security bump - bug #396137

Package-Manager: portage-2.1.10.43/cvs/Linux x86_64

4 files changed, 95 insertions, 16 deletions

diff --git a/app-crypt/mit-krb5-appl/ChangeLog b/app-crypt/mit-krb5-appl/ChangeLog
index 7cd6723c42fd..536346515f9d 100644
--- a/app-crypt/mit-krb5-appl/ChangeLog
+++ b/app-crypt/mit-krb5-appl/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/mit-krb5-appl
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.17 2011/07/13 10:45:22 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.18 2011/12/26 21:39:56 eras Exp $
+
+*mit-krb5-appl-1.0.2-r1 (26 Dec 2011)
+
+  26 Dec 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-appl-1.0.2-r1.ebuild,
+  +files/CVE-2011-4862.patch:
+  security bump - bug #396137
 
 *mit-krb5-appl-1.0.2 (13 Jul 2011)
 
diff --git a/app-crypt/mit-krb5-appl/Manifest b/app-crypt/mit-krb5-appl/Manifest
index ba1e6a0d033f..97fba0c4a127 100644
--- a/app-crypt/mit-krb5-appl/Manifest
+++ b/app-crypt/mit-krb5-appl/Manifest
@@ -2,27 +2,29 @@
 Hash: SHA256
 
 AUX CVE-2011-1526.patch 2076 RMD160 780d9769e3b2661b927b26295f14a31dee314213 SHA1 5e52a66b299407f54038fc287732160aabce51ff SHA256 a3f14859883cdeff846aaea2e35738a6580549d634986fdfc41d178e33135459
+AUX CVE-2011-4862.patch 393 RMD160 464588d93e01cfcb7fba821fac46265958c0efa8 SHA1 9f01a9700f60066a69cb6002c3610fed51da0459 SHA256 20282d3f28101a318af42c45e54649c2e7099ab0bb900352490926af81ed1608
 DIST krb5-appl-1.0.1-signed.tar 645120 RMD160 ca0668b623dcf4dc5a0699fa47d86660aac5544a SHA1 128662c9860f61a51c9bcaf1b6217467faa12324 SHA256 124322481e4f8e0b119b527071f2f707168060e17748cf34c8bf5af747c3e311
 DIST krb5-appl-1.0.2-signed.tar 634880 RMD160 af6e0c8ece7fe3821b373621672ad15e09508a90 SHA1 f9a75c1e3b495ab6b3a4004274ffb35f9fe24756 SHA256 ca82209ba11e37390a7b79b0eb27abac9526442d296d60b752a0a94969bbad7d
 EBUILD mit-krb5-appl-1.0.1-r1.ebuild 1558 RMD160 47dbeb22faaa894f1fd486bc3a5c9812be9d1865 SHA1 4797794bd1894a3303cf9516f945b901bdabbd81 SHA256 b1c2d84e515c48bf1939ea2f21f9ebd0ef5e78043d78ed0cbeeb67e004cd4602
 EBUILD mit-krb5-appl-1.0.1.ebuild 1479 RMD160 91c40228567269baed8f4afefdb72f6e8a47f759 SHA1 32267caa3e54cca0baf430afec3dd379493535f3 SHA256 d56f0f940aadf0857833474d2f24939724038b13f47a3a47c1db913f8053651d
+EBUILD mit-krb5-appl-1.0.2-r1.ebuild 1548 RMD160 54c4f489448e4e76b386fe1fe975f99873aa4589 SHA1 2a62ab46ad7af1960c803168abdeb53d1003e79b SHA256 1848d159fe3c93e4555d7e4bb310f71d4b6c949c99679114369411a5e883bcaf
 EBUILD mit-krb5-appl-1.0.2.ebuild 1484 RMD160 5707c5242ad71051cdd6849432601cf3dcf87867 SHA1 2e8d3625874a3f7ad0c4fc9e4970912401b37096 SHA256 62c1e26b5c39ab6408a9513226003a1327d88adca806414f42838ace195efb87
-MISC ChangeLog 2386 RMD160 1b38e24ad89787db37f96759540908315bca3464 SHA1 21e338fe2ca91ffc7682d3c37ffb44a200a98939 SHA256 2e65029bd3c6d46495b6f9a76d4960738fa12cbc264c41602ef2df1af7487b4c
+MISC ChangeLog 2562 RMD160 3850128c215f27f14f888b8115853e3be578d937 SHA1 4ae6f817816116721ccef40e968679c33cd6776c SHA256 c93687f729da2a7e211c12384fd26bee7e4886126cb7b428ba936df2a534b91d
 MISC metadata.xml 161 RMD160 d985cebdc76fcff9904d6ed365cce080bfc5c468 SHA1 64cc2a9dea22e8618348d9916a6288a894ded3f2 SHA256 24dcbc1b12d6ed52621a4edec3764c838cab1b32f5fc982ce0fe305822c562c7
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
+Version: GnuPG v2.0.18 (GNU/Linux)
 
-iQIcBAEBCAAGBQJOHXdQAAoJEHfx8XVYajsfQhQP+gJf4I3ZePE4c+/aC86hWVMp
-6a53T/hCB7el9Rleje4ohUnJIHhjvpN62K3ft24GIUrMjlJ39HkQA9yW+m03pUzp
-keh1y5Q01ftdjOh+5HG5yeL9BwOsCiQmMx5j6xkRExGf6xs14xah7j1I3Vk9377I
-NXyLA/wTOo1EWINMSmNbAdYaWTJPMEWAm7HT6ycD2wmDrpt5axQVTItF+KaOVcos
-rG5A0jpQ9AIzvqo0c8KNs4J7XDwYIMJzkz5nHE5nZOeWbLIh4B4F7X1j/l+Oa8Lg
-QSxzBLHFwDo0RhY1Srj9yKj8mubb0DnNPHQCs44PLRMOtASMk71HbkS9r8xckGqd
-ahgM++c5/GhiLKgyy7N/0lzabz+GUkwstVKRXoa1kdW28A3ePWPwVeWbJKVkYGV2
-7KToX/hkURNpinitx2z7zhK+MPam0Pf9U7g4b3/RPppFJ9Aavk9KPU+Gedc6CSI4
-Ml0eukLWQXBLScITeDPe0aSrBGHu8nONykjWSX6N4c9JXsjXqE6phPYrqzgSzKRl
-8guGYPvhIgCRmprgkBrxfjReTwlRzVd8bgRWQivpRdikTBjpoaFczQ5FAfpUP1gA
-6pigfDxwL55SLJ1hm6Jtq8Zibt6N5Quark1uRXzJs6tD9QyylhdvECQaRU5fZXCu
-Z9Z5CxSdqrB8fAPggFEB
-=ExNj
+iQIcBAEBCAAGBQJO+OmyAAoJEHfx8XVYajsfa6YQAJle6mJ783bIhj9BTvhtygSR
+fBvvlwiaWvr6x75YpGvLuzfngEX/V4oerCbgDGMK/qASXFzp0C9wJvEH/wfvKn4t
+YOZwF1jVxTwPNqBmoHNcckq3CAU+krLunhON9OIqTcopEMRFa7rnx+d8vF/viaZk
+ebzf6eMdJE3xWzY0wvB0Bz2p2Ibm3PrY/7tRkHQMqSkP83G8Ox0ZonYoCQAGMZQY
+Ei9s2XBIT2kwpKak8cwak7aF0KxNZVblQQQt4oKRrQ7yFBR+6nfXImRDZaUHL7+n
+u5F8EVuq1EKMRvq5eTpnm7UAZSNNHQHtWDoEgUhFJdE2XeVroza2RgN9dbKpRNon
+gvWUKQIqUod/6LP1BKu3/uQxVTj0UdO4uLQbhZRqxmLTSop0J2+pK3PA3PAaUrEV
+kqDK96YT79xn6UlTOMDC2MnAwCIDrphEZOufRmzvWQCTG70jqQYXP9mZaKowlG9+
+5y4sLg/QCcjX7eyJXcrBpYGtSFP40YeqivmwO/twseEGj+BdiHvI//v7tZbSIfO3
+8eIIOGAMCS8i7Hf+vjirDrwUfH3hDy3w3GWoCCHG30GA4X7cxxuCVnytNSw9onQi
+ffKZrWCZ+9byM3DKlLwz29HuHpfm7tkyXxXrJl1V/v6Y6sPApU1GjNzc8rMP+mq3
+z4LHMADJMlu1GGJP0Gzc
+=4ea4
 -----END PGP SIGNATURE-----
diff --git a/app-crypt/mit-krb5-appl/files/CVE-2011-4862.patch b/app-crypt/mit-krb5-appl/files/CVE-2011-4862.patch
new file mode 100644
index 000000000000..2199a2f1e016
--- /dev/null
+++ b/app-crypt/mit-krb5-appl/files/CVE-2011-4862.patch
@@ -0,0 +1,14 @@
+diff --git a/telnet/libtelnet/encrypt.c b/telnet/libtelnet/encrypt.c
+index f75317d..b8d6cdd 100644
+--- a/telnet/libtelnet/encrypt.c
++++ b/telnet/libtelnet/encrypt.c
+@@ -757,6 +757,9 @@ static void encrypt_keyid(kp, keyid, len)
+ 	int dir = kp->dir;
+ 	register int ret = 0;
+ 
++	if (len > MAXKEYLEN)
++		len = MAXKEYLEN;
++
+ 	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ 		if (len == 0)
+ 			return;
diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..20fa76601cb9
--- /dev/null
+++ b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild,v 1.1 2011/12/26 21:39:56 eras Exp $
+
+EAPI=4
+
+inherit flag-o-matic versionator eutils
+
+MY_P=${P/mit-}
+MAJOR_MINOR="$( get_version_component_range 1-2 )"
+DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+RDEPEND=">=app-crypt/mit-krb5-1.8.0"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/CVE-2011-4862.patch
+}
+
+src_configure() {
+	append-flags "-I/usr/include/et"
+	append-flags -fno-strict-aliasing
+	append-flags -fno-strict-overflow
+	econf
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	for i in {telnetd,ftpd} ; do
+	    mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \
+		|| die "mv failed (man)"
+	    mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed"
+	done
+
+	for i in {rcp,rlogin,rsh,telnet,ftp} ; do
+		mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \
+		|| die "mv failed (man)"
+		mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed"
+	done
+
+	rm "${D}"/usr/share/man/man1/tmac.doc
+	dodoc README
+}