![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / security / heimdal
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.21 / (download) - annotate - [select for diffs], Mon Feb 27 12:39:11 2012 UTC (2 months, 3 weeks ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
HEAD
Changes since 1.20: +26 -11
lines
Diff to previous 1.20 (colored)
Update to Heimdal 1.5.2 Release Notes - Heimdal - Version Heimdal 1.5.2 Security fixes - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege - Check that key types strictly match - denial of service Release Notes - Heimdal - Version Heimdal 1.5.1 Bug fixes - Fix building on Solaris, requires c99 - Fix building on Windows - Build system updates Release Notes - Heimdal - Version Heimdal 1.5 New features - Support GSS name extensions/attributes - SHA512 support - No Kerberos 4 support - Basic support for MIT Admin protocol (SECGSS flavor) in kadmind (extract keytab) - Replace editline with libedit
Revision 1.20 / (download) - annotate - [select for diffs], Wed Sep 14 17:33:00 2011 UTC (8 months, 1 week ago) by hans
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.19: +24 -1
lines
Diff to previous 1.19 (colored)
Fix build on SunOS.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jul 8 09:49:21 2011 UTC (10 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.18: +392 -53
lines
Diff to previous 1.18 (colored)
Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings
Revision 1.18 / (download) - annotate - [select for diffs], Sun Jun 14 18:13:29 2009 UTC (2 years, 11 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2
Changes since 1.17: +1 -7
lines
Diff to previous 1.17 (colored)
Remove @dirrm entries from PLISTs
Revision 1.17 / (download) - annotate - [select for diffs], Sun Feb 1 21:39:44 2009 UTC (3 years, 3 months ago) by shattered
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.16: +5 -2
lines
Diff to previous 1.16 (colored)
heimdal leaves empty directories after deinstallation, fix that. OK by wiz@.
Revision 1.16 / (download) - annotate - [select for diffs], Wed May 14 18:01:26 2008 UTC (4 years ago) by jwise
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
libhcrypto.la only seems to get installed if we're building on 3.x or older, so make it only end up in the PLIST if that is the case.
Revision 1.15 / (download) - annotate - [select for diffs], Mon May 5 02:26:03 2008 UTC (4 years ago) by jwise
Branch: MAIN
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Add missing library (libhcrypto) to PLIST, allowing sudo to build against this heimdal on 3.x. Bump PKGREVISION.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:09 2008 UTC (4 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
Revision 1.13 / (download) - annotate - [select for diffs], Thu Feb 28 08:14:41 2008 UTC (4 years, 2 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2008Q1
Changes since 1.12: +149 -21
lines
Diff to previous 1.12 (colored)
Update security/heimdal to version 1.1. Changes from version 0.7.2 include:
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
Revision 1.12 / (download) - annotate - [select for diffs], Tue Feb 20 10:17:14 2007 UTC (5 years, 3 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Fixed the build on IRIX 6.5.
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Thu Aug 10 07:14:03 2006 UTC (5 years, 9 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.10: +1 -3
lines
Diff to previous 1.10 (colored) next main 1.11 (colored)
Pullup ticket 1784 - requested by salo
security fix for heimdal
Revisions pulled up:
- pkgsrc/security/heimdal/Makefile 1.60-1.62
- pkgsrc/security/heimdal/distinfo 1.20-1.21
- pkgsrc/security/heimdal/PLIST 1.11
- pkgsrc/security/heimdal/PLIST.Linux removed
- pkgsrc/security/heimdal/patches/patch-al 1.1
- pkgsrc/security/heimdal/patches/patch-am 1.1
- pkgsrc/security/heimdal/patches/patch-an 1.1
- pkgsrc/security/heimdal/patches/patch-ao 1.1
- pkgsrc/security/heimdal/patches/patch-ap 1.1
- pkgsrc/security/heimdal/patches/patch-aq 1.1
Module Name: pkgsrc
Committed By: markd
Date: Sun Jul 2 13:53:28 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile
Added Files:
pkgsrc/security/heimdal: PLIST.SunOS
Log Message:
Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with
heimdal, so heimdal installs its own. Add them in PLIST.SunOS
Fixes PR pkg/33656. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: jlam
Date: Wed Jul 5 04:39:15 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile PLIST distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-al
Removed Files:
pkgsrc/security/heimdal: PLIST.Linux PLIST.SunOS
Log Message:
Back out previous and do the same thing more generally for all platforms.
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Aug 9 17:58:09 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-am patch-an patch-ao patch-ap
patch-aq
Log Message:
Security fix for SA21436:
"A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled rcp application. This may
be exploited to perform certain actions with root privileges if the
"setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Bump PKGREVISION.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Jul 5 04:39:14 2006 UTC (5 years, 10 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.10: +1 -3
lines
Diff to previous 1.10 (colored)
Back out previous and do the same thing more generally for all platforms.
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.
Revision 1.10 / (download) - annotate - [select for diffs], Thu Mar 30 03:44:43 2006 UTC (6 years, 1 month ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
* Honor PKGINFODIR. * List the info files directly in the PLIST.
Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 26 15:12:45 2005 UTC (6 years, 7 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.8: +312 -2
lines
Diff to previous 1.8 (colored)
Update security/heimdal to 0.7.1 (approved by lha). We drop support for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes
Revision 1.8 / (download) - annotate - [select for diffs], Mon May 2 20:34:04 2005 UTC (7 years ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.7: +2 -1
lines
Diff to previous 1.7 (colored)
RCD_SCRIPTS_EXAMPLEDIR is no longer customizable. And always is defined as share/examples/rc.d which was the default before. This rc.d scripts are not automatically added to PLISTs now also. So add to each corresponding PLIST as required. This was discussed on tech-pkg in late January and late April. Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
Revision 1.6.4.1 / (download) - annotate - [select for diffs], Thu Apr 21 15:55:34 2005 UTC (7 years, 1 month ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.6: +13 -13
lines
Diff to previous 1.6 (colored) next main 1.7 (colored)
Pullup ticket 458 - requested by Love Hornquist-Astrand
security fix for heimdal
Revisions pulled up:
- pkgsrc/security/heimdal/Makefile 1.34-1.35
- pkgsrc/security/heimdal/PLIST 1.7
- pkgsrc/security/heimdal/distinfo 1.11
- pkgsrc/security/heimdal/patches/patch-ae removed
Module Name: pkgsrc
Committed By: wiz
Date: Thu Apr 21 14:00:36 UTC 2005
Modified Files:
pkgsrc/security/heimdal: Makefile
Log Message:
lha agreed to maintain this package.
---
Module Name: pkgsrc
Committed By: lha
Date: Thu Apr 21 14:35:47 UTC 2005
Modified Files:
pkgsrc/security/heimdal: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/heimdal/patches: patch-ae
Log Message:
Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
package. Also please pkglint. Changes in heimdal 0.6.4 include:
* fix vulnerabilities in telnet
* rshd: encryption without a separate error socket should now work
* telnet now uses appdefaults for the encrypt and forward/forwardable
settings
* bug fixes
Revision 1.7 / (download) - annotate - [select for diffs], Thu Apr 21 14:35:47 2005 UTC (7 years, 1 month ago) by lha
Branch: MAIN
Changes since 1.6: +13 -13
lines
Diff to previous 1.6 (colored)
Update to Heimdal 0.6.4. While I'm here, claim maintainership of this package. Also please pkglint. Changes in heimdal 0.6.4 include: * fix vulnerabilities in telnet * rshd: encryption without a separate error socket should now work * telnet now uses appdefaults for the encrypt and forward/forwardable settings * bug fixes
Revision 1.6 / (download) - annotate - [select for diffs], Tue Oct 19 04:03:05 2004 UTC (7 years, 7 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Branch point for: pkgsrc-2005Q1
Changes since 1.5: +1 -4
lines
Diff to previous 1.5 (colored)
Don't list the info/ files. This uses INFO_FILES so they are automatically registered.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Sep 14 14:41:34 2004 UTC (7 years, 8 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.4: +4 -50
lines
Diff to previous 1.4 (colored)
Update security/heimdal to 0.6.3. Changes from version 0.6.1 include: * fix vulnerabilities in ftpd * support for linux AFS /proc "syscalls" * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd * fix possible KDC denial of service * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 23 22:07:58 2004 UTC (8 years, 1 month ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.3: +1 -2
lines
Diff to previous 1.3 (colored)
mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Apr 1 18:42:25 2004 UTC (8 years, 1 month ago) by joda
Branch: MAIN
Changes since 1.2: +8 -8
lines
Diff to previous 1.2 (colored)
Update to 0.6.1: * Fixed cross realm vulnerability * Fixed ARCFOUR suppport * kdc: fix denial of service attack * kdc: stop clients from renewing tickets into the future * bug fixes
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 15 12:48:00 2004 UTC (8 years, 4 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.1: +14 -13
lines
Diff to previous 1.1 (colored)
Support a new yes/no variable "KERBEROS_PREFIX_CMDS" that can be used by Kerberos implementation packages to decide whether to prefix certain commands with a "k" to differentiate it from system tools with similar names. KERBEROS_PREFIX_CMDS defaults to "no".
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Jan 10 14:56:45 2004 UTC (8 years, 4 months ago) by jlam
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of heimdal-0.6 into security/heimdal. Heimdal is a free implementation of Kerberos 5. Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is "unsafe". Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). All principals share a secret password (or key) with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Thus trusting the Kerberos server, users and services can authenticate each other.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jan 10 14:56:45 2004 UTC (8 years, 4 months ago) by jlam
Branch: MAIN
Initial revision