Changes 1.4:

New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings
author: adam <adam> 2011-07-08 09:49:21 +0000
committer: adam <adam> 2011-07-08 09:49:21 +0000
commit: 7011f0b8466e7e6c15d8be0a131add505d692fd4 (patch)
tree: 66865d4510816225b81ba8f512465d3ccb66f5f9 /security/heimdal/patches
parent: 782a7c5e76e4329b241744f2afed62a0a145f944 (diff)
download: pkgsrc-7011f0b8466e7e6c15d8be0a131add505d692fd4.tar.gz
10 files changed, 34 insertions, 245 deletions
diff --git a/security/heimdal/patches/patch-aa b/security/heimdal/patches/patch-aa
deleted file mode 100644
index 00f54654ea3..00000000000
--- a/security/heimdal/patches/patch-aa
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-aa,v 1.5 2008/11/19 13:27:33 hasso Exp $
-
---- cf/install-catman.sh.orig	2008-05-15 12:20:05 +0300
-+++ cf/install-catman.sh	2008-05-15 12:21:08 +0300
-@@ -13,8 +13,9 @@ suffix="$1"; shift
- catinstall="${INSTALL_CATPAGES-yes}"
- 
- for f in "$@"; do
--	base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
--	section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'`
-+	echo $f
-+	base=`echo "$f" | sed 's/\([^/]*\/\)*\(.*\)\.\([^.]*\)$/\2/'`
-+	section=`echo "$f" | sed 's/\([^/]*\/\)*\(.*\)\.\([^.]*\)$/\3/'`
- 	mandir="$manbase/man$section"
- 	catdir="$manbase/cat$section"
- 	c="$base.cat$section"
diff --git a/security/heimdal/patches/patch-ac b/security/heimdal/patches/patch-ac
deleted file mode 100644
index 56468576e11..00000000000
--- a/security/heimdal/patches/patch-ac
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-ac,v 1.3 2008/02/28 08:14:41 jlam Exp $
-
---- configure.in.orig	2008-01-24 08:13:51.000000000 -0500
-+++ configure.in
-@@ -16,9 +16,6 @@ AC_PROG_CPP
- 
- AC_PREFIX_DEFAULT(/usr/heimdal)
- 
--test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
--test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
--
- AC_CANONICAL_HOST
- CANONICAL_HOST=$host
- AC_SUBST(CANONICAL_HOST)
diff --git a/security/heimdal/patches/patch-ad b/security/heimdal/patches/patch-ad
index 9a5986b9d98..c94548a0db5 100644
--- a/security/heimdal/patches/patch-ad
+++ b/security/heimdal/patches/patch-ad
@@ -1,18 +1,8 @@
-$NetBSD: patch-ad,v 1.9 2008/02/28 08:14:41 jlam Exp $
+$NetBSD: patch-ad,v 1.10 2011/07/08 09:49:22 adam Exp $
 
---- configure.orig	2008-01-24 08:14:11.000000000 -0500
+--- configure.orig	2010-09-13 07:24:11.000000000 +0000
 +++ configure
-@@ -3928,9 +3928,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
- 
- 
- 
--test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
--test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
--
- # Make sure we can run config.sub.
- $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
-   { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
-@@ -4902,7 +4899,11 @@ fi #if test -n "$GCC"; then
+@@ -11779,7 +11779,11 @@ fi #if test -n "$GCC"; then
  esac
  
  CC="$CC $abi"
@@ -24,24 +14,4 @@ $NetBSD: patch-ad,v 1.9 2008/02/28 08:14:41 jlam Exp $
 +#libdir="$libdir$abilibdirext"
  
  
- { echo "$as_me:$LINENO: checking for __attribute__" >&5
-@@ -29714,6 +29715,9 @@ _ACEOF
- cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
-+#ifdef HAVE_SYS_TYPES_H
-+#include <sys/types.h>
-+#endif
- #ifdef HAVE_SYS_BSWAP_H
- #include <sys/bswap.h>
- #endif
-@@ -29925,6 +29929,9 @@ _ACEOF
- cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
-+#ifdef HAVE_SYS_TYPES_H
-+#include <sys/types.h>
-+#endif
- #ifdef HAVE_SYS_BSWAP_H
- #include <sys/bswap.h>
- #endif
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__" >&5
diff --git a/security/heimdal/patches/patch-ah b/security/heimdal/patches/patch-ah
deleted file mode 100644
index b8753a8e8fd..00000000000
--- a/security/heimdal/patches/patch-ah
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-ah,v 1.5 2010/11/30 07:12:49 obache Exp $
-
---- include/make_crypto.c.orig	2008-01-24 13:13:41.000000000 +0000
-+++ include/make_crypto.c
-@@ -71,7 +71,9 @@ main(int argc, char **argv)
-     fputs("#include <openssl/des.h>\n", f);
-     fputs("#include <openssl/rc4.h>\n", f);
-     fputs("#include <openssl/rc2.h>\n", f);
-+    fputs("#ifndef OPENSSL_NO_MD2\n", f);
-     fputs("#include <openssl/md2.h>\n", f);
-+    fputs("#endif /* OPENSSL_NO_MD2 */\n", f);
-     fputs("#include <openssl/md4.h>\n", f);
-     fputs("#include <openssl/md5.h>\n", f);
-     fputs("#include <openssl/sha.h>\n", f);
diff --git a/security/heimdal/patches/patch-al b/security/heimdal/patches/patch-al
index 8a73a278690..90bbf0d5f23 100644
--- a/security/heimdal/patches/patch-al
+++ b/security/heimdal/patches/patch-al
@@ -1,12 +1,11 @@
-$NetBSD: patch-al,v 1.2 2008/02/28 08:14:41 jlam Exp $
+$NetBSD: patch-al,v 1.3 2011/07/08 09:49:22 adam Exp $
 
---- lib/roken/Makefile.in.orig	2008-01-24 08:14:23.000000000 -0500
+--- lib/roken/Makefile.in.orig	2010-09-13 07:24:23.000000000 +0000
 +++ lib/roken/Makefile.in
-@@ -1421,6 +1421,9 @@ roken.h: make-roken$(EXEEXT)
+@@ -1990,6 +1990,8 @@ $(LTLIBOBJS) $(libroken_la_OBJECTS): rok
+ @CROSS_COMPILE_TRUE@	-c $(top_builddir)/include/config.h  \
+ @CROSS_COMPILE_TRUE@	-p $(srcdir)/roken.h.in -o roken.h
  
- make-roken.c: roken.h.in roken.awk
- 	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-+
 +print-xheaders:
 +	@echo $(XHEADERS)
  # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/security/heimdal/patches/patch-ar b/security/heimdal/patches/patch-ar
index 7bd16c282e7..22a22514305 100644
--- a/security/heimdal/patches/patch-ar
+++ b/security/heimdal/patches/patch-ar
@@ -1,11 +1,11 @@
-$NetBSD: patch-ar,v 1.2 2008/02/28 08:14:41 jlam Exp $
+$NetBSD: patch-ar,v 1.3 2011/07/08 09:49:22 adam Exp $
 
 Why should anyone want to install the libtool wrapper for a library, but
 not the library itself?
 
 --- lib/auth/afskauthlib/Makefile.in.orig	2008-01-24 08:14:21.000000000 -0500
 +++ lib/auth/afskauthlib/Makefile.in
-@@ -317,7 +317,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk
+@@ -361,7 +361,7 @@ LIB_kafs = $(top_builddir)/lib/kafs/libk
  @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
  @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
  foodir = $(libdir)
diff --git a/security/heimdal/patches/patch-as b/security/heimdal/patches/patch-as
deleted file mode 100644
index 0f5c3a3ec67..00000000000
--- a/security/heimdal/patches/patch-as
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-as,v 1.1 2008/02/28 08:14:41 jlam Exp $
-
---- cf/roken-frag.m4.orig	2008-01-24 08:13:43.000000000 -0500
-+++ cf/roken-frag.m4
-@@ -243,12 +243,18 @@ AC_FOREACH([rk_func], [asprintf vasprint
- 	rk_func)])
- 
- AC_FIND_FUNC_NO_LIBS(bswap16,,
--[#ifdef HAVE_SYS_BSWAP_H
-+[#ifdef HAVE_SYS_TYPES_H
-+#include <sys/types.h>
-+#endif
-+#ifdef HAVE_SYS_BSWAP_H
- #include <sys/bswap.h>
- #endif],0)
- 
- AC_FIND_FUNC_NO_LIBS(bswap32,,
--[#ifdef HAVE_SYS_BSWAP_H
-+[#ifdef HAVE_SYS_TYPES_H
-+#include <sys/types.h>
-+#endif
-+#ifdef HAVE_SYS_BSWAP_H
- #include <sys/bswap.h>
- #endif],0)
- 
diff --git a/security/heimdal/patches/patch-at b/security/heimdal/patches/patch-at
deleted file mode 100644
index ccdc1de2ee3..00000000000
--- a/security/heimdal/patches/patch-at
+++ /dev/null
@@ -1,120 +0,0 @@
-$NetBSD: patch-at,v 1.1 2010/11/30 07:12:49 obache Exp $
-
---- lib/hx509/crypto.c.orig	2008-01-24 13:13:22.000000000 +0000
-+++ lib/hx509/crypto.c
-@@ -841,6 +841,7 @@ md5_verify_signature(hx509_context conte
-     return 0;
- }
- 
-+#ifndef OPENSSL_NO_MD2
- static int
- md2_verify_signature(hx509_context context,
- 		     const struct signature_alg *sig_alg,
-@@ -870,6 +871,7 @@ md2_verify_signature(hx509_context conte
- 
-     return 0;
- }
-+#endif
- 
- static const struct signature_alg heim_rsa_pkcs1_x509 = {
-     "rsa-pkcs1-x509",
-@@ -926,6 +928,7 @@ static const struct signature_alg rsa_wi
-     rsa_create_signature
- };
- 
-+#ifndef OPENSSL_NO_MD2
- static const struct signature_alg rsa_with_md2_alg = {
-     "rsa-with-md2",
-     oid_id_pkcs1_md2WithRSAEncryption,
-@@ -936,6 +939,7 @@ static const struct signature_alg rsa_wi
-     rsa_verify_signature,
-     rsa_create_signature
- };
-+#endif
- 
- static const struct signature_alg dsa_sha1_alg = {
-     "dsa-with-sha1",
-@@ -980,6 +984,7 @@ static const struct signature_alg md5_al
-     md5_verify_signature
- };
- 
-+#ifndef OPENSSL_NO_MD2
- static const struct signature_alg md2_alg = {
-     "rsa-md2",
-     oid_id_rsa_digest_md2,
-@@ -989,6 +994,7 @@ static const struct signature_alg md2_al
-     SIG_DIGEST,
-     md2_verify_signature
- };
-+#endif
- 
- /* 
-  * Order matter in this structure, "best" first for each "key
-@@ -1000,13 +1006,17 @@ static const struct signature_alg *sig_a
-     &rsa_with_sha1_alg,
-     &pkcs1_rsa_sha1_alg,
-     &rsa_with_md5_alg,
-+#ifndef OPENSSL_NO_MD2
-     &rsa_with_md2_alg,
-+#endif
-     &heim_rsa_pkcs1_x509,
-     &dsa_sha1_alg,
-     &sha256_alg,
-     &sha1_alg,
-     &md5_alg,
-+#ifndef OPENSSL_NO_MD2
-     &md2_alg,
-+#endif
-     NULL
- };
- 
-@@ -1432,10 +1442,12 @@ const AlgorithmIdentifier _hx509_signatu
-     { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
- };
- 
-+#ifndef OPENSSL_NO_MD2
- static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
- const AlgorithmIdentifier _hx509_signature_md2_data = { 
-     { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
- };
-+#endif
- 
- static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
- const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { 
-@@ -1462,10 +1474,12 @@ const AlgorithmIdentifier _hx509_signatu
-     { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
- };
- 
-+#ifndef OPENSSL_NO_MD2
- static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
- const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { 
-     { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
- };
-+#endif
- 
- static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
- const AlgorithmIdentifier _hx509_signature_rsa_data = { 
-@@ -1512,9 +1526,11 @@ const AlgorithmIdentifier *
- hx509_signature_md5(void)
- { return &_hx509_signature_md5_data; }
- 
-+#ifndef OPENSSL_NO_MD2
- const AlgorithmIdentifier *
- hx509_signature_md2(void)
- { return &_hx509_signature_md2_data; }
-+#endif
- 
- const AlgorithmIdentifier *
- hx509_signature_rsa_with_sha512(void)
-@@ -1536,9 +1552,11 @@ const AlgorithmIdentifier *
- hx509_signature_rsa_with_md5(void)
- { return &_hx509_signature_rsa_with_md5_data; }
- 
-+#ifndef OPENSSL_NO_MD2
- const AlgorithmIdentifier *
- hx509_signature_rsa_with_md2(void)
- { return &_hx509_signature_rsa_with_md2_data; }
-+#endif
- 
- const AlgorithmIdentifier *
- hx509_signature_rsa(void)
diff --git a/security/heimdal/patches/patch-au b/security/heimdal/patches/patch-au
deleted file mode 100644
index 7608841e1ee..00000000000
--- a/security/heimdal/patches/patch-au
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-au,v 1.1 2010/11/30 07:12:49 obache Exp $
-
---- lib/hx509/ks_p11.c.orig	2008-01-24 13:13:22.000000000 +0000
-+++ lib/hx509/ks_p11.c
-@@ -1142,7 +1142,9 @@ p11_printinfo(hx509_context context, 
- 		MECHNAME(CKM_SHA256, "sha256");
- 		MECHNAME(CKM_SHA_1, "sha1");
- 		MECHNAME(CKM_MD5, "md5");
-+#ifndef OPENSSL_NO_MD2
- 		MECHNAME(CKM_MD2, "md2");
-+#endif
- 		MECHNAME(CKM_RIPEMD160, "ripemd-160");
- 		MECHNAME(CKM_DES_ECB, "des-ecb");
- 		MECHNAME(CKM_DES_CBC, "des-cbc");
diff --git a/security/heimdal/patches/patch-lib_otp_Makefile.in b/security/heimdal/patches/patch-lib_otp_Makefile.in
new file mode 100644
index 00000000000..4adbb09ebdb
--- /dev/null
+++ b/security/heimdal/patches/patch-lib_otp_Makefile.in
@@ -0,0 +1,23 @@
+$NetBSD: patch-lib_otp_Makefile.in,v 1.1 2011/07/08 09:49:22 adam Exp $
+
+Fix linking.
+
+--- lib/otp/Makefile.in.orig	2011-06-25 11:48:35.000000000 +0000
++++ lib/otp/Makefile.in
+@@ -47,7 +47,6 @@ DIST_COMMON = $(include_HEADERS) $(srcdi
+ 	$(top_srcdir)/cf/Makefile.am.common ChangeLog
+ noinst_PROGRAMS = otptest$(EXEEXT)
+ check_PROGRAMS = otptest$(EXEEXT)
+-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+ subdir = lib/otp
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+@@ -404,7 +403,7 @@ otptest_LDADD = libotp.la
+ include_HEADERS = otp.h
+ lib_LTLIBRARIES = libotp.la
+ libotp_la_LDFLAGS = -version-info 1:5:1 $(am__append_1)
+-libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM)
++libotp_la_LIBADD = $(LIB_hcrypto) $(LIB_roken) $(LIB_NDBM) $(DBLIB)
+ @HAVE_DB3_FALSE@ndbm_wrap = 
+ @HAVE_DB3_TRUE@ndbm_wrap = ndbm_wrap.c ndbm_wrap.h
+ dist_libotp_la_SOURCES = \
author	adam <adam>	2011-07-08 09:49:21 +0000
committer	adam <adam>	2011-07-08 09:49:21 +0000
commit	7011f0b8466e7e6c15d8be0a131add505d692fd4 (patch)
tree	66865d4510816225b81ba8f512465d3ccb66f5f9 /security/heimdal/patches
parent	782a7c5e76e4329b241744f2afed62a0a145f944 (diff)
download	pkgsrc-7011f0b8466e7e6c15d8be0a131add505d692fd4.tar.gz