pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q1]: pkgsrc/security/mit-krb5 Pullup ticket #2747 - reques...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bacab9ccdbd6
branches: pkgsrc-2009Q1
changeset: 556786:bacab9ccdbd6
user: tron <tron%pkgsrc.org@localhost>
date: Thu Apr 23 20:38:05 2009 +0000
description:
Pullup ticket #2747 - requested by tez
mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.45
- security/mit-krb5/distinfo 1.22
- security/mit-krb5/patches/patch-bn 1.1
- security/mit-krb5/patches/patch-bo 1.1
- security/mit-krb5/patches/patch-bp 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Apr 21 18:58:18 UTC 2009
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bn patch-bo patch-bp
Log Message:
Add patches for CVE-2009-0846 & CVE-2009-0847
approved by agc
diffstat:
security/mit-krb5/Makefile | 4 ++--
security/mit-krb5/distinfo | 5 ++++-
security/mit-krb5/patches/patch-bn | 32 ++++++++++++++++++++++++++++++++
security/mit-krb5/patches/patch-bo | 10 ++++++++++
security/mit-krb5/patches/patch-bp | 25 +++++++++++++++++++++++++
5 files changed, 73 insertions(+), 3 deletions(-)
diffs (109 lines):
diff -r e13158d6bdaf -r bacab9ccdbd6 security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile Wed Apr 22 22:09:11 2009 +0000
+++ b/security/mit-krb5/Makefile Thu Apr 23 20:38:05 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.44 2008/12/11 09:42:25 wiz Exp $
+# $NetBSD: Makefile,v 1.44.4.1 2009/04/23 20:38:05 tron Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 7
+PKGREVISION= 8
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
diff -r e13158d6bdaf -r bacab9ccdbd6 security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo Wed Apr 22 22:09:11 2009 +0000
+++ b/security/mit-krb5/distinfo Thu Apr 23 20:38:05 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2008/12/11 09:42:25 wiz Exp $
+$NetBSD: distinfo,v 1.21.4.1 2009/04/23 20:38:05 tron Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -42,3 +42,6 @@
SHA1 (patch-bk) = 9bf37086a4e7661e8aacc2736d21f61db154263e
SHA1 (patch-bl) = d1239c8c8279680a97f7c555907ac1b4ccfca6b4
SHA1 (patch-bm) = d8e46f448fa4a51e3b8a42279cf1ab54b0598dd3
+SHA1 (patch-bn) = 82c6f98474f31e1e231d3e89d6a24e20ec7fd123
+SHA1 (patch-bo) = dcfeab32537f8b89e3ed6a52a69601e3e7822e35
+SHA1 (patch-bp) = 5308176a1229b5ac0d0f24eb2f657fdf48935f80
diff -r e13158d6bdaf -r bacab9ccdbd6 security/mit-krb5/patches/patch-bn
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bn Thu Apr 23 20:38:05 2009 +0000
@@ -0,0 +1,32 @@
+--- lib/krb5/asn.1/asn1buf.c.orig 2009-04-17 16:07:27.348357800 -0500
++++ lib/krb5/asn.1/asn1buf.c 2009-04-17 16:23:10.726869700 -0500
+@@ -78,11 +78,11 @@
+
+ asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef)
+ {
++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
+ subbuf->base = subbuf->next = buf->next;
+ if (!indef) {
++ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN;
+ subbuf->bound = subbuf->base + length - 1;
+- if (subbuf->bound > buf->bound)
+- return ASN1_OVERRUN;
+ } else /* constructed indefinite */
+ subbuf->bound = buf->bound;
+ return 0;
+@@ -200,6 +200,7 @@
+ {
+ int i;
+
++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
+ if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
+ if (len == 0) {
+ *s = 0;
+@@ -218,6 +219,7 @@
+ {
+ int i;
+
++ if (buf->next > buf->bound + 1) return ASN1_OVERRUN;
+ if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
+ if (len == 0) {
+ *s = 0;
diff -r e13158d6bdaf -r bacab9ccdbd6 security/mit-krb5/patches/patch-bo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bo Thu Apr 23 20:38:05 2009 +0000
@@ -0,0 +1,10 @@
+--- lib/krb5/asn.1/asn1_decode.c.orig 2009-04-17 16:24:41.318878800 -0500
++++ lib/krb5/asn.1/asn1_decode.c 2009-04-17 16:25:52.914274500 -0500
+@@ -231,6 +231,7 @@
+
+ if(length != 15) return ASN1_BAD_LENGTH;
+ retval = asn1buf_remove_charstring(buf,15,&s);
++ if (retval) return retval;
+ /* Time encoding: YYYYMMDDhhmmssZ */
+ if(s[14] != 'Z') {
+ free(s);
diff -r e13158d6bdaf -r bacab9ccdbd6 security/mit-krb5/patches/patch-bp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mit-krb5/patches/patch-bp Thu Apr 23 20:38:05 2009 +0000
@@ -0,0 +1,25 @@
+--- tests/asn.1/krb5_decode_test.c.orig 2009-04-17 16:25:31.678326000 -0500
++++ tests/asn.1/krb5_decode_test.c 2009-04-17 16:26:03.499429900 -0500
+@@ -485,6 +485,22 @@
+ ktest_destroy_keyblock(&(ref.subkey));
+ ref.seq_number = 0;
+ decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2
40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
++
++ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
++ if (retval) {
++ com_err("krb5_decode_test", retval, "while parsing");
++ exit(1);
++ }
++ retval = decode_krb5_ap_rep_enc_part(&code, &var);
++ if (retval != ASN1_OVERRUN) {
++ printf("ERROR: ");
++ } else {
++ printf("OK: ");
++ }
++ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
++ krb5_free_data_contents(test_context, &code);
++ krb5_free_ap_rep_enc_part(test_context, var);
++
+ ktest_empty_ap_rep_enc_part(&ref);
+ }
+
Home |
Main Index |
Thread Index |
Old Index