* OpenBSD's vis.h requires stdlib.h
* OpenBSD has SO_PEERCRED, but it is different from Linux's one
* __weak_alias is not for OpenBSD's gcc 4.2.1
* OpenBSD 5.5 has not VIS_HTTPSTYLE.
* Fix PLIST for OpenBSD
checking builtin before including openssl/builtin.mk, so that wanted openssl
will be picked up (formerly, BUILTINK_API_DEPENDS.openssl is ignored).
Bump PKGREVISION.
The three tommath patches (which patch the files into existence) have
been included in the source code since heimdal 1.5, so remove them.
Compile errors due to missing -pthread in MirBSD were fixed by adding
PTHREAD_AUTO_VARS.
vis.h and glob.h are installed on Linux
(Debian GNU/Linux 7.1 and CentOS 6.4 at least)
* Makefile of Rev 1.100 removes vis.h and glob.h hack. My two Linux
environments require vis.h and glob.h entries for PLIST.
Set PLIST.vis and PLIST.glob for Linux.
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
Release Notes - Heimdal - Version Heimdal 1.5.2
Security fixes
- CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
- Check that key types strictly match - denial of service
Release Notes - Heimdal - Version Heimdal 1.5.1
Bug fixes
- Fix building on Solaris, requires c99
- Fix building on Windows
- Build system updates
Release Notes - Heimdal - Version Heimdal 1.5
New features
- Support GSS name extensions/attributes
- SHA512 support
- No Kerberos 4 support
- Basic support for MIT Admin protocol (SECGSS flavor)
in kadmind (extract keytab)
- Replace editline with libedit
New features
* Support for reading MIT database file directly
* KCM is polished up and now used in production
* NTLM first class citizen, credentials stored in KCM
* Table driven ASN.1 compiler, smaller!, not enabled by default
* Native Windows client support
Notes
* Disabled write support NDBM hdb backend (read still in there) since
it can't handle large records, please migrate to a diffrent backend
(like BDB4)
Changes 1.3.3:
Bug fixes
* Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
* Check NULL pointers before dereference them [kdc]
Changes 1.3.2:
Bug fixes
* Don't mix length when clearing hmac (could memset too much)
* More paranoid underrun checking when decrypting packets
* Check the password change requests and refuse to answer empty packets
* Build on OpenSolaris
* Renumber AD-SIGNED-TICKET since it was stolen from US
* Don't cache /dev/*random file descriptor, it doesn't get unloaded
* Make C++ safe
* Misc warnings
