23:14 linimon 

Mark as broken: fails to install.

Approved by:    portmgr (self)

23:23 cy 

Fix build for OpenSSL 0.9.8.

PR:             117552
Submitted by:   Hirohisa Yamaguchi <umq@umo.co.jp>

22:49 cy 

Fix build under 7.0-PRERELEASE.

21:15 cy 

Fix erroneous patch.

PR:             117469
Submitted by:   Karen Andrews <dearmiss@optusnet.com.au>

03:41 cy 

Update 1.6.2 --> 1.6.3

Security:       fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
                fix CVE-2007-4000 modify_policy vulnerability

Also:           add PKINIT support

23:52 cy 

Patch for MIT krb5 Security Advisory 2007-006 - kadmind RPC lib buffer
overflow, uninitialized pointer
Security:       MIT krb5 Security Advisory 2007-006

16:51 cy 

Update 1.6.1 --> 1.6.2

23:01 cy 

Patches for:

MITKRB5-SA-2007-004: kadmind affected by multiple RPC library vulnerabilities
MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow

Security:       US CERT Technical Cyber Security Alert TA07-177A --
                MIT Kerberos Vulnerabilities

20:32 flz 

- Welcome X.org 7.2 \o/.
- Set X11BASE to ${LOCALBASE} for recent ${OSVERSION}.
- Bump PORTREVISION for ports intalling files in ${X11BASE}.

22:10 cy 

Update from 1.6 to 1.6.1.

21:12 cy 

MIT KRB5 Security patches:

1. MIT krb5 Security Advisory 2007-001: Telnetd allows login as arbitrary user
   CVE: CVE-2007-0956
   CERT: VU#220816

2. MIT krb5 Security Advisory 2007-002: KDC, kadmind stack overflow in
krb5_klog_syslog
   CVE: CVE-2007-0957
   CERT: VU#704024

01:40 cy 

Fix double-free vulnerability in kadmind (via GSS-API library).

Obtained from:  MIT krb5 Security Advisory 2007-003
Security:       US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos
Vulnerabilities

10:25 pav 

- Remove support for a.out format and PORTOBJFORMAT variable from individual
  ports

With hat:       portmgr

03:08 cy 

Change a dependency from teTeX-base to the smaller texinfo.

05:13 cy 

Include new documentation dependencies.

Conditionally build and install documentation using a new knob.

05:06 cy 

Update 1.5.1 --> 1.6

Security:       MITKRB5-SA-2006-002,  MITKRB5-SA-2006-003, and
                US-CERT Technical Cyber Security Alert TA07-009B

02:06 laszlof 

Register conflicts for srp in security/heimdal, security/krb4, and
securiry/krb5.
Bump PORTREVISION accordingly.

PR:             ports/105442
Submitted by:   Ruben van Staveren <ruben@verweg.com>
Reviewed by:    shaun@, cy@
Approved by:    flz (mentor)

00:48 cy 

Update krb5-1.5 --> krb5-1.5.1

Submitted by:   Paul Vixie <paul@vix.com>

17:49 cy 

Cause the KDC to also listen on the loopback interface. This is useful
for situations when the database is replicated to a secure environment
that does not have network access, by hand.

18:37 cy 

Update 1.4.3 --> 1.5

04:15 edwin 

Remove USE_REINPLACE from all categories starting with S

10:40 ade 

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

02:34 edwin 

Remove install-info from Makefile, it's automatically done when INFO is defined

10:58 edwin 

Add INFO macro

19:40 cy 

Improve runtime performance on Sparc 64 platform.

21:57 cy 

Fix the Sparc 64 build.

22:01 cy 

Flag Sparc64 build as broken.

00:38 cy 

Update 1.4.2 --> 1.4.3

06:52 ade 

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

18:51 cy 

Fix FreeBSD-4.11 build problem

PR:             87888

04:01 cy 

Fix makeinfo problem under FreeBSD-6.0.

21:39 cy 

Makeinfo 4.8 problem.

18:45 cy 

Relocate BROKEN conditional.

17:34 cy 

Fails to build on 4.11.

05:59 kris 

BROKEN: Does not build

19:57 pav 

- Set CONFLICTS with heimdal and krb4
- Portlint

PR:             ports/85027
Submitted by:   lofi
Approved by:    maintainer timeout (cy, 7 weeks)

22:09 cy 

Update 1.4.1 --> 1.4.2

21:29 cy 

Fix:

- MIT KRB5 Security Advisory 2005-002: Buffer overflow, heap corruption in KDC

- MIT KRB5 Security Advisory 2005-003: Double free in krb5_recvauth

01:49 cy 

Update 1.4 --> 1.4.1.

Package list fixup when KRB5_KRB4_COMPAT is not specified.

21:14 cy 

Packing list fixups.

Noticed by:     kris
Pointy hat to:  yours truly

23:24 cy 

Remove NDEBUG flag as it fails to build at some installations.

03:09 cy 

Update web page URL.

03:05 cy 

Update 1.3.6 --> 1.4

18:46 cy 

Implement a fix for MITKRB5-SA-2005-001: buffer overflows in telnet client.

Approved by:    portsmgr (krion)
Obtained from:  Tom Yu <tlyu@mit.edu> on kerberos-announce

01:38 cy 

Update 1.3.5 --> 1.3.6

00:24 cy 

Crypto-publish.org no longer maintains a current release of MIT-KRB5.
Remove code to alternatively fetch from that site.

20:20 cy 

Update 1.3.4 --> 1.3.5

19:55 cy 

Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilities
in KDC and libraries

Heads-up by:    nectar

15:01 cy 

Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.

Heads-up by:    nectar

23:08 cy 

Update KRB5 1.3.3 --> 1.3.4

16:37 cy 

Updated patch for MITKRB5-SA-2004-001: krb5_aname_to_localname buffer overrun.

Obtained from:  Tom Yu <tlyu@mit.edu> on BUGTRAQ

19:08 cy 

Fix MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname

Obtained from:  Tom Yu <tlyu@MIT.EDU> on kerberos-announce list

00:28 cy 

Update 1.3.2 --> 1.3.3

21:25 cy 

- Update MIT KRB5 1.3.1 --> 1.3.2. (As crypto-publish.org does not have
  1.3.2 yet, when USE_KRB5_TARBALL=CRYPTO-PUBLISH is specified, 1.3.1
  will be installed.)

- Add SIZE to distinfo

04:39 cy 

Use ports infrastructure provided PERL5 variable to locate Perl
interpreter.

04:14 cy 

Define unique LATEST_LINK.

Reported by:    kris

05:10 marcus 

Bump PORTREVISION on all ports that depend on gettext to aid with upgrading.

(Part 1)

22:08 cy 

Change to src/include/netdb.h 1.31 caused a compile error. This
commit fixes that error.

Reported by:    bento

21:48 cy 

Fix crypto-publish extract.

23:30 cy 

Add missing slash (/) to the end of MIT MASTER_SITE.

23:22 cy 

MIT has removed the web form, downloads of MIT KRB5 can be automated.
Unfortunately MIT and crypto-publish.org distribute two distinctly
different tarballs and the user must select the source/format they
wish to fetch. MIT now becomes the default.

23:08 cy 

1. Fix pkg-plist.

2. Fix build on -STABLE.

PR:             57128

03:56 kris 

Mark BROKEN (see bento logs).  These ports are scheduled for removal
after Feb 2 2004 if they are still broken at that time and no fixes
have been submitted by PR.

02:42 kris 

BROKEN: Broken pkg-plist

02:32 cy 

The `man2html' script that krb5 uses is written in Perl.

Noticed by:     wollman
Approved by:    marcus (wearing his portsmgr hat)

00:03 cy 

Crypto-publish.org is now distributing krb5-1.3.1.

23:35 cy 

Update 1.3 --> 1.3.1

01:20 cy 

Update 1.2.8 --> 1.3

21:43 cy 

Put SONAME entries into shared libraries.

Submitted by:   wollman

04:13 cy 

Change default for V4 compatibility to reflect best practices
for new installations.

Submitted by:   wollman

04:09 cy 

Default is to fetch from crypto-publish.org. USA_RESIDENT replaced
by USE_MIT_TARBALL. Users can still fetch manually from MIT by
setting USE_MIT_TARBALL=YES.

Suggested by:   wollman

03:47 cy 

Update 1.2.7 --> 1.2.8.

00:54 cy 

Patches from:
  - MITKRB5-SA-2003-005:
       Buffer overrun and underrun in principal name handling

  - MITKRB5-SA-2003-004:
       Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
       compromise possible.

  - MITKRB5-SA-2003-003:
       Faulty length checks in xdrmem_getbytes may allow kadmind DoS.

  - Additional patches from RedHat.

Approved by:    kris (wearing his portmgr hat)
Obtained from:  MIT Website and Nalin Dahyabhai <nalin@redhat.com>

06:10 ade 

Clear moonlight beckons.
Requiem mors pacem pkg-comment,
And be calm ports tree.

E Nomini Patri, E Fili, E Spiritu Sancti.

16:12 nork 

Remove RESTRICTED tag for crypto stuff.

Approved by:    kris (implicitly)

00:02 cy 

Update 1.2.6 --> 1.2.7

Note:   Since crypto-publish.org does not yet have krb5-1.2.7 up on their
        website, fetch from their site has been temporarily disabled.

05:46 cy 

Use PORTCOMMENT.

18:28 cy 

Fix pkg-plist when KRB5_KRB4_COMPAT=NO is specified.

Submitted by:   Craig Boston <craig@olyun.gank.org>

15:03 cy 

Circumvent the use of bison, use FreeBSD yacc instead.

PR:             44446

22:30 cy 

Fix buffer overflow in kadmind4 (remote user can gain root access to
KDC host).

Obtained from:  Tom Yu <tlyu@mit.edu> on kerberos-announce mailing list,
                MIT krb5 Security Advisory 2002-002

17:50 cy 

Crypto-publish.org has finally put krb5-1.2.6 up on their site. The
patch reimplements code to fetch MIT Kerberos from their site when
USA_RESIDENT=NO.

Approved by:    kris

13:46 cy 

Update 1.2.5 --> 1.2.6

Note:   Since crypto-publish.org does not yet have krb5-1.2.6 up on their
        website, fetch from their site has been temporarily disabled.

00:29 cy 

Fix extract for non-root users.

Noticed by:     nectar
Pointy hat to:  cy

18:22 nectar 

Correct Sun RPC buffer overflow.
<URL:http://online.securityfocus.com/archive/1/285308>
<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>

06:20 cy 

README.FreeBSD fix.

PR:             39936
Submitted by:   Matthew West <mwest@uct.ac.za>

04:49 cy 

Fix problem with V4 keys.  We should get KRB5_KDB_NO_MATCHING_KEY, not
ENOENT.  Obtained from /cvs/krbdev/krb5/src/kdc/kdc_preauth.c,v rev 5.31
in MIT KRB5 tree (fix etype info; wrong termination condition used in
get_etype_info).

Obtained from:  Sam Hartman <hartmans@mit.edu>

02:20 cy 

Now that www.crypto-publish.org has put the latest version of MIT KRB5
up on their website again, reimplementation of the Makefile patch that
fetched the the tarball from their site for users outside of the US
(originally in Makefile rev 1.29).  USA_RESIDENT=YES still supports
manual fetching from web.mit.edu.

14:30 cy 

Upgrade 1.2.4 --> 1.2.5

13:23 cy 

www.crypto-publish.org does not have krb5-1.2.4.{tar,tar.Z,tar.gz,tar.bz2}.

Reported by:    bento

22:52 cy 

MIT currently distributes their KRB5 distribution in a tarball (.tar)
that contains the distribution itself, in a tar.gz file, and a signature
certificate, contained in a detached .tar.gz.asc file.  Prior to this
patch, users installing MIT KRB5 had to extract the tarball into
/usr/ports/distfiles, then proceed with the installation.  This caused
confusion among those installing the port.  This patch addresses the
problem by extracting the .tar.gz file from the tarball, then unpacking
the .tar.gz file before continuing with the build.

13:23 cy 

Update 1.2.3 --> 1.2.4    

03:17 cy 

Update 1.2.2 -> 1.2.3    

15:05 cy 

In order to make the MIT KRB5 port compatible with FreeBSD, the port   now makes
use of login.conf and login.access.  This is performed by   using FreeBSD
login(1) instead of MIT KRB5 login.krb5(8).    

20:53 nectar 

= Modify `ksu' so that it uses the login cap database.  Michael Allman    
<msa@dinosauricon.com> provided the original patches.    

20:19 nectar 

New maintainer:	Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>    

16:29 nectar 

Bump PORTREVISION.   Update telnetd vulnerability fixes from FreeBSD.    

17:53 nectar 

Merge telnetd vulnerability fix from FreeBSD.    

19:16 nectar 

Bump PORTREVISION for ftpd buffer overflow fix.    

17:33 nectar 

Update 1.2.1 -> 1.2.2    

15:27 nectar 

Bump PORTREVISION for previous commit (fix for _PATH_NOLOGIN).