head	1.2;
access;
symbols
	pkgsrc-2015Q4:1.1.0.12
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.10
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.8
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.6
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.4
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.2
	pkgsrc-2014Q3-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.03.15.15.16.39;	author tez;	state dead;
branches;
next	1.1;
commitid	vfGyRvS5ID9EDKYy;

1.1
date	2014.08.28.22.23.05;	author tez;	state Exp;
branches;
next	;
commitid	5BjKLCUeJxm9abOx;


desc
@@


1.2
log
@Update to 1.14.1 resolving all reported vulnerabilities including:
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-2698
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
@
text
@$NetBSD: patch-CVE-2014-4343,v 1.1 2014/08/28 22:23:05 tez Exp $

fix for cve-2014-4343 from:
https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f


--- lib/gssapi/spnego/spnego_mech.c
+++ lib/gssapi/spnego/spnego_mech.c
@@@@ -796,7 +796,6 @@@@ init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
 	OM_uint32 tmpmin;
 	size_t i;
 
-	generic_gss_release_oid(&tmpmin, &sc->internal_mech);
 	gss_delete_sec_context(&tmpmin, &sc->ctx_handle,
 			       GSS_C_NO_BUFFER);
 
@


1.1
log
@Add fixes for CVE-2014-4341, CVE-2014-4342 (same patch as CVE-2014-4341)
CVE-2014-4343, CVE-2014-4344 & MITKRB5-SA-2014-001 (CVE-2014-4345).
@
text
@d1 1
a1 1
$NetBSD$
@