head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.8
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.6
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.4
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.2
	pkgsrc-2010Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.02.24.19.07.51;	author tez;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-bw,v 1.1 2010/02/24 19:07:51 tez Exp $

--- lib/crypto/old/old_decrypt.c.orig	2003-07-22 14:09:31.000000000 -0500
+++ lib/crypto/old/old_decrypt.c	2010-02-23 17:43:53.702276900 -0600
@@@@ -45,8 +45,10 @@@@
     blocksize = enc->block_size;
     hashsize = hash->hashsize;
 
+    /* Verify input and output lengths. */
+    if (input->length < blocksize + hashsize || input->length % blocksize != 0)
+	return(KRB5_BAD_MSIZE);
     plainsize = input->length - blocksize - hashsize;
-
     if (arg_output->length < plainsize)
 	return(KRB5_BAD_MSIZE);
 
@


1.1
log
@Fix CVE-2009-4212 (MITKRB5-SA-2009-004) using patches from
http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
(slightly adjusted for older kerberos version)
@
text
@d1 1
a1 1
$NetBSD$
@