diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2003-03-30 17:40:52 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2003-03-30 17:40:52 +0000 |
commit | 6ec7f88b51bba4c8a249133c63bcf717fcde1815 (patch) | |
tree | ece2bbc5e80908c39566d875257d97d9c1e3ce4d /app-crypt | |
parent | small fixes (diff) | |
download | historical-6ec7f88b51bba4c8a249133c63bcf717fcde1815.tar.gz historical-6ec7f88b51bba4c8a249133c63bcf717fcde1815.tar.bz2 historical-6ec7f88b51bba4c8a249133c63bcf717fcde1815.zip |
Security update
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 7 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/digest-mit-krb5-1.2.7 | 2 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/krb5-1.2.7-principal_name_handling.patch | 51 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/krb5-1.2.7-xdr.patch | 137 | ||||
-rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.2.7.ebuild | 90 |
5 files changed, 286 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 064d3e5f8283..2edf8e520230 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.3 2003/02/12 03:28:22 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.4 2003/03/30 17:40:52 aliz Exp $ + +*mit-krb5-1.2.7 (30 Mar 2003) + + 30 Mar 2003; Daniel Ahlberg <aliz@gentoo.org> mit-krb5-1.2.7.ebuid : + Security update. Various patches from MIT applied. *mit-krb5-1.2.6-r2 (07 Dec 2002) diff --git a/app-crypt/mit-krb5/files/digest-mit-krb5-1.2.7 b/app-crypt/mit-krb5/files/digest-mit-krb5-1.2.7 new file mode 100644 index 000000000000..a408c7ae4794 --- /dev/null +++ b/app-crypt/mit-krb5/files/digest-mit-krb5-1.2.7 @@ -0,0 +1,2 @@ +MD5 854b52face2a8f771caf88166fa269d3 krb5-1.2.7.tar.gz 5491926 +MD5 88d770f2de2c1bd842b511f47002a807 2003-004-krb4_patchkit.tar.gz 11493 diff --git a/app-crypt/mit-krb5/files/krb5-1.2.7-principal_name_handling.patch b/app-crypt/mit-krb5/files/krb5-1.2.7-principal_name_handling.patch new file mode 100644 index 000000000000..a220866d8237 --- /dev/null +++ b/app-crypt/mit-krb5/files/krb5-1.2.7-principal_name_handling.patch @@ -0,0 +1,51 @@ +Index: include/krb5.hin +=================================================================== +RCS file: /cvs/krbdev/krb5/src/include/krb5.hin,v +retrieving revision 1.94.2.5.2.17 +diff -p -u -r1.94.2.5.2.17 krb5.hin +--- src/include/krb5.hin 2002/04/16 23:47:53 1.94.2.5.2.17 ++++ src/include/krb5.hin 2003/03/19 00:38:54 +@@ -326,7 +326,7 @@ typedef krb5_const krb5_principal_data F + #define krb5_princ_size(context, princ) (princ)->length + #define krb5_princ_type(context, princ) (princ)->type + #define krb5_princ_name(context, princ) (princ)->data +-#define krb5_princ_component(context, princ,i) ((princ)->data + i) ++#define krb5_princ_component(context, princ,i) (i < krb5_princ_size(context, princ) ? ((princ)->data + i) : NULL) + + /* + * end "base-defs.h" +Index: kdc/kdc_util.c +=================================================================== +RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v +retrieving revision 5.96.2.2.2.3 +diff -p -u -r5.96.2.2.2.3 kdc_util.c +--- src/kdc/kdc_util.c 2002/10/31 00:38:34 5.96.2.2.2.3 ++++ src/kdc/kdc_util.c 2003/03/19 00:39:00 +@@ -157,7 +157,8 @@ realm_compare(princ1, princ2) + krb5_boolean krb5_is_tgs_principal(principal) + krb5_principal principal; + { +- if ((krb5_princ_component(kdc_context, principal, 0)->length == ++ if (krb5_princ_size(kdc_context, principal) > 0 && ++ (krb5_princ_component(kdc_context, principal, 0)->length == + KRB5_TGS_NAME_SIZE) && + (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data, + KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) +Index: lib/krb5/krb/unparse.c +=================================================================== +RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/unparse.c,v +retrieving revision 5.27.4.1 +diff -p -u -r5.27.4.1 unparse.c +--- src/lib/krb5/krb/unparse.c 2002/08/12 22:55:01 5.27.4.1 ++++ src/lib/krb5/krb/unparse.c 2003/03/19 00:39:02 +@@ -153,7 +153,8 @@ krb5_unparse_name_ext(context, principal + *q++ = COMPONENT_SEP; + } + +- q--; /* Back up last component separator */ ++ if (i > 0) ++ q--; /* Back up last component separator */ + *q++ = REALM_SEP; + + cp = krb5_princ_realm(context, principal)->data; + diff --git a/app-crypt/mit-krb5/files/krb5-1.2.7-xdr.patch b/app-crypt/mit-krb5/files/krb5-1.2.7-xdr.patch new file mode 100644 index 000000000000..d25f5717bff1 --- /dev/null +++ b/app-crypt/mit-krb5/files/krb5-1.2.7-xdr.patch @@ -0,0 +1,137 @@ +Index: xdr_mem.c +=================================================================== +RCS file: /cvs/krbdev/krb5/src/lib/rpc/xdr_mem.c,v +retrieving revision 1.8 +diff -c -r1.8 xdr_mem.c +*** src/lib/rpc/xdr_mem.c 1998/02/14 02:27:24 1.8 +- --- src/lib/rpc/xdr_mem.c 2003/02/04 22:57:24 +*************** +*** 47,52 **** +- --- 47,54 ---- + #include <gssrpc/xdr.h> + #include <netinet/in.h> + #include <stdio.h> ++ #include <string.h> ++ #include <limits.h> + + static bool_t xdrmem_getlong(); + static bool_t xdrmem_putlong(); +*************** +*** 83,89 **** + xdrs->x_op = op; + xdrs->x_ops = &xdrmem_ops; + xdrs->x_private = xdrs->x_base = addr; +! xdrs->x_handy = size; + } + + static void +- --- 85,91 ---- + xdrs->x_op = op; + xdrs->x_ops = &xdrmem_ops; + xdrs->x_private = xdrs->x_base = addr; +! xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */ + } + + static void +*************** +*** 98,105 **** + long *lp; + { + +! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) + return (FALSE); + *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +- --- 100,109 ---- + long *lp; + { + +! if (xdrs->x_handy < sizeof(rpc_int32)) + return (FALSE); ++ else ++ xdrs->x_handy -= sizeof(rpc_int32); + *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +*************** +*** 111,118 **** + long *lp; + { + +! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) + return (FALSE); + *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +- --- 115,124 ---- + long *lp; + { + +! if (xdrs->x_handy < sizeof(rpc_int32)) + return (FALSE); ++ else ++ xdrs->x_handy -= sizeof(rpc_int32); + *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); + xdrs->x_private += sizeof(rpc_int32); + return (TRUE); +*************** +*** 125,132 **** + register unsigned int len; + { + +! if ((xdrs->x_handy -= len) < 0) + return (FALSE); + memmove(addr, xdrs->x_private, len); + xdrs->x_private += len; + return (TRUE); +- --- 131,140 ---- + register unsigned int len; + { + +! if (xdrs->x_handy < len) + return (FALSE); ++ else ++ xdrs->x_handy -= len; + memmove(addr, xdrs->x_private, len); + xdrs->x_private += len; + return (TRUE); +*************** +*** 139,146 **** + register unsigned int len; + { + +! if ((xdrs->x_handy -= len) < 0) + return (FALSE); + memmove(xdrs->x_private, addr, len); + xdrs->x_private += len; + return (TRUE); +- --- 147,156 ---- + register unsigned int len; + { + +! if (xdrs->x_handy < len) + return (FALSE); ++ else ++ xdrs->x_handy -= len; + memmove(xdrs->x_private, addr, len); + xdrs->x_private += len; + return (TRUE); +*************** +*** 179,185 **** + { + rpc_int32 *buf = 0; + +! if (xdrs->x_handy >= len) { + xdrs->x_handy -= len; + buf = (rpc_int32 *) xdrs->x_private; + xdrs->x_private += len; +- --- 189,195 ---- + { + rpc_int32 *buf = 0; + +! if (len >= 0 && xdrs->x_handy >= len) { + xdrs->x_handy -= len; + buf = (rpc_int32 *) xdrs->x_private; + xdrs->x_private += len; + diff --git a/app-crypt/mit-krb5/mit-krb5-1.2.7.ebuild b/app-crypt/mit-krb5/mit-krb5-1.2.7.ebuild new file mode 100644 index 000000000000..5a1ba5b49252 --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.2.7.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.2.7.ebuild,v 1.1 2003/03/30 17:40:52 aliz Exp $ + +inherit eutils + +MY_P=${PN/mit-}-${PV} +S=${WORKDIR}/${MY_P}/src +SRC_URI="http://www.mirrors.wiretapped.net/security/cryptography/apps/kerberos/krb5-mit/unix/${MY_P}.tar.gz + http://www.galiette.com/krb5/${MY_P}.tar.gz + http://munitions.vipul.net/software/system/auth/kerberos/${MY_P}.tar.gz + http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz" +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +IUSE="krb4" +SLOT="0" +LICENSE="as-is" +KEYWORDS="~x86" +PROVIDE="virtual/krb5" +DEPEND="virtual/glibc" + +src_unpack() { + unpack ${A} ; cd ${S} + + EPATCH_SINGLE_MSG="Applying MIT krb5 Security Advisory 2003-003 fix" + epatch ${FILESDIR}/${MY_P}-xdr.patch + EPATCH_SINGLE_MSG="Applying MIT krb5 Security Advisory 2003-004 fix" + epatch ${WORKDIR}/2003-004-krb4_patchkit/patch.${PV} + EPATCH_SINGLE_MSG="Applying MIT krb5 Security Advisory 2003-005 fix" + epatch ${FILESDIR}/${MY_P}-principal_name_handling.patch + + # Fix bad errno definitions (bug #16450 and #16267) + ebegin Fixing errno definitions + find . -name '*.[ch]' | xargs grep -l 'extern.*int.*errno' \ + | xargs -n1 perl -pi.orig -e ' + $.==1 && s/^/#include <errno.h>\n/; + s/extern\s+int\s+errno\s*\;//;' + eend 0 +} + +src_compile() { + local myconf + + use krb4 && myconf="${myconf} --with-krb4 --enable-krb4" \ + || myconf="${myconf} --without-krb4 --disable-krb4" + + econf \ + --mandir=/usr/share/man \ + --localstatedir=/etc \ + --enable-shared \ + --host=${CHOST} \ + --prefix=/usr \ + --enable-dns \ + ${myconf} || die + + make || die +} + +src_install () { + make DESTDIR=${D} install || die + cd .. + dodoc README + + # Begin client rename and install + for i in {telnetd,ftpd} + do + mv ${D}/usr/share/man/man8/${i}.8.gz ${D}/usr/share/man/man8/k${i}.8.gz + mv ${D}/usr/sbin/${i} ${D}/usr/sbin/k${i} + done + for i in {rcp,rsh,telnet,v4rcp,ftp,rlogin} + do + mv ${D}/usr/share/man/man1/${i}.1.gz ${D}/usr/share/man/man1/k${i}.1.gz + mv ${D}/usr/bin/${i} ${D}/usr/bin/k${i} + done + + insinto /etc + newins ${FILESDIR}/krb5.conf krb5.conf + insinto /etc/krb5kdc + newins ${FILESDIR}/kdc.conf kdc.conf + insinto /etc/conf.d + newins ${FILESDIR}/krb5.confd krb5 + exeinto /etc/init.d + newexe ${FILESDIR}/krb5.initd krb5 +} + +pkg_postinst() { + einfo "Configuration files are now under /etc." + einfo "The client apps are now installed with the k prefix" + einfo "(ie. kftp, kftpd, ktelnet, ktelnetd, etc...)" +} |