pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/mit-krb5
Module Name: pkgsrc
Committed By: tez
Date: Fri Jun 15 20:46:01 UTC 2018
Modified Files:
pkgsrc/security/mit-krb5: MESSAGE Makefile PLIST buildlink3.mk
builtin.mk distinfo
pkgsrc/security/mit-krb5/files: kadmind.sh kdc.sh
pkgsrc/security/mit-krb5/patches: patch-Makefile.in patch-aa patch-ae
patch-aj patch-al patch-cf patch-cg patch-cj patch-config_lib.in
patch-config_libnover.in patch-config_pre.in
patch-config_shlib.conf patch-configure.in patch-include_osconf.hin
patch-kadmin_cli_ss_wrapper.c patch-lib_apputils_Makefile.in
patch-lib_krb5_asn.1_asn1buf.h patch-lib_krb5_ccache_Makefile.in
patch-plugins_kdb_db2_Makefile.in
patch-plugins_kdb_db2_libdb2_Makefile.in
patch-plugins_preauth_otp_Makefile.in
patch-plugins_preauth_pkinit_Makefile.in
patch-util_k5ev_verto-k5ev.c patch-util_ss_Makefile.in
Added Files:
pkgsrc/security/mit-krb5/patches: patch-lib_apputils_udppktinfo.c
Removed Files:
pkgsrc/security/mit-krb5/patches: patch-lib_apputils_net-server.c
patch-lib_krb5_os_timeofday.c
Log Message:
mit-krb5: update to 1.16.1
Major changes in 1.16.1 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a regression in pkinit_cert_match matching of client certificates containing Microsoft UPN SANs.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Allow validation of Microsoft PACs containing enterprise names.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.16 (2017-12-05)
Administrator experience:
The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile
option.
The ktutil addent command supports the "-k 0" option to ignore the key version, and the "-s" option to use a non-default salt string.
kpropd supports a --pid-file option to write a pid file at startup, when it is run in standalone mode.
The "encrypted_challenge_indicator" realm option can be used to attach an authentication indicator to tickets obtained using FAST encrypted challenge pre-authentication.
Localization support can be disabled at build time with the --disable-nls configure option.
Developer experience:
The kdcpolicy pluggable interface allows modules control whether tickets are issued by the KDC.
The kadm5_auth pluggable interface allows modules to control whether kadmind grants access to a kadmin request.
The certauth pluggable interface allows modules to control which PKINIT client certificates can authenticate to which client principals.
KDB modules can use the client and KDC interface IP addresses to determine whether to allow an AS request.
GSS applications can query the bit strength of a krb5 GSS context using the GSS_C_SEC_CONTEXT_SASL_SSF OID with gss_inquire_sec_context_by_oid().
GSS applications can query the impersonator name of a krb5 GSS credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with gss_inquire_cred_by_oid().
kdcpreauth modules can query the KDC for the canonicalized requested client principal name, or match a principal name against the requested client principal name with canonicalization.
Protocol evolution:
The client library will continue to try pre-authentication mechanisms after most failure conditions.
The KDC will issue trivially renewable tickets (where the renewable lifetime is equal to or less than the ticket lifetime) if requested by the client, to be friendlier to scripts.
The client library will use a random nonce for TGS requests instead of the current system time.
For the RC4 string-to-key or PAC operations, UTF-16 is supported (previously only UCS-2 was supported).
When matching PKINIT client certificates, UPN SANs will be matched correctly as UPNs, with canonicalization.
User experience:
Dates after the year 2038 are accepted (provided that the platform time facilities support them), through the year 2106.
Automatic credential cache selection based on the client realm will take into account the fallback realm and the service hostname.
Referral and alternate cross-realm TGTs will not be cached, avoiding some scenarios where they can be added to the credential cache multiple times.
A German translation has been added.
Code quality:
The build is warning-clean under clang with the configured warning options.
The automated test suite runs cleanly under AddressSanitizer.
Major changes in 1.15.3 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.15.2 (2017-09-25)
This is a bug fix release.
Fix a KDC denial of service vulnerability caused by unset status strings [CVE-2017-11368]
Preserve GSS contexts on init/accept failure [CVE-2017-11462]
Fix kadm5 setkey operation with LDAP KDB module
Use a ten-second timeout after successful connection for HTTPS KDC requests, as we do for TCP requests
Fix client null dereference when KDC offers encrypted challenge without FAST
Ignore dotfiles when processing profile includedir directive
Improve documentation
Major changes in 1.15.1 (2017-03-01)
This is a bug fix release.
Allow KDB modules to determine how the e_data field of principal fields is freed
Fix udp_preference_limit when the KDC location is configured with SRV records
Fix KDC and kadmind startup on some IPv4-only systems
Fix the processing of PKINIT certificate matching rules which have two components and no explicit relation
Improve documentation
Major changes in 1.15 (2016-12-01)
Administrator experience:
Improve support for multihomed Kerberos servers by adding options for specifying restricted listening addresses for the KDC and kadmind.
Add support to kadmin for remote extraction of current keys without changing them (requires a special kadmin permission that is excluded from the wildcard permission), with the exception of
highly protected keys.
Add a lockdown_keys principal attribute to prevent retrieval of the principal's keys (old or new) via the kadmin protocol. In newly created databases, this attribute is set on the krbtgt and
kadmin principals.
Restore recursive dump capability for DB2 back end, so sites can more easily recover from database corruption resulting from power failure events.
Add DNS auto-discovery of KDC and kpasswd servers from URI records, in addition to SRV records. URI records can convey TCP and UDP servers and master KDC status in a single DNS lookup, and
can also point to HTTPS proxy servers.
Add support for password history to the LDAP back end.
Add support for principal renaming to the LDAP back end.
Use the getrandom system call on supported Linux kernels to avoid blocking problems when getting entropy from the operating system.
In the PKINIT client, use the correct DigestInfo encoding for PKCS #1 signatures, so that some especially strict smart cards will work.
Code quality:
Clean up numerous compilation warnings.
Remove various infrequently built modules, including some preauth modules that were not built by default.
Developer experience:
Add support for building with OpenSSL 1.1.
Use SHA-256 instead of MD5 for (non-cryptographic) hashing of authenticators in the replay cache. This helps sites that must build with FIPS 140 conformant libraries that lack MD5.
Eliminate util/reconf and allow the use of autoreconf alone to regenerate the configure script.
Protocol evolution:
Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/mit-krb5/MESSAGE
cvs rdiff -u -r1.95 -r1.96 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/mit-krb5/PLIST
cvs rdiff -u -r1.14 -r1.15 pkgsrc/security/mit-krb5/buildlink3.mk
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/mit-krb5/builtin.mk
cvs rdiff -u -r1.63 -r1.64 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/mit-krb5/files/kadmind.sh \
pkgsrc/security/mit-krb5/files/kdc.sh
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/mit-krb5/patches/patch-Makefile.in \
pkgsrc/security/mit-krb5/patches/patch-config_lib.in \
pkgsrc/security/mit-krb5/patches/patch-config_libnover.in \
pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf \
pkgsrc/security/mit-krb5/patches/patch-include_osconf.hin \
pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_ss_wrapper.c \
pkgsrc/security/mit-krb5/patches/patch-lib_apputils_Makefile.in \
pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in \
pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_libdb2_Makefile.in \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_otp_Makefile.in \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/mit-krb5/patches/patch-aa
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/mit-krb5/patches/patch-ae \
pkgsrc/security/mit-krb5/patches/patch-aj
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/mit-krb5/patches/patch-al
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/mit-krb5/patches/patch-cf \
pkgsrc/security/mit-krb5/patches/patch-cg \
pkgsrc/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c \
pkgsrc/security/mit-krb5/patches/patch-util_ss_Makefile.in
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/mit-krb5/patches/patch-cj \
pkgsrc/security/mit-krb5/patches/patch-config_pre.in \
pkgsrc/security/mit-krb5/patches/patch-configure.in \
pkgsrc/security/mit-krb5/patches/patch-lib_krb5_asn.1_asn1buf.h \
pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_Makefile.in
cvs rdiff -u -r1.3 -r0 \
pkgsrc/security/mit-krb5/patches/patch-lib_apputils_net-server.c
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/mit-krb5/patches/patch-lib_apputils_udppktinfo.c
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_timeofday.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/mit-krb5/MESSAGE
diff -u pkgsrc/security/mit-krb5/MESSAGE:1.1 pkgsrc/security/mit-krb5/MESSAGE:1.2
--- pkgsrc/security/mit-krb5/MESSAGE:1.1 Tue Mar 22 23:31:04 2011
+++ pkgsrc/security/mit-krb5/MESSAGE Fri Jun 15 20:46:01 2018
@@ -1,5 +1,5 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.1 2011/03/22 23:31:04 tez Exp $
+$NetBSD: MESSAGE,v 1.2 2018/06/15 20:46:01 tez Exp $
Please beware that the Kerberized r-services, telnetd and ftpd services and
the related client applications are no longer included in this package.
Index: pkgsrc/security/mit-krb5/Makefile
diff -u pkgsrc/security/mit-krb5/Makefile:1.95 pkgsrc/security/mit-krb5/Makefile:1.96
--- pkgsrc/security/mit-krb5/Makefile:1.95 Tue Oct 10 21:22:53 2017
+++ pkgsrc/security/mit-krb5/Makefile Fri Jun 15 20:46:01 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.95 2017/10/10 21:22:53 tez Exp $
+# $NetBSD: Makefile,v 1.96 2018/06/15 20:46:01 tez Exp $
-DISTNAME= krb5-1.14.6
+DISTNAME= krb5-1.16.1
PKGNAME= mit-${DISTNAME}
CATEGORIES= security
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/
Index: pkgsrc/security/mit-krb5/PLIST
diff -u pkgsrc/security/mit-krb5/PLIST:1.18 pkgsrc/security/mit-krb5/PLIST:1.19
--- pkgsrc/security/mit-krb5/PLIST:1.18 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/PLIST Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.18 2016/03/15 15:16:39 tez Exp $
+@comment $NetBSD: PLIST,v 1.19 2018/06/15 20:46:01 tez Exp $
bin/compile_et
bin/gss-client
bin/k5srvutil
@@ -45,10 +45,13 @@ include/kdb.h
include/krad.h
include/krb5.h
include/krb5/ccselect_plugin.h
+include/krb5/certauth_plugin.h
include/krb5/clpreauth_plugin.h
include/krb5/hostrealm_plugin.h
+include/krb5/kadm5_auth_plugin.h
include/krb5/kadm5_hook_plugin.h
include/krb5/kdcpreauth_plugin.h
+include/krb5/kdcpolicy_plugin.h
include/krb5/krb5.h
include/krb5/localauth_plugin.h
include/krb5/locate_plugin.h
@@ -131,3 +134,4 @@ share/examples/krb5/kdc.conf
share/examples/krb5/krb5.conf
share/examples/krb5/services.append
share/locale/en_US/LC_MESSAGES/mit-krb5.mo
+share/locale/de/LC_MESSAGES/mit-krb5.mo
Index: pkgsrc/security/mit-krb5/buildlink3.mk
diff -u pkgsrc/security/mit-krb5/buildlink3.mk:1.14 pkgsrc/security/mit-krb5/buildlink3.mk:1.15
--- pkgsrc/security/mit-krb5/buildlink3.mk:1.14 Sat Oct 26 05:28:43 2013
+++ pkgsrc/security/mit-krb5/buildlink3.mk Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.14 2013/10/26 05:28:43 richard Exp $
+# $NetBSD: buildlink3.mk,v 1.15 2018/06/15 20:46:01 tez Exp $
BUILDLINK_TREE+= mit-krb5
Index: pkgsrc/security/mit-krb5/builtin.mk
diff -u pkgsrc/security/mit-krb5/builtin.mk:1.13 pkgsrc/security/mit-krb5/builtin.mk:1.14
--- pkgsrc/security/mit-krb5/builtin.mk:1.13 Wed Nov 4 15:32:34 2015
+++ pkgsrc/security/mit-krb5/builtin.mk Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.13 2015/11/04 15:32:34 jperkin Exp $
+# $NetBSD: builtin.mk,v 1.14 2018/06/15 20:46:01 tez Exp $
BUILTIN_PKG:= mit-krb5
Index: pkgsrc/security/mit-krb5/distinfo
diff -u pkgsrc/security/mit-krb5/distinfo:1.63 pkgsrc/security/mit-krb5/distinfo:1.64
--- pkgsrc/security/mit-krb5/distinfo:1.63 Fri May 25 13:46:40 2018
+++ pkgsrc/security/mit-krb5/distinfo Fri Jun 15 20:46:01 2018
@@ -1,33 +1,31 @@
-$NetBSD: distinfo,v 1.63 2018/05/25 13:46:40 jperkin Exp $
+$NetBSD: distinfo,v 1.64 2018/06/15 20:46:01 tez Exp $
-SHA1 (krb5-1.14.6.tar.gz) = ea7928a3368ae6d8ecf29a70f70598091f226740
-RMD160 (krb5-1.14.6.tar.gz) = 7e9f8192845d11108a3c48dd707d7d4bc5dd0a29
-SHA512 (krb5-1.14.6.tar.gz) = 8a88193e40aa60bb10dc57028a7c83aaac48cfded5d369b9f5383851854f1ea3df3587f7bce8b22d4e5cf2ce5825eb37c8d85684abad29da04db34e8f7962ca7
-Size (krb5-1.14.6.tar.gz) = 12326355 bytes
-SHA1 (patch-CVE-2017-11368) = 91551099d48690c051ada72889bc645706775eb1
-SHA1 (patch-Makefile.in) = 11ead9de708f4da99233b66df2cf906b156faa87
-SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d
+SHA1 (krb5-1.16.1.tar.gz) = 8353f2d900a7d52499c7c2605d5e295f71dd5e67
+RMD160 (krb5-1.16.1.tar.gz) = 26a423032841a67974d377ad65d7361b51aa7058
+SHA512 (krb5-1.16.1.tar.gz) = fa4ec14a4ffe690861e2dd7ea39d7698af2058ce181bb733ea891f80279f4dde4bb891adec5ccb0eaddf737306e6ceb1fe3744a2946e6189a7d7d2dd3bc5ba84
+Size (krb5-1.16.1.tar.gz) = 9477480 bytes
+SHA1 (patch-Makefile.in) = adacbcb9d569107e6b7af9b0e7ee177f79a9103c
+SHA1 (patch-aa) = f94e587c4b3e15bcf7dde215cf146ba077202218
SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd
SHA1 (patch-aj) = 4ab922df1d86d86f9ef043f2c5cdf048c0477d3a
SHA1 (patch-al) = 7445639b82eadf9b1feb1448c1654fa6ddc937aa
SHA1 (patch-cf) = 806b089d3b12ea9a17c6caab59cbdeb6ec17bbc3
-SHA1 (patch-cg) = 30b1e8943b0cbe67f37bac6883f4bdd82776e6d1
+SHA1 (patch-cg) = 0c45e34ea8b5d0270c386d430b0d37469e8440ea
SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b
SHA1 (patch-config_lib.in) = 974db26486b3239e4fcd53be7280b32c802f6007
SHA1 (patch-config_libnover.in) = 53f539cf98a961483e2b4ccf278c7376dbcf52d9
-SHA1 (patch-config_pre.in) = 9b02fd3db8785ff570885eeca7ad377a315b6317
+SHA1 (patch-config_pre.in) = 255973132db9327190211214c3e33b4551bd283b
SHA1 (patch-config_shlib.conf) = c47a647307e7d883e7c22528b7b0f5ad038cbcb3
-SHA1 (patch-configure.in) = 6675fa171d6e21ad71a58ce410d3b1ecb45add4d
+SHA1 (patch-configure.in) = 2b7de47c4da223670566c70ce1a9eaa27d49a984
SHA1 (patch-include_osconf.hin) = d31a8164f417bc31a787c8e16d1bd24f27b7140d
SHA1 (patch-kadmin_cli_ss_wrapper.c) = e32e6180f8d508cb2eb18489ce2fef0a1ad0f51d
-SHA1 (patch-lib_apputils_Makefile.in) = e001c7d0e9020c0e9feb5743805ef68e64012247
-SHA1 (patch-lib_apputils_net-server.c) = a10630940fc56062c1074fdc0c43a0527fa76105
+SHA1 (patch-lib_apputils_Makefile.in) = 085004041a2bb8c4bb3074c2e71e71f22f4f06d7
+SHA1 (patch-lib_apputils_udppktinfo.c) = 47ac861181faebfe5f95c28be329ce917ece872c
SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = 74d7d172ec4c8d7f68a093befc6b40c99b119e37
-SHA1 (patch-lib_krb5_ccache_Makefile.in) = 9a12f64c15bbca3dd55edeec16ef956e8cde9043
-SHA1 (patch-lib_krb5_os_timeofday.c) = db1686d25d6f56793f3e66ddee5513e93179979d
+SHA1 (patch-lib_krb5_ccache_Makefile.in) = 330ae21ec3b290ae16478c2c49a138acac5bf2fd
SHA1 (patch-plugins_kdb_db2_Makefile.in) = f374fc5915b735075fbb751ef736f4ce54abc289
SHA1 (patch-plugins_kdb_db2_libdb2_Makefile.in) = b4b7e8e4192b5e5318f1e42c49315789619f3ae9
SHA1 (patch-plugins_preauth_otp_Makefile.in) = 8c779e3b37cab4138f300f4a09325387092c79f8
-SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = ff56050dc6a31468977c16b192b4f5d2d79764c2
-SHA1 (patch-util_k5ev_verto-k5ev.c) = 4f148a369d1634234a90c348e6b8dc366cd6773d
-SHA1 (patch-util_ss_Makefile.in) = f561b3689021b2b2db895228c717b4cdf7fbc32a
+SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = c778366d5bd1cae85424643a582013101fc9632d
+SHA1 (patch-util_k5ev_verto-k5ev.c) = 8f074ddccbaaa03576f0302437aed3aaad1b738d
+SHA1 (patch-util_ss_Makefile.in) = 5ca0bf7295a8f4c1d8e59097863940f88d224ee7
Index: pkgsrc/security/mit-krb5/files/kadmind.sh
diff -u pkgsrc/security/mit-krb5/files/kadmind.sh:1.2 pkgsrc/security/mit-krb5/files/kadmind.sh:1.3
--- pkgsrc/security/mit-krb5/files/kadmind.sh:1.2 Sun Apr 10 07:15:25 2005
+++ pkgsrc/security/mit-krb5/files/kadmind.sh Fri Jun 15 20:46:01 2018
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: kadmind.sh,v 1.2 2005/04/10 07:15:25 jlam Exp $
+# $NetBSD: kadmind.sh,v 1.3 2018/06/15 20:46:01 tez Exp $
#
# PROVIDE: kadmind
# REQUIRE: kdc
Index: pkgsrc/security/mit-krb5/files/kdc.sh
diff -u pkgsrc/security/mit-krb5/files/kdc.sh:1.2 pkgsrc/security/mit-krb5/files/kdc.sh:1.3
--- pkgsrc/security/mit-krb5/files/kdc.sh:1.2 Sun Apr 10 07:15:25 2005
+++ pkgsrc/security/mit-krb5/files/kdc.sh Fri Jun 15 20:46:01 2018
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: kdc.sh,v 1.2 2005/04/10 07:15:25 jlam Exp $
+# $NetBSD: kdc.sh,v 1.3 2018/06/15 20:46:01 tez Exp $
#
# PROVIDE: kdc
# REQUIRE: NETWORKING
Index: pkgsrc/security/mit-krb5/patches/patch-Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-Makefile.in:1.1 pkgsrc/security/mit-krb5/patches/patch-Makefile.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-Makefile.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,32 +1,35 @@
-$NetBSD: patch-Makefile.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-Makefile.in,v 1.2 2018/06/15 20:46:01 tez Exp $
Don't build plugin examples & tests and avoid libtool problem.
No idea why... copied from previous instance of this package.
---- Makefile.in.orig 2016-02-29 19:50:13.000000000 +0000
+--- Makefile.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ Makefile.in
-@@ -9,20 +9,11 @@ mydir=.
+@@ -9,23 +9,11 @@ mydir=.
SUBDIRS=util include lib \
@sam2_plugin@ \
plugins/audit \
- plugins/audit/test \
@audit_plugin@ \
- plugins/kadm5_hook/test \
+- plugins/kadm5_auth/test \
- plugins/hostrealm/test \
- plugins/localauth/test \
- plugins/pwqual/test \
- plugins/authdata/greet_server \
- plugins/authdata/greet_client \
+- plugins/certauth/test \
plugins/kdb/db2 \
@ldap_plugin_dir@ \
- plugins/kdb/test \
+- plugins/kdcpolicy/test \
plugins/preauth/otp \
plugins/preauth/pkinit \
- plugins/preauth/test \
plugins/tls/k5tls \
kdc kadmin slave clients appl tests \
config-files build-tools man doc @po@
-@@ -75,7 +66,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO
+@@ -76,7 +64,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO
install-strip:
$(MAKE) install INSTALL_STRIP=-s
@@ -35,12 +38,12 @@ No idea why... copied from previous inst
install-mkdirs:
@for i in $(INSTALLMKDIRS); do \
-@@ -86,7 +77,7 @@ install-headers-mkdirs:
+@@ -87,7 +75,7 @@ install-headers-mkdirs:
$(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)
$(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssapi
$(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssrpc
-install-headers-prerecurse: install-headers-mkdirs
+install-headers-prerecurse:
- # install::
- # $(MAKE) $(MFLAGS) install.man
+ clean-:: clean-windows
+ clean-unix::
Index: pkgsrc/security/mit-krb5/patches/patch-config_lib.in
diff -u pkgsrc/security/mit-krb5/patches/patch-config_lib.in:1.1 pkgsrc/security/mit-krb5/patches/patch-config_lib.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-config_lib.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-config_lib.in Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-config_lib.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-config_lib.in,v 1.2 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
(was patch-ad)
Index: pkgsrc/security/mit-krb5/patches/patch-config_libnover.in
diff -u pkgsrc/security/mit-krb5/patches/patch-config_libnover.in:1.1 pkgsrc/security/mit-krb5/patches/patch-config_libnover.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-config_libnover.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-config_libnover.in Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-config_libnover.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-config_libnover.in,v 1.2 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
(was patch-ci)
Index: pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf
diff -u pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf:1.1 pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf:1.2
--- pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-config_shlib.conf,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-config_shlib.conf,v 1.2 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
(was patch-ag)
Index: pkgsrc/security/mit-krb5/patches/patch-include_osconf.hin
diff -u pkgsrc/security/mit-krb5/patches/patch-include_osconf.hin:1.1 pkgsrc/security/mit-krb5/patches/patch-include_osconf.hin:1.2
--- pkgsrc/security/mit-krb5/patches/patch-include_osconf.hin:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-include_osconf.hin Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-include_osconf.hin,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-include_osconf.hin,v 1.2 2018/06/15 20:46:01 tez Exp $
prefer @SYSCONFDIR as location for krb5.conf
(was patch-ah)
Index: pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_ss_wrapper.c
diff -u pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_ss_wrapper.c:1.1 pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_ss_wrapper.c:1.2
--- pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_ss_wrapper.c:1.1 Fri Oct 28 20:56:14 2016
+++ pkgsrc/security/mit-krb5/patches/patch-kadmin_cli_ss_wrapper.c Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-kadmin_cli_ss_wrapper.c,v 1.1 2016/10/28 20:56:14 tez Exp $
+$NetBSD: patch-kadmin_cli_ss_wrapper.c,v 1.2 2018/06/15 20:46:01 tez Exp $
Fix build on OS X (missing time_t definition)
Index: pkgsrc/security/mit-krb5/patches/patch-lib_apputils_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-lib_apputils_Makefile.in:1.1 pkgsrc/security/mit-krb5/patches/patch-lib_apputils_Makefile.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-lib_apputils_Makefile.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-lib_apputils_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,17 +1,17 @@
-$NetBSD: patch-lib_apputils_Makefile.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-lib_apputils_Makefile.in,v 1.2 2018/06/15 20:46:01 tez Exp $
libapputils is an internal library, so make it a convenience libtool archive.
(was patch-ck)
---- lib/apputils/Makefile.in.orig 2016-02-29 19:50:13.000000000 +0000
+--- lib/apputils/Makefile.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ lib/apputils/Makefile.in
@@ -14,6 +14,9 @@ SED = sed
- STLIBOBJS=net-server.o @LIBOBJS@
+ STLIBOBJS=net-server.o udppktinfo.o @LIBOBJS@
LIBBASE=apputils
+LIBTOOL_TAIL=
+PROG_RPATH= ${KRB5_LIBDIR}
+SHLIB_RDIRS= ${KRB5_LIBDIR}
- all-unix:: all-liblinks
+ all-unix: all-liblinks
clean-unix:: clean-liblinks clean-libs clean-libobjs
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in:1.1 pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-plugins_kdb_db2_Makefile.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-plugins_kdb_db2_Makefile.in,v 1.2 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
(was patch-ch)
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_libdb2_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_libdb2_Makefile.in:1.1 pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_libdb2_Makefile.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_libdb2_Makefile.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_kdb_db2_libdb2_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-plugins_kdb_db2_libdb2_Makefile.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-plugins_kdb_db2_libdb2_Makefile.in,v 1.2 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_otp_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_otp_Makefile.in:1.1 pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_otp_Makefile.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_otp_Makefile.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_otp_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-plugins_preauth_otp_Makefile.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-plugins_preauth_otp_Makefile.in,v 1.2 2018/06/15 20:46:01 tez Exp $
--- plugins/preauth/otp/Makefile.in.orig 2016-03-02 15:29:43.595168500 +0000
+++ plugins/preauth/otp/Makefile.in
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in:1.1 pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in:1.2
--- pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in:1.1 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,8 +1,8 @@
-$NetBSD: patch-plugins_preauth_pkinit_Makefile.in,v 1.1 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-plugins_preauth_pkinit_Makefile.in,v 1.2 2018/06/15 20:46:01 tez Exp $
---- plugins/preauth/pkinit/Makefile.in.orig 2016-03-02 15:30:03.611463900 +0000
+--- plugins/preauth/pkinit/Makefile.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ plugins/preauth/pkinit/Makefile.in
-@@ -9,8 +9,8 @@ LIBMINOR=0
+@@ -8,8 +8,8 @@ LIBMINOR=0
RELDIR=../plugins/preauth/pkinit
# Depends on libk5crypto and libkrb5
SHLIB_EXPDEPS = \
@@ -10,6 +10,6 @@ $NetBSD: patch-plugins_preauth_pkinit_Ma
- $(TOPLIBD)/libkrb5$(SHLIBEXT)
+ $(TOPLIBD)/libk5crypto$(DEPLIBEXT) \
+ $(TOPLIBD)/libkrb5$(DEPLIBEXT)
- SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(PKINIT_CRYPTO_IMPL_LIBS) $(DL_LIB) $(SUPPORT_LIB) $(LIBS)
- DEFINES=-DPKINIT_DYNOBJEXT=\""$(PKINIT_DYNOBJEXT)"\"
+ SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -lcrypto $(DL_LIB) $(SUPPORT_LIB) $(LIBS)
+ STLIBOBJS= \
Index: pkgsrc/security/mit-krb5/patches/patch-aa
diff -u pkgsrc/security/mit-krb5/patches/patch-aa:1.5 pkgsrc/security/mit-krb5/patches/patch-aa:1.6
--- pkgsrc/security/mit-krb5/patches/patch-aa:1.5 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-aa Fri Jun 15 20:46:01 2018
@@ -1,20 +1,20 @@
-$NetBSD: patch-aa,v 1.5 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-aa,v 1.6 2018/06/15 20:46:01 tez Exp $
Don't make sunpro warnings into errors (warnings are seen in gcc too)
Add --enable-pkgsrc-libtool option
---- aclocal.m4.orig 2012-05-31 23:49:44.000000000 +0000
+--- aclocal.m4.orig 2018-05-03 14:34:47.000000000 +0000
+++ aclocal.m4
-@@ -611,7 +611,7 @@ else
- # works, but it also means that declaration-in-code warnings won't
- # be issued.
- # -v -fd -errwarn=E_DECLARATION_IN_CODE ...
-- WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED,E_ATTRIBUTE_PARAM_UNDEFINED"
-+ WARN_CFLAGS="-errtags=yes"
- WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64"
- fi
- fi
-@@ -1038,6 +1038,9 @@ AC_SUBST(SHLIBVEXT)
+@@ -633,7 +633,7 @@ else
+ if test "x$krb5_ac_warn_cflags_set" = xset ; then
+ AC_MSG_NOTICE(not adding extra warning flags because WARN_CFLAGS was set)
+ else
+- WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED,E_ATTRIBUTE_PARAM_UNDEFINED"
++ WARN_CFLAGS="-errtags=yes"
+ fi
+ if test "x$krb5_ac_warn_cxxflags_set" = xset ; then
+ AC_MSG_NOTICE(not adding extra warning flags because WARN_CXXFLAGS was set)
+@@ -1068,6 +1068,9 @@ AC_SUBST(SHLIBVEXT)
AC_SUBST(SHLIBSEXT)
AC_SUBST(DEPLIBEXT)
AC_SUBST(PFLIBEXT)
@@ -24,7 +24,7 @@ Add --enable-pkgsrc-libtool option
AC_SUBST(LIBINSTLIST)
AC_SUBST(DYNOBJEXT)
AC_SUBST(MAKE_DYNOBJ_COMMAND)
-@@ -1054,6 +1057,7 @@ AC_SUBST(OBJLISTS)
+@@ -1085,6 +1088,7 @@ AC_SUBST(OBJLISTS)
AC_SUBST(STOBJEXT)
AC_SUBST(SHOBJEXT)
AC_SUBST(PFOBJEXT)
@@ -32,7 +32,7 @@ Add --enable-pkgsrc-libtool option
AC_SUBST(PICFLAGS)
AC_SUBST(PROFFLAGS)])
-@@ -1168,11 +1172,42 @@ else
+@@ -1199,11 +1203,42 @@ else
KDB5_PLUGIN_DEPLIBS=
KDB5_PLUGIN_LIBS=
fi
Index: pkgsrc/security/mit-krb5/patches/patch-ae
diff -u pkgsrc/security/mit-krb5/patches/patch-ae:1.4 pkgsrc/security/mit-krb5/patches/patch-ae:1.5
--- pkgsrc/security/mit-krb5/patches/patch-ae:1.4 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-ae Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-ae,v 1.4 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-ae,v 1.5 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
Index: pkgsrc/security/mit-krb5/patches/patch-aj
diff -u pkgsrc/security/mit-krb5/patches/patch-aj:1.4 pkgsrc/security/mit-krb5/patches/patch-aj:1.5
--- pkgsrc/security/mit-krb5/patches/patch-aj:1.4 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-aj Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-aj,v 1.4 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-aj,v 1.5 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
Index: pkgsrc/security/mit-krb5/patches/patch-al
diff -u pkgsrc/security/mit-krb5/patches/patch-al:1.7 pkgsrc/security/mit-krb5/patches/patch-al:1.8
--- pkgsrc/security/mit-krb5/patches/patch-al:1.7 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-al Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-al,v 1.7 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-al,v 1.8 2018/06/15 20:46:01 tez Exp $
Add DragonFly support. Fallback to LINE_MAX if BUFSIZ is not defined.
Index: pkgsrc/security/mit-krb5/patches/patch-cf
diff -u pkgsrc/security/mit-krb5/patches/patch-cf:1.3 pkgsrc/security/mit-krb5/patches/patch-cf:1.4
--- pkgsrc/security/mit-krb5/patches/patch-cf:1.3 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-cf Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-cf,v 1.3 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-cf,v 1.4 2018/06/15 20:46:01 tez Exp $
Add needed headers
Index: pkgsrc/security/mit-krb5/patches/patch-cg
diff -u pkgsrc/security/mit-krb5/patches/patch-cg:1.3 pkgsrc/security/mit-krb5/patches/patch-cg:1.4
--- pkgsrc/security/mit-krb5/patches/patch-cg:1.3 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-cg Fri Jun 15 20:46:01 2018
@@ -1,15 +1,15 @@
-$NetBSD: patch-cg,v 1.3 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-cg,v 1.4 2018/06/15 20:46:01 tez Exp $
Add two files that need to be generated and otherwise are not
---- lib/kdb/Makefile.in.orig 2012-05-31 23:49:44.000000000 +0000
+--- lib/kdb/Makefile.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ lib/kdb/Makefile.in
-@@ -62,7 +62,7 @@ clean-unix:: clean-liblinks clean-libs c
- check-pytests:: t_stringattr
- $(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS)
+@@ -63,7 +63,7 @@ check-pytests: t_stringattr
+ check-cmocka: t_sort_key_data
+ $(RUN_TEST) ./t_sort_key_data > /dev/null
-generate-files-mac: darwin.exports
+generate-files-mac: darwin.exports adb_err.h adb_err.c
- depend:: adb_err.h
+ depend: adb_err.h
Index: pkgsrc/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c
diff -u pkgsrc/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c:1.3 pkgsrc/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c:1.4
--- pkgsrc/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c:1.3 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c Fri Jun 15 20:46:01 2018
@@ -1,8 +1,8 @@
-$NetBSD: patch-util_k5ev_verto-k5ev.c,v 1.3 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-util_k5ev_verto-k5ev.c,v 1.4 2018/06/15 20:46:01 tez Exp $
Fix include file path
---- util/verto/verto-k5ev.c.orig 2016-02-29 19:50:13.000000000 +0000
+--- util/verto/verto-k5ev.c.orig 2018-05-03 14:34:47.000000000 +0000
+++ util/verto/verto-k5ev.c
@@ -35,7 +35,7 @@
@@ -10,6 +10,6 @@ Fix include file path
#include <verto-module.h>
-#include "rename.h"
+#include "gssrpc/rename.h"
- #define EV_STANDALONE 1
- /* Avoid using clock_gettime, which would create a dependency on librt. */
- #define EV_USE_MONOTONIC 0
+
+ /* Ignore some warnings generated by the libev code, which the libev maintainer
+ * isn't interested in avoiding. */
Index: pkgsrc/security/mit-krb5/patches/patch-util_ss_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-util_ss_Makefile.in:1.3 pkgsrc/security/mit-krb5/patches/patch-util_ss_Makefile.in:1.4
--- pkgsrc/security/mit-krb5/patches/patch-util_ss_Makefile.in:1.3 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-util_ss_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,8 +1,8 @@
-$NetBSD: patch-util_ss_Makefile.in,v 1.3 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-util_ss_Makefile.in,v 1.4 2018/06/15 20:46:01 tez Exp $
Only build a static library as this library is not installed.
---- util/ss/Makefile.in.orig 2016-02-29 19:50:13.000000000 +0000
+--- util/ss/Makefile.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ util/ss/Makefile.in
@@ -13,6 +13,8 @@ LIBBASE=ss
LIBMAJOR=1
@@ -12,4 +12,4 @@ Only build a static library as this libr
+SHLIB_RDIRS=${KRB5_LIBDIR}
clean-unix:: clean-liblinks clean-libs clean-libobjs
- install-unix:: install-libs
+ install-unix: install-libs
Index: pkgsrc/security/mit-krb5/patches/patch-cj
diff -u pkgsrc/security/mit-krb5/patches/patch-cj:1.2 pkgsrc/security/mit-krb5/patches/patch-cj:1.3
--- pkgsrc/security/mit-krb5/patches/patch-cj:1.2 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-cj Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-cj,v 1.2 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-cj,v 1.3 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
Index: pkgsrc/security/mit-krb5/patches/patch-config_pre.in
diff -u pkgsrc/security/mit-krb5/patches/patch-config_pre.in:1.2 pkgsrc/security/mit-krb5/patches/patch-config_pre.in:1.3
--- pkgsrc/security/mit-krb5/patches/patch-config_pre.in:1.2 Tue Jun 21 14:58:17 2016
+++ pkgsrc/security/mit-krb5/patches/patch-config_pre.in Fri Jun 15 20:46:01 2018
@@ -1,12 +1,12 @@
-$NetBSD: patch-config_pre.in,v 1.2 2016/06/21 14:58:17 fhajny Exp $
+$NetBSD: patch-config_pre.in,v 1.3 2018/06/15 20:46:01 tez Exp $
Add --enable-pkgsrc-libtool option
Use $(ROOT_USER) in place of root
Make sure LDFLAGS are not ignored
---- config/pre.in.orig 2016-02-29 19:50:13.000000000 +0000
+--- config/pre.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ config/pre.in
-@@ -168,6 +168,7 @@ PTHREAD_LIBS = @PTHREAD_LIBS@
+@@ -171,6 +171,7 @@ PTHREAD_LIBS = @PTHREAD_LIBS@
THREAD_LINKOPTS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS)
CPPFLAGS = @CPPFLAGS@
DEFS = @DEFS@
@@ -14,7 +14,7 @@ Make sure LDFLAGS are not ignored
CC = @CC@
CXX = @CXX@
LD = $(PURE) @LD@
-@@ -177,11 +178,12 @@ LIBS = @LIBS@
+@@ -180,11 +181,12 @@ LIBS = @LIBS@
INSTALL=@INSTALL@
INSTALL_STRIP=
@@ -30,7 +30,7 @@ Make sure LDFLAGS are not ignored
## This is needed because autoconf will sometimes define @exec_prefix@ to be
## ${prefix}.
prefix=@prefix@
-@@ -312,6 +314,10 @@ PROG_RPATH_FLAGS=@PROG_RPATH_FLAGS@
+@@ -315,6 +317,10 @@ PROG_RPATH_FLAGS=@PROG_RPATH_FLAGS@
# depending on whether we're building with shared libraries.
DEPLIBEXT=@DEPLIBEXT@
@@ -41,7 +41,7 @@ Make sure LDFLAGS are not ignored
KDB5_PLUGIN_DEPLIBS = @KDB5_PLUGIN_DEPLIBS@
KDB5_PLUGIN_LIBS = @KDB5_PLUGIN_LIBS@
-@@ -329,12 +335,12 @@ COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_er
+@@ -332,12 +338,12 @@ COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_er
SUPPORT_LIBNAME=krb5support
SUPPORT_DEPLIB = $(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(DEPLIBEXT)
@@ -57,7 +57,7 @@ Make sure LDFLAGS are not ignored
KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
KDB5_DEPLIBS = $(KDB5_DEPLIB) $(KDB5_PLUGIN_DEPLIBS)
-@@ -373,7 +379,7 @@ RL_LIBS = @RL_LIBS@
+@@ -376,7 +382,7 @@ RL_LIBS = @RL_LIBS@
SS_LIB = $(SS_LIB-@SS_VERSION@)
SS_LIB-sys = @SS_LIB@
@@ -66,17 +66,17 @@ Make sure LDFLAGS are not ignored
KDB5_LIB = -lkdb5 $(KDB5_PLUGIN_LIBS)
VERTO_DEPLIB = $(VERTO_DEPLIB-@VERTO_VERSION@)
-@@ -552,6 +558,9 @@ MAKE_DYNOBJ_COMMAND=@MAKE_DYNOBJ_COMMAND
+@@ -556,6 +562,9 @@ MAKE_DYNOBJ_COMMAND=@MAKE_DYNOBJ_COMMAND
DYNOBJ_EXPDEPS=@DYNOBJ_EXPDEPS@
DYNOBJ_EXPFLAGS=@DYNOBJ_EXPFLAGS@
+# usually .la
+LALIBEXT=@LALIBEXT@
+
- # File with symbol names to be exported, both functions and data,
- # currently not distinguished.
- SHLIB_EXPORT_FILE=$(srcdir)/$(LIBPREFIX)$(LIBBASE).exports
-@@ -573,6 +582,7 @@ SHLIB_RPATH_FLAGS=@SHLIB_RPATH_FLAGS@
+ # For some platforms, a flag which causes shared library creation to
+ # check for undefined symbols. Suppressed when using --enable-asan.
+ UNDEF_CHECK=@UNDEF_CHECK@
+@@ -587,6 +596,7 @@ SHLIB_RPATH_FLAGS=@SHLIB_RPATH_FLAGS@
# flags for explicit libraries depending on this one,
# e.g. "$(SHLIB_RPATH_FLAGS) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)"
SHLIB_EXPFLAGS=@SHLIB_EXPFLAGS@
@@ -84,7 +84,7 @@ Make sure LDFLAGS are not ignored
## Parameters to be set by configure for use in libobj.in:
-@@ -584,6 +594,11 @@ OBJLISTS=@OBJLISTS@
+@@ -598,6 +608,11 @@ OBJLISTS=@OBJLISTS@
# the suffix substitution will break on some platforms!
SHLIBOBJS=$(STLIBOBJS:.o=@SHOBJEXT@)
PFLIBOBJS=$(STLIBOBJS:.o=@PFOBJEXT@)
Index: pkgsrc/security/mit-krb5/patches/patch-configure.in
diff -u pkgsrc/security/mit-krb5/patches/patch-configure.in:1.2 pkgsrc/security/mit-krb5/patches/patch-configure.in:1.3
--- pkgsrc/security/mit-krb5/patches/patch-configure.in:1.2 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-configure.in Fri Jun 15 20:46:01 2018
@@ -1,15 +1,21 @@
-$NetBSD: patch-configure.in,v 1.2 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-configure.in,v 1.3 2018/06/15 20:46:01 tez Exp $
Find the correct libcrypto.
---- configure.in.orig 2016-02-29 19:50:13.000000000 +0000
+--- configure.in.orig 2018-05-03 14:34:47.000000000 +0000
+++ configure.in
-@@ -277,7 +277,7 @@ AC_MSG_NOTICE(pkinit will use '$withval'
- ], withval=$PKINIT_CRYPTO_IMPL)
- case "$withval" in
- builtin|openssl)
-- AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto)
-+ AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS="-L${BUILDLINK_PREFIX_OPENSSL}/lib -lcrypto")
- PKINIT_CRYPTO_IMPL=openssl
- AC_CHECK_LIB(crypto, CMS_get0_content,
- [AC_DEFINE([HAVE_OPENSSL_CMS], 1,
+@@ -287,12 +287,12 @@ AC_HELP_STRING([--with-tls-impl=IMPL],
+ case "$TLS_IMPL" in
+ openssl|auto)
+ AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
+- -lcrypto)
++ "-L${BUILDLINK_PREFIX_OPENSSL}/lib -lcrypto")
+ AC_MSG_CHECKING([for OpenSSL])
+ if test x$have_lib_ssl = xtrue ; then
+ AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
+ AC_MSG_RESULT([yes])
+- TLS_IMPL_LIBS="-lssl -lcrypto"
++ TLS_IMPL_LIBS="-L${BUILDLINK_PREFIX_OPENSSL}/lib -lssl -lcrypto"
+ TLS_IMPL=openssl
+ AC_MSG_NOTICE([TLS module will use OpenSSL])
+ else
Index: pkgsrc/security/mit-krb5/patches/patch-lib_krb5_asn.1_asn1buf.h
diff -u pkgsrc/security/mit-krb5/patches/patch-lib_krb5_asn.1_asn1buf.h:1.2 pkgsrc/security/mit-krb5/patches/patch-lib_krb5_asn.1_asn1buf.h:1.3
--- pkgsrc/security/mit-krb5/patches/patch-lib_krb5_asn.1_asn1buf.h:1.2 Tue Mar 15 15:16:39 2016
+++ pkgsrc/security/mit-krb5/patches/patch-lib_krb5_asn.1_asn1buf.h Fri Jun 15 20:46:01 2018
@@ -1,4 +1,4 @@
-$NetBSD: patch-lib_krb5_asn.1_asn1buf.h,v 1.2 2016/03/15 15:16:39 tez Exp $
+$NetBSD: patch-lib_krb5_asn.1_asn1buf.h,v 1.3 2018/06/15 20:46:01 tez Exp $
Clang does not like this kind of inlines.
Index: pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_Makefile.in:1.2 pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_Makefile.in:1.3
--- pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_Makefile.in:1.2 Mon Oct 31 17:15:36 2016
+++ pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_Makefile.in Fri Jun 15 20:46:01 2018
@@ -1,16 +1,16 @@
-$NetBSD: patch-lib_krb5_ccache_Makefile.in,v 1.2 2016/10/31 17:15:36 tez Exp $
+$NetBSD: patch-lib_krb5_ccache_Makefile.in,v 1.3 2018/06/15 20:46:01 tez Exp $
Fix build on OS X (missing kcmrpc.h)
---- lib/krb5/ccache/Makefile.in.orig 2016-09-13 14:59:44.000000000 -0500
-+++ lib/krb5/ccache/Makefile.in 2016-10-28 14:00:21.000000000 -0500
-@@ -93,6 +93,8 @@
+--- lib/krb5/ccache/Makefile.in.orig 2018-05-03 14:34:47.000000000 +0000
++++ lib/krb5/ccache/Makefile.in
+@@ -96,6 +96,8 @@ all-unix: all-libobjs
- all-windows:: subdirs $(OBJFILE)
+ all-windows: subdirs $(OBJFILE)
+generate-files-mac: $(KCMRPC_DEPS)
+
- ##DOS##subdirs:: ccapi\$(OUTPRE)file.lst
+ ##DOS##subdirs: ccapi\$(OUTPRE)file.lst
- ##DOS##ccapi\$(OUTPRE)file.lst::
+ ##DOS##ccapi\$(OUTPRE)file.lst:
Added files:
Index: pkgsrc/security/mit-krb5/patches/patch-lib_apputils_udppktinfo.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-lib_apputils_udppktinfo.c:1.1
--- /dev/null Fri Jun 15 20:46:01 2018
+++ pkgsrc/security/mit-krb5/patches/patch-lib_apputils_udppktinfo.c Fri Jun 15 20:46:01 2018
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_apputils_udppktinfo.c,v 1.1 2018/06/15 20:46:01 tez Exp $
+
+Don't use IP_PKTINFO on NetBSD, it doesn't support all required fields.
+(based on prior patch-lib_apputils_net-server.c)
+
+--- ./lib/apputils/udppktinfo.c.orig 2018-06-13 17:53:37.880688500 +0000
++++ ./lib/apputils/udppktinfo.c
+@@ -129,7 +129,7 @@ set_pktinfo(int sock, int family)
+ }
+ }
+
+-#if defined(HAVE_PKTINFO_SUPPORT) && defined(CMSG_SPACE)
++#if defined(HAVE_PKTINFO_SUPPORT) && defined(CMSG_SPACE) && !defined(__NetBSD__)
+
+ /*
+ * Check if a socket is bound to a wildcard address.
Home |
Main Index |
Thread Index |
Old Index