diff options
| author |   Daniel Ahlberg <aliz@gentoo.org> | 2003-03-30 18:37:21 +0000 |
|---|---|---|
| committer | Daniel Ahlberg <aliz@gentoo.org> | 2003-03-30 18:37:21 +0000 |
| commit | 4b60f5ae4e4c219df0432704cd18b0333a8a3256 (patch) | |
| tree | 2757b478f0c806ddbd1dbc004ac5324c1d9cf2a5 /app-crypt | |
| parent | sparc-sources-2.4.20-r7 and digest added (diff) | |
| download | gentoo-2-4b60f5ae4e4c219df0432704cd18b0333a8a3256.tar.gz gentoo-2-4b60f5ae4e4c219df0432704cd18b0333a8a3256.tar.bz2 gentoo-2-4b60f5ae4e4c219df0432704cd18b0333a8a3256.zip | |
Security update
Diffstat (limited to 'app-crypt')
| -rw-r--r-- | app-crypt/krb5/ChangeLog | 7 | ||||
| -rw-r--r-- | app-crypt/krb5/files/digest-krb5-1.2.7-r2 | 2 | ||||
| -rw-r--r-- | app-crypt/krb5/files/krb5-1.2.7-principal_name_handling.patch | 51 | ||||
| -rw-r--r-- | app-crypt/krb5/files/krb5-1.2.7-xdr.patch | 137 | ||||
| -rw-r--r-- | app-crypt/krb5/krb5-1.2.7-r2.ebuild | 69 |
5 files changed, 265 insertions, 1 deletions
diff --git a/app-crypt/krb5/ChangeLog b/app-crypt/krb5/ChangeLog index 79e847b9354f..f05c737fd6b6 100644 --- a/app-crypt/krb5/ChangeLog +++ b/app-crypt/krb5/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for app-crypt/krb5 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/krb5/ChangeLog,v 1.15 2003/03/28 12:29:34 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/krb5/ChangeLog,v 1.16 2003/03/30 18:37:21 aliz Exp $ + +*krb5-1.2.7-r2 (30 Mar 2003) + + 30 Mar 2003; Daniel Ahlberg <aliz@gentoo.org> krb5-1.2.7-r2.ebuild : + Security update. Various patches from MIT applied. 21 Mar 2003; Wout Mertens <wmertens@gentoo.org> krb5-1.2.7-r1.ebuild : Bumped revision, forcing rebuild so that people who already had it will diff --git a/app-crypt/krb5/files/digest-krb5-1.2.7-r2 b/app-crypt/krb5/files/digest-krb5-1.2.7-r2 new file mode 100644 index 000000000000..a408c7ae4794 --- /dev/null +++ b/app-crypt/krb5/files/digest-krb5-1.2.7-r2 @@ -0,0 +1,2 @@ +MD5 854b52face2a8f771caf88166fa269d3 krb5-1.2.7.tar.gz 5491926 +MD5 88d770f2de2c1bd842b511f47002a807 2003-004-krb4_patchkit.tar.gz 11493 diff --git a/app-crypt/krb5/files/krb5-1.2.7-principal_name_handling.patch b/app-crypt/krb5/files/krb5-1.2.7-principal_name_handling.patch new file mode 100644 index 000000000000..a220866d8237 --- /dev/null +++ b/app-crypt/krb5/files/krb5-1.2.7-principal_name_handling.patch @@ -0,0 +1,51 @@ +Index: include/krb5.hin +=================================================================== +RCS file: /cvs/krbdev/krb5/src/include/krb5.hin,v +retrieving revision 1.94.2.5.2.17 +diff -p -u -r1.94.2.5.2.17 krb5.hin +--- src/include/krb5.hin 2002/04/16 23:47:53 1.94.2.5.2.17 ++++ src/include/krb5.hin 2003/03/19 00:38:54 +@@ -326,7 +326,7 @@ typedef krb5_const krb5_principal_data F + #define krb5_princ_size(context, princ) (princ)->length + #define krb5_princ_type(context, princ) (princ)->type + #define krb5_princ_name(context, princ) (princ)->data +-#define krb5_princ_component(context, princ,i) ((princ)->data + i) ++#define krb5_princ_component(context, princ,i) (i < krb5_princ_size(context, princ) ? ((princ)->data + i) : NULL) + + /* + * end "base-defs.h" +Index: kdc/kdc_util.c +=================================================================== +RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v +retrieving revision 5.96.2.2.2.3 +diff -p -u -r5.96.2.2.2.3 kdc_util.c +--- src/kdc/kdc_util.c 2002/10/31 00:38:34 5.96.2.2.2.3 ++++ src/kdc/kdc_util.c 2003/03/19 00:39:00 +@@ -157,7 +157,8 @@ realm_compare(princ1, princ2) + krb5_boolean krb5_is_tgs_principal(principal) + krb5_principal principal; + { +- if ((krb5_princ_component(kdc_context, principal, 0)->length == ++ if (krb5_princ_size(kdc_context, principal) > 0 && ++ (krb5_princ_component(kdc_context, principal, 0)->length == + KRB5_TGS_NAME_SIZE) && + (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data, + KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) +Index: lib/krb5/krb/unparse.c +=================================================================== +RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/unparse.c,v +retrieving revision 5.27.4.1 +diff -p -u -r5.27.4.1 unparse.c +--- src/lib/krb5/krb/unparse.c 2002/08/12 22:55:01 5.27.4.1 ++++ src/lib/krb5/krb/unparse.c 2003/03/19 00:39:02 +@@ -153,7 +153,8 @@ krb5_unparse_name_ext(context, principal + *q++ = COMPONENT_SEP; + } + +- q--; /* Back up last component separator */ ++ if (i > 0) ++ q--; /* Back up last component separator */ + *q++ = REALM_SEP; + + cp = krb5_princ_realm(context, principal)->data; + diff --git a/app-crypt/krb5/files/krb5-1.2.7-xdr.patch b/app-crypt/krb5/files/krb5-1.2.7-xdr.patch new file mode 100644 index 000000000000..d25f5717bff1 --- /dev/null +++ b/app-crypt/krb5/files/krb5-1.2.7-xdr.patch @@ -0,0 +1,137 @@ +Index: xdr_mem.c +=================================================================== +RCS file: /cvs/krbdev/krb5/src/lib/rpc/xdr_mem.c,v +retrieving revision 1.8 +diff -c -r1.8 xdr_mem.c +*** src/lib/rpc/xdr_mem.c 1998/02/14 02:27:24 1.8 +- --- src/lib/rpc/xdr_mem.c 2003/02/04 22:57:24 +*************** +*** 47,52 **** +- --- 47,54 ---- + #include <gssrpc/xdr.h> + #include <netinet/in.h> + #include <stdio.h> ++ #include <string.h> ++ #include <limits.h> + + static bool_t xdrmem_getlong(); + static bool_t xdrmem_putlong(); +*************** +*** 83,89 **** + xdrs->x_op = op; + xdrs->x_ops = &xdrmem_ops; + xdrs->x_private = xdrs->x_base = addr; +! xdrs->x_handy = size; + } + + static void +- --- 85,91 ---- + xdrs->x_op = op; + xdrs->x_ops = &xdrmem_ops; + xdrs->x_private = xdrs->x_base = addr; +! xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */ + } + + static void +*************** +*** 98,105 **** + long *lp; + { + +! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) + return (FALSE); + *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +- --- 100,109 ---- + long *lp; + { + +! if (xdrs->x_handy < sizeof(rpc_int32)) + return (FALSE); ++ else ++ xdrs->x_handy -= sizeof(rpc_int32); + *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +*************** +*** 111,118 **** + long *lp; + { + +! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) + return (FALSE); + *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +- --- 115,124 ---- + long *lp; + { + +! if (xdrs->x_handy < sizeof(rpc_int32)) + return (FALSE); ++ else ++ xdrs->x_handy -= sizeof(rpc_int32); + *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +*************** +*** 125,132 **** + register unsigned int len; + { + +! if ((xdrs->x_handy -= len) < 0) + return (FALSE); + memmove(addr, xdrs->x_private, len); + xdrs->x_private += len; + return (TRUE); +- --- 131,140 ---- + register unsigned int len; + { + +! if (xdrs->x_handy < len) + return (FALSE); ++ else ++ xdrs->x_handy -= len; + memmove(addr, xdrs->x_private, len); + xdrs->x_private += len; + return (TRUE); +*************** +*** 139,146 **** + register unsigned int len; + { + +! if ((xdrs->x_handy -= len) < 0) + return (FALSE); + memmove(xdrs->x_private, addr, len); + xdrs->x_private += len; + return (TRUE); +- --- 147,156 ---- + register unsigned int len; + { + +! if (xdrs->x_handy < len) + return (FALSE); ++ else ++ xdrs->x_handy -= len; + memmove(xdrs->x_private, addr, len); + xdrs->x_private += len; + return (TRUE); +*************** +*** 179,185 **** + { + rpc_int32 *buf = 0; + +! if (xdrs->x_handy >= len) { + xdrs->x_handy -= len; + buf = (rpc_int32 *) xdrs->x_private; + xdrs->x_private += len; +- --- 189,195 ---- + { + rpc_int32 *buf = 0; + +! if (len >= 0 && xdrs->x_handy >= len) { + xdrs->x_handy -= len; + buf = (rpc_int32 *) xdrs->x_private; + xdrs->x_private += len; + diff --git a/app-crypt/krb5/krb5-1.2.7-r2.ebuild b/app-crypt/krb5/krb5-1.2.7-r2.ebuild new file mode 100644 index 000000000000..fe41c8fc1739 --- /dev/null +++ b/app-crypt/krb5/krb5-1.2.7-r2.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/krb5/krb5-1.2.7-r2.ebuild,v 1.1 2003/03/30 18:37:21 aliz Exp $ + +inherit eutils + +S=${WORKDIR}/${P}/src +SRC_URI="http://www.mirrors.wiretapped.net/security/cryptography/apps/kerberos/krb5-mit/unix/${P}.tar.gz + http://www.galiette.com/krb5/${P}.tar.gz + http://munitions.vipul.net/software/system/auth/kerberos/${P}.tar.gz + http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz" +DESCRIPTION="MIT Kerberos V (set up for pam)" +HOMEPAGE="http://web.mit.edu/kerberos/www/" + +IUSE="" +SLOT="0" +LICENSE="as-is" +KEYWORDS="~x86 ~sparc ~ppc" +PROVIDE="virtual/krb5" + +DEPEND="virtual/glibc" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${PN}-1.2.2-gentoo.diff + + EPATCH_SINGLE_MSG="Applying MIT krb5 Security Advisory 2003-003 fix" + epatch ${FILESDIR}/${P}-xdr.patch + EPATCH_SINGLE_MSG="Applying MIT krb5 Security Advisory 2003-004 fix" + epatch ${WORKDIR}/2003-004-krb4_patchkit/patch.${PV} + EPATCH_SINGLE_MSG="Applying MIT krb5 Security Advisory 2003-005 fix" + epatch ${FILESDIR}/${P}-principal_name_handling.patch + + # Fix bad errno definitions (bug #16450 and #16267) + ebegin Fixing errno definitions + find . -name '*.[ch]' | xargs grep -l 'extern.*int.*errno' \ + | xargs -n1 perl -pi.orig -e ' + $.==1 && s/^/#include <errno.h>\n/; + s/extern\s+int\s+errno\s*\;//;' + eend 0 +} + +src_compile() { + econf \ + --with-krb4 \ + --enable-shared \ + --enable-dns || die + make || die +} + +src_install () { + make DESTDIR=${D} install || die + cd .. + dodoc README + + # Begin client rename and install + for i in {telnetd,ftpd} + do + mv ${D}/usr/share/man/man8/${i}.8.gz ${D}/usr/share/man/man8/k${i}.8.gz + mv ${D}/usr/sbin/${i} ${D}/usr/sbin/k${i} + done + for i in {rcp,rsh,telnet,v4rcp,ftp,rlogin} + do + mv ${D}/usr/share/man/man1/${i}.1.gz ${D}/usr/share/man/man1/k${i}.1.gz + mv ${D}/usr/bin/${i} ${D}/usr/bin/k${i} + done + +} |