summaryrefslogtreecommitdiff
path: root/security/heimdal
diff options
context:
space:
mode:
authorasau <asau>2012-02-27 12:39:11 +0000
committerasau <asau>2012-02-27 12:39:11 +0000
commita57ec402d53b9dfb48c5d8b8decef303f8b0e4d6 (patch)
treea1cab82ab7dd7525c1b4222d6ff2124e6be1be5f /security/heimdal
parentb5c01d041c0773ca71a2822ba737d4747515185d (diff)
downloadpkgsrc-a57ec402d53b9dfb48c5d8b8decef303f8b0e4d6.tar.gz
Update to Heimdal 1.5.2
Release Notes - Heimdal - Version Heimdal 1.5.2 Security fixes - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege - Check that key types strictly match - denial of service Release Notes - Heimdal - Version Heimdal 1.5.1 Bug fixes - Fix building on Solaris, requires c99 - Fix building on Windows - Build system updates Release Notes - Heimdal - Version Heimdal 1.5 New features - Support GSS name extensions/attributes - SHA512 support - No Kerberos 4 support - Basic support for MIT Admin protocol (SECGSS flavor) in kadmind (extract keytab) - Replace editline with libedit
Diffstat (limited to 'security/heimdal')
-rw-r--r--security/heimdal/Makefile6
-rw-r--r--security/heimdal/PLIST37
-rw-r--r--security/heimdal/distinfo12
-rw-r--r--security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c19
-rw-r--r--security/heimdal/patches/patch-ar16
-rw-r--r--security/heimdal/patches/patch-lib_otp_Makefile.in25
6 files changed, 41 insertions, 74 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 79fdfc73fa4..01202f794e5 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.86 2012/02/15 22:39:54 asau Exp $
+# $NetBSD: Makefile,v 1.87 2012/02/27 12:39:11 asau Exp $
-DISTNAME= heimdal-1.4
-PKGREVISION= 3
+DISTNAME= heimdal-1.5.2
CATEGORIES= security
MASTER_SITES= http://www.h5l.org/dist/src/
@@ -88,5 +87,6 @@ pre-configure:
.include "../../devel/readline/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../mk/bdb.buildlink3.mk"
+.include "../../mk/curses.buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/security/heimdal/PLIST b/security/heimdal/PLIST
index ee11a431fde..11bc1ac87c4 100644
--- a/security/heimdal/PLIST
+++ b/security/heimdal/PLIST
@@ -1,10 +1,10 @@
-@comment $NetBSD: PLIST,v 1.20 2011/09/14 17:33:00 hans Exp $
+@comment $NetBSD: PLIST,v 1.21 2012/02/27 12:39:11 asau Exp $
bin/afslog
bin/compile_et
-bin/gss
+bin/gsstool
bin/hxtool
bin/idn-lookup
-bin/kauth
+bin/kcc
bin/kdestroy
bin/kf
bin/kftp
@@ -42,6 +42,7 @@ include/krb5/gssapi/gkrb5_err.h
include/krb5/gssapi/gssapi.h
include/krb5/gssapi/gssapi_krb5.h
include/krb5/gssapi/gssapi_ntlm.h
+include/krb5/gssapi/gssapi_oid.h
include/krb5/gssapi/gssapi_spnego.h
${PLIST.hcrypto}include/krb5/hcrypto/aes.h
${PLIST.hcrypto}include/krb5/hcrypto/bn.h
@@ -73,6 +74,7 @@ include/krb5/hdb_err.h
include/krb5/heim-ipc.h
include/krb5/heim_asn1.h
include/krb5/heim_err.h
+include/krb5/heimbase.h
include/krb5/heimntlm-protos.h
include/krb5/heimntlm.h
include/krb5/hex.h
@@ -93,6 +95,7 @@ include/krb5/krb5-private.h
include/krb5/krb5-protos.h
include/krb5/krb5-types.h
include/krb5/krb5.h
+include/krb5/krb5/ccache_plugin.h
include/krb5/krb5/locate_plugin.h
include/krb5/krb5/send_to_kdc_plugin.h
include/krb5/krb5/windc_plugin.h
@@ -100,6 +103,7 @@ include/krb5/krb5_asn1.h
include/krb5/krb5_ccapi.h
include/krb5/krb5_err.h
include/krb5/kx509_asn1.h
+include/krb5/ntlm_err.h
include/krb5/ocsp_asn1.h
include/krb5/otp.h
include/krb5/parse_bytes.h
@@ -127,6 +131,7 @@ lib/libcom_err.la
lib/libgssapi.la
${PLIST.hcrypto}lib/libhcrypto.la
lib/libhdb.la
+lib/libheimbase.la
lib/libheimntlm.la
lib/libhx509.la
lib/libkadm5clnt.la
@@ -187,13 +192,10 @@ man/man1/xnlock.1
man/man3/HDB.3
man/man3/__gss_c_attr_stream_sizes_oid_desc.3
man/man3/arg_printusage.3
-man/man3/challange.3
+man/man3/challenge.3
man/man3/context.3
man/man3/data.3
-man/man3/dnsdomainname.3
-man/man3/dnsservername.3
man/man3/domain.3
-man/man3/domainname.3
man/man3/ecalloc.3
man/man3/emalloc.3
man/man3/eread.3
@@ -222,11 +224,13 @@ man/man3/gss_import_name.3
man/man3/gss_import_sec_context.3
man/man3/gss_indicate_mechs.3
man/man3/gss_init_sec_context.3
+man/man3/gss_inquire_attrs_for_mech.3
man/man3/gss_inquire_context.3
man/man3/gss_inquire_cred.3
man/man3/gss_inquire_cred_by_mech.3
man/man3/gss_inquire_mechs_for_name.3
man/man3/gss_inquire_names_for_mech.3
+man/man3/gss_inquire_saslname_for_mech.3
man/man3/gss_krb5_ccache_name.3
man/man3/gss_krb5_compat_des3_mic.3
man/man3/gss_krb5_copy_ccache.3
@@ -270,9 +274,11 @@ man/man3/hdb__put.3
man/man3/hdb_auth_status.3
man/man3/hdb_check_constrained_delegation.3
man/man3/hdb_check_pkinit_ms_upn_match.3
+man/man3/hdb_check_s4u2self.3
man/man3/hdb_close.3
man/man3/hdb_destroy.3
-man/man3/hdb_fetch.3
+man/man3/hdb_entry_ex.3
+man/man3/hdb_fetch_kvno.3
man/man3/hdb_firstkey.3
man/man3/hdb_free.3
man/man3/hdb_get_realms.3
@@ -286,6 +292,8 @@ man/man3/hdb_rename.3
man/man3/hdb_store.3
man/man3/hdb_unlock.3
man/man3/heim_ntlm_build_ntlm1_master.3
+man/man3/heim_ntlm_build_ntlm2_master.3
+man/man3/heim_ntlm_calculate_lm2.3
man/man3/heim_ntlm_calculate_ntlm1.3
man/man3/heim_ntlm_calculate_ntlm2.3
man/man3/heim_ntlm_decode_targetinfo.3
@@ -298,6 +306,7 @@ man/man3/heim_ntlm_free_targetinfo.3
man/man3/heim_ntlm_free_type1.3
man/man3/heim_ntlm_free_type2.3
man/man3/heim_ntlm_free_type3.3
+man/man3/heim_ntlm_keyex_unwrap.3
man/man3/heim_ntlm_nt_key.3
man/man3/heim_ntlm_ntlmv2_key.3
man/man3/heim_ntlm_verify_ntlm2.3
@@ -625,6 +634,7 @@ man/man3/krb5_checksumsize.3
man/man3/krb5_cksumtype_to_enctype.3
man/man3/krb5_cksumtype_valid.3
man/man3/krb5_clear_error_message.3
+man/man3/krb5_clear_error_string.3
man/man3/krb5_closelog.3
man/man3/krb5_compare_creds.3
man/man3/krb5_config_file_free.3
@@ -679,6 +689,7 @@ man/man3/krb5_crypto_overhead.3
man/man3/krb5_data_alloc.3
man/man3/krb5_data_cmp.3
man/man3/krb5_data_copy.3
+man/man3/krb5_data_ct_cmp.3
man/man3/krb5_data_free.3
man/man3/krb5_data_realloc.3
man/man3/krb5_data_zero.3
@@ -762,11 +773,15 @@ man/man3/krb5_free_krbhst.3
man/man3/krb5_free_principal.3
man/man3/krb5_free_salt.3
man/man3/krb5_free_ticket.3
+man/man3/krb5_free_unparsed_name.3
man/man3/krb5_fwd_tgt_creds.3
man/man3/krb5_generate_random_block.3
+man/man3/krb5_generate_subkey.3
man/man3/krb5_generate_subkey_extended.3
man/man3/krb5_get_all_client_addrs.3
man/man3/krb5_get_all_server_addrs.3
+man/man3/krb5_get_cred_from_kdc.3
+man/man3/krb5_get_cred_from_kdc_opt.3
man/man3/krb5_get_credentials.3
man/man3/krb5_get_credentials_with_flags.3
man/man3/krb5_get_creds.3
@@ -847,7 +862,6 @@ man/man3/krb5_init_creds_set_password.3
man/man3/krb5_init_creds_set_service.3
man/man3/krb5_init_creds_step.3
man/man3/krb5_init_ets.3
-man/man3/krb5_init_etype.3
man/man3/krb5_initlog.3
man/man3/krb5_introduction.3
man/man3/krb5_is_config_principal.3
@@ -884,6 +898,7 @@ man/man3/krb5_kt_get_entry.3
man/man3/krb5_kt_get_full_name.3
man/man3/krb5_kt_get_name.3
man/man3/krb5_kt_get_type.3
+man/man3/krb5_kt_have_content.3
man/man3/krb5_kt_next_entry.3
man/man3/krb5_kt_read_service_key.3
man/man3/krb5_kt_register.3
@@ -1022,6 +1037,7 @@ man/man3/krb5_storage_seek.3
man/man3/krb5_storage_set_byteorder.3
man/man3/krb5_storage_set_eof_code.3
man/man3/krb5_storage_set_flags.3
+man/man3/krb5_storage_set_max_alloc.3
man/man3/krb5_storage_to_data.3
man/man3/krb5_storage_truncate.3
man/man3/krb5_storage_write.3
@@ -1086,6 +1102,7 @@ man/man3/krb5_verify_user_lrealm.3
man/man3/krb5_verify_user_opt.3
man/man3/krb5_vlog.3
man/man3/krb5_vlog_msg.3
+man/man3/krb5_vset_error_string.3
man/man3/krb5_vwarn.3
man/man3/krb_afslog.3
man/man3/krb_afslog_uid.3
@@ -1094,7 +1111,6 @@ man/man3/lm.3
man/man3/ntlm.3
man/man3/ntlm_buf.3
man/man3/ntlm_core.3
-man/man3/ntlm_targetinfo.3
man/man3/ntlm_type1.3
man/man3/ntlm_type2.3
man/man3/ntlm_type3.3
@@ -1132,7 +1148,6 @@ man/man3/rtbl_set_column_prefix.3
man/man3/rtbl_set_flags.3
man/man3/rtbl_set_prefix.3
man/man3/rtbl_set_separator.3
-man/man3/servername.3
man/man3/sessionkey.3
man/man3/targetinfo.3
man/man3/targetname.3
diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
index b777a285ec2..bf987c6d2c8 100644
--- a/security/heimdal/distinfo
+++ b/security/heimdal/distinfo
@@ -1,14 +1,12 @@
-$NetBSD: distinfo,v 1.33 2011/12/30 18:59:05 tez Exp $
+$NetBSD: distinfo,v 1.34 2012/02/27 12:39:11 asau Exp $
-SHA1 (heimdal-1.4.tar.gz) = b4c876df3637a11deea72f87a6e54f6caf501679
-RMD160 (heimdal-1.4.tar.gz) = 055288f1ab37781f1533299bdff9b0d1e264d470
-Size (heimdal-1.4.tar.gz) = 6095377 bytes
+SHA1 (heimdal-1.5.2.tar.gz) = dd0920a181d18236432e4b3e5eab6e468cda4b89
+RMD160 (heimdal-1.5.2.tar.gz) = 1ab2f835309a916dfbba667d3d0d38a57c312fde
+Size (heimdal-1.5.2.tar.gz) = 6798615 bytes
SHA1 (patch-ad) = 37c2a7cdc4dba695a84057b40aae3c5a971cb546
SHA1 (patch-al) = 022d5f3723bd1db7fe5e92eea5d0106851a5d424
-SHA1 (patch-appl_telnet_libtelnet_encrypt.c) = b8cd432dee8758b8c5790c6fe214f11397446cd8
-SHA1 (patch-ar) = 0a3e7bbd3cb04deb0f6772afd9a6b6b5353463d3
SHA1 (patch-kdc_version-script.map) = 42b0417a16b19a680f30ae34cfffd082f609d4a6
SHA1 (patch-lib_hcrypto_libtommath_tommath.h) = 60f223bb23145854f2a144da9e0a9484728b618a
SHA1 (patch-lib_hcrypto_libtommath_tommath_class.h) = 8c7b1e8d30cda79fd59a8ef83094a611b47a43df
SHA1 (patch-lib_hcrypto_libtommath_tommath_superclass.h) = 141e75b5b310446694769b16a977fa5b25160fbd
-SHA1 (patch-lib_otp_Makefile.in) = 830f0e536a103478d147bb03e7752d5d38ddf03b
+SHA1 (patch-lib_otp_Makefile.in) = 0fe1426000824614f0e31d3ab2348948f3f414d3
diff --git a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c b/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c
deleted file mode 100644
index c63a37e8c68..00000000000
--- a/security/heimdal/patches/patch-appl_telnet_libtelnet_encrypt.c
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-appl_telnet_libtelnet_encrypt.c,v 1.1 2011/12/30 18:59:06 tez Exp $
-
-Fix for CVE-2011-4862 from FreeBSD
-
-When an encryption key is supplied via the TELNET protocol, its length
-is not validated before the key is copied into a fixed-size buffer.
-
---- appl/telnet/libtelnet/encrypt.c.orig 2011-12-30 11:55:11.373531000 -0600
-+++ appl/telnet/libtelnet/encrypt.c 2011-12-30 11:56:35.109601000 -0600
-@@ -736,6 +736,9 @@
- int dir = kp->dir;
- int ret = 0;
-
-+ if (len > MAXKEYLEN)
-+ len = MAXKEYLEN;
-+
- if (!(ep = (*kp->getcrypt)(*kp->modep))) {
- if (len == 0)
- return;
diff --git a/security/heimdal/patches/patch-ar b/security/heimdal/patches/patch-ar
deleted file mode 100644
index 22a22514305..00000000000
--- a/security/heimdal/patches/patch-ar
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-ar,v 1.3 2011/07/08 09:49:22 adam Exp $
-
-Why should anyone want to install the libtool wrapper for a library, but
-not the library itself?
-
---- lib/auth/afskauthlib/Makefile.in.orig 2008-01-24 08:14:21.000000000 -0500
-+++ lib/auth/afskauthlib/Makefile.in
-@@ -361,7 +361,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk
- @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
- @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
- foodir = $(libdir)
--foo_DATA = afskauthlib.so
-+foo_DATA = .libs/afskauthlib.so
- SRCS = verify.c
- OBJS = verify.o
- CLEANFILES = $(foo_DATA) $(OBJS) so_locations
diff --git a/security/heimdal/patches/patch-lib_otp_Makefile.in b/security/heimdal/patches/patch-lib_otp_Makefile.in
index 4adbb09ebdb..26de0c7e7e3 100644
--- a/security/heimdal/patches/patch-lib_otp_Makefile.in
+++ b/security/heimdal/patches/patch-lib_otp_Makefile.in
@@ -1,23 +1,12 @@
-$NetBSD: patch-lib_otp_Makefile.in,v 1.1 2011/07/08 09:49:22 adam Exp $
+$NetBSD: patch-lib_otp_Makefile.in,v 1.2 2012/02/27 12:39:12 asau Exp $
-Fix linking.
-
---- lib/otp/Makefile.in.orig 2011-06-25 11:48:35.000000000 +0000
+--- lib/otp/Makefile.in.orig 2012-01-11 13:04:29.000000000 +0000
+++ lib/otp/Makefile.in
-@@ -47,7 +47,6 @@ DIST_COMMON = $(include_HEADERS) $(srcdi
- $(top_srcdir)/cf/Makefile.am.common ChangeLog
- noinst_PROGRAMS = otptest$(EXEEXT)
- check_PROGRAMS = otptest$(EXEEXT)
--@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+@@ -50,7 +50,6 @@ check_PROGRAMS = otptest$(EXEEXT)
+ @HAVE_DB1_TRUE@am__append_1 = $(LIB_db_create)
+ @HAVE_DB1_FALSE@@HAVE_DB3_TRUE@am__append_2 = $(LIB_db_create)
+ @HAVE_DB1_FALSE@@HAVE_DB3_FALSE@am__append_3 = $(LIB_NDBM)
+-@versionscript_TRUE@am__append_4 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
subdir = lib/otp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-@@ -404,7 +403,7 @@ otptest_LDADD = libotp.la
- include_HEADERS = otp.h
- lib_LTLIBRARIES = libotp.la
- libotp_la_LDFLAGS = -version-info 1:5:1 $(am__append_1)
--libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM)
-+libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) $(DBLIB)
- @HAVE_DB3_FALSE@ndbm_wrap =
- @HAVE_DB3_TRUE@ndbm_wrap = ndbm_wrap.c ndbm_wrap.h
- dist_libotp_la_SOURCES = \