head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.8
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.6
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.4
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.2
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2010Q4:1.2.0.26
	pkgsrc-2010Q4-base:1.2
	pkgsrc-2010Q3:1.2.0.24
	pkgsrc-2010Q3-base:1.2
	pkgsrc-2010Q2:1.2.0.22
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.20
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.18
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.2.0.16
	pkgsrc-2009Q3-base:1.2
	pkgsrc-2009Q2:1.2.0.14
	pkgsrc-2009Q2-base:1.2
	pkgsrc-2009Q1:1.2.0.12
	pkgsrc-2009Q1-base:1.2
	pkgsrc-2008Q4:1.2.0.10
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.8
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.6
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.4
	pkgsrc-2008Q2-base:1.2
	cwrapper:1.2.0.2
	pkgsrc-2008Q1:1.1.0.12
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.10
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.8
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.6
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.4
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2011.03.22.23.31.04;	author tez;	state dead;
branches;
next	1.2;

1.2
date	2008.06.07.23.58.11;	author tonnerre;	state Exp;
branches;
next	1.1;

1.1
date	2007.01.17.23.43.47;	author salo;	state Exp;
branches
	1.1.2.1
	1.1.12.1;
next	;

1.1.2.1
date	2007.01.17.23.43.47;	author ghen;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2007.02.18.12.01.11;	author ghen;	state Exp;
branches;
next	;

1.1.12.1
date	2008.06.08.12.00.23;	author tron;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-at,v 1.2 2008/06/07 23:58:11 tonnerre Exp $

--- lib/rpc/svc.c.orig	2004-09-21 20:20:15.000000000 +0200
+++ lib/rpc/svc.c
@@@@ -108,15 +108,17 @@@@ xprt_register(SVCXPRT *xprt)
 	if (sock < FD_SETSIZE) {
 		xports[sock] = xprt;
 		FD_SET(sock, &svc_fdset);
+		if (sock > svc_maxfd)
+			svc_maxfd = sock;
 	}
 #else
 	if (sock < NOFILE) {
 		xports[sock] = xprt;
 		svc_fds |= (1 << sock);
+		if (sock > svc_maxfd)
+			svc_maxfd = sock;
 	}
 #endif /* def FD_SETSIZE */
-	if (sock > svc_maxfd)
-		svc_maxfd = sock;
 }
 
 /*
@@@@ -436,6 +438,8 @@@@ svc_getreqset(FDSET_TYPE *readfds)
 #endif
 }
 
+extern struct svc_auth_ops svc_auth_gss_ops;
+
 static void
 svc_do_xprt(SVCXPRT *xprt)
 {
@@@@ -517,6 +521,9 @@@@ svc_do_xprt(SVCXPRT *xprt)
 		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
 			SVC_DESTROY(xprt);
 			break;
+		} else if ((xprt->xp_auth != NULL) &&
+			   (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
+			xprt->xp_auth = NULL;
 		}
 	} while (stat == XPRT_MOREREQS);
 
@


1.2
log
@Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1
log
@Security fix for CVE-2006-6143:

"An unauthenticated user may cause execution of arbitrary code in
 kadmind, which can compromise the Kerberos key database and host
 security.  (kadmind usually runs as root.)  Unsuccessful exploitation,
 or even accidental replication of the required conditions by
 non-malicious users, can result in kadmind crashing."

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143

Patch from MIT.
@
text
@a2 2
Security fix for CVE-2006-6143.

d4 22
a25 2
+++ lib/rpc/svc.c	2007-01-17 21:58:10.000000000 +0100
@@@@ -436,6 +436,8 @@@@ svc_getreqset(FDSET_TYPE *readfds)
d34 1
a34 1
@@@@ -517,6 +519,9 @@@@ svc_do_xprt(SVCXPRT *xprt)
@


1.1.2.1
log
@file patch-at was added on branch pkgsrc-2006Q4 on 2007-01-17 23:43:47 +0000
@
text
@d1 25
@


1.1.2.2
log
@Pullup ticket 2021 - requested by salo
security fix for mit-krb5

- pkgsrc/security/mit-krb5/Makefile			1.39-1.40
- pkgsrc/security/mit-krb5/distinfo			1.16
- pkgsrc/security/mit-krb5/patches/patch-at		1.1

   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Wed Jan 17 23:43:47 UTC 2007

   Modified Files:
	   pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
	   pkgsrc/security/mit-krb5/patches: patch-at

   Log Message:
   Security fix for CVE-2006-6143:

   "An unauthenticated user may cause execution of arbitrary code in
    kadmind, which can compromise the Kerberos key database and host
    security.  (kadmind usually runs as root.)  Unsuccessful exploitation,
    or even accidental replication of the required conditions by
    non-malicious users, can result in kadmind crashing."

   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143

   Patch from MIT.
---
   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Thu Jan 18 17:28:24 UTC 2007

   Modified Files:
	   pkgsrc/security/mit-krb5: Makefile

   Log Message:
   Fix building with Autoconf 2.60 and newer.
   Addresses PR pkg/34252 by Matthias Petermann.

   Also delint a bit.
@
text
@a0 25
$NetBSD: patch-at,v 1.1.2.1 2007/02/18 12:01:11 ghen Exp $

Security fix for CVE-2006-6143.

--- lib/rpc/svc.c.orig	2004-09-21 20:20:15.000000000 +0200
+++ lib/rpc/svc.c	2007-01-17 21:58:10.000000000 +0100
@@@@ -436,6 +436,8 @@@@ svc_getreqset(FDSET_TYPE *readfds)
 #endif
 }
 
+extern struct svc_auth_ops svc_auth_gss_ops;
+
 static void
 svc_do_xprt(SVCXPRT *xprt)
 {
@@@@ -517,6 +519,9 @@@@ svc_do_xprt(SVCXPRT *xprt)
 		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
 			SVC_DESTROY(xprt);
 			break;
+		} else if ((xprt->xp_auth != NULL) &&
+			   (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
+			xprt->xp_auth = NULL;
 		}
 	} while (stat == XPRT_MOREREQS);
 
@


1.1.12.1
log
@Pullup ticket #2417 - requested by tonnerre
Security patches for mit-krb5

Revisions pulled up:
- security/mit-krb5/Makefile			1.43
- security/mit-krb5/distinfo			1.20
- security/mit-krb5/patches/patch-at		1.2
- security/mit-krb5/patches/patch-bh		1.1
- security/mit-krb5/patches/patch-bi		1.1
- security/mit-krb5/patches/patch-bj		1.1
- security/mit-krb5/patches/patch-bk		1.1
- security/mit-krb5/patches/patch-bl		1.1
---
    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Sat Jun  7 23:58:11 UTC 2008

    Modified Files:
	pkgsrc/security/mit-krb5: Makefile distinfo
	pkgsrc/security/mit-krb5/patches: patch-at
    Added Files:
	pkgsrc/security/mit-krb5/patches: patch-bh patch-bi patch-bj
	patch-bk patch-bl

    Log Message:
    Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and
    MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
@
text
@d3 2
d6 2
a7 22
+++ lib/rpc/svc.c
@@@@ -108,15 +108,17 @@@@ xprt_register(SVCXPRT *xprt)
 	if (sock < FD_SETSIZE) {
 		xports[sock] = xprt;
 		FD_SET(sock, &svc_fdset);
+		if (sock > svc_maxfd)
+			svc_maxfd = sock;
 	}
 #else
 	if (sock < NOFILE) {
 		xports[sock] = xprt;
 		svc_fds |= (1 << sock);
+		if (sock > svc_maxfd)
+			svc_maxfd = sock;
 	}
 #endif /* def FD_SETSIZE */
-	if (sock > svc_maxfd)
-		svc_maxfd = sock;
 }
 
 /*
@@@@ -436,6 +438,8 @@@@ svc_getreqset(FDSET_TYPE *readfds)
d16 1
a16 1
@@@@ -517,6 +521,9 @@@@ svc_do_xprt(SVCXPRT *xprt)
@