[pkgsrc/trunk]: pkgsrc/security/mit-krb5 fix CVE-2010-1321 (MITKRB5-SA-2010-0...

[tez <tez%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/71c09da8cd7c
branches:  trunk
changeset: 575744:71c09da8cd7c
user:      tez <tez%pkgsrc.org@localhost>
date:      Thu May 20 14:21:23 2010 +0000

description:
fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership

diffstat:

 security/mit-krb5/Makefile         |   6 +++---
 security/mit-krb5/distinfo         |   3 ++-
 security/mit-krb5/patches/patch-bx |  19 +++++++++++++++++++
 3 files changed, 24 insertions(+), 4 deletions(-)

diffs (58 lines):

diff -r e0f7970c9228 -r 71c09da8cd7c security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile        Thu May 20 13:31:38 2010 +0000
+++ b/security/mit-krb5/Makefile        Thu May 20 14:21:23 2010 +0000
@@ -1,14 +1,14 @@
-# $NetBSD: Makefile,v 1.48 2010/03/26 21:44:59 joerg Exp $
+# $NetBSD: Makefile,v 1.49 2010/05/20 14:21:23 tez Exp $
 
 DISTNAME=      krb5-1.4.2
 PKGNAME=       mit-${DISTNAME:S/-signed$//}
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    security
 MASTER_SITES=  http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=     ${DISTNAME}-signed${EXTRACT_SUFX}
 EXTRACT_SUFX=  .tar
 
-MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+MAINTAINER=    tez%NetBSD.org@localhost
 HOMEPAGE=      http://web.mit.edu/kerberos/www/
 COMMENT=       MIT Kerberos 5 authentication system
 
diff -r e0f7970c9228 -r 71c09da8cd7c security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo        Thu May 20 13:31:38 2010 +0000
+++ b/security/mit-krb5/distinfo        Thu May 20 14:21:23 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2010/03/26 21:44:59 joerg Exp $
+$NetBSD: distinfo,v 1.25 2010/05/20 14:21:23 tez Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -52,3 +52,4 @@
 SHA1 (patch-bu) = bf0688bd703c3dcfa27934e0a6bc43230251512e
 SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00
 SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9
+SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24
diff -r e0f7970c9228 -r 71c09da8cd7c security/mit-krb5/patches/patch-bx
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bx        Thu May 20 14:21:23 2010 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-bx,v 1.1 2010/05/20 14:21:23 tez Exp $
+fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
+
+--- lib/gssapi/krb5/accept_sec_context.c.orig  2010-05-20 07:13:48.258046700 -0500
++++ lib/gssapi/krb5/accept_sec_context.c       2010-05-20 07:16:20.228175200 -0500
+@@ -423,6 +423,13 @@
+    }
+ #endif
+ 
++   if (authdat->checksum == NULL) {
++      /* missing checksum counts as "inappropriate type" */
++      code = KRB5KRB_AP_ERR_INAPP_CKSUM;
++      major_status = GSS_S_FAILURE;
++      goto fail;
++    }
++
+    {
+        /* gss krb5 v1 */
+