From 92bafb5f0efc526b1f83cd5fb9460443c4b13dca Mon Sep 17 00:00:00 2001
From: root <root@rshg054.dnsready.net>
Date: Fri, 3 Aug 2012 00:01:47 +0000
Subject: Fri Aug  3 00:01:47 UTC 2012

---
 core/krb5/MITKRB5-SA-2012-001.patch | 61 +++++++++++++++++++++++++++++++++++++
 core/krb5/PKGBUILD                  | 13 +++++---
 core/wpa_actiond/PKGBUILD           |  6 ++--
 3 files changed, 73 insertions(+), 7 deletions(-)
 create mode 100644 core/krb5/MITKRB5-SA-2012-001.patch

(limited to 'core')

diff --git a/core/krb5/MITKRB5-SA-2012-001.patch b/core/krb5/MITKRB5-SA-2012-001.patch
new file mode 100644
index 000000000..938b56570
--- /dev/null
+++ b/core/krb5/MITKRB5-SA-2012-001.patch
@@ -0,0 +1,61 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 23623fe..8ada9d0 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -463,7 +463,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+     krb5_enctype useenctype;
+     struct as_req_state *state;
+ 
+-    state = malloc(sizeof(*state));
++    state = calloc(sizeof(*state), 1);
+     if (!state) {
+         (*respond)(arg, ENOMEM, NULL);
+         return;
+@@ -486,6 +486,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+     state->authtime = 0;
+     state->c_flags = 0;
+     state->req_pkt = req_pkt;
++    state->inner_body = NULL;
+     state->rstate = NULL;
+     state->sname = 0;
+     state->cname = 0;
+diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
+index 9d8cb34..d4ece3f 100644
+--- a/src/kdc/kdc_preauth.c
++++ b/src/kdc/kdc_preauth.c
+@@ -1438,7 +1438,8 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
+                 continue;
+ 
+             }
+-            if (request_contains_enctype(context, request, db_etype)) {
++            if (krb5_is_permitted_enctype(context, db_etype) &&
++                request_contains_enctype(context, request, db_etype)) {
+                 retval = _make_etype_info_entry(context, client->princ,
+                                                 client_key, db_etype,
+                                                 &entry[i], etype_info2);
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index a43b291..94dad3a 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
+         return 0;
+     pa.magic = KV5M_PA_DATA;
+     pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
++    memset(&checksum, 0, sizeof(checksum));
+     retval = krb5_c_make_checksum(kdc_context,0, reply_key,
+                                   KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
+     if (retval != 0)
+diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
+index c4bf92e..367c894 100644
+--- a/src/lib/kdb/kdb_default.c
++++ b/src/lib/kdb/kdb_default.c
+@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
+     krb5_boolean        saw_non_permitted = FALSE;
+ 
+     ret = 0;
++    if (ktype != -1 && !krb5_is_permitted_enctype(kcontext, ktype))
++        return KRB5_KDB_NO_PERMITTED_KEY;
++
+     if (kvno == -1 && stype == -1 && ktype == -1)
+         kvno = 0;
+ 
diff --git a/core/krb5/PKGBUILD b/core/krb5/PKGBUILD
index 7452e062d..d2e97be57 100644
--- a/core/krb5/PKGBUILD
+++ b/core/krb5/PKGBUILD
@@ -1,9 +1,9 @@
-# $Id: PKGBUILD 162178 2012-06-22 17:24:25Z stephane $
+# $Id: PKGBUILD 164510 2012-08-01 10:29:03Z stephane $
 # Maintainer: Stéphane Gaudreault <stephane@archlinux.org>
 
 pkgname=krb5
 pkgver=1.10.2
-pkgrel=2
+pkgrel=3
 pkgdesc="The Kerberos network authentication system"
 arch=('i686' 'x86_64')
 url="http://web.mit.edu/kerberos/"
@@ -20,7 +20,8 @@ source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.10/${pkgname}-${pkgver}-si
         krb5-kpropd
         krb5-kpropd.service
         krb5-kpropd@.service
-        krb5-kpropd.socket)
+        krb5-kpropd.socket
+        MITKRB5-SA-2012-001.patch)
 sha1sums=('8b6e2c5bf0c65aacd368b3698add7888f2a7332d'
           '78b759d566b1fdefd9bbcd06df14f07f12effe96'
           '2aa229369079ed1bbb201a1ef72c47bf143f4dbe'
@@ -30,7 +31,8 @@ sha1sums=('8b6e2c5bf0c65aacd368b3698add7888f2a7332d'
           '7f402078fa65bb9ff1beb6cbbbb017450df78560'
           '614401dd4ac18e310153240bb26eb32ff1e8cf5b'
           '023a8164f8ee7066ac814486a68bc605e79f6101'
-          'f3677d30dbbd7106c581379c2c6ebb1bf7738912')
+          'f3677d30dbbd7106c581379c2c6ebb1bf7738912'
+          '7b32dd24e68dc801efb8be280083e4d8067e392a')
 options=('!emptydirs')
 
 build() {
@@ -46,6 +48,9 @@ build() {
    # FS#25384
    sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4
 
+   # Fix KDC heap corruption and crash vulnerabilities
+   patch -Np2 -i ../../MITKRB5-SA-2012-001.patch
+
    export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all"
    export CPPFLAGS+=" -I/usr/include/et"
    ./configure --prefix=/usr \
diff --git a/core/wpa_actiond/PKGBUILD b/core/wpa_actiond/PKGBUILD
index ea23e8bd3..825c0d011 100644
--- a/core/wpa_actiond/PKGBUILD
+++ b/core/wpa_actiond/PKGBUILD
@@ -1,7 +1,7 @@
-# $Id: PKGBUILD 155389 2012-04-03 08:18:09Z thomas $
+# $Id: PKGBUILD 164502 2012-08-01 09:59:07Z thomas $
 # Maintainer: Thomas Bächler <thomas@archlinux.org>
 pkgname=wpa_actiond
-pkgver=1.2
+pkgver=1.3
 pkgrel=1
 pkgdesc="Daemon that connects to wpa_supplicant and handles connect and disconnect events"
 arch=('i686' 'x86_64')
@@ -9,7 +9,7 @@ url="http://projects.archlinux.org/wpa_actiond.git/"
 license=('GPL')
 depends=('glibc' 'wpa_supplicant')
 source=(ftp://ftp.archlinux.org/other/wpa_actiond/${pkgname}-${pkgver}.tar.xz)
-sha256sums=('578efa1141fbf1acb56efff8061f4ac7ab99f257f8a3e1588db51a8ce77ac2b5')
+sha256sums=('4523b76980198666ac93f3a3772a10554ef608e6a18ab9eb1346303ee3a6f4b1')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
-- 
cgit v1.2.3-54-g00ecf