Age | Commit message (Collapse) | Author | Files | Lines |
|
in runtime failures which weren't previously detected due to a bug in
check-shlibs. Bump PKGREVISION.
|
|
|
|
No revbump because it failed to build before if there was one.
Fixes pkg/50348
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
|
|
Bump revision.
|
|
|
|
it is. Don't depend on gmake.
|
|
|
|
http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
and:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
(also apparently known as SA62976)
|
|
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff
|
|
CVE-2014-4343, CVE-2014-4344 & MITKRB5-SA-2014-001 (CVE-2014-4345).
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
|
|
This is a bugfix release. The krb5-1.10 release series is in maintenance, and for new deployments, installers should prefer the krb5-1.11 release series or later.
* Fix a KDC locking issue that could lead to the KDC process holding a persistent lock, preventing administrative actions such as password changes.
* Fix a number of bugs related to KDC master key rollover.
* Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms.
|
|
Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
Improve interoperability with some Windows native PKINIT clients.
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs
|
|
This is a bugfix release. The krb5-1.10 release series is in maintenance, and for new deployments, installers should prefer the krb5-1.11 release series or later.
* Fix KDC null pointer dereference in TGS-REQ handling [CVE-2013-1416]
* Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load.
|
|
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
|
|
(per http://old.nabble.com/Re%3A-build-problem-p34365918.html)
|
|
This is a bugfix release.
Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016, CVE-2013-1415]
Prevent the KDC from returning a host-based service principal referral to the local realm.
|
|
|
|
|
|
|
|
|
|
are called p5-*.
I hope that's all of them.
|
|
This is a bugfix release.
* Fix KDC uninitialized pointer vulnerabilities that could lead to a denial of
service [CVE-2012-1014] or remote code execution [CVE-2012-1015].
* Correctly use default_tgs_enctypes instead of default_tkt_enctypes for TGS
requests.
|
|
Note: Nobody that uses git from pkgsrc can install this package.
It conflicts with security/heimdal which is sucked in by dependencies
of scmgit-base. Since the default way of acquiring pkgsrc on
DragonFly is via git, which is provided by the releases and daily
snapshots, effectively this can't be installed by DragonFly users.
Solving the conflict with heimdal, if possible, would be nice.
|
|
This is a bugfix release.
* Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers.
* Update a workaround for a glibc bug that would cause DNS PTR queries to occur
even when rdns = false.
* Fix a kadmind denial of service issue (null pointer dereference), which could
only be triggered by an administrator with the "create" privilege.
[CVE-2012-1013]
Changes 1.10.1:
This is a bugfix release.
* Fix access controls for KDB string attributes [CVE-2012-1012]
* Make the ASN.1 encoding of key version numbers interoperate with Windows
Read-Only Domain Controllers
* Avoid generating spurious password expiry warnings in cases where the KDC
sends an account expiry time without a password expiry time.
|
|
https://github.com/krb5/krb5/commit/ca2909440015d33be42e77d1955194963d8c0955
|
|
This is primarily a bugfix release.
* Fix an interaction in iprop that could cause spurious excess kadmind processes
when a kprop child fails.
Changes 1.8.5:
This is primarily a bugfix release.
* Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities
[CVE-2011-1528 CVE-2011-1529 CVE-2011-4151].
|
|
this fixes CVE-2011-1528, CVE-2011-1529 & CVE-2011-4151
|
|
This is primarily a bugfix release.
Fix vulnerabilities:
* KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322]
* kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
* KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
* kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
Interoperability:
* Correctly encrypt GSSAPI forwarded credentials using the session key, not
a subkey.
* Set NT-SRV-INST on TGS principal names as expected by some Windows Server
Domain Controllers.
* Don't reject AP-REQ messages if their PAC doesn't validate; suppress the PAC
instead.
* Correctly validate HMAC-MD5 checksums that use DES keys
|
|
|
|
correct BUILDLINK_API_DEPENDS.mit-krb5
fix building where libtool chokes on "--version-info : " (at least OS X)
|
|
including MITKRB5-SA-2011-003.
Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2
Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
|
|
http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt
|
|
|
|
in src/lib as that is the location it wants to pick it up. Work around
the dependencies in other places by symlinking to that, effectively
reverting the direction. Link telnet(d) consistently. Add DESTDIR support.
|
|
http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
(slightly adjusted for older kerberos version)
|
|
MAKE_JOBS=2 and worked without.
|
|
approved by agc
|
|
lib/krb5/os/dnsglue.c uses statbuf structure before zeroing it.
Solaris requires it be zeroed first... all kerberos programs that
use dns lookup crash. Zeroing before use does not break anything
on any other platforms.
Bump PKGREVISION.
|
|
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
|
|
- telnetd username and environment sanitizing vulnerabilities ("-f root")
as described in MIT Kerberos advisory 2007-001.
- krb5_klog_syslog() problems with overly long log strings as described
in MIT Kerberos advisory 2007-002.
- GSS API kg_unseal_v1() double free vulnerability as described in the
MIT Kerberos advisory 2007-003.
|
|
things are restricted, pkgsrc's labeling rules aren't intended to
address export control issues, and there are vast numbers of packages
with apparently similar export control status and no RESTRICTED.)
|
|
Addresses PR pkg/34252 by Matthias Petermann.
Also delint a bit.
|
|
"An unauthenticated user may cause execution of arbitrary code in
kadmind, which can compromise the Kerberos key database and host
security. (kadmind usually runs as root.) Unsuccessful exploitation,
or even accidental replication of the required conditions by
non-malicious users, can result in kadmind crashing."
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143
Patch from MIT.
|
|
"A security issue has been reported in Kerberos, which potentially can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled krshd and v4rcp
applications. This can be exploited to disclose or manipulate the
contents of arbitrary files or execute arbitrary code with root
privileges if the "setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21402/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt
Bump PKGREVISION.
|