Merge branch 'master' of ssh://parabolagnulinux.org:1863/home/parabola/abslibre-pre-mips64el

Conflicts: community/apcupsd/PKGBUILD community/bmp-musepack/PKGBUILD community/bmp-wma/PKGBUILD community/bonnie++/PKGBUILD community/cantata/PKGBUILD community/checkinstall/PKGBUILD community/chrootuid/PKGBUILD community/compiz-bcop/PKGBUILD community/compiz-fusion-plugins-extra/PKGBUILD community/compiz-fusion-plugins-main/PKGBUILD community/compiz/PKGBUILD community/compizconfig-backend-gconf/PKGBUILD community/compizconfig-python/PKGBUILD community/ekg2/PKGBUILD community/emerald/PKGBUILD community/fbgetty/PKGBUILD community/flumotion/PKGBUILD community/leafnode/PKGBUILD community/libcompizconfig/PKGBUILD community/libdnet/PKGBUILD community/libee/PKGBUILD community/libtxc_dxtn/PKGBUILD community/linux-tools/PKGBUILD community/openntpd/PKGBUILD community/osiris/PKGBUILD community/perl-package-stash-xs/PKGBUILD community/perl-params-util/PKGBUILD community/procstatd/PKGBUILD community/scponly/PKGBUILD community/sniffit/PKGBUILD community/synergy/PKGBUILD community/turbojpeg/PKGBUILD community/unbound/PKGBUILD community/uucp/PKGBUILD core/gawk/PKGBUILD core/ifenslave/PKGBUILD core/jfsutils/PKGBUILD core/openldap/PKGBUILD core/rfkill/PKGBUILD core/systemd/PKGBUILD core/wireless_tools/PKGBUILD core/xinetd/PKGBUILD extra/avahi/PKGBUILD extra/calligra/PKGBUILD extra/clutter-gst/PKGBUILD extra/flac/PKGBUILD extra/hddtemp/PKGBUILD extra/libbluray/PKGBUILD extra/libdmx/PKGBUILD extra/libfs/PKGBUILD extra/libjpeg-turbo/PKGBUILD extra/libtiff/PKGBUILD extra/libxau/PKGBUILD extra/libxfixes/PKGBUILD extra/licq/PKGBUILD extra/mariadb/PKGBUILD extra/mesa/PKGBUILD extra/perl-guard/PKGBUILD extra/perl-template-toolkit/PKGBUILD extra/pidgin/PKGBUILD extra/pigeonhole/PKGBUILD extra/poppler/PKGBUILD extra/postgresql/PKGBUILD extra/python-geoip/PKGBUILD extra/python/PKGBUILD extra/samba/PKGBUILD extra/sqlite/PKGBUILD extra/vde2/PKGBUILD extra/vim/PKGBUILD extra/vlc/PKGBUILD extra/wireshark/PKGBUILD extra/xfce4-dict/PKGBUILD libre/libquicktime-libre/PKGBUILD libre/xscreensaver-libre/PKGBUILD
author: Michał Masłowski <mtjm@mtjm.eu> 2013-05-30 11:55:09 +0200
committer: Michał Masłowski <mtjm@mtjm.eu> 2013-05-30 11:55:09 +0200
commit: b0fdec08ea3b6e162b710ca98b0dd56f9ae105eb (patch)
tree: 376cc5751d9a587815d7270caa61070f38832766 /core/krb5
parent: 8abbf69cf497489fb7a0ac3538cb6975285486b7 (diff)
parent: 76ee9007095484a113d1856786b81e2d2fae8202 (diff)
2 files changed, 76 insertions, 2 deletions
diff --git a/core/krb5/CVE-2002-2443.patch b/core/krb5/CVE-2002-2443.patch
new file mode 100644
index 000000000..3ef88155c
--- /dev/null
+++ b/core/krb5/CVE-2002-2443.patch
@@ -0,0 +1,69 @@
+From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001
+From: Tom Yu <tlyu@mit.edu>
+Date: Fri, 3 May 2013 16:26:46 -0400
+Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443]
+
+The kpasswd service provided by kadmind was vulnerable to a UDP
+"ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
+they pass some basic validation, and don't respond to our own error
+packets.
+
+Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
+attack or UDP ping-pong attacks in general, but there is discussion
+leading toward narrowing the definition of CVE-1999-0103 to the echo,
+chargen, or other similar built-in inetd services.
+
+Thanks to Vincent Danen for alerting us to this issue.
+
+CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
+
+ticket: 7637 (new)
+target_version: 1.11.3
+tags: pullup
+---
+ src/kadmin/server/schpw.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
+index 15b0ab5..7f455d8 100644
+--- a/src/kadmin/server/schpw.c
++++ b/src/kadmin/server/schpw.c
+@@ -52,7 +52,7 @@
+         ret = KRB5KRB_AP_ERR_MODIFIED;
+         numresult = KRB5_KPASSWD_MALFORMED;
+         strlcpy(strresult, "Request was truncated", sizeof(strresult));
+-        goto chpwfail;
++        goto bailout;
+     }
+ 
+     ptr = req->data;
+@@ -67,7 +67,7 @@
+         numresult = KRB5_KPASSWD_MALFORMED;
+         strlcpy(strresult, "Request length was inconsistent",
+                 sizeof(strresult));
+-        goto chpwfail;
++        goto bailout;
+     }
+ 
+     /* verify version number */
+@@ -80,7 +80,7 @@
+         numresult = KRB5_KPASSWD_BAD_VERSION;
+         snprintf(strresult, sizeof(strresult),
+                  "Request contained unknown protocol version number %d", vno);
+-        goto chpwfail;
++        goto bailout;
+     }
+ 
+     /* read, check ap-req length */
+@@ -93,7 +93,7 @@
+         numresult = KRB5_KPASSWD_MALFORMED;
+         strlcpy(strresult, "Request was truncated in AP-REQ",
+                 sizeof(strresult));
+-        goto chpwfail;
++        goto bailout;
+     }
+ 
+     /* verify ap_req */
+-- 
+1.8.1.6
+
diff --git a/core/krb5/PKGBUILD b/core/krb5/PKGBUILD
index 4d143920f..d1cc0c166 100644
--- a/core/krb5/PKGBUILD
+++ b/core/krb5/PKGBUILD
@@ -1,9 +1,9 @@
-# $Id: PKGBUILD 185696 2013-05-17 11:13:34Z stephane $
+# $Id: PKGBUILD 186200 2013-05-22 00:37:41Z stephane $
 # Maintainer: Stéphane Gaudreault <stephane@archlinux.org>
 
 pkgname=krb5
 pkgver=1.11.2
-pkgrel=3
+pkgrel=4
 pkgdesc="The Kerberos network authentication system"
 arch=('i686' 'x86_64' 'mips64el')
 url="http://web.mit.edu/kerberos/"
@@ -12,6 +12,7 @@ depends=('e2fsprogs' 'libldap' 'keyutils')
 makedepends=('perl')
 backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf')
 source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.11/${pkgname}-${pkgver}-signed.tar
+        CVE-2002-2443.patch
         krb5-config_LDFLAGS.patch
         krb5-kadmind.service
         krb5-kdc.service
@@ -19,6 +20,7 @@ source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.11/${pkgname}-${pkgver}-si
         krb5-kpropd@.service
         krb5-kpropd.socket)
 sha1sums=('3863f7bdb2d8fc3e50484fb566124373c4b0a250'
+          '78ec307c2b5e32481a6da401013c428e0b867f36'
           '09e478cddfb9d46d2981dd25ef96b8c3fd91e1aa'
           'a2a01e7077d9e89cda3457ea0e216debb3dc353c'
           'f5e4fa073e11b0fcb4e3098a5d58a4f791ec841e'
@@ -34,6 +36,9 @@ build() {
    # cf https://bugs.gentoo.org/show_bug.cgi?id=448778
    patch -Np2 -i "${srcdir}"/krb5-config_LDFLAGS.patch
 
+   # Fix kpasswd UDP ping-pong (CVE-2002-2443)
+   patch -Np2 -i "${srcdir}"/CVE-2002-2443.patch
+
    rm lib/krb5/krb/deltat.c
 
    # FS#25384
author	Michał Masłowski <mtjm@mtjm.eu>	2013-05-30 11:55:09 +0200
committer	Michał Masłowski <mtjm@mtjm.eu>	2013-05-30 11:55:09 +0200
commit	b0fdec08ea3b6e162b710ca98b0dd56f9ae105eb (patch)
tree	376cc5751d9a587815d7270caa61070f38832766 /core/krb5
parent	8abbf69cf497489fb7a0ac3538cb6975285486b7 (diff)
parent	76ee9007095484a113d1856786b81e2d2fae8202 (diff)