diff options
author | cy <cy@FreeBSD.org> | 2014-10-17 03:44:22 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2014-10-17 03:44:22 +0800 |
commit | 8993dcfe053fd434fdbc7aa7a40fb215d5368e51 (patch) | |
tree | 3efed35560be113a42a1a507a075ca41a260dea8 /security | |
parent | 2db1261c9074c61bb080e6294820463040a5be5d (diff) | |
download | freebsd-ports-gnome-8993dcfe053fd434fdbc7aa7a40fb215d5368e51.tar.gz freebsd-ports-gnome-8993dcfe053fd434fdbc7aa7a40fb215d5368e51.tar.zst freebsd-ports-gnome-8993dcfe053fd434fdbc7aa7a40fb215d5368e51.zip |
MIT Kerberos released 1.13; 1.12 becomes a maintenance release,
1.11 remains a maintenance release.
- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
(now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
security/krb5-111 (the old maintenance release still supported by MIT)
Diffstat (limited to 'security')
28 files changed, 563 insertions, 11 deletions
diff --git a/security/Makefile b/security/Makefile index 46a7b122b350..62249ffc3626 100644 --- a/security/Makefile +++ b/security/Makefile @@ -247,8 +247,9 @@ SUBDIR += kpcli SUBDIR += kqoauth SUBDIR += krb5 + SUBDIR += krb5-111 + SUBDIR += krb5-112 SUBDIR += krb5-appl - SUBDIR += krb5-maint SUBDIR += kripp SUBDIR += kwalletmanager SUBDIR += l0pht-watch diff --git a/security/krb5-maint/Makefile b/security/krb5-111/Makefile index 562d1b3868ae..736fd31c2c68 100644 --- a/security/krb5-maint/Makefile +++ b/security/krb5-111/Makefile @@ -1,7 +1,7 @@ # Created by: nectar@FreeBSD.org # $FreeBSD$ -PORTNAME= krb5-maint +PORTNAME= krb5--111 PORTVERSION= 1.11.5 PORTREVISION= 3 CATEGORIES= security @@ -19,7 +19,7 @@ LICENSE= MIT BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 -CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-[0-9]* +CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-[0-9]* krb5-maint-112-* KERBEROSV_URL= http://web.mit.edu/kerberos/ USES= gettext gmake perl5 diff --git a/security/krb5-maint/distinfo b/security/krb5-111/distinfo index c56a114c57ad..c56a114c57ad 100644 --- a/security/krb5-maint/distinfo +++ b/security/krb5-111/distinfo diff --git a/security/krb5-maint/files/README.FreeBSD b/security/krb5-111/files/README.FreeBSD index e888e689eb04..e888e689eb04 100644 --- a/security/krb5-maint/files/README.FreeBSD +++ b/security/krb5-111/files/README.FreeBSD diff --git a/security/krb5-maint/files/patch-clients__ksu__Makefile.in b/security/krb5-111/files/patch-clients__ksu__Makefile.in index e86eb930d129..e86eb930d129 100644 --- a/security/krb5-maint/files/patch-clients__ksu__Makefile.in +++ b/security/krb5-111/files/patch-clients__ksu__Makefile.in diff --git a/security/krb5-maint/files/patch-config__pre.in b/security/krb5-111/files/patch-config__pre.in index bdd183e98ad4..bdd183e98ad4 100644 --- a/security/krb5-maint/files/patch-config__pre.in +++ b/security/krb5-111/files/patch-config__pre.in diff --git a/security/krb5-maint/files/patch-config__shlib.conf b/security/krb5-111/files/patch-config__shlib.conf index 05983c9ad8e3..05983c9ad8e3 100644 --- a/security/krb5-maint/files/patch-config__shlib.conf +++ b/security/krb5-111/files/patch-config__shlib.conf diff --git a/security/krb5-maint/files/patch-lib-apputils-net-server.c b/security/krb5-111/files/patch-lib-apputils-net-server.c index 01d029809636..01d029809636 100644 --- a/security/krb5-maint/files/patch-lib-apputils-net-server.c +++ b/security/krb5-111/files/patch-lib-apputils-net-server.c diff --git a/security/krb5-maint/files/patch-lib-krb5-os-localaddr.c b/security/krb5-111/files/patch-lib-krb5-os-localaddr.c index 06b6043f22c9..06b6043f22c9 100644 --- a/security/krb5-maint/files/patch-lib-krb5-os-localaddr.c +++ b/security/krb5-111/files/patch-lib-krb5-os-localaddr.c diff --git a/security/krb5-maint/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-111/files/patch-lib__gssapi__krb5__import_name.c index 40f116af2196..40f116af2196 100644 --- a/security/krb5-maint/files/patch-lib__gssapi__krb5__import_name.c +++ b/security/krb5-111/files/patch-lib__gssapi__krb5__import_name.c diff --git a/security/krb5-maint/pkg-descr b/security/krb5-111/pkg-descr index d11e2e6d1c15..d11e2e6d1c15 100644 --- a/security/krb5-maint/pkg-descr +++ b/security/krb5-111/pkg-descr diff --git a/security/krb5-maint/pkg-plist b/security/krb5-111/pkg-plist index 14dcef45452d..14dcef45452d 100644 --- a/security/krb5-maint/pkg-plist +++ b/security/krb5-111/pkg-plist diff --git a/security/krb5-112/Makefile b/security/krb5-112/Makefile new file mode 100644 index 000000000000..0c49bdabfa31 --- /dev/null +++ b/security/krb5-112/Makefile @@ -0,0 +1,145 @@ +# Created by: nectar@FreeBSD.org +# $FreeBSD$ + +PORTNAME= krb5-112 +PORTVERSION= 1.12.2 +CATEGORIES= security +MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ +DISTNAME= ${PORTNAME}-${PORTVERSION}-signed +EXTRACT_SUFX= .tar + +PATCH_SITES= http://web.mit.edu/kerberos/advisories/ +PATCH_DIST_STRIP= -p2 + +MAINTAINER= cy@FreeBSD.org +COMMENT= Authentication system developed at MIT, successor to Kerberos IV + +LICENSE= MIT + +BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 + +CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-[0-9]* krb5-maint-111-* + +LATEST_LINK= ${PORTNAME}-19 +KERBEROSV_URL= http://web.mit.edu/kerberos/ +USE_PERL5= build +USE_LDCONFIG= yes +USE_CSTD= gnu99 +GNU_CONFIGURE= yes +USES= gettext gmake perl5 libtool:build +CONFIGURE_ARGS?= --enable-shared --without-system-verto +CONFIGURE_ENV= INSTALL="${INSTALL}" YACC="${YACC}" +MAKE_ARGS= INSTALL="${INSTALL}" + +OPTIONS_DEFINE= KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP READLINE +OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML +KRB5_PDF_DESC= Install krb5 PDF documentation +KRB5_HTML_DESC= Install krb5 HTML documentation +DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names +LDAP= Enable LDAP support + +.if defined(KRB5_HOME) +PREFIX= ${KRB5_HOME} +CFLAGS+= -Wl,-rpath=${KRB5_HOME}/lib +LDFLAGS+= -Wl,-rpath=${KRB5_HOME}/lib +.endif +LDFLAGS+= -L${LOCALBASE}/lib +CFLAGS+= -I${LOCALBASE}/include + +USE_OPENSSL= yes +USE_RC_SUBR= kpropd + +.include <bsd.port.pre.mk> + +.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} +BROKEN= LIB_DEPENDS when using KRB5_HOME is broken +.endif + +.if ${PORT_OPTIONS:MDNS_FOR_REALM} +CONFIGURE_ARGS+= --enable-dns-for-realm +.endif + +.if ${PORT_OPTIONS:MLDAP} +USE_OPENLDAP= yes +CONFIGURE_ARGS+= --with-ldap +PLIST_SUB+= LDAP="" +.else +PLIST_SUB+= LDAP="@comment " +.endif + +.if ${PORT_OPTIONS:MREADLINE} +USES+= readline:port +CONFIGURE_ARGS+= --with-readline +.endif + +.include "${PORTSDIR}/Mk/bsd.openssl.mk" + +.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" +CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" +.endif + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src + +HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html +PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf + +CONFIGURE_ARGS+= CPPFLAGS="-I${OPENSSLINC} -L${OPENSSLLIB} -L${LOCALBASE}/include" + +post-extract: + @${TAR} -C ${WRKDIR} -xzf ${WRKDIR}/${PORTNAME}-${PORTVERSION}.tar.gz + @${RM} ${WRKDIR}/${PORTNAME}-${PORTVERSION}.tar.gz ${WRKDIR}/${PORTNAME}-${PORTVERSION}.tar.gz.asc +.if !defined(EXTRACT_PRESERVE_OWNERSHIP) + @if [ `id -u` = 0 ]; then \ + ${CHMOD} -R ug-s,go-w ${WRKDIR}/${PORTNAME}-${PORTVERSION}; \ + ${CHOWN} -R 0:0 ${WRKDIR}/${PORTNAME}-${PORTVERSION}; \ + fi +.endif + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 +# html documentation +.if ${PORT_OPTIONS:MKRB5_PDF} + pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` + pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` + for i in $${pdf_dirs}; do \ + ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${pdf_files}; do \ + ${INSTALL_MAN} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` + html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` + for i in $${html_dirs}; do \ + ${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${html_files}; do \ + ${INSTALL_MAN} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_PDF} + for i in $${pdf_dirs}; do \ + ${ECHO_CMD} @dirrm share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + for i in $${html_dirs}; do \ + ${ECHO_CMD} @dirrm share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif + ${ECHO_CMD} @dirrm share/doc/krb5 >> ${TMPPLIST} + @${SED} "s%\${PREFIX}%${PREFIX}%" ${FILESDIR}/README.FreeBSD > ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD + @${CHMOD} 444 ${STAGEDIR}${PREFIX}/share/doc/krb5/README.FreeBSD + @${ECHO} "------------------------------------------------------" + @${ECHO} "This port of MIT Kerberos 5 includes remote login " + @${ECHO} "daemons (telnetd and klogind). These daemons default " + @${ECHO} "to using the system login program (/usr/bin/login). " + @${ECHO} "Please see the file " + @${ECHO} "${PREFIX}/share/doc/krb5/README.FreeBSD" + @${ECHO} "for more information. " + @${ECHO} "------------------------------------------------------" + +.include <bsd.port.post.mk> diff --git a/security/krb5-112/distinfo b/security/krb5-112/distinfo new file mode 100644 index 000000000000..964947a9eaf8 --- /dev/null +++ b/security/krb5-112/distinfo @@ -0,0 +1,2 @@ +SHA256 (krb5-1.12.2-signed.tar) = 09bd180107b5c2b3b7378c57c023fb02a103d4cac39d6f2dd600275d7a4f3744 +SIZE (krb5-1.12.2-signed.tar) = 11991040 diff --git a/security/krb5-112/files/README.FreeBSD b/security/krb5-112/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5-112/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. diff --git a/security/krb5-112/files/kpropd.in b/security/krb5-112/files/kpropd.in new file mode 100644 index 000000000000..faa27dc7dbba --- /dev/null +++ b/security/krb5-112/files/kpropd.in @@ -0,0 +1,28 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-112/files/patch-clients__ksu__Makefile.in b/security/krb5-112/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..7ec54abdc076 --- /dev/null +++ b/security/krb5-112/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,18 @@ +--- clients/ksu/Makefile.in.orig 2014-01-15 16:44:15.000000000 -0800 ++++ clients/ksu/Makefile.in 2014-05-05 20:51:51.925985974 -0700 +@@ -1,6 +1,6 @@ + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,6 +30,6 @@ + + install:: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done diff --git a/security/krb5-112/files/patch-config__pre.in b/security/krb5-112/files/patch-config__pre.in new file mode 100644 index 000000000000..bdd183e98ad4 --- /dev/null +++ b/security/krb5-112/files/patch-config__pre.in @@ -0,0 +1,11 @@ +--- config/pre.in.orig Fri Nov 19 13:47:51 2004 ++++ config/pre.in Thu Jan 27 17:43:12 2005 +@@ -177,7 +177,7 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ + INSTALL_SHLIB=@INSTALL_SHLIB@ + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root diff --git a/security/krb5-112/files/patch-config__shlib.conf b/security/krb5-112/files/patch-config__shlib.conf new file mode 100644 index 000000000000..805e56e91e7f --- /dev/null +++ b/security/krb5-112/files/patch-config__shlib.conf @@ -0,0 +1,19 @@ +--- config/shlib.conf.orig 2013-12-10 14:49:15.000000000 -0800 ++++ config/shlib.conf 2013-12-11 12:58:51.983110392 -0800 +@@ -315,13 +315,13 @@ + ;; + esac + SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ LDCOMBINE="libtool --mode=link cc -Xcompiler -shared" ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5/files/patch-lib-apputils-net-server.c b/security/krb5-112/files/patch-lib-apputils-net-server.c index b4fbf4a5655c..b4fbf4a5655c 100644 --- a/security/krb5/files/patch-lib-apputils-net-server.c +++ b/security/krb5-112/files/patch-lib-apputils-net-server.c diff --git a/security/krb5-112/files/patch-lib-krb5-os-localaddr.c b/security/krb5-112/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..06b6043f22c9 --- /dev/null +++ b/security/krb5-112/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -191,6 +192,7 @@ + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include <ifaddrs.h> +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-112/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-112/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..40f116af2196 --- /dev/null +++ b/security/krb5-112/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 ++++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 +@@ -33,6 +33,11 @@ + #endif + #endif + ++#include <sys/param.h> ++#if __FreeBSD_version < 500100 ++#include <stdio.h> ++#endif ++ + #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/krb5-112/pkg-descr b/security/krb5-112/pkg-descr new file mode 100644 index 000000000000..d11e2e6d1c15 --- /dev/null +++ b/security/krb5-112/pkg-descr @@ -0,0 +1,24 @@ +Kerberos V5 is an authentication system developed at MIT. +WWW: http://web.mit.edu/kerberos/ + +Abridged from the User Guide: + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the + client. The client then attempts to decrypt the TGT, using + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, + which give permission for specific services. + Since Kerberos negotiates authenticated, and optionally encrypted, + communications between two points anywhere on the internet, it + provides a layer of security that is not dependent on which side of a + firewall either client is on. + The Kerberos V5 package is designed to be easy to use. Most of the + commands are nearly identical to UNIX network programs you are already + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. + +Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-112/pkg-plist b/security/krb5-112/pkg-plist new file mode 100644 index 000000000000..95f61efd08d7 --- /dev/null +++ b/security/krb5-112/pkg-plist @@ -0,0 +1,173 @@ +bin/compile_et +bin/gss-client +bin/k5srvutil +bin/kadmin +bin/kdestroy +bin/kinit +bin/klist +bin/kpasswd +bin/krb5-config +@mode 04755 +@owner root +@group wheel +bin/ksu +@mode +@owner root +@group wheel +bin/kswitch +bin/ktutil +bin/kvno +bin/sclient +bin/sim_client +bin/uuclient +include/com_err.h +include/gssapi.h +include/gssapi/gssapi.h +include/gssapi/gssapi_ext.h +include/gssapi/gssapi_generic.h +include/gssapi/gssapi_krb5.h +include/gssapi/mechglue.h +include/gssrpc/auth.h +include/gssrpc/auth_gss.h +include/gssrpc/auth_gssapi.h +include/gssrpc/auth_unix.h +include/gssrpc/clnt.h +include/gssrpc/netdb.h +include/gssrpc/pmap_clnt.h +include/gssrpc/pmap_prot.h +include/gssrpc/pmap_rmt.h +include/gssrpc/rename.h +include/gssrpc/rpc.h +include/gssrpc/rpc_msg.h +include/gssrpc/svc.h +include/gssrpc/svc_auth.h +include/gssrpc/types.h +include/gssrpc/xdr.h +include/krad.h +include/krb5.h +include/krb5/ccselect_plugin.h +include/krb5/clpreauth_plugin.h +include/krb5/hostrealm_plugin.h +include/krb5/kadm5_hook_plugin.h +include/krb5/kdcpreauth_plugin.h +include/krb5/localauth_plugin.h +include/krb5/krb5.h +include/krb5/locate_plugin.h +include/krb5/plugin.h +include/krb5/pwqual_plugin.h +include/kadm5/admin.h +include/kadm5/chpass_util_strings.h +include/kadm5/kadm_err.h +include/kdb.h +include/krb5/preauth_plugin.h +include/profile.h +include/verto-module.h +include/verto.h +lib/libcom_err.so +lib/libcom_err.so.3 +lib/libgssapi_krb5.so +lib/libgssapi_krb5.so.2 +lib/libgssrpc.so +lib/libgssrpc.so.4 +lib/libk5crypto.so +lib/libk5crypto.so.3 +lib/libkadm5clnt.so +lib/libkadm5clnt_mit.so +lib/libkadm5clnt_mit.so.9 +lib/libkadm5srv.so +lib/libkadm5srv_mit.so +lib/libkadm5srv_mit.so.9 +lib/libkdb5.so +lib/libkdb5.so.7 +lib/libkrb5.so +lib/libkrb5.so.3 +lib/libkrb5support.so +lib/libkrb5support.so.0 +lib/krb5/plugins/kdb/db2.so +%%LDAP%%lib/krb5/plugins/kdb/kldap.so +lib/krb5/plugins/preauth/otp.so +lib/krb5/plugins/preauth/pkinit.so +%%LDAP%%lib/libkdb_ldap.so +%%LDAP%%lib/libkdb_ldap.so.1 +lib/libkrad.so +lib/libkrad.so.0 +lib/libverto.so.0 +lib/libverto.so +lib/pkgconfig/gssrpc.pc +lib/pkgconfig/kadm-client.pc +lib/pkgconfig/kadm-server.pc +lib/pkgconfig/kdb.pc +lib/pkgconfig/krb5-gssapi.pc +lib/pkgconfig/krb5.pc +lib/pkgconfig/mit-krb5-gssapi.pc +lib/pkgconfig/mit-krb5.pc +man/man1/k5srvutil.1.gz +man/man1/kadmin.1.gz +man/man1/krb5-config.1.gz +man/man1/krb5-send-pr.1.gz +man/man1/kpasswd.1.gz +man/man1/klist.1.gz +man/man1/kinit.1.gz +man/man1/kdestroy.1.gz +man/man1/kswitch.1.gz +man/man1/ksu.1.gz +man/man1/ktutil.1.gz +man/man1/sclient.1.gz +man/man1/kvno.1.gz +man/man1/compile_et.1.gz +man/man5/kadm5.acl.5.gz +man/man5/kdc.conf.5.gz +man/man5/krb5.conf.5.gz +man/man5/.k5identity.5.gz +man/man5/.k5login.5.gz +man/man5/k5identity.5.gz +man/man5/k5login.5.gz +man/man8/krb5kdc.8.gz +man/man8/kadmin.local.8.gz +man/man8/kdb5_ldap_util.8.gz +man/man8/kdb5_util.8.gz +man/man8/kadmind.8.gz +man/man8/kprop.8.gz +man/man8/kpropd.8.gz +man/man8/kproplog.8.gz +man/man8/sserver.8.gz +sbin/gss-server +sbin/kadmin.local +sbin/kadmind +%%LDAP%%sbin/kdb5_ldap_util +sbin/kdb5_util +sbin/kprop +sbin/kpropd +sbin/kproplog +sbin/krb5-send-pr +sbin/krb5kdc +sbin/sim_server +sbin/sserver +sbin/uuserver +share/doc/krb5/README.FreeBSD +share/et/et_c.awk +share/et/et_h.awk +share/examples/krb5/kdc.conf +share/examples/krb5/krb5.conf +share/examples/krb5/services.append +share/gnats/mit +share/locale/en_US/LC_MESSAGES/mit-krb5.mo +@exec mkdir -p %D/var/krb5kdc +@dirrmtry var/krb5kdc +@dirrmtry var +@dirrmtry share/locale/en_US/LC_MESSAGES +@dirrmtry share/locale/en_US +@dirrm lib/pkgconfig +@dirrm lib/krb5/plugins/preauth +@dirrm lib/krb5/plugins/libkrb5 +@dirrm lib/krb5/plugins/kdb +@dirrm lib/krb5/plugins/authdata +@dirrm lib/krb5/plugins +@dirrm lib/krb5 +@dirrm include/gssapi +@dirrm include/gssrpc +@dirrm include/krb5 +@dirrm include/kadm5 +@dirrm share/et +@dirrmtry share/gnats +@dirrm share/examples/krb5 diff --git a/security/krb5/Makefile b/security/krb5/Makefile index 28cf6403c062..142c910a67d2 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= krb5 -PORTVERSION= 1.12.2 +PORTVERSION= 1.13 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ DISTNAME= ${PORTNAME}-${PORTVERSION}-signed @@ -18,7 +18,7 @@ LICENSE= MIT BUILD_DEPENDS= gm4:${PORTSDIR}/devel/m4 -CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-maint-[0-9]* +CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-maint-11[0-9]-[0-9]* LATEST_LINK= ${PORTNAME}-19 KERBEROSV_URL= http://web.mit.edu/kerberos/ diff --git a/security/krb5/distinfo b/security/krb5/distinfo index 964947a9eaf8..89e5f8d20756 100644 --- a/security/krb5/distinfo +++ b/security/krb5/distinfo @@ -1,2 +1,2 @@ -SHA256 (krb5-1.12.2-signed.tar) = 09bd180107b5c2b3b7378c57c023fb02a103d4cac39d6f2dd600275d7a4f3744 -SIZE (krb5-1.12.2-signed.tar) = 11991040 +SHA256 (krb5-1.13-signed.tar) = dc8f79ae9ab777d0f815e84ed02ac4ccfe3d5826eb4947a195dfce9fd95a9582 +SIZE (krb5-1.13-signed.tar) = 12083200 diff --git a/security/krb5/files/patch-lib__krb5__ccache__kcm.c b/security/krb5/files/patch-lib__krb5__ccache__kcm.c new file mode 100644 index 000000000000..931d821ff783 --- /dev/null +++ b/security/krb5/files/patch-lib__krb5__ccache__kcm.c @@ -0,0 +1,11 @@ +--- lib/krb5/ccache/cc_kcm.c.orig 2014-10-15 16:55:10.000000000 -0700 ++++ lib/krb5/ccache/cc_kcm.c 2014-10-16 00:04:30.312921884 -0700 +@@ -377,7 +377,7 @@ + kcmio_call(krb5_context context, struct kcmio *io, struct kcmreq *req) + { + krb5_error_code ret; +- size_t reply_len; ++ size_t reply_len = 0; /* XXX Make clang happy */ + + if (k5_buf_status(&req->reqbuf) != 0) + return ENOMEM; diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist index 95f61efd08d7..ab2b5fc28ce7 100644 --- a/security/krb5/pkg-plist +++ b/security/krb5/pkg-plist @@ -78,12 +78,13 @@ lib/libkadm5srv.so lib/libkadm5srv_mit.so lib/libkadm5srv_mit.so.9 lib/libkdb5.so -lib/libkdb5.so.7 +lib/libkdb5.so.8 lib/libkrb5.so lib/libkrb5.so.3 lib/libkrb5support.so lib/libkrb5support.so.0 lib/krb5/plugins/kdb/db2.so +lib/krb5/plugins/tls/k5tls.so %%LDAP%%lib/krb5/plugins/kdb/kldap.so lib/krb5/plugins/preauth/otp.so lib/krb5/plugins/preauth/pkinit.so @@ -104,7 +105,6 @@ lib/pkgconfig/mit-krb5.pc man/man1/k5srvutil.1.gz man/man1/kadmin.1.gz man/man1/krb5-config.1.gz -man/man1/krb5-send-pr.1.gz man/man1/kpasswd.1.gz man/man1/klist.1.gz man/man1/kinit.1.gz @@ -150,7 +150,6 @@ share/et/et_h.awk share/examples/krb5/kdc.conf share/examples/krb5/krb5.conf share/examples/krb5/services.append -share/gnats/mit share/locale/en_US/LC_MESSAGES/mit-krb5.mo @exec mkdir -p %D/var/krb5kdc @dirrmtry var/krb5kdc @@ -158,6 +157,7 @@ share/locale/en_US/LC_MESSAGES/mit-krb5.mo @dirrmtry share/locale/en_US/LC_MESSAGES @dirrmtry share/locale/en_US @dirrm lib/pkgconfig +@dirrm lib/krb5/plugins/tls @dirrm lib/krb5/plugins/preauth @dirrm lib/krb5/plugins/libkrb5 @dirrm lib/krb5/plugins/kdb @@ -169,5 +169,4 @@ share/locale/en_US/LC_MESSAGES/mit-krb5.mo @dirrm include/krb5 @dirrm include/kadm5 @dirrm share/et -@dirrmtry share/gnats @dirrm share/examples/krb5 |