security bump - bug #374229

Package-Manager: portage-2.1.10.4/cvs/Linux x86_64

4 files changed, 141 insertions, 7 deletions

diff --git a/app-crypt/mit-krb5-appl/ChangeLog b/app-crypt/mit-krb5-appl/ChangeLog
index 68560f9519ef..10f7d0f54cbe 100644
--- a/app-crypt/mit-krb5-appl/ChangeLog
+++ b/app-crypt/mit-krb5-appl/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/mit-krb5-appl
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.10 2011/04/23 18:24:42 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.11 2011/07/06 13:48:45 eras Exp $
+
+*mit-krb5-appl-1.0.1-r1 (06 Jul 2011)
+
+  06 Jul 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-appl-1.0.1-r1.ebuild,
+  +files/CVE-2011-1526.patch:
+  security bump - bug #374229
 
   23 Apr 2011; Raúl Porcel <armin76@gentoo.org> mit-krb5-appl-1.0.1.ebuild:
   arm/ia64/m68k/s390/sh/sparc stable wrt #358597
diff --git a/app-crypt/mit-krb5-appl/Manifest b/app-crypt/mit-krb5-appl/Manifest
index 9f4a0c8a6014..0d0c3ef1142f 100644
--- a/app-crypt/mit-krb5-appl/Manifest
+++ b/app-crypt/mit-krb5-appl/Manifest
@@ -1,14 +1,26 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
+AUX CVE-2011-1526.patch 2076 RMD160 780d9769e3b2661b927b26295f14a31dee314213 SHA1 5e52a66b299407f54038fc287732160aabce51ff SHA256 a3f14859883cdeff846aaea2e35738a6580549d634986fdfc41d178e33135459
 DIST krb5-appl-1.0.1-signed.tar 645120 RMD160 ca0668b623dcf4dc5a0699fa47d86660aac5544a SHA1 128662c9860f61a51c9bcaf1b6217467faa12324 SHA256 124322481e4f8e0b119b527071f2f707168060e17748cf34c8bf5af747c3e311
+EBUILD mit-krb5-appl-1.0.1-r1.ebuild 1571 RMD160 cb6f4595779119d8a453daacc35917aeb98e4896 SHA1 e760ab112d7b052d9cf859edeb5e2a4517c4c5c3 SHA256 37774f28acfd0804370aafc824d59fa7280e05dcad70339f73df13c76b7dbd14
 EBUILD mit-krb5-appl-1.0.1.ebuild 1479 RMD160 91c40228567269baed8f4afefdb72f6e8a47f759 SHA1 32267caa3e54cca0baf430afec3dd379493535f3 SHA256 d56f0f940aadf0857833474d2f24939724038b13f47a3a47c1db913f8053651d
-MISC ChangeLog 1498 RMD160 fcf5af505f2136df21d25ed82fc3a804cbb99bbb SHA1 a2a7de58d878cc1bfa89ee13d5b42d34fd8b89a1 SHA256 a7880db31c86706505006f1fa9541a762b2573b93e0e51deabe8bccca7f1c2e6
+MISC ChangeLog 1671 RMD160 a0ae8a896c9c11cb4ab86203894c672c2d0d4e30 SHA1 11b6a952086e18c798202b8b70d50c8fb1759957 SHA256 e8c5ced19766d7ddd751716aee62ace9eb34f6f0490a704d6c938c25870ea034
 MISC metadata.xml 161 RMD160 d985cebdc76fcff9904d6ed365cce080bfc5c468 SHA1 64cc2a9dea22e8618348d9916a6288a894ded3f2 SHA256 24dcbc1b12d6ed52621a4edec3764c838cab1b32f5fc982ce0fe305822c562c7
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.16 (GNU/Linux)
+Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEARECAAYFAk2zGXAACgkQuQc30/atMkCnDACgjCT9c2z1MUBfr1pcv2x3b4/r
-utMAoLUAJYup/96yHlVEW7205tTRdRpU
-=jGdz
+iQIcBAEBCAAGBQJOFGfKAAoJEHfx8XVYajsf6ZAQAKPNmQvXb0LiIbOeNpkD9MOJ
+KB7LJE7dujkCjuJW/uypXyxPTBBvO3JcPfmoJBTaMeu75F8x4lGV2BgrMJDWNr92
+lKKHK3SjaKbLJ7xwTsnKu1n0W2+o6XP6CcSvZbLm7YCfZwE8+nMALEZajNxo4GcU
+Fij78oFMiL4oGSdkNI7tsc3Gz+Azv4I5Bgwa+41BoiFh6McNQ33H3XuNr4WwMDrW
+/zEAirIjM8HtoIAtvzgUuzPQhdVA3kjaKscaA+KzA6lMCR9ULWOpWLEjGVXo5lMz
+8XrUXSxjfgIgSXvwe0WsZeNeCUvmkdud54aTvg3dOxJYgFqiJFoL04r4fBzXRujm
+8M8s5pAvvDPsdSEyMyEHeSdyObundEDbasDdWty7StptAdt4OC1ktjSn4C1ByZTl
+VptsBVpOgyBkOoJvFkzt6N/ZaqrpVUOiRvZV074PTqWPN4mlHnPd8ObR2ydZuSFs
+AurlAH/HJysj2timB53StFjUG6smvC6nLqwB52erJ6KICfQil91k6f3vqrUd2UNw
+bbNbDLlhE52ynkVTT3v1L6ZLKaRI/LRa6s9yIx6tqx8KfW6LcTAFNe5SoViKkfa8
+Z/WaMKM2fPrJZ/3OiuNk9CLvhd398Lsrg4oxnVmRiRAAQJBAMglFubSqLSokQtPa
+4MgDKHfo5xytsG3Q3QrT
+=hrB8
 -----END PGP SIGNATURE-----
diff --git a/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch b/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch
new file mode 100644
index 000000000000..9c4466214e53
--- /dev/null
+++ b/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch
@@ -0,0 +1,58 @@
+diff --git a/configure.ac b/configure.ac
+index 86e23f1..2fe68ad 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -107,6 +107,7 @@ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp)
+ AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg)
+ AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af)
+ AC_CHECK_FUNCS(seteuid setlogin setpgid setpriority setresuid setreuid)
++AC_CHECK_FUNCS(setegid setregid setresgid)
+ AC_CHECK_FUNCS(setutent setutsent setutxent strsave tcgetpgrp tcsetpgrp)
+ AC_CHECK_FUNCS(ttyname unsetenv updwtmp updwtmpx utimes utmpname utmpxname)
+ AC_CHECK_FUNCS(vhangup vsnprintf waitpid)
+diff --git a/gssftp/ftpd/ftpd.c b/gssftp/ftpd/ftpd.c
+index fe62a9c..a150819 100644
+--- a/gssftp/ftpd/ftpd.c
++++ b/gssftp/ftpd/ftpd.c
+@@ -994,9 +994,14 @@ login(passwd, logincode)
+ #endif
+ 	}
+ 
+-	(void) krb5_setegid((gid_t)pw->pw_gid);
+-	(void) initgroups(pw->pw_name, pw->pw_gid);
+-
++	if (krb5_setegid((gid_t)pw->pw_gid) < 0) {
++		reply(550, "Can't set egid.");
++		goto bad;
++	}
++	if (geteuid() == 0 && initgroups(pw->pw_name, pw->pw_gid) < 0) {
++		reply(550, "Can't initgroups");
++		goto bad;
++	}
+ 	/* open wtmp before chroot */
+ 	(void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid());
+ 	pty_logwtmp(ttyline, pw->pw_name, rhost_sane);
+diff --git a/k5-util.h b/k5-util.h
+index 7bb8cfb..64cd53d 100644
+--- a/k5-util.h
++++ b/k5-util.h
+@@ -69,8 +69,7 @@
+ #elif defined(HAVE_SETREUID)
+ #  define krb5_seteuid(EUID)	setreuid(geteuid(), (uid_t)(EUID))
+ #else
+-   /* You need to add a case to deal with this operating system.*/
+-#  define krb5_seteuid(EUID)	(errno = EPERM, -1)
++#  error "You need to add a case to deal with this operating system."
+ #endif
+ 
+ #ifdef HAVE_SETEGID
+@@ -80,8 +79,7 @@
+ #elif defined(HAVE_SETREGID)
+ #  define krb5_setegid(EGID)	(setregid(getegid(), (gid_t)(EGID)))
+ #else
+-   /* You need to add a case to deal with this operating system.*/
+-#  define krb5_setegid(EGID)	(errno = EPERM, -1)
++#  error "You need to add a case to deal with this operating system."
+ #endif
+ 
+ #endif
diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild
new file mode 100644
index 000000000000..61c76e4c768f
--- /dev/null
+++ b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild,v 1.1 2011/07/06 13:48:45 eras Exp $
+
+EAPI=4
+
+inherit flag-o-matic versionator autotools eutils
+
+MY_P=${P/mit-}
+MAJOR_MINOR="$( get_version_component_range 1-2 )"
+DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+RDEPEND=">=app-crypt/mit-krb5-1.8.0"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/CVE-2011-1526.patch"
+	eautoreconf
+}
+
+src_configure() {
+	append-flags "-I/usr/include/et"
+	append-flags -fno-strict-aliasing
+	append-flags -fno-strict-overflow
+	econf
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	for i in {telnetd,ftpd} ; do
+	    mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \
+		|| die "mv failed (man)"
+	    mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed"
+	done
+
+	for i in {rcp,rlogin,rsh,telnet,ftp} ; do
+		mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \
+		|| die "mv failed (man)"
+		mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed"
+	done
+
+	rm "${D}"/usr/share/man/man1/tmac.doc
+	dodoc README
+}