diff options
| author |   Jon Hood <squinky86@gentoo.org> | 2004-06-15 21:38:28 +0000 |
|---|---|---|
| committer | Jon Hood <squinky86@gentoo.org> | 2004-06-15 21:38:28 +0000 |
| commit | c919faa9a990a16c6d97ef41e4654b136426a8df (patch) | |
| tree | 4ee303351e3f55b6ae2dfd9ce806dee19d43241a /app-crypt/mit-krb5 | |
| parent | Version bump for a security vulnerability; please see bug #53915 for more det... (diff) | |
| download | gentoo-2-c919faa9a990a16c6d97ef41e4654b136426a8df.tar.gz gentoo-2-c919faa9a990a16c6d97ef41e4654b136426a8df.tar.bz2 gentoo-2-c919faa9a990a16c6d97ef41e4654b136426a8df.zip | |
add patch for krb5_aname_to_localname buffer overflow irt #52744
Diffstat (limited to 'app-crypt/mit-krb5')
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 8 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/Manifest | 21 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/digest-mit-krb5-1.3.3-r1 | 1 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.3.3-aname.patch | 252 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.3.3-r1.ebuild | 165 |
5 files changed, 437 insertions, 10 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 6d4e0cef33f5..b62a91251aa1 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.23 2004/06/13 04:09:03 tgall Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.24 2004/06/15 21:38:28 squinky86 Exp $ + +*mit-krb5-1.3.3-r1 (15 Jun 2004) + + 15 Jun 2004; Jon Hood <squinky86@gentoo.org> + +files/mit-krb5-1.3.3-aname.patch, +mit-krb5-1.3.3-r1.ebuild: + fix krb5_aname_to_localname buffer overflow irt #52744 12 Jun 2004; Tom Gall <tgall@gentoo.org> mit-krb5-1.3.3.ebuild: ppc64 stable, bug #53766 diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 91e793ebfcc7..74d0d2106052 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -1,16 +1,19 @@ -MD5 2ba5b2fa23b19c07f27dba721c181534 ChangeLog 5083 -MD5 e5573e25f19694fc8ccaaced2dd576f4 metadata.xml 353 MD5 8c8e34ea34c6ec9691c020a1d345b780 mit-krb5-1.3.1-r1.ebuild 4211 MD5 a761e69373abd72644ffe6acb1fb0a4d mit-krb5-1.3.1.ebuild 4185 MD5 ef08d9f8323acf6ee63b61e661797a61 mit-krb5-1.3.3.ebuild 4228 -MD5 2c4ba0f8f9513fb2f285a9224f063ad8 files/digest-mit-krb5-1.3.1 63 -MD5 2c4ba0f8f9513fb2f285a9224f063ad8 files/digest-mit-krb5-1.3.1-r1 63 -MD5 596ab1238ca3a14926eb5fd3947ab4ce files/digest-mit-krb5-1.3.3 60 -MD5 186bd4cbeff944079f44105d4c962c80 files/kdc.conf 438 -MD5 fbb2a86038ab98ca0c7493ad9d55ace9 files/krb5.conf 541 +MD5 08d022d3cd84cc14fb9c7e8af7594359 mit-krb5-1.3.3-r1.ebuild 4268 +MD5 2ba5b2fa23b19c07f27dba721c181534 ChangeLog 5083 +MD5 e5573e25f19694fc8ccaaced2dd576f4 metadata.xml 353 MD5 c451148d1b3e182a19a8f9084d0b55b8 files/krb5.confd 233 MD5 d7dcbbab51ce1849c77c083b8d363c15 files/krb5.initd 1486 -MD5 1a722b032004738cd34e3ed16b8c75ca files/mit-krb5-1.3.1-res_search.patch 8486 +MD5 fbb2a86038ab98ca0c7493ad9d55ace9 files/krb5.conf 541 MD5 1a722b032004738cd34e3ed16b8c75ca files/mit-krb5-1.3.3-res_search.patch 8486 -MD5 61a61d22565605924a06789f9da352bf files/mit-krb5kadmind.initd 687 +MD5 186bd4cbeff944079f44105d4c962c80 files/kdc.conf 438 +MD5 1a722b032004738cd34e3ed16b8c75ca files/mit-krb5-1.3.1-res_search.patch 8486 +MD5 2c4ba0f8f9513fb2f285a9224f063ad8 files/digest-mit-krb5-1.3.1-r1 63 +MD5 596ab1238ca3a14926eb5fd3947ab4ce files/digest-mit-krb5-1.3.3-r1 60 MD5 c214030264300e2d84375d23d7c1f892 files/mit-krb5kdc.initd 656 +MD5 2c4ba0f8f9513fb2f285a9224f063ad8 files/digest-mit-krb5-1.3.1 63 +MD5 596ab1238ca3a14926eb5fd3947ab4ce files/digest-mit-krb5-1.3.3 60 +MD5 a76969580caa87329b1758711499ca61 files/mit-krb5-1.3.3-aname.patch 6329 +MD5 61a61d22565605924a06789f9da352bf files/mit-krb5kadmind.initd 687 diff --git a/app-crypt/mit-krb5/files/digest-mit-krb5-1.3.3-r1 b/app-crypt/mit-krb5/files/digest-mit-krb5-1.3.3-r1 new file mode 100644 index 000000000000..f75db9c04964 --- /dev/null +++ b/app-crypt/mit-krb5/files/digest-mit-krb5-1.3.3-r1 @@ -0,0 +1 @@ +MD5 9c872750fce0f4ff64e0325e278ce882 krb5-1.3.3.tar 6359040 diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.3.3-aname.patch b/app-crypt/mit-krb5/files/mit-krb5-1.3.3-aname.patch new file mode 100644 index 000000000000..8c79f76aff2a --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5-1.3.3-aname.patch @@ -0,0 +1,252 @@ +diff -c -r5.39 an_to_ln.c +*** an_to_ln.c 3 Sep 2002 19:29:34 -0000 5.39 +- --- an_to_ln.c 2 Jun 2004 22:04:21 -0000 +*************** +*** 270,278 **** + * If no regcomp() then just return the input string verbatim in the output + * string. + */ +! static void + do_replacement(char *regexp, char *repl, int doall, char *in, char *out) + { + #if HAVE_REGCOMP + regex_t match_exp; + regmatch_t match_match; +- --- 270,283 ---- + * If no regcomp() then just return the input string verbatim in the output + * string. + */ +! #define use_bytes(x) \ +! out_used += (x); \ +! if (out_used > MAX_FORMAT_BUFFER) goto mem_err +! +! static int + do_replacement(char *regexp, char *repl, int doall, char *in, char *out) + { ++ size_t out_used = 0; + #if HAVE_REGCOMP + regex_t match_exp; + regmatch_t match_match; +*************** +*** 287,303 **** + do { + if (!regexec(&match_exp, cp, 1, &match_match, 0)) { + if (match_match.rm_so) { + strncpy(op, cp, match_match.rm_so); + op += match_match.rm_so; + } + strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); + op += strlen(op); + cp += match_match.rm_eo; +! if (!doall) + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 1; + } + else { + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 0; + } +- --- 292,313 ---- + do { + if (!regexec(&match_exp, cp, 1, &match_match, 0)) { + if (match_match.rm_so) { ++ use_bytes(match_match.rm_so); + strncpy(op, cp, match_match.rm_so); + op += match_match.rm_so; + } ++ use_bytes(strlen(repl)); + strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); + op += strlen(op); + cp += match_match.rm_eo; +! if (!doall) { +! use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); ++ } + matched = 1; + } + else { ++ use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 0; + } +*************** +*** 322,338 **** + sdispl = (size_t) (loc1 - cp); + edispl = (size_t) (loc2 - cp); + if (sdispl) { + strncpy(op, cp, sdispl); + op += sdispl; + } + strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); + op += strlen(repl); + cp += edispl; +! if (!doall) + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 1; + } + else { + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 0; + } +- --- 332,353 ---- + sdispl = (size_t) (loc1 - cp); + edispl = (size_t) (loc2 - cp); + if (sdispl) { ++ use_bytes(sdispl); + strncpy(op, cp, sdispl); + op += sdispl; + } ++ use_bytes(strlen(repl)); + strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); + op += strlen(repl); + cp += edispl; +! if (!doall) { +! use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); ++ } + matched = 1; + } + else { ++ use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 0; + } +*************** +*** 340,346 **** +- --- 355,369 ---- + #else /* HAVE_REGEXP_H */ + memcpy(out, in, MAX_FORMAT_BUFFER); + #endif /* HAVE_REGCOMP */ ++ return 1; ++ mem_err: ++ #ifdef HAVE_REGCMP ++ regfree(&match_exp); ++ #endif ++ return 0; ++ + } ++ #undef use_bytes + + /* + * aname_replacer() - Perform the specified substitutions on the input +*************** +*** 412,418 **** + + /* Do the replacemenbt */ + memset(out, '\0', MAX_FORMAT_BUFFER); +! do_replacement(rule, repl, doglobal, in, out); + free(rule); + free(repl); + +- --- 435,446 ---- + + /* Do the replacemenbt */ + memset(out, '\0', MAX_FORMAT_BUFFER); +! if (!do_replacement(rule, repl, doglobal, in, out)) { +! free(rule); +! free(repl); +! kret = KRB5_LNAME_NOTRANS; +! break; +! } + free(rule); + free(repl); + +*************** +*** 459,464 **** +- --- 487,493 ---- + char *fprincname; + char *selstring = 0; + int num_comps, compind; ++ size_t selstring_used; + char *cout; + krb5_data *datap; + char *outstring; +*************** +*** 479,484 **** +- --- 508,514 ---- + */ + current = strchr(current, ':'); + selstring = (char *) malloc(MAX_FORMAT_BUFFER); ++ selstring_used = 0; + if (current && selstring) { + current++; + cout = selstring; +*************** +*** 497,502 **** +- --- 527,540 ---- + aname, + compind-1)) + ) { ++ if ((datap->length < MAX_FORMAT_BUFFER) ++ && (selstring_used+datap->length ++ < MAX_FORMAT_BUFFER)) { ++ selstring_used += datap->length; ++ } else { ++ kret = ENOMEM; ++ goto errout; ++ } + strncpy(cout, + datap->data, + (unsigned) datap->length); +*************** +*** 527,533 **** + else + kret = KRB5_CONFIG_BADFORMAT; + +! if (kret) + free(selstring); + } + } +- --- 565,571 ---- + else + kret = KRB5_CONFIG_BADFORMAT; + +! errout: if (kret) + free(selstring); + } + } +*************** +*** 643,649 **** + const char *hierarchy[5]; + char **mapping_values; + int i, nvalid; +! char *cp; + char *typep, *argp; + unsigned int lnsize; + +- --- 681,687 ---- + const char *hierarchy[5]; + char **mapping_values; + int i, nvalid; +! char *cp, *s; + char *typep, *argp; + unsigned int lnsize; + +*************** +*** 677,687 **** + + /* Just use the last one. */ + /* Trim the value. */ +! cp = &mapping_values[nvalid-1] +! [strlen(mapping_values[nvalid-1])]; +! while (isspace((int) (*cp))) cp--; +! cp++; +! *cp = '\0'; + + /* Copy out the value if there's enough room */ + if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) +- --- 715,728 ---- + + /* Just use the last one. */ + /* Trim the value. */ +! s = mapping_values[nvalid-1]; +! cp = s + strlen(s); +! while (cp > s) { +! cp--; +! if (!isspace((int)(*cp))) +! break; +! *cp = '\0'; +! } + + /* Copy out the value if there's enough room */ + if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) diff --git a/app-crypt/mit-krb5/mit-krb5-1.3.3-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.3.3-r1.ebuild new file mode 100644 index 000000000000..630f6d63668d --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.3.3-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.3.3-r1.ebuild,v 1.1 2004/06/15 21:38:28 squinky86 Exp $ + +inherit eutils + +MY_P=${PN/mit-}-${PV} +S=${WORKDIR}/${MY_P}/src +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/1.3/${MY_P}.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64" +IUSE="krb4 static" +RESTRICT="nomirror" + +DEPEND="virtual/glibc + sys-devel/autoconf + !virtual/krb5" +RDEPEND="virtual/glibc + !virtual/krb5" +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + tar -zxf ${MY_P}.tar.gz + cd ${S} + epatch ${FILESDIR}/${P}-res_search.patch + cd ${S}/lib/krb5/os + epatch ${FILESDIR}/${P}-aname.patch + cd ${S} +} + +src_compile() { + ebegin "Updating configure" + autoconf + cd ${S}/util/et + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/util/ss + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/util/profile + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/util/pty + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/util/db2 + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/include + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/lib/crypto + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/lib/krb5 + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/lib/des425 + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/lib/kdb + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/lib/gssapi + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/lib/rpc + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/lib/rpc/unit-test + WANT_AUTOCONF=2.5 autoconf -I ../../../ + cd ${S}/lib/kadm5 + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/kdc + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/kadmin + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/slave + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/clients + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/appl + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/appl/bsd + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/appl/gssftp + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/appl/telnet + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/appl/telnet/libtelnet + WANT_AUTOCONF=2.5 autoconf -I ../../../ + cd ${S}/appl/telnet/telnet + WANT_AUTOCONF=2.5 autoconf -I ../../../ + cd ${S}/appl/telnet/telnetd + WANT_AUTOCONF=2.5 autoconf -I ../../../ + cd ${S}/tests + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S}/lib/krb4 + WANT_AUTOCONF=2.5 autoconf -I ../../ + cd ${S}/krb524 + WANT_AUTOCONF=2.5 autoconf -I ../ + cd ${S} + eend $? + + local myconf + + use krb4 && myconf="${myconf} --with-krb4 --enable-krb4" \ + || myconf="${myconf} --without-krb4 --disable-krb4" + + use static && myconf="${myconf} --disable-shared --enable-static" \ + || myconf="${myconf} --enable-shared --disable-static" + + CFLAGS=`echo ${CFLAGS} | xargs` + CXXFLAGS=`echo ${CXXFLAGS} | xargs` + LDFLAGS=`echo ${LDFLAGS} | xargs` + + CFLAGS="${CFLAGS}" \ + CXXFLAGS="${CXXFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + econf \ + --mandir=/usr/share/man \ + --localstatedir=/etc \ + --host=${CHOST} \ + --prefix=/usr \ + --enable-dns \ + ${myconf} || die + + if [ "${ARCH}" = "hppa" ] + then + einfo "Fixating Makefiles ..." + for i in `find ${S} -name Makefile`; \ + do cp $i $i.old; sed -e 's/LDCOMBINE=ld -shared -h lib/LDCOMBINE=gcc -shared -h lib/' $i.old > $i; done + fi + + make || die +} + +src_install() { + make DESTDIR=${D} install || die + + cd .. + dodoc README + dohtml doc/*.html + + # Begin client rename and install + for i in {telnetd,ftpd} + do + mv ${D}/usr/share/man/man8/${i}.8 ${D}/usr/share/man/man8/k${i}.8 + mv ${D}/usr/sbin/${i} ${D}/usr/sbin/k${i} + done + for i in {rcp,rsh,telnet,ftp,rlogin} + do + mv ${D}/usr/share/man/man1/${i}.1 ${D}/usr/share/man/man1/k${i}.1 + mv ${D}/usr/bin/${i} ${D}/usr/bin/k${i} + done + + insinto /etc + newins ${FILESDIR}/krb5.conf krb5.conf + insinto /etc/krb5kdc + newins ${FILESDIR}/kdc.conf kdc.conf + exeinto /etc/init.d + newexe ${FILESDIR}/mit-krb5kadmind.initd mit-krb5kadmind + newexe ${FILESDIR}/mit-krb5kdc.initd mit-krb5kdc +} + +pkg_postinst() { + einfo "See /usr/share/doc/${PF}/html/admin.html for documentation." + echo "" + einfo "The client apps are installed with the k prefix" + einfo "(ie. kftp, kftpd, ktelnet, ktelnetd, etc...)" + echo "" +} |