149299 – [patch] security/krb5 out of date

Bug 149299 - [patch] security/krb5 out of date

Summary: [patch] security/krb5 out of date

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Cy Schubert

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-04 21:50 UTC by Garrett Wollman
Modified:	2010-08-05 23:40 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (1.65 KB, patch) 2010-08-04 21:50 UTC, Garrett Wollman	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Garrett Wollman 2010-08-04 21:50:07 UTC

We seem to have completely missed krb5 1.8.2, which fixed:

    * CVE-2010-1320 KDC double free caused by ticket renewal (MITKRB5-SA-2010-004)
    * CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)

krb5 1.8.3 is now released.

Comment 1 Mark Linimon freebsd_committer

2010-08-04 21:52:40 UTC

Responsible Changed
From-To: freebsd-ports-bugs->cy

Fix synopsis and assign.

Comment 2 wollman 2010-08-04 21:56:47 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<<On Wed, 4 Aug 2010 20:50:07 GMT, FreeBSD-gnats-submit@FreeBSD.org said:

>> Category:       ports
>> Responsible:    freebsd-ports-bugs
>> Synopsis:       ports/krb5 out of date
>> Arrival-Date:   Wed Aug 04 20:50:07 UTC 2010

This message is to verify the new distinfo file:

MD5 (krb5-1.8.3-signed.tar) = 7c5f38e31ee744cb538eed2301096b93
SHA256 (krb5-1.8.3-signed.tar) = 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0aa22f6500f53381567019
SIZE (krb5-1.8.3-signed.tar) = 11642880

- -GAWollman

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)

iD8DBQFMWdQHI+eG6b7tlG4RAiVRAKCgRkIQhmbmh3onDhFlHfiUHGHqJQCfcrgp
6l1RVjEACgWhrkVHlI2S4Pk=
=pPSs
-----END PGP SIGNATURE-----

Comment 3 Cy Schubert 2010-08-05 23:19:20 UTC

Hi Garrett,

I'm still in Newfoundland. I assume you have ports commit privileges. Would 
you please go ahead and commit this for me. I'll owe you one. Thanks.


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

			e**(i*pi)+1=0



In message <201008042100.o74L0KZP015080@freefall.freebsd.org>, Garrett 
Wollman
writes:
> The following reply was made to PR ports/149299; it has been noted by GNATS.
> 
> From: Garrett Wollman <wollman@csail.mit.edu>
> To: FreeBSD-gnats-submit@FreeBSD.org
> Cc:  
> Subject: UNS: Re: ports/149299: ports/krb5 out of date
> Date: Wed, 4 Aug 2010 16:56:47 -0400
> 
>  -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>  
>  <<On Wed, 4 Aug 2010 20:50:07 GMT, FreeBSD-gnats-submit@FreeBSD.org said:
>  
>  >> Category:       ports
>  >> Responsible:    freebsd-ports-bugs
>  >> Synopsis:       ports/krb5 out of date
>  >> Arrival-Date:   Wed Aug 04 20:50:07 UTC 2010
>  
>  This message is to verify the new distinfo file:
>  
>  MD5 (krb5-1.8.3-signed.tar) = 7c5f38e31ee744cb538eed2301096b93
>  SHA256 (krb5-1.8.3-signed.tar) = 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0
> aa22f6500f53381567019
>  SIZE (krb5-1.8.3-signed.tar) = 11642880
>  
>  - -GAWollman
>  
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.10 (FreeBSD)
>  
>  iD8DBQFMWdQHI+eG6b7tlG4RAiVRAKCgRkIQhmbmh3onDhFlHfiUHGHqJQCfcrgp
>  6l1RVjEACgWhrkVHlI2S4Pk=
>  =pPSs
>  -----END PGP SIGNATURE-----
>

Comment 4 dfilter service freebsd_committer

2010-08-05 23:37:24 UTC

cy          2010-08-05 22:37:11 UTC

  FreeBSD ports repository

  Modified files:
    security/krb5        Makefile distinfo 
  Log:
  Update to 1.8.3.
  
  PR:             149299
  Submitted by:   gwollman
  
  Revision  Changes    Path
  1.140     +1 -4      ports/security/krb5/Makefile
  1.42      +3 -6      ports/security/krb5/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 5 Cy Schubert 2010-08-05 23:39:42 UTC

Garrett,

I managed to squeeze in some time to commit it. Thanks.


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

			e**(i*pi)+1=0


Cy Schubert writes:
> Hi Garrett,
> 
> I'm still in Newfoundland. I assume you have ports commit privileges. Would 
> you please go ahead and commit this for me. I'll owe you one. Thanks.
> 
> 
> -- 
> Cheers,
> Cy Schubert <Cy.Schubert@komquats.com>
> FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
> 
> 			e**(i*pi)+1=0
> 
> 
> 
> In message <201008042100.o74L0KZP015080@freefall.freebsd.org>, Garrett 
> Wollman
> writes:
> > The following reply was made to PR ports/149299; it has been noted by GNATS
> .
> > 
> > From: Garrett Wollman <wollman@csail.mit.edu>
> > To: FreeBSD-gnats-submit@FreeBSD.org
> > Cc:  
> > Subject: UNS: Re: ports/149299: ports/krb5 out of date
> > Date: Wed, 4 Aug 2010 16:56:47 -0400
> > 
> >  -----BEGIN PGP SIGNED MESSAGE-----
> >  Hash: SHA1
> >  
> >  <<On Wed, 4 Aug 2010 20:50:07 GMT, FreeBSD-gnats-submit@FreeBSD.org said:
> >  
> >  >> Category:       ports
> >  >> Responsible:    freebsd-ports-bugs
> >  >> Synopsis:       ports/krb5 out of date
> >  >> Arrival-Date:   Wed Aug 04 20:50:07 UTC 2010
> >  
> >  This message is to verify the new distinfo file:
> >  
>  MD5 (krb5-1.8.3-signed.tar) = 7c5f38e31ee744cb538eed2301096b93
> >  SHA256 (krb5-1.8.3-signed.tar) = 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8f
> b0
> > aa22f6500f53381567019
> >  SIZE (krb5-1.8.3-signed.tar) = 11642880
> >  
> >  - -GAWollman
> >  
> >  -----BEGIN PGP SIGNATURE-----
> >  Version: GnuPG v1.4.10 (FreeBSD)
> >  
> >  iD8DBQFMWdQHI+eG6b7tlG4RAiVRAKCgRkIQhmbmh3onDhFlHfiUHGHqJQCfcrgp
> >  6l1RVjEACgWhrkVHlI2S4Pk=
> >  =pPSs
> >  -----END PGP SIGNATURE-----
> > 
> 
>

Comment 6 Cy Schubert freebsd_committer

2010-08-05 23:40:14 UTC

State Changed
From-To: open->closed

Committed. Thanks.