notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Port details
krb5-112 Authentication system developed at MIT, successor to Kerberos IV
1.12.5 security Deleted on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port
1.12.5Version of this port present on the latest quarterly branch.
Deprecated DEPRECATED: EOL twelve months after release of krb5-1.14
Expired This port expired on: 2016-11-20
Maintainer: cy@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2014-10-16 19:44:48
Last Update: 2016-12-03 05:26:30
SVN Revision: 427589
License: MIT
Kerberos V5 is an authentication system developed at MIT.
WWW: http://web.mit.edu/kerberos/

Abridged from the User Guide:
       Under Kerberos, a client sends a request for a ticket to the
   Key Distribution Center (KDC). The KDC creates a ticket-granting
   ticket (TGT) for the client, encrypts it using the client's
   password as the key, and sends the encrypted TGT back to the
   client. The client then attempts to decrypt the TGT, using
   its password. If the client successfully decrypts the TGT, it
   keeps the decrypted TGT, which indicates proof of the client's
   identity. The TGT permits the client to obtain additional tickets,
   which give permission for specific services.
       Since Kerberos negotiates authenticated, and optionally encrypted,
   communications between two points anywhere on the internet, it
   provides a layer of security that is not dependent on which side of a
   firewall either client is on.
       The Kerberos V5 package is designed to be easy to use. Most of the
   commands are nearly identical to UNIX network programs you are already
   used to. Kerberos V5 is a single-sign-on system, which means that you
   have to type your password only once per session, and Kerberos does
   the authenticating and encrypting transparently.

Jacques Vidrine <n@nectar.com>
SVNWeb : Homepage

There is no configure plist information for this port.

Dependency lines:
  • krb5-112>0:security/krb5-112
  • libgssrpc.so:security/krb5-112

No installation instructions: this port has been deleted.

The package name of this deleted port was:

PKGNAME: krb5-112

There is no flavor information for this port.

distinfo:

SHA256 (krb5-1.12.5.tar.gz) = bcb3bb24234beb7a4724a2f9e119039eedf49977efe56697c714d92b269e8e45
SIZE (krb5-1.12.5.tar.gz) = 12020731


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. msgfmt : devel/gettext-tools
  2. gmake : devel/gmake
  3. libtool : devel/libtool
  4. pkgconf>=0.9.10 : devel/pkgconf
  5. perl5>=5.24<5.25 : lang/perl5.24
Runtime dependencies:
  1. pkgconf>=0.9.10 : devel/pkgconf
Library dependencies:
  1. libintl.so : devel/gettext-runtime
There are no ports dependent upon this port

Configuration Options
===> The following configuration options are available for krb5-112-1.12.5:
     DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names
     KRB5_HTML=on: Install krb5 HTML documentation
     KRB5_PDF=on: Install krb5 PDF documentation
     LDAP=off: LDAP protocol support
====> Options available for the radio CMD_LINE_EDITING: you can only select none or one of them
     READLINE=off: Command line editing via libreadline
     LIBEDIT=off: Command line editing via libedit
===> Use 'make config' to modify these settings

USES:
cpe gettext gmake perl5 libtool:build  gssapi:bootstrap,mit pkgconfig:both ssl

Master Sites:
  1. http://web.mit.edu/kerberos/dist/krb5/1.12/
Port Moves
  • port deleted on 2016-11-20
    REASON: Has expired: EOL twelve months after release of krb5-1.14
  • port moved here from security/krb5-111 on 2015-09-15
    REASON: krb5-1.11 EOLed by MIT in December 2014

Number of commits found: 29

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
03 Dec 2016 05:26:30
Original commit files touched by this commit  1.12.5
Revision:427589
cy search for other commits by this committer
Remove expired krb5-112. It was mistakenly "re-added" by r427588.
03 Dec 2016 00:54:23
Original commit files touched by this commit  1.12.5
Revision:427588
cy search for other commits by this committer
Welcome the new security/krb5-115 port. This port follows MIT's
KRB5 1.15 releases.

To support this new ports:

- The security/krb5 port includes an option to use this port instead
  of krb5-114 as its base. krb5-114 will remain the default until the
  next release of KRB5 1.15 (if it's stable of course).

- MIT by default deprecates KRB5 two versions back from the current
  release. krb5-113 has been deprecated and will expire one year from
  now.
20 Nov 2016 12:38:39
Original commit files touched by this commit  1.12.5
Revision:426577
rene search for other commits by this committer
Remove expired ports:
2016-11-19 sysutils/gosa: this version of gosa cannot be fixed (requires PHP <
5.4)
2016-11-20 security/krb5-112: EOL twelve months after release of krb5-1.14
27 Jul 2016 01:56:23
Original commit files touched by this commit  1.12.5
Revision:419156
cy search for other commits by this committer
Modernize krb5-112 and krb5-113 replacing USE_OPENSSL with USES=ssl.
19 May 2016 10:53:06
Original commit files touched by this commit  1.12.5
Revision:415500
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-descrs, categories [p-x]*

Approved by:	portmgr blanket
30 Mar 2016 07:28:23
Original commit files touched by this commit  1.12.5
Revision:412159
bapt search for other commits by this committer
Remove uneeded dependency on GNU m4
17 Dec 2015 01:36:46
Original commit files touched by this commit  1.12.5
Revision:403891
cy search for other commits by this committer
Update 1.12.4 --> 1.12.5
15 Dec 2015 05:02:21
Original commit files touched by this commit  1.12.4_3
Revision:403760
cy search for other commits by this committer
This is the second part of two commits, the first being r403749.

Adopt the same port structure as used by the cfengine family of ports:

security/krb5 is renamed to security/krb5-114.

A brand new security/krb5 now becomes a master port for the family of
security/krb5-* ports. The default installs krb5-1.14. There is no
functional change to the port build nor does the name of the latest krb5
port and package change. Users can continue to install security/krb5
to track the latest major version of security/krb5.

Users wishing to install a specific version branch of krb5 can continue
to install any of the security/krb5-* ports or by setting KRB5_VERSION
in make.conf make.conf or including the branch on the make command line
during build:

	make KRB5_VERSIN=NNN

make -V VERSIONS lists available versions.

security/krb5-appl has been updated to support this change (also fixing
a typo in the krb5-appl/Makefile).

Inspired by:            sysutils/cfengine
21 Nov 2015 08:47:13
Original commit files touched by this commit  1.12.4_3
Revision:402143
cy search for other commits by this committer
Introduce the new krb5 1.14:

- move (copy) krb5 (krb5 1.13.2) to krb5-113 (new, added)
- update krb5 1.13.2 --> 1.14
- update CONFLICTS in krb5, krb5-112 and krb5-113.
- update krb5-appl to allow optional dependency on krb5-113.
- update security/Makefile with copied krb5-113.
- deprecate and expire krb5-112 (krb5-1.12) on November 20, 2016, as it
  will EOL twelve months after the release of krb5-1.14.
19 Oct 2015 07:29:08
Original commit files touched by this commit  1.12.4_3
Revision:399634
cy search for other commits by this committer
Bump PORTREVISION.
19 Oct 2015 07:17:47
Original commit files touched by this commit  1.12.4_2
Revision:399632
cy search for other commits by this committer
Fix READLINE option.
Add support for libedit (LIBEDIT option).
Both command line editing options now supported by RADIO button.

Fix typo in gssapi: bootstrap.
31 Aug 2015 07:18:23
Original commit files touched by this commit  1.12.4_2
Revision:395651
cy search for other commits by this committer
Fix build under 11-CURRENT. r378417 introduced a libreadline link
workaround due to libtool not working with 11-CURRENT at the time.
The workaround now causes grief under 11-CURRENT and needs to be
removed.

PR:		202782
17 Aug 2015 14:20:41
Original commit files touched by this commit  1.12.4_1
Revision:394508
mat search for other commits by this committer
Remove UNIQUENAME and LATEST_LINK.

UNIQUENAME was never unique, it was only used by USE_LDCONFIG and now,
we won't have conflicts there.

Use PKGBASE instead of LATEST_LINK in PKGLATESTFILE, the *only* consumer
is pkg-devel, and it works just fine without LATEST_LINK as pkg-devel
has the correct PKGNAME anyway.

Now that UNIQUENAME is gone, OPTIONSFILE is too. (it's been called
OPTIONS_FILE now.)

Reviewed by:	antoine, bapt
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D3336
06 Jun 2015 20:27:21
Original commit files touched by this commit  1.12.4_1
Revision:388684
cy search for other commits by this committer
MIT KRB5 ports build unusable binaries due to incorrect linking
when build under poudriere. This commit fixes that.
02 Jun 2015 05:09:23
Original commit files touched by this commit  1.12.4
Revision:388307
cy search for other commits by this committer
Update 1.12.3 --> 1.12.4
28 May 2015 17:48:18
Original commit files touched by this commit  1.12.3_2
Revision:387747
delphij search for other commits by this committer
Apply vendor patch for CVE-2015-2694 (changeset
b0c571e709c72da799ccc15fb5755f7910170e33) to prevent requires_preauth
bypass.

Approved by:	so
Obtained
from:	https://github.com/krb5/krb5/commit/b0c571e709c72da799ccc15fb5755f7910170e33.diff
Security:	CVE-2015-2694
Security:	0b040e24-f751-11e4-b24d-5453ed2e2b49
MFH:		2015Q2
20 Apr 2015 19:06:30
Original commit files touched by this commit  1.12.3_1
Revision:384380 This port version is marked as vulnerable.
tijl search for other commits by this committer
- Display a stage-qa warning when ports use PREFIX/var instead of /var
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
  when CONFIGURE_ARGS already sets it.  (GNU configure scripts set it to
  PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
  they aren't affected by this change (for now at least).  This commit is
  meant to ensure that new ports don't make the same mistake.

- games/acm: the configure script in this port is very old; instead of
  patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
  changed the behaviour of the configure script; adjust the port to this.

PR:		199506
Exp-run by:	antoine
Approved by:	portmgr (antoine)
23 Mar 2015 19:04:24
Original commit files touched by this commit  1.12.3_1
Revision:382023 This port version is marked as vulnerable.
cy search for other commits by this committer
Fix build with libressl.

PR:		198749, 198750
05 Mar 2015 18:48:32
Original commit files touched by this commit  1.12.3
Revision:380545 This port version is marked as vulnerable.
cy search for other commits by this committer
Advertise CPE data for Kerberos.

PR:		197465, 197466, 197467
21 Feb 2015 16:14:39
Original commit files touched by this commit  1.12.3
Revision:379532 This port version is marked as vulnerable.
cy search for other commits by this committer
Kerberos Version 5, Release 1.12.3 is released. This fixes multiple
vulnerabilities, some previously committed by point patches and others
newly fixed in this release.

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354] [CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
  CVE-2014-9422 CVE-2014-9423]

Security:	VuXML: 63527d0d-b9de-11e4-8a48-206a8a720317
Security:	CVE-2014-5354, CVE-2014-5353
Security:	CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security:	CVE-2014-9422, CVE-2014-9423
20 Feb 2015 20:59:09
Original commit files touched by this commit  1.12.2_3
Revision:379469 This port version is marked as vulnerable.
cy search for other commits by this committer
Fix broken rpath.

Submitted by:	hrs
13 Feb 2015 20:25:24
Original commit files touched by this commit  1.12.2_2
Revision:378944 This port version is marked as vulnerable.
cy search for other commits by this committer
Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT
for krb5-111 and krb5-112.

Obtained from:	Greg Hudson <ghudson@mit.edu>
Security:	CVE-2014-5353, CVE-2014-5354
13 Feb 2015 01:48:15
Original commit files touched by this commit  1.12.2_1
Revision:378909 This port version is marked as vulnerable.
cy search for other commits by this committer
Forbid krb5-111 and krb5-112.

Security:	CVE-2014-5353, CVE-2014-5354
Security:	VUXML: 3a888a1e-b321-11e4-83b2-206a8a720317
05 Feb 2015 03:39:14
Original commit files touched by this commit  1.12.2_1
Revision:378441 This port version is marked as vulnerable.
cy search for other commits by this committer
Correct various packaging issues:

 - Libraries are not installed stripped;
 - pkgconfig files should be installed to libdata;
 - Use of deprecated @dirrm[try]

PR:		PR/197338
Submitted by:	delphij
04 Feb 2015 20:47:05
Original commit files touched by this commit  1.12.2_1
Revision:378417 This port version is marked as vulnerable.
cy search for other commits by this committer
Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
gss_process_context_token VU#540092

CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security:	MIT KRB5: VU#540092
Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
14 Dec 2014 11:44:25
Original commit files touched by this commit  1.12.2
Revision:374698 This port version is marked as vulnerable.
antoine search for other commits by this committer
- Remove support for EXTRACT_PRESERVE_OWNERSHIP
- Update a few comments related to extract

Differential Revision:	https://reviews.freebsd.org/D1189
With hat:	portmgr
18 Oct 2014 17:05:56
Original commit files touched by this commit  1.12.2
Revision:371142 This port version is marked as vulnerable.
cy search for other commits by this committer
Fix LATEST_LINK.
18 Oct 2014 10:06:58
Original commit files touched by this commit  1.12.2
Revision:371108 This port version is marked as vulnerable.
antoine search for other commits by this committer
Unbreak
16 Oct 2014 19:44:22
Original commit files touched by this commit  1.12.2
Revision:371019 This port version is marked as vulnerable.
cy search for other commits by this committer
MIT Kerberos released 1.13; 1.12 becomes a maintenance release,
1.11 remains a maintenance release.

- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
  (now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
  security/krb5-111 (the old maintenance release still supported by MIT)

Number of commits found: 29

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
ImageMagick6*Jun 17
ImageMagick6-nox11*Jun 17
ImageMagick7*Jun 17
ImageMagick7-nox11*Jun 17
GraphicsMagickJun 16
netatalk3Jun 16
chromiumJun 15
neovimJun 13
phpmyadminJun 13
vimJun 13
vim-consoleJun 13
vim-tinyJun 13
mybbJun 12
linux-flashplayerJun 11
drupal7Jun 08

12 vulnerabilities affecting 80 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2019-06-17 06:25:27


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 36690
Broken 82
Deprecated 120
Ignore 304
Forbidden 3
Restricted 162
No CDROM 74
Vulnerable 33
Expired 14
Set to expire 91
Interactive 0
new 24 hours 7
new 48 hours15
new 7 days36
new fortnight61
new month201

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2019 Dan Langille. All rights reserved.