1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= MIT Kerberos 5 authentication system
8 HOMEPAGE= http://web.mit.edu/kerberos/www/
12 SITES[main]= https://web.mit.edu/kerberos/dist/krb5/1.19/
13 DISTFILE[1]= krb5-1.19.1.tar.gz:main
15 SPKGS[standard]= complete
21 OPTIONS_AVAILABLE= none
22 OPTIONS_STANDARD= none
24 USES= cpe gmake perl:build libtool:build pkgconfig
25 ssl:openssl-devel gettext-runtime gettext-tools
28 DISTNAME= krb5-1.19.1/src
31 LICENSE_FILE= MIT:{{WRKSRC}}/../NOTICE
37 FPC_EQUIVALENT= security/krb5
40 CONFIGURE_ARGS= --enable-shared
42 --without-system-verto
44 --localstatedir="{{PREFIX}}/var"
45 --runstatedir="{{PREFIX}}/var/run"
46 CONFIGURE_ENV= INSTALL="{{INSTALL}}"
47 INSTALL_LIB="{{INSTALL_LIB}}"
50 MAKE_ARGS= INSTALL="{{INSTALL}}"
51 INSTALL_LIB="{{INSTALL_LIB}}"
53 RC_SUBR= kpropd:primary
55 CPPFLAGS= -I{{OPENSSLINC}}
56 LDFLAGS= -L{{OPENSSLLIB}}
57 VAR_OPSYS[sunos]= LDFLAGS=-lintl
60 ${REINPLACE_CMD} -e "s|/usr/local|${PREFIX}|" \
61 ${WRKSRC}/clients/ksu/Makefile.in
64 ${MKDIR} ${STAGEDIR}${STD_DOCDIR}
65 # install PDF documentation
66 (cd ${WRKSRC}/../doc && \
67 ${COPYTREE_SHARE} pdf ${STAGEDIR}${STD_DOCDIR})
68 # install HTML documentation
69 (cd ${WRKSRC}/../doc && \
70 ${COPYTREE_SHARE} html ${STAGEDIR}${STD_DOCDIR} \
71 "! -path 'html/_sources*'")
72 # remove cat directories
73 ${FIND} ${STAGEDIR}${PREFIX}/share/man -type d -empty -delete
75 [FILE:1253:descriptions/desc.primary]
76 Kerberos V5 is an authentication system developed at MIT.
78 Abridged from the User Guide:
79 Under Kerberos, a client sends a request for a ticket to the
80 Key Distribution Center (KDC). The KDC creates a ticket-granting
81 ticket (TGT) for the client, encrypts it using the client's
82 password as the key, and sends the encrypted TGT back to the
83 client. The client then attempts to decrypt the TGT, using
84 its password. If the client successfully decrypts the TGT, it
85 keeps the decrypted TGT, which indicates proof of the client's
86 identity. The TGT permits the client to obtain additional tickets,
87 which give permission for specific services.
88 Since Kerberos negotiates authenticated, and optionally encrypted,
89 communications between two points anywhere on the internet, it
90 provides a layer of security that is not dependent on which side of a
91 firewall either client is on.
92 The Kerberos V5 package is designed to be easy to use. Most of the
93 commands are nearly identical to UNIX network programs you are already
94 used to. Kerberos V5 is a single-sign-on system, which means that you
95 have to type your password only once per session, and Kerberos does
96 the authenticating and encrypting transparently.
100 fa16f87eb7e3ec3586143c800d7eaff98b5e0dcdf0772af7d98612e49dbeb20b 8738142 krb5-1.19.1.tar.gz
103 [FILE:2540:manifests/plist.primary]
114 @(root,wheel,04755) bin/ksu
156 chpass_util_strings.h
179 libgssapi_krb5.so.2.2
188 libkadm5clnt_mit.so.12
189 libkadm5clnt_mit.so.12.0
192 libkadm5srv_mit.so.12
193 libkadm5srv_mit.so.12.0
205 libkrb5support.so.0.1
209 lib/krb5/plugins/kdb/db2.so
210 lib/krb5/plugins/preauth/
215 lib/krb5/plugins/tls/k5tls.so
255 share/man/man3/com_err.3.gz
264 share/man/man7/kerberos.7.gz
275 @dir lib/krb5/plugins/authdata
276 @dir lib/krb5/plugins/libkrb5
281 [FILE:83:manifests/plist.nls]
282 share/locale/de/LC_MESSAGES/mit-krb5.mo
283 share/locale/en_US/LC_MESSAGES/mit-krb5.mo
286 [FILE:59:manifests/plist.examples]
293 [FILE:271:patches/patch-clients_ksu_Makefile.in]
294 --- clients/ksu/Makefile.in.orig 2021-02-18 16:35:16 UTC
295 +++ clients/ksu/Makefile.in
296 @@ -30,6 +30,6 @@ clean:
300 - $(INSTALL_SETUID) $$f \
301 + $(INSTALL_PROGRAM) $$f \
302 $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
306 [FILE:804:patches/patch-config__pre.in]
307 --- config/pre.in.orig 2021-02-18 16:35:16 UTC
309 @@ -181,9 +181,9 @@ LIBS = @LIBS@
312 INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
313 -INSTALL_SCRIPT=@INSTALL_PROGRAM@
314 +INSTALL_SCRIPT=@INSTALL_SCRIPT@
315 INSTALL_DATA=@INSTALL_DATA@
316 -INSTALL_SHLIB=@INSTALL_SHLIB@
317 +INSTALL_SHLIB=$(INSTALL_LIB)
318 INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
319 ## This is needed because autoconf will sometimes define @exec_prefix@ to be
321 @@ -205,6 +205,7 @@ PKGCONFIG_DIR = @libdir@/pkgconfig
322 ADMIN_MANDIR = $(KRB5MANROOT)/man8
323 SERVER_MANDIR = $(KRB5MANROOT)/man8
324 CLIENT_MANDIR = $(KRB5MANROOT)/man1
325 +SUBR_MANDIR = $(KRB5MANROOT)/man3
326 FILE_MANDIR = $(KRB5MANROOT)/man5
327 ADMIN_CATDIR = $(KRB5MANROOT)/cat8
328 SERVER_CATDIR = $(KRB5MANROOT)/cat8
331 [FILE:1172:patches/patch-config_shlib.conf]
332 --- config/shlib.conf.orig 2021-02-18 16:35:16 UTC
333 +++ config/shlib.conf
334 @@ -312,7 +312,7 @@ mips-*-netbsd*)
339 +*-*-freebsd* | *-*-dragonfly*)
340 case $krb5_cv_host in
343 @@ -321,14 +321,15 @@ mips-*-netbsd*)
347 - SHLIBVEXT='.so.$(LIBMAJOR)'
348 - RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
349 + SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
350 + SHLIBSEXT='.so.$(LIBMAJOR)'
351 + LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)'
352 + RPATH_FLAG='-Wl,-rpath -Wl,'
353 PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
354 CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
355 CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
357 - LDCOMBINE='ld -Bshareable'
358 - SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
359 + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
360 SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
361 CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
362 CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
365 [FILE:243:patches/patch-include_gssrpc_rpc.h]
366 --- include/gssrpc/rpc.h.orig 2021-02-18 16:35:16 UTC
367 +++ include/gssrpc/rpc.h
372 +#include <sys/socket.h>
373 #include <gssrpc/types.h> /* some typedefs */
374 #include <netinet/in.h>
378 [FILE:2325:patches/patch-lib-krb5-os-localaddr.c]
379 --- lib/krb5/os/localaddr.c.orig 2021-02-18 16:35:16 UTC
380 +++ lib/krb5/os/localaddr.c
381 @@ -176,6 +176,7 @@ printaddr(struct sockaddr *sa)
387 is_loopback_address(struct sockaddr *sa)
389 @@ -192,6 +193,7 @@ is_loopback_address(struct sockaddr *sa)
395 #ifdef HAVE_IFADDRS_H
397 @@ -449,12 +451,14 @@ foreach_localaddr (/*@null@*/ void *data
398 ifp->ifa_flags &= ~IFF_UP;
402 if (is_loopback_address(ifp->ifa_addr)) {
403 /* Pretend it's not up, so the second pass will skip
405 ifp->ifa_flags &= ~IFF_UP;
409 /* If this address is a duplicate, punt. */
411 for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
412 @@ -583,11 +587,13 @@ foreach_localaddr (/*@null@*/ void *data
417 /* None of the current callers want loopback addresses. */
418 if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
419 Tprintf ((" loopback\n"));
423 /* Ignore interfaces that are down. */
424 if ((lifreq.lifr_flags & IFF_UP) == 0) {
425 Tprintf ((" down\n"));
426 @@ -754,11 +760,13 @@ foreach_localaddr (/*@null@*/ void *data
431 /* None of the current callers want loopback addresses. */
432 if (is_loopback_address(&lifr->iflr_addr)) {
433 Tprintf ((" loopback\n"));
437 /* Ignore interfaces that are down. */
438 if ((lifreq.iflr_flags & IFF_UP) == 0) {
439 Tprintf ((" down\n"));
440 @@ -972,11 +980,13 @@ foreach_localaddr (/*@null@*/ void *data
445 /* None of the current callers want loopback addresses. */
446 if (is_loopback_address(&ifreq.ifr_addr)) {
447 Tprintf ((" loopback\n"));
451 /* Ignore interfaces that are down. */
452 if ((ifreq.ifr_flags & IFF_UP) == 0) {
453 Tprintf ((" down\n"));
456 [FILE:525:patches/patch-lib_crypto_builtin_aes_brg__endian.h]
457 --- lib/crypto/builtin/aes/brg_endian.h.orig 2021-02-18 16:35:16 UTC
458 +++ lib/crypto/builtin/aes/brg_endian.h
459 @@ -35,6 +35,8 @@ Issue Date: 10/09/2018
460 # include <sys/isa_defs.h>
461 #elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
462 # include <sys/endian.h>
463 +#elif defined( __DragonFly__)
464 +# include <sys/endian.h>
465 #elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
466 defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
467 # include <machine/endian.h>
470 [FILE:857:patches/patch-lib_kdb_kdb__log.c]
471 $NetBSD: patch-lib_kdb_kdb__log.c,v 1.2 2020/04/09 10:57:05 adam Exp $
473 Fix mmap/munmap -Werror=incompatible-pointer-types
475 --- lib/kdb/kdb_log.c.orig 2021-02-18 16:35:16 UTC
476 +++ lib/kdb/kdb_log.c
477 @@ -498,7 +498,7 @@ ulog_map(krb5_context context, const cha
481 - ulog = mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
482 + ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
484 if (ulog == MAP_FAILED) {
486 @@ -680,7 +680,11 @@ ulog_fini(krb5_context context)
489 if (log_ctx->ulog != NULL)
491 + munmap((caddr_t)log_ctx->ulog, MAXLOGLEN);
493 munmap(log_ctx->ulog, MAXLOGLEN);
495 if (log_ctx->ulogfd != -1)
496 close(log_ctx->ulogfd);
500 [FILE:506:patches/patch-patch-kprop_kproplog.c]
501 $NetBSD: patch-kprop_kproplog.c,v 1.1 2020/04/09 10:57:49 adam Exp $
503 Fix mmap -Werror=incompatible-pointer-types.
505 --- kprop/kproplog.c.orig 2021-02-18 16:35:16 UTC
507 @@ -412,7 +412,7 @@ map_ulog(const char *filename)
509 if (fstat(fd, &st) < 0)
511 - ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
512 + ulog = (kdb_hlog_t *)mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
513 return (ulog == MAP_FAILED) ? NULL : ulog;
518 [FILE:1247:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c]
519 --- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-02-18 16:35:16 UTC
520 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
521 @@ -185,7 +185,8 @@ pkinit_pkcs11_code_to_text(int err);
522 (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
525 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
526 +#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
527 + defined(LIBRESSL_VERSION_NUMBER)
529 /* 1.1 standardizes constructor and destructor names, renaming
530 * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
531 @@ -245,6 +246,10 @@ static void compat_dh_get0_key(const DH
535 +#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name)
536 +#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name
539 static struct pkcs11_errstrings {
542 @@ -2924,7 +2929,9 @@ cleanup:
546 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
547 +#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
548 + !defined(LIBRESSL_VERSION_NUMBER)) || \
549 + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
552 * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
555 [FILE:528:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h]
556 --- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2021-02-18 16:35:16 UTC
557 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.h
559 #include <openssl/asn1.h>
560 #include <openssl/pem.h>
562 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
563 +#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
564 + !defined(LIBRESSL_VERSION_NUMBER)) || \
565 + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
566 #include <openssl/asn1t.h>
568 #include <openssl/asn1_mac.h>
571 [FILE:692:patches/patch-util_et_Makefile.in]
572 --- util/et/Makefile.in.orig 2021-02-18 16:35:16 UTC
573 +++ util/et/Makefile.in
574 @@ -111,12 +111,13 @@ check-windows: $(OUTPRE)test_et$(EXEEXT)
576 $(OUTPRE)test_et$(EXEEXT)
578 -install-unix: compile_et compile_et.1
579 +install-unix: compile_et compile_et.1 com_err.3
580 $(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et
581 test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir)
582 $(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir)
583 $(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir)
584 $(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1
585 + $(INSTALL_DATA) $(srcdir)/com_err.3 $(DESTDIR)$(SUBR_MANDIR)/com_err.3
588 install-headers: compile_et
591 [FILE:496:files/kpropd.in]
598 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
599 # to enable this service:
601 # kpropd_enable (bool): Set to NO by default.
602 # Set it to YES to enable kpropd.
603 # kpropd_flags (str): Set to "" by default.
612 : ${kpropd_enable:="NO"}
615 command=%%PREFIX%%/sbin/${name}