pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q1]: pkgsrc/security/mit-krb5 Pullup ticket #2417 - reques...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b45996705ffa
branches:  pkgsrc-2008Q1
changeset: 540410:b45996705ffa
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun Jun 08 12:00:23 2008 +0000

description:
Pullup ticket #2417 - requested by tonnerre
Security patches for mit-krb5

Revisions pulled up:
- security/mit-krb5/Makefile                    1.43
- security/mit-krb5/distinfo                    1.20
- security/mit-krb5/patches/patch-at            1.2
- security/mit-krb5/patches/patch-bh            1.1
- security/mit-krb5/patches/patch-bi            1.1
- security/mit-krb5/patches/patch-bj            1.1
- security/mit-krb5/patches/patch-bk            1.1
- security/mit-krb5/patches/patch-bl            1.1
---
    Module Name:        pkgsrc
    Committed By:       tonnerre
    Date:               Sat Jun  7 23:58:11 UTC 2008

    Modified Files:
        pkgsrc/security/mit-krb5: Makefile distinfo
        pkgsrc/security/mit-krb5/patches: patch-at
    Added Files:
        pkgsrc/security/mit-krb5/patches: patch-bh patch-bi patch-bj
        patch-bk patch-bl

    Log Message:
    Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and
    MITKRB5-SA-2008-002. Bump PKGREVISION now finally.

diffstat:

 security/mit-krb5/Makefile         |    4 +-
 security/mit-krb5/distinfo         |    9 +-
 security/mit-krb5/patches/patch-at |   30 +++-
 security/mit-krb5/patches/patch-bh |   28 +++
 security/mit-krb5/patches/patch-bi |   51 ++++++
 security/mit-krb5/patches/patch-bj |   13 +
 security/mit-krb5/patches/patch-bk |  283 +++++++++++++++++++++++++++++++++++++
 security/mit-krb5/patches/patch-bl |   13 +
 8 files changed, 421 insertions(+), 10 deletions(-)

diffs (truncated from 495 to 300 lines):

diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile        Sun Jun 08 11:47:13 2008 +0000
+++ b/security/mit-krb5/Makefile        Sun Jun 08 12:00:23 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.41.8.1 2008/06/08 11:47:13 tron Exp $
+# $NetBSD: Makefile,v 1.41.8.2 2008/06/08 12:00:23 tron Exp $
 
 DISTNAME=      krb5-1.4.2
 PKGNAME=       mit-${DISTNAME:S/-signed$//}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    security
 MASTER_SITES=  http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=     ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo        Sun Jun 08 11:47:13 2008 +0000
+++ b/security/mit-krb5/distinfo        Sun Jun 08 12:00:23 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16.10.1 2008/06/08 11:47:13 tron Exp $
+$NetBSD: distinfo,v 1.16.10.2 2008/06/08 12:00:23 tron Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -22,7 +22,7 @@
 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
 SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
-SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
+SHA1 (patch-at) = f5837580b496c454a35a3d8b955e5209074c267d
 SHA1 (patch-au) = 238f497afd9ad129babc0b6c727eb23e9915536c
 SHA1 (patch-av) = db0fce68f58307be4c359758f2c9b31d62ab8348
 SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67
@@ -36,3 +36,8 @@
 SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d
 SHA1 (patch-bf) = 1e16b6cbe51a5aa07ac7c7c3c343e82bf16dcde6
 SHA1 (patch-bg) = fa70e00a2eb283782c9960a2c74a879862b979c5
+SHA1 (patch-bh) = 761ca395732d3f3eac0bc1fdbec0ad65aeea8df0
+SHA1 (patch-bi) = ab91152460485ede492573ce379461e892196647
+SHA1 (patch-bj) = d0deae92b8b4d9ad671c98ccb3debd7a4216f646
+SHA1 (patch-bk) = 9bf37086a4e7661e8aacc2736d21f61db154263e
+SHA1 (patch-bl) = d1239c8c8279680a97f7c555907ac1b4ccfca6b4
diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/patches/patch-at
--- a/security/mit-krb5/patches/patch-at        Sun Jun 08 11:47:13 2008 +0000
+++ b/security/mit-krb5/patches/patch-at        Sun Jun 08 12:00:23 2008 +0000
@@ -1,10 +1,28 @@
-$NetBSD: patch-at,v 1.1 2007/01/17 23:43:47 salo Exp $
-
-Security fix for CVE-2006-6143.
+$NetBSD: patch-at,v 1.1.12.1 2008/06/08 12:00:23 tron Exp $
 
 --- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200
-+++ lib/rpc/svc.c      2007-01-17 21:58:10.000000000 +0100
-@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds)
++++ lib/rpc/svc.c
+@@ -108,15 +108,17 @@ xprt_register(SVCXPRT *xprt)
+       if (sock < FD_SETSIZE) {
+               xports[sock] = xprt;
+               FD_SET(sock, &svc_fdset);
++              if (sock > svc_maxfd)
++                      svc_maxfd = sock;
+       }
+ #else
+       if (sock < NOFILE) {
+               xports[sock] = xprt;
+               svc_fds |= (1 << sock);
++              if (sock > svc_maxfd)
++                      svc_maxfd = sock;
+       }
+ #endif /* def FD_SETSIZE */
+-      if (sock > svc_maxfd)
+-              svc_maxfd = sock;
+ }
+ 
+ /*
+@@ -436,6 +438,8 @@ svc_getreqset(FDSET_TYPE *readfds)
  #endif
  }
  
@@ -13,7 +31,7 @@
  static void
  svc_do_xprt(SVCXPRT *xprt)
  {
-@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt)
+@@ -517,6 +521,9 @@ svc_do_xprt(SVCXPRT *xprt)
                if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
                        SVC_DESTROY(xprt);
                        break;
diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/patches/patch-bh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bh        Sun Jun 08 12:00:23 2008 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-bh,v 1.1.2.2 2008/06/08 12:00:23 tron Exp $
+
+--- lib/rpc/svc_auth_gss.c.orig        2004-09-17 23:52:11.000000000 +0200
++++ lib/rpc/svc_auth_gss.c
+@@ -355,6 +355,15 @@ svcauth_gss_validate(struct svc_req *rqs
+       memset(rpchdr, 0, sizeof(rpchdr));
+ 
+       /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
++      oa = &msg->rm_call.cb_cred;
++      if (oa->oa_length > MAX_AUTH_BYTES)
++              return (FALSE);
++
++      /* 8 XDR units from the IXDR macro calls. */
++      if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
++                            RNDUP(oa->oa_length)))
++              return (FALSE);
++
+       buf = (int32_t *)(void *)rpchdr;
+       IXDR_PUT_LONG(buf, msg->rm_xid);
+       IXDR_PUT_ENUM(buf, msg->rm_direction);
+@@ -362,7 +371,6 @@ svcauth_gss_validate(struct svc_req *rqs
+       IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
+       IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
+       IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
+-      oa = &msg->rm_call.cb_cred;
+       IXDR_PUT_ENUM(buf, oa->oa_flavor);
+       IXDR_PUT_LONG(buf, oa->oa_length);
+       if (oa->oa_length) {
diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/patches/patch-bi
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bi        Sun Jun 08 12:00:23 2008 +0000
@@ -0,0 +1,51 @@
+$NetBSD: patch-bi,v 1.1.2.2 2008/06/08 12:00:23 tron Exp $
+
+--- lib/rpc/svc_tcp.c.orig     2004-09-21 20:20:16.000000000 +0200
++++ lib/rpc/svc_tcp.c
+@@ -52,6 +52,14 @@ static char sccsid[] = "@(#)svc_tcp.c 1.
+ extern errno;
+ */
+ 
++#ifndef FD_SETSIZE
++#ifdef NBBY
++#define NOFILE (sizeof(int) * NBBY)
++#else
++#define NOFILE (sizeof(int) * 8)
++#endif
++#endif
++
+ /*
+  * Ops vector for TCP/IP based rpc service handle
+  */
+@@ -211,6 +219,20 @@ makefd_xprt(
+ {
+       register SVCXPRT *xprt;
+       register struct tcp_conn *cd;
++
++#ifdef FD_SETSIZE
++      if (fd >= FD_SETSIZE) {
++              (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
++              xprt = NULL;
++              goto done;
++      }
++#else
++      if (fd >= NOFILE) {
++              (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
++              xprt = NULL;
++              goto done;
++      }
++#endif
+  
+       xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
+       if (xprt == (SVCXPRT *)NULL) {
+@@ -267,6 +289,10 @@ rendezvous_request(
+        * make a new transporter (re-uses xprt)
+        */
+       xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
++      if (xprt == NULL) {
++              close(sock);
++              return (FALSE);
++      }
+       xprt->xp_raddr = addr;
+       xprt->xp_addrlen = len;
+       xprt->xp_laddr = laddr;
diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/patches/patch-bj
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bj        Sun Jun 08 12:00:23 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bj,v 1.1.2.2 2008/06/08 12:00:23 tron Exp $
+
+--- kdc/dispatch.c.orig        2002-09-11 05:59:26.000000000 +0200
++++ kdc/dispatch.c
+@@ -108,7 +108,7 @@ dispatch(krb5_data *pkt, const krb5_full
+       retval = KRB5KRB_AP_ERR_MSG_TYPE;
+ #ifndef NOCACHE
+     /* put the response into the lookaside buffer */
+-    if (!retval)
++    if (!retval && *response != NULL)
+       kdc_insert_lookaside(pkt, from, *response);
+ #endif
+ 
diff -r 230ed2e5ad81 -r b45996705ffa security/mit-krb5/patches/patch-bk
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bk        Sun Jun 08 12:00:23 2008 +0000
@@ -0,0 +1,283 @@
+$NetBSD: patch-bk,v 1.1.2.2 2008/06/08 12:00:23 tron Exp $
+
+--- kdc/kerberos_v4.c.orig     2004-07-24 02:40:18.000000000 +0200
++++ kdc/kerberos_v4.c
+@@ -86,11 +86,6 @@ extern int krbONE;
+ #define               MSB_FIRST               0       /* 68000, IBM RT/PC */
+ #define               LSB_FIRST               1       /* Vax, PC8086 */
+ 
+-int     f;
+-
+-/* XXX several files in libkdb know about this */
+-char *progname;
+-
+ #ifndef BACKWARD_COMPAT
+ static Key_schedule master_key_schedule;
+ static C_Block master_key;
+@@ -142,10 +137,8 @@ static void hang(void);
+ #include "com_err.h"
+ #include "extern.h"           /* to pick up master_princ */
+ 
+-static krb5_data *response;
+-
+-void kerberos_v4 (struct sockaddr_in *, KTEXT);
+-void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
++static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT);
++static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
+ static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
+ 
+ /* Attributes converted from V5 to V4 - internal representation */
+@@ -261,12 +254,12 @@ process_v4(const krb5_data *pkt, const k
+           (void) klog(L_KRB_PERR, "V4 request too long.");
+           return KRB5KRB_ERR_FIELD_TOOLONG;
+     }
++    memset( &v4_pkt, 0, sizeof(v4_pkt));
+     v4_pkt.length = pkt->length;
+     v4_pkt.mbz = 0;
+     memcpy( v4_pkt.dat, pkt->data, pkt->length);
+ 
+-    kerberos_v4( &client_sockaddr, &v4_pkt);
+-    *resp = response;
++    *resp = kerberos_v4( &client_sockaddr, &v4_pkt);
+     return(retval);
+ }
+ 
+@@ -299,19 +292,20 @@ char * v4_klog( int type, const char *fo
+ }
+ 
+ static
+-int krb4_sendto(int s, const char *msg, int len, int flags,
+-              const struct sockaddr *to, int to_len)
++krb5_data *make_response(const char *msg, int len)
+ {
++    krb5_data *response;
++
+     if (  !(response = (krb5_data *) malloc( sizeof *response))) {
+-      return ENOMEM;
++      return 0;
+     }
+     if ( !(response->data = (char *) malloc( len))) {
+       krb5_free_data(kdc_context,  response);
+-      return ENOMEM;
++      return 0;
+     }
+     response->length = len;
+     memcpy( response->data, msg, len);
+-    return( 0);
++    return response;
+ }
+ static void
+ hang(void)
+@@ -590,7 +584,7 @@ static void str_length_check(char *str, 
+       *cp = 0;
+ }
+ 
+-void
++static krb5_data *
+ kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
+ {
+     static KTEXT_ST rpkt_st;
+@@ -603,7 +597,7 @@ kerberos_v4(struct sockaddr_in *client, 
+     KTEXT   auth = &auth_st;
+     AUTH_DAT ad_st;
+     AUTH_DAT *ad = &ad_st;
+-
++    krb5_data *response = 0;
+ 
+     static struct in_addr client_host;
+     static int msg_byte_order;
+@@ -641,8 +635,7 @@ kerberos_v4(struct sockaddr_in *client, 
+                 inet_ntoa(client_host));
+       /* send an error reply */
+       req_name_ptr = req_inst_ptr = req_realm_ptr = "";
+-      kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
+-      return;
++      return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
+     }
+ 
+     /* check packet version */
+@@ -652,8 +645,7 @@ kerberos_v4(struct sockaddr_in *client, 
+                 KRB_PROT_VERSION, req_version, 0);
+       /* send an error reply */
+       req_name_ptr = req_inst_ptr = req_realm_ptr = "";
+-      kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
+-      return;
++      return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);



Home | Main Index | Thread Index | Old Index