head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.8
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.6
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.4
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.2
	pkgsrc-2010Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.02.24.19.07.51;	author tez;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-br,v 1.1 2010/02/24 19:07:51 tez Exp $

--- lib/crypto/arcfour/arcfour.c.orig	2004-02-18 20:46:26.000000000 -0600
+++ lib/crypto/arcfour/arcfour.c	2010-02-23 17:43:53.543585400 -0600
@@@@ -203,6 +203,12 @@@@
   keylength = enc->keylength;
   hashsize = hash->hashsize;
 
+  /* Verify input and output lengths. */
+  if (input->length < hashsize + CONFOUNDERLENGTH)
+    return KRB5_BAD_MSIZE;
+  if (output->length < input->length - hashsize - CONFOUNDERLENGTH)
+    return KRB5_BAD_MSIZE;
+
   d1.length=keybytes;
   d1.data=malloc(d1.length);
   if (d1.data == NULL)
@


1.1
log
@Fix CVE-2009-4212 (MITKRB5-SA-2009-004) using patches from
http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
(slightly adjusted for older kerberos version)
@
text
@d1 1
a1 1
$NetBSD$
@