From 2cf9350a4efdb46b41d8c5899ad6e871ce10b07f Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Thu, 9 Nov 2000 23:35:03 +0000 Subject: = Use system libcom_err. No longer build or install the included libcom_err and compile_et. = ftpd now uses IP_PORTRANGE* in the same fashion as the system ftpd. By default, ftpd will now use high port numbers for serving clients in passive mode. = Fix segmentation fault in kadmin. A null pointer dereference that was only tickled when using kadmin with a kdc that uses LDAP as the backend. = Fix a search filter in hdb-ldap.c. A lookup was failing to fetch operational attributes such as modifiersName. = Bump PORTREVISION for above changes. --- security/heimdal/Makefile | 9 ++++++++- security/heimdal/files/patch-cj | 36 ++++++++++++++++++++++++++++++++++++ security/heimdal/files/patch-ck | 25 +++++++++++++++++++++++++ security/heimdal/files/patch-cl | 34 ++++++++++++++++++++++++++++++++++ security/heimdal/files/patch-cm | 12 ++++++++++++ security/heimdal/files/patch-cn | 20 ++++++++++++++++++++ security/heimdal/files/patch-co | 11 +++++++++++ security/heimdal/files/patch-cp | 24 ++++++++++++++++++++++++ security/heimdal/files/patch-cq | 14 ++++++++++++++ security/heimdal/files/patch-cr | 13 +++++++++++++ security/heimdal/pkg-plist | 5 ----- 11 files changed, 197 insertions(+), 6 deletions(-) create mode 100644 security/heimdal/files/patch-cj create mode 100644 security/heimdal/files/patch-ck create mode 100644 security/heimdal/files/patch-cl create mode 100644 security/heimdal/files/patch-cm create mode 100644 security/heimdal/files/patch-cn create mode 100644 security/heimdal/files/patch-co create mode 100644 security/heimdal/files/patch-cp create mode 100644 security/heimdal/files/patch-cq create mode 100644 security/heimdal/files/patch-cr (limited to 'security/heimdal') diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 8fbe67c212db..d1ec0b74eac5 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -7,7 +7,7 @@ PORTNAME= heimdal PORTVERSION= 0.3c -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.replay.com/pub/replay/crypto/APPS/kerberos/heimdal/ \ @@ -38,6 +38,7 @@ MAN8= ftpd.8 hprop.8 hpropd.8 kadmind.8 kdc.8 kfd.8 kpasswdd.8 \ #USE_LIBTOOL= yes GNU_CONFIGURE= yes +CONFIGURE_TARGET= --build=${MACHINE_ARCH}--freebsd${OSREL} INSTALLS_SHLIB= yes CONFIGURE_ARGS= --prefix=${PREFIX} --enable-shared .if defined(WITH_LDAP) @@ -69,6 +70,12 @@ CONFIGURE_ARGS+= --without-krb4 PLIST:= ${WRKDIR}/PLIST +pre-configure: + @(set -e; \ + cd ${CONFIGURE_WRKSRC}; \ + find . -type f -name 'Makefile.in' -print | xargs perl -i -pe \ + 's,\$$\(top_builddir\)/lib/com_err/compile_et,compile_et,';) + pre-install: @${CP} ${PKGDIR}/pkg-plist ${PLIST} .if exists(/usr/lib/libkrb.a) && !defined(WITHOUT_KRB4) diff --git a/security/heimdal/files/patch-cj b/security/heimdal/files/patch-cj new file mode 100644 index 000000000000..1fe503ab37f4 --- /dev/null +++ b/security/heimdal/files/patch-cj @@ -0,0 +1,36 @@ +--- appl/ftp/ftpd/ftpd.c.orig Thu Aug 31 01:08:49 2000 ++++ appl/ftp/ftpd/ftpd.c Fri Nov 3 12:01:17 2000 +@@ -68,6 +68,7 @@ + int debug = 0; + int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */ + int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ ++int restricted_data_ports = 1; + int logging; + int guest; + int dochroot; +@@ -215,6 +216,7 @@ + { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" }, + { NULL, 'T', arg_integer, &maxtimeout, "max timeout" }, + { NULL, 'u', arg_string, &umask_string, "umask for user logins" }, ++ { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" }, + { NULL, 'd', arg_flag, &debug, "enable debugging" }, + { NULL, 'v', arg_flag, &debug, "enable debugging" }, + { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, +@@ -1942,6 +1944,8 @@ + socket_set_address_and_port (pasv_addr, + socket_get_address (ctrl_addr), + 0); ++ socket_set_portrange(pdata, restricted_data_ports, ++ pasv_addr->sa_family); + seteuid(0); + if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { + seteuid(pw->pw_uid); +@@ -1984,6 +1988,8 @@ + socket_set_address_and_port (pasv_addr, + socket_get_address (ctrl_addr), + 0); ++ socket_set_portrange(pdata, restricted_data_ports, ++ pasv_addr->sa_family); + seteuid(0); + if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { + seteuid(pw->pw_uid); diff --git a/security/heimdal/files/patch-ck b/security/heimdal/files/patch-ck new file mode 100644 index 000000000000..87afecea5c03 --- /dev/null +++ b/security/heimdal/files/patch-ck @@ -0,0 +1,25 @@ +--- appl/ftp/ftpd/ftpd.8.orig Tue Feb 16 14:14:08 1999 ++++ appl/ftp/ftpd/ftpd.8 Fri Nov 3 12:07:47 2000 +@@ -43,7 +43,7 @@ + .Sh SYNOPSIS + .Nm ftpd + .Op Fl a Ar authmode +-.Op Fl dilv ++.Op Fl dilvU + .Op Fl g Ar umask + .Op Fl p Ar port + .Op Fl T Ar maxtimeout +@@ -127,6 +127,13 @@ + seconds (the default is 15 minutes). + .It Fl u + Set the initial umask to something else than the default 027. ++.It Fl U ++In previous versions of ++.Nm ftpd , ++when a passive mode client requested a data connection to the server, the ++server would use data ports in the range 1024..4999. Now, by default, the ++server will use data ports in the range 49152..65535. Specifying this option ++will revert to the old behavior. + .It Fl v + Verbose mode. + .El diff --git a/security/heimdal/files/patch-cl b/security/heimdal/files/patch-cl new file mode 100644 index 000000000000..87e7d1b21bfe --- /dev/null +++ b/security/heimdal/files/patch-cl @@ -0,0 +1,34 @@ +--- lib/roken/socket.c.orig Wed Jul 26 23:41:06 2000 ++++ lib/roken/socket.c Fri Nov 3 11:56:34 2000 +@@ -222,6 +222,31 @@ + } + + /* ++ * Set the range of ports to use when binding with port = 0. ++ */ ++void ++socket_set_portrange (int sock, int restrict, int af) ++{ ++#if defined(IP_PORTRANGE) ++ if (af == AF_INET) { ++ int on = restrict ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT; ++ if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, ++ sizeof(on)) < 0) ++ warn ("setsockopt IP_PORTRANGE (ignored)"); ++ } ++#endif ++#if defined(IPV6_PORTRANGE) ++ if (af == AF_INET6) { ++ int on = restrict ? IPV6_PORTRANGE_HIGH : ++ IPV6_PORTRANGE_DEFAULT; ++ if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, ++ sizeof(on)) < 0) ++ warn ("setsockopt IPV6_PORTRANGE (ignored)"); ++ } ++#endif ++} ++ ++/* + * Enable debug on `sock'. + */ + diff --git a/security/heimdal/files/patch-cm b/security/heimdal/files/patch-cm new file mode 100644 index 000000000000..dc0a4bc28ef3 --- /dev/null +++ b/security/heimdal/files/patch-cm @@ -0,0 +1,12 @@ +--- lib/roken/roken-common.h.orig Fri Nov 3 11:31:42 2000 ++++ lib/roken/roken-common.h Fri Nov 3 11:57:01 2000 +@@ -276,6 +276,9 @@ + socket_set_port (struct sockaddr *sa, int port); + + void ++socket_set_portrange (int sock, int restrict, int af); ++ ++void + socket_set_debug (int sock); + + void diff --git a/security/heimdal/files/patch-cn b/security/heimdal/files/patch-cn new file mode 100644 index 000000000000..7db2073a2bc1 --- /dev/null +++ b/security/heimdal/files/patch-cn @@ -0,0 +1,20 @@ +--- lib/Makefile.in.orig Wed Nov 8 10:21:25 2000 ++++ lib/Makefile.in Wed Nov 8 10:21:34 2000 +@@ -194,7 +194,7 @@ + @OTP_TRUE@dir_otp = @OTP_TRUE@otp + @DCE_TRUE@dir_dce = @DCE_TRUE@kdfs + +-SUBDIRS = @DIR_roken@ vers editline com_err sl asn1 des krb5 \ ++SUBDIRS = @DIR_roken@ vers editline sl asn1 des krb5 \ + kafs hdb kadm5 gssapi auth $(dir_45) $(dir_otp) $(dir_dce) + + subdir = lib +@@ -214,7 +214,7 @@ + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + + GZIP_ENV = --best +-DIST_SUBDIRS = @DIR_roken@ vers editline com_err sl asn1 des krb5 kafs \ ++DIST_SUBDIRS = @DIR_roken@ vers editline sl asn1 des krb5 kafs \ + hdb kadm5 gssapi auth 45 otp kdfs + all: all-redirect + .SUFFIXES: diff --git a/security/heimdal/files/patch-co b/security/heimdal/files/patch-co new file mode 100644 index 000000000000..4395d43ec21e --- /dev/null +++ b/security/heimdal/files/patch-co @@ -0,0 +1,11 @@ +--- include/Makefile.in.orig Wed Nov 8 10:21:59 2000 ++++ include/Makefile.in Wed Nov 8 10:22:07 2000 +@@ -199,8 +199,6 @@ + asn1.h \ + asn1_err.h \ + base64.h \ +- com_err.h \ +- com_right.h \ + der.h \ + des.h \ + editline.h \ diff --git a/security/heimdal/files/patch-cp b/security/heimdal/files/patch-cp new file mode 100644 index 000000000000..7c064faa7066 --- /dev/null +++ b/security/heimdal/files/patch-cp @@ -0,0 +1,24 @@ +--- lib/asn1/Makefile.in.orig Wed Nov 8 10:31:04 2000 ++++ lib/asn1/Makefile.in Wed Nov 8 10:31:52 2000 +@@ -279,7 +279,6 @@ + + check_der_LDADD = \ + libasn1.la \ +- ../com_err/libcom_err.la \ + $(LIB_roken) + + +@@ -339,11 +338,11 @@ + asn1_compile_LDFLAGS = + asn1_print_SOURCES = asn1_print.c + asn1_print_OBJECTS = asn1_print.$(OBJEXT) +-asn1_print_DEPENDENCIES = libasn1.la ../com_err/libcom_err.la ++asn1_print_DEPENDENCIES = libasn1.la + asn1_print_LDFLAGS = + check_der_SOURCES = check-der.c + check_der_OBJECTS = check-der.$(OBJEXT) +-check_der_DEPENDENCIES = libasn1.la ../com_err/libcom_err.la ++check_der_DEPENDENCIES = libasn1.la + check_der_LDFLAGS = + COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) + LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) diff --git a/security/heimdal/files/patch-cq b/security/heimdal/files/patch-cq new file mode 100644 index 000000000000..4c27bdc13cb3 --- /dev/null +++ b/security/heimdal/files/patch-cq @@ -0,0 +1,14 @@ +--- kadmin/get.c.orig Wed Nov 8 12:28:57 2000 ++++ kadmin/get.c Wed Nov 8 12:44:44 2000 +@@ -150,7 +150,10 @@ + printf("%24s: %d\n", "Failed login count", princ->fail_auth_count); + time_t2str(princ->mod_date, buf, sizeof(buf), 1); + printf("%24s: %s\n", "Last modified", buf); +- krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf)); ++ if (princ->mod_name) ++ krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf)); ++ else ++ strcpy(buf, ""); + printf("%24s: %s\n", "Modifier", buf); + attributes2str (princ->attributes, buf, sizeof(buf)); + printf("%24s: %s\n", "Attributes", buf); diff --git a/security/heimdal/files/patch-cr b/security/heimdal/files/patch-cr new file mode 100644 index 000000000000..4568237f3a60 --- /dev/null +++ b/security/heimdal/files/patch-cr @@ -0,0 +1,13 @@ +--- lib/hdb/hdb-ldap.c.orig Wed Nov 8 14:42:11 2000 ++++ lib/hdb/hdb-ldap.c Wed Nov 8 15:39:50 2000 +@@ -583,8 +583,8 @@ + rc = 1; + (void) ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (void *) &rc); + +- rc = ldap_search_s((LDAP *) db->db, db->name, +- LDAP_SCOPE_ONELEVEL, filter, NULL, 0, msg); ++ rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter, ++ krb5kdcentry_attrs, 0, msg); + if (rc != LDAP_SUCCESS) { + ret = HDB_ERR_NOENTRY; + goto out; diff --git a/security/heimdal/pkg-plist b/security/heimdal/pkg-plist index d91b4e771406..40061ff31877 100644 --- a/security/heimdal/pkg-plist +++ b/security/heimdal/pkg-plist @@ -21,8 +21,6 @@ bin/verify_krb5_conf include/asn1.h include/asn1_err.h include/base64.h -include/com_err.h -include/com_right.h include/der.h include/des.h include/editline.h @@ -66,9 +64,6 @@ info/heimdal.info lib/libasn1.a lib/libasn1.so lib/libasn1.so.3 -lib/libcom_err.a -lib/libcom_err.so -lib/libcom_err.so.1 lib/libdes.a lib/libdes.so lib/libdes.so.2 -- cgit v1.2.3