Fri Dec 3 20:11:31 2010 UTC ()
add fix for CVE-2010-1323 from
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt
(tez)
diff -r1.49 -r1.50 pkgsrc/security/mit-krb5/Makefile
diff -r1.25 -r1.26 pkgsrc/security/mit-krb5/distinfo
diff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-ca
diff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-cb
diff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-cc
diff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-cd
--- pkgsrc/security/mit-krb5/Makefile 2010/05/20 14:21:23 1.49
+++ pkgsrc/security/mit-krb5/Makefile 2010/12/03 20:11:31 1.50
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2010/05/20 14:21:23 tez Exp $
+# $NetBSD: Makefile,v 1.50 2010/12/03 20:11:31 tez Exp $
DISTNAME= krb5-1.4.2
PKGNAME= mit-${DISTNAME:S/-signed$//}
-PKGREVISION= 10
+PKGREVISION= 11
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/
DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
--- pkgsrc/security/mit-krb5/distinfo 2010/05/20 14:21:23 1.25
+++ pkgsrc/security/mit-krb5/distinfo 2010/12/03 20:11:31 1.26
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2010/05/20 14:21:23 tez Exp $
+$NetBSD: distinfo,v 1.26 2010/12/03 20:11:31 tez Exp $
SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
@@ -53,3 +53,7 @@
SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00
SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9
SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24
+SHA1 (patch-ca) = 93c234c007f2dafa0221d1bd1d3ed4953fc116c9
+SHA1 (patch-cb) = 9d892ed2993178085dd7df565afb794fe18f0f06
+SHA1 (patch-cc) = 6fe639b33da7756f6e9ad1a03e2f40d74ddb9c6d
+SHA1 (patch-cd) = 8339ac4305865b8e540a0f1bb14c1f1478447c0b
$NetBSD: patch-ca,v 1.1 2010/12/03 20:11:31 tez Exp $
CVE-2010-1323 fix
--- lib/crypto/keyed_checksum_types.c.orig 2010-12-03 11:36:00.476825900 -0600
+++ lib/crypto/keyed_checksum_types.c 2010-12-03 11:37:44.915328600 -0600
@@ -51,6 +51,15 @@
{
unsigned int i, c;
+ if (enctype == ENCTYPE_ARCFOUR_HMAC ||
+ enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+ *count = 1;
+ if ((*cksumtypes = malloc(sizeof(krb5_cksumtype))) == NULL)
+ return(ENOMEM);
+ (*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+ return(0);
+ }
+
c = 0;
for (i=0; i<krb5_cksumtypes_length; i++) {
if ((krb5_cksumtypes_list[i].keyhash &&
$NetBSD: patch-cb,v 1.1 2010/12/03 20:11:31 tez Exp $
CVE-2010-1323 fix
--- lib/crypto/dk/derive.c.orig 2010-12-03 11:38:08.683111800 -0600
+++ lib/crypto/dk/derive.c 2010-12-03 11:38:50.395857000 -0600
@@ -40,6 +40,8 @@
keybytes = enc->keybytes;
keylength = enc->keylength;
+ if (blocksize == 1)
+ return(KRB5_BAD_ENCTYPE);
if ((inkey->length != keylength) ||
(outkey->length != keylength))
return(KRB5_CRYPTO_INTERNAL);
$NetBSD: patch-cc,v 1.1 2010/12/03 20:11:31 tez Exp $
CVE-2010-1323 fix
--- lib/krb5/krb/preauth2.c.orig 2010-12-03 11:39:40.124063600 -0600
+++ lib/krb5/krb/preauth2.c 2010-12-03 11:41:33.300010400 -0600
@@ -665,7 +665,9 @@
cksum = sc2->sam_cksum;
- while (*cksum) {
+ for (; *cksum; cksum++) {
+ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+ continue;
/* Check this cksum */
retval = krb5_c_verify_checksum(context, as_key,
KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
@@ -679,7 +681,6 @@
}
if (valid_cksum)
break;
- cksum++;
}
if (!valid_cksum) {
$NetBSD: patch-cd,v 1.1 2010/12/03 20:11:31 tez Exp $
CVE-2010-1323 fix
--- lib/krb5/krb/mk_safe.c.orig 2010-12-03 11:41:53.890970000 -0600
+++ lib/krb5/krb/mk_safe.c 2010-12-03 11:44:00.588325800 -0600
@@ -212,10 +212,29 @@
for (i = 0; i < nsumtypes; i++)
if (auth_context->safe_cksumtype == sumtypes[i])
break;
- if (i == nsumtypes)
- i = 0;
- sumtype = sumtypes[i];
krb5_free_cksumtypes (context, sumtypes);
+ if (i < nsumtypes)
+ sumtype = auth_context->safe_cksumtype;
+ else {
+ switch (keyblock->enctype) {
+ case ENCTYPE_DES_CBC_MD4:
+ sumtype = CKSUMTYPE_RSA_MD4_DES;
+ break;
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_CRC:
+ sumtype = CKSUMTYPE_RSA_MD5_DES;
+ break;
+ default:
+ retval = krb5int_c_mandatory_cksumtype(context,
+ keyblock->enctype,
+ &sumtype);
+ if (retval) {
+ CLEANUP_DONE();
+ goto error;
+ }
+ break;
+ }
+ }
}
if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata,
plocal_fulladdr, premote_fulladdr,