pkgsrc-changes: CVS commit: pkgsrc/security/kth-krb4

Subject: CVS commit: pkgsrc/security/kth-krb4
To: None <pkgsrc-changes@netbsd.org>
From: Lex Wennmacher <wennmach@netbsd.org>
List: pkgsrc-changes
Date: 08/02/2001 15:46:50

Module Name:	pkgsrc
Committed By:	wennmach
Date:		Thu Aug  2 12:46:50 UTC 2001

Modified Files:
	pkgsrc/security/kth-krb4: Makefile distinfo
	pkgsrc/security/kth-krb4/patches: patch-aa patch-ad patch-ae
	pkgsrc/security/kth-krb4/pkg: MESSAGE PLIST
Added Files:
	pkgsrc/security/kth-krb4/files: services-1.4.2.diff services-1.5.diff
Removed Files:
	pkgsrc/security/kth-krb4/files: services.diff
	pkgsrc/security/kth-krb4/patches: patch-ab patch-ac patch-af

Log Message:
The telnetd in kth-krb4-1.0.1 seems to be vulnerable to the buffer overflow
attack described in SA2001-12 (noted by T. M. Pederson <salvage@plethora.net>
in PR pkg/13610).

Instead of applying the patch submitted by T. M. Pederson, we upgrade
kth-krb4 to 1.0.9 where the vulnerability has been fixed.

The upgrade to 1.0.9 was provided by Assar Westerlund <assar@netbsd.org>
and slightly modified by myself.

Also included is diff file for /etc/services for NetBSD-1.5 (and 1.5.1)
also submitted by T. M. Pederson <salvage@plethora.net> in PR 12540.

Note: files/services.diff resurfaces as files/services-1.4.2.diff.

Closes PR 13610 and PR 12540.


To generate a diff of this commit:
cvs rdiff -r1.12 -r1.13 pkgsrc/security/kth-krb4/Makefile
cvs rdiff -r1.2 -r1.3 pkgsrc/security/kth-krb4/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/security/kth-krb4/files/services-1.4.2.diff \
    pkgsrc/security/kth-krb4/files/services-1.5.diff
cvs rdiff -r1.1 -r0 pkgsrc/security/kth-krb4/files/services.diff
cvs rdiff -r1.2 -r1.3 pkgsrc/security/kth-krb4/patches/patch-aa \
    pkgsrc/security/kth-krb4/patches/patch-ad \
    pkgsrc/security/kth-krb4/patches/patch-ae
cvs rdiff -r1.2 -r0 pkgsrc/security/kth-krb4/patches/patch-ab \
    pkgsrc/security/kth-krb4/patches/patch-ac \
    pkgsrc/security/kth-krb4/patches/patch-af
cvs rdiff -r1.3 -r1.4 pkgsrc/security/kth-krb4/pkg/MESSAGE \
    pkgsrc/security/kth-krb4/pkg/PLIST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.