head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.8 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.6 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.4 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.2 pkgsrc-2011Q2-base:1.3 pkgsrc-2010Q4:1.2.0.28 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.26 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.24 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.22 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.20 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.18 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.16 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.14 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.12 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.10 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.8 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.6 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.4 pkgsrc-2008Q1:1.2.0.2; locks; strict; comment @# @; expand @k@; 1.3 date 2011.03.22.23.31.04; author tez; state dead; branches; next 1.2; 1.2 date 2008.06.07.20.22.18; author tonnerre; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2008.06.07.18.36.06; author tonnerre; state Exp; branches; next ; 1.2.2.1 date 2008.06.07.20.22.18; author tron; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2008.06.08.11.47.13; author tron; state Exp; branches; next ; desc @@ 1.3 log @Update MIT Kerberos to v1.8.3 with the latest security patches up to and including MITKRB5-SA-2011-003. Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2 Note that the r-services, telnetd and ftpd services and the related client applications are now in a separate pacakge security/mit-krb5-appl. @ text @$NetBSD$ --- appl/telnet/telnetd/state.c.orig 2002-11-15 21:21:51.000000000 +0100 +++ appl/telnet/telnetd/state.c @@@@ -1665,7 +1665,8 @@@@ static int envvarok(varp) strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ - strcmp(varp, "IFS")) { + strcmp(varp, "IFS") && + !strchr(varp, '-')) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); @ 1.2 log @Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.1 2008/06/07 18:36:06 tonnerre Exp $ @ 1.2.2.1 log @file patch-au was added on branch pkgsrc-2008Q1 on 2008-06-08 11:47:13 +0000 @ text @d1 14 @ 1.2.2.2 log @Pullup ticket #2417 - requested by tonnerre Security patches for mit-krb5 Revisions pulled up: - security/mit-krb5/Makefile 1.42 - security/mit-krb5/distinfo 1.17-1.19 - security/mit-krb5/patches/patch-ai 1.3-1.4 - security/mit-krb5/patches/patch-au 1.1-1.2 - security/mit-krb5/patches/patch-av 1.1-1.2 - security/mit-krb5/patches/patch-aw 1.1-1.2 - security/mit-krb5/patches/patch-ax 1.1-1.2 - security/mit-krb5/patches/patch-ay 1.1-1.2 - security/mit-krb5/patches/patch-az 1.1-1.2 - security/mit-krb5/patches/patch-ba 1.1-1.3 - security/mit-krb5/patches/patch-bb 1.1-1.2 - security/mit-krb5/patches/patch-bc 1.1-1.2 - security/mit-krb5/patches/patch-bd 1.1-1.2 - security/mit-krb5/patches/patch-be 1.1-1.2 - security/mit-krb5/patches/patch-bf 1.1 - security/mit-krb5/patches/patch-bg 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 18:36:07 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 20:22:18 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 22:26:10 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ba Added Files: pkgsrc/security/mit-krb5/patches: patch-bf patch-bg Log Message: Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION will be bumped again once some other patches are in. @ text @a0 14 $NetBSD: patch-au,v 1.1 2008/06/07 18:36:06 tonnerre Exp $ --- appl/telnet/telnetd/state.c.orig 2002-11-15 21:21:51.000000000 +0100 +++ appl/telnet/telnetd/state.c @@@@ -1665,7 +1665,8 @@@@ static int envvarok(varp) strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ - strcmp(varp, "IFS")) { + strcmp(varp, "IFS") && + !strchr(varp, '-')) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); @ 1.1 log @Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 --- src/appl/telnet/telnetd/state.c.orig 2002-11-15 21:21:51.000000000 +0100 +++ src/appl/telnet/telnetd/state.c @