head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2010Q4:1.1.0.8 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.6 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.4 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.2 pkgsrc-2010Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2011.03.22.23.31.05; author tez; state dead; branches; next 1.1; 1.1 date 2010.02.24.19.07.51; author tez; state Exp; branches; next ; desc @@ 1.2 log @Update MIT Kerberos to v1.8.3 with the latest security patches up to and including MITKRB5-SA-2011-003. Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2 Note that the r-services, telnetd and ftpd services and the related client applications are now in a separate pacakge security/mit-krb5-appl. @ text @$NetBSD: patch-bs,v 1.1 2010/02/24 19:07:51 tez Exp $ --- lib/crypto/enc_provider/aes.c.orig 2004-05-25 13:06:13.000000000 -0500 +++ lib/crypto/enc_provider/aes.c 2010-02-23 17:43:53.574980200 -0600 @@@@ -68,9 +68,11 @@@@ nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; if (nblocks == 1) { - /* XXX Used for DK function. */ + /* Used when deriving keys. */ + if (input->length < BLOCK_SIZE) + return KRB5_BAD_MSIZE; enc(output->data, input->data, &ctx); - } else { + } else if (nblocks > 1) { unsigned int nleft; for (blockno = 0; blockno < nblocks - 2; blockno++) { @@@@ -123,9 +125,9 @@@@ if (nblocks == 1) { if (input->length < BLOCK_SIZE) - abort(); + return KRB5_BAD_MSIZE; dec(output->data, input->data, &ctx); - } else { + } else if (nblocks > 1) { for (blockno = 0; blockno < nblocks - 2; blockno++) { dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); @ 1.1 log @Fix CVE-2009-4212 (MITKRB5-SA-2009-004) using patches from http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt (slightly adjusted for older kerberos version) @ text @d1 1 a1 1 $NetBSD$ @