Changes 1.10.5:

This is a bugfix release. The krb5-1.10 release series is in maintenance, and for new deployments, installers should prefer the krb5-1.11 release series or later.
* Fix KDC null pointer dereference in TGS-REQ handling [CVE-2013-1416]
* Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load.

3 files changed, 6 insertions, 35 deletions

diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index c3e372c0010..90051336734 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.68 2013/04/23 22:09:44 tez Exp $
+# $NetBSD: Makefile,v 1.69 2013/05/09 08:40:05 adam Exp $
 
-DISTNAME=	krb5-1.10.4
-PKGREVISION=	1
+DISTNAME=	krb5-1.10.5
 PKGNAME=	mit-${DISTNAME}
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index 686404755f6..6f0e67c2cd9 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.41 2013/04/23 22:09:44 tez Exp $
+$NetBSD: distinfo,v 1.42 2013/05/09 08:40:05 adam Exp $
 
-SHA1 (krb5-1.10.4-signed.tar) = 2b4a0743b95b09cb433d25909e599de27c352f10
-RMD160 (krb5-1.10.4-signed.tar) = 1dbf18f1a02744941ebde3b1db93b2e63e59afcd
-Size (krb5-1.10.4-signed.tar) = 11632640 bytes
+SHA1 (krb5-1.10.5-signed.tar) = 5c94637ee2355dc0e032abadec4ad207d0f04022
+RMD160 (krb5-1.10.5-signed.tar) = 4800d2da6cf68dacf3e116a29f443010220f3237
+Size (krb5-1.10.5-signed.tar) = 11632640 bytes
 SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d
 SHA1 (patch-ad) = b56a7218007560470179dd811c84b8c690c966ac
 SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd
@@ -19,6 +19,5 @@ SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970
 SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b
 SHA1 (patch-ck) = 37bfef80329f8ae0fb35c35e70032a0040ba5591
 SHA1 (patch-kadmin_dbutil_dump.c) = 4b49c116dbed9e6be4a0bf0a731c3ae82808d82e
-SHA1 (patch-kdc_do_tgs_req.c) = a7c89338eab17f98c5e2b5d426b3696cc9b4b081
 SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7
 SHA1 (patch-util_k5ev_verto-k5ev.c) = 79a2be64fa4f9b0dc3a333271e8a3ff7944e5c18
diff --git a/security/mit-krb5/patches/patch-kdc_do_tgs_req.c b/security/mit-krb5/patches/patch-kdc_do_tgs_req.c
deleted file mode 100644
index a3fa5abff2f..00000000000
--- a/security/mit-krb5/patches/patch-kdc_do_tgs_req.c
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-kdc_do_tgs_req.c,v 1.1 2013/04/23 22:09:44 tez Exp $
-
-Fix for CVE-2013-1416 from:
- http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
-
---- kdc/do_tgs_req.c.orig	2013-04-17 20:50:13.528009200 +0000
-+++ kdc/do_tgs_req.c
-@@ -1141,7 +1141,8 @@ prep_reprocess_req(krb5_kdc_req *request
-             retval = ENOMEM;
-             goto cleanup;
-         }
--        strlcpy(comp1_str,comp1->data,comp1->length+1);
-+        if (comp1->data != NULL)
-+	    memcpy(comp1_str, comp1->data, comp1->length);
- 
-         if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST ||
-              krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_INST ||
-@@ -1164,7 +1165,8 @@ prep_reprocess_req(krb5_kdc_req *request
-                 retval = ENOMEM;
-                 goto cleanup;
-             }
--            strlcpy(temp_buf, comp2->data,comp2->length+1);
-+            if (comp2->data != NULL)
-+		memcpy(temp_buf, comp2->data, comp2->length);
-             retval = krb5int_get_domain_realm_mapping(kdc_context, temp_buf, &realms);
-             free(temp_buf);
-             if (retval) {