The NetBSD Project

CVS log for pkgsrc/security/mit-krb5/builtin.mk

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / mit-krb5

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.20: download - view: text, markup, annotated - select for diffs
Sat Jan 13 20:10:07 2024 UTC (10 months, 4 weeks ago) by riastradh
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, HEAD
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +9 -8 lines
security/heimdal, security/mit-krb5: Do krb5-config in cross-destdir.

Although this is an executable program, it's a very simple shell
script which can be run in the build environment to describe the
target environment.  So qualify paths to it by ${_CROSS_DESTDIR:U},
where it lives during cross-builds.

No change to native builds because ${_CROSS_DESTDIR:U} is empty in
them.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Fri Jan 5 23:46:29 2024 UTC (11 months ago) by adam
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +10 -10 lines
mit-krb5: updated to 1.21.2

Major changes in 1.21.2 (2023-08-14)

Fix double-free in KDC TGS processing [CVE-2023-39975].

Major changes in 1.21.1 (2023-07-10)

Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054].

Major changes in 1.21 (2023-06-05)

User experience
Added a credential cache type providing compatibility with the macOS 11 native credential cache.
Developer experience
libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own.
Added an interface to retrieve the ticket session key from a GSS context.
Protocol evolution
The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively.
The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute.
Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack.
The PKINIT client will advertise a more modern set of supported CMS algorithms.
Code quality
Removed unused code in libkrb5, libkrb5support, and the PKINIT module.
Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code.
Improved the test framework's detection of memory errors in daemon processes when used with asan.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Fri Jul 29 20:22:44 2022 UTC (2 years, 4 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +2 -2 lines
mit-krb5: Update to 1.19.3.

Major changes in 1.19.3 (2022-03-11)
------------------------------------

This is a bug fix release.

* Fix a denial of service attack against the KDC [CVE-2021-37750].

krb5-1.19.3 changes by ticket ID
--------------------------------

9008    Fix KDC null deref on TGS inner body null server
9023    Fix conformance issue in GSSAPI tests

Major changes in 1.19.2 (2021-07-22)
------------------------------------

This is a bug fix release.

* Fix a denial of service attack against the KDC encrypted challenge
  code [CVE-2021-36222].

* Fix a memory leak when gss_inquire_cred() is called without a
  credential handle.

krb5-1.19.2 changes by ticket ID
--------------------------------

8989    Fix typo in enctypes.rst
8992    Avoid rand() in aes-gen test program
9005    Fix argument type errors on Windows
9006    doc build fails with Sphinx 4.0.2
9007    Fix KDC null deref on bad encrypted challenge
9014    Using locking in MEMORY krb5_cc_get_principal()
9015    Fix use-after-free during krad remote_shutdown()
9016    Memory leak in krb5_gss_inquire_cred

Major changes in 1.19.1 (2021-02-18)
------------------------------------

This is a bug fix release.

* Fix a linking issue with Samba.

* Better support multiple pkinit_identities values by checking whether
  certificates can be loaded for each value.

krb5-1.19.1 changes by ticket ID
--------------------------------

8984    Load certs when checking pkinit_identities values
8985    Restore krb5_set_default_tgs_ktypes()
8987    Synchronize command-line option documentation

Major changes in 1.19 (2021-02-01)
----------------------------------

Administrator experience:

* When a client keytab is present, the GSSAPI krb5 mech will refresh
  credentials even if the current credentials were acquired manually.

* It is now harder to accidentally delete the K/M entry from a KDB.

Developer experience:

* gss_acquire_cred_from() now supports the "password" and "verify"
  options, allowing credentials to be acquired via password and
  verified using a keytab key.

* When an application accepts a GSS security context, the new
  GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
  both provided matching channel bindings.

* Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self
  requests to identify the desired client principal by certificate.

* PKINIT certauth modules can now cause the hw-authent flag to be set
  in issued tickets.

* The krb5_init_creds_step() API will now issue the same password
  expiration warnings as krb5_get_init_creds_password().

Protocol evolution:

* Added client and KDC support for Microsoft's Resource-Based
  Constrained Delegation, which allows cross-realm S4U2Proxy requests.
  A third-party database module is required for KDC support.

* kadmin/admin is now the preferred server principal name for kadmin
  connections, and the host-based form is no longer created by
  default.  The client will still try the host-based form as a
  fallback.

* Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
  extension, which causes channel bindings to be required for the
  initiator if the acceptor provided them.  The client will send this
  option if the client_aware_gss_bindings profile option is set.

User experience:

* kinit will now issue a warning if the des3-cbc-sha1 encryption type
  is used in the reply.  This encryption type will be deprecated and
  removed in future releases.

* Added kvno flags --out-cache, --no-store, and --cached-only
  (inspired by Heimdal's kgetcred).

krb5-1.19 changes by ticket ID
------------------------------

7976    Client keytab does not refresh manually obtained ccaches
8332    Referral and cross-realm TGS requests fail with anonymous cache
8871    Zero length fields when freeing object contents
8879    Allow certauth modules to set hw-authent flag
8885    PKINIT calls responder twice
8890    Add finalization safety check to com_err
8893    Do expiration warnings for all init_creds APIs
8897    Pass gss_localname() through SPNEGO
8899    Implement GSS_C_CHANNEL_BOUND_FLAG
8900    Implement KERB_AP_OPTIONS_CBT (server side)
8901    Stop reporting krb5 mech from IAKERB
8902    Omit KDC indicator check for S4U2Self requests
8904    Add KRB5_PRINCIPAL_PARSE_NO_DEF_REALM flag
8907    Pass channel bindings through SPNEGO
8909    Return GSS_S_NO_CRED from krb5 gss_acquire_cred
8910    Building with --enable-static fails when Yasm is available
8911    Default dns_canonicalize_hostname to "fallback"
8912    Omit PA_FOR_USER if we can't compute its checksum
8913    Deleting master key principal entry shouldn't be possible
8914    Invalid negative record length in keytab file
8915    Try to find <target>-ar when cross compiling
8917    Add three kvno options from Heimdal kgetcred
8919    Interop with Heimdal KDC for S4U2Self requests
8920    Fix KDC choice to send encrypted S4U_X509_USER
8921    Use the term "primary KDC" in source and docs
8922    Trace plugin module loading errors
8923    Add GSS_KRB5_NT_X509_CERT name type
8927    getdate.y %type warnings with bison 3.5
8928    Fix three configure tests for Xcode 12
8929    Ignore bad enctypes in krb5_string_to_keysalts()
8930    Expand dns_canonicalize_host=fallback support
8931    Cache S4U2Proxy requests by second ticket
8932    Do proper length decoding in SPNEGO gss_get_oid()
8934    Try kadmin/admin first in libkadm5clnt
8935    Don't create hostbased principals in new KDBs
8937    Fix Leash console option
8940    Remove Leash import functionality
8942    Fix KRB5_GC_CACHED for S4U2Self requests
8943    Allow KDC to canonicalize realm in TGS client
8944    Harmonize macOS pack declarations with Heimdal
8946    Improve KDC alias checking for S4U requests
8947    Warn when des3-cbc-sha1 is used for initial auth
8948    Update SRV record documentation
8950    Document enctype migration
8951    Allow aliases when matching U2U second ticket
8952    Fix doc issues with newer Doxygen and Sphinx
8953    Move more KDC checks to validate_tgs_request()
8954    Update Gladman AES code to a version with a clearer license
8957    Use PKG_CHECK_MODULES for system library com_err
8961    Fix gss_acquire_cred_from() IAKERB handling
8962    Add password option to cred store
8963    Add verify option to cred store
8964    Add GSS credential store documentation
8965    Install shared libraries as executable
8966    Improve duplicate checking in gss_add_cred()
8967    Continue on KRB5_FCC_NOFILE in KCM cache iteration
8969    Update kvno(1) synopsis with missing options
8971    Implement fallback for GSS acceptor names
8973    Revert dns_canonicalize_hostname default to true
8975    Incorrect runstatedir substitution affecting "make install"

Major changes in 1.18.5 (2022-03-11)
------------------------------------

This is a bug fix release.

* Fix a denial of service attack against the KDC [CVE-2021-37750].

krb5-1.18.5 changes by ticket ID
--------------------------------

9008    Fix KDC null deref on TGS inner body null server

Revision 1.17: download - view: text, markup, annotated - select for diffs
Thu May 13 09:06:15 2021 UTC (3 years, 7 months ago) by thor
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +5 -2 lines
security/mit-krb5: detect post-1.5 versions on GNU/Linux in builtin.mk

This might need proper reworking to safely detect the krb5 version
and/or header location without guessing. Asking krb5-config might
be a solution also to tell between heimdal and mit-krb5 from
--version output.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Mon Nov 4 21:12:55 2019 UTC (5 years, 1 month ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +5 -5 lines
security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Mon May 6 08:20:32 2019 UTC (5 years, 7 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -1 lines
mit-krb5: update to 1.16.2nb1.

Fix conflict with hmac symbol from libc, from Naveen Narayanan.
Update configure option, it was renamed. Bump PKGREVISION for that.
Small pkglint fix while here.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Fri Jun 15 20:46:01 2018 UTC (6 years, 5 months ago) by tez
Branches: MAIN
CVS tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +0 -0 lines
mit-krb5: update to 1.16.1

Major changes in 1.16.1 (2018-05-03)

This is a bug fix release.

    Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
    Fix a KDC PKINIT memory leak.
    Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
    Fix a regression in pkinit_cert_match matching of client certificates containing Microsoft UPN SANs.
    Fix a null dereference when the KDC sends a large TGS reply.
    Fix "kdestroy -A" with the KCM credential cache type.
    Allow validation of Microsoft PACs containing enterprise names.
    Fix the handling of capaths "." values.
    Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).

Major changes in 1.16 (2017-12-05)

Administrator experience:
        The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option.
        The ktutil addent command supports the "-k 0" option to ignore the key version, and the "-s" option to use a non-default salt string.
        kpropd supports a --pid-file option to write a pid file at startup, when it is run in standalone mode.
        The "encrypted_challenge_indicator" realm option can be used to attach an authentication indicator to tickets obtained using FAST encrypted challenge pre-authentication.
        Localization support can be disabled at build time with the --disable-nls configure option.

Developer experience:
        The kdcpolicy pluggable interface allows modules control whether tickets are issued by the KDC.
        The kadm5_auth pluggable interface allows modules to control whether kadmind grants access to a kadmin request.
        The certauth pluggable interface allows modules to control which PKINIT client certificates can authenticate to which client principals.
        KDB modules can use the client and KDC interface IP addresses to determine whether to allow an AS request.
        GSS applications can query the bit strength of a krb5 GSS context using the GSS_C_SEC_CONTEXT_SASL_SSF OID with gss_inquire_sec_context_by_oid().
        GSS applications can query the impersonator name of a krb5 GSS credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with gss_inquire_cred_by_oid().
        kdcpreauth modules can query the KDC for the canonicalized requested client principal name, or match a principal name against the requested client principal name with canonicalization.

Protocol evolution:
        The client library will continue to try pre-authentication mechanisms after most failure conditions.
        The KDC will issue trivially renewable tickets (where the renewable lifetime is equal to or less than the ticket lifetime) if requested by the client, to be friendlier to scripts.
        The client library will use a random nonce for TGS requests instead of the current system time.
        For the RC4 string-to-key or PAC operations, UTF-16 is supported (previously only UCS-2 was supported).
        When matching PKINIT client certificates, UPN SANs will be matched correctly as UPNs, with canonicalization.

User experience:
        Dates after the year 2038 are accepted (provided that the platform time facilities support them), through the year 2106.
        Automatic credential cache selection based on the client realm will take into account the fallback realm and the service hostname.
        Referral and alternate cross-realm TGTs will not be cached, avoiding some scenarios where they can be added to the credential cache multiple times.
        A German translation has been added.

Code quality:
        The build is warning-clean under clang with the configured warning options.
        The automated test suite runs cleanly under AddressSanitizer.

Major changes in 1.15.3 (2018-05-03)

This is a bug fix release.

    Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
    Fix a KDC PKINIT memory leak.
    Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
    Fix a null dereference when the KDC sends a large TGS reply.
    Fix "kdestroy -A" with the KCM credential cache type.
    Fix the handling of capaths "." values.
    Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).

Major changes in 1.15.2 (2017-09-25)

This is a bug fix release.

    Fix a KDC denial of service vulnerability caused by unset status strings [CVE-2017-11368]
    Preserve GSS contexts on init/accept failure [CVE-2017-11462]
    Fix kadm5 setkey operation with LDAP KDB module
    Use a ten-second timeout after successful connection for HTTPS KDC requests, as we do for TCP requests
    Fix client null dereference when KDC offers encrypted challenge without FAST
    Ignore dotfiles when processing profile includedir directive
    Improve documentation

Major changes in 1.15.1 (2017-03-01)

This is a bug fix release.

    Allow KDB modules to determine how the e_data field of principal fields is freed
    Fix udp_preference_limit when the KDC location is configured with SRV records
    Fix KDC and kadmind startup on some IPv4-only systems
    Fix the processing of PKINIT certificate matching rules which have two components and no explicit relation
    Improve documentation

Major changes in 1.15 (2016-12-01)

Administrator experience:
        Improve support for multihomed Kerberos servers by adding options for specifying restricted listening addresses for the KDC and kadmind.
        Add support to kadmin for remote extraction of current keys without changing them (requires a special kadmin permission that is excluded from the wildcard permission), with the exception of highly protected keys.
        Add a lockdown_keys principal attribute to prevent retrieval of the principal's keys (old or new) via the kadmin protocol. In newly created databases, this attribute is set on the krbtgt and kadmin principals.
        Restore recursive dump capability for DB2 back end, so sites can more easily recover from database corruption resulting from power failure events.
        Add DNS auto-discovery of KDC and kpasswd servers from URI records, in addition to SRV records. URI records can convey TCP and UDP servers and master KDC status in a single DNS lookup, and can also point to HTTPS proxy servers.
        Add support for password history to the LDAP back end.
        Add support for principal renaming to the LDAP back end.
        Use the getrandom system call on supported Linux kernels to avoid blocking problems when getting entropy from the operating system.
        In the PKINIT client, use the correct DigestInfo encoding for PKCS #1 signatures, so that some especially strict smart cards will work.

Code quality:
        Clean up numerous compilation warnings.
        Remove various infrequently built modules, including some preauth modules that were not built by default.

Developer experience:
        Add support for building with OpenSSL 1.1.
        Use SHA-256 instead of MD5 for (non-cryptographic) hashing of authenticators in the replay cache. This helps sites that must build with FIPS 140 conformant libraries that lack MD5.
        Eliminate util/reconf and allow the use of autoreconf alone to regenerate the configure script.

Protocol evolution:
        Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed Nov 4 15:32:34 2015 UTC (9 years, 1 month ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -1 lines
Add /usr/lib/mit/bin/krb5-config as a possible location for the
krb5-config script, fixing SLES according to sobukus on IRC.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Fri Feb 28 12:17:20 2014 UTC (10 years, 9 months ago) by obache
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +5 -1 lines
Also define KRB5_CONFIG for the case not using builtin mit-krb5.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Thu Feb 13 20:31:08 2014 UTC (10 years, 9 months ago) by adam
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -2 lines
Fix for Darwin version higher that 10

Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Dec 11 10:27:01 2013 UTC (11 years ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +22 -1 lines
On SunOS, install a wrapper script for krb5-config to strip away arguments
that are unsupported by the native port of MIT KRB5, and add any flags
necessary to support the builtin version.

Fixes various packages since the change to support the SunOS builtin.

Based on patches by Richard PALO (richard@).

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sat Nov 23 12:10:13 2013 UTC (11 years ago) by obache
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +6 -5 lines
Use find-headers instead of find-files to detect builtin header files.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Sat Oct 26 05:28:43 2013 UTC (11 years, 1 month ago) by richard
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +21 -2 lines
update mit-krb5 builtin for solaris and better krb5-config support

Revision 1.6.2.1: download - view: text, markup, annotated - select for diffs
Sat Apr 16 09:43:47 2011 UTC (13 years, 7 months ago) by tron
Branches: pkgsrc-2011Q1
Diff to: previous 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6: +7 -5 lines
Pullup ticket #3415 - requested by tez
security/mit-krb5: security patch

Revisions pulled up:
- security/mit-krb5/Makefile                                    1.52-1.53
- security/mit-krb5/buildlink3.mk                               1.11
- security/mit-krb5/builtin.mk                                  1.7
- security/mit-krb5/distinfo                                    1.28-1.29
- security/mit-krb5/patches/patch-ck                            1.1

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Fri Apr  8 17:30:35 UTC 2011

   Modified Files:
           pkgsrc/security/mit-krb5: builtin.mk

   Log Message:
   Add builtin support for SunOS per PR#44597

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Sat Apr  9 00:16:18 UTC 2011

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile buildlink3.mk distinfo
   Added Files:
           pkgsrc/security/mit-krb5/patches: patch-ck

   Log Message:
   correct openssl dependency (it needs >=0.9.8)
   correct BUILDLINK_API_DEPENDS.mit-krb5
   fix building where libtool chokes on "--version-info : " (at least OS X)

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Thu Apr 14 19:37:26 UTC 2011

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo

   Log Message:
   fix MITKRB5-SA-2011-004 (CVE-2011-0285) DOS in kadmind

Revision 1.7: download - view: text, markup, annotated - select for diffs
Fri Apr 8 17:30:35 2011 UTC (13 years, 8 months ago) by tez
Branches: MAIN
CVS tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +6 -4 lines
Add builtin support for SunOS per PR#44597

Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Mar 22 23:31:04 2011 UTC (13 years, 8 months ago) by tez
Branches: MAIN
CVS tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Sun Dec 5 21:56:55 2010 UTC (14 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +3 -2 lines
Detect builtin MIT Kerberos on Mac OS X 10.6.x

Revision 1.4: download - view: text, markup, annotated - select for diffs
Fri Dec 28 15:27:24 2007 UTC (16 years, 11 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, cwrapper, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +7 -1 lines
Recognize the MIT Kerberos bundled with Mac OS X Leopard.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Thu Feb 22 19:27:08 2007 UTC (17 years, 9 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -2 lines
Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Mon Apr 10 18:05:16 2006 UTC (18 years, 8 months ago) by jlam
Branches: MAIN
CVS tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +18 -23 lines
At least look for "Massachusetts Institute of Technology" as a crude
check for MIT Kerberos 5 when inspecting /usr/include/krb5.h.  Also,
bring this file more in line with heimdal/builtin.mk.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Mon Apr 10 15:04:44 2006 UTC (18 years, 8 months ago) by tron
Branches: MAIN
Teach Kerberos 5 to detect the MIT Kerberos 5 bundled with Mac OS X.
This stops the "gnome-vfs2" package from pulling in the "heimdal" package.
This fixes PR pkg/29946 by Juha-Matti Liukkonen.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>