non port: security/krb5/Makefile |
Number of commits found: 205 (showing only 100 on this page) |
Tuesday, 13 Feb 2024
|
18:47 Cy Schubert (cy)
security/krb5*: Flavorize with default and ldap flavors
This provides a binary package to users who require MIT KRB5 with LDAP
support. This patch does not change the current, now default, package
name.
PR: 277015
9926898 |
Tuesday, 6 Jun 2023
|
18:35 Cy Schubert (cy)
security/krb5: krb5-121 is now default
krb5-121 is the default krb5 package. While at it remove krb5-119
from the "supported" list.
7228a09 |
Friday, 27 May 2022
|
13:45 Cy Schubert (cy)
security/krb5-120: Welcome new krb5 1.20
Welcome the new krb5-120 (1.20) from MIT.
krb5-118 is now deprecated and scheduled for removal a year from
now.
d33c01d |
13:45 Cy Schubert (cy)
security/krb5: Remove expirred krb5 version
This makefile was not updated when krb5-117 was removed.
Fixes: e2dd87ef868d82a7b51410eedd638c76340c88fa
94d5d2c |
Friday, 16 Apr 2021
|
17:06 Fernando Apesteguía (fernape)
security/sssd: Fix package with SMB=on
While here, add comment in security/krb5 to remember the obscure dependency in
security/sssd so it does not break again.
PR: 244778
Reported by: tommyhp2@gmail.com
Tested by: tommyhp2@gmail.com
MFH: 2021Q2 (build fix)
11964e7 |
Wednesday, 7 Apr 2021
|
08:09 Mathieu Arnold (mat)
One more small cleanup, forgotten yesterday.
Reported by: lwhsu
cf118cc |
Tuesday, 6 Apr 2021
|
14:31 Mathieu Arnold (mat)
Remove # $FreeBSD$ from Makefiles.
305f148 |
Sunday, 7 Mar 2021
|
11:00 rene
security/krb5: Remove option for non-existant krb5-116
|
Tuesday, 2 Feb 2021
|
05:01 cy
Welcome the new KRB5 1.19 (krb5-119)
In addition, deprecate krb5-117 to retire one year after the release
of krb5-119: Feb 1, 2022.
krb5-119 becomes the default krb5 port.
|
Wednesday, 19 Feb 2020
|
02:42 cy
Welcome the new KRB5 1.18 (krb5-118)
In addition, deprecate krb5-116 to retire one year after the release
of krb5-118: Feb 12, 2021.
Major changes in 1.18 (2020-02-12)
==================================
Administrator experience:
* Remove support for single-DES encryption types.
* Change the replay cache format to be more efficient and robust.
Replay cache filenames using the new format end with ".rcache2" by
default.
* setuid programs will automatically ignore environment variables that
normally affect krb5 API functions, even if the caller does not use
krb5_init_secure_context().
* Add an "enforce_ok_as_delegate" krb5.conf relation to disable
credential forwarding during GSSAPI authentication unless the KDC
sets the ok-as-delegate bit in the service ticket.
* Use the permitted_enctypes krb5.conf setting as the default value
for default_tkt_enctypes and default_tgs_enctypes.
Developer experience:
* Implement krb5_cc_remove_cred() for all credential cache types.
* Add the krb5_pac_get_client_info() API to get the client account
name from a PAC.
Protocol evolution:
* Add KDC support for S4U2Self requests where the user is identified
by X.509 certificate. (Requires support for certificate lookup from
a third-party KDB module.)
* Remove support for an old ("draft 9") variant of PKINIT.
* Add support for Microsoft NegoEx. (Requires one or more third-party
GSS modules implementing NegoEx mechanisms.)
* Honor the transited-policy-checked ticket flag on application
servers, eliminating the requirement to configure capaths on
servers in some scenarios.
User experience:
* Add support for "dns_canonicalize_hostname=fallback""`, causing
host-based principal names to be tried first without DNS
canonicalization, and again with DNS canonicalization if the
un-canonicalized server is not found.
* Expand single-component hostnames in host-based principal names when
DNS canonicalization is not used, adding the system's first DNS
search path as a suffix. Add a "qualify_shortname" krb5.conf
relation to override this suffix or disable expansion.
Code quality:
* The libkrb5 serialization code (used to export and import krb5 GSS
security contexts) has been simplified and made type-safe.
* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
messages has been revised to conform to current coding practices.
* The test suite has been modified to work with macOS System Integrity
Protection enabled.
* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11
support can always be tested.
|
Friday, 31 Jan 2020
|
14:11 cy
krb5-115 is now history.
|
Tuesday, 8 Jan 2019
|
20:29 cy
Welcome the new KRB5 1.17 (krb5-117).
Major changes in 1.17 (2019-01-08)
==================================
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* "kdb5_util dump" will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Changes to the FreeBSD krb5* ports include:
* CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in
consideration.
* The default krb5 port is now krb5-117.
* MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set
to expire Jan 31, 2020.
|
Monday, 31 Dec 2018
|
20:26 cy
Now that krb5-114 is gone, remove the option too.
|
Monday, 26 Feb 2018
|
20:16 cy
Make krb5-116 default.
|
Wednesday, 6 Dec 2017
|
04:18 cy
Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.
Major changes in 1.16 (2017-12-05)
==================================
Administrator experience:
* The KDC can match PKINIT client certificates against the
"pkinit_cert_match" string attribute on the client principal entry,
using the same syntax as the existing "pkinit_cert_match" profile
option.
* The ktutil addent command supports the "-k 0" option to ignore the
key version, and the "-s" option to use a non-default salt string.
* kpropd supports a --pid-file option to write a pid file at startup,
when it is run in standalone mode.
* The "encrypted_challenge_indicator" realm option can be used to
attach an authentication indicator to tickets obtained using FAST
encrypted challenge pre-authentication.
* Localization support can be disabled at build time with the
--disable-nls configure option.
Developer experience:
* The kdcpolicy pluggable interface allows modules control whether
tickets are issued by the KDC.
* The kadm5_auth pluggable interface allows modules to control whether
kadmind grants access to a kadmin request.
* The certauth pluggable interface allows modules to control which
PKINIT client certificates can authenticate to which client
principals.
* KDB modules can use the client and KDC interface IP addresses to
determine whether to allow an AS request.
* GSS applications can query the bit strength of a krb5 GSS context
using the GSS_C_SEC_CONTEXT_SASL_SSF OID with
gss_inquire_sec_context_by_oid().
* GSS applications can query the impersonator name of a krb5 GSS
credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with
gss_inquire_cred_by_oid().
* kdcpreauth modules can query the KDC for the canonicalized requested
client principal name, or match a principal name against the
requested client principal name with canonicalization.
Protocol evolution:
* The client library will continue to try pre-authentication
mechanisms after most failure conditions.
* The KDC will issue trivially renewable tickets (where the renewable
lifetime is equal to or less than the ticket lifetime) if requested
by the client, to be friendlier to scripts.
* The client library will use a random nonce for TGS requests instead
of the current system time.
* For the RC4 string-to-key or PAC operations, UTF-16 is supported
(previously only UCS-2 was supported).
* When matching PKINIT client certificates, UPN SANs will be matched
correctly as UPNs, with canonicalization.
User experience:
* Dates after the year 2038 are accepted (provided that the platform
time facilities support them), through the year 2106.
* Automatic credential cache selection based on the client realm will
take into account the fallback realm and the service hostname.
* Referral and alternate cross-realm TGTs will not be cached, avoiding
some scenarios where they can be added to the credential cache
multiple times.
* A German translation has been added.
|
Tuesday, 5 Dec 2017
|
08:01 cy
Follow up on r455423.
Pointy hat to: rene
|
Saturday, 4 Mar 2017
|
00:14 cy
Now that krb5 1.15.1 is GA, make krb5-115 default.
|
Saturday, 3 Dec 2016
|
05:26 cy
Remove expired krb5-112. It was mistakenly "re-added" by r427588.
|
00:54 cy
Welcome the new security/krb5-115 port. This port follows MIT's
KRB5 1.15 releases.
To support this new ports:
- The security/krb5 port includes an option to use this port instead
of krb5-114 as its base. krb5-114 will remain the default until the
next release of KRB5 1.15 (if it's stable of course).
- MIT by default deprecates KRB5 two versions back from the current
release. krb5-113 has been deprecated and will expire one year from
now.
|
Tuesday, 15 Dec 2015
|
05:02 cy
This is the second part of two commits, the first being r403749.
Adopt the same port structure as used by the cfengine family of ports:
security/krb5 is renamed to security/krb5-114.
A brand new security/krb5 now becomes a master port for the family of
security/krb5-* ports. The default installs krb5-1.14. There is no
functional change to the port build nor does the name of the latest krb5
port and package change. Users can continue to install security/krb5
to track the latest major version of security/krb5.
Users wishing to install a specific version branch of krb5 can continue
to install any of the security/krb5-* ports or by setting KRB5_VERSION
in make.conf make.conf or including the branch on the make command line
during build:
make KRB5_VERSIN=NNN
make -V VERSIONS lists available versions.
security/krb5-appl has been updated to support this change (also fixing
a typo in the krb5-appl/Makefile).
Inspired by: sysutils/cfengine
|
Saturday, 21 Nov 2015
|
08:47 cy
Introduce the new krb5 1.14:
- move (copy) krb5 (krb5 1.13.2) to krb5-113 (new, added)
- update krb5 1.13.2 --> 1.14
- update CONFLICTS in krb5, krb5-112 and krb5-113.
- update krb5-appl to allow optional dependency on krb5-113.
- update security/Makefile with copied krb5-113.
- deprecate and expire krb5-112 (krb5-1.12) on November 20, 2016, as it
will EOL twelve months after the release of krb5-1.14.
|
Wednesday, 21 Oct 2015
|
06:59 cy
Add sonames and minor versioned library names.
PR: 203882
|
Monday, 19 Oct 2015
|
07:29 cy
Bump PORTREVISION.
|
07:13 cy
Fix READLINE option.
Add support for libedit (LIBEDIT option).
Both command line editing options now supported by RADIO button.
|
Monday, 31 Aug 2015
|
13:01 cy
Remove configuration argument used during testing.
|
07:18 cy
Fix build under 11-CURRENT. r378417 introduced a libreadline link
workaround due to libtool not working with 11-CURRENT at the time.
The workaround now causes grief under 11-CURRENT and needs to be
removed.
PR: 202782
|
Saturday, 6 Jun 2015
|
20:27 cy
MIT KRB5 ports build unusable binaries due to incorrect linking
when build under poudriere. This commit fixes that.
|
Sunday, 10 May 2015
|
15:16 cy
Fix armv5 build.
PR: 200100
Submitted by: mikael.urankar@gmail.com
|
Saturday, 9 May 2015
|
13:12 cy
Update 1.13.1 --> 1.13.2
|
Monday, 20 Apr 2015
|
19:06 tijl
- Display a stage-qa warning when ports use PREFIX/var instead of /var
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
when CONFIGURE_ARGS already sets it. (GNU configure scripts set it to
PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
they aren't affected by this change (for now at least). This commit is
meant to ensure that new ports don't make the same mistake.
- games/acm: the configure script in this port is very old; instead of
patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
changed the behaviour of the configure script; adjust the port to this.
PR: 199506
Exp-run by: antoine
Approved by: portmgr (antoine)
|
Thursday, 5 Mar 2015
|
18:49 cy
dvertise CPE data for Kerberos.
PR: 197465
|
Friday, 20 Feb 2015
|
20:59 cy
Fix broken rpath.
Submitted by: hrs
|
Friday, 13 Feb 2015
|
01:27 cy
Update 1.13 --> 1.13.1, incorporates MITKRB5-SA-2015-001 (committed in
r378417).
|
Thursday, 12 Feb 2015
|
21:15 cy
Fix gcc5 build for DragonFly BSD.
PR: 197561
Submitted by: marino
|
Thursday, 5 Feb 2015
|
03:39 cy
Correct various packaging issues:
- Libraries are not installed stripped;
- pkgconfig files should be installed to libdata;
- Use of deprecated @dirrm[try]
PR: PR/197338
Submitted by: delphij
|
Wednesday, 4 Feb 2015
|
20:47 cy
Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
gss_process_context_token VU#540092
CVE-2014-5352: gss_process_context_token() incorrectly frees context
CVE-2014-9421: kadmind doubly frees partial deserialization results
CVE-2014-9422: kadmind incorrectly validates server principal name
CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
Security: VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security: MIT KRB5: VU#540092
Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
|
Sunday, 14 Dec 2014
|
11:44 antoine
- Remove support for EXTRACT_PRESERVE_OWNERSHIP
- Update a few comments related to extract
Differential Revision: https://reviews.freebsd.org/D1189
With hat: portmgr
|
Saturday, 18 Oct 2014
|
17:05 cy
Fix LATEST_LINK.
|
Thursday, 16 Oct 2014
|
19:44 cy
MIT Kerberos released 1.13; 1.12 becomes a maintenance release,
1.11 remains a maintenance release.
- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
(now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
security/krb5-111 (the old maintenance release still supported by MIT)
|
Wednesday, 13 Aug 2014
|
18:32 cy
Update 1.12.1 --> 1.12.2.
Add readline non-default option.
|
Thursday, 24 Jul 2014
|
18:34 tijl
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD
databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip
databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample
databases/libgdamm:
- Drop :keepla
- USES=tar:bzip2
- Use INSTALL_TARGET=install-strip
databases/libgdamm5:
- Add INSTALL_TARGET=install-strip
- Drop --enable-static (inherited from old repocopy)
devel/anjuta x11-toolkits/py-gnome-extras:
- Drop :keepla
dns/powerdns dns/powerdns-devel:
- Convert to USES=libtool
- Add INSTALL_TARGET=install-strip
- Disable static modules
- Stop creating library symlinks with .0 suffix, not needed for dynamically
opened modules
mail/dovecot2:
- Add USES=libtool
mail/dovecot2-pigeonhole:
- Drop CONFIGURE_TARGET (incorrect for Dragonfly)
- Add USES=libtool and INSTALL_TARGET=install-strip
math/gnumeric:
- USES=libtool tar:xz
Approved by: portmgr (implicit, bump unstaged ports)
|
Tuesday, 27 May 2014
|
19:59 cy
Fix build when KRB5_HOME != LOCALBASE.
Submitted by: hrs
|
Thursday, 24 Apr 2014
|
03:53 cy
Finely tune KRB5_HOME test when using LIB_DEPENDS. in the case when
KRB5_HOME is set to LOCALBASE.
|
Wednesday, 23 Apr 2014
|
02:55 cy
Remove extraneious MAN assignments.
|
Monday, 21 Apr 2014
|
15:55 brd
- Add a startup script for kpropd
PR: 183502
Submitted by: brd@
Approved by: bdrewery@
|
Saturday, 19 Apr 2014
|
03:45 cy
Fix new patch.
Point hat to: self
|
Friday, 18 Apr 2014
|
02:21 cy
KRB5_HOME no longer works with LIB_DEPENDS. Mark broken when set.
|
Thursday, 17 Apr 2014
|
20:06 cy
1. Fix build when using clang 3.4.
2. RTM_OLDADD and RTM_OLDDEL were removed from -stable. Thanks alfred@ for
this patch.
3. Stagify.
Submitted by: alfred (#2)
|
Thursday, 16 Jan 2014
|
13:49 cy
Update 1.12 --> 1.12.1
|
Thursday, 12 Dec 2013
|
05:19 cy
Update krb5 to 1.12. Security/krb5 tracks MIT KRB5 current release.
Adjust the newly created krb5-maint with a new portname and conflicts.
Krb5-maint is a maintenance release for those who wish to use the previous
release of krb5. krb5-maint remains at 1.11.3.
Adjust CONFLICTS in security/heimdal and security/srp to account for the
newly repocopied krb5-maint.
Adjust security/Makefile to include krb5-maint.
|
Wednesday, 11 Dec 2013
|
20:50 cy
pkg-plist fixup.
|
03:45 cy
Add LDAP support.
PR: 184557
Submitted by: Erick Turnquist <jhujhiti@adjectivism.org>
|
Friday, 20 Sep 2013
|
22:55 bapt
Add NO_STAGE all over the place in preparation for the staging support (cat:
security)
|
Monday, 16 Sep 2013
|
16:58 bapt
Convert to new perl framework
Convert USE_GMAKE to USES=gmake
|
Friday, 21 Jun 2013
|
16:40 antoine
Add an empty directory created by the port to pkg-plist
Approved by: portmgr (miwi)
|
Tuesday, 4 Jun 2013
|
04:45 cy
Update krb5 1.11.2 --> 1.11.3.
This is a bugfix release.
* Fix a UDP ping-pong vulnerability in the kpasswd (password changing)
service. [CVE-2002-2443]
* Improve interoperability with some Windows native PKINIT clients.
Security: CVE-2002-2443
|
Wednesday, 24 Apr 2013
|
18:10 ak
- Convert USE_GETTEXT to USES (part 3)
Approved by: portmgr (bapt)
|
Wednesday, 17 Apr 2013
|
00:41 cy
Update 1.11.1 --> 1.11.2
Major changes in 1.11.2 (2013-04-12)
====================================
This is a bugfix release.
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump that
failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
Feature safe: yes
|
Friday, 29 Mar 2013
|
19:33 cs
- Remove A/An in COMMENT
- Trim Header where applicable
|
Tuesday, 5 Mar 2013
|
16:10 cy
Reset ulog if database load failed.
Avoids a slave reporting it is current when a full resync fails.
Obtained
from: https://github.com/rbasch/krb5/commit/2ef5ae0607d1c317a936e439b4be7a6f5184dc
|
Friday, 22 Feb 2013
|
20:03 cy
Update 1.11 --> 1.11.1.
Security: Fix a null pointer dereference in the KDC PKINIT code [CVE-2013-1415].
|
Thursday, 24 Jan 2013
|
14:15 cy
Fix verto.h missing build error on some systems.
The following contributed by mandree@:
- Header standardization.
- Make use of OptionsNG.
- Make portlint happy.
|
Tuesday, 22 Jan 2013
|
04:03 cy
Update 1.10.3 --> 1.11
|
Sunday, 4 Nov 2012
|
02:10 cy
Fix plist.
Feature safe: yes
|
Saturday, 3 Nov 2012
|
18:59 cy
Update krb5 1.9.2 --> 1.10.3
Feature safe: yes
|
Monday, 9 Jul 2012
|
19:20 cy
Fix build of security/krb5 with clang.
PR: 169740
Submitted by: Niclas Zeising <zeising@daemonic.se>
|
Friday, 1 Jun 2012
|
05:26 dinoex
- update png to 1.5.10
|
Friday, 6 Apr 2012
|
07:41 pav
- pointyhat kludge - tetex drags in port-OpenSSL on 7.X, but only as a build
dependency. Yet this triggers autodetection code in bsd.openssl.mk and
OpenSSL dependency is registered with the resulting package, creating a
discord between INDEX and actual package. Work around by explicitly recording
the dependency in a way that INDEX build will see.
OK'ed by: cy (maintainer)
Feature safe: yes
|
Wednesday, 14 Dec 2011
|
04:33 cy
PORTREVISION bump.
PR: 163272
Feature safe: yes
|
04:31 cy
Apply patch for MITKRB5-SA-2011-007, KDC null pointer dereference in TGS
handling.
PR: 163272
Submitted by: zi
Security: 6c7d9a35-2608-11e1-89b4-001ec9578670
Feature safe: yes
|
Wednesday, 16 Nov 2011
|
20:38 cy
Update 1.9.1 --> 1.9.2. This is a bugfix release.
Feature safe: yes
|
Tuesday, 6 Sep 2011
|
15:55 cy
Apply patch from MIT KRB5 GIT tree commit: 043533c2f13d2bc69316.
libgssrpc was ignorant of the remote address of the kadmin socket,
even when it's IPv4. This made old-style GSSAPI authentication fail
because it uses the wrong channel bindings. Fix this problem by making
clnttcp_create() get the remote address from the socket using getpeername()
if the caller doesn't provide it and it's an IPv4 address.
PR: 160500
Submitted by: Ben Kaduk <kaduk@mit.edu>
|
Thursday, 30 Jun 2011
|
04:03 cy
Update 1.9 --> 1.9.1.
PR: 158520
Submitted by: Ryan Steinmetz <rpsfa@rit.edu>
|
Thursday, 14 Apr 2011
|
00:39 cy
Apply patch for MITKRB5-SA-2011-004, kadmind invalid pointer free()
[CVE-2011-0285]
Security: MITKRB5-SA-2011-004, CVE-2011-0285
Feature safe: yes
|
Friday, 8 Apr 2011
|
21:03 cy
Bump PORTREVISION.
|
21:02 cy
Adjust krb5-config when $KRB5_HOME is specified. This will allow applications
linking aganst the MIT krb5 libraries to link using the correct ones.
|
Friday, 25 Mar 2011
|
00:19 cy
Apply patch for MITKRB5-SA-2011-003, KDC vulnerable to double-free when
PKINIT enabled.
Obtained from: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
Security: MITKRB5-SA-2011-003, CVE-2011-0284
Feature safe: yes
|
Friday, 11 Feb 2011
|
01:04 cy
Apply fixes for kpropd denial of service (MITKRB5-SA-2011-001) and KDC
denial of service (MITKRB5-SA-2011-002).
Security: MITKRB5-SA-2011-001 (CVE-2010-4022),
MITKRB5-SA-2011-002 (CVE-2011-0281)
|
Tuesday, 18 Jan 2011
|
15:06 cy
Remove the OpenSSL port requirement. The base OpenSSL will work too.
Feature safe: yes
|
Thursday, 23 Dec 2010
|
01:04 cy
Update from 1.8.3_2 to 1.9.
|
Saturday, 4 Dec 2010
|
07:34 ade
Sync to new bsd.autotools.mk
|
Thursday, 2 Dec 2010
|
02:09 cy
Fix security vulnerabilities CVE-2010-1324, CVE-2010-1323, CVE-2010-4020,
CVE-2010-4021, and CVE-2010-1322.
PR: 152755
Submitted by: wollman
Security: CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021,
and CVE-2010-1322.
Feature safe: Yes
|
Thursday, 4 Nov 2010
|
04:37 cy
Enable ksu DEBUG (-D) flag.
|
Thursday, 5 Aug 2010
|
22:37 cy
Update to 1.8.3.
PR: 149299
Submitted by: gwollman
|
Tuesday, 25 May 2010
|
05:14 cy
Apply patch for MIT KRB5 security vulnerability MITKRB5-SA-2010-005.
PR: 146939
Submitted by: wollman
Security: MIT krb5 Security Advisory 2010-005
|
Monday, 24 May 2010
|
00:01 pgollucci
- No longer broken on -current b/c of utmpx changes
PR: ports/146384
Submitted by: pgollucci@ (myself), others
Approved by: maintainer timeout (cy@, 16 days)
|
Monday, 26 Apr 2010
|
03:48 cy
Welcome the new krb5-1.8.1. Significant changes include the removal of
the MIT KRB5 applications (now in a separate tarball and port).
|
03:23 cy
MFkrb5-17.
|
Wednesday, 14 Apr 2010
|
20:21 pav
- Mark BROKEN: does not compile
Reported by: pointyhat
|
Sunday, 28 Mar 2010
|
06:47 dinoex
- update to 1.4.1
Reviewed by: exp8 run on pointyhat
Supported by: miwi
|
Wednesday, 17 Mar 2010
|
06:48 miwi
- Mark BROKEN: fails to build with new utmpx
Reported by: pointyhat
|
Friday, 5 Feb 2010
|
11:46 dinoex
- update to jpeg-8
|
Tuesday, 13 Oct 2009
|
21:37 cy
Remove commented out option from a bygone era.
|
Friday, 28 Aug 2009
|
20:02 cy
Remove redundant length check.
|
Sunday, 2 Aug 2009
|
19:36 mezz
-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.
It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.
With help: marcus and kwm
Pointyhat-exp: a few times by pav
Tested by: pgollucci, "Romain Tartière" <romain@blogreen.org>, and
a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by: marcus
Approved by: portmgr
|
Friday, 31 Jul 2009
|
13:57 dinoex
- bump all port that indirectly depends on libjpeg and have not yet been bumped
or updated
Requested by: edwin
|
Friday, 23 May 2008
|
21:01 cy
Convert missing WANT_KRB5_DOC pieces.
Add HTML documentation OPTION knob.
|
Wednesday, 14 May 2008
|
23:06 cy
Implement OPTIONS menu.
Implement options that will allow the user to:
- rename ftp and ftpd to kftp and kftpd
- rename telnet and telnetd to ktelnet and ktelnetd
- rename rlogin to krlogin
- rename rsh to krsh
- rename rcp to krcp
This avoids shadowing by or being shadowed by, depending on one's PATH,
system utilities of the same name.
|
Wednesday, 19 Mar 2008
|
19:26 cy
Fixes for multiple vulnerabilities.
Security: US-CERT Technical Cyber Security Alert TA08-079B --
MIT Kerberos Updates for Multiple Vulnerabilities
US-CERT Vulnerability Note VU#895609,
US-CERT Vulnerability Note VU#374121
MIT krb5 Security Advisory 2008-001
MIT krb5 Security Advisory 2008-002
|
Sunday, 6 Jan 2008
|
14:53 cy
Fix pkinit install brokenness under 5.5 and 6.2.
Approved by: portmgr (linimon)
|
Number of commits found: 205 (showing only 100 on this page) |