author: Ryan Steinmetz <zi@FreeBSD.org> 2014-03-29 15:36:20 +0000
committer: Ryan Steinmetz <zi@FreeBSD.org> 2014-03-29 15:36:20 +0000
commit: 6bc3a87cc0634863e1fd3d155eb48a29cb9de3ed (patch)
tree: 0bf03231301941610a4f887d9b4a4d6ab0193620 /net
parent: ec04f124952488330da2bfdc62a20115adea639b (diff)
download: ports-6bc3a87cc0634863e1fd3d155eb48a29cb9de3ed.tar.gz
ports-6bc3a87cc0634863e1fd3d155eb48a29cb9de3ed.zip
8 files changed, 49 insertions, 1530 deletions
diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 4b3e860a5207..c47afeca1663 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	freeradius
-DISTVERSION=	3.0.1
-PORTREVISION=	2
+DISTVERSION=	3.0.2
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
 		ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -18,8 +17,8 @@ COMMENT=	A free RADIUS server implementation
 
 LICENSE=	GPLv2
 
-LIB_DEPENDS=	gdbm:${PORTSDIR}/databases/gdbm \
-		talloc:${PORTSDIR}/devel/talloc
+LIB_DEPENDS=	libgdbm.so:${PORTSDIR}/databases/gdbm \
+		libtalloc.so:${PORTSDIR}/devel/talloc
 
 LOGDIR?=	/var/log
 KRB5_CONFIG?=	/usr/bin/krb5-config --libs
@@ -84,11 +83,11 @@ ${UNIQUENAME}_SET+=	KERBEROS
 .if ${PORT_OPTIONS:MKERBEROS}
 .if ${PORT_OPTIONS:MHEIMDAL}
 .if ${PORT_OPTIONS:MHEIMDAL_PORT}
-LIB_DEPENDS+=	krb5:${PORTSDIR}/security/heimdal
+LIB_DEPENDS+=	libkrb5.so:${PORTSDIR}/security/heimdal
 .endif
 CONFIGURE_ARGS+=--enable-heimdal-krb5 --enable-pthread-support
 .else
-LIB_DEPENDS+=	krb5:${PORTSDIR}/security/krb5
+LIB_DEPENDS+=	libkrb5.so:${PORTSDIR}/security/krb5
 .endif
 CONFIGURE_ARGS+=--with-rlm_krb5
 .if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT)
@@ -147,7 +146,7 @@ PLIST_SUB+=	PGSQL="@comment "
 .if ${PORT_OPTIONS:MUNIXODBC}
 CONFIGURE_ARGS+=--with-rlm_sql_unixodbc
 PLIST_SUB+=	UNIXODBC=""
-LIB_DEPENDS+=	odbc:${PORTSDIR}/databases/unixODBC
+LIB_DEPENDS+=	libodbc.so:${PORTSDIR}/databases/unixODBC
 .else
 CONFIGURE_ARGS+=--without-rlm_sql_unixodbc
 PLIST_SUB+=	UNIXODBC="@comment "
@@ -202,7 +201,7 @@ EXPM=		yes
 .endif
 
 .if ${PORT_OPTIONS:MREDIS}
-LIB_DEPENDS+=	hiredis:${PORTSDIR}/databases/hiredis
+LIB_DEPENDS+=	libhiredis.so:${PORTSDIR}/databases/hiredis
 CONFIGURE_ARGS+=--with-rlm_redis --with-rlm_rediswho
 PLIST_SUB+=	RLMREDIS=""
 .else
@@ -217,8 +216,8 @@ EXPM=		yes
 
 .if ${PORT_OPTIONS:MREST}
 IGNORE=		requires devel/json-c to be updated to 0.11 to build with RESTful support
-LIB_DEPENDS+=	json:${PORTSDIR}/devel/json-c \
-    		curl:${PORTSDIR}/ftp/curl
+LIB_DEPENDS+=	libjson.so:${PORTSDIR}/devel/json-c \
+    		libcurl.so:${PORTSDIR}/ftp/curl
 CONFIGURE_ARGS+=--with-rlm_rest \
 		--with-libcurl=${LOCALBASE} \
 		--with-jsonc-lib-dir=${LOCALBASE}/lib \
@@ -235,7 +234,7 @@ EXPM=		yes
 .endif
 
 .if ${PORT_OPTIONS:MFREETDS}
-LIB_DEPENDS+=	tds:${PORTSDIR}/databases/freetds
+LIB_DEPENDS+=	libtds.so:${PORTSDIR}/databases/freetds
 CONFIGURE_ARGS+=--with-rlm_freetds
 PLIST_SUB+=	RLMFREETDS=""
 .else
@@ -249,7 +248,7 @@ EXPM=		yes
 .endif
 
 .if ${PORT_OPTIONS:MIDN}
-LIB_DEPENDS+=	idn:${PORTSDIR}/dns/libidn
+LIB_DEPENDS+=	libidn.so:${PORTSDIR}/dns/libidn
 CONFIGURE_ARGS+=--with-rlm_idn
 PLIST_SUB+=	RLMIDN=""
 .else
@@ -395,7 +394,6 @@ pre-install:
 		PRE-INSTALL
 
 post-install:
-	@${INSTALL_DATA} ${FILESDIR}/dictionary.cisco.asa ${DATADIR}
 # If ${PREFIX}/etc/raddb isn't a directory (or a symlink), make a copy
 # of ${EXAMPLESDIR}/raddb as ${PREFIX}/etc/raddb, then bootstrap the
 # certificates
diff --git a/net/freeradius3/distinfo b/net/freeradius3/distinfo
index a52bbe998abd..7192053fc2fd 100644
--- a/net/freeradius3/distinfo
+++ b/net/freeradius3/distinfo
@@ -1,2 +1,2 @@
-SHA256 (freeradius-server-3.0.1.tar.bz2) = bde926077fa520c71d2861cd1cc9abf5a3ce866e05f35ed5188a057c37fc002d
-SIZE (freeradius-server-3.0.1.tar.bz2) = 2635534
+SHA256 (freeradius-server-3.0.2.tar.bz2) = 20dc8d1ca9de9ed70ff63369aeec9100ca0ed9630d9d42f707bc3293cd259329
+SIZE (freeradius-server-3.0.2.tar.bz2) = 2657652
diff --git a/net/freeradius3/files/dictionary.cisco.asa b/net/freeradius3/files/dictionary.cisco.asa
deleted file mode 100644
index 493179a693b0..000000000000
--- a/net/freeradius3/files/dictionary.cisco.asa
+++ /dev/null
@@ -1,369 +0,0 @@
-# -*- text -*-
-# Copyright (C) 2013 The FreeRADIUS Server project and contributors
-#
-#        Cisco Adaptative Security Appliance (ASA) Dictionary
-#
-#       http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ref_extserver.html#wp1802187
-#
-#       $Id$
-#
-
-VENDOR		Cisco-ASA			3076
-
-BEGIN-VENDOR	Cisco-ASA
-
-ATTRIBUTE	ASA-Simultaneous-Logins			2	integer
-ATTRIBUTE	ASA-Primary-DNS				5	string
-ATTRIBUTE	ASA-Secondary-DNS			6	string
-ATTRIBUTE	ASA-Primary-WINS			7	string
-ATTRIBUTE	ASA-Secondary-WINS			8	string
-ATTRIBUTE	ASA-SEP-Card-Assignment			9	integer
-ATTRIBUTE	ASA-Tunneling-Protocols			11	integer
-ATTRIBUTE	ASA-IPsec-Sec-Association		12	string
-ATTRIBUTE	ASA-IPsec-Authentication		13	integer
-ATTRIBUTE	ASA-Banner1				15	string
-ATTRIBUTE	ASA-IPsec-Allow-Passwd-Store		16	integer
-ATTRIBUTE	ASA-Use-Client-Address			17	integer
-ATTRIBUTE	ASA-PPTP-Encryption			20	integer
-ATTRIBUTE	ASA-L2TP-Encryption			21	integer
-ATTRIBUTE	ASA-Group-Policy			25	string
-ATTRIBUTE	ASA-IPsec-Split-Tunnel-List		27	string
-ATTRIBUTE	ASA-IPsec-Default-Domain		28	string
-ATTRIBUTE	ASA-IPsec-Split-DNS-Names		29	string
-ATTRIBUTE	ASA-IPsec-Tunnel-Type			30	integer
-ATTRIBUTE	ASA-IPsec-Mode-Config			31	integer
-ATTRIBUTE	ASA-IPsec-Over-UDP			34	integer
-ATTRIBUTE	ASA-IPsec-Over-UDP-Port			35	integer
-ATTRIBUTE	ASA-Banner2				36	string
-ATTRIBUTE	ASA-PPTP-MPPC-Compression		37	integer
-ATTRIBUTE	ASA-L2TP-MPPC-Compression		38	integer
-ATTRIBUTE	ASA-IPsec-IP-Compression		39	integer
-ATTRIBUTE	ASA-IPsec-IKE-Peer-ID-Check		40	integer
-ATTRIBUTE	ASA-IKE-Keep-Alives			41	integer
-ATTRIBUTE	ASA-IPsec-Auth-On-Rekey			42	integer
-ATTRIBUTE	ASA-Required-Client-Firewall-Vendor-Code 45	integer
-ATTRIBUTE	ASA-Required-Client-Firewall-Product-Code 46	integer
-ATTRIBUTE	ASA-Required-Client-Firewall-Description 47	string
-ATTRIBUTE	ASA-Require-HW-Client-Auth		48	integer
-ATTRIBUTE	ASA-Required-Individual-User-Auth	49	integer
-ATTRIBUTE	ASA-Authenticated-User-Idle-Timeout	50	integer
-ATTRIBUTE	ASA-Cisco-IP-Phone-Bypass		51	integer
-ATTRIBUTE	ASA-IPsec-Split-Tunneling-Policy	55	integer
-ATTRIBUTE	ASA-IPsec-Required-Client-Firewall-Capability 56	integer
-ATTRIBUTE	ASA-IPsec-Client-Firewall-Filter-Name	57	string
-ATTRIBUTE	ASA-IPsec-Client-Firewall-Filter-Optional 58	integer
-ATTRIBUTE	ASA-IPsec-Backup-Servers		59	integer
-ATTRIBUTE	ASA-IPsec-Backup-Server-List		60	string
-ATTRIBUTE	ASA-DHCP-Network-Scope			61	string
-ATTRIBUTE	ASA-Intercept-DHCP-Configure-Msg	62	integer
-ATTRIBUTE	ASA-MS-Client-Subnet-Mask		63	integer
-ATTRIBUTE	ASA-Allow-Network-Extension-Mode	64	integer
-ATTRIBUTE	ASA-Authorization-Type			65	integer
-ATTRIBUTE	ASA-Authorization-Required		66	integer
-ATTRIBUTE	ASA-Authorization-DN-Field		67	string
-ATTRIBUTE	ASA-Authorization-DN-Field		67	string
-ATTRIBUTE	ASA-IKE-KeepAlive-Confidence-Interval	68	integer
-ATTRIBUTE	ASA-WebVPN-Content-Filter-Parameters	69	integer
-ATTRIBUTE	ASA-WebVPN-HTML-Filter			69	integer
-ATTRIBUTE	ASA-WebVPN-URL-List			71	string
-ATTRIBUTE	ASA-WebVPN-Port-Forwarding-List		72	string
-ATTRIBUTE	ASA-WebVPN-Access-List			73	string
-ATTRIBUTE	ASA-WebVPNACL				73	string
-ATTRIBUTE	ASA-WebVPN-HTTP-Proxy-IP-Address	74	string
-ATTRIBUTE	ASA-Cisco-LEAP-Bypass			75	integer
-ATTRIBUTE	ASA-WebVPN-Default-Homepage		76	string
-ATTRIBUTE	ASA-Client-Type-Version-Limiting	77	string
-ATTRIBUTE	ASA-WebVPN-Group-based-HTTP/HTTPS-Proxy-Exception-List	78	string
-ATTRIBUTE	ASA-WebVPN-Port-Forwarding-Name		79	string
-ATTRIBUTE	ASA-IE-Proxy-Server			80	string
-ATTRIBUTE	ASA-IE-Proxy-Server-Policy		81	integer
-ATTRIBUTE	ASA-IE-Proxy-Exception-List		82	string
-ATTRIBUTE	ASA-IE-Proxy-Bypass-Local		83	integer
-ATTRIBUTE	ASA-IKE-Keepalive-Retry-Interval	84	integer
-ATTRIBUTE	ASA-Tunnel-Group-Lock			85	string
-ATTRIBUTE	ASA-Access-List-Inbound			86	string
-ATTRIBUTE	ASA-Access-List-Outbound		87	string
-ATTRIBUTE	ASA-Perfect-Forward-Secrecy-Enable	88	integer
-ATTRIBUTE	ASA-NAC-Enable				89	integer
-ATTRIBUTE	ASA-NAC-Status-Query-Timer		90	integer
-ATTRIBUTE	ASA-NAC-Revalidation-Timer		91	integer
-ATTRIBUTE	ASA-NAC-Default-ACL			92	string
-ATTRIBUTE	ASA-WebVPN-URL-Entry-Enable		93	integer
-ATTRIBUTE	ASA-WebVPN-File-Access-Enable		94	integer
-ATTRIBUTE	ASA-WebVPN-File-Server-Entry-Enable	95	integer
-ATTRIBUTE	ASA-WebVPN-File-Server-Browsing-Enable	96	integer
-ATTRIBUTE	ASA-WebVPN-Port-Forwarding-Enable	97	integer
-ATTRIBUTE	ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable 98	integer
-ATTRIBUTE	ASA-WebVPN-Port-Forwarding-HTTP-Proxy	99	integer
-ATTRIBUTE	ASA-WebVPN-Citrix-Metaframe-Enable	101	integer
-ATTRIBUTE	ASA-WebVPN-Apply-ACL			102	integer
-ATTRIBUTE	ASA-WebVPN-SSL-VPN-Client-Enable	103	integer
-ATTRIBUTE	ASA-WebVPN-SSL-VPN-Client-Required	104	integer
-ATTRIBUTE	ASA-WebVPN-SSL-VPN-Client-Keep-Installation 105	integer
-ATTRIBUTE	ASA-SVC-Keepalive			107	integer
-ATTRIBUTE	ASA-WebVPN-SVC-Keepalive-Frequency	107	integer
-ATTRIBUTE	ASA-SVC-DPD-Interval-Client		108	integer
-ATTRIBUTE	ASA-WebVPN-SVC-Client-DPD-Frequency	108	integer
-ATTRIBUTE	ASA-SVC-DPD-Interval-Gateway		109	integer
-ATTRIBUTE	ASA-WebVPN-SVC-Gateway-DPD-Frequency	109	integer
-ATTRIBUTE	ASA-SVC-Rekey-Time			110	integer
-ATTRIBUTE	ASA-WebVPN-SVC-Rekey-Time		110	integer
-ATTRIBUTE	ASA-WebVPN-SVC-Rekey-Method		111	integer
-ATTRIBUTE	ASA-WebVPN-SVC-Compression		112	integer
-ATTRIBUTE	ASA-WebVPN-Customization		113	string
-ATTRIBUTE	ASA-WebVPN-SSO-Server-Name		114	string
-ATTRIBUTE	ASA-WebVPN-Deny-Message			116	string
-ATTRIBUTE	ASA-WebVPN-HTTP-Compression		120	integer
-ATTRIBUTE	ASA-WebVPN-Keepalive-Ignore		121	integer
-ATTRIBUTE	ASA-Extended-Authentication-On-Rekey	122	integer
-ATTRIBUTE	ASA-SVC-DTLS				123	integer
-ATTRIBUTE	ASA-WebVPN-SVC-DTLS-Enable		123	integer
-ATTRIBUTE	ASA-WebVPN-Auto-HTTP-Signon		124	string
-ATTRIBUTE	ASA-SVC-MTU				125	integer
-ATTRIBUTE	ASA-WebVPN-SVC-DTLS-MTU			125	integer
-ATTRIBUTE	ASA-WebVPN-Hidden-Shares		126	integer
-ATTRIBUTE	ASA-SVC-Modules				127	string
-ATTRIBUTE	ASA-SVC-Profiles			128	string
-ATTRIBUTE	ASA-SVC-Ask				131	integer
-ATTRIBUTE	ASA-SVC-Ask-Timeout			132	integer
-ATTRIBUTE	ASA-IE-Proxy-PAC-URL			133	string
-ATTRIBUTE	ASA-Strip-Realm				135	integer
-ATTRIBUTE	ASA-Smart-Tunnel			136	string
-ATTRIBUTE	ASA-WebVPN-Smart-Tunnel			136	string
-ATTRIBUTE	ASA-WebVPN-ActiveX-Relay		137	integer
-ATTRIBUTE	ASA-Smart-Tunnel-Auto			138	integer
-ATTRIBUTE	ASA-WebVPN-Smart-Tunnel-Auto-Start	138	integer
-ATTRIBUTE	ASA-Smart-Tunnel-Auto-Signon-Enable	139	string
-ATTRIBUTE	ASA-WebVPN-Smart-Tunnel-Auto-Sign-On	139	string
-ATTRIBUTE	ASA-VLAN				140	integer
-ATTRIBUTE	ASA-NAC-Settings			141	string
-ATTRIBUTE	ASA-Member-Of				145	string
-ATTRIBUTE	ASA-TunnelGroupName			146	string
-ATTRIBUTE	ASA-WebVPN-Idle-Timeout-Alert-Interval	148	integer
-ATTRIBUTE	ASA-WebVPN-Session-Timeout-Alert-Interval 149	integer
-ATTRIBUTE	ASA-ClientType				150	integer
-ATTRIBUTE	ASA-SessionType				151	integer
-ATTRIBUTE	ASA-SessionSubtype			152	integer
-ATTRIBUTE	ASA-WebVPN-Download_Max-Size		157	integer
-ATTRIBUTE	ASA-WebVPN-Upload-Max-Size		158	integer
-ATTRIBUTE	ASA-WebVPN-Post-Max-Size		159	integer
-ATTRIBUTE	ASA-WebVPN-User-Storage			160	string
-ATTRIBUTE	ASA-WebVPN-Storage-Objects		161	string
-ATTRIBUTE	ASA-WebVPN-Storage-Key			162	string
-ATTRIBUTE	ASA-WebVPN-VDI				163	string
-ATTRIBUTE	ASA-Address-Pools			217	string
-ATTRIBUTE	ASA-IPv6-Address-Pools			218	string
-ATTRIBUTE	ASA-IPv6-VPN-Filter			219	string
-ATTRIBUTE	ASA-Privilege-Level			220	integer
-ATTRIBUTE	ASA-WebVPN-UNIX-User-ID			221	integer
-ATTRIBUTE	ASA-WebVPN-UNIX-Group-ID		222	integer
-ATTRIBUTE	ASA-WebVPN-Macro-Substitution-Value1	223	string
-ATTRIBUTE	ASA-WebVPN-Macro-Substitution-Value2	224	string
-ATTRIBUTE	ASA-WebVPNSmart-Card-Removal-Disconnect	225	integer
-ATTRIBUTE	ASA-WebVPN-Smart-Tunnel-Tunnel-Policy	227	string
-ATTRIBUTE	ASA-WebVPN-Home-Page-Use-Smart-Tunnel	228	integer
-
-VALUE	ASA-Authorization-Required	No			0
-VALUE	ASA-Authorization-Required	Yes			1
-
-VALUE	ASA-Authorization-Type		None			0
-VALUE	ASA-Authorization-Type		Radius			1
-VALUE	ASA-Authorization-Type		LDAP			2
-
-VALUE	ASA-Cisco-IP-Phone-Bypass	Disabled		0
-VALUE	ASA-Cisco-IP-Phone-Bypass	Enabled			1
-
-VALUE	ASA-Cisco-LEAP-Bypass		Disabled		0
-VALUE	ASA-Cisco-LEAP-Bypass		Enabled			1
-
-VALUE	ASA-ClientType			Cisco-VPN-Client-IKEv1	1
-VALUE	ASA-ClientType			AnyConnect-Client-SSL-VPN 2
-VALUE	ASA-ClientType			Clientless-SSL-VPN	3
-VALUE	ASA-ClientType			Cut-Through-Proxy	4
-VALUE	ASA-ClientType			L2TP/IPsec-SSL-VPN	5
-VALUE	ASA-ClientType			AnyConnect-Client-IPSec-VPN-IKEv2 6
-
-VALUE	ASA-Extended-Authentication-On-Rekey Disabled		0
-VALUE	ASA-Extended-Authentication-On-Rekey Enabled		1
-
-VALUE	ASA-IE-Proxy-Bypass-Local	None			0
-VALUE	ASA-IE-Proxy-Bypass-Local	Local			1
-
-VALUE	ASA-IE-Proxy-Server-Policy	No-Modify		1
-VALUE	ASA-IE-Proxy-Server-Policy	No-Proxy		2
-VALUE	ASA-IE-Proxy-Server-Policy	Auto-detect		3
-VALUE	ASA-IE-Proxy-Server-Policy	Use-Concentrator-Setting 4
-
-VALUE	ASA-IKE-Keep-Alives		Disabled		0
-VALUE	ASA-IKE-Keep-Alives		Enabled			1
-
-VALUE	ASA-Allow-Network-Extension-Mode Disabled		0
-VALUE	ASA-Allow-Network-Extension-Mode Enabled		1
-
-VALUE	ASA-Intercept-DHCP-Configure-Msg Disabled		0
-VALUE	ASA-Intercept-DHCP-Configure-Msg Enabled		1
-
-VALUE	ASA-IPsec-Allow-Passwd-Store	Disabled		0
-VALUE	ASA-IPsec-Allow-Passwd-Store	Enabled			1
-
-VALUE	ASA-IPsec-Authentication	None			0
-VALUE	ASA-IPsec-Authentication	RADIUS			1
-VALUE	ASA-IPsec-Authentication	LDAP-Authorization-only	2
-VALUE	ASA-IPsec-Authentication	NT-Domain		3
-VALUE	ASA-IPsec-Authentication	SDI			4
-VALUE	ASA-IPsec-Authentication	Internal		5
-VALUE	ASA-IPsec-Authentication	RADIUS-with-Expiry	6
-VALUE	ASA-IPsec-Authentication	Kerberos/Active-Directory 7
-
-VALUE	ASA-IPsec-Auth-On-Rekey		Disabled		0
-VALUE	ASA-IPsec-Auth-On-Rekey		Enabled			1
-
-VALUE	ASA-IPsec-Backup-Servers	Use-Client-Configured-List 1
-VALUE	ASA-IPsec-Backup-Servers	Disable-and-clear-client-list 2
-VALUE	ASA-IPsec-Backup-Servers	Use-Backup-Server-List	3
-
-VALUE	ASA-IPsec-Client-Firewall-Filter-Optional Required	0
-VALUE	ASA-IPsec-Client-Firewall-Filter-Optional Optional	1
-
-VALUE	ASA-IPsec-IKE-Peer-ID-Check	Required		1
-VALUE	ASA-IPsec-IKE-Peer-ID-Check	If-Supported-By-Peer-Certificate 2
-VALUE	ASA-IPsec-IKE-Peer-ID-Check	Do-Not-Check		3
-
-VALUE	ASA-IPsec-IP-Compression	Disabled		0
-VALUE	ASA-IPsec-IP-Compression	Enabled			1
-
-VALUE	ASA-IPsec-Mode-Config		Disabled		0
-VALUE	ASA-IPsec-Mode-Config		Enabled			1
-
-VALUE	ASA-IPsec-Over-UDP		Disabled		0
-VALUE	ASA-IPsec-Over-UDP		Enabled			1
-
-VALUE	ASA-IPsec-Required-Client-Firewall-Capability None	0
-VALUE	ASA-IPsec-Required-Client-Firewall-Capability Policy-Remotely-Defined 1
-VALUE	ASA-IPsec-Required-Client-Firewall-Capability Policy-Pushed 2
-VALUE	ASA-IPsec-Required-Client-Firewall-Capability Policy-from-Server 4
-
-VALUE	ASA-IPsec-Split-Tunneling-Policy No-Split-Tunneling	0
-VALUE	ASA-IPsec-Split-Tunneling-Policy Split-Tunneling	1
-VALUE	ASA-IPsec-Split-Tunneling-Policy Local-LAN-Permitted	2
-
-VALUE	ASA-IPsec-Tunnel-Type		LAN-to-LAN		1
-VALUE	ASA-IPsec-Tunnel-Type		Remote-Access		2
-
-VALUE	ASA-L2TP-MPPC-Compression	Disabled		0
-VALUE	ASA-L2TP-MPPC-Compression	Enabled			1
-
-VALUE	ASA-NAC-Enable			No			0
-VALUE	ASA-NAC-Enable			Yes			1
-
-VALUE	ASA-Perfect-Forward-Secrecy-Enable No			0
-VALUE	ASA-Perfect-Forward-Secrecy-Enable Yes			1
-
-VALUE	ASA-PPTP-MPPC-Compression	Disabled		0
-VALUE	ASA-PPTP-MPPC-Compression	Enabled			1
-
-VALUE	ASA-Required-Client-Firewall-Vendor-Code Cisco-CIC	1
-VALUE	ASA-Required-Client-Firewall-Vendor-Code Zone-Labs	2
-VALUE	ASA-Required-Client-Firewall-Vendor-Code NetworkICE	3
-VALUE	ASA-Required-Client-Firewall-Vendor-Code Sygate		4
-VALUE	ASA-Required-Client-Firewall-Vendor-Code Cisco-IPSA	5
-
-VALUE	ASA-Required-Individual-User-Auth Disabled		0
-VALUE	ASA-Required-Individual-User-Auth Enabled		1
-
-VALUE	ASA-Require-HW-Client-Auth	Disabled		0
-VALUE	ASA-Require-HW-Client-Auth	Enabled			1
-
-VALUE	ASA-SessionSubtype		None			0
-VALUE	ASA-SessionSubtype		Clientless		1
-VALUE	ASA-SessionSubtype		Client			2
-VALUE	ASA-SessionSubtype		Client-Only		3
-
-VALUE	ASA-SessionType			None			0
-VALUE	ASA-SessionType			AnyConnect-Client-SSL-VPN 1
-VALUE	ASA-SessionType			AnyConnect-Client-IPSec-VPN/IKEv2 2
-VALUE	ASA-SessionType			Clientless-SSL-VPN	3
-VALUE	ASA-SessionType			Clientless-Email-Proxy	4
-VALUE	ASA-SessionType			Cisco-VPN-Client/IKEv1	5
-VALUE	ASA-SessionType			IKEv1-LAN-to-LAN	6
-VALUE	ASA-SessionType			IKEv2-LAN-to-LAN	7
-VALUE	ASA-SessionType			VPN-Load-Balancing	8
-
-VALUE	ASA-Smart-Tunnel-Auto		Disabled		0
-VALUE	ASA-Smart-Tunnel-Auto		Enabled			1
-VALUE	ASA-Smart-Tunnel-Auto		AutoStart		2
-
-VALUE	ASA-Strip-Realm			Disabled		0
-VALUE	ASA-Strip-Realm			Enabled			1
-
-VALUE	ASA-SVC-Ask			Disabled		0
-VALUE	ASA-SVC-Ask			Enabled			1
-VALUE	ASA-SVC-Ask			Enable-Default-Service	3
-VALUE	ASA-SVC-Ask			Enable-Default-Clientless 5
-
-VALUE	ASA-SVC-DTLS			FALSE			0
-VALUE	ASA-SVC-DTLS			TRUE			1
-
-VALUE	ASA-Use-Client-Address		Disabled		0
-VALUE	ASA-Use-Client-Address		Enabled			1
-
-VALUE	ASA-WebVPN-Apply-ACL		Disabled		0
-VALUE	ASA-WebVPN-Apply-ACL		Enabled			1
-
-VALUE	ASA-WebVPN-Citrix-Metaframe-Enable Disabled		0
-VALUE	ASA-WebVPN-Citrix-Metaframe-Enable Enabled		1
-
-VALUE	ASA-WebVPN-File-Access-Enable	Disabled		0
-VALUE	ASA-WebVPN-File-Access-Enable	Enabled			1
-
-VALUE	ASA-WebVPN-File-Server-Browsing-Enable Disabled		0
-VALUE	ASA-WebVPN-File-Server-Browsing-Enable Enabled		1
-
-VALUE	ASA-WebVPN-File-Server-Entry-Enable Disabled		0
-VALUE	ASA-WebVPN-File-Server-Entry-Enable Enabled		1
-
-VALUE	ASA-WebVPN-Hidden-Shares	None			0
-VALUE	ASA-WebVPN-Hidden-Shares	Visible			1
-
-VALUE	ASA-WebVPN-HTTP-Compression	Off			0
-VALUE	ASA-WebVPN-HTTP-Compression	Deflate-Compression	1
-
-VALUE	ASA-WebVPN-Port-Forwarding-Enable Disabled		0
-VALUE	ASA-WebVPN-Port-Forwarding-Enable Enabled		1
-
-VALUE	ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable Disabled 0
-VALUE	ASA-WebVPN-Port-Forwarding-Exchange-Proxy-Enable Enabled 1
-
-VALUE	ASA-WebVPN-Port-Forwarding-HTTP-Proxy Disabled		0
-VALUE	ASA-WebVPN-Port-Forwarding-HTTP-Proxy Enabled		1
-
-VALUE	ASA-WebVPNSmart-Card-Removal-Disconnect Disabled	0
-VALUE	ASA-WebVPNSmart-Card-Removal-Disconnect Enabled		1
-
-VALUE	ASA-WebVPN-Smart-Tunnel-Auto-Start Disabled		0
-VALUE	ASA-WebVPN-Smart-Tunnel-Auto-Start Enabled		1
-VALUE	ASA-WebVPN-Smart-Tunnel-Auto-Start AutoStart		2
-
-VALUE	ASA-WebVPN-SSL-VPN-Client-Enable Disabled		0
-VALUE	ASA-WebVPN-SSL-VPN-Client-Enable Enabled		1
-
-VALUE	ASA-WebVPN-SSL-VPN-Client-Keep-Installation Disabled	0
-VALUE	ASA-WebVPN-SSL-VPN-Client-Keep-Installation Enabled	1
-
-VALUE	ASA-WebVPN-SSL-VPN-Client-Required Disabled		0
-VALUE	ASA-WebVPN-SSL-VPN-Client-Required Enabled		1
-
-VALUE	ASA-WebVPN-SVC-DTLS-Enable	Disabled		0
-VALUE	ASA-WebVPN-SVC-DTLS-Enable	Enabled			1
-
-VALUE	ASA-WebVPN-SVC-Rekey-Method	Off			0
-VALUE	ASA-WebVPN-SVC-Rekey-Method	SSL			1
-VALUE	ASA-WebVPN-SVC-Rekey-Method	New-Tunnel		2
-
-VALUE	ASA-WebVPN-SVC-Compression	Off			0
-VALUE	ASA-WebVPN-SVC-Compression	Deflate-Compression	1
-
-VALUE	ASA-WebVPN-URL-Entry-Enable	Disabled		0
-VALUE	ASA-WebVPN-URL-Entry-Enable	Enabled			1
-
-END-VENDOR      Cisco-ASA
diff --git a/net/freeradius3/files/patch-rlm_krb5 b/net/freeradius3/files/patch-rlm_krb5
deleted file mode 100644
index ee61b51122e4..000000000000
--- a/net/freeradius3/files/patch-rlm_krb5
+++ /dev/null
@@ -1,1083 +0,0 @@
---- ./src/modules/rlm_krb5/configure.orig	2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/configure	2014-02-05 08:27:14.000000000 -0500
-@@ -1468,6 +1468,73 @@
- 
- } # ac_fn_c_try_link
- 
-+# ac_fn_c_check_func LINENO FUNC VAR
-+# ----------------------------------
-+# Tests whether FUNC exists, setting the cache variable VAR accordingly
-+ac_fn_c_check_func ()
-+{
-+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-+$as_echo_n "checking for $2... " >&6; }
-+if eval \${$3+:} false; then :
-+  $as_echo_n "(cached) " >&6
-+else
-+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h.  */
-+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
-+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-+#define $2 innocuous_$2
-+
-+/* System header to define __stub macros and hopefully few prototypes,
-+    which can conflict with char $2 (); below.
-+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-+    <limits.h> exists even on freestanding compilers.  */
-+
-+#ifdef __STDC__
-+# include <limits.h>
-+#else
-+# include <assert.h>
-+#endif
-+
-+#undef $2
-+
-+/* Override any GCC internal prototype to avoid an error.
-+   Use char because int might match the return type of a GCC
-+   builtin and then its argument prototype would still apply.  */
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+char $2 ();
-+/* The GNU C library defines this for functions which it implements
-+    to always fail with ENOSYS.  Some functions are actually named
-+    something starting with __ and the normal name is an alias.  */
-+#if defined __stub_$2 || defined __stub___$2
-+choke me
-+#endif
-+
-+int
-+main ()
-+{
-+return $2 ();
-+  ;
-+  return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+  eval "$3=yes"
-+else
-+  eval "$3=no"
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+    conftest$ac_exeext conftest.$ac_ext
-+fi
-+eval ac_res=\$$3
-+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-+$as_echo "$ac_res" >&6; }
-+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-+
-+} # ac_fn_c_check_func
-+
- # ac_fn_c_try_run LINENO
- # ----------------------
- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-@@ -2856,10 +2923,10 @@
- 					if test "$krb5_config" != 'not-found'; then
- 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5
- $as_echo_n "checking krb5-config CFLAGS... " >&6; }
--		SMART_CFLAGS=$($krb5_config --cflags)
--		SMART_CFLAGS=$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')
--		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_CFLAGS}" >&5
--$as_echo "${SMART_CFLAGS}" >&6; }
-+		SMART_CPPFLAGS=$($krb5_config --cflags)
-+		SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')
-+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5
-+$as_echo "\"$SMART_CPPFLAGS\"" >&6; }
- 
- 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5
- $as_echo_n "checking krb5-config LDFLAGS... " >&6; }
-@@ -2900,7 +2967,7 @@
- 
- 
- ac_safe=`echo "krb5.h" | sed 'y%./+-%__pm%'`
--old_CFLAGS="$CFLAGS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_include=
- smart_include_dir=
- 
-@@ -2908,7 +2975,7 @@
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
- $as_echo_n "checking for krb5.h in $try... " >&6; }
--    CFLAGS="$old_CFLAGS -isystem $try"
-+    CPPFLAGS="-isystem $try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-@@ -2937,7 +3004,7 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   done
--  CFLAGS="$old_CFLAGS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_include" = "x"; then
-@@ -3003,7 +3070,7 @@
-   for try in $smart_include_dir /usr/local/include /opt/include; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5
- $as_echo_n "checking for krb5.h in $try... " >&6; }
--    CFLAGS="$old_CFLAGS -isystem $try"
-+    CPPFLAGS="-isystem $try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-@@ -3032,13 +3099,13 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   done
--  CFLAGS="$old_CFLAGS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_include" != "x"; then
-   eval "ac_cv_header_$ac_safe=yes"
--  CFLAGS="$old_CFLAGS $smart_include"
--  SMART_CFLAGS="$SMART_CFLAGS $smart_include"
-+  CPPFLAGS="$smart_include $old_CPPFLAGS"
-+  SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
- 
- 		if test "$ac_cv_header_krb5_h" != "yes"; then
-@@ -3053,14 +3120,17 @@
- sm_func_safe=`echo "krb5_encrypt_data" | sed 'y%./+-%__p_%'`
- 
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
- 
- if test "x$smart_try_dir" != "x"; then
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
- $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
--    LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lk5crypto $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_encrypt_data();
-@@ -3074,7 +3144,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		 smart_lib="-L$try -lk5crypto -Wl,-rpath,$try"
-+		 smart_lib="-lk5crypto"
-+		 smart_ldflags="-L$try -Wl,-rpath,$try"
- 		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		 break
-@@ -3087,6 +3158,7 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" = "x"; then
-@@ -3178,7 +3250,8 @@
-   for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5
- $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; }
--    LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lk5crypto $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_encrypt_data();
-@@ -3192,7 +3265,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		  smart_lib="-L$try -lk5crypto -Wl,-rpath,$try"
-+		  smart_lib="-lk5crypto"
-+		  smart_ldflags="-L$try -Wl,-rpath,$try"
- 		  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		  break
-@@ -3205,12 +3279,13 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" != "x"; then
-   eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
--  LIBS="$smart_lib $old_LIBS"
--  SMART_LIBS="$smart_lib $SMART_LIBS"
-+  LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+  SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
- 		if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then
-@@ -3224,14 +3299,17 @@
- sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'`
- 
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
- 
- if test "x$smart_try_dir" != "x"; then
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
- $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; }
--    LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lcrypto $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char DH_new();
-@@ -3245,7 +3323,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		 smart_lib="-L$try -lcrypto -Wl,-rpath,$try"
-+		 smart_lib="-lcrypto"
-+		 smart_ldflags="-L$try -Wl,-rpath,$try"
- 		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		 break
-@@ -3258,6 +3337,7 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" = "x"; then
-@@ -3349,7 +3429,8 @@
-   for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5
- $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; }
--    LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lcrypto $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char DH_new();
-@@ -3363,7 +3444,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		  smart_lib="-L$try -lcrypto -Wl,-rpath,$try"
-+		  smart_lib="-lcrypto"
-+		  smart_ldflags="-L$try -Wl,-rpath,$try"
- 		  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		  break
-@@ -3376,12 +3458,13 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" != "x"; then
-   eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
--  LIBS="$smart_lib $old_LIBS"
--  SMART_LIBS="$smart_lib $SMART_LIBS"
-+  LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+  SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
- 			if test "x$ac_cv_lib_crypto_DH_new" = xyes; then
-@@ -3400,14 +3483,17 @@
- sm_func_safe=`echo "set_com_err_hook" | sed 'y%./+-%__p_%'`
- 
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
- 
- if test "x$smart_try_dir" != "x"; then
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
- $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
--    LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lcom_err $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char set_com_err_hook();
-@@ -3421,7 +3507,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		 smart_lib="-L$try -lcom_err -Wl,-rpath,$try"
-+		 smart_lib="-lcom_err"
-+		 smart_ldflags="-L$try -Wl,-rpath,$try"
- 		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		 break
-@@ -3434,6 +3521,7 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" = "x"; then
-@@ -3525,7 +3613,8 @@
-   for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5
- $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; }
--    LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lcom_err $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char set_com_err_hook();
-@@ -3539,7 +3628,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		  smart_lib="-L$try -lcom_err -Wl,-rpath,$try"
-+		  smart_lib="-lcom_err"
-+		  smart_ldflags="-L$try -Wl,-rpath,$try"
- 		  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		  break
-@@ -3552,12 +3642,13 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" != "x"; then
-   eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
--  LIBS="$smart_lib $old_LIBS"
--  SMART_LIBS="$smart_lib $SMART_LIBS"
-+  LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+  SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
- 		if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then
-@@ -3571,14 +3662,17 @@
- sm_func_safe=`echo "krb5_verify_user_opt" | sed 'y%./+-%__p_%'`
- 
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
- 
- if test "x$smart_try_dir" != "x"; then
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
--    LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lkrb5 $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_verify_user_opt();
-@@ -3592,7 +3686,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		 smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+		 smart_lib="-lkrb5"
-+		 smart_ldflags="-L$try -Wl,-rpath,$try"
- 		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		 break
-@@ -3605,6 +3700,7 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" = "x"; then
-@@ -3696,7 +3792,8 @@
-   for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; }
--    LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lkrb5 $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_verify_user_opt();
-@@ -3710,7 +3807,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		  smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+		  smart_lib="-lkrb5"
-+		  smart_ldflags="-L$try -Wl,-rpath,$try"
- 		  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		  break
-@@ -3723,12 +3821,13 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" != "x"; then
-   eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
--  LIBS="$smart_lib $old_LIBS"
--  SMART_LIBS="$smart_lib $SMART_LIBS"
-+  LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+  SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
- 		if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
-@@ -3742,14 +3841,17 @@
- sm_func_safe=`echo "krb5_get_init_creds_password" | sed 'y%./+-%__p_%'`
- 
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
- 
- if test "x$smart_try_dir" != "x"; then
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
--    LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lkrb5 $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_get_init_creds_password();
-@@ -3763,7 +3865,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		 smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+		 smart_lib="-lkrb5"
-+		 smart_ldflags="-L$try -Wl,-rpath,$try"
- 		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		 break
-@@ -3776,6 +3879,7 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" = "x"; then
-@@ -3867,7 +3971,8 @@
-   for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; }
--    LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lkrb5 $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_get_init_creds_password();
-@@ -3881,7 +3986,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		  smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+		  smart_lib="-lkrb5"
-+		  smart_ldflags="-L$try -Wl,-rpath,$try"
- 		  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		  break
-@@ -3894,12 +4000,13 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" != "x"; then
-   eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
--  LIBS="$smart_lib $old_LIBS"
--  SMART_LIBS="$smart_lib $SMART_LIBS"
-+  LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+  SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
- 			if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then
-@@ -3910,7 +4017,29 @@
- 	fi
- 
- 				LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
--	CFLAGS="${CFLAGS} ${SMART_CFLAGS}"
-+	CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+
-+				for ac_func in krb5_get_error_message krb5_free_error_string krb5_free_error_message
-+do :
-+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-+  cat >>confdefs.h <<_ACEOF
-+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-+_ACEOF
-+
-+fi
-+done
-+
-+	if test "x$ac_cv_func_krb5_get_error_message" == xyes; then
-+		krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE"
-+	fi
-+	if test "x$ac_cv_func_krb5_free_error_message" == xyes; then
-+		krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE"
-+	fi
-+	if test "x$ac_cv_func_krb5_free_error_string" == xyes; then
-+		krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING"
-+	fi
- 
- 				if test "$krb5threadsafe" != "no"; then
- 		krb5threadsafe=
-@@ -3921,14 +4050,17 @@
- sm_func_safe=`echo "krb5_is_thread_safe" | sed 'y%./+-%__p_%'`
- 
- old_LIBS="$LIBS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_lib=
-+smart_ldflags=
- smart_lib_dir=
- 
- if test "x$smart_try_dir" != "x"; then
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
--    LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lkrb5 $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_is_thread_safe();
-@@ -3942,7 +4074,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		 smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+		 smart_lib="-lkrb5"
-+		 smart_ldflags="-L$try -Wl,-rpath,$try"
- 		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		 break
-@@ -3955,6 +4088,7 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" = "x"; then
-@@ -4046,7 +4180,8 @@
-   for try in $smart_lib_dir /usr/local/lib /opt/lib; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5
- $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; }
--    LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try"
-+    LIBS="-lkrb5 $old_LIBS"
-+    CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- extern char krb5_is_thread_safe();
-@@ -4060,7 +4195,8 @@
- _ACEOF
- if ac_fn_c_try_link "$LINENO"; then :
- 
--		  smart_lib="-L$try -lkrb5 -Wl,-rpath,$try"
-+		  smart_lib="-lkrb5"
-+		  smart_ldflags="-L$try -Wl,-rpath,$try"
- 		  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
- 		  break
-@@ -4073,12 +4209,13 @@
-     conftest$ac_exeext conftest.$ac_ext
-   done
-   LIBS="$old_LIBS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_lib" != "x"; then
-   eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
--  LIBS="$smart_lib $old_LIBS"
--  SMART_LIBS="$smart_lib $SMART_LIBS"
-+  LIBS="$smart_ldflags $smart_lib $old_LIBS"
-+  SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
- 		if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then
-@@ -4118,7 +4255,7 @@
- 
- 
- ac_safe=`echo "com_err.h" | sed 'y%./+-%__pm%'`
--old_CFLAGS="$CFLAGS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_include=
- smart_include_dir=
- 
-@@ -4126,7 +4263,7 @@
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
- $as_echo_n "checking for com_err.h in $try... " >&6; }
--    CFLAGS="$old_CFLAGS -isystem $try"
-+    CPPFLAGS="-isystem $try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-@@ -4155,7 +4292,7 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   done
--  CFLAGS="$old_CFLAGS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_include" = "x"; then
-@@ -4221,7 +4358,7 @@
-   for try in $smart_include_dir /usr/local/include /opt/include; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5
- $as_echo_n "checking for com_err.h in $try... " >&6; }
--    CFLAGS="$old_CFLAGS -isystem $try"
-+    CPPFLAGS="-isystem $try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-@@ -4250,20 +4387,20 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   done
--  CFLAGS="$old_CFLAGS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_include" != "x"; then
-   eval "ac_cv_header_$ac_safe=yes"
--  CFLAGS="$old_CFLAGS $smart_include"
--  SMART_CFLAGS="$SMART_CFLAGS $smart_include"
-+  CPPFLAGS="$smart_include $old_CPPFLAGS"
-+  SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
- 
- 		if test "$ac_cv_header_com_err_h" != "yes"; then
- 
- 
- ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'`
--old_CFLAGS="$CFLAGS"
-+old_CPPFLAGS="$CPPFLAGS"
- smart_include=
- smart_include_dir=
- 
-@@ -4271,7 +4408,7 @@
-   for try in $smart_try_dir; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
- $as_echo_n "checking for et/com_err.h in $try... " >&6; }
--    CFLAGS="$old_CFLAGS -isystem $try"
-+    CPPFLAGS="-isystem $try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-@@ -4300,7 +4437,7 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   done
--  CFLAGS="$old_CFLAGS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_include" = "x"; then
-@@ -4366,7 +4503,7 @@
-   for try in $smart_include_dir /usr/local/include /opt/include; do
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5
- $as_echo_n "checking for et/com_err.h in $try... " >&6; }
--    CFLAGS="$old_CFLAGS -isystem $try"
-+    CPPFLAGS="-isystem $try $old_CPPFLAGS"
-     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-@@ -4395,13 +4532,13 @@
- fi
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   done
--  CFLAGS="$old_CFLAGS"
-+  CPPFLAGS="$old_CPPFLAGS"
- fi
- 
- if test "x$smart_include" != "x"; then
-   eval "ac_cv_header_$ac_safe=yes"
--  CFLAGS="$old_CFLAGS $smart_include"
--  SMART_CFLAGS="$SMART_CFLAGS $smart_include"
-+  CPPFLAGS="$smart_include $old_CPPFLAGS"
-+  SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
- fi
- 
- 			if test "$ac_cv_header_et_com_err_h" != "yes"; then
-@@ -4431,8 +4568,8 @@
- 	fi
- fi
- 
--mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}"
--mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}"
-+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
-+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
- 
- 
- 
---- ./src/modules/rlm_krb5/configure.ac.orig	2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/configure.ac	2014-02-05 08:27:14.000000000 -0500
-@@ -31,9 +31,9 @@
- 	dnl #
- 	if test "$krb5_config" != 'not-found'; then
- 		AC_MSG_CHECKING([krb5-config CFLAGS])
--		SMART_CFLAGS=$($krb5_config --cflags)
--		SMART_CFLAGS=[$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')]
--		AC_MSG_RESULT(${SMART_CFLAGS})
-+		SMART_CPPFLAGS=$($krb5_config --cflags)
-+		SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')]
-+		AC_MSG_RESULT("$SMART_CPPFLAGS")
- 
- 		AC_MSG_CHECKING([krb5-config LDFLAGS])
- 		SMART_LIBS=$($krb5_config --libs)
-@@ -111,7 +111,21 @@
- 	dnl # Need to ensure the test program(s) link against the right library
- 	dnl #
- 	LDFLAGS="${LDFLAGS} ${SMART_LIBS}"
--	CFLAGS="${CFLAGS} ${SMART_CFLAGS}"
-+	CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}"
-+
-+	dnl #
-+	dnl # Check how to free things returned by krb5_get_error_message
-+	dnl #
-+	AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message])
-+	if test "x$ac_cv_func_krb5_get_error_message" == xyes; then
-+		krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE"
-+	fi
-+	if test "x$ac_cv_func_krb5_free_error_message" == xyes; then
-+		krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE"
-+	fi
-+	if test "x$ac_cv_func_krb5_free_error_string" == xyes; then
-+		krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING"
-+	fi
- 
- 	dnl #
- 	dnl # Only check if version checks have not found kerberos to be thread unsafe
-@@ -160,8 +174,8 @@
- 	fi
- fi
- 
--mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}"
--mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}"
-+mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS"
-+mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS"
- 
- AC_SUBST(mod_ldflags)
- AC_SUBST(mod_cflags)
---- ./src/modules/rlm_krb5/krb5.c.orig	2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/krb5.c	2014-02-05 08:27:22.000000000 -0500
-@@ -15,19 +15,19 @@
-  */
- 
- /**
-- * $Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $
-+ * $Id: dbe33449063caf68e2299b99acb57fd4678f77c8 $
-  * @file krb5.h
-  * @brief Context management functions for rlm_krb5
-  *
-  * @copyright 2013  The FreeRADIUS server project
-  * @copyright 2013  Arran Cudbard-Bell <a.cudbardb@freeradius.org>
-  */
--RCSID("$Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $")
-+RCSID("$Id: dbe33449063caf68e2299b99acb57fd4678f77c8 $")
- 
- #include <freeradius-devel/radiusd.h>
- #include "krb5.h"
- 
--#ifdef HEIMDAL_KRB5
-+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
- #  define KRB5_STRERROR_BUFSIZE (2048)
- 
- fr_thread_local_setup(char *, krb5_error_buffer)	/* macro */
-@@ -60,7 +60,7 @@
- 
- 		ret = fr_thread_local_set(krb5_error_buffer, buffer);
- 		if (ret != 0) {
--			ERROR("Failed setting up TLS for krb5 error buffer: %s", fr_syserror(ret));
-+			ERROR("Failed setting up TLS for krb5 error buffer: %s", strerror(ret));
- 			free(buffer);
- 			return NULL;
- 		}
-@@ -69,7 +69,18 @@
- 	msg = krb5_get_error_message(context, code);
- 	if (msg) {
- 		strlcpy(buffer, msg, KRB5_STRERROR_BUFSIZE);
-+#ifdef HAVE_KRB5_FREE_ERROR_MESSAGE
- 		krb5_free_error_message(context, msg);
-+#elif defined(HAVE_KRB5_FREE_ERROR_STRING)
-+		{
-+			char *free;
-+
-+			memcpy(&free, &msg, sizeof(free));
-+			krb5_free_error_string(context, free);
-+		}
-+#else
-+#  error "No way to free error strings, missing krb5_free_error_message() and krb5_free_error_string()"
-+#endif
- 	} else {
- 		strlcpy(buffer, "Unknown error", KRB5_STRERROR_BUFSIZE);
- 	}
-@@ -102,6 +113,13 @@
- 	if (conn->keytab) {
- 		krb5_kt_close(conn->context, conn->keytab);
- 	}
-+
-+#ifdef HEIMDAL_KRB5
-+	if (conn->ccache) {
-+		krb5_cc_destroy(conn->context, conn->ccache);
-+	}
-+#endif
-+
- 	return 0;
- }
- 
-@@ -140,14 +158,13 @@
- 	}
- 
- #ifdef HEIMDAL_KRB5
--	/*
--	 *	Setup krb5_verify_user options
--	 *
--	 *	Not entirely sure this is necessary, but as we use context
--	 *	to get the cache handle, we probably do have to do this with
--	 *	the cloned context.
--	 */
--	krb5_cc_default(conn->context, &conn->ccache);
-+	ret = krb5_cc_new_unique(conn->context, "MEMORY", NULL, &conn->ccache);
-+	if (ret) {
-+		ERROR("rlm_krb5 (%s): Credential cache creation failed: %s", inst->xlat_name,
-+		      rlm_krb5_error(conn->context, ret));
-+
-+		return NULL;
-+	}
- 
- 	krb5_verify_opt_init(&conn->options);
- 	krb5_verify_opt_set_ccache(&conn->options, conn->ccache);
---- ./src/modules/rlm_krb5/krb5.h.orig	2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/krb5.h	2014-02-05 08:27:14.000000000 -0500
-@@ -15,14 +15,14 @@
-  */
- 
- /**
-- * $Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $
-+ * $Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $
-  * @file krb5.h
-  * @brief types and function signatures for rlm_krb5.
-  *
-  * @copyright 2013  The FreeRADIUS server project
-  * @copyright 2013  Arran Cudbard-Bell <a.cudbardb@freeradius.org>
-  */
--RCSIDH(krb5_h, "$Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $")
-+RCSIDH(krb5_h, "$Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $")
- 
- #if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H)
- #  undef KRB5_IS_THREAD_SAFE
-@@ -79,7 +79,7 @@
-  *	MIT Kerberos uses comm_err, so the macro just expands to a call
-  *	to error_message.
-  */
--#ifndef HEIMDAL_KRB5
-+#ifndef HAVE_KRB5_GET_ERROR_MESSAGE
- #  ifdef ET_COMM_ERR
- #    include <et/com_err.h>
- #  else
---- ./src/modules/rlm_krb5/rlm_krb5.c.orig	2014-01-13 20:13:56.000000000 -0500
-+++ ./src/modules/rlm_krb5/rlm_krb5.c	2014-02-05 08:27:14.000000000 -0500
-@@ -15,7 +15,7 @@
-  */
- 
- /**
-- * $Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $
-+ * $Id: 1f7833cc2ad4d507871cb4ad2d08c009dafe2144 $
-  * @file rlm_krb5.c
-  * @brief Authenticate users, retrieving their TGT from a Kerberos V5 TDC.
-  *
-@@ -24,7 +24,7 @@
-  * @copyright 2000  Nathan Neulinger <nneul@umr.edu>
-  * @copyright 2000  Alan DeKok <aland@ox.org>
-  */
--RCSID("$Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $")
-+RCSID("$Id: 1f7833cc2ad4d507871cb4ad2d08c009dafe2144 $")
- 
- #include <freeradius-devel/radiusd.h>
- #include <freeradius-devel/modules.h>
-@@ -82,15 +82,33 @@
- 	DEBUG("Using MIT Kerberos library");
- #endif
- 
--#ifndef KRB5_IS_THREAD_SAFE
-+
- 	if (!krb5_is_thread_safe()) {
--		DEBUGI("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled");
-+/*
-+ *	rlm_krb5 was built as threadsafe
-+ */
-+#ifdef KRB5_IS_THREAD_SAFE
-+		ERROR("Build time libkrb5 was threadsafe, but run time library claims not to be");
-+		ERROR("Modify runtime linker path (LD_LIBRARY_PATH on most systems), to prefer threadsafe libkrb5");
-+		return -1;
-+/*
-+ *	rlm_krb5 was not built as threadsafe
-+ */
-+#else
-+		WDEBUG("libkrb5 is not threadsafe, recompile it with thread support enabled ("
-+#  ifdef HEIMDAL_KRB5
-+		       "--enable-pthread-support"
-+#  else
-+		       "--disable-thread-support=no"
-+#  endif
-+		       ")");
- 		WDEBUG("rlm_krb5 will run in single threaded mode, performance may be degraded");
- 	} else {
- 		WDEBUG("Build time libkrb5 was not threadsafe, but run time library claims to be");
- 		WDEBUG("Reconfigure and recompile rlm_krb5 to enable thread support");
--	}
- #endif
-+	}
-+
- 	inst->xlat_name = cf_section_name2(conf);
- 	if (!inst->xlat_name) {
- 		inst->xlat_name = cf_section_name1(conf);
-@@ -277,6 +295,40 @@
- 	return RLM_MODULE_OK;
- }
- 
-+/** Log error message and return appropriate rcode
-+ *
-+ * Translate kerberos error codes into return codes.
-+ * @param request Current request.
-+ * @param ret code from kerberos.
-+ * @param conn used in the last operation.
-+ */
-+static rlm_rcode_t krb5_process_error(REQUEST *request, rlm_krb5_handle_t *conn, int ret)
-+{
-+	rad_assert(ret != 0);
-+	rad_assert(conn);	/* Silences warnings */
-+
-+	switch (ret) {
-+	case KRB5_LIBOS_BADPWDMATCH:
-+	case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-+		REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+		return RLM_MODULE_REJECT;
-+
-+	case KRB5KDC_ERR_KEY_EXP:
-+	case KRB5KDC_ERR_CLIENT_REVOKED:
-+	case KRB5KDC_ERR_SERVICE_REVOKED:
-+		REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+		return RLM_MODULE_USERLOCK;
-+
-+	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-+		RDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+		return RLM_MODULE_NOTFOUND;
-+
-+	default:
-+		REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret));
-+		return RLM_MODULE_FAIL;
-+	}
-+}
-+
- #ifdef HEIMDAL_KRB5
- 
- /*
-@@ -316,34 +368,10 @@
- 	 */
- 	ret = krb5_verify_user_opt(conn->context, client, request->password->vp_strvalue, &conn->options);
- 	if (ret) {
--		switch (ret) {
--		case KRB5_LIBOS_BADPWDMATCH:
--		case KRB5KRB_AP_ERR_BAD_INTEGRITY:
--			REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_REJECT;
--			break;
--
--		case KRB5KDC_ERR_KEY_EXP:
--		case KRB5KDC_ERR_CLIENT_REVOKED:
--		case KRB5KDC_ERR_SERVICE_REVOKED:
--			REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_USERLOCK;
--			break;
--
--		case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
--			RDEBUG("User not found: %s (%i)", ret, rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_NOTFOUND;
--
--		default:
--			REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_FAIL;
--			break;
--		}
--
--		goto cleanup;
-+		rcode =  krb5_process_error(request, conn, ret);
- 	}
- 
--	cleanup:
-+cleanup:
- 	if (client) {
- 		krb5_free_principal(conn->context, client);
- 	}
-@@ -401,45 +429,20 @@
- 	 * 	Retrieve the TGT from the TGS/KDC and check we can decrypt it.
- 	 */
- 	memcpy(&password, &request->password->vp_strvalue, sizeof(password));
-+	RDEBUG("Retrieving and decrypting TGT");
- 	ret = krb5_get_init_creds_password(conn->context, &init_creds, client, password,
- 					   NULL, NULL, 0, NULL, inst->gic_options);
- 	if (ret) {
--		error:
--		switch (ret) {
--		case KRB5_LIBOS_BADPWDMATCH:
--		case KRB5KRB_AP_ERR_BAD_INTEGRITY:
--			REDEBUG("Provided password was incorrect (%i): %s", ret, rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_REJECT;
--			break;
--
--		case KRB5KDC_ERR_KEY_EXP:
--		case KRB5KDC_ERR_CLIENT_REVOKED:
--		case KRB5KDC_ERR_SERVICE_REVOKED:
--			REDEBUG("Account has been locked out (%i): %s", ret, rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_USERLOCK;
--			break;
--
--		case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
--			REDEBUG("User not found (%i): %s", ret,  rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_NOTFOUND;
--			break;
--
--		default:
--			REDEBUG("Error retrieving or verifying credentials (%i): %s", ret,
--				rlm_krb5_error(conn->context, ret));
--			rcode = RLM_MODULE_FAIL;
--			break;
--		}
--
--		goto cleanup;
-+		rcode = krb5_process_error(request, conn, ret);
- 	}
- 
--	RDEBUG("Successfully retrieved and decrypted TGT");
--
-+	RDEBUG("Attempting to authenticate against service principal");
- 	ret = krb5_verify_init_creds(conn->context, &init_creds, inst->server, conn->keytab, NULL, inst->vic_options);
--	if (ret) goto error;
-+	if (ret) {
-+		rcode = krb5_process_error(request, conn, ret);
-+	}
- 
--	cleanup:
-+cleanup:
- 	if (client) {
- 		krb5_free_principal(conn->context, client);
- 	}
diff --git a/net/freeradius3/files/patch-src__lib__udpfromto.c b/net/freeradius3/files/patch-src__lib__udpfromto.c
new file mode 100644
index 000000000000..f145db90dfdf
--- /dev/null
+++ b/net/freeradius3/files/patch-src__lib__udpfromto.c
@@ -0,0 +1,11 @@
+--- ./src/lib/udpfromto.c.orig	2014-03-21 08:27:25.000000000 -0400
++++ ./src/lib/udpfromto.c	2014-03-29 09:59:57.000000000 -0400
+@@ -316,7 +316,7 @@
+ 		break;
+ 
+ 	case AF_INET6:
+-		if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr))) {
++		if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) {
+ 			from = NULL;
+ 		}
+ 		break;
diff --git a/net/freeradius3/files/patch-src__lib__valuepair.c b/net/freeradius3/files/patch-src__lib__valuepair.c
new file mode 100644
index 000000000000..45a070df4363
--- /dev/null
+++ b/net/freeradius3/files/patch-src__lib__valuepair.c
@@ -0,0 +1,11 @@
+--- ./src/lib/valuepair.c.orig	2014-03-29 10:01:05.000000000 -0400
++++ ./src/lib/valuepair.c	2014-03-29 10:01:14.000000000 -0400
+@@ -2331,7 +2331,7 @@
+  */
+ int paircmp_op(VALUE_PAIR const *one, FR_TOKEN op, VALUE_PAIR const *two)
+ {
+-	int compare;
++	int compare = 0;
+ 
+ 	VERIFY_VP(one);
+ 	VERIFY_VP(two);
diff --git a/net/freeradius3/files/patch-udpfromtofix b/net/freeradius3/files/patch-udpfromtofix
deleted file mode 100644
index 4511fee3c705..000000000000
--- a/net/freeradius3/files/patch-udpfromtofix
+++ /dev/null
@@ -1,61 +0,0 @@
-From d51c75c1ce24dbbb1045b1e72a3c89729ca91016 Mon Sep 17 00:00:00 2001
-From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
-Date: Tue, 28 Jan 2014 14:25:19 +0000
-Subject: [PATCH] Don't use IP_SENDSRCADDR (in sendfromto) if on FreeBSD and
- the socket were using is bound to a specific IP
-
-FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used with a socket which is bound to something other than INADDR_ANY.
----
- src/lib/udpfromto.c | 31 ++++++++++++++++++++++++++++++-
- 1 file changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/src/lib/udpfromto.c b/src/lib/udpfromto.c
-index 680e354..b022136 100644
---- src/lib/udpfromto.c
-+++ src/lib/udpfromto.c
-@@ -292,12 +292,41 @@ int sendfromto(int s, void *buf, size_t len, int flags,
- 	struct iovec iov;
- 	char cbuf[256];
- 
--#if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO)
-+#ifdef __FreeBSD__
-+	/*
-+	 *	FreeBSD is extra pedantic about the use of IP_SENDSRCADDR,
-+	 *	and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used
-+	 *	with a socket which is bound to something other than
-+	 *	INADDR_ANY
-+	 */
-+	struct sockaddr bound;
-+	socklen_t bound_len = sizeof(bound);
-+
-+	if (getsockname(s, &bound, &bound_len) < 0) {
-+		return -1;
-+	}
-+
-+	switch (bound.sa_family) {
-+	case AF_INET:
-+		if (((struct sockaddr_in *) &bound)->sin_addr.s_addr != INADDR_ANY) {
-+			from = NULL;
-+		}
-+		break;
-+
-+	case AF_INET6:
-+		if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) {
-+			from = NULL;
-+		}
-+		break;
-+	}
-+#else
-+#  if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO)
- 	/*
- 	 *	If the sendmsg() flags aren't defined, fall back to
- 	 *	using sendto().
- 	 */
- 	from = NULL;
-+#  endif
- #endif
- 
- 	/*
--- 
-1.8.5.1
-
diff --git a/net/freeradius3/pkg-plist b/net/freeradius3/pkg-plist
index 90a2f7111b4b..ee4be94e69f5 100644
--- a/net/freeradius3/pkg-plist
+++ b/net/freeradius3/pkg-plist
@@ -218,6 +218,9 @@ bin/smbencrypt
 %%LIBDIR%%/rlm_unix.a
 %%LIBDIR%%/rlm_unix.la
 %%LIBDIR%%/rlm_unix.so
+%%LIBDIR%%/rlm_unpack.a
+%%LIBDIR%%/rlm_unpack.la
+%%LIBDIR%%/rlm_unpack.so
 %%LIBDIR%%/rlm_utf8.a
 %%LIBDIR%%/rlm_utf8.la
 %%LIBDIR%%/rlm_utf8.so
@@ -398,6 +401,7 @@ include/freeradius/udpfromto.h
 %%DATADIR%%/dictionary.3gpp2
 %%DATADIR%%/dictionary.acc
 %%DATADIR%%/dictionary.acme
+%%DATADIR%%/dictionary.actelis
 %%DATADIR%%/dictionary.aerohive
 %%DATADIR%%/dictionary.airespace
 %%DATADIR%%/dictionary.alcatel
@@ -419,6 +423,7 @@ include/freeradius/udpfromto.h
 %%DATADIR%%/dictionary.audiocodes
 %%DATADIR%%/dictionary.bay
 %%DATADIR%%/dictionary.bintec
+%%DATADIR%%/dictionary.bluecoat
 %%DATADIR%%/dictionary.bristol
 %%DATADIR%%/dictionary.broadsoft
 %%DATADIR%%/dictionary.bskyb
@@ -447,6 +452,7 @@ include/freeradius/udpfromto.h
 %%DATADIR%%/dictionary.ericsson
 %%DATADIR%%/dictionary.erx
 %%DATADIR%%/dictionary.extreme
+%%DATADIR%%/dictionary.equallogic
 %%DATADIR%%/dictionary.f5
 %%DATADIR%%/dictionary.fdxtended
 %%DATADIR%%/dictionary.fortinet
@@ -602,12 +608,15 @@ include/freeradius/udpfromto.h
 %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite/queries.conf
 %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite/schema.sql
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle/schema.sql
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql/queries.conf
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql/schema.sql
-%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/msqlippool.txt
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/queries.conf
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/schema.sql
+%%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/oracle/procedures.sql
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/postgresql/queries.conf
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/postgresql/schema.sql
 %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/sqlite/queries.conf
@@ -721,6 +730,7 @@ include/freeradius/udpfromto.h
 %%EXAMPLESDIR%%/raddb/mods-available/ntlm_auth
 %%EXAMPLESDIR%%/raddb/mods-available/realm
 %%EXAMPLESDIR%%/raddb/mods-available/unix
+%%EXAMPLESDIR%%/raddb/mods-available/unpack
 %%EXAMPLESDIR%%/raddb/mods-available/cui
 %%EXAMPLESDIR%%/raddb/mods-available/idn
 %%EXAMPLESDIR%%/raddb/mods-available/expiration
@@ -752,6 +762,7 @@ include/freeradius/udpfromto.h
 %%EXAMPLESDIR%%/raddb/mods-enabled/soh
 %%EXAMPLESDIR%%/raddb/mods-enabled/sradutmp
 %%EXAMPLESDIR%%/raddb/mods-enabled/unix
+%%EXAMPLESDIR%%/raddb/mods-enabled/unpack
 %%EXAMPLESDIR%%/raddb/mods-enabled/utf8
 %%EXAMPLESDIR%%/raddb/policy.d/accounting
 %%EXAMPLESDIR%%/raddb/policy.d/canonicalization
@@ -791,6 +802,7 @@ include/freeradius/udpfromto.h
 %%EXAMPLESDIR%%/raddb/dictionary
 %%EXAMPLESDIR%%/raddb/templates.conf
 %%EXAMPLESDIR%%/raddb/experimental.conf
+%%EXAMPLESDIR%%/raddb/panic.gdb
 %%EXAMPLESDIR%%/raddb/proxy.conf
 %%EXAMPLESDIR%%/raddb/radiusd.conf
 %%EXAMPLESDIR%%/raddb/huntgroups
@@ -818,6 +830,7 @@ include/freeradius/udpfromto.h
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool/mysql
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/sqlite
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/mysql
+@dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp/oracle
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool-dhcp
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/ippool
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/cui/sqlite
@@ -829,7 +842,6 @@ include/freeradius/udpfromto.h
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/counter/sqlite
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql/counter
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/sql
-@dirrm %%EXAMPLESDIR%%/raddb/mods-config/python
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/preprocess
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/perl
 @dirrm %%EXAMPLESDIR%%/raddb/mods-config/files
author	Ryan Steinmetz <zi@FreeBSD.org>	2014-03-29 15:36:20 +0000
committer	Ryan Steinmetz <zi@FreeBSD.org>	2014-03-29 15:36:20 +0000
commit	6bc3a87cc0634863e1fd3d155eb48a29cb9de3ed (patch)
tree	0bf03231301941610a4f887d9b4a4d6ab0193620 /net
parent	ec04f124952488330da2bfdc62a20115adea639b (diff)
download	ports-6bc3a87cc0634863e1fd3d155eb48a29cb9de3ed.tar.gz ports-6bc3a87cc0634863e1fd3d155eb48a29cb9de3ed.zip