./security/cy2-gssapi, Cyrus SASL GSSAPI authentication plugin

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.28nb1, Package name: cy2-gssapi-2.1.28nb1, Maintainer: pkgsrc-users

SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.

This is the Cyrus SASL plugin that implements the GSSAPI authentication
mechanism.


Required to run:
[security/cyrus-sasl] [security/heimdal] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 3940.237 KB

Version history: (Expand)


CVS history: (Expand)


   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2022-02-24 12:00:04 by Thomas Klausner | Files touched by this commit (14) | Package updated
Log message:
cyrus-sasl: update to 2.1.28

New in 2.1.28

    build:
        configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
        makemd5.c - Fix potential out of bound writes
        fix build with –disable-shared –enable-static
        Dozens of fixes for Windows specific builds
        Fix cross platform builds with SPNEGO
        Do not try to build broken java subtree
        Fix build error with –enable-auth-sasldb
    common:
        plugin_common.c:
            Ensure size is always checked if called repeatedly (#617)
    documentation:
        Fixed generation of saslauthd(8) man page
        Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
        Updates for additional SCRAM mechanisms
        Fix sasl_decode64 and sasl_encode64 man pages
        Tons of fixes for Sphinx
    include:
        sasl.h:
            Allow up to 16 bits for security flags
    lib:
        checkpw.c:
            Skip one call to strcat
            Disable auxprop-hashed (#374)
        client.c:
            Use proper length for fully qualified domain names
        common.c:
            CVE-2019-19906 Fix off by one error (#587)
        external.c:
            fix EXTERNAL with non-terminated input (#689)
        saslutil.c:
            fix index_64 to be a signed char (#619)
    plugins:
        gssapi.c:
            Emit debug log only in case of errors
        ntlm.c:
            Fail compile if MD4 is not available (#632)
        sql.c:
            Finish reading residual return data (#639)
            CVE-2022-24407 Escape password for SQL insert/update commands.
    sasldb:
        db_gdbm.c:
            fix gdbm_errno overlay from gdbm_close
    DIGEST-MD5 plugin:
        Prevent double free of RC4 context
        Use OpenSSL RC4 implementation if available
    SCRAM plugin:
        Return BADAUTH on incorrect password (#545)
        Add -224, -384, -512 (#552)
        Remove SCRAM_HASH_SIZE
        Add function to return SCRAM auth method name
        Allocate enough memory in scam_setpass()
        Add function to sort SCRAM methods by hash strength
        Update windows build for newer SCRAM options
    saslauthd:
        auth_httpform.c:
            Avoid signed overflow with non-ascii characters (#576)
        auth_krb5.c:
            support setting an explicit auth_krb5 server name
            support setting an explicit servername with Heimdal
            unify the MIT and Heimdal auth_krb5 implementations
            Remove call to krbtf
        auth_rimap.c:
            provide native memmem implementation if missing
        lak.c:
            Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
        lak.h:
            Increase supported DN length to 4096 (#626)
   2021-10-21 09:46:39 by Thomas Klausner | Files touched by this commit (77)
Log message:
*: recursive bump for heimdal 7.7.0

its buildlink3.mk now includes openssl's buildlink3.mk
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2018-12-09 22:05:37 by Adam Ciarcinski | Files touched by this commit (53)
Log message:
Removed commented-out PKGREVISIONs
   2018-04-17 03:57:19 by Christos Zoulas | Files touched by this commit (26)
Log message:
upgrade to 2.1.27-rc7 so that we can use it with openssl-1.1
   2017-04-27 15:56:47 by Jonathan Perkin | Files touched by this commit (14)
Log message:
Fix to use PKG_SYSCONFDIR.  Bump PKGREVISION for all packages using the
shared Makefile.common.
   2016-12-12 15:22:04 by Thomas Klausner | Files touched by this commit (30)
Log message:
Revert "Specify readline requirement on 30 packages"

Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.