diff options
Diffstat (limited to 'core/krb5')
| -rw-r--r-- | core/krb5/CVE-2002-2443.patch | 69 | ||||
| -rw-r--r-- | core/krb5/PKGBUILD | 38 | ||||
| -rw-r--r-- | core/krb5/krb5-1.10.1-gcc47.patch | 11 | ||||
| -rw-r--r-- | core/krb5/krb5-kadmind.service | 2 | ||||
| -rw-r--r-- | core/krb5/krb5-kdc.service | 2 | ||||
| -rw-r--r-- | core/krb5/krb5-kpropd.service | 2 | ||||
| -rw-r--r-- | core/krb5/krb5-kpropd@.service | 2 |
7 files changed, 20 insertions, 106 deletions
diff --git a/core/krb5/CVE-2002-2443.patch b/core/krb5/CVE-2002-2443.patch deleted file mode 100644 index 3ef88155c..000000000 --- a/core/krb5/CVE-2002-2443.patch +++ /dev/null @@ -1,69 +0,0 @@ -From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001 -From: Tom Yu <tlyu@mit.edu> -Date: Fri, 3 May 2013 16:26:46 -0400 -Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443] - -The kpasswd service provided by kadmind was vulnerable to a UDP -"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless -they pass some basic validation, and don't respond to our own error -packets. - -Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong -attack or UDP ping-pong attacks in general, but there is discussion -leading toward narrowing the definition of CVE-1999-0103 to the echo, -chargen, or other similar built-in inetd services. - -Thanks to Vincent Danen for alerting us to this issue. - -CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C - -ticket: 7637 (new) -target_version: 1.11.3 -tags: pullup ---- - src/kadmin/server/schpw.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c -index 15b0ab5..7f455d8 100644 ---- a/src/kadmin/server/schpw.c -+++ b/src/kadmin/server/schpw.c -@@ -52,7 +52,7 @@ - ret = KRB5KRB_AP_ERR_MODIFIED; - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated", sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - ptr = req->data; -@@ -67,7 +67,7 @@ - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request length was inconsistent", - sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - /* verify version number */ -@@ -80,7 +80,7 @@ - numresult = KRB5_KPASSWD_BAD_VERSION; - snprintf(strresult, sizeof(strresult), - "Request contained unknown protocol version number %d", vno); -- goto chpwfail; -+ goto bailout; - } - - /* read, check ap-req length */ -@@ -93,7 +93,7 @@ - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated in AP-REQ", - sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - /* verify ap_req */ --- -1.8.1.6 - diff --git a/core/krb5/PKGBUILD b/core/krb5/PKGBUILD index 6866d9b3b..a18e8d724 100644 --- a/core/krb5/PKGBUILD +++ b/core/krb5/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 188525 2013-06-15 07:57:25Z bpiotrowski $ +# $Id: PKGBUILD 199942 2013-11-20 02:11:51Z eric $ # Maintainer: Stéphane Gaudreault <stephane@archlinux.org> pkgname=krb5 -pkgver=1.11.3 +pkgver=1.11.4 pkgrel=1 pkgdesc="The Kerberos network authentication system" arch=('i686' 'x86_64' 'mips64el') @@ -11,45 +11,39 @@ license=('custom') depends=('e2fsprogs' 'libldap' 'keyutils') makedepends=('perl') backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf') -source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.11/${pkgname}-${pkgver}-signed.tar - CVE-2002-2443.patch +options=('!emptydirs') +source=(http://web.mit.edu/kerberos/dist/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}-signed.tar krb5-config_LDFLAGS.patch krb5-kadmind.service krb5-kdc.service krb5-kpropd.service krb5-kpropd@.service krb5-kpropd.socket) -sha1sums=('df708a530a22ed09c7825742c108180319b10463' - '78ec307c2b5e32481a6da401013c428e0b867f36' +sha1sums=('a432489410efa3ff27ac0ae54f55edeede3ed63f' '09e478cddfb9d46d2981dd25ef96b8c3fd91e1aa' - 'a2a01e7077d9e89cda3457ea0e216debb3dc353c' - 'f5e4fa073e11b0fcb4e3098a5d58a4f791ec841e' - '614401dd4ac18e310153240bb26eb32ff1e8cf5b' - '023a8164f8ee7066ac814486a68bc605e79f6101' + '59bbc7e686cbb4bcefddf0f134d928d7bd5e7722' + '2ef2476a8673b3b702e829d8f451c839c2273b02' + '74d66aefd291f22dd80799f0437cc03d83083ed5' + '6787c6ce2783b3f980c423e2dd4abf5236af670b' 'f3677d30dbbd7106c581379c2c6ebb1bf7738912') -options=('!emptydirs') - -build() { - tar zxvf ${pkgname}-${pkgver}.tar.gz - cd "${srcdir}/${pkgname}-${pkgver}/src" +prepare() { + tar -xf ${pkgname}-${pkgver}.tar.gz + cd ${pkgname}-${pkgver}/src # cf https://bugs.gentoo.org/show_bug.cgi?id=448778 patch -Np2 -i "${srcdir}"/krb5-config_LDFLAGS.patch - # Fix kpasswd UDP ping-pong (CVE-2002-2443) - #patch -Np2 -i "${srcdir}"/CVE-2002-2443.patch - - rm lib/krb5/krb/deltat.c - # FS#25384 sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4 +} +build() { + cd ${pkgname}-${pkgver}/src export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all" export CPPFLAGS+=" -I/usr/include/et" ./configure --prefix=/usr \ --sbindir=/usr/bin \ --sysconfdir=/etc \ - --mandir=/usr/share/man \ --localstatedir=/var/lib \ --enable-shared \ --with-system-et \ @@ -63,7 +57,7 @@ build() { } package() { - cd "${srcdir}/${pkgname}-${pkgver}/src" + cd ${pkgname}-${pkgver}/src make DESTDIR="${pkgdir}" EXAMPLEDIR=/usr/share/doc/${pkgname}/examples install # Fix FS#29889 diff --git a/core/krb5/krb5-1.10.1-gcc47.patch b/core/krb5/krb5-1.10.1-gcc47.patch deleted file mode 100644 index ffd01c2a3..000000000 --- a/core/krb5/krb5-1.10.1-gcc47.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y krb5-1.10.1/src/lib/krb5/krb/x-deltat.y ---- krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y 2011-09-06 07:34:32.000000000 -0400 -+++ krb5-1.10.1/src/lib/krb5/krb/x-deltat.y 2012-03-24 13:15:11.543551318 -0400 -@@ -44,6 +44,7 @@ - #ifdef __GNUC__ - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wuninitialized" -+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" - #endif - - #include <ctype.h> diff --git a/core/krb5/krb5-kadmind.service b/core/krb5/krb5-kadmind.service index f3836c898..4819e0df4 100644 --- a/core/krb5/krb5-kadmind.service +++ b/core/krb5/krb5-kadmind.service @@ -2,7 +2,7 @@ Description=Kerberos 5 administration server [Service] -ExecStart=/usr/sbin/kadmind -nofork +ExecStart=/usr/bin/kadmind -nofork [Install] WantedBy=multi-user.target diff --git a/core/krb5/krb5-kdc.service b/core/krb5/krb5-kdc.service index 6ec93bb72..4918f6000 100644 --- a/core/krb5/krb5-kdc.service +++ b/core/krb5/krb5-kdc.service @@ -2,7 +2,7 @@ Description=Kerberos 5 KDC [Service] -ExecStart=/usr/sbin/krb5kdc -n +ExecStart=/usr/bin/krb5kdc -n Restart=always [Install] diff --git a/core/krb5/krb5-kpropd.service b/core/krb5/krb5-kpropd.service index a7c5b579d..c6c322431 100644 --- a/core/krb5/krb5-kpropd.service +++ b/core/krb5/krb5-kpropd.service @@ -2,7 +2,7 @@ Description=Kerberos 5 propagation server [Service] -ExecStart=/usr/sbin/kpropd -S +ExecStart=/usr/bin/kpropd -S [Install] WantedBy=multi-user.target diff --git a/core/krb5/krb5-kpropd@.service b/core/krb5/krb5-kpropd@.service index 46f7e3639..989270f12 100644 --- a/core/krb5/krb5-kpropd@.service +++ b/core/krb5/krb5-kpropd@.service @@ -3,6 +3,6 @@ Description=Kerberos 5 propagation server Conflicts=krb5-kpropd.service [Service] -ExecStart=/usr/sbin/kpropd +ExecStart=/usr/bin/kpropd StandardInput=socket StandardError=syslog |