head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.20
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.18
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.16
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.14
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.12
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.10
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.8
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.6
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.4
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.2
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.1.0.14
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.12
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.10
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.8
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.6
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.4
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2008.02.28.08.14.41;	author jlam;	state dead;
branches;
next	1.1;

1.1
date	2006.08.09.17.58.09;	author salo;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2006.08.09.17.58.09;	author ghen;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2006.08.10.07.14.03;	author ghen;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update security/heimdal to version 1.1.  Changes from version 0.7.2 include:

 * Read-only PKCS11 provider built-in to hx509.
 * Better compatibilty with Windows 2008 Server pre-releases and Vista.
 * Add RFC3526 modp group14 as default.
 * Handle [kdc] database = { } entries without realm = stanzas.
 * Add gss_pseudo_random() for mechglue and krb5.
 * Make session key for the krbtgt be selected by the best encryption
   type of the client.
 * Better interoperability with other PK-INIT implementations.
 * Alias support for inital ticket requests.
 * Make ASN.1 library less paranoid to with regard to NUL in string to
   make it inter-operate with MIT Kerberos again.
 * PK-INIT support.
 * HDB extensions support, used by PK-INIT.
 * New ASN.1 compiler.
 * GSS-API mechglue from FreeBSD.
 * Updated SPNEGO to support RFC4178.
 * Support for Cryptosystem Negotiation Extension (RFC 4537).
 * A new X.509 library (hx509) and related crypto functions.
 * A new ntlm library (heimntlm) and related crypto functions.
 * KDC will return the "response too big" error to force TCP retries
   for large (default 1400 bytes) UDP replies.  This is common for
   PK-INIT requests.
 * Libkafs defaults to use 2b tokens.
 * krb5_kuserok() also checks ~/.k5login.d directory for acl files.
 * Fix memory leaks.
 * Bugs fixes
@
text
@$NetBSD: patch-an,v 1.1 2006/08/09 17:58:09 salo Exp $

Security fix for SA21436.

--- appl/ftp/ftpd/ftpd.c.orig	2005-06-02 12:41:28.000000000 +0200
+++ appl/ftp/ftpd/ftpd.c	2006-08-09 19:42:15.000000000 +0200
@@@@ -138,9 +138,9 @@@@ static int	 handleoobcmd(void);
 static int	 checkuser (char *, char *);
 static int	 checkaccess (char *);
 static FILE	*dataconn (const char *, off_t, const char *);
-static void	 dolog (struct sockaddr *sa, int len);
+static void	 dolog (struct sockaddr *, int);
 static void	 end_login (void);
-static FILE	*getdatasock (const char *);
+static FILE	*getdatasock (const char *, int);
 static char	*gunique (char *);
 static RETSIGTYPE	 lostconn (int);
 static int	 receive_data (FILE *, FILE *);
@@@@ -835,7 +835,8 @@@@ static void
 end_login(void)
 {
 
-	seteuid((uid_t)0);
+	if (seteuid((uid_t)0) < 0)
+		fatal("Failed to seteuid");
 	if (logged_in)
 		ftpd_logwtmp(ttyline, "", "");
 	pw = NULL;
@@@@ -1208,14 +1209,15 @@@@ done:
 }
 
 static FILE *
-getdatasock(const char *mode)
+getdatasock(const char *mode, int domain)
 {
 	int s, t, tries;
 
 	if (data >= 0)
 		return (fdopen(data, mode));
-	seteuid(0);
-	s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
+	s = socket(domain, SOCK_STREAM, 0);
 	if (s < 0)
 		goto bad;
 	socket_set_reuseaddr (s, 1);
@@@@ -1232,7 +1234,8 @@@@ getdatasock(const char *mode)
 			goto bad;
 		sleep(tries);
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 #ifdef IPTOS_THROUGHPUT
 	socket_set_tos (s, IPTOS_THROUGHPUT);
 #endif
@@@@ -1240,7 +1243,8 @@@@ getdatasock(const char *mode)
 bad:
 	/* Return the real value of errno (close may change it) */
 	t = errno;
-	seteuid((uid_t)pw->pw_uid);
+	if (seteuid((uid_t)pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	close(s);
 	errno = t;
 	return (NULL);
@@@@ -1271,7 +1275,7 @@@@ dataconn(const char *name, off_t size, c
 {
 	char sizebuf[32];
 	FILE *file;
-	int retry = 0;
+	int domain, retry = 0;
 
 	file_size = size;
 	byte_count = 0;
@@@@ -1318,7 +1322,15 @@@@ dataconn(const char *name, off_t size, c
 	if (usedefault)
 		data_dest = his_addr;
 	usedefault = 1;
-	file = getdatasock(mode);
+	/* 
+	 * Default to using the same socket type as the ctrl address,
+	 * unless we know the type of the data address.
+	 */
+	domain = data_dest->sa_family;
+	if (domain == PF_UNSPEC)
+	    domain = ctrl_addr->sa_family;
+
+	file = getdatasock(mode, domain);
 	if (file == NULL) {
 		char data_addr[256];
 
@@@@ -1889,11 +1901,11 @@@@ dologout(int status)
     transflag = 0;
     urgflag = 0;
     if (logged_in) {
-	seteuid((uid_t)0);
-	ftpd_logwtmp(ttyline, "", "");
 #ifdef KRB4
 	cond_kdestroy();
 #endif
+	seteuid((uid_t)0); /* No need to check, we call exit() below */
+	ftpd_logwtmp(ttyline, "", "");
     }
     /* beware of flushing buffers after a SIGPIPE */
 #ifdef XXX
@@@@ -2006,12 +2018,15 @@@@ pasv(void)
 				     0);
 	socket_set_portrange(pdata, restricted_data_ports, 
 	    pasv_addr->sa_family); 
-	seteuid(0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
+		if (seteuid(pw->pw_uid) < 0)
+			fatal("Failed to seteuid");
 		goto pasv_error;
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	len = sizeof(pasv_addr_ss);
 	if (getsockname(pdata, pasv_addr, &len) < 0)
 		goto pasv_error;
@@@@ -2050,12 +2065,15 @@@@ epsv(char *proto)
 				     0);
 	socket_set_portrange(pdata, restricted_data_ports, 
 	    pasv_addr->sa_family); 
-	seteuid(0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
+		if (seteuid(pw->pw_uid))
+			fatal("Failed to seteuid");
 		goto pasv_error;
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	len = sizeof(pasv_addr_ss);
 	if (getsockname(pdata, pasv_addr, &len) < 0)
 		goto pasv_error;
@


1.1
log
@Security fix for SA21436:

"A security issue has been reported in Heimdal, which potentially can be
 exploited by malicious, local users to perform certain actions with
 escalated privileges.

 The security issue is caused due to missing checks for whether the
 "setuid()" call has succeeded in the bundled rcp application. This may
 be exploited to perform certain actions with root privileges if the
 "setuid()" call fails due to e.g. resource limits."

http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-an was added on branch pkgsrc-2006Q2 on 2006-08-09 17:58:09 +0000
@
text
@d1 145
@


1.1.2.2
log
@Pullup ticket 1784 - requested by salo
security fix for heimdal

Revisions pulled up:
- pkgsrc/security/heimdal/Makefile			1.60-1.62
- pkgsrc/security/heimdal/distinfo			1.20-1.21
- pkgsrc/security/heimdal/PLIST				1.11
- pkgsrc/security/heimdal/PLIST.Linux			removed
- pkgsrc/security/heimdal/patches/patch-al		1.1
- pkgsrc/security/heimdal/patches/patch-am		1.1
- pkgsrc/security/heimdal/patches/patch-an		1.1
- pkgsrc/security/heimdal/patches/patch-ao		1.1
- pkgsrc/security/heimdal/patches/patch-ap		1.1
- pkgsrc/security/heimdal/patches/patch-aq		1.1

   Module Name:	pkgsrc
   Committed By:	markd
   Date:		Sun Jul  2 13:53:28 UTC 2006

   Modified Files:
	pkgsrc/security/heimdal: Makefile
   Added Files:
	pkgsrc/security/heimdal: PLIST.SunOS

   Log Message:
   Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with
   heimdal, so heimdal installs its own. Add them in PLIST.SunOS
   Fixes PR pkg/33656.   Bump PKGREVISION.
---
   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Wed Jul  5 04:39:15 UTC 2006

   Modified Files:
	pkgsrc/security/heimdal: Makefile PLIST distinfo
   Added Files:
	pkgsrc/security/heimdal/patches: patch-al
   Removed Files:
	pkgsrc/security/heimdal: PLIST.Linux PLIST.SunOS

   Log Message:
   Back out previous and do the same thing more generally for all platforms.
   Since the heimdal install process will install additional headers in
   ${PREFIX}/include/krb5 depending on what the configure process detects,
   simply query the source Makefile at install-time for the extra headers
   that it will install and dynamically add them to the PLIST.
---
   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Wed Aug  9 17:58:09 UTC 2006

   Modified Files:
	pkgsrc/security/heimdal: Makefile distinfo
   Added Files:
	pkgsrc/security/heimdal/patches: patch-am patch-an patch-ao patch-ap
	    patch-aq

   Log Message:
   Security fix for SA21436:

   "A security issue has been reported in Heimdal, which potentially can be
    exploited by malicious, local users to perform certain actions with
    escalated privileges.

    The security issue is caused due to missing checks for whether the
    "setuid()" call has succeeded in the bundled rcp application. This may
    be exploited to perform certain actions with root privileges if the
    "setuid()" call fails due to e.g. resource limits."

   http://secunia.com/advisories/21436/
   http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

   Bump PKGREVISION.
@
text
@a0 145
$NetBSD: patch-an,v 1.1.2.1 2006/08/10 07:14:03 ghen Exp $

Security fix for SA21436.

--- appl/ftp/ftpd/ftpd.c.orig	2005-06-02 12:41:28.000000000 +0200
+++ appl/ftp/ftpd/ftpd.c	2006-08-09 19:42:15.000000000 +0200
@@@@ -138,9 +138,9 @@@@ static int	 handleoobcmd(void);
 static int	 checkuser (char *, char *);
 static int	 checkaccess (char *);
 static FILE	*dataconn (const char *, off_t, const char *);
-static void	 dolog (struct sockaddr *sa, int len);
+static void	 dolog (struct sockaddr *, int);
 static void	 end_login (void);
-static FILE	*getdatasock (const char *);
+static FILE	*getdatasock (const char *, int);
 static char	*gunique (char *);
 static RETSIGTYPE	 lostconn (int);
 static int	 receive_data (FILE *, FILE *);
@@@@ -835,7 +835,8 @@@@ static void
 end_login(void)
 {
 
-	seteuid((uid_t)0);
+	if (seteuid((uid_t)0) < 0)
+		fatal("Failed to seteuid");
 	if (logged_in)
 		ftpd_logwtmp(ttyline, "", "");
 	pw = NULL;
@@@@ -1208,14 +1209,15 @@@@ done:
 }
 
 static FILE *
-getdatasock(const char *mode)
+getdatasock(const char *mode, int domain)
 {
 	int s, t, tries;
 
 	if (data >= 0)
 		return (fdopen(data, mode));
-	seteuid(0);
-	s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
+	s = socket(domain, SOCK_STREAM, 0);
 	if (s < 0)
 		goto bad;
 	socket_set_reuseaddr (s, 1);
@@@@ -1232,7 +1234,8 @@@@ getdatasock(const char *mode)
 			goto bad;
 		sleep(tries);
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 #ifdef IPTOS_THROUGHPUT
 	socket_set_tos (s, IPTOS_THROUGHPUT);
 #endif
@@@@ -1240,7 +1243,8 @@@@ getdatasock(const char *mode)
 bad:
 	/* Return the real value of errno (close may change it) */
 	t = errno;
-	seteuid((uid_t)pw->pw_uid);
+	if (seteuid((uid_t)pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	close(s);
 	errno = t;
 	return (NULL);
@@@@ -1271,7 +1275,7 @@@@ dataconn(const char *name, off_t size, c
 {
 	char sizebuf[32];
 	FILE *file;
-	int retry = 0;
+	int domain, retry = 0;
 
 	file_size = size;
 	byte_count = 0;
@@@@ -1318,7 +1322,15 @@@@ dataconn(const char *name, off_t size, c
 	if (usedefault)
 		data_dest = his_addr;
 	usedefault = 1;
-	file = getdatasock(mode);
+	/* 
+	 * Default to using the same socket type as the ctrl address,
+	 * unless we know the type of the data address.
+	 */
+	domain = data_dest->sa_family;
+	if (domain == PF_UNSPEC)
+	    domain = ctrl_addr->sa_family;
+
+	file = getdatasock(mode, domain);
 	if (file == NULL) {
 		char data_addr[256];
 
@@@@ -1889,11 +1901,11 @@@@ dologout(int status)
     transflag = 0;
     urgflag = 0;
     if (logged_in) {
-	seteuid((uid_t)0);
-	ftpd_logwtmp(ttyline, "", "");
 #ifdef KRB4
 	cond_kdestroy();
 #endif
+	seteuid((uid_t)0); /* No need to check, we call exit() below */
+	ftpd_logwtmp(ttyline, "", "");
     }
     /* beware of flushing buffers after a SIGPIPE */
 #ifdef XXX
@@@@ -2006,12 +2018,15 @@@@ pasv(void)
 				     0);
 	socket_set_portrange(pdata, restricted_data_ports, 
 	    pasv_addr->sa_family); 
-	seteuid(0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
+		if (seteuid(pw->pw_uid) < 0)
+			fatal("Failed to seteuid");
 		goto pasv_error;
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	len = sizeof(pasv_addr_ss);
 	if (getsockname(pdata, pasv_addr, &len) < 0)
 		goto pasv_error;
@@@@ -2050,12 +2065,15 @@@@ epsv(char *proto)
 				     0);
 	socket_set_portrange(pdata, restricted_data_ports, 
 	    pasv_addr->sa_family); 
-	seteuid(0);
+	if (seteuid(0) < 0)
+		fatal("Failed to seteuid");
 	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
+		if (seteuid(pw->pw_uid))
+			fatal("Failed to seteuid");
 		goto pasv_error;
 	}
-	seteuid(pw->pw_uid);
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("Failed to seteuid");
 	len = sizeof(pasv_addr_ss);
 	if (getsockname(pdata, pasv_addr, &len) < 0)
 		goto pasv_error;
@