./security/mit-krb5, MIT Kerberos 5 authentication system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.18.4, Package name: mit-krb5-1.18.4, Maintainer: tez

Kerberos V5 is an authentication system developed at MIT. It is a network
authentication protocol designed to provide strong authentication for
client/server applications by using secret-key cryptography. (Kerberos
5 is discussed in RFC 1510.)

This package provides Kerberos and GSSAPI (Generic Security Services
Application Programming Interface) development headers and libraries.
It also includes Kerberos ticket and principal tools.

N.B. Kerberized r-services, telnet and ftp services are now found in
the security/mit-krb5-appl package.


Required to run:
[security/openssl] [databases/lmdb]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 8512.367 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575)
Log message:
*: recursive bump for perl 5.34
   2021-05-13 11:06:16 by Dr. Thomas Orgis | Files touched by this commit (1)
Log message:
security/mit-krb5: detect post-1.5 versions on GNU/Linux in builtin.mk

This might need proper reworking to safely detect the krb5 version
and/or header location without guessing. Asking krb5-config might
be a solution also to tell between heimdal and mit-krb5 from
--version output.
   2021-01-19 17:51:31 by Brook Milligan | Files touched by this commit (2) | Package updated
Log message:
security/mit-krb5: revert previous commit

The fix in the previous patch was already in the updated package, despite
information from upstream.
   2021-01-19 17:18:03 by Brook Milligan | Files touched by this commit (2) | Package updated
Log message:
security/mit-krb5: update patch-aclocal.m4 to avoid empty conditional branch.

Mainline autoconf generates no shell code for AC_CONFIG_AUX_DIR().
Call it unconditionally to avoid a syntax error.  See
https://github.com/krb5/krb5/commit/f78edbe30816f049e1360cb6e203fabfdf7b98df.
   2021-01-16 10:00:23 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
mit-krb5: Update to 1.18.3.

Fixes issues the with autoconf 2.70 update and bison POSIX yacc errors.

Major changes in 1.18.3 (2020-11-17)
------------------------------------

This is a bug fix release.

* Fix a denial of service vulnerability when decoding Kerberos
  protocol messages.

* Fix a locking issue with the LMDB KDB module which could cause KDC
  and kadmind processes to lose access to the database.

* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
  and unloaded while libkrb5support remains loaded.

krb5-1.18.3 changes by ticket ID
--------------------------------

7476    updated manual page for kvno
8614    Assertion failure when repeatedly loading libgssapi_krb5
8882    kdb5_util load ignores password expiration with LDAP KDB module
8918    KDC and kadmind fork with DB open, breaking LMDB KDB module
8926    Allow gss_unwrap_iov() of unpadded RC4 tokens
8933    Fix input length checking in SPNEGO DER decoding
8936    Set lockdown attribute when creating LDAP KDB
8938    Leash crashes on failure to auto-renew tickets
8939    Suppress Leash error popup on MSLSA renew failure
8959    Add recursion limit for ASN.1 indefinite lengths
8960    Fix compatibility with upcoming autoconf 2.70
   2020-10-08 21:52:36 by Greg Troxel | Files touched by this commit (1)
Log message:
mit-krb5: Add comment about missing LICENSE.

The license file is enormous.  While mostly BSDish, one license is
hard to safely read as Free.  I have asked upstream to clarify the
language.