From bb3c293a86c9ad9e1f80fb1a35fbf216e7b54b5f Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Mon, 11 Mar 2019 10:38:28 +0000 Subject: user/heimdal: move to legacy/ --- legacy/heimdal/005_all_heimdal-suid_fix.patch | 20 ++++ legacy/heimdal/APKBUILD | 125 ++++++++++++++++++++ legacy/heimdal/CVE-2017-17439.patch | 45 +++++++ legacy/heimdal/heimdal-kadmind.initd | 24 ++++ legacy/heimdal/heimdal-kdc.initd | 23 ++++ legacy/heimdal/heimdal-kpasswdd.initd | 24 ++++ legacy/heimdal/heimdal_missing-include.patch | 11 ++ .../only-build-libedit-when-necessary.patch | 21 ++++ user/heimdal/005_all_heimdal-suid_fix.patch | 20 ---- user/heimdal/APKBUILD | 131 --------------------- user/heimdal/CVE-2017-17439.patch | 45 ------- user/heimdal/heimdal-kadmind.initd | 24 ---- user/heimdal/heimdal-kdc.initd | 23 ---- user/heimdal/heimdal-kpasswdd.initd | 24 ---- user/heimdal/heimdal_missing-include.patch | 11 -- .../only-build-libedit-when-necessary.patch | 21 ---- 16 files changed, 293 insertions(+), 299 deletions(-) create mode 100644 legacy/heimdal/005_all_heimdal-suid_fix.patch create mode 100644 legacy/heimdal/APKBUILD create mode 100644 legacy/heimdal/CVE-2017-17439.patch create mode 100755 legacy/heimdal/heimdal-kadmind.initd create mode 100755 legacy/heimdal/heimdal-kdc.initd create mode 100755 legacy/heimdal/heimdal-kpasswdd.initd create mode 100644 legacy/heimdal/heimdal_missing-include.patch create mode 100644 legacy/heimdal/only-build-libedit-when-necessary.patch delete mode 100644 user/heimdal/005_all_heimdal-suid_fix.patch delete mode 100644 user/heimdal/APKBUILD delete mode 100644 user/heimdal/CVE-2017-17439.patch delete mode 100755 user/heimdal/heimdal-kadmind.initd delete mode 100755 user/heimdal/heimdal-kdc.initd delete mode 100755 user/heimdal/heimdal-kpasswdd.initd delete mode 100644 user/heimdal/heimdal_missing-include.patch delete mode 100644 user/heimdal/only-build-libedit-when-necessary.patch diff --git a/legacy/heimdal/005_all_heimdal-suid_fix.patch b/legacy/heimdal/005_all_heimdal-suid_fix.patch new file mode 100644 index 000000000..0524db61e --- /dev/null +++ b/legacy/heimdal/005_all_heimdal-suid_fix.patch @@ -0,0 +1,20 @@ +--- appl/su/Makefile.am 2005-06-16 18:27:46.000000000 +0200 ++++ b/appl/su/Makefile.am 2005-06-27 23:25:21.000000000 +0200 +@@ -7,6 +7,7 @@ + bin_PROGRAMS = su + bin_SUIDS = su + su_SOURCES = su.c supaths.h ++su_LDFLAGS = -Wl,-z,now + man_MANS = su.1 + + LDADD = $(LIB_kafs) \ +--- appl/otp/Makefile.am 2005-06-16 18:28:46.000000000 +0200 ++++ b/appl/otp/Makefile.am 2005-06-27 23:25:40.000000000 +0200 +@@ -8,6 +8,7 @@ + bin_SUIDS = otp + otp_SOURCES = otp.c otp_locl.h + otpprint_SOURCES = otpprint.c otp_locl.h ++otp_LDFLAGS = -Wl,-z,now + + man_MANS = otp.1 otpprint.1 + diff --git a/legacy/heimdal/APKBUILD b/legacy/heimdal/APKBUILD new file mode 100644 index 000000000..61f8da3e1 --- /dev/null +++ b/legacy/heimdal/APKBUILD @@ -0,0 +1,125 @@ +# Contributor: Natanael Copa +# Maintainer: +pkgname=heimdal +pkgver=7.5.0 +pkgrel=2 +pkgdesc="An implementation of Kerberos 5" +url="http://www.h5l.org/" +arch="all" +options="suid" +license="BSD-3-Clause AND BSD-2-Clause AND Public-Domain AND MIT" +depends="krb5-conf" +depends_dev="openssl-dev e2fsprogs-dev db-dev" +makedepends="$depends_dev autoconf automake bash libtool + ncurses-dev perl libedit-dev sqlite-dev texinfo perl-json" +subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc" +source="https://github.com/heimdal/heimdal/releases/download/heimdal-$pkgver/heimdal-$pkgver.tar.gz + heimdal-kadmind.initd + heimdal-kdc.initd + heimdal-kpasswdd.initd + + 005_all_heimdal-suid_fix.patch + heimdal_missing-include.patch + only-build-libedit-when-necessary.patch + " + +# secfixes: +# 7.4.0-r2: +# - CVE-2017-17439 +# 7.4.0-r0: +# - CVE-2017-11103 + +prepare() { + [ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1 + + default_prepare + sh ./autogen.sh +} + +build() { + export LDFLAGS="${LDFLAGS} -Wl,--as-needed" + export LIBS="-ldb" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --enable-shared=yes \ + --without-x \ + --with-berkeley-db \ + --with-libedit=/usr \ + --with-libedit-lib=/usr/lib \ + --with-sqlite3=/usr \ + --with-openssl=/usr + + # make sure we use system version + rm -r lib/sqlite lib/com_err + + # workarount a parallell build issue + make -C lib/asn1 der-protos.h der-private.h + make -C lib/kadm5 kadm5-protos.h kadm5-private.h kadm5_err.h + make -C lib/krb5 krb5-protos.h krb5-private.h krb5_err.h krb_err.h \ + heim_err.h k524_err.h + make -C lib/hx509 hx509-private.h hx509-protos.h + make +} + +check() { + make -j1 check +} + +package() { + make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \ + mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \ + localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install + + + install -m755 -D "$srcdir"/heimdal-kadmind.initd \ + "$pkgdir"/etc/init.d/heimdal-kadmind + install -m755 -D "$srcdir"/heimdal-kdc.initd \ + "$pkgdir"/etc/init.d/heimdal-kdc + install -m755 -D "$srcdir"/heimdal-kpasswdd.initd \ + "$pkgdir"/etc/init.d/heimdal-kpasswdd + + for i in 1 3 5 8; do + rm -rf "$pkgdir"/usr/share/man/cat$i + done + + # Remove conflicts + # e2fsprogs + rm -f "$pkgdir"/usr/bin/compile_et \ + "$pkgdir"/usr/share/man/man1/compile_et.1 + + # Compress info pages + for page in heimdal hx509; do + gzip -9 "$pkgdir"/usr/share/info/${page}.info + done + + # Install the license + install -d "$pkgdir"/usr/share/licenses/$pkgname + install -D -m644 "$builddir"/LICENSE \ + "$pkgdir"/usr/share/licenses/$pkgname/ +} + +libs() { + pkgdesc="Heimdal libraries" + replaces="heimdal" + depends="krb5-conf" + mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin + mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ + mv "$pkgdir"/usr/bin/string2key \ + "$pkgdir"/usr/bin/verify_krb5_conf \ + "$subpkgdir"/usr/bin/ + mv "$pkgdir"/usr/sbin/kdigest \ + "$pkgdir"/usr/sbin/digest-service \ + "$subpkgdir"/usr/sbin/ + +} + +sha512sums="6d1ad77e795df786680b5e68e2bfefee27bd0207eab507295d7af7053135de9c9ebb517d2c0235bc3a7d50945e18044515f0d76c0899b6b74aa839f1f3e5b131 heimdal-7.5.0.tar.gz +0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd heimdal-kadmind.initd +4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9 heimdal-kdc.initd +abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09b0e8d1384e037c3cff6525e11def0122c35c32eebd0d196f heimdal-kpasswdd.initd +2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56 005_all_heimdal-suid_fix.patch +e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1 heimdal_missing-include.patch +d1c50b0a656f15afeae78ce0ace0f9adceea028e118f3952a724d23c63bba7d5c9a50980de16c7606a93769c0aa48ce3b932e8a64f5d7a2127d31d2f39e9688d only-build-libedit-when-necessary.patch" diff --git a/legacy/heimdal/CVE-2017-17439.patch b/legacy/heimdal/CVE-2017-17439.patch new file mode 100644 index 000000000..8c3273971 --- /dev/null +++ b/legacy/heimdal/CVE-2017-17439.patch @@ -0,0 +1,45 @@ +From 749d377fa357351a7bbba51f8aae72cdf0629592 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Tue, 5 Dec 2017 18:49:50 -0500 +Subject: [PATCH] Security: Avoid NULL structure pointer member dereference + +This can happen in the error path when processing malformed AS +requests with a NULL client name. Bug originally introduced on +Fri Feb 13 09:26:01 2015 +0100 in commit: + + a873e21d7c06f22943a90a41dc733ae76799390d + + kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext() + +Original patch by Jeffrey Altman + +(cherry picked from commit 1a6a6e462dc2ac6111f9e02c6852ddec4849b887) +--- + kdc/kerberos5.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c +index 95a74927f7..675b406b82 100644 +--- a/kdc/kerberos5.c ++++ b/kdc/kerberos5.c +@@ -2226,15 +2226,17 @@ _kdc_as_rep(kdc_request_t r, + /* + * In case of a non proxy error, build an error message. + */ +- if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { ++ if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { + ret = _kdc_fast_mk_error(context, r, + &error_method, + r->armor_crypto, + &req->req_body, + ret, r->e_text, + r->server_princ, +- &r->client_princ->name, +- &r->client_princ->realm, ++ r->client_princ ? ++ &r->client_princ->name : NULL, ++ r->client_princ ? ++ &r->client_princ->realm : NULL, + NULL, NULL, + reply); + if (ret) diff --git a/legacy/heimdal/heimdal-kadmind.initd b/legacy/heimdal/heimdal-kadmind.initd new file mode 100755 index 000000000..73f23815c --- /dev/null +++ b/legacy/heimdal/heimdal-kadmind.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kadmind,v 1.3 2004/09/13 22:44:54 solar Exp $ + +depend() { + need net + use heimdal-kdc + after logger +} + +start() { + ebegin "Starting heimdal kadmind" + /usr/sbin/kadmind & + echo $! > /var/run/heimdal-kadmind.pid + eend $? +} + +stop() { + ebegin "Stopping heimdal kadmind" + start-stop-daemon --stop --quiet --exec \ + /usr/sbin/kadmind + eend $? +} diff --git a/legacy/heimdal/heimdal-kdc.initd b/legacy/heimdal/heimdal-kdc.initd new file mode 100755 index 000000000..32288c4e7 --- /dev/null +++ b/legacy/heimdal/heimdal-kdc.initd @@ -0,0 +1,23 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kdc,v 1.2 2004/09/13 15:40:34 dragonheart Exp $ + +depend() { + need net + after logger +} + +start() { + ebegin "Starting heimdal kdc" + start-stop-daemon --start --quiet --exec \ + /usr/sbin/kdc -- --detach + eend $? +} + +stop() { + ebegin "Stopping heimdal kdc" + start-stop-daemon --stop --quiet --exec \ + /usr/sbin/kdc + eend $? +} diff --git a/legacy/heimdal/heimdal-kpasswdd.initd b/legacy/heimdal/heimdal-kpasswdd.initd new file mode 100755 index 000000000..5fc21e0dc --- /dev/null +++ b/legacy/heimdal/heimdal-kpasswdd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kpasswdd,v 1.3 2004/09/13 22:44:54 solar Exp $ + +depend() { + need net + use heimdal-kdc + after logger +} + +start() { + ebegin "Starting heimdal kpasswdd" + start-stop-daemon --background --start --quiet --exec \ + /usr/sbin/kpasswdd + eend $? +} + +stop() { + ebegin "Stopping heimdal kpasswdd" + start-stop-daemon --stop --quiet --exec \ + /usr/sbin/kpasswdd + eend $? +} diff --git a/legacy/heimdal/heimdal_missing-include.patch b/legacy/heimdal/heimdal_missing-include.patch new file mode 100644 index 000000000..8cca906a7 --- /dev/null +++ b/legacy/heimdal/heimdal_missing-include.patch @@ -0,0 +1,11 @@ +--- lib/base/test_base.c 2011-09-30 15:58:45.000000000 +0300 ++++ b/lib/base/test_base.c 2011-12-27 23:04:50.482955923 +0200 +@@ -39,6 +39,8 @@ + #include "heimbase.h" + #include "heimbasepriv.h" + ++#include ++ + static void + memory_free(heim_object_t obj) + { diff --git a/legacy/heimdal/only-build-libedit-when-necessary.patch b/legacy/heimdal/only-build-libedit-when-necessary.patch new file mode 100644 index 000000000..105c7019d --- /dev/null +++ b/legacy/heimdal/only-build-libedit-when-necessary.patch @@ -0,0 +1,21 @@ +--- heimdal-7.5.0/configure.ac.old 2017-12-08 01:36:46.000000000 -0600 ++++ heimdal-7.5.0/configure.ac 2018-07-04 18:50:45.720000000 -0500 +@@ -309,8 +309,6 @@ + #endif + ],-ledit,,, READLINE,, [readline.h readline/readline.h editline/readline.h]) + +-AC_CONFIG_SUBDIRS([lib/libedit]) +- + KRB_C_BIGENDIAN + AC_C_INLINE + +--- heimdal-7.5.0/cf/krb-readline.m4.old 2016-12-20 08:23:06.000000000 -0600 ++++ heimdal-7.5.0/cf/krb-readline.m4 2018-07-04 18:50:04.140000000 -0500 +@@ -19,6 +19,7 @@ + : + else + build_libedit=yes ++ AC_CONFIG_SUBDIRS([lib/libedit]) + LIB_readline="\$(top_builddir)/lib/libedit/src/libheimedit.la \$(LIB_tgetent)" + fi + AM_CONDITIONAL(LIBEDIT, test "$build_libedit" = yes) diff --git a/user/heimdal/005_all_heimdal-suid_fix.patch b/user/heimdal/005_all_heimdal-suid_fix.patch deleted file mode 100644 index 0524db61e..000000000 --- a/user/heimdal/005_all_heimdal-suid_fix.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- appl/su/Makefile.am 2005-06-16 18:27:46.000000000 +0200 -+++ b/appl/su/Makefile.am 2005-06-27 23:25:21.000000000 +0200 -@@ -7,6 +7,7 @@ - bin_PROGRAMS = su - bin_SUIDS = su - su_SOURCES = su.c supaths.h -+su_LDFLAGS = -Wl,-z,now - man_MANS = su.1 - - LDADD = $(LIB_kafs) \ ---- appl/otp/Makefile.am 2005-06-16 18:28:46.000000000 +0200 -+++ b/appl/otp/Makefile.am 2005-06-27 23:25:40.000000000 +0200 -@@ -8,6 +8,7 @@ - bin_SUIDS = otp - otp_SOURCES = otp.c otp_locl.h - otpprint_SOURCES = otpprint.c otp_locl.h -+otp_LDFLAGS = -Wl,-z,now - - man_MANS = otp.1 otpprint.1 - diff --git a/user/heimdal/APKBUILD b/user/heimdal/APKBUILD deleted file mode 100644 index f8cb57211..000000000 --- a/user/heimdal/APKBUILD +++ /dev/null @@ -1,131 +0,0 @@ -# Contributor: Natanael Copa -# Maintainer: -pkgname=heimdal -pkgver=7.5.0 -pkgrel=2 -pkgdesc="An implementation of Kerberos 5" -url="http://www.h5l.org/" -arch="all" -options="suid" -license="BSD-3-Clause AND BSD-2-Clause AND Public-Domain AND MIT" -depends="krb5-conf" -depends_dev="openssl-dev e2fsprogs-dev db-dev" -makedepends="$depends_dev autoconf automake bash libtool - ncurses-dev perl libedit-dev sqlite-dev texinfo perl-json" -install= -subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc" -source="https://github.com/heimdal/heimdal/releases/download/heimdal-$pkgver/heimdal-$pkgver.tar.gz - heimdal-kadmind.initd - heimdal-kdc.initd - heimdal-kpasswdd.initd - - 005_all_heimdal-suid_fix.patch - heimdal_missing-include.patch - only-build-libedit-when-necessary.patch - " - -# secfixes: -# 7.4.0-r2: -# - CVE-2017-17439 -# 7.4.0-r0: -# - CVE-2017-11103 - -prepare() { - [ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1 - - cd "$builddir" - default_prepare - - sh ./autogen.sh -} - -build() { - cd "$builddir" - export LDFLAGS="${LDFLAGS} -Wl,--as-needed" - export LIBS="-ldb" - - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --enable-shared=yes \ - --without-x \ - --with-berkeley-db \ - --with-libedit=/usr \ - --with-libedit-lib=/usr/lib \ - --with-sqlite3=/usr \ - --without-openssl - - # make sure we use system version - rm -r lib/sqlite lib/com_err - - # workarount a parallell build issue - make -C lib/asn1 der-protos.h der-private.h - make -C lib/kadm5 kadm5-protos.h kadm5-private.h kadm5_err.h - make -C lib/krb5 krb5-protos.h krb5-private.h krb5_err.h krb_err.h \ - heim_err.h k524_err.h - make -C lib/hx509 hx509-private.h hx509-protos.h - make -} - -check() { - cd "$builddir" - make -j1 check -} - -package() { - cd "$builddir" - make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \ - mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \ - localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install - - - install -m755 -D "$srcdir"/heimdal-kadmind.initd \ - "$pkgdir"/etc/init.d/heimdal-kadmind - install -m755 -D "$srcdir"/heimdal-kdc.initd \ - "$pkgdir"/etc/init.d/heimdal-kdc - install -m755 -D "$srcdir"/heimdal-kpasswdd.initd \ - "$pkgdir"/etc/init.d/heimdal-kpasswdd - - for i in 1 3 5 8; do - rm -rf "$pkgdir"/usr/share/man/cat$i - done - - # Remove conflicts - # e2fsprogs - rm -f "$pkgdir"/usr/bin/compile_et \ - "$pkgdir"/usr/share/man/man1/compile_et.1 - - # Compress info pages - for page in heimdal hx509; do - gzip -9 "$pkgdir"/usr/share/info/${page}.info - done - - # Install the license - install -d "$pkgdir"/usr/share/licenses/$pkgname - install -D -m644 "$builddir"/LICENSE \ - "$pkgdir"/usr/share/licenses/$pkgname/ -} - -libs() { - pkgdesc="Heimdal libraries" - replaces="heimdal" - depends="krb5-conf" - mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin - mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ - mv "$pkgdir"/usr/bin/string2key \ - "$pkgdir"/usr/bin/verify_krb5_conf \ - "$subpkgdir"/usr/bin/ - mv "$pkgdir"/usr/sbin/kdigest \ - "$pkgdir"/usr/sbin/digest-service \ - "$subpkgdir"/usr/sbin/ - -} - -sha512sums="6d1ad77e795df786680b5e68e2bfefee27bd0207eab507295d7af7053135de9c9ebb517d2c0235bc3a7d50945e18044515f0d76c0899b6b74aa839f1f3e5b131 heimdal-7.5.0.tar.gz -0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd heimdal-kadmind.initd -4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9 heimdal-kdc.initd -abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09b0e8d1384e037c3cff6525e11def0122c35c32eebd0d196f heimdal-kpasswdd.initd -2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56 005_all_heimdal-suid_fix.patch -e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1 heimdal_missing-include.patch -d1c50b0a656f15afeae78ce0ace0f9adceea028e118f3952a724d23c63bba7d5c9a50980de16c7606a93769c0aa48ce3b932e8a64f5d7a2127d31d2f39e9688d only-build-libedit-when-necessary.patch" diff --git a/user/heimdal/CVE-2017-17439.patch b/user/heimdal/CVE-2017-17439.patch deleted file mode 100644 index 8c3273971..000000000 --- a/user/heimdal/CVE-2017-17439.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 749d377fa357351a7bbba51f8aae72cdf0629592 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni -Date: Tue, 5 Dec 2017 18:49:50 -0500 -Subject: [PATCH] Security: Avoid NULL structure pointer member dereference - -This can happen in the error path when processing malformed AS -requests with a NULL client name. Bug originally introduced on -Fri Feb 13 09:26:01 2015 +0100 in commit: - - a873e21d7c06f22943a90a41dc733ae76799390d - - kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext() - -Original patch by Jeffrey Altman - -(cherry picked from commit 1a6a6e462dc2ac6111f9e02c6852ddec4849b887) ---- - kdc/kerberos5.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c -index 95a74927f7..675b406b82 100644 ---- a/kdc/kerberos5.c -+++ b/kdc/kerberos5.c -@@ -2226,15 +2226,17 @@ _kdc_as_rep(kdc_request_t r, - /* - * In case of a non proxy error, build an error message. - */ -- if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { -+ if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { - ret = _kdc_fast_mk_error(context, r, - &error_method, - r->armor_crypto, - &req->req_body, - ret, r->e_text, - r->server_princ, -- &r->client_princ->name, -- &r->client_princ->realm, -+ r->client_princ ? -+ &r->client_princ->name : NULL, -+ r->client_princ ? -+ &r->client_princ->realm : NULL, - NULL, NULL, - reply); - if (ret) diff --git a/user/heimdal/heimdal-kadmind.initd b/user/heimdal/heimdal-kadmind.initd deleted file mode 100755 index 73f23815c..000000000 --- a/user/heimdal/heimdal-kadmind.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kadmind,v 1.3 2004/09/13 22:44:54 solar Exp $ - -depend() { - need net - use heimdal-kdc - after logger -} - -start() { - ebegin "Starting heimdal kadmind" - /usr/sbin/kadmind & - echo $! > /var/run/heimdal-kadmind.pid - eend $? -} - -stop() { - ebegin "Stopping heimdal kadmind" - start-stop-daemon --stop --quiet --exec \ - /usr/sbin/kadmind - eend $? -} diff --git a/user/heimdal/heimdal-kdc.initd b/user/heimdal/heimdal-kdc.initd deleted file mode 100755 index 32288c4e7..000000000 --- a/user/heimdal/heimdal-kdc.initd +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kdc,v 1.2 2004/09/13 15:40:34 dragonheart Exp $ - -depend() { - need net - after logger -} - -start() { - ebegin "Starting heimdal kdc" - start-stop-daemon --start --quiet --exec \ - /usr/sbin/kdc -- --detach - eend $? -} - -stop() { - ebegin "Stopping heimdal kdc" - start-stop-daemon --stop --quiet --exec \ - /usr/sbin/kdc - eend $? -} diff --git a/user/heimdal/heimdal-kpasswdd.initd b/user/heimdal/heimdal-kpasswdd.initd deleted file mode 100755 index 5fc21e0dc..000000000 --- a/user/heimdal/heimdal-kpasswdd.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kpasswdd,v 1.3 2004/09/13 22:44:54 solar Exp $ - -depend() { - need net - use heimdal-kdc - after logger -} - -start() { - ebegin "Starting heimdal kpasswdd" - start-stop-daemon --background --start --quiet --exec \ - /usr/sbin/kpasswdd - eend $? -} - -stop() { - ebegin "Stopping heimdal kpasswdd" - start-stop-daemon --stop --quiet --exec \ - /usr/sbin/kpasswdd - eend $? -} diff --git a/user/heimdal/heimdal_missing-include.patch b/user/heimdal/heimdal_missing-include.patch deleted file mode 100644 index 8cca906a7..000000000 --- a/user/heimdal/heimdal_missing-include.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/base/test_base.c 2011-09-30 15:58:45.000000000 +0300 -+++ b/lib/base/test_base.c 2011-12-27 23:04:50.482955923 +0200 -@@ -39,6 +39,8 @@ - #include "heimbase.h" - #include "heimbasepriv.h" - -+#include -+ - static void - memory_free(heim_object_t obj) - { diff --git a/user/heimdal/only-build-libedit-when-necessary.patch b/user/heimdal/only-build-libedit-when-necessary.patch deleted file mode 100644 index 105c7019d..000000000 --- a/user/heimdal/only-build-libedit-when-necessary.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- heimdal-7.5.0/configure.ac.old 2017-12-08 01:36:46.000000000 -0600 -+++ heimdal-7.5.0/configure.ac 2018-07-04 18:50:45.720000000 -0500 -@@ -309,8 +309,6 @@ - #endif - ],-ledit,,, READLINE,, [readline.h readline/readline.h editline/readline.h]) - --AC_CONFIG_SUBDIRS([lib/libedit]) -- - KRB_C_BIGENDIAN - AC_C_INLINE - ---- heimdal-7.5.0/cf/krb-readline.m4.old 2016-12-20 08:23:06.000000000 -0600 -+++ heimdal-7.5.0/cf/krb-readline.m4 2018-07-04 18:50:04.140000000 -0500 -@@ -19,6 +19,7 @@ - : - else - build_libedit=yes -+ AC_CONFIG_SUBDIRS([lib/libedit]) - LIB_readline="\$(top_builddir)/lib/libedit/src/libheimedit.la \$(LIB_tgetent)" - fi - AM_CONDITIONAL(LIBEDIT, test "$build_libedit" = yes) -- cgit v1.2.3-60-g2f50