summaryrefslogtreecommitdiff
path: root/security/heimdal/PLIST
AgeCommit message (Collapse)AuthorFilesLines
2014-03-11Remove example rc.d scripts from PLISTs.jperkin1-5/+1
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or ignored otherwise.
2013-08-22At least on my systems glob and vis are not installed, so introducejoerg1-3/+3
PLIST conditional. Please fix up the setting on your systems. Mark as not MAKE_JOBS_SAFE.
2013-08-16update PLIST after heimdal upgraderichard1-1/+3
2012-02-27Update to Heimdal 1.5.2asau1-11/+26
Release Notes - Heimdal - Version Heimdal 1.5.2 Security fixes - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege - Check that key types strictly match - denial of service Release Notes - Heimdal - Version Heimdal 1.5.1 Bug fixes - Fix building on Solaris, requires c99 - Fix building on Windows - Build system updates Release Notes - Heimdal - Version Heimdal 1.5 New features - Support GSS name extensions/attributes - SHA512 support - No Kerberos 4 support - Basic support for MIT Admin protocol (SECGSS flavor) in kadmind (extract keytab) - Replace editline with libedit
2011-09-14Fix build on SunOS.hans1-1/+24
2011-07-08Changes 1.4:adam1-53/+392
New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings
2009-06-14Remove @dirrm entries from PLISTsjoerg1-7/+1
2009-02-01heimdal leaves empty directories after deinstallation, fix that.shattered1-2/+5
OK by wiz@.
2008-05-14libhcrypto.la only seems to get installed if we're building on 3.x or older,jwise1-2/+2
so make it only end up in the PLIST if that is the case.
2008-05-05Add missing library (libhcrypto) to PLIST, allowing sudo to build againstjwise1-1/+2
this heimdal on 3.x. Bump PKGREVISION.
2008-04-12Convert to use PLIST_VARS instead of manually passing "@comment "jlam1-4/+4
through PLIST_SUBST to the plist module.
2008-02-28Update security/heimdal to version 1.1. Changes from version 0.7.2 include:jlam1-21/+149
* Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes
2007-02-20Fixed the build on IRIX 6.5.rillig1-1/+2
2006-07-05Back out previous and do the same thing more generally for all platforms.jlam1-3/+1
Since the heimdal install process will install additional headers in ${PREFIX}/include/krb5 depending on what the configure process detects, simply query the source Makefile at install-time for the extra headers that it will install and dynamically add them to the PLIST.
2006-03-30* Honor PKGINFODIR.jlam1-1/+2
* List the info files directly in the PLIST.
2005-10-26Update security/heimdal to 0.7.1 (approved by lha). We drop supportjlam1-2/+312
for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes
2005-05-02RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.reed1-1/+2
And always is defined as share/examples/rc.d which was the default before. This rc.d scripts are not automatically added to PLISTs now also. So add to each corresponding PLIST as required. This was discussed on tech-pkg in late January and late April. Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
2005-04-21Update to Heimdal 0.6.4. While I'm here, claim maintainership of thislha1-13/+13
package. Also please pkglint. Changes in heimdal 0.6.4 include: * fix vulnerabilities in telnet * rshd: encryption without a separate error socket should now work * telnet now uses appdefaults for the encrypt and forward/forwardable settings * bug fixes
2004-10-19Don't list the info/ files. This uses INFO_FILES so theyreed1-4/+1
are automatically registered.
2004-09-14Update security/heimdal to 0.6.3. Changes from version 0.6.1 include:jlam1-50/+4
* fix vulnerabilities in ftpd * support for linux AFS /proc "syscalls" * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd * fix possible KDC denial of service * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
2004-04-23mk/bsd.pkg.install.mk now automatically registersreed1-2/+1
the RCD_SCRIPTS rc.d script(s) to the PLIST. This GENERATE_PLIST idea is part of Greg A. Woods' PR #22954. This helps when the RC_SCRIPTS are installed to a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later, the default RCD_SCRIPTS_EXAMPLEDIR will be changed to be more clear that they are the examples.) These patches also remove the etc/rc.d/ scripts from PLISTs (of packages that use RCD_SCRIPTS). (This also removes now unused references from openssh* makefiles. Note that qmail package has not been changed yet.) I have been doing automatic PLIST registration for RC_SCRIPTS for over a year. Not all of these packages have been tested, but many have been tested and used. Somethings maybe to do: - a few packages still manually install the rc.d scripts to hard-coded etc/rc.d. These need to be fixed. - maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
2004-04-01Update to 0.6.1:joda1-8/+8
* Fixed cross realm vulnerability * Fixed ARCFOUR suppport * kdc: fix denial of service attack * kdc: stop clients from renewing tickets into the future * bug fixes
2004-01-15Support a new yes/no variable "KERBEROS_PREFIX_CMDS" that can be used byjlam1-13/+14
Kerberos implementation packages to decide whether to prefix certain commands with a "k" to differentiate it from system tools with similar names. KERBEROS_PREFIX_CMDS defaults to "no".
2004-01-10Initial import of heimdal-0.6 into security/heimdal.jlam1-0/+445
Heimdal is a free implementation of Kerberos 5. Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is "unsafe". Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). All principals share a secret password (or key) with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Thus trusting the Kerberos server, users and services can authenticate each other.