Subject: CVS commit: pkgsrc/security/heimdal
To: None <pkgsrc-changes@NetBSD.org>
From: Love Hornquist Astrand <lha@netbsd.org>
List: pkgsrc-changes
Date: 02/07/2006 12:20:52
Module Name: pkgsrc
Committed By: lha
Date: Tue Feb 7 12:20:52 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Removed Files:
pkgsrc/security/heimdal/patches: patch-ab patch-ae patch-af patch-ag
patch-ah patch-ai patch-aj patch-ak
Log Message:
http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
Changes in Heimdal 0.7.2
* Fix security problem in rshd that enable an attacker to overwrite
and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
in a NULL de-reference before the user logged in, resulting in inetd
turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
exists in the keytab before returning success. This allows servers
to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
uses subkey for sending for compatibility reasons, this will change
in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
successful logins.
* Bug fixes
To generate a diff of this commit:
cvs rdiff -r1.53 -r1.54 pkgsrc/security/heimdal/Makefile
cvs rdiff -r1.18 -r1.19 pkgsrc/security/heimdal/distinfo
cvs rdiff -r1.2 -r0 pkgsrc/security/heimdal/patches/patch-ab \
pkgsrc/security/heimdal/patches/patch-ak
cvs rdiff -r1.5 -r0 pkgsrc/security/heimdal/patches/patch-ae
cvs rdiff -r1.3 -r0 pkgsrc/security/heimdal/patches/patch-af \
pkgsrc/security/heimdal/patches/patch-ag \
pkgsrc/security/heimdal/patches/patch-ah
cvs rdiff -r1.1 -r0 pkgsrc/security/heimdal/patches/patch-ai \
pkgsrc/security/heimdal/patches/patch-aj
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.