aboutsummaryrefslogtreecommitdiffstats
path: root/x11-servers
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>1998-03-19 22:57:20 +0800
committermarkm <markm@FreeBSD.org>1998-03-19 22:57:20 +0800
commit75a3af9916fdfeb409e4662436de8adef2b2fc9a (patch)
tree5d58caf7125b72232cbea3dcdde835c5fb1f313f /x11-servers
parent832deefaec77702881ccdfb47c5b3685bbb2378a (diff)
downloadfreebsd-ports-gnome-75a3af9916fdfeb409e4662436de8adef2b2fc9a.tar.gz
freebsd-ports-gnome-75a3af9916fdfeb409e4662436de8adef2b2fc9a.tar.zst
freebsd-ports-gnome-75a3af9916fdfeb409e4662436de8adef2b2fc9a.zip
Enable all sorts of useful security features:
o XDM-AUTHORIZATION-1 is more automated for the non-USA case. o PST's KerberosIV patches are reinstated for XDM. This is NOT a full-blown KerberosIV implementation for X - this will just get you a TGT when you log in - THATS ALL! o Enable compilation of SecureRPC. The use of SecureRPC at the moment is frought with danger! I have no idea how safe or good the implementation is. Enable at your own peril!! (Secure RPC is only available for those folk using 3.0-Current). Also allow XF86Setup to use TK-8.0. OK'ed By: JMZ
Diffstat (limited to 'x11-servers')
-rw-r--r--x11-servers/XFree86-4-Server-snap/Makefile23
-rw-r--r--x11-servers/XFree86-4-Server-snap/distinfo1
-rw-r--r--x11-servers/XFree86-4-Server-snap/scripts/configure98
-rw-r--r--x11-servers/XFree86-4-Server/Makefile23
-rw-r--r--x11-servers/XFree86-4-Server/distinfo1
-rw-r--r--x11-servers/XFree86-4-Server/scripts/configure98
6 files changed, 204 insertions, 40 deletions
diff --git a/x11-servers/XFree86-4-Server-snap/Makefile b/x11-servers/XFree86-4-Server-snap/Makefile
index 336feb66a126..291015e30d33 100644
--- a/x11-servers/XFree86-4-Server-snap/Makefile
+++ b/x11-servers/XFree86-4-Server-snap/Makefile
@@ -3,7 +3,7 @@
# Date created: 5 January 1995
# Whom: jmz
#
-# $Id: Makefile,v 1.37 1997/12/04 10:52:50 asami Exp $
+# $Id: Makefile,v 1.38 1998/03/08 17:13:18 jmz Exp $
#
DISTNAME= xc
@@ -25,6 +25,27 @@ ALL_TARGET= World
INSTALL_TARGET= install install.man
DIST_SUBDIR= xc
+.if defined(XDM_DES) && (${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO)
+pre-fetch:
+ @${ECHO}
+ @${ECHO} You must set variable USA_RESIDENT to YES or NO.
+ @false
+.elif defined(USA_RESIDENT)
+.if ${USA_RESIDENT} == NO
+pre-fetch:
+MASTER_SITES+= ftp://psych.psy.uq.oz.au/pub/X11R5/ \
+ ftp://ftp.internat.freebsd.org/pub/FreeBSD/X11-Crypto/ \
+ ftp://ftp3.za.freebsd.org/pub/FreeBSD/X11-Crypto/
+DISTFILES+= Wraphelp.c
+IGNOREFILES= Wraphelp.c
+.endif
+.if ${USA_RESIDENT} == YES
+pre-fetch:
+ @${ECHO}
+ @${ECHO} Assuming that you have fetched a USA-Legal Wraphelp.c.
+.endif
+.endif
+
pre-install:
${MKDIR} /usr/X11R6
post-install:
diff --git a/x11-servers/XFree86-4-Server-snap/distinfo b/x11-servers/XFree86-4-Server-snap/distinfo
index b1738b48754e..4ef8149a82c5 100644
--- a/x11-servers/XFree86-4-Server-snap/distinfo
+++ b/x11-servers/XFree86-4-Server-snap/distinfo
@@ -1,2 +1,3 @@
MD5 (xc/X332src-1.tgz) = 61c0340f91c883e214886fb81d1eefc3
MD5 (xc/X332src-2.tgz) = d7b5370405afaf1097952911d1b5303d
+MD5 (xc/Wraphelp.c) = IGNORE
diff --git a/x11-servers/XFree86-4-Server-snap/scripts/configure b/x11-servers/XFree86-4-Server-snap/scripts/configure
index fcc38caf0028..f2e61f73a8d9 100644
--- a/x11-servers/XFree86-4-Server-snap/scripts/configure
+++ b/x11-servers/XFree86-4-Server-snap/scripts/configure
@@ -21,35 +21,38 @@ rm -f $F
# Tk detection
tkversion=
-###### only tk 4.2/tcl 7.6 is known to work
-for v in 2; do
- if [ -f /usr/local/lib/libtk4$v.a ]; then
+for v in 42 80; do
+ if [ -f /usr/local/lib/libtk$v.a ]; then
tkversion=$v
+ case $tkversion in
+ 42)
+ tclversion=76
+ tclLversion=7.6
+ tkLversion=4.2
+ ;;
+ 80)
+ tclversion=80
+ tclLversion=8.0
+ tkLversion=8.0
+ ;;
+ esac
fi
done
if [ X$tkversion != X ]; then
- echo "Using tk-4.$tkversion"
+ echo "Using tk-$tkLversion"
echo "#define HasTk YES" >>$F
echo "#define TkLibDir /usr/local/lib" >>$F
- echo "#define TkIncDir /usr/local/include/tk4.$tkversion" >>$F
- echo "#define TkLibName tk4$tkversion" >>$F
+ echo "#define TkIncDir /usr/local/include/tk$tkLversion" >>$F
+ echo "#define TkLibName tk$tkversion" >>$F
echo "#define HasTcl YES" >>$F
echo "#define TclLibDir /usr/local/lib" >>$F
- case $tkversion in
- 1)
- tclversion=5
- ;;
- 2)
- tclversion=6
- ;;
- esac
- echo "#define TclIncDir /usr/local/include/tcl7.$tclversion" >>$F
- echo "#define TclLibName tcl7$tclversion" >>$F
+ echo "#define TclIncDir /usr/local/include/tcl$tclLversion" >>$F
+ echo "#define TclLibName tcl$tclversion" >>$F
else
cat <<EOF
-*** I don't see the static library for tk version 4.2 in /usr/local/lib.
+*** I don't see the static library for tk version $tkversion in /usr/local/lib.
*** XF86Setup will not be installed. If you want to build this program
-*** install tk 4.2 first.
+*** install tk 4.2 or 8.0 first.
EOF
fi
@@ -168,6 +171,20 @@ yesno "Build static libraries in addition to shared libraries? [YES] "
if [ $answ = YES ]; then
echo "#define ForceNormalLib YES" >> $F
fi
+
+cat <<'END'
+
+ FreeBSD-3.x has support for Secure RPC. DO NOT ENABLE THIS ON FreeBSD-2.* !!
+
+ While this scheme is not used for general purpose encryption,
+ some countries restrict the use of strong cryptography.
+
+END
+yesno "Build with Secure RPC? [YES] "
+if [ $answ = YES ]; then
+ echo "#define HasSecureRPC YES" >> $F
+fi
+
cat <<'END'
MIT supplies an authentication mechanism that relies upon DES, this is
@@ -212,6 +229,43 @@ if [ $cpwh != NO ]; then
echo "#define HasXdmAuth $answ" >> $F
fi
+cat <<'END'
+
+ XDM can be built so that it will get a KerberosIV TGT for your users
+ when they log in. This requires that you have Kerberos on your system
+ when you do this build.
+
+ Source code for this authentication mechanism may not be exported from
+ the United States, however, there are compatible replacements for this
+ mechanism available elsewhere. Also, while this scheme is not used for
+ general purpose encryption, some countries restrict the use of strong
+ cryptography.
+
+ Even if you answer YES to the following question, KerberosIV support
+ will not be enabled if the kerberos libraries are unavailable.
+
+END
+yesno "Do you want to enable KerberosIV support? [YES] "
+cpkb=NO
+if [ $answ = YES ]; then
+ LIBKRB=/usr/lib/libkrb.a
+ K4PATCH=$FILESDIR/kerberos4.diffs
+ K4XDM="$FILESDIR/krb4auth.c $FILESDIR/krb4auth.h"
+ XDMDIR=$WRKDIR/xc/programs/xdm/
+
+ if [ -f $LIBKRB ] ; then
+ echo "==> KerberosIV found in system libraries."
+ cpkb=YES
+ else
+ echo "==> Kerberos libraries not found on system."
+ echo "==> KerberosIV support NOT enabled."
+ cpkb=NO
+ fi
+fi
+if [ $cpkb != NO ]; then
+ echo "#define HasKrb4 $answ" >> $F
+fi
+
echo
echo "End of configuration questions. No more user input required"
echo
@@ -223,6 +277,12 @@ if [ X$cpwh != XNO ]; then
cp $cpwh $WH
fi
-cat $F >> $WRKSRC/config/cf/xf86site.def
+if [ X$cpkb != XNO ]; then
+ cp $K4XDM $XDMDIR
+ echo "===> Applying KerberosIV patches"
+ patch -s -d $WRKDIR/xc -E -p0 < $K4PATCH
+fi
+
+cat $F >> $WRKDIR/xc/config/cf/xf86site.def
exit 0
diff --git a/x11-servers/XFree86-4-Server/Makefile b/x11-servers/XFree86-4-Server/Makefile
index 336feb66a126..291015e30d33 100644
--- a/x11-servers/XFree86-4-Server/Makefile
+++ b/x11-servers/XFree86-4-Server/Makefile
@@ -3,7 +3,7 @@
# Date created: 5 January 1995
# Whom: jmz
#
-# $Id: Makefile,v 1.37 1997/12/04 10:52:50 asami Exp $
+# $Id: Makefile,v 1.38 1998/03/08 17:13:18 jmz Exp $
#
DISTNAME= xc
@@ -25,6 +25,27 @@ ALL_TARGET= World
INSTALL_TARGET= install install.man
DIST_SUBDIR= xc
+.if defined(XDM_DES) && (${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO)
+pre-fetch:
+ @${ECHO}
+ @${ECHO} You must set variable USA_RESIDENT to YES or NO.
+ @false
+.elif defined(USA_RESIDENT)
+.if ${USA_RESIDENT} == NO
+pre-fetch:
+MASTER_SITES+= ftp://psych.psy.uq.oz.au/pub/X11R5/ \
+ ftp://ftp.internat.freebsd.org/pub/FreeBSD/X11-Crypto/ \
+ ftp://ftp3.za.freebsd.org/pub/FreeBSD/X11-Crypto/
+DISTFILES+= Wraphelp.c
+IGNOREFILES= Wraphelp.c
+.endif
+.if ${USA_RESIDENT} == YES
+pre-fetch:
+ @${ECHO}
+ @${ECHO} Assuming that you have fetched a USA-Legal Wraphelp.c.
+.endif
+.endif
+
pre-install:
${MKDIR} /usr/X11R6
post-install:
diff --git a/x11-servers/XFree86-4-Server/distinfo b/x11-servers/XFree86-4-Server/distinfo
index b1738b48754e..4ef8149a82c5 100644
--- a/x11-servers/XFree86-4-Server/distinfo
+++ b/x11-servers/XFree86-4-Server/distinfo
@@ -1,2 +1,3 @@
MD5 (xc/X332src-1.tgz) = 61c0340f91c883e214886fb81d1eefc3
MD5 (xc/X332src-2.tgz) = d7b5370405afaf1097952911d1b5303d
+MD5 (xc/Wraphelp.c) = IGNORE
diff --git a/x11-servers/XFree86-4-Server/scripts/configure b/x11-servers/XFree86-4-Server/scripts/configure
index fcc38caf0028..f2e61f73a8d9 100644
--- a/x11-servers/XFree86-4-Server/scripts/configure
+++ b/x11-servers/XFree86-4-Server/scripts/configure
@@ -21,35 +21,38 @@ rm -f $F
# Tk detection
tkversion=
-###### only tk 4.2/tcl 7.6 is known to work
-for v in 2; do
- if [ -f /usr/local/lib/libtk4$v.a ]; then
+for v in 42 80; do
+ if [ -f /usr/local/lib/libtk$v.a ]; then
tkversion=$v
+ case $tkversion in
+ 42)
+ tclversion=76
+ tclLversion=7.6
+ tkLversion=4.2
+ ;;
+ 80)
+ tclversion=80
+ tclLversion=8.0
+ tkLversion=8.0
+ ;;
+ esac
fi
done
if [ X$tkversion != X ]; then
- echo "Using tk-4.$tkversion"
+ echo "Using tk-$tkLversion"
echo "#define HasTk YES" >>$F
echo "#define TkLibDir /usr/local/lib" >>$F
- echo "#define TkIncDir /usr/local/include/tk4.$tkversion" >>$F
- echo "#define TkLibName tk4$tkversion" >>$F
+ echo "#define TkIncDir /usr/local/include/tk$tkLversion" >>$F
+ echo "#define TkLibName tk$tkversion" >>$F
echo "#define HasTcl YES" >>$F
echo "#define TclLibDir /usr/local/lib" >>$F
- case $tkversion in
- 1)
- tclversion=5
- ;;
- 2)
- tclversion=6
- ;;
- esac
- echo "#define TclIncDir /usr/local/include/tcl7.$tclversion" >>$F
- echo "#define TclLibName tcl7$tclversion" >>$F
+ echo "#define TclIncDir /usr/local/include/tcl$tclLversion" >>$F
+ echo "#define TclLibName tcl$tclversion" >>$F
else
cat <<EOF
-*** I don't see the static library for tk version 4.2 in /usr/local/lib.
+*** I don't see the static library for tk version $tkversion in /usr/local/lib.
*** XF86Setup will not be installed. If you want to build this program
-*** install tk 4.2 first.
+*** install tk 4.2 or 8.0 first.
EOF
fi
@@ -168,6 +171,20 @@ yesno "Build static libraries in addition to shared libraries? [YES] "
if [ $answ = YES ]; then
echo "#define ForceNormalLib YES" >> $F
fi
+
+cat <<'END'
+
+ FreeBSD-3.x has support for Secure RPC. DO NOT ENABLE THIS ON FreeBSD-2.* !!
+
+ While this scheme is not used for general purpose encryption,
+ some countries restrict the use of strong cryptography.
+
+END
+yesno "Build with Secure RPC? [YES] "
+if [ $answ = YES ]; then
+ echo "#define HasSecureRPC YES" >> $F
+fi
+
cat <<'END'
MIT supplies an authentication mechanism that relies upon DES, this is
@@ -212,6 +229,43 @@ if [ $cpwh != NO ]; then
echo "#define HasXdmAuth $answ" >> $F
fi
+cat <<'END'
+
+ XDM can be built so that it will get a KerberosIV TGT for your users
+ when they log in. This requires that you have Kerberos on your system
+ when you do this build.
+
+ Source code for this authentication mechanism may not be exported from
+ the United States, however, there are compatible replacements for this
+ mechanism available elsewhere. Also, while this scheme is not used for
+ general purpose encryption, some countries restrict the use of strong
+ cryptography.
+
+ Even if you answer YES to the following question, KerberosIV support
+ will not be enabled if the kerberos libraries are unavailable.
+
+END
+yesno "Do you want to enable KerberosIV support? [YES] "
+cpkb=NO
+if [ $answ = YES ]; then
+ LIBKRB=/usr/lib/libkrb.a
+ K4PATCH=$FILESDIR/kerberos4.diffs
+ K4XDM="$FILESDIR/krb4auth.c $FILESDIR/krb4auth.h"
+ XDMDIR=$WRKDIR/xc/programs/xdm/
+
+ if [ -f $LIBKRB ] ; then
+ echo "==> KerberosIV found in system libraries."
+ cpkb=YES
+ else
+ echo "==> Kerberos libraries not found on system."
+ echo "==> KerberosIV support NOT enabled."
+ cpkb=NO
+ fi
+fi
+if [ $cpkb != NO ]; then
+ echo "#define HasKrb4 $answ" >> $F
+fi
+
echo
echo "End of configuration questions. No more user input required"
echo
@@ -223,6 +277,12 @@ if [ X$cpwh != XNO ]; then
cp $cpwh $WH
fi
-cat $F >> $WRKSRC/config/cf/xf86site.def
+if [ X$cpkb != XNO ]; then
+ cp $K4XDM $XDMDIR
+ echo "===> Applying KerberosIV patches"
+ patch -s -d $WRKDIR/xc -E -p0 < $K4PATCH
+fi
+
+cat $F >> $WRKDIR/xc/config/cf/xf86site.def
exit 0