-
Notifications
You must be signed in to change notification settings - Fork 730
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/krb5-120: Welcome new krb5 1.20
Welcome the new krb5-120 (1.20) from MIT. krb5-118 is now deprecated and scheduled for removal a year from now.
- Loading branch information
Showing
15 changed files
with
562 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
# Created by: nectar@FreeBSD.org | ||
|
||
PORTNAME= krb5 | ||
PORTVERSION= 1.20 | ||
CATEGORIES= security | ||
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ | ||
.if !defined(MASTERDIR) | ||
PKGNAMESUFFIX= -120 | ||
.endif | ||
|
||
PATCH_SITES= http://web.mit.edu/kerberos/advisories/ | ||
PATCH_DIST_STRIP= -p2 | ||
|
||
MAINTAINER= cy@FreeBSD.org | ||
COMMENT= MIT implementation of RFC 4120 network authentication service | ||
|
||
LICENSE= MIT | ||
|
||
CONFLICTS= heimdal krb5 krb5-* | ||
CONFLICTS_BUILD= boringssl | ||
|
||
KERBEROSV_URL= http://web.mit.edu/kerberos/ | ||
USES= compiler:c++11-lang cpe gmake gettext-runtime \ | ||
gssapi:bootstrap,mit libtool:build localbase \ | ||
perl5 pkgconfig ssl | ||
USE_CSTD= gnu99 | ||
USE_LDCONFIG= yes | ||
USE_PERL5= build | ||
GNU_CONFIGURE= yes | ||
CONFIGURE_ARGS?= --enable-shared --without-system-verto \ | ||
--disable-rpath --localstatedir="${PREFIX}/var" \ | ||
--runstatedir="${PREFIX}/var/run" | ||
CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" | ||
MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" | ||
|
||
CPE_VENDOR= mit | ||
CPE_VERSION= 5-${PORTVERSION} | ||
CPE_PRODUCT= kerberos | ||
|
||
OPTIONS_DEFINE= EXAMPLES NLS KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP LMDB | ||
OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE | ||
OPTIONS_RADIO= CMD_LINE_EDITING | ||
OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT | ||
CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil | ||
KRB5_PDF_DESC= Install krb5 PDF documentation | ||
KRB5_HTML_DESC= Install krb5 HTML documentation | ||
DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names | ||
DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm | ||
LDAP= Enable LDAP support | ||
LDAP_USE= OPENLDAP=yes | ||
LDAP_CONFIGURE_WITH= ldap | ||
LMDB_DESC= OpenLDAP Lightning Memory-Mapped Database support | ||
LMDB_CONFIGURE_WITH= lmdb | ||
LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb | ||
LMDB_IMPLIES= LDAP | ||
NLS_USES= gettext | ||
READLINE_USES= readline | ||
READLINE_CONFIGURE_WITH=readline | ||
LIBEDIT_USES= libedit | ||
LIBEDIT_CONFIGURE_WITH= libedit | ||
|
||
.if defined(KRB5_HOME) | ||
PREFIX= ${KRB5_HOME} | ||
.endif | ||
CPPFLAGS+= -I${OPENSSLINC} | ||
LDFLAGS+= -L${OPENSSLLIB} | ||
|
||
USE_RC_SUBR= kpropd | ||
OPTIONS_SUB= yes | ||
WRKSRC_SUBDIR= src | ||
PORTEXAMPLES= kdc.conf krb5.conf services.append | ||
|
||
.include <bsd.port.options.mk> | ||
|
||
# Fix up -Wl,-rpath in LDFLAGS | ||
.if !empty(KRB5_HOME) | ||
_RPATH= ${KRB5_HOME}/lib: | ||
.else | ||
_RPATH= ${LOCALBASE}/lib: | ||
.endif | ||
.if !empty(LDFLAGS:M-Wl,-rpath,*) | ||
.for F in ${LDFLAGS:M-Wl,-rpath,*} | ||
LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ | ||
${LDFLAGS:N-Wl,-rpath,*} | ||
.endfor | ||
.endif | ||
|
||
.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} | ||
BROKEN= LIB_DEPENDS when using KRB5_HOME is broken | ||
.endif | ||
|
||
.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" | ||
CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" | ||
.endif | ||
|
||
HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html | ||
PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf | ||
|
||
.include <bsd.port.pre.mk> | ||
|
||
post-install: | ||
@${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 | ||
@${SED} "s|%%PREFIX%%|${PREFIX}|" ${FILESDIR}/kdc.in > ${STAGEDIR}${PREFIX}/sbin/kdc; \ | ||
${CHMOD} +x ${STAGEDIR}${PREFIX}/sbin/kdc | ||
# html documentation | ||
.if ${PORT_OPTIONS:MKRB5_PDF} | ||
pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` | ||
pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` | ||
for i in $${pdf_dirs}; do \ | ||
${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ | ||
done; \ | ||
for i in $${pdf_files}; do \ | ||
${INSTALL_DATA} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ | ||
${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ | ||
done | ||
.endif | ||
.if ${PORT_OPTIONS:MKRB5_HTML} | ||
html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` | ||
html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` | ||
for i in $${html_dirs}; do \ | ||
${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ | ||
done; \ | ||
for i in $${html_files}; do \ | ||
${INSTALL_DATA} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ | ||
${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ | ||
done | ||
.endif | ||
.if ${PORT_OPTIONS:MKRB5_PDF} | ||
for i in $${pdf_dirs}; do \ | ||
${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ | ||
done | ${TAIL} -r >> ${TMPPLIST} | ||
.endif | ||
.if ${PORT_OPTIONS:MKRB5_HTML} | ||
for i in $${html_dirs}; do \ | ||
${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ | ||
done | ${TAIL} -r >> ${TMPPLIST} | ||
.endif | ||
${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST} | ||
|
||
post-install-LDAP-on: | ||
${MKDIR} ${STAGEDIR}${DATADIR} | ||
${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \ | ||
${STAGEDIR}${DATADIR} | ||
${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \ | ||
${STAGEDIR}${DATADIR} | ||
|
||
.include <bsd.port.post.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
TIMESTAMP = 1653608400 | ||
SHA256 (krb5-1.20.tar.gz) = 7e022bdd3c851830173f9faaa006a230a0e0fdad4c953e85bff4bf0da036e12f | ||
SIZE (krb5-1.20.tar.gz) = 8660756 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh - | ||
|
||
set -- $(echo "$*" | sed 's/--detach//') | ||
exec %%PREFIX%%/sbin/krb5kdc "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
#!/bin/sh | ||
|
||
# PROVIDE: kpropd | ||
# REQUIRE: LOGIN | ||
# KEYWORD: shutdown | ||
# | ||
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf | ||
# to enable this service: | ||
# | ||
# kpropd_enable (bool): Set to NO by default. | ||
# Set it to YES to enable kpropd. | ||
# kpropd_flags (str): Set to "" by default. | ||
|
||
. /etc/rc.subr | ||
|
||
name=kpropd | ||
rcvar=kpropd_enable | ||
|
||
load_rc_config $name | ||
|
||
: ${kpropd_enable:="NO"} | ||
: ${kpropd_flags=""} | ||
|
||
command=%%PREFIX%%/sbin/${name} | ||
|
||
run_rc_command "$1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- clients/ksu/Makefile.in.orig 2019-05-21 14:09:23.000000000 -0700 | ||
+++ clients/ksu/Makefile.in 2019-05-21 20:30:48.612847000 -0700 | ||
@@ -1,6 +1,6 @@ | ||
mydir=clients$(S)ksu | ||
BUILDTOP=$(REL)..$(S).. | ||
-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' | ||
+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/sbin /bin /usr/sbin /usr/bin"' -DDEBUG | ||
|
||
KSU_LIBS=@KSU_LIBS@ | ||
|
||
@@ -30,6 +30,6 @@ | ||
|
||
install: | ||
-for f in ksu; do \ | ||
- $(INSTALL_SETUID) $$f \ | ||
+ $(INSTALL_PROGRAM) $$f \ | ||
$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- config/pre.in.orig 2014-10-15 16:55:10.000000000 -0700 | ||
+++ config/pre.in 2015-02-04 12:43:45.693875606 -0800 | ||
@@ -178,9 +178,9 @@ | ||
INSTALL=@INSTALL@ | ||
INSTALL_STRIP= | ||
INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) | ||
-INSTALL_SCRIPT=@INSTALL_PROGRAM@ | ||
+INSTALL_SCRIPT=@INSTALL_SCRIPT@ | ||
INSTALL_DATA=@INSTALL_DATA@ | ||
-INSTALL_SHLIB=@INSTALL_SHLIB@ | ||
+INSTALL_SHLIB=$(INSTALL_LIB) | ||
INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root | ||
## This is needed because autoconf will sometimes define @exec_prefix@ to be | ||
## ${prefix}. | ||
@@ -197,7 +197,7 @@ | ||
ADMIN_BINDIR = @sbindir@ | ||
SERVER_BINDIR = @sbindir@ | ||
CLIENT_BINDIR =@bindir@ | ||
-PKGCONFIG_DIR = @libdir@/pkgconfig | ||
+PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig | ||
ADMIN_MANDIR = $(KRB5MANROOT)/man8 | ||
SERVER_MANDIR = $(KRB5MANROOT)/man8 | ||
CLIENT_MANDIR = $(KRB5MANROOT)/man1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- config/shlib.conf.orig 2015-05-08 16:27:02.000000000 -0700 | ||
+++ config/shlib.conf 2015-10-20 21:54:39.834348929 -0700 | ||
@@ -320,14 +320,15 @@ | ||
PICFLAGS=-fpic | ||
;; | ||
esac | ||
- SHLIBVEXT='.so.$(LIBMAJOR)' | ||
- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' | ||
+ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' | ||
+ SHLIBSEXT='.so.$(LIBMAJOR)' | ||
+ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' | ||
+ RPATH_FLAG='-Wl,-rpath -Wl,' | ||
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' | ||
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' | ||
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' | ||
SHLIBEXT=.so | ||
- LDCOMBINE='ld -Bshareable' | ||
- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' | ||
+ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' | ||
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' | ||
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' | ||
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 | ||
+++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 | ||
@@ -175,6 +175,7 @@ | ||
} | ||
#endif | ||
|
||
+#if 0 | ||
static int | ||
is_loopback_address(struct sockaddr *sa) | ||
{ | ||
@@ -191,6 +192,7 @@ | ||
return 0; | ||
} | ||
} | ||
+#endif | ||
|
||
#ifdef HAVE_IFADDRS_H | ||
#include <ifaddrs.h> | ||
@@ -467,12 +469,14 @@ | ||
ifp->ifa_flags &= ~IFF_UP; | ||
continue; | ||
} | ||
+#if 0 | ||
if (is_loopback_address(ifp->ifa_addr)) { | ||
/* Pretend it's not up, so the second pass will skip | ||
it. */ | ||
ifp->ifa_flags &= ~IFF_UP; | ||
continue; | ||
} | ||
+#endif | ||
/* If this address is a duplicate, punt. */ | ||
match = 0; | ||
for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { | ||
@@ -601,11 +605,13 @@ | ||
} | ||
/*@=moduncon@*/ | ||
|
||
+#if 0 | ||
/* None of the current callers want loopback addresses. */ | ||
if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { | ||
Tprintf ((" loopback\n")); | ||
goto skip; | ||
} | ||
+#endif | ||
/* Ignore interfaces that are down. */ | ||
if ((lifreq.lifr_flags & IFF_UP) == 0) { | ||
Tprintf ((" down\n")); | ||
@@ -772,11 +778,13 @@ | ||
} | ||
/*@=moduncon@*/ | ||
|
||
+#if 0 | ||
/* None of the current callers want loopback addresses. */ | ||
if (is_loopback_address(&lifr->iflr_addr)) { | ||
Tprintf ((" loopback\n")); | ||
goto skip; | ||
} | ||
+#endif | ||
/* Ignore interfaces that are down. */ | ||
if ((lifreq.iflr_flags & IFF_UP) == 0) { | ||
Tprintf ((" down\n")); | ||
@@ -987,11 +995,13 @@ | ||
} | ||
/*@=moduncon@*/ | ||
|
||
+#if 0 | ||
/* None of the current callers want loopback addresses. */ | ||
if (is_loopback_address(&ifreq.ifr_addr)) { | ||
Tprintf ((" loopback\n")); | ||
goto skip; | ||
} | ||
+#endif | ||
/* Ignore interfaces that are down. */ | ||
if ((ifreq.ifr_flags & IFF_UP) == 0) { | ||
Tprintf ((" down\n")); |
14 changes: 14 additions & 0 deletions
14
security/krb5-120/files/patch-lib__gssapi__krb5__import_name.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 | ||
+++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 | ||
@@ -33,6 +33,11 @@ | ||
#endif | ||
#endif | ||
|
||
+#include <sys/param.h> | ||
+#if __FreeBSD_version < 500100 | ||
+#include <stdio.h> | ||
+#endif | ||
+ | ||
#ifdef HAVE_STRING_H | ||
#include <string.h> | ||
#else |
23 changes: 23 additions & 0 deletions
23
security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700 | ||
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800 | ||
@@ -178,7 +178,8 @@ | ||
(*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) | ||
#endif | ||
|
||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ | ||
+ defined(LIBRESSL_VERSION_NUMBER) | ||
|
||
/* 1.1 standardizes constructor and destructor names, renaming | ||
* EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ | ||
@@ -722,6 +723,10 @@ | ||
DH_free(dh); | ||
return pkey; | ||
} | ||
+ | ||
+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) | ||
+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name | ||
+#endif | ||
|
||
static struct pkcs11_errstrings { | ||
short code; |
Oops, something went wrong.