summaryrefslogtreecommitdiff
path: root/security/krb5-122
diff options
context:
space:
mode:
Diffstat (limited to 'security/krb5-122')
-rw-r--r--security/krb5-122/Makefile3
-rw-r--r--security/krb5-122/distinfo6
-rw-r--r--security/krb5-122/files/patch-lib_gssapi_krb5_util__crypt.c22
-rw-r--r--security/krb5-122/files/patch-lib_gssapi_krb5_verify__mic.c27
-rw-r--r--security/krb5-122/files/patch-tests_gssapi_t__invalid.c45
5 files changed, 4 insertions, 99 deletions
diff --git a/security/krb5-122/Makefile b/security/krb5-122/Makefile
index 1d79f5620b68..de7531fc483a 100644
--- a/security/krb5-122/Makefile
+++ b/security/krb5-122/Makefile
@@ -1,6 +1,5 @@
PORTNAME= krb5
-PORTVERSION= 1.22
-PORTREVISION= 1
+PORTVERSION= 1.22.1
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
.if !defined(MASTERDIR)
diff --git a/security/krb5-122/distinfo b/security/krb5-122/distinfo
index fba29315a391..63cbfb3d57cb 100644
--- a/security/krb5-122/distinfo
+++ b/security/krb5-122/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1754462805
-SHA256 (krb5-1.22.tar.gz) = 652be617b4647f3c5dcac21547d47c7097101aad4e306f1778fb48e17b220ba3
-SIZE (krb5-1.22.tar.gz) = 8749616
+TIMESTAMP = 1755752451
+SHA256 (krb5-1.22.1.tar.gz) = 1a8832b8cad923ebbf1394f67e2efcf41e3a49f460285a66e35adec8fa0053af
+SIZE (krb5-1.22.1.tar.gz) = 8747101
diff --git a/security/krb5-122/files/patch-lib_gssapi_krb5_util__crypt.c b/security/krb5-122/files/patch-lib_gssapi_krb5_util__crypt.c
deleted file mode 100644
index 0a97d39c347a..000000000000
--- a/security/krb5-122/files/patch-lib_gssapi_krb5_util__crypt.c
+++ /dev/null
@@ -1,22 +0,0 @@
---- lib/gssapi/krb5/util_crypt.c.orig 2025-08-05 14:15:15 UTC
-+++ lib/gssapi/krb5/util_crypt.c
-@@ -322,12 +322,16 @@ kg_verify_checksum_v3(krb5_context context, krb5_key k
- uint8_t ckhdr[16];
- krb5_boolean valid;
-
-- /* Compose an RFC 4121 token header with EC and RRC set to 0. */
-+ /*
-+ * Compose an RFC 4121 token header for the checksum. For a wrap token,
-+ * the EC and RRC fields have the value 0 for the checksum operation,
-+ * regardless of their values in the actual token (RFC 4121 section 4.2.4).
-+ * For a MIC token, the corresponding four bytes have the value 0xFF.
-+ */
- store_16_be(toktype, ckhdr);
- ckhdr[2] = flags;
- ckhdr[3] = 0xFF;
-- store_16_be(0, ckhdr + 4);
-- store_16_be(0, ckhdr + 6);
-+ store_32_be((toktype == KG2_TOK_MIC_MSG) ? 0xFFFFFFFF : 0, ckhdr + 4);
- store_64_be(seqnum, ckhdr + 8);
-
- /* Verify the checksum over the data and composed header. */
diff --git a/security/krb5-122/files/patch-lib_gssapi_krb5_verify__mic.c b/security/krb5-122/files/patch-lib_gssapi_krb5_verify__mic.c
deleted file mode 100644
index 7afb9ea4ae34..000000000000
--- a/security/krb5-122/files/patch-lib_gssapi_krb5_verify__mic.c
+++ /dev/null
@@ -1,27 +0,0 @@
---- lib/gssapi/krb5/verify_mic.c.orig 2025-08-05 14:15:15 UTC
-+++ lib/gssapi/krb5/verify_mic.c
-@@ -90,7 +90,6 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_s
- krb5_gss_ctx_id_rec *ctx, struct k5input *in,
- gss_buffer_t message)
- {
-- OM_uint32 status;
- krb5_keyusage usage;
- krb5_key key;
- krb5_cksumtype cksumtype;
-@@ -124,12 +123,10 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_s
- }
- assert(key != NULL);
-
-- status = kg_verify_checksum_v3(context, key, usage, cksumtype,
-- KG2_TOK_MIC_MSG, flags, seqnum,
-- message->value, message->length,
-- in->ptr, in->len);
-- if (status != GSS_S_COMPLETE)
-- return status;
-+ if (!kg_verify_checksum_v3(context, key, usage, cksumtype, KG2_TOK_MIC_MSG,
-+ flags, seqnum, message->value, message->length,
-+ in->ptr, in->len))
-+ return GSS_S_BAD_SIG;
-
- return g_seqstate_check(ctx->seqstate, seqnum);
- }
diff --git a/security/krb5-122/files/patch-tests_gssapi_t__invalid.c b/security/krb5-122/files/patch-tests_gssapi_t__invalid.c
deleted file mode 100644
index 736d335ea4e3..000000000000
--- a/security/krb5-122/files/patch-tests_gssapi_t__invalid.c
+++ /dev/null
@@ -1,45 +0,0 @@
---- tests/gssapi/t_invalid.c.orig 2025-08-05 14:15:15 UTC
-+++ tests/gssapi/t_invalid.c
-@@ -397,6 +397,34 @@ test_iov_large_asn1_wrapper(gss_ctx_id_t ctx)
- free(iov[0].buffer.value);
- }
-
-+static void
-+test_cfx_verify_mic(gss_ctx_id_t ctx)
-+{
-+ OM_uint32 major, minor;
-+ gss_buffer_desc message, token;
-+ uint8_t msg[] = "message";
-+ uint8_t mic[] = "\x04\x04\x00\xFF\xFF\xFF\xFF\xFF"
-+ "\x00\x00\x00\x00\x00\x00\x00\x00\x97\xE9\x63\x3F\x9D\x82\x2B\x74"
-+ "\x67\x94\x8A\xD0";
-+ size_t i;
-+
-+ message.value = msg;
-+ message.length = sizeof(msg) - 1;
-+ token.value = mic;
-+ token.length = sizeof(mic) - 1;
-+
-+ major = gss_verify_mic(&minor, ctx, &message, &token, NULL);
-+ check_gsserr("gss_verify_mic", major, minor);
-+
-+ for (i = 0; i < token.length; i++) {
-+ mic[i]++;
-+ major = gss_verify_mic(&minor, ctx, &message, &token, NULL);
-+ if (major != GSS_S_DEFECTIVE_TOKEN && major != GSS_S_BAD_SIG)
-+ abort();
-+ mic[i]--;
-+ }
-+}
-+
- /* Process wrap and MIC tokens with incomplete headers. */
- static void
- test_short_header(gss_ctx_id_t ctx)
-@@ -598,6 +626,7 @@ main(int argc, char **argv)
- test_cfx_short_plaintext(ctx, cfx_subkey);
- test_cfx_large_ec(ctx, cfx_subkey);
- test_iov_large_asn1_wrapper(ctx);
-+ test_cfx_verify_mic(ctx);
- free_fake_context(ctx);
-
- for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-31 10:31:58 +0000