diff options
| author |   Eray Aslan <eras@gentoo.org> | 2012-12-24 17:43:36 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2012-12-24 17:43:36 +0000 |
| commit | 0820394fb586aff3e50481f48aad94666886bbf8 (patch) | |
| tree | e8408fbdc6c0dbceda568880504fe504aa53f807 /app-crypt/mit-krb5 | |
| parent | Remove redundant einfo message. (diff) | |
| download | historical-0820394fb586aff3e50481f48aad94666886bbf8.tar.gz historical-0820394fb586aff3e50481f48aad94666886bbf8.tar.bz2 historical-0820394fb586aff3e50481f48aad94666886bbf8.zip | |
Remove old patches
Package-Manager: portage-2.2.0_alpha149/cvs/Linux x86_64
Manifest-Sign-Key: 0x77F1F175586A3B1F
Diffstat (limited to 'app-crypt/mit-krb5')
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 12 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/Manifest | 41 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/2011-006-patch-r18.patch | 73 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1322.patch | 33 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch | 202 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-4022.patch | 19 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch | 126 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2011-0284.patch | 13 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2011-0285.patch | 39 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2011-1530.patch | 40 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.10_uninitialized.patch | 13 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch | 112 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0285.patch | 35 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-kprop_exit_on_error.patch | 25 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5_testsuite.patch | 93 |
15 files changed, 25 insertions, 851 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 0eb755162b4d..166553a45d29 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.346 2012/12/24 17:27:55 eras Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.347 2012/12/24 17:43:24 eras Exp $ + + 24 Dec 2012; Eray Aslan <eras@gentoo.org> -files/2011-006-patch-r18.patch, + -files/CVE-2010-1322.patch, -files/CVE-2010-1323.1324.4020.patch, + -files/CVE-2010-4022.patch, -files/CVE-2011-0281.0282.0283.patch, + -files/CVE-2011-0284.patch, -files/CVE-2011-0285.patch, + -files/CVE-2011-1530.patch, -files/mit-krb5-1.10_uninitialized.patch, + -files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch, + -files/mit-krb5-1.8.3-CVE-2011-0285.patch, + -files/mit-krb5-kprop_exit_on_error.patch, -files/mit-krb5_testsuite.patch: + Remove old patches 24 Dec 2012; Eray Aslan <eras@gentoo.org> files/mit-krb5-1.11_uninitialized.patch: diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index b927583f6862..c1d41e6fab84 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -1,26 +1,13 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 -AUX 2011-006-patch-r18.patch 2908 SHA256 54490a4152e2bf912fa92137c3be90221fd64f818a09be256a1147b351e676e3 SHA512 1dd2a058a12057e6b5f111030903171094a6214070380922006058e81616a1af20f196b54fd8065163e61f35f193211182a8943df33bb0a1e3afe404831ac0c8 WHIRLPOOL c399c81d9f77dfcc7de930d07d849d1c617625701038f8d7f35f20ac22cb7f5352439531e53c4161e5b5af461550f7caefc6bb1cb8b857242bd8db5ae0e2b03c -AUX CVE-2010-1322.patch 1066 SHA256 7d9fbfffdaa0cde0ca499ccbb2cf09a6c7253e537755bbf6da9e08715fd9a474 SHA512 14e8c48d022e8e5ea8c5c8f91df2673e546c4a34ce811806e74cb7eb518a4312ee0db829dc282cc25a6fbba39d02b66e85660c72a9e3dcb33f31d55f2dcec71a WHIRLPOOL 4b8dde1d25856a6c313a61d0f0cf9552db8c333d9b77f16acaa063e85d0fc18d8bfacd0929abe441a95d1c805fd1672ccda98cc7de90ca19450fd985debd4a5e -AUX CVE-2010-1323.1324.4020.patch 7908 SHA256 ec08fca9738b5fae619154379ae0158531cb630b6f25551c14d87313c2d2a5f0 SHA512 45217406fcdc4d7b436ed87a4f0b09715905bc84221e780b41eefffd460e3870c5a0f9457dbfb3aec5ab2d2d4d346322ddae4bb4ee7e060291cd68a74353a473 WHIRLPOOL 1a0864987731767944abf0e0543dec3163af48d3036174698cbcc0dadedbe4778ee1850eb08d6b65a395b6199b2f1c9ecd77467892a8d13529bbc9337534dee6 -AUX CVE-2010-4022.patch 632 SHA256 25f50e9406a36525b5f727041c9d584ef3f188fa5d3a39b4e63d1a853219a9e2 SHA512 e5ff83ea79af8c32dd210c0853b0a17bdeffcb32d0cc532ef0237f32293107aa33ce1c18913a8b92d95ad5aa52d47861eacf1059fda35f2ed0351b3097b2b114 WHIRLPOOL 4c342760d3e91820213d70163138f6ca75a8e4b9d72c78b4046dcc264b4a58479c7a8b9f161fed6cd1a9d03a719151c270e824946c188300084562ede542ce50 -AUX CVE-2011-0281.0282.0283.patch 6663 SHA256 1b3ccea9022527c36e153c5d89ecfd9609a111e235b1d0430e1fcc6933e76e48 SHA512 10d2317be7682126f8e471702f7cc093521d734f94ce1c27a768ed735cabc5105a35feb7166a7f440fa18c67da63216c6da41331d9dd9ac976c523986c570220 WHIRLPOOL 21eba11f9d7686da3f471c668797696562a24a0cce415236e21dfb1d0b0f6a5008622fd72f60f734c754cc664b82ae0c54702fec27cc8e0dcd0fa60b7c249801 -AUX CVE-2011-0284.patch 544 SHA256 bf93bbaf5d502f5b5bdcfa612e36c3828d3be869b154545bad1c7109f4eedae4 SHA512 024113a9210db825f26f12e20fe706921d4a97bb1953fded8b254a97c9077b05409f63a8515672e0eae7130f8f9fcc6693b764b7f809ef158d12949b406cf7b5 WHIRLPOOL 95b3dffe67e6ee11acf7244c2826a2761ca6d3d629a1c787e892e4f07d98e53c5640d2286085b331aa3a16c0eab569bc0e2fbca1ae2b72593496ba927de85c28 -AUX CVE-2011-0285.patch 1154 SHA256 6a972da0e87dce82e801590a7bdcca300a5b31ed569f834e0a6634a185a9aac0 SHA512 0426ac51bae602f63b865677f20dba8bb4534dc41a165210711cba49da702a71eeac9182f95a0a3716ed284f762e20bab82ffef6a11fce26544b6b0be158aa2f WHIRLPOOL 2870bea1fae19e1dda4a9cfa1e9344d9538a1aa8f96fd29646153150fcdede9952d649b0ff401bf1d0f517e6da521e9cec98f9b582eb2893a3924f316dc7919b -AUX CVE-2011-1530.patch 1417 SHA256 0b0413e175e81b5fb7497f3351341066644431d72663bb1cba9d59b715669486 SHA512 8adec731f17c9e7b331695592ff19b7405fecc6295750a73352231771526268d49d8c77ab0b1ccd59d159059e1046c6ee97f2725e8f39c1f3e6f7467a57edfe8 WHIRLPOOL a13d9fc076867931346aad28d4c0b22cbc7225c848d1b0f0a3c25739d2b1edf76054344a6b9949e2dfe77f4280f9fb129cbf81c9e54261dd48537f8d9ae37ba6 AUX CVE-2012-1014.patch 697 SHA256 2c98d1625eaaeda8e96d812bff722c6175491dd87b159ec01d422de3c0228cce SHA512 048dd15c89b699d43225705dad566a2115980e57ec117bd318fe97a3ace98a52ffb4271dd7c5a548e32ca42a17984d72627ed5c9d1ae82242d8421e47a5f026f WHIRLPOOL b32e13882e6084ecd350011965756b7eecc0b831c867d9dcec022c1a69d6fdec28565791d36ae2918afa14af960acd7d2ef902ed475805548d55d480b5a4313b AUX CVE-2012-1015.patch 1752 SHA256 6e6749d4dcfaad1df963983ffb1cf144f11ab79af035ccf0a44f047dd0a8d6ad SHA512 9ef4a76fb68a7cdc3a2cf488cba394171432ba30812d4041a8315916217cd1443f9ab0094c7329f1464dcef3f0a38a548c82b0ee022c3da0e6ca6d0e3635f421 WHIRLPOOL 77276937a29f38038f993f29798459beb2d242a663867cee7324aa012eadf550afb3b2b731d4ba66f79baca1f52098d5ac93ac7fd4428f193b4190df2d0d4efa AUX kpropd.xinetd 194 SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736 SHA512 c9bbd13f2fadfd2a925bfae834ba61f227cd4386b4c4466b5227d93c792f4549778ef4d6e08353372df99804459277c71f61b41ec71f3afcc600d73c5705f72f WHIRLPOOL d77ae7b0094c4f42a7ea9cee5d36d0dba844a9ed5d59c621e47c7fa4b75c84fec3414e079c570513711b378d1b0fef61156f675a0df79ee61540d9492416fe42 AUX mit-krb5-1.10.1_gcc470.patch 345 SHA256 e1f326b015fe9a91d50ee5f6cc74690416f017e34aa1216b38e0444f68897807 SHA512 2c4690d9b6310e98095ee7b80da330c3276606b255ea7769056e2ef3270cfb9076ffaf13b3f1fbe20e45f75e750bace4d17abf90edfec35a0cc8291273a06f20 WHIRLPOOL 7a5d9070eee158e4fe48877854dd4a8839e9c0f704358db795761a6bc9c40890f8239a481d0f9a3a84fd3d2294d20c8321d37a57f1ba7a877aba126f0127d0aa AUX mit-krb5-1.10.1_uninitialized_extra-2.patch 1338 SHA256 8ef6e5375d9eb932aae5650441a4f61d4e81eb68bf6baa5f7ded40e3b0fae95b SHA512 7fa655ce412e8dfc92ac002fe7ce8b6f0aee5470c2fca2a9f1974c016b3ef251216b0ba74df4ca3651d9838f6353f7ffdf264dce34eaa108feded64a4613c1c4 WHIRLPOOL b2f65d4bbb79652d7aca3a25c7382190f5efbe5b8d0494737ae2274fe4b7ee5fae1f9c8c42b4625be6ac4e6aceb59e64c07c470b8ea33f289e9bd73bafb6a922 AUX mit-krb5-1.10.1_uninitialized_extra.patch 985 SHA256 447f55fdb3641a7d57018112e137e1d1bc073c4bb5d97a9eb4e78cf12c8d77e9 SHA512 d20ad6823ea743204246479dbd630ff511871c5277b3e47bda09b0156d82cfd481863b0f7a4fed640f40b698e8acd46842da4d87d54e7df9b65ccb81fb15a82e WHIRLPOOL d22e981d7bec1d00c13ec8b1fae7d6e6e398317594483d07dcd20f324095cfacd31226710aac4b33042e82544cf6d1599ed849fe406bc6cd1c494c7c358a8265 -AUX mit-krb5-1.10_uninitialized.patch 346 SHA256 31db64e1834dceb65786f65f37c600d15b10bb48ed8a1687bc2df0aeab5b918d SHA512 86ac54a6edf4f40ad59056aeb604cb565729f46199ec9e37273f97f349efc5e840d8e3f4d2562bbbb61ad28eb85c84ef4af01859a9c3f818f4232ab9d24b6cd1 WHIRLPOOL f92b89d34bed3c2d506d6093b6d61d773e3e3c78b9305d07424cb53674ae89eae6538949a1552ea1ca237468f2a7f31af1d7c5ecd1df9ccc24f0cad3f87f1b95 AUX mit-krb5-1.11_uninitialized.patch 2081 SHA256 d48d228e0c78d8a2b8c6b807e0294d68b87c9316770ece4b2033852ecff1ea30 SHA512 e108b183f9dddecf7a1decbfd1db14decf45799002401f77d9910c39125f14a4520a3e8588c1c55244add8a9c42a3066bd060b869d30b1e252fc7a9fa1935d88 WHIRLPOOL 03da04c94eb1f953310d7cf3b1f9f71322f51bb2582dde0c2d9b24a951420b60b77039726178d021a6068f489a6174f0099485f0817f954105a6ceaa1a6fc6e7 -AUX mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch 6130 SHA256 7831c9a9553404b41774f40f3fc0df6769342c1923c5b1177062710fd5f0f2bb SHA512 fc98689d1318d0c61121fe4756577cf0181b1dcfaf47a6166726b126f4b095f410da3a88679669c129ea4e8043d47bb8dbab43a5981cc1b6ec95a56d3c25a6fb WHIRLPOOL bcd017345387b5954af23a5fb5b6a499381678cc033cf37889687e347fb29ea8db51cb43841061cdaea4f75784b67af19e08e239dd5f28b7e4999f5ef1c4ffd7 -AUX mit-krb5-1.8.3-CVE-2011-0285.patch 1136 SHA256 88f8d015f2bce8f54a6a0321716ed887aef587aeae3017d47c7c18de26189f02 SHA512 22faa6a9056d7377381d5ea196e53f311a3f9575feb5eb518dc04ccffda1706623e0c377f93a7c3e14cb78c05bfb0e1420ded6eac77162f6dd9f56a994057a09 WHIRLPOOL 62f03aba2c0dadaae14e07116c55cbc5de83da33bcc003ac4d7bf2cd2d5d263ff3cbdc26cd748c06ae67480f96c5ae84c031e5de11f158f0f046d8631797112d -AUX mit-krb5-kprop_exit_on_error.patch 712 SHA256 a59b64e0a00dda8e394925aad68893aebc7b7d7c6651684df9b671551f77d9f7 SHA512 860268e5f98b7ad6d4c280f96255c8eef578e070b1dca61b6fb7d4ea45ac211c0822f5fbeaa4567b728ebea8d934e1529cbae5df667fb08b143f927f152dd9e7 WHIRLPOOL 2e00bda6ca06773d6910c67029e96a768dd6132b09cbb85704454096381fccb6898be3bb36925df9ea8b182417bca3b74e5b0e3a06bf519320bc30adbd9dcfa3 -AUX mit-krb5_testsuite.patch 3069 SHA256 3c8cfdb012a5388b1a92658437dce619593b91f0b0c582ef66194347274b26f9 SHA512 81e833fb5f2779e708216c92f6c40d18a5f4a6ab960e03e905224ab484e6d17126a84758e6dc81a0a667dd4df08ea5e4a4284e3543efa5e2365b97c520fd856c WHIRLPOOL 430c0b49861974ee1d788bf82edbd31c091d9e4ab9b095e640574cb516ddb22f9a8a0a98edb47e3c542e44bc8e3a14c2bc7a89d054672ae1f80b036eafc38e7d AUX mit-krb5kadmind.initd 587 SHA256 fcf92aa6a325bee8b5a1a5d9f627a1ee85d36eb1d410f8fb169550e61d7b1da5 SHA512 0f601aeaf6a7bdf3c832cf1c426721d47a1c3c16fc79c7f6eebf0631452a64846ebcf8edb57d7c2c4acf4f6887f8bf6df3bc6e04c305ffd2f679a35fd75cfe0b WHIRLPOOL a114829df706e7e6b0720464d0138b0b76ce29ccbf855703228ac1da97de19123b3761c953eb94d69c508dd1863ce355347e60e11e0146809f66d42151795ed8 AUX mit-krb5kadmind.initd-r1 592 SHA256 3e55c79f19aaa6ef6b64a621c03dbb2eac3ad923916dc803f4c1bfe48ce89fbb SHA512 f0595e9bbcd85badb403af7febce1fa28278bd7fc8118498948171ea12a27ce8b3c479a34b36639d7370193bc69a0b093ae7e3b66473078dabc38864fec931e9 WHIRLPOOL 16147fc873ad16c16410e82df817fdb7ff068ef5cc1c50d9bb5558f134db36d516ab80628714e836a20883d0d1dfd17bfca5a41225be4ecca270580f2db28e70 AUX mit-krb5kdc.initd 557 SHA256 12c642b59b821121beabd09e78fcf46aeea8269d29e14e5dc2f20236d6cf3f0f SHA512 e5ffca591a139f26e2ba7f46ceb167b1609656b8ae6bf07423fcdb5da442314348859e8d241edd331d6165364349b85e9847d73cc0c799b52faba2711ecc271d WHIRLPOOL f1d58284df9e45f1057c0584a878d0fbee1c1174d80df9bfbab33366e3b374cdb23e87ab5fea97068c675aff9999483b41d8fb6958954e8f3073287b7dbbe1d3 @@ -35,22 +22,22 @@ EBUILD mit-krb5-1.10.2-r1.ebuild 3320 SHA256 c38f09ce2031078a977b290421f5983a254 EBUILD mit-krb5-1.10.3.ebuild 3242 SHA256 685d27b8709174075ac3e7e6ca0195976b51250849d0c2f1812634e238d9c9cd SHA512 359c83fc95228570b8837bdb91ae887341adc77e596b27897626545d3e0a0291dbb02590a6b6eb23c7f033f24a193e81472a5442cfeca648b76163740c3ceba1 WHIRLPOOL 8e4ed41639adadf078827259c8a0c47c48c13f7476510987f6cfb7b0af54bf02b426a5085063a656be763492329307825c4533e20302287da7532717234cc0bc EBUILD mit-krb5-1.11.ebuild 2932 SHA256 5d47509b8f91105209e7de6dece77038642db558b3aecf46b433debbea594816 SHA512 d9fd2d407d7e6ec4c27c61e426a80160f6db70ceeb8ab5ac24c7db466d48765ea794fd671113fd4a57cd144b7a0088b14d06346db5d36a466a03020f9bf4fa92 WHIRLPOOL 0c272453f6454e6f653790a31826aa2bb26715aa70a43277e6028df6b88ce51c04132420ea68ecd992423051171f21d06b7a647c6328ebe3f4d7fcfcb2b4285d EBUILD mit-krb5-1.9.4-r1.ebuild 3049 SHA256 576f46bfcc2cec0e9440f2be2a340ca30768eefc89001c3af3db5b971060181d SHA512 913f2f291b63bd182ff0c7d65cce950b54126740c1a65d314f5a8f9bbd0705b8efdd129098070688d80c87e3f1b08157ac1b6f6dd33e8e97020ba926b64965fa WHIRLPOOL f1da7e873db7e7404dd8e07f88ca7b38ef8f83e5a25ff3883c48f41d5d5b912ea366a96674977421b68dc678f73556de43392e6c37d096630722227b2a731e91 -MISC ChangeLog 54419 SHA256 11e21dbcf7255746052e49fad1bff47b5b2d82ef97c2f6c8c7939067f9df0167 SHA512 a955cce78ef59500a222c9578c369ddb69f8d89b0baa7286266edd99081642299326ae409539dc3f9a6d93526423c5b9441821da54e5319e73781e2e94518a0b WHIRLPOOL 35d09f6c799a0a4a66a00cb5fc4169c18e693601c80274180ae2770999e09e436b391b1e79422d906e9590c908a53b384c3653d2d2d357f158452227e6e46d27 +MISC ChangeLog 54962 SHA256 66184f08fe5116abce6affe83ac35cfe164a31e651c6beb63ae82df9b0f53ca3 SHA512 753abe9002c95cd9b82bb2e2dab656aa653f3f48711cffa65bbb3827645c77692a970db8114a9105be47502e64953cdd5ed403ce0c874362d0d746473aafb5bc WHIRLPOOL 51e6956401b5df9013f6191e358be809522a3ec01fcccda0f4e501c0565f8edd1d86704b9cab40b9d7a2a315124bb51d7c9e6a5273e874491b72cb1880ca625e MISC metadata.xml 668 SHA256 da5862dde92f34b882870961cb9f1e4aa8209fc549e32a43d99770a9de8b232d SHA512 0038aeb7cda74161d2e2fe97c5124ee6cc86a24b9503714c128cd8b9af8b8050a89cf5dd3aadd66b1714c1d1aeb8564d50479547a586200793ea485e9f9c6c8b WHIRLPOOL 52394a4f4d5acb11f3bf2e76e036707c7f7741990d70bafb5c87a6da5d191b6aee3cb8383f6e66694cbda7458eb1a869c7ec8758750741835e2f1af4e028378c -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iQIcBAEBCAAGBQJQ2JC8AAoJEHfx8XVYajsfC68P/jpI7N8E4ud+2v2mze+0duPi -IKBlF7VKVXRUoH8+WOM8X7r34J+93Y/qDiEvRHFNkS27gMd2tZJNkJbFdDp/kioh -BFC3Enl3tn9aI9nd4zLMT71H07dLoFTX8XVmc4VQ8xWQlzdf8XJ8hHr42AlNlgBT -bGQCbFYe6tUG8HQa6askpORBAiQtes1t81eRjZzO8wymZIIVbigg6luRLz7/3LPk -8H27XkC+51s1y6e74WC2FmxhQcMDfj+schV1x0QWygbXaLxyCiByn9dK9jbJCajx -Cyxtp3nVZ7ORDEWDbR1jJYDhEHblO/dAHKEchIGwH2/A5qiB44HFhB9GZJeXcmFm -cN9N9W6jIy/3TN2eM0cmmaLg3XoWyX1+hjHHv1TY9T7wojmF7v2b52eQ/k9yG3Q7 -w6TPA+F7fv/KMssewZc+JfwFlidUy1Et8miY+HSriy0z9/HuS5ErDpPLNcS75VmI -/ElJVSgMfxXUHwJdvd31EEIrtUPzFM+aOhpZVy2ykmRtjsg98WLJTP7AWnpTKJuC -x8PIXGuOJpYeLXJduPYIpUJfG04lZcUOghJmpS2punAMAA9eu1GXPw/+1+1uWlhI -CuXY3CUB0z5wXQ43kQsmVW07NH8KA/xcMB49R4BwFjwoIH1rANK6aKooC+Dxmzh5 -NwTiaUi0Vt+M40j+fRNl -=yPUS +iQIcBAEBCAAGBQJQ2JRHAAoJEHfx8XVYajsfqdwQALFjk/vk1PEJlVD07IrOo6yr +G8enHX5JKwnrf7W2vPRpUPOfbpt2yb7pumq+A9DbDcVUo0DOtvB8fENaUJZFRZM9 +gJuL79ZERdBHkc+swJMljn21Jo+UwZ/BMwUyL0oXPONUWXVIIilLCSwhfLSApKc9 +0dFrS4uQocKnImI2Ws4Kyel1O5SB+J2OYety6xfgnXOinxFT98aj1lajcphD4fVf +onhlEa+pHsoa/ZMJ0Z2FnAkgzmlUBzbnB1VqCUkAXUB8piclgffM8Wc6ZPdX557h +7qO4kr3Jwj/bdg9/i8D8IHVaoULomK2C6tgMVWD2s9xl3TXNQqzXEnRZnZBqxlRc +SuIsR3YA6LV3F9zIXFi2eAMSNz7SuqZDxLCCJpxQ09T6yIyQBD3o+20i1o15Qmb2 +4CMBgKkf+i4XLZjFmOkvVBIm1WE1Jh7Tm7eJGCkzvKrfvnXQktO1gOdBCMxtQpcb +90sYNQWH2f0Op9b+4m4emZSOTMxghH5WVwt0CTPHCwpyUfZXHhXigK08ZkVCi4SJ +KwACnM00O0Ko+i3/fyJP4BB2A2ZEyeMcJcC1WamSdpqkFodyIIJ56tcO4l+u69cW +uzd22reytFfOzcyZJNgjKh/dRT4sQ+fydHtmDMucATjgHqyy6quBd0uRz8PTFOcd +Q7L5J9iwrB4xEvt8H2Mj +=LeG7 -----END PGP SIGNATURE----- diff --git a/app-crypt/mit-krb5/files/2011-006-patch-r18.patch b/app-crypt/mit-krb5/files/2011-006-patch-r18.patch deleted file mode 100644 index 2da0e1439d82..000000000000 --- a/app-crypt/mit-krb5/files/2011-006-patch-r18.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c -index 498c0de..5f973fb 100644 ---- a/src/plugins/kdb/db2/lockout.c -+++ b/src/plugins/kdb/db2/lockout.c -@@ -158,13 +158,23 @@ krb5_db2_lockout_audit(krb5_context context, - return 0; - } - -+ if (entry == NULL) -+ return 0; -+ - code = lookup_lockout_policy(context, entry, &max_fail, - &failcnt_interval, - &lockout_duration); - if (code != 0) - return code; - -- assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry)); -+ /* -+ * Don't continue to modify the DB for an already locked account. -+ * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and -+ * this check is unneeded, but in rare cases, we can fail with an -+ * integrity error or preauth failure before a policy check.) -+ */ -+ if (locked_check_p(context, stamp, max_fail, lockout_duration, entry)) -+ return 0; - - if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) { - /* -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -index 626ed1f..68e8ec4 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -@@ -131,6 +131,7 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - CHECK_LDAP_HANDLE(ldap_context); - - if (is_principal_in_realm(ldap_context, searchfor) != 0) { -+ st = KRB5_KDB_NOENTRY; - *more = 0; - krb5_set_error_message (context, st, "Principal does not belong to realm"); - goto cleanup; -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c -index 020c77a..24b9493 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c -@@ -150,15 +150,25 @@ krb5_ldap_lockout_audit(krb5_context context, - return 0; - } - -+ if (entry == NULL) -+ return 0; -+ - code = lookup_lockout_policy(context, entry, &max_fail, - &failcnt_interval, - &lockout_duration); - if (code != 0) - return code; - -- entry->mask = 0; -+ /* -+ * Don't continue to modify the DB for an already locked account. -+ * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and -+ * this check is unneeded, but in rare cases, we can fail with an -+ * integrity error or preauth failure before a policy check.) -+ */ -+ if (locked_check_p(context, stamp, max_fail, lockout_duration, entry)) -+ return 0; - -- assert (!locked_check_p(context, stamp, max_fail, lockout_duration, entry)); -+ entry->mask = 0; - - if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) { - /* diff --git a/app-crypt/mit-krb5/files/CVE-2010-1322.patch b/app-crypt/mit-krb5/files/CVE-2010-1322.patch deleted file mode 100644 index 0de12e62f3e1..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2010-1322.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c -index b5de64d..cc44e29 100644 ---- a/src/kdc/kdc_authdata.c -+++ b/src/kdc/kdc_authdata.c -@@ -495,7 +495,7 @@ merge_authdata (krb5_context context, - krb5_boolean copy, - krb5_boolean ignore_kdc_issued) - { -- size_t i, nadata = 0; -+ size_t i, j, nadata = 0; - krb5_authdata **authdata = *out_authdata; - - if (in_authdata == NULL || in_authdata[0] == NULL) -@@ -529,16 +529,16 @@ merge_authdata (krb5_context context, - in_authdata = tmp; - } - -- for (i = 0; in_authdata[i] != NULL; i++) { -+ for (i = 0, j = 0; in_authdata[i] != NULL; i++) { - if (ignore_kdc_issued && - is_kdc_issued_authdatum(context, in_authdata[i], 0)) { - free(in_authdata[i]->contents); - free(in_authdata[i]); - } else -- authdata[nadata + i] = in_authdata[i]; -+ authdata[nadata + j++] = in_authdata[i]; - } - -- authdata[nadata + i] = NULL; -+ authdata[nadata + j] = NULL; - - free(in_authdata); - diff --git a/app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch b/app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch deleted file mode 100644 index b1c3793b9ffb..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch +++ /dev/null @@ -1,202 +0,0 @@ -Index: krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c -=================================================================== ---- krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c (revision 24455) -+++ krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c (working copy) -@@ -691,8 +691,7 @@ - krb5_reply_key_pack *key_pack = NULL; - krb5_reply_key_pack_draft9 *key_pack9 = NULL; - krb5_data *encoded_key_pack = NULL; -- unsigned int num_types; -- krb5_cksumtype *cksum_types = NULL; -+ krb5_cksumtype cksum_type; - - pkinit_kdc_context plgctx; - pkinit_kdc_req_context reqctx; -@@ -882,14 +881,25 @@ - retval = ENOMEM; - goto cleanup; - } -- /* retrieve checksums for a given enctype of the reply key */ -- retval = krb5_c_keyed_checksum_types(context, -- encrypting_key->enctype, &num_types, &cksum_types); -- if (retval) -- goto cleanup; - -- /* pick the first of acceptable enctypes for the checksum */ -- retval = krb5_c_make_checksum(context, cksum_types[0], -+ switch (encrypting_key->enctype) { -+ case ENCTYPE_DES_CBC_MD4: -+ cksum_type = CKSUMTYPE_RSA_MD4_DES; -+ break; -+ case ENCTYPE_DES_CBC_MD5: -+ case ENCTYPE_DES_CBC_CRC: -+ cksum_type = CKSUMTYPE_RSA_MD5_DES; -+ break; -+ default: -+ retval = krb5int_c_mandatory_cksumtype(context, -+ encrypting_key->enctype, -+ &cksum_type); -+ if (retval) -+ goto cleanup; -+ break; -+ } -+ -+ retval = krb5_c_make_checksum(context, cksum_type, - encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, - req_pkt, &key_pack->asChecksum); - if (retval) { -@@ -1033,7 +1043,6 @@ - krb5_free_data(context, encoded_key_pack); - free(dh_pubkey); - free(server_key); -- free(cksum_types); - - switch ((int)padata->pa_type) { - case KRB5_PADATA_PK_AS_REQ: -Index: krb5-1.8/src/lib/crypto/krb/cksumtypes.c -=================================================================== ---- krb5-1.8/src/lib/crypto/krb/cksumtypes.c (revision 24455) -+++ krb5-1.8/src/lib/crypto/krb/cksumtypes.c (working copy) -@@ -101,7 +101,7 @@ - - { CKSUMTYPE_MD5_HMAC_ARCFOUR, - "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC", -- NULL, &krb5int_hash_md5, -+ &krb5int_enc_arcfour, &krb5int_hash_md5, - krb5int_hmacmd5_checksum, NULL, - 16, 16, 0 }, - }; -Index: krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c -=================================================================== ---- krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c (revision 24455) -+++ krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c (working copy) -@@ -35,6 +35,13 @@ - { - if (ctp->flags & CKSUM_UNKEYED) - return FALSE; -+ /* Stream ciphers do not play well with RFC 3961 key derivation, so be -+ * conservative with RC4. */ -+ if ((ktp->etype == ENCTYPE_ARCFOUR_HMAC || -+ ktp->etype == ENCTYPE_ARCFOUR_HMAC_EXP) && -+ ctp->ctype != CKSUMTYPE_HMAC_MD5_ARCFOUR && -+ ctp->ctype != CKSUMTYPE_MD5_HMAC_ARCFOUR) -+ return FALSE; - return (!ctp->enc || ktp->enc == ctp->enc); - } - -Index: krb5-1.8/src/lib/crypto/krb/dk/derive.c -=================================================================== ---- krb5-1.8/src/lib/crypto/krb/dk/derive.c (revision 24455) -+++ krb5-1.8/src/lib/crypto/krb/dk/derive.c (working copy) -@@ -91,6 +91,8 @@ - blocksize = enc->block_size; - keybytes = enc->keybytes; - -+ if (blocksize == 1) -+ return KRB5_BAD_ENCTYPE; - if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) - return KRB5_CRYPTO_INTERNAL; - -Index: krb5-1.8/src/lib/gssapi/krb5/util_crypt.c -=================================================================== ---- krb5-1.8/src/lib/gssapi/krb5/util_crypt.c (revision 24455) -+++ krb5-1.8/src/lib/gssapi/krb5/util_crypt.c (working copy) -@@ -119,10 +119,22 @@ - if (code != 0) - return code; - -- code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype, -- cksumtype); -- if (code != 0) -- return code; -+ switch (subkey->keyblock.enctype) { -+ case ENCTYPE_DES_CBC_MD4: -+ *cksumtype = CKSUMTYPE_RSA_MD4_DES; -+ break; -+ case ENCTYPE_DES_CBC_MD5: -+ case ENCTYPE_DES_CBC_CRC: -+ *cksumtype = CKSUMTYPE_RSA_MD5_DES; -+ break; -+ default: -+ code = (*kaccess.mandatory_cksumtype)(context, -+ subkey->keyblock.enctype, -+ cksumtype); -+ if (code != 0) -+ return code; -+ break; -+ } - - switch (subkey->keyblock.enctype) { - case ENCTYPE_DES_CBC_MD5: -Index: krb5-1.8/src/lib/krb5/krb/pac.c -=================================================================== ---- krb5-1.8/src/lib/krb5/krb/pac.c (revision 24455) -+++ krb5-1.8/src/lib/krb5/krb/pac.c (working copy) -@@ -582,6 +582,8 @@ - checksum.checksum_type = load_32_le(p); - checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH; - checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH; -+ if (!krb5_c_is_keyed_cksum(checksum.checksum_type)) -+ return KRB5KRB_AP_ERR_INAPP_CKSUM; - - pac_data.length = pac->data.length; - pac_data.data = malloc(pac->data.length); -Index: krb5-1.8/src/lib/krb5/krb/preauth2.c -=================================================================== ---- krb5-1.8/src/lib/krb5/krb/preauth2.c (revision 24455) -+++ krb5-1.8/src/lib/krb5/krb/preauth2.c (working copy) -@@ -1578,7 +1578,9 @@ - - cksum = sc2->sam_cksum; - -- while (*cksum) { -+ for (; *cksum; cksum++) { -+ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type)) -+ continue; - /* Check this cksum */ - retval = krb5_c_verify_checksum(context, as_key, - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, -@@ -1592,7 +1594,6 @@ - } - if (valid_cksum) - break; -- cksum++; - } - - if (!valid_cksum) { -Index: krb5-1.8/src/lib/krb5/krb/mk_safe.c -=================================================================== ---- krb5-1.8/src/lib/krb5/krb/mk_safe.c (revision 24455) -+++ krb5-1.8/src/lib/krb5/krb/mk_safe.c (working copy) -@@ -215,10 +215,28 @@ - for (i = 0; i < nsumtypes; i++) - if (auth_context->safe_cksumtype == sumtypes[i]) - break; -- if (i == nsumtypes) -- i = 0; -- sumtype = sumtypes[i]; - krb5_free_cksumtypes (context, sumtypes); -+ if (i < nsumtypes) -+ sumtype = auth_context->safe_cksumtype; -+ else { -+ switch (enctype) { -+ case ENCTYPE_DES_CBC_MD4: -+ sumtype = CKSUMTYPE_RSA_MD4_DES; -+ break; -+ case ENCTYPE_DES_CBC_MD5: -+ case ENCTYPE_DES_CBC_CRC: -+ sumtype = CKSUMTYPE_RSA_MD5_DES; -+ break; -+ default: -+ retval = krb5int_c_mandatory_cksumtype(context, enctype, -+ &sumtype); -+ if (retval) { -+ CLEANUP_DONE(); -+ goto error; -+ } -+ break; -+ } -+ } - } - if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata, - plocal_fulladdr, premote_fulladdr, diff --git a/app-crypt/mit-krb5/files/CVE-2010-4022.patch b/app-crypt/mit-krb5/files/CVE-2010-4022.patch deleted file mode 100644 index 30ebf9638f4e..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2010-4022.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up krb5/src/slave/kpropd.c krb5/src/slave/kpropd.c ---- krb5/src/slave/kpropd.c 2010-12-17 11:14:26.000000000 -0500 -+++ krb5/src/slave/kpropd.c 2010-12-17 11:41:19.000000000 -0500 -@@ -404,11 +404,11 @@ retry: - } - - close(s); -- if (iproprole == IPROP_SLAVE) -+ if (iproprole == IPROP_SLAVE) { - close(finet); -- -- if ((ret = WEXITSTATUS(status)) != 0) -- return (ret); -+ if ((ret = WEXITSTATUS(status)) != 0) -+ return (ret); -+ } - } - if (iproprole == IPROP_SLAVE) - break; diff --git a/app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch b/app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch deleted file mode 100644 index e4623e910fa1..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch +++ /dev/null @@ -1,126 +0,0 @@ -diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c -index 63ff3b3..b4a90bb 100644 ---- a/src/kdc/dispatch.c -+++ b/src/kdc/dispatch.c -@@ -115,7 +115,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from, - kdc_insert_lookaside(pkt, *response); - #endif - -- if (is_tcp == 0 && (*response)->length > max_dgram_reply_size) { -+ if (is_tcp == 0 && *response != NULL && -+ (*response)->length > max_dgram_reply_size) { - too_big_for_udp: - krb5_free_data(kdc_context, *response); - retval = make_too_big_error(response); -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -index d677bb2..a356907 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er - #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) - - #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \ -- do { \ -- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ -- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ -- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ -- if (ldap_server_handle) \ -- ld = ldap_server_handle->ldap_handle; \ -- } \ -- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ -+ tempst = 0; \ -+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \ -+ NULL, &timelimit, LDAP_NO_LIMIT, &result); \ -+ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ -+ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ -+ if (ldap_server_handle) \ -+ ld = ldap_server_handle->ldap_handle; \ -+ if (tempst == 0) \ -+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \ -+ NULL, NULL, &timelimit, \ -+ LDAP_NO_LIMIT, &result); \ -+ } \ - \ - if (status_check != IGNORE_STATUS) { \ - if (tempst != 0) { \ -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -index 82b0333..84e80ee 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context, - { - krb5_ldap_server_handle *handle = *ldap_server_handle; - -+ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); - if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) - || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) - return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index 86fa4d1..0f49c86 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -@@ -487,12 +487,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context, - * portion, then the first portion of the principal name SHOULD be - * "krbtgt". All this check is done in the immediate block. - */ -- if (searchfor->length == 2) -- if ((strncasecmp(searchfor->data[0].data, "krbtgt", -- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && -- (strncasecmp(searchfor->data[1].data, defrealm, -- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) -+ if (searchfor->length == 2) { -+ if (data_eq_string(searchfor->data[0], "krbtgt") && -+ data_eq_string(searchfor->data[1], defrealm)) - return 0; -+ } - - /* first check the length, if they are not equal, then they are not same */ - if (strlen(defrealm) != searchfor->realm.length) -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -index 140db1a..552e39a 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -@@ -78,10 +78,10 @@ krb5_error_code - krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - unsigned int flags, krb5_db_entry **entry_ptr) - { -- char *user=NULL, *filter=NULL, **subtree=NULL; -+ char *user=NULL, *filter=NULL, *filtuser=NULL; - unsigned int tree=0, ntrees=1, princlen=0; - krb5_error_code tempst=0, st=0; -- char **values=NULL, *cname=NULL; -+ char **values=NULL, **subtree=NULL, *cname=NULL; - LDAP *ld=NULL; - LDAPMessage *result=NULL, *ent=NULL; - krb5_ldap_context *ldap_context=NULL; -@@ -115,12 +115,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - if ((st=krb5_ldap_unparse_principal_name(user)) != 0) - goto cleanup; - -- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ -+ filtuser = ldap_filter_correct(user); -+ if (filtuser == NULL) { -+ st = ENOMEM; -+ goto cleanup; -+ } -+ -+ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */ - if ((filter = malloc(princlen)) == NULL) { - st = ENOMEM; - goto cleanup; - } -- snprintf(filter, princlen, FILTER"%s))", user); -+ snprintf(filter, princlen, FILTER"%s))", filtuser); - - if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) - goto cleanup; -@@ -207,6 +213,9 @@ cleanup: - if (user) - free(user); - -+ if (filtuser) -+ free(filtuser); -+ - if (cname) - free(cname); - diff --git a/app-crypt/mit-krb5/files/CVE-2011-0284.patch b/app-crypt/mit-krb5/files/CVE-2011-0284.patch deleted file mode 100644 index c977275687af..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2011-0284.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c -index 46b5fa1..464cb6e 100644 ---- a/src/kdc/do_as_req.c -+++ b/src/kdc/do_as_req.c -@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, - pad->contents = td[size]->data; - pad->length = td[size]->length; - pa[size] = pad; -+ td[size]->data = NULL; -+ td[size]->length = 0; - } - krb5_free_typed_data(kdc_context, td); - } diff --git a/app-crypt/mit-krb5/files/CVE-2011-0285.patch b/app-crypt/mit-krb5/files/CVE-2011-0285.patch deleted file mode 100644 index 61039113f97c..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2011-0285.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c -index 1124445..0056885 100644 ---- a/src/kadmin/server/schpw.c -+++ b/src/kadmin/server/schpw.c -@@ -52,6 +52,7 @@ process_chpw_request(context, server_handle, realm, keytab, - - ret = 0; - rep->length = 0; -+ rep->data = NULL; - - auth_context = NULL; - changepw = NULL; -@@ -76,8 +77,13 @@ process_chpw_request(context, server_handle, realm, keytab, - plen = (*ptr++ & 0xff); - plen = (plen<<8) | (*ptr++ & 0xff); - -- if (plen != req->length) -- return(KRB5KRB_AP_ERR_MODIFIED); -+ if (plen != req->length) { -+ ret = KRB5KRB_AP_ERR_MODIFIED; -+ numresult = KRB5_KPASSWD_MALFORMED; -+ strlcpy(strresult, "Request length was inconsistent", -+ sizeof(strresult)); -+ goto chpwfail; -+ } - - /* verify version number */ - -@@ -531,6 +537,10 @@ cleanup: - if (local_kaddrs != NULL) - krb5_free_addresses(server_handle->context, local_kaddrs); - -+ if ((*response)->data == NULL) { -+ free(*response); -+ *response = NULL; -+ } - krb5_kt_close(server_handle->context, kt); - - return ret; diff --git a/app-crypt/mit-krb5/files/CVE-2011-1530.patch b/app-crypt/mit-krb5/files/CVE-2011-1530.patch deleted file mode 100644 index 336a4ad3172a..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2011-1530.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in -index f46cad3..102fbaa 100644 ---- a/src/kdc/Makefile.in -+++ b/src/kdc/Makefile.in -@@ -67,6 +67,7 @@ check-unix:: rtest - - check-pytests:: - $(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS) -+ $(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS) - - install:: - $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc -diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c -index c169c54..840a2ef 100644 ---- a/src/kdc/do_tgs_req.c -+++ b/src/kdc/do_tgs_req.c -@@ -243,7 +243,8 @@ tgt_again: - if (!tgs_1 || !data_eq(*server_1, *tgs_1)) { - errcode = find_alternate_tgs(request, &server); - firstpass = 0; -- goto tgt_again; -+ if (errcode == 0) -+ goto tgt_again; - } - } - status = "UNKNOWN_SERVER"; -diff --git a/src/kdc/t_emptytgt.py b/src/kdc/t_emptytgt.py -new file mode 100644 -index 0000000..1760bcd ---- /dev/null -+++ b/src/kdc/t_emptytgt.py -@@ -0,0 +1,8 @@ -+#!/usr/bin/python -+from k5test import * -+ -+realm = K5Realm(start_kadmind=False, create_host=False) -+output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1) -+if 'not found in Kerberos database' not in output: -+ fail('TGT lookup for empty realm failed in unexpected way') -+success('Empty tgt lookup.') diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.10_uninitialized.patch b/app-crypt/mit-krb5/files/mit-krb5-1.10_uninitialized.patch deleted file mode 100644 index b8ead2765c05..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-1.10_uninitialized.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/tests/asn.1/trval.c b/tests/asn.1/trval.c -index 780d60c..ffd66ac 100644 ---- a/tests/asn.1/trval.c -+++ b/tests/asn.1/trval.c -@@ -176,7 +176,7 @@ int trval2(fp, enc, len, lev, rlen) - int lev; - int *rlen; - { -- int l, eid, elen, xlen, r, rlen2; -+ int l, eid, elen, xlen, r, rlen2 = 0; - int rlen_ext = 0; - - r = OK; diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch b/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch deleted file mode 100644 index 5e0da20c882c..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -index 1ca09b4..60caf3d 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er - #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) - - #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \ -- do { \ -- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ -- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ -- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ -- if (ldap_server_handle) \ -- ld = ldap_server_handle->ldap_handle; \ -- } \ -- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ -+ tempst = 0; \ -+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \ -+ NULL, &timelimit, LDAP_NO_LIMIT, &result); \ -+ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ -+ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ -+ if (ldap_server_handle) \ -+ ld = ldap_server_handle->ldap_handle; \ -+ if (tempst == 0) \ -+ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \ -+ NULL, NULL, &timelimit, \ -+ LDAP_NO_LIMIT, &result); \ -+ } \ - \ - if (status_check != IGNORE_STATUS) { \ - if (tempst != 0) { \ -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -index 82b0333..84e80ee 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c -@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context, - { - krb5_ldap_server_handle *handle = *ldap_server_handle; - -+ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); - if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) - || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) - return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index f549e23..b70940f 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -@@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context, - * portion, then the first portion of the principal name SHOULD be - * "krbtgt". All this check is done in the immediate block. - */ -- if (searchfor->length == 2) -- if ((strncasecmp(searchfor->data[0].data, "krbtgt", -- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && -- (strncasecmp(searchfor->data[1].data, defrealm, -- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) -+ if (searchfor->length == 2) { -+ if (data_eq_string(searchfor->data[0], "krbtgt") && -+ data_eq_string(searchfor->data[1], defrealm)) - return 0; -+ } - - /* first check the length, if they are not equal, then they are not same */ - if (strlen(defrealm) != searchfor->realm.length) -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -index 7ad31da..626ed1f 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -@@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - unsigned int flags, krb5_db_entry *entries, - int *nentries, krb5_boolean *more) - { -- char *user=NULL, *filter=NULL, **subtree=NULL; -+ char *user=NULL, *filter=NULL, *filtuser=NULL; - unsigned int tree=0, ntrees=1, princlen=0; - krb5_error_code tempst=0, st=0; -- char **values=NULL, *cname=NULL; -+ char **values=NULL, **subtree=NULL, *cname=NULL; - LDAP *ld=NULL; - LDAPMessage *result=NULL, *ent=NULL; - krb5_ldap_context *ldap_context=NULL; -@@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, - if ((st=krb5_ldap_unparse_principal_name(user)) != 0) - goto cleanup; - -- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ -+ filtuser = ldap_filter_correct(user); -+ if (filtuser == NULL) { -+ st = ENOMEM; -+ goto cleanup; -+ } -+ -+ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */ - if ((filter = malloc(princlen)) == NULL) { - st = ENOMEM; - goto cleanup; - } -- snprintf(filter, princlen, FILTER"%s))", user); -+ snprintf(filter, princlen, FILTER"%s))", filtuser); - - if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) - goto cleanup; -@@ -231,6 +237,9 @@ cleanup: - if (user) - free(user); - -+ if (filtuser) -+ free(filtuser); -+ - if (cname) - free(cname); - diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0285.patch b/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0285.patch deleted file mode 100644 index 43daa9b50f2a..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0285.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c -index c8ce4f1..bb911ff 100644 ---- a/src/kadmin/server/network.c -+++ b/src/kadmin/server/network.c -@@ -1384,6 +1384,10 @@ cleanup: - if (local_kaddrs != NULL) - krb5_free_addresses(server_handle->context, local_kaddrs); - -+ if ((*response)->data == NULL) { -+ free(*response); -+ *response = NULL; -+ } - krb5_kt_close(server_handle->context, kt); - - return ret; -diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c -index c1b2217..992b55f 100644 ---- a/src/kadmin/server/schpw.c -+++ b/src/kadmin/server/schpw.c -@@ -74,8 +74,13 @@ process_chpw_request(context, server_handle, realm, keytab, - plen = (*ptr++ & 0xff); - plen = (plen<<8) | (*ptr++ & 0xff); - -- if (plen != req->length) -- return(KRB5KRB_AP_ERR_MODIFIED); -+ if (plen != req->length) { -+ ret = KRB5KRB_AP_ERR_MODIFIED; -+ numresult = KRB5_KPASSWD_MALFORMED; -+ strlcpy(strresult, "Request length was inconsistent", -+ sizeof(strresult)); -+ goto chpwfail; -+ } - - /* verify version number */ - diff --git a/app-crypt/mit-krb5/files/mit-krb5-kprop_exit_on_error.patch b/app-crypt/mit-krb5/files/mit-krb5-kprop_exit_on_error.patch deleted file mode 100644 index c2fb7aa008b5..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-kprop_exit_on_error.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://krbdev.mit.edu/rt/Ticket/Display.html?id=7000 - -Index: trunk/src/kadmin/server/ipropd_svc.c -=================================================================== -diff -u -N -r24961 -r25433 ---- trunk/src/kadmin/server/ipropd_svc.c (.../ipropd_svc.c) (revision 24961) -+++ trunk/src/kadmin/server/ipropd_svc.c (.../ipropd_svc.c) (revision 25433) -@@ -380,7 +380,7 @@ - _("%s: pclose(popen) failed: %s"), - whoami, - error_message(errno)); -- goto out; -+ _exit(1); - } - - DPRINT(("%s: exec `kprop -f %s %s' ...\n", -@@ -401,7 +401,7 @@ - _("%s: exec failed: %s"), - whoami, - error_message(errno)); -- goto out; -+ _exit(1); - } - - default: /* parent */ diff --git a/app-crypt/mit-krb5/files/mit-krb5_testsuite.patch b/app-crypt/mit-krb5/files/mit-krb5_testsuite.patch deleted file mode 100644 index a91136aafbc5..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5_testsuite.patch +++ /dev/null @@ -1,93 +0,0 @@ ---- a/src/tests/dejagnu/config/default.exp 2010-04-21 01:37:22.000000000 +0300 -+++ b/src/tests/dejagnu/config/default.exp 2010-11-24 16:51:53.000000000 +0200 -@@ -1619,7 +1619,7 @@ - set spawnid $spawn_id - set pid [exp_pid] - -- set markstr "===MARK $pid [clock format [clock seconds]] ===" -+ set markstr "===MARK $pid [clock seconds] ===" - puts $f $markstr - flush $f - ---- a/src/tests/dejagnu/krb-standalone/gssapi.exp 2009-06-11 20:27:45.000000000 +0300 -+++ b/src/tests/dejagnu/krb-standalone/gssapi.exp 2010-11-24 16:52:21.000000000 +0200 -@@ -182,7 +182,7 @@ - } - } - catch "expect_after" -- if ![check_exit_status $test] { -+ if { [check_exit_status $test] == 0 } { - # check_exit_staus already calls fail for us - return - } -@@ -209,59 +209,59 @@ - global portbase - - # Start up the kerberos and kadmind daemons. -- if ![start_kerberos_daemons 0] { -+ if { [start_kerberos_daemons 0] == 0 } { - perror "failed to start kerberos daemons" - } - - # Use kadmin to add a key for us. -- if ![add_kerberos_key gsstest0 0] { -+ if { [add_kerberos_key gsstest0 0] == 0 } { - perror "failed to set up gsstest0 key" - } - - # Use kadmin to add a key for us. -- if ![add_kerberos_key gsstest1 0] { -+ if { [add_kerberos_key gsstest1 0] ==0 } { - perror "failed to set up gsstest1 key" - } - - # Use kadmin to add a key for us. -- if ![add_kerberos_key gsstest2 0] { -+ if { [add_kerberos_key gsstest2 0] == 0 } { - perror "failed to set up gsstest2 key" - } - - # Use kadmin to add a key for us. -- if ![add_kerberos_key gsstest3 0] { -+ if { [add_kerberos_key gsstest3 0] == 0 } { - perror "failed to set up gsstest3 key" - } - - # Use kadmin to add a service key for us. -- if ![add_random_key gssservice/$hostname 0] { -+ if { [add_random_key gssservice/$hostname 0] == 0 } { - perror "failed to set up gssservice/$hostname key" - } - - # Use kdb5_edit to create a srvtab entry for gssservice -- if ![setup_srvtab 0 gssservice] { -+ if { [setup_srvtab 0 gssservice] == 0 } { - perror "failed to set up gssservice srvtab" - } - - catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3" - - # Use kinit to get a ticket. -- if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] { -+ if { [our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] == 0 } { - perror "failed to kinit gsstest0" - } - - # Use kinit to get a ticket. -- if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] { -+ if { [our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] == 0 } { - perror "failed to kinit gsstest1" - } - - # Use kinit to get a ticket. -- if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] { -+ if { [our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] == 0 } { - perror "failed to kinit gsstest2" - } - - # Use kinit to get a ticket. -- if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] { -+ if { [our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] == 0 } { - perror "failed to kinit gsstest3" - } - |