head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.4 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.2 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.3.0.4 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.2 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.2.0.32 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.30 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.28 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.26 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.24 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.22 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.20 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.18 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.16 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.14 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.12 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.10 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.8 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.6 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.4 pkgsrc-2008Q1:1.2.0.2 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.1.0.8 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.6 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.4 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.2 pkgsrc-2007Q1-base:1.1; locks; strict; comment @# @; 1.4 date 2012.02.27.12.39.12; author asau; state dead; branches; next 1.3; 1.3 date 2011.07.08.09.49.22; author adam; state Exp; branches; next 1.2; 1.2 date 2008.02.28.08.14.41; author jlam; state Exp; branches; next 1.1; 1.1 date 2007.02.20.10.17.14; author rillig; state Exp; branches; next ; desc @@ 1.4 log @Update to Heimdal 1.5.2 Release Notes - Heimdal - Version Heimdal 1.5.2 Security fixes - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege - Check that key types strictly match - denial of service Release Notes - Heimdal - Version Heimdal 1.5.1 Bug fixes - Fix building on Solaris, requires c99 - Fix building on Windows - Build system updates Release Notes - Heimdal - Version Heimdal 1.5 New features - Support GSS name extensions/attributes - SHA512 support - No Kerberos 4 support - Basic support for MIT Admin protocol (SECGSS flavor) in kadmind (extract keytab) - Replace editline with libedit @ text @$NetBSD: patch-ar,v 1.3 2011/07/08 09:49:22 adam Exp $ Why should anyone want to install the libtool wrapper for a library, but not the library itself? --- lib/auth/afskauthlib/Makefile.in.orig 2008-01-24 08:14:21.000000000 -0500 +++ lib/auth/afskauthlib/Makefile.in @@@@ -361,7 +361,7 @@@@ LIB_kafs = $(top_builddir)/lib/kafs/libk @@KRB5_TRUE@@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la @@DCE_TRUE@@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la foodir = $(libdir) -foo_DATA = afskauthlib.so +foo_DATA = .libs/afskauthlib.so SRCS = verify.c OBJS = verify.o CLEANFILES = $(foo_DATA) $(OBJS) so_locations @ 1.3 log @Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings @ text @d1 1 a1 1 $NetBSD: patch-ar,v 1.2 2008/02/28 08:14:41 jlam Exp $ @ 1.2 log @Update security/heimdal to version 1.1. Changes from version 0.7.2 include: * Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes @ text @d1 1 a1 1 $NetBSD$ d8 1 a8 1 @@@@ -317,7 +317,7 @@@@ LIB_kafs = $(top_builddir)/lib/kafs/libk @ 1.1 log @Fixed the build on IRIX 6.5. @ text @d6 3 a8 3 --- lib/auth/afskauthlib/Makefile.in.orig Mon Feb 6 08:31:49 2006 +++ lib/auth/afskauthlib/Makefile.in Tue Feb 20 04:20:05 2007 @@@@ -347,7 +347,7 @@@@ @