diff options
author | adam <adam> | 2011-07-08 09:49:21 +0000 |
---|---|---|
committer | adam <adam> | 2011-07-08 09:49:21 +0000 |
commit | 7011f0b8466e7e6c15d8be0a131add505d692fd4 (patch) | |
tree | 66865d4510816225b81ba8f512465d3ccb66f5f9 /security/heimdal/patches | |
parent | 782a7c5e76e4329b241744f2afed62a0a145f944 (diff) | |
download | pkgsrc-7011f0b8466e7e6c15d8be0a131add505d692fd4.tar.gz |
Changes 1.4:
New features
* Support for reading MIT database file directly
* KCM is polished up and now used in production
* NTLM first class citizen, credentials stored in KCM
* Table driven ASN.1 compiler, smaller!, not enabled by default
* Native Windows client support
Notes
* Disabled write support NDBM hdb backend (read still in there) since
it can't handle large records, please migrate to a diffrent backend
(like BDB4)
Changes 1.3.3:
Bug fixes
* Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
* Check NULL pointers before dereference them [kdc]
Changes 1.3.2:
Bug fixes
* Don't mix length when clearing hmac (could memset too much)
* More paranoid underrun checking when decrypting packets
* Check the password change requests and refuse to answer empty packets
* Build on OpenSolaris
* Renumber AD-SIGNED-TICKET since it was stolen from US
* Don't cache /dev/*random file descriptor, it doesn't get unloaded
* Make C++ safe
* Misc warnings
Diffstat (limited to 'security/heimdal/patches')
-rw-r--r-- | security/heimdal/patches/patch-aa | 16 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ac | 14 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ad | 38 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ah | 14 | ||||
-rw-r--r-- | security/heimdal/patches/patch-al | 11 | ||||
-rw-r--r-- | security/heimdal/patches/patch-ar | 4 | ||||
-rw-r--r-- | security/heimdal/patches/patch-as | 25 | ||||
-rw-r--r-- | security/heimdal/patches/patch-at | 120 | ||||
-rw-r--r-- | security/heimdal/patches/patch-au | 14 | ||||
-rw-r--r-- | security/heimdal/patches/patch-lib_otp_Makefile.in | 23 |
10 files changed, 34 insertions, 245 deletions
diff --git a/security/heimdal/patches/patch-aa b/security/heimdal/patches/patch-aa deleted file mode 100644 index 00f54654ea3..00000000000 --- a/security/heimdal/patches/patch-aa +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-aa,v 1.5 2008/11/19 13:27:33 hasso Exp $ - ---- cf/install-catman.sh.orig 2008-05-15 12:20:05 +0300 -+++ cf/install-catman.sh 2008-05-15 12:21:08 +0300 -@@ -13,8 +13,9 @@ suffix="$1"; shift - catinstall="${INSTALL_CATPAGES-yes}" - - for f in "$@"; do -- base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'` -- section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'` -+ echo $f -+ base=`echo "$f" | sed 's/\([^/]*\/\)*\(.*\)\.\([^.]*\)$/\2/'` -+ section=`echo "$f" | sed 's/\([^/]*\/\)*\(.*\)\.\([^.]*\)$/\3/'` - mandir="$manbase/man$section" - catdir="$manbase/cat$section" - c="$base.cat$section" diff --git a/security/heimdal/patches/patch-ac b/security/heimdal/patches/patch-ac deleted file mode 100644 index 56468576e11..00000000000 --- a/security/heimdal/patches/patch-ac +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-ac,v 1.3 2008/02/28 08:14:41 jlam Exp $ - ---- configure.in.orig 2008-01-24 08:13:51.000000000 -0500 -+++ configure.in -@@ -16,9 +16,6 @@ AC_PROG_CPP - - AC_PREFIX_DEFAULT(/usr/heimdal) - --test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' --test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' -- - AC_CANONICAL_HOST - CANONICAL_HOST=$host - AC_SUBST(CANONICAL_HOST) diff --git a/security/heimdal/patches/patch-ad b/security/heimdal/patches/patch-ad index 9a5986b9d98..c94548a0db5 100644 --- a/security/heimdal/patches/patch-ad +++ b/security/heimdal/patches/patch-ad @@ -1,18 +1,8 @@ -$NetBSD: patch-ad,v 1.9 2008/02/28 08:14:41 jlam Exp $ +$NetBSD: patch-ad,v 1.10 2011/07/08 09:49:22 adam Exp $ ---- configure.orig 2008-01-24 08:14:11.000000000 -0500 +--- configure.orig 2010-09-13 07:24:11.000000000 +0000 +++ configure -@@ -3928,9 +3928,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - --test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' --test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' -- - # Make sure we can run config.sub. - $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 -@@ -4902,7 +4899,11 @@ fi #if test -n "$GCC"; then +@@ -11779,7 +11779,11 @@ fi #if test -n "$GCC"; then esac CC="$CC $abi" @@ -24,24 +14,4 @@ $NetBSD: patch-ad,v 1.9 2008/02/28 08:14:41 jlam Exp $ +#libdir="$libdir$abilibdirext" - { echo "$as_me:$LINENO: checking for __attribute__" >&5 -@@ -29714,6 +29715,9 @@ _ACEOF - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#ifdef HAVE_SYS_TYPES_H -+#include <sys/types.h> -+#endif - #ifdef HAVE_SYS_BSWAP_H - #include <sys/bswap.h> - #endif -@@ -29925,6 +29929,9 @@ _ACEOF - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#ifdef HAVE_SYS_TYPES_H -+#include <sys/types.h> -+#endif - #ifdef HAVE_SYS_BSWAP_H - #include <sys/bswap.h> - #endif + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__" >&5 diff --git a/security/heimdal/patches/patch-ah b/security/heimdal/patches/patch-ah deleted file mode 100644 index b8753a8e8fd..00000000000 --- a/security/heimdal/patches/patch-ah +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-ah,v 1.5 2010/11/30 07:12:49 obache Exp $ - ---- include/make_crypto.c.orig 2008-01-24 13:13:41.000000000 +0000 -+++ include/make_crypto.c -@@ -71,7 +71,9 @@ main(int argc, char **argv) - fputs("#include <openssl/des.h>\n", f); - fputs("#include <openssl/rc4.h>\n", f); - fputs("#include <openssl/rc2.h>\n", f); -+ fputs("#ifndef OPENSSL_NO_MD2\n", f); - fputs("#include <openssl/md2.h>\n", f); -+ fputs("#endif /* OPENSSL_NO_MD2 */\n", f); - fputs("#include <openssl/md4.h>\n", f); - fputs("#include <openssl/md5.h>\n", f); - fputs("#include <openssl/sha.h>\n", f); diff --git a/security/heimdal/patches/patch-al b/security/heimdal/patches/patch-al index 8a73a278690..90bbf0d5f23 100644 --- a/security/heimdal/patches/patch-al +++ b/security/heimdal/patches/patch-al @@ -1,12 +1,11 @@ -$NetBSD: patch-al,v 1.2 2008/02/28 08:14:41 jlam Exp $ +$NetBSD: patch-al,v 1.3 2011/07/08 09:49:22 adam Exp $ ---- lib/roken/Makefile.in.orig 2008-01-24 08:14:23.000000000 -0500 +--- lib/roken/Makefile.in.orig 2010-09-13 07:24:23.000000000 +0000 +++ lib/roken/Makefile.in -@@ -1421,6 +1421,9 @@ roken.h: make-roken$(EXEEXT) +@@ -1990,6 +1990,8 @@ $(LTLIBOBJS) $(libroken_la_OBJECTS): rok + @CROSS_COMPILE_TRUE@ -c $(top_builddir)/include/config.h \ + @CROSS_COMPILE_TRUE@ -p $(srcdir)/roken.h.in -o roken.h - make-roken.c: roken.h.in roken.awk - $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c -+ +print-xheaders: + @echo $(XHEADERS) # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/security/heimdal/patches/patch-ar b/security/heimdal/patches/patch-ar index 7bd16c282e7..22a22514305 100644 --- a/security/heimdal/patches/patch-ar +++ b/security/heimdal/patches/patch-ar @@ -1,11 +1,11 @@ -$NetBSD: patch-ar,v 1.2 2008/02/28 08:14:41 jlam Exp $ +$NetBSD: patch-ar,v 1.3 2011/07/08 09:49:22 adam Exp $ Why should anyone want to install the libtool wrapper for a library, but not the library itself? --- lib/auth/afskauthlib/Makefile.in.orig 2008-01-24 08:14:21.000000000 -0500 +++ lib/auth/afskauthlib/Makefile.in -@@ -317,7 +317,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk +@@ -361,7 +361,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la foodir = $(libdir) diff --git a/security/heimdal/patches/patch-as b/security/heimdal/patches/patch-as deleted file mode 100644 index 0f5c3a3ec67..00000000000 --- a/security/heimdal/patches/patch-as +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-as,v 1.1 2008/02/28 08:14:41 jlam Exp $ - ---- cf/roken-frag.m4.orig 2008-01-24 08:13:43.000000000 -0500 -+++ cf/roken-frag.m4 -@@ -243,12 +243,18 @@ AC_FOREACH([rk_func], [asprintf vasprint - rk_func)]) - - AC_FIND_FUNC_NO_LIBS(bswap16,, --[#ifdef HAVE_SYS_BSWAP_H -+[#ifdef HAVE_SYS_TYPES_H -+#include <sys/types.h> -+#endif -+#ifdef HAVE_SYS_BSWAP_H - #include <sys/bswap.h> - #endif],0) - - AC_FIND_FUNC_NO_LIBS(bswap32,, --[#ifdef HAVE_SYS_BSWAP_H -+[#ifdef HAVE_SYS_TYPES_H -+#include <sys/types.h> -+#endif -+#ifdef HAVE_SYS_BSWAP_H - #include <sys/bswap.h> - #endif],0) - diff --git a/security/heimdal/patches/patch-at b/security/heimdal/patches/patch-at deleted file mode 100644 index ccdc1de2ee3..00000000000 --- a/security/heimdal/patches/patch-at +++ /dev/null @@ -1,120 +0,0 @@ -$NetBSD: patch-at,v 1.1 2010/11/30 07:12:49 obache Exp $ - ---- lib/hx509/crypto.c.orig 2008-01-24 13:13:22.000000000 +0000 -+++ lib/hx509/crypto.c -@@ -841,6 +841,7 @@ md5_verify_signature(hx509_context conte - return 0; - } - -+#ifndef OPENSSL_NO_MD2 - static int - md2_verify_signature(hx509_context context, - const struct signature_alg *sig_alg, -@@ -870,6 +871,7 @@ md2_verify_signature(hx509_context conte - - return 0; - } -+#endif - - static const struct signature_alg heim_rsa_pkcs1_x509 = { - "rsa-pkcs1-x509", -@@ -926,6 +928,7 @@ static const struct signature_alg rsa_wi - rsa_create_signature - }; - -+#ifndef OPENSSL_NO_MD2 - static const struct signature_alg rsa_with_md2_alg = { - "rsa-with-md2", - oid_id_pkcs1_md2WithRSAEncryption, -@@ -936,6 +939,7 @@ static const struct signature_alg rsa_wi - rsa_verify_signature, - rsa_create_signature - }; -+#endif - - static const struct signature_alg dsa_sha1_alg = { - "dsa-with-sha1", -@@ -980,6 +984,7 @@ static const struct signature_alg md5_al - md5_verify_signature - }; - -+#ifndef OPENSSL_NO_MD2 - static const struct signature_alg md2_alg = { - "rsa-md2", - oid_id_rsa_digest_md2, -@@ -989,6 +994,7 @@ static const struct signature_alg md2_al - SIG_DIGEST, - md2_verify_signature - }; -+#endif - - /* - * Order matter in this structure, "best" first for each "key -@@ -1000,13 +1006,17 @@ static const struct signature_alg *sig_a - &rsa_with_sha1_alg, - &pkcs1_rsa_sha1_alg, - &rsa_with_md5_alg, -+#ifndef OPENSSL_NO_MD2 - &rsa_with_md2_alg, -+#endif - &heim_rsa_pkcs1_x509, - &dsa_sha1_alg, - &sha256_alg, - &sha1_alg, - &md5_alg, -+#ifndef OPENSSL_NO_MD2 - &md2_alg, -+#endif - NULL - }; - -@@ -1432,10 +1442,12 @@ const AlgorithmIdentifier _hx509_signatu - { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid) - }; - -+#ifndef OPENSSL_NO_MD2 - static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 }; - const AlgorithmIdentifier _hx509_signature_md2_data = { - { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid) - }; -+#endif - - static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 }; - const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { -@@ -1462,10 +1474,12 @@ const AlgorithmIdentifier _hx509_signatu - { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL - }; - -+#ifndef OPENSSL_NO_MD2 - static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 }; - const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { - { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL - }; -+#endif - - static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 }; - const AlgorithmIdentifier _hx509_signature_rsa_data = { -@@ -1512,9 +1526,11 @@ const AlgorithmIdentifier * - hx509_signature_md5(void) - { return &_hx509_signature_md5_data; } - -+#ifndef OPENSSL_NO_MD2 - const AlgorithmIdentifier * - hx509_signature_md2(void) - { return &_hx509_signature_md2_data; } -+#endif - - const AlgorithmIdentifier * - hx509_signature_rsa_with_sha512(void) -@@ -1536,9 +1552,11 @@ const AlgorithmIdentifier * - hx509_signature_rsa_with_md5(void) - { return &_hx509_signature_rsa_with_md5_data; } - -+#ifndef OPENSSL_NO_MD2 - const AlgorithmIdentifier * - hx509_signature_rsa_with_md2(void) - { return &_hx509_signature_rsa_with_md2_data; } -+#endif - - const AlgorithmIdentifier * - hx509_signature_rsa(void) diff --git a/security/heimdal/patches/patch-au b/security/heimdal/patches/patch-au deleted file mode 100644 index 7608841e1ee..00000000000 --- a/security/heimdal/patches/patch-au +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-au,v 1.1 2010/11/30 07:12:49 obache Exp $ - ---- lib/hx509/ks_p11.c.orig 2008-01-24 13:13:22.000000000 +0000 -+++ lib/hx509/ks_p11.c -@@ -1142,7 +1142,9 @@ p11_printinfo(hx509_context context, - MECHNAME(CKM_SHA256, "sha256"); - MECHNAME(CKM_SHA_1, "sha1"); - MECHNAME(CKM_MD5, "md5"); -+#ifndef OPENSSL_NO_MD2 - MECHNAME(CKM_MD2, "md2"); -+#endif - MECHNAME(CKM_RIPEMD160, "ripemd-160"); - MECHNAME(CKM_DES_ECB, "des-ecb"); - MECHNAME(CKM_DES_CBC, "des-cbc"); diff --git a/security/heimdal/patches/patch-lib_otp_Makefile.in b/security/heimdal/patches/patch-lib_otp_Makefile.in new file mode 100644 index 00000000000..4adbb09ebdb --- /dev/null +++ b/security/heimdal/patches/patch-lib_otp_Makefile.in @@ -0,0 +1,23 @@ +$NetBSD: patch-lib_otp_Makefile.in,v 1.1 2011/07/08 09:49:22 adam Exp $ + +Fix linking. + +--- lib/otp/Makefile.in.orig 2011-06-25 11:48:35.000000000 +0000 ++++ lib/otp/Makefile.in +@@ -47,7 +47,6 @@ DIST_COMMON = $(include_HEADERS) $(srcdi + $(top_srcdir)/cf/Makefile.am.common ChangeLog + noinst_PROGRAMS = otptest$(EXEEXT) + check_PROGRAMS = otptest$(EXEEXT) +-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map + subdir = lib/otp + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ +@@ -404,7 +403,7 @@ otptest_LDADD = libotp.la + include_HEADERS = otp.h + lib_LTLIBRARIES = libotp.la + libotp_la_LDFLAGS = -version-info 1:5:1 $(am__append_1) +-libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) ++libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) $(DBLIB) + @HAVE_DB3_FALSE@ndbm_wrap = + @HAVE_DB3_TRUE@ndbm_wrap = ndbm_wrap.c ndbm_wrap.h + dist_libotp_la_SOURCES = \ |