notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)All times are UTC		 Ukraine
Port details
krb5-121 MIT implementation of RFC 4120 network authentication service
1.21.2 security on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 1.21.2Version of this port present on the latest quarterly branch.
Maintainer: cy@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2023-06-06 18:42:09
Last Update: 2023-11-28 23:49:24
Commit Hash: 743dbb8
License: MIT
WWW:
https://web.mit.edu/kerberos/
Description:
Kerberos V5 is an authentication system developed at MIT. Abridged from the User Guide: Under Kerberos, a client sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT, it keeps the decrypted TGT, which indicates proof of the client's identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already used to. Kerberos V5 is a single-sign-on system, which means that you have to type your password only once per session, and Kerberos does the authenticating and encrypting transparently. Jacques Vidrine <n@nectar.com>
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
pkg-plist: as obtained via: make generate-plist
Expand this list (185 items)
Collapse this list.
  1. @ldconfig
  2. /usr/local/share/licenses/krb5-121-1.21.2/catalog.mk
  3. /usr/local/share/licenses/krb5-121-1.21.2/LICENSE
  4. /usr/local/share/licenses/krb5-121-1.21.2/MIT
  5. bin/compile_et
  6. bin/gss-client
  7. bin/k5srvutil
  8. bin/kadmin
  9. bin/kdestroy
  10. bin/kinit
  11. bin/klist
  12. bin/kpasswd
  13. bin/krb5-config
  14. @mode 04755
  15. @owner root
  16. @group wheel
  17. bin/ksu
  18. @mode
  19. @owner root
  20. @group wheel
  21. bin/kswitch
  22. bin/ktutil
  23. bin/kvno
  24. bin/sclient
  25. bin/sim_client
  26. bin/uuclient
  27. include/com_err.h
  28. include/gssapi.h
  29. include/gssapi/gssapi.h
  30. include/gssapi/gssapi_alloc.h
  31. include/gssapi/gssapi_ext.h
  32. include/gssapi/gssapi_generic.h
  33. include/gssapi/gssapi_krb5.h
  34. include/gssapi/mechglue.h
  35. include/gssrpc/auth.h
  36. include/gssrpc/auth_gss.h
  37. include/gssrpc/auth_gssapi.h
  38. include/gssrpc/auth_unix.h
  39. include/gssrpc/clnt.h
  40. include/gssrpc/netdb.h
  41. include/gssrpc/pmap_clnt.h
  42. include/gssrpc/pmap_prot.h
  43. include/gssrpc/pmap_rmt.h
  44. include/gssrpc/rename.h
  45. include/gssrpc/rpc.h
  46. include/gssrpc/rpc_msg.h
  47. include/gssrpc/svc.h
  48. include/gssrpc/svc_auth.h
  49. include/gssrpc/types.h
  50. include/gssrpc/xdr.h
  51. include/krad.h
  52. include/krb5.h
  53. include/krb5/ccselect_plugin.h
  54. include/krb5/clpreauth_plugin.h
  55. include/krb5/hostrealm_plugin.h
  56. include/krb5/kadm5_hook_plugin.h
  57. include/krb5/kdcpolicy_plugin.h
  58. include/krb5/kdcpreauth_plugin.h
  59. include/krb5/localauth_plugin.h
  60. include/krb5/krb5.h
  61. include/krb5/locate_plugin.h
  62. include/krb5/plugin.h
  63. include/krb5/pwqual_plugin.h
  64. include/kadm5/admin.h
  65. include/kadm5/chpass_util_strings.h
  66. include/krb5/kadm5_auth_plugin.h
  67. include/kadm5/kadm_err.h
  68. include/kdb.h
  69. include/krb5/certauth_plugin.h
  70. include/krb5/preauth_plugin.h
  71. include/profile.h
  72. include/verto-module.h
  73. include/verto.h
  74. lib/libcom_err.so
  75. lib/libcom_err.so.3
  76. lib/libcom_err.so.3.0
  77. lib/libgssapi_krb5.so
  78. lib/libgssapi_krb5.so.2
  79. lib/libgssapi_krb5.so.2.2
  80. lib/libgssrpc.so
  81. lib/libgssrpc.so.4
  82. lib/libgssrpc.so.4.2
  83. lib/libk5crypto.so
  84. lib/libk5crypto.so.3
  85. lib/libk5crypto.so.3.1
  86. lib/libkadm5clnt.so
  87. lib/libkadm5clnt_mit.so
  88. lib/libkadm5clnt_mit.so.12
  89. lib/libkadm5clnt_mit.so.12.0
  90. lib/libkadm5srv.so
  91. lib/libkadm5srv_mit.so
  92. lib/libkadm5srv_mit.so.12
  93. lib/libkadm5srv_mit.so.12.0
  94. lib/libkdb5.so
  95. lib/libkdb5.so.10
  96. lib/libkdb5.so.10.0
  97. lib/libkrb5.so
  98. lib/libkrb5.so.3
  99. lib/libkrb5.so.3.3
  100. lib/libkrb5support.so
  101. lib/libkrb5support.so.0
  102. lib/libkrb5support.so.0.1
  103. lib/krb5/plugins/kdb/db2.so
  104. @comment lib/krb5/plugins/kdb/klmdb.so
  105. lib/krb5/plugins/tls/k5tls.so
  106. @comment lib/krb5/plugins/kdb/kldap.so
  107. lib/krb5/plugins/preauth/otp.so
  108. lib/krb5/plugins/preauth/pkinit.so
  109. lib/krb5/plugins/preauth/spake.so
  110. lib/krb5/plugins/preauth/test.so
  111. @comment lib/libkdb_ldap.so
  112. @comment lib/libkdb_ldap.so.1
  113. @comment lib/libkdb_ldap.so.1.0
  114. lib/libkrad.so
  115. lib/libkrad.so.0
  116. lib/libkrad.so.0.0
  117. lib/libverto.so
  118. lib/libverto.so.0
  119. lib/libverto.so.0.0
  120. libdata/pkgconfig/gssrpc.pc
  121. libdata/pkgconfig/kadm-client.pc
  122. libdata/pkgconfig/kadm-server.pc
  123. libdata/pkgconfig/kdb.pc
  124. libdata/pkgconfig/krb5-gssapi.pc
  125. libdata/pkgconfig/krb5.pc
  126. libdata/pkgconfig/mit-krb5-gssapi.pc
  127. libdata/pkgconfig/mit-krb5.pc
  128. man/man1/compile_et.1.gz
  129. man/man1/k5srvutil.1.gz
  130. man/man1/kadmin.1.gz
  131. man/man1/kdestroy.1.gz
  132. man/man1/kinit.1.gz
  133. man/man1/klist.1.gz
  134. man/man1/kpasswd.1.gz
  135. man/man1/krb5-config.1.gz
  136. man/man1/ksu.1.gz
  137. man/man1/kswitch.1.gz
  138. man/man1/ktutil.1.gz
  139. man/man1/kvno.1.gz
  140. man/man1/sclient.1.gz
  141. man/man5/.k5identity.5.gz
  142. man/man5/.k5login.5.gz
  143. man/man5/k5identity.5.gz
  144. man/man5/k5login.5.gz
  145. man/man5/kadm5.acl.5.gz
  146. man/man5/kdc.conf.5.gz
  147. man/man5/krb5.conf.5.gz
  148. man/man7/kerberos.7.gz
  149. man/man8/kadmin.local.8.gz
  150. man/man8/kadmind.8.gz
  151. man/man8/kdb5_ldap_util.8.gz
  152. man/man8/kdb5_util.8.gz
  153. man/man8/kprop.8.gz
  154. man/man8/kpropd.8.gz
  155. man/man8/kproplog.8.gz
  156. man/man8/krb5kdc.8.gz
  157. man/man8/sserver.8.gz
  158. sbin/gss-server
  159. sbin/kadmin.local
  160. sbin/kadmind
  161. @comment sbin/kdb5_ldap_util
  162. sbin/kdc
  163. sbin/kdb5_util
  164. sbin/kprop
  165. sbin/kpropd
  166. sbin/kproplog
  167. sbin/krb5-send-pr
  168. sbin/krb5kdc
  169. sbin/sim_server
  170. sbin/sserver
  171. sbin/uuserver
  172. share/et/et_c.awk
  173. share/et/et_h.awk
  174. share/locale/de/LC_MESSAGES/mit-krb5.mo
  175. share/locale/en_US/LC_MESSAGES/mit-krb5.mo
  176. share/locale/ka/LC_MESSAGES/mit-krb5.mo
  177. @comment share/krb5/kerberos.schema
  178. @comment share/krb5/kerberos.ldif
  179. @dir lib/krb5/plugins/authdata
  180. @dir lib/krb5/plugins/libkrb5
  181. @dir /usr/local/var/run/krb5kdc
  182. @dir /usr/local/var/krb5kdc
  183. @owner
  184. @group
  185. @mode
Collapse this list.
Dependency lines:
  • krb5-121>0:security/krb5-121
Conflicts:
CONFLICTS:
  • heimdal
  • krb5
  • krb5-11*
  • krb5-120
CONFLICTS_BUILD:
  • boringssl
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port:
cd /usr/ports/security/krb5-121/ && make install clean
To add the package, run one of these commands:
  • pkg install security/krb5-121
  • pkg install krb5-121
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: krb5-121
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1692194668 SHA256 (krb5-1.21.2.tar.gz) = 9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491 SIZE (krb5-1.21.2.tar.gz) = 8622513
Packages (timestamps in pop-ups are UTC):
krb5-121
ABIlatestquarterly
FreeBSD:12:aarch64-1.21.2
FreeBSD:12:amd641.21.21.21.2
FreeBSD:12:armv6--
FreeBSD:12:armv7--
FreeBSD:12:i3861.21.21.21.2
FreeBSD:12:mips--
FreeBSD:12:mips64--
FreeBSD:12:powerpc64--
FreeBSD:13:aarch641.21.21.21.2
FreeBSD:13:amd641.21.21.21.2
FreeBSD:13:armv6-1.21.2
FreeBSD:13:armv71.21.21.21.2
FreeBSD:13:i3861.21.21.21.2
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc64-1.21.2
FreeBSD:13:riscv64--
FreeBSD:14:aarch641.21.21.21.2
FreeBSD:14:amd641.21.21.21.2
FreeBSD:14:armv6--
FreeBSD:14:armv71.21.21.21.2
FreeBSD:14:i3861.21.21.21.2
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc641.211.21
FreeBSD:14:riscv64--
FreeBSD:15:amd641.21.2-
FreeBSD:15:armv6--
FreeBSD:15:armv71.21.2-
FreeBSD:15:i3861.21.2-
FreeBSD:15:mips64--
FreeBSD:15:powerpc641.21.2-
FreeBSD:15:riscv64--
 
Slave ports:
  1. security/krb5
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.3 : devel/gmake
  2. gettext-runtime>=0.22_1 : devel/gettext-runtime
  3. libtool : devel/libtool
  4. pkgconf>=1.3.0_1 : devel/pkgconf
  5. msgfmt : devel/gettext-tools
  6. autoconf>=2.71 : devel/autoconf
  7. automake>=1.16.5 : devel/automake
  8. perl5>=5.36<5.37 : lang/perl5.36
Library dependencies:
  1. libintl.so : devel/gettext-runtime
  2. libreadline.so.8 : devel/readline
There are no ports dependent upon this port
Configuration Options:
===> The following configuration options are available for krb5-121-1.21.2: DNS_FOR_REALM=off: Enable DNS lookups for Kerberos realm names EXAMPLES=on: Build and/or install examples KRB5_HTML=on: Install krb5 HTML documentation KRB5_PDF=on: Install krb5 PDF documentation LDAP=off: LDAP protocol support LMDB=off: OpenLDAP Lightning Memory-Mapped Database support NLS=on: Native Language Support ====> Command line editing for kadmin and ktutil: you can only select none or one of them READLINE=on: Command line editing via libreadline LIBEDIT=off: Command line editing via libedit LIBEDIT_BASE=off: Use libedit in FreeBSD base ===> Use 'make config' to modify these settings
Options name:
security_krb5-121
USES:
autoreconf compiler:c++11-lang cpe gmake gettext-runtime gssapi:bootstrap,mit libtool:build localbase perl5 pkgconfig ssl gettext readline
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. http://web.mit.edu/kerberos/dist/krb5/1.21/
Collapse this list.

Number of commits found: 7

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
1.21.2
28 Nov 2023 23:49:24
commit hash: 743dbb8f6fce110d31bff7ccf2652396cb53868acommit hash: 743dbb8f6fce110d31bff7ccf2652396cb53868acommit hash: 743dbb8f6fce110d31bff7ccf2652396cb53868acommit hash: 743dbb8f6fce110d31bff7ccf2652396cb53868a files touched by this commit		 Cy Schubert (cy) search for other commits by this committer 
security/krb5*: Allow the user to specify state directory locations

localstatedir and runstatedir are set to ${PREFIX}/var and
${PREFIX}/var/run respectively. Users who wish to put their KDC
DB elsewhere can set the following in make.conf:
	KRB5_LOCALSTATEDIR=/va
	KRB5_RUNSTATEDIR=/var/run.

Unfortunately defaulting to /var instead of the current default would
result in MIT KDC not finding its KDC DB files. This would be disruptive
to all MIT KDC users. But new users of MIT KRB5 KDC can set the pathname
above as desired.

PR:	267560
1.21.2
16 Aug 2023 14:11:13
commit hash: 8522ddedb83d4815964c9d2b4121980b187f4c53commit hash: 8522ddedb83d4815964c9d2b4121980b187f4c53commit hash: 8522ddedb83d4815964c9d2b4121980b187f4c53commit hash: 8522ddedb83d4815964c9d2b4121980b187f4c53 files touched by this commit		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Update to 1.21.2

Major changes in 1.21.2 (2023-08-14)
====================================

This is a bug fix release.

* Fix double-free in KDC TGS processing [CVE-2023-39975].

MFH:	2023Q3
1.21.1_1
14 Aug 2023 14:45:52
commit hash: 73ac8e036934587e606aefad711b19ab9431fe83commit hash: 73ac8e036934587e606aefad711b19ab9431fe83commit hash: 73ac8e036934587e606aefad711b19ab9431fe83commit hash: 73ac8e036934587e606aefad711b19ab9431fe83 files touched by this commit		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Fix double-free in KDC TGS processing

Upstream's commit log message:

    When issuing a ticket for a TGS renew or validate request, copy only
    the server field from the outer part of the header ticket to the new
    ticket.  Copying the whole structure causes the enc_part pointer to be
    aliased to the header ticket until krb5_encrypt_tkt_part() is called,
    resulting in a double-free if handle_authdata() fails.

    [ghudson@mit.edu: changed the fix to avoid aliasing enc_part rather
    than check for aliasing before freeing; rewrote commit message]

    CVE-2023-39975:

    In MIT krb5 release 1.21, an authenticated attacker can cause a KDC to
    free the same pointer twice if it can induce a failure in
    authorization data handling.

    ticket: 9101 (new)
    tags: pullup
    target_version: 1.21-next

Obtained from:	Upstream git commit 88a1701b4
MFH:		2023Q3
1.21.1
09 Aug 2023 23:43:03
commit hash: e89f84156a8fcb2f81c1f962845f4456b2f62f63commit hash: e89f84156a8fcb2f81c1f962845f4456b2f62f63commit hash: e89f84156a8fcb2f81c1f962845f4456b2f62f63commit hash: e89f84156a8fcb2f81c1f962845f4456b2f62f63 files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5: Support libedit in base

Even though libedit is in base FreeBSD, the krb5 ports still depend
on devel/libedit when the LIBEDIT option is selected. This is because
./configure uses pkgconf to determine if libedit exists, ignoring
libedit in FreeBSD base. This patch adds a new LIBEDIT_BASE option
which enables LIBEDIT (LIBEDIT_BASE) without installing the
devel/libedit port.

The GNU READLINE option will remain the default for now but it is
planned to switch the default to LIBEDIT_BASE at some point. This is
to reduce the dependency on GNU software and to bring it more into
line with the planned MIT KRB5 import into FreeBSD base.
1.21.1
09 Aug 2023 23:24:40
commit hash: 0b58b7b475e3100adfb3b532f2dfb9505e79bf83commit hash: 0b58b7b475e3100adfb3b532f2dfb9505e79bf83commit hash: 0b58b7b475e3100adfb3b532f2dfb9505e79bf83commit hash: 0b58b7b475e3100adfb3b532f2dfb9505e79bf83 files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5*: Disable NLS when option is deselected

When the NLS option is deselected, ./configure reverts to
enable_nls=check. As some prerequisites do require NLS, NLS is
always enabled even when deslected. This ensures that when NLS
is not wanted, that it is not used, regardless of its install status.
1.21.1
11 Jul 2023 09:11:39
commit hash: 200dd94d25137db6e1f06948c1894244b073465ccommit hash: 200dd94d25137db6e1f06948c1894244b073465ccommit hash: 200dd94d25137db6e1f06948c1894244b073465ccommit hash: 200dd94d25137db6e1f06948c1894244b073465c files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Update to 1.21.1

MFH:		2023Q3
1.21
06 Jun 2023 18:35:40
commit hash: 49e70b32f3d1610c7a398e8f82343935362d6466commit hash: 49e70b32f3d1610c7a398e8f82343935362d6466commit hash: 49e70b32f3d1610c7a398e8f82343935362d6466commit hash: 49e70b32f3d1610c7a398e8f82343935362d6466 files touched by this commit This port version is marked as vulnerable.		 Cy Schubert (cy) search for other commits by this committer 
security/krb5-121: Welcome new krb5 1.21

Welcome the new krb5-121 (1.21) from MIT.

krb5-119 is now deprecated and scheduled for removal a year from
now.

Number of commits found: 7
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
electron25Dec 01
electron26Dec 01
chromiumNov 29
ungoogled-chromiumNov 29
mariadb1011-serverNov 26
mariadb105-serverNov 26
mariadb106-serverNov 26
strongswanNov 24
electron25Nov 22
electron26Nov 22
chromiumNov 16
electron25Nov 16
electron26Nov 16
qt5-webengineNov 16
ungoogled-chromiumNov 16

6 vulnerabilities affecting 74 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2023-12-01 05:24:37 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 31917
Broken 67
Deprecated 298
Ignore 233
Forbidden 1
Restricted 2
No CDROM 1
Vulnerable 53
Expired 72
Set to expire 272
Interactive 0
new 24 hours 1
new 48 hours2
new 7 days19
new fortnight45
new month155
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2023 Dan Langille. All rights reserved.