Security bump - bug #339866

Package-Manager: portage-2.1.9.24/cvs/Linux x86_64
author: Eray Aslan <eras@gentoo.org> 2010-11-05 21:13:42 +0000
committer: Eray Aslan <eras@gentoo.org> 2010-11-05 21:13:42 +0000
commit: 18f65d9ea68b9f4e237b353b72faddc9317e2b4f (patch)
tree: d3dda2b4880daafbc8069480681df2b19251da6b /app-crypt
parent: Fixed luasec dependency. (diff)
download: historical-18f65d9ea68b9f4e237b353b72faddc9317e2b4f.tar.gz
historical-18f65d9ea68b9f4e237b353b72faddc9317e2b4f.tar.bz2
historical-18f65d9ea68b9f4e237b353b72faddc9317e2b4f.zip
4 files changed, 160 insertions, 2 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog
index f790d7c42918..2232cba69d67 100644
--- a/app-crypt/mit-krb5/ChangeLog
+++ b/app-crypt/mit-krb5/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/mit-krb5
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.231 2010/08/05 14:34:57 darkside Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.232 2010/11/05 21:13:42 eras Exp $
+
+*mit-krb5-1.8.3-r1 (05 Nov 2010)
+
+  05 Nov 2010; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.3-r1.ebuild,
+  +files/CVE-2010-1322.patch:
+  Security bump - bug #339866
 
   05 Aug 2010; Jeremy Olexa <darkside@gentoo.org> metadata.xml,
   -mit-krb5-1.6.3-r6.ebuild:
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
index cbbdef7e2c1c..b6eaed38a3a2 100644
--- a/app-crypt/mit-krb5/Manifest
+++ b/app-crypt/mit-krb5/Manifest
@@ -5,6 +5,7 @@ AUX CVE-2009-0844+CVE-2009-0847.patch 2075 RMD160 eba543da0eafa13158a71947bf2278
 AUX CVE-2009-0846.patch 1682 RMD160 80292c97735b2e45eb450d2c8f6c30e6b0dbf199 SHA1 4bde9e943f4604bfde41cb91f923c123716add71 SHA256 71914affe6f8623b44f3b8ac9c98a83783e41200f8965ea5d68e7fb8a4bc3088
 AUX CVE-2010-1320.patch 701 RMD160 f5ebcbf5a5cb872644aa3d7f28bea0de2e4cc281 SHA1 775ae45e20b67d1de7f2a21c52afbfbaacdae5a1 SHA256 251757cc449ba11f0147febc1b69e8aee37ec6c200a25c08e9a9eac02cdb3c60
 AUX CVE-2010-1321.patch 670 RMD160 941777d0914ae3363eae2be9d62a09e00e074c7e SHA1 fc85fead1fcbd3a8c0f867084a934c97abfc3f31 SHA256 02d778775bf3f7576f5cf7a9a1a3d14ccf1654b71c77a6a4e00a7bd5b775b221
+AUX CVE-2010-1322.patch 1066 RMD160 fc262a23e9aa118262a4258f74832445062444e4 SHA1 600f0890de65f96112f267b56317a4fd0166cba0 SHA256 7d9fbfffdaa0cde0ca499ccbb2cf09a6c7253e537755bbf6da9e08715fd9a474
 AUX MITKRB5-SA-2008-002.patch 1505 RMD160 35bb24ae802b532836810588e13c775ef8522cc1 SHA1 70fb0d83da33eb3e00355a11894c37f7c9d2b9aa SHA256 8e84a55080461f117f61501550c364f9ac25d9079601281a0d413bff664fc386
 AUX kpropd.xinetd 194 RMD160 5772b04bf7f6b8a5588331a4d9dca03738756f15 SHA1 a9c84a4197ba133144e754d68847cece6203ed4a SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736
 AUX mit-krb5-lazyldflags.patch 509 RMD160 47515882e93e0db7db6980a4460a01f2cbc3f382 SHA1 db880ff82bd72afd2815a8e8d345c815c2769715 SHA256 272b3a18303b43c64bbcc1da9bcb7cd60d56337700d84c78741c7096c18044d5
@@ -14,6 +15,7 @@ DIST krb5-1.8.2-signed.tar 11642880 RMD160 025f150e166b36067fbcc057662043f3b375c
 DIST krb5-1.8.3-signed.tar 11642880 RMD160 bdf3a505e4b2447af0c9080b441918d665dcdd9c SHA1 69696f63b6c2b0e3238156b19eed68cecd661c6b SHA256 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0aa22f6500f53381567019
 EBUILD mit-krb5-1.8.2-r1.ebuild 2656 RMD160 2186e283e67026407fe5ffd8dc0f958b34d5a87c SHA1 5ee7d2c2de2aee6b9f5affde774768f95e2f9e2c SHA256 65255fe583485ff210e35309c036f12d3c61de943f24a7bb0c857540ed2b24e5
 EBUILD mit-krb5-1.8.2.ebuild 2620 RMD160 353bc593ab0102c66c5846f74518ca7f0e2e7bd3 SHA1 c5f1b36275144a8f05a159e88349ed2088633ddd SHA256 b6c78e35e5a2d9af8ab389e95109f27de13e83cc11d189a876946353cd271aca
+EBUILD mit-krb5-1.8.3-r1.ebuild 2725 RMD160 d5bb423af29584ec56eacea512278baa4145d3ba SHA1 82c240289e41571df6a9c4600e45516476a563b3 SHA256 5fa2daa2520ca72629b91d1abf0e503abe888055dc077efdbc47fdb4ccb64834
 EBUILD mit-krb5-1.8.3.ebuild 2651 RMD160 02d4089a4aa765a5455addfb4ee2a06e1ce6cfbf SHA1 571463eb2a864b9136df558e0c17abf1a650be29 SHA256 59d054e2a7021b6c2e0483aac6953627ccd483669712d907fbe6d05ffc8eae97
-MISC ChangeLog 37357 RMD160 c678e7c3409e407134d6c42be9dc1f41f127d0a6 SHA1 270101dc857766f02d7a82ea9fd44f41a959d824 SHA256 083e6a3e10c3cf6b8f88e7fcf79001da74bc8e61dd19d69367f61c045324f130
+MISC ChangeLog 37519 RMD160 9f8f4060666aae7a600b3aaa121b78743bafc326 SHA1 14e1915581f97aeca081d15cc9af2f77262031b6 SHA256 26197b09dffc9f3b7d95dec13b2cd25a6888b024e475628308b4999a9cb06bdb
 MISC metadata.xml 438 RMD160 8ef6cc46c5529d18bd51d1e722f9f9329f3dcd78 SHA1 1b389e98fb724f1f6570fd7faac77f1909b24cae SHA256 441b7ccce3158497456485cefd03da127abec4322332932fff96875619df0d5b
diff --git a/app-crypt/mit-krb5/files/CVE-2010-1322.patch b/app-crypt/mit-krb5/files/CVE-2010-1322.patch
new file mode 100644
index 000000000000..0de12e62f3e1
--- /dev/null
+++ b/app-crypt/mit-krb5/files/CVE-2010-1322.patch
@@ -0,0 +1,33 @@
+diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
+index b5de64d..cc44e29 100644
+--- a/src/kdc/kdc_authdata.c
++++ b/src/kdc/kdc_authdata.c
+@@ -495,7 +495,7 @@ merge_authdata (krb5_context context,
+                 krb5_boolean copy,
+                 krb5_boolean ignore_kdc_issued)
+ {
+-    size_t i, nadata = 0;
++    size_t i, j, nadata = 0;
+     krb5_authdata **authdata = *out_authdata;
+ 
+     if (in_authdata == NULL || in_authdata[0] == NULL)
+@@ -529,16 +529,16 @@ merge_authdata (krb5_context context,
+         in_authdata = tmp;
+     }
+ 
+-    for (i = 0; in_authdata[i] != NULL; i++) {
++    for (i = 0, j = 0; in_authdata[i] != NULL; i++) {
+         if (ignore_kdc_issued &&
+             is_kdc_issued_authdatum(context, in_authdata[i], 0)) {
+             free(in_authdata[i]->contents);
+             free(in_authdata[i]);
+         } else
+-            authdata[nadata + i] = in_authdata[i];
++            authdata[nadata + j++] = in_authdata[i];
+     }
+ 
+-    authdata[nadata + i] = NULL;
++    authdata[nadata + j] = NULL;
+ 
+     free(in_authdata);
+ 
diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild
new file mode 100644
index 000000000000..3ceb994d30cc
--- /dev/null
+++ b/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild,v 1.1 2010/11/05 21:13:42 eras Exp $
+
+EAPI="2"
+
+inherit eutils flag-o-matic versionator
+
+MY_P=${P/mit-}
+P_DIR=$(get_version_component_range 1-2)
+DESCRIPTION="MIT Kerberos V"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ldap doc xinetd"
+
+RDEPEND="!!app-crypt/heimdal
+	>=sys-libs/e2fsprogs-libs-1.41.0
+	sys-apps/keyutils
+	ldap? ( net-nds/openldap )
+	xinetd? ( sys-apps/xinetd )"
+DEPEND="${RDEPEND}
+	doc? ( virtual/latex-base )"
+
+S=${WORKDIR}/${MY_P}/src
+
+PROVIDE="virtual/krb5"
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/CVE-2010-1322.patch"
+}
+
+src_configure() {
+	append-flags "-I/usr/include/et"
+	econf \
+		$(use_with ldap) \
+		--without-krb4 \
+		--enable-shared \
+		--with-system-et \
+		--with-system-ss \
+		--enable-dns-for-realm \
+		--enable-kdc-replay-cache \
+		--disable-rpath
+}
+
+src_compile() {
+	emake -j1 || die "emake failed"
+
+	if use doc ; then
+		cd ../doc
+		for dir in api implement ; do
+			emake -C "${dir}" || die "doc emake failed"
+		done
+	fi
+}
+
+src_test() {
+	einfo "Tests do not run in sandbox, they need mit-krb5 to be already installed to test it."
+}
+
+src_install() {
+	emake \
+		DESTDIR="${D}" \
+		EXAMPLEDIR="/usr/share/doc/${PF}/examples" \
+		install || die "install failed"
+
+	# default database dir
+	keepdir /var/lib/krb5kdc
+
+	cd ..
+	dodoc README
+	dodoc doc/*.ps
+	doinfo doc/*.info*
+	dohtml -r doc/*
+
+	# die if we cannot respect a USE flag
+	if use doc ; then
+	    dodoc doc/{api,implement}/*.ps || die "dodoc failed"
+	fi
+
+	newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind
+	newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc
+
+	insinto /etc
+	newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
+	insinto /var/lib/krb5kdc
+	newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
+	fi
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/kpropd.xinetd" kpropd
+	fi
+}
+
+pkg_preinst() {
+	if has_version "<${CATEGORY}/${PN}-1.8.0" ; then
+		einfo ""
+		elog "MIT split the Kerberos applications from the base Kerberos"
+		elog "distribution.  Kerberized versions of telnet, rlogin, rsh, rcp,"
+		elog "ftp clients and telnet, ftp deamons now live in"
+		elog "\"app-crypt/mit-krb5-appl\" package."
+		einfo ""
+	fi
+}
author	Eray Aslan <eras@gentoo.org>	2010-11-05 21:13:42 +0000
committer	Eray Aslan <eras@gentoo.org>	2010-11-05 21:13:42 +0000
commit	18f65d9ea68b9f4e237b353b72faddc9317e2b4f (patch)
tree	d3dda2b4880daafbc8069480681df2b19251da6b /app-crypt
parent	Fixed luasec dependency. (diff)
download	historical-18f65d9ea68b9f4e237b353b72faddc9317e2b4f.tar.gz historical-18f65d9ea68b9f4e237b353b72faddc9317e2b4f.tar.bz2 historical-18f65d9ea68b9f4e237b353b72faddc9317e2b4f.zip