1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= MIT Kerberos 5 authentication system
8 HOMEPAGE= http://web.mit.edu/kerberos/www/
12 SITES[main]= https://web.mit.edu/kerberos/dist/krb5/1.19/
13 DISTFILE[1]= krb5-1.19.3.tar.gz:main
15 SPKGS[standard]= complete
21 OPTIONS_AVAILABLE= none
22 OPTIONS_STANDARD= none
24 USES= cpe gmake perl:build libtool:build pkgconfig
25 ssl:openssl11 gettext-runtime gettext-tools readline
27 DISTNAME= krb5-1.19.3/src
30 LICENSE_FILE= MIT:{{WRKSRC}}/../NOTICE
36 FPC_EQUIVALENT= security/krb5
39 CONFIGURE_ARGS= --enable-shared
41 --without-system-verto
43 --localstatedir="{{PREFIX}}/var"
44 --runstatedir="{{PREFIX}}/var/run"
45 CONFIGURE_ENV= INSTALL="{{INSTALL}}"
46 INSTALL_LIB="{{INSTALL_LIB}}"
49 MAKE_ARGS= INSTALL="{{INSTALL}}"
50 INSTALL_LIB="{{INSTALL_LIB}}"
52 RC_SUBR= kpropd:primary
54 CPPFLAGS= -I{{OPENSSLINC}}
55 LDFLAGS= -L{{OPENSSLLIB}}
56 VAR_OPSYS[sunos]= LDFLAGS=-lintl
59 ${REINPLACE_CMD} -e "s|/usr/local|${PREFIX}|" \
60 ${WRKSRC}/clients/ksu/Makefile.in
63 ${MKDIR} ${STAGEDIR}${STD_DOCDIR}
64 # install PDF documentation
65 (cd ${WRKSRC}/../doc && \
66 ${COPYTREE_SHARE} pdf ${STAGEDIR}${STD_DOCDIR})
67 # install HTML documentation
68 (cd ${WRKSRC}/../doc && \
69 ${COPYTREE_SHARE} html ${STAGEDIR}${STD_DOCDIR} \
70 "! -path 'html/_sources*'")
71 # remove cat directories
72 ${FIND} ${STAGEDIR}${PREFIX}/share/man -type d -empty -delete
74 [FILE:1253:descriptions/desc.primary]
75 Kerberos V5 is an authentication system developed at MIT.
77 Abridged from the User Guide:
78 Under Kerberos, a client sends a request for a ticket to the
79 Key Distribution Center (KDC). The KDC creates a ticket-granting
80 ticket (TGT) for the client, encrypts it using the client's
81 password as the key, and sends the encrypted TGT back to the
82 client. The client then attempts to decrypt the TGT, using
83 its password. If the client successfully decrypts the TGT, it
84 keeps the decrypted TGT, which indicates proof of the client's
85 identity. The TGT permits the client to obtain additional tickets,
86 which give permission for specific services.
87 Since Kerberos negotiates authenticated, and optionally encrypted,
88 communications between two points anywhere on the internet, it
89 provides a layer of security that is not dependent on which side of a
90 firewall either client is on.
91 The Kerberos V5 package is designed to be easy to use. Most of the
92 commands are nearly identical to UNIX network programs you are already
93 used to. Kerberos V5 is a single-sign-on system, which means that you
94 have to type your password only once per session, and Kerberos does
95 the authenticating and encrypting transparently.
99 56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0 8741343 krb5-1.19.3.tar.gz
102 [FILE:2540:manifests/plist.primary]
113 @(root,wheel,04755) bin/ksu
155 chpass_util_strings.h
178 libgssapi_krb5.so.2.2
187 libkadm5clnt_mit.so.12
188 libkadm5clnt_mit.so.12.0
191 libkadm5srv_mit.so.12
192 libkadm5srv_mit.so.12.0
204 libkrb5support.so.0.1
208 lib/krb5/plugins/kdb/db2.so
209 lib/krb5/plugins/preauth/
214 lib/krb5/plugins/tls/k5tls.so
254 share/man/man3/com_err.3.gz
263 share/man/man7/kerberos.7.gz
274 @dir lib/krb5/plugins/authdata
275 @dir lib/krb5/plugins/libkrb5
280 [FILE:83:manifests/plist.nls]
281 share/locale/de/LC_MESSAGES/mit-krb5.mo
282 share/locale/en_US/LC_MESSAGES/mit-krb5.mo
285 [FILE:59:manifests/plist.examples]
292 [FILE:271:patches/patch-clients_ksu_Makefile.in]
293 --- clients/ksu/Makefile.in.orig 2021-07-22 15:50:07 UTC
294 +++ clients/ksu/Makefile.in
295 @@ -30,6 +30,6 @@ clean:
299 - $(INSTALL_SETUID) $$f \
300 + $(INSTALL_PROGRAM) $$f \
301 $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
305 [FILE:804:patches/patch-config__pre.in]
306 --- config/pre.in.orig 2021-07-22 15:50:07 UTC
308 @@ -181,9 +181,9 @@ LIBS = @LIBS@
311 INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
312 -INSTALL_SCRIPT=@INSTALL_PROGRAM@
313 +INSTALL_SCRIPT=@INSTALL_SCRIPT@
314 INSTALL_DATA=@INSTALL_DATA@
315 -INSTALL_SHLIB=@INSTALL_SHLIB@
316 +INSTALL_SHLIB=$(INSTALL_LIB)
317 INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
318 ## This is needed because autoconf will sometimes define @exec_prefix@ to be
320 @@ -205,6 +205,7 @@ PKGCONFIG_DIR = @libdir@/pkgconfig
321 ADMIN_MANDIR = $(KRB5MANROOT)/man8
322 SERVER_MANDIR = $(KRB5MANROOT)/man8
323 CLIENT_MANDIR = $(KRB5MANROOT)/man1
324 +SUBR_MANDIR = $(KRB5MANROOT)/man3
325 FILE_MANDIR = $(KRB5MANROOT)/man5
326 ADMIN_CATDIR = $(KRB5MANROOT)/cat8
327 SERVER_CATDIR = $(KRB5MANROOT)/cat8
330 [FILE:1349:patches/patch-config_shlib.conf]
331 --- config/shlib.conf.orig 2021-07-22 15:50:07 UTC
332 +++ config/shlib.conf
333 @@ -294,7 +294,7 @@ mips-*-netbsd*)
340 SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
342 @@ -312,7 +312,7 @@ mips-*-netbsd*)
347 +*-*-freebsd* | *-*-dragonfly* | *-*-netbsd*)
348 case $krb5_cv_host in
351 @@ -321,14 +321,15 @@ mips-*-netbsd*)
355 - SHLIBVEXT='.so.$(LIBMAJOR)'
356 - RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
357 + SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
358 + SHLIBSEXT='.so.$(LIBMAJOR)'
359 + LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)'
360 + RPATH_FLAG='-Wl,-rpath -Wl,'
361 PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
362 CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
363 CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
365 - LDCOMBINE='ld -Bshareable'
366 - SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
367 + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
368 SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
369 CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
370 CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
373 [FILE:243:patches/patch-include_gssrpc_rpc.h]
374 --- include/gssrpc/rpc.h.orig 2021-07-22 15:50:07 UTC
375 +++ include/gssrpc/rpc.h
380 +#include <sys/socket.h>
381 #include <gssrpc/types.h> /* some typedefs */
382 #include <netinet/in.h>
386 [FILE:2325:patches/patch-lib-krb5-os-localaddr.c]
387 --- lib/krb5/os/localaddr.c.orig 2021-07-22 15:50:07 UTC
388 +++ lib/krb5/os/localaddr.c
389 @@ -176,6 +176,7 @@ printaddr(struct sockaddr *sa)
395 is_loopback_address(struct sockaddr *sa)
397 @@ -192,6 +193,7 @@ is_loopback_address(struct sockaddr *sa)
403 #ifdef HAVE_IFADDRS_H
405 @@ -449,12 +451,14 @@ foreach_localaddr (/*@null@*/ void *data
406 ifp->ifa_flags &= ~IFF_UP;
410 if (is_loopback_address(ifp->ifa_addr)) {
411 /* Pretend it's not up, so the second pass will skip
413 ifp->ifa_flags &= ~IFF_UP;
417 /* If this address is a duplicate, punt. */
419 for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
420 @@ -583,11 +587,13 @@ foreach_localaddr (/*@null@*/ void *data
425 /* None of the current callers want loopback addresses. */
426 if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
427 Tprintf ((" loopback\n"));
431 /* Ignore interfaces that are down. */
432 if ((lifreq.lifr_flags & IFF_UP) == 0) {
433 Tprintf ((" down\n"));
434 @@ -754,11 +760,13 @@ foreach_localaddr (/*@null@*/ void *data
439 /* None of the current callers want loopback addresses. */
440 if (is_loopback_address(&lifr->iflr_addr)) {
441 Tprintf ((" loopback\n"));
445 /* Ignore interfaces that are down. */
446 if ((lifreq.iflr_flags & IFF_UP) == 0) {
447 Tprintf ((" down\n"));
448 @@ -972,11 +980,13 @@ foreach_localaddr (/*@null@*/ void *data
453 /* None of the current callers want loopback addresses. */
454 if (is_loopback_address(&ifreq.ifr_addr)) {
455 Tprintf ((" loopback\n"));
459 /* Ignore interfaces that are down. */
460 if ((ifreq.ifr_flags & IFF_UP) == 0) {
461 Tprintf ((" down\n"));
464 [FILE:525:patches/patch-lib_crypto_builtin_aes_brg__endian.h]
465 --- lib/crypto/builtin/aes/brg_endian.h.orig 2021-07-22 15:50:07 UTC
466 +++ lib/crypto/builtin/aes/brg_endian.h
467 @@ -35,6 +35,8 @@ Issue Date: 10/09/2018
468 # include <sys/isa_defs.h>
469 #elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
470 # include <sys/endian.h>
471 +#elif defined( __DragonFly__)
472 +# include <sys/endian.h>
473 #elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
474 defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
475 # include <machine/endian.h>
478 [FILE:857:patches/patch-lib_kdb_kdb__log.c]
479 $NetBSD: patch-lib_kdb_kdb__log.c,v 1.2 2020/04/09 10:57:05 adam Exp $
481 Fix mmap/munmap -Werror=incompatible-pointer-types
483 --- lib/kdb/kdb_log.c.orig 2021-07-22 15:50:07 UTC
484 +++ lib/kdb/kdb_log.c
485 @@ -498,7 +498,7 @@ ulog_map(krb5_context context, const cha
489 - ulog = mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
490 + ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
492 if (ulog == MAP_FAILED) {
494 @@ -680,7 +680,11 @@ ulog_fini(krb5_context context)
497 if (log_ctx->ulog != NULL)
499 + munmap((caddr_t)log_ctx->ulog, MAXLOGLEN);
501 munmap(log_ctx->ulog, MAXLOGLEN);
503 if (log_ctx->ulogfd != -1)
504 close(log_ctx->ulogfd);
508 [FILE:506:patches/patch-patch-kprop_kproplog.c]
509 $NetBSD: patch-kprop_kproplog.c,v 1.1 2020/04/09 10:57:49 adam Exp $
511 Fix mmap -Werror=incompatible-pointer-types.
513 --- kprop/kproplog.c.orig 2021-07-22 15:50:07 UTC
515 @@ -412,7 +412,7 @@ map_ulog(const char *filename)
517 if (fstat(fd, &st) < 0)
519 - ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
520 + ulog = (kdb_hlog_t *)mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
521 return (ulog == MAP_FAILED) ? NULL : ulog;
526 [FILE:1247:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c]
527 --- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-07-22 15:50:07 UTC
528 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
529 @@ -185,7 +185,8 @@ pkinit_pkcs11_code_to_text(int err);
530 (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
533 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
534 +#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
535 + defined(LIBRESSL_VERSION_NUMBER)
537 /* 1.1 standardizes constructor and destructor names, renaming
538 * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
539 @@ -245,6 +246,10 @@ static void compat_dh_get0_key(const DH
543 +#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name)
544 +#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name
547 static struct pkcs11_errstrings {
550 @@ -2924,7 +2929,9 @@ cleanup:
554 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
555 +#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
556 + !defined(LIBRESSL_VERSION_NUMBER)) || \
557 + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
560 * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
563 [FILE:528:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h]
564 --- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2021-07-22 15:50:07 UTC
565 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.h
567 #include <openssl/asn1.h>
568 #include <openssl/pem.h>
570 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
571 +#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
572 + !defined(LIBRESSL_VERSION_NUMBER)) || \
573 + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
574 #include <openssl/asn1t.h>
576 #include <openssl/asn1_mac.h>
579 [FILE:692:patches/patch-util_et_Makefile.in]
580 --- util/et/Makefile.in.orig 2021-07-22 15:50:07 UTC
581 +++ util/et/Makefile.in
582 @@ -111,12 +111,13 @@ check-windows: $(OUTPRE)test_et$(EXEEXT)
584 $(OUTPRE)test_et$(EXEEXT)
586 -install-unix: compile_et compile_et.1
587 +install-unix: compile_et compile_et.1 com_err.3
588 $(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et
589 test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir)
590 $(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir)
591 $(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir)
592 $(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1
593 + $(INSTALL_DATA) $(srcdir)/com_err.3 $(DESTDIR)$(SUBR_MANDIR)/com_err.3
596 install-headers: compile_et
599 [FILE:496:files/kpropd.in]
606 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
607 # to enable this service:
609 # kpropd_enable (bool): Set to NO by default.
610 # Set it to YES to enable kpropd.
611 # kpropd_flags (str): Set to "" by default.
620 : ${kpropd_enable:="NO"}
623 command=%%PREFIX%%/sbin/${name}