diff -u libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list --- libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list +++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list @@ -2,0 +3,2 @@ +03_cve-2006-5989 +04_remove_bashism diff -u libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog --- libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog +++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog @@ -1,3 +1,14 @@ +libapache-mod-auth-kerb (4.996-5.0-rc6-3ubuntu0.6.10) edgy-security; urgency=high + + * SECURITY UPDATE: Off-by-one error in the der_get_oid function + * debian/patches/03_cve-2006-5989.dpatch: patch extracted from DSA-1247-1 + * debian/patches/04_remove_bashism.dpatch: remove bashism in Makefile + (fixes FTBFS) + * References: + CVE 2006-5989 + + -- Michael Bienia Fri, 19 Jan 2007 17:34:37 +0100 + libapache-mod-auth-kerb (4.996-5.0-rc6-3) unstable; urgency=low * Fix: GSSAPI fails with "Request is a replay" under krb5 1.4.3. --- libapache-mod-auth-kerb-4.996-5.0-rc6.orig/debian/patches/03_cve-2006-5989.dpatch +++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/03_cve-2006-5989.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_cve-2006-5989.dpatch by Michael Bienia +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad libapache-mod-auth-kerb-4.996-5.0-rc6~/spnegokrb5/der_get.c libapache-mod-auth-kerb-4.996-5.0-rc6/spnegokrb5/der_get.c +--- libapache-mod-auth-kerb-4.996-5.0-rc6~/spnegokrb5/der_get.c 2003-09-05 10:54:08.000000000 +0200 ++++ libapache-mod-auth-kerb-4.996-5.0-rc6/spnegokrb5/der_get.c 2007-01-19 14:22:06.000000000 +0100 +@@ -151,7 +151,7 @@ + if (len < 1) + return ASN1_OVERRUN; + +- data->components = malloc(len * sizeof(*data->components)); ++ data->components = malloc((len + 1) * sizeof(*data->components)); + if (data->components == NULL && len != 0) + return ENOMEM; + data->components[0] = (*p) / 40; --- libapache-mod-auth-kerb-4.996-5.0-rc6.orig/debian/patches/04_remove_bashism.dpatch +++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/04_remove_bashism.dpatch @@ -0,0 +1,45 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_remove_bashism.dpatch by Michael Bienia +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad libapache-mod-auth-kerb-4.996-5.0-rc6~/Makefile libapache-mod-auth-kerb-4.996-5.0-rc6/Makefile +--- libapache-mod-auth-kerb-4.996-5.0-rc6~/Makefile 2007-01-19 17:28:09.000000000 +0100 ++++ libapache-mod-auth-kerb-4.996-5.0-rc6/Makefile 2007-01-19 17:29:37.000000000 +0100 +@@ -20,8 +20,14 @@ + + clean: + for i in . src spnegokrb5; do \ +- $(RM) $$i/*.{o,so,a,la,lo,slo} core; \ ++ $(RM) $$i/*.o; \ ++ $(RM) $$i/*.so; \ ++ $(RM) $$i/*.a; \ ++ $(RM) $$i/*.la; \ ++ $(RM) $$i/*.lo; \ ++ $(RM) $$i/*.slo; \ + done ++ $(RM) core + + distclean: clean + $(RM) config.h config.status Makefile config.log +diff -urNad libapache-mod-auth-kerb-4.996-5.0-rc6~/Makefile.in libapache-mod-auth-kerb-4.996-5.0-rc6/Makefile.in +--- libapache-mod-auth-kerb-4.996-5.0-rc6~/Makefile.in 2004-07-05 22:47:42.000000000 +0200 ++++ libapache-mod-auth-kerb-4.996-5.0-rc6/Makefile.in 2007-01-19 17:30:38.000000000 +0100 +@@ -20,8 +20,14 @@ + + clean: + for i in . src spnegokrb5; do \ +- $(RM) $$i/*.{o,so,a,la,lo,slo} core; \ ++ $(RM) $$i/*.o; \ ++ $(RM) $$i/*.so; \ ++ $(RM) $$i/*.a; \ ++ $(RM) $$i/*.la; \ ++ $(RM) $$i/*.lo; \ ++ $(RM) $$i/*.slo; \ + done ++ $(RM) core + + distclean: clean + $(RM) config.h config.status Makefile config.log