summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authortez <tez@pkgsrc.org>2010-05-20 14:21:23 +0000
committertez <tez@pkgsrc.org>2010-05-20 14:21:23 +0000
commit8f97c4caf25280bedf52e1fbbbcc59cda69a0fb4 (patch)
tree6e67e624921f60cd81d5be9023154794fe925488 /security
parentbfa9636043d0c22e9287eefcfa19030a73517a19 (diff)
downloadpkgsrc-8f97c4caf25280bedf52e1fbbbcc59cda69a0fb4.tar.gz
fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership
Diffstat (limited to 'security')
-rw-r--r--security/mit-krb5/Makefile6
-rw-r--r--security/mit-krb5/distinfo3
-rw-r--r--security/mit-krb5/patches/patch-bx19
3 files changed, 24 insertions, 4 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index 704c63cfee4..bf8a31d7849 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,14 +1,14 @@
-# $NetBSD: Makefile,v 1.48 2010/03/26 21:44:59 joerg Exp $
+# $NetBSD: Makefile,v 1.49 2010/05/20 14:21:23 tez Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 9
+PKGREVISION= 10
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
EXTRACT_SUFX= .tar
-MAINTAINER= pkgsrc-users@NetBSD.org
+MAINTAINER= tez@NetBSD.org
HOMEPAGE= http://web.mit.edu/kerberos/www/
COMMENT= MIT Kerberos 5 authentication system
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index a2a7f43f68a..8b130601106 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2010/03/26 21:44:59 joerg Exp $
+$NetBSD: distinfo,v 1.25 2010/05/20 14:21:23 tez Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -52,3 +52,4 @@ SHA1 (patch-bt) = 1398369698cc9c029957723c25dbdf53754cf373
SHA1 (patch-bu) = bf0688bd703c3dcfa27934e0a6bc43230251512e
SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00
SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9
+SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24
diff --git a/security/mit-krb5/patches/patch-bx b/security/mit-krb5/patches/patch-bx
new file mode 100644
index 00000000000..85eed7a746d
--- /dev/null
+++ b/security/mit-krb5/patches/patch-bx
@@ -0,0 +1,19 @@
+$NetBSD: patch-bx,v 1.1 2010/05/20 14:21:23 tez Exp $
+fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
+
+--- lib/gssapi/krb5/accept_sec_context.c.orig 2010-05-20 07:13:48.258046700 -0500
++++ lib/gssapi/krb5/accept_sec_context.c 2010-05-20 07:16:20.228175200 -0500
+@@ -423,6 +423,13 @@
+ }
+ #endif
+
++ if (authdat->checksum == NULL) {
++ /* missing checksum counts as "inappropriate type" */
++ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
++ major_status = GSS_S_FAILURE;
++ goto fail;
++ }
++
+ {
+ /* gss krb5 v1 */
+