From nobody Tue Jun 06 18:41:23 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QbK7R6YB7z4ZsmZ; Tue, 6 Jun 2023 18:41:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QbK7R6N8lz4LD8; Tue, 6 Jun 2023 18:41:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686076883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qu9xM+6O4yKs6tc36LSSx6TsV1OXwrfkJHfPHOg1W2o=; b=dfM1brI3RHvt6/tmLmMGrJgy6ahIR+i68IqtagPvBD9R5lqOMcR98vdmkYTX5GVErzZit1 L6nicakAiKbu1GjUaAs8M/YWAkuQn0bdUPztwib3H10LwVwyW5VBDQDPPdio9ON4h+maIo C7qITfrcQNvWfCeSFmpkw4Y84MLTMn9WR331qMSwtvVkzRMX2seRH9FVORl+iE/PEs8SDU 6xYNZREGmWpzSTTshtI+0QjG9e7RidX7/oHKHhnRcbw3agemWBGCq5qBzSM8m/NrbX9Kgo gP3H0wbrdiFc+4370Gk1Uxog5Zg6RyezsGacHy8JSga0rTfiP7YasaFVx9e7CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686076883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qu9xM+6O4yKs6tc36LSSx6TsV1OXwrfkJHfPHOg1W2o=; b=hRsRFmKAY/fYTdZomOYdItPW5f1IuDhR8hhLzv7xBJ/VVHLpcqpqk3CcuLZ3KdcHagCh7a RIAlQV2FQS65Ei4s6EbfPt+NQDr06+XoARiXLxqVsxhSJ7KDmPe0D28eZgCS9lpUwbqBFp ZZ40suAVP5SCb/WeiZyfW/h3okWalylyCIeYELDiuQ7awI6+plvE9nPnW8jX/UDsXA84Tx tYPsgo/FmfcCdy4/44UtHzc0MkjBya2EzKawCEY8Ju8zI5MH0f9hdYRsdnLQnf3Z5Iros/ gH9FZZcAC4ig+0QErIQ05ibalBWDu7ydv4yFBnb1PsEzqQZT42lFSSUK9+AiZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686076883; a=rsa-sha256; cv=none; b=YC9KJugBVHwJGV7f/LN2+nJvC0nz462hiTGC3eldqaVFfI8jtV+goyDeMZ4aoenhs2Fndm VGUnpN4jrMUkbsMMo0lfK1hF7pRMCqcZn3trx+wp55FH3O04BNZeGoaARBdH2XTijOsN74 proEeIDMiwiZLE/C7cgHEwl1P7ZUJ1rM08poM9nxyktVHQuJX+3FKXlIwYPVY/LmC0/twO HNDj81fbyabSW2FhEuji6lWij3psoc2Bo1dDDPG6/IBHPahLbPZnsCLCr+09RTaELImQra yyycDkNwfrY39ITA6Mg1Px+Ho/saNx2GvrtEFRUd1fZvyk0W/j9UUhdymK23gQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QbK7R5R8Vzgds; Tue, 6 Jun 2023 18:41:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 356IfNcO026247; Tue, 6 Jun 2023 18:41:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 356IfNk4026246; Tue, 6 Jun 2023 18:41:23 GMT (envelope-from git) Date: Tue, 6 Jun 2023 18:41:23 GMT Message-Id: <202306061841.356IfNk4026246@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: 49e70b32f3d1 - main - security/krb5-121: Welcome new krb5 1.21 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 49e70b32f3d1610c7a398e8f82343935362d6466 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=49e70b32f3d1610c7a398e8f82343935362d6466 commit 49e70b32f3d1610c7a398e8f82343935362d6466 Author: Cy Schubert AuthorDate: 2023-06-06 18:08:55 +0000 Commit: Cy Schubert CommitDate: 2023-06-06 18:35:40 +0000 security/krb5-121: Welcome new krb5 1.21 Welcome the new krb5-121 (1.21) from MIT. krb5-119 is now deprecated and scheduled for removal a year from now. --- security/Makefile | 1 + security/krb5-119/Makefile | 3 + security/krb5-121/Makefile | 146 +++++++++++++++++ security/krb5-121/distinfo | 3 + security/krb5-121/files/kdc.in | 4 + security/krb5-121/files/kpropd.in | 26 +++ .../krb5-121/files/patch-clients__ksu__Makefile.in | 18 +++ security/krb5-121/files/patch-config__pre.in | 23 +++ security/krb5-121/files/patch-config__shlib.conf | 22 +++ .../krb5-121/files/patch-lib-krb5-os-localaddr.c | 75 +++++++++ .../files/patch-lib__gssapi__krb5__import_name.c | 14 ++ ...lugins_preauth_pkinit_pkinit__crypto__openssl.c | 43 +++++ security/krb5-121/pkg-descr | 22 +++ security/krb5-121/pkg-plist | 178 +++++++++++++++++++++ 14 files changed, 578 insertions(+) diff --git a/security/Makefile b/security/Makefile index 4eea6943f296..815ce6240119 100644 --- a/security/Makefile +++ b/security/Makefile @@ -265,6 +265,7 @@ SUBDIR += krb5-118 SUBDIR += krb5-119 SUBDIR += krb5-120 + SUBDIR += krb5-121 SUBDIR += krb5-appl SUBDIR += krb5-devel SUBDIR += kstart diff --git a/security/krb5-119/Makefile b/security/krb5-119/Makefile index 5b295da36e8d..9e708d614760 100644 --- a/security/krb5-119/Makefile +++ b/security/krb5-119/Makefile @@ -6,6 +6,9 @@ MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0- PKGNAMESUFFIX= -119 .endif +DEPECATED= Desupported by MIT following 1.21 +EXPIRY= 2024-06-06 + PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 diff --git a/security/krb5-121/Makefile b/security/krb5-121/Makefile new file mode 100644 index 000000000000..5f593293f08a --- /dev/null +++ b/security/krb5-121/Makefile @@ -0,0 +1,146 @@ +PORTNAME= krb5 +PORTVERSION= 1.21 +CATEGORIES= security +MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ +.if !defined(MASTERDIR) +PKGNAMESUFFIX= -121 +.endif + +PATCH_SITES= http://web.mit.edu/kerberos/advisories/ +PATCH_DIST_STRIP= -p2 + +MAINTAINER= cy@FreeBSD.org +COMMENT= MIT implementation of RFC 4120 network authentication service +WWW= https://web.mit.edu/kerberos/ + +LICENSE= MIT + +CONFLICTS= heimdal krb5 krb5-11* krb5-120 +CONFLICTS_BUILD= boringssl + +KERBEROSV_URL= http://web.mit.edu/kerberos/ +USES= compiler:c++11-lang cpe gmake gettext-runtime \ + gssapi:bootstrap,mit libtool:build localbase \ + perl5 pkgconfig ssl +USE_CSTD= gnu99 +USE_LDCONFIG= yes +USE_PERL5= build +GNU_CONFIGURE= yes +CONFIGURE_ARGS?= --enable-shared --without-system-verto \ + --disable-rpath --localstatedir="${PREFIX}/var" \ + --runstatedir="${PREFIX}/var/run" +CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" +MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" + +CPE_VENDOR= mit +CPE_VERSION= 5-${PORTVERSION} +CPE_PRODUCT= kerberos + +OPTIONS_DEFINE= EXAMPLES NLS KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP LMDB +OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE +OPTIONS_RADIO= CMD_LINE_EDITING +OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT +CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil +KRB5_PDF_DESC= Install krb5 PDF documentation +KRB5_HTML_DESC= Install krb5 HTML documentation +DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names +DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm +LDAP= Enable LDAP support +LDAP_USES= ldap +LDAP_CONFIGURE_WITH= ldap +LMDB_DESC= OpenLDAP Lightning Memory-Mapped Database support +LMDB_CONFIGURE_WITH= lmdb +LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb +LMDB_IMPLIES= LDAP +NLS_USES= gettext +READLINE_USES= readline +READLINE_CONFIGURE_WITH=readline +LIBEDIT_USES= libedit +LIBEDIT_CONFIGURE_WITH= libedit + +.if defined(KRB5_HOME) +PREFIX= ${KRB5_HOME} +.endif +CPPFLAGS+= -I${OPENSSLINC} +LDFLAGS+= -L${OPENSSLLIB} + +USE_RC_SUBR= kpropd +OPTIONS_SUB= yes +WRKSRC_SUBDIR= src +PORTEXAMPLES= kdc.conf krb5.conf services.append + +.include + +# Fix up -Wl,-rpath in LDFLAGS +.if !empty(KRB5_HOME) +_RPATH= ${KRB5_HOME}/lib: +.else +_RPATH= ${LOCALBASE}/lib: +.endif +.if !empty(LDFLAGS:M-Wl,-rpath,*) +.for F in ${LDFLAGS:M-Wl,-rpath,*} +LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ + ${LDFLAGS:N-Wl,-rpath,*} +.endfor +.endif + +.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} +BROKEN= LIB_DEPENDS when using KRB5_HOME is broken +.endif + +.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" +CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" +.endif + +HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html +PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf + +.include + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 + @${SED} "s|%%PREFIX%%|${PREFIX}|" ${FILESDIR}/kdc.in > ${STAGEDIR}${PREFIX}/sbin/kdc; \ + ${CHMOD} +x ${STAGEDIR}${PREFIX}/sbin/kdc +# html documentation +.if ${PORT_OPTIONS:MKRB5_PDF} + pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` + pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` + for i in $${pdf_dirs}; do \ + ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${pdf_files}; do \ + ${INSTALL_DATA} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` + html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` + for i in $${html_dirs}; do \ + ${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${html_files}; do \ + ${INSTALL_DATA} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_PDF} + for i in $${pdf_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + for i in $${html_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif + ${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST} + +post-install-LDAP-on: + ${MKDIR} ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \ + ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \ + ${STAGEDIR}${DATADIR} + +.include diff --git a/security/krb5-121/distinfo b/security/krb5-121/distinfo new file mode 100644 index 000000000000..8683ef9cde1e --- /dev/null +++ b/security/krb5-121/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1686074406 +SHA256 (krb5-1.21.tar.gz) = 69f8aaff85484832df67a4bbacd99b9259bd95aab8c651fbbe65cdc9620ea93b +SIZE (krb5-1.21.tar.gz) = 8622539 diff --git a/security/krb5-121/files/kdc.in b/security/krb5-121/files/kdc.in new file mode 100644 index 000000000000..d462d45d47f6 --- /dev/null +++ b/security/krb5-121/files/kdc.in @@ -0,0 +1,4 @@ +#!/bin/sh - + +set -- $(echo "$*" | sed 's/--detach//') +exec %%PREFIX%%/sbin/krb5kdc "$@" diff --git a/security/krb5-121/files/kpropd.in b/security/krb5-121/files/kpropd.in new file mode 100644 index 000000000000..d2147af059d7 --- /dev/null +++ b/security/krb5-121/files/kpropd.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-121/files/patch-clients__ksu__Makefile.in b/security/krb5-121/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..3544db84fc2c --- /dev/null +++ b/security/krb5-121/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,18 @@ +--- clients/ksu/Makefile.in.orig 2019-05-21 14:09:23.000000000 -0700 ++++ clients/ksu/Makefile.in 2019-05-21 20:30:48.612847000 -0700 +@@ -1,6 +1,6 @@ + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/sbin /bin /usr/sbin /usr/bin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,6 +30,6 @@ + + install: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done diff --git a/security/krb5-121/files/patch-config__pre.in b/security/krb5-121/files/patch-config__pre.in new file mode 100644 index 000000000000..8527c550dc25 --- /dev/null +++ b/security/krb5-121/files/patch-config__pre.in @@ -0,0 +1,23 @@ +--- config/pre.in.orig 2014-10-15 16:55:10.000000000 -0700 ++++ config/pre.in 2015-02-04 12:43:45.693875606 -0800 +@@ -178,9 +178,9 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ +-INSTALL_SHLIB=@INSTALL_SHLIB@ ++INSTALL_SHLIB=$(INSTALL_LIB) + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. +@@ -197,7 +197,7 @@ + ADMIN_BINDIR = @sbindir@ + SERVER_BINDIR = @sbindir@ + CLIENT_BINDIR =@bindir@ +-PKGCONFIG_DIR = @libdir@/pkgconfig ++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig + ADMIN_MANDIR = $(KRB5MANROOT)/man8 + SERVER_MANDIR = $(KRB5MANROOT)/man8 + CLIENT_MANDIR = $(KRB5MANROOT)/man1 diff --git a/security/krb5-121/files/patch-config__shlib.conf b/security/krb5-121/files/patch-config__shlib.conf new file mode 100644 index 000000000000..3697783e47be --- /dev/null +++ b/security/krb5-121/files/patch-config__shlib.conf @@ -0,0 +1,22 @@ +--- config/shlib.conf.orig 2015-05-08 16:27:02.000000000 -0700 ++++ config/shlib.conf 2015-10-20 21:54:39.834348929 -0700 +@@ -320,14 +320,15 @@ + PICFLAGS=-fpic + ;; + esac +- SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' ++ SHLIBSEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5-121/files/patch-lib-krb5-os-localaddr.c b/security/krb5-121/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..06b6043f22c9 --- /dev/null +++ b/security/krb5-121/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -191,6 +192,7 @@ + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-121/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-121/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..40f116af2196 --- /dev/null +++ b/security/krb5-121/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 ++++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 +@@ -33,6 +33,11 @@ + #endif + #endif + ++#include ++#if __FreeBSD_version < 500100 ++#include ++#endif ++ + #ifdef HAVE_STRING_H + #include + #else diff --git a/security/krb5-121/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-121/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c new file mode 100644 index 000000000000..71d27a31b406 --- /dev/null +++ b/security/krb5-121/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -0,0 +1,43 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -184,6 +184,17 @@ pkcs11err(int err); + (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams ++#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L + + /* 1.1 standardizes constructor and destructor names, renaming +@@ -193,13 +204,6 @@ pkcs11err(int err); + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + { diff --git a/security/krb5-121/pkg-descr b/security/krb5-121/pkg-descr new file mode 100644 index 000000000000..04d20cac8766 --- /dev/null +++ b/security/krb5-121/pkg-descr @@ -0,0 +1,22 @@ +Kerberos V5 is an authentication system developed at MIT. +Abridged from the User Guide: + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the + client. The client then attempts to decrypt the TGT, using + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, + which give permission for specific services. + Since Kerberos negotiates authenticated, and optionally encrypted, + communications between two points anywhere on the internet, it + provides a layer of security that is not dependent on which side of a + firewall either client is on. + The Kerberos V5 package is designed to be easy to use. Most of the + commands are nearly identical to UNIX network programs you are already + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. + +Jacques Vidrine diff --git a/security/krb5-121/pkg-plist b/security/krb5-121/pkg-plist new file mode 100644 index 000000000000..11b1e585bfa0 --- /dev/null +++ b/security/krb5-121/pkg-plist @@ -0,0 +1,178 @@ +bin/compile_et +bin/gss-client +bin/k5srvutil +bin/kadmin +bin/kdestroy +bin/kinit +bin/klist +bin/kpasswd +bin/krb5-config +@mode 04755 +@owner root +@group wheel +bin/ksu +@mode +@owner root +@group wheel +bin/kswitch +bin/ktutil +bin/kvno +bin/sclient +bin/sim_client +bin/uuclient +include/com_err.h +include/gssapi.h +include/gssapi/gssapi.h +include/gssapi/gssapi_alloc.h +include/gssapi/gssapi_ext.h +include/gssapi/gssapi_generic.h +include/gssapi/gssapi_krb5.h +include/gssapi/mechglue.h +include/gssrpc/auth.h +include/gssrpc/auth_gss.h +include/gssrpc/auth_gssapi.h +include/gssrpc/auth_unix.h +include/gssrpc/clnt.h +include/gssrpc/netdb.h +include/gssrpc/pmap_clnt.h +include/gssrpc/pmap_prot.h +include/gssrpc/pmap_rmt.h +include/gssrpc/rename.h +include/gssrpc/rpc.h +include/gssrpc/rpc_msg.h +include/gssrpc/svc.h +include/gssrpc/svc_auth.h +include/gssrpc/types.h +include/gssrpc/xdr.h +include/krad.h +include/krb5.h +include/krb5/ccselect_plugin.h +include/krb5/clpreauth_plugin.h +include/krb5/hostrealm_plugin.h +include/krb5/kadm5_hook_plugin.h +include/krb5/kdcpolicy_plugin.h +include/krb5/kdcpreauth_plugin.h +include/krb5/localauth_plugin.h +include/krb5/krb5.h +include/krb5/locate_plugin.h +include/krb5/plugin.h +include/krb5/pwqual_plugin.h +include/kadm5/admin.h +include/kadm5/chpass_util_strings.h +include/krb5/kadm5_auth_plugin.h +include/kadm5/kadm_err.h +include/kdb.h +include/krb5/certauth_plugin.h +include/krb5/preauth_plugin.h +include/profile.h +include/verto-module.h +include/verto.h +lib/libcom_err.so +lib/libcom_err.so.3 +lib/libcom_err.so.3.0 +lib/libgssapi_krb5.so +lib/libgssapi_krb5.so.2 +lib/libgssapi_krb5.so.2.2 +lib/libgssrpc.so +lib/libgssrpc.so.4 +lib/libgssrpc.so.4.2 +lib/libk5crypto.so +lib/libk5crypto.so.3 +lib/libk5crypto.so.3.1 +lib/libkadm5clnt.so +lib/libkadm5clnt_mit.so +lib/libkadm5clnt_mit.so.12 +lib/libkadm5clnt_mit.so.12.0 +lib/libkadm5srv.so +lib/libkadm5srv_mit.so +lib/libkadm5srv_mit.so.12 +lib/libkadm5srv_mit.so.12.0 +lib/libkdb5.so +lib/libkdb5.so.10 +lib/libkdb5.so.10.0 +lib/libkrb5.so +lib/libkrb5.so.3 +lib/libkrb5.so.3.3 +lib/libkrb5support.so +lib/libkrb5support.so.0 +lib/libkrb5support.so.0.1 +lib/krb5/plugins/kdb/db2.so +%%LMDB%%lib/krb5/plugins/kdb/klmdb.so +lib/krb5/plugins/tls/k5tls.so +%%LDAP%%lib/krb5/plugins/kdb/kldap.so +lib/krb5/plugins/preauth/otp.so +lib/krb5/plugins/preauth/pkinit.so +lib/krb5/plugins/preauth/spake.so +lib/krb5/plugins/preauth/test.so +%%LDAP%%lib/libkdb_ldap.so +%%LDAP%%lib/libkdb_ldap.so.1 +%%LDAP%%lib/libkdb_ldap.so.1.0 +lib/libkrad.so +lib/libkrad.so.0 +lib/libkrad.so.0.0 +lib/libverto.so +lib/libverto.so.0 +lib/libverto.so.0.0 +libdata/pkgconfig/gssrpc.pc +libdata/pkgconfig/kadm-client.pc +libdata/pkgconfig/kadm-server.pc +libdata/pkgconfig/kdb.pc +libdata/pkgconfig/krb5-gssapi.pc +libdata/pkgconfig/krb5.pc +libdata/pkgconfig/mit-krb5-gssapi.pc +libdata/pkgconfig/mit-krb5.pc +man/man1/compile_et.1.gz +man/man1/k5srvutil.1.gz +man/man1/kadmin.1.gz +man/man1/kdestroy.1.gz +man/man1/kinit.1.gz +man/man1/klist.1.gz +man/man1/kpasswd.1.gz +man/man1/krb5-config.1.gz +man/man1/ksu.1.gz +man/man1/kswitch.1.gz +man/man1/ktutil.1.gz +man/man1/kvno.1.gz +man/man1/sclient.1.gz +man/man5/.k5identity.5.gz +man/man5/.k5login.5.gz +man/man5/k5identity.5.gz +man/man5/k5login.5.gz +man/man5/kadm5.acl.5.gz +man/man5/kdc.conf.5.gz +man/man5/krb5.conf.5.gz +man/man7/kerberos.7.gz +man/man8/kadmin.local.8.gz +man/man8/kadmind.8.gz +man/man8/kdb5_ldap_util.8.gz +man/man8/kdb5_util.8.gz +man/man8/kprop.8.gz +man/man8/kpropd.8.gz +man/man8/kproplog.8.gz +man/man8/krb5kdc.8.gz +man/man8/sserver.8.gz +sbin/gss-server +sbin/kadmin.local +sbin/kadmind +%%LDAP%%sbin/kdb5_ldap_util +sbin/kdc +sbin/kdb5_util +sbin/kprop +sbin/kpropd +sbin/kproplog +sbin/krb5-send-pr +sbin/krb5kdc +sbin/sim_server +sbin/sserver +sbin/uuserver +share/et/et_c.awk +share/et/et_h.awk +%%NLS%%share/locale/de/LC_MESSAGES/mit-krb5.mo +%%NLS%%share/locale/en_US/LC_MESSAGES/mit-krb5.mo +%%NLS%%share/locale/ka/LC_MESSAGES/mit-krb5.mo +%%LDAP%%%%DATADIR%%/kerberos.schema +%%LDAP%%%%DATADIR%%/kerberos.ldif +@dir lib/krb5/plugins/authdata +@dir lib/krb5/plugins/libkrb5 +@dir var/run/krb5kdc +@dir var/krb5kdc