diff options
| author | cy <cy@FreeBSD.org> | 2015-06-02 13:09:22 +0800 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2015-06-02 13:09:22 +0800 |
| commit | 5c796e6c47dde43e8b01787579f20288c591d80f (patch) | |
| tree | bb6bfa5a19f5e12e2949c2d7e1816606473bf4cf /security | |
| parent | 8686182ae416f40b1d0d66e5b9efd1874892e3e6 (diff) | |
| download | freebsd-ports-gnome-5c796e6c47dde43e8b01787579f20288c591d80f.tar.gz freebsd-ports-gnome-5c796e6c47dde43e8b01787579f20288c591d80f.tar.zst freebsd-ports-gnome-5c796e6c47dde43e8b01787579f20288c591d80f.zip | |
Update 1.12.3 --> 1.12.4
Diffstat (limited to 'security')
| -rw-r--r-- | security/krb5-112/Makefile | 3 | ||||
| -rw-r--r-- | security/krb5-112/distinfo | 6 | ||||
| -rw-r--r-- | security/krb5-112/files/patch-CVE-2015-2694 | 65 |
3 files changed, 3 insertions, 71 deletions
diff --git a/security/krb5-112/Makefile b/security/krb5-112/Makefile index eb19aba3dd04..c4d49193bc00 100644 --- a/security/krb5-112/Makefile +++ b/security/krb5-112/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= krb5 -PORTVERSION= 1.12.3 -PORTREVISION= 2 +PORTVERSION= 1.12.4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ PKGNAMESUFFIX= -112 diff --git a/security/krb5-112/distinfo b/security/krb5-112/distinfo index 6b7ba85264c1..d686be9340e8 100644 --- a/security/krb5-112/distinfo +++ b/security/krb5-112/distinfo @@ -1,4 +1,2 @@ -SHA256 (krb5-1.12.3-signed.tar) = 091715da49f6aa72b98c9659229351b4b168fb96f84caa18228aaf7632db3483 -SIZE (krb5-1.12.3-signed.tar) = 12001280 -SHA256 (2015-001-patch-r112.txt) = 75d1d070293fef7faa2c5ffbe8de4afaefb95449564e7dd5da458588ba637449 -SIZE (2015-001-patch-r112.txt) = 12130 +SHA256 (krb5-1.12.4-signed.tar) = b95d029e4b376332b3517bad49becdd48503f82a7ac24e5f284a00aa091dd0d9 +SIZE (krb5-1.12.4-signed.tar) = 12011520 diff --git a/security/krb5-112/files/patch-CVE-2015-2694 b/security/krb5-112/files/patch-CVE-2015-2694 deleted file mode 100644 index 08398fda72da..000000000000 --- a/security/krb5-112/files/patch-CVE-2015-2694 +++ /dev/null @@ -1,65 +0,0 @@ ---- plugins/preauth/otp/main.c.orig 2015-02-18 22:31:13 UTC -+++ plugins/preauth/otp/main.c -@@ -42,6 +42,7 @@ static krb5_preauthtype otp_pa_type_list - struct request_state { - krb5_kdcpreauth_verify_respond_fn respond; - void *arg; -+ krb5_enc_tkt_part *enc_tkt_reply; - }; - - static krb5_error_code -@@ -159,6 +160,9 @@ on_response(void *data, krb5_error_code - if (retval == 0 && response != otp_response_success) - retval = KRB5_PREAUTH_FAILED; - -+ if (retval == 0) -+ rs.enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; -+ - rs.respond(rs.arg, retval, NULL, NULL, NULL); - } - -@@ -263,8 +267,6 @@ otp_verify(krb5_context context, krb5_da - krb5_data d, plaintext; - char *config; - -- enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; -- - /* Get the FAST armor key. */ - armor_key = cb->fast_armor(context, rock); - if (armor_key == NULL) { -@@ -298,12 +300,14 @@ otp_verify(krb5_context context, krb5_da - goto error; - } - -- /* Create the request state. */ -+ /* Create the request state. Save the response callback, and the -+ * enc_tkt_reply pointer so we can set the TKT_FLG_PRE_AUTH flag later. */ - rs = k5alloc(sizeof(struct request_state), &retval); - if (rs == NULL) - goto error; - rs->arg = arg; - rs->respond = respond; -+ rs->enc_tkt_reply = enc_tkt_reply; - - /* Get the principal's OTP configuration string. */ - retval = cb->get_string(context, rock, "otp", &config); ---- plugins/preauth/pkinit/pkinit_srv.c.orig 2015-02-18 22:31:13 UTC -+++ plugins/preauth/pkinit/pkinit_srv.c -@@ -306,7 +306,7 @@ pkinit_server_verify_padata(krb5_context - - pkiDebug("pkinit_verify_padata: entered!\n"); - if (data == NULL || data->length <= 0 || data->contents == NULL) { -- (*respond)(arg, 0, NULL, NULL, NULL); -+ (*respond)(arg, EINVAL, NULL, NULL, NULL); - return; - } - -@@ -318,7 +318,7 @@ pkinit_server_verify_padata(krb5_context - - plgctx = pkinit_find_realm_context(context, moddata, request->server); - if (plgctx == NULL) { -- (*respond)(arg, 0, NULL, NULL, NULL); -+ (*respond)(arg, EINVAL, NULL, NULL, NULL); - return; - } - |