![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / heimdal
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.157 / (download) - annotate - [select for diffs], Wed Feb 8 07:41:25 2023 UTC (6 weeks ago) by wiz
Branch: MAIN
CVS Tags: HEAD
Changes since 1.156: +2 -2
lines
Diff to previous 1.156 (colored)
heimdal: add patch against CVE-2022-45142 Bump PKGREVISION.
Revision 1.156 / (download) - annotate - [select for diffs], Wed Nov 23 16:18:59 2022 UTC (3 months, 4 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.155: +2 -1
lines
Diff to previous 1.155 (colored)
massive revision bump after textproc/icu update
Revision 1.155 / (download) - annotate - [select for diffs], Tue Nov 22 12:51:00 2022 UTC (3 months, 4 weeks ago) by adam
Branch: MAIN
Changes since 1.154: +8 -12
lines
Diff to previous 1.154 (colored)
heimdal: updated to 7.8
Heimdal 7.8 Latest
This release includes both the Heimdal 7.7.1 Security Vulnerability fixes and non-Security bug fixes/improvements.
Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.
While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.
CVE-2019-14870: Validate client attributes in protocol-transition
CVE-2019-14870: Apply forwardable policy in protocol-transition
CVE-2019-14870: Always lookup impersonate client in DB
Other changes:
Bugs found by UBSAN (including the incorrect encoding of unconstrained
INTEGER value -1).
Errors found by the LLVM scan-build static analyzer.
Errors found by the valgrind memory debugger.
Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp).
Correct ASN.1 OID typo for SHA-384
Fix a deadlock in in the MEMORY ccache type.
TGS: strip forwardable and proxiable flags if the server is
disallowed.
CVE-2019-14870: Validate client attributes in protocol-transition
CVE-2019-14870: Apply forwardable policy in protocol-transition
CVE-2019-14870: Always lookup impersonate client in DB
Incremental HDB propagation improvements
Refactor send_diffs making it progressive
Handle partial writes on non-blocking sockets
Disable Nagle in iprop master and slave
Use async I/O
Don't send I_HAVE in response to AYT
Do not recover log in kadm5_get_principal()
Don't send diffs to slaves with not yet known version
Don't stutter in send_diffs
Optional backwards-compatible anon-pkinit behavior
Revision 1.154 / (download) - annotate - [select for diffs], Tue Jun 28 11:35:35 2022 UTC (8 months, 3 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.153: +2 -2
lines
Diff to previous 1.153 (colored)
*: recursive bump for perl 5.36
Revision 1.153 / (download) - annotate - [select for diffs], Mon Apr 18 19:10:04 2022 UTC (11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2
Changes since 1.152: +2 -2
lines
Diff to previous 1.152 (colored)
revbump for textproc/icu update
Revision 1.152 / (download) - annotate - [select for diffs], Wed Dec 8 16:02:33 2021 UTC (15 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.151: +2 -2
lines
Diff to previous 1.151 (colored)
revbump for icu and libffi
Revision 1.151 / (download) - annotate - [select for diffs], Wed Nov 17 08:46:02 2021 UTC (16 months ago) by wiz
Branch: MAIN
Changes since 1.150: +2 -2
lines
Diff to previous 1.150 (colored)
heimdal: Fix CVE-2021-3671 Patch from samba Bump PKGREVISION.
Revision 1.150 / (download) - annotate - [select for diffs], Fri Oct 22 07:31:54 2021 UTC (16 months, 4 weeks ago) by wiz
Branch: MAIN
Changes since 1.149: +2 -1
lines
Diff to previous 1.149 (colored)
heimdal: fix su -> ksu name change with kerberos-prefix-cmds option Bump PKGREVISION, since it's on by default.
Revision 1.149 / (download) - annotate - [select for diffs], Thu Oct 21 09:02:25 2021 UTC (17 months ago) by wiz
Branch: MAIN
Changes since 1.148: +2 -2
lines
Diff to previous 1.148 (colored)
heimdal: fix fetch stage
Revision 1.148 / (download) - annotate - [select for diffs], Thu Oct 21 07:51:41 2021 UTC (17 months ago) by wiz
Branch: MAIN
Changes since 1.147: +2 -3
lines
Diff to previous 1.147 (colored)
heimdal: remove hcrypto PLIST_VAR It was always set to yes.
Revision 1.147 / (download) - annotate - [select for diffs], Thu Oct 21 07:46:02 2021 UTC (17 months ago) by wiz
Branch: MAIN
Changes since 1.146: +14 -31
lines
Diff to previous 1.146 (colored)
heimdal: update to 7.7.0.
This version supports openssl 1.1, so re-enable it.
Release Notes - Heimdal - Version Heimdal 7.7
Bug fixes
- PKCS#11 hcrypto back-end
. initialize the p11_module_load function list
. verify that not only is a mechanism present but that its mechanism
info states that it offers the required encryption, decryption or
digest services
- krb5:
. Starting with 7.6, Heimdal permitted requesting authenticated
anonymous tickets. However, it did not verify that a KDC in fact
returned an anonymous ticket when one was requested.
- Cease setting the KDCOption reaquest_anonymous flag when issuing
S4UProxy (constrained delegation) TGS requests.
. when the Win2K PKINIT compatibility option is set, do
not require krbtgt otherName to match when validating KDC
certificate.
. set PKINIT_BTMM flag per Apple implementation
. use memset_s() instead of memset()
- kdc:
. When generating KRB5SignedPath in the AS, use the reply client name
rather than the one from the request, so validation will work
correctly in the TGS.
. allow checksum of PA-FOR-USER to be HMAC_MD5. Even if tgt used
an enctype with a different checksum. Per [MS-SFU] 2.2.1
PA-FOR-USER the checksum is always HMAC_MD5, and that's what
Windows and MIT clients send.
In heimdal both the client and kdc use instead the
checksum of the tgt, and therefore work with each other
but Windows and MIT clients fail against heimdal KDC.
Both Windows and MIT KDCs would allow any keyed checksum
to be used so Heimdal client interoperates with them.
Change Heimdal KDC to allow HMAC_MD5 even for non RC4
based tgt in order to support per-spec clients.
. use memset_s() instead of memset().
- Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy
(constrained delegation) TGS Requests with the request
anonymous flag set. These requests will be treated as
S4UProxy requests and not anonymous requests.
- HDB:
. Set SQLite3 backend default page size to 8KB.
. Add hdb_set_sync() method
- kadmind:
. disable HDB sync during database load avoiding unnecessary disk i/o.
- ipropd:
. disable HDB sync during receive_everything. Doing an fsync
per-record when receiving the complete HDB is a performance
disaster. Among other things, if the HDB is very large, then
one slave receving a full HDB can cause other slaves to timeout
and, if HDB write activity is high enough to cause iprop log
truncation, then also need full syncs, which leads to a cycle of
full syncs for all slaves until HDB write activity drops.
Allowing the iprop log to be larger helps, but improving
receive_everything() performance helps even more.
- kinit:
. Anonymous PKINIT tickets discard the realm information used
to locate the issuing AS. Store the issuing realm in the
credentials cache in order to locate a KDC which can renew them.
. Do not leak the result of krb5_cc_get_config() when determining
anonymous PKINIT start realm.
- klist:
. Show transited-policy-checked, ok-as-delegate and anonymous
flags when listing credentials.
- tests:
. Regenerate certs so that they expire before the 2038 armageddon
so the test suite will pass on 32-bit operating systems until the
underlying issues can be resolved.
- Solaris:
. Define _STDC_C11_BCI for memset_s prototype
- build tooling:
. Convert from python 2 to python 3
- documentation
. rename verify-password to verify-password-quality
. hprop default mode is encrypt
. kadmind "all" permission does not include "get-keys"
. verify-password-quality might not be stateless
Release Notes - Heimdal - Version Heimdal 7.6
Security
- CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
When the Heimdal KDC checks the checksum that is placed on the
S4U2Self packet by the server to protect the requested principal
against modification, it does not confirm that the checksum
algorithm that protects the user name (principal) in the request
is keyed. This allows a man-in-the-middle attacker who can
intercept the request to the KDC to modify the packet by replacing
the user name (principal) in the request with any desired user
name (principal) that exists in the KDC and replace the checksum
protecting that name with a CRC32 checksum (which requires no
prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user
name (principal) user@EXAMPLE.COM to any service to be changed
to a S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the
PAC of the modified user name (principal).
- CVE-2019-12098, client-only:
RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge
when anonymous PKINIT is used. Failure to do so can permit an active
attacker to become a man-in-the-middle.
Bug fixes
- Happy eyeballs: Don't wait for responses from known-unreachable KDCs.
- kdc: check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
- kinit:
. cleanup temporary ccaches
. see man page for "kinit --anonymous" command line syntax change
- kdc: Make anonymous AS-requests more RFC8062-compliant.
- Updated expired test certificates
- Solaris:
. PKCS#11 hcrypto backend broken since 7.0.1
. Building with Sun Pro C
Features
- kuser: support authenticated anonymous AS-REQs in kinit
- kdc: support for anonymous TGS-REQs
- kgetcred support for anonymous service tickets
- Support builds with OpenSSL 1.1.1
Release Notes - Heimdal - Version Heimdal 7.5
Security
- Fix CVE-2017-17439, which is a remote denial of service
vulnerability:
In Heimdal 7.1 through 7.4, remote unauthenticated attackers
are able to crash the KDC by sending a crafted UDP packet
containing empty data fields for client name or realm.
Bug fixes
- Handle long input lines when reloading database dumps.
- In pre-forked mode (default on Unix), correctly clear
the process ids of exited children, allowing new child processes
to replace the old.
- Fixed incorrect KDC response when no-cross realm TGT exists,
allowing client requests to fail quickly rather than time
out after trying to get a correct answer from each KDC.
Release Notes - Heimdal - Version Heimdal 7.4
Security
- Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
This is a critical vulnerability.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
See https://www.orpheus-lyre.info/ for more details.
Release Notes - Heimdal - Version Heimdal 7.3
Security
- Fix transit path validation. Commit f469fc6 (2010-10-02) inadvertently
caused the previous hop realm to not be added to the transit path
of issued tickets. This may, in some cases, enable bypass of capath
policy in Heimdal versions 1.5 through 7.2.
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
(CVE-2017-6594)
Release Notes - Heimdal - Version Heimdal 7.2
Bug fixes
- Portability improvements
- More strict parsing of encoded URI components in HTTP KDC
- Fixed memory leak in malloc error recovery in NTLM GSSAPI mechanism
- Avoid overly specific CPU info in krb5-config in aid of reproducible builds
- Don't do AFS string-to-key tests when feature is disabled
- Skip mdb_stat test when the command is not available
- Windows: update SHA2 timestamp server
- hdb: add missing export hdb_generate_key_set_password_with_ks_tuple
- Fix signature of hdb_generate_key_set_password()
- Windows: enable KX509 support in the KDC
- kdc: fix kx509 service principal match
- iprop: handle case where master sends nothing new
- ipropd-slave: fix incorrect error codes
- Allow choice of sqlite for HDB pref
- check-iprop: don't fail to kill daemons
- roken: pidfile -> rk_pidfile
- kdc: _kdc_do_kx509 fix use after free error
- Do not detect x32 as 64-bit platform.
- No sys/ttydefaults.h on CYGWIN
- Fix check-iprop races
- roken_detach_prep() close pipe
Release Notes - Heimdal - Version Heimdal 7.1
Security
- kx509 realm-chopping security bug
- non-authorization of alias additions/removals in kadmind
(CVE-2016-2400)
Feature
- iprop has been revamped to fix a number of race conditions that could
lead to inconsistent replication
- Hierarchical capath support
- AES Encryption with HMAC-SHA2 for Kerberos 5
draft-ietf-kitten-aes-cts-hmac-sha2-11
- hcrypto is now thread safe on all platforms
- libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for
Solaris), and OpenSSL. OpenSSL is now a first-class libhcrypto backend.
OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by
backend
- HDB now supports LMDB
- Thread support on Windows
- RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST)
- New GSS APIs:
. gss_localname
- Allow setting what encryption types a principal should have with
[kadmin] default_key_rules, see krb5.conf manpage for more info
- Unify libhcrypto with LTC (libtomcrypto)
- asn1_compile 64-bit INTEGER functionality
- HDB key history support including --keepold kadmin password option
- Improved cross-realm key rollover safety
- New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces
- Improved MIT compatibility
. kadm5 API
. Migration from MIT KDB via "mitdb" HDB backend
. Capable of writing the HDB in MIT dump format
- Improved Active Directory interoperability
. Enctype selection issues for PAC and other authz-data signatures
. Cross realm key rollover (kvno 0)
- New [kdc] enctype negotiation configuration:
. tgt-use-strongest-session-key
. svc-use-strongest-session-key
. preauth-use-strongest-session-key
. use-strongest-server-key
- The KDC process now uses a multi-process model improving
resiliency and performance
- Allow batch-mode kinit with password file
- SIGINFO support added to kinit cmd
- New kx509 configuration options:
. kx509_ca
. kca_service
. kx509_include_pkinit_san
. kx509_template
- Improved Heimdal library/plugin version safety
- Name canonicalization
. DNS resolver searchlist
. Improved referral support
. Support host:port host-based services
- Pluggable libheimbase interface for DBs
- Improve IPv6 Support
- LDAP
. Bind DN and password
. Start TLS
- klist --json
- DIR credential cache type
- Updated upstream SQLite and libedit
- Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
telnet, xnlock
- Completely remove RAND_egd support
- Moved kadmin and ktutil to /usr/bin
- Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
. use O_NOFOLLOW
. don't follow symlinks
. require cache files to be owned by the user
. require sensible permissions (not group/other readable)
- Implemented gss_store_cred()
- Many more
Bug fixes
- iprop has been revamped to fix a number of race conditions that could
lead to data loss
- Include non-loopback addresses assigned to loopback interfaces
when requesting tickets with addresses
- KDC 1DES session key selection (for AFS rxkad-k5 compatibility)
- Keytab file descriptor and lock leak
- Credential cache corruption bugs
(NOTE: The FILE ccache is still not entirely safe due to the
fundamentally unsafe design of POSIX file locking)
- gss_pseudo_random() interop bug
- Plugins are now preferentially loaded from the run-time install tree
- Reauthentication after password change in init_creds_password
- Memory leak in the client kadmin library
- TGS client requests renewable/forwardable/proxiable when possible
- Locking issues in DB1 and DB3 HDB backends
- Master HDB can remain locked while waiting for network I/O
- Renewal/refresh logic when kinit is provided with a command
- KDC handling of enterprise principals
- Use correct bit for anon-pkinit
- Many more
Revision 1.146 / (download) - annotate - [select for diffs], Sun May 9 16:04:34 2021 UTC (22 months, 1 week ago) by thor
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.145: +5 -2
lines
Diff to previous 1.145 (colored)
security/heimdal: provide krb5-gssapi.pc as symlink This is needed for example for qt5-qtbase to pick up a pkgsrc-installed heimdal instead of possibly a mix of system mit-krb5 libs with pkgsrc headers, for its network auth that recently got GSSAPI. It makes sense to provide the same pkg-config package name if heimdal and mit-krb5 should be transparently compatible at that front.
Revision 1.145 / (download) - annotate - [select for diffs], Wed Apr 21 11:40:36 2021 UTC (23 months ago) by adam
Branch: MAIN
Changes since 1.144: +2 -2
lines
Diff to previous 1.144 (colored)
revbump for textproc/icu
Revision 1.144 / (download) - annotate - [select for diffs], Thu Nov 5 09:07:06 2020 UTC (2 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.143: +2 -2
lines
Diff to previous 1.143 (colored)
*: Recursive revbump from textproc/icu-68.1
Revision 1.143 / (download) - annotate - [select for diffs], Sun Jul 26 09:30:14 2020 UTC (2 years, 7 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.142: +4 -2
lines
Diff to previous 1.142 (colored)
heimdal: Update MASTER_SITES. The original master site is gone. The new one redirects to Github but for the ancient release we package (1.5.3, newest is 7.x), it does not have the distfile. Update NetBSD/pkgsrc#68
Revision 1.142 / (download) - annotate - [select for diffs], Tue Jun 2 08:22:54 2020 UTC (2 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.141: +2 -2
lines
Diff to previous 1.141 (colored)
Revbump for icu
Revision 1.141 / (download) - annotate - [select for diffs], Sun Apr 12 08:28:05 2020 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.140: +2 -2
lines
Diff to previous 1.140 (colored)
Recursive revision bump after textproc/icu update
Revision 1.140 / (download) - annotate - [select for diffs], Sat Mar 21 00:15:11 2020 UTC (3 years ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.139: +2 -2
lines
Diff to previous 1.139 (colored)
heimdal: fix runpath setting in krb5-config
Revision 1.139 / (download) - annotate - [select for diffs], Wed Mar 18 13:18:57 2020 UTC (3 years ago) by gdt
Branch: MAIN
Changes since 1.138: +2 -2
lines
Diff to previous 1.138 (colored)
security/heimdal: Prefix kerberos commands by default It has long been an issue that heimdal installs "su" which shadows system su and behaves differently. Now, with openssl 1.1, many people are getting heimdal installed that did not expect it or ask for it. (Really, heimdal should be split into libraries and apps, so that programs can have kerberos support without adding commands to the user's namespace, but this is vastly easier.) (In response to on-list complaints, and believing this will not be contoversial.)
Revision 1.138 / (download) - annotate - [select for diffs], Thu Feb 20 21:01:09 2020 UTC (3 years, 1 month ago) by rillig
Branch: MAIN
Changes since 1.137: +9 -2
lines
Diff to previous 1.137 (colored)
security/heimdal: add back MAKE_JOBS_SAFE=no
Revision 1.137 / (download) - annotate - [select for diffs], Thu Feb 13 21:12:21 2020 UTC (3 years, 1 month ago) by rillig
Branch: MAIN
Changes since 1.136: +1 -3
lines
Diff to previous 1.136 (colored)
security/heimdal: remove MAKE_JOBS_SAFE=no Heimdal built fine on NetBSD-8.0-x86_64 with MAKE_JOBS=7.
Revision 1.136 / (download) - annotate - [select for diffs], Thu Feb 13 21:04:25 2020 UTC (3 years, 1 month ago) by rillig
Branch: MAIN
Changes since 1.135: +2 -1
lines
Diff to previous 1.135 (colored)
security/heimdal: disable check for unknown GNU configure options Heimdal has bundled libreadline, which has its own configure file with completely different options.
Revision 1.135 / (download) - annotate - [select for diffs], Sat Jan 18 21:48:21 2020 UTC (3 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.134: +2 -2
lines
Diff to previous 1.134 (colored)
*: Recursive revision bump for openssl 1.1.1.
Revision 1.134 / (download) - annotate - [select for diffs], Mon Nov 4 21:12:53 2019 UTC (3 years, 4 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.133: +3 -3
lines
Diff to previous 1.133 (colored)
security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Revision 1.133 / (download) - annotate - [select for diffs], Mon Oct 21 16:21:44 2019 UTC (3 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.132: +5 -18
lines
Diff to previous 1.132 (colored)
heimdal: fix build on OpenSSL 1.1 systems by disabling OpenSSL. heimdal includes a copy of the relevant functions itself. Add a comment that the dependency should be re-enabled when updating this package. Bump PKGREVISION.
Revision 1.132 / (download) - annotate - [select for diffs], Wed Apr 3 00:33:04 2019 UTC (3 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.131: +2 -2
lines
Diff to previous 1.131 (colored)
Recursive revbump from textproc/icu
Revision 1.131 / (download) - annotate - [select for diffs], Wed Feb 6 11:36:38 2019 UTC (4 years, 1 month ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.130: +15 -17
lines
Diff to previous 1.130 (colored)
heimdal: fix Linux PLIST.hcrypto issue in a more generic way Tested under Debian unstable. PR pkg/53806
Revision 1.130 / (download) - annotate - [select for diffs], Sun Jan 6 12:53:56 2019 UTC (4 years, 2 months ago) by bsiegert
Branch: MAIN
Changes since 1.129: +8 -2
lines
Diff to previous 1.129 (colored)
heimdal: Fix compilation under WSL This sets the "hcrypto" PLIST variable correct when pkgsrc is used under WSL (Windows Services for Linux). From David Weller-Fahy via PR pkg/53806.
Revision 1.129 / (download) - annotate - [select for diffs], Sun Dec 9 18:52:07 2018 UTC (4 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.128: +2 -2
lines
Diff to previous 1.128 (colored)
revbump after updating textproc/icu
Revision 1.128 / (download) - annotate - [select for diffs], Tue Nov 27 23:36:00 2018 UTC (4 years, 3 months ago) by sevan
Branch: MAIN
Changes since 1.127: +6 -1
lines
Diff to previous 1.127 (colored)
Support Minix.
Revision 1.127 / (download) - annotate - [select for diffs], Fri Jul 20 03:33:55 2018 UTC (4 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.126: +2 -2
lines
Diff to previous 1.126 (colored)
Recursive revbump from textproc/icu-62.1
Revision 1.126 / (download) - annotate - [select for diffs], Sat Apr 14 07:34:00 2018 UTC (4 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.125: +2 -2
lines
Diff to previous 1.125 (colored)
revbump after icu update
Revision 1.125 / (download) - annotate - [select for diffs], Thu Nov 30 16:45:07 2017 UTC (5 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.124: +2 -2
lines
Diff to previous 1.124 (colored)
Revbump after textproc/icu update
Revision 1.124 / (download) - annotate - [select for diffs], Mon Sep 18 09:53:04 2017 UTC (5 years, 6 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.123: +2 -2
lines
Diff to previous 1.123 (colored)
revbump for requiring ICU 59.x
Revision 1.123 / (download) - annotate - [select for diffs], Sat Apr 22 21:03:16 2017 UTC (5 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.122: +2 -2
lines
Diff to previous 1.122 (colored)
Revbump after icu update
Revision 1.122 / (download) - annotate - [select for diffs], Sun Dec 4 05:17:11 2016 UTC (6 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.121: +2 -2
lines
Diff to previous 1.121 (colored)
Recursive revbump from textproc/icu 58.1
Revision 1.121 / (download) - annotate - [select for diffs], Thu Jun 2 16:01:12 2016 UTC (6 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.120: +5 -1
lines
Diff to previous 1.120 (colored)
Explicitly disable extended glob(3C) support on SunOS, despite it being available on newer illumos, as it simplifies PLIST.glob.
Revision 1.120 / (download) - annotate - [select for diffs], Mon Apr 11 19:01:38 2016 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.119: +2 -2
lines
Diff to previous 1.119 (colored)
Recursive revbump from textproc/icu 57.1
Revision 1.119 / (download) - annotate - [select for diffs], Wed Mar 9 06:01:09 2016 UTC (7 years ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.118: +3 -1
lines
Diff to previous 1.118 (colored)
fix build on Linux
Revision 1.118 / (download) - annotate - [select for diffs], Sat Mar 5 11:27:54 2016 UTC (7 years ago) by jperkin
Branch: MAIN
Changes since 1.117: +2 -2
lines
Diff to previous 1.117 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.117 / (download) - annotate - [select for diffs], Thu Feb 25 08:27:04 2016 UTC (7 years ago) by jperkin
Branch: MAIN
Changes since 1.116: +1 -2
lines
Diff to previous 1.116 (colored)
Remove manual OPSYSVARS additions which are now part of the default set.
Revision 1.116 / (download) - annotate - [select for diffs], Sat Oct 10 01:57:55 2015 UTC (7 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.115: +2 -2
lines
Diff to previous 1.115 (colored)
Recursive revbump from textproc/icu
Revision 1.115 / (download) - annotate - [select for diffs], Mon Apr 6 08:17:17 2015 UTC (7 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.114: +2 -2
lines
Diff to previous 1.114 (colored)
Revbump after updating textproc/icu
Revision 1.114 / (download) - annotate - [select for diffs], Tue Oct 7 16:47:14 2014 UTC (8 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.113: +2 -2
lines
Diff to previous 1.113 (colored)
Revbump after updating libwebp and icu
Revision 1.113 / (download) - annotate - [select for diffs], Wed Jul 30 11:05:04 2014 UTC (8 years, 7 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.112: +3 -3
lines
Diff to previous 1.112 (colored)
Add runtime dependency on flex (in bin/compile_et). Bump PKGREVISION.
Revision 1.112 / (download) - annotate - [select for diffs], Wed Apr 9 07:26:58 2014 UTC (8 years, 11 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.111: +2 -2
lines
Diff to previous 1.111 (colored)
recursive bump from icu shlib major bump.
Revision 1.111 / (download) - annotate - [select for diffs], Sat Mar 22 09:05:24 2014 UTC (9 years ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.110: +10 -10
lines
Diff to previous 1.110 (colored)
The MirBSD stanza was wrong. Moved it below the builtin.mk inclusion and made the conditional more robust. Fixes at least "make describe", let's see if it helps for the bulk build.
Revision 1.110 / (download) - annotate - [select for diffs], Wed Mar 19 13:25:04 2014 UTC (9 years ago) by bsiegert
Branch: MAIN
Changes since 1.109: +3 -1
lines
Diff to previous 1.109 (colored)
Only build hcrypto on MirBSD if using the builtin OpenSSL. Fixes build now that we have OpenSSL from pkgsrc.
Revision 1.109 / (download) - annotate - [select for diffs], Thu Feb 20 08:19:43 2014 UTC (9 years, 1 month ago) by obache
Branch: MAIN
Changes since 1.108: +11 -10
lines
Diff to previous 1.108 (colored)
Move check of builtin openssl below to buildlink with openssl and exactly set as checking builtin before including openssl/builtin.mk, so that wanted openssl will be picked up (formerly, BUILTINK_API_DEPENDS.openssl is ignored). Bump PKGREVISION.
Revision 1.108 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:32 2014 UTC (9 years, 1 month ago) by tron
Branch: MAIN
Changes since 1.107: +2 -2
lines
Diff to previous 1.107 (colored)
Recursive PKGREVISION bump for OpenSSL API version bump.
Revision 1.107 / (download) - annotate - [select for diffs], Wed Dec 4 10:01:30 2013 UTC (9 years, 3 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.106: +8 -1
lines
Diff to previous 1.106 (colored)
Fix heimdal build under MirBSD. The three tommath patches (which patch the files into existence) have been included in the source code since heimdal 1.5, so remove them. Compile errors due to missing -pthread in MirBSD were fixed by adding PTHREAD_AUTO_VARS.
Revision 1.106 / (download) - annotate - [select for diffs], Sat Oct 19 09:06:56 2013 UTC (9 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.105: +2 -2
lines
Diff to previous 1.105 (colored)
Revbump after updating textproc/icu
Revision 1.105 / (download) - annotate - [select for diffs], Mon Oct 14 09:55:52 2013 UTC (9 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.104: +7 -1
lines
Diff to previous 1.104 (colored)
Fix pakaging on Linux. vis.h and glob.h are installed on Linux (Debian GNU/Linux 7.1 and CentOS 6.4 at least) * Makefile of Rev 1.100 removes vis.h and glob.h hack. My two Linux environments require vis.h and glob.h entries for PLIST. Set PLIST.vis and PLIST.glob for Linux.
Revision 1.104 / (download) - annotate - [select for diffs], Fri Oct 11 16:21:40 2013 UTC (9 years, 5 months ago) by roy
Branch: MAIN
Changes since 1.103: +3 -3
lines
Diff to previous 1.103 (colored)
Heimdal really uses termcap
Revision 1.103 / (download) - annotate - [select for diffs], Sat Aug 24 16:45:08 2013 UTC (9 years, 6 months ago) by richard
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.102: +7 -2
lines
Diff to previous 1.102 (colored)
fix PLIST options for solaris, including builtin openssl support
Revision 1.102 / (download) - annotate - [select for diffs], Thu Aug 22 21:17:00 2013 UTC (9 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.101: +6 -1
lines
Diff to previous 1.101 (colored)
At least on my systems glob and vis are not installed, so introduce PLIST conditional. Please fix up the setting on your systems. Mark as not MAKE_JOBS_SAFE.
Revision 1.101 / (download) - annotate - [select for diffs], Fri Aug 16 08:30:14 2013 UTC (9 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.100: +10 -12
lines
Diff to previous 1.100 (colored)
Changes 1.5.3: Bug fixes - Fix leaking file descriptors in KDC - Better socket/timeout handling in libkrb5 - General bug fixes - Build fixes
Revision 1.100 / (download) - annotate - [select for diffs], Thu Aug 15 11:15:11 2013 UTC (9 years, 7 months ago) by jperkin
Branch: MAIN
Changes since 1.99: +7 -5
lines
Diff to previous 1.99 (colored)
Attempt to fix readline fallout. Tested with both READLINE_TYPE on SmartOS.
Revision 1.99 / (download) - annotate - [select for diffs], Mon Jul 15 02:02:28 2013 UTC (9 years, 8 months ago) by ryoon
Branch: MAIN
Changes since 1.98: +4 -4
lines
Diff to previous 1.98 (colored)
* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes are replaced with .include "../../devel/readline/buildlink3.mk", and USE_GNU_READLINE are removed, * .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE are replaced with .include "../../mk/readline.buildlink3.mk".
Revision 1.98 / (download) - annotate - [select for diffs], Thu May 9 07:39:19 2013 UTC (9 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.97: +2 -2
lines
Diff to previous 1.97 (colored)
Massive revbump after updating graphics/ilmbase, graphics/openexr, textproc/icu.
Revision 1.97 / (download) - annotate - [select for diffs], Wed Feb 6 23:20:59 2013 UTC (10 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.96: +2 -2
lines
Diff to previous 1.96 (colored)
PKGREVISION bumps for the security/openssl 1.0.1d update.
Revision 1.96 / (download) - annotate - [select for diffs], Sat Jan 26 21:36:45 2013 UTC (10 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.95: +2 -2
lines
Diff to previous 1.95 (colored)
Revbump after graphics/jpeg and textproc/icu
Revision 1.95 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:32 2012 UTC (10 years, 3 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.94: +2 -2
lines
Diff to previous 1.94 (colored)
recursive bump from cyrus-sasl libsasl2 shlib major bump.
Revision 1.94 / (download) - annotate - [select for diffs], Thu Nov 15 03:32:00 2012 UTC (10 years, 4 months ago) by sbd
Branch: MAIN
Changes since 1.93: +2 -2
lines
Diff to previous 1.93 (colored)
When getting a file basename strip any leading directories.
Revision 1.93 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:30 2012 UTC (10 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.92: +1 -3
lines
Diff to previous 1.92 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.92 / (download) - annotate - [select for diffs], Sun Sep 9 09:23:06 2012 UTC (10 years, 6 months ago) by cheusov
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.91: +3 -2
lines
Diff to previous 1.91 (colored)
Add CONFLICTS with kth-krb4 (lib/libsl.so)
Revision 1.91 / (download) - annotate - [select for diffs], Wed Jul 18 09:48:10 2012 UTC (10 years, 8 months ago) by jperkin
Branch: MAIN
Changes since 1.90: +5 -1
lines
Diff to previous 1.90 (colored)
Fix install on at least Solaris.
Revision 1.90 / (download) - annotate - [select for diffs], Fri Apr 27 12:32:02 2012 UTC (10 years, 10 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q2
Changes since 1.89: +2 -2
lines
Diff to previous 1.89 (colored)
Recursive bump from icu shlib major bumped to 49.
Revision 1.89 / (download) - annotate - [select for diffs], Tue Mar 13 09:04:49 2012 UTC (11 years ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Changes since 1.88: +5 -2
lines
Diff to previous 1.88 (colored)
On SunOS, heimdal never builds hcrypto when pkgsrc OpenSSL used.
Revision 1.88 / (download) - annotate - [select for diffs], Sun Mar 11 11:30:06 2012 UTC (11 years ago) by shattered
Branch: MAIN
Changes since 1.87: +3 -2
lines
Diff to previous 1.87 (colored)
PR/39656 -- Use /var/heimdal as hdbdir, not /var.
Revision 1.87 / (download) - annotate - [select for diffs], Mon Feb 27 12:39:11 2012 UTC (11 years ago) by asau
Branch: MAIN
Changes since 1.86: +3 -3
lines
Diff to previous 1.86 (colored)
Update to Heimdal 1.5.2 Release Notes - Heimdal - Version Heimdal 1.5.2 Security fixes - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege - Check that key types strictly match - denial of service Release Notes - Heimdal - Version Heimdal 1.5.1 Bug fixes - Fix building on Solaris, requires c99 - Fix building on Windows - Build system updates Release Notes - Heimdal - Version Heimdal 1.5 New features - Support GSS name extensions/attributes - SHA512 support - No Kerberos 4 support - Basic support for MIT Admin protocol (SECGSS flavor) in kadmind (extract keytab) - Replace editline with libedit
Revision 1.86 / (download) - annotate - [select for diffs], Wed Feb 15 22:39:54 2012 UTC (11 years, 1 month ago) by asau
Branch: MAIN
Changes since 1.85: +3 -1
lines
Diff to previous 1.85 (colored)
Provide access to tests (TEST_TARGET=check).
Revision 1.85 / (download) - annotate - [select for diffs], Wed Jan 18 14:45:37 2012 UTC (11 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.84: +2 -2
lines
Diff to previous 1.84 (colored)
Revbump after db5 update
Revision 1.84 / (download) - annotate - [select for diffs], Fri Dec 30 18:59:05 2011 UTC (11 years, 2 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.83: +1 -1
lines
Diff to previous 1.83 (colored)
Fix for CVE-2011-4862 from FreeBSD When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer.
Revision 1.83 / (download) - annotate - [select for diffs], Fri Dec 9 01:53:11 2011 UTC (11 years, 3 months ago) by sbd
Branch: MAIN
Changes since 1.82: +2 -2
lines
Diff to previous 1.82 (colored)
In OWN_DIRS_PERMS change ROOT_GROUP to REAL_ROOT_GROUP
Revision 1.82 / (download) - annotate - [select for diffs], Wed Sep 14 17:33:00 2011 UTC (11 years, 6 months ago) by hans
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.81: +3 -2
lines
Diff to previous 1.81 (colored)
Fix build on SunOS.
Revision 1.81 / (download) - annotate - [select for diffs], Sun Jul 31 21:21:01 2011 UTC (11 years, 7 months ago) by gls
Branch: MAIN
Changes since 1.80: +2 -1
lines
Diff to previous 1.80 (colored)
Adds the symbols _kdc_db_fetch and _kdc_free_ent to global visibility, so that they can be referenced from kdc/digest-service. Fixes build on Dragonfly. From Alex Hornung in PR pkg/45195.
Revision 1.80 / (download) - annotate - [select for diffs], Fri Jul 8 09:49:21 2011 UTC (11 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.79: +18 -11
lines
Diff to previous 1.79 (colored)
Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings
Revision 1.79 / (download) - annotate - [select for diffs], Tue Mar 23 15:37:56 2010 UTC (13 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.78: +2 -2
lines
Diff to previous 1.78 (colored)
Reset maintainer, lost his commit bit.
Revision 1.78 / (download) - annotate - [select for diffs], Fri Feb 19 20:16:05 2010 UTC (13 years, 1 month ago) by joerg
Branch: MAIN
Changes since 1.77: +3 -3
lines
Diff to previous 1.77 (colored)
Fix ownership. Bump revision.
Revision 1.77 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:40 2010 UTC (13 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored)
Recursive PKGREVISION bump for jpeg update to 8.
Revision 1.76 / (download) - annotate - [select for diffs], Tue Jun 30 00:07:22 2009 UTC (13 years, 8 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2
Changes since 1.75: +3 -1
lines
Diff to previous 1.75 (colored)
Mark packages as MAKE_JOBS_SAFE=no that failed in a bulk build with MAKE_JOBS=2 and worked without.
Revision 1.75 / (download) - annotate - [select for diffs], Sun Jun 14 22:58:08 2009 UTC (13 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.74: +2 -3
lines
Diff to previous 1.74 (colored)
Remove @dirrm related logic.
Revision 1.74 / (download) - annotate - [select for diffs], Wed May 20 00:58:26 2009 UTC (13 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored)
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib major change. Reported by Robert Elz in PR 41345.
Revision 1.73 / (download) - annotate - [select for diffs], Tue May 19 08:59:31 2009 UTC (13 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.72: +2 -3
lines
Diff to previous 1.72 (colored)
Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT block). Uncomment some commented out LICENSE lines while here.
Revision 1.72 / (download) - annotate - [select for diffs], Sun Feb 1 21:39:43 2009 UTC (14 years, 1 month ago) by shattered
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.71: +3 -3
lines
Diff to previous 1.71 (colored)
heimdal leaves empty directories after deinstallation, fix that. OK by wiz@.
Revision 1.71 / (download) - annotate - [select for diffs], Wed May 14 18:01:26 2008 UTC (14 years, 10 months ago) by jwise
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.70: +5 -2
lines
Diff to previous 1.70 (colored)
libhcrypto.la only seems to get installed if we're building on 3.x or older, so make it only end up in the PLIST if that is the case.
Revision 1.70 / (download) - annotate - [select for diffs], Mon May 5 02:26:03 2008 UTC (14 years, 10 months ago) by jwise
Branch: MAIN
Changes since 1.69: +2 -1
lines
Diff to previous 1.69 (colored)
Add missing library (libhcrypto) to PLIST, allowing sudo to build against this heimdal on 3.x. Bump PKGREVISION.
Revision 1.69 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:09 2008 UTC (14 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.68: +3 -4
lines
Diff to previous 1.68 (colored)
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
Revision 1.68 / (download) - annotate - [select for diffs], Tue Mar 4 22:37:46 2008 UTC (15 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2008Q1
Changes since 1.67: +2 -4
lines
Diff to previous 1.67 (colored)
As of revision 1.2 of termcap.buildlink3.mk, "-ltermcap" is automatically transformed into the correct set of libraries, so we no longer need to override the configure script's check for which library has tgetent().
Revision 1.67 / (download) - annotate - [select for diffs], Sun Mar 2 06:41:32 2008 UTC (15 years ago) by jlam
Branch: MAIN
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored)
The "missing-from-system" headers that Heimdal installs are now placed
into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5.
This is good because it reduces the likelihood of a conflict with any
other similarly named headers if you simply add -I${PREFIX}/include/krb5
to the compiler command line.
Patch from PR pkg/38119 by charlie.
Revision 1.66 / (download) - annotate - [select for diffs], Fri Feb 29 22:41:13 2008 UTC (15 years ago) by jlam
Branch: MAIN
Changes since 1.65: +2 -2
lines
Diff to previous 1.65 (colored)
Rename termlib.* to termcap.* to better document exactly what packages are trying to use (the termcap t*() API).
Revision 1.65 / (download) - annotate - [select for diffs], Thu Feb 28 08:14:41 2008 UTC (15 years ago) by jlam
Branch: MAIN
Changes since 1.64: +27 -88
lines
Diff to previous 1.64 (colored)
Update security/heimdal to version 1.1. Changes from version 0.7.2 include:
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
Revision 1.64 / (download) - annotate - [select for diffs], Fri Jan 18 05:09:37 2008 UTC (15 years, 2 months ago) by tnn
Branch: MAIN
Changes since 1.63: +2 -2
lines
Diff to previous 1.63 (colored)
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Revision 1.63 / (download) - annotate - [select for diffs], Tue Feb 20 10:17:14 2007 UTC (16 years, 1 month ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.62: +11 -1
lines
Diff to previous 1.62 (colored)
Fixed the build on IRIX 6.5.
Revision 1.59.2.1 / (download) - annotate - [select for diffs], Thu Aug 10 07:14:03 2006 UTC (16 years, 7 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.59: +10 -2
lines
Diff to previous 1.59 (colored) next main 1.60 (colored)
Pullup ticket 1784 - requested by salo
security fix for heimdal
Revisions pulled up:
- pkgsrc/security/heimdal/Makefile 1.60-1.62
- pkgsrc/security/heimdal/distinfo 1.20-1.21
- pkgsrc/security/heimdal/PLIST 1.11
- pkgsrc/security/heimdal/PLIST.Linux removed
- pkgsrc/security/heimdal/patches/patch-al 1.1
- pkgsrc/security/heimdal/patches/patch-am 1.1
- pkgsrc/security/heimdal/patches/patch-an 1.1
- pkgsrc/security/heimdal/patches/patch-ao 1.1
- pkgsrc/security/heimdal/patches/patch-ap 1.1
- pkgsrc/security/heimdal/patches/patch-aq 1.1
Module Name: pkgsrc
Committed By: markd
Date: Sun Jul 2 13:53:28 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile
Added Files:
pkgsrc/security/heimdal: PLIST.SunOS
Log Message:
Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with
heimdal, so heimdal installs its own. Add them in PLIST.SunOS
Fixes PR pkg/33656. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: jlam
Date: Wed Jul 5 04:39:15 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile PLIST distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-al
Removed Files:
pkgsrc/security/heimdal: PLIST.Linux PLIST.SunOS
Log Message:
Back out previous and do the same thing more generally for all platforms.
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Aug 9 17:58:09 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-am patch-an patch-ao patch-ap
patch-aq
Log Message:
Security fix for SA21436:
"A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled rcp application. This may
be exploited to perform certain actions with root privileges if the
"setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Bump PKGREVISION.
Revision 1.62 / (download) - annotate - [select for diffs], Wed Aug 9 17:58:09 2006 UTC (16 years, 7 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.61: +2 -2
lines
Diff to previous 1.61 (colored)
Security fix for SA21436: "A security issue has been reported in Heimdal, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled rcp application. This may be exploited to perform certain actions with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21436/ http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ Bump PKGREVISION.
Revision 1.61 / (download) - annotate - [select for diffs], Wed Jul 5 04:39:14 2006 UTC (16 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.60: +9 -1
lines
Diff to previous 1.60 (colored)
Back out previous and do the same thing more generally for all platforms.
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.
Revision 1.60 / (download) - annotate - [select for diffs], Sun Jul 2 13:53:28 2006 UTC (16 years, 8 months ago) by markd
Branch: MAIN
Changes since 1.59: +2 -2
lines
Diff to previous 1.59 (colored)
Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with heimdal, so heimdal installs its own. Add them in PLIST.SunOS Fixes PR pkg/33656. Bump PKGREVISION.
Revision 1.59 / (download) - annotate - [select for diffs], Wed May 31 18:22:26 2006 UTC (16 years, 9 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.58: +3 -3
lines
Diff to previous 1.58 (colored)
The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default.
Revision 1.58 / (download) - annotate - [select for diffs], Mon May 15 09:17:14 2006 UTC (16 years, 10 months ago) by minskim
Branch: MAIN
Changes since 1.57: +2 -1
lines
Diff to previous 1.57 (colored)
Linux does not have glob.h and vis.h compatible with heimdal, so heimdal installs its own glob.h and vis.h. Add them to PLIST.Linux. Bump PKGREVISION.
Revision 1.57 / (download) - annotate - [select for diffs], Sat May 6 01:05:51 2006 UTC (16 years, 10 months ago) by minskim
Branch: MAIN
Changes since 1.56: +2 -2
lines
Diff to previous 1.56 (colored)
This package requires flex to build.
Revision 1.56 / (download) - annotate - [select for diffs], Fri Mar 31 23:44:39 2006 UTC (16 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.55: +2 -1
lines
Diff to previous 1.55 (colored)
heimdal and gss conflict because they install a common set of manpages for the gss_* functions.
Revision 1.55 / (download) - annotate - [select for diffs], Thu Mar 30 03:44:43 2006 UTC (16 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.54: +2 -2
lines
Diff to previous 1.54 (colored)
* Honor PKGINFODIR. * List the info files directly in the PLIST.
Revision 1.49.2.1 / (download) - annotate - [select for diffs], Wed Feb 8 15:59:35 2006 UTC (17 years, 1 month ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.49: +2 -3
lines
Diff to previous 1.49 (colored) next main 1.50 (colored)
Pullup ticket 1106 - requested by Love Hornquist Astrand
security update for heimdal
Revisions pulled up:
- pkgsrc/security/heimdal/Makefile 1.54
- pkgsrc/security/heimdal/distinfo 1.19
- pkgsrc/security/heimdal/patches/patch-ab removed
- pkgsrc/security/heimdal/patches/patch-ak removed
- pkgsrc/security/heimdal/patches/patch-ae removed
- pkgsrc/security/heimdal/patches/patch-af removed
- pkgsrc/security/heimdal/patches/patch-ag removed
- pkgsrc/security/heimdal/patches/patch-ah removed
- pkgsrc/security/heimdal/patches/patch-ai removed
- pkgsrc/security/heimdal/patches/patch-aj removed
Module Name: pkgsrc
Committed By: lha
Date: Tue Feb 7 12:20:52 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Removed Files:
pkgsrc/security/heimdal/patches: patch-ab patch-ae patch-af
patch-ag patch-ah patch-ai patch-aj patch-ak
Log Message:
http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
Changes in Heimdal 0.7.2
* Fix security problem in rshd that enable an attacker to overwrite
and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
in a NULL de-reference before the user logged in, resulting in inetd
turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
exists in the keytab before returning success. This allows servers
to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
uses subkey for sending for compatibility reasons, this will change
in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
successful logins.
* Bug fixes
Revision 1.54 / (download) - annotate - [select for diffs], Tue Feb 7 12:20:52 2006 UTC (17 years, 1 month ago) by lha
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.53: +2 -3
lines
Diff to previous 1.53 (colored)
http://www.pdc.kth.se/heimdal/releases/0.7.2/ http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes
Revision 1.53 / (download) - annotate - [select for diffs], Wed Jan 25 03:47:51 2006 UTC (17 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.52: +4 -1
lines
Diff to previous 1.52 (colored)
Force Heimdal to compile its own compile_et by telling the configure script not to find any system-installed compile_et. (This should really be done by using our own PATH that doesn't include any system paths, but we're not quite ready to do that yet.)
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jan 24 18:56:23 2006 UTC (17 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.51: +2 -1
lines
Diff to previous 1.51 (colored)
security/heimdal and net/openafs conflict because of: bin/compile_et bin/kpasswd bin/pagsh Addresses PR 32610 and PR 32612 by Ola Eriksson.
Revision 1.51 / (download) - annotate - [select for diffs], Tue Jan 24 18:55:21 2006 UTC (17 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.50: +2 -1
lines
Diff to previous 1.50 (colored)
security/heimdal and arla conflict with each other because of: bin/mk_cmds lib/libroken.la lib/libsl.la lib/libss.la man/man3/arg_printusage.3 man/man3/getarg.3 Addresses PR 32610 and PR 32611 by Ola Eriksson.
Revision 1.50 / (download) - annotate - [select for diffs], Thu Dec 29 06:22:09 2005 UTC (17 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.49: +1 -2
lines
Diff to previous 1.49 (colored)
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Dec 21 04:17:49 2005 UTC (17 years, 3 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored)
Add a non-conflicting definition for load_rc_config_var so that platforms with older versions of /etc/rc.subr can run smbd.sh and winbindd.sh without updating /etc/rc.subr. Bump PKGREVISION to 2.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:17 2005 UTC (17 years, 3 months ago) by rillig
Branch: MAIN
Changes since 1.47: +5 -5
lines
Diff to previous 1.47 (colored)
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
Revision 1.47 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:56 2005 UTC (17 years, 3 months ago) by rillig
Branch: MAIN
Changes since 1.46: +2 -2
lines
Diff to previous 1.46 (colored)
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Revision 1.46 / (download) - annotate - [select for diffs], Wed Oct 26 16:44:24 2005 UTC (17 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.45: +2 -1
lines
Diff to previous 1.45 (colored)
Pull in change from Heimdal CVS committed on 20051012 where the field in a publicly-exported structure was renamed from "private" to "opt_private". This allows <krb5.h> to be used by C++ compilers. Bump the PKGREVISION to 1.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Oct 26 15:12:45 2005 UTC (17 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.44: +20 -14
lines
Diff to previous 1.44 (colored)
Update security/heimdal to 0.7.1 (approved by lha). We drop support for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes
Revision 1.44 / (download) - annotate - [select for diffs], Tue Oct 25 01:17:57 2005 UTC (17 years, 5 months ago) by rillig
Branch: MAIN
Changes since 1.43: +6 -1
lines
Diff to previous 1.43 (colored)
Solaris 9 has a <vis.h> header, but it is very different to the BSD <vis.h> header, which is expected by heimdal. Now the package builds on Solaris 9.
Revision 1.43 / (download) - annotate - [select for diffs], Wed Oct 5 13:29:50 2005 UTC (17 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.42: +1 -3
lines
Diff to previous 1.42 (colored)
Remove some more *LEGACY* settings that are over a month old and thus were before 2005Q3.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Aug 23 14:07:25 2005 UTC (17 years, 7 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored)
Include sys/types.h. This fixes configure on DragonFly. Bump PKGREVISION. Okayed by lha@. I tested on Linux and DragonFly. I got this from Joerg Sonnenberger. On DragonFly, the configure errored like: /usr/include/openssl/md5.h:110: error: syntax error before "size_t" In file included from conftest.c:34: /usr/include/openssl/sha.h:109: error: syntax error before "size_t" This caused tests to break and it ended up building and installing libdes and des.h, md4.h, and related headers. So later libgssapi needed this libdes which was not buildlinked which broke kdelibs3 build.
Revision 1.41 / (download) - annotate - [select for diffs], Thu Aug 4 16:50:18 2005 UTC (17 years, 7 months ago) by tonio
Branch: MAIN
Changes since 1.40: +2 -1
lines
Diff to previous 1.40 (colored)
Add patch-aa to make heimdal compile with gcc-4 (default with darwin 8) This patch is the same as revision 1.3 of /cvsroot/src/crypto/dist/heimdal/lib/asn1/gen_glue.c by matt@ those cvs log: Don't emit struct units [] anymore. emit a struct units * const foo and in the C file initialize that to the static list. Bump pkgrevision: it changes the binary package on gcc<4 platforms approved by wiz@
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jun 20 09:51:02 2005 UTC (17 years, 9 months ago) by lha
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.39: +2 -2
lines
Diff to previous 1.39 (colored)
Update to Heimdal 0.6.5 Changes in release 0.6.5 * fix vulnerabilities in telnetd * unbreak Kerberos 4 and kaserver
Revision 1.39 / (download) - annotate - [select for diffs], Wed Jun 1 02:49:39 2005 UTC (17 years, 9 months ago) by yyamano
Branch: MAIN
Changes since 1.38: +3 -1
lines
Diff to previous 1.38 (colored)
Make this build on Darwin. This fixes PR pkg/29147.
Revision 1.38 / (download) - annotate - [select for diffs], Tue May 31 11:31:07 2005 UTC (17 years, 9 months ago) by dillo
Branch: MAIN
Changes since 1.37: +5 -4
lines
Diff to previous 1.37 (colored)
Rename option prefix-cmds to kerberos-prefix-cmds. Backwards compatibility provided via PKG_OPTIONS_LEGACY_OPTS.
Revision 1.37 / (download) - annotate - [select for diffs], Tue May 31 10:01:39 2005 UTC (17 years, 9 months ago) by dillo
Branch: MAIN
Changes since 1.36: +3 -5
lines
Diff to previous 1.36 (colored)
Packages have no business modifying PKG_DEFAULT_OPTIONS -- it's a user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also, make use of PKG_OPTIONS_LEGACY_VARS. Reviewed by wiz.
Revision 1.36 / (download) - annotate - [select for diffs], Sun May 22 20:08:30 2005 UTC (17 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored)
Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions: USE_GNU_TOOLS -> USE_TOOLS awk -> gawk m4 -> gm4 make -> gmake sed -> gsed yacc -> bison
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Thu Apr 21 15:55:33 2005 UTC (17 years, 11 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.32: +6 -7
lines
Diff to previous 1.32 (colored) next main 1.33 (colored)
Pullup ticket 458 - requested by Love Hornquist-Astrand
security fix for heimdal
Revisions pulled up:
- pkgsrc/security/heimdal/Makefile 1.34-1.35
- pkgsrc/security/heimdal/PLIST 1.7
- pkgsrc/security/heimdal/distinfo 1.11
- pkgsrc/security/heimdal/patches/patch-ae removed
Module Name: pkgsrc
Committed By: wiz
Date: Thu Apr 21 14:00:36 UTC 2005
Modified Files:
pkgsrc/security/heimdal: Makefile
Log Message:
lha agreed to maintain this package.
---
Module Name: pkgsrc
Committed By: lha
Date: Thu Apr 21 14:35:47 UTC 2005
Modified Files:
pkgsrc/security/heimdal: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/heimdal/patches: patch-ae
Log Message:
Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
package. Also please pkglint. Changes in heimdal 0.6.4 include:
* fix vulnerabilities in telnet
* rshd: encryption without a separate error socket should now work
* telnet now uses appdefaults for the encrypt and forward/forwardable
settings
* bug fixes
Revision 1.35 / (download) - annotate - [select for diffs], Thu Apr 21 14:35:47 2005 UTC (17 years, 11 months ago) by lha
Branch: MAIN
Changes since 1.34: +5 -6
lines
Diff to previous 1.34 (colored)
Update to Heimdal 0.6.4. While I'm here, claim maintainership of this package. Also please pkglint. Changes in heimdal 0.6.4 include: * fix vulnerabilities in telnet * rshd: encryption without a separate error socket should now work * telnet now uses appdefaults for the encrypt and forward/forwardable settings * bug fixes
Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 21 14:00:36 2005 UTC (17 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.33: +2 -2
lines
Diff to previous 1.33 (colored)
lha agreed to maintain this package.
Revision 1.33 / (download) - annotate - [select for diffs], Mon Apr 11 21:47:12 2005 UTC (17 years, 11 months ago) by tv
Branch: MAIN
Changes since 1.32: +1 -2
lines
Diff to previous 1.32 (colored)
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Revision 1.32 / (download) - annotate - [select for diffs], Tue Dec 28 02:47:49 2004 UTC (18 years, 2 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.31: +2 -2
lines
Diff to previous 1.31 (colored)
The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz).
Revision 1.31 / (download) - annotate - [select for diffs], Thu Dec 23 14:43:28 2004 UTC (18 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.30: +6 -7
lines
Diff to previous 1.30 (colored)
Enable building heimdal with the "ldap" option to allow using an LDAP server as a datastore for the KDC.
Revision 1.30 / (download) - annotate - [select for diffs], Sat Dec 4 03:59:26 2004 UTC (18 years, 3 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.29: +2 -17
lines
Diff to previous 1.29 (colored)
Set USE_OLD_DES_API and replace custom changes to work with NetBSD-2.0's OpenSSL, with patches to use <openssl/des_old.h>.
Revision 1.29 / (download) - annotate - [select for diffs], Sun Nov 28 19:19:52 2004 UTC (18 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Remove pre-buildlink and post-buildlink as part of getting pkgsrc ready for pkgsrc-2004Q4. The "buildlink" phase was removed for the last branch, and this is the final cleanup. "post-buildlink" is now "post-wrapper".
Revision 1.28 / (download) - annotate - [select for diffs], Fri Nov 19 23:16:02 2004 UTC (18 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.27: +18 -2
lines
Diff to previous 1.27 (colored)
Correctly detect the old DES API in the OpenSSL in NetBSD's base install. This prevents Heimdal from building and installing its own DES library and headers. Bump the PKGREVISION.
Revision 1.27 / (download) - annotate - [select for diffs], Mon Nov 15 14:56:36 2004 UTC (18 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.26: +4 -10
lines
Diff to previous 1.26 (colored)
Add a new variable BROKEN_READLINE_DETECTION which should be set to yes/no by a package Makefile, depending on whether the configure process properly detects the additional libraries needed to link against -lreadline (typically, you need either "-lreadline -ltermcap", or "-lreadline -lcurses" to properly link against -lreadline). If this variable is set to "yes", then we automatically expand "-lreadline" into "-lreadline -l<termcap functions library>". BROKEN_READLINE_DETECTION defaults to "no". Set BROKEN_READLINE_DETECTION to "yes" in security/heimdal and remove the custom logic that did the same work.
Revision 1.26 / (download) - annotate - [select for diffs], Tue Nov 9 19:48:52 2004 UTC (18 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.25: +2 -2
lines
Diff to previous 1.25 (colored)
Fix location of heimdal mirror at ftp.sunet.se.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Oct 19 04:01:13 2004 UTC (18 years, 5 months ago) by reed
Branch: MAIN
Changes since 1.24: +2 -1
lines
Diff to previous 1.24 (colored)
This needs a yacc. So used: USE_GNU_TOOLS+= yacc (But it didn't necessarily need a GNU version.)
Revision 1.24 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:09 2004 UTC (18 years, 5 months ago) by tv
Branch: MAIN
Changes since 1.23: +2 -1
lines
Diff to previous 1.23 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Sep 22 08:09:52 2004 UTC (18 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.22: +1 -2
lines
Diff to previous 1.22 (colored)
Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST. All library names listed by *.la files no longer need to be listed in the PLIST, e.g., instead of: lib/libfoo.a lib/libfoo.la lib/libfoo.so lib/libfoo.so.0 lib/libfoo.so.0.1 one simply needs: lib/libfoo.la and bsd.pkg.mk will automatically ensure that the additional library names are listed in the installed package +CONTENTS file. Also make LIBTOOLIZE_PLIST default to "yes".
Revision 1.22 / (download) - annotate - [select for diffs], Wed Sep 15 04:53:21 2004 UTC (18 years, 6 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.21: +11 -3
lines
Diff to previous 1.21 (colored)
The configure script checks for some libraries the wrong order, since -lreadline also needs either -ltermcap, -lcurses, -lncurses in the link command to resolve all symbols used in the readline library. Cause one of these libraries to automatically be added whenever "-lreadline" appears on the command line. This is a generalization of the change in revision 1.6 to work on more operating systems.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Sep 14 14:41:34 2004 UTC (18 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.20: +4 -4
lines
Diff to previous 1.20 (colored)
Update security/heimdal to 0.6.3. Changes from version 0.6.1 include: * fix vulnerabilities in ftpd * support for linux AFS /proc "syscalls" * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd * fix possible KDC denial of service * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
Revision 1.20 / (download) - annotate - [select for diffs], Sun Aug 22 19:32:52 2004 UTC (18 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.19: +3 -11
lines
Diff to previous 1.19 (colored)
Change the way that legacy USE_* and FOO_USE_* options are converted
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
Revision 1.19 / (download) - annotate - [select for diffs], Thu Aug 5 16:28:45 2004 UTC (18 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.18: +4 -4
lines
Diff to previous 1.18 (colored)
It's PKG_OPTIONS.heimdal, not PKG_OPTIONS.mit-krb5.
Revision 1.18 / (download) - annotate - [select for diffs], Fri Jul 30 21:05:42 2004 UTC (18 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.17: +23 -10
lines
Diff to previous 1.17 (colored)
Convert to use bsd.options.mk. The relevant options variable to set for each package can be determined by invoking: make show-var VARNAME=PKG_OPTIONS_VAR The old options are still supported unless the variable named in PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
Revision 1.17 / (download) - annotate - [select for diffs], Sat Jul 24 14:01:20 2004 UTC (18 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.16: +3 -2
lines
Diff to previous 1.16 (colored)
Honor VARBASE; bump PKGREVISION.
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jun 25 15:44:30 2004 UTC (18 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Cede maintainership to the hard-working people on tech-pkg@NetBSD.org.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jun 25 15:42:52 2004 UTC (18 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.14: +12 -12
lines
Diff to previous 1.14 (colored)
Whitespace nits.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Apr 1 20:51:50 2004 UTC (18 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.13: +1 -2
lines
Diff to previous 1.13 (colored)
There is no PKGREVISION less than 1. Just remove it in this case.
Revision 1.13 / (download) - annotate - [select for diffs], Thu Apr 1 18:42:25 2004 UTC (18 years, 11 months ago) by joda
Branch: MAIN
Changes since 1.12: +4 -5
lines
Diff to previous 1.12 (colored)
Update to 0.6.1: * Fixed cross realm vulnerability * Fixed ARCFOUR suppport * kdc: fix denial of service attack * kdc: stop clients from renewing tickets into the future * bug fixes
Revision 1.12 / (download) - annotate - [select for diffs], Mon Mar 29 17:22:26 2004 UTC (18 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Note the info file for the new info file handling framework.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Mar 28 01:00:11 2004 UTC (18 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.10: +26 -8
lines
Diff to previous 1.10 (colored)
Fix the Kerberized telnetd and rsh to use the Heimdal binaries for login and rsh so that the correct programs (and not the system ones) are executed. Bump the PKGREVISION to 3.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Mar 26 18:48:52 2004 UTC (19 years ago) by jlam
Branch: MAIN
Changes since 1.9: +1 -2
lines
Diff to previous 1.9 (colored)
Reverse the use of USE_DB185 in bdb.buildlink3.mk -- it defaults to "yes" and packages that can't use the DB-1.85 API should set it to "no". This makes the native DB the preferred DB if it exists.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Mar 26 02:27:52 2004 UTC (19 years ago) by wiz
Branch: MAIN
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version.
Revision 1.8 / (download) - annotate - [select for diffs], Wed Mar 10 18:07:16 2004 UTC (19 years ago) by jlam
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Convert to use bdb.buildlink3.mk.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Feb 23 12:35:11 2004 UTC (19 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.6: +2 -1
lines
Diff to previous 1.6 (colored)
Let the rc.d script start kdc detached, as is the default for the in-tree kdc. From Jukka Salmi in PR 24489, ok'd by lukem@. Bump PKGREVISION to 1.
Revision 1.6 / (download) - annotate - [select for diffs], Sun Feb 22 11:59:50 2004 UTC (19 years, 1 month ago) by markd
Branch: MAIN
Changes since 1.5: +7 -1
lines
Diff to previous 1.5 (colored)
configure looks for and finds -ltermcap too late in the process for it to be linked in when testing -lreadline usability so that test fails on Solaris - so pass that lib into configure at the start via the environment. Also allow optional use of db4 rather that db.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Feb 14 17:21:52 2004 UTC (19 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.4: +1 -2
lines
Diff to previous 1.4 (colored)
LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 15 12:48:00 2004 UTC (19 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.3: +16 -6
lines
Diff to previous 1.3 (colored)
Support a new yes/no variable "KERBEROS_PREFIX_CMDS" that can be used by Kerberos implementation packages to decide whether to prefix certain commands with a "k" to differentiate it from system tools with similar names. KERBEROS_PREFIX_CMDS defaults to "no".
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jan 11 00:00:28 2004 UTC (19 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.2: +3 -1
lines
Diff to previous 1.2 (colored)
Note CONFLICT with forthcoming mit-krb5 package.
Revision 1.2 / (download) - annotate - [select for diffs], Sat Jan 10 21:59:29 2004 UTC (19 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
Add a rc.d script to start the kdc daemon on the Kerberos master server.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Jan 10 14:56:45 2004 UTC (19 years, 2 months ago) by jlam
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of heimdal-0.6 into security/heimdal. Heimdal is a free implementation of Kerberos 5. Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is "unsafe". Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). All principals share a secret password (or key) with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Thus trusting the Kerberos server, users and services can authenticate each other.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jan 10 14:56:45 2004 UTC (19 years, 2 months ago) by jlam
Branch: MAIN
Initial revision