| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
in runtime failures which weren't previously detected due to a bug in
check-shlibs. Bump PKGREVISION.
|
|
|
|
No revbump because it failed to build before if there was one.
Fixes pkg/50348
|
|
krb5-config script, fixing SLES according to sobukus on IRC.
|
|
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
|
|
Bump revision.
|
|
|
|
it is. Don't depend on gmake.
|
|
|
|
http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
and:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
(also apparently known as SA62976)
|
|
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff
|
|
CVE-2014-4343, CVE-2014-4344 & MITKRB5-SA-2014-001 (CVE-2014-4345).
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
|
|
|
|
|
|
|
|
that are unsupported by the native port of MIT KRB5, and add any flags
necessary to support the builtin version.
Fixes various packages since the change to support the SunOS builtin.
Based on patches by Richard PALO (richard@).
|
|
This is a bugfix release. The krb5-1.10 release series is in maintenance, and for new deployments, installers should prefer the krb5-1.11 release series or later.
* Fix a KDC locking issue that could lead to the KDC process holding a persistent lock, preventing administrative actions such as password changes.
* Fix a number of bugs related to KDC master key rollover.
* Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms.
|
|
|
|
|
|
|
|
|
|
|
|
Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
Improve interoperability with some Windows native PKINIT clients.
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs
|
|
This is a bugfix release. The krb5-1.10 release series is in maintenance, and for new deployments, installers should prefer the krb5-1.11 release series or later.
* Fix KDC null pointer dereference in TGS-REQ handling [CVE-2013-1416]
* Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load.
|
|
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
|
|
(per http://old.nabble.com/Re%3A-build-problem-p34365918.html)
|
|
This is a bugfix release.
Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016, CVE-2013-1415]
Prevent the KDC from returning a host-based service principal referral to the local realm.
|
|
|
|
|
|
|
|
|
|
Generated file didn't pass -Werror check on gcc4.7. The problem is
well-known and already fixed on the current version of mit-krb5. The
patch added here was taken from upstream.
No revbump necessary, won't change binary on systems that already built it.
|
|
are called p5-*.
I hope that's all of them.
|
|
This is a bugfix release.
* Fix KDC uninitialized pointer vulnerabilities that could lead to a denial of
service [CVE-2012-1014] or remote code execution [CVE-2012-1015].
* Correctly use default_tgs_enctypes instead of default_tkt_enctypes for TGS
requests.
|
|
Note: Nobody that uses git from pkgsrc can install this package.
It conflicts with security/heimdal which is sucked in by dependencies
of scmgit-base. Since the default way of acquiring pkgsrc on
DragonFly is via git, which is provided by the releases and daily
snapshots, effectively this can't be installed by DragonFly users.
Solving the conflict with heimdal, if possible, would be nice.
|
|
This is a bugfix release.
* Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers.
* Update a workaround for a glibc bug that would cause DNS PTR queries to occur
even when rdns = false.
* Fix a kadmind denial of service issue (null pointer dereference), which could
only be triggered by an administrator with the "create" privilege.
[CVE-2012-1013]
Changes 1.10.1:
This is a bugfix release.
* Fix access controls for KDB string attributes [CVE-2012-1012]
* Make the ASN.1 encoding of key version numbers interoperate with Windows
Read-Only Domain Controllers
* Avoid generating spurious password expiry warnings in cases where the KDC
sends an account expiry time without a password expiry time.
|
|
https://github.com/krb5/krb5/commit/ca2909440015d33be42e77d1955194963d8c0955
|
|
This is primarily a bugfix release.
* Fix an interaction in iprop that could cause spurious excess kadmind processes
when a kprop child fails.
Changes 1.8.5:
This is primarily a bugfix release.
* Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities
[CVE-2011-1528 CVE-2011-1529 CVE-2011-4151].
|
|
this fixes CVE-2011-1528, CVE-2011-1529 & CVE-2011-4151
|
|
This is primarily a bugfix release.
Fix vulnerabilities:
* KDC uninitialized pointer crash [MITKRB5-SA-2010-006 CVE-2010-1322]
* kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
* KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
* kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
Interoperability:
* Correctly encrypt GSSAPI forwarded credentials using the session key, not
a subkey.
* Set NT-SRV-INST on TGS principal names as expected by some Windows Server
Domain Controllers.
* Don't reject AP-REQ messages if their PAC doesn't validate; suppress the PAC
instead.
* Correctly validate HMAC-MD5 checksums that use DES keys
|
|
|
|
|
|
correct BUILDLINK_API_DEPENDS.mit-krb5
fix building where libtool chokes on "--version-info : " (at least OS X)
|
|
|
