From nobody Mon Jun 8 15:03:34 2026 X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gYwKM12QNz6gCWV for ; Mon, 08 Jun 2026 15:03:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gYwKL4Gyfz4J5M for ; Mon, 08 Jun 2026 15:03:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1780931014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EGWdJSYz23hDAPtz0+glB7pyMv7nWxrBg6NmmEooD9w=; b=oeaHEGwjpEzzMhoS4qNiK4bMGCDsmsSS80pGyyVIrJmlMVjzufDXJ9frrw3hgQRU1CJ+ZK qY6R1sMQO5i1ljJjtyMX5l9uoiZ5scp7meEpZ3ahpXYt4QirZQUihb3ujon5lNqnd49SlV zOLjc20E7jF1YAidZpuY9TmGtpSIMaCpilBO0mqedsXVSv8caU/q0B/P01+LHO1RgZ7HDW ImaGpRVejtBf3uRZHWz312nTitWiYaUKm1ldyFB4ww6+S6l4a2y7jV6s8YVQWxzeSyJlb6 2Ob+whMXAHwS9i/U3G/DMbbVZld1LShGEfJzcSeAcXeCba5fHoOKMyVE+7FtLg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1780931014; a=rsa-sha256; cv=none; b=nmhD2jayUmZgc5H51lXNpUztHsjRgKa9562kdzdZ5gkTpiK0oExQfiF0TlGSRNlh1Yft6I 19ux2OPRKw+DGS2ErxxNtKZRfqzWTKA7oBVl0XSiJnUoqL610FsKtTt17IG1jZJeSxTFQV pqKFG28vBRy+hcwhSRTnRKxoCzDB64zxjJVqv1FmAoGA9Jmalbjg5eTL7f4z+cTF1UKUPv YIvcb1V10LTaHVad6BDyc1L48BoOYpAbK6Bg3bble38UNQz2ToWMuOy3RaWGz1a1kxq5+M lwBlptC1a+RFMGR8MtPvAzFaA6Ntbi6w9wojxEQB2gS7a2s7r2tD7lSP2Ycogg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1780931014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EGWdJSYz23hDAPtz0+glB7pyMv7nWxrBg6NmmEooD9w=; b=EGRNpdte7ZxejRL349wGD1lsLGV1DQFCjhmG0NS5Az7LtBoA0SFunoxTN4wUcurAaZXVo3 F0otFd9xn6JHuVMi3c8L72v5/npEgS0GX+QyKTzVnjor45r3wNYHR1mq4grBy7ygnKYw4k POJw8Fz9N8AfvhN9zin7KIn149owDWcz6ULBZcH9kjZBbMvaEMfD2Z6xvFDkuIEijn92qj 4Lwh1a+ndZ8/G5sqPSQK2b+mGpFj0KivdoodG5VzDNmHqG8CC3Z1WJFS8aPs9wo47su42+ SwJOKmt6xo8EuNbpM2RmeRjOOBRgm7UloYbk/s0RiwFENlYASfCeZSpeKBM8yQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gYwKL3ZFkztPD for ; Mon, 08 Jun 2026 15:03:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 46efb by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 08 Jun 2026 15:03:34 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Cy Schubert Subject: git: 87e1c4bcf24c - 2026Q2 - security/krb5-12?: Fix reachable assert when importing krb5 names List-Id: Commits to the quarterly branches of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-branches@freebsd.org Sender: owner-dev-commits-ports-branches@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/2026Q2 X-Git-Reftype: branch X-Git-Commit: 87e1c4bcf24cc6f1b3e63f6a3d916ef32f39734f Auto-Submitted: auto-generated Date: Mon, 08 Jun 2026 15:03:34 +0000 Message-Id: <6a26d9c6.46efb.49a769e5@gitrepo.freebsd.org> The branch 2026Q2 has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=87e1c4bcf24cc6f1b3e63f6a3d916ef32f39734f commit 87e1c4bcf24cc6f1b3e63f6a3d916ef32f39734f Author: Cy Schubert AuthorDate: 2026-06-08 14:55:03 +0000 Commit: Cy Schubert CommitDate: 2026-06-08 15:03:20 +0000 security/krb5-12?: Fix reachable assert when importing krb5 names If a name token contains trailing garbage, error out from krb5_gss_import_name() instead of crashing the process with an assertion failure. Commit message details obtained from upstream commit. Obtained from: upstream commit 07818f1fd Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna, Luigino Camastra, Guido Vranken) to krb5-bugs (cherry picked from commit 8854e0201abe6c8292d0360c23a8be7201240016) --- security/krb5-121/Makefile | 2 +- security/krb5-121/files/patch-lib_gssapi_krb5_import__name.c | 12 ++++++++++++ security/krb5-122/Makefile | 2 +- security/krb5-122/files/patch-lib_gssapi_krb5_import__name.c | 12 ++++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/security/krb5-121/Makefile b/security/krb5-121/Makefile index 3fd6a66b5c37..c394fa174c4b 100644 --- a/security/krb5-121/Makefile +++ b/security/krb5-121/Makefile @@ -1,6 +1,6 @@ PORTNAME= krb5 PORTVERSION= 1.21.3 -PORTREVISION= 1 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) diff --git a/security/krb5-121/files/patch-lib_gssapi_krb5_import__name.c b/security/krb5-121/files/patch-lib_gssapi_krb5_import__name.c new file mode 100644 index 000000000000..fc99a2ad893f --- /dev/null +++ b/security/krb5-121/files/patch-lib_gssapi_krb5_import__name.c @@ -0,0 +1,12 @@ +--- lib/gssapi/krb5/import_name.c.orig 2026-06-08 07:48:11.489573000 -0700 ++++ lib/gssapi/krb5/import_name.c 2026-06-08 07:49:18.639094000 -0700 +@@ -302,7 +302,8 @@ + goto fail_name; + cp += length; + } +- assert(cp == end); ++ if (cp != end) ++ goto fail_name; + } else { + status = GSS_S_BAD_NAMETYPE; + goto cleanup; diff --git a/security/krb5-122/Makefile b/security/krb5-122/Makefile index ba1c1c249666..ea9d71fa098a 100644 --- a/security/krb5-122/Makefile +++ b/security/krb5-122/Makefile @@ -1,6 +1,6 @@ PORTNAME= krb5 PORTVERSION= 1.22.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) diff --git a/security/krb5-122/files/patch-lib_gssapi_krb5_import__name.c b/security/krb5-122/files/patch-lib_gssapi_krb5_import__name.c new file mode 100644 index 000000000000..fc99a2ad893f --- /dev/null +++ b/security/krb5-122/files/patch-lib_gssapi_krb5_import__name.c @@ -0,0 +1,12 @@ +--- lib/gssapi/krb5/import_name.c.orig 2026-06-08 07:48:11.489573000 -0700 ++++ lib/gssapi/krb5/import_name.c 2026-06-08 07:49:18.639094000 -0700 +@@ -302,7 +302,8 @@ + goto fail_name; + cp += length; + } +- assert(cp == end); ++ if (cp != end) ++ goto fail_name; + } else { + status = GSS_S_BAD_NAMETYPE; + goto cleanup;