| Port details |
- krb5-112 Authentication system developed at MIT, successor to Kerberos IV
- 1.12.5 security
 =0       1.12.5Version of this port present on the latest quarterly branch.  DEPRECATED: EOL twelve months after release of krb5-1.14
 This port expired on: 2016-11-20
- Maintainer: cy@FreeBSD.org
- Port Added: 2014-10-16 19:44:48
- Last Update: 2016-12-03 05:26:30
- SVN Revision: 427589
- License: MIT
- Description:
- Kerberos V5 is an authentication system developed at MIT.
WWW: http://web.mit.edu/kerberos/
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
 cgit ¦ GitHub ¦ GitHub ¦ GitLab ¦  - pkg-plist: as obtained via:
make generate-plist - There is no configure plist information for this port.
- Dependency lines:
-
- krb5-112>0:security/krb5-112
- No installation instructions:
- This port has been deleted.
- PKGNAME: krb5-112
- Flavors: there is no flavor information for this port.
- distinfo:
- SHA256 (krb5-1.12.5.tar.gz) = bcb3bb24234beb7a4724a2f9e119039eedf49977efe56697c714d92b269e8e45
SIZE (krb5-1.12.5.tar.gz) = 12020731
No package information for this port in our database- Sometimes this happens. Not all ports have packages.
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- msgfmt : devel/gettext-tools
- gmake : devel/gmake
- libtool : devel/libtool
- pkgconf>=0.9.10 : devel/pkgconf
- perl5>=5.24<5.25 : lang/perl5.24
- Runtime dependencies:
-
- pkgconf>=0.9.10 : devel/pkgconf
- Library dependencies:
-
- libintl.so : devel/gettext-runtime
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for krb5-112-1.12.5:
DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names
KRB5_HTML=on: Install krb5 HTML documentation
KRB5_PDF=on: Install krb5 PDF documentation
LDAP=off: LDAP protocol support
====> Options available for the radio CMD_LINE_EDITING: you can only select none or one of them
READLINE=off: Command line editing via libreadline
LIBEDIT=off: Command line editing via libedit
===> Use 'make config' to modify these settings
- Options name:
- N/A
- USES:
- cpe gettext gmake perl5 libtool:build gssapi:bootstrap,mit pkgconfig:both ssl
- FreshPorts was unable to extract/find any pkg message
- Master Sites:
|
| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.12.5
03 Dec 2016 05:26:30
  |
cy |
Remove expired krb5-112. It was mistakenly "re-added" by r427588. |
1.12.5
03 Dec 2016 00:54:23
|
cy |
Welcome the new security/krb5-115 port. This port follows MIT's
KRB5 1.15 releases.
To support this new ports:
- The security/krb5 port includes an option to use this port instead
of krb5-114 as its base. krb5-114 will remain the default until the
next release of KRB5 1.15 (if it's stable of course).
- MIT by default deprecates KRB5 two versions back from the current
release. krb5-113 has been deprecated and will expire one year from
now. |
1.12.5
20 Nov 2016 12:38:39
|
rene |
Remove expired ports:
2016-11-19 sysutils/gosa: this version of gosa cannot be fixed (requires PHP <
5.4)
2016-11-20 security/krb5-112: EOL twelve months after release of krb5-1.14 |
1.12.5
27 Jul 2016 01:56:23
|
cy |
Modernize krb5-112 and krb5-113 replacing USE_OPENSSL with USES=ssl. |
1.12.5
19 May 2016 10:53:06
|
amdmi3 |
- Fix trailing whitespace in pkg-descrs, categories [p-x]*
Approved by: portmgr blanket |
1.12.5
30 Mar 2016 07:28:23
|
bapt |
Remove uneeded dependency on GNU m4 |
1.12.5
17 Dec 2015 01:36:46
|
cy |
Update 1.12.4 --> 1.12.5 |
1.12.4_3
15 Dec 2015 05:02:21
|
cy |
This is the second part of two commits, the first being r403749.
Adopt the same port structure as used by the cfengine family of ports:
security/krb5 is renamed to security/krb5-114.
A brand new security/krb5 now becomes a master port for the family of
security/krb5-* ports. The default installs krb5-1.14. There is no
functional change to the port build nor does the name of the latest krb5
port and package change. Users can continue to install security/krb5
to track the latest major version of security/krb5.
Users wishing to install a specific version branch of krb5 can continue
to install any of the security/krb5-* ports or by setting KRB5_VERSION
in make.conf make.conf or including the branch on the make command line
during build:
make KRB5_VERSIN=NNN
make -V VERSIONS lists available versions.
security/krb5-appl has been updated to support this change (also fixing
a typo in the krb5-appl/Makefile).
Inspired by: sysutils/cfengine |
1.12.4_3
21 Nov 2015 08:47:13
|
cy |
Introduce the new krb5 1.14:
- move (copy) krb5 (krb5 1.13.2) to krb5-113 (new, added)
- update krb5 1.13.2 --> 1.14
- update CONFLICTS in krb5, krb5-112 and krb5-113.
- update krb5-appl to allow optional dependency on krb5-113.
- update security/Makefile with copied krb5-113.
- deprecate and expire krb5-112 (krb5-1.12) on November 20, 2016, as it
will EOL twelve months after the release of krb5-1.14. |
1.12.4_3
19 Oct 2015 07:29:08
|
cy |
Bump PORTREVISION. |
1.12.4_2
19 Oct 2015 07:17:47
|
cy |
Fix READLINE option.
Add support for libedit (LIBEDIT option).
Both command line editing options now supported by RADIO button.
Fix typo in gssapi: bootstrap. |
1.12.4_2
31 Aug 2015 07:18:23
|
cy |
Fix build under 11-CURRENT. r378417 introduced a libreadline link
workaround due to libtool not working with 11-CURRENT at the time.
The workaround now causes grief under 11-CURRENT and needs to be
removed.
PR: 202782 |
1.12.4_1
17 Aug 2015 14:20:41
|
mat |
Remove UNIQUENAME and LATEST_LINK.
UNIQUENAME was never unique, it was only used by USE_LDCONFIG and now,
we won't have conflicts there.
Use PKGBASE instead of LATEST_LINK in PKGLATESTFILE, the *only* consumer
is pkg-devel, and it works just fine without LATEST_LINK as pkg-devel
has the correct PKGNAME anyway.
Now that UNIQUENAME is gone, OPTIONSFILE is too. (it's been called
OPTIONS_FILE now.)
Reviewed by: antoine, bapt
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D3336 |
1.12.4_1
06 Jun 2015 20:27:21
|
cy |
MIT KRB5 ports build unusable binaries due to incorrect linking
when build under poudriere. This commit fixes that. |
1.12.4
02 Jun 2015 05:09:23
|
cy |
Update 1.12.3 --> 1.12.4 |
1.12.3_2
28 May 2015 17:48:18
|
delphij |
Apply vendor patch for CVE-2015-2694 (changeset
b0c571e709c72da799ccc15fb5755f7910170e33) to prevent requires_preauth
bypass.
Approved by: so
Obtained
from: https://github.com/krb5/krb5/commit/b0c571e709c72da799ccc15fb5755f7910170e33.diff
Security: CVE-2015-2694
Security: 0b040e24-f751-11e4-b24d-5453ed2e2b49
MFH: 2015Q2 |
1.12.3_1
20 Apr 2015 19:06:30
 |
tijl |
- Display a stage-qa warning when ports use PREFIX/var instead of /var
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
when CONFIGURE_ARGS already sets it. (GNU configure scripts set it to
PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
they aren't affected by this change (for now at least). This commit is
meant to ensure that new ports don't make the same mistake.
- games/acm: the configure script in this port is very old; instead of
patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
changed the behaviour of the configure script; adjust the port to this.
PR: 199506
Exp-run by: antoine
Approved by: portmgr (antoine) |
1.12.3_1
23 Mar 2015 19:04:24
|
cy |
Fix build with libressl.
PR: 198749, 198750 |
1.12.3
05 Mar 2015 18:48:32
|
cy |
Advertise CPE data for Kerberos.
PR: 197465, 197466, 197467 |
1.12.3
21 Feb 2015 16:14:39
|
cy |
Kerberos Version 5, Release 1.12.3 is released. This fixes multiple
vulnerabilities, some previously committed by point patches and others
newly fixed in this release.
* Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354] [CVE-2014-5353]
* Fix multiple kadmind vulnerabilities, some of which are based in the
gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
CVE-2014-9422 CVE-2014-9423]
Security: VuXML: 63527d0d-b9de-11e4-8a48-206a8a720317
Security: CVE-2014-5354, CVE-2014-5353
Security: CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security: CVE-2014-9422, CVE-2014-9423 |
1.12.2_3
20 Feb 2015 20:59:09
|
cy |
Fix broken rpath.
Submitted by: hrs |
1.12.2_2
13 Feb 2015 20:25:24
|
cy |
Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT
for krb5-111 and krb5-112.
Obtained from: Greg Hudson <ghudson@mit.edu>
Security: CVE-2014-5353, CVE-2014-5354 |
1.12.2_1
13 Feb 2015 01:48:15
|
cy |
Forbid krb5-111 and krb5-112.
Security: CVE-2014-5353, CVE-2014-5354
Security: VUXML: 3a888a1e-b321-11e4-83b2-206a8a720317 |
1.12.2_1
05 Feb 2015 03:39:14
|
cy |
Correct various packaging issues:
- Libraries are not installed stripped;
- pkgconfig files should be installed to libdata;
- Use of deprecated @dirrm[try]
PR: PR/197338
Submitted by: delphij |
1.12.2_1
04 Feb 2015 20:47:05
|
cy |
Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
gss_process_context_token VU#540092
CVE-2014-5352: gss_process_context_token() incorrectly frees context
CVE-2014-9421: kadmind doubly frees partial deserialization results
CVE-2014-9422: kadmind incorrectly validates server principal name
CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
Security: VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security: MIT KRB5: VU#540092
Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 |
1.12.2
14 Dec 2014 11:44:25
|
antoine |
- Remove support for EXTRACT_PRESERVE_OWNERSHIP
- Update a few comments related to extract
Differential Revision: https://reviews.freebsd.org/D1189
With hat: portmgr |
1.12.2
18 Oct 2014 17:05:56
|
cy |
Fix LATEST_LINK. |
1.12.2
18 Oct 2014 10:06:58
|
antoine |
Unbreak |
1.12.2
16 Oct 2014 19:44:22
|
cy |
MIT Kerberos released 1.13; 1.12 becomes a maintenance release,
1.11 remains a maintenance release.
- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
(now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
security/krb5-111 (the old maintenance release still supported by MIT) |
As an Amazon Associate I earn from qualifying purchases.