[pkgsrc/trunk]: pkgsrc Update security/heimdal to 0.7.1 (approved by lha). W...

[jlam <jlam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/333c1fa0a171
branches:  trunk
changeset: 501708:333c1fa0a171
user:      jlam <jlam%pkgsrc.org@localhost>
date:      Wed Oct 26 15:12:45 2005 +0000

description:
Update security/heimdal to 0.7.1 (approved by lha).  We drop support
for the "db4" option and just rely on the appropriate BDB_* settings
via bdb.buildlink3.mk.  Also, we tweak the builtin.mk file so use
krb5-config, if it's available, to check the version of the built-in
heimdal.  Patches patch-ab, patch-ae and patch-af have been sent back
upstream and will be incorporated into future Heimdal releases.

Changes between version 0.6.5 and version 0.7.1 include:

 * Support for KCM, a process based credential cache
 * Support CCAPI credential cache
 * SPNEGO support
 * AES (and the gssapi conterpart, CFX) support
 * Adding new and improve old documentation
 * Bug fixes

diffstat:

 doc/CHANGES                        |    3 +-
 security/heimdal/Makefile          |   34 ++-
 security/heimdal/PLIST             |  314 ++++++++++++++++++++++++++++++++++++-
 security/heimdal/buildlink3.mk     |   11 +-
 security/heimdal/builtin.mk        |   27 ++-
 security/heimdal/distinfo          |   17 +-
 security/heimdal/files/kadmind.sh  |   20 ++
 security/heimdal/files/kcm.sh      |   18 ++
 security/heimdal/files/kdc.sh      |   15 +-
 security/heimdal/files/kpasswdd.sh |   20 ++
 security/heimdal/patches/patch-aa  |   29 ---
 security/heimdal/patches/patch-ab  |   52 ++---
 security/heimdal/patches/patch-ac  |    6 +-
 security/heimdal/patches/patch-ad  |   38 +----
 security/heimdal/patches/patch-ae  |   13 +
 security/heimdal/patches/patch-af  |   12 +
 16 files changed, 479 insertions(+), 150 deletions(-)

diffs (truncated from 1060 to 300 lines):

diff -r 0231515269fd -r 333c1fa0a171 doc/CHANGES
--- a/doc/CHANGES       Wed Oct 26 15:11:10 2005 +0000
+++ b/doc/CHANGES       Wed Oct 26 15:12:45 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.11669 2005/10/26 15:08:32 jlam Exp $
+$NetBSD: CHANGES,v 1.11670 2005/10/26 15:13:03 jlam Exp $
 
 Changes to the packages collection and infrastructure in 2005:
 
@@ -4856,3 +4856,4 @@
        Updated devel/guile-slib to 3.1.2 [adam 2005-10-26]
        Updated devel/bugzilla to 2.20 [adrianp 2005-10-26]
        Updated databases/openldap to 2.3.11 [jlam 2005-10-26]
+       Updated security/heimdal to 0.7.1 [jlam 2005-10-26]
diff -r 0231515269fd -r 333c1fa0a171 security/heimdal/Makefile
--- a/security/heimdal/Makefile Wed Oct 26 15:11:10 2005 +0000
+++ b/security/heimdal/Makefile Wed Oct 26 15:12:45 2005 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2005/10/25 01:17:57 rillig Exp $
+# $NetBSD: Makefile,v 1.45 2005/10/26 15:12:45 jlam Exp $
 
-DISTNAME=      heimdal-0.6.5
-PKGREVISION=   2
+DISTNAME=      heimdal-0.7.1
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.pdc.kth.se/pub/heimdal/src/   \
                ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/
@@ -16,6 +15,7 @@
 
 USE_LIBTOOL=           yes
 USE_TOOLS+=            bison
+MAKE_ENV+=             INSTALL_CATPAGES=no
 
 HEIMDAL_STATEDIR?=     ${VARBASE}/heimdal
 
@@ -25,8 +25,9 @@
 CONFIGURE_ARGS+=       --includedir=${PREFIX}/include/krb5
 CONFIGURE_ARGS+=       --without-x
 CONFIGURE_ARGS+=       --without-krb4
+CONFIGURE_ARGS+=       --enable-kcm
 
-CFLAGS.Darwin+= -DBIND_8_COMPAT
+CFLAGS.Darwin+=                -DBIND_8_COMPAT
 
 # Though Solaris has a <vis.h> header, it does something very unrelated
 # to the BSD <vis.h> header.
@@ -39,28 +40,30 @@
 # <readline.h>.
 #
 CONFIGURE_ARGS+=       --with-readline=${BUILDLINK_PREFIX.readline}
-BUILDLINK_INCDIRS.readline=    include/readline
+CPPFLAGS+=             -I${BUILDLINK_PREFIX.readline}/include/readline
 BROKEN_READLINE_DETECTION=     yes
 .include "../../devel/readline/buildlink3.mk"
 
 CONFIGURE_ARGS+=       --with-openssl=${SSLBASE}
-USE_OLD_DES_API=       yes
 .include "../../security/openssl/buildlink3.mk"
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.heimdal
-PKG_SUPPORTED_OPTIONS= db4 ldap kerberos-prefix-cmds
+PKG_SUPPORTED_OPTIONS= kerberos-prefix-cmds ldap
 
 .include "../../mk/bsd.options.mk"
 
-.if !empty(PKG_OPTIONS:Mdb4)
-.  include "../../databases/db4/buildlink3.mk"
-.else
-.  include "../../mk/bdb.buildlink3.mk"
-.endif
-
 .if !empty(PKG_OPTIONS:Mldap)
 .  include "../../databases/openldap/buildlink3.mk"
 CONFIGURE_ARGS+=       --with-openldap=${BUILDLINK_PREFIX.openldap}
+PLIST_SUBST+=          LDAP=""
+
+post-install: heimdal-ldap-schema
+heimdal-ldap-schema:
+       ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/heimdal
+       ${INSTALL_DATA} ${WRKSRC}/lib/hdb/hdb.schema                    \
+               ${PREFIX}/share/examples/heimdal
+.else
+PLIST_SUBST+=          LDAP="@comment "
 .endif
 
 # Rename some of Heimdal's applications so they won't conflict with
@@ -84,7 +87,8 @@
 
 USE_PKGINSTALL=                yes
 OWN_DIRS_PERMS=                ${HEIMDAL_STATEDIR} ${ROOT_USER} ${ROOT_GROUP} 0700
-RCD_SCRIPTS=           kdc
+SPECIAL_PERMS=         ${PREFIX}/bin/${KRB5_PREFIX}su ${SETUID_ROOT_PERMS}
+RCD_SCRIPTS=           kadmind kcm kdc kpasswdd
 INFO_FILES=            heimdal.info
 
 # Fix some places in the Heimdal sources that don't point to the correct
@@ -101,6 +105,8 @@
        -e "/PATH_RSH/s,/rsh,/${KRB5_PREFIX}rsh,g"                      \
        -e "/PATH_LOGIN/s,/login,/${KRB5_PREFIX}login,g"
 
+.include "../../mk/bdb.buildlink3.mk"
+
 pre-configure:
        cd ${WRKSRC}; for f in lib/hdb/hdb.h; do                        \
                ${SED}  -e "s|/var/heimdal|${HEIMDAL_STATEDIR}|g"       \
diff -r 0231515269fd -r 333c1fa0a171 security/heimdal/PLIST
--- a/security/heimdal/PLIST    Wed Oct 26 15:11:10 2005 +0000
+++ b/security/heimdal/PLIST    Wed Oct 26 15:12:45 2005 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2005/05/02 20:34:04 reed Exp $
+@comment $NetBSD: PLIST,v 1.9 2005/10/26 15:12:45 jlam Exp $
 bin/${KRB5_PREFIX}login
 bin/${KRB5_PREFIX}rcp
 bin/${KRB5_PREFIX}rsh
@@ -37,6 +37,7 @@
 include/krb5/hdb_asn1.h
 include/krb5/hdb_err.h
 include/krb5/heim_err.h
+include/krb5/hex.h
 include/krb5/k524_err.h
 include/krb5/kadm5/admin.h
 include/krb5/kadm5/kadm5-private.h
@@ -49,6 +50,7 @@
 include/krb5/krb5-types.h
 include/krb5/krb5.h
 include/krb5/krb5_asn1.h
+include/krb5/krb5_ccapi.h
 include/krb5/krb5_err.h
 include/krb5/otp.h
 include/krb5/parse_bytes.h
@@ -81,6 +83,7 @@
 libexec/ipropd-master
 libexec/ipropd-slave
 libexec/kadmind
+libexec/kcm
 libexec/kdc
 libexec/kfd
 libexec/kftpd
@@ -90,6 +93,7 @@
 man/man1/${KRB5_PREFIX}login.1
 man/man1/${KRB5_PREFIX}rsh.1
 man/man1/${KRB5_PREFIX}telnet.1
+man/man1/${KRB5_PREFIX}su.1
 man/man1/afslog.1
 man/man1/kauth.1
 man/man1/kdestroy.1
@@ -103,6 +107,7 @@
 man/man1/kx.1
 man/man1/otp.1
 man/man1/otpprint.1
+man/man1/pagsh.1
 man/man1/pfrom.1
 man/man1/rxtelnet.1
 man/man1/rxterm.1
@@ -135,8 +140,10 @@
 man/man3/gss_inquire_cred_by_mech.3
 man/man3/gss_inquire_mechs_for_name.3
 man/man3/gss_inquire_names_for_mech.3
+man/man3/gss_krb5_ccache_name.3
 man/man3/gss_krb5_compat_des3_mic.3
 man/man3/gss_krb5_copy_ccache.3
+man/man3/gss_krb5_get_tkt_flags.3
 man/man3/gss_process_context_token.3
 man/man3/gss_release_buffer.3
 man/man3/gss_release_cred.3
@@ -152,20 +159,34 @@
 man/man3/gss_wrap.3
 man/man3/gss_wrap_size_limit.3
 man/man3/gssapi.3
+man/man3/gsskrb5_extract_authz_data_from_sec_context.3
 man/man3/k_afs_cell_of_file.3
 man/man3/k_hasafs.3
 man/man3/k_pioctl.3
 man/man3/k_setpag.3
 man/man3/k_unlog.3
+man/man3/kadm5_add_passwd_quality_verifier.3
+man/man3/kadm5_check_password_quality.3
+man/man3/kadm5_pwcheck.3
+man/man3/kadm5_setup_passwd_quality_check.3
 man/man3/kafs.3
 man/man3/kafs_set_verbose.3
 man/man3/kafs_settoken.3
 man/man3/kafs_settoken5.3
 man/man3/kafs_settoken_rxkad.3
 man/man3/krb5.3
+man/man3/krb524_convert_creds_kdc.3
+man/man3/krb524_convert_creds_kdc_ccache.3
 man/man3/krb5_425_conv_principal.3
 man/man3/krb5_425_conv_principal_ext.3
 man/man3/krb5_524_conv_principal.3
+man/man3/krb5_abort.3
+man/man3/krb5_abortx.3
+man/man3/krb5_acl_match_file.3
+man/man3/krb5_acl_match_string.3
+man/man3/krb5_add_et_list.3
+man/man3/krb5_add_extra_addresses.3
+man/man3/krb5_add_ignore_addresses.3
 man/man3/krb5_addlog_dest.3
 man/man3/krb5_addlog_func.3
 man/man3/krb5_addr2sockaddr.3
@@ -183,9 +204,12 @@
 man/man3/krb5_appdefault_string.3
 man/man3/krb5_appdefault_time.3
 man/man3/krb5_append_addresses.3
+man/man3/krb5_auth_con_addflags.3
 man/man3/krb5_auth_con_free.3
 man/man3/krb5_auth_con_genaddrs.3
+man/man3/krb5_auth_con_generatelocalsubkey.3
 man/man3/krb5_auth_con_getaddrs.3
+man/man3/krb5_auth_con_getauthenticator.3
 man/man3/krb5_auth_con_getflags.3
 man/man3/krb5_auth_con_getkey.3
 man/man3/krb5_auth_con_getlocalsubkey.3
@@ -194,6 +218,7 @@
 man/man3/krb5_auth_con_getuserkey.3
 man/man3/krb5_auth_con_init.3
 man/man3/krb5_auth_con_initivector.3
+man/man3/krb5_auth_con_removeflags.3
 man/man3/krb5_auth_con_setaddrs.3
 man/man3/krb5_auth_con_setaddrs_from_fd.3
 man/man3/krb5_auth_con_setflags.3
@@ -204,7 +229,6 @@
 man/man3/krb5_auth_con_setremotesubkey.3
 man/man3/krb5_auth_con_setuserkey.3
 man/man3/krb5_auth_context.3
-man/man3/krb5_auth_getauthenticator.3
 man/man3/krb5_auth_getcksumtype.3
 man/man3/krb5_auth_getkeytype.3
 man/man3/krb5_auth_getlocalseqnumber.3
@@ -217,6 +241,22 @@
 man/man3/krb5_build_principal_ext.3
 man/man3/krb5_build_principal_va.3
 man/man3/krb5_build_principal_va_ext.3
+man/man3/krb5_c_block_size.3
+man/man3/krb5_c_checksum_length.3
+man/man3/krb5_c_decrypt.3
+man/man3/krb5_c_encrypt.3
+man/man3/krb5_c_encrypt_length.3
+man/man3/krb5_c_enctype_compare.3
+man/man3/krb5_c_get_checksum.3
+man/man3/krb5_c_is_coll_proof_cksum.3
+man/man3/krb5_c_is_keyed_cksum.3
+man/man3/krb5_c_make_checksum.3
+man/man3/krb5_c_make_random_key.3
+man/man3/krb5_c_set_checksum.3
+man/man3/krb5_c_valid_cksumtype.3
+man/man3/krb5_c_valid_enctype.3
+man/man3/krb5_c_verify_checksum.3
+man/man3/krb5_cc_clear_mcred.3
 man/man3/krb5_cc_close.3
 man/man3/krb5_cc_copy_cache.3
 man/man3/krb5_cc_cursor.3
@@ -227,11 +267,14 @@
 man/man3/krb5_cc_gen_new.3
 man/man3/krb5_cc_get_name.3
 man/man3/krb5_cc_get_ops.3
+man/man3/krb5_cc_get_prefix_ops.3
 man/man3/krb5_cc_get_principal.3
 man/man3/krb5_cc_get_type.3
 man/man3/krb5_cc_get_version.3
 man/man3/krb5_cc_initialize.3
+man/man3/krb5_cc_new_unique.3
 man/man3/krb5_cc_next_cred.3
+man/man3/krb5_cc_next_cred_match.3
 man/man3/krb5_cc_ops.3
 man/man3/krb5_cc_register.3
 man/man3/krb5_cc_remove_cred.3
@@ -242,21 +285,66 @@
 man/man3/krb5_cc_store_cred.3
 man/man3/krb5_ccache.3
 man/man3/krb5_change_password.3
+man/man3/krb5_check_transited.3
+man/man3/krb5_check_transited_realms.3
+man/man3/krb5_checksum.3
+man/man3/krb5_checksum_disable.3
 man/man3/krb5_checksum_is_collision_proof.3
 man/man3/krb5_checksum_is_keyed.3
 man/man3/krb5_checksumsize.3
+man/man3/krb5_cksumtype_valid.3
+man/man3/krb5_clear_error_string.3
 man/man3/krb5_closelog.3
+man/man3/krb5_compare_creds.3
 man/man3/krb5_config.3
+man/man3/krb5_config_file_free.3
+man/man3/krb5_config_free_strings.3
+man/man3/krb5_config_get.3
+man/man3/krb5_config_get_bool.3
 man/man3/krb5_config_get_bool_default.3
+man/man3/krb5_config_get_int.3
 man/man3/krb5_config_get_int_default.3
+man/man3/krb5_config_get_list.3
+man/man3/krb5_config_get_next.3
+man/man3/krb5_config_get_string.3
 man/man3/krb5_config_get_string_default.3
+man/man3/krb5_config_get_strings.3
+man/man3/krb5_config_get_time.3
 man/man3/krb5_config_get_time_default.3
+man/man3/krb5_config_parse_file.3
+man/man3/krb5_config_parse_file_multi.3
+man/man3/krb5_config_vget.3