aboutsummaryrefslogtreecommitdiffstats
path: root/security/heimdal
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2000-11-10 07:35:03 +0800
committernectar <nectar@FreeBSD.org>2000-11-10 07:35:03 +0800
commit3dcc64156840e7d176579cce36523e786a0c4b42 (patch)
tree3435f6fbaccfbc4b316d995de501785bb3ae1cb4 /security/heimdal
parentafbfb6e94adf9bb0cf794ef2de9f68075a33e7e2 (diff)
downloadfreebsd-ports-graphics-3dcc64156840e7d176579cce36523e786a0c4b42.tar.gz
freebsd-ports-graphics-3dcc64156840e7d176579cce36523e786a0c4b42.tar.zst
freebsd-ports-graphics-3dcc64156840e7d176579cce36523e786a0c4b42.zip
= Use system libcom_err.
No longer build or install the included libcom_err and compile_et. = ftpd now uses IP_PORTRANGE* in the same fashion as the system ftpd. By default, ftpd will now use high port numbers for serving clients in passive mode. = Fix segmentation fault in kadmin. A null pointer dereference that was only tickled when using kadmin with a kdc that uses LDAP as the backend. = Fix a search filter in hdb-ldap.c. A lookup was failing to fetch operational attributes such as modifiersName. = Bump PORTREVISION for above changes.
Diffstat (limited to 'security/heimdal')
-rw-r--r--security/heimdal/Makefile9
-rw-r--r--security/heimdal/files/patch-cj36
-rw-r--r--security/heimdal/files/patch-ck25
-rw-r--r--security/heimdal/files/patch-cl34
-rw-r--r--security/heimdal/files/patch-cm12
-rw-r--r--security/heimdal/files/patch-cn20
-rw-r--r--security/heimdal/files/patch-co11
-rw-r--r--security/heimdal/files/patch-cp24
-rw-r--r--security/heimdal/files/patch-cq14
-rw-r--r--security/heimdal/files/patch-cr13
-rw-r--r--security/heimdal/pkg-plist5
11 files changed, 197 insertions, 6 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 8fbe67c212d..d1ec0b74eac 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -7,7 +7,7 @@
PORTNAME= heimdal
PORTVERSION= 0.3c
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \
@@ -38,6 +38,7 @@ MAN8= ftpd.8 hprop.8 hpropd.8 kadmind.8 kdc.8 kfd.8 kpasswdd.8 \
#USE_LIBTOOL= yes
GNU_CONFIGURE= yes
+CONFIGURE_TARGET= --build=${MACHINE_ARCH}--freebsd${OSREL}
INSTALLS_SHLIB= yes
CONFIGURE_ARGS= --prefix=${PREFIX} --enable-shared
.if defined(WITH_LDAP)
@@ -69,6 +70,12 @@ CONFIGURE_ARGS+= --without-krb4
PLIST:= ${WRKDIR}/PLIST
+pre-configure:
+ @(set -e; \
+ cd ${CONFIGURE_WRKSRC}; \
+ find . -type f -name 'Makefile.in' -print | xargs perl -i -pe \
+ 's,\$$\(top_builddir\)/lib/com_err/compile_et,compile_et,';)
+
pre-install:
@${CP} ${PKGDIR}/pkg-plist ${PLIST}
.if exists(/usr/lib/libkrb.a) && !defined(WITHOUT_KRB4)
diff --git a/security/heimdal/files/patch-cj b/security/heimdal/files/patch-cj
new file mode 100644
index 00000000000..1fe503ab37f
--- /dev/null
+++ b/security/heimdal/files/patch-cj
@@ -0,0 +1,36 @@
+--- appl/ftp/ftpd/ftpd.c.orig Thu Aug 31 01:08:49 2000
++++ appl/ftp/ftpd/ftpd.c Fri Nov 3 12:01:17 2000
+@@ -68,6 +68,7 @@
+ int debug = 0;
+ int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */
+ int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
++int restricted_data_ports = 1;
+ int logging;
+ int guest;
+ int dochroot;
+@@ -215,6 +216,7 @@
+ { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
+ { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
+ { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
++ { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" },
+ { NULL, 'd', arg_flag, &debug, "enable debugging" },
+ { NULL, 'v', arg_flag, &debug, "enable debugging" },
+ { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
+@@ -1942,6 +1944,8 @@
+ socket_set_address_and_port (pasv_addr,
+ socket_get_address (ctrl_addr),
+ 0);
++ socket_set_portrange(pdata, restricted_data_ports,
++ pasv_addr->sa_family);
+ seteuid(0);
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+ seteuid(pw->pw_uid);
+@@ -1984,6 +1988,8 @@
+ socket_set_address_and_port (pasv_addr,
+ socket_get_address (ctrl_addr),
+ 0);
++ socket_set_portrange(pdata, restricted_data_ports,
++ pasv_addr->sa_family);
+ seteuid(0);
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+ seteuid(pw->pw_uid);
diff --git a/security/heimdal/files/patch-ck b/security/heimdal/files/patch-ck
new file mode 100644
index 00000000000..87afecea5c0
--- /dev/null
+++ b/security/heimdal/files/patch-ck
@@ -0,0 +1,25 @@
+--- appl/ftp/ftpd/ftpd.8.orig Tue Feb 16 14:14:08 1999
++++ appl/ftp/ftpd/ftpd.8 Fri Nov 3 12:07:47 2000
+@@ -43,7 +43,7 @@
+ .Sh SYNOPSIS
+ .Nm ftpd
+ .Op Fl a Ar authmode
+-.Op Fl dilv
++.Op Fl dilvU
+ .Op Fl g Ar umask
+ .Op Fl p Ar port
+ .Op Fl T Ar maxtimeout
+@@ -127,6 +127,13 @@
+ seconds (the default is 15 minutes).
+ .It Fl u
+ Set the initial umask to something else than the default 027.
++.It Fl U
++In previous versions of
++.Nm ftpd ,
++when a passive mode client requested a data connection to the server, the
++server would use data ports in the range 1024..4999. Now, by default, the
++server will use data ports in the range 49152..65535. Specifying this option
++will revert to the old behavior.
+ .It Fl v
+ Verbose mode.
+ .El
diff --git a/security/heimdal/files/patch-cl b/security/heimdal/files/patch-cl
new file mode 100644
index 00000000000..87e7d1b21bf
--- /dev/null
+++ b/security/heimdal/files/patch-cl
@@ -0,0 +1,34 @@
+--- lib/roken/socket.c.orig Wed Jul 26 23:41:06 2000
++++ lib/roken/socket.c Fri Nov 3 11:56:34 2000
+@@ -222,6 +222,31 @@
+ }
+
+ /*
++ * Set the range of ports to use when binding with port = 0.
++ */
++void
++socket_set_portrange (int sock, int restrict, int af)
++{
++#if defined(IP_PORTRANGE)
++ if (af == AF_INET) {
++ int on = restrict ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
++ if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
++ sizeof(on)) < 0)
++ warn ("setsockopt IP_PORTRANGE (ignored)");
++ }
++#endif
++#if defined(IPV6_PORTRANGE)
++ if (af == AF_INET6) {
++ int on = restrict ? IPV6_PORTRANGE_HIGH :
++ IPV6_PORTRANGE_DEFAULT;
++ if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
++ sizeof(on)) < 0)
++ warn ("setsockopt IPV6_PORTRANGE (ignored)");
++ }
++#endif
++}
++
++/*
+ * Enable debug on `sock'.
+ */
+
diff --git a/security/heimdal/files/patch-cm b/security/heimdal/files/patch-cm
new file mode 100644
index 00000000000..dc0a4bc28ef
--- /dev/null
+++ b/security/heimdal/files/patch-cm
@@ -0,0 +1,12 @@
+--- lib/roken/roken-common.h.orig Fri Nov 3 11:31:42 2000
++++ lib/roken/roken-common.h Fri Nov 3 11:57:01 2000
+@@ -276,6 +276,9 @@
+ socket_set_port (struct sockaddr *sa, int port);
+
+ void
++socket_set_portrange (int sock, int restrict, int af);
++
++void
+ socket_set_debug (int sock);
+
+ void
diff --git a/security/heimdal/files/patch-cn b/security/heimdal/files/patch-cn
new file mode 100644
index 00000000000..7db2073a2bc
--- /dev/null
+++ b/security/heimdal/files/patch-cn
@@ -0,0 +1,20 @@
+--- lib/Makefile.in.orig Wed Nov 8 10:21:25 2000
++++ lib/Makefile.in Wed Nov 8 10:21:34 2000
+@@ -194,7 +194,7 @@
+ @OTP_TRUE@dir_otp = @OTP_TRUE@otp
+ @DCE_TRUE@dir_dce = @DCE_TRUE@kdfs
+
+-SUBDIRS = @DIR_roken@ vers editline com_err sl asn1 des krb5 \
++SUBDIRS = @DIR_roken@ vers editline sl asn1 des krb5 \
+ kafs hdb kadm5 gssapi auth $(dir_45) $(dir_otp) $(dir_dce)
+
+ subdir = lib
+@@ -214,7 +214,7 @@
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+
+ GZIP_ENV = --best
+-DIST_SUBDIRS = @DIR_roken@ vers editline com_err sl asn1 des krb5 kafs \
++DIST_SUBDIRS = @DIR_roken@ vers editline sl asn1 des krb5 kafs \
+ hdb kadm5 gssapi auth 45 otp kdfs
+ all: all-redirect
+ .SUFFIXES:
diff --git a/security/heimdal/files/patch-co b/security/heimdal/files/patch-co
new file mode 100644
index 00000000000..4395d43ec21
--- /dev/null
+++ b/security/heimdal/files/patch-co
@@ -0,0 +1,11 @@
+--- include/Makefile.in.orig Wed Nov 8 10:21:59 2000
++++ include/Makefile.in Wed Nov 8 10:22:07 2000
+@@ -199,8 +199,6 @@
+ asn1.h \
+ asn1_err.h \
+ base64.h \
+- com_err.h \
+- com_right.h \
+ der.h \
+ des.h \
+ editline.h \
diff --git a/security/heimdal/files/patch-cp b/security/heimdal/files/patch-cp
new file mode 100644
index 00000000000..7c064faa706
--- /dev/null
+++ b/security/heimdal/files/patch-cp
@@ -0,0 +1,24 @@
+--- lib/asn1/Makefile.in.orig Wed Nov 8 10:31:04 2000
++++ lib/asn1/Makefile.in Wed Nov 8 10:31:52 2000
+@@ -279,7 +279,6 @@
+
+ check_der_LDADD = \
+ libasn1.la \
+- ../com_err/libcom_err.la \
+ $(LIB_roken)
+
+
+@@ -339,11 +338,11 @@
+ asn1_compile_LDFLAGS =
+ asn1_print_SOURCES = asn1_print.c
+ asn1_print_OBJECTS = asn1_print.$(OBJEXT)
+-asn1_print_DEPENDENCIES = libasn1.la ../com_err/libcom_err.la
++asn1_print_DEPENDENCIES = libasn1.la
+ asn1_print_LDFLAGS =
+ check_der_SOURCES = check-der.c
+ check_der_OBJECTS = check-der.$(OBJEXT)
+-check_der_DEPENDENCIES = libasn1.la ../com_err/libcom_err.la
++check_der_DEPENDENCIES = libasn1.la
+ check_der_LDFLAGS =
+ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
diff --git a/security/heimdal/files/patch-cq b/security/heimdal/files/patch-cq
new file mode 100644
index 00000000000..4c27bdc13cb
--- /dev/null
+++ b/security/heimdal/files/patch-cq
@@ -0,0 +1,14 @@
+--- kadmin/get.c.orig Wed Nov 8 12:28:57 2000
++++ kadmin/get.c Wed Nov 8 12:44:44 2000
+@@ -150,7 +150,10 @@
+ printf("%24s: %d\n", "Failed login count", princ->fail_auth_count);
+ time_t2str(princ->mod_date, buf, sizeof(buf), 1);
+ printf("%24s: %s\n", "Last modified", buf);
+- krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
++ if (princ->mod_name)
++ krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
++ else
++ strcpy(buf, "<none>");
+ printf("%24s: %s\n", "Modifier", buf);
+ attributes2str (princ->attributes, buf, sizeof(buf));
+ printf("%24s: %s\n", "Attributes", buf);
diff --git a/security/heimdal/files/patch-cr b/security/heimdal/files/patch-cr
new file mode 100644
index 00000000000..4568237f3a6
--- /dev/null
+++ b/security/heimdal/files/patch-cr
@@ -0,0 +1,13 @@
+--- lib/hdb/hdb-ldap.c.orig Wed Nov 8 14:42:11 2000
++++ lib/hdb/hdb-ldap.c Wed Nov 8 15:39:50 2000
+@@ -583,8 +583,8 @@
+ rc = 1;
+ (void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (void *) &rc);
+
+- rc = ldap_search_s((LDAP *) db->db, db->name,
+- LDAP_SCOPE_ONELEVEL, filter, NULL, 0, msg);
++ rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter,
++ krb5kdcentry_attrs, 0, msg);
+ if (rc != LDAP_SUCCESS) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
diff --git a/security/heimdal/pkg-plist b/security/heimdal/pkg-plist
index d91b4e77140..40061ff3187 100644
--- a/security/heimdal/pkg-plist
+++ b/security/heimdal/pkg-plist
@@ -21,8 +21,6 @@ bin/verify_krb5_conf
include/asn1.h
include/asn1_err.h
include/base64.h
-include/com_err.h
-include/com_right.h
include/der.h
include/des.h
include/editline.h
@@ -66,9 +64,6 @@ info/heimdal.info
lib/libasn1.a
lib/libasn1.so
lib/libasn1.so.3
-lib/libcom_err.a
-lib/libcom_err.so
-lib/libcom_err.so.1
lib/libdes.a
lib/libdes.so
lib/libdes.so.2