }
-
-@@ -324,7 +324,7 @@ krb5_get_init_creds_opt_set_pac_request(
- ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
- if (ret)
- return ret;
-- opt->private->req_pac = req_pac ?
-+ opt->opt_private->req_pac = req_pac ?
- KRB5_PA_PAC_REQ_TRUE :
- KRB5_PA_PAC_REQ_FALSE;
- return 0;
diff --git a/security/heimdal/patches/patch-ai b/security/heimdal/patches/patch-ai
deleted file mode 100644
index b50fb86df06..00000000000
--- a/security/heimdal/patches/patch-ai
+++ /dev/null
@@ -1,41 +0,0 @@
-$NetBSD: patch-ai,v 1.1 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/init_creds_pw.c.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/init_creds_pw.c
-@@ -274,11 +274,11 @@ get_init_creds_common(krb5_context conte
- options = &default_opt;
- }
-
-- if (options->private) {
-- ctx->password = options->private->password;
-- ctx->key_proc = options->private->key_proc;
-- ctx->req_pac = options->private->req_pac;
-- ctx->pk_init_ctx = options->private->pk_init_ctx;
-+ if (options->opt_private) {
-+ ctx->password = options->opt_private->password;
-+ ctx->key_proc = options->opt_private->key_proc;
-+ ctx->req_pac = options->opt_private->req_pac;
-+ ctx->pk_init_ctx = options->opt_private->pk_init_ctx;
- } else
- ctx->req_pac = KRB5_PA_PAC_DONT_CARE;
-
-@@ -1458,8 +1458,8 @@ krb5_get_init_creds_password(krb5_contex
- return ret;
-
- if (password == NULL &&
-- options->private->password == NULL &&
-- options->private->pk_init_ctx == NULL)
-+ options->opt_private->password == NULL &&
-+ options->opt_private->pk_init_ctx == NULL)
- {
- krb5_prompt prompt;
- krb5_data password_data;
-@@ -1487,7 +1487,7 @@ krb5_get_init_creds_password(krb5_contex
- password = password_data.data;
- }
-
-- if (options->private->password == NULL) {
-+ if (options->opt_private->password == NULL) {
- ret = krb5_get_init_creds_opt_set_pa_password(context, options,
- password, NULL);
- if (ret) {
diff --git a/security/heimdal/patches/patch-aj b/security/heimdal/patches/patch-aj
deleted file mode 100644
index 19da1a78378..00000000000
--- a/security/heimdal/patches/patch-aj
+++ /dev/null
@@ -1,71 +0,0 @@
-$NetBSD: patch-aj,v 1.1 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/pkinit.c.orig 2005-09-09 08:12:14.000000000 -0400
-+++ lib/krb5/pkinit.c
-@@ -2469,9 +2469,9 @@ _krb5_get_init_creds_opt_free_pkinit(krb
- #ifdef PKINIT
- krb5_pk_init_ctx ctx;
-
-- if (opt->private == NULL || opt->private->pk_init_ctx == NULL)
-+ if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL)
- return;
-- ctx = opt->private->pk_init_ctx;
-+ ctx = opt->opt_private->pk_init_ctx;
- if (ctx->dh)
- DH_free(ctx->dh);
- ctx->dh = NULL;
-@@ -2490,7 +2490,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb
- free(ctx->id);
- ctx->id = NULL;
- }
-- opt->private->pk_init_ctx = NULL;
-+ opt->opt_private->pk_init_ctx = NULL;
- #endif
- }
-
-@@ -2508,28 +2508,28 @@ krb5_get_init_creds_opt_set_pkinit(krb5_
- #ifdef PKINIT
- krb5_error_code ret;
-
-- if (opt->private == NULL) {
-+ if (opt->opt_private == NULL) {
- krb5_set_error_string(context, "PKINIT: on non extendable opt");
- return EINVAL;
- }
-
-- opt->private->pk_init_ctx = malloc(sizeof(*opt->private->pk_init_ctx));
-- if (opt->private->pk_init_ctx == NULL) {
-+ opt->opt_private->pk_init_ctx = malloc(sizeof(*opt->opt_private->pk_init_ctx));
-+ if (opt->opt_private->pk_init_ctx == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
-- opt->private->pk_init_ctx->dh = NULL;
-- opt->private->pk_init_ctx->id = NULL;
-+ opt->opt_private->pk_init_ctx->dh = NULL;
-+ opt->opt_private->pk_init_ctx->id = NULL;
- ret = _krb5_pk_load_openssl_id(context,
-- &opt->private->pk_init_ctx->id,
-+ &opt->opt_private->pk_init_ctx->id,
- user_id,
- x509_anchors,
- prompter,
- prompter_data,
- password);
- if (ret) {
-- free(opt->private->pk_init_ctx);
-- opt->private->pk_init_ctx = NULL;
-+ free(opt->opt_private->pk_init_ctx);
-+ opt->opt_private->pk_init_ctx = NULL;
- }
-
- /* XXX */
-@@ -2556,7 +2556,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_
- _krb5_get_init_creds_opt_free_pkinit(opt);
- return ENOMEM;
- }
-- opt->private->pk_init_ctx->dh = dh;
-+ opt->opt_private->pk_init_ctx->dh = dh;
- if (!BN_hex2bn(&dh->p, P)) {
- _krb5_get_init_creds_opt_free_pkinit(opt);
- return ENOMEM;
diff --git a/security/heimdal/patches/patch-ak b/security/heimdal/patches/patch-ak
deleted file mode 100644
index 319ce83d4bb..00000000000
--- a/security/heimdal/patches/patch-ak
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-ak,v 1.2 2005/10/29 21:05:28 tonio Exp $
-
---- kcm/connect.c.orig 2005-10-29 17:36:00.000000000 +0200
-+++ kcm/connect.c
-@@ -32,4 +32,9 @@
- */
-
-+#if defined(__DragonFly__) || defined(__APPLE__)
-+#include <sys/param.h>
-+#include <sys/ucred.h>
-+#endif
-+
- #include "kcm_locl.h"
-