![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / mit-krb5
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jul 29 20:22:44 2022 UTC (16 months, 1 week ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
HEAD
Changes since 1.16: +2 -2
lines
Diff to previous 1.16 (colored)
mit-krb5: Update to 1.19.3. Major changes in 1.19.3 (2022-03-11) ------------------------------------ This is a bug fix release. * Fix a denial of service attack against the KDC [CVE-2021-37750]. krb5-1.19.3 changes by ticket ID -------------------------------- 9008 Fix KDC null deref on TGS inner body null server 9023 Fix conformance issue in GSSAPI tests Major changes in 1.19.2 (2021-07-22) ------------------------------------ This is a bug fix release. * Fix a denial of service attack against the KDC encrypted challenge code [CVE-2021-36222]. * Fix a memory leak when gss_inquire_cred() is called without a credential handle. krb5-1.19.2 changes by ticket ID -------------------------------- 8989 Fix typo in enctypes.rst 8992 Avoid rand() in aes-gen test program 9005 Fix argument type errors on Windows 9006 doc build fails with Sphinx 4.0.2 9007 Fix KDC null deref on bad encrypted challenge 9014 Using locking in MEMORY krb5_cc_get_principal() 9015 Fix use-after-free during krad remote_shutdown() 9016 Memory leak in krb5_gss_inquire_cred Major changes in 1.19.1 (2021-02-18) ------------------------------------ This is a bug fix release. * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. krb5-1.19.1 changes by ticket ID -------------------------------- 8984 Load certs when checking pkinit_identities values 8985 Restore krb5_set_default_tgs_ktypes() 8987 Synchronize command-line option documentation Major changes in 1.19 (2021-02-01) ---------------------------------- Administrator experience: * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience: * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution: * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience: * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). krb5-1.19 changes by ticket ID ------------------------------ 7976 Client keytab does not refresh manually obtained ccaches 8332 Referral and cross-realm TGS requests fail with anonymous cache 8871 Zero length fields when freeing object contents 8879 Allow certauth modules to set hw-authent flag 8885 PKINIT calls responder twice 8890 Add finalization safety check to com_err 8893 Do expiration warnings for all init_creds APIs 8897 Pass gss_localname() through SPNEGO 8899 Implement GSS_C_CHANNEL_BOUND_FLAG 8900 Implement KERB_AP_OPTIONS_CBT (server side) 8901 Stop reporting krb5 mech from IAKERB 8902 Omit KDC indicator check for S4U2Self requests 8904 Add KRB5_PRINCIPAL_PARSE_NO_DEF_REALM flag 8907 Pass channel bindings through SPNEGO 8909 Return GSS_S_NO_CRED from krb5 gss_acquire_cred 8910 Building with --enable-static fails when Yasm is available 8911 Default dns_canonicalize_hostname to "fallback" 8912 Omit PA_FOR_USER if we can't compute its checksum 8913 Deleting master key principal entry shouldn't be possible 8914 Invalid negative record length in keytab file 8915 Try to find <target>-ar when cross compiling 8917 Add three kvno options from Heimdal kgetcred 8919 Interop with Heimdal KDC for S4U2Self requests 8920 Fix KDC choice to send encrypted S4U_X509_USER 8921 Use the term "primary KDC" in source and docs 8922 Trace plugin module loading errors 8923 Add GSS_KRB5_NT_X509_CERT name type 8927 getdate.y %type warnings with bison 3.5 8928 Fix three configure tests for Xcode 12 8929 Ignore bad enctypes in krb5_string_to_keysalts() 8930 Expand dns_canonicalize_host=fallback support 8931 Cache S4U2Proxy requests by second ticket 8932 Do proper length decoding in SPNEGO gss_get_oid() 8934 Try kadmin/admin first in libkadm5clnt 8935 Don't create hostbased principals in new KDBs 8937 Fix Leash console option 8940 Remove Leash import functionality 8942 Fix KRB5_GC_CACHED for S4U2Self requests 8943 Allow KDC to canonicalize realm in TGS client 8944 Harmonize macOS pack declarations with Heimdal 8946 Improve KDC alias checking for S4U requests 8947 Warn when des3-cbc-sha1 is used for initial auth 8948 Update SRV record documentation 8950 Document enctype migration 8951 Allow aliases when matching U2U second ticket 8952 Fix doc issues with newer Doxygen and Sphinx 8953 Move more KDC checks to validate_tgs_request() 8954 Update Gladman AES code to a version with a clearer license 8957 Use PKG_CHECK_MODULES for system library com_err 8961 Fix gss_acquire_cred_from() IAKERB handling 8962 Add password option to cred store 8963 Add verify option to cred store 8964 Add GSS credential store documentation 8965 Install shared libraries as executable 8966 Improve duplicate checking in gss_add_cred() 8967 Continue on KRB5_FCC_NOFILE in KCM cache iteration 8969 Update kvno(1) synopsis with missing options 8971 Implement fallback for GSS acceptor names 8973 Revert dns_canonicalize_hostname default to true 8975 Incorrect runstatedir substitution affecting "make install" Major changes in 1.18.5 (2022-03-11) ------------------------------------ This is a bug fix release. * Fix a denial of service attack against the KDC [CVE-2021-37750]. krb5-1.18.5 changes by ticket ID -------------------------------- 9008 Fix KDC null deref on TGS inner body null server
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jun 28 11:35:38 2022 UTC (17 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored)
*: recursive bump for perl 5.36
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jun 15 20:46:01 2018 UTC (5 years, 5 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.14: +0 -0
lines
Diff to previous 1.14 (colored)
mit-krb5: update to 1.16.1
Major changes in 1.16.1 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a regression in pkinit_cert_match matching of client certificates containing Microsoft UPN SANs.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Allow validation of Microsoft PACs containing enterprise names.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.16 (2017-12-05)
Administrator experience:
The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option.
The ktutil addent command supports the "-k 0" option to ignore the key version, and the "-s" option to use a non-default salt string.
kpropd supports a --pid-file option to write a pid file at startup, when it is run in standalone mode.
The "encrypted_challenge_indicator" realm option can be used to attach an authentication indicator to tickets obtained using FAST encrypted challenge pre-authentication.
Localization support can be disabled at build time with the --disable-nls configure option.
Developer experience:
The kdcpolicy pluggable interface allows modules control whether tickets are issued by the KDC.
The kadm5_auth pluggable interface allows modules to control whether kadmind grants access to a kadmin request.
The certauth pluggable interface allows modules to control which PKINIT client certificates can authenticate to which client principals.
KDB modules can use the client and KDC interface IP addresses to determine whether to allow an AS request.
GSS applications can query the bit strength of a krb5 GSS context using the GSS_C_SEC_CONTEXT_SASL_SSF OID with gss_inquire_sec_context_by_oid().
GSS applications can query the impersonator name of a krb5 GSS credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with gss_inquire_cred_by_oid().
kdcpreauth modules can query the KDC for the canonicalized requested client principal name, or match a principal name against the requested client principal name with canonicalization.
Protocol evolution:
The client library will continue to try pre-authentication mechanisms after most failure conditions.
The KDC will issue trivially renewable tickets (where the renewable lifetime is equal to or less than the ticket lifetime) if requested by the client, to be friendlier to scripts.
The client library will use a random nonce for TGS requests instead of the current system time.
For the RC4 string-to-key or PAC operations, UTF-16 is supported (previously only UCS-2 was supported).
When matching PKINIT client certificates, UPN SANs will be matched correctly as UPNs, with canonicalization.
User experience:
Dates after the year 2038 are accepted (provided that the platform time facilities support them), through the year 2106.
Automatic credential cache selection based on the client realm will take into account the fallback realm and the service hostname.
Referral and alternate cross-realm TGTs will not be cached, avoiding some scenarios where they can be added to the credential cache multiple times.
A German translation has been added.
Code quality:
The build is warning-clean under clang with the configured warning options.
The automated test suite runs cleanly under AddressSanitizer.
Major changes in 1.15.3 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.15.2 (2017-09-25)
This is a bug fix release.
Fix a KDC denial of service vulnerability caused by unset status strings [CVE-2017-11368]
Preserve GSS contexts on init/accept failure [CVE-2017-11462]
Fix kadm5 setkey operation with LDAP KDB module
Use a ten-second timeout after successful connection for HTTPS KDC requests, as we do for TCP requests
Fix client null dereference when KDC offers encrypted challenge without FAST
Ignore dotfiles when processing profile includedir directive
Improve documentation
Major changes in 1.15.1 (2017-03-01)
This is a bug fix release.
Allow KDB modules to determine how the e_data field of principal fields is freed
Fix udp_preference_limit when the KDC location is configured with SRV records
Fix KDC and kadmind startup on some IPv4-only systems
Fix the processing of PKINIT certificate matching rules which have two components and no explicit relation
Improve documentation
Major changes in 1.15 (2016-12-01)
Administrator experience:
Improve support for multihomed Kerberos servers by adding options for specifying restricted listening addresses for the KDC and kadmind.
Add support to kadmin for remote extraction of current keys without changing them (requires a special kadmin permission that is excluded from the wildcard permission), with the exception of highly protected keys.
Add a lockdown_keys principal attribute to prevent retrieval of the principal's keys (old or new) via the kadmin protocol. In newly created databases, this attribute is set on the krbtgt and kadmin principals.
Restore recursive dump capability for DB2 back end, so sites can more easily recover from database corruption resulting from power failure events.
Add DNS auto-discovery of KDC and kpasswd servers from URI records, in addition to SRV records. URI records can convey TCP and UDP servers and master KDC status in a single DNS lookup, and can also point to HTTPS proxy servers.
Add support for password history to the LDAP back end.
Add support for principal renaming to the LDAP back end.
Use the getrandom system call on supported Linux kernels to avoid blocking problems when getting entropy from the operating system.
In the PKINIT client, use the correct DigestInfo encoding for PKCS #1 signatures, so that some especially strict smart cards will work.
Code quality:
Clean up numerous compilation warnings.
Remove various infrequently built modules, including some preauth modules that were not built by default.
Developer experience:
Add support for building with OpenSSL 1.1.
Use SHA-256 instead of MD5 for (non-cryptographic) hashing of authenticators in the replay cache. This helps sites that must build with FIPS 140 conformant libraries that lack MD5.
Eliminate util/reconf and allow the use of autoreconf alone to regenerate the configure script.
Protocol evolution:
Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Oct 26 05:28:43 2013 UTC (10 years, 1 month ago) by richard
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
update mit-krb5 builtin for solaris and better krb5-config support
Revision 1.13 / (download) - annotate - [select for diffs], Sat Oct 12 04:24:59 2013 UTC (10 years, 1 month ago) by richard
Branch: MAIN
Changes since 1.12: +2 -3
lines
Diff to previous 1.12 (colored)
revert API to 1.4nb1 for mit-krb5 builtin support
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jul 8 09:59:28 2011 UTC (12 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored)
Changes 1.8.4: This is primarily a bugfix release. Fix vulnerabilities: * KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322] * kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022] * KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] * KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284] * kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285] Interoperability: * Correctly encrypt GSSAPI forwarded credentials using the session key, not a subkey. * Set NT-SRV-INST on TGS principal names as expected by some Windows Server Domain Controllers. * Don't reject AP-REQ messages if their PAC doesn't validate; suppress the PAC instead. * Correctly validate HMAC-MD5 checksums that use DES keys
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Sat Apr 16 09:43:47 2011 UTC (12 years, 7 months ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored) next main 1.11 (colored)
Pullup ticket #3415 - requested by tez
security/mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.52-1.53
- security/mit-krb5/buildlink3.mk 1.11
- security/mit-krb5/builtin.mk 1.7
- security/mit-krb5/distinfo 1.28-1.29
- security/mit-krb5/patches/patch-ck 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Fri Apr 8 17:30:35 UTC 2011
Modified Files:
pkgsrc/security/mit-krb5: builtin.mk
Log Message:
Add builtin support for SunOS per PR#44597
---
Module Name: pkgsrc
Committed By: tez
Date: Sat Apr 9 00:16:18 UTC 2011
Modified Files:
pkgsrc/security/mit-krb5: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-ck
Log Message:
correct openssl dependency (it needs >=0.9.8)
correct BUILDLINK_API_DEPENDS.mit-krb5
fix building where libtool chokes on "--version-info : " (at least OS X)
---
Module Name: pkgsrc
Committed By: tez
Date: Thu Apr 14 19:37:26 UTC 2011
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Log Message:
fix MITKRB5-SA-2011-004 (CVE-2011-0285) DOS in kadmind
Revision 1.11 / (download) - annotate - [select for diffs], Sat Apr 9 00:16:18 2011 UTC (12 years, 8 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
correct openssl dependency (it needs >=0.9.8) correct BUILDLINK_API_DEPENDS.mit-krb5 fix building where libtool chokes on "--version-info : " (at least OS X)
Revision 1.10 / (download) - annotate - [select for diffs], Tue Mar 22 23:31:04 2011 UTC (12 years, 8 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.9: +0 -0
lines
Diff to previous 1.9 (colored)
Update MIT Kerberos to v1.8.3 with the latest security patches up to and including MITKRB5-SA-2011-003. Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2 Note that the r-services, telnetd and ftpd services and the related client applications are now in a separate pacakge security/mit-krb5-appl.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Mar 20 19:25:20 2009 UTC (14 years, 8 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.8: +6 -13
lines
Diff to previous 1.8 (colored)
Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Jul 8 23:11:08 2006 UTC (17 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
Revision 1.7 / (download) - annotate - [select for diffs], Sat Jul 8 22:39:37 2006 UTC (17 years, 5 months ago) by jlam
Branch: MAIN
Changes since 1.6: +2 -1
lines
Diff to previous 1.6 (colored)
Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Apr 12 10:27:34 2006 UTC (17 years, 8 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Aligned the last line of the buildlink3.mk files with the first line, so that they look nicer.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Apr 6 06:22:43 2006 UTC (17 years, 8 months ago) by reed
Branch: MAIN
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Revision 1.3.4.1 / (download) - annotate - [select for diffs], Fri May 13 10:08:52 2005 UTC (18 years, 7 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored) next main 1.4 (colored)
Pullup ticket 444 - requested by Johnny C. Lam
security update for mit-krb5
Revisions pulled up:
- pkgsrc/security/mit-krb5/Makefile 1.17-1.18, 1.20
- pkgsrc/security/mit-krb5/PLIST 1.6-1.8
- pkgsrc/security/mit-krb5/buildlink3.mk 1.4
- pkgsrc/security/mit-krb5/distinfo 1.9-1.10
- pkgsrc/security/mit-krb5/files/kadmind.sh 1.2
- pkgsrc/security/mit-krb5/files/kdc.sh 1.2
- pkgsrc/security/mit-krb5/patches/patch-aa 1.2
- pkgsrc/security/mit-krb5/patches/patch-ab 1.2
- pkgsrc/security/mit-krb5/patches/patch-ac 1.2
- pkgsrc/security/mit-krb5/patches/patch-ad 1.2
- pkgsrc/security/mit-krb5/patches/patch-ae 1.2
- pkgsrc/security/mit-krb5/patches/patch-af 1.3
- pkgsrc/security/mit-krb5/patches/patch-ag 1.3
- pkgsrc/security/mit-krb5/patches/patch-ai removed
- pkgsrc/security/mit-krb5/patches/patch-aj 1.2
- pkgsrc/security/mit-krb5/patches/patch-ak 1.1
- pkgsrc/security/mit-krb5/patches/patch-al 1.1
Module Name: pkgsrc
Committed By: jlam
Date: Sun Apr 10 07:15:25 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: Makefile PLIST distinfo
pkgsrc/security/mit-krb5/files: kadmind.sh kdc.sh
pkgsrc/security/mit-krb5/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-aj
Added Files:
pkgsrc/security/mit-krb5/patches: patch-ak
Removed Files:
pkgsrc/security/mit-krb5/patches: patch-ai
Log Message:
Updated security/mit-krb5 to krb5-1.4.
Changes from version 1.3.6 include:
* Merged Athena telnetd changes for creating a new option for requiring
encryption.
* Add implementation of the RPCSEC_GSS authentication flavor to the RPC
library.
* The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
* Thread safety for krb5 libraries.
* Yarrow code now uses AES.
* Merged Athena changes to allow ftpd to require encrypted passwords.
* Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
* Fix heap buffer overflow in password history mechanism.
[MITKRB5-SA-2004-004]
---
Module Name: pkgsrc
Committed By: jlam
Date: Sun Apr 10 07:45:31 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: PLIST
Log Message:
Remove the examples directory on deinstallation.
---
Module Name: pkgsrc
Committed By: jlam
Date: Sun Apr 10 07:46:51 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-al
Log Message:
Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt
which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating
to buffer overflows in the telnet client. Bump PKGREVISION to 1.
---
Module Name: pkgsrc
Committed By: jlam
Date: Mon Apr 11 22:44:54 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: PLIST
Log Message:
The FTP daemon is always named "kftpd" regardless of whether prefix-cmds
is a PKG_OPTION.
---
Module Name: pkgsrc
Committed By: jlam
Date: Thu Apr 14 23:07:55 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: Makefile
Log Message:
Remove unused section... MIT krb5 apparently now detects NetBSD's utmpx
implementation correctly on NetBSD>=2.0.
---
Module Name: pkgsrc
Committed By: salo
Date: Sat Apr 16 14:32:53 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED for latest security fix. (hi jlam!)
Revision 1.4 / (download) - annotate - [select for diffs], Sat Apr 16 14:32:53 2005 UTC (18 years, 7 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
Bump BUILDLINK_RECOMMENDED for latest security fix. (hi jlam!)
Revision 1.3 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:10 2004 UTC (19 years, 2 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Branch point for: pkgsrc-2005Q1
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jun 24 15:13:24 2004 UTC (19 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.1: +4 -3
lines
Diff to previous 1.1 (colored)
Set BUILDLINK_RECOMMMENDED to mit-krb5>=1.3.4 due to the security advisory: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Mar 30 18:07:18 2004 UTC (19 years, 8 months ago) by jlam
Branch: TNF
CVS Tags: pkgsrc-base,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import MIT Kerberos 5 as security/mit-krb5. This package is partly based on the wip/mit-krb5 package by Jeremy Reed, but heavily modified by me to libtoolize the build. Kerberos V5 is an authentication system developed at MIT. It is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. (Kerberos 5 is discussed in RFC 1510.) This package provides Kerberos and GSSAPI (Generic Security Services Application Programming Interface) development headers and libraries. It also includes Kerberos ticket and principal tools, and Kerberized r-services, telnet and ftp services.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Mar 30 18:07:18 2004 UTC (19 years, 8 months ago) by jlam
Branch: MAIN
Initial revision