diff options
| author |   Eray Aslan <eras@gentoo.org> | 2010-11-05 21:13:42 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2010-11-05 21:13:42 +0000 |
| commit | 388639aeb3f0d881bdf26fcc834cbc467f7a2279 (patch) | |
| tree | 93c5f236625c4c7c906a15787a260d06fb57d0c4 /app-crypt | |
| parent | Fixed luasec dependency. (diff) | |
| download | gentoo-2-388639aeb3f0d881bdf26fcc834cbc467f7a2279.tar.gz gentoo-2-388639aeb3f0d881bdf26fcc834cbc467f7a2279.tar.bz2 gentoo-2-388639aeb3f0d881bdf26fcc834cbc467f7a2279.zip | |
Security bump - bug #339866
(Portage version: 2.1.9.24/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt')
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 8 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1322.patch | 33 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild | 117 |
3 files changed, 157 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index f790d7c42918..2232cba69d67 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.231 2010/08/05 14:34:57 darkside Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.232 2010/11/05 21:13:42 eras Exp $ + +*mit-krb5-1.8.3-r1 (05 Nov 2010) + + 05 Nov 2010; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.3-r1.ebuild, + +files/CVE-2010-1322.patch: + Security bump - bug #339866 05 Aug 2010; Jeremy Olexa <darkside@gentoo.org> metadata.xml, -mit-krb5-1.6.3-r6.ebuild: diff --git a/app-crypt/mit-krb5/files/CVE-2010-1322.patch b/app-crypt/mit-krb5/files/CVE-2010-1322.patch new file mode 100644 index 000000000000..0de12e62f3e1 --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2010-1322.patch @@ -0,0 +1,33 @@ +diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c +index b5de64d..cc44e29 100644 +--- a/src/kdc/kdc_authdata.c ++++ b/src/kdc/kdc_authdata.c +@@ -495,7 +495,7 @@ merge_authdata (krb5_context context, + krb5_boolean copy, + krb5_boolean ignore_kdc_issued) + { +- size_t i, nadata = 0; ++ size_t i, j, nadata = 0; + krb5_authdata **authdata = *out_authdata; + + if (in_authdata == NULL || in_authdata[0] == NULL) +@@ -529,16 +529,16 @@ merge_authdata (krb5_context context, + in_authdata = tmp; + } + +- for (i = 0; in_authdata[i] != NULL; i++) { ++ for (i = 0, j = 0; in_authdata[i] != NULL; i++) { + if (ignore_kdc_issued && + is_kdc_issued_authdatum(context, in_authdata[i], 0)) { + free(in_authdata[i]->contents); + free(in_authdata[i]); + } else +- authdata[nadata + i] = in_authdata[i]; ++ authdata[nadata + j++] = in_authdata[i]; + } + +- authdata[nadata + i] = NULL; ++ authdata[nadata + j] = NULL; + + free(in_authdata); + diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild new file mode 100644 index 000000000000..3ceb994d30cc --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.3-r1.ebuild,v 1.1 2010/11/05 21:13:42 eras Exp $ + +EAPI="2" + +inherit eutils flag-o-matic versionator + +MY_P=${P/mit-} +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ldap doc xinetd" + +RDEPEND="!!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.41.0 + sys-apps/keyutils + ldap? ( net-nds/openldap ) + xinetd? ( sys-apps/xinetd )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-1322.patch" +} + +src_configure() { + append-flags "-I/usr/include/et" + econf \ + $(use_with ldap) \ + --without-krb4 \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-replay-cache \ + --disable-rpath +} + +src_compile() { + emake -j1 || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_test() { + einfo "Tests do not run in sandbox, they need mit-krb5 to be already installed to test it." +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="/usr/share/doc/${PF}/examples" \ + install || die "install failed" + + # default database dir + keepdir /var/lib/krb5kdc + + cd .. + dodoc README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + + # die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + einfo "" + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + einfo "" + fi +} |