head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.8 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.6 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.4 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.2 pkgsrc-2011Q2-base:1.3 pkgsrc-2010Q4:1.2.0.28 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.26 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.24 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.22 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.20 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.18 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.16 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.14 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.12 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.10 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.8 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.6 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.4 pkgsrc-2008Q1:1.2.0.2; locks; strict; comment @# @; expand @k@; 1.3 date 2011.03.22.23.31.04; author tez; state dead; branches; next 1.2; 1.2 date 2008.06.07.20.22.18; author tonnerre; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2008.06.07.18.36.07; author tonnerre; state Exp; branches; next ; 1.2.2.1 date 2008.06.07.20.22.18; author tron; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2008.06.08.11.47.13; author tron; state Exp; branches; next ; desc @@ 1.3 log @Update MIT Kerberos to v1.8.3 with the latest security patches up to and including MITKRB5-SA-2011-003. Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2 Note that the r-services, telnetd and ftpd services and the related client applications are now in a separate pacakge security/mit-krb5-appl. @ text @$NetBSD$ --- lib/gssapi/krb5/k5unseal.c.orig 2004-04-13 22:00:19.000000000 +0200 +++ lib/gssapi/krb5/k5unseal.c @@@@ -457,8 +457,11 @@@@ kg_unseal_v1(context, minor_status, ctx, if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { - if (toktype == KG_TOK_SEAL_MSG) + if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } @ 1.2 log @Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. @ text @d1 1 a1 1 $NetBSD: patch-be,v 1.1 2008/06/07 18:36:07 tonnerre Exp $ @ 1.2.2.1 log @file patch-be was added on branch pkgsrc-2008Q1 on 2008-06-08 11:47:13 +0000 @ text @d1 17 @ 1.2.2.2 log @Pullup ticket #2417 - requested by tonnerre Security patches for mit-krb5 Revisions pulled up: - security/mit-krb5/Makefile 1.42 - security/mit-krb5/distinfo 1.17-1.19 - security/mit-krb5/patches/patch-ai 1.3-1.4 - security/mit-krb5/patches/patch-au 1.1-1.2 - security/mit-krb5/patches/patch-av 1.1-1.2 - security/mit-krb5/patches/patch-aw 1.1-1.2 - security/mit-krb5/patches/patch-ax 1.1-1.2 - security/mit-krb5/patches/patch-ay 1.1-1.2 - security/mit-krb5/patches/patch-az 1.1-1.2 - security/mit-krb5/patches/patch-ba 1.1-1.3 - security/mit-krb5/patches/patch-bb 1.1-1.2 - security/mit-krb5/patches/patch-bc 1.1-1.2 - security/mit-krb5/patches/patch-bd 1.1-1.2 - security/mit-krb5/patches/patch-be 1.1-1.2 - security/mit-krb5/patches/patch-bf 1.1 - security/mit-krb5/patches/patch-bg 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 18:36:07 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 20:22:18 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 22:26:10 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ba Added Files: pkgsrc/security/mit-krb5/patches: patch-bf patch-bg Log Message: Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION will be bumped again once some other patches are in. @ text @a0 17 $NetBSD: patch-be,v 1.1 2008/06/07 18:36:07 tonnerre Exp $ --- lib/gssapi/krb5/k5unseal.c.orig 2004-04-13 22:00:19.000000000 +0200 +++ lib/gssapi/krb5/k5unseal.c @@@@ -457,8 +457,11 @@@@ kg_unseal_v1(context, minor_status, ctx, if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { - if (toktype == KG_TOK_SEAL_MSG) + if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } @ 1.1 log @Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 --- src/lib/gssapi/krb5/k5unseal.c.orig 2004-04-13 22:00:19.000000000 +0200 +++ src/lib/gssapi/krb5/k5unseal.c @