head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.8
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.6
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.4
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.05.20.14.21.23;	author tez;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.05.20.14.21.23;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.05.20.22.23.50;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-bx,v 1.1 2010/05/20 14:21:23 tez Exp $
fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt

--- lib/gssapi/krb5/accept_sec_context.c.orig	2010-05-20 07:13:48.258046700 -0500
+++ lib/gssapi/krb5/accept_sec_context.c	2010-05-20 07:16:20.228175200 -0500
@@@@ -423,6 +423,13 @@@@
    }
 #endif
 
+   if (authdat->checksum == NULL) {
+      /* missing checksum counts as "inappropriate type" */
+      code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+      major_status = GSS_S_FAILURE;
+      goto fail;
+    }
+
    {
        /* gss krb5 v1 */
 
@


1.1
log
@fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-bx was added on branch pkgsrc-2010Q1 on 2010-05-20 22:23:50 +0000
@
text
@d1 19
@


1.1.2.2
log
@Pullup ticket #3127 - requested by tez
security/mit-krb5: security patch

Revisions pulled up:
- security/mit-krb5/Makefile			1.49
- security/mit-krb5/distinfo			1.25
- security/mit-krb5/patches/patch-bx		1.1
---
Module Name:    pkgsrc
Committed By:   tez
Date:           Thu May 20 14:21:23 UTC 2010

Modified Files:
        pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
        pkgsrc/security/mit-krb5/patches: patch-bx

Log Message:
fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership
@
text
@a0 19
$NetBSD: patch-bx,v 1.1 2010/05/20 14:21:23 tez Exp $
fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt

--- lib/gssapi/krb5/accept_sec_context.c.orig	2010-05-20 07:13:48.258046700 -0500
+++ lib/gssapi/krb5/accept_sec_context.c	2010-05-20 07:16:20.228175200 -0500
@@@@ -423,6 +423,13 @@@@
    }
 #endif
 
+   if (authdat->checksum == NULL) {
+      /* missing checksum counts as "inappropriate type" */
+      code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+      major_status = GSS_S_FAILURE;
+      goto fail;
+    }
+
    {
        /* gss krb5 v1 */
 
@