security bump - bug #396137

(Portage version: 2.1.10.43/cvs/Linux x86_64)

3 files changed, 78 insertions, 1 deletions

diff --git a/app-crypt/mit-krb5-appl/ChangeLog b/app-crypt/mit-krb5-appl/ChangeLog
index 7cd6723c42fd..536346515f9d 100644
--- a/app-crypt/mit-krb5-appl/ChangeLog
+++ b/app-crypt/mit-krb5-appl/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/mit-krb5-appl
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.17 2011/07/13 10:45:22 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/ChangeLog,v 1.18 2011/12/26 21:39:56 eras Exp $
+
+*mit-krb5-appl-1.0.2-r1 (26 Dec 2011)
+
+  26 Dec 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-appl-1.0.2-r1.ebuild,
+  +files/CVE-2011-4862.patch:
+  security bump - bug #396137
 
 *mit-krb5-appl-1.0.2 (13 Jul 2011)
 
diff --git a/app-crypt/mit-krb5-appl/files/CVE-2011-4862.patch b/app-crypt/mit-krb5-appl/files/CVE-2011-4862.patch
new file mode 100644
index 000000000000..2199a2f1e016
--- /dev/null
+++ b/app-crypt/mit-krb5-appl/files/CVE-2011-4862.patch
@@ -0,0 +1,14 @@
+diff --git a/telnet/libtelnet/encrypt.c b/telnet/libtelnet/encrypt.c
+index f75317d..b8d6cdd 100644
+--- a/telnet/libtelnet/encrypt.c
++++ b/telnet/libtelnet/encrypt.c
+@@ -757,6 +757,9 @@ static void encrypt_keyid(kp, keyid, len)
+ 	int dir = kp->dir;
+ 	register int ret = 0;
+ 
++	if (len > MAXKEYLEN)
++		len = MAXKEYLEN;
++
+ 	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ 		if (len == 0)
+ 			return;
diff --git a/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..20fa76601cb9
--- /dev/null
+++ b/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5-appl/mit-krb5-appl-1.0.2-r1.ebuild,v 1.1 2011/12/26 21:39:56 eras Exp $
+
+EAPI=4
+
+inherit flag-o-matic versionator eutils
+
+MY_P=${P/mit-}
+MAJOR_MINOR="$( get_version_component_range 1-2 )"
+DESCRIPTION="Kerberized applications split from the main MIT Kerberos V distribution"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5-appl/${MAJOR_MINOR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+RDEPEND=">=app-crypt/mit-krb5-1.8.0"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/CVE-2011-4862.patch
+}
+
+src_configure() {
+	append-flags "-I/usr/include/et"
+	append-flags -fno-strict-aliasing
+	append-flags -fno-strict-overflow
+	econf
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	for i in {telnetd,ftpd} ; do
+	    mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 \
+		|| die "mv failed (man)"
+	    mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} || die "mv failed"
+	done
+
+	for i in {rcp,rlogin,rsh,telnet,ftp} ; do
+		mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 \
+		|| die "mv failed (man)"
+		mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} || die "mv failed"
+	done
+
+	rm "${D}"/usr/share/man/man1/tmac.doc
+	dodoc README
+}