1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= MIT Kerberos 5 authentication system
8 HOMEPAGE= http://web.mit.edu/kerberos/www/
12 SITES[main]= https://web.mit.edu/kerberos/dist/krb5/1.18/
13 DISTFILE[1]= krb5-1.18.1.tar.gz:main
15 SPKGS[standard]= complete
21 OPTIONS_AVAILABLE= none
22 OPTIONS_STANDARD= none
24 USES= cpe gmake perl:build libtool:build pkgconfig
25 ssl:openssl-devel gettext-runtime gettext-tools
28 DISTNAME= krb5-1.18.1/src
31 LICENSE_FILE= MIT:{{WRKSRC}}/../NOTICE
37 FPC_EQUIVALENT= security/krb5
40 CONFIGURE_ARGS= --enable-shared
42 --without-system-verto
44 --localstatedir="{{PREFIX}}/var"
45 --runstatedir="{{PREFIX}}/var/run"
46 CONFIGURE_ENV= INSTALL="{{INSTALL}}"
47 INSTALL_LIB="{{INSTALL_LIB}}"
50 MAKE_ARGS= INSTALL="{{INSTALL}}"
51 INSTALL_LIB="{{INSTALL_LIB}}"
53 RC_SUBR= kpropd:primary
55 CPPFLAGS= -I{{OPENSSLINC}}
56 LDFLAGS= -L{{OPENSSLLIB}}
59 ${REINPLACE_CMD} -e "s|/usr/local|${PREFIX}|" \
60 ${WRKSRC}/clients/ksu/Makefile.in
63 ${MKDIR} ${STAGEDIR}${STD_DOCDIR}
64 # install PDF documentation
65 (cd ${WRKSRC}/../doc && \
66 ${COPYTREE_SHARE} pdf ${STAGEDIR}${STD_DOCDIR})
67 # install HTML documentation
68 (cd ${WRKSRC}/../doc && \
69 ${COPYTREE_SHARE} html ${STAGEDIR}${STD_DOCDIR} \
70 "! -path 'html/_sources*'")
71 # remove cat directories
72 ${FIND} ${STAGEDIR}${PREFIX}/share/man -type d -empty -delete
74 [FILE:1253:descriptions/desc.primary]
75 Kerberos V5 is an authentication system developed at MIT.
77 Abridged from the User Guide:
78 Under Kerberos, a client sends a request for a ticket to the
79 Key Distribution Center (KDC). The KDC creates a ticket-granting
80 ticket (TGT) for the client, encrypts it using the client's
81 password as the key, and sends the encrypted TGT back to the
82 client. The client then attempts to decrypt the TGT, using
83 its password. If the client successfully decrypts the TGT, it
84 keeps the decrypted TGT, which indicates proof of the client's
85 identity. The TGT permits the client to obtain additional tickets,
86 which give permission for specific services.
87 Since Kerberos negotiates authenticated, and optionally encrypted,
88 communications between two points anywhere on the internet, it
89 provides a layer of security that is not dependent on which side of a
90 firewall either client is on.
91 The Kerberos V5 package is designed to be easy to use. Most of the
92 commands are nearly identical to UNIX network programs you are already
93 used to. Kerberos V5 is a single-sign-on system, which means that you
94 have to type your password only once per session, and Kerberos does
95 the authenticating and encrypting transparently.
99 02a4e700f10936f937cd1a4c303cab8687a11abecc6107bd4b706b9329cd5400 8711772 krb5-1.18.1.tar.gz
102 [FILE:2540:manifests/plist.primary]
113 @(root,wheel,04755) bin/ksu
155 chpass_util_strings.h
178 libgssapi_krb5.so.2.2
187 libkadm5clnt_mit.so.12
188 libkadm5clnt_mit.so.12.0
191 libkadm5srv_mit.so.12
192 libkadm5srv_mit.so.12.0
204 libkrb5support.so.0.1
208 lib/krb5/plugins/kdb/db2.so
209 lib/krb5/plugins/preauth/
214 lib/krb5/plugins/tls/k5tls.so
254 share/man/man3/com_err.3.gz
263 share/man/man7/kerberos.7.gz
274 @dir lib/krb5/plugins/authdata
275 @dir lib/krb5/plugins/libkrb5
280 [FILE:83:manifests/plist.nls]
281 share/locale/de/LC_MESSAGES/mit-krb5.mo
282 share/locale/en_US/LC_MESSAGES/mit-krb5.mo
285 [FILE:59:manifests/plist.examples]
292 [FILE:271:patches/patch-clients_ksu_Makefile.in]
293 --- clients/ksu/Makefile.in.orig 2020-04-13 14:52:20 UTC
294 +++ clients/ksu/Makefile.in
295 @@ -30,6 +30,6 @@ clean:
299 - $(INSTALL_SETUID) $$f \
300 + $(INSTALL_PROGRAM) $$f \
301 $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
305 [FILE:804:patches/patch-config__pre.in]
306 --- config/pre.in.orig 2020-04-13 14:52:20 UTC
308 @@ -181,9 +181,9 @@ LIBS = @LIBS@
311 INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
312 -INSTALL_SCRIPT=@INSTALL_PROGRAM@
313 +INSTALL_SCRIPT=@INSTALL_SCRIPT@
314 INSTALL_DATA=@INSTALL_DATA@
315 -INSTALL_SHLIB=@INSTALL_SHLIB@
316 +INSTALL_SHLIB=$(INSTALL_LIB)
317 INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
318 ## This is needed because autoconf will sometimes define @exec_prefix@ to be
320 @@ -204,6 +204,7 @@ PKGCONFIG_DIR = @libdir@/pkgconfig
321 ADMIN_MANDIR = $(KRB5MANROOT)/man8
322 SERVER_MANDIR = $(KRB5MANROOT)/man8
323 CLIENT_MANDIR = $(KRB5MANROOT)/man1
324 +SUBR_MANDIR = $(KRB5MANROOT)/man3
325 FILE_MANDIR = $(KRB5MANROOT)/man5
326 ADMIN_CATDIR = $(KRB5MANROOT)/cat8
327 SERVER_CATDIR = $(KRB5MANROOT)/cat8
330 [FILE:1172:patches/patch-config_shlib.conf]
331 --- config/shlib.conf.orig 2020-04-13 14:52:20 UTC
332 +++ config/shlib.conf
333 @@ -311,7 +311,7 @@ mips-*-netbsd*)
338 +*-*-freebsd* | *-*-dragonfly*)
339 case $krb5_cv_host in
342 @@ -320,14 +320,15 @@ mips-*-netbsd*)
346 - SHLIBVEXT='.so.$(LIBMAJOR)'
347 - RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
348 + SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
349 + SHLIBSEXT='.so.$(LIBMAJOR)'
350 + LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)'
351 + RPATH_FLAG='-Wl,-rpath -Wl,'
352 PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
353 CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
354 CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
356 - LDCOMBINE='ld -Bshareable'
357 - SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
358 + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
359 SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
360 CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
361 CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
364 [FILE:243:patches/patch-include_gssrpc_rpc.h]
365 --- include/gssrpc/rpc.h.orig 2020-04-13 14:52:20 UTC
366 +++ include/gssrpc/rpc.h
371 +#include <sys/socket.h>
372 #include <gssrpc/types.h> /* some typedefs */
373 #include <netinet/in.h>
377 [FILE:2325:patches/patch-lib-krb5-os-localaddr.c]
378 --- lib/krb5/os/localaddr.c.orig 2020-04-13 14:52:20 UTC
379 +++ lib/krb5/os/localaddr.c
380 @@ -176,6 +176,7 @@ printaddr(struct sockaddr *sa)
386 is_loopback_address(struct sockaddr *sa)
388 @@ -192,6 +193,7 @@ is_loopback_address(struct sockaddr *sa)
394 #ifdef HAVE_IFADDRS_H
396 @@ -449,12 +451,14 @@ foreach_localaddr (/*@null@*/ void *data
397 ifp->ifa_flags &= ~IFF_UP;
401 if (is_loopback_address(ifp->ifa_addr)) {
402 /* Pretend it's not up, so the second pass will skip
404 ifp->ifa_flags &= ~IFF_UP;
408 /* If this address is a duplicate, punt. */
410 for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
411 @@ -583,11 +587,13 @@ foreach_localaddr (/*@null@*/ void *data
416 /* None of the current callers want loopback addresses. */
417 if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
418 Tprintf ((" loopback\n"));
422 /* Ignore interfaces that are down. */
423 if ((lifreq.lifr_flags & IFF_UP) == 0) {
424 Tprintf ((" down\n"));
425 @@ -754,11 +760,13 @@ foreach_localaddr (/*@null@*/ void *data
430 /* None of the current callers want loopback addresses. */
431 if (is_loopback_address(&lifr->iflr_addr)) {
432 Tprintf ((" loopback\n"));
436 /* Ignore interfaces that are down. */
437 if ((lifreq.iflr_flags & IFF_UP) == 0) {
438 Tprintf ((" down\n"));
439 @@ -972,11 +980,13 @@ foreach_localaddr (/*@null@*/ void *data
444 /* None of the current callers want loopback addresses. */
445 if (is_loopback_address(&ifreq.ifr_addr)) {
446 Tprintf ((" loopback\n"));
450 /* Ignore interfaces that are down. */
451 if ((ifreq.ifr_flags & IFF_UP) == 0) {
452 Tprintf ((" down\n"));
455 [FILE:1247:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c]
456 --- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2020-04-13 14:52:20 UTC
457 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
458 @@ -185,7 +185,8 @@ pkinit_pkcs11_code_to_text(int err);
459 (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
462 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
463 +#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
464 + defined(LIBRESSL_VERSION_NUMBER)
466 /* 1.1 standardizes constructor and destructor names, renaming
467 * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
468 @@ -245,6 +246,10 @@ static void compat_dh_get0_key(const DH
472 +#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name)
473 +#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name
476 static struct pkcs11_errstrings {
479 @@ -2924,7 +2929,9 @@ cleanup:
483 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
484 +#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
485 + !defined(LIBRESSL_VERSION_NUMBER)) || \
486 + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
489 * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
492 [FILE:528:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h]
493 --- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2020-04-13 14:52:20 UTC
494 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.h
496 #include <openssl/asn1.h>
497 #include <openssl/pem.h>
499 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
500 +#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
501 + !defined(LIBRESSL_VERSION_NUMBER)) || \
502 + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
503 #include <openssl/asn1t.h>
505 #include <openssl/asn1_mac.h>
508 [FILE:692:patches/patch-util_et_Makefile.in]
509 --- util/et/Makefile.in.orig 2020-04-13 14:52:20 UTC
510 +++ util/et/Makefile.in
511 @@ -111,12 +111,13 @@ check-windows: $(OUTPRE)test_et$(EXEEXT)
513 $(OUTPRE)test_et$(EXEEXT)
515 -install-unix: compile_et compile_et.1
516 +install-unix: compile_et compile_et.1 com_err.3
517 $(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et
518 test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir)
519 $(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir)
520 $(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir)
521 $(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1
522 + $(INSTALL_DATA) $(srcdir)/com_err.3 $(DESTDIR)$(SUBR_MANDIR)/com_err.3
525 install-headers: compile_et
528 [FILE:496:files/kpropd.in]
535 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
536 # to enable this service:
538 # kpropd_enable (bool): Set to NO by default.
539 # Set it to YES to enable kpropd.
540 # kpropd_flags (str): Set to "" by default.
549 : ${kpropd_enable:="NO"}
552 command=%%PREFIX%%/sbin/${name}