non port: security/krb5-115/Makefile |
Number of commits found: 43 |
Tuesday, 9 Apr 2019
|
14:04 sunpoet
Update devel/readline to 8.0
- Bump PORTREVISION of dependent ports for shlib change
Changes: https://tiswww.case.edu/php/chet/readline/CHANGES
PR: 236156
Exp-run by: antoine
 |
Friday, 15 Feb 2019
|
04:37 cy
Provide a script from which to start krb5kdc through /etc/rc.d/kdc.
Simply add kdc_enable="YES" and kdc_program="/usr/local/sbin/kdc"
to /etc/rc.d. The script removes the Heimdal kdc --detach argument
prior to invoking krb5kdc.
The other approach that was considered was to replace getopt() in
kdc/main.c with getopt_long() however this approach was considered too
intrusive.
 |
Sunday, 13 Jan 2019
|
15:57 cy
pkgconfig is used at build time, not runtime.
MFH: 2019Q1 (krb5-devel will need to have all its previous
commits brought up to level in 2019Q1 first)
 |
Tuesday, 8 Jan 2019
|
20:29 cy
Welcome the new KRB5 1.17 (krb5-117).
Major changes in 1.17 (2019-01-08)
==================================
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* "kdb5_util dump" will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Changes to the FreeBSD krb5* ports include:
* CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in
consideration.
* The default krb5 port is now krb5-117.
* MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set
to expire Jan 31, 2020.
 |
20:04 cy
Correct CONFLICTS.
MFH: 2019Q1
 |
01:41 cy
Update 1.15.4 --> 1.15.5
Major changes in 1.15.5 (2019-01-07)
====================================
This is a bug fix release.
* Fix a regression in the MEMORY credential cache type which could
cause client programs to crash.
* MEMORY credential caches will not be listed in the global
collection, with the exception of the default credential cache if it
is of type MEMORY.
* Remove an incorrect assertion in the KDC which could be used to
cause a crash [CVE-2018-20217].
MFH: 2019Q1
 |
Friday, 2 Nov 2018
|
15:51 cy
krb5-115: update 1.15.3 --> 1.15.4
 |
Monday, 2 Jul 2018
|
05:57 cy
While working the ports fallout due to making Hemidal in base
private it was discovered that com_err.3, though distributed in
the tarball, was not installed. Install it.
 |
Tuesday, 19 Jun 2018
|
13:38 cy
Revert r472760 and instead use upstream git commit
beeb2828945a41d86488e391ce440bacee0ec committed to the krb5
development branch Saturday, June 16. The upstream commit
message follows:
Author: Thomas Sondergaard <tsondergaard@vitalimages.com>
Date: Sat Jun 16 18:14:50 2018 +0200
Eliminate use of the 'register' keyword
'register' is a reserved and unused keyword in C++17 so having it
present in the public headers presents a a compatibility issue. Also
in C the 'register' keyword is mostly obsolete, so remove all uses of
it.
[ghudson@mit.edu: adjusted style of some of the affected lines]
 |
06:51 cy
While working on the ports fallout due to the private Heimdal in base
project, a port (www/squid-devel) was discovered to be grumpy due to
numerous errors such as below:
/usr/local/include/krb5/krb5.h:3566:19: error: 'register' storage class
specifier is deprecated and incompatible with C++17
[-Werror,-Wdeprecated-register]
register char **name);
^~~~~~~~~
The "register" keyword is meaningless and can cause grief among ports
that build against any of the krb5 ports.
 |
Wednesday, 13 Jun 2018
|
05:55 cy
MIT krb5 fails to build with boringssl installed due to a missing
typedef for PKCS7 in the boringssl pkcs7.h.
 |
05:44 cy
Fix build with libressl and bearssl.
PR: 228970
 |
Tuesday, 12 Jun 2018
|
03:42 cy
Fix logic from patch supplied in PR 217027, committed in
r433966 and r433967.
PR: 228900
 |
Friday, 4 May 2018
|
06:23 cy
Update 1.15.2 --> 1.15.3
Major changes in 1.15.3 (2018-05-03)
====================================
This is a bug fix release.
* Fix flaws in LDAP DN checking, including a null dereference KDC
crash which could be triggered by kadmin clients with administrative
privileges [CVE-2018-5729, CVE-2018-5730].
* Fix a KDC PKINIT memory leak.
* Fix a small KDC memory leak on transited or authdata errors when
processing TGS requests.
* Fix a null dereference when the KDC sends a large TGS reply.
* Fix "kdestroy -A" with the KCM credential cache type.
* Fix the handling of capaths "." values.
* Fix handling of repeated subsection specifications in profile files
(such as when multiple included files specify relations in the same
subsection).
 |
Friday, 2 Feb 2018
|
06:50 cy
Fix build when NLS option is unchecked.
Reported by: Geraud CONTINSOUZAS <geraud.continsouzas@skazy.nc>
 |
Thursday, 11 Jan 2018
|
16:24 danfe
Remove superfluous linefeeds.
 |
Wednesday, 10 Jan 2018
|
15:08 danfe
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files which are not actually manual pages.
 |
Monday, 30 Oct 2017
|
16:55 mandree
Reconcile e2fsprogs ./. krb5-* conflicts.
* Move conflicting e2fsprogs headers & libs into .../e2fsprogs/... subdirs.
* Move conflicting awk scripts into ${DATADIR}.
* Rename and patch compile_et to e2fsprogs-compile_et.
* Remove conflict markers (from e2fsprogs and krb5-*).
* Add CPPFLAGS/LDFLAGS to sysutils/fusefs-ext2, including
--rpath setting.
While here, also:
* sort pkg-plist and files/unwanted
* use FUSEFS_CONFIGURE_ENABLE=fuse2fs to prevent e2fsprogs from picking up
fusefs (implies --disable-fuse2fs if the option remains disabled)
* add --without-included-gettext to CONFIGURE_ARGS just to be on the safe
side.
And of course, bump PORTREVISION to 3 in e2fsprogs. Since other ports
do not change files or runtime behaviour, their PORTREVISION remains
untouched.
 |
00:16 mandree
Add CONFLICTS between krb5-* and e2fsprogs.
Reported by: jbeich@
 |
Thursday, 5 Oct 2017
|
01:55 cy
Register conflicts among the krb5 ports.
Reported by: rodrigo
 |
Tuesday, 26 Sep 2017
|
10:09 cy
Update 1.15.1 --> 1.15.2
 |
Tuesday, 27 Jun 2017
|
13:46 sunpoet
Update devel/readline to 7.0 patch 3
- Bump PORTREVISION for shlib change
Changes: https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision: https://reviews.freebsd.org/D11172
PR: 219947
Exp-run by: antoine
 |
Wednesday, 21 Jun 2017
|
02:46 cy
Switch to USES=localbase.
 |
Tuesday, 14 Mar 2017
|
03:24 cy
Pet portlint.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
03:22 cy
Simplfy WRKSRC by using WRKSRC_SUBDIR.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
03:17 cy
Describe CMD_LINE_EDITING RADIO group.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
03:15 cy
Respect global NLS option.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
03:14 cy
Convert to global EXAMPLES (default).
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
03:09 cy
New READLINE_PORT option to select to use readline in base or
readline in ports.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
03:06 cy
Remove redundant file that should have been removed in r253265.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
02:59 cy
Use options helpers.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
02:55 cy
Install LDIF and schema files if LDAP is enabled
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
02:51 cy
Replace explicit PLIST_SUB with OPTIONS_SUB, simplifying Makefiles.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
02:48 cy
Make READLINE default.
PR: 217552
Submitted by: John W. O'brien <john@saltant.com>
Differential Revision: D9889
 |
Sunday, 5 Mar 2017
|
04:02 cy
Fix up typo.
 |
03:27 cy
Remove redundant message about Kerberos klogind and telnetd. These
programs ere moved to krb5-appl (by MIT) when krb5-appl was created
in r253265. This message should have been removed from this Makefile
at that time.
Pointy hat to: cy (that's me)
 |
Saturday, 4 Mar 2017
|
00:09 cy
Update 1.15 --> 1.15.1
 |
Sunday, 12 Feb 2017
|
21:29 cy
Fix build with LbreSSL.
PR: 217027
Submitted by: brnrd
 |
Saturday, 4 Feb 2017
|
01:37 cy
pkgconfig is only needed at install/runtime.
Reported by: des
 |
Tuesday, 3 Jan 2017
|
11:01 mat
Cleanup BROKEN/IGNORE for 10.3-
Sponsored by: Absolight
 |
Friday, 16 Dec 2016
|
20:16 cy
Replace description with somthing more relevant to today.
Suggested by: wollman
 |
Saturday, 10 Dec 2016
|
01:09 cy
Register a build fail on FreeBSD-9 due to pkinit.so not being built,
causing orphan check to fail.
 |
Saturday, 3 Dec 2016
|
00:54 cy
Welcome the new security/krb5-115 port. This port follows MIT's
KRB5 1.15 releases.
To support this new ports:
- The security/krb5 port includes an option to use this port instead
of krb5-114 as its base. krb5-114 will remain the default until the
next release of KRB5 1.15 (if it's stable of course).
- MIT by default deprecates KRB5 two versions back from the current
release. krb5-113 has been deprecated and will expire one year from
now.
 |
Number of commits found: 43 |