pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/mit-krb5 Add patches for CVE-2009-0846 & CVE-...
details: https://anonhg.NetBSD.org/pkgsrc/rev/fccd07f5fbde
branches: trunk
changeset: 557760:fccd07f5fbde
user: tez <tez%pkgsrc.org@localhost>
date: Tue Apr 21 18:58:17 2009 +0000
description:
Add patches for CVE-2009-0846 & CVE-2009-0847
approved by agc
diffstat:
security/mit-krb5/Makefile | 4 ++--
security/mit-krb5/distinfo | 5 ++++-
security/mit-krb5/patches/patch-bn | 32 ++++++++++++++++++++++++++++++++
security/mit-krb5/patches/patch-bo | 10 ++++++++++
security/mit-krb5/patches/patch-bp | 25 +++++++++++++++++++++++++
5 files changed, 73 insertions(+), 3 deletions(-)
diffs (109 lines):
diff -r b82ff77580e6 -r fccd07f5fbde security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile Tue Apr 21 18:57:12 2009 +0000
+++ b/security/mit-krb5/Makefile Tue Apr 21 18:58:17 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.44 2008/12/11 09:42:25 wiz Exp $
+# $NetBSD: Makefile,v 1.45 2009/04/21 18:58:17 tez Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 7
+PKGREVISION= 8
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r b82ff77580e6 -r fccd07f5fbde security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo Tue Apr 21 18:57:12 2009 +0000
+++ b/security/mit-krb5/distinfo Tue Apr 21 18:58:17 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2008/12/11 09:42:25 wiz Exp $
+$NetBSD: distinfo,v 1.22 2009/04/21 18:58:17 tez Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -42,3 +42,6 @@
SHA1 (patch-bk) = 9bf37086a4e7661e8aacc2736d21f61db154263e
SHA1 (patch-bl) = d1239c8c8279680a97f7c555907ac1b4ccfca6b4
SHA1 (patch-bm) = d8e46f448fa4a51e3b8a42279cf1ab54b0598dd3
+SHA1 (patch-bn) = 82c6f98474f31e1e231d3e89d6a24e20ec7fd123
+SHA1 (patch-bo) = dcfeab32537f8b89e3ed6a52a69601e3e7822e35
+SHA1 (patch-bp) = 5308176a1229b5ac0d0f24eb2f657fdf48935f80
diff -r b82ff77580e6 -r fccd07f5fbde security/mit-krb5/patches/patch-bn
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bn Tue Apr 21 18:58:17 2009 +0000
@@ -0,0 +1,32 @@
+--- lib/krb5/asn.1/asn1buf.c.orig 2009-04-17 16:07:27.348357800 -0500
++++ lib/krb5/asn.1/asn1buf.c 2009-04-17 16:23:10.726869700 -0500
+@@ -78,11 +78,11 @@
+
+ asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef)
+ {
++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
+ subbuf->base = subbuf->next = buf->next;
+ if (!indef) {
++ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;
+ subbuf->bound = subbuf->base + length - 1;
+- if (subbuf->bound > buf->bound)
+- return ASN1_OVERRUN;
+ } else /* constructed indefinite */
+ subbuf->bound = buf->bound;
+ return 0;
+@@ -200,6 +200,7 @@
+ {
+ int i;
+
++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
+ if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
+ if (len == 0) {
+ *s = 0;
+@@ -218,6 +219,7 @@
+ {
+ int i;
+
++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
+ if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
+ if (len == 0) {
+ *s = 0;
diff -r b82ff77580e6 -r fccd07f5fbde security/mit-krb5/patches/patch-bo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bo Tue Apr 21 18:58:17 2009 +0000
@@ -0,0 +1,10 @@
+--- lib/krb5/asn.1/asn1_decode.c.orig 2009-04-17 16:24:41.318878800 -0500
++++ lib/krb5/asn.1/asn1_decode.c 2009-04-17 16:25:52.914274500 -0500
+@@ -231,6 +231,7 @@
+
+ if(length != 15) return ASN1_BAD_LENGTH;
+ retval = asn1buf_remove_charstring(buf,15,&s);
++ if (retval) return retval;
+ /* Time encoding: YYYYMMDDhhmmssZ */
+ if(s[14] != 'Z') {
+ free(s);
diff -r b82ff77580e6 -r fccd07f5fbde security/mit-krb5/patches/patch-bp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bp Tue Apr 21 18:58:17 2009 +0000
@@ -0,0 +1,25 @@
+--- tests/asn.1/krb5_decode_test.c.orig 2009-04-17 16:25:31.678326000 -0500
++++ tests/asn.1/krb5_decode_test.c 2009-04-17 16:26:03.499429900 -0500
+@@ -485,6 +485,22 @@
+ ktest_destroy_keyblock(&(ref.subkey));
+ ref.seq_number = 0;
+ decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2
40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
++
++ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
++ if (retval) {
++ com_err("krb5_decode_test", retval, "while parsing");
++ exit(1);
++ }
++ retval = decode_krb5_ap_rep_enc_part(&code, &var);
++ if (retval != ASN1_OVERRUN) {
++ printf("ERROR: ");
++ } else {
++ printf("OK: ");
++ }
++ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
++ krb5_free_data_contents(test_context, &code);
++ krb5_free_ap_rep_enc_part(test_context, var);
++
+ ktest_empty_ap_rep_enc_part(&ref);
+ }
+
Home |
Main Index |
Thread Index |
Old Index