diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2019-01-08 20:29:34 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2019-01-08 20:29:34 +0000 |
| commit | 6c14398cf8c4bce048b1d95602d0360ae77c6823 (patch) | |
| tree | 16c2bc4e8e84a6093cd32389bf78cc6c8fba5ab0 /security/krb5-117 | |
| parent | 838d5d3a84a4c193426dabf37a3a1378ac1662cf (diff) | |
| download | ports-6c14398cf8c4bce048b1d95602d0360ae77c6823.tar.gz ports-6c14398cf8c4bce048b1d95602d0360ae77c6823.zip | |
Welcome the new KRB5 1.17 (krb5-117).
Major changes in 1.17 (2019-01-08)
==================================
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* "kdb5_util dump" will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Changes to the FreeBSD krb5* ports include:
* CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in
consideration.
* The default krb5 port is now krb5-117.
* MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set
to expire Jan 31, 2020.
Notes
Notes:
svn path=/head/; revision=489737
Diffstat (limited to 'security/krb5-117')
| -rw-r--r-- | security/krb5-117/Makefile | 151 | ||||
| -rw-r--r-- | security/krb5-117/distinfo | 3 | ||||
| -rw-r--r-- | security/krb5-117/files/kpropd.in | 28 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-clients__ksu__Makefile.in | 18 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-config__pre.in | 27 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-config__shlib.conf | 22 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-lib-krb5-os-localaddr.c | 75 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-lib__gssapi__krb5__import_name.c | 14 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c | 22 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h | 12 | ||||
| -rw-r--r-- | security/krb5-117/files/patch-util_et_Makefile.in | 17 | ||||
| -rw-r--r-- | security/krb5-117/pkg-descr | 24 | ||||
| -rw-r--r-- | security/krb5-117/pkg-plist | 176 |
13 files changed, 589 insertions, 0 deletions
diff --git a/security/krb5-117/Makefile b/security/krb5-117/Makefile new file mode 100644 index 000000000000..a59b557b298c --- /dev/null +++ b/security/krb5-117/Makefile @@ -0,0 +1,151 @@ +# Created by: nectar@FreeBSD.org +# $FreeBSD$ + +PORTNAME= krb5 +PORTVERSION= 1.17 +CATEGORIES= security +MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ +.if !defined(MASTERDIR) +PKGNAMESUFFIX= -117 +.endif + +PATCH_SITES= http://web.mit.edu/kerberos/advisories/ +PATCH_DIST_STRIP= -p2 + +MAINTAINER= cy@FreeBSD.org +COMMENT= MIT implementation of RFC 4120 network authentication service + +LICENSE= MIT + +CONFLICTS= heimdal-[0-9]* srp-[0-9]* krb5-11[3-6]-[0-9]* \ + krb5-1.[0-9]* krb5-devel-* +CONFLICTS_BUILD= boringssl-* + +KERBEROSV_URL= http://web.mit.edu/kerberos/ +USE_PERL5= build +USE_LDCONFIG= yes +USE_CSTD= gnu99 +GNU_CONFIGURE= yes +USES= cpe gmake localbase perl5 libtool:build \ + gssapi:bootstrap,mit pkgconfig:run ssl \ + gettext-runtime +CONFIGURE_ARGS?= --enable-shared --without-system-verto \ + --disable-rpath --localstatedir="${PREFIX}/var" \ + --runstatedir="${PREFIX}/var/run" +CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" +MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" + +CPE_VENDOR= mit +CPE_VERSION= 5-${PORTVERSION} +CPE_PRODUCT= kerberos + +OPTIONS_DEFINE= EXAMPLES NLS KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP +OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE +OPTIONS_RADIO= CMD_LINE_EDITING +OPTIONS_RADIO_CMD_LINE_EDITING= READLINE READLINE_PORT LIBEDIT +CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil +KRB5_PDF_DESC= Install krb5 PDF documentation +KRB5_HTML_DESC= Install krb5 HTML documentation +DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names +DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm +LDAP= Enable LDAP support +LDAP_USE= OPENLDAP=yes +LDAP_CONFIGURE_WITH= ldap +NLS_USES= gettext +READLINE_USES= readline +READLINE_PORT_DESC= Command line editing via devel/readline +READLINE_PORT_USES= readline:port +LIBEDIT_USES= libedit +LIBEDIT_CONFIGURE_WITH= libedit + +.if defined(KRB5_HOME) +PREFIX= ${KRB5_HOME} +.endif +CPPFLAGS+= -I${OPENSSLINC} +LDFLAGS+= -L${OPENSSLLIB} + +USE_RC_SUBR= kpropd +OPTIONS_SUB= yes +WRKSRC_SUBDIR= src +PORTEXAMPLES= kdc.conf krb5.conf services.append + +.include <bsd.port.options.mk> + +# Fix up -Wl,-rpath in LDFLAGS +.if !empty(KRB5_HOME) +_RPATH= ${KRB5_HOME}/lib: +.else +_RPATH= ${LOCALBASE}/lib: +.endif +.if !empty(LDFLAGS:M-Wl,-rpath,*) +.for F in ${LDFLAGS:M-Wl,-rpath,*} +LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ + ${LDFLAGS:N-Wl,-rpath,*} +.endfor +.endif + +.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} +BROKEN= LIB_DEPENDS when using KRB5_HOME is broken +.endif + +# OPTIONS helper causes conflicting with/without +.if ${PORT_OPTIONS:MREADLINE} || ${PORT_OPTIONS:MREADLINE_PORT} +CONFIGURE_ARGS+= --with-readline +.else +CONFIGURE_ARGS+= --without-readline +.endif + +.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" +CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" +.endif + +HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html +PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf + +.include <bsd.port.pre.mk> + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 +# html documentation +.if ${PORT_OPTIONS:MKRB5_PDF} + pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` + pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` + for i in $${pdf_dirs}; do \ + ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${pdf_files}; do \ + ${INSTALL_DATA} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` + html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` + for i in $${html_dirs}; do \ + ${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ + done; \ + for i in $${html_files}; do \ + ${INSTALL_DATA} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ + ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done +.endif +.if ${PORT_OPTIONS:MKRB5_PDF} + for i in $${pdf_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif +.if ${PORT_OPTIONS:MKRB5_HTML} + for i in $${html_dirs}; do \ + ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ + done | ${TAIL} -r >> ${TMPPLIST} +.endif + ${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST} + +post-install-LDAP-on: + ${MKDIR} ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \ + ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \ + ${STAGEDIR}${DATADIR} + +.include <bsd.port.post.mk> diff --git a/security/krb5-117/distinfo b/security/krb5-117/distinfo new file mode 100644 index 000000000000..c7255b7f5423 --- /dev/null +++ b/security/krb5-117/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1546977717 +SHA256 (krb5-1.17.tar.gz) = 5a6e2284a53de5702d3dc2be3b9339c963f9b5397d3fbbc53beb249380a781f5 +SIZE (krb5-1.17.tar.gz) = 8761763 diff --git a/security/krb5-117/files/kpropd.in b/security/krb5-117/files/kpropd.in new file mode 100644 index 000000000000..faa27dc7dbba --- /dev/null +++ b/security/krb5-117/files/kpropd.in @@ -0,0 +1,28 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-117/files/patch-clients__ksu__Makefile.in b/security/krb5-117/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..7ec54abdc076 --- /dev/null +++ b/security/krb5-117/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,18 @@ +--- clients/ksu/Makefile.in.orig 2014-01-15 16:44:15.000000000 -0800 ++++ clients/ksu/Makefile.in 2014-05-05 20:51:51.925985974 -0700 +@@ -1,6 +1,6 @@ + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/bin /bin /usr/sbin /sbin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,6 +30,6 @@ + + install:: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done diff --git a/security/krb5-117/files/patch-config__pre.in b/security/krb5-117/files/patch-config__pre.in new file mode 100644 index 000000000000..5f85e8f1db82 --- /dev/null +++ b/security/krb5-117/files/patch-config__pre.in @@ -0,0 +1,27 @@ +--- config/pre.in.orig 2018-05-03 07:34:47.000000000 -0700 ++++ config/pre.in 2018-07-01 20:36:56.770685000 -0700 +@@ -181,9 +181,9 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ +-INSTALL_SHLIB=@INSTALL_SHLIB@ ++INSTALL_SHLIB=$(INSTALL_LIB) + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. +@@ -200,10 +200,11 @@ + ADMIN_BINDIR = @sbindir@ + SERVER_BINDIR = @sbindir@ + CLIENT_BINDIR =@bindir@ +-PKGCONFIG_DIR = @libdir@/pkgconfig ++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig + ADMIN_MANDIR = $(KRB5MANROOT)/man8 + SERVER_MANDIR = $(KRB5MANROOT)/man8 + CLIENT_MANDIR = $(KRB5MANROOT)/man1 ++SUBR_MANDIR = $(KRB5MANROOT)/man3 + FILE_MANDIR = $(KRB5MANROOT)/man5 + ADMIN_CATDIR = $(KRB5MANROOT)/cat8 + SERVER_CATDIR = $(KRB5MANROOT)/cat8 diff --git a/security/krb5-117/files/patch-config__shlib.conf b/security/krb5-117/files/patch-config__shlib.conf new file mode 100644 index 000000000000..3697783e47be --- /dev/null +++ b/security/krb5-117/files/patch-config__shlib.conf @@ -0,0 +1,22 @@ +--- config/shlib.conf.orig 2015-05-08 16:27:02.000000000 -0700 ++++ config/shlib.conf 2015-10-20 21:54:39.834348929 -0700 +@@ -320,14 +320,15 @@ + PICFLAGS=-fpic + ;; + esac +- SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' ++ SHLIBSEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5-117/files/patch-lib-krb5-os-localaddr.c b/security/krb5-117/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..06b6043f22c9 --- /dev/null +++ b/security/krb5-117/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -191,6 +192,7 @@ + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include <ifaddrs.h> +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-117/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-117/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..40f116af2196 --- /dev/null +++ b/security/krb5-117/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 ++++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 +@@ -33,6 +33,11 @@ + #endif + #endif + ++#include <sys/param.h> ++#if __FreeBSD_version < 500100 ++#include <stdio.h> ++#endif ++ + #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c new file mode 100644 index 000000000000..55afe0268087 --- /dev/null +++ b/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -0,0 +1,22 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2018-05-03 07:34:47.000000000 -0700 ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2018-06-12 18:38:30.978823000 -0700 +@@ -188,7 +188,8 @@ + (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ ++ defined(LIBRESSL_VERSION_NUMBER) + + /* 1.1 standardizes constructor and destructor names, renaming + * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ +@@ -3040,7 +3041,8 @@ + return retval; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) + + /* + * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would diff --git a/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h b/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h new file mode 100644 index 000000000000..e364ee63217a --- /dev/null +++ b/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h @@ -0,0 +1,12 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2018-05-03 07:34:47.000000000 -0700 ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.h 2018-06-12 18:35:23.603366000 -0700 +@@ -46,7 +46,8 @@ + #include <openssl/asn1.h> + #include <openssl/pem.h> + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ ++ !defined(LIBRESSL_VERSION_NUMBER) + #include <openssl/asn1t.h> + #else + #include <openssl/asn1_mac.h> diff --git a/security/krb5-117/files/patch-util_et_Makefile.in b/security/krb5-117/files/patch-util_et_Makefile.in new file mode 100644 index 000000000000..d8c01663506b --- /dev/null +++ b/security/krb5-117/files/patch-util_et_Makefile.in @@ -0,0 +1,17 @@ +--- util/et/Makefile.in.orig 2018-05-03 07:34:47.000000000 -0700 ++++ util/et/Makefile.in 2018-07-01 20:16:24.159117000 -0700 +@@ -111,12 +111,13 @@ + path + $(OUTPRE)test_et$(EXEEXT) + +-install-unix: compile_et compile_et.1 ++install-unix: compile_et compile_et.1 com_err.3 + $(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et + test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir) + $(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir) + $(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir) + $(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1 ++ $(INSTALL_DATA) $(srcdir)/com_err.3 $(DESTDIR)$(SUBR_MANDIR)/com_err.3 + + + install-headers: compile_et diff --git a/security/krb5-117/pkg-descr b/security/krb5-117/pkg-descr new file mode 100644 index 000000000000..5940aeab0176 --- /dev/null +++ b/security/krb5-117/pkg-descr @@ -0,0 +1,24 @@ +Kerberos V5 is an authentication system developed at MIT. +WWW: http://web.mit.edu/kerberos/ + +Abridged from the User Guide: + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the + client. The client then attempts to decrypt the TGT, using + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, + which give permission for specific services. + Since Kerberos negotiates authenticated, and optionally encrypted, + communications between two points anywhere on the internet, it + provides a layer of security that is not dependent on which side of a + firewall either client is on. + The Kerberos V5 package is designed to be easy to use. Most of the + commands are nearly identical to UNIX network programs you are already + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. + +Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-117/pkg-plist b/security/krb5-117/pkg-plist new file mode 100644 index 000000000000..3708791001be --- /dev/null +++ b/security/krb5-117/pkg-plist @@ -0,0 +1,176 @@ +bin/compile_et +bin/gss-client +bin/k5srvutil +bin/kadmin +bin/kdestroy +bin/kinit +bin/klist +bin/kpasswd +bin/krb5-config +@mode 04755 +@owner root +@group wheel +bin/ksu +@mode +@owner root +@group wheel +bin/kswitch +bin/ktutil +bin/kvno +bin/sclient +bin/sim_client +bin/uuclient +include/com_err.h +include/gssapi.h +include/gssapi/gssapi.h +include/gssapi/gssapi_ext.h +include/gssapi/gssapi_generic.h +include/gssapi/gssapi_krb5.h +include/gssapi/mechglue.h +include/gssrpc/auth.h +include/gssrpc/auth_gss.h +include/gssrpc/auth_gssapi.h +include/gssrpc/auth_unix.h +include/gssrpc/clnt.h +include/gssrpc/netdb.h +include/gssrpc/pmap_clnt.h +include/gssrpc/pmap_prot.h +include/gssrpc/pmap_rmt.h +include/gssrpc/rename.h +include/gssrpc/rpc.h +include/gssrpc/rpc_msg.h +include/gssrpc/svc.h +include/gssrpc/svc_auth.h +include/gssrpc/types.h +include/gssrpc/xdr.h +include/krad.h +include/krb5.h +include/krb5/ccselect_plugin.h +include/krb5/clpreauth_plugin.h +include/krb5/hostrealm_plugin.h +include/krb5/kadm5_hook_plugin.h +include/krb5/kdcpolicy_plugin.h +include/krb5/kdcpreauth_plugin.h +include/krb5/localauth_plugin.h +include/krb5/krb5.h +include/krb5/locate_plugin.h +include/krb5/plugin.h +include/krb5/pwqual_plugin.h +include/kadm5/admin.h +include/kadm5/chpass_util_strings.h +include/krb5/kadm5_auth_plugin.h +include/kadm5/kadm_err.h +include/kdb.h +include/krb5/certauth_plugin.h +include/krb5/preauth_plugin.h +include/profile.h +include/verto-module.h +include/verto.h +lib/libcom_err.so +lib/libcom_err.so.3 +lib/libcom_err.so.3.0 +lib/libgssapi_krb5.so +lib/libgssapi_krb5.so.2 +lib/libgssapi_krb5.so.2.2 +lib/libgssrpc.so +lib/libgssrpc.so.4 +lib/libgssrpc.so.4.2 +lib/libk5crypto.so +lib/libk5crypto.so.3 +lib/libk5crypto.so.3.1 +lib/libkadm5clnt.so +lib/libkadm5clnt_mit.so +lib/libkadm5clnt_mit.so.11 +lib/libkadm5clnt_mit.so.11.0 +lib/libkadm5srv.so +lib/libkadm5srv_mit.so +lib/libkadm5srv_mit.so.11 +lib/libkadm5srv_mit.so.11.0 +lib/libkdb5.so +lib/libkdb5.so.9 +lib/libkdb5.so.9.0 +lib/libkrb5.so +lib/libkrb5.so.3 +lib/libkrb5.so.3.3 +lib/libkrb5support.so +lib/libkrb5support.so.0 +lib/libkrb5support.so.0.1 +lib/krb5/plugins/kdb/db2.so +lib/krb5/plugins/kdb/klmdb.so +lib/krb5/plugins/tls/k5tls.so +%%LDAP%%lib/krb5/plugins/kdb/kldap.so +lib/krb5/plugins/preauth/otp.so +lib/krb5/plugins/preauth/pkinit.so +lib/krb5/plugins/preauth/spake.so +lib/krb5/plugins/preauth/test.so +%%LDAP%%lib/libkdb_ldap.so +%%LDAP%%lib/libkdb_ldap.so.1 +%%LDAP%%lib/libkdb_ldap.so.1.0 +lib/libkrad.so +lib/libkrad.so.0 +lib/libkrad.so.0.0 +lib/libverto.so +lib/libverto.so.0 +lib/libverto.so.0.0 +libdata/pkgconfig/gssrpc.pc +libdata/pkgconfig/kadm-client.pc +libdata/pkgconfig/kadm-server.pc +libdata/pkgconfig/kdb.pc +libdata/pkgconfig/krb5-gssapi.pc +libdata/pkgconfig/krb5.pc +libdata/pkgconfig/mit-krb5-gssapi.pc +libdata/pkgconfig/mit-krb5.pc +man/man1/compile_et.1.gz +man/man1/k5srvutil.1.gz +man/man1/kadmin.1.gz +man/man1/kdestroy.1.gz +man/man1/kinit.1.gz +man/man1/klist.1.gz +man/man1/kpasswd.1.gz +man/man1/krb5-config.1.gz +man/man1/ksu.1.gz +man/man1/kswitch.1.gz +man/man1/ktutil.1.gz +man/man1/kvno.1.gz +man/man1/sclient.1.gz +man/man3/com_err.3.gz +man/man5/.k5identity.5.gz +man/man5/.k5login.5.gz +man/man5/k5identity.5.gz +man/man5/k5login.5.gz +man/man5/kadm5.acl.5.gz +man/man5/kdc.conf.5.gz +man/man5/krb5.conf.5.gz +man/man7/kerberos.7.gz +man/man8/kadmin.local.8.gz +man/man8/kadmind.8.gz +man/man8/kdb5_ldap_util.8.gz +man/man8/kdb5_util.8.gz +man/man8/kprop.8.gz +man/man8/kpropd.8.gz +man/man8/kproplog.8.gz +man/man8/krb5kdc.8.gz +man/man8/sserver.8.gz +sbin/gss-server +sbin/kadmin.local +sbin/kadmind +%%LDAP%%sbin/kdb5_ldap_util +sbin/kdb5_util +sbin/kprop +sbin/kpropd +sbin/kproplog +sbin/krb5-send-pr +sbin/krb5kdc +sbin/sim_server +sbin/sserver +sbin/uuserver +share/et/et_c.awk +share/et/et_h.awk +%%NLS%%share/locale/de/LC_MESSAGES/mit-krb5.mo +%%NLS%%share/locale/en_US/LC_MESSAGES/mit-krb5.mo +%%LDAP%%%%DATADIR%%/kerberos.schema +%%LDAP%%%%DATADIR%%/kerberos.ldif +@dir lib/krb5/plugins/authdata +@dir lib/krb5/plugins/libkrb5 +@dir var/run/krb5kdc +@dir var/krb5kdc |