aboutsummaryrefslogtreecommitdiffstats
path: root/security/heimdal
Commit message (Collapse)AuthorAgeFilesLines
* security/heimdal: fix with stock clang >= 16Dimitry Andric2025-01-051-1/+2
| | | | | | | | | | | | | | | | | Upstream clang >= 16 made -Wimplicit-function-declaration into an error by default. In the base system, this change was reverted to reduce the fallout in ports, because there are many problematic configure scripts. For security/heimdal this also applies, so for building the port with devel/llvm16 or higher we need to add -Wno-implicit-function-declaration to CFLAGS. While here, use LDFLAGS+= for -Wl,--undefined-version, to avoid overwriting any user-specified LDFLAGS. PR: 283131 Approved by: maintainer timeout (2 weeks) MFH: 2025Q1
* security/heimdal: Fix uninitialized pointer dereferenceCy Schubert2024-03-142-3/+30
| | | | | | | | | | | | krb5_ret_preincipal() returns a non-zero return code when a garbage principal is passed to it. Unfortunately ret_principal_ent() does not check the return code, with garbage pointing to what would have been the principal. This results in a segfault when free() is called. PR: 267944, 267972 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2024Q1
* security/heimdal: Fix buildCy Schubert2024-03-141-0/+1
| | | | | | | | | | | Fix build due to many undefined symbols listed in version.map. The problem is that the listed functions are conditionally built and since they exist in FreeBSD they are not built but they are still referenced in version.map. PR: 275979 MFH: 2024Q1 Approved by: portmgr (just fix it)
* security/heimdal: Move man pages to share/manYasuhiro Kimura2024-03-122-1033/+1034
| | | | Approved by: portmgr (blanket)
* Mk/**ldap.mk: Convert USE_LDAP to USES=ldapMuhammad Moinur Rahman2023-02-081-1/+1
| | | | | | | | | | | | | | | Convert the USE_LDAP=yes to USES=ldap and adds the following features: - Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as RUN_DEPENDS - Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER - Adds OPENLDAP versions in bsd.default-versions.mk - Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk - Changes consumers to use the features Reviewed by: delphij Approved by: portmgr Differential Revision: https://reviews.freebsd.org/D38233
* security/heimdal: Remove LLVM_DEFAULT artifactCy Schubert2022-11-241-2/+1
| | | | | | | | Remove an artifact from 22a683a337ef. PR: 267814 Fixes: 22a683a337ef MFH: 2022Q4
* security/heimdal*: Handle other types of garbage dataCy Schubert2022-11-242-3/+31
| | | | | | | | | In addition to garbage realm data, also handle garbage dbname, acl_file, stash_file, and invalid bitmask garbage data. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
* security/heimdal*: Fix NULL dereference when mangled realm messageCy Schubert2022-11-243-1/+30
| | | | | | | | | Fix a NULL dereference in _kadm5_s_init_context() when the client sends a mangled realm message. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
* security/heimdal*: The version string must always contain a terminating NULCy Schubert2022-11-242-1/+43
| | | | | | | | | | | Should the sender send a string without a terminating NUL, ensure that the NUL terminates the string regardless. And while at it only process the version string when bytes are returned. PR: 267884 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
* security/heimdal*: Remove LLVM_DEFAULT build prerequisiteCy Schubert2022-11-243-23/+37
| | | | | | | | | Adjust ./configure to set the correct CLANG_FORMAT value when clang-format is not found (when none of the llvm ports are installed). PR: 267814 Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> MFH: 2022Q4
* security/heimdal*: Remove lockfile dependencyCy Schubert2022-11-221-3/+1
| | | | | | | | | Though heimdal ./configure checks for a lockfile dependency, it does not use it. Let's remove the dependency. PR: 267814 Reported by: Tatsuki Makino <tatsuki_makino@hotmail.com> MFH: 2022Q4
* security/heimdal: Remove python dependencyCy Schubert2022-11-171-2/+4
| | | | | | | | | | | Python is only needed in developer mode and only to regenerate already provided files in lib/wind. PR: 267814 Submitted by: jkim Reported by: jkim Fixes: a5523d807d01 MFH: 2022Q4
* security/heimdal: Fix buildCy Schubert2022-11-161-2/+9
| | | | | | | | | | | | | | | | | | Three problems were discovered when building under poudriere or in a clean jail. 1. Python is now a prerequisite. 2. liblockfile is now needed. 3. clang-format is needed for asn1_compile. Unfortunately the base llvm does not install clang-format so we need install $LLVM_DEFAULT to get this file. PR: 267814 Reported by: many Fixes: 83f79ba0e0ca MFH: 2022Q4
* security/heimdal: Update to 7.8.0Cy Schubert2022-11-154-17/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This upgrade fixes multiple security vulnerabilities. The following issues are patched: - CVE-2022-42898 PAC parse integer overflows - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour - CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3, as we believe it should be possible to get an RCE on a KDC, which means that credentials can be compromised that can be used to impersonate anyone in a realm or forest of realms. Heimdal's ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker, in turn leading to a potential remote code execution (RCE) vulnerability. This error affects the DER codec for all extensible CHOICE types used in Heimdal, though not all cases will be exploitable. We have not completed a thorough analysis of all the Heimdal components affected, thus the Kerberos client, the X.509 library, and other parts, may be affected as well. This bug has been in Heimdal's ASN.1 compiler since 2005, but it may only affect Heimdal 1.6 and up. It was first reported by Douglas Bagnall, though it had been found independently by the Heimdal maintainers via fuzzing a few weeks earlier. While no zero-day exploit is known, such an exploit will likely be available soon after public disclosure. - CVE-2019-14870: Validate client attributes in protocol-transition - CVE-2019-14870: Apply forwardable policy in protocol-transition - CVE-2019-14870: Always lookup impersonate client in DB Reported by: so (philip) Approved by: so (philip) MFH: 2022Q4 Security: Many, see above Sponsored by: so (philip)
* Remove WWW entries moved into port MakefilesStefan Eßer2022-09-071-2/+0
| | | | | | | | | | Commit b7f05445c00f has added WWW entries to port Makefiles based on WWW: lines in pkg-descr files. This commit removes the WWW: lines of moved-over URLs from these pkg-descr files. Approved by: portmgr (tcberner)
* Add WWW entries to port MakefilesStefan Eßer2022-09-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has been common practice to have one or more URLs at the end of the ports' pkg-descr files, one per line and prefixed with "WWW:". These URLs should point at a project website or other relevant resources. Access to these URLs required processing of the pkg-descr files, and they have often become stale over time. If more than one such URL was present in a pkg-descr file, only the first one was tarnsfered into the port INDEX, but for many ports only the last line did contain the port specific URL to further information. There have been several proposals to make a project URL available as a macro in the ports' Makefiles, over time. This commit implements such a proposal and moves one of the WWW: entries of each pkg-descr file into the respective port's Makefile. A heuristic attempts to identify the most relevant URL in case there is more than one WWW: entry in some pkg-descr file. URLs that are not moved into the Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr files in order to preserve them. There are 1256 ports that had no WWW: entries in pkg-descr files. These ports will not be touched in this commit. The portlint port has been adjusted to expect a WWW entry in each port Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as deprecated. Approved by: portmgr (tcberner)
* security: remove 'Created by' linesTobias C. Berner2022-07-201-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A big Thank You to the original contributors of these ports: * <ports@c0decafe.net> * Aaron Dalton <aaron@FreeBSD.org> * Adam Weinberger <adamw@FreeBSD.org> * Ade Lovett <ade@FreeBSD.org> * Aldis Berjoza <aldis@bsdroot.lv> * Alex Dupre <ale@FreeBSD.org> * Alex Kapranoff <kappa@rambler-co.ru> * Alex Samorukov <samm@freebsd.org> * Alexander Botero-Lowry <alex@foxybanana.com> * Alexander Kriventsov <avk@vl.ru> * Alexander Leidinger <netchild@FreeBSD.org> * Alexander Logvinov <ports@logvinov.com> * Alexander Y. Grigoryev <alexander.4mail@gmail.com> * Alexey Dokuchaev <danfe@FreeBSD.org> * Alfred Perlstein * Alfred Perlstein <alfred@FreeBSD.org> * Anders Nordby <anders@FreeBSD.org> * Anders Nordby <anders@fix.no> * Andreas Klemm <andreas@klemm.gtn.com> * Andrew Lewis <freeghb@gmail.com> * Andrew Pantyukhin <infofarmer@FreeBSD.org> * Andrew St. Jean <andrew@arda.homeunix.net> * Anes Mukhametov <anes@anes.su> * Antoine Brodin <antoine@FreeBSD.org> * Anton Berezin <tobez@FreeBSD.org> * Antonio Carlos Venancio Junior (<antonio@inf.ufsc.br>) * Antonio Carlos Venancio Junior <antonio@inf.ufsc.br> * Ashish SHUKLA <ashish@FreeBSD.org> * Attila Nagy <bra@fsn.hu> * Autrijus Tang <autrijus@autrijus.org> * Axel Rau <axel.rau@chaos1.de> * Babak Farrokhi <farrokhi@FreeBSD.org> * Ben Woods <woodsb02@FreeBSD.org> * Bernard Spil <brnrd@FreeBSD.org> * Bernard Spil <brnrd@freebsd.org> * Blaz Zupan <blaz@si.FreeBSD.org> * Bob Hockney <zeus@ix.netcom.com> * Boris Kochergin <spawk@acm.poly.edu> * Brendan Molloy <brendan+freebsd@bbqsrc.net> * Bruce M Simpson * Bruce M Simpson <bms@FreeBSD.org> * Bruce M. Simpson <bms@FreeBSD.org> * Carlo Strub * Carlo Strub <cs@FreeBSD.org> * Carlos J Puga Medina <cpm@FreeBSD.org> * Carlos J Puga Medina <cpm@fbsd.es> * Charlie Root <se@FreeBSD.org> * Cheng-Lung Sung <clsung@FreeBSD.org> * Cheng-Lung Sung <clsung@dragon2.net> * Chie Taguchi <taguchi.ch@gmail.com> * Chris Cowart <ccowart@rescomp.berkeley.edu> * Chris D. Faulhaber <jedgar@FreeBSD.org> * Christer Edwards <christer.edwards@gmail.com> * Christian Lackas * Christopher Hall <hsw@bitmark.com> * Clement Laforet <sheepkiller@cultdeadsheep.org> * Clive Lin <clive@CirX.ORG> * Colin Percival * Cory McIntire (loon@noncensored.com) * Craig Leres <leres@FreeBSD.org> * Cristiano Deana <cris@gufi.org> * Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) * Cy Schubert <Cy.Schubert@uumail.gov.bc.ca> * Cy Schubert <cy@FreeBSD.org> * Damian Gerow <dgerow@afflictions.org> * Damien Bobillot * Dan Langille * Dan Langille <dan@freebsddiary.org> * Dan Langille <dvl@FreeBSD.org> * Dan Langille <dvl@freebsd.org> * Dan Langille <dvl@sourcefire.com> * Daniel Kahn Gillmor <dkg@fifthhorseman.net> * Daniel Roethlisberger <daniel@roe.ch> * Danilo Egea Gondolfo <danilo@FreeBSD.org> * Danton Dorati <urisso@bsd.com.br> * Dave McKay <dave@mu.org> * David E. Thiel <lx@FreeBSD.org> * David O'Brien (obrien@NUXI.com) * David O'Brien <obrien@FreeBSD.org> * David Thiel <lx@redundancy.redundancy.org> * Dean Hollister <dean@odyssey.apana.org.au> * Denis Shaposhnikov <dsh@vlink.ru> * Dereckson <dereckson@gmail.com> * Dirk Froemberg <dirk@FreeBSD.org> * Ditesh Shashikant Gathani <ditesh@gathani.org> * Dom Mitchell <dom@happygiraffe.net> * Dominic Marks <dominic.marks@btinternet.com> * Don Croyle <croyle@gelemna.org> * Douglas Thrift <douglas@douglasthrift.net> * Edson Brandi <ebrandi@fugspbr.org> * Edwin Groothuis <edwin@mavetju.org> * Ekkehard 'Ekki' Gehm <gehm@physik.tu-berlin.de> * Emanuel Haupt <ehaupt@FreeBSD.org> * Emanuel Haupt <ehaupt@critical.ch> * Eric Crist <ecrist@secure-computing.net> * Erwin Lansing <erwin@FreeBSD.org> * Eugene Grosbein <eugen@FreeBSD.org> * Fabian Keil <fk@fabiankeil.de> * Felix Palmen <felix@palmen-it.de> * Florent Thoumie <flz@xbsd.org> * Foxfair Hu <foxfair@FreeBSD.org> * Frank Laszlo <laszlof@vonostingroup.com> * Frank Wall <fw@moov.de> * Franz Bettag <franz@bett.ag> * Gabor Kovesdan * Gabor Kovesdan <gabor@FreeBSD.org> * Gabriel M. Dutra <0xdutra@gmail.com> * Gary Hayers <Gary@Hayers.net> * Gasol Wu <gasol.wu@gmail.com> * Gea-Suan Lin <gslin@gslin.org> * George Reid <greid@ukug.uk.freebsd.org> * George Reid <services@nevernet.net> * Greg Larkin <glarkin@FreeBSD.org> * Greg V <greg@unrelenting.technology> * Gregory Neil Shapiro <gshapiro@FreeBSD.org> * Grzegorz Blach <gblach@FreeBSD.org> * Guangyuan Yang <ygy@FreeBSD.org> * Hakisho Nukama <nukama@gmail.com> * Hammurabi Mendes <hmendes@brturbo.com> * Henk van Oers <hvo.pm@xs4all.nl> * Horia Racoviceanu <horia@racoviceanu.com> * Hung-Yi Chen <gaod@hychen.org> * Jaap Akkerhuis <jaap@NLnetLabs.nl> * Jaap Boender <jaapb@kerguelen.org> * Jacek Serwatynski <tutus@trynet.eu.org> * James FitzGibbon <jfitz@FreeBSD.org> * James Thomason <james@divide.org> * Jan-Peter Koopmann <Jan-Peter.Koopmann@seceidos.de> * Janky Jay <ek@purplehat.org> * Janos Mohacsi * Janos Mohacsi <janos.mohacsi@bsd.hu> * Jean-Yves Lefort <jylefort@brutele.be> * Jim Geovedi <jim@corebsd.or.id> * Jim Ohlstein <jim@ohlste.in> * Joe Clarke <marcus@marcuscom.com> * Joe Marcus Clarke <marcus@FreeBSD.org> * Johann Visagie <johann@egenetics.com> * Johann Visagie <wjv@FreeBSD.org> * John Ferrell <jdferrell3@yahoo.com> * John Hixson <jhixson@gmail.com> * John Polstra <jdp@polstra.com> * John W. O'Brien <john@saltant.com> * John-Mark Gurney <jmg@FreeBSD.org> * Jose Alonso Cardenas Marquez <acardenas@bsd.org.pe> * Joseph Benden <joe@thrallingpenguin.com> * Joshua D. Abraham <jabra@ccs.neu.edu> * Jov <amutu@amutu.com> * Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw> * Ka Ho Ng <khng300@gmail.com> * Kay Lehmann <kay_lehmann@web.de> * Keith J. Jones <kjones@antihackertoolkit.com> * Kevin Zheng <kevinz5000@gmail.com> * Kimura Fuyuki <fuyuki@hadaly.org> * Kimura Fuyuki <fuyuki@mj.0038.net> * Klayton Monroe <klm@uidzero.org> * Konstantin Menshikov <kostjnspb@yandex.ru> * Koop Mast <kwm@FreeBSD.org> * Kris Kennaway <kris@FreeBSD.org> * Kubilay Kocak <koobs@FreeBSD.org> * Kurt Jaeger <fbsd-ports@opsec.eu> * LEVAI Daniel <leva@ecentrum.hu> * Lars Engels <lme@FreeBSD.org> * Lars Thegler <lth@FreeBSD.org> * Laurent LEVIER <llevier@argosnet.com> * Luiz Eduardo R. Cordeiro * Lukas Slebodnik <lukas.slebodnik@intrak.sk> * Lukasz Komsta * Mageirias Anastasios <anastmag@gmail.com> * Marcel Prisi <marcel.prisi@virtua.ch> * Marcello Coutinho * Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org> * Mark Felder <feld@FreeBSD.org> * Mark Hannon <markhannon@optusnet.com.au> * Mark Murray <markm@FreeBSD.org> * Mark Pulford <mark@kyne.com.au> * Marko Njezic <sf@maxempire.com> * Martin Matuska <martin@tradex.sk> * Martin Matuska <mm@FreeBSD.org> * Martin Mersberger * Martin Wilke <miwi@FreeBSD.org> * Martti Kuparinen <martti.kuparinen@ericsson.com> * Mateusz Piotrowski <0mp@FreeBSD.org> * Matt <matt@xtaz.net> * Matt Behrens <matt@zigg.com> * Matthias Andree <mandree@FreeBSD.org> * Matthias Fechner <mfechner@FreeBSD.org> * Matthieu BOUTHORS <matthieu@labs.fr> * Maxim Sobolev <sobomax@FreeBSD.org> * Meno Abels <meno.abels@adviser.com> * Michael Haro <mharo@FreeBSD.org> * Michael Johnson <ahze@FreeBSD.org> * Michael Nottebrock <lofi@FreeBSD.org> * Michael Reifenberger <mr@FreeBSD.org> * Michael Schout <mschout@gkg.net> * Michal Bielicki <m.bielicki@llizardfs.com> * Michiel van Baak <michiel@vanbaak.eu * Mij <mij@bitchx.it> * Mike Heffner <mheffner@vt.edu> * Mikhail T. <m.tsatsenko@gmail.com> * Mikhail Teterin <mi@aldan.algebra.com> * Milan Obuch * Mosconi <mosconi.rmg@gmail.com> * Muhammad Moinur Rahman <5u623l20@gmail.com> * Mustafa Arif <ma499@doc.ic.ac.uk> * Neil Booth * Neil Booth <kyuupichan@gmail.com> * Nick Barkas <snb@threerings.net> * Nicola Vitale <nivit@FreeBSD.org> * Niels Heinen * Nikola Kolev <koue@chaosophia.net> * Nobutaka Mantani <nobutaka@FreeBSD.org> * Oliver Lehmann * Oliver Lehmann <oliver@FreeBSD.org> * Olivier Duchateau * Olivier Duchateau <duchateau.olivier@gmail.com> * Olli Hauer * Patrick Li <pat@databits.net> * Paul Chvostek <paul@it.ca> * Paul Schmehl <pauls@utdallas.edu> * Pavel I Volkov <pavelivolkov@googlemail.com> * Pete Fritchman <petef@databits.net> * Peter Ankerstal <peter@pean.org> * Peter Haight <peterh@sapros.com> * Peter Johnson <johnson.peter@gmail.com> * Peter Pentchev <roam@FreeBSD.org> * Petr Rehor <rx@rx.cz> * Philippe Audeoud <jadawin@tuxaco.net> * Philippe Rocques <phil@teaser.fr> * Piotr Kubaj <pkubaj@FreeBSD.org> * Piotr Kubaj <pkubaj@anongoth.pl> * Po-Chuan Hsieh <sunpoet@FreeBSD.org> * RaRa Rasputin <rasputin@submonkey.net> * Radim Kolar * Ralf Meister * Remington Lang <MrL0Lz@gmail.com> * Renaud Chaput <renchap@cocoa-x.com> * Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> * Roland van Laar <roland@micite.net> * Romain Tartiere <romain@blogreen.org> * Roman Bogorodskiy * Roman Bogorodskiy <novel@FreeBSD.org> * Roman Shterenzon <roman@xpert.com> * Rong-En Fan <rafan@FreeBSD.org> * Ryan Steinmetz <zi@FreeBSD.org> * Sahil Tandon <sahil@tandon.net> * Sascha Holzleiter <sascha@root-login.org> * SeaD * Seamus Venasse <svenasse@polaris.ca> * Sean Greven <sean.greven@gmail.com> * Sebastian Schuetz <sschuetz@fhm.edu> * Sergei Kolobov <sergei@FreeBSD.org> * Sergei Kolobov <sergei@kolobov.com> * Sergei Vyshenski * Sergei Vyshenski <svysh.fbsd@gmail.com> * Sergey Skvortsov <skv@protey.ru> * Seth Kingsley <sethk@meowfishies.com> * Shaun Amott <shaun@inerd.com> * Simeon Simeonov <sgs@pichove.org> * Simon Dick <simond@irrelevant.org> * Sofian Brabez <sbrabez@gmail.com> * Stanislav Sedov <ssedov@mbsd.msk.ru> * Stefan Esser <se@FreeBSD.org> * Stefan Grundmann * Stefan Walter <sw@gegenunendlich.de> * Stephon Chen <stephon@gmail.com> * Steve Wills <steve@mouf.net> * Steve Wills <swills@FreeBSD.org> * Steven Kreuzer * Steven Kreuzer <skreuzer@exit2shell.com> * Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> * TAKAHASHI Kaoru <kaoru@kaisei.org> * TAKATSU Tomonari <tota@FreeBSD.org> * Tatsuki Makino <tatsuki_makino@hotmail.com> * Thibault Payet <monwarez@mailoo.org> * Thierry Thomas (<thierry@pompo.net>) * Thierry Thomas <thierry@pompo.net> * Thomas Hurst <tom@hur.st> * Thomas Quinot <thomas@cuivre.fr.eu.org> * Thomas Zander <riggs@FreeBSD.org> * Thomas von Dein <freebsd@daemon.de> * Tilman Linneweh <arved@FreeBSD.org> * Tim Bishop <tim@bishnet.net> * Tom Judge <tom@tomjudge.com> * Tomoyuki Sakurai <cherry@trombik.org> * Toni Viemerö <toni.viemero@iki.fi> * Tony Maher * Torsten Zuhlsdorff <ports@toco-domains.de> * Travis Campbell <hcoyote@ghostar.org> * Tsung-Han Yeh <snowfly@yuntech.edu.tw> * Ulf Lilleengen * Vaida Bogdan <vaida.bogdan@gmail.com> * Valentin Zahariev <curly@e-card.bg> * Valerio Daelli <valerio.daelli@gmail.com> * Veniamin Gvozdikov <vg@FreeBSD.org> * Victor Popov * Victor Popov <v.a.popov@gmail.com> * Vsevolod Stakhov * Vsevolod Stakhov <vsevolod@FreeBSD.org> * Wen Heping <wen@FreeBSD.org> * Wen Heping <wenheping@gmail.com> * Yarodin <yarodin@gmail.com> * Yen-Ming Lee <leeym@FreeBSD.org> * Yen-Ming Lee <leeym@cae.ce.ntu.edu.tw> * Yen-Ming Lee <leeym@leeym.com> * Ying-Chieh Liao <ijliao@FreeBSD.org> * Yonatan <Yonatan@Xpert.com> * Yonatan <onatan@gmail.com> * Yoshisato YANAGISAWA * Yuri Victorovich * Yuri Victorovich <yuri@rawbw.com> * Zach Thompson <hideo@lastamericanempire.com> * Zane C. Bowers <vvelox@vvelox.net> * Zeus Panchenko <zeus@gnu.org.ua> * ache * adamw * ajk@iu.edu * alex@FreeBSD.org * allan@saddi.com * alm * andrej@ebert.su * andrew@scoop.co.nz * andy@fud.org.nz * antoine@FreeBSD.org * arved * barner * brix@FreeBSD.org * buganini@gmail.com * chinsan * chris@still.whet.org * clement * clsung * crow * cy@FreeBSD.org * dominik karczmarski <dominik@karczmarski.com> * dwcjr@inethouston.net * eivind * erich@rrnet.com * erwin@FreeBSD.org * girgen@FreeBSD.org * glen.j.barber@gmail.com * hbo@egbok.com * ijliao * jesper * jfitz * johans * joris * kftseng@iyard.org * kris@FreeBSD.org * lx * markm * mharo@FreeBSD.org * michaelnottebrock@gmx.net * mnag@FreeBSD.org * mp39590@gmail.com * nbm * nectar@FreeBSD.org * nork@FreeBSD.org * nork@cityfujisawa.ne.jp * nsayer@FreeBSD.org * nsayer@quack.kfu.com * ntarmos@cs.uoi.gr * oly * onatan@gmail.com * pandzilla * patrick@mindstep.com * pauls * perl@FreeBSD.org * petef@FreeBSD.org * peter.thoenen@yahoo.com * ports@c0decafe.net * ports@rbt.ca * roam@FreeBSD.org * rokaz * sada@FreeBSD.org * scrappy * se * shane@freebsdhackers.net aka modsix@gmail.com * snb@threerings.net * sumikawa * sviat * teramoto@comm.eng.osaka-u.ac.jp * thierry@pompo.net * tobez@FreeBSD.org * torstenb@FreeBSD.org * trasz <trasz@pin.if.uz.zgora.pl> * trevor * truckman * vanhu * vanilla@ * wen@FreeBSD.org * will With hat: portmgr
* Fix CONFLICTS entries of multiple portsStefan Eßer2022-01-101-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There have been lots of missing CONFLICTS_INSTALL entries, either because conflicting ports were added without updating existing ports, due to name changes of generated packages, due to mis-understanding the format and semantics of the conflicts entries, or just due to typoes in package names. This patch is the result of a comparison of all files contained in the official packages with each other. This comparison was based on packages built with default options and may therefore have missed further conflicts with optionally installed files. Where possible, version numbers in conflicts entries have been generalized, some times taking advantage of the fact that a port cannot conflict with itself (due to logic in bsd.port.mk that supresses the pattern match result in that case). A few ports that set the conflicts variables depending on complex conditions (e.g. port options), have been left unmodified, despite probably containing outdated package names. These changes should only affect the installation of locally built ports, not the package building with poudriere. They should give an early indication of the install conflict in cases where currently the pkg command aborts an installation when it detects that an existing file would be overwritten, Approved by: portmgr (implicit)
* */*: Remove redundant '-[0-9]*' from CONFLICTSStefan Eßer2021-10-291-2/+2
| | | | | | | | | | | | | The conflict checks compare the patterns first against the package names without version (as reported by "pkg query "%n"), then - if there was no match - agsinst the full package names including the version (as reported by "pkg query "%n-%v"). Many CONFLICTS definitions used patterns like "bash-[0-9]*" to filter for the bash package in any version. But that pattern is functionally identical with just "bash". Approved by: portmgr (blanket)
* security/heimdal: Add CPE informationStefan Eßer2021-10-131-1/+2
| | | | Approved by: portmgr (blanket)
* net/openldap24-server: Make SASL permanent for OpenLDAP port.Xin LI2021-08-011-4/+1
| | | | | | | PR: ports/257374 Reviewed by: obrien Approved by: portmgr (exp-run by antoine) Differential Revision: https://reviews.freebsd.org/D31301
* all: Remove all other $FreeBSD keywords.Mathieu Arnold2021-04-063-8/+0
|
* Remove # $FreeBSD$ from Makefiles.Mathieu Arnold2021-04-061-1/+0
|
* Regen patches.Hiroki Sato2020-03-135-31/+31
|
* Fix build breakage when PKINIT and/or KX509 disabled.Hiroki Sato2020-03-136-16/+143
| | | | PR: 244751
* - Fix build when !BDB.Hiroki Sato2020-02-2316-63/+86
| | | | | | - Regenerate patches. PR: 244282
* Update to 7.7.0.Hiroki Sato2020-02-194-16/+7
|
* Drop the ipv6 virtual category for s* category as it is not relevant anymoreBaptiste Daroussin2019-10-091-1/+1
|
* Convert to UCL & cleanup pkg-message (categories s)Mathieu Arnold2019-08-141-2/+6
|
* Update devel/readline to 8.0Sunpoet Po-Chuan Hsieh2019-04-091-1/+1
| | | | | | | | - Bump PORTREVISION of dependent ports for shlib change Changes: https://tiswww.case.edu/php/chet/readline/CHANGES PR: 236156 Exp-run by: antoine
* Install texinfo files (GNU info) into ${PREFIX}/share/infoBaptiste Daroussin2018-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | After a discussion on the mailing list on moving manpages to ${PREFIX}/share/man for consistency with base where it is installed in usr/share/man, it appeared the same should happen to GNU info files which were installed under share in base and not in ports. Now texinfo is not in base on any of the supported version of FreeBSD it is possible to proceed to this move and it is easier to do than the manpage change. Other benefit than consistency are less patching: all build tools but cmake are expecting info files to be under share/info and cmake (patched here) was having an exception for BSD so the patch makes FreeBSD case less specific for them Bump revision of all impacted ports PR: 232907 exp-run by: antoine Differential Revision: https://reviews.freebsd.org/D17816
* security/heimdal: Chase cracklib dictionary rename from r408137Tobias Kortkamp2018-10-112-2/+2
| | | | | | PR: 213157 Submitted by: Florian Riehm <mail@friehm.de> Approved by: 2 year bug anniversary
* security/heimdal: Don't call arc4random_stir.Xin LI2018-08-262-0/+11
| | | | | PR: 230835, 230756 Approved by: portmgr (antoine)
* Update to 7.5.0:Hiroki Sato2018-01-232-4/+4
| | | | | | | | | - In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. Security: CVE-2017-17439 PR: 224191
* Fix whitespace issues (mixed tab/spaces, alignment) in a few ports.Jimmy Olgeni2017-11-021-1/+1
| | | | This round is @FreeBSD.org residents except teams.
* Update to 7.4.0. This release fixes a critical vulnerability namedHiroki Sato2017-07-112-5/+4
| | | | | | | "Orpheus' Lyre". Security: CVE-2017-11103 Secuirty: https://www.orpheus-lyre.info/
* Update devel/readline to 7.0 patch 3Sunpoet Po-Chuan Hsieh2017-06-271-0/+1
| | | | | | | | | | | - Bump PORTREVISION for shlib change Changes: https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html Differential Revision: https://reviews.freebsd.org/D11172 PR: 219947 Exp-run by: antoine
* Update to 7.3.0.Hiroki Sato2017-06-1026-234/+60
|
* security/heimdal: Fix buildMark Felder2017-06-101-0/+2
| | | | | | | | | Previous backported patch for CVE requires a new build dependency. PR: 219657 Reported by: Benjamin Woods MFH: 2017Q2 Differential Revision: https://reviews.freebsd.org/D11125
* security/heimdal: Backport security fixMark Felder2017-06-092-1/+169
| | | | | | PR: 219657 MFH: 2017Q2 Security: CVE-2017-6594
* Fix build when !BDB and db5 is installed at the same time.Hiroki Sato2017-01-112-13/+14
| | | | | | | The configure script picked up the db5 library though ac_cv_func_db_create=no. PR: 215772
* - Fix krb5-config --libs to provide a list of libraries includingHiroki Sato2017-01-043-11/+16
| | | | | | dependency. This broke ports which depend on this utility. - Add LMDB option to support database/lmdb.
* - Enable dbopen() in DB 1.85 even if !BDB because libhdb withHiroki Sato2017-01-0322-25/+71
| | | | | | | | no backend is very confusing. - Fix build when !BDB[*] PR: 215741 [*]
* Update to 7.1.0. Changes include:Hiroki Sato2017-01-0334-356/+1059
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - hcrypto is now thread safe on all platforms and as much as possible hcrypto now uses the operating system's preferred crypto implementation ensuring that optimized hardware assisted implementations of AES-NI are used. - RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST). - Hierarchical capath support - iprop has been revamped to fix a number of race conditions that could lead to inconsistent replication. - The KDC process now uses a multi-process model improving resiliency and performance. - AES Encryption with HMAC-SHA2 for Kerberos 5 draft-ietf-kitten-aes-cts-hmac-sha2-11 - Moved kadmin and ktutil to /usr/bin - Stricter fcache checks (see fcache_strict_checking krb5.conf setting) - Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh, telnet, xnlock
* - Fix Berkeley DB dependency. It now properly uses BDB_LIB specified inHiroki Sato2016-11-125-51/+63
| | | | | | | | | | | | | Mk/Uses/bdb.mk instead of db185 interfaces in libc. As a side-effect, this causes a compatibility issue between heimdal.db created by kadmin(8) in the base system or one by an older security/heimdal. See UPDATING about this issue. - Fix readline dependency end eliminate libheimedit. - Use -lpthread instead of -pthread. - Use FOO_CONFIGURE_WITH=foo instead of FOO_CONFIGURE_ON=--with-foo.
* Do not let the configure script pick up Berkeley DB from ports.Jung-uk Kim2016-11-091-8/+18
| | | | Approved by: hrs (maintainer)
* ix Berkeley DB detection at the configuration stage.Hiroki Sato2016-11-051-3/+2
| | | | PR: 214182
* Add missing header files (com_err.h and com_right.h).Hiroki Sato2016-11-023-10/+3
| | | | | Submitted by: Franco Fichtner PR: 213470
* security/heimdal: Fix build when EGD is not available (e.g. LibreSSL)John Marino2016-09-123-2/+30
| | | | Approved by: SSL blanket
* Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled ↵Dmitry Marakasov2016-05-231-1/+1
| | | | | | by default anyway and don't need to be listed Approved by: portmgr blanket