diff options
| author |   Eray Aslan <eras@gentoo.org> | 2012-01-17 20:14:05 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2012-01-17 20:14:05 +0000 |
| commit | d3392397d986acec4aec167b20c5a112fada6126 (patch) | |
| tree | b738033199e2f5340aae492617f6d07e64a69865 | |
| parent | remove vulnerable versions (diff) | |
| download | gentoo-2-d3392397d986acec4aec167b20c5a112fada6126.tar.gz gentoo-2-d3392397d986acec4aec167b20c5a112fada6126.tar.bz2 gentoo-2-d3392397d986acec4aec167b20c5a112fada6126.zip | |
remove vulnerable versions
(Portage version: 2.1.10.44/cvs/Linux x86_64)
| -rw-r--r-- | app-crypt/mit-krb5-appl/ChangeLog | 7 | ||||
| -rw-r--r-- | app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch | 58 | ||||
| -rw-r--r-- | app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild | 58 | ||||
| -rw-r--r-- | app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1.ebuild | 57 | ||||
| -rw-r--r-- | app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2.ebuild | 53 |
5 files changed, 6 insertions, 227 deletions
diff --git a/app-crypt/mit-krb5-appl/ChangeLog b/app-crypt/mit-krb5-appl/ChangeLog index 7a0650df65c2..67cf11106979 100644 --- a/app-crypt/mit-krb5-appl/ChangeLog +++ b/app-crypt/mit-krb5-appl/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for app-crypt/mit-krb5-appl # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.25 2012/01/08 15:58:41 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.26 2012/01/17 20:14:05 eras Exp $ + + 17 Jan 2012; Eray Aslan <eras@gentoo.org> -mit-krb5-appl-1.0.1.ebuild, + -mit-krb5-appl-1.0.1-r1.ebuild, -mit-krb5-appl-1.0.2.ebuild, + -files/CVE-2011-1526.patch: + remove vulnerable versions 08 Jan 2012; Raúl Porcel <armin76@gentoo.org> mit-krb5-appl-1.0.2-r1.ebuild: alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #396137 diff --git a/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch b/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch deleted file mode 100644 index 9c4466214e53..000000000000 --- a/app-crypt/mit-krb5-appl/files/CVE-2011-1526.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 86e23f1..2fe68ad 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -107,6 +107,7 @@ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp) - AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg) - AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af) - AC_CHECK_FUNCS(seteuid setlogin setpgid setpriority setresuid setreuid) -+AC_CHECK_FUNCS(setegid setregid setresgid) - AC_CHECK_FUNCS(setutent setutsent setutxent strsave tcgetpgrp tcsetpgrp) - AC_CHECK_FUNCS(ttyname unsetenv updwtmp updwtmpx utimes utmpname utmpxname) - AC_CHECK_FUNCS(vhangup vsnprintf waitpid) -diff --git a/gssftp/ftpd/ftpd.c b/gssftp/ftpd/ftpd.c -index fe62a9c..a150819 100644 ---- a/gssftp/ftpd/ftpd.c -+++ b/gssftp/ftpd/ftpd.c -@@ -994,9 +994,14 @@ login(passwd, logincode) - #endif - } - -- (void) krb5_setegid((gid_t)pw->pw_gid); -- (void) initgroups(pw->pw_name, pw->pw_gid); -- -+ if (krb5_setegid((gid_t)pw->pw_gid) < 0) { -+ reply(550, "Can't set egid."); -+ goto bad; -+ } -+ if (geteuid() == 0 && initgroups(pw->pw_name, pw->pw_gid) < 0) { -+ reply(550, "Can't initgroups"); -+ goto bad; -+ } - /* open wtmp before chroot */ - (void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid()); - pty_logwtmp(ttyline, pw->pw_name, rhost_sane); -diff --git a/k5-util.h b/k5-util.h -index 7bb8cfb..64cd53d 100644 ---- a/k5-util.h -+++ b/k5-util.h -@@ -69,8 +69,7 @@ - #elif defined(HAVE_SETREUID) - # define krb5_seteuid(EUID) setreuid(geteuid(), (uid_t)(EUID)) - #else -- /* You need to add a case to deal with this operating system.*/ --# define krb5_seteuid(EUID) (errno = EPERM, -1) -+# error "You need to add a case to deal with this operating system." - #endif - - #ifdef HAVE_SETEGID -@@ -80,8 +79,7 @@ - #elif defined(HAVE_SETREGID) - # define krb5_setegid(EGID) (setregid(getegid(), (gid_t)(EGID))) - #else -- /* You need to add a case to deal with this operating system.*/ --# define krb5_setegid(EGID) (errno = EPERM, -1) -+# error "You need to add a case to deal with this operating system." - #endif - - #endif diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild deleted file mode 100644 index 732fbea1e503..000000000000 --- a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1-r1.ebuild,v 1.6 2011/07/11 02:00:58 jer Exp $ - -EAPI=4 - -inherit flag-o-matic versionator autotools eutils - -MY_P=${P/mit-} -MAJOR_MINOR="$( get_version_component_range 1-2 )" -DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution" -HOMEPAGE="http://web.mit.edu/kerberos/www/" -SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" -IUSE="" - -RDEPEND=">=app-crypt/mit-krb5-1.8.0" -DEPEND="${RDEPEND}" - -S=${WORKDIR}/${MY_P} - -src_unpack() { - unpack ${A} - unpack ./"${MY_P}".tar.gz -} - -src_prepare() { - epatch "${FILESDIR}/CVE-2011-1526.patch" - eautoreconf -} - -src_configure() { - append-flags "-I/usr/include/et" - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - econf -} - -src_install() { - emake DESTDIR="${D}" install - for i in {telnetd,ftpd} ; do - mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \ - || die "mv failed (man)" - mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed" - done - - for i in {rcp,rlogin,rsh,telnet,ftp} ; do - mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \ - || die "mv failed (man)" - mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed" - done - - rm "${D}"/usr/share/man/man1/tmac.doc - dodoc README -} diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1.ebuild deleted file mode 100644 index 8704241aca3c..000000000000 --- a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1.ebuild +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.1.ebuild,v 1.7 2011/04/23 18:24:42 armin76 Exp $ - -EAPI="2" - -inherit flag-o-matic versionator - -MY_P=${P/mit-} -MAJOR_MINOR="$( get_version_component_range 1-2 )" -DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution" -HOMEPAGE="http://web.mit.edu/kerberos/www/" -SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" -IUSE="" - -RDEPEND=">=app-crypt/mit-krb5-1.8.0" -DEPEND="${RDEPEND}" - -S=${WORKDIR}/${MY_P} - -src_unpack() { - unpack ${A} - unpack ./"${MY_P}".tar.gz -} - -src_configure() { - append-flags "-I/usr/include/et" - econf -} - -src_compile() { - emake || die "emake failed" -} - -src_install() { - - emake DESTDIR="${D}" install || die "make install failed" - for i in {telnetd,ftpd} ; do - mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \ - || die "mv failed (man)" - mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed" - done - - for i in {rcp,rlogin,rsh,telnet,ftp} ; do - mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \ - || die "mv failed (man)" - mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed" - done - - rm "${D}"/usr/share/man/man1/tmac.doc - dodoc README - -} diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2.ebuild deleted file mode 100644 index 548fb9432a34..000000000000 --- a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2.ebuild +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2.ebuild,v 1.1 2011/07/13 10:45:22 eras Exp $ - -EAPI=4 - -inherit flag-o-matic versionator eutils - -MY_P=${P/mit-} -MAJOR_MINOR="$( get_version_component_range 1-2 )" -DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution" -HOMEPAGE="http://web.mit.edu/kerberos/www/" -SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="" - -RDEPEND=">=app-crypt/mit-krb5-1.8.0" -DEPEND="${RDEPEND}" - -S=${WORKDIR}/${MY_P} - -src_unpack() { - unpack ${A} - unpack ./"${MY_P}".tar.gz -} - -src_configure() { - append-flags "-I/usr/include/et" - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - econf -} - -src_install() { - emake DESTDIR="${D}" install - for i in {telnetd,ftpd} ; do - mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \ - || die "mv failed (man)" - mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed" - done - - for i in {rcp,rlogin,rsh,telnet,ftp} ; do - mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \ - || die "mv failed (man)" - mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed" - done - - rm "${D}"/usr/share/man/man1/tmac.doc - dodoc README -} |