Date: Wed, 4 Aug 2010 16:43:18 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.csail.mit.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/149299: ports/krb5 out of date Message-ID: <201008042043.o74KhIGO038896@khavrinen.csail.mit.edu> Resent-Message-ID: <201008042050.o74Ko7B0005681@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 149299
>Category: ports
>Synopsis: ports/krb5 out of date
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 04 20:50:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Garrett Wollman
>Release: FreeBSD 7.3-RELEASE amd64
>Organization:
MIT Computer Science & Artificial Intelligence Laboratory
>Environment:
System: FreeBSD khavrinen.csail.mit.edu 7.3-RELEASE FreeBSD 7.3-RELEASE #8 r208486: Tue May 25 19:02:53 EDT 2010 wollman@khavrinen.csail.mit.edu:/usr/obj/usr/src/sys/KHAVRINEN amd64
>Description:
We seem to have completely missed krb5 1.8.2, which fixed:
* CVE-2010-1320 KDC double free caused by ticket renewal (MITKRB5-SA-2010-004)
* CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
krb5 1.8.3 is now released.
>How-To-Repeat:
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/krb5/Makefile,v
retrieving revision 1.139
diff -u -r1.139 Makefile
--- Makefile 25 May 2010 05:14:15 -0000 1.139
+++ Makefile 4 Aug 2010 19:51:54 -0000
@@ -6,15 +6,12 @@
#
PORTNAME= krb5
-PORTVERSION= 1.8.1
-PORTREVISION= 1
+PORTVERSION= 1.8.3
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
DISTNAME= ${PORTNAME}-${PORTVERSION}-signed
EXTRACT_SUFX= .tar
-PATCHFILES= 2010-005-patch.txt
-PATCH_DIST_STRIP= -p2
MAINTAINER= cy@FreeBSD.org
COMMENT= An authentication system developed at MIT, successor to Kerberos IV
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/krb5/distinfo,v
retrieving revision 1.41
diff -u -r1.41 distinfo
--- distinfo 25 May 2010 05:14:15 -0000 1.41
+++ distinfo 4 Aug 2010 19:52:19 -0000
@@ -1,6 +1,3 @@
-MD5 (krb5-1.8.1-signed.tar) = e29a78b108c4687f7e7937110d1d0415
-SHA256 (krb5-1.8.1-signed.tar) = 470c486ec5580d12f2a72cde059e3bdfa567cf96215b724fec5a3b6cfa7eebb9
-SIZE (krb5-1.8.1-signed.tar) = 11632640
-MD5 (2010-005-patch.txt) = 4fc65f831afbd9fe6bb428774251e2b2
-SHA256 (2010-005-patch.txt) = 02d778775bf3f7576f5cf7a9a1a3d14ccf1654b71c77a6a4e00a7bd5b775b221
-SIZE (2010-005-patch.txt) = 670
+MD5 (krb5-1.8.3-signed.tar) = 7c5f38e31ee744cb538eed2301096b93
+SHA256 (krb5-1.8.3-signed.tar) = 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0aa22f6500f53381567019
+SIZE (krb5-1.8.3-signed.tar) = 11642880
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008042043.o74KhIGO038896>