[pkgsrc/pkgsrc-2006Q4]: pkgsrc/security/mit-krb5 Pullup ticket 2021 - request...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/security/mit-krb5 Pullup ticket 2021 - request...
From: ghen <ghen%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:22:14 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/6e057e56bafc
branches:  pkgsrc-2006Q4
changeset: 523014:6e057e56bafc
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Sun Feb 18 12:01:11 2007 +0000

description:
Pullup ticket 2021 - requested by salo
security fix for mit-krb5

- pkgsrc/security/mit-krb5/Makefile                     1.39-1.40
- pkgsrc/security/mit-krb5/distinfo                     1.16
- pkgsrc/security/mit-krb5/patches/patch-at             1.1

   Module Name: pkgsrc
   Committed By:        salo
   Date:                Wed Jan 17 23:43:47 UTC 2007

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
           pkgsrc/security/mit-krb5/patches: patch-at

   Log Message:
   Security fix for CVE-2006-6143:

   "An unauthenticated user may cause execution of arbitrary code in
    kadmind, which can compromise the Kerberos key database and host
    security.  (kadmind usually runs as root.)  Unsuccessful exploitation,
    or even accidental replication of the required conditions by
    non-malicious users, can result in kadmind crashing."

   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143

   Patch from MIT.
---
   Module Name: pkgsrc
   Committed By:        salo
   Date:                Thu Jan 18 17:28:24 UTC 2007

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile

   Log Message:
   Fix building with Autoconf 2.60 and newer.
   Addresses PR pkg/34252 by Matthias Petermann.

   Also delint a bit.

diffstat:

 security/mit-krb5/Makefile         |  69 ++++++++++++++++++++++++++++++++++---
 security/mit-krb5/distinfo         |   3 +-
 security/mit-krb5/patches/patch-at |  25 +++++++++++++
 3 files changed, 90 insertions(+), 7 deletions(-)

diffs (151 lines):

diff -r 7237997b4100 -r 6e057e56bafc security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile        Sat Feb 17 21:45:17 2007 +0000
+++ b/security/mit-krb5/Makefile        Sun Feb 18 12:01:11 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.38 2006/08/09 17:31:10 salo Exp $
+# $NetBSD: Makefile,v 1.38.4.1 2007/02/18 12:01:11 ghen Exp $
 
 DISTNAME=      krb5-1.4.2
 PKGNAME=       mit-${DISTNAME:S/-signed$//}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    security
 MASTER_SITES=  http://web.mit.edu/kerberos/dist/krb5/1.4/
 DISTFILES=     ${DISTNAME}-signed${EXTRACT_SUFX}
@@ -29,6 +29,8 @@
 MIT_KRB5_STATEDIR?=    ${VARBASE}
 FILES_SUBST+=          MIT_KRB5_STATEDIR=${MIT_KRB5_STATEDIR:Q}
 
+BUILD_DEFS+=           VARBASE
+
 CONFIGURE_ARGS+=       --localstatedir=${MIT_KRB5_STATEDIR:Q}
 CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
 CONFIGURE_ARGS+=       --enable-shared
@@ -70,6 +72,61 @@
 SUBST_FILES.mit-krb5=  appl/bsd/Makefile.in include/krb5/stock/osconf.h
 SUBST_SED.mit-krb5=    -e "/KRB5_PATH_RLOGIN/s,/rlogin,/${KRB5_PREFIX}rlogin,g"
 
+# Fix autoconf incompatibility in new versions where substitutions won't be
+# processed properly.  For more details see:
+#  http://mailman.mit.edu/pipermail/krb5-bugs/2006-June/004587.html
+SUBST_CLASSES+=                frag
+SUBST_STAGE.frag=      post-patch
+SUBST_FILES.frag=      appl/telnet/libtelnet/Makefile.in       \
+                       lib/apputils/Makefile.in                \
+                       lib/crypto/Makefile.in                  \
+                       lib/crypto/aes/Makefile.in              \
+                       lib/crypto/arcfour/Makefile.in          \
+                       lib/crypto/crc32/Makefile.in            \
+                       lib/crypto/des/Makefile.in              \
+                       lib/crypto/dk/Makefile.in               \
+                       lib/crypto/enc_provider/Makefile.in     \
+                       lib/crypto/hash_provider/Makefile.in    \
+                       lib/crypto/keyhash_provider/Makefile.in \
+                       lib/crypto/md4/Makefile.in              \
+                       lib/crypto/md5/Makefile.in              \
+                       lib/crypto/old/Makefile.in              \
+                       lib/crypto/raw/Makefile.in              \
+                       lib/crypto/sha1/Makefile.in             \
+                       lib/crypto/yarrow/Makefile.in           \
+                       lib/des425/Makefile.in                  \
+                       lib/gssapi/Makefile.in                  \
+                       lib/gssapi/generic/Makefile.in          \
+                       lib/gssapi/krb5/Makefile.in             \
+                       lib/kadm5/Makefile.in                   \
+                       lib/kadm5/clnt/Makefile.in              \
+                       lib/kadm5/srv/Makefile.in               \
+                       lib/kdb/Makefile.in                     \
+                       lib/krb4/Makefile.in                    \
+                       lib/krb5/Makefile.in                    \
+                       lib/krb5/asn.1/Makefile.in              \
+                       lib/krb5/ccache/Makefile.in             \
+                       lib/krb5/error_tables/Makefile.in       \
+                       lib/krb5/keytab/Makefile.in             \
+                       lib/krb5/krb/Makefile.in                \
+                       lib/krb5/os/Makefile.in                 \
+                       lib/krb5/posix/Makefile.in              \
+                       lib/krb5/rcache/Makefile.in             \
+                       lib/rpc/Makefile.in                     \
+                       util/db2/Makefile.in                    \
+                       util/db2/btree/Makefile.in              \
+                       util/db2/clib/Makefile.in               \
+                       util/db2/db/Makefile.in                 \
+                       util/db2/hash/Makefile.in               \
+                       util/db2/mpool/Makefile.in              \
+                       util/db2/recno/Makefile.in              \
+                       util/et/Makefile.in                     \
+                       util/profile/Makefile.in                \
+                       util/pty/Makefile.in                    \
+                       util/ss/Makefile.in                     \
+                       util/support/Makefile.in
+SUBST_SED.frag=                -e "s/^\#.\\(@lib.*_frag@\\)/\\1/g"
+
 INFO_FILES=            # PLIST
 
 OWN_DIRS_PERMS=                ${MIT_KRB5_STATEDIR}/krb5kdc                    \
@@ -77,18 +134,18 @@
 RCD_SCRIPTS=           kadmind kdc
 
 INSTALLATION_DIRS=     bin include/gssapi include/gssrpc ${PKGINFODIR} \
-                       lib man/man1 man/man5 man/man8 sbin             \
-                       share/examples/krb5
+                       lib ${PKGMANDIR}/man1 ${PKGMANDIR}/man5         \
+                       ${PKGMANDIR}/man8 sbin share/examples/krb5
 
 # The MIT krb5 distribution is actually a tar file that contains the
 # real .tar.gz distfile and a PGP signature.
 #
 post-extract:
-       @extract_file="${WRKDIR}/${DISTNAME}.tar.gz";                   \
+       extract_file="${WRKDIR}/${DISTNAME}.tar.gz";                    \
        cd ${WRKDIR} && ${EXTRACT_CMD}
 
 pre-configure:
-       @cd ${WRKSRC}; ${FIND} . -name configure -print |               \
+       cd ${WRKSRC}; ${FIND} . -name configure -print |                \
        ${XARGS} -n 1 ${DIRNAME} |                                      \
        while read dir; do                                              \
                 ${ECHO} "=> Generating configure in $$dir";            \
diff -r 7237997b4100 -r 6e057e56bafc security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo        Sat Feb 17 21:45:17 2007 +0000
+++ b/security/mit-krb5/distinfo        Sun Feb 18 12:01:11 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2006/08/09 17:31:10 salo Exp $
+$NetBSD: distinfo,v 1.15.4.1 2007/02/18 12:01:11 ghen Exp $
 
 SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
 RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -21,3 +21,4 @@
 SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
 SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
 SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
+SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
diff -r 7237997b4100 -r 6e057e56bafc security/mit-krb5/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-at        Sun Feb 18 12:01:11 2007 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-at,v 1.1.2.2 2007/02/18 12:01:11 ghen Exp $
+
+Security fix for CVE-2006-6143.
+
+--- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200
++++ lib/rpc/svc.c      2007-01-17 21:58:10.000000000 +0100
+@@ -436,6 +436,8 @@ svc_getreqset(FDSET_TYPE *readfds)
+ #endif
+ }
+ 
++extern struct svc_auth_ops svc_auth_gss_ops;
++
+ static void
+ svc_do_xprt(SVCXPRT *xprt)
+ {
+@@ -517,6 +519,9 @@ svc_do_xprt(SVCXPRT *xprt)
+               if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
+                       SVC_DESTROY(xprt);
+                       break;
++              } else if ((xprt->xp_auth != NULL) &&
++                         (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
++                      xprt->xp_auth = NULL;
+               }
+       } while (stat == XPRT_MOREREQS);
+
Prev by Date: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/www/py-django Pullup ticket 2003 - requested b...
Next by Date: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/net/samba Pullup ticket 2025 - requested by taca
Previous by Thread: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/www/py-django Pullup ticket 2003 - requested b...
Next by Thread: [pkgsrc/pkgsrc-2006Q4]: pkgsrc/net/samba Pullup ticket 2025 - requested by taca
Indexes:
Home | Main Index | Thread Index | Old Index