head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.4
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.12.03.20.11.31;	author tez;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.12.03.20.11.31;	author spz;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.12.12.15.20.09;	author spz;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-cb,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/crypto/dk/derive.c.orig	2010-12-03 11:38:08.683111800 -0600
+++ lib/crypto/dk/derive.c	2010-12-03 11:38:50.395857000 -0600
@@@@ -40,6 +40,8 @@@@
     keybytes = enc->keybytes;
     keylength = enc->keylength;
 
+    if (blocksize == 1)
+	return(KRB5_BAD_ENCTYPE);
     if ((inkey->length != keylength) ||
 	(outkey->length != keylength))
 	return(KRB5_CRYPTO_INTERNAL);
@


1.1
log
@add fix for CVE-2010-1323 from
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-cb was added on branch pkgsrc-2010Q3 on 2010-12-12 15:20:09 +0000
@
text
@d1 15
@


1.1.2.2
log
@Pullup ticket 3299 - requested by tez
security fixes

Revisions pulled up:
- pkgsrc/security/mit-krb5/Makefile		1.50
- pkgsrc/security/mit-krb5/distinfo		1.26

Files added:
pkgsrc/security/mit-krb5/patches/patch-ca
pkgsrc/security/mit-krb5/patches/patch-cb
pkgsrc/security/mit-krb5/patches/patch-cc
pkgsrc/security/mit-krb5/patches/patch-cd

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Fri Dec  3 20:11:31 UTC 2010

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
           pkgsrc/security/mit-krb5/patches: patch-ca patch-cb patch-cc patch-cd

   Log Message:
   add fix for CVE-2010-1323 from
   http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt


   To generate a diff of this commit:
   cvs rdiff -u -r1.49 -r1.50 pkgsrc/security/mit-krb5/Makefile
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/mit-krb5/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-ca \
       pkgsrc/security/mit-krb5/patches/patch-cb \
       pkgsrc/security/mit-krb5/patches/patch-cc \
       pkgsrc/security/mit-krb5/patches/patch-cd
@
text
@a0 15
$NetBSD: patch-cb,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/crypto/dk/derive.c.orig	2010-12-03 11:38:08.683111800 -0600
+++ lib/crypto/dk/derive.c	2010-12-03 11:38:50.395857000 -0600
@@@@ -40,6 +40,8 @@@@
     keybytes = enc->keybytes;
     keylength = enc->keylength;
 
+    if (blocksize == 1)
+	return(KRB5_BAD_ENCTYPE);
     if ((inkey->length != keylength) ||
 	(outkey->length != keylength))
 	return(KRB5_CRYPTO_INTERNAL);
@