pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/heimdal http://www.pdc.kth.se/heimdal/release...
details: https://anonhg.NetBSD.org/pkgsrc/rev/2f19e20a8672
branches: trunk
changeset: 507718:2f19e20a8672
user: lha <lha%pkgsrc.org@localhost>
date: Tue Feb 07 12:20:52 2006 +0000
description:
http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
Changes in Heimdal 0.7.2
* Fix security problem in rshd that enable an attacker to overwrite
and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
in a NULL de-reference before the user logged in, resulting in inetd
turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
exists in the keytab before returning success. This allows servers
to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
uses subkey for sending for compatibility reasons, this will change
in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
successful logins.
* Bug fixes
diffstat:
security/heimdal/Makefile | 5 +-
security/heimdal/distinfo | 16 +----
security/heimdal/patches/patch-ab | 30 -----------
security/heimdal/patches/patch-ae | 13 -----
security/heimdal/patches/patch-af | 12 ----
security/heimdal/patches/patch-ag | 13 -----
security/heimdal/patches/patch-ah | 99 ---------------------------------------
security/heimdal/patches/patch-ai | 41 ----------------
security/heimdal/patches/patch-aj | 71 ---------------------------
security/heimdal/patches/patch-ak | 14 -----
10 files changed, 6 insertions(+), 308 deletions(-)
diffs (truncated from 361 to 300 lines):
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/Makefile
--- a/security/heimdal/Makefile Tue Feb 07 11:44:34 2006 +0000
+++ b/security/heimdal/Makefile Tue Feb 07 12:20:52 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.53 2006/01/25 03:47:51 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2006/02/07 12:20:52 lha Exp $
-DISTNAME= heimdal-0.7.1
-PKGREVISION= 2
+DISTNAME= heimdal-0.7.2
CATEGORIES= security
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/distinfo
--- a/security/heimdal/distinfo Tue Feb 07 11:44:34 2006 +0000
+++ b/security/heimdal/distinfo Tue Feb 07 12:20:52 2006 +0000
@@ -1,15 +1,7 @@
-$NetBSD: distinfo,v 1.18 2005/10/29 21:05:28 tonio Exp $
+$NetBSD: distinfo,v 1.19 2006/02/07 12:20:52 lha Exp $
-SHA1 (heimdal-0.7.1.tar.gz) = ab3e6f5fe6de86f7ba7413f8600f9b1ed956b620
-RMD160 (heimdal-0.7.1.tar.gz) = 30373d227452e20187ca4bad1dc980c3f952be26
-Size (heimdal-0.7.1.tar.gz) = 4515175 bytes
-SHA1 (patch-ab) = 50c526185cd64e48b7b60f154011e5efa6930570
+SHA1 (heimdal-0.7.2.tar.gz) = a902e6ad7c31d940b588dc0235b348936f0d719d
+RMD160 (heimdal-0.7.2.tar.gz) = 0f028a9d5a6a66e8efc0397e4d8c8adc2183b409
+Size (heimdal-0.7.2.tar.gz) = 4525734 bytes
SHA1 (patch-ac) = 313c0a1f91e4f9546ae906f981adae0d499dd9cf
SHA1 (patch-ad) = a7cfc038e76f8c3da38f8eb0ee48a7f8c7a9c7df
-SHA1 (patch-ae) = a9ec9b28a6291786631f900972fe231150d4afe0
-SHA1 (patch-af) = c8ef770eba0647d71f3bbbaca1d3fb0eaa7875d2
-SHA1 (patch-ag) = 003307136227d75729fc4d7f95a7debc7e91136e
-SHA1 (patch-ah) = 797785f2f5f1530782d42393d2cc242f03fc20e6
-SHA1 (patch-ai) = 55276d0becee47ae62ccfe5cd837b0fd4d7e6ff6
-SHA1 (patch-aj) = ad30690ce7b7f11a80513df4d3e932bce095d863
-SHA1 (patch-ak) = cf9cf0dd7b40e7fe46efbd4954a66bc451179f4b
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-ab
--- a/security/heimdal/patches/patch-ab Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-$NetBSD: patch-ab,v 1.2 2005/10/26 15:12:45 jlam Exp $
-
---- cf/install-catman.sh.orig 2005-09-09 08:12:22.000000000 -0400
-+++ cf/install-catman.sh
-@@ -9,6 +9,7 @@ mkinstalldirs="$1"; shift
- srcdir="$1"; shift
- manbase="$1"; shift
- suffix="$1"; shift
-+catinstall="${INSTALL_CATPAGES-yes}"
-
- for f in "$@"; do
- base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
-@@ -17,7 +18,7 @@ for f in "$@"; do
- catdir="$manbase/cat$section"
- c="$base.cat$section"
-
-- if test -f "$srcdir/$c"; then
-+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then
- if test \! -d "$catdir"; then
- eval "$mkinstalldirs $catdir"
- fi
-@@ -36,7 +37,7 @@ for f in "$@"; do
- break
- fi
- done
-- if test -f "$srcdir/$c"; then
-+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then
- target="$catdir/$link.$suffix"
- for cmd in "ln -f $catdir/$base.$suffix $target" \
- "ln -fs $base.$suffix $target" \
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-ae
--- a/security/heimdal/patches/patch-ae Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ae,v 1.5 2005/10/26 15:12:45 jlam Exp $
-
---- lib/krb5/krb5_encrypt.3.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/krb5_encrypt.3
-@@ -44,7 +44,7 @@
- .Nm krb5_decrypt_ivec ,
- .Nm krb5_decrypt_ticket ,
- .Nm krb5_encrypt ,
--.Nm krb5_encrypt_EncryptedData,
-+.Nm krb5_encrypt_EncryptedData ,
- .Nm krb5_encrypt_ivec ,
- .Nm krb5_enctype_disable ,
- .Nm krb5_enctype_keysize ,
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-af
--- a/security/heimdal/patches/patch-af Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-$NetBSD: patch-af,v 1.3 2005/10/26 15:12:45 jlam Exp $
-
---- lib/krb5/Makefile.in.orig 2005-09-09 08:17:31.000000000 -0400
-+++ lib/krb5/Makefile.in
-@@ -737,6 +737,7 @@ man_MANS = \
- krb5_rcache.3 \
- krb5_rd_error.3 \
- krb5_set_default_realm.3 \
-+ krb5_set_password.3 \
- krb5_storage.3 \
- krb5_string_to_key.3 \
- krb5_ticket.3 \
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-ag
--- a/security/heimdal/patches/patch-ag Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ag,v 1.3 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/krb5.h.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/krb5.h
-@@ -657,7 +657,7 @@ typedef struct _krb5_get_init_creds_opt
- krb5_preauthtype *preauth_list;
- int preauth_list_length;
- krb5_data *salt;
-- struct _krb5_get_init_creds_opt_private *private;
-+ struct _krb5_get_init_creds_opt_private *opt_private;
- } krb5_get_init_creds_opt;
-
- #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-ah
--- a/security/heimdal/patches/patch-ah Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,99 +0,0 @@
-$NetBSD: patch-ah,v 1.3 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/init_creds.c.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/init_creds.c
-@@ -40,7 +40,7 @@ krb5_get_init_creds_opt_init(krb5_get_in
- {
- memset (opt, 0, sizeof(*opt));
- opt->flags = 0;
-- opt->private = NULL;
-+ opt->opt_private = NULL;
- }
-
- krb5_error_code KRB5_LIB_FUNCTION
-@@ -56,13 +56,13 @@ krb5_get_init_creds_opt_alloc(krb5_conte
- return ENOMEM;
- }
- krb5_get_init_creds_opt_init(o);
-- o->private = calloc(1, sizeof(*o->private));
-- if (o->private == NULL) {
-+ o->opt_private = calloc(1, sizeof(*o->opt_private));
-+ if (o->opt_private == NULL) {
- krb5_set_error_string(context, "out of memory");
- free(o);
- return ENOMEM;
- }
-- o->private->refcount = 1;
-+ o->opt_private->refcount = 1;
- *opt = o;
- return 0;
- }
-@@ -82,16 +82,16 @@ _krb5_get_init_creds_opt_copy(krb5_conte
- }
- if (in)
- *opt = *in;
-- if(opt->private == NULL) {
-- opt->private = calloc(1, sizeof(*opt->private));
-- if (opt->private == NULL) {
-+ if(opt->opt_private == NULL) {
-+ opt->opt_private = calloc(1, sizeof(*opt->opt_private));
-+ if (opt->opt_private == NULL) {
- krb5_set_error_string(context, "out of memory");
- free(opt);
- return ENOMEM;
- }
-- opt->private->refcount = 1;
-+ opt->opt_private->refcount = 1;
- } else
-- opt->private->refcount++;
-+ opt->opt_private->refcount++;
- *out = opt;
- return 0;
- }
-@@ -99,13 +99,13 @@ _krb5_get_init_creds_opt_copy(krb5_conte
- void KRB5_LIB_FUNCTION
- krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt)
- {
-- if (opt->private == NULL)
-+ if (opt->opt_private == NULL)
- return;
-- if (opt->private->refcount < 1) /* abort ? */
-+ if (opt->opt_private->refcount < 1) /* abort ? */
- return;
-- if (--opt->private->refcount == 0) {
-+ if (--opt->opt_private->refcount == 0) {
- _krb5_get_init_creds_opt_free_pkinit(opt);
-- free(opt->private);
-+ free(opt->opt_private);
- }
- memset(opt, 0, sizeof(*opt));
- free(opt);
-@@ -293,7 +293,7 @@ require_ext_opt(krb5_context context,
- krb5_get_init_creds_opt *opt,
- const char *type)
- {
-- if (opt->private == NULL) {
-+ if (opt->opt_private == NULL) {
- krb5_set_error_string(context, "%s on non extendable opt", type);
- return EINVAL;
- }
-@@ -310,8 +310,8 @@ krb5_get_init_creds_opt_set_pa_password(
- ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
- if (ret)
- return ret;
-- opt->private->password = password;
-- opt->private->key_proc = key_proc;
-+ opt->opt_private->password = password;
-+ opt->opt_private->key_proc = key_proc;
- return 0;
- }
-
-@@ -324,7 +324,7 @@ krb5_get_init_creds_opt_set_pac_request(
- ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
- if (ret)
- return ret;
-- opt->private->req_pac = req_pac ?
-+ opt->opt_private->req_pac = req_pac ?
- KRB5_PA_PAC_REQ_TRUE :
- KRB5_PA_PAC_REQ_FALSE;
- return 0;
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-ai
--- a/security/heimdal/patches/patch-ai Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,41 +0,0 @@
-$NetBSD: patch-ai,v 1.1 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/init_creds_pw.c.orig 2005-09-09 08:12:13.000000000 -0400
-+++ lib/krb5/init_creds_pw.c
-@@ -274,11 +274,11 @@ get_init_creds_common(krb5_context conte
- options = &default_opt;
- }
-
-- if (options->private) {
-- ctx->password = options->private->password;
-- ctx->key_proc = options->private->key_proc;
-- ctx->req_pac = options->private->req_pac;
-- ctx->pk_init_ctx = options->private->pk_init_ctx;
-+ if (options->opt_private) {
-+ ctx->password = options->opt_private->password;
-+ ctx->key_proc = options->opt_private->key_proc;
-+ ctx->req_pac = options->opt_private->req_pac;
-+ ctx->pk_init_ctx = options->opt_private->pk_init_ctx;
- } else
- ctx->req_pac = KRB5_PA_PAC_DONT_CARE;
-
-@@ -1458,8 +1458,8 @@ krb5_get_init_creds_password(krb5_contex
- return ret;
-
- if (password == NULL &&
-- options->private->password == NULL &&
-- options->private->pk_init_ctx == NULL)
-+ options->opt_private->password == NULL &&
-+ options->opt_private->pk_init_ctx == NULL)
- {
- krb5_prompt prompt;
- krb5_data password_data;
-@@ -1487,7 +1487,7 @@ krb5_get_init_creds_password(krb5_contex
- password = password_data.data;
- }
-
-- if (options->private->password == NULL) {
-+ if (options->opt_private->password == NULL) {
- ret = krb5_get_init_creds_opt_set_pa_password(context, options,
- password, NULL);
- if (ret) {
diff -r 63400acb2936 -r 2f19e20a8672 security/heimdal/patches/patch-aj
--- a/security/heimdal/patches/patch-aj Tue Feb 07 11:44:34 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-$NetBSD: patch-aj,v 1.1 2005/10/26 16:44:24 jlam Exp $
-
---- lib/krb5/pkinit.c.orig 2005-09-09 08:12:14.000000000 -0400
-+++ lib/krb5/pkinit.c
-@@ -2469,9 +2469,9 @@ _krb5_get_init_creds_opt_free_pkinit(krb
- #ifdef PKINIT
- krb5_pk_init_ctx ctx;
-
-- if (opt->private == NULL || opt->private->pk_init_ctx == NULL)
-+ if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL)
- return;
-- ctx = opt->private->pk_init_ctx;
-+ ctx = opt->opt_private->pk_init_ctx;
- if (ctx->dh)
- DH_free(ctx->dh);
- ctx->dh = NULL;
-@@ -2490,7 +2490,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb
- free(ctx->id);
- ctx->id = NULL;
- }
-- opt->private->pk_init_ctx = NULL;
-+ opt->opt_private->pk_init_ctx = NULL;
- #endif
- }
-
-@@ -2508,28 +2508,28 @@ krb5_get_init_creds_opt_set_pkinit(krb5_
- #ifdef PKINIT
- krb5_error_code ret;
Home |
Main Index |
Thread Index |
Old Index