- MITKRB5-SA-2003-005:
Buffer overrun and underrun in principal name handling
- MITKRB5-SA-2003-004:
Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
compromise possible.
- MITKRB5-SA-2003-003:
Faulty length checks in xdrmem_getbytes may allow kadmind DoS.
- Additional patches from RedHat.
Approved by: kris (wearing his portmgr hat)
Obtained from: MIT Website and Nalin Dahyabhai <nalin@redhat.com>
ENOENT. Obtained from /cvs/krbdev/krb5/src/kdc/kdc_preauth.c,v rev 5.31
in MIT KRB5 tree (fix etype info; wrong termination condition used in
get_etype_info).
Obtained from: Sam Hartman <hartmans@mit.edu>
up on their website again, reimplementation of the Makefile patch that
fetched the the tarball from their site for users outside of the US
(originally in Makefile rev 1.29). USA_RESIDENT=YES still supports
manual fetching from web.mit.edu.
that contains the distribution itself, in a tar.gz file, and a signature
certificate, contained in a detached .tar.gz.asc file. Prior to this
patch, users installing MIT KRB5 had to extract the tarball into
/usr/ports/distfiles, then proceed with the installation. This caused
confusion among those installing the port. This patch addresses the
problem by extracting the .tar.gz file from the tarball, then unpacking
the .tar.gz file before continuing with the build.
now makes use of login.conf and login.access. This is performed by
using FreeBSD login(1) instead of MIT KRB5 login.krb5(8).
The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in
the klogind and telnetd arguments in inetd.conf. This is documented
in a new file called README.FreeBSD.
Reviewed by: nectar
<msa@dinosauricon.com> provided the original patches.
= For users outside of the US, point to www.crypto-publish.org for the
distfiles. It was Chris Knight <chris@aims.com.au>'s idea.
Submitted by: Cy.Schubert@uumail.gov.bc.ca (MAINTAINER)
PR: ports/29865
The MIT Kerberos Team announces the availibility of MIT Kerberos 5
Release 1.2.1. This is primarily a bugfix release. Changes include:
* A bug in the gssapi library that prevented kadmin clients from
working has been fixed. For some reason this was not caught during
beta testing.
* login.c now correctly sets the default ccache name.
* A memory leak in conv_princ.c has been fixed.
previous commit message to bsd.port.mk, which said INSTALL_SHLIBS. Boo.)
Line up the rhs of variable assignments nicely. Remove a couple of extra
whitespaces while I'm here.
Suggested by: sobomax