| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
|
|
will be bumped again once some other patches are in.
|
|
supported yet. Don't bump revision as the package didn't build before.
|
|
- telnetd username and environment sanitizing vulnerabilities ("-f root")
as described in MIT Kerberos advisory 2007-001.
- krb5_klog_syslog() problems with overly long log strings as described
in MIT Kerberos advisory 2007-002.
- GSS API kg_unseal_v1() double free vulnerability as described in the
MIT Kerberos advisory 2007-003.
|
|
|
|
things are restricted, pkgsrc's labeling rules aren't intended to
address export control issues, and there are vast numbers of packages
with apparently similar export control status and no RESTRICTED.)
|
|
Patch provided by Sergey Svishchev in private mail.
|
|
Addresses PR pkg/34252 by Matthias Petermann.
Also delint a bit.
|
|
"An unauthenticated user may cause execution of arbitrary code in
kadmind, which can compromise the Kerberos key database and host
security. (kadmind usually runs as root.) Unsuccessful exploitation,
or even accidental replication of the required conditions by
non-malicious users, can result in kadmind crashing."
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143
Patch from MIT.
|
|
"A security issue has been reported in Kerberos, which potentially can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled krshd and v4rcp
applications. This can be exploited to disclose or manipulate the
contents of arbitrary files or execute arbitrary code with root
privileges if the "setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21402/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt
Bump PKGREVISION.
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
|
that they look nicer.
|
|
check for MIT Kerberos 5 when inspecting /usr/include/krb5.h. Also,
bring this file more in line with heimdal/builtin.mk.
|
|
This stops the "gnome-vfs2" package from pulling in the "heimdal" package.
This fixes PR pkg/29946 by Juha-Matti Liukkonen.
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
and replace with appropriate references to PKGINFODIR instead.
* Properly account for split info files during installation.
* Move info file listings directly into the package PLISTs.
This fixes info-file-related PLIST problems.
|
|
|
|
|
|
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
pkgsrc work.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
thus were before 2005Q3.
|
|
include:
* Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow.
* Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free.
|
|
PKGSRC_USE_TOOLS go away. There is now only a single USE_TOOLS variable
that specifies all of the tools we need to build/run the package.
|
|
Bump PKGREVISION.
|
|
|
|
USE_TOOLS and any of "autoconf", "autoconf213", "automake" or
"automake14". Also, we don't need to call the auto* tools via
${ACLOCAL}, ${AUTOCONF}, etc., since the tools framework takes care
to symlink the correct tool to the correct name, so we can just use
aclocal, autoconf, etc.
|
|
compatibility provided via PKG_OPTIONS_LEGACY_OPTS.
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
|
|
.tar file. Also, fix the yacc silliness while we're here.
|
|
|
|
|
|
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
|
|
|
|
implementation correctly on NetBSD>=2.0.
|
|
is a PKG_OPTION.
|
|
|
|
which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating
to buffer overflows in the telnet client. Bump PKGREVISION to 1.
|
|
|
|
* Merged Athena telnetd changes for creating a new option for requiring
encryption.
* Add implementation of the RPCSEC_GSS authentication flavor to the RPC
library.
* The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
* Thread safety for krb5 libraries.
* Yarrow code now uses AES.
* Merged Athena changes to allow ftpd to require encrypted passwords.
* Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
* Fix heap buffer overflow in password history mechanism.
[MITKRB5-SA-2004-004]
|
|
|
|
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
|
|
NOTE: THIS IS A SECURITY UPDATE.
Changes from version 1.3.4 include:
* [2841] Fix heap buffer overflow in password history
mechanism. [MITKRB5-SA-2004-004]
* [2682] Fix ftpd hang caused by empty PASS command.
* [2686] Fix double-free errors. [MITKRB5-SA-2004-002]
* [2687] Fix denial-of-service vulnerability in ASN.1
decoder. [MITKRB5-SA-2004-003]
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
