pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q1]: pkgsrc/security Pullup ticket 1407 - requested by jlam
details: https://anonhg.NetBSD.org/pkgsrc/rev/90b8fe2949ea
branches: pkgsrc-2006Q1
changeset: 510220:90b8fe2949ea
user: salo <salo%pkgsrc.org@localhost>
date: Tue Apr 18 23:25:03 2006 +0000
description:
Pullup ticket 1407 - requested by jlam
security fix for cy2-digestmd5
Updated via patch provided by the submitter.
Fixes denial of service vulnerability described in CVE-2006-1721.
diffstat:
security/cy2-digestmd5/Makefile | 4 ++--
security/cyrus-sasl2/distinfo | 3 ++-
security/cyrus-sasl2/patches/patch-za | 14 ++++++++++++++
3 files changed, 18 insertions(+), 3 deletions(-)
diffs (45 lines):
diff -r 96d561d453a5 -r 90b8fe2949ea security/cy2-digestmd5/Makefile
--- a/security/cy2-digestmd5/Makefile Tue Apr 18 22:52:55 2006 +0000
+++ b/security/cy2-digestmd5/Makefile Tue Apr 18 23:25:03 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.7 2006/02/05 23:10:42 joerg Exp $
+# $NetBSD: Makefile,v 1.7.2.1 2006/04/18 23:25:03 salo Exp $
PKGNAME= ${DISTNAME:S/cyrus-sasl/cy2-digestmd5/}
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= Cyrus SASL DIGEST-MD5 authentication plugin
SASL_PLUGIN= yes
diff -r 96d561d453a5 -r 90b8fe2949ea security/cyrus-sasl2/distinfo
--- a/security/cyrus-sasl2/distinfo Tue Apr 18 22:52:55 2006 +0000
+++ b/security/cyrus-sasl2/distinfo Tue Apr 18 23:25:03 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2006/01/27 17:48:22 joerg Exp $
+$NetBSD: distinfo,v 1.27.2.1 2006/04/18 23:25:03 salo Exp $
SHA1 (cyrus-sasl-2.1.20.tar.gz) = d1eec5644c4e87edb95fa5ab8bf124cfdf277eb6
RMD160 (cyrus-sasl-2.1.20.tar.gz) = 45f8d9e91e5ba4840f57d2f0526b8f41f90bbb8c
@@ -19,3 +19,4 @@
SHA1 (patch-ar) = f03a9bddfeb7aeb8af19c2bde315a630ce03f331
SHA1 (patch-as) = c8cebac879afda69b282f5c334ffb2c8b5eee6cd
SHA1 (patch-at) = cf35ac66873a5bc18216e13a1240019da99563ca
+SHA1 (patch-za) = 43a0444362894040fc42cc16ff9bb1eecf153a6e
diff -r 96d561d453a5 -r 90b8fe2949ea security/cyrus-sasl2/patches/patch-za
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/cyrus-sasl2/patches/patch-za Tue Apr 18 23:25:03 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-za,v 1.1.2.1 2006/04/18 23:25:03 salo Exp $
+
+--- plugins/digestmd5.c.orig 2004-07-29 15:21:57.000000000 -0400
++++ plugins/digestmd5.c
+@@ -2242,7 +2242,8 @@ static int digestmd5_server_mech_step2(s
+ }
+
+ /* Sanity check the parameters */
+- if (strcmp(realm, text->realm) != 0) {
++ if (((realm != NULL) && (strcmp(realm, text->realm) != 0)) &&
++ (text->realm[0] != 0)) {
+ SETERROR(sparams->utils,
+ "realm changed: authentication aborted");
+ result = SASL_BADAUTH;
Home |
Main Index |
Thread Index |
Old Index