From owner-cvs-all Wed Jan 24 12:37: 0 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 31A2637B401; Wed, 24 Jan 2001 12:36:36 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0OKaa689098; Wed, 24 Jan 2001 12:36:36 -0800 (PST) (envelope-from nectar) Message-Id: <200101242036.f0OKaa689098@freefall.freebsd.org> From: Jacques Vidrine Date: Wed, 24 Jan 2001 12:36:35 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/pam_krb5/files patch-ab patch-ad patch-af patch-ah X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG nectar 2001/01/24 12:36:35 PST Modified files: security/pam_krb5/files patch-ab patch-ad patch-af patch-ah Log: Bug fixes and paranoia: compat_heimdal.c: = Stop shooting at feet when freeing a particular chunk of memory. Found by complaints from free(), and pinpointed with MALLOC_OPTIONS=A. pam_krb5_auth.c: = In addition to dropping and restoring uid when delving in /tmp, drop and restore gid. = Explicitly set permissions on the credentials cache for good measure. The following was Obtained from: Sam Hartman via bugs.debian.org support.c: = verify_krb_v5_tgt: Do a little more to prevent KDC spoofing. Allow for a key separate from the host key to use only for PAM. Revision Changes Path 1.4 +3 -2 ports/security/pam_krb5/files/patch-ab 1.4 +74 -19 ports/security/pam_krb5/files/patch-ad 1.4 +83 -25 ports/security/pam_krb5/files/patch-af 1.4 +3 -3 ports/security/pam_krb5/files/patch-ah To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message