The NetBSD Project

CVS log for pkgsrc/security/heimdal/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / heimdal

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.163 / (download) - annotate - [select for diffs], Wed Nov 8 13:20:46 2023 UTC (5 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, HEAD
Changes since 1.162: +2 -2 lines
Diff to previous 1.162 (colored)

*: recursive bump for icu 74.1

Revision 1.162 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:48 2023 UTC (5 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.161: +2 -2 lines
Diff to previous 1.161 (colored)

*: bump for openssl 3

Revision 1.161 / (download) - annotate - [select for diffs], Mon Aug 14 05:25:09 2023 UTC (8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Changes since 1.160: +2 -2 lines
Diff to previous 1.160 (colored)

*: recursive bump for Python 3.11 as new default

Revision 1.157.2.1 / (download) - annotate - [select for diffs], Tue Jun 20 17:57:33 2023 UTC (9 months, 3 weeks ago) by bsiegert
Branch: pkgsrc-2023Q1
Changes since 1.157: +2 -2 lines
Diff to previous 1.157 (colored) next main 1.158 (colored)

Pullup ticket #6762 - requested by riastradh
security/heimdal: security fix

Revisions pulled up:
- security/heimdal/Makefile                                     1.160
- security/heimdal/distinfo                                     1.57
- security/heimdal/patches/patch-lib_krb5_store-int.c           1.1

---
   Module Name:    pkgsrc
   Committed By:   riastradh
   Date:           Mon Jun 19 19:13:03 UTC 2023

   Modified Files:
           pkgsrc/security/heimdal: Makefile distinfo
   Added Files:
           pkgsrc/security/heimdal/patches: patch-lib_krb5_store-int.c

   Log Message:
   security/heimdal: Patch CVE-2022-42898 away.

Revision 1.160 / (download) - annotate - [select for diffs], Mon Jun 19 19:13:03 2023 UTC (9 months, 4 weeks ago) by riastradh
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Changes since 1.159: +2 -2 lines
Diff to previous 1.159 (colored)

security/heimdal: Patch CVE-2022-42898 away.

Revision 1.159 / (download) - annotate - [select for diffs], Tue Jun 6 12:42:13 2023 UTC (10 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.158: +2 -2 lines
Diff to previous 1.158 (colored)

Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html

Revision 1.158 / (download) - annotate - [select for diffs], Wed Apr 19 08:08:40 2023 UTC (11 months, 4 weeks ago) by adam
Branch: MAIN
Changes since 1.157: +2 -2 lines
Diff to previous 1.157 (colored)

revbump after textproc/icu update

Revision 1.157 / (download) - annotate - [select for diffs], Wed Feb 8 07:41:25 2023 UTC (14 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base
Branch point for: pkgsrc-2023Q1
Changes since 1.156: +2 -2 lines
Diff to previous 1.156 (colored)

heimdal: add patch against CVE-2022-45142

Bump PKGREVISION.

Revision 1.156 / (download) - annotate - [select for diffs], Wed Nov 23 16:18:59 2022 UTC (16 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.155: +2 -1 lines
Diff to previous 1.155 (colored)

massive revision bump after textproc/icu update

Revision 1.155 / (download) - annotate - [select for diffs], Tue Nov 22 12:51:00 2022 UTC (16 months, 3 weeks ago) by adam
Branch: MAIN
Changes since 1.154: +8 -12 lines
Diff to previous 1.154 (colored)

heimdal: updated to 7.8

Heimdal 7.8 Latest
This release includes both the Heimdal 7.7.1 Security Vulnerability fixes and non-Security bug fixes/improvements.

Security Vulnerabilities:

CVE-2022-42898 PAC parse integer overflows

CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour

CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array

CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors

CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ

CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.

Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.

This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.

This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.

While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.

CVE-2019-14870: Validate client attributes in protocol-transition

CVE-2019-14870: Apply forwardable policy in protocol-transition

CVE-2019-14870: Always lookup impersonate client in DB

Other changes:

Bugs found by UBSAN (including the incorrect encoding of unconstrained
INTEGER value -1).

Errors found by the LLVM scan-build static analyzer.

Errors found by the valgrind memory debugger.

Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp).

Correct ASN.1 OID typo for SHA-384

Fix a deadlock in in the MEMORY ccache type.

TGS: strip forwardable and proxiable flags if the server is
disallowed.

CVE-2019-14870: Validate client attributes in protocol-transition

CVE-2019-14870: Apply forwardable policy in protocol-transition

CVE-2019-14870: Always lookup impersonate client in DB

Incremental HDB propagation improvements

Refactor send_diffs making it progressive
Handle partial writes on non-blocking sockets
Disable Nagle in iprop master and slave
Use async I/O
Don't send I_HAVE in response to AYT
Do not recover log in kadm5_get_principal()
Don't send diffs to slaves with not yet known version
Don't stutter in send_diffs
Optional backwards-compatible anon-pkinit behavior

Revision 1.154 / (download) - annotate - [select for diffs], Tue Jun 28 11:35:35 2022 UTC (21 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.153: +2 -2 lines
Diff to previous 1.153 (colored)

*: recursive bump for perl 5.36

Revision 1.153 / (download) - annotate - [select for diffs], Mon Apr 18 19:10:04 2022 UTC (23 months, 4 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.152: +2 -2 lines
Diff to previous 1.152 (colored)

revbump for textproc/icu update

Revision 1.152 / (download) - annotate - [select for diffs], Wed Dec 8 16:02:33 2021 UTC (2 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.151: +2 -2 lines
Diff to previous 1.151 (colored)

revbump for icu and libffi

Revision 1.151 / (download) - annotate - [select for diffs], Wed Nov 17 08:46:02 2021 UTC (2 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.150: +2 -2 lines
Diff to previous 1.150 (colored)

heimdal: Fix CVE-2021-3671

Patch from samba

Bump PKGREVISION.

Revision 1.150 / (download) - annotate - [select for diffs], Fri Oct 22 07:31:54 2021 UTC (2 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.149: +2 -1 lines
Diff to previous 1.149 (colored)

heimdal: fix su -> ksu name change with kerberos-prefix-cmds option

Bump PKGREVISION, since it's on by default.

Revision 1.149 / (download) - annotate - [select for diffs], Thu Oct 21 09:02:25 2021 UTC (2 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.148: +2 -2 lines
Diff to previous 1.148 (colored)

heimdal: fix fetch stage

Revision 1.148 / (download) - annotate - [select for diffs], Thu Oct 21 07:51:41 2021 UTC (2 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.147: +2 -3 lines
Diff to previous 1.147 (colored)

heimdal: remove hcrypto PLIST_VAR

It was always set to yes.

Revision 1.147 / (download) - annotate - [select for diffs], Thu Oct 21 07:46:02 2021 UTC (2 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.146: +14 -31 lines
Diff to previous 1.146 (colored)

heimdal: update to 7.7.0.

This version supports openssl 1.1, so re-enable it.

Release Notes - Heimdal - Version Heimdal 7.7

 Bug fixes

 - PKCS#11 hcrypto back-end
   . initialize the p11_module_load function list
   . verify that not only is a mechanism present but that its mechanism
     info states that it offers the required encryption, decryption or
     digest services
 - krb5:
   . Starting with 7.6, Heimdal permitted requesting authenticated
     anonymous tickets.  However, it did not verify that a KDC in fact
     returned an anonymous ticket when one was requested.
   - Cease setting the KDCOption reaquest_anonymous flag when issuing
     S4UProxy (constrained delegation) TGS requests.
   . when the Win2K PKINIT compatibility option is set, do
     not require krbtgt otherName to match when validating KDC
     certificate.
   . set PKINIT_BTMM flag per Apple implementation
   . use memset_s() instead of memset()
 - kdc:
   . When generating KRB5SignedPath in the AS, use the reply client name
     rather than the one from the request, so validation will work
     correctly in the TGS.
   . allow checksum of PA-FOR-USER to be HMAC_MD5.  Even if tgt used
     an enctype with a different checksum.  Per [MS-SFU] 2.2.1
     PA-FOR-USER the checksum is always HMAC_MD5, and that's what
     Windows and MIT clients send.

     In heimdal both the client and kdc use instead the
     checksum of the tgt, and therefore work with each other
     but Windows and MIT clients fail against heimdal KDC.

     Both Windows and MIT KDCs would allow any keyed checksum
     to be used so Heimdal client interoperates with them.

     Change Heimdal KDC to allow HMAC_MD5 even for non RC4
     based tgt in order to support per-spec clients.
   . use memset_s() instead of memset().
   - Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy
     (constrained delegation) TGS Requests with the request
     anonymous flag set.  These requests will be treated as
     S4UProxy requests and not anonymous requests.
 - HDB:
   . Set SQLite3 backend default page size to 8KB.
   . Add hdb_set_sync() method
 - kadmind:
   . disable HDB sync during database load avoiding unnecessary disk i/o.
 - ipropd:
   . disable HDB sync during receive_everything.  Doing an fsync
     per-record when receiving the complete HDB is a performance
     disaster.  Among other things, if the HDB is very large, then
     one slave receving a full HDB can cause other slaves to timeout
     and, if HDB write activity is high enough to cause iprop log
     truncation, then also need full syncs, which leads to a cycle of
     full syncs for all slaves until HDB write activity drops.
     Allowing the iprop log to be larger helps, but improving
     receive_everything() performance helps even more.
 - kinit:
   . Anonymous PKINIT tickets discard the realm information used
     to locate the issuing AS. Store the issuing realm in the
     credentials cache in order to locate a KDC which can renew them.
   . Do not leak the result of krb5_cc_get_config() when determining
     anonymous PKINIT start realm.
  - klist:
    . Show transited-policy-checked, ok-as-delegate and anonymous
      flags when listing credentials.
 - tests:
   . Regenerate certs so that they expire before the 2038 armageddon
     so the test suite will pass on 32-bit operating systems until the
     underlying issues can be resolved.
 - Solaris:
   . Define _STDC_C11_BCI for memset_s prototype
 - build tooling:
   . Convert from python 2 to python 3
 - documentation
   . rename verify-password to verify-password-quality
   . hprop default mode is encrypt
   . kadmind "all" permission does not include "get-keys"
   . verify-password-quality might not be stateless

Release Notes - Heimdal - Version Heimdal 7.6

 Security

 - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

    When the Heimdal KDC checks the checksum that is placed on the
    S4U2Self packet by the server to protect the requested principal
    against modification, it does not confirm that the checksum
    algorithm that protects the user name (principal) in the request
    is keyed.  This allows a man-in-the-middle attacker who can
    intercept the request to the KDC to modify the packet by replacing
    the user name (principal) in the request with any desired user
    name (principal) that exists in the KDC and replace the checksum
    protecting that name with a CRC32 checksum (which requires no
    prior knowledge to compute).

    This would allow a S4U2Self ticket requested on behalf of user
    name (principal) user@EXAMPLE.COM to any service to be changed
    to a S4U2Self ticket with a user name (principal) of
    Administrator@EXAMPLE.COM. This ticket would then contain the
    PAC of the modified user name (principal).

 - CVE-2019-12098, client-only:

    RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge
    when anonymous PKINIT is used.  Failure to do so can permit an active
    attacker to become a man-in-the-middle.

 Bug fixes

 - Happy eyeballs: Don't wait for responses from known-unreachable KDCs.
 - kdc: check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
 - kinit:
   . cleanup temporary ccaches
   . see man page for "kinit --anonymous" command line syntax change
 - kdc: Make anonymous AS-requests more RFC8062-compliant.
 - Updated expired test certificates
 - Solaris:
   . PKCS#11 hcrypto backend broken since 7.0.1
   . Building with Sun Pro C

 Features

 - kuser: support authenticated anonymous AS-REQs in kinit
 - kdc: support for anonymous TGS-REQs
 - kgetcred support for anonymous service tickets
 - Support builds with OpenSSL 1.1.1

Release Notes - Heimdal - Version Heimdal 7.5

 Security

 - Fix CVE-2017-17439, which is a remote denial of service
   vulnerability:

     In Heimdal 7.1 through 7.4, remote unauthenticated attackers
     are able to crash the KDC by sending a crafted UDP packet
     containing empty data fields for client name or realm.

 Bug fixes

 - Handle long input lines when reloading database dumps.

 - In pre-forked mode (default on Unix), correctly clear
   the process ids of exited children, allowing new child processes
   to replace the old.

 - Fixed incorrect KDC response when no-cross realm TGT exists,
   allowing client requests to fail quickly rather than time
   out after trying to get a correct answer from each KDC.

Release Notes - Heimdal - Version Heimdal 7.4

 Security

 - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

   This is a critical vulnerability.

   In _krb5_extract_ticket() the KDC-REP service name must be obtained from
   encrypted version stored in 'enc_part' instead of the unencrypted version
   stored in 'ticket'.  Use of the unecrypted version provides an
   opportunity for successful server impersonation and other attacks.

   Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

   See https://www.orpheus-lyre.info/ for more details.

Release Notes - Heimdal - Version Heimdal 7.3

 Security

 - Fix transit path validation.  Commit f469fc6 (2010-10-02) inadvertently
   caused the previous hop realm to not be added to the transit path
   of issued tickets.  This may, in some cases, enable bypass of capath
   policy in Heimdal versions 1.5 through 7.2.

   Note, this may break sites that rely on the bug.  With the bug some
   incomplete [capaths] worked, that should not have.  These may now break
   authentication in some cross-realm configurations.
   (CVE-2017-6594)

Release Notes - Heimdal - Version Heimdal 7.2

 Bug fixes
 - Portability improvements
 - More strict parsing of encoded URI components in HTTP KDC
 - Fixed memory leak in malloc error recovery in NTLM GSSAPI mechanism
 - Avoid overly specific CPU info in krb5-config in aid of reproducible builds
 - Don't do AFS string-to-key tests when feature is disabled
 - Skip mdb_stat test when the command is not available
 - Windows: update SHA2 timestamp server
 - hdb: add missing export hdb_generate_key_set_password_with_ks_tuple
 - Fix signature of hdb_generate_key_set_password()
 - Windows: enable KX509 support in the KDC
 - kdc: fix kx509 service principal match
 - iprop: handle case where master sends nothing new
 - ipropd-slave: fix incorrect error codes
 - Allow choice of sqlite for HDB pref
 - check-iprop: don't fail to kill daemons
 - roken: pidfile -> rk_pidfile
 - kdc: _kdc_do_kx509 fix use after free error
 - Do not detect x32 as 64-bit platform.
 - No sys/ttydefaults.h on CYGWIN
 - Fix check-iprop races
 - roken_detach_prep() close pipe

Release Notes - Heimdal - Version Heimdal 7.1

 Security

 - kx509 realm-chopping security bug
 - non-authorization of alias additions/removals in kadmind
   (CVE-2016-2400)

 Feature

 - iprop has been revamped to fix a number of race conditions that could
   lead to inconsistent replication
 - Hierarchical capath support
 - AES Encryption with HMAC-SHA2 for Kerberos 5
   draft-ietf-kitten-aes-cts-hmac-sha2-11
 - hcrypto is now thread safe on all platforms
 - libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for
   Solaris), and OpenSSL.  OpenSSL is now a first-class libhcrypto backend.
   OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by
   backend
 - HDB now supports LMDB
 - Thread support on Windows
 - RFC 6113  Generalized Framework for Kerberos Pre-Authentication (FAST)
 - New GSS APIs:
   . gss_localname
 - Allow setting what encryption types a principal should have with
   [kadmin] default_key_rules, see krb5.conf manpage for more info
 - Unify libhcrypto with LTC (libtomcrypto)
 - asn1_compile 64-bit INTEGER functionality
 - HDB key history support including --keepold kadmin password option
 - Improved cross-realm key rollover safety
 - New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces
 - Improved MIT compatibility
   . kadm5 API
   . Migration from MIT KDB via "mitdb" HDB backend
   . Capable of writing the HDB in MIT dump format
 - Improved Active Directory interoperability
   . Enctype selection issues for PAC and other authz-data signatures
   . Cross realm key rollover (kvno 0)
 - New [kdc] enctype negotiation configuration:
   . tgt-use-strongest-session-key
   . svc-use-strongest-session-key
   . preauth-use-strongest-session-key
   . use-strongest-server-key
 - The KDC process now uses a multi-process model improving
   resiliency and performance
 - Allow batch-mode kinit with password file
 - SIGINFO support added to kinit cmd
 - New kx509 configuration options:
   . kx509_ca
   . kca_service
   . kx509_include_pkinit_san
   . kx509_template
 - Improved Heimdal library/plugin version safety
 - Name canonicalization
   . DNS resolver searchlist
   . Improved referral support
   . Support host:port host-based services
 - Pluggable libheimbase interface for DBs
 - Improve IPv6 Support
 - LDAP
   . Bind DN and password
   . Start TLS
 - klist --json
 - DIR credential cache type
 - Updated upstream SQLite and libedit
 - Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
   telnet, xnlock
 - Completely remove RAND_egd support
 - Moved kadmin and ktutil to /usr/bin
 - Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
    . use O_NOFOLLOW
    . don't follow symlinks
    . require cache files to be owned by the user
    . require sensible permissions (not group/other readable)
 - Implemented gss_store_cred()
 - Many more

 Bug fixes
 - iprop has been revamped to fix a number of race conditions that could
   lead to data loss
 - Include non-loopback addresses assigned to loopback interfaces
   when requesting tickets with addresses
 - KDC 1DES session key selection (for AFS rxkad-k5 compatibility)
 - Keytab file descriptor and lock leak
 - Credential cache corruption bugs
   (NOTE: The FILE ccache is still not entirely safe due to the
   fundamentally unsafe design of POSIX file locking)
 - gss_pseudo_random() interop bug
 - Plugins are now preferentially loaded from the run-time install tree
 - Reauthentication after password change in init_creds_password
 - Memory leak in the client kadmin library
 - TGS client requests renewable/forwardable/proxiable when possible
 - Locking issues in DB1 and DB3 HDB backends
 - Master HDB can remain locked while waiting for network I/O
 - Renewal/refresh logic when kinit is provided with a command
 - KDC handling of enterprise principals
 - Use correct bit for anon-pkinit
 - Many more

Revision 1.146 / (download) - annotate - [select for diffs], Sun May 9 16:04:34 2021 UTC (2 years, 11 months ago) by thor
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.145: +5 -2 lines
Diff to previous 1.145 (colored)

security/heimdal: provide krb5-gssapi.pc as symlink

This is needed for example for qt5-qtbase to pick up a pkgsrc-installed
heimdal instead of possibly a mix of system mit-krb5 libs with pkgsrc
headers, for its network auth that recently got GSSAPI.

It makes sense to provide the same pkg-config package name if heimdal and
mit-krb5 should be transparently compatible at that front.

Revision 1.145 / (download) - annotate - [select for diffs], Wed Apr 21 11:40:36 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.144: +2 -2 lines
Diff to previous 1.144 (colored)

revbump for textproc/icu

Revision 1.144 / (download) - annotate - [select for diffs], Thu Nov 5 09:07:06 2020 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.143: +2 -2 lines
Diff to previous 1.143 (colored)

*: Recursive revbump from textproc/icu-68.1

Revision 1.143 / (download) - annotate - [select for diffs], Sun Jul 26 09:30:14 2020 UTC (3 years, 8 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.142: +4 -2 lines
Diff to previous 1.142 (colored)

heimdal: Update MASTER_SITES.

The original master site is gone. The new one redirects to Github but for
the ancient release we package (1.5.3, newest is 7.x), it does not have the
distfile.

Update NetBSD/pkgsrc#68

Revision 1.142 / (download) - annotate - [select for diffs], Tue Jun 2 08:22:54 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.141: +2 -2 lines
Diff to previous 1.141 (colored)

Revbump for icu

Revision 1.141 / (download) - annotate - [select for diffs], Sun Apr 12 08:28:05 2020 UTC (4 years ago) by adam
Branch: MAIN
Changes since 1.140: +2 -2 lines
Diff to previous 1.140 (colored)

Recursive revision bump after textproc/icu update

Revision 1.140 / (download) - annotate - [select for diffs], Sat Mar 21 00:15:11 2020 UTC (4 years ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)

heimdal: fix runpath setting in krb5-config

Revision 1.139 / (download) - annotate - [select for diffs], Wed Mar 18 13:18:57 2020 UTC (4 years ago) by gdt
Branch: MAIN
Changes since 1.138: +2 -2 lines
Diff to previous 1.138 (colored)

security/heimdal: Prefix kerberos commands by default

It has long been an issue that heimdal installs "su" which shadows
system su and behaves differently.  Now, with openssl 1.1, many people
are getting heimdal installed that did not expect it or ask for it.

(Really, heimdal should be split into libraries and apps, so that
programs can have kerberos support without adding commands to the
user's namespace, but this is vastly easier.)

(In response to on-list complaints, and believing this will not be
contoversial.)

Revision 1.138 / (download) - annotate - [select for diffs], Thu Feb 20 21:01:09 2020 UTC (4 years, 1 month ago) by rillig
Branch: MAIN
Changes since 1.137: +9 -2 lines
Diff to previous 1.137 (colored)

security/heimdal: add back MAKE_JOBS_SAFE=no

Revision 1.137 / (download) - annotate - [select for diffs], Thu Feb 13 21:12:21 2020 UTC (4 years, 2 months ago) by rillig
Branch: MAIN
Changes since 1.136: +1 -3 lines
Diff to previous 1.136 (colored)

security/heimdal: remove MAKE_JOBS_SAFE=no

Heimdal built fine on NetBSD-8.0-x86_64 with MAKE_JOBS=7.

Revision 1.136 / (download) - annotate - [select for diffs], Thu Feb 13 21:04:25 2020 UTC (4 years, 2 months ago) by rillig
Branch: MAIN
Changes since 1.135: +2 -1 lines
Diff to previous 1.135 (colored)

security/heimdal: disable check for unknown GNU configure options

Heimdal has bundled libreadline, which has its own configure file with
completely different options.

Revision 1.135 / (download) - annotate - [select for diffs], Sat Jan 18 21:48:21 2020 UTC (4 years, 2 months ago) by jperkin
Branch: MAIN
Changes since 1.134: +2 -2 lines
Diff to previous 1.134 (colored)

*: Recursive revision bump for openssl 1.1.1.

Revision 1.134 / (download) - annotate - [select for diffs], Mon Nov 4 21:12:53 2019 UTC (4 years, 5 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.133: +3 -3 lines
Diff to previous 1.133 (colored)

security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Revision 1.133 / (download) - annotate - [select for diffs], Mon Oct 21 16:21:44 2019 UTC (4 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.132: +5 -18 lines
Diff to previous 1.132 (colored)

heimdal: fix build on OpenSSL 1.1 systems by disabling OpenSSL.

heimdal includes a copy of the relevant functions itself.

Add a comment that the dependency should be re-enabled when updating
this package.

Bump PKGREVISION.

Revision 1.132 / (download) - annotate - [select for diffs], Wed Apr 3 00:33:04 2019 UTC (5 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.131: +2 -2 lines
Diff to previous 1.131 (colored)

Recursive revbump from textproc/icu

Revision 1.131 / (download) - annotate - [select for diffs], Wed Feb 6 11:36:38 2019 UTC (5 years, 2 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.130: +15 -17 lines
Diff to previous 1.130 (colored)

heimdal: fix Linux PLIST.hcrypto issue in a more generic way

Tested under Debian unstable. PR pkg/53806

Revision 1.130 / (download) - annotate - [select for diffs], Sun Jan 6 12:53:56 2019 UTC (5 years, 3 months ago) by bsiegert
Branch: MAIN
Changes since 1.129: +8 -2 lines
Diff to previous 1.129 (colored)

heimdal: Fix compilation under WSL

This sets the "hcrypto" PLIST variable correct when pkgsrc is used under
WSL (Windows Services for Linux).

From David Weller-Fahy via PR pkg/53806.

Revision 1.129 / (download) - annotate - [select for diffs], Sun Dec 9 18:52:07 2018 UTC (5 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored)

revbump after updating textproc/icu

Revision 1.128 / (download) - annotate - [select for diffs], Tue Nov 27 23:36:00 2018 UTC (5 years, 4 months ago) by sevan
Branch: MAIN
Changes since 1.127: +6 -1 lines
Diff to previous 1.127 (colored)

Support Minix.

Revision 1.127 / (download) - annotate - [select for diffs], Fri Jul 20 03:33:55 2018 UTC (5 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)

Recursive revbump from textproc/icu-62.1

Revision 1.126 / (download) - annotate - [select for diffs], Sat Apr 14 07:34:00 2018 UTC (6 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored)

revbump after icu update

Revision 1.125 / (download) - annotate - [select for diffs], Thu Nov 30 16:45:07 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.124: +2 -2 lines
Diff to previous 1.124 (colored)

Revbump after textproc/icu update

Revision 1.124 / (download) - annotate - [select for diffs], Mon Sep 18 09:53:04 2017 UTC (6 years, 6 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.123: +2 -2 lines
Diff to previous 1.123 (colored)

revbump for requiring ICU 59.x

Revision 1.123 / (download) - annotate - [select for diffs], Sat Apr 22 21:03:16 2017 UTC (6 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.122: +2 -2 lines
Diff to previous 1.122 (colored)

Revbump after icu update

Revision 1.122 / (download) - annotate - [select for diffs], Sun Dec 4 05:17:11 2016 UTC (7 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.121: +2 -2 lines
Diff to previous 1.121 (colored)

Recursive revbump from textproc/icu 58.1

Revision 1.121 / (download) - annotate - [select for diffs], Thu Jun 2 16:01:12 2016 UTC (7 years, 10 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.120: +5 -1 lines
Diff to previous 1.120 (colored)

Explicitly disable extended glob(3C) support on SunOS, despite it
being available on newer illumos, as it simplifies PLIST.glob.

Revision 1.120 / (download) - annotate - [select for diffs], Mon Apr 11 19:01:38 2016 UTC (8 years ago) by ryoon
Branch: MAIN
Changes since 1.119: +2 -2 lines
Diff to previous 1.119 (colored)

Recursive revbump from textproc/icu 57.1

Revision 1.119 / (download) - annotate - [select for diffs], Wed Mar 9 06:01:09 2016 UTC (8 years, 1 month ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.118: +3 -1 lines
Diff to previous 1.118 (colored)

fix build on Linux

Revision 1.118 / (download) - annotate - [select for diffs], Sat Mar 5 11:27:54 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored)

Bump PKGREVISION for security/openssl ABI bump.

Revision 1.117 / (download) - annotate - [select for diffs], Thu Feb 25 08:27:04 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.116: +1 -2 lines
Diff to previous 1.116 (colored)

Remove manual OPSYSVARS additions which are now part of the default set.

Revision 1.116 / (download) - annotate - [select for diffs], Sat Oct 10 01:57:55 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.115: +2 -2 lines
Diff to previous 1.115 (colored)

Recursive revbump from textproc/icu

Revision 1.115 / (download) - annotate - [select for diffs], Mon Apr 6 08:17:17 2015 UTC (9 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.114: +2 -2 lines
Diff to previous 1.114 (colored)

Revbump after updating textproc/icu

Revision 1.114 / (download) - annotate - [select for diffs], Tue Oct 7 16:47:14 2014 UTC (9 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)

Revbump after updating libwebp and icu

Revision 1.113 / (download) - annotate - [select for diffs], Wed Jul 30 11:05:04 2014 UTC (9 years, 8 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.112: +3 -3 lines
Diff to previous 1.112 (colored)

Add runtime dependency on flex (in bin/compile_et). Bump PKGREVISION.

Revision 1.112 / (download) - annotate - [select for diffs], Wed Apr 9 07:26:58 2014 UTC (10 years ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)

recursive bump from icu shlib major bump.

Revision 1.111 / (download) - annotate - [select for diffs], Sat Mar 22 09:05:24 2014 UTC (10 years ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.110: +10 -10 lines
Diff to previous 1.110 (colored)

The MirBSD stanza was wrong. Moved it below the builtin.mk inclusion and
made the conditional more robust.

Fixes at least "make describe", let's see if it helps for the bulk build.

Revision 1.110 / (download) - annotate - [select for diffs], Wed Mar 19 13:25:04 2014 UTC (10 years, 1 month ago) by bsiegert
Branch: MAIN
Changes since 1.109: +3 -1 lines
Diff to previous 1.109 (colored)

Only build hcrypto on MirBSD if using the builtin OpenSSL. Fixes build
now that we have OpenSSL from pkgsrc.

Revision 1.109 / (download) - annotate - [select for diffs], Thu Feb 20 08:19:43 2014 UTC (10 years, 1 month ago) by obache
Branch: MAIN
Changes since 1.108: +11 -10 lines
Diff to previous 1.108 (colored)

Move check of builtin openssl below to buildlink with openssl and exactly set as
checking builtin before including openssl/builtin.mk, so that wanted openssl
will be picked up (formerly, BUILTINK_API_DEPENDS.openssl is ignored).

Bump PKGREVISION.

Revision 1.108 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:32 2014 UTC (10 years, 2 months ago) by tron
Branch: MAIN
Changes since 1.107: +2 -2 lines
Diff to previous 1.107 (colored)

Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.107 / (download) - annotate - [select for diffs], Wed Dec 4 10:01:30 2013 UTC (10 years, 4 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.106: +8 -1 lines
Diff to previous 1.106 (colored)

Fix heimdal build under MirBSD.

The three tommath patches (which patch the files into existence) have
been included in the source code since heimdal 1.5, so remove them.
Compile errors due to missing -pthread in MirBSD were fixed by adding
PTHREAD_AUTO_VARS.

Revision 1.106 / (download) - annotate - [select for diffs], Sat Oct 19 09:06:56 2013 UTC (10 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored)

Revbump after updating textproc/icu

Revision 1.105 / (download) - annotate - [select for diffs], Mon Oct 14 09:55:52 2013 UTC (10 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.104: +7 -1 lines
Diff to previous 1.104 (colored)

Fix pakaging on Linux.
vis.h and glob.h are installed on Linux
(Debian GNU/Linux 7.1 and CentOS 6.4 at least)

* Makefile of Rev 1.100 removes vis.h and glob.h hack. My two Linux
  environments require vis.h and glob.h entries for PLIST.
  Set PLIST.vis and PLIST.glob for Linux.

Revision 1.104 / (download) - annotate - [select for diffs], Fri Oct 11 16:21:40 2013 UTC (10 years, 6 months ago) by roy
Branch: MAIN
Changes since 1.103: +3 -3 lines
Diff to previous 1.103 (colored)

Heimdal really uses termcap

Revision 1.103 / (download) - annotate - [select for diffs], Sat Aug 24 16:45:08 2013 UTC (10 years, 7 months ago) by richard
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.102: +7 -2 lines
Diff to previous 1.102 (colored)

fix PLIST options for solaris, including builtin openssl support

Revision 1.102 / (download) - annotate - [select for diffs], Thu Aug 22 21:17:00 2013 UTC (10 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.101: +6 -1 lines
Diff to previous 1.101 (colored)

At least on my systems glob and vis are not installed, so introduce
PLIST conditional. Please fix up the setting on your systems.
Mark as not MAKE_JOBS_SAFE.

Revision 1.101 / (download) - annotate - [select for diffs], Fri Aug 16 08:30:14 2013 UTC (10 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.100: +10 -12 lines
Diff to previous 1.100 (colored)

Changes 1.5.3:
Bug fixes
- Fix leaking file descriptors in KDC
- Better socket/timeout handling in libkrb5
- General bug fixes
- Build fixes

Revision 1.100 / (download) - annotate - [select for diffs], Thu Aug 15 11:15:11 2013 UTC (10 years, 8 months ago) by jperkin
Branch: MAIN
Changes since 1.99: +7 -5 lines
Diff to previous 1.99 (colored)

Attempt to fix readline fallout.  Tested with both READLINE_TYPE on SmartOS.

Revision 1.99 / (download) - annotate - [select for diffs], Mon Jul 15 02:02:28 2013 UTC (10 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.98: +4 -4 lines
Diff to previous 1.98 (colored)

* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes
  are replaced with .include "../../devel/readline/buildlink3.mk", and
  USE_GNU_READLINE are removed,

* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
  are replaced with .include "../../mk/readline.buildlink3.mk".

Revision 1.98 / (download) - annotate - [select for diffs], Thu May 9 07:39:19 2013 UTC (10 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)

Massive revbump after updating graphics/ilmbase, graphics/openexr, textproc/icu.

Revision 1.97 / (download) - annotate - [select for diffs], Wed Feb 6 23:20:59 2013 UTC (11 years, 2 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)

PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.96 / (download) - annotate - [select for diffs], Sat Jan 26 21:36:45 2013 UTC (11 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)

Revbump after graphics/jpeg and textproc/icu

Revision 1.95 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:32 2012 UTC (11 years, 4 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.94: +2 -2 lines
Diff to previous 1.94 (colored)

recursive bump from cyrus-sasl libsasl2 shlib major bump.

Revision 1.94 / (download) - annotate - [select for diffs], Thu Nov 15 03:32:00 2012 UTC (11 years, 5 months ago) by sbd
Branch: MAIN
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored)

When getting a file basename strip any leading directories.

Revision 1.93 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:30 2012 UTC (11 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.92: +1 -3 lines
Diff to previous 1.92 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.92 / (download) - annotate - [select for diffs], Sun Sep 9 09:23:06 2012 UTC (11 years, 7 months ago) by cheusov
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.91: +3 -2 lines
Diff to previous 1.91 (colored)

Add CONFLICTS with kth-krb4 (lib/libsl.so)

Revision 1.91 / (download) - annotate - [select for diffs], Wed Jul 18 09:48:10 2012 UTC (11 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.90: +5 -1 lines
Diff to previous 1.90 (colored)

Fix install on at least Solaris.

Revision 1.90 / (download) - annotate - [select for diffs], Fri Apr 27 12:32:02 2012 UTC (11 years, 11 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)

Recursive bump from icu shlib major bumped to 49.

Revision 1.89 / (download) - annotate - [select for diffs], Tue Mar 13 09:04:49 2012 UTC (12 years, 1 month ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.88: +5 -2 lines
Diff to previous 1.88 (colored)

On SunOS, heimdal never builds hcrypto when pkgsrc OpenSSL used.

Revision 1.88 / (download) - annotate - [select for diffs], Sun Mar 11 11:30:06 2012 UTC (12 years, 1 month ago) by shattered
Branch: MAIN
Changes since 1.87: +3 -2 lines
Diff to previous 1.87 (colored)

PR/39656 -- Use /var/heimdal as hdbdir, not /var.

Revision 1.87 / (download) - annotate - [select for diffs], Mon Feb 27 12:39:11 2012 UTC (12 years, 1 month ago) by asau
Branch: MAIN
Changes since 1.86: +3 -3 lines
Diff to previous 1.86 (colored)

Update to Heimdal 1.5.2


Release Notes - Heimdal - Version Heimdal 1.5.2

 Security fixes
 - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
 - Check that key types strictly match - denial of service

Release Notes - Heimdal - Version Heimdal 1.5.1

 Bug fixes
 - Fix building on Solaris, requires c99
 - Fix building on Windows
 - Build system updates

Release Notes - Heimdal - Version Heimdal 1.5

New features

 - Support GSS name extensions/attributes
 - SHA512 support
 - No Kerberos 4 support
 - Basic support for MIT Admin protocol (SECGSS flavor)
   in kadmind (extract keytab)
 - Replace editline with libedit

Revision 1.86 / (download) - annotate - [select for diffs], Wed Feb 15 22:39:54 2012 UTC (12 years, 2 months ago) by asau
Branch: MAIN
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored)

Provide access to tests (TEST_TARGET=check).

Revision 1.85 / (download) - annotate - [select for diffs], Wed Jan 18 14:45:37 2012 UTC (12 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)

Revbump after db5 update

Revision 1.84 / (download) - annotate - [select for diffs], Fri Dec 30 18:59:05 2011 UTC (12 years, 3 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.83: +1 -1 lines
Diff to previous 1.83 (colored)

Fix for CVE-2011-4862 from FreeBSD

When an encryption key is supplied via the TELNET protocol, its length
is not validated before the key is copied into a fixed-size buffer.

Revision 1.83 / (download) - annotate - [select for diffs], Fri Dec 9 01:53:11 2011 UTC (12 years, 4 months ago) by sbd
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)

In OWN_DIRS_PERMS change ROOT_GROUP to REAL_ROOT_GROUP

Revision 1.82 / (download) - annotate - [select for diffs], Wed Sep 14 17:33:00 2011 UTC (12 years, 7 months ago) by hans
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.81: +3 -2 lines
Diff to previous 1.81 (colored)

Fix build on SunOS.

Revision 1.81 / (download) - annotate - [select for diffs], Sun Jul 31 21:21:01 2011 UTC (12 years, 8 months ago) by gls
Branch: MAIN
Changes since 1.80: +2 -1 lines
Diff to previous 1.80 (colored)

Adds the symbols _kdc_db_fetch and _kdc_free_ent to global
visibility, so that they can be referenced from kdc/digest-service.
Fixes build on Dragonfly. From Alex Hornung in PR pkg/45195.

Revision 1.80 / (download) - annotate - [select for diffs], Fri Jul 8 09:49:21 2011 UTC (12 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.79: +18 -11 lines
Diff to previous 1.79 (colored)

Changes 1.4:
New features
* Support for reading MIT database file directly
* KCM is polished up and now used in production
* NTLM first class citizen, credentials stored in KCM
* Table driven ASN.1 compiler, smaller!, not enabled by default
* Native Windows client support
Notes
* Disabled write support NDBM hdb backend (read still in there) since
  it can't handle large records, please migrate to a diffrent backend
  (like BDB4)

Changes 1.3.3:
Bug fixes
* Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
* Check NULL pointers before dereference them [kdc]

Changes 1.3.2:
Bug fixes
* Don't mix length when clearing hmac (could memset too much)
* More paranoid underrun checking when decrypting packets
* Check the password change requests and refuse to answer empty packets
* Build on OpenSolaris
* Renumber AD-SIGNED-TICKET since it was stolen from US
* Don't cache /dev/*random file descriptor, it doesn't get unloaded
* Make C++ safe
* Misc warnings

Revision 1.79 / (download) - annotate - [select for diffs], Tue Mar 23 15:37:56 2010 UTC (14 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)

Reset maintainer, lost his commit bit.

Revision 1.78 / (download) - annotate - [select for diffs], Fri Feb 19 20:16:05 2010 UTC (14 years, 1 month ago) by joerg
Branch: MAIN
Changes since 1.77: +3 -3 lines
Diff to previous 1.77 (colored)

Fix ownership. Bump revision.

Revision 1.77 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:40 2010 UTC (14 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)

Recursive PKGREVISION bump for jpeg update to 8.

Revision 1.76 / (download) - annotate - [select for diffs], Tue Jun 30 00:07:22 2009 UTC (14 years, 9 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2
Changes since 1.75: +3 -1 lines
Diff to previous 1.75 (colored)

Mark packages as MAKE_JOBS_SAFE=no that failed in a bulk build with
MAKE_JOBS=2 and worked without.

Revision 1.75 / (download) - annotate - [select for diffs], Sun Jun 14 22:58:08 2009 UTC (14 years, 10 months ago) by joerg
Branch: MAIN
Changes since 1.74: +2 -3 lines
Diff to previous 1.74 (colored)

Remove @dirrm related logic.

Revision 1.74 / (download) - annotate - [select for diffs], Wed May 20 00:58:26 2009 UTC (14 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)

Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.

Reported by Robert Elz in PR 41345.

Revision 1.73 / (download) - annotate - [select for diffs], Tue May 19 08:59:31 2009 UTC (14 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.72: +2 -3 lines
Diff to previous 1.72 (colored)

Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT
block). Uncomment some commented out LICENSE lines while here.

Revision 1.72 / (download) - annotate - [select for diffs], Sun Feb 1 21:39:43 2009 UTC (15 years, 2 months ago) by shattered
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.71: +3 -3 lines
Diff to previous 1.71 (colored)

heimdal leaves empty directories after deinstallation, fix that.

OK by wiz@.

Revision 1.71 / (download) - annotate - [select for diffs], Wed May 14 18:01:26 2008 UTC (15 years, 11 months ago) by jwise
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.70: +5 -2 lines
Diff to previous 1.70 (colored)

libhcrypto.la only seems to get installed if we're building on 3.x or older,
so make it only end up in the PLIST if that is the case.

Revision 1.70 / (download) - annotate - [select for diffs], Mon May 5 02:26:03 2008 UTC (15 years, 11 months ago) by jwise
Branch: MAIN
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored)

Add missing library (libhcrypto) to PLIST, allowing sudo to build against
this heimdal on 3.x.

Bump PKGREVISION.

Revision 1.69 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:09 2008 UTC (16 years ago) by jlam
Branch: MAIN
Changes since 1.68: +3 -4 lines
Diff to previous 1.68 (colored)

Convert to use PLIST_VARS instead of manually passing "@comment "
through PLIST_SUBST to the plist module.

Revision 1.68 / (download) - annotate - [select for diffs], Tue Mar 4 22:37:46 2008 UTC (16 years, 1 month ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1
Changes since 1.67: +2 -4 lines
Diff to previous 1.67 (colored)

As of revision 1.2 of termcap.buildlink3.mk, "-ltermcap" is automatically
transformed into the correct set of libraries, so we no longer need to
override the configure script's check for which library has tgetent().

Revision 1.67 / (download) - annotate - [select for diffs], Sun Mar 2 06:41:32 2008 UTC (16 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)

The "missing-from-system" headers that Heimdal installs are now placed
into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5.
This is good because it reduces the likelihood of a conflict with any
other similarly named headers if you simply add -I${PREFIX}/include/krb5
to the compiler command line.

Patch from PR pkg/38119 by charlie.

Revision 1.66 / (download) - annotate - [select for diffs], Fri Feb 29 22:41:13 2008 UTC (16 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)

Rename termlib.* to termcap.* to better document exactly what packages
are trying to use (the termcap t*() API).

Revision 1.65 / (download) - annotate - [select for diffs], Thu Feb 28 08:14:41 2008 UTC (16 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.64: +27 -88 lines
Diff to previous 1.64 (colored)

Update security/heimdal to version 1.1.  Changes from version 0.7.2 include:

 * Read-only PKCS11 provider built-in to hx509.
 * Better compatibilty with Windows 2008 Server pre-releases and Vista.
 * Add RFC3526 modp group14 as default.
 * Handle [kdc] database = { } entries without realm = stanzas.
 * Add gss_pseudo_random() for mechglue and krb5.
 * Make session key for the krbtgt be selected by the best encryption
   type of the client.
 * Better interoperability with other PK-INIT implementations.
 * Alias support for inital ticket requests.
 * Make ASN.1 library less paranoid to with regard to NUL in string to
   make it inter-operate with MIT Kerberos again.
 * PK-INIT support.
 * HDB extensions support, used by PK-INIT.
 * New ASN.1 compiler.
 * GSS-API mechglue from FreeBSD.
 * Updated SPNEGO to support RFC4178.
 * Support for Cryptosystem Negotiation Extension (RFC 4537).
 * A new X.509 library (hx509) and related crypto functions.
 * A new ntlm library (heimntlm) and related crypto functions.
 * KDC will return the "response too big" error to force TCP retries
   for large (default 1400 bytes) UDP replies.  This is common for
   PK-INIT requests.
 * Libkafs defaults to use 2b tokens.
 * krb5_kuserok() also checks ~/.k5login.d directory for acl files.
 * Fix memory leaks.
 * Bugs fixes

Revision 1.64 / (download) - annotate - [select for diffs], Fri Jan 18 05:09:37 2008 UTC (16 years, 3 months ago) by tnn
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)

Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@

Revision 1.63 / (download) - annotate - [select for diffs], Tue Feb 20 10:17:14 2007 UTC (17 years, 1 month ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.62: +11 -1 lines
Diff to previous 1.62 (colored)

Fixed the build on IRIX 6.5.

Revision 1.59.2.1 / (download) - annotate - [select for diffs], Thu Aug 10 07:14:03 2006 UTC (17 years, 8 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.59: +10 -2 lines
Diff to previous 1.59 (colored) next main 1.60 (colored)

Pullup ticket 1784 - requested by salo
security fix for heimdal

Revisions pulled up:
- pkgsrc/security/heimdal/Makefile			1.60-1.62
- pkgsrc/security/heimdal/distinfo			1.20-1.21
- pkgsrc/security/heimdal/PLIST				1.11
- pkgsrc/security/heimdal/PLIST.Linux			removed
- pkgsrc/security/heimdal/patches/patch-al		1.1
- pkgsrc/security/heimdal/patches/patch-am		1.1
- pkgsrc/security/heimdal/patches/patch-an		1.1
- pkgsrc/security/heimdal/patches/patch-ao		1.1
- pkgsrc/security/heimdal/patches/patch-ap		1.1
- pkgsrc/security/heimdal/patches/patch-aq		1.1

   Module Name:	pkgsrc
   Committed By:	markd
   Date:		Sun Jul  2 13:53:28 UTC 2006

   Modified Files:
	pkgsrc/security/heimdal: Makefile
   Added Files:
	pkgsrc/security/heimdal: PLIST.SunOS

   Log Message:
   Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with
   heimdal, so heimdal installs its own. Add them in PLIST.SunOS
   Fixes PR pkg/33656.   Bump PKGREVISION.
---
   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Wed Jul  5 04:39:15 UTC 2006

   Modified Files:
	pkgsrc/security/heimdal: Makefile PLIST distinfo
   Added Files:
	pkgsrc/security/heimdal/patches: patch-al
   Removed Files:
	pkgsrc/security/heimdal: PLIST.Linux PLIST.SunOS

   Log Message:
   Back out previous and do the same thing more generally for all platforms.
   Since the heimdal install process will install additional headers in
   ${PREFIX}/include/krb5 depending on what the configure process detects,
   simply query the source Makefile at install-time for the extra headers
   that it will install and dynamically add them to the PLIST.
---
   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Wed Aug  9 17:58:09 UTC 2006

   Modified Files:
	pkgsrc/security/heimdal: Makefile distinfo
   Added Files:
	pkgsrc/security/heimdal/patches: patch-am patch-an patch-ao patch-ap
	    patch-aq

   Log Message:
   Security fix for SA21436:

   "A security issue has been reported in Heimdal, which potentially can be
    exploited by malicious, local users to perform certain actions with
    escalated privileges.

    The security issue is caused due to missing checks for whether the
    "setuid()" call has succeeded in the bundled rcp application. This may
    be exploited to perform certain actions with root privileges if the
    "setuid()" call fails due to e.g. resource limits."

   http://secunia.com/advisories/21436/
   http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

   Bump PKGREVISION.

Revision 1.62 / (download) - annotate - [select for diffs], Wed Aug 9 17:58:09 2006 UTC (17 years, 8 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)

Security fix for SA21436:

"A security issue has been reported in Heimdal, which potentially can be
 exploited by malicious, local users to perform certain actions with
 escalated privileges.

 The security issue is caused due to missing checks for whether the
 "setuid()" call has succeeded in the bundled rcp application. This may
 be exploited to perform certain actions with root privileges if the
 "setuid()" call fails due to e.g. resource limits."

http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

Bump PKGREVISION.

Revision 1.61 / (download) - annotate - [select for diffs], Wed Jul 5 04:39:14 2006 UTC (17 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.60: +9 -1 lines
Diff to previous 1.60 (colored)

Back out previous and do the same thing more generally for all platforms.
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.

Revision 1.60 / (download) - annotate - [select for diffs], Sun Jul 2 13:53:28 2006 UTC (17 years, 9 months ago) by markd
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)

Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with
heimdal, so heimdal installs its own. Add them in PLIST.SunOS
Fixes PR pkg/33656.   Bump PKGREVISION.

Revision 1.59 / (download) - annotate - [select for diffs], Wed May 31 18:22:26 2006 UTC (17 years, 10 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)

The databases/openldap package has been split in -client and -server component
packages.  Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.

Revision 1.58 / (download) - annotate - [select for diffs], Mon May 15 09:17:14 2006 UTC (17 years, 11 months ago) by minskim
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)

Linux does not have glob.h and vis.h compatible with heimdal, so heimdal
installs its own glob.h and vis.h.  Add them to PLIST.Linux.

Bump PKGREVISION.

Revision 1.57 / (download) - annotate - [select for diffs], Sat May 6 01:05:51 2006 UTC (17 years, 11 months ago) by minskim
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)

This package requires flex to build.

Revision 1.56 / (download) - annotate - [select for diffs], Fri Mar 31 23:44:39 2006 UTC (18 years ago) by jlam
Branch: MAIN
Changes since 1.55: +2 -1 lines
Diff to previous 1.55 (colored)

heimdal and gss conflict because they install a common set of manpages
for the gss_* functions.

Revision 1.55 / (download) - annotate - [select for diffs], Thu Mar 30 03:44:43 2006 UTC (18 years ago) by jlam
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)

* Honor PKGINFODIR.
* List the info files directly in the PLIST.

Revision 1.49.2.1 / (download) - annotate - [select for diffs], Wed Feb 8 15:59:35 2006 UTC (18 years, 2 months ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.49: +2 -3 lines
Diff to previous 1.49 (colored) next main 1.50 (colored)

Pullup ticket 1106 - requested by Love Hornquist Astrand
security update for heimdal

Revisions pulled up:
- pkgsrc/security/heimdal/Makefile		1.54
- pkgsrc/security/heimdal/distinfo		1.19
- pkgsrc/security/heimdal/patches/patch-ab	removed
- pkgsrc/security/heimdal/patches/patch-ak	removed
- pkgsrc/security/heimdal/patches/patch-ae	removed
- pkgsrc/security/heimdal/patches/patch-af	removed
- pkgsrc/security/heimdal/patches/patch-ag	removed
- pkgsrc/security/heimdal/patches/patch-ah	removed
- pkgsrc/security/heimdal/patches/patch-ai	removed
- pkgsrc/security/heimdal/patches/patch-aj	removed

   Module Name:		pkgsrc
   Committed By:	lha
   Date:		Tue Feb  7 12:20:52 UTC 2006

   Modified Files:
   	pkgsrc/security/heimdal: Makefile distinfo
   Removed Files:
   	pkgsrc/security/heimdal/patches: patch-ab patch-ae patch-af
   	    patch-ag patch-ah patch-ai patch-aj patch-ak

   Log Message:
   http://www.pdc.kth.se/heimdal/releases/0.7.2/
   http://www.pdc.kth.se/heimdal/advisory/2006-02-06/

   Changes in Heimdal 0.7.2

   * Fix security problem in rshd that enable an attacker to overwrite
     and change ownership of any file that root could write.
   * Fix a DOS in telnetd. The attacker could force the server to crash
     in a NULL de-reference before the user logged in, resulting in inetd
     turning telnetd off because it forked too fast.
   * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
     exists in the keytab before returning success. This allows servers
     to check if its even possible to use GSSAPI.
   * Fix receiving end of token delegation for GSS-API. It still wrongly
     uses subkey for sending for compatibility reasons, this will change
     in 0.8.
   * telnetd, login and rshd are now more verbose in logging failed and
     successful logins.
   * Bug fixes

Revision 1.54 / (download) - annotate - [select for diffs], Tue Feb 7 12:20:52 2006 UTC (18 years, 2 months ago) by lha
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base, pkgsrc-2006Q1
Changes since 1.53: +2 -3 lines
Diff to previous 1.53 (colored)

http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/

Changes in Heimdal 0.7.2

* Fix security problem in rshd that enable an attacker to overwrite
  and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
  in a NULL de-reference before the user logged in, resulting in inetd
  turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
  exists in the keytab before returning success. This allows servers
  to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
  uses subkey for sending for compatibility reasons, this will change
  in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
  successful logins.
* Bug fixes

Revision 1.53 / (download) - annotate - [select for diffs], Wed Jan 25 03:47:51 2006 UTC (18 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.52: +4 -1 lines
Diff to previous 1.52 (colored)

Force Heimdal to compile its own compile_et by telling the configure
script not to find any system-installed compile_et.

(This should really be done by using our own PATH that doesn't include
any system paths, but we're not quite ready to do that yet.)

Revision 1.52 / (download) - annotate - [select for diffs], Tue Jan 24 18:56:23 2006 UTC (18 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.51: +2 -1 lines
Diff to previous 1.51 (colored)

security/heimdal and net/openafs conflict because of:
bin/compile_et
bin/kpasswd
bin/pagsh

Addresses PR 32610 and PR 32612 by Ola Eriksson.

Revision 1.51 / (download) - annotate - [select for diffs], Tue Jan 24 18:55:21 2006 UTC (18 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)

security/heimdal and arla conflict with each other because of:
bin/mk_cmds
lib/libroken.la
lib/libsl.la
lib/libss.la
man/man3/arg_printusage.3
man/man3/getarg.3

Addresses PR 32610 and PR 32611 by Ola Eriksson.

Revision 1.50 / (download) - annotate - [select for diffs], Thu Dec 29 06:22:09 2005 UTC (18 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.49: +1 -2 lines
Diff to previous 1.49 (colored)

Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.

Revision 1.49 / (download) - annotate - [select for diffs], Wed Dec 21 04:17:49 2005 UTC (18 years, 3 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)

Add a non-conflicting definition for load_rc_config_var so that
platforms with older versions of /etc/rc.subr can run smbd.sh and
winbindd.sh without updating /etc/rc.subr.

Bump PKGREVISION to 2.

Revision 1.48 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:17 2005 UTC (18 years, 4 months ago) by rillig
Branch: MAIN
Changes since 1.47: +5 -5 lines
Diff to previous 1.47 (colored)

Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.

Revision 1.47 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:56 2005 UTC (18 years, 4 months ago) by rillig
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)

Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html

Revision 1.46 / (download) - annotate - [select for diffs], Wed Oct 26 16:44:24 2005 UTC (18 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.45: +2 -1 lines
Diff to previous 1.45 (colored)

Pull in change from Heimdal CVS committed on 20051012 where the field
in a publicly-exported structure was renamed from "private" to
"opt_private".  This allows <krb5.h> to be used by C++ compilers.
Bump the PKGREVISION to 1.

Revision 1.45 / (download) - annotate - [select for diffs], Wed Oct 26 15:12:45 2005 UTC (18 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.44: +20 -14 lines
Diff to previous 1.44 (colored)

Update security/heimdal to 0.7.1 (approved by lha).  We drop support
for the "db4" option and just rely on the appropriate BDB_* settings
via bdb.buildlink3.mk.  Also, we tweak the builtin.mk file so use
krb5-config, if it's available, to check the version of the built-in
heimdal.  Patches patch-ab, patch-ae and patch-af have been sent back
upstream and will be incorporated into future Heimdal releases.

Changes between version 0.6.5 and version 0.7.1 include:

 * Support for KCM, a process based credential cache
 * Support CCAPI credential cache
 * SPNEGO support
 * AES (and the gssapi conterpart, CFX) support
 * Adding new and improve old documentation
 * Bug fixes

Revision 1.44 / (download) - annotate - [select for diffs], Tue Oct 25 01:17:57 2005 UTC (18 years, 5 months ago) by rillig
Branch: MAIN
Changes since 1.43: +6 -1 lines
Diff to previous 1.43 (colored)

Solaris 9 has a <vis.h> header, but it is very different to the BSD <vis.h>
header, which is expected by heimdal. Now the package builds on Solaris 9.

Revision 1.43 / (download) - annotate - [select for diffs], Wed Oct 5 13:29:50 2005 UTC (18 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.42: +1 -3 lines
Diff to previous 1.42 (colored)

Remove some more *LEGACY* settings that are over a month old and
thus were before 2005Q3.

Revision 1.42 / (download) - annotate - [select for diffs], Tue Aug 23 14:07:25 2005 UTC (18 years, 7 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)

Include sys/types.h. This fixes configure on DragonFly. Bump PKGREVISION.

Okayed by lha@. I tested on Linux and DragonFly. I got this from
Joerg Sonnenberger.

On DragonFly, the configure errored like:

/usr/include/openssl/md5.h:110: error: syntax error before "size_t"
In file included from conftest.c:34:
/usr/include/openssl/sha.h:109: error: syntax error before "size_t"

This caused tests to break and it ended up building and installing libdes
and des.h, md4.h, and related headers.

So later libgssapi needed this libdes which was not buildlinked which
broke kdelibs3 build.

Revision 1.41 / (download) - annotate - [select for diffs], Thu Aug 4 16:50:18 2005 UTC (18 years, 8 months ago) by tonio
Branch: MAIN
Changes since 1.40: +2 -1 lines
Diff to previous 1.40 (colored)

Add patch-aa to make heimdal compile with gcc-4 (default with darwin 8)
This patch is the same as revision 1.3 of
/cvsroot/src/crypto/dist/heimdal/lib/asn1/gen_glue.c by matt@
those cvs log:
  Don't emit struct units [] anymore.  emit a struct units * const foo and
  in the C file initialize that to the static list.

Bump pkgrevision: it changes the binary package on gcc<4 platforms

approved by wiz@

Revision 1.40 / (download) - annotate - [select for diffs], Mon Jun 20 09:51:02 2005 UTC (18 years, 10 months ago) by lha
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)

Update to Heimdal 0.6.5

Changes in release 0.6.5
 * fix vulnerabilities in telnetd
 * unbreak Kerberos 4 and kaserver

Revision 1.39 / (download) - annotate - [select for diffs], Wed Jun 1 02:49:39 2005 UTC (18 years, 10 months ago) by yyamano
Branch: MAIN
Changes since 1.38: +3 -1 lines
Diff to previous 1.38 (colored)

Make this build on Darwin. This fixes PR pkg/29147.

Revision 1.38 / (download) - annotate - [select for diffs], Tue May 31 11:31:07 2005 UTC (18 years, 10 months ago) by dillo
Branch: MAIN
Changes since 1.37: +5 -4 lines
Diff to previous 1.37 (colored)

Rename option prefix-cmds to kerberos-prefix-cmds.  Backwards
compatibility provided via PKG_OPTIONS_LEGACY_OPTS.

Revision 1.37 / (download) - annotate - [select for diffs], Tue May 31 10:01:39 2005 UTC (18 years, 10 months ago) by dillo
Branch: MAIN
Changes since 1.36: +3 -5 lines
Diff to previous 1.36 (colored)

Packages have no business modifying PKG_DEFAULT_OPTIONS -- it's a
user settable variable.  Set PKG_SUGGESTED_OPTIONS instead.  Also,
make use of PKG_OPTIONS_LEGACY_VARS.

Reviewed by wiz.

Revision 1.36 / (download) - annotate - [select for diffs], Sun May 22 20:08:30 2005 UTC (18 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)

Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions:

	USE_GNU_TOOLS	-> USE_TOOLS
	awk		-> gawk
	m4		-> gm4
	make		-> gmake
	sed		-> gsed
	yacc		-> bison

Revision 1.32.2.1 / (download) - annotate - [select for diffs], Thu Apr 21 15:55:33 2005 UTC (18 years, 11 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.32: +6 -7 lines
Diff to previous 1.32 (colored) next main 1.33 (colored)

Pullup ticket 458 - requested by Love Hornquist-Astrand
security fix for heimdal

Revisions pulled up:
- pkgsrc/security/heimdal/Makefile		1.34-1.35
- pkgsrc/security/heimdal/PLIST			1.7
- pkgsrc/security/heimdal/distinfo		1.11
- pkgsrc/security/heimdal/patches/patch-ae	removed

   Module Name:		pkgsrc
   Committed By:	wiz
   Date:		Thu Apr 21 14:00:36 UTC 2005

   Modified Files:
   	pkgsrc/security/heimdal: Makefile

   Log Message:
   lha agreed to maintain this package.
---
   Module Name:		pkgsrc
   Committed By:	lha
   Date:		Thu Apr 21 14:35:47 UTC 2005

   Modified Files:
   	pkgsrc/security/heimdal: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/security/heimdal/patches: patch-ae

   Log Message:
   Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
   package. Also please pkglint. Changes in heimdal 0.6.4 include:

    * fix vulnerabilities in telnet
    * rshd: encryption without a separate error socket should now work
    * telnet now uses appdefaults for the encrypt and forward/forwardable
      settings
    * bug fixes

Revision 1.35 / (download) - annotate - [select for diffs], Thu Apr 21 14:35:47 2005 UTC (18 years, 11 months ago) by lha
Branch: MAIN
Changes since 1.34: +5 -6 lines
Diff to previous 1.34 (colored)

Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
package. Also please pkglint. Changes in heimdal 0.6.4 include:

 * fix vulnerabilities in telnet
 * rshd: encryption without a separate error socket should now work
 * telnet now uses appdefaults for the encrypt and forward/forwardable
   settings
 * bug fixes

Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 21 14:00:36 2005 UTC (18 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

lha agreed to maintain this package.

Revision 1.33 / (download) - annotate - [select for diffs], Mon Apr 11 21:47:12 2005 UTC (19 years ago) by tv
Branch: MAIN
Changes since 1.32: +1 -2 lines
Diff to previous 1.32 (colored)

Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.

Revision 1.32 / (download) - annotate - [select for diffs], Tue Dec 28 02:47:49 2004 UTC (19 years, 3 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).

Revision 1.31 / (download) - annotate - [select for diffs], Thu Dec 23 14:43:28 2004 UTC (19 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.30: +6 -7 lines
Diff to previous 1.30 (colored)

Enable building heimdal with the "ldap" option to allow using an LDAP
server as a datastore for the KDC.

Revision 1.30 / (download) - annotate - [select for diffs], Sat Dec 4 03:59:26 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4
Changes since 1.29: +2 -17 lines
Diff to previous 1.29 (colored)

Set USE_OLD_DES_API and replace custom changes to work with NetBSD-2.0's
OpenSSL, with patches to use <openssl/des_old.h>.

Revision 1.29 / (download) - annotate - [select for diffs], Sun Nov 28 19:19:52 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

Remove pre-buildlink and post-buildlink as part of getting pkgsrc ready
for pkgsrc-2004Q4.  The "buildlink" phase was removed for the last branch,
and this is the final cleanup.  "post-buildlink" is now "post-wrapper".

Revision 1.28 / (download) - annotate - [select for diffs], Fri Nov 19 23:16:02 2004 UTC (19 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.27: +18 -2 lines
Diff to previous 1.27 (colored)

Correctly detect the old DES API in the OpenSSL in NetBSD's base
install.  This prevents Heimdal from building and installing its own
DES library and headers.  Bump the PKGREVISION.

Revision 1.27 / (download) - annotate - [select for diffs], Mon Nov 15 14:56:36 2004 UTC (19 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.26: +4 -10 lines
Diff to previous 1.26 (colored)

Add a new variable BROKEN_READLINE_DETECTION which should be set to
yes/no by a package Makefile, depending on whether the configure
process properly detects the additional libraries needed to link
against -lreadline (typically, you need either "-lreadline -ltermcap",
or "-lreadline -lcurses" to properly link against -lreadline).  If this
variable is set to "yes", then we automatically expand "-lreadline" into
"-lreadline -l<termcap functions library>".  BROKEN_READLINE_DETECTION
defaults to "no".

Set BROKEN_READLINE_DETECTION to "yes" in security/heimdal and remove
the custom logic that did the same work.

Revision 1.26 / (download) - annotate - [select for diffs], Tue Nov 9 19:48:52 2004 UTC (19 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

Fix location of heimdal mirror at ftp.sunet.se.

Revision 1.25 / (download) - annotate - [select for diffs], Tue Oct 19 04:01:13 2004 UTC (19 years, 6 months ago) by reed
Branch: MAIN
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)

This needs a yacc.
So used:
USE_GNU_TOOLS+=                yacc
(But it didn't necessarily need a GNU version.)

Revision 1.24 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:09 2004 UTC (19 years, 6 months ago) by tv
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

Libtool fix for PR pkg/26633, and other issues.  Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.

Revision 1.23 / (download) - annotate - [select for diffs], Wed Sep 22 08:09:52 2004 UTC (19 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.22: +1 -2 lines
Diff to previous 1.22 (colored)

Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:

	lib/libfoo.a
	lib/libfoo.la
	lib/libfoo.so
	lib/libfoo.so.0
	lib/libfoo.so.0.1

one simply needs:

	lib/libfoo.la

and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.

Also make LIBTOOLIZE_PLIST default to "yes".

Revision 1.22 / (download) - annotate - [select for diffs], Wed Sep 15 04:53:21 2004 UTC (19 years, 7 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.21: +11 -3 lines
Diff to previous 1.21 (colored)

The configure script checks for some libraries the wrong order, since
-lreadline also needs either -ltermcap, -lcurses, -lncurses in the link
command to resolve all symbols used in the readline library.  Cause one
of these libraries to automatically be added whenever "-lreadline"
appears on the command line.  This is a generalization of the change in
revision 1.6 to work on more operating systems.

Revision 1.21 / (download) - annotate - [select for diffs], Tue Sep 14 14:41:34 2004 UTC (19 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (colored)

Update security/heimdal to 0.6.3.  Changes from version 0.6.1 include:

* fix vulnerabilities in ftpd
* support for linux AFS /proc "syscalls"
* support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd
* fix possible KDC denial of service
* Fix possible buffer overrun in v4 kadmin (which now defaults to off)

Revision 1.20 / (download) - annotate - [select for diffs], Sun Aug 22 19:32:52 2004 UTC (19 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.19: +3 -11 lines
Diff to previous 1.19 (colored)

Change the way that legacy USE_* and FOO_USE_* options are converted
into the bsd.options.mk framework.  Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS.  This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.

This fixes PR pkg/26590.

Revision 1.19 / (download) - annotate - [select for diffs], Thu Aug 5 16:28:45 2004 UTC (19 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

It's PKG_OPTIONS.heimdal, not PKG_OPTIONS.mit-krb5.

Revision 1.18 / (download) - annotate - [select for diffs], Fri Jul 30 21:05:42 2004 UTC (19 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.17: +23 -10 lines
Diff to previous 1.17 (colored)

Convert to use bsd.options.mk.  The relevant options variable to set
for each package can be determined by invoking:

	make show-var VARNAME=PKG_OPTIONS_VAR

The old options are still supported unless the variable named in
PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).

Revision 1.17 / (download) - annotate - [select for diffs], Sat Jul 24 14:01:20 2004 UTC (19 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)

Honor VARBASE; bump PKGREVISION.

Revision 1.16 / (download) - annotate - [select for diffs], Fri Jun 25 15:44:30 2004 UTC (19 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)

Cede maintainership to the hard-working people on tech-pkg@NetBSD.org.

Revision 1.15 / (download) - annotate - [select for diffs], Fri Jun 25 15:42:52 2004 UTC (19 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.14: +12 -12 lines
Diff to previous 1.14 (colored)

Whitespace nits.

Revision 1.14 / (download) - annotate - [select for diffs], Thu Apr 1 20:51:50 2004 UTC (20 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2
Changes since 1.13: +1 -2 lines
Diff to previous 1.13 (colored)

There is no PKGREVISION less than 1.  Just remove it in this case.

Revision 1.13 / (download) - annotate - [select for diffs], Thu Apr 1 18:42:25 2004 UTC (20 years ago) by joda
Branch: MAIN
Changes since 1.12: +4 -5 lines
Diff to previous 1.12 (colored)

Update to 0.6.1:
 * Fixed cross realm vulnerability
 * Fixed ARCFOUR suppport
 * kdc: fix denial of service attack
 * kdc: stop clients from renewing tickets into the future
 * bug fixes

Revision 1.12 / (download) - annotate - [select for diffs], Mon Mar 29 17:22:26 2004 UTC (20 years ago) by jlam
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Note the info file for the new info file handling framework.

Revision 1.11 / (download) - annotate - [select for diffs], Sun Mar 28 01:00:11 2004 UTC (20 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.10: +26 -8 lines
Diff to previous 1.10 (colored)

Fix the Kerberized telnetd and rsh to use the Heimdal binaries for
login and rsh so that the correct programs (and not the system ones)
are executed.  Bump the PKGREVISION to 3.

Revision 1.10 / (download) - annotate - [select for diffs], Fri Mar 26 18:48:52 2004 UTC (20 years ago) by jlam
Branch: MAIN
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)

Reverse the use of USE_DB185 in bdb.buildlink3.mk -- it defaults to
"yes" and packages that can't use the DB-1.85 API should set it to "no".
This makes the native DB the preferred DB if it exists.

Revision 1.9 / (download) - annotate - [select for diffs], Fri Mar 26 02:27:52 2004 UTC (20 years ago) by wiz
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)

PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.

Revision 1.8 / (download) - annotate - [select for diffs], Wed Mar 10 18:07:16 2004 UTC (20 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Convert to use bdb.buildlink3.mk.

Revision 1.7 / (download) - annotate - [select for diffs], Mon Feb 23 12:35:11 2004 UTC (20 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)

Let the rc.d script start kdc detached, as is the default for
the in-tree kdc.
From Jukka Salmi in PR 24489, ok'd by lukem@.
Bump PKGREVISION to 1.

Revision 1.6 / (download) - annotate - [select for diffs], Sun Feb 22 11:59:50 2004 UTC (20 years, 1 month ago) by markd
Branch: MAIN
Changes since 1.5: +7 -1 lines
Diff to previous 1.5 (colored)

configure looks for and finds -ltermcap too late in the process for it to
be linked in when testing -lreadline usability so that test fails on
Solaris - so pass that lib into configure at the start via the environment.

Also allow optional use of db4 rather that db.

Revision 1.5 / (download) - annotate - [select for diffs], Sat Feb 14 17:21:52 2004 UTC (20 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored)

LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}.  Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.

Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 15 12:48:00 2004 UTC (20 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.3: +16 -6 lines
Diff to previous 1.3 (colored)

Support a new yes/no variable "KERBEROS_PREFIX_CMDS" that can be used by
Kerberos implementation packages to decide whether to prefix certain
commands with a "k" to differentiate it from system tools with similar
names.  KERBEROS_PREFIX_CMDS defaults to "no".

Revision 1.3 / (download) - annotate - [select for diffs], Sun Jan 11 00:00:28 2004 UTC (20 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)

Note CONFLICT with forthcoming mit-krb5 package.

Revision 1.2 / (download) - annotate - [select for diffs], Sat Jan 10 21:59:29 2004 UTC (20 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)

Add a rc.d script to start the kdc daemon on the Kerberos master server.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Jan 10 14:56:45 2004 UTC (20 years, 3 months ago) by jlam
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Initial import of heimdal-0.6 into security/heimdal.

Heimdal is a free implementation of Kerberos 5.

Kerberos is a system for authenticating users and services on a network.
It is built upon the assumption that the network is "unsafe".  Kerberos
is a trusted third-party service.  That means that there is a third
party (the Kerberos server) that is trusted by all the entities on the
network (users and services, usually called "principals").  All
principals share a secret password (or key) with the Kerberos server and
this enables principals to verify that the messages from the Kerberos
server are authentic.  Thus trusting the Kerberos server, users and
services can authenticate each other.

Revision 1.1 / (download) - annotate - [select for diffs], Sat Jan 10 14:56:45 2004 UTC (20 years, 3 months ago) by jlam
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>