363135 |
12-Jul-2020 |
0mp |
MFC 362491:
Improve the rcorder manual page
- Fix formatting issues such as: - Use Ql instead of Dq Li as Li is deprecated - Address some mandoc warnings - Add arguments missing from the list of options (i.e., document "-k keep" instead of just "-k"). - Document that -k and -s can be specified multiple times - Use sshd instead of named for the example in the BUGS section, as named is not in the base system. Also, use Nm instead of Xr there as it is not the sshd binary that is required to be running, but the service. - Use Sy instead of Cm for KEYWORDS. Cm is reserved for command-line modifiers of the CLI. - Add an EXAMPLES section - Cross-reference service(8). |
320907 |
12-Jul-2017 |
delphij |
MFC r320906: MFV r320905: Import upstream fix for CVE-2017-11103.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks.
Submitted by: hrs Obtained from: Heimdal Security: FreeBSD-SA-17:05.heimdal Security: CVE-2017-11103 |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
299495 |
11-May-2016 |
cem |
libkrb5: Fix potential double-free
If krb5_make_principal fails, tmp_creds.server may remain a pointer to freed memory and then be double-freed. After freeing it the first time, initialize it to NULL, which causes subsequent krb5_free_principal calls to do the right thing.
Reported by: Coverity CID: 1273430 Sponsored by: EMC / Isilon Storage Division
|
234027 |
08-Apr-2012 |
stas |
- Update FreeBSD's Heimdal distribution to 1.5.2. This is a bugfix release, which fixes a DoS issue in libkrb5.
|
233294 |
22-Mar-2012 |
stas |
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well.
- This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
|
178828 |
07-May-2008 |
dfr |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi.
|
178826 |
07-May-2008 |
dfr |
This commit was generated by cvs2svn to compensate for changes in r178825, which included commits to RCS files with non-trunk default branches.
|
142404 |
24-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142403, which included commits to RCS files with non-trunk default branches.
|
127811 |
03-Apr-2004 |
nectar |
Resolve conflicts after import of Heimdal 0.6.1.
|
127809 |
03-Apr-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127808, which included commits to RCS files with non-trunk default branches.
|
120953 |
09-Oct-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r120952, which included commits to RCS files with non-trunk default branches.
|
120948 |
09-Oct-2003 |
nectar |
Resolve conflicts after import of Heimdal 0.6.
|
120946 |
09-Oct-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r120945, which included commits to RCS files with non-trunk default branches.
|
107208 |
24-Nov-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r107207, which included commits to RCS files with non-trunk default branches.
|
104205 |
30-Sep-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r104204, which included commits to RCS files with non-trunk default branches.
|
103426 |
16-Sep-2002 |
nectar |
Resolve conflicts.
|
103424 |
16-Sep-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r103423, which included commits to RCS files with non-trunk default branches.
|
102654 |
30-Aug-2002 |
nectar |
Pass the pointy hat! Remove accidently imported files.
|
102647 |
30-Aug-2002 |
nectar |
Resolve conflicts after import of Heimdal Kerberos circa 2002/08/29.
|
102645 |
30-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r102644, which included commits to RCS files with non-trunk default branches.
|
90931 |
19-Feb-2002 |
nectar |
Update build after import of Heimdal Kerberos 2002/02/17.
|
90929 |
19-Feb-2002 |
nectar |
Resolve conflicts after import of Heimdal Kerberos 2002/02/17.
|
90927 |
19-Feb-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r90926, which included commits to RCS files with non-trunk default branches.
|
78536 |
21-Jun-2001 |
assar |
fix merges from 0.3f
|
78528 |
21-Jun-2001 |
assar |
This commit was generated by cvs2svn to compensate for changes in r78527, which included commits to RCS files with non-trunk default branches.
|
76372 |
08-May-2001 |
assar |
This commit was generated by cvs2svn to compensate for changes in r76371, which included commits to RCS files with non-trunk default branches.
|
72463 |
13-Feb-2001 |
assar |
nuke conflict markers
|
72448 |
13-Feb-2001 |
assar |
fix conflicts in heimdal 0.3e import
|
72446 |
13-Feb-2001 |
assar |
This commit was generated by cvs2svn to compensate for changes in r72445, which included commits to RCS files with non-trunk default branches.
|
57428 |
24-Feb-2000 |
markm |
Merge conflicts.
|
57423 |
24-Feb-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r57422, which included commits to RCS files with non-trunk default branches.
|
57420 |
24-Feb-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r57419, which included commits to RCS files with non-trunk default branches.
|
57417 |
24-Feb-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r57416, which included commits to RCS files with non-trunk default branches.
|
55683 |
09-Jan-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r55682, which included commits to RCS files with non-trunk default branches.
|