summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/heimdal/Makefile4
-rw-r--r--security/heimdal/distinfo7
-rw-r--r--security/heimdal/patches/patch-am25
-rw-r--r--security/heimdal/patches/patch-an145
-rw-r--r--security/heimdal/patches/patch-ao44
-rw-r--r--security/heimdal/patches/patch-ap16
-rw-r--r--security/heimdal/patches/patch-aq16
7 files changed, 254 insertions, 3 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 0ba7288631c..f775ba9156a 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.61 2006/07/05 04:39:14 jlam Exp $
+# $NetBSD: Makefile,v 1.62 2006/08/09 17:58:09 salo Exp $
DISTNAME= heimdal-0.7.2
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/
diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
index 6a76dc9b8d5..1b6df19420f 100644
--- a/security/heimdal/distinfo
+++ b/security/heimdal/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2006/07/05 04:39:14 jlam Exp $
+$NetBSD: distinfo,v 1.21 2006/08/09 17:58:09 salo Exp $
SHA1 (heimdal-0.7.2.tar.gz) = a902e6ad7c31d940b588dc0235b348936f0d719d
RMD160 (heimdal-0.7.2.tar.gz) = 0f028a9d5a6a66e8efc0397e4d8c8adc2183b409
@@ -6,3 +6,8 @@ Size (heimdal-0.7.2.tar.gz) = 4525734 bytes
SHA1 (patch-ac) = 313c0a1f91e4f9546ae906f981adae0d499dd9cf
SHA1 (patch-ad) = a7cfc038e76f8c3da38f8eb0ee48a7f8c7a9c7df
SHA1 (patch-al) = 6035ef920b1a005902ae021b307fc4c3efc77449
+SHA1 (patch-am) = 538c0c3bb8806bdd3691d490ea4ceafc7acc0ca7
+SHA1 (patch-an) = 2f414a50520a345f3c875220d2b001516933fbac
+SHA1 (patch-ao) = 7401ad7a47ed8541663193f71bd52feafeeeb045
+SHA1 (patch-ap) = 4c28d64ecf1c55d7eb02d0be1cf3efeff81339c6
+SHA1 (patch-aq) = 3ac32c49d5880813998b5bfe8c474fbb87218cba
diff --git a/security/heimdal/patches/patch-am b/security/heimdal/patches/patch-am
new file mode 100644
index 00000000000..b55e4f44837
--- /dev/null
+++ b/security/heimdal/patches/patch-am
@@ -0,0 +1,25 @@
+$NetBSD: patch-am,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/dceutils/k5dcecon.c.orig 2002-08-09 15:19:41.000000000 +0200
++++ appl/dceutils/k5dcecon.c 2006-08-09 19:42:15.000000000 +0200
+@@ -71,7 +71,7 @@
+ #endif
+
+ #ifdef __hpux
+-#define seteuid(A) setresuid(-1,A,-1);
++#define seteuid(A) setresuid(-1,A,-1)
+ #endif
+
+
+@@ -549,7 +549,8 @@ int k5dcecreate(luid, luser, pname, krbt
+ */
+
+ if (uid == 0) {
+- seteuid(luid);
++ if (seteuid(luid) < 0)
++ goto abort;
+ }
+
+ cp = strchr(pname,'@');
diff --git a/security/heimdal/patches/patch-an b/security/heimdal/patches/patch-an
new file mode 100644
index 00000000000..78879014233
--- /dev/null
+++ b/security/heimdal/patches/patch-an
@@ -0,0 +1,145 @@
+$NetBSD: patch-an,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/ftp/ftpd/ftpd.c.orig 2005-06-02 12:41:28.000000000 +0200
++++ appl/ftp/ftpd/ftpd.c 2006-08-09 19:42:15.000000000 +0200
+@@ -138,9 +138,9 @@ static int handleoobcmd(void);
+ static int checkuser (char *, char *);
+ static int checkaccess (char *);
+ static FILE *dataconn (const char *, off_t, const char *);
+-static void dolog (struct sockaddr *sa, int len);
++static void dolog (struct sockaddr *, int);
+ static void end_login (void);
+-static FILE *getdatasock (const char *);
++static FILE *getdatasock (const char *, int);
+ static char *gunique (char *);
+ static RETSIGTYPE lostconn (int);
+ static int receive_data (FILE *, FILE *);
+@@ -835,7 +835,8 @@ static void
+ end_login(void)
+ {
+
+- seteuid((uid_t)0);
++ if (seteuid((uid_t)0) < 0)
++ fatal("Failed to seteuid");
+ if (logged_in)
+ ftpd_logwtmp(ttyline, "", "");
+ pw = NULL;
+@@ -1208,14 +1209,15 @@ done:
+ }
+
+ static FILE *
+-getdatasock(const char *mode)
++getdatasock(const char *mode, int domain)
+ {
+ int s, t, tries;
+
+ if (data >= 0)
+ return (fdopen(data, mode));
+- seteuid(0);
+- s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
++ if (seteuid(0) < 0)
++ fatal("Failed to seteuid");
++ s = socket(domain, SOCK_STREAM, 0);
+ if (s < 0)
+ goto bad;
+ socket_set_reuseaddr (s, 1);
+@@ -1232,7 +1234,8 @@ getdatasock(const char *mode)
+ goto bad;
+ sleep(tries);
+ }
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ #ifdef IPTOS_THROUGHPUT
+ socket_set_tos (s, IPTOS_THROUGHPUT);
+ #endif
+@@ -1240,7 +1243,8 @@ getdatasock(const char *mode)
+ bad:
+ /* Return the real value of errno (close may change it) */
+ t = errno;
+- seteuid((uid_t)pw->pw_uid);
++ if (seteuid((uid_t)pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ close(s);
+ errno = t;
+ return (NULL);
+@@ -1271,7 +1275,7 @@ dataconn(const char *name, off_t size, c
+ {
+ char sizebuf[32];
+ FILE *file;
+- int retry = 0;
++ int domain, retry = 0;
+
+ file_size = size;
+ byte_count = 0;
+@@ -1318,7 +1322,15 @@ dataconn(const char *name, off_t size, c
+ if (usedefault)
+ data_dest = his_addr;
+ usedefault = 1;
+- file = getdatasock(mode);
++ /*
++ * Default to using the same socket type as the ctrl address,
++ * unless we know the type of the data address.
++ */
++ domain = data_dest->sa_family;
++ if (domain == PF_UNSPEC)
++ domain = ctrl_addr->sa_family;
++
++ file = getdatasock(mode, domain);
+ if (file == NULL) {
+ char data_addr[256];
+
+@@ -1889,11 +1901,11 @@ dologout(int status)
+ transflag = 0;
+ urgflag = 0;
+ if (logged_in) {
+- seteuid((uid_t)0);
+- ftpd_logwtmp(ttyline, "", "");
+ #ifdef KRB4
+ cond_kdestroy();
+ #endif
++ seteuid((uid_t)0); /* No need to check, we call exit() below */
++ ftpd_logwtmp(ttyline, "", "");
+ }
+ /* beware of flushing buffers after a SIGPIPE */
+ #ifdef XXX
+@@ -2006,12 +2018,15 @@ pasv(void)
+ 0);
+ socket_set_portrange(pdata, restricted_data_ports,
+ pasv_addr->sa_family);
+- seteuid(0);
++ if (seteuid(0) < 0)
++ fatal("Failed to seteuid");
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ goto pasv_error;
+ }
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ len = sizeof(pasv_addr_ss);
+ if (getsockname(pdata, pasv_addr, &len) < 0)
+ goto pasv_error;
+@@ -2050,12 +2065,15 @@ epsv(char *proto)
+ 0);
+ socket_set_portrange(pdata, restricted_data_ports,
+ pasv_addr->sa_family);
+- seteuid(0);
++ if (seteuid(0) < 0)
++ fatal("Failed to seteuid");
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid))
++ fatal("Failed to seteuid");
+ goto pasv_error;
+ }
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ len = sizeof(pasv_addr_ss);
+ if (getsockname(pdata, pasv_addr, &len) < 0)
+ goto pasv_error;
diff --git a/security/heimdal/patches/patch-ao b/security/heimdal/patches/patch-ao
new file mode 100644
index 00000000000..342e457a8f8
--- /dev/null
+++ b/security/heimdal/patches/patch-ao
@@ -0,0 +1,44 @@
+$NetBSD: patch-ao,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/rcp/rcp.c.orig 2005-05-11 13:04:30.000000000 +0200
++++ appl/rcp/rcp.c 2006-08-09 19:42:15.000000000 +0200
+@@ -119,13 +119,15 @@ main(int argc, char **argv)
+
+ if (fflag) { /* Follow "protocol", send data. */
+ response();
+- setuid(userid);
++ if (setuid(userid) < 0)
++ errx(1, "setuid failed");
+ source(argc, argv);
+ exit(errs);
+ }
+
+ if (tflag) { /* Receive data. */
+- setuid(userid);
++ if (setuid(userid) < 0)
++ errx(1, "setuid failed");
+ sink(argc, argv);
+ exit(errs);
+ }
+@@ -221,7 +223,8 @@ toremote(char *targ, int argc, char **ar
+ if (response() < 0)
+ exit(1);
+ free(bp);
+- setuid(userid);
++ if (setuid(userid) < 0)
++ errx(1, "setuid failed");
+ }
+ source(1, argv+i);
+ }
+@@ -270,7 +273,8 @@ tolocal(int argc, char **argv)
+ }
+ free(bp);
+ sink(1, argv + argc - 1);
+- seteuid(0);
++ if (seteuid(0) < 0)
++ exit(1);
+ close(remin);
+ remin = remout = -1;
+ }
diff --git a/security/heimdal/patches/patch-ap b/security/heimdal/patches/patch-ap
new file mode 100644
index 00000000000..0cf6ab9a525
--- /dev/null
+++ b/security/heimdal/patches/patch-ap
@@ -0,0 +1,16 @@
+$NetBSD: patch-ap,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/rcp/util.c.orig 2005-04-18 09:52:58.000000000 +0200
++++ appl/rcp/util.c 2006-08-09 19:42:15.000000000 +0200
+@@ -112,7 +112,8 @@ susystem(s, userid)
+ return (127);
+
+ case 0:
+- (void)setuid(userid);
++ if (setuid(userid) < 0)
++ _exit(127);
+ execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit(127);
+ }
diff --git a/security/heimdal/patches/patch-aq b/security/heimdal/patches/patch-aq
new file mode 100644
index 00000000000..eeb146f1426
--- /dev/null
+++ b/security/heimdal/patches/patch-aq
@@ -0,0 +1,16 @@
+$NetBSD: patch-aq,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- lib/roken/iruserok.c.orig 2005-04-12 13:28:54.000000000 +0200
++++ lib/roken/iruserok.c 2006-08-09 19:42:15.000000000 +0200
+@@ -250,7 +250,8 @@ again:
+ * are protected read/write owner only.
+ */
+ uid = geteuid();
+- seteuid(pwd->pw_uid);
++ if (seteuid(pwd->pw_uid) < 0)
++ return (-1);
+ hostf = fopen(pbuf, "r");
+ seteuid(uid);
+