1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00
Commit Graph

91 Commits

Author SHA1 Message Date
Cy Schubert
cc39dd6cdd Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilities
in KDC and libraries

Heads-up by:	nectar
2004-09-01 19:55:26 +00:00
Cy Schubert
e832541095 Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.
Heads-up by:	nectar
2004-09-01 15:01:20 +00:00
Cy Schubert
80b9496636 Update KRB5 1.3.3 --> 1.3.4 2004-06-11 23:08:57 +00:00
Cy Schubert
632f3977c2 Updated patch for MITKRB5-SA-2004-001: krb5_aname_to_localname buffer overrun.
Obtained from:	Tom Yu <tlyu@mit.edu> on BUGTRAQ
2004-06-04 16:37:32 +00:00
Cy Schubert
fe903ca9af Fix MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname
Obtained from:	Tom Yu <tlyu@MIT.EDU> on kerberos-announce list
2004-06-02 19:08:34 +00:00
Cy Schubert
81ee312c5d Update 1.3.2 --> 1.3.3 2004-04-07 00:28:04 +00:00
Cy Schubert
3d675ef92a - Update MIT KRB5 1.3.1 --> 1.3.2. (As crypto-publish.org does not have
1.3.2 yet, when USE_KRB5_TARBALL=CRYPTO-PUBLISH is specified, 1.3.1
  will be installed.)

- Add SIZE to distinfo
2004-02-28 21:25:21 +00:00
Cy Schubert
b41c8531f6 Use ports infrastructure provided PERL5 variable to locate Perl
interpreter.
2004-02-21 04:39:05 +00:00
Cy Schubert
3ebae6c5ed Define unique LATEST_LINK.
Reported by:	kris
2004-02-07 04:14:39 +00:00
Joe Marcus Clarke
73f7c91b5d Bump PORTREVISION on all ports that depend on gettext to aid with upgrading.
(Part 1)
2004-02-04 05:10:27 +00:00
Cy Schubert
b134e90243 Change to src/include/netdb.h 1.31 caused a compile error. This
commit fixes that error.

Reported by:	bento
2004-01-25 22:08:27 +00:00
Cy Schubert
d00d6645f8 Fix crypto-publish extract. 2003-11-23 21:48:54 +00:00
Cy Schubert
1026b3b0a6 Add missing slash (/) to the end of MIT MASTER_SITE. 2003-11-10 23:30:32 +00:00
Cy Schubert
4ffc06ad33 MIT has removed the web form, downloads of MIT KRB5 can be automated.
Unfortunately MIT and crypto-publish.org distribute two distinctly
different tarballs and the user must select the source/format they
wish to fetch. MIT now becomes the default.
2003-11-10 23:22:16 +00:00
Cy Schubert
df1d57b040 1. Fix pkg-plist.
2. Fix build on -STABLE.

PR:		57128
2003-11-08 23:08:25 +00:00
Kris Kennaway
09b69954f2 Mark BROKEN (see bento logs). These ports are scheduled for removal
after Feb 2 2004 if they are still broken at that time and no fixes
have been submitted by PR.
2003-11-03 03:56:42 +00:00
Kris Kennaway
79662b45a9 BROKEN: Broken pkg-plist 2003-10-28 02:42:41 +00:00
Cy Schubert
e456daf340 The `man2html' script that krb5 uses is written in Perl.
Noticed by:	wollman
Approved by:	marcus (wearing his portsmgr hat)
2003-09-13 02:32:33 +00:00
Cy Schubert
7fe3cad7e9 Crypto-publish.org is now distributing krb5-1.3.1. 2003-09-10 00:03:09 +00:00
Cy Schubert
615d60baa1 Patch to fix compiles under -STABLE (RELENG_4).
PR:		56169
Submitted by:	Sergey Matveychuk <sem@ciam.ru>
2003-09-10 00:00:42 +00:00
Cy Schubert
974a6f062a Update 1.3 --> 1.3.1 2003-08-08 23:35:18 +00:00
Cy Schubert
dc590a57d4 Update 1.2.8 --> 1.3 2003-08-08 01:20:18 +00:00
Cy Schubert
c5dd5e6d13 Put SONAME entries into shared libraries.
Submitted by:	wollman
2003-05-07 21:43:40 +00:00
Cy Schubert
c9f96b0249 Change default for V4 compatibility to reflect best practices
for new installations.

Submitted by:	wollman
2003-05-07 04:13:08 +00:00
Cy Schubert
e67cccab8f Default is to fetch from crypto-publish.org. USA_RESIDENT replaced
by USE_MIT_TARBALL. Users can still fetch manually from MIT by
setting USE_MIT_TARBALL=YES.

Suggested by:	wollman
2003-05-07 04:09:39 +00:00
Cy Schubert
b19f46658c Update 1.2.7 --> 1.2.8. 2003-05-07 03:47:49 +00:00
Cy Schubert
af7a454fd3 Patches from:
- MITKRB5-SA-2003-005:
       Buffer overrun and underrun in principal name handling

  - MITKRB5-SA-2003-004:
       Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
       compromise possible.

  - MITKRB5-SA-2003-003:
       Faulty length checks in xdrmem_getbytes may allow kadmind DoS.

  - Additional patches from RedHat.

Approved by:	kris (wearing his portmgr hat)
Obtained from:	MIT Website and Nalin Dahyabhai <nalin@redhat.com>
2003-03-21 00:54:06 +00:00
Ade Lovett
7e52725f2a Clear moonlight beckons.
Requiem mors pacem pkg-comment,
And be calm ports tree.

E Nomini Patri, E Fili, E Spiritu Sancti.
2003-03-07 06:14:21 +00:00
Norikatsu Shigemura
4f56b2baa0 Remove RESTRICTED tag for crypto stuff.
Approved by:	kris (implicitly)
2003-02-22 16:12:23 +00:00
Cy Schubert
e781a319dc Update 1.2.6 --> 1.2.7
Note:	Since crypto-publish.org does not yet have krb5-1.2.7 up on their
	website, fetch from their site has been temporarily disabled.
2002-11-16 00:02:13 +00:00
Mario Sergio Fujikawa Ferreira
f0a1969d34 o Rollback PORTCOMMENT modifications while this feature's implementation
is better studied
o Turn PORTCOMMENT variable in Makefile back into pkg-comment files

Approved by:	kris (portmgr hat),
		portmgr, re (silence)
2002-11-10 16:48:51 +00:00
Cy Schubert
bf8abaf92f Use PORTCOMMENT. 2002-11-07 05:46:03 +00:00
Cy Schubert
8117446b64 Fix pkg-plist when KRB5_KRB4_COMPAT=NO is specified.
Submitted by:	Craig Boston <craig@olyun.gank.org>
2002-10-28 18:28:38 +00:00
Cy Schubert
e413d8b70b Circumvent the use of bison, use FreeBSD yacc instead.
PR:		44446
2002-10-25 15:03:55 +00:00
Cy Schubert
cf7aca2a64 Fix buffer overflow in kadmind4 (remote user can gain root access to
KDC host).

Obtained from:	Tom Yu <tlyu@mit.edu> on kerberos-announce mailing list,
		MIT krb5 Security Advisory 2002-002
2002-10-23 22:30:39 +00:00
Cy Schubert
456c93a6b2 Crypto-publish.org has finally put krb5-1.2.6 up on their site. The
patch reimplements code to fetch MIT Kerberos from their site when
USA_RESIDENT=NO.

Approved by:	kris
2002-09-25 17:50:00 +00:00
Cy Schubert
495424cc3f Update 1.2.5 --> 1.2.6
Note:	Since crypto-publish.org does not yet have krb5-1.2.6 up on their
	website, fetch from their site has been temporarily disabled.
2002-09-13 13:46:48 +00:00
Cy Schubert
9c4b099138 Fix extract for non-root users.
Noticed by:	nectar
Pointy hat to:	cy
2002-08-17 00:29:41 +00:00
Jacques Vidrine
20b7146972 Correct Sun RPC buffer overflow.
<URL:http://online.securityfocus.com/archive/1/285308>
<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>
2002-08-02 18:22:45 +00:00
Cy Schubert
16a3968791 README.FreeBSD fix.
PR:		39936
Submitted by:	Matthew West <mwest@uct.ac.za>
2002-07-01 06:20:38 +00:00
Cy Schubert
60b5569db4 Fix problem with V4 keys. We should get KRB5_KDB_NO_MATCHING_KEY, not
ENOENT.  Obtained from /cvs/krbdev/krb5/src/kdc/kdc_preauth.c,v rev 5.31
in MIT KRB5 tree (fix etype info; wrong termination condition used in
get_etype_info).

Obtained from:	Sam Hartman <hartmans@mit.edu>
2002-06-26 04:49:07 +00:00
Cy Schubert
4b3b7f15da I add missing krb5-config. 2002-06-16 12:44:06 +00:00
Cy Schubert
d845a8a153 Now that www.crypto-publish.org has put the latest version of MIT KRB5
up on their website again, reimplementation of the Makefile patch that
fetched the the tarball from their site for users outside of the US
(originally in Makefile rev 1.29).  USA_RESIDENT=YES still supports
manual fetching from web.mit.edu.
2002-05-03 02:20:17 +00:00
Cy Schubert
f377a101ed Upgrade 1.2.4 --> 1.2.5 2002-05-02 14:30:24 +00:00
Cy Schubert
341484d039 www.crypto-publish.org does not have krb5-1.2.4.{tar,tar.Z,tar.gz,tar.bz2}.
Reported by:	bento
2002-03-29 13:23:08 +00:00
Cy Schubert
a50d121378 MIT currently distributes their KRB5 distribution in a tarball (.tar)
that contains the distribution itself, in a tar.gz file, and a signature
certificate, contained in a detached .tar.gz.asc file.  Prior to this
patch, users installing MIT KRB5 had to extract the tarball into
/usr/ports/distfiles, then proceed with the installation.  This caused
confusion among those installing the port.  This patch addresses the
problem by extracting the .tar.gz file from the tarball, then unpacking
the .tar.gz file before continuing with the build.
2002-03-18 22:52:43 +00:00
Cy Schubert
4aa8bcaf49 Update 1.2.3 --> 1.2.4 2002-03-01 13:23:47 +00:00
Cy Schubert
c0f94d44f3 Update 1.2.2 -> 1.2.3 2002-01-16 03:17:24 +00:00
Cy Schubert
6108625cb9 In order to make the MIT KRB5 port compatible with FreeBSD, the port
now makes use of login.conf and login.access.  This is performed by
using FreeBSD login(1) instead of MIT KRB5 login.krb5(8).

The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in
the klogind and telnetd arguments in inetd.conf.  This is documented
in a new file called README.FreeBSD.

Reviewed by:	nectar
2002-01-08 15:05:08 +00:00
Jacques Vidrine
dd4cf80985 = Modify `ksu' so that it uses the login cap database. Michael Allman
<msa@dinosauricon.com> provided the original patches.

= For users outside of the US, point to www.crypto-publish.org for the
  distfiles.  It was Chris Knight <chris@aims.com.au>'s idea.

Submitted by:	Cy.Schubert@uumail.gov.bc.ca (MAINTAINER)
PR:		ports/29865
2001-09-07 19:53:09 +00:00