head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.4
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.12.03.20.11.31;	author tez;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.12.03.20.11.31;	author spz;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.12.12.15.20.09;	author spz;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-cc,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/krb5/krb/preauth2.c.orig	2010-12-03 11:39:40.124063600 -0600
+++ lib/krb5/krb/preauth2.c	2010-12-03 11:41:33.300010400 -0600
@@@@ -665,7 +665,9 @@@@
 
    cksum = sc2->sam_cksum;
    
-   while (*cksum) {
+   for (; *cksum; cksum++) {
+	if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+	    continue;
 	/* Check this cksum */
 	retval = krb5_c_verify_checksum(context, as_key,
 			KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@@@ -679,7 +681,6 @@@@
 	}
 	if (valid_cksum)
 	   break;
-	cksum++;
    }
 
    if (!valid_cksum) {
@


1.1
log
@add fix for CVE-2010-1323 from
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-cc was added on branch pkgsrc-2010Q3 on 2010-12-12 15:20:09 +0000
@
text
@d1 25
@


1.1.2.2
log
@Pullup ticket 3299 - requested by tez
security fixes

Revisions pulled up:
- pkgsrc/security/mit-krb5/Makefile		1.50
- pkgsrc/security/mit-krb5/distinfo		1.26

Files added:
pkgsrc/security/mit-krb5/patches/patch-ca
pkgsrc/security/mit-krb5/patches/patch-cb
pkgsrc/security/mit-krb5/patches/patch-cc
pkgsrc/security/mit-krb5/patches/patch-cd

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Fri Dec  3 20:11:31 UTC 2010

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
           pkgsrc/security/mit-krb5/patches: patch-ca patch-cb patch-cc patch-cd

   Log Message:
   add fix for CVE-2010-1323 from
   http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt


   To generate a diff of this commit:
   cvs rdiff -u -r1.49 -r1.50 pkgsrc/security/mit-krb5/Makefile
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/mit-krb5/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-ca \
       pkgsrc/security/mit-krb5/patches/patch-cb \
       pkgsrc/security/mit-krb5/patches/patch-cc \
       pkgsrc/security/mit-krb5/patches/patch-cd
@
text
@a0 25
$NetBSD: patch-cc,v 1.1 2010/12/03 20:11:31 tez Exp $

CVE-2010-1323 fix

--- lib/krb5/krb/preauth2.c.orig	2010-12-03 11:39:40.124063600 -0600
+++ lib/krb5/krb/preauth2.c	2010-12-03 11:41:33.300010400 -0600
@@@@ -665,7 +665,9 @@@@
 
    cksum = sc2->sam_cksum;
    
-   while (*cksum) {
+   for (; *cksum; cksum++) {
+	if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+	    continue;
 	/* Check this cksum */
 	retval = krb5_c_verify_checksum(context, as_key,
 			KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@@@ -679,7 +681,6 @@@@
 	}
 	if (valid_cksum)
 	   break;
-	cksum++;
    }
 
    if (!valid_cksum) {
@