head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.8 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.6 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.4 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.2 pkgsrc-2011Q2-base:1.3 pkgsrc-2010Q4:1.2.0.28 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.26 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.24 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.22 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.20 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.18 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.16 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.14 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.12 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.10 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.8 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.6 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.4 pkgsrc-2008Q1:1.2.0.2; locks; strict; comment @# @; expand @k@; 1.3 date 2011.03.22.23.31.04; author tez; state dead; branches; next 1.2; 1.2 date 2008.06.07.20.22.18; author tonnerre; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2008.06.07.18.36.06; author tonnerre; state Exp; branches; next ; 1.2.2.1 date 2008.06.07.20.22.18; author tron; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2008.06.08.11.47.13; author tron; state Exp; branches; next ; desc @@ 1.3 log @Update MIT Kerberos to v1.8.3 with the latest security patches up to and including MITKRB5-SA-2011-003. Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2 Note that the r-services, telnetd and ftpd services and the related client applications are now in a separate pacakge security/mit-krb5-appl. @ text @$NetBSD$ --- kadmin/server/ovsec_kadmd.c.orig 2004-09-21 20:20:16.000000000 +0200 +++ kadmin/server/ovsec_kadmd.c @@@@ -952,13 +952,25 @@@@ void log_badverf(gss_name_t client_name, rpcproc_t proc; int i; const char *procname; + size_t clen, slen; + char *cdots, *sdots; (void) gss_display_name(&minor, client_name, &client, &gss_type); (void) gss_display_name(&minor, server_name, &server, &gss_type); - if (client.value == NULL) + if (client.value == NULL) { client.value = "(null)"; - if (server.value == NULL) + clen = sizeof("(null)") -1; + } else { + clen = client.length; + } + trunc_name(&clen, &cdots); + if (server.value == NULL) { server.value = "(null)"; + slen = sizeof("(null)") - 1; + } else { + slen = server.length; + } + trunc_name(&slen, &sdots); a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); proc = msg->rm_call.cb_proc; @@@@ -971,14 +983,14 @@@@ void log_badverf(gss_name_t client_name, } if (procname != NULL) krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " - "claimed client = %s, server = %s, addr = %s", - procname, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + procname, clen, client.value, cdots, + slen, server.value, sdots, a); else krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " - "claimed client = %s, server = %s, addr = %s", - proc, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + proc, clen, client.value, cdots, + slen, server.value, sdots, a); (void) gss_release_buffer(&minor, &client); (void) gss_release_buffer(&minor, &server); @ 1.2 log @Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. @ text @d1 1 a1 1 $NetBSD: patch-ax,v 1.1 2008/06/07 18:36:06 tonnerre Exp $ @ 1.2.2.1 log @file patch-ax was added on branch pkgsrc-2008Q1 on 2008-06-08 11:47:13 +0000 @ text @d1 53 @ 1.2.2.2 log @Pullup ticket #2417 - requested by tonnerre Security patches for mit-krb5 Revisions pulled up: - security/mit-krb5/Makefile 1.42 - security/mit-krb5/distinfo 1.17-1.19 - security/mit-krb5/patches/patch-ai 1.3-1.4 - security/mit-krb5/patches/patch-au 1.1-1.2 - security/mit-krb5/patches/patch-av 1.1-1.2 - security/mit-krb5/patches/patch-aw 1.1-1.2 - security/mit-krb5/patches/patch-ax 1.1-1.2 - security/mit-krb5/patches/patch-ay 1.1-1.2 - security/mit-krb5/patches/patch-az 1.1-1.2 - security/mit-krb5/patches/patch-ba 1.1-1.3 - security/mit-krb5/patches/patch-bb 1.1-1.2 - security/mit-krb5/patches/patch-bc 1.1-1.2 - security/mit-krb5/patches/patch-bd 1.1-1.2 - security/mit-krb5/patches/patch-be 1.1-1.2 - security/mit-krb5/patches/patch-bf 1.1 - security/mit-krb5/patches/patch-bg 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 18:36:07 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 20:22:18 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 22:26:10 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ba Added Files: pkgsrc/security/mit-krb5/patches: patch-bf patch-bg Log Message: Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION will be bumped again once some other patches are in. @ text @a0 53 $NetBSD: patch-ax,v 1.1 2008/06/07 18:36:06 tonnerre Exp $ --- kadmin/server/ovsec_kadmd.c.orig 2004-09-21 20:20:16.000000000 +0200 +++ kadmin/server/ovsec_kadmd.c @@@@ -952,13 +952,25 @@@@ void log_badverf(gss_name_t client_name, rpcproc_t proc; int i; const char *procname; + size_t clen, slen; + char *cdots, *sdots; (void) gss_display_name(&minor, client_name, &client, &gss_type); (void) gss_display_name(&minor, server_name, &server, &gss_type); - if (client.value == NULL) + if (client.value == NULL) { client.value = "(null)"; - if (server.value == NULL) + clen = sizeof("(null)") -1; + } else { + clen = client.length; + } + trunc_name(&clen, &cdots); + if (server.value == NULL) { server.value = "(null)"; + slen = sizeof("(null)") - 1; + } else { + slen = server.length; + } + trunc_name(&slen, &sdots); a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); proc = msg->rm_call.cb_proc; @@@@ -971,14 +983,14 @@@@ void log_badverf(gss_name_t client_name, } if (procname != NULL) krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " - "claimed client = %s, server = %s, addr = %s", - procname, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + procname, clen, client.value, cdots, + slen, server.value, sdots, a); else krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " - "claimed client = %s, server = %s, addr = %s", - proc, client.value, - server.value, a); + "claimed client = %.*s%s, server = %.*s%s, addr = %s", + proc, clen, client.value, cdots, + slen, server.value, sdots, a); (void) gss_release_buffer(&minor, &client); (void) gss_release_buffer(&minor, &server); @ 1.1 log @Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 --- src/kadmin/server/ovsec_kadmd.c.orig 2004-09-21 20:20:16.000000000 +0200 +++ src/kadmin/server/ovsec_kadmd.c d14 2 a15 1 if (client.value == NULL) @