Cy Schubert
cc39dd6cdd
Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilities
...
in KDC and libraries
Heads-up by: nectar
2004-09-01 19:55:26 +00:00
Cy Schubert
e832541095
Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.
...
Heads-up by: nectar
2004-09-01 15:01:20 +00:00
Cy Schubert
80b9496636
Update KRB5 1.3.3 --> 1.3.4
2004-06-11 23:08:57 +00:00
Cy Schubert
632f3977c2
Updated patch for MITKRB5-SA-2004-001: krb5_aname_to_localname buffer overrun.
...
Obtained from: Tom Yu <tlyu@mit.edu> on BUGTRAQ
2004-06-04 16:37:32 +00:00
Cy Schubert
fe903ca9af
Fix MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname
...
Obtained from: Tom Yu <tlyu@MIT.EDU> on kerberos-announce list
2004-06-02 19:08:34 +00:00
Cy Schubert
81ee312c5d
Update 1.3.2 --> 1.3.3
2004-04-07 00:28:04 +00:00
Cy Schubert
3d675ef92a
- Update MIT KRB5 1.3.1 --> 1.3.2. (As crypto-publish.org does not have
...
1.3.2 yet, when USE_KRB5_TARBALL=CRYPTO-PUBLISH is specified, 1.3.1
will be installed.)
- Add SIZE to distinfo
2004-02-28 21:25:21 +00:00
Cy Schubert
b41c8531f6
Use ports infrastructure provided PERL5 variable to locate Perl
...
interpreter.
2004-02-21 04:39:05 +00:00
Cy Schubert
3ebae6c5ed
Define unique LATEST_LINK.
...
Reported by: kris
2004-02-07 04:14:39 +00:00
Joe Marcus Clarke
73f7c91b5d
Bump PORTREVISION on all ports that depend on gettext to aid with upgrading.
...
(Part 1)
2004-02-04 05:10:27 +00:00
Cy Schubert
b134e90243
Change to src/include/netdb.h 1.31 caused a compile error. This
...
commit fixes that error.
Reported by: bento
2004-01-25 22:08:27 +00:00
Cy Schubert
d00d6645f8
Fix crypto-publish extract.
2003-11-23 21:48:54 +00:00
Cy Schubert
1026b3b0a6
Add missing slash (/) to the end of MIT MASTER_SITE.
2003-11-10 23:30:32 +00:00
Cy Schubert
4ffc06ad33
MIT has removed the web form, downloads of MIT KRB5 can be automated.
...
Unfortunately MIT and crypto-publish.org distribute two distinctly
different tarballs and the user must select the source/format they
wish to fetch. MIT now becomes the default.
2003-11-10 23:22:16 +00:00
Cy Schubert
df1d57b040
1. Fix pkg-plist.
...
2. Fix build on -STABLE.
PR: 57128
2003-11-08 23:08:25 +00:00
Kris Kennaway
09b69954f2
Mark BROKEN (see bento logs). These ports are scheduled for removal
...
after Feb 2 2004 if they are still broken at that time and no fixes
have been submitted by PR.
2003-11-03 03:56:42 +00:00
Kris Kennaway
79662b45a9
BROKEN: Broken pkg-plist
2003-10-28 02:42:41 +00:00
Cy Schubert
e456daf340
The `man2html' script that krb5 uses is written in Perl.
...
Noticed by: wollman
Approved by: marcus (wearing his portsmgr hat)
2003-09-13 02:32:33 +00:00
Cy Schubert
7fe3cad7e9
Crypto-publish.org is now distributing krb5-1.3.1.
2003-09-10 00:03:09 +00:00
Cy Schubert
615d60baa1
Patch to fix compiles under -STABLE (RELENG_4).
...
PR: 56169
Submitted by: Sergey Matveychuk <sem@ciam.ru>
2003-09-10 00:00:42 +00:00
Cy Schubert
974a6f062a
Update 1.3 --> 1.3.1
2003-08-08 23:35:18 +00:00
Cy Schubert
dc590a57d4
Update 1.2.8 --> 1.3
2003-08-08 01:20:18 +00:00
Cy Schubert
c5dd5e6d13
Put SONAME entries into shared libraries.
...
Submitted by: wollman
2003-05-07 21:43:40 +00:00
Cy Schubert
c9f96b0249
Change default for V4 compatibility to reflect best practices
...
for new installations.
Submitted by: wollman
2003-05-07 04:13:08 +00:00
Cy Schubert
e67cccab8f
Default is to fetch from crypto-publish.org. USA_RESIDENT replaced
...
by USE_MIT_TARBALL. Users can still fetch manually from MIT by
setting USE_MIT_TARBALL=YES.
Suggested by: wollman
2003-05-07 04:09:39 +00:00
Cy Schubert
b19f46658c
Update 1.2.7 --> 1.2.8.
2003-05-07 03:47:49 +00:00
Cy Schubert
af7a454fd3
Patches from:
...
- MITKRB5-SA-2003-005:
Buffer overrun and underrun in principal name handling
- MITKRB5-SA-2003-004:
Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
compromise possible.
- MITKRB5-SA-2003-003:
Faulty length checks in xdrmem_getbytes may allow kadmind DoS.
- Additional patches from RedHat.
Approved by: kris (wearing his portmgr hat)
Obtained from: MIT Website and Nalin Dahyabhai <nalin@redhat.com>
2003-03-21 00:54:06 +00:00
Ade Lovett
7e52725f2a
Clear moonlight beckons.
...
Requiem mors pacem pkg-comment,
And be calm ports tree.
E Nomini Patri, E Fili, E Spiritu Sancti.
2003-03-07 06:14:21 +00:00
Norikatsu Shigemura
4f56b2baa0
Remove RESTRICTED tag for crypto stuff.
...
Approved by: kris (implicitly)
2003-02-22 16:12:23 +00:00
Cy Schubert
e781a319dc
Update 1.2.6 --> 1.2.7
...
Note: Since crypto-publish.org does not yet have krb5-1.2.7 up on their
website, fetch from their site has been temporarily disabled.
2002-11-16 00:02:13 +00:00
Mario Sergio Fujikawa Ferreira
f0a1969d34
o Rollback PORTCOMMENT modifications while this feature's implementation
...
is better studied
o Turn PORTCOMMENT variable in Makefile back into pkg-comment files
Approved by: kris (portmgr hat),
portmgr, re (silence)
2002-11-10 16:48:51 +00:00
Cy Schubert
bf8abaf92f
Use PORTCOMMENT.
2002-11-07 05:46:03 +00:00
Cy Schubert
8117446b64
Fix pkg-plist when KRB5_KRB4_COMPAT=NO is specified.
...
Submitted by: Craig Boston <craig@olyun.gank.org>
2002-10-28 18:28:38 +00:00
Cy Schubert
e413d8b70b
Circumvent the use of bison, use FreeBSD yacc instead.
...
PR: 44446
2002-10-25 15:03:55 +00:00
Cy Schubert
cf7aca2a64
Fix buffer overflow in kadmind4 (remote user can gain root access to
...
KDC host).
Obtained from: Tom Yu <tlyu@mit.edu> on kerberos-announce mailing list,
MIT krb5 Security Advisory 2002-002
2002-10-23 22:30:39 +00:00
Cy Schubert
456c93a6b2
Crypto-publish.org has finally put krb5-1.2.6 up on their site. The
...
patch reimplements code to fetch MIT Kerberos from their site when
USA_RESIDENT=NO.
Approved by: kris
2002-09-25 17:50:00 +00:00
Cy Schubert
495424cc3f
Update 1.2.5 --> 1.2.6
...
Note: Since crypto-publish.org does not yet have krb5-1.2.6 up on their
website, fetch from their site has been temporarily disabled.
2002-09-13 13:46:48 +00:00
Cy Schubert
9c4b099138
Fix extract for non-root users.
...
Noticed by: nectar
Pointy hat to: cy
2002-08-17 00:29:41 +00:00
Jacques Vidrine
20b7146972
Correct Sun RPC buffer overflow.
...
<URL:http://online.securityfocus.com/archive/1/285308 >
<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 >
2002-08-02 18:22:45 +00:00
Cy Schubert
16a3968791
README.FreeBSD fix.
...
PR: 39936
Submitted by: Matthew West <mwest@uct.ac.za>
2002-07-01 06:20:38 +00:00
Cy Schubert
60b5569db4
Fix problem with V4 keys. We should get KRB5_KDB_NO_MATCHING_KEY, not
...
ENOENT. Obtained from /cvs/krbdev/krb5/src/kdc/kdc_preauth.c,v rev 5.31
in MIT KRB5 tree (fix etype info; wrong termination condition used in
get_etype_info).
Obtained from: Sam Hartman <hartmans@mit.edu>
2002-06-26 04:49:07 +00:00
Cy Schubert
4b3b7f15da
I add missing krb5-config.
2002-06-16 12:44:06 +00:00
Cy Schubert
d845a8a153
Now that www.crypto-publish.org has put the latest version of MIT KRB5
...
up on their website again, reimplementation of the Makefile patch that
fetched the the tarball from their site for users outside of the US
(originally in Makefile rev 1.29). USA_RESIDENT=YES still supports
manual fetching from web.mit.edu.
2002-05-03 02:20:17 +00:00
Cy Schubert
f377a101ed
Upgrade 1.2.4 --> 1.2.5
2002-05-02 14:30:24 +00:00
Cy Schubert
341484d039
www.crypto-publish.org does not have krb5-1.2.4.{tar,tar.Z,tar.gz,tar.bz2}.
...
Reported by: bento
2002-03-29 13:23:08 +00:00
Cy Schubert
a50d121378
MIT currently distributes their KRB5 distribution in a tarball (.tar)
...
that contains the distribution itself, in a tar.gz file, and a signature
certificate, contained in a detached .tar.gz.asc file. Prior to this
patch, users installing MIT KRB5 had to extract the tarball into
/usr/ports/distfiles, then proceed with the installation. This caused
confusion among those installing the port. This patch addresses the
problem by extracting the .tar.gz file from the tarball, then unpacking
the .tar.gz file before continuing with the build.
2002-03-18 22:52:43 +00:00
Cy Schubert
4aa8bcaf49
Update 1.2.3 --> 1.2.4
2002-03-01 13:23:47 +00:00
Cy Schubert
c0f94d44f3
Update 1.2.2 -> 1.2.3
2002-01-16 03:17:24 +00:00
Cy Schubert
6108625cb9
In order to make the MIT KRB5 port compatible with FreeBSD, the port
...
now makes use of login.conf and login.access. This is performed by
using FreeBSD login(1) instead of MIT KRB5 login.krb5(8).
The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in
the klogind and telnetd arguments in inetd.conf. This is documented
in a new file called README.FreeBSD.
Reviewed by: nectar
2002-01-08 15:05:08 +00:00
Jacques Vidrine
dd4cf80985
= Modify `ksu' so that it uses the login cap database. Michael Allman
...
<msa@dinosauricon.com> provided the original patches.
= For users outside of the US, point to www.crypto-publish.org for the
distfiles. It was Chris Knight <chris@aims.com.au>'s idea.
Submitted by: Cy.Schubert@uumail.gov.bc.ca (MAINTAINER)
PR: ports/29865
2001-09-07 19:53:09 +00:00