pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/mit-krb5



Module Name:    pkgsrc
Committed By:   jperkin
Date:           Sat Jan 16 09:00:23 UTC 2021

Modified Files:
        pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
        pkgsrc/security/mit-krb5/patches: patch-kadmin_cli_getdate.y
            patch-plugins_kdb_ldap_ldap__util_Makefile.in

Log Message:
mit-krb5: Update to 1.18.3.

Fixes issues the with autoconf 2.70 update and bison POSIX yacc errors.

Major changes in 1.18.3 (2020-11-17)
------------------------------------

This is a bug fix release.

* Fix a denial of service vulnerability when decoding Kerberos
  protocol messages.

* Fix a locking issue with the LMDB KDB module which could cause KDC
  and kadmind processes to lose access to the database.

* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
  and unloaded while libkrb5support remains loaded.

krb5-1.18.3 changes by ticket ID
--------------------------------

7476    updated manual page for kvno
8614    Assertion failure when repeatedly loading libgssapi_krb5
8882    kdb5_util load ignores password expiration with LDAP KDB module
8918    KDC and kadmind fork with DB open, breaking LMDB KDB module
8926    Allow gss_unwrap_iov() of unpadded RC4 tokens
8933    Fix input length checking in SPNEGO DER decoding
8936    Set lockdown attribute when creating LDAP KDB
8938    Leash crashes on failure to auto-renew tickets
8939    Suppress Leash error popup on MSLSA renew failure
8959    Add recursion limit for ASN.1 indefinite lengths
8960    Fix compatibility with upcoming autoconf 2.70


To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_getdate.y \
    pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_ldap_ldap__util_Makefile.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/mit-krb5/Makefile
diff -u pkgsrc/security/mit-krb5/Makefile:1.110 pkgsrc/security/mit-krb5/Makefile:1.111
--- pkgsrc/security/mit-krb5/Makefile:1.110     Thu Oct  8 19:52:36 2020
+++ pkgsrc/security/mit-krb5/Makefile   Sat Jan 16 09:00:23 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.110 2020/10/08 19:52:36 gdt Exp $
+# $NetBSD: Makefile,v 1.111 2021/01/16 09:00:23 jperkin Exp $
 
 BRANCHNAME=    1.18
-DISTNAME=      krb5-${BRANCHNAME}.2
+DISTNAME=      krb5-${BRANCHNAME}.3
 PKGNAME=       mit-${DISTNAME}
 CATEGORIES=    security
 # It is not clear how stable this URL scheme is.
@@ -33,12 +33,7 @@ CONFLICTS+=  kth-krb4-[0-9]*
 USE_LANGUAGES=         c c++
 USE_LIBTOOL=           yes
 GNU_CONFIGURE=         yes
-USE_TOOLS+=            autoconf gzip m4 msgfmt perl
-.if ${OPSYS} == "SunOS"
-USE_TOOLS+=            bison
-.else
-USE_TOOLS+=            yacc
-.endif
+USE_TOOLS+=            autoconf bison gzip m4 msgfmt perl
 
 # The actual KDC databases are stored in ${MIT_KRB5_STATEDIR}/krb5kdc.
 MIT_KRB5_STATEDIR?=    ${VARBASE}
@@ -59,6 +54,7 @@ CONFIGURE_ARGS+=      --without-tcl
 CONFIGURE_ENV+=                BUILDLINK_PREFIX_OPENSSL=${BUILDLINK_PREFIX.openssl}
 CONFIGURE_ENV+=                DEFKTNAME=FILE:${PKG_SYSCONFDIR}/krb5.keytab
 MAKE_ENV+=             ROOT_USER=${ROOT_USER}
+MAKE_ENV+=             YFLAGS="-Wnone"
 LIBS.SunOS=            -lrt
 
 OWN_DIRS_PERMS=                ${MIT_KRB5_STATEDIR}/krb5kdc                    \

Index: pkgsrc/security/mit-krb5/distinfo
diff -u pkgsrc/security/mit-krb5/distinfo:1.73 pkgsrc/security/mit-krb5/distinfo:1.74
--- pkgsrc/security/mit-krb5/distinfo:1.73      Thu Oct  8 00:23:14 2020
+++ pkgsrc/security/mit-krb5/distinfo   Sat Jan 16 09:00:23 2021
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.73 2020/10/08 00:23:14 gdt Exp $
+$NetBSD: distinfo,v 1.74 2021/01/16 09:00:23 jperkin Exp $
 
-SHA1 (krb5-1.18.2.tar.gz) = 547c4e4afa06dd39c888a9ee89397ec3c3425c90
-RMD160 (krb5-1.18.2.tar.gz) = 5943e2bb26477a6251a9b2fa5f5fecd1ffe276c3
-SHA512 (krb5-1.18.2.tar.gz) = 7cbb1b28e677fea3e0794e93951f3caaa2c49bb1175dd187951e72a466cc69d96c3b833d838000fe911c1a437d96a558e550f27c53a8b332fb9dfc7cbb7ec44c
-Size (krb5-1.18.2.tar.gz) = 8713927 bytes
+SHA1 (krb5-1.18.3.tar.gz) = fdbb31fab5bdea24fc464d09bdbc245740648f1a
+RMD160 (krb5-1.18.3.tar.gz) = b8a3c3542433442e18984456773b0a2749fc6282
+SHA512 (krb5-1.18.3.tar.gz) = cf0bf6cf8f622fa085954e6da998d952cf64dc7ccc319972ed81ea0542089cabf2d0e8243df84da01ad6f40584768ca2f02d108630c6741fa7b3d7d98c887c01
+Size (krb5-1.18.3.tar.gz) = 8715312 bytes
 SHA1 (patch-Makefile.in) = 24f915d7a4340b9a4a454b9b67c94147fdc49c34
 SHA1 (patch-aclocal.m4) = 07b5d9ae38c74eaea6ba62aed9062dca1bf7f3fb
 SHA1 (patch-build-tools_krb5-config.in) = 4ab922df1d86d86f9ef043f2c5cdf048c0477d3a
@@ -15,6 +15,7 @@ SHA1 (patch-config_libpriv.in) = 78342f6
 SHA1 (patch-config_pre.in) = 255973132db9327190211214c3e33b4551bd283b
 SHA1 (patch-config_shlib.conf) = c47a647307e7d883e7c22528b7b0f5ad038cbcb3
 SHA1 (patch-include_osconf.hin) = d31a8164f417bc31a787c8e16d1bd24f27b7140d
+SHA1 (patch-kadmin_cli_getdate.y) = 81fda2911fabdcfe88085dae69ff44ea0b0608a1
 SHA1 (patch-kadmin_cli_ss_wrapper.c) = e32e6180f8d508cb2eb18489ce2fef0a1ad0f51d
 SHA1 (patch-kprop_kproplog.c) = 9b751de7eb70d026b54e15275bb878bdb0ce52eb
 SHA1 (patch-lib_apputils_Makefile.in) = 085004041a2bb8c4bb3074c2e71e71f22f4f06d7
@@ -26,6 +27,7 @@ SHA1 (patch-lib_kdb_kdb__log.c) = dc759f
 SHA1 (patch-lib_krb5_ccache_Makefile.in) = 330ae21ec3b290ae16478c2c49a138acac5bf2fd
 SHA1 (patch-plugins_kdb_db2_Makefile.in) = f374fc5915b735075fbb751ef736f4ce54abc289
 SHA1 (patch-plugins_kdb_db2_libdb2_Makefile.in) = b4b7e8e4192b5e5318f1e42c49315789619f3ae9
+SHA1 (patch-plugins_kdb_ldap_ldap__util_Makefile.in) = 7aa0f44cc02c523c837e7e3e1766624d2323deb9
 SHA1 (patch-plugins_preauth_otp_Makefile.in) = 8c779e3b37cab4138f300f4a09325387092c79f8
 SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = c778366d5bd1cae85424643a582013101fc9632d
 SHA1 (patch-util_k5ev_verto-k5ev.c) = 8f074ddccbaaa03576f0302437aed3aaad1b738d

Added files:

Index: pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_getdate.y
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_getdate.y:1.1
--- /dev/null   Sat Jan 16 09:00:23 2021
+++ pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_getdate.y Sat Jan 16 09:00:23 2021
@@ -0,0 +1,23 @@
+$NetBSD: patch-kadmin_cli_getdate.y,v 1.1 2021/01/16 09:00:23 jperkin Exp $
+
+Backport upstream fix https://github.com/krb5/krb5/commit/d3356bc4
+
+--- kadmin/cli/getdate.y.orig  2020-11-17 17:17:59.000000000 +0000
++++ kadmin/cli/getdate.y
+@@ -185,12 +185,10 @@ static time_t    yyRelSeconds;
+     enum _MERIDIAN    Meridian;
+ }
+ 
+-%token        tAGO tDAY tDAYZONE tID tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT
+-%token        tSEC_UNIT tSNUMBER tUNUMBER tZONE tDST tNEVER
+-
+-%type <Number>        tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
+-%type <Number>        tSEC_UNIT tSNUMBER tUNUMBER tZONE
+-%type <Meridian>      tMERIDIAN o_merid
++%token                        tAGO tID tDST tNEVER
++%token        <Number>        tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
++%token        <Number>        tSEC_UNIT tSNUMBER tUNUMBER tZONE tMERIDIAN
++%type <Meridian>      o_merid
+ 
+ %%
+ 
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_ldap_ldap__util_Makefile.in
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_ldap_ldap__util_Makefile.in:1.1
--- /dev/null   Sat Jan 16 09:00:23 2021
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_ldap_ldap__util_Makefile.in      Sat Jan 16 09:00:23 2021
@@ -0,0 +1,15 @@
+$NetBSD: patch-plugins_kdb_ldap_ldap__util_Makefile.in,v 1.1 2021/01/16 09:00:23 jperkin Exp $
+
+Pass YFLAGS.
+
+--- plugins/kdb/ldap/ldap_util/Makefile.in.orig        2020-11-17 17:17:59.000000000 +0000
++++ plugins/kdb/ldap/ldap_util/Makefile.in
+@@ -19,7 +19,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KR
+ 
+ getdate.c: $(GETDATE)
+       $(RM) getdate.c y.tab.c
+-      $(YACC) $(GETDATE)
++      $(YACC) $(YFLAGS) $(GETDATE)
+       $(MV) y.tab.c getdate.c
+ 
+ install:



Home | Main Index | Thread Index | Old Index