diff options
| -rw-r--r-- | security/mit-krb5/Makefile | 4 | ||||
| -rw-r--r-- | security/mit-krb5/distinfo | 3 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-at | 25 |
3 files changed, 29 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 58df00cbf35..a2a056fb002 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $ +# $NetBSD: Makefile,v 1.39 2007/01/17 23:43:47 salo Exp $ DISTNAME= krb5-1.4.2 PKGNAME= mit-${DISTNAME:S/-signed$//} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 8bac9094368..d747fcd8cac 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $ +$NetBSD: distinfo,v 1.16 2007/01/17 23:43:47 salo Exp $ SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f @@ -21,3 +21,4 @@ SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34 +SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c diff --git a/security/mit-krb5/patches/patch-at b/security/mit-krb5/patches/patch-at new file mode 100644 index 00000000000..02e741fbcc8 --- /dev/null +++ b/security/mit-krb5/patches/patch-at @@ -0,0 +1,25 @@ +$NetBSD: patch-at,v 1.1 2007/01/17 23:43:47 salo Exp $ + +Security fix for CVE-2006-6143. + +--- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200 ++++ lib/rpc/svc.c 2007-01-17 21:58:10.000000000 +0100 +@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds) + #endif + } + ++extern struct svc_auth_ops svc_auth_gss_ops; ++ + static void + svc_do_xprt(SVCXPRT *xprt) + { +@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt) + if ((stat = SVC_STAT(xprt)) == XPRT_DIED){ + SVC_DESTROY(xprt); + break; ++ } else if ((xprt->xp_auth != NULL) && ++ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) { ++ xprt->xp_auth = NULL; + } + } while (stat == XPRT_MOREREQS); + |