head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.8
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.6
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.4
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.2
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2010Q4:1.2.0.28
	pkgsrc-2010Q4-base:1.2
	pkgsrc-2010Q3:1.2.0.26
	pkgsrc-2010Q3-base:1.2
	pkgsrc-2010Q2:1.2.0.24
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.22
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.20
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.2.0.18
	pkgsrc-2009Q3-base:1.2
	pkgsrc-2009Q2:1.2.0.16
	pkgsrc-2009Q2-base:1.2
	pkgsrc-2009Q1:1.2.0.14
	pkgsrc-2009Q1-base:1.2
	pkgsrc-2008Q4:1.2.0.12
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.10
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.8
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.6
	pkgsrc-2008Q2-base:1.2
	cwrapper:1.2.0.4
	pkgsrc-2008Q1:1.2.0.2;
locks; strict;
comment	@# @;
expand	@k@;


1.3
date	2011.03.22.23.31.04;	author tez;	state dead;
branches;
next	1.2;

1.2
date	2008.06.07.20.22.18;	author tonnerre;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2008.06.07.18.36.07;	author tonnerre;	state Exp;
branches;
next	;

1.2.2.1
date	2008.06.07.20.22.18;	author tron;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2008.06.08.11.47.13;	author tron;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD$

--- lib/kadm5/logger.c.orig	2002-09-18 22:44:13.000000000 +0200
+++ lib/kadm5/logger.c
@@@@ -45,7 +45,7 @@@@
 #include <varargs.h>
 #endif	/* HAVE_STDARG_H */
 
-#define	KRB5_KLOG_MAX_ERRMSG_SIZE	1024
+#define	KRB5_KLOG_MAX_ERRMSG_SIZE	2048
 #ifndef	MAXHOSTNAMELEN
 #define	MAXHOSTNAMELEN	256
 #endif	/* MAXHOSTNAMELEN */
@@@@ -256,7 +256,9 @@@@ klog_com_err_proc(const char *whoami, lo
 #endif	/* HAVE_SYSLOG */
 
     /* Now format the actual message */
-#if	HAVE_VSPRINTF
+#if	HAVE_VSNPRINTF
+    vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap);
+#elif	HAVE_VSPRINTF
     vsprintf(cp, actual_format, ap);
 #else	/* HAVE_VSPRINTF */
     sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1],
@@@@ -843,7 +845,9 @@@@ klog_vsyslog(int priority, const char *f
     syslogp = &outbuf[strlen(outbuf)];
 
     /* Now format the actual message */
-#ifdef	HAVE_VSPRINTF
+#ifdef	HAVE_VSNPRINTF
+    vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist);
+#elif	HAVE_VSPRINTF
     vsprintf(syslogp, format, arglist);
 #else	/* HAVE_VSPRINTF */
     sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1],
@


1.2
log
@Remove parts of a different security patch which slipped in but are not
supported yet. Don't bump revision as the package didn't build before.
@
text
@d1 1
a1 1
$NetBSD: patch-bd,v 1.1 2008/06/07 18:36:07 tonnerre Exp $
@


1.2.2.1
log
@file patch-bd was added on branch pkgsrc-2008Q1 on 2008-06-08 11:47:13 +0000
@
text
@d1 35
@


1.2.2.2
log
@Pullup ticket #2417 - requested by tonnerre
Security patches for mit-krb5

Revisions pulled up:
- security/mit-krb5/Makefile		1.42
- security/mit-krb5/distinfo		1.17-1.19
- security/mit-krb5/patches/patch-ai	1.3-1.4
- security/mit-krb5/patches/patch-au	1.1-1.2
- security/mit-krb5/patches/patch-av	1.1-1.2
- security/mit-krb5/patches/patch-aw	1.1-1.2
- security/mit-krb5/patches/patch-ax	1.1-1.2
- security/mit-krb5/patches/patch-ay	1.1-1.2
- security/mit-krb5/patches/patch-az	1.1-1.2
- security/mit-krb5/patches/patch-ba	1.1-1.3
- security/mit-krb5/patches/patch-bb	1.1-1.2
- security/mit-krb5/patches/patch-bc	1.1-1.2
- security/mit-krb5/patches/patch-bd	1.1-1.2
- security/mit-krb5/patches/patch-be	1.1-1.2
- security/mit-krb5/patches/patch-bf	1.1
- security/mit-krb5/patches/patch-bg	1.1
---
    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Sat Jun  7 18:36:07 UTC 2008

    Modified Files:
    	pkgsrc/security/mit-krb5: Makefile distinfo
    Added Files:
    	pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av
    patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd
    	    patch-be

    Log Message:
    Add security patches for 3 Kerberos vulnerabilities:
     - telnetd username and environment sanitizing vulnerabilities ("-f
    root") as described in MIT Kerberos advisory 2007-001.
     - krb5_klog_syslog() problems with overly long log strings as described
       in MIT Kerberos advisory 2007-002.
     - GSS API kg_unseal_v1() double free vulnerability as described in the
       MIT Kerberos advisory 2007-003.
---
    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Sat Jun  7 20:22:18 UTC 2008

    Modified Files:
    	pkgsrc/security/mit-krb5: distinfo
    	pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av
    patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd
    	    patch-be

    Log Message:
    Remove parts of a different security patch which slipped in but are not
    supported yet. Don't bump revision as the package didn't build before.
---
    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Sat Jun  7 22:26:10 UTC 2008

    Modified Files:
    	pkgsrc/security/mit-krb5: distinfo
    	pkgsrc/security/mit-krb5/patches: patch-ba
    Added Files:
    	pkgsrc/security/mit-krb5/patches: patch-bf patch-bg

    Log Message:
    Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION
    will be bumped again once some other patches are in.
@
text
@a0 35
$NetBSD: patch-bd,v 1.1 2008/06/07 18:36:07 tonnerre Exp $

--- lib/kadm5/logger.c.orig	2002-09-18 22:44:13.000000000 +0200
+++ lib/kadm5/logger.c
@@@@ -45,7 +45,7 @@@@
 #include <varargs.h>
 #endif	/* HAVE_STDARG_H */
 
-#define	KRB5_KLOG_MAX_ERRMSG_SIZE	1024
+#define	KRB5_KLOG_MAX_ERRMSG_SIZE	2048
 #ifndef	MAXHOSTNAMELEN
 #define	MAXHOSTNAMELEN	256
 #endif	/* MAXHOSTNAMELEN */
@@@@ -256,7 +256,9 @@@@ klog_com_err_proc(const char *whoami, lo
 #endif	/* HAVE_SYSLOG */
 
     /* Now format the actual message */
-#if	HAVE_VSPRINTF
+#if	HAVE_VSNPRINTF
+    vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap);
+#elif	HAVE_VSPRINTF
     vsprintf(cp, actual_format, ap);
 #else	/* HAVE_VSPRINTF */
     sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1],
@@@@ -843,7 +845,9 @@@@ klog_vsyslog(int priority, const char *f
     syslogp = &outbuf[strlen(outbuf)];
 
     /* Now format the actual message */
-#ifdef	HAVE_VSPRINTF
+#ifdef	HAVE_VSNPRINTF
+    vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist);
+#elif	HAVE_VSPRINTF
     vsprintf(syslogp, format, arglist);
 #else	/* HAVE_VSPRINTF */
     sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1],
@


1.1
log
@Add security patches for 3 Kerberos vulnerabilities:
 - telnetd username and environment sanitizing vulnerabilities ("-f root")
   as described in MIT Kerberos advisory 2007-001.
 - krb5_klog_syslog() problems with overly long log strings as described
   in MIT Kerberos advisory 2007-002.
 - GSS API kg_unseal_v1() double free vulnerability as described in the
   MIT Kerberos advisory 2007-003.
@
text
@d1 1
a1 1
$NetBSD$
d3 2
a4 2
--- src/lib/kadm5/logger.c.orig	2002-09-18 22:44:13.000000000 +0200
+++ src/lib/kadm5/logger.c
@