Changes 1.8.6: This is primarily a bugfix release. * Fix an interaction in iprop that could cause spurious excess kadmind processes when a kprop child fails. Changes 1.8.5: This is primarily a bugfix release. * Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1528 CVE-2011-1529 CVE-2011-4151].diff -r1.55 -r1.56 pkgsrc/security/mit-krb5/Makefile
(adam)
| @@ -1,25 +1,24 @@ | @@ -1,25 +1,24 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.55 2011/10/23 19:58:16 tez Exp $ | 1 | # $NetBSD: Makefile,v 1.56 2012/02/26 13:14:19 adam Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= krb5-1.8.4 | 3 | DISTNAME= krb5-1.8.6 | |
| 4 | PKGNAME= mit-${DISTNAME} | 4 | PKGNAME= mit-${DISTNAME} | |
| 5 | PKGREVISION= 1 | |||
| 6 | CATEGORIES= security | 5 | CATEGORIES= security | |
| 7 | MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.8/ | 6 | MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.8/ | |
| 8 | EXTRACT_SUFX= .tar | 7 | EXTRACT_SUFX= .tar | |
| 9 | DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} | 8 | DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} | |
| 10 | 9 | |||
| 11 | PATCH_SITES= http://web.mit.edu/kerberos/advisories/ | 10 | #PATCH_SITES= http://web.mit.edu/kerberos/advisories/ | |
| 12 | PATCHFILES= 2011-006-patch-r18.txt | 11 | #PATCHFILES= 2011-006-patch-r18.txt | |
| 13 | 12 | |||
| 14 | MAINTAINER= tez@NetBSD.org | 13 | MAINTAINER= tez@NetBSD.org | |
| 15 | HOMEPAGE= http://web.mit.edu/kerberos/ | 14 | HOMEPAGE= http://web.mit.edu/kerberos/ | |
| 16 | COMMENT= MIT Kerberos 5 authentication system | 15 | COMMENT= MIT Kerberos 5 authentication system | |
| 17 | 16 | |||
| 18 | PKG_DESTDIR_SUPPORT= user-destdir | 17 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 19 | MAKE_JOBS_SAFE= no | 18 | MAKE_JOBS_SAFE= no | |
| 20 | 19 | |||
| 21 | WRKSRC= ${WRKDIR}/${DISTNAME}/src | 20 | WRKSRC= ${WRKDIR}/${DISTNAME}/src | |
| 22 | 21 | |||
| 23 | BUILD_TARGET= generate-files-mac all | 22 | BUILD_TARGET= generate-files-mac all | |
| 24 | 23 | |||
| 25 | .include "../../mk/bsd.prefs.mk" | 24 | .include "../../mk/bsd.prefs.mk" |
| @@ -1,77 +1,77 @@ | @@ -1,77 +1,77 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.14 2011/03/22 23:31:04 tez Exp $ | 1 | @comment $NetBSD: PLIST,v 1.15 2012/02/26 13:14:19 adam Exp $ | |
| 2 | bin/compile_et | 2 | bin/compile_et | |
| 3 | bin/gss-client | 3 | bin/gss-client | |
| 4 | bin/k5srvutil | 4 | bin/k5srvutil | |
| 5 | bin/kadmin | 5 | bin/kadmin | |
| 6 | bin/kdestroy | 6 | bin/kdestroy | |
| 7 | bin/kinit | 7 | bin/kinit | |
| 8 | bin/klist | 8 | bin/klist | |
| 9 | bin/kpasswd | 9 | bin/kpasswd | |
| 10 | bin/krb5-config | 10 | bin/krb5-config | |
| 11 | bin/ksu | 11 | bin/ksu | |
| 12 | bin/ktutil | 12 | bin/ktutil | |
| 13 | bin/kvno | 13 | bin/kvno | |
| 14 | bin/sclient | 14 | bin/sclient | |
| 15 | bin/sim_client | 15 | bin/sim_client | |
| 16 | bin/uuclient | 16 | bin/uuclient | |
| 17 | include/com_err.h | 17 | include/com_err.h | |
| 18 | include/gssapi.h | 18 | include/gssapi.h | |
| 19 | include/gssapi/gssapi.h | 19 | include/gssapi/gssapi.h | |
| 20 | include/gssapi/gssapi_ext.h | 20 | include/gssapi/gssapi_ext.h | |
| 21 | include/gssapi/gssapi_generic.h | 21 | include/gssapi/gssapi_generic.h | |
| 22 | include/gssapi/gssapi_krb5.h | 22 | include/gssapi/gssapi_krb5.h | |
| 23 | include/gssapi/mechglue.h | |||
| 23 | include/gssrpc/auth.h | 24 | include/gssrpc/auth.h | |
| 24 | include/gssrpc/auth_gss.h | 25 | include/gssrpc/auth_gss.h | |
| 25 | include/gssrpc/auth_gssapi.h | 26 | include/gssrpc/auth_gssapi.h | |
| 26 | include/gssrpc/auth_unix.h | 27 | include/gssrpc/auth_unix.h | |
| 27 | include/gssrpc/clnt.h | 28 | include/gssrpc/clnt.h | |
| 28 | include/gssapi/mechglue.h | |||
| 29 | include/gssrpc/netdb.h | 29 | include/gssrpc/netdb.h | |
| 30 | include/gssrpc/pmap_clnt.h | 30 | include/gssrpc/pmap_clnt.h | |
| 31 | include/gssrpc/pmap_prot.h | 31 | include/gssrpc/pmap_prot.h | |
| 32 | include/gssrpc/pmap_rmt.h | 32 | include/gssrpc/pmap_rmt.h | |
| 33 | include/gssrpc/rename.h | 33 | include/gssrpc/rename.h | |
| 34 | include/gssrpc/rpc.h | 34 | include/gssrpc/rpc.h | |
| 35 | include/gssrpc/rpc_msg.h | 35 | include/gssrpc/rpc_msg.h | |
| 36 | include/gssrpc/svc.h | 36 | include/gssrpc/svc.h | |
| 37 | include/gssrpc/svc_auth.h | 37 | include/gssrpc/svc_auth.h | |
| 38 | include/gssrpc/types.h | 38 | include/gssrpc/types.h | |
| 39 | include/gssrpc/xdr.h | 39 | include/gssrpc/xdr.h | |
| 40 | include/kadm5/admin.h | 40 | include/kadm5/admin.h | |
| 41 | include/kadm5/chpass_util_strings.h | 41 | include/kadm5/chpass_util_strings.h | |
| 42 | include/kadm5/kadm_err.h | 42 | include/kadm5/kadm_err.h | |
| 43 | include/kdb.h | 43 | include/kdb.h | |
| 44 | include/krb5.h | 44 | include/krb5.h | |
| 45 | include/krb5/krb5.h | 45 | include/krb5/krb5.h | |
| 46 | include/krb5/locate_plugin.h | 46 | include/krb5/locate_plugin.h | |
| 47 | include/profile.h | 47 | include/profile.h | |
| 48 | info/krb5-admin.info | 48 | info/krb5-admin.info | |
| 49 | info/krb5-install.info | 49 | info/krb5-install.info | |
| 50 | info/krb5-user.info | 50 | info/krb5-user.info | |
| 51 | lib/krb5/plugins/kdb/libdb2.la | |||
| 52 | lib/krb5/plugins/preauth/libencrypted_challenge.la | |||
| 53 | lib/krb5/plugins/preauth/libpkinit.la | |||
| 51 | lib/libcom_err.la | 54 | lib/libcom_err.la | |
| 52 | lib/libgssapi_krb5.la | 55 | lib/libgssapi_krb5.la | |
| 53 | lib/libgssrpc.la | 56 | lib/libgssrpc.la | |
| 54 | lib/libk5crypto.la | 57 | lib/libk5crypto.la | |
| 55 | lib/libkadm5clnt.la | 58 | lib/libkadm5clnt.la | |
| 56 | lib/libkadm5clnt_mit.la | 59 | lib/libkadm5clnt_mit.la | |
| 57 | lib/libkadm5srv.la | 60 | lib/libkadm5srv.la | |
| 58 | lib/libkadm5srv_mit.la | 61 | lib/libkadm5srv_mit.la | |
| 59 | lib/libkdb5.la | 62 | lib/libkdb5.la | |
| 60 | lib/libkrb5.la | 63 | lib/libkrb5.la | |
| 61 | lib/libkrb5support.la | 64 | lib/libkrb5support.la | |
| 62 | lib/krb5/plugins/kdb/libdb2.la | |||
| 63 | lib/krb5/plugins/preauth/libencrypted_challenge.la | |||
| 64 | lib/krb5/plugins/preauth/libpkinit.la | |||
| 65 | man/man1/compile_et.1 | 65 | man/man1/compile_et.1 | |
| 66 | man/man1/k5srvutil.1 | 66 | man/man1/k5srvutil.1 | |
| 67 | man/man1/kadmin.1 | 67 | man/man1/kadmin.1 | |
| 68 | man/man1/kdestroy.1 | 68 | man/man1/kdestroy.1 | |
| 69 | man/man1/kerberos.1 | 69 | man/man1/kerberos.1 | |
| 70 | man/man1/kinit.1 | 70 | man/man1/kinit.1 | |
| 71 | man/man1/klist.1 | 71 | man/man1/klist.1 | |
| 72 | man/man1/kpasswd.1 | 72 | man/man1/kpasswd.1 | |
| 73 | man/man1/krb5-config.1 | 73 | man/man1/krb5-config.1 | |
| 74 | man/man1/krb5-send-pr.1 | 74 | man/man1/krb5-send-pr.1 | |
| 75 | man/man1/ksu.1 | 75 | man/man1/ksu.1 | |
| 76 | man/man1/ktutil.1 | 76 | man/man1/ktutil.1 | |
| 77 | man/man1/kvno.1 | 77 | man/man1/kvno.1 |
| @@ -1,21 +1,21 @@ | @@ -1,21 +1,21 @@ | |||
| 1 | $NetBSD: distinfo,v 1.32 2011/10/23 19:58:16 tez Exp $ | 1 | $NetBSD: distinfo,v 1.33 2012/02/26 13:14:19 adam Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (2011-006-patch-r18.txt) = 30b66b6c5dce537d66874ac58e622b3f6e992ac6 | 3 | SHA1 (2011-006-patch-r18.txt) = 30b66b6c5dce537d66874ac58e622b3f6e992ac6 | |
| 4 | RMD160 (2011-006-patch-r18.txt) = 829a6d2dc876190996e90e0a6a43e2d018cbaaa5 | 4 | RMD160 (2011-006-patch-r18.txt) = 829a6d2dc876190996e90e0a6a43e2d018cbaaa5 | |
| 5 | Size (2011-006-patch-r18.txt) = 2908 bytes | 5 | Size (2011-006-patch-r18.txt) = 2908 bytes | |
| 6 | SHA1 (krb5-1.8.4-signed.tar) = fe1fc21e923ae8dcaa7a26f4f97e0ac49c8e3115 | 6 | SHA1 (krb5-1.8.6-signed.tar) = 0a1356c6680578f683b6ffd33044f6f02d69b315 | |
| 7 | RMD160 (krb5-1.8.4-signed.tar) = 34d6df8248007bac0321400b2650c2aca774af16 | 7 | RMD160 (krb5-1.8.6-signed.tar) = 3faad0306482f99c1467d045767090d298a20ce4 | |
| 8 | Size (krb5-1.8.4-signed.tar) = 11642880 bytes | 8 | Size (krb5-1.8.6-signed.tar) = 11950080 bytes | |
| 9 | SHA1 (patch-aa) = cd8cdc594bc872d641ceaba0aa0d91b5f1caf2ae | 9 | SHA1 (patch-aa) = cd8cdc594bc872d641ceaba0aa0d91b5f1caf2ae | |
| 10 | SHA1 (patch-ad) = 49a9429d163adb872b1c97ade8ed0e13d8eec3cb | 10 | SHA1 (patch-ad) = 49a9429d163adb872b1c97ade8ed0e13d8eec3cb | |
| 11 | SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd | 11 | SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd | |
| 12 | SHA1 (patch-af) = 245b6dea2eff9da9911ac6eabf2ebdbe7fdac305 | 12 | SHA1 (patch-af) = 245b6dea2eff9da9911ac6eabf2ebdbe7fdac305 | |
| 13 | SHA1 (patch-ag) = f8daf2dd247365d506e117cb49c5d0f50e9822ed | 13 | SHA1 (patch-ag) = f8daf2dd247365d506e117cb49c5d0f50e9822ed | |
| 14 | SHA1 (patch-ah) = 922542765f73dc25c464715c29c8d63c9cd9c718 | 14 | SHA1 (patch-ah) = 922542765f73dc25c464715c29c8d63c9cd9c718 | |
| 15 | SHA1 (patch-aj) = 8a00ca30db3c9c3c9a2f7506cdc4c5b20f7f42c6 | 15 | SHA1 (patch-aj) = 8a00ca30db3c9c3c9a2f7506cdc4c5b20f7f42c6 | |
| 16 | SHA1 (patch-ak) = 9ba29870084dfcd3f6f66e801b42d6577cda004a | 16 | SHA1 (patch-ak) = 9ba29870084dfcd3f6f66e801b42d6577cda004a | |
| 17 | SHA1 (patch-al) = 8660b932c999d5b3ac63be27fc1013cceff368b9 | 17 | SHA1 (patch-al) = 8660b932c999d5b3ac63be27fc1013cceff368b9 | |
| 18 | SHA1 (patch-ce) = 72ec322894facfd75a010f82372cfa9ef96afb5f | 18 | SHA1 (patch-ce) = 72ec322894facfd75a010f82372cfa9ef96afb5f | |
| 19 | SHA1 (patch-cf) = 651f223a5c3dff566d0b5c5279d47538576c5979 | 19 | SHA1 (patch-cf) = 651f223a5c3dff566d0b5c5279d47538576c5979 | |
| 20 | SHA1 (patch-cg) = 8c89dd960ebbe444534a849827c78f077cce499b | 20 | SHA1 (patch-cg) = 8c89dd960ebbe444534a849827c78f077cce499b | |
| 21 | SHA1 (patch-ch) = 0e36012b43c498b8920f204bab2ba9a68f8c851a | 21 | SHA1 (patch-ch) = 0e36012b43c498b8920f204bab2ba9a68f8c851a |