pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/mit-krb5 Add more patches, now for MITKRB5-SA...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7b8fa56e02df
branches: trunk
changeset: 543175:7b8fa56e02df
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Sat Jun 07 23:58:11 2008 +0000
description:
Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
diffstat:
security/mit-krb5/Makefile | 4 +-
security/mit-krb5/distinfo | 9 +-
security/mit-krb5/patches/patch-at | 30 +++-
security/mit-krb5/patches/patch-bh | 28 +++
security/mit-krb5/patches/patch-bi | 51 ++++++
security/mit-krb5/patches/patch-bj | 13 +
security/mit-krb5/patches/patch-bk | 283 +++++++++++++++++++++++++++++++++++++
security/mit-krb5/patches/patch-bl | 13 +
8 files changed, 421 insertions(+), 10 deletions(-)
diffs (truncated from 495 to 300 lines):
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile Sat Jun 07 23:28:35 2008 +0000
+++ b/security/mit-krb5/Makefile Sat Jun 07 23:58:11 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.42 2008/06/07 18:36:06 tonnerre Exp $
+# $NetBSD: Makefile,v 1.43 2008/06/07 23:58:11 tonnerre Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo Sat Jun 07 23:28:35 2008 +0000
+++ b/security/mit-krb5/distinfo Sat Jun 07 23:58:11 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2008/06/07 22:26:10 tonnerre Exp $
+$NetBSD: distinfo,v 1.20 2008/06/07 23:58:11 tonnerre Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -22,7 +22,7 @@
SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
-SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
+SHA1 (patch-at) = f5837580b496c454a35a3d8b955e5209074c267d
SHA1 (patch-au) = 238f497afd9ad129babc0b6c727eb23e9915536c
SHA1 (patch-av) = db0fce68f58307be4c359758f2c9b31d62ab8348
SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67
@@ -36,3 +36,8 @@
SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d
SHA1 (patch-bf) = 1e16b6cbe51a5aa07ac7c7c3c343e82bf16dcde6
SHA1 (patch-bg) = fa70e00a2eb283782c9960a2c74a879862b979c5
+SHA1 (patch-bh) = 761ca395732d3f3eac0bc1fdbec0ad65aeea8df0
+SHA1 (patch-bi) = ab91152460485ede492573ce379461e892196647
+SHA1 (patch-bj) = d0deae92b8b4d9ad671c98ccb3debd7a4216f646
+SHA1 (patch-bk) = 9bf37086a4e7661e8aacc2736d21f61db154263e
+SHA1 (patch-bl) = d1239c8c8279680a97f7c555907ac1b4ccfca6b4
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/patches/patch-at
--- a/security/mit-krb5/patches/patch-at Sat Jun 07 23:28:35 2008 +0000
+++ b/security/mit-krb5/patches/patch-at Sat Jun 07 23:58:11 2008 +0000
@@ -1,10 +1,28 @@
-$NetBSD: patch-at,v 1.1 2007/01/17 23:43:47 salo Exp $
-
-Security fix for CVE-2006-6143.
+$NetBSD: patch-at,v 1.2 2008/06/07 23:58:11 tonnerre Exp $
--- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200
-+++ lib/rpc/svc.c 2007-01-17 21:58:10.000000000 +0100
-@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds)
++++ lib/rpc/svc.c
+@@ -108,15 +108,17 @@ xprt_register(SVCXPRT *xprt)
+ if (sock < FD_SETSIZE) {
+ xports[sock] = xprt;
+ FD_SET(sock, &svc_fdset);
++ if (sock > svc_maxfd)
++ svc_maxfd = sock;
+ }
+ #else
+ if (sock < NOFILE) {
+ xports[sock] = xprt;
+ svc_fds |= (1 << sock);
++ if (sock > svc_maxfd)
++ svc_maxfd = sock;
+ }
+ #endif /* def FD_SETSIZE */
+- if (sock > svc_maxfd)
+- svc_maxfd = sock;
+ }
+
+ /*
+@@ -436,6 +438,8 @@ svc_getreqset(FDSET_TYPE *readfds)
#endif
}
@@ -13,7 +31,7 @@
static void
svc_do_xprt(SVCXPRT *xprt)
{
-@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt)
+@@ -517,6 +521,9 @@ svc_do_xprt(SVCXPRT *xprt)
if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
SVC_DESTROY(xprt);
break;
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/patches/patch-bh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bh Sat Jun 07 23:58:11 2008 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-bh,v 1.1 2008/06/07 23:58:11 tonnerre Exp $
+
+--- lib/rpc/svc_auth_gss.c.orig 2004-09-17 23:52:11.000000000 +0200
++++ lib/rpc/svc_auth_gss.c
+@@ -355,6 +355,15 @@ svcauth_gss_validate(struct svc_req *rqs
+ memset(rpchdr, 0, sizeof(rpchdr));
+
+ /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
++ oa = &msg->rm_call.cb_cred;
++ if (oa->oa_length > MAX_AUTH_BYTES)
++ return (FALSE);
++
++ /* 8 XDR units from the IXDR macro calls. */
++ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
++ RNDUP(oa->oa_length)))
++ return (FALSE);
++
+ buf = (int32_t *)(void *)rpchdr;
+ IXDR_PUT_LONG(buf, msg->rm_xid);
+ IXDR_PUT_ENUM(buf, msg->rm_direction);
+@@ -362,7 +371,6 @@ svcauth_gss_validate(struct svc_req *rqs
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
+- oa = &msg->rm_call.cb_cred;
+ IXDR_PUT_ENUM(buf, oa->oa_flavor);
+ IXDR_PUT_LONG(buf, oa->oa_length);
+ if (oa->oa_length) {
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/patches/patch-bi
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bi Sat Jun 07 23:58:11 2008 +0000
@@ -0,0 +1,51 @@
+$NetBSD: patch-bi,v 1.1 2008/06/07 23:58:11 tonnerre Exp $
+
+--- lib/rpc/svc_tcp.c.orig 2004-09-21 20:20:16.000000000 +0200
++++ lib/rpc/svc_tcp.c
+@@ -52,6 +52,14 @@ static char sccsid[] = "@(#)svc_tcp.c 1.
+ extern errno;
+ */
+
++#ifndef FD_SETSIZE
++#ifdef NBBY
++#define NOFILE (sizeof(int) * NBBY)
++#else
++#define NOFILE (sizeof(int) * 8)
++#endif
++#endif
++
+ /*
+ * Ops vector for TCP/IP based rpc service handle
+ */
+@@ -211,6 +219,20 @@ makefd_xprt(
+ {
+ register SVCXPRT *xprt;
+ register struct tcp_conn *cd;
++
++#ifdef FD_SETSIZE
++ if (fd >= FD_SETSIZE) {
++ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
++ xprt = NULL;
++ goto done;
++ }
++#else
++ if (fd >= NOFILE) {
++ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
++ xprt = NULL;
++ goto done;
++ }
++#endif
+
+ xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
+ if (xprt == (SVCXPRT *)NULL) {
+@@ -267,6 +289,10 @@ rendezvous_request(
+ * make a new transporter (re-uses xprt)
+ */
+ xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
++ if (xprt == NULL) {
++ close(sock);
++ return (FALSE);
++ }
+ xprt->xp_raddr = addr;
+ xprt->xp_addrlen = len;
+ xprt->xp_laddr = laddr;
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/patches/patch-bj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bj Sat Jun 07 23:58:11 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bj,v 1.1 2008/06/07 23:58:11 tonnerre Exp $
+
+--- kdc/dispatch.c.orig 2002-09-11 05:59:26.000000000 +0200
++++ kdc/dispatch.c
+@@ -108,7 +108,7 @@ dispatch(krb5_data *pkt, const krb5_full
+ retval = KRB5KRB_AP_ERR_MSG_TYPE;
+ #ifndef NOCACHE
+ /* put the response into the lookaside buffer */
+- if (!retval)
++ if (!retval && *response != NULL)
+ kdc_insert_lookaside(pkt, from, *response);
+ #endif
+
diff -r 9c5a56371f7e -r 7b8fa56e02df security/mit-krb5/patches/patch-bk
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bk Sat Jun 07 23:58:11 2008 +0000
@@ -0,0 +1,283 @@
+$NetBSD: patch-bk,v 1.1 2008/06/07 23:58:11 tonnerre Exp $
+
+--- kdc/kerberos_v4.c.orig 2004-07-24 02:40:18.000000000 +0200
++++ kdc/kerberos_v4.c
+@@ -86,11 +86,6 @@ extern int krbONE;
+ #define MSB_FIRST 0 /* 68000, IBM RT/PC */
+ #define LSB_FIRST 1 /* Vax, PC8086 */
+
+-int f;
+-
+-/* XXX several files in libkdb know about this */
+-char *progname;
+-
+ #ifndef BACKWARD_COMPAT
+ static Key_schedule master_key_schedule;
+ static C_Block master_key;
+@@ -142,10 +137,8 @@ static void hang(void);
+ #include "com_err.h"
+ #include "extern.h" /* to pick up master_princ */
+
+-static krb5_data *response;
+-
+-void kerberos_v4 (struct sockaddr_in *, KTEXT);
+-void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
++static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT);
++static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
+ static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
+
+ /* Attributes converted from V5 to V4 - internal representation */
+@@ -261,12 +254,12 @@ process_v4(const krb5_data *pkt, const k
+ (void) klog(L_KRB_PERR, "V4 request too long.");
+ return KRB5KRB_ERR_FIELD_TOOLONG;
+ }
++ memset( &v4_pkt, 0, sizeof(v4_pkt));
+ v4_pkt.length = pkt->length;
+ v4_pkt.mbz = 0;
+ memcpy( v4_pkt.dat, pkt->data, pkt->length);
+
+- kerberos_v4( &client_sockaddr, &v4_pkt);
+- *resp = response;
++ *resp = kerberos_v4( &client_sockaddr, &v4_pkt);
+ return(retval);
+ }
+
+@@ -299,19 +292,20 @@ char * v4_klog( int type, const char *fo
+ }
+
+ static
+-int krb4_sendto(int s, const char *msg, int len, int flags,
+- const struct sockaddr *to, int to_len)
++krb5_data *make_response(const char *msg, int len)
+ {
++ krb5_data *response;
++
+ if ( !(response = (krb5_data *) malloc( sizeof *response))) {
+- return ENOMEM;
++ return 0;
+ }
+ if ( !(response->data = (char *) malloc( len))) {
+ krb5_free_data(kdc_context, response);
+- return ENOMEM;
++ return 0;
+ }
+ response->length = len;
+ memcpy( response->data, msg, len);
+- return( 0);
++ return response;
+ }
+ static void
+ hang(void)
+@@ -590,7 +584,7 @@ static void str_length_check(char *str,
+ *cp = 0;
+ }
+
+-void
++static krb5_data *
+ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
+ {
+ static KTEXT_ST rpkt_st;
+@@ -603,7 +597,7 @@ kerberos_v4(struct sockaddr_in *client,
+ KTEXT auth = &auth_st;
+ AUTH_DAT ad_st;
+ AUTH_DAT *ad = &ad_st;
+-
++ krb5_data *response = 0;
+
+ static struct in_addr client_host;
+ static int msg_byte_order;
+@@ -641,8 +635,7 @@ kerberos_v4(struct sockaddr_in *client,
+ inet_ntoa(client_host));
+ /* send an error reply */
+ req_name_ptr = req_inst_ptr = req_realm_ptr = "";
+- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
+- return;
++ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
+ }
+
+ /* check packet version */
+@@ -652,8 +645,7 @@ kerberos_v4(struct sockaddr_in *client,
+ KRB_PROT_VERSION, req_version, 0);
+ /* send an error reply */
+ req_name_ptr = req_inst_ptr = req_realm_ptr = "";
+- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
+- return;
++ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
Home |
Main Index |
Thread Index |
Old Index