diff options
author | Eray Aslan <eras@gentoo.org> | 2013-03-25 08:51:50 +0000 |
---|---|---|
committer | Eray Aslan <eras@gentoo.org> | 2013-03-25 08:51:50 +0000 |
commit | 8806db1a67edd076b3822df3a178397e66d8b4f3 (patch) | |
tree | be17f44d6a77de9b7013875ca93e8b8657749948 | |
parent | Stabilise 0.7.1 on amd64 x86 and ppc. Not removing older due to binpkg. (diff) | |
download | gentoo-2-8806db1a67edd076b3822df3a178397e66d8b4f3.tar.gz gentoo-2-8806db1a67edd076b3822df3a178397e66d8b4f3.tar.bz2 gentoo-2-8806db1a67edd076b3822df3a178397e66d8b4f3.zip |
Remove vulnerable version
(Portage version: 2.2.0_alpha169/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)
-rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 7 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/CVE-2012-1015.patch | 40 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5kadmind.initd | 24 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5kdc.initd | 24 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5kpropd.initd | 25 | ||||
-rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.9.4-r1.ebuild | 120 |
6 files changed, 6 insertions, 234 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index ca7c1c15ae1c..a725f6484167 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.363 2013/03/06 10:23:33 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.364 2013/03/25 08:51:50 eras Exp $ + + 25 Mar 2013; Eray Aslan <eras@gentoo.org> -files/CVE-2012-1015.patch, + -files/mit-krb5kadmind.initd, -files/mit-krb5kdc.initd, + -files/mit-krb5kpropd.initd, -mit-krb5-1.9.4-r1.ebuild: + Remove vulnerable version 06 Mar 2013; Agostino Sarubbo <ago@gentoo.org> mit-krb5-1.11.1.ebuild: Stable for sh, wrt bug #458712 diff --git a/app-crypt/mit-krb5/files/CVE-2012-1015.patch b/app-crypt/mit-krb5/files/CVE-2012-1015.patch deleted file mode 100644 index 60f2b38a2ffa..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2012-1015.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c -index 9d8cb34..d4ece3f 100644 ---- a/src/kdc/kdc_preauth.c -+++ b/src/kdc/kdc_preauth.c -@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request, - continue; - - } -- if (request_contains_enctype(context, request, db_etype)) { -+ if (krb5_is_permitted_enctype(context, db_etype) && -+ request_contains_enctype(context, request, db_etype)) { - retval = _make_etype_info_entry(context, client->princ, - client_key, db_etype, - &entry[i], etype_info2); -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index a43b291..94dad3a 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request, - return 0; - pa.magic = KV5M_PA_DATA; - pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP; -+ memset(&checksum, 0, sizeof(checksum)); - retval = krb5_c_make_checksum(kdc_context,0, reply_key, - KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum); - if (retval != 0) -diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c -index c4bf92e..367c894 100644 ---- a/src/lib/kdb/kdb_default.c -+++ b/src/lib/kdb/kdb_default.c -@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) - krb5_boolean saw_non_permitted = FALSE; - - ret = 0; -+ if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype)) -+ return KRB5_KDB_NO_PERMITTED_KEY; -+ - if (kvno == -1 && stype == -1 && ktype == -1) - kvno = 0; - diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd b/app-crypt/mit-krb5/files/mit-krb5kadmind.initd deleted file mode 100644 index 75d411c2cada..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 Admin daemon -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 Admin daemon" -exec="/usr/sbin/kadmind" - -depend() { - need net mit-krb5kdc -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.initd b/app-crypt/mit-krb5/files/mit-krb5kdc.initd deleted file mode 100644 index d0ab859dac4b..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5kdc.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 KDC -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 KDC" -exec="/usr/sbin/krb5kdc" - -depend() { - need net -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.initd b/app-crypt/mit-krb5/files/mit-krb5kpropd.initd deleted file mode 100644 index 76841da840b2..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5kpropd.initd +++ /dev/null @@ -1,25 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 kpropd -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 kpropd" -exec="/usr/sbin/kpropd" - -depend() { - need net - use mit-krb5kdc mit-krb5kadmind -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} -- -S 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} diff --git a/app-crypt/mit-krb5/mit-krb5-1.9.4-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.9.4-r1.ebuild deleted file mode 100644 index 5bbee0ae56c8..000000000000 --- a/app-crypt/mit-krb5/mit-krb5-1.9.4-r1.ebuild +++ /dev/null @@ -1,120 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.9.4-r1.ebuild,v 1.9 2012/12/16 19:38:25 ulm Exp $ - -EAPI=4 -inherit eutils flag-o-matic versionator - -MY_P="${P/mit-}" -P_DIR=$(get_version_component_range 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="http://web.mit.edu/kerberos/www/" -SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" - -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" -IUSE="doc +keyutils openldap +pkinit +threads test xinetd" - -RDEPEND="!!app-crypt/heimdal - >=sys-libs/e2fsprogs-libs-1.41.0 - keyutils? ( sys-apps/keyutils ) - openldap? ( net-nds/openldap ) - pkinit? ( dev-libs/openssl ) - xinetd? ( sys-apps/xinetd )" -DEPEND="${RDEPEND} - virtual/yacc - doc? ( virtual/latex-base ) - test? ( dev-lang/tcl - dev-lang/python - dev-util/dejagnu )" - -S=${WORKDIR}/${MY_P}/src - -src_unpack() { - unpack ${A} - unpack ./"${MY_P}".tar.gz -} - -src_prepare() { - epatch "${FILESDIR}"/CVE-2012-1015.patch -} - -src_configure() { - # QA - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - use keyutils || export ac_cv_header_keyutils_h=no - econf \ - $(use_with openldap ldap) \ - "$(use_with test tcl "${EPREFIX}/usr")" \ - $(use_enable pkinit) \ - $(use_enable threads thread-support) \ - --without-hesiod \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --enable-dns-for-realm \ - --enable-kdc-lookaside-cache \ - --disable-rpath -} - -src_compile() { - emake -j1 - - if use doc ; then - cd ../doc - for dir in api implement ; do - emake -C "${dir}" || die "doc emake failed" - done - fi -} - -src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ - install - - # default database dir - keepdir /var/lib/krb5kdc - - cd .. - dodoc NOTICE README - dodoc doc/*.{ps,txt} - doinfo doc/*.info* - dohtml -r doc/*.html - - # die if we cannot respect a USE flag - if use doc ; then - dodoc doc/{api,implement}/*.ps - fi - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc - newinitd "${FILESDIR}"/mit-krb5kpropd.initd mit-krb5kpropd - - insinto /etc - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - insinto /var/lib/krb5kdc - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - if use openldap ; then - insinto /etc/openldap/schema - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" - fi - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/kpropd.xinetd" kpropd - fi -} - -pkg_preinst() { - if has_version "<${CATEGORY}/${PN}-1.8.0" ; then - elog "MIT split the Kerberos applications from the base Kerberos" - elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," - elog "ftp clients and telnet, ftp deamons now live in" - elog "\"app-crypt/mit-krb5-appl\" package." - fi -} |