Ravenports generated: 27 Mar 2022 15:43

[ravenports.git] / bucket_AC / krb5

# Buildsheet autogenerated by ravenadm tool -- Do not edit.

NAMEBASE=               krb5
VERSION=                1.19.3
KEYWORDS=               security
VARIANTS=               standard
SDESC[standard]=        MIT Kerberos 5 authentication system
HOMEPAGE=               http://web.mit.edu/kerberos/www/
CONTACT=                nobody

DOWNLOAD_GROUPS=        main
SITES[main]=            https://web.mit.edu/kerberos/dist/krb5/1.19/
DISTFILE[1]=            krb5-1.19.3.tar.gz:main
DF_INDEX=               1
SPKGS[standard]=        complete
                        primary
                        nls
                        examples
                        docs

OPTIONS_AVAILABLE=      none
OPTIONS_STANDARD=       none

USES=                   cpe gmake perl:build libtool:build pkgconfig
                        ssl:openssl11 gettext-runtime gettext-tools readline

DISTNAME=               krb5-1.19.3/src

LICENSE=                MIT:primary
LICENSE_FILE=           MIT:{{WRKSRC}}/../NOTICE
LICENSE_SCHEME=         solo

CPE_PRODUCT=            kerberos
CPE_VENDOR=             mit
CPE_VERSION=            5-1.19.3
FPC_EQUIVALENT=         security/krb5

MUST_CONFIGURE=         gnu
CONFIGURE_ARGS=         --enable-shared
                        --with-readline
                        --without-system-verto
                        --disable-rpath
                        --localstatedir="{{PREFIX}}/var"
                        --runstatedir="{{PREFIX}}/var/run"
CONFIGURE_ENV=          INSTALL="{{INSTALL}}"
                        INSTALL_LIB="{{INSTALL_LIB}}"
                        YACC="{{YACC}}"

MAKE_ARGS=              INSTALL="{{INSTALL}}"
                        INSTALL_LIB="{{INSTALL_LIB}}"

RC_SUBR=                kpropd:primary

CPPFLAGS=               -I{{OPENSSLINC}}
LDFLAGS=                -L{{OPENSSLLIB}}
VAR_OPSYS[sunos]=       LDFLAGS=-lintl

post-patch:
        ${REINPLACE_CMD} -e "s|/usr/local|${PREFIX}|" \
                ${WRKSRC}/clients/ksu/Makefile.in

post-install:
        ${MKDIR} ${STAGEDIR}${STD_DOCDIR}
        # install PDF documentation
        (cd ${WRKSRC}/../doc && \
                ${COPYTREE_SHARE} pdf ${STAGEDIR}${STD_DOCDIR})
        # install HTML documentation
        (cd ${WRKSRC}/../doc && \
                ${COPYTREE_SHARE} html ${STAGEDIR}${STD_DOCDIR} \
                "! -path 'html/_sources*'")
        # remove cat directories
        ${FIND} ${STAGEDIR}${PREFIX}/share/man -type d -empty -delete

[FILE:1253:descriptions/desc.primary]
Kerberos V5 is an authentication system developed at MIT.

Abridged from the User Guide:
       Under Kerberos, a client sends a request for a ticket to the
   Key Distribution Center (KDC). The KDC creates a ticket-granting
   ticket (TGT) for the client, encrypts it using the client's
   password as the key, and sends the encrypted TGT back to the
   client. The client then attempts to decrypt the TGT, using
   its password. If the client successfully decrypts the TGT, it
   keeps the decrypted TGT, which indicates proof of the client's
   identity. The TGT permits the client to obtain additional tickets,
   which give permission for specific services.
       Since Kerberos negotiates authenticated, and optionally encrypted,
   communications between two points anywhere on the internet, it
   provides a layer of security that is not dependent on which side of a
   firewall either client is on.
       The Kerberos V5 package is designed to be easy to use. Most of the
   commands are nearly identical to UNIX network programs you are already
   used to. Kerberos V5 is a single-sign-on system, which means that you
   have to type your password only once per session, and Kerberos does
   the authenticating and encrypting transparently.


[FILE:97:distinfo]
56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0      8741343 krb5-1.19.3.tar.gz


[FILE:2540:manifests/plist.primary]
bin/
 compile_et
 gss-client
 k5srvutil
 kadmin
 kdestroy
 kinit
 klist
 kpasswd
 krb5-config
@(root,wheel,04755) bin/ksu
 kswitch
 ktutil
 kvno
 sclient
 sim_client
 uuclient
include/
 com_err.h
 gssapi.h
 kdb.h
 krad.h
 krb5.h
 profile.h
 verto-module.h
 verto.h
include/gssapi/
 gssapi.h
 gssapi_alloc.h
 gssapi_ext.h
 gssapi_generic.h
 gssapi_krb5.h
 mechglue.h
include/gssrpc/
 auth.h
 auth_gss.h
 auth_gssapi.h
 auth_unix.h
 clnt.h
 netdb.h
 pmap_clnt.h
 pmap_prot.h
 pmap_rmt.h
 rename.h
 rpc.h
 rpc_msg.h
 svc.h
 svc_auth.h
 types.h
 xdr.h
include/kadm5/
 admin.h
 chpass_util_strings.h
 kadm_err.h
include/krb5/
 ccselect_plugin.h
 certauth_plugin.h
 clpreauth_plugin.h
 hostrealm_plugin.h
 kadm5_auth_plugin.h
 kadm5_hook_plugin.h
 kdcpolicy_plugin.h
 kdcpreauth_plugin.h
 krb5.h
 localauth_plugin.h
 locate_plugin.h
 plugin.h
 preauth_plugin.h
 pwqual_plugin.h
lib/
 libcom_err.so
 libcom_err.so.3
 libcom_err.so.3.0
 libgssapi_krb5.so
 libgssapi_krb5.so.2
 libgssapi_krb5.so.2.2
 libgssrpc.so
 libgssrpc.so.4
 libgssrpc.so.4.2
 libk5crypto.so
 libk5crypto.so.3
 libk5crypto.so.3.1
 libkadm5clnt.so
 libkadm5clnt_mit.so
 libkadm5clnt_mit.so.12
 libkadm5clnt_mit.so.12.0
 libkadm5srv.so
 libkadm5srv_mit.so
 libkadm5srv_mit.so.12
 libkadm5srv_mit.so.12.0
 libkdb5.so
 libkdb5.so.10
 libkdb5.so.10.0
 libkrad.so
 libkrad.so.0
 libkrad.so.0.0
 libkrb5.so
 libkrb5.so.3
 libkrb5.so.3.3
 libkrb5support.so
 libkrb5support.so.0
 libkrb5support.so.0.1
 libverto.so
 libverto.so.0
 libverto.so.0.0
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/
 otp.so
 pkinit.so
 spake.so
 test.so
lib/krb5/plugins/tls/k5tls.so
lib/pkgconfig/
 gssrpc.pc
 kadm-client.pc
 kadm-server.pc
 kdb.pc
 krb5-gssapi.pc
 krb5.pc
 mit-krb5-gssapi.pc
 mit-krb5.pc
sbin/
 gss-server
 kadmin.local
 kadmind
 kdb5_util
 kprop
 kpropd
 kproplog
 krb5-send-pr
 krb5kdc
 sim_server
 sserver
 uuserver
share/et/
 et_c.awk
 et_h.awk
share/man/man1/
 compile_et.1.gz
 k5srvutil.1.gz
 kadmin.1.gz
 kdestroy.1.gz
 kinit.1.gz
 klist.1.gz
 kpasswd.1.gz
 krb5-config.1.gz
 ksu.1.gz
 kswitch.1.gz
 ktutil.1.gz
 kvno.1.gz
 sclient.1.gz
share/man/man3/com_err.3.gz
share/man/man5/
 .k5identity.5.gz
 .k5login.5.gz
 k5identity.5.gz
 k5login.5.gz
 kadm5.acl.5.gz
 kdc.conf.5.gz
 krb5.conf.5.gz
share/man/man7/kerberos.7.gz
share/man/man8/
 kadmin.local.8.gz
 kadmind.8.gz
 kdb5_ldap_util.8.gz
 kdb5_util.8.gz
 kprop.8.gz
 kpropd.8.gz
 kproplog.8.gz
 krb5kdc.8.gz
 sserver.8.gz
@dir lib/krb5/plugins/authdata
@dir lib/krb5/plugins/libkrb5
@dir var/krb5kdc
@dir var/run/krb5kdc


[FILE:83:manifests/plist.nls]
share/locale/de/LC_MESSAGES/mit-krb5.mo
share/locale/en_US/LC_MESSAGES/mit-krb5.mo


[FILE:59:manifests/plist.examples]
share/examples/krb5/
 kdc.conf
 krb5.conf
 services.append


[FILE:271:patches/patch-clients_ksu_Makefile.in]
--- clients/ksu/Makefile.in.orig        2021-07-22 15:50:07 UTC
+++ clients/ksu/Makefile.in
@@ -30,6 +30,6 @@ clean:
 
 install:
        -for f in ksu; do \
-         $(INSTALL_SETUID) $$f \
+         $(INSTALL_PROGRAM) $$f \
                $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
        done


[FILE:804:patches/patch-config__pre.in]
--- config/pre.in.orig  2021-07-22 15:50:07 UTC
+++ config/pre.in
@@ -181,9 +181,9 @@ LIBS = @LIBS@
 INSTALL=@INSTALL@
 INSTALL_STRIP=
 INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
-INSTALL_SCRIPT=@INSTALL_PROGRAM@
+INSTALL_SCRIPT=@INSTALL_SCRIPT@
 INSTALL_DATA=@INSTALL_DATA@
-INSTALL_SHLIB=@INSTALL_SHLIB@
+INSTALL_SHLIB=$(INSTALL_LIB)
 INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
 ## This is needed because autoconf will sometimes define @exec_prefix@ to be
 ## ${prefix}.
@@ -205,6 +205,7 @@ PKGCONFIG_DIR = @libdir@/pkgconfig
 ADMIN_MANDIR = $(KRB5MANROOT)/man8
 SERVER_MANDIR = $(KRB5MANROOT)/man8
 CLIENT_MANDIR = $(KRB5MANROOT)/man1
+SUBR_MANDIR = $(KRB5MANROOT)/man3
 FILE_MANDIR = $(KRB5MANROOT)/man5
 ADMIN_CATDIR = $(KRB5MANROOT)/cat8
 SERVER_CATDIR = $(KRB5MANROOT)/cat8


[FILE:1349:patches/patch-config_shlib.conf]
--- config/shlib.conf.orig      2021-07-22 15:50:07 UTC
+++ config/shlib.conf
@@ -294,7 +294,7 @@ mips-*-netbsd*)
        PROFFLAGS=-pg
        ;;
 
-*-*-netbsd*)
+*-*-xxnetbsd*)
        PICFLAGS=-fPIC
        SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
        SHLIBEXT=.so
@@ -312,7 +312,7 @@ mips-*-netbsd*)
        PROFFLAGS=-pg
        ;;
 
-*-*-freebsd*)
+*-*-freebsd* | *-*-dragonfly* | *-*-netbsd*)
        case $krb5_cv_host in
                sparc64-*)
                        PICFLAGS=-fPIC
@@ -321,14 +321,15 @@ mips-*-netbsd*)
                        PICFLAGS=-fpic
                        ;;
        esac
-       SHLIBVEXT='.so.$(LIBMAJOR)'
-       RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
+       SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+       SHLIBSEXT='.so.$(LIBMAJOR)'
+       LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)'
+       RPATH_FLAG='-Wl,-rpath -Wl,'
        PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
        CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
        CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
        SHLIBEXT=.so
-       LDCOMBINE='ld -Bshareable'
-       SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
+       SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
        SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
        CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
        CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'


[FILE:243:patches/patch-include_gssrpc_rpc.h]
--- include/gssrpc/rpc.h.orig   2021-07-22 15:50:07 UTC
+++ include/gssrpc/rpc.h
@@ -39,6 +39,7 @@
 #ifndef GSSRPC_RPC_H
 #define GSSRPC_RPC_H
 
+#include <sys/socket.h>
 #include <gssrpc/types.h>              /* some typedefs */
 #include <netinet/in.h>
 


[FILE:2325:patches/patch-lib-krb5-os-localaddr.c]
--- lib/krb5/os/localaddr.c.orig        2021-07-22 15:50:07 UTC
+++ lib/krb5/os/localaddr.c
@@ -176,6 +176,7 @@ printaddr(struct sockaddr *sa)
 }
 #endif
 
+#if 0
 static int
 is_loopback_address(struct sockaddr *sa)
 {
@@ -192,6 +193,7 @@ is_loopback_address(struct sockaddr *sa)
         return 0;
     }
 }
+#endif
 
 #ifdef HAVE_IFADDRS_H
 #include <ifaddrs.h>
@@ -449,12 +451,14 @@ foreach_localaddr (/*@null@*/ void *data
             ifp->ifa_flags &= ~IFF_UP;
             continue;
         }
+#if 0
         if (is_loopback_address(ifp->ifa_addr)) {
             /* Pretend it's not up, so the second pass will skip
                it.  */
             ifp->ifa_flags &= ~IFF_UP;
             continue;
         }
+#endif
         /* If this address is a duplicate, punt.  */
         match = 0;
         for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
@@ -583,11 +587,13 @@ foreach_localaddr (/*@null@*/ void *data
             }
             /*@=moduncon@*/
 
+#if 0
             /* None of the current callers want loopback addresses.  */
             if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
                 Tprintf (("  loopback\n"));
                 goto skip;
             }
+#endif
             /* Ignore interfaces that are down.  */
             if ((lifreq.lifr_flags & IFF_UP) == 0) {
                 Tprintf (("  down\n"));
@@ -754,11 +760,13 @@ foreach_localaddr (/*@null@*/ void *data
             }
             /*@=moduncon@*/
 
+#if 0
             /* None of the current callers want loopback addresses.  */
             if (is_loopback_address(&lifr->iflr_addr)) {
                 Tprintf (("  loopback\n"));
                 goto skip;
             }
+#endif
             /* Ignore interfaces that are down.  */
             if ((lifreq.iflr_flags & IFF_UP) == 0) {
                 Tprintf (("  down\n"));
@@ -972,11 +980,13 @@ foreach_localaddr (/*@null@*/ void *data
         }
         /*@=moduncon@*/
 
+#if 0
         /* None of the current callers want loopback addresses.  */
         if (is_loopback_address(&ifreq.ifr_addr)) {
             Tprintf (("  loopback\n"));
             goto skip;
         }
+#endif
         /* Ignore interfaces that are down.  */
         if ((ifreq.ifr_flags & IFF_UP) == 0) {
             Tprintf (("  down\n"));


[FILE:525:patches/patch-lib_crypto_builtin_aes_brg__endian.h]
--- lib/crypto/builtin/aes/brg_endian.h.orig    2021-07-22 15:50:07 UTC
+++ lib/crypto/builtin/aes/brg_endian.h
@@ -35,6 +35,8 @@ Issue Date: 10/09/2018
 #  include <sys/isa_defs.h>
 #elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
 #  include <sys/endian.h>
+#elif defined( __DragonFly__)
+#  include <sys/endian.h>
 #elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
       defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
 #  include <machine/endian.h>


[FILE:857:patches/patch-lib_kdb_kdb__log.c]
$NetBSD: patch-lib_kdb_kdb__log.c,v 1.2 2020/04/09 10:57:05 adam Exp $

Fix mmap/munmap -Werror=incompatible-pointer-types

--- lib/kdb/kdb_log.c.orig      2021-07-22 15:50:07 UTC
+++ lib/kdb/kdb_log.c
@@ -498,7 +498,7 @@ ulog_map(krb5_context context, const cha
         }
     }
 
-    ulog = mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
+    ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
                 log_ctx->ulogfd, 0);
     if (ulog == MAP_FAILED) {
         retval = errno;
@@ -680,7 +680,11 @@ ulog_fini(krb5_context context)
     if (log_ctx == NULL)
         return;
     if (log_ctx->ulog != NULL)
+#ifdef __sun
+        munmap((caddr_t)log_ctx->ulog, MAXLOGLEN);
+#else
         munmap(log_ctx->ulog, MAXLOGLEN);
+#endif
     if (log_ctx->ulogfd != -1)
         close(log_ctx->ulogfd);
     free(log_ctx);


[FILE:506:patches/patch-patch-kprop_kproplog.c]
$NetBSD: patch-kprop_kproplog.c,v 1.1 2020/04/09 10:57:49 adam Exp $

Fix mmap -Werror=incompatible-pointer-types.

--- kprop/kproplog.c.orig       2021-07-22 15:50:07 UTC
+++ kprop/kproplog.c
@@ -412,7 +412,7 @@ map_ulog(const char *filename)
         return NULL;
     if (fstat(fd, &st) < 0)
         return NULL;
-    ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+    ulog = (kdb_hlog_t *)mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
     return (ulog == MAP_FAILED) ? NULL : ulog;
 }
 


[FILE:1247:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c]
--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-07-22 15:50:07 UTC
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -185,7 +185,8 @@ pkinit_pkcs11_code_to_text(int err);
     (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
+     defined(LIBRESSL_VERSION_NUMBER)
 
 /* 1.1 standardizes constructor and destructor names, renaming
  * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
@@ -245,6 +246,10 @@ static void compat_dh_get0_key(const DH
 
 #endif
 
+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name)
+#define static_ASN1_SEQUENCE_END_name  ASN1_SEQUENCE_END_name
+#endif
+
 static struct pkcs11_errstrings {
     short code;
     char *text;
@@ -2924,7 +2929,9 @@ cleanup:
     return retval;
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+     !defined(LIBRESSL_VERSION_NUMBER)) || \
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
 
 /*
  * We need to decode DomainParameters from RFC 3279 section 2.3.3.  We would


[FILE:528:patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h]
--- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2021-07-22 15:50:07 UTC
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.h
@@ -46,7 +46,9 @@
 #include <openssl/asn1.h>
 #include <openssl/pem.h>
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if ((defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+     !defined(LIBRESSL_VERSION_NUMBER)) || \
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20900000L)
 #include <openssl/asn1t.h>
 #else
 #include <openssl/asn1_mac.h>


[FILE:692:patches/patch-util_et_Makefile.in]
--- util/et/Makefile.in.orig    2021-07-22 15:50:07 UTC
+++ util/et/Makefile.in
@@ -111,12 +111,13 @@ check-windows: $(OUTPRE)test_et$(EXEEXT)
        path
        $(OUTPRE)test_et$(EXEEXT)
 
-install-unix: compile_et compile_et.1
+install-unix: compile_et compile_et.1 com_err.3
        $(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et
        test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir)
        $(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir)
        $(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir)
        $(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1
+       $(INSTALL_DATA) $(srcdir)/com_err.3 $(DESTDIR)$(SUBR_MANDIR)/com_err.3
 
 
 install-headers: compile_et


[FILE:496:files/kpropd.in]
#!/bin/sh
#
# PROVIDE: kpropd
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# kpropd_enable (bool):      Set to NO by default.
#                            Set it to YES to enable kpropd.
# kpropd_flags (str):        Set to "" by default.

. /etc/rc.subr

name=kpropd
rcvar=kpropd_enable

load_rc_config $name

: ${kpropd_enable:="NO"}
: ${kpropd_flags=""}

command=%%PREFIX%%/sbin/${name}

run_rc_command "$1"