Date: Monday, November 18, 2013 @ 07:16:55 Author: eric Revision: 199882
upgpkg: krb5 1.11.4-1 Upstream update, Add prepare function, Remove old patches Modified: krb5/trunk/PKGBUILD Deleted: krb5/trunk/CVE-2002-2443.patch krb5/trunk/krb5-1.10.1-gcc47.patch -------------------------+ CVE-2002-2443.patch | 69 ---------------------------------------------- PKGBUILD | 28 +++++++----------- krb5-1.10.1-gcc47.patch | 11 ------- 3 files changed, 11 insertions(+), 97 deletions(-) Deleted: CVE-2002-2443.patch =================================================================== --- CVE-2002-2443.patch 2013-11-18 00:53:32 UTC (rev 199881) +++ CVE-2002-2443.patch 2013-11-18 06:16:55 UTC (rev 199882) @@ -1,69 +0,0 @@ -From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001 -From: Tom Yu <t...@mit.edu> -Date: Fri, 3 May 2013 16:26:46 -0400 -Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443] - -The kpasswd service provided by kadmind was vulnerable to a UDP -"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless -they pass some basic validation, and don't respond to our own error -packets. - -Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong -attack or UDP ping-pong attacks in general, but there is discussion -leading toward narrowing the definition of CVE-1999-0103 to the echo, -chargen, or other similar built-in inetd services. - -Thanks to Vincent Danen for alerting us to this issue. - -CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C - -ticket: 7637 (new) -target_version: 1.11.3 -tags: pullup ---- - src/kadmin/server/schpw.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c -index 15b0ab5..7f455d8 100644 ---- a/src/kadmin/server/schpw.c -+++ b/src/kadmin/server/schpw.c -@@ -52,7 +52,7 @@ - ret = KRB5KRB_AP_ERR_MODIFIED; - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated", sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - ptr = req->data; -@@ -67,7 +67,7 @@ - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request length was inconsistent", - sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - /* verify version number */ -@@ -80,7 +80,7 @@ - numresult = KRB5_KPASSWD_BAD_VERSION; - snprintf(strresult, sizeof(strresult), - "Request contained unknown protocol version number %d", vno); -- goto chpwfail; -+ goto bailout; - } - - /* read, check ap-req length */ -@@ -93,7 +93,7 @@ - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated in AP-REQ", - sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - /* verify ap_req */ --- -1.8.1.6 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2013-11-18 00:53:32 UTC (rev 199881) +++ PKGBUILD 2013-11-18 06:16:55 UTC (rev 199882) @@ -2,7 +2,7 @@ # Maintainer: Stéphane Gaudreault <steph...@archlinux.org> pkgname=krb5 -pkgver=1.11.3 +pkgver=1.11.4 pkgrel=1 pkgdesc="The Kerberos network authentication system" arch=('i686' 'x86_64') @@ -11,8 +11,8 @@ depends=('e2fsprogs' 'libldap' 'keyutils') makedepends=('perl') backup=('etc/krb5.conf' 'var/lib/krb5kdc/kdc.conf') -source=(http://web.mit.edu/kerberos/dist/${pkgname}/1.11/${pkgname}-${pkgver}-signed.tar - CVE-2002-2443.patch +options=('!emptydirs') +source=(http://web.mit.edu/kerberos/dist/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}-signed.tar krb5-config_LDFLAGS.patch krb5-kadmind.service krb5-kdc.service @@ -19,8 +19,7 @@ krb5-kpropd.service krb5-kpropd@.service krb5-kpropd.socket) -sha1sums=('df708a530a22ed09c7825742c108180319b10463' - '78ec307c2b5e32481a6da401013c428e0b867f36' +sha1sums=('a432489410efa3ff27ac0ae54f55edeede3ed63f' '09e478cddfb9d46d2981dd25ef96b8c3fd91e1aa' '59bbc7e686cbb4bcefddf0f134d928d7bd5e7722' '2ef2476a8673b3b702e829d8f451c839c2273b02' @@ -27,29 +26,24 @@ '74d66aefd291f22dd80799f0437cc03d83083ed5' '6787c6ce2783b3f980c423e2dd4abf5236af670b' 'f3677d30dbbd7106c581379c2c6ebb1bf7738912') -options=('!emptydirs') -build() { - tar zxvf ${pkgname}-${pkgver}.tar.gz - cd "${srcdir}/${pkgname}-${pkgver}/src" - +prepare() { + tar -xf ${pkgname}-${pkgver}.tar.gz + cd ${pkgname}-${pkgver}/src # cf https://bugs.gentoo.org/show_bug.cgi?id=448778 patch -Np2 -i "${srcdir}"/krb5-config_LDFLAGS.patch - # Fix kpasswd UDP ping-pong (CVE-2002-2443) - #patch -Np2 -i "${srcdir}"/CVE-2002-2443.patch - - rm lib/krb5/krb/deltat.c - # FS#25384 sed -i "/KRB5ROOT=/s/\/local//" util/ac_check_krb5.m4 +} +build() { + cd ${pkgname}-${pkgver}/src export CFLAGS+=" -fPIC -fno-strict-aliasing -fstack-protector-all" export CPPFLAGS+=" -I/usr/include/et" ./configure --prefix=/usr \ --sbindir=/usr/bin \ --sysconfdir=/etc \ - --mandir=/usr/share/man \ --localstatedir=/var/lib \ --enable-shared \ --with-system-et \ @@ -63,7 +57,7 @@ } package() { - cd "${srcdir}/${pkgname}-${pkgver}/src" + cd ${pkgname}-${pkgver}/src make DESTDIR="${pkgdir}" EXAMPLEDIR=/usr/share/doc/${pkgname}/examples install # Fix FS#29889 Deleted: krb5-1.10.1-gcc47.patch =================================================================== --- krb5-1.10.1-gcc47.patch 2013-11-18 00:53:32 UTC (rev 199881) +++ krb5-1.10.1-gcc47.patch 2013-11-18 06:16:55 UTC (rev 199882) @@ -1,11 +0,0 @@ -diff -Naur krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y krb5-1.10.1/src/lib/krb5/krb/x-deltat.y ---- krb5-1.10.1.ori/src/lib/krb5/krb/x-deltat.y 2011-09-06 07:34:32.000000000 -0400 -+++ krb5-1.10.1/src/lib/krb5/krb/x-deltat.y 2012-03-24 13:15:11.543551318 -0400 -@@ -44,6 +44,7 @@ - #ifdef __GNUC__ - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wuninitialized" -+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" - #endif - - #include <ctype.h>