diff options
author | jlam <jlam@pkgsrc.org> | 2005-09-22 19:45:42 +0000 |
---|---|---|
committer | jlam <jlam@pkgsrc.org> | 2005-09-22 19:45:42 +0000 |
commit | 597b79e6497720089fd89c5f628c6743021b246b (patch) | |
tree | 3eb778ebd392480ce22b4423ba6aa4dfcf0d9267 /security | |
parent | a9eae300b48863c0ec3feb5bfe9307465cbdbf13 (diff) | |
download | pkgsrc-597b79e6497720089fd89c5f628c6743021b246b.tar.gz |
Update security/mit-krb5 to version 1.4.2 Changes from version 1.4
include:
* Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow.
* Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free.
Diffstat (limited to 'security')
-rw-r--r-- | security/mit-krb5/Makefile | 4 | ||||
-rw-r--r-- | security/mit-krb5/distinfo | 13 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-ad | 16 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-ag | 6 | ||||
-rw-r--r-- | security/mit-krb5/patches/patch-al | 96 |
5 files changed, 19 insertions, 116 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index c61098fb911..b0ec052e6c7 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.28 2005/07/15 18:27:53 jlam Exp $ +# $NetBSD: Makefile,v 1.29 2005/09/22 19:45:42 jlam Exp $ -DISTNAME= krb5-1.4 +DISTNAME= krb5-1.4.2 PKGNAME= mit-${DISTNAME:S/-signed$//} PKGREVISION= 2 CATEGORIES= security diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 3ad292b8daf..82c5864b4c7 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,16 +1,15 @@ -$NetBSD: distinfo,v 1.10 2005/04/10 07:46:50 jlam Exp $ +$NetBSD: distinfo,v 1.11 2005/09/22 19:45:42 jlam Exp $ -SHA1 (krb5-1.4-signed.tar) = fa354aaaeb5ac5039653ebd249b1e3f9273a7a29 -RMD160 (krb5-1.4-signed.tar) = 0231e55c56f3d6d20aee3ca1bcb77b0eeaeabaae -Size (krb5-1.4-signed.tar) = 6625280 bytes +SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 +RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f +Size (krb5-1.4.2-signed.tar) = 6696960 bytes SHA1 (patch-aa) = 17e0934ea2ef21b3457fba54cf3d1c36de2da479 SHA1 (patch-ab) = 8d6904b80e8576085acbaa3ac0cd17824c7b301d SHA1 (patch-ac) = d0777e6005cd1249c7c6406068973f6959d11302 -SHA1 (patch-ad) = 02d4b5b4a54f18d27ef73394dc7cb9cdcd791b25 +SHA1 (patch-ad) = 7b17ffcd14cdedeb0ddfb606802a156589995c1b SHA1 (patch-ae) = fc6d5e11cd827cdfbe1bfc3a3c7ca9f5a71c17d7 SHA1 (patch-af) = c9631743e3c93aee2aab5c8a370e9bebfc4084e5 -SHA1 (patch-ag) = 52a794b5fa0d1573bb2c9e7c4d233212d767d0e0 +SHA1 (patch-ag) = 761af3633fa5bd06e436f42d5f45fae4a2b02796 SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675 SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218 -SHA1 (patch-al) = dbfae9ee81ba7b0367bc874fe60d1c256f8c5cf1 diff --git a/security/mit-krb5/patches/patch-ad b/security/mit-krb5/patches/patch-ad index 1fedc253cec..3f70e264925 100644 --- a/security/mit-krb5/patches/patch-ad +++ b/security/mit-krb5/patches/patch-ad @@ -1,6 +1,6 @@ -$NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-ad,v 1.3 2005/09/22 19:45:42 jlam Exp $ ---- config/lib.in.orig 2004-09-22 20:25:29.000000000 -0400 +--- config/lib.in.orig 2005-04-07 17:38:51.000000000 -0400 +++ config/lib.in @@ -26,8 +26,9 @@ # STOBJLISTS=dir1/OBJS.ST dir2/OBJS.ST etc... @@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ # Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files PARSE_OBJLISTS= set -x && $(PERL) -p -e '$$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;' -@@ -65,6 +66,17 @@ lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS) +@@ -90,6 +91,17 @@ lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS) set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist $(RANLIB) $@ @@ -31,7 +31,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ $(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT): lib$(LIBBASE)$(STLIBEXT) $(RM) $@ (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(STLIBEXT) .) -@@ -80,6 +92,9 @@ $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT): li +@@ -105,6 +117,9 @@ $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT): li $(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT): lib$(LIBBASE)$(PFLIBEXT) $(RM) $@ (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(PFLIBEXT) .) @@ -41,7 +41,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ all-libs: $(LIBLIST) all-liblinks: $(LIBLINKS) -@@ -90,6 +105,7 @@ clean-libs: +@@ -115,6 +130,7 @@ clean-libs: $(RM) lib$(LIBBASE)$(SHLIBSEXT) $(RM) lib$(LIBBASE)$(SHLIBEXT) $(RM) lib$(LIBBASE)$(PFLIBEXT) @@ -49,7 +49,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ $(RM) binutils.versions osf1.exports clean-liblinks: -@@ -98,6 +114,7 @@ clean-liblinks: +@@ -123,6 +139,7 @@ clean-liblinks: $(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT) $(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(RM) $(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT) @@ -57,7 +57,7 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ install-libs: $(LIBINSTLIST) install-static: -@@ -118,6 +135,9 @@ install-profiled: +@@ -143,6 +160,9 @@ install-profiled: $(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT) $(INSTALL_DATA) lib$(LIBBASE)$(PFLIBEXT) $(DESTDIR)$(KRB5_LIBDIR) $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT) @@ -66,4 +66,4 @@ $NetBSD: patch-ad,v 1.2 2005/04/10 07:15:25 jlam Exp $ + $(LIBTOOL) --mode=install $(INSTALL_DATA) lib$(LIBBASE)$(LALIBEXT) $(DESTDIR)$(KRB5_LIBDIR) Makefile: $(SRCTOP)/config/lib.in - config.status: $(SRCTOP)/config/shlib.conf + $(thisconfigdir)/config.status: $(SRCTOP)/config/shlib.conf diff --git a/security/mit-krb5/patches/patch-ag b/security/mit-krb5/patches/patch-ag index 1a70388bf1a..4a91bcc1cd8 100644 --- a/security/mit-krb5/patches/patch-ag +++ b/security/mit-krb5/patches/patch-ag @@ -1,6 +1,6 @@ -$NetBSD: patch-ag,v 1.3 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-ag,v 1.4 2005/09/22 19:45:42 jlam Exp $ ---- config/shlib.conf.orig 2004-12-17 21:28:02.000000000 -0500 +--- config/shlib.conf.orig 2005-04-07 17:38:51.000000000 -0400 +++ config/shlib.conf @@ -8,6 +8,7 @@ SHLIBVEXT=.so.v-nobuild SHLIBSEXT=.so.s-nobuild @@ -18,7 +18,7 @@ $NetBSD: patch-ag,v 1.3 2005/04/10 07:15:25 jlam Exp $ # Default for systems w/o shared libraries CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' # -@@ -377,3 +379,8 @@ if test "${MAKE_SHLIB_COMMAND}" = "x" ; +@@ -395,3 +397,8 @@ if test "${MAKE_SHLIB_COMMAND}" = "x" ; MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) ${LDCOMBINE_TAIL}" fi fi diff --git a/security/mit-krb5/patches/patch-al b/security/mit-krb5/patches/patch-al deleted file mode 100644 index ed9e1ca7a72..00000000000 --- a/security/mit-krb5/patches/patch-al +++ /dev/null @@ -1,96 +0,0 @@ -$NetBSD: patch-al,v 1.1 2005/04/10 07:46:50 jlam Exp $ - -Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt -which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating -to buffer overflows in the telnet client. - -*** appl/telnet/telnet/telnet.c 15 Nov 2002 20:21:35 -0000 5.18 ---- appl/telnet/telnet/telnet.c 15 Mar 2005 18:59:32 -0000 -*************** -*** 1475,1480 **** ---- 1475,1482 ---- - unsigned char flags; - cc_t value; - { -+ if ((slc_replyp - slc_reply) + 6 > sizeof(slc_reply)) -+ return; - if ((*slc_replyp++ = func) == IAC) - *slc_replyp++ = IAC; - if ((*slc_replyp++ = flags) == IAC) -*************** -*** 1488,1498 **** - { - register int len; - -- *slc_replyp++ = IAC; -- *slc_replyp++ = SE; - len = slc_replyp - slc_reply; -! if (len <= 6) - return; - if (NETROOM() > len) { - ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply); - printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2); ---- 1490,1501 ---- - { - register int len; - - len = slc_replyp - slc_reply; -! if (len <= 4 || (len + 2 > sizeof(slc_reply))) - return; -+ *slc_replyp++ = IAC; -+ *slc_replyp++ = SE; -+ len += 2; - if (NETROOM() > len) { - ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply); - printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2); -*************** -*** 1645,1650 **** ---- 1648,1654 ---- - register unsigned char *ep; - { - register unsigned char *vp, c; -+ unsigned int len, olen, elen; - - if (opt_reply == NULL) /*XXX*/ - return; /*XXX*/ -*************** -*** 1662,1680 **** - return; - } - vp = env_getvalue(ep); -! if (opt_replyp + (vp ? strlen((char *)vp) : 0) + -! strlen((char *)ep) + 6 > opt_replyend) - { -! register unsigned int len; -! opt_replyend += OPT_REPLY_SIZE; -! len = opt_replyend - opt_reply; - opt_reply = (unsigned char *)realloc(opt_reply, len); - if (opt_reply == NULL) { - /*@*/ printf("env_opt_add: realloc() failed!!!\n"); - opt_reply = opt_replyp = opt_replyend = NULL; - return; - } -! opt_replyp = opt_reply + len - (opt_replyend - opt_replyp); - opt_replyend = opt_reply + len; - } - if (opt_welldefined((char *) ep)) ---- 1666,1684 ---- - return; - } - vp = env_getvalue(ep); -! elen = 2 * (vp ? strlen((char *)vp) : 0) + -! 2 * strlen((char *)ep) + 6; -! if ((opt_replyend - opt_replyp) < elen) - { -! len = opt_replyend - opt_reply + elen; -! olen = opt_replyp - opt_reply; - opt_reply = (unsigned char *)realloc(opt_reply, len); - if (opt_reply == NULL) { - /*@*/ printf("env_opt_add: realloc() failed!!!\n"); - opt_reply = opt_replyp = opt_replyend = NULL; - return; - } -! opt_replyp = opt_reply + olen; - opt_replyend = opt_reply + len; - } - if (opt_welldefined((char *) ep)) |