diff options
| author |   Eray Aslan <eras@gentoo.org> | 2011-07-06 13:48:45 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2011-07-06 13:48:45 +0000 |
| commit | 430666dad8ed81cc6c6807e2a9e65c0f530478e2 (patch) | |
| tree | 4e5d8ffe9d6cc15c190f7e0eeec8842912c616f9 /app-crypt/mit-krb5-appl | |
| parent | [bump] dev-perl/Event-1.180.0 (diff) | |
| download | gentoo-2-430666dad8ed81cc6c6807e2a9e65c0f530478e2.tar.gz gentoo-2-430666dad8ed81cc6c6807e2a9e65c0f530478e2.tar.bz2 gentoo-2-430666dad8ed81cc6c6807e2a9e65c0f530478e2.zip | |
security bump - bug #374229
(Portage version: 2.1.10.4/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt/mit-krb5-appl')
| -rw-r--r-- | app-crypt/mit-krb5-appl/ChangeLog | 8 | ||||
| -rw-r--r-- | app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch | 58 | ||||
| -rw-r--r-- | app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild | 58 |
3 files changed, 123 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5-appl/ChangeLog b/app-crypt/mit-krb5-appl/ChangeLog index 68560f9519ef..10f7d0f54cbe 100644 --- a/app-crypt/mit-krb5-appl/ChangeLog +++ b/app-crypt/mit-krb5-appl/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/mit-krb5-appl # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.10 2011/04/23 18:24:42 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.11 2011/07/06 13:48:45 eras Exp $ + +*mit-krb5-appl-1.0.1-r1 (06 Jul 2011) + + 06 Jul 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-appl-1.0.1-r1.ebuild, + +files/CVE-2011-1526.patch: + security bump - bug #374229 23 Apr 2011; Raúl Porcel <armin76@gentoo.org> mit-krb5-appl-1.0.1.ebuild: arm/ia64/m68k/s390/sh/sparc stable wrt #358597 diff --git a/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch b/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch new file mode 100644 index 000000000000..9c4466214e53 --- /dev/null +++ b/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch @@ -0,0 +1,58 @@ +diff --git a/configure.ac b/configure.ac +index 86e23f1..2fe68ad 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -107,6 +107,7 @@ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp) + AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg) + AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af) + AC_CHECK_FUNCS(seteuid setlogin setpgid setpriority setresuid setreuid) ++AC_CHECK_FUNCS(setegid setregid setresgid) + AC_CHECK_FUNCS(setutent setutsent setutxent strsave tcgetpgrp tcsetpgrp) + AC_CHECK_FUNCS(ttyname unsetenv updwtmp updwtmpx utimes utmpname utmpxname) + AC_CHECK_FUNCS(vhangup vsnprintf waitpid) +diff --git a/gssftp/ftpd/ftpd.c b/gssftp/ftpd/ftpd.c +index fe62a9c..a150819 100644 +--- a/gssftp/ftpd/ftpd.c ++++ b/gssftp/ftpd/ftpd.c +@@ -994,9 +994,14 @@ login(passwd, logincode) + #endif + } + +- (void) krb5_setegid((gid_t)pw->pw_gid); +- (void) initgroups(pw->pw_name, pw->pw_gid); +- ++ if (krb5_setegid((gid_t)pw->pw_gid) < 0) { ++ reply(550, "Can't set egid."); ++ goto bad; ++ } ++ if (geteuid() == 0 && initgroups(pw->pw_name, pw->pw_gid) < 0) { ++ reply(550, "Can't initgroups"); ++ goto bad; ++ } + /* open wtmp before chroot */ + (void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid()); + pty_logwtmp(ttyline, pw->pw_name, rhost_sane); +diff --git a/k5-util.h b/k5-util.h +index 7bb8cfb..64cd53d 100644 +--- a/k5-util.h ++++ b/k5-util.h +@@ -69,8 +69,7 @@ + #elif defined(HAVE_SETREUID) + # define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID)) + #else +- /* You need to add a case to deal with this operating system.*/ +-# define krb5_seteuid(EUID) (errno = EPERM, -1) ++# error "You need to add a case to deal with this operating system." + #endif + + #ifdef HAVE_SETEGID +@@ -80,8 +79,7 @@ + #elif defined(HAVE_SETREGID) + # define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID))) + #else +- /* You need to add a case to deal with this operating system.*/ +-# define krb5_setegid(EGID) (errno = EPERM, -1) ++# error "You need to add a case to deal with this operating system." + #endif + + #endif diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild new file mode 100644 index 000000000000..61c76e4c768f --- /dev/null +++ b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild @@ -0,0 +1,58 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild,v 1.1 2011/07/06 13:48:45 eras Exp $ + +EAPI=4 + +inherit flag-o-matic versionator autotools eutils + +MY_P=${P/mit-} +MAJOR_MINOR="$( get_version_component_range 1-2 )" +DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="" + +RDEPEND=">=app-crypt/mit-krb5-1.8.0" +DEPEND="${RDEPEND}" + +S=${WORKDIR}/${MY_P} + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2011-1526.patch" + eautoreconf +} + +src_configure() { + append-flags "-I/usr/include/et" + append-flags -fno-strict-aliasing + append-flags -fno-strict-overflow + econf +} + +src_install() { + emake DESTDIR="${D}" install + for i in {telnetd,ftpd} ; do + mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \ + || die "mv failed (man)" + mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed" + done + + for i in {rcp,rlogin,rsh,telnet,ftp} ; do + mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \ + || die "mv failed (man)" + mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed" + done + + rm "${D}"/usr/share/man/man1/tmac.doc + dodoc README +} |