Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id 991C763CA24 for ; Fri, 8 Jul 2011 09:59:31 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 78F1514A156; Fri, 8 Jul 2011 09:59:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5FEE914A154 for ; Fri, 8 Jul 2011 09:59:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id gYF7LbnFlzxr for ; Fri, 8 Jul 2011 09:59:28 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id B5F7714A150 for ; Fri, 8 Jul 2011 09:59:28 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id A7DF1175DD; Fri, 8 Jul 2011 09:59:28 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Fri, 8 Jul 2011 09:59:28 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/security/mit-krb5 To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20110708095928.A7DF1175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: adam Date: Fri Jul 8 09:59:28 UTC 2011 Modified Files: pkgsrc/security/mit-krb5: Makefile buildlink3.mk distinfo Log Message: Changes 1.8.4: This is primarily a bugfix release. Fix vulnerabilities: * KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322] * kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022] * KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] * KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284] * kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285] Interoperability: * Correctly encrypt GSSAPI forwarded credentials using the session key, not a subkey. * Set NT-SRV-INST on TGS principal names as expected by some Windows Server Domain Controllers. * Don't reject AP-REQ messages if their PAC doesn't validate; suppress the PAC instead. * Correctly validate HMAC-MD5 checksums that use DES keys To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/security/mit-krb5/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/mit-krb5/buildlink3.mk cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/mit-krb5/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.