head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.4
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.12.03.20.11.31;	author tez;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.12.03.20.11.31;	author spz;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.12.12.15.20.09;	author spz;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-ca,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/crypto/keyed_checksum_types.c.orig	2010-12-03 11:36:00.476825900 -0600
+++ lib/crypto/keyed_checksum_types.c	2010-12-03 11:37:44.915328600 -0600
@@@@ -51,6 +51,15 @@@@
 {
     unsigned int i, c;
 
+    if (enctype == ENCTYPE_ARCFOUR_HMAC ||
+	enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+	*count = 1;
+	if ((*cksumtypes = malloc(sizeof(krb5_cksumtype))) == NULL)
+	    return(ENOMEM);
+	(*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+	return(0);
+    }
+
     c = 0;
     for (i=0; i<krb5_cksumtypes_length; i++) {
 	if ((krb5_cksumtypes_list[i].keyhash &&
@


1.1
log
@add fix for CVE-2010-1323 from
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ca was added on branch pkgsrc-2010Q3 on 2010-12-12 15:20:09 +0000
@
text
@d1 22
@


1.1.2.2
log
@Pullup ticket 3299 - requested by tez
security fixes

Revisions pulled up:
- pkgsrc/security/mit-krb5/Makefile		1.50
- pkgsrc/security/mit-krb5/distinfo		1.26

Files added:
pkgsrc/security/mit-krb5/patches/patch-ca
pkgsrc/security/mit-krb5/patches/patch-cb
pkgsrc/security/mit-krb5/patches/patch-cc
pkgsrc/security/mit-krb5/patches/patch-cd

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Fri Dec  3 20:11:31 UTC 2010

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
           pkgsrc/security/mit-krb5/patches: patch-ca patch-cb patch-cc patch-cd

   Log Message:
   add fix for CVE-2010-1323 from
   http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt


   To generate a diff of this commit:
   cvs rdiff -u -r1.49 -r1.50 pkgsrc/security/mit-krb5/Makefile
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/mit-krb5/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-ca \
       pkgsrc/security/mit-krb5/patches/patch-cb \
       pkgsrc/security/mit-krb5/patches/patch-cc \
       pkgsrc/security/mit-krb5/patches/patch-cd
@
text
@a0 22
$NetBSD: patch-ca,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/crypto/keyed_checksum_types.c.orig	2010-12-03 11:36:00.476825900 -0600
+++ lib/crypto/keyed_checksum_types.c	2010-12-03 11:37:44.915328600 -0600
@@@@ -51,6 +51,15 @@@@
 {
     unsigned int i, c;
 
+    if (enctype == ENCTYPE_ARCFOUR_HMAC ||
+	enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+	*count = 1;
+	if ((*cksumtypes = malloc(sizeof(krb5_cksumtype))) == NULL)
+	    return(ENOMEM);
+	(*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+	return(0);
+    }
+
     c = 0;
     for (i=0; i<krb5_cksumtypes_length; i++) {
 	if ((krb5_cksumtypes_list[i].keyhash &&
@