head	1.2;
access;
symbols
	pkgsrc-2015Q4:1.1.0.8
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.6
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.4
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.2
	pkgsrc-2015Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.03.15.15.16.39;	author tez;	state dead;
branches;
next	1.1;
commitid	vfGyRvS5ID9EDKYy;

1.1
date	2015.02.25.22.28.58;	author tez;	state Exp;
branches;
next	;
commitid	gZ9MRsbsAuA2nrby;


desc
@@


1.2
log
@Update to 1.14.1 resolving all reported vulnerabilities including:
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-2698
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
@
text
@$NetBSD: patch-CVE-2014-5353,v 1.1 2015/02/25 22:28:58 tez Exp $

Fix for CVE-2014-5353 from:
https://github.com/krb5/krb5/commit/5fbb56c4624df9e6b0d0a80f46e5ad37eb79c6c0


--- plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.orig	2015-02-25 18:57:47.261119800 +0000
+++ plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@@@ -261,9 +261,9 @@@@ krb5_ldap_get_password_policy_from_dn(kr
 #endif /**************** END IFDEF'ed OUT *******************************/
 
     ent=ldap_first_entry(ld, result);
-    if (ent != NULL) {
-        if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
-            goto cleanup;
+    if (ent == NULL) {
+        st = KRB5_KDB_NOENTRY;
+        goto cleanup;
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
         krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
         krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
@@@@ -279,6 +279,7 @@@@ krb5_ldap_get_password_policy_from_dn(kr
                                             ld);
 #endif /**************** END IFDEF'ed OUT *******************************/
     }
+    st = populate_policy(context, ld, ent, pol_name, *policy);
 
 cleanup:
     ldap_msgfree(result);
@


1.1
log
@Backported fixes for:
http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
and:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
and
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
 (also apparently known as SA62976)
@
text
@d1 1
a1 1
$NetBSD$
@