summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2005-09-22 19:45:42 +0000
committerjlam <jlam@pkgsrc.org>2005-09-22 19:45:42 +0000
commit597b79e6497720089fd89c5f628c6743021b246b (patch)
tree3eb778ebd392480ce22b4423ba6aa4dfcf0d9267 /security
parenta9eae300b48863c0ec3feb5bfe9307465cbdbf13 (diff)
downloadpkgsrc-597b79e6497720089fd89c5f628c6743021b246b.tar.gz
Update security/mit-krb5 to version 1.4.2 Changes from version 1.4
include: * Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow. * Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free.
Diffstat (limited to 'security')
-rw-r--r--security/mit-krb5/Makefile4
-rw-r--r--security/mit-krb5/distinfo13
-rw-r--r--security/mit-krb5/patches/patch-ad16
-rw-r--r--security/mit-krb5/patches/patch-ag6
-rw-r--r--security/mit-krb5/patches/patch-al96
5 files changed, 19 insertions, 116 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index c61098fb911..b0ec052e6c7 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.28 2005/07/15 18:27:53 jlam Exp $
+# $NetBSD: Makefile,v 1.29 2005/09/22 19:45:42 jlam Exp $
-DISTNAME= krb5-1.4
+DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
PKGREVISION= 2
CATEGORIES= security
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 3ad292b8daf..82c5864b4c7 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,16 +1,15 @@
-$NetBSD: distinfo,v 1.10 2005/04/10 07:46:50 jlam Exp $
+$NetBSD: distinfo,v 1.11 2005/09/22 19:45:42 jlam Exp $
-SHA1 (krb5-1.4-signed.tar) = fa354aaaeb5ac5039653ebd249b1e3f9273a7a29
-RMD160 (krb5-1.4-signed.tar) = 0231e55c56f3d6d20aee3ca1bcb77b0eeaeabaae
-Size (krb5-1.4-signed.tar) = 6625280 bytes
+SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
+RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
+Size (krb5-1.4.2-signed.tar) = 6696960 bytes
SHA1 (patch-aa) = 17e0934ea2ef21b3457fba54cf3d1c36de2da479
SHA1 (patch-ab) = 8d6904b80e8576085acbaa3ac0cd17824c7b301d
SHA1 (patch-ac) = d0777e6005cd1249c7c6406068973f6959d11302
-SHA1 (patch-ad) = 02d4b5b4a54f18d27ef73394dc7cb9cdcd791b25
+SHA1 (patch-ad) = 7b17ffcd14cdedeb0ddfb606802a156589995c1b
SHA1 (patch-ae) = fc6d5e11cd827cdfbe1bfc3a3c7ca9f5a71c17d7
SHA1 (patch-af) = c9631743e3c93aee2aab5c8a370e9bebfc4084e5
-SHA1 (patch-ag) = 52a794b5fa0d1573bb2c9e7c4d233212d767d0e0
+SHA1 (patch-ag) = 761af3633fa5bd06e436f42d5f45fae4a2b02796
SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f
SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675
SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218
-SHA1 (patch-al) = dbfae9ee81ba7b0367bc874fe60d1c256f8c5cf1
diff --git a/security/mit-krb5/patches/patch-ad b/security/mit-krb5/patches/patch-ad
index 1fedc253cec..3f70e264925 100644
--- a/security/mit-krb5/patches/patch-ad
+++ b/security/mit-krb5/patches/patch-ad
@@ -1,6 +1,6 @@
-$NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
+$NetBSD: patch-ad,v 1.3 2005/09/22 19:45:42 jlam Exp $
---- config/lib.in.orig 2004-09-22 20:25:29.000000000 -0400
+--- config/lib.in.orig 2005-04-07 17:38:51.000000000 -0400
+++ config/lib.in
@@ -26,8 +26,9 @@
# STOBJLISTS=dir1/OBJS.ST dir2/OBJS.ST etc...
@@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
# Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files
PARSE_OBJLISTS= set -x && $(PERL) -p -e '$$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;'
-@@ -65,6 +66,17 @@ lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS)
+@@ -90,6 +91,17 @@ lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS)
set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist
$(RANLIB) $@
@@ -31,7 +31,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT): lib$(LIBBASE)$(STLIBEXT)
$(RM) $@
(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(STLIBEXT) .)
-@@ -80,6 +92,9 @@ $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT): li
+@@ -105,6 +117,9 @@ $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT): li
$(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT): lib$(LIBBASE)$(PFLIBEXT)
$(RM) $@
(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(PFLIBEXT) .)
@@ -41,7 +41,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
all-libs: $(LIBLIST)
all-liblinks: $(LIBLINKS)
-@@ -90,6 +105,7 @@ clean-libs:
+@@ -115,6 +130,7 @@ clean-libs:
$(RM) lib$(LIBBASE)$(SHLIBSEXT)
$(RM) lib$(LIBBASE)$(SHLIBEXT)
$(RM) lib$(LIBBASE)$(PFLIBEXT)
@@ -49,7 +49,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
$(RM) binutils.versions osf1.exports
clean-liblinks:
-@@ -98,6 +114,7 @@ clean-liblinks:
+@@ -123,6 +139,7 @@ clean-liblinks:
$(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT)
$(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT)
$(RM) $(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT)
@@ -57,7 +57,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
install-libs: $(LIBINSTLIST)
install-static:
-@@ -118,6 +135,9 @@ install-profiled:
+@@ -143,6 +160,9 @@ install-profiled:
$(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT)
$(INSTALL_DATA) lib$(LIBBASE)$(PFLIBEXT) $(DESTDIR)$(KRB5_LIBDIR)
$(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT)
@@ -66,4 +66,4 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $
+ $(LIBTOOL) --mode=install $(INSTALL_DATA) lib$(LIBBASE)$(LALIBEXT) $(DESTDIR)$(KRB5_LIBDIR)
Makefile: $(SRCTOP)/config/lib.in
- config.status: $(SRCTOP)/config/shlib.conf
+ $(thisconfigdir)/config.status: $(SRCTOP)/config/shlib.conf
diff --git a/security/mit-krb5/patches/patch-ag b/security/mit-krb5/patches/patch-ag
index 1a70388bf1a..4a91bcc1cd8 100644
--- a/security/mit-krb5/patches/patch-ag
+++ b/security/mit-krb5/patches/patch-ag
@@ -1,6 +1,6 @@
-$NetBSD: patch-ag,v 1.3 2005/04/10 07:15:25 jlam Exp $
+$NetBSD: patch-ag,v 1.4 2005/09/22 19:45:42 jlam Exp $
---- config/shlib.conf.orig 2004-12-17 21:28:02.000000000 -0500
+--- config/shlib.conf.orig 2005-04-07 17:38:51.000000000 -0400
+++ config/shlib.conf
@@ -8,6 +8,7 @@ SHLIBVEXT=.so.v-nobuild
SHLIBSEXT=.so.s-nobuild
@@ -18,7 +18,7 @@ $NetBSD: patch-ag,v 1.3 2005/04/10 07:15:25 jlam Exp $
# Default for systems w/o shared libraries
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
#
-@@ -377,3 +379,8 @@ if test "${MAKE_SHLIB_COMMAND}" = "x" ;
+@@ -395,3 +397,8 @@ if test "${MAKE_SHLIB_COMMAND}" = "x" ;
MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) ${LDCOMBINE_TAIL}"
fi
fi
diff --git a/security/mit-krb5/patches/patch-al b/security/mit-krb5/patches/patch-al
deleted file mode 100644
index ed9e1ca7a72..00000000000
--- a/security/mit-krb5/patches/patch-al
+++ /dev/null
@@ -1,96 +0,0 @@
-$NetBSD: patch-al,v 1.1 2005/04/10 07:46:50 jlam Exp $
-
-Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt
-which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating
-to buffer overflows in the telnet client.
-
-*** appl/telnet/telnet/telnet.c 15 Nov 2002 20:21:35 -0000 5.18
---- appl/telnet/telnet/telnet.c 15 Mar 2005 18:59:32 -0000
-***************
-*** 1475,1480 ****
---- 1475,1482 ----
- unsigned char flags;
- cc_t value;
- {
-+ if ((slc_replyp - slc_reply) + 6 > sizeof(slc_reply))
-+ return;
- if ((*slc_replyp++ = func) == IAC)
- *slc_replyp++ = IAC;
- if ((*slc_replyp++ = flags) == IAC)
-***************
-*** 1488,1498 ****
- {
- register int len;
-
-- *slc_replyp++ = IAC;
-- *slc_replyp++ = SE;
- len = slc_replyp - slc_reply;
-! if (len <= 6)
- return;
- if (NETROOM() > len) {
- ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
- printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
---- 1490,1501 ----
- {
- register int len;
-
- len = slc_replyp - slc_reply;
-! if (len <= 4 || (len + 2 > sizeof(slc_reply)))
- return;
-+ *slc_replyp++ = IAC;
-+ *slc_replyp++ = SE;
-+ len += 2;
- if (NETROOM() > len) {
- ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
- printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
-***************
-*** 1645,1650 ****
---- 1648,1654 ----
- register unsigned char *ep;
- {
- register unsigned char *vp, c;
-+ unsigned int len, olen, elen;
-
- if (opt_reply == NULL) /*XXX*/
- return; /*XXX*/
-***************
-*** 1662,1680 ****
- return;
- }
- vp = env_getvalue(ep);
-! if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
-! strlen((char *)ep) + 6 > opt_replyend)
- {
-! register unsigned int len;
-! opt_replyend += OPT_REPLY_SIZE;
-! len = opt_replyend - opt_reply;
- opt_reply = (unsigned char *)realloc(opt_reply, len);
- if (opt_reply == NULL) {
- /*@*/ printf("env_opt_add: realloc() failed!!!\n");
- opt_reply = opt_replyp = opt_replyend = NULL;
- return;
- }
-! opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
- opt_replyend = opt_reply + len;
- }
- if (opt_welldefined((char *) ep))
---- 1666,1684 ----
- return;
- }
- vp = env_getvalue(ep);
-! elen = 2 * (vp ? strlen((char *)vp) : 0) +
-! 2 * strlen((char *)ep) + 6;
-! if ((opt_replyend - opt_replyp) < elen)
- {
-! len = opt_replyend - opt_reply + elen;
-! olen = opt_replyp - opt_reply;
- opt_reply = (unsigned char *)realloc(opt_reply, len);
- if (opt_reply == NULL) {
- /*@*/ printf("env_opt_add: realloc() failed!!!\n");
- opt_reply = opt_replyp = opt_replyend = NULL;
- return;
- }
-! opt_replyp = opt_reply + olen;
- opt_replyend = opt_reply + len;
- }
- if (opt_welldefined((char *) ep))