head	1.6;
access;
symbols
	pkgsrc-2013Q2:1.6.0.36
	pkgsrc-2013Q2-base:1.6
	pkgsrc-2012Q4:1.6.0.34
	pkgsrc-2012Q4-base:1.6
	pkgsrc-2011Q4:1.6.0.32
	pkgsrc-2011Q4-base:1.6
	pkgsrc-2011Q2:1.6.0.30
	pkgsrc-2011Q2-base:1.6
	pkgsrc-2009Q4:1.6.0.28
	pkgsrc-2009Q4-base:1.6
	pkgsrc-2008Q4:1.6.0.26
	pkgsrc-2008Q4-base:1.6
	pkgsrc-2008Q3:1.6.0.24
	pkgsrc-2008Q3-base:1.6
	cube-native-xorg:1.6.0.22
	cube-native-xorg-base:1.6
	pkgsrc-2008Q2:1.6.0.20
	pkgsrc-2008Q2-base:1.6
	pkgsrc-2008Q1:1.6.0.18
	pkgsrc-2008Q1-base:1.6
	pkgsrc-2007Q4:1.6.0.16
	pkgsrc-2007Q4-base:1.6
	pkgsrc-2007Q3:1.6.0.14
	pkgsrc-2007Q3-base:1.6
	pkgsrc-2007Q2:1.6.0.12
	pkgsrc-2007Q2-base:1.6
	pkgsrc-2007Q1:1.6.0.10
	pkgsrc-2007Q1-base:1.6
	pkgsrc-2006Q4:1.6.0.8
	pkgsrc-2006Q4-base:1.6
	pkgsrc-2006Q3:1.6.0.6
	pkgsrc-2006Q3-base:1.6
	pkgsrc-2006Q2:1.6.0.4
	pkgsrc-2006Q2-base:1.6
	pkgsrc-2006Q1:1.6.0.2
	pkgsrc-2006Q1-base:1.6
	pkgsrc-2005Q4:1.5.0.2
	pkgsrc-2005Q4-base:1.5
	pkgsrc-2005Q3:1.4.0.4
	pkgsrc-2005Q3-base:1.4
	pkgsrc-2005Q2:1.4.0.2
	pkgsrc-2005Q2-base:1.4
	pkgsrc-2005Q1:1.3.0.4
	pkgsrc-2005Q1-base:1.3
	pkgsrc-2004Q4:1.3.0.2
	pkgsrc-2004Q4-base:1.3
	pkgsrc-2004Q3:1.2.0.4
	pkgsrc-2004Q3-base:1.2
	pkgsrc-2004Q2:1.2.0.2
	pkgsrc-2004Q2-base:1.2
	pkgsrc-2004Q1:1.1.0.2
	pkgsrc-2004Q1-base:1.1;
locks; strict;
comment	@# @;


1.6
date	2006.02.07.12.20.52;	author lha;	state dead;
branches;
next	1.5;

1.5
date	2005.10.26.15.12.45;	author jlam;	state Exp;
branches
	1.5.2.1;
next	1.4;

1.4
date	2005.04.21.14.35.47;	author lha;	state dead;
branches;
next	1.3;

1.3
date	2004.10.06.17.18.32;	author gavan;	state Exp;
branches
	1.3.4.1;
next	1.2;

1.2
date	2004.04.01.18.42.25;	author joda;	state dead;
branches;
next	1.1;

1.1
date	2004.01.13.02.05.29;	author markd;	state Exp;
branches;
next	;

1.5.2.1
date	2006.02.08.15.59.35;	author salo;	state dead;
branches;
next	;

1.3.4.1
date	2005.04.21.15.55.34;	author salo;	state dead;
branches;
next	;


desc
@@


1.6
log
@http://www.pdc.kth.se/heimdal/releases/0.7.2/
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/

Changes in Heimdal 0.7.2

* Fix security problem in rshd that enable an attacker to overwrite
  and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
  in a NULL de-reference before the user logged in, resulting in inetd
  turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
  exists in the keytab before returning success. This allows servers
  to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
  uses subkey for sending for compatibility reasons, this will change
  in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
  successful logins.
* Bug fixes
@
text
@$NetBSD: patch-ae,v 1.5 2005/10/26 15:12:45 jlam Exp $

--- lib/krb5/krb5_encrypt.3.orig	2005-09-09 08:12:13.000000000 -0400
+++ lib/krb5/krb5_encrypt.3
@@@@ -44,7 +44,7 @@@@
 .Nm krb5_decrypt_ivec ,
 .Nm krb5_decrypt_ticket ,
 .Nm krb5_encrypt ,
-.Nm krb5_encrypt_EncryptedData,
+.Nm krb5_encrypt_EncryptedData ,
 .Nm krb5_encrypt_ivec ,
 .Nm krb5_enctype_disable ,
 .Nm krb5_enctype_keysize ,
@


1.5
log
@Update security/heimdal to 0.7.1 (approved by lha).  We drop support
for the "db4" option and just rely on the appropriate BDB_* settings
via bdb.buildlink3.mk.  Also, we tweak the builtin.mk file so use
krb5-config, if it's available, to check the version of the built-in
heimdal.  Patches patch-ab, patch-ae and patch-af have been sent back
upstream and will be incorporated into future Heimdal releases.

Changes between version 0.6.5 and version 0.7.1 include:

 * Support for KCM, a process based credential cache
 * Support CCAPI credential cache
 * SPNEGO support
 * AES (and the gssapi conterpart, CFX) support
 * Adding new and improve old documentation
 * Bug fixes
@
text
@d1 1
a1 1
$NetBSD$
@


1.5.2.1
log
@Pullup ticket 1106 - requested by Love Hornquist Astrand
security update for heimdal

Revisions pulled up:
- pkgsrc/security/heimdal/Makefile		1.54
- pkgsrc/security/heimdal/distinfo		1.19
- pkgsrc/security/heimdal/patches/patch-ab	removed
- pkgsrc/security/heimdal/patches/patch-ak	removed
- pkgsrc/security/heimdal/patches/patch-ae	removed
- pkgsrc/security/heimdal/patches/patch-af	removed
- pkgsrc/security/heimdal/patches/patch-ag	removed
- pkgsrc/security/heimdal/patches/patch-ah	removed
- pkgsrc/security/heimdal/patches/patch-ai	removed
- pkgsrc/security/heimdal/patches/patch-aj	removed

   Module Name:		pkgsrc
   Committed By:	lha
   Date:		Tue Feb  7 12:20:52 UTC 2006

   Modified Files:
   	pkgsrc/security/heimdal: Makefile distinfo
   Removed Files:
   	pkgsrc/security/heimdal/patches: patch-ab patch-ae patch-af
   	    patch-ag patch-ah patch-ai patch-aj patch-ak

   Log Message:
   http://www.pdc.kth.se/heimdal/releases/0.7.2/
   http://www.pdc.kth.se/heimdal/advisory/2006-02-06/

   Changes in Heimdal 0.7.2

   * Fix security problem in rshd that enable an attacker to overwrite
     and change ownership of any file that root could write.
   * Fix a DOS in telnetd. The attacker could force the server to crash
     in a NULL de-reference before the user logged in, resulting in inetd
     turning telnetd off because it forked too fast.
   * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
     exists in the keytab before returning success. This allows servers
     to check if its even possible to use GSSAPI.
   * Fix receiving end of token delegation for GSS-API. It still wrongly
     uses subkey for sending for compatibility reasons, this will change
     in 0.8.
   * telnetd, login and rshd are now more verbose in logging failed and
     successful logins.
   * Bug fixes
@
text
@d1 1
a1 1
$NetBSD: patch-ae,v 1.5 2005/10/26 15:12:45 jlam Exp $
@


1.4
log
@Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
package. Also please pkglint. Changes in heimdal 0.6.4 include:

 * fix vulnerabilities in telnet
 * rshd: encryption without a separate error socket should now work
 * telnet now uses appdefaults for the encrypt and forward/forwardable
   settings
 * bug fixes
@
text
@d1 1
a1 1
$NetBSD: patch-ae,v 1.3 2004/10/06 17:18:32 gavan Exp $
d3 11
a13 10
--- lib/roken/ndbm_wrap.c.orig	2003-08-29 18:00:34.000000000 +0100
+++ lib/roken/ndbm_wrap.c
@@@@ -50,6 +50,7 @@@@ RCSID("$Id: ndbm_wrap.c,v 1.1.8.1 2003/0
 #include <string.h>
 #include <fcntl.h>
 
+#undef open
 
 #define DBT2DATUM(DBT, DATUM) do { (DATUM)->dptr = (DBT)->data; (DATUM)->dsize = (DBT)->size; } while(0)
 #define DATUM2DBT(DATUM, DBT) do { (DBT)->data = (DATUM)->dptr; (DBT)->size = (DATUM)->dsize; } while(0)
@


1.3
log
@Undefine open in ndbm_wrap.c. This fixes a build problem on Solaris.
@
text
@d1 1
a1 1
$NetBSD$
@


1.3.4.1
log
@Pullup ticket 458 - requested by Love Hornquist-Astrand
security fix for heimdal

Revisions pulled up:
- pkgsrc/security/heimdal/Makefile		1.34-1.35
- pkgsrc/security/heimdal/PLIST			1.7
- pkgsrc/security/heimdal/distinfo		1.11
- pkgsrc/security/heimdal/patches/patch-ae	removed

   Module Name:		pkgsrc
   Committed By:	wiz
   Date:		Thu Apr 21 14:00:36 UTC 2005

   Modified Files:
   	pkgsrc/security/heimdal: Makefile

   Log Message:
   lha agreed to maintain this package.
---
   Module Name:		pkgsrc
   Committed By:	lha
   Date:		Thu Apr 21 14:35:47 UTC 2005

   Modified Files:
   	pkgsrc/security/heimdal: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/security/heimdal/patches: patch-ae

   Log Message:
   Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
   package. Also please pkglint. Changes in heimdal 0.6.4 include:

    * fix vulnerabilities in telnet
    * rshd: encryption without a separate error socket should now work
    * telnet now uses appdefaults for the encrypt and forward/forwardable
      settings
    * bug fixes
@
text
@d1 1
a1 1
$NetBSD: patch-ae,v 1.3 2004/10/06 17:18:32 gavan Exp $
@


1.2
log
@Update to 0.6.1:
 * Fixed cross realm vulnerability
 * Fixed ARCFOUR suppport
 * kdc: fix denial of service attack
 * kdc: stop clients from renewing tickets into the future
 * bug fixes
@
text
@d1 1
a1 1
$NetBSD: patch-ae,v 1.1 2004/01/13 02:05:29 markd Exp $
d3 5
a7 3
--- lib/krb5/verify_krb5_conf.c.orig	2003-03-29 21:52:50.000000000 +1200
+++ lib/krb5/verify_krb5_conf.c
@@@@ -449,8 +449,8 @@@@ struct entry log_strings[] = {
d9 4
a12 9
 #if 0
 struct entry kdcdefaults_entries[] = {
-    { "kdc_ports, krb5_config_string, mit_entry },
-    { "v4_mode, krb5_config_string, mit_entry },
+    { "kdc_ports", krb5_config_string, mit_entry },
+    { "v4_mode", krb5_config_string, mit_entry },
     { NULL }
 };
 #endif
@


1.1
log
@Fix build with gcc3.
@
text
@d1 1
a1 1
$NetBSD$
@