Sun Feb 26 13:14:19 2012 UTC ()
Changes 1.8.6:
This is primarily a bugfix release.
* Fix an interaction in iprop that could cause spurious excess kadmind processes
  when a kprop child fails.

Changes 1.8.5:
This is primarily a bugfix release.
* Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities
  [CVE-2011-1528 CVE-2011-1529 CVE-2011-4151].


(adam)
diff -r1.55 -r1.56 pkgsrc/security/mit-krb5/Makefile
diff -r1.14 -r1.15 pkgsrc/security/mit-krb5/PLIST
diff -r1.32 -r1.33 pkgsrc/security/mit-krb5/distinfo
cvs diff -r1.55 -r1.56 pkgsrc/security/mit-krb5/Makefile (switch to unified diff)

--- pkgsrc/security/mit-krb5/Makefile 2011/10/23 19:58:16 1.55
+++ pkgsrc/security/mit-krb5/Makefile 2012/02/26 13:14:19 1.56
@@ -1,87 +1,86 @@ @@ -1,87 +1,86 @@
1# $NetBSD: Makefile,v 1.55 2011/10/23 19:58:16 tez Exp $ 1# $NetBSD: Makefile,v 1.56 2012/02/26 13:14:19 adam Exp $
2 2
3DISTNAME= krb5-1.8.4 3DISTNAME= krb5-1.8.6
4PKGNAME= mit-${DISTNAME} 4PKGNAME= mit-${DISTNAME}
5PKGREVISION= 1 
6CATEGORIES= security 5CATEGORIES= security
7MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.8/ 6MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.8/
8EXTRACT_SUFX= .tar 7EXTRACT_SUFX= .tar
9DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} 8DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX}
10 9
11PATCH_SITES= http://web.mit.edu/kerberos/advisories/ 10#PATCH_SITES= http://web.mit.edu/kerberos/advisories/
12PATCHFILES= 2011-006-patch-r18.txt 11#PATCHFILES= 2011-006-patch-r18.txt
13 12
14MAINTAINER= tez@NetBSD.org 13MAINTAINER= tez@NetBSD.org
15HOMEPAGE= http://web.mit.edu/kerberos/ 14HOMEPAGE= http://web.mit.edu/kerberos/
16COMMENT= MIT Kerberos 5 authentication system 15COMMENT= MIT Kerberos 5 authentication system
17 16
18PKG_DESTDIR_SUPPORT= user-destdir 17PKG_DESTDIR_SUPPORT= user-destdir
19MAKE_JOBS_SAFE= no 18MAKE_JOBS_SAFE= no
20 19
21WRKSRC= ${WRKDIR}/${DISTNAME}/src 20WRKSRC= ${WRKDIR}/${DISTNAME}/src
22 21
23BUILD_TARGET= generate-files-mac all 22BUILD_TARGET= generate-files-mac all
24 23
25.include "../../mk/bsd.prefs.mk" 24.include "../../mk/bsd.prefs.mk"
26 25
27CONFLICTS+= heimdal-[0-9]* 26CONFLICTS+= heimdal-[0-9]*
28CONFLICTS+= kth-krb4-[0-9]* 27CONFLICTS+= kth-krb4-[0-9]*
29 28
30USE_LIBTOOL= yes 29USE_LIBTOOL= yes
31USE_TOOLS+= autoconf gmake m4 perl yacc 30USE_TOOLS+= autoconf gmake m4 perl yacc
32MAKE_PROGRAM= gmake 31MAKE_PROGRAM= gmake
33GNU_CONFIGURE= yes 32GNU_CONFIGURE= yes
34 33
35# The actual KDC databases are stored in ${MIT_KRB5_STATEDIR}/krb5kdc. 34# The actual KDC databases are stored in ${MIT_KRB5_STATEDIR}/krb5kdc.
36MIT_KRB5_STATEDIR?= ${VARBASE} 35MIT_KRB5_STATEDIR?= ${VARBASE}
37FILES_SUBST+= MIT_KRB5_STATEDIR=${MIT_KRB5_STATEDIR} 36FILES_SUBST+= MIT_KRB5_STATEDIR=${MIT_KRB5_STATEDIR}
38 37
39BUILD_DEFS+= VARBASE 38BUILD_DEFS+= VARBASE
40 39
41CONFIGURE_ARGS+= --localstatedir=${MIT_KRB5_STATEDIR} 40CONFIGURE_ARGS+= --localstatedir=${MIT_KRB5_STATEDIR}
42CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 41CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
43CONFIGURE_ARGS+= --enable-shared 42CONFIGURE_ARGS+= --enable-shared
44CONFIGURE_ARGS+= --enable-dns-for-realm 43CONFIGURE_ARGS+= --enable-dns-for-realm
45CONFIGURE_ARGS+= --enable-kdc-replay-cache 44CONFIGURE_ARGS+= --enable-kdc-replay-cache
46CONFIGURE_ARGS+= --disable-thread-support 45CONFIGURE_ARGS+= --disable-thread-support
47CONFIGURE_ARGS+= --without-tcl 46CONFIGURE_ARGS+= --without-tcl
48CONFIGURE_ARGS+= --enable-pkgsrc-libtool 47CONFIGURE_ARGS+= --enable-pkgsrc-libtool
49MAKE_ENV+= ROOT_USER=${ROOT_USER} 48MAKE_ENV+= ROOT_USER=${ROOT_USER}
50 49
51PATCH_DIST_ARGS= -d ${WRKSRC} -p2 50PATCH_DIST_ARGS= -d ${WRKSRC} -p2
52 51
53INFO_FILES= YES 52INFO_FILES= YES
54 53
55OWN_DIRS_PERMS= ${MIT_KRB5_STATEDIR}/krb5kdc \ 54OWN_DIRS_PERMS= ${MIT_KRB5_STATEDIR}/krb5kdc \
56 ${ROOT_USER} ${ROOT_GROUP} 0700 55 ${ROOT_USER} ${ROOT_GROUP} 0700
57RCD_SCRIPTS= kadmind kdc 56RCD_SCRIPTS= kadmind kdc
58 57
59INSTALLATION_DIRS= bin include/gssapi include/gssrpc ${PKGINFODIR} \ 58INSTALLATION_DIRS= bin include/gssapi include/gssrpc ${PKGINFODIR} \
60 ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 \ 59 ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 \
61 ${PKGMANDIR}/man8 sbin share/examples/krb5 \ 60 ${PKGMANDIR}/man8 sbin share/examples/krb5 \
62 share/et share/examples/rc.d share/gnats \ 61 share/et share/examples/rc.d share/gnats \
63 lib/krb5/plugins/kdb lib/krb5/plugins/preauth \ 62 lib/krb5/plugins/kdb lib/krb5/plugins/preauth \
64 include/krb5 include/kadm5 63 include/krb5 include/kadm5
65 64
66# The MIT krb5 distribution is actually a tar file that contains the 65# The MIT krb5 distribution is actually a tar file that contains the
67# real .tar.gz distfile and a PGP signature. 66# real .tar.gz distfile and a PGP signature.
68post-extract: 67post-extract:
69 @${ECHO} "=> Extracting internal tarball"; \ 68 @${ECHO} "=> Extracting internal tarball"; \
70 extract_file="${WRKDIR}/${DISTNAME}.tar.gz"; \ 69 extract_file="${WRKDIR}/${DISTNAME}.tar.gz"; \
71 cd ${WRKDIR} && ${EXTRACT_CMD} 70 cd ${WRKDIR} && ${EXTRACT_CMD}
72 71
73pre-configure: 72pre-configure:
74 @${ECHO} "=> Generating configure"; \ 73 @${ECHO} "=> Generating configure"; \
75 cd ${WRKSRC}; autoconf -I ${WRKSRC} -f; 74 cd ${WRKSRC}; autoconf -I ${WRKSRC} -f;
76 75
77post-install: 76post-install:
78 @${ECHO} "=> Installing info files"; \ 77 @${ECHO} "=> Installing info files"; \
79 cd ${WRKDIR}/${DISTNAME}/doc; \ 78 cd ${WRKDIR}/${DISTNAME}/doc; \
80 for f in *.info *.info-[0-9]*; do \ 79 for f in *.info *.info-[0-9]*; do \
81 ${TEST} ! -f "$$f" || \ 80 ${TEST} ! -f "$$f" || \
82 ${INSTALL_MAN} "$$f" ${DESTDIR}${PREFIX}/${PKGINFODIR}; \ 81 ${INSTALL_MAN} "$$f" ${DESTDIR}${PREFIX}/${PKGINFODIR}; \
83 done 82 done
84 83
85BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.8 84BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.8
86.include "../../security/openssl/buildlink3.mk" 85.include "../../security/openssl/buildlink3.mk"
87.include "../../mk/bsd.pkg.mk" 86.include "../../mk/bsd.pkg.mk"
cvs diff -r1.14 -r1.15 pkgsrc/security/mit-krb5/PLIST (switch to unified diff)

--- pkgsrc/security/mit-krb5/PLIST 2011/03/22 23:31:04 1.14
+++ pkgsrc/security/mit-krb5/PLIST 2012/02/26 13:14:19 1.15
@@ -1,109 +1,109 @@ @@ -1,109 +1,109 @@
1@comment $NetBSD: PLIST,v 1.14 2011/03/22 23:31:04 tez Exp $ 1@comment $NetBSD: PLIST,v 1.15 2012/02/26 13:14:19 adam Exp $
2bin/compile_et 2bin/compile_et
3bin/gss-client 3bin/gss-client
4bin/k5srvutil 4bin/k5srvutil
5bin/kadmin 5bin/kadmin
6bin/kdestroy 6bin/kdestroy
7bin/kinit 7bin/kinit
8bin/klist 8bin/klist
9bin/kpasswd 9bin/kpasswd
10bin/krb5-config 10bin/krb5-config
11bin/ksu 11bin/ksu
12bin/ktutil 12bin/ktutil
13bin/kvno 13bin/kvno
14bin/sclient 14bin/sclient
15bin/sim_client 15bin/sim_client
16bin/uuclient 16bin/uuclient
17include/com_err.h 17include/com_err.h
18include/gssapi.h 18include/gssapi.h
19include/gssapi/gssapi.h 19include/gssapi/gssapi.h
20include/gssapi/gssapi_ext.h 20include/gssapi/gssapi_ext.h
21include/gssapi/gssapi_generic.h 21include/gssapi/gssapi_generic.h
22include/gssapi/gssapi_krb5.h 22include/gssapi/gssapi_krb5.h
 23include/gssapi/mechglue.h
23include/gssrpc/auth.h 24include/gssrpc/auth.h
24include/gssrpc/auth_gss.h 25include/gssrpc/auth_gss.h
25include/gssrpc/auth_gssapi.h 26include/gssrpc/auth_gssapi.h
26include/gssrpc/auth_unix.h 27include/gssrpc/auth_unix.h
27include/gssrpc/clnt.h 28include/gssrpc/clnt.h
28include/gssapi/mechglue.h 
29include/gssrpc/netdb.h 29include/gssrpc/netdb.h
30include/gssrpc/pmap_clnt.h 30include/gssrpc/pmap_clnt.h
31include/gssrpc/pmap_prot.h 31include/gssrpc/pmap_prot.h
32include/gssrpc/pmap_rmt.h 32include/gssrpc/pmap_rmt.h
33include/gssrpc/rename.h 33include/gssrpc/rename.h
34include/gssrpc/rpc.h 34include/gssrpc/rpc.h
35include/gssrpc/rpc_msg.h 35include/gssrpc/rpc_msg.h
36include/gssrpc/svc.h 36include/gssrpc/svc.h
37include/gssrpc/svc_auth.h 37include/gssrpc/svc_auth.h
38include/gssrpc/types.h 38include/gssrpc/types.h
39include/gssrpc/xdr.h 39include/gssrpc/xdr.h
40include/kadm5/admin.h 40include/kadm5/admin.h
41include/kadm5/chpass_util_strings.h 41include/kadm5/chpass_util_strings.h
42include/kadm5/kadm_err.h 42include/kadm5/kadm_err.h
43include/kdb.h 43include/kdb.h
44include/krb5.h 44include/krb5.h
45include/krb5/krb5.h 45include/krb5/krb5.h
46include/krb5/locate_plugin.h 46include/krb5/locate_plugin.h
47include/profile.h 47include/profile.h
48info/krb5-admin.info 48info/krb5-admin.info
49info/krb5-install.info 49info/krb5-install.info
50info/krb5-user.info 50info/krb5-user.info
 51lib/krb5/plugins/kdb/libdb2.la
 52lib/krb5/plugins/preauth/libencrypted_challenge.la
 53lib/krb5/plugins/preauth/libpkinit.la
51lib/libcom_err.la 54lib/libcom_err.la
52lib/libgssapi_krb5.la 55lib/libgssapi_krb5.la
53lib/libgssrpc.la 56lib/libgssrpc.la
54lib/libk5crypto.la 57lib/libk5crypto.la
55lib/libkadm5clnt.la 58lib/libkadm5clnt.la
56lib/libkadm5clnt_mit.la 59lib/libkadm5clnt_mit.la
57lib/libkadm5srv.la 60lib/libkadm5srv.la
58lib/libkadm5srv_mit.la 61lib/libkadm5srv_mit.la
59lib/libkdb5.la 62lib/libkdb5.la
60lib/libkrb5.la 63lib/libkrb5.la
61lib/libkrb5support.la 64lib/libkrb5support.la
62lib/krb5/plugins/kdb/libdb2.la 
63lib/krb5/plugins/preauth/libencrypted_challenge.la 
64lib/krb5/plugins/preauth/libpkinit.la 
65man/man1/compile_et.1 65man/man1/compile_et.1
66man/man1/k5srvutil.1 66man/man1/k5srvutil.1
67man/man1/kadmin.1 67man/man1/kadmin.1
68man/man1/kdestroy.1 68man/man1/kdestroy.1
69man/man1/kerberos.1 69man/man1/kerberos.1
70man/man1/kinit.1 70man/man1/kinit.1
71man/man1/klist.1 71man/man1/klist.1
72man/man1/kpasswd.1 72man/man1/kpasswd.1
73man/man1/krb5-config.1 73man/man1/krb5-config.1
74man/man1/krb5-send-pr.1 74man/man1/krb5-send-pr.1
75man/man1/ksu.1 75man/man1/ksu.1
76man/man1/ktutil.1 76man/man1/ktutil.1
77man/man1/kvno.1 77man/man1/kvno.1
78man/man1/sclient.1 78man/man1/sclient.1
79man/man5/.k5login.5 79man/man5/.k5login.5
80man/man5/kdc.conf.5 80man/man5/kdc.conf.5
81man/man5/krb5.conf.5 81man/man5/krb5.conf.5
82man/man8/kadmin.local.8 82man/man8/kadmin.local.8
83man/man8/kadmind.8 83man/man8/kadmind.8
84man/man8/kdb5_util.8 84man/man8/kdb5_util.8
85man/man8/kprop.8 85man/man8/kprop.8
86man/man8/kpropd.8 86man/man8/kpropd.8
87man/man8/kproplog.8 87man/man8/kproplog.8
88man/man8/krb5kdc.8 88man/man8/krb5kdc.8
89man/man8/sserver.8 89man/man8/sserver.8
90sbin/gss-server 90sbin/gss-server
91sbin/kadmin.local 91sbin/kadmin.local
92sbin/kadmind 92sbin/kadmind
93sbin/kdb5_util 93sbin/kdb5_util
94sbin/kprop 94sbin/kprop
95sbin/kpropd 95sbin/kpropd
96sbin/kproplog 96sbin/kproplog
97sbin/krb5-send-pr 97sbin/krb5-send-pr
98sbin/krb5kdc 98sbin/krb5kdc
99sbin/sim_server 99sbin/sim_server
100sbin/sserver 100sbin/sserver
101sbin/uuserver 101sbin/uuserver
102share/et/et_c.awk 102share/et/et_c.awk
103share/et/et_h.awk 103share/et/et_h.awk
104share/examples/krb5/kdc.conf 104share/examples/krb5/kdc.conf
105share/examples/krb5/krb5.conf 105share/examples/krb5/krb5.conf
106share/examples/krb5/services.append 106share/examples/krb5/services.append
107share/examples/rc.d/kadmind 107share/examples/rc.d/kadmind
108share/examples/rc.d/kdc 108share/examples/rc.d/kdc
109share/gnats/mit 109share/gnats/mit
cvs diff -r1.32 -r1.33 pkgsrc/security/mit-krb5/distinfo (switch to unified diff)

--- pkgsrc/security/mit-krb5/distinfo 2011/10/23 19:58:16 1.32
+++ pkgsrc/security/mit-krb5/distinfo 2012/02/26 13:14:19 1.33
@@ -1,25 +1,25 @@ @@ -1,25 +1,25 @@
1$NetBSD: distinfo,v 1.32 2011/10/23 19:58:16 tez Exp $ 1$NetBSD: distinfo,v 1.33 2012/02/26 13:14:19 adam Exp $
2 2
3SHA1 (2011-006-patch-r18.txt) = 30b66b6c5dce537d66874ac58e622b3f6e992ac6 3SHA1 (2011-006-patch-r18.txt) = 30b66b6c5dce537d66874ac58e622b3f6e992ac6
4RMD160 (2011-006-patch-r18.txt) = 829a6d2dc876190996e90e0a6a43e2d018cbaaa5 4RMD160 (2011-006-patch-r18.txt) = 829a6d2dc876190996e90e0a6a43e2d018cbaaa5
5Size (2011-006-patch-r18.txt) = 2908 bytes 5Size (2011-006-patch-r18.txt) = 2908 bytes
6SHA1 (krb5-1.8.4-signed.tar) = fe1fc21e923ae8dcaa7a26f4f97e0ac49c8e3115 6SHA1 (krb5-1.8.6-signed.tar) = 0a1356c6680578f683b6ffd33044f6f02d69b315
7RMD160 (krb5-1.8.4-signed.tar) = 34d6df8248007bac0321400b2650c2aca774af16 7RMD160 (krb5-1.8.6-signed.tar) = 3faad0306482f99c1467d045767090d298a20ce4
8Size (krb5-1.8.4-signed.tar) = 11642880 bytes 8Size (krb5-1.8.6-signed.tar) = 11950080 bytes
9SHA1 (patch-aa) = cd8cdc594bc872d641ceaba0aa0d91b5f1caf2ae 9SHA1 (patch-aa) = cd8cdc594bc872d641ceaba0aa0d91b5f1caf2ae
10SHA1 (patch-ad) = 49a9429d163adb872b1c97ade8ed0e13d8eec3cb 10SHA1 (patch-ad) = 49a9429d163adb872b1c97ade8ed0e13d8eec3cb
11SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd 11SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd
12SHA1 (patch-af) = 245b6dea2eff9da9911ac6eabf2ebdbe7fdac305 12SHA1 (patch-af) = 245b6dea2eff9da9911ac6eabf2ebdbe7fdac305
13SHA1 (patch-ag) = f8daf2dd247365d506e117cb49c5d0f50e9822ed 13SHA1 (patch-ag) = f8daf2dd247365d506e117cb49c5d0f50e9822ed
14SHA1 (patch-ah) = 922542765f73dc25c464715c29c8d63c9cd9c718 14SHA1 (patch-ah) = 922542765f73dc25c464715c29c8d63c9cd9c718
15SHA1 (patch-aj) = 8a00ca30db3c9c3c9a2f7506cdc4c5b20f7f42c6 15SHA1 (patch-aj) = 8a00ca30db3c9c3c9a2f7506cdc4c5b20f7f42c6
16SHA1 (patch-ak) = 9ba29870084dfcd3f6f66e801b42d6577cda004a 16SHA1 (patch-ak) = 9ba29870084dfcd3f6f66e801b42d6577cda004a
17SHA1 (patch-al) = 8660b932c999d5b3ac63be27fc1013cceff368b9 17SHA1 (patch-al) = 8660b932c999d5b3ac63be27fc1013cceff368b9
18SHA1 (patch-ce) = 72ec322894facfd75a010f82372cfa9ef96afb5f 18SHA1 (patch-ce) = 72ec322894facfd75a010f82372cfa9ef96afb5f
19SHA1 (patch-cf) = 651f223a5c3dff566d0b5c5279d47538576c5979 19SHA1 (patch-cf) = 651f223a5c3dff566d0b5c5279d47538576c5979
20SHA1 (patch-cg) = 8c89dd960ebbe444534a849827c78f077cce499b 20SHA1 (patch-cg) = 8c89dd960ebbe444534a849827c78f077cce499b
21SHA1 (patch-ch) = 0e36012b43c498b8920f204bab2ba9a68f8c851a 21SHA1 (patch-ch) = 0e36012b43c498b8920f204bab2ba9a68f8c851a
22SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970 22SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970
23SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b 23SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b
24SHA1 (patch-ck) = 87b7704ca9de02880ef8b3dbb097e87d0252bd4b 24SHA1 (patch-ck) = 87b7704ca9de02880ef8b3dbb097e87d0252bd4b
25SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7 25SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7