[pkgsrc/trunk]: pkgsrc/security/mit-krb5 Security fix for CVE-2006-6143:

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ac650d3fb78f
branches:  trunk
changeset: 524066:ac650d3fb78f
user:      salo <salo%pkgsrc.org@localhost>
date:      Wed Jan 17 23:43:47 2007 +0000

description:
Security fix for CVE-2006-6143:

"An unauthenticated user may cause execution of arbitrary code in
 kadmind, which can compromise the Kerberos key database and host
 security.  (kadmind usually runs as root.)  Unsuccessful exploitation,
 or even accidental replication of the required conditions by
 non-malicious users, can result in kadmind crashing."

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143

Patch from MIT.

diffstat:

 security/mit-krb5/Makefile         |   4 ++--
 security/mit-krb5/distinfo         |   3 ++-
 security/mit-krb5/patches/patch-at |  25 +++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)

diffs (57 lines):

diff -r 5f32809e6bef -r ac650d3fb78f security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile        Wed Jan 17 23:38:33 2007 +0000
+++ b/security/mit-krb5/Makefile        Wed Jan 17 23:43:47 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $
+# $NetBSD: Makefile,v 1.39 2007/01/17 23:43:47 salo Exp $
 
 DISTNAME=      krb5-1.4.2
 PKGNAME=       mit-${DISTNAME:S/-signed$//}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    security
 MASTER_SITES=  http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=     ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r 5f32809e6bef -r ac650d3fb78f security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo        Wed Jan 17 23:38:33 2007 +0000
+++ b/security/mit-krb5/distinfo        Wed Jan 17 23:43:47 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $
+$NetBSD: distinfo,v 1.16 2007/01/17 23:43:47 salo Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -21,3 +21,4 @@
 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
 SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
+SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
diff -r 5f32809e6bef -r ac650d3fb78f security/mit-krb5/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-at        Wed Jan 17 23:43:47 2007 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-at,v 1.1 2007/01/17 23:43:47 salo Exp $
+
+Security fix for CVE-2006-6143.
+
+--- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200
++++ lib/rpc/svc.c      2007-01-17 21:58:10.000000000 +0100
+@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds)
+ #endif
+ }
+ 
++extern struct svc_auth_ops svc_auth_gss_ops;
++
+ static void
+ svc_do_xprt(SVCXPRT *xprt)
+ {
+@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt)
+               if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
+                       SVC_DESTROY(xprt);
+                       break;
++              } else if ((xprt->xp_auth != NULL) &&
++                         (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
++                      xprt->xp_auth = NULL;
+               }
+       } while (stat == XPRT_MOREREQS);
+