svn commit: r455634 - in head/security: . krb5 krb5-116
Cy Schubert
cy at FreeBSD.org
Wed Dec 6 04:18:15 UTC 2017
Author: cy
Date: Wed Dec 6 04:18:14 2017
New Revision: 455634
URL: https://svnweb.freebsd.org/changeset/ports/455634
Log:
Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.
Major changes in 1.16 (2017-12-05)
==================================
Administrator experience:
* The KDC can match PKINIT client certificates against the
"pkinit_cert_match" string attribute on the client principal entry,
using the same syntax as the existing "pkinit_cert_match" profile
option.
* The ktutil addent command supports the "-k 0" option to ignore the
key version, and the "-s" option to use a non-default salt string.
* kpropd supports a --pid-file option to write a pid file at startup,
when it is run in standalone mode.
* The "encrypted_challenge_indicator" realm option can be used to
attach an authentication indicator to tickets obtained using FAST
encrypted challenge pre-authentication.
* Localization support can be disabled at build time with the
--disable-nls configure option.
Developer experience:
* The kdcpolicy pluggable interface allows modules control whether
tickets are issued by the KDC.
* The kadm5_auth pluggable interface allows modules to control whether
kadmind grants access to a kadmin request.
* The certauth pluggable interface allows modules to control which
PKINIT client certificates can authenticate to which client
principals.
* KDB modules can use the client and KDC interface IP addresses to
determine whether to allow an AS request.
* GSS applications can query the bit strength of a krb5 GSS context
using the GSS_C_SEC_CONTEXT_SASL_SSF OID with
gss_inquire_sec_context_by_oid().
* GSS applications can query the impersonator name of a krb5 GSS
credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with
gss_inquire_cred_by_oid().
* kdcpreauth modules can query the KDC for the canonicalized requested
client principal name, or match a principal name against the
requested client principal name with canonicalization.
Protocol evolution:
* The client library will continue to try pre-authentication
mechanisms after most failure conditions.
* The KDC will issue trivially renewable tickets (where the renewable
lifetime is equal to or less than the ticket lifetime) if requested
by the client, to be friendlier to scripts.
* The client library will use a random nonce for TGS requests instead
of the current system time.
* For the RC4 string-to-key or PAC operations, UTF-16 is supported
(previously only UCS-2 was supported).
* When matching PKINIT client certificates, UPN SANs will be matched
correctly as UPNs, with canonicalization.
User experience:
* Dates after the year 2038 are accepted (provided that the platform
time facilities support them), through the year 2106.
* Automatic credential cache selection based on the client realm will
take into account the fallback realm and the service hostname.
* Referral and alternate cross-realm TGTs will not be cached, avoiding
some scenarios where they can be added to the credential cache
multiple times.
* A German translation has been added.
Added:
head/security/krb5-116/
- copied from r455584, head/security/krb5-115/
Modified:
head/security/Makefile
head/security/krb5-116/Makefile
head/security/krb5-116/distinfo
head/security/krb5-116/pkg-plist
head/security/krb5/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Wed Dec 6 02:41:21 2017 (r455633)
+++ head/security/Makefile Wed Dec 6 04:18:14 2017 (r455634)
@@ -312,6 +312,7 @@
SUBDIR += krb5
SUBDIR += krb5-114
SUBDIR += krb5-115
+ SUBDIR += krb5-116
SUBDIR += krb5-appl
SUBDIR += krb5-devel
SUBDIR += kripp
Modified: head/security/krb5-116/Makefile
==============================================================================
--- head/security/krb5-115/Makefile Tue Dec 5 14:01:12 2017 (r455584)
+++ head/security/krb5-116/Makefile Wed Dec 6 04:18:14 2017 (r455634)
@@ -2,11 +2,11 @@
# $FreeBSD$
PORTNAME= krb5
-PORTVERSION= 1.15.2
+PORTVERSION= 1.16
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
.if !defined(MASTERDIR)
-PKGNAMESUFFIX= -115
+PKGNAMESUFFIX= -116
.endif
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
Modified: head/security/krb5-116/distinfo
==============================================================================
--- head/security/krb5-115/distinfo Tue Dec 5 14:01:12 2017 (r455584)
+++ head/security/krb5-116/distinfo Wed Dec 6 04:18:14 2017 (r455634)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1506419874
-SHA256 (krb5-1.15.2.tar.gz) = 1639e392edf25e3b6cfec2ae68f97eb53e07c2dbe74bfeede0108465d5d1c87e
-SIZE (krb5-1.15.2.tar.gz) = 9380755
+TIMESTAMP = 1512508523
+SHA256 (krb5-1.16.tar.gz) = faeb125f83b0fb4cdb2f99f088140631bb47d975982de0956d18c85842969e08
+SIZE (krb5-1.16.tar.gz) = 9474479
Modified: head/security/krb5-116/pkg-plist
==============================================================================
--- head/security/krb5-115/pkg-plist Tue Dec 5 14:01:12 2017 (r455584)
+++ head/security/krb5-116/pkg-plist Wed Dec 6 04:18:14 2017 (r455634)
@@ -49,6 +49,7 @@ include/krb5/ccselect_plugin.h
include/krb5/clpreauth_plugin.h
include/krb5/hostrealm_plugin.h
include/krb5/kadm5_hook_plugin.h
+include/krb5/kdcpolicy_plugin.h
include/krb5/kdcpreauth_plugin.h
include/krb5/localauth_plugin.h
include/krb5/krb5.h
@@ -57,8 +58,10 @@ include/krb5/plugin.h
include/krb5/pwqual_plugin.h
include/kadm5/admin.h
include/kadm5/chpass_util_strings.h
+include/krb5/kadm5_auth_plugin.h
include/kadm5/kadm_err.h
include/kdb.h
+include/krb5/certauth_plugin.h
include/krb5/preauth_plugin.h
include/profile.h
include/verto-module.h
@@ -84,8 +87,8 @@ lib/libkadm5srv_mit.so
lib/libkadm5srv_mit.so.11
lib/libkadm5srv_mit.so.11.0
lib/libkdb5.so
-lib/libkdb5.so.8
-lib/libkdb5.so.8.0
+lib/libkdb5.so.9
+lib/libkdb5.so.9.0
lib/libkrb5.so
lib/libkrb5.so.3
lib/libkrb5.so.3.3
@@ -159,6 +162,7 @@ sbin/sserver
sbin/uuserver
share/et/et_c.awk
share/et/et_h.awk
+%%NLS%%share/locale/de/LC_MESSAGES/mit-krb5.mo
%%NLS%%share/locale/en_US/LC_MESSAGES/mit-krb5.mo
%%LDAP%%%%DATADIR%%/kerberos.schema
%%LDAP%%%%DATADIR%%/kerberos.ldif
Modified: head/security/krb5/Makefile
==============================================================================
--- head/security/krb5/Makefile Wed Dec 6 02:41:21 2017 (r455633)
+++ head/security/krb5/Makefile Wed Dec 6 04:18:14 2017 (r455634)
@@ -1,6 +1,6 @@
# $FreeBSD$
-VERSIONS= 114 115
+VERSIONS= 114 115 116
KRB5_VERSION?= 115
MASTERDIR= ${.CURDIR}/../krb5-${KRB5_VERSION}
More information about the svn-ports-head
mailing list