Up to [cvs.NetBSD.org] / pkgsrc / security / cy2-ntlm
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: bump for openssl 3
cyrus-sasl: update to 2.1.28 New in 2.1.28 build: configure - Restore LIBS after checking gss_inquire_sec_context_by_oid makemd5.c - Fix potential out of bound writes fix build with –disable-shared –enable-static Dozens of fixes for Windows specific builds Fix cross platform builds with SPNEGO Do not try to build broken java subtree Fix build error with –enable-auth-sasldb common: plugin_common.c: Ensure size is always checked if called repeatedly (#617) documentation: Fixed generation of saslauthd(8) man page Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373) Updates for additional SCRAM mechanisms Fix sasl_decode64 and sasl_encode64 man pages Tons of fixes for Sphinx include: sasl.h: Allow up to 16 bits for security flags lib: checkpw.c: Skip one call to strcat Disable auxprop-hashed (#374) client.c: Use proper length for fully qualified domain names common.c: CVE-2019-19906 Fix off by one error (#587) external.c: fix EXTERNAL with non-terminated input (#689) saslutil.c: fix index_64 to be a signed char (#619) plugins: gssapi.c: Emit debug log only in case of errors ntlm.c: Fail compile if MD4 is not available (#632) sql.c: Finish reading residual return data (#639) CVE-2022-24407 Escape password for SQL insert/update commands. sasldb: db_gdbm.c: fix gdbm_errno overlay from gdbm_close DIGEST-MD5 plugin: Prevent double free of RC4 context Use OpenSSL RC4 implementation if available SCRAM plugin: Return BADAUTH on incorrect password (#545) Add -224, -384, -512 (#552) Remove SCRAM_HASH_SIZE Add function to return SCRAM auth method name Allocate enough memory in scam_setpass() Add function to sort SCRAM methods by hash strength Update windows build for newer SCRAM options saslauthd: auth_httpform.c: Avoid signed overflow with non-ascii characters (#576) auth_krb5.c: support setting an explicit auth_krb5 server name support setting an explicit servername with Heimdal unify the MIT and Heimdal auth_krb5 implementations Remove call to krbtf auth_rimap.c: provide native memmem implementation if missing lak.c: Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification) lak.h: Increase supported DN length to 4096 (#626)
*: Recursive revision bump for openssl 1.1.1.
Removed commented-out PKGREVISIONs
upgrade to 2.1.27-rc7 so that we can use it with openssl-1.1
Pullup ticket #5381 - requested by sevan security/cyrus-sasl: build fix Revisions pulled up: - security/cy2-anonymous/Makefile 1.10 - security/cy2-crammd5/Makefile 1.10 - security/cy2-digestmd5/Makefile 1.20 - security/cy2-gssapi/Makefile 1.26 - security/cy2-ldapdb/Makefile 1.12 - security/cy2-login/Makefile 1.17 - security/cy2-ntlm/Makefile 1.28 - security/cy2-otp/Makefile 1.21 - security/cy2-plain/Makefile 1.10 - security/cy2-scram/Makefile 1.8 - security/cy2-sql/Makefile 1.34 - security/cyrus-sasl/Makefile 1.72 - security/cyrus-sasl/Makefile.common 1.26 - security/cyrus-saslauthd/Makefile 1.52 --- Module Name: pkgsrc Committed By: jperkin Date: Thu Apr 27 13:56:47 UTC 2017 Modified Files: pkgsrc/security/cy2-anonymous: Makefile pkgsrc/security/cy2-crammd5: Makefile pkgsrc/security/cy2-digestmd5: Makefile pkgsrc/security/cy2-gssapi: Makefile pkgsrc/security/cy2-ldapdb: Makefile pkgsrc/security/cy2-login: Makefile pkgsrc/security/cy2-ntlm: Makefile pkgsrc/security/cy2-otp: Makefile pkgsrc/security/cy2-plain: Makefile pkgsrc/security/cy2-scram: Makefile pkgsrc/security/cy2-sql: Makefile pkgsrc/security/cyrus-sasl: Makefile Makefile.common pkgsrc/security/cyrus-saslauthd: Makefile Log Message: Fix to use PKG_SYSCONFDIR. Bump PKGREVISION for all packages using the shared Makefile.common.
Fix to use PKG_SYSCONFDIR. Bump PKGREVISION for all packages using the shared Makefile.common.
Bump PKGREVISION for security/openssl ABI bump.
Recursive PKGREVISION bump for OpenSSL API version bump.
'You can use "foo" instead of "${WRKSRC}/foo".'
PKGREVISION bumps for the security/openssl 1.0.1d update.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Update cyrus-sasl to 2.1.25. Take maintainership. New in 2.1.25 ------------- * Make sure that a failed authorization doesn't preclude further server-side SASL authentication attempts from working. * Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. * (Windows) Fixed the random number generator to actually produce random output on each run. * Be protective against calling sasl_server_step once authentication has failed (multiple SASL plugins) * Fixed several bugs in the mech_avail callback handling in the server side code. * Added support for channel bindings * Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. * server_idle needs to obey server's SASL mechanism list from the server context. * Better server plugin API mismatch reporting * Build: - Updated config to the latest GNU snapshot - Fixed SASL's libtool MacOS/X 64-bit file magic * New SASL plugin: SCRAM * New SASL plugin: GS2 * DIGEST-MD5 plugin: - Allow DIGEST-MD5 plugin to be used for client-side and server-side HTTP Digest, including running over non-persistent connections (RFC 2617) - Use the same username for reauthentication cache lookup and update - Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. - Updated digestmd5_server_mech_step2() to be more defensive against empty client input. - Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. - Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. - Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. * GSSAPI plugin: - Fix to build GSSAPI with Heimdal - Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. - Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. * LDAPDB plugin: - build fixes New in 2.1.24 ------------- * Order advertised server-side SASL mechanisms per the specified 'mech_list' option or by relative "strength" * Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called * Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init()/sasl_client_init() is called (bug # 3083) * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) * Added direct support for hashed password to auxprop API * Don't treat a constraint violation as an error to store an auxprop property * Extended libsasl (auxprop) to support user deletion * Extended SASL auxprop_lookup to return error code * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) * (Windows) Free handles of shared libraries on Windows that were loaded but are not SASL plugins (bug # 2089) * Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. * Implemented sasl_client_done()/sasl_server_done() * Added automatic hostname canonicalization inside libsasl * Made sasl_config_init() public * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) * Fixed potential buffer overflow in saslautd_verify_password(). * Fixed segfault in dlclose() on HPUX * Various bugfixes for 64bit platforms * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, sample/sample-server.c, utils/smtptest.c * pluginviewer: Code cleanup, improved human readable messages * Build: - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) - (Windows) Added Windows64 build - Updated to use .plugin extension on MacOS - Changed 64bit HP-UX build to use .so for shared libraries * saslauthd: - Fixed bug counting double-quotes in username/password in auth_rimap.c. Also fixed bug zeroing password. - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined - auth_getpwent.c: Fixed Solaris build * SASLDB plugin: - Fixed spurious 'user not found' errors caused by an attempt to delete a non-existent property - Added direct support for hashed password to auxprop API - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist - Ignore properties starting with '*' in the auxprop store function * SQL plugin: - Added support for SQLITE3 - Uninitialized variables can cause crash when the searched user is not found - Added direct support for hashed password - Ignore properties starting with '*' in the auxprop store function * LDAPDB plugin: - Added code to extend LDAPDB into a canon_user plugin in addition to its existing auxprop plugin functionality * PLAIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * LOGIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * DIGEST-MD5 plugin: - Fixed a memory leak in the DIGEST-MD5 security layer - Fixed memory leaks in client-side reauth and other places - More detailed error reporting. - Fixed parsing of challenges/responses with extra commas. - Allow for multiple qop options from the server and require a single qop option from the client. * GSSAPI plugin: - Check that params->serverFQDN is not NULL before using strlen on it - Make auxprop lookup calls optional * EXTERNAL plugin: - Make auxprop lookup calls optional * NTLM plugin: - allow a comma separated list of servernames in 'ntlm_server' option - Fixed crash in calculating NTv2 reponse * OTP plugin: - Don't use a stack variable for an OTP prompt (bug # 2822) - Downgrade the failure to store OTP secret to debug level * KERBEROS_V4 plugin: - Make auxprop lookup calls optional
Recursive PKGREVISION bump for jpeg update to 8.
Pullup ticket #2773 - requested by obache security/cy2-anonymous: security update security/cy2-crammd5: security update security/cy2-digestmd5: security update security/cy2-gssapi: security update security/cy2-ldapdb: security update security/cy2-login: security update security/cy2-ntlm: security update security/cy2-otp: security update security/cy2-plain: security update security/cy2-sql: security update security/cyrus-sasl: security update security/cyrus-saslauthd: security update Revisions pulled up: - security/cy2-digestmd5/Makefile 1.12 - security/cy2-gssapi/Makefile 1.14 - security/cy2-ldapdb/Makefile 1.4 - security/cy2-ntlm/Makefile 1.20 - security/cy2-otp/Makefile 1.12 - security/cyrus-sasl/Makefile.common 1.14 - security/cyrus-sasl/distinfo 1.18 - security/cyrus-sasl/patches/patch-ai 1.8 - security/cyrus-sasl/patches/patch-al 1.6 - security/cyrus-sasl/patches/patch-aq 1.6 - security/cyrus-saslauthd/Makefile 1.38 - security/cyrus-saslauthd/distinfo 1.10 - security/cyrus-saslauthd/patches/patch-ab 1.7 - security/cyrus-saslauthd/patches/patch-af 1.3 --- Module Name: pkgsrc Committed By: obache Date: Thu May 14 23:00:47 UTC 2009 Modified Files: pkgsrc/security/cy2-digestmd5: Makefile pkgsrc/security/cy2-gssapi: Makefile pkgsrc/security/cy2-ldapdb: Makefile pkgsrc/security/cy2-ntlm: Makefile pkgsrc/security/cy2-otp: Makefile pkgsrc/security/cyrus-sasl: Makefile.common distinfo pkgsrc/security/cyrus-sasl/patches: patch-ai patch-al patch-aq pkgsrc/security/cyrus-saslauthd: Makefile distinfo pkgsrc/security/cyrus-saslauthd/patches: patch-ab patch-af Log Message: Update cyrus-sasl to 2.1.23. New in 2.1.23 ------------- * Fixed CERT VU#238019 (make sure sasl_encode64() always NUL terminates output or returns SASL_BUFOVER)
Update cyrus-sasl to 2.1.23. New in 2.1.23 ------------- * Fixed CERT VU#238019 (make sure sasl_encode64() always NUL terminates output or returns SASL_BUFOVER)
Add DESTDIR support.
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Update security/cy2-* plugin packages to code from cyrus-sasl-2.1.21.
Update path from cyrus-sasl2 to cyrus-sasl.
Recursive revision bump / recommended bump for gettext ABI change.
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
Fixed pkglint warnings. The warnings are mostly quoting issues, for example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Rename ALL_TARGET to BUILD_TARGET for consistency with other *_TARGETs. Suggested by Roland Illig, ok'd by various.
Update security/cyrus-sasl2 and associated plugins to 2.1.20. Changes from version 2.1.19 include: * Fixes to cram plugin to avoid attempting to canonify uninitialized data (This removes the need for patch-af). * NTLM portability fixes. * Avoid potential attack using SASL_PATH when sasl is used in a setuid environment. * A trivial number of small bugfixes.
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Cosmetic changes.
Conform to doc/Makefile-example by moving inclusion of buildlink3.mk files below the variable settings and above any make targets.
Update security/cyrus-sasl2 to 2.1.18. Changes from version 2.1.17 include: * Better error-handling. * Support for Courier-IMAP authdaemond for plaintext password verification. * Fixed resource leaks and buffer overruns. pkgsrc changes include: * SASL_DBTYPE is either "ndbm" or "berkeley" and sets the db format of the sasldb authentication database, defaulting to ndbm. * SASLSOCKETDIR is the location of the saslauthd socket directory. * AUTHDAEMONVAR is the localt of the authdaemond socket directory. * SASL_ENTROPY_SOURCE is a file of random bytes used as a PRNG. This closes PR 24649 and PR 24694.
PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version.
PKGSHLIBTOOL has been removed from pkgsrc; we're supposed to use ${SHLIBTOOL} instead.
bl3ify
PKGREVISION++ after openssl update.
Use SHLIBTOOL to install the plugins since we used it to build them.
Initial import of security/cy2-ntlm. This is the Cyrus SASL plugin that implements the NTLM (MS Windows NT) authentication mechanism.
Initial revision