diff options
author | tez <tez@pkgsrc.org> | 2011-03-22 23:31:04 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2011-03-22 23:31:04 +0000 |
commit | 491d6a5a3b053c3ac671e5cabddcfac5ef5bc7a1 (patch) | |
tree | e0e514a488adef1298e2d9aaa2bd9fb13dc5a05d /security | |
parent | c8b298166dcbf934c9a8d8280b3bdfcc5488dfb3 (diff) | |
download | pkgsrc-491d6a5a3b053c3ac671e5cabddcfac5ef5bc7a1.tar.gz |
Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.
Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2
Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
Diffstat (limited to 'security')
64 files changed, 481 insertions, 2393 deletions
diff --git a/security/mit-krb5/DESCR b/security/mit-krb5/DESCR index 4d0405cb144..f8e0a5d6a52 100644 --- a/security/mit-krb5/DESCR +++ b/security/mit-krb5/DESCR @@ -5,5 +5,7 @@ client/server applications by using secret-key cryptography. (Kerberos This package provides Kerberos and GSSAPI (Generic Security Services Application Programming Interface) development headers and libraries. -It also includes Kerberos ticket and principal tools, and Kerberized -r-services, telnet and ftp services. +It also includes Kerberos ticket and principal tools. + +N.B. Kerberized r-services, telnet and ftp services are now found in + the security/mit-krb5-appl package. diff --git a/security/mit-krb5/MESSAGE b/security/mit-krb5/MESSAGE new file mode 100644 index 00000000000..296f99bbf85 --- /dev/null +++ b/security/mit-krb5/MESSAGE @@ -0,0 +1,12 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2011/03/22 23:31:04 tez Exp $ + +Please beware that the Kerberized r-services, telnetd and ftpd services and +the related client applications are no longer included in this package. +They are now found in security/mit-krb5-appl. + +Also to interoperate with older kerberos realms, you may need to set + allow_weak_crypto = true +in the [libdefaults] section of your krb5.conf file + +=========================================================================== diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 35ce0e42992..2880da99752 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,15 +1,19 @@ -# $NetBSD: Makefile,v 1.50 2010/12/03 20:11:31 tez Exp $ +# $NetBSD: Makefile,v 1.51 2011/03/22 23:31:04 tez Exp $ -DISTNAME= krb5-1.4.2 -PKGNAME= mit-${DISTNAME:S/-signed$//} -PKGREVISION= 11 +DISTNAME= krb5-1.8.3 +PKGNAME= mit-${DISTNAME} +PKGREVISION= 3 CATEGORIES= security -MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.4/ +MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.8/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} EXTRACT_SUFX= .tar +PATCH_SITES= http://web.mit.edu/kerberos/advisories/ + +PATCHFILES= 2010-006-patch.txt 2010-007-patch.txt 2011-001-patch.txt 2011-002-patch-r18.txt 2011-003-patch.txt + MAINTAINER= tez@NetBSD.org -HOMEPAGE= http://web.mit.edu/kerberos/www/ +HOMEPAGE= http://web.mit.edu/kerberos/ COMMENT= MIT Kerberos 5 authentication system PKG_DESTDIR_SUPPORT= user-destdir @@ -17,12 +21,16 @@ MAKE_JOBS_SAFE= no WRKSRC= ${WRKDIR}/${DISTNAME}/src +BUILD_TARGET= generate-files-mac all + .include "../../mk/bsd.prefs.mk" CONFLICTS+= heimdal-[0-9]* CONFLICTS+= kth-krb4-[0-9]* -USE_TOOLS+= autoconf gzcat yacc +USE_TOOLS+= autoconf perl yacc m4 +USE_TOOLS+= gmake +MAKE_PROGRAM= gmake GNU_CONFIGURE= yes USE_LIBTOOL= yes @@ -35,128 +43,47 @@ BUILD_DEFS+= VARBASE CONFIGURE_ARGS+= --localstatedir=${MIT_KRB5_STATEDIR:Q} CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} CONFIGURE_ARGS+= --enable-shared -CONFIGURE_ARGS+= --enable-pkgsrc-libtool -CONFIGURE_ARGS+= --enable-dns +CONFIGURE_ARGS+= --enable-dns-for-realm CONFIGURE_ARGS+= --enable-kdc-replay-cache CONFIGURE_ARGS+= --disable-thread-support -CONFIGURE_ARGS+= --without-krb4 CONFIGURE_ARGS+= --without-tcl +CONFIGURE_ARGS+= --enable-pkgsrc-libtool MAKE_ENV+= ROOT_USER=${ROOT_USER:Q} -PKG_OPTIONS_VAR= PKG_OPTIONS.mit-krb5 -PKG_SUPPORTED_OPTIONS= kerberos-prefix-cmds +PATCH_DIST_ARGS= -d ${WRKSRC} -p2 -.include "../../mk/bsd.options.mk" - -# Rename some of MIT krb5's applications so they won't conflict with -# other packages. -# -.if !empty(PKG_OPTIONS:Mkerberos-prefix-cmds) -KRB5_PREFIX= k -MIT_KRB5_TRANSFORM= s/^ftp/${KRB5_PREFIX}&/; \ - s/^rcp/${KRB5_PREFIX}&/; \ - s/^rlogin/${KRB5_PREFIX}&/; \ - s/^rsh/${KRB5_PREFIX}&/; \ - s/^telnet/${KRB5_PREFIX}&/ -.else -KRB5_PREFIX= # empty -MIT_KRB5_TRANSFORM= s/^ftp/k&/ -.endif -PLIST_SUBST+= KRB5_PREFIX=${KRB5_PREFIX:Q} -CONFIGURE_ARGS+= --program-transform-name=${MIT_KRB5_TRANSFORM:Q} - -# Fix some places in the MIT krb5 sources that don't point to the correct -# Kerberized binaries when exec'ing programs. -# -SUBST_CLASSES+= mit-krb5 -SUBST_STAGE.mit-krb5= pre-configure -SUBST_FILES.mit-krb5= appl/bsd/Makefile.in include/krb5/stock/osconf.h -SUBST_SED.mit-krb5= -e "/KRB5_PATH_RLOGIN/s,/rlogin,/${KRB5_PREFIX}rlogin,g" - -# Fix autoconf incompatibility in new versions where substitutions won't be -# processed properly. For more details see: -# http://mailman.mit.edu/pipermail/krb5-bugs/2006-June/004587.html -SUBST_CLASSES+= frag -SUBST_STAGE.frag= post-patch -SUBST_FILES.frag= appl/telnet/libtelnet/Makefile.in \ - lib/apputils/Makefile.in \ - lib/crypto/Makefile.in \ - lib/crypto/aes/Makefile.in \ - lib/crypto/arcfour/Makefile.in \ - lib/crypto/crc32/Makefile.in \ - lib/crypto/des/Makefile.in \ - lib/crypto/dk/Makefile.in \ - lib/crypto/enc_provider/Makefile.in \ - lib/crypto/hash_provider/Makefile.in \ - lib/crypto/keyhash_provider/Makefile.in \ - lib/crypto/md4/Makefile.in \ - lib/crypto/md5/Makefile.in \ - lib/crypto/old/Makefile.in \ - lib/crypto/raw/Makefile.in \ - lib/crypto/sha1/Makefile.in \ - lib/crypto/yarrow/Makefile.in \ - lib/des425/Makefile.in \ - lib/gssapi/Makefile.in \ - lib/gssapi/generic/Makefile.in \ - lib/gssapi/krb5/Makefile.in \ - lib/kadm5/Makefile.in \ - lib/kadm5/clnt/Makefile.in \ - lib/kadm5/srv/Makefile.in \ - lib/kdb/Makefile.in \ - lib/krb4/Makefile.in \ - lib/krb5/Makefile.in \ - lib/krb5/asn.1/Makefile.in \ - lib/krb5/ccache/Makefile.in \ - lib/krb5/error_tables/Makefile.in \ - lib/krb5/keytab/Makefile.in \ - lib/krb5/krb/Makefile.in \ - lib/krb5/os/Makefile.in \ - lib/krb5/posix/Makefile.in \ - lib/krb5/rcache/Makefile.in \ - lib/rpc/Makefile.in \ - util/db2/Makefile.in \ - util/db2/btree/Makefile.in \ - util/db2/clib/Makefile.in \ - util/db2/db/Makefile.in \ - util/db2/hash/Makefile.in \ - util/db2/mpool/Makefile.in \ - util/db2/recno/Makefile.in \ - util/et/Makefile.in \ - util/profile/Makefile.in \ - util/pty/Makefile.in \ - util/ss/Makefile.in \ - util/support/Makefile.in -SUBST_SED.frag= -e "s/^\#.\\(@lib.*_frag@\\)/\\1/g" - -INFO_FILES= # PLIST +INFO_FILES= YES OWN_DIRS_PERMS= ${MIT_KRB5_STATEDIR}/krb5kdc \ ${ROOT_USER} ${ROOT_GROUP} 0700 RCD_SCRIPTS= kadmind kdc INSTALLATION_DIRS= bin include/gssapi include/gssrpc ${PKGINFODIR} \ - lib ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 \ - ${PKGMANDIR}/man8 sbin share/examples/krb5 + ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 \ + ${PKGMANDIR}/man8 sbin share/examples/krb5 \ + share/et share/examples/rc.d share/gnats \ + lib/krb5/plugins/kdb lib/krb5/plugins/preauth \ + include/krb5 include/kadm5 # The MIT krb5 distribution is actually a tar file that contains the # real .tar.gz distfile and a PGP signature. # post-extract: + @${ECHO} "=> Extracting internal tarball"; \ extract_file="${WRKDIR}/${DISTNAME}.tar.gz"; \ cd ${WRKDIR} && ${EXTRACT_CMD} pre-configure: - cd ${WRKSRC}; ${FIND} . -name configure -print | \ - ${XARGS} -n 1 ${DIRNAME} | \ - while read dir; do \ - ${ECHO} "=> Generating configure in $$dir"; \ - (cd $$dir && autoconf -I ${WRKSRC} -f); \ - done + @${ECHO} "=> Generating configure"; \ + cd ${WRKSRC}; autoconf -I ${WRKSRC} -f; post-install: - cd ${WRKSRC}/../doc; for f in *.info *.info-[0-9]*; do \ + @${ECHO} "=> Installing info files"; \ + cd ${WRKDIR}/${DISTNAME}/doc; \ + for f in *.info *.info-[0-9]*; do \ ${TEST} ! -f "$$f" || \ - ${INSTALL_MAN} "$$f" ${DESTDIR}${PREFIX}/${PKGINFODIR}; \ + ${INSTALL_MAN} "$$f" ${DESTDIR}${PREFIX}/${PKGINFODIR}; \ done +.include "../../security/openssl/buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/mit-krb5/PLIST b/security/mit-krb5/PLIST index 79c5197ff5c..52bec8c0996 100644 --- a/security/mit-krb5/PLIST +++ b/security/mit-krb5/PLIST @@ -1,23 +1,23 @@ -@comment $NetBSD: PLIST,v 1.13 2009/06/14 18:13:32 joerg Exp $ +@comment $NetBSD: PLIST,v 1.14 2011/03/22 23:31:04 tez Exp $ bin/compile_et bin/gss-client +bin/k5srvutil +bin/kadmin bin/kdestroy -bin/kftp bin/kinit bin/klist bin/kpasswd bin/krb5-config -bin/${KRB5_PREFIX}rcp -bin/${KRB5_PREFIX}rlogin -bin/${KRB5_PREFIX}rsh bin/ksu -bin/${KRB5_PREFIX}telnet +bin/ktutil bin/kvno bin/sclient bin/sim_client bin/uuclient include/com_err.h +include/gssapi.h include/gssapi/gssapi.h +include/gssapi/gssapi_ext.h include/gssapi/gssapi_generic.h include/gssapi/gssapi_krb5.h include/gssrpc/auth.h @@ -25,6 +25,7 @@ include/gssrpc/auth_gss.h include/gssrpc/auth_gssapi.h include/gssrpc/auth_unix.h include/gssrpc/clnt.h +include/gssapi/mechglue.h include/gssrpc/netdb.h include/gssrpc/pmap_clnt.h include/gssrpc/pmap_prot.h @@ -36,72 +37,65 @@ include/gssrpc/svc.h include/gssrpc/svc_auth.h include/gssrpc/types.h include/gssrpc/xdr.h +include/kadm5/admin.h +include/kadm5/chpass_util_strings.h +include/kadm5/kadm_err.h +include/kdb.h include/krb5.h +include/krb5/krb5.h +include/krb5/locate_plugin.h include/profile.h -info/krb425.info info/krb5-admin.info info/krb5-install.info info/krb5-user.info lib/libcom_err.la -lib/libdes425.la lib/libgssapi_krb5.la lib/libgssrpc.la lib/libk5crypto.la lib/libkadm5clnt.la +lib/libkadm5clnt_mit.la lib/libkadm5srv.la +lib/libkadm5srv_mit.la lib/libkdb5.la lib/libkrb5.la lib/libkrb5support.la +lib/krb5/plugins/kdb/libdb2.la +lib/krb5/plugins/preauth/libencrypted_challenge.la +lib/krb5/plugins/preauth/libpkinit.la man/man1/compile_et.1 +man/man1/k5srvutil.1 +man/man1/kadmin.1 man/man1/kdestroy.1 man/man1/kerberos.1 -man/man1/kftp.1 man/man1/kinit.1 man/man1/klist.1 man/man1/kpasswd.1 man/man1/krb5-config.1 man/man1/krb5-send-pr.1 -man/man1/${KRB5_PREFIX}rcp.1 -man/man1/${KRB5_PREFIX}rlogin.1 -man/man1/${KRB5_PREFIX}rsh.1 man/man1/ksu.1 -man/man1/${KRB5_PREFIX}telnet.1 +man/man1/ktutil.1 man/man1/kvno.1 man/man1/sclient.1 man/man5/.k5login.5 man/man5/kdc.conf.5 man/man5/krb5.conf.5 -man/man8/k5srvutil.8 -man/man8/kadmin.8 man/man8/kadmin.local.8 man/man8/kadmind.8 man/man8/kdb5_util.8 -man/man8/kftpd.8 -man/man8/klogind.8 man/man8/kprop.8 man/man8/kpropd.8 +man/man8/kproplog.8 man/man8/krb5kdc.8 -man/man8/kshd.8 -man/man8/${KRB5_PREFIX}telnetd.8 -man/man8/ktutil.8 -man/man8/login.krb5.8 man/man8/sserver.8 sbin/gss-server -sbin/k5srvutil -sbin/kadmin sbin/kadmin.local sbin/kadmind sbin/kdb5_util -sbin/kftpd -sbin/klogind sbin/kprop sbin/kpropd +sbin/kproplog sbin/krb5-send-pr sbin/krb5kdc -sbin/kshd -sbin/${KRB5_PREFIX}telnetd -sbin/ktutil -sbin/login.krb5 sbin/sim_server sbin/sserver sbin/uuserver diff --git a/security/mit-krb5/buildlink3.mk b/security/mit-krb5/buildlink3.mk index c28799aa577..a3829874b2c 100644 --- a/security/mit-krb5/buildlink3.mk +++ b/security/mit-krb5/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.9 2009/03/20 19:25:20 joerg Exp $ +# $NetBSD: buildlink3.mk,v 1.10 2011/03/22 23:31:04 tez Exp $ BUILDLINK_TREE+= mit-krb5 diff --git a/security/mit-krb5/builtin.mk b/security/mit-krb5/builtin.mk index 613a7dc0857..ff0339adbdf 100644 --- a/security/mit-krb5/builtin.mk +++ b/security/mit-krb5/builtin.mk @@ -1,4 +1,4 @@ -# $NetBSD: builtin.mk,v 1.5 2010/12/05 21:56:55 adam Exp $ +# $NetBSD: builtin.mk,v 1.6 2011/03/22 23:31:04 tez Exp $ BUILTIN_PKG:= mit-krb5 @@ -56,10 +56,10 @@ USE_BUILTIN.mit-krb5= ${IS_BUILTIN.mit-krb5} . if defined(BUILTIN_PKG.mit-krb5) && \ !empty(IS_BUILTIN.mit-krb5:M[yY][eE][sS]) USE_BUILTIN.mit-krb5= yes -. for _dep_ in ${BUILDLINK_API_DEPENDS.mit-krb5} +. for dep__ in ${BUILDLINK_API_DEPENDS.mit-krb5} . if !empty(USE_BUILTIN.mit-krb5:M[yY][eE][sS]) USE_BUILTIN.mit-krb5!= \ - if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.mit-krb5:Q}; then \ + if ${PKG_ADMIN} pmatch ${dep__:Q} ${BUILTIN_PKG.mit-krb5:Q}; then \ ${ECHO} "yes"; \ else \ ${ECHO} "no"; \ diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 8600f3ac5e2..9a9cd8fa509 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,59 +1,35 @@ -$NetBSD: distinfo,v 1.26 2010/12/03 20:11:31 tez Exp $ +$NetBSD: distinfo,v 1.27 2011/03/22 23:31:04 tez Exp $ -SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 -RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f -Size (krb5-1.4.2-signed.tar) = 6696960 bytes -SHA1 (patch-aa) = 17e0934ea2ef21b3457fba54cf3d1c36de2da479 -SHA1 (patch-ab) = 9650a9c8b6191d6feb99c01ba37b2e60f266e6e9 -SHA1 (patch-ac) = 10884715858367214a562d7d631312c7f8ca1e0e -SHA1 (patch-ad) = c0beee554840aa80dba0e72bda21b4cf63ec2044 -SHA1 (patch-ae) = fc6d5e11cd827cdfbe1bfc3a3c7ca9f5a71c17d7 -SHA1 (patch-af) = c9631743e3c93aee2aab5c8a370e9bebfc4084e5 -SHA1 (patch-ag) = 5da57455f36a2bd40e0f97db94e93249e90e0b8e -SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f -SHA1 (patch-ai) = 5b0f1ae222e50eb0eb3ed98c79188318ae0969b5 -SHA1 (patch-aj) = 5c633571ea932ce349065cbb4c3bf482cc971675 -SHA1 (patch-ak) = 9d95372fd8edddbf0366e83a51d7a0b8a507f218 -SHA1 (patch-al) = fb611fe47bd7c773d7baf11424e90cd3af70c422 -SHA1 (patch-am) = 050690479d75c5df6e89424bac594ab48ae98a8c -SHA1 (patch-an) = ccf76eecb4a0f3b4c7addd37ab8391dc831caa41 -SHA1 (patch-ao) = 22f907ce8c6d66582523b05326a9e8d56ae28401 -SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65 -SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02 -SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a -SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34 -SHA1 (patch-at) = f5837580b496c454a35a3d8b955e5209074c267d -SHA1 (patch-au) = 238f497afd9ad129babc0b6c727eb23e9915536c -SHA1 (patch-av) = db0fce68f58307be4c359758f2c9b31d62ab8348 -SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67 -SHA1 (patch-ax) = d403c910211e48c6d1dc27cb2dd98d5f20cc688d -SHA1 (patch-ay) = 9f54c79c105d7baca3f1efa68a25f9b39dbf7683 -SHA1 (patch-az) = 79fd9cbbf34287b78d5c6c2faf72e147457f7f37 -SHA1 (patch-ba) = b413b82de3248600beb003456cde811637d05206 -SHA1 (patch-bb) = 156d3341d1cf40cfbe5833f7ad68b5aec297d3fb -SHA1 (patch-bc) = 8b422991ca22903596cf157ea3603abb741c50a5 -SHA1 (patch-bd) = 8cf0425d2fedea452f80fa599f3c4515e51d834c -SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d -SHA1 (patch-bf) = 1e16b6cbe51a5aa07ac7c7c3c343e82bf16dcde6 -SHA1 (patch-bg) = fa70e00a2eb283782c9960a2c74a879862b979c5 -SHA1 (patch-bh) = 761ca395732d3f3eac0bc1fdbec0ad65aeea8df0 -SHA1 (patch-bi) = ab91152460485ede492573ce379461e892196647 -SHA1 (patch-bj) = d0deae92b8b4d9ad671c98ccb3debd7a4216f646 -SHA1 (patch-bk) = 9bf37086a4e7661e8aacc2736d21f61db154263e -SHA1 (patch-bl) = d1239c8c8279680a97f7c555907ac1b4ccfca6b4 -SHA1 (patch-bm) = d8e46f448fa4a51e3b8a42279cf1ab54b0598dd3 -SHA1 (patch-bn) = 82c6f98474f31e1e231d3e89d6a24e20ec7fd123 -SHA1 (patch-bo) = dcfeab32537f8b89e3ed6a52a69601e3e7822e35 -SHA1 (patch-bp) = 5308176a1229b5ac0d0f24eb2f657fdf48935f80 -SHA1 (patch-bq) = 546e2b0260e4197b44f1f5a6f7a03f72125c768b -SHA1 (patch-br) = da7884aa9a1ba79e7e31416bf06f74bcc71b2c01 -SHA1 (patch-bs) = b652562c4e545d41fbbfa6676b10b68823ebfbd8 -SHA1 (patch-bt) = 1398369698cc9c029957723c25dbdf53754cf373 -SHA1 (patch-bu) = bf0688bd703c3dcfa27934e0a6bc43230251512e -SHA1 (patch-bv) = b07fc44dcc577bffece1eb85f5f93e4c10a58e00 -SHA1 (patch-bw) = ffdf13931306b15b9282863926f769f079ffe8f9 -SHA1 (patch-bx) = d0e54b7e50f066c0680e982bb251c763e9104e24 -SHA1 (patch-ca) = 93c234c007f2dafa0221d1bd1d3ed4953fc116c9 -SHA1 (patch-cb) = 9d892ed2993178085dd7df565afb794fe18f0f06 -SHA1 (patch-cc) = 6fe639b33da7756f6e9ad1a03e2f40d74ddb9c6d -SHA1 (patch-cd) = 8339ac4305865b8e540a0f1bb14c1f1478447c0b +SHA1 (2010-006-patch.txt) = 600f0890de65f96112f267b56317a4fd0166cba0 +RMD160 (2010-006-patch.txt) = fc262a23e9aa118262a4258f74832445062444e4 +Size (2010-006-patch.txt) = 1066 bytes +SHA1 (2010-007-patch.txt) = a6fbc3b6ab15ca98c1aa1521fd42dad1f5003ee8 +RMD160 (2010-007-patch.txt) = 848b776218473200e5a54beb4f3adfc3db915cf4 +Size (2010-007-patch.txt) = 7908 bytes +SHA1 (2011-001-patch.txt) = 79ece8b1c140deb2c01bfb64af575636b9bc7704 +RMD160 (2011-001-patch.txt) = 62a7b2b0d4acbca919fd9df52e707bf0b9fff076 +Size (2011-001-patch.txt) = 632 bytes +SHA1 (2011-002-patch-r18.txt) = 574a3c82ad7d3c9a1c9c62c6ff95c2d6f0e0fc96 +RMD160 (2011-002-patch-r18.txt) = 23cb2560f0d87e6128cdbb12f1e7d8aae85f85f5 +Size (2011-002-patch-r18.txt) = 6130 bytes +SHA1 (2011-003-patch.txt) = 1c72390c5d629eee592e5cb0c2b600b376e2fdc5 +RMD160 (2011-003-patch.txt) = 9b0d172a1abfaf437edacc9f18fd0a6e83028b3e +Size (2011-003-patch.txt) = 544 bytes +SHA1 (krb5-1.8.3-signed.tar) = 69696f63b6c2b0e3238156b19eed68cecd661c6b +RMD160 (krb5-1.8.3-signed.tar) = bdf3a505e4b2447af0c9080b441918d665dcdd9c +Size (krb5-1.8.3-signed.tar) = 11642880 bytes +SHA1 (patch-aa) = cd8cdc594bc872d641ceaba0aa0d91b5f1caf2ae +SHA1 (patch-ad) = 49a9429d163adb872b1c97ade8ed0e13d8eec3cb +SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd +SHA1 (patch-af) = 245b6dea2eff9da9911ac6eabf2ebdbe7fdac305 +SHA1 (patch-ag) = f8daf2dd247365d506e117cb49c5d0f50e9822ed +SHA1 (patch-ah) = 922542765f73dc25c464715c29c8d63c9cd9c718 +SHA1 (patch-aj) = 8a00ca30db3c9c3c9a2f7506cdc4c5b20f7f42c6 +SHA1 (patch-ak) = 9ba29870084dfcd3f6f66e801b42d6577cda004a +SHA1 (patch-al) = 8660b932c999d5b3ac63be27fc1013cceff368b9 +SHA1 (patch-ce) = 72ec322894facfd75a010f82372cfa9ef96afb5f +SHA1 (patch-cf) = 651f223a5c3dff566d0b5c5279d47538576c5979 +SHA1 (patch-cg) = 8c89dd960ebbe444534a849827c78f077cce499b +SHA1 (patch-ch) = 0e36012b43c498b8920f204bab2ba9a68f8c851a +SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970 +SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b diff --git a/security/mit-krb5/patches/patch-aa b/security/mit-krb5/patches/patch-aa index 88fe13549e4..a4c17b0d070 100644 --- a/security/mit-krb5/patches/patch-aa +++ b/security/mit-krb5/patches/patch-aa @@ -1,31 +1,30 @@ -$NetBSD: patch-aa,v 1.2 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-aa,v 1.3 2011/03/22 23:31:04 tez Exp $ ---- aclocal.m4.orig 2005-01-14 19:10:44.000000000 -0500 -+++ aclocal.m4 -@@ -1113,8 +1113,10 @@ dnl Pull in the necessary stuff to creat - - AC_DEFUN(KRB5_BUILD_LIBRARY, - [KRB5_BUILD_LIBRARY_WITH_DEPS --# null out SHLIB_EXPFLAGS because we lack any dependencies --SHLIB_EXPFLAGS=]) -+# null out SHLIB_EXPFLAGS and LALIB_EXPFLAGS because we lack any dependencies -+SHLIB_EXPFLAGS= -+LALIB_EXPFLAGS= -+]) - - dnl - dnl KRB5_BUILD_LIBRARY_STATIC -@@ -1162,6 +1164,9 @@ AC_SUBST(SHLIBVEXT) +Don't make sunpro warnings into errors (warnings are seen in gcc too) +Add --enable-pkgsrc-libtool option + +--- aclocal.m4.orig 2009-11-22 11:00:45.000000000 -0600 ++++ aclocal.m4 2011-01-07 17:00:12.222547100 -0600 +@@ -620,7 +620,7 @@ + # works, but it also means that declaration-in-code warnings won't + # be issued. + # -v -fd -errwarn=E_DECLARATION_IN_CODE ... +- WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED,E_ATTRIBUTE_PARAM_UNDEFINED" ++ WARN_CFLAGS="-errtags=yes" + WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" + fi + fi +@@ -1090,6 +1090,9 @@ AC_SUBST(SHLIBSEXT) AC_SUBST(DEPLIBEXT) AC_SUBST(PFLIBEXT) +AC_SUBST(LALIBEXT) +AC_SUBST(LALIB_EXPFLAGS) +AC_SUBST(LIBTOOL_TAIL) - AC_SUBST(LIBINSTLIST)]) - - dnl -@@ -1175,6 +1180,7 @@ AC_SUBST(OBJLISTS) + AC_SUBST(LIBINSTLIST) + AC_SUBST(DYNOBJEXT) + AC_SUBST(MAKE_DYNOBJ_COMMAND) +@@ -1106,6 +1109,7 @@ AC_SUBST(STOBJEXT) AC_SUBST(SHOBJEXT) AC_SUBST(PFOBJEXT) @@ -33,18 +32,14 @@ $NetBSD: patch-aa,v 1.2 2005/04/10 07:15:25 jlam Exp $ AC_SUBST(PICFLAGS) AC_SUBST(PROFFLAGS)]) -@@ -1226,6 +1232,8 @@ else - LIBINSTLIST=install-static - DEPLIBEXT=$STLIBEXT +@@ -1214,11 +1218,42 @@ + KDB5_PLUGIN_DEPLIBS= + KDB5_PLUGIN_LIBS= fi +DEPSTLIBEXT=$STLIBEXT +AC_SUBST(DEPSTLIBEXT) - - # Check whether to build shared libraries. - AC_ARG_ENABLE([shared], -@@ -1284,8 +1292,35 @@ else - SHLIBSEXT=.so.s-nobuild - fi + CC_LINK="$CC_LINK_SHARED" + CXX_LINK="$CXX_LINK_SHARED" +# Check whether to build libtool archives. +AC_ARG_ENABLE([pkgsrc-libtool], @@ -61,6 +56,8 @@ $NetBSD: patch-aa,v 1.2 2005/04/10 07:15:25 jlam Exp $ + LIBINSTLIST=install-libtool + DEPLIBEXT=$LALIBEXT + DEPSTLIBEXT=$LALIBEXT ++ PLUGIN='lib$(LIBBASE)$(LALIBEXT)' ++ PLUGININST=install-libtool + CC_LINK="$CC_LINK_LIBTOOL" + INSTALL_LIBTOOL='$(LIBTOOL) --mode=install' + if test "$krb5_force_static" = yes; then diff --git a/security/mit-krb5/patches/patch-ad b/security/mit-krb5/patches/patch-ad index 1fe78288101..f9cdc3bd0e7 100644 --- a/security/mit-krb5/patches/patch-ad +++ b/security/mit-krb5/patches/patch-ad @@ -1,8 +1,10 @@ -$NetBSD: patch-ad,v 1.4 2010/03/26 21:44:59 joerg Exp $ +$NetBSD: patch-ad,v 1.5 2011/03/22 23:31:04 tez Exp $ ---- config/lib.in.orig 2005-04-07 21:38:51.000000000 +0000 -+++ config/lib.in -@@ -26,8 +26,9 @@ +Add --enable-pkgsrc-libtool option + +--- config/lib.in.orig 2010-12-12 17:13:42.864774300 -0600 ++++ config/lib.in 2010-12-12 17:24:08.783385600 -0600 +@@ -29,8 +29,9 @@ # STOBJLISTS=dir1/OBJS.ST dir2/OBJS.ST etc... SHOBJLISTS=$(STOBJLISTS:.ST=.SH) PFOBJLISTS=$(STOBJLISTS:.ST=.PF) @@ -12,8 +14,8 @@ $NetBSD: patch-ad,v 1.4 2010/03/26 21:44:59 joerg Exp $ +dummy-target-1 $(SUBDIROBJLISTS) $(SUBDIROBJLISTS:.ST=.SH) $(SUBDIROBJLISTS:.ST=.PF) $(SUBDIROBJLISTS:.ST=.LA): all-recurse # Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files - PARSE_OBJLISTS= set -x && $(PERL) -p -e '$$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;' -@@ -90,6 +91,21 @@ lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS) + PARSE_OBJLISTS= set -x && $(PERL) -p -e 'BEGIN { $$SIG{__WARN__} = sub {die @_} }; $$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;' +@@ -99,6 +100,21 @@ set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist $(RANLIB) $@ @@ -35,15 +37,15 @@ $NetBSD: patch-ad,v 1.4 2010/03/26 21:44:59 joerg Exp $ $(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT): lib$(LIBBASE)$(STLIBEXT) $(RM) $@ (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(STLIBEXT) .) -@@ -115,6 +131,7 @@ clean-libs: +@@ -124,6 +140,7 @@ $(RM) lib$(LIBBASE)$(SHLIBSEXT) $(RM) lib$(LIBBASE)$(SHLIBEXT) $(RM) lib$(LIBBASE)$(PFLIBEXT) + $(LIBTOOL) --mode=uninstall $(RM) ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) - $(RM) binutils.versions osf1.exports + $(RM) binutils.versions osf1.exports darwin.exports hpux10.exports clean-liblinks: -@@ -123,6 +140,7 @@ clean-liblinks: +@@ -132,6 +149,7 @@ $(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT) $(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(RM) $(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT) @@ -51,13 +53,13 @@ $NetBSD: patch-ad,v 1.4 2010/03/26 21:44:59 joerg Exp $ install-libs: $(LIBINSTLIST) install-static: -@@ -143,6 +161,9 @@ install-profiled: +@@ -152,6 +170,9 @@ $(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT) $(INSTALL_DATA) lib$(LIBBASE)$(PFLIBEXT) $(DESTDIR)$(KRB5_LIBDIR) $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT) +install-libtool: + $(LIBTOOL) --mode=uninstall $(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(LALIBEXT) -+ $(LIBTOOL) --mode=install $(INSTALL_DATA) ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) $(DESTDIR)$(KRB5_LIBDIR) ++ $(LIBTOOL) --mode=install $(INSTALL_SHLIB) ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) $(DESTDIR)$(KRB5_LIBDIR) - Makefile: $(SRCTOP)/config/lib.in - $(thisconfigdir)/config.status: $(SRCTOP)/config/shlib.conf + Makefile: $(top_srcdir)/config/lib.in + $(BUILDTOP)/config.status: $(top_srcdir)/config/shlib.conf diff --git a/security/mit-krb5/patches/patch-ae b/security/mit-krb5/patches/patch-ae index 6d57c8c0ca8..3827e85c94d 100644 --- a/security/mit-krb5/patches/patch-ae +++ b/security/mit-krb5/patches/patch-ae @@ -1,7 +1,9 @@ -$NetBSD: patch-ae,v 1.2 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-ae,v 1.3 2011/03/22 23:31:04 tez Exp $ ---- config/libobj.in.orig 2004-05-05 18:50:42.000000000 -0400 -+++ config/libobj.in +Add --enable-pkgsrc-libtool option + +--- config/libobj.in.orig 2010-12-12 17:25:51.187240600 -0600 ++++ config/libobj.in 2010-12-12 17:27:15.877207200 -0600 @@ -7,11 +7,13 @@ # STLIBOBJS list of .o objects; this must not contain variable # references. @@ -17,9 +19,9 @@ $NetBSD: patch-ae,v 1.2 2005/04/10 07:15:25 jlam Exp $ # rules to generate object file lists -@@ -24,10 +26,13 @@ OBJS.SH: $(SHLIBOBJS) Makefile - OBJS.PF: $(PFLIBOBJS) Makefile +@@ -27,10 +29,13 @@ @echo $(PFLIBOBJS) > $@ + : updated $@ +OBJS.LA: $(LALIBOBJS) Makefile + @echo $(LALIBOBJS) > $@ @@ -30,5 +32,5 @@ $NetBSD: patch-ae,v 1.2 2005/04/10 07:15:25 jlam Exp $ - $(RM) OBJS.ST OBJS.SH OBJS.PF $(STLIBOBJS) $(SHLIBOBJS) $(PFLIBOBJS) + $(RM) OBJS.ST OBJS.SH OBJS.PF OBJS.LA $(STLIBOBJS) $(SHLIBOBJS) $(PFLIBOBJS) $(LALIBOBJS) - Makefile: $(SRCTOP)/config/libobj.in - config.status: $(SRCTOP)/config/shlib.conf + Makefile: $(top_srcdir)/config/libobj.in + config.status: $(top_srcdir)/config/shlib.conf diff --git a/security/mit-krb5/patches/patch-af b/security/mit-krb5/patches/patch-af index 9f215af682c..4390ee08530 100644 --- a/security/mit-krb5/patches/patch-af +++ b/security/mit-krb5/patches/patch-af @@ -1,16 +1,19 @@ -$NetBSD: patch-af,v 1.3 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-af,v 1.4 2011/03/22 23:31:04 tez Exp $ ---- config/pre.in.orig 2004-11-19 16:47:51.000000000 -0500 -+++ config/pre.in -@@ -159,6 +159,7 @@ CFLAGS = @CFLAGS@ - PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +Add --enable-pkgsrc-libtool option +Use $(ROOT_USER) in place of root + +--- config/pre.in.orig 2010-01-21 16:49:01.000000000 -0600 ++++ config/pre.in 2010-12-12 17:39:24.427787200 -0600 +@@ -170,6 +170,7 @@ + THREAD_LINKOPTS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS) CPPFLAGS = @CPPFLAGS@ DEFS = @DEFS@ +LIBTOOL = @LIBTOOL@ CC = @CC@ + CXX = @CXX@ LD = $(PURE) @LD@ - DEPLIBS = @DEPLIBS@ -@@ -176,11 +177,12 @@ CLNTDEPLIBS = @CLNTDEPLIBS@ +@@ -183,11 +184,12 @@ INSTALL=@INSTALL@ INSTALL_STRIP= @@ -22,11 +25,11 @@ $NetBSD: patch-af,v 1.3 2005/04/10 07:15:25 jlam Exp $ INSTALL_DATA=@INSTALL_DATA@ INSTALL_SHLIB=@INSTALL_SHLIB@ -INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root -+INSTALL_SETUID=$(INSTALL_LIBTOOL) $(INSTALL) $(INSTALL_STRIP) -m 4755 -o $(ROOT_USER) ++INSTALL_SETUID=$(INSTALL_LIBTOOL) $(INSTALL) $(INSTALL_STRIP) -m 4555 -o $(ROOT_USER) ## This is needed because autoconf will sometimes define @exec_prefix@ to be ## ${prefix}. prefix=@prefix@ -@@ -298,6 +300,10 @@ RPATH_FLAG=@RPATH_FLAG@ +@@ -313,6 +315,10 @@ # depending on whether we're building with shared libraries. DEPLIBEXT=@DEPLIBEXT@ @@ -34,10 +37,10 @@ $NetBSD: patch-af,v 1.3 2005/04/10 07:15:25 jlam Exp $ +# depending on whether we're building libtool archives. +DEPSTLIBEXT=@DEPSTLIBEXT@ + - KADMCLNT_DEPLIB = $(TOPLIBD)/libkadm5clnt$(DEPLIBEXT) - KADMSRV_DEPLIB = $(TOPLIBD)/libkadm5srv$(DEPLIBEXT) - KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT) -@@ -316,13 +322,13 @@ COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_er + KDB5_PLUGIN_DEPLIBS = @KDB5_PLUGIN_DEPLIBS@ + KDB5_PLUGIN_LIBS = @KDB5_PLUGIN_LIBS@ + +@@ -329,12 +335,12 @@ SUPPORT_LIBNAME=krb5support SUPPORT_DEPLIB = $(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(DEPLIBEXT) @@ -48,41 +51,39 @@ $NetBSD: patch-af,v 1.3 2005/04/10 07:15:25 jlam Exp $ -SS_DEPLIB-k5 = $(TOPLIBD)/libss.a +SS_DEPLIB-k5 = $(TOPLIBD)/libss$(DEPSTLIBEXT) SS_DEPLIB-sys = --PTY_DEPLIB = $(TOPLIBD)/libpty.a -APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a -+PTY_DEPLIB = $(TOPLIBD)/libpty$(DEPSTLIBEXT) +APPUTILS_DEPLIB = $(TOPLIBD)/libapputils$(DEPSTLIBEXT) KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) - KRB4COMPAT_DEPLIBS = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS) -@@ -363,7 +369,7 @@ GEN_LIB = @GEN_LIB@ + KDB5_DEPLIBS = $(KDB5_DEPLIB) $(KDB5_PLUGIN_DEPLIBS) +@@ -364,7 +370,7 @@ SS_LIB = $(SS_LIB-@SS_VERSION@) SS_LIB-sys = @SS_LIB@ -SS_LIB-k5 = $(TOPLIBD)/libss.a +SS_LIB-k5 = $(TOPLIBD)/libss$(DEPSTLIBEXT) - KDB5_LIB = -lkdb5 - DB_LIB = @DB_LIB@ - KDB5_DB_LIB = @KDB5_DB_LIB@ -@@ -494,6 +500,9 @@ SHLIBEXT=@SHLIBEXT@ - # usually _p.a - PFLIBEXT=@PFLIBEXT@ + KDB5_LIB = -lkdb5 $(KDB5_PLUGIN_LIBS) + + DL_LIB = @DL_LIB@ +@@ -509,6 +515,9 @@ + DYNOBJ_EXPDEPS=@DYNOBJ_EXPDEPS@ + DYNOBJ_EXPFLAGS=@DYNOBJ_EXPFLAGS@ +# usually .la +LALIBEXT=@LALIBEXT@ + # File with symbol names to be exported, both functions and data, # currently not distinguished. - SHLIB_EXPORT_FILE=$(srcdir)/lib$(LIBBASE).exports -@@ -511,6 +520,7 @@ MAKE_SHLIB_COMMAND=@MAKE_SHLIB_COMMAND@ + SHLIB_EXPORT_FILE=$(srcdir)/$(LIBPREFIX)$(LIBBASE).exports +@@ -530,6 +539,7 @@ # flags for explicit libraries depending on this one, - # e.g. "-R$(SHLIB_RPATH) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)" + # e.g. "$(SHLIB_RPATH_FLAGS) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)" SHLIB_EXPFLAGS=@SHLIB_EXPFLAGS@ +LALIB_EXPFLAGS=@LALIB_EXPFLAGS@ ## Parameters to be set by configure for use in libobj.in: -@@ -522,6 +532,7 @@ OBJLISTS=@OBJLISTS@ +@@ -541,10 +551,15 @@ # the suffix substitution will break on some platforms! SHLIBOBJS=$(STLIBOBJS:.o=@SHOBJEXT@) PFLIBOBJS=$(STLIBOBJS:.o=@PFOBJEXT@) @@ -90,9 +91,6 @@ $NetBSD: patch-af,v 1.3 2005/04/10 07:15:25 jlam Exp $ # "$(CC) -G", "$(LD) -Bshareable", etc. LDCOMBINE=@LDCOMBINE@ -@@ -529,6 +540,10 @@ LDCOMBINE=@LDCOMBINE@ - # "-h $@", "-h lib$(LIBNAME).$(LIBMAJOR)", etc. - SONAME=@SONAME@ +# Args to tack on the tail of LIBTOOL to generate versioned, installable +# libtool archives. diff --git a/security/mit-krb5/patches/patch-ag b/security/mit-krb5/patches/patch-ag index abdee9a09ad..e5fce9a6a68 100644 --- a/security/mit-krb5/patches/patch-ag +++ b/security/mit-krb5/patches/patch-ag @@ -1,24 +1,26 @@ -$NetBSD: patch-ag,v 1.5 2006/02/24 21:56:40 joerg Exp $ +$NetBSD: patch-ag,v 1.6 2011/03/22 23:31:04 tez Exp $ ---- config/shlib.conf.orig 2005-04-07 17:38:51.000000000 -0400 -+++ config/shlib.conf -@@ -8,6 +8,7 @@ SHLIBVEXT=.so.v-nobuild +Add --enable-pkgsrc-libtool option + +--- config/shlib.conf.orig Mon Feb 8 14:55:48 2010 ++++ config/shlib.conf Thu Jan 6 15:14:39 2011 +@@ -22,6 +22,7 @@ SHLIBSEXT=.so.s-nobuild # Most systems support profiled libraries. PFLIBEXT=_p.a +LALIBEXT=.la # Most systems install shared libs as mode 644, etc. while hpux wants 755 INSTALL_SHLIB='$(INSTALL_DATA)' - # -@@ -17,6 +18,7 @@ use_linker_fini_option=no + # Most systems use the same objects for shared libraries and dynamically +@@ -37,6 +38,7 @@ STOBJEXT=.o SHOBJEXT=.so PFOBJEXT=.po +LAOBJEXT=.lo # Default for systems w/o shared libraries CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - # -@@ -219,7 +221,7 @@ mips-*-netbsd*) + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' +@@ -281,7 +283,7 @@ PROFFLAGS=-pg ;; @@ -27,12 +29,49 @@ $NetBSD: patch-ag,v 1.5 2006/02/24 21:56:40 joerg Exp $ PICFLAGS=-fPIC SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBEXT=.so -@@ -395,3 +397,8 @@ if test "${MAKE_SHLIB_COMMAND}" = "x" ; - MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) ${LDCOMBINE_TAIL}" +@@ -358,7 +360,7 @@ + for lib in libkrb5support.1.1.dylib libkadm5srv.5.1.dylib libkdb5.4.0.dylib; do + LDCOMBINE_TAIL="$LDCOMBINE_TAIL -dylib_file \"\$(KRB5_LIBDIR)/$lib\":\$(TOPLIBD)/$lib" + done +- MAKE_DYNOBJ_COMMAND='$(CC) -bundle $(CFLAGS) $(LDFLAGS) -o $@ $$objlist $(DYNOBJ_EXPFLAGS) $(LDFLAGS) -exported_symbols_list darwin.exports'" ${LDCOMBINE_TAIL}" ++ MAKE_DYNOBJ_COMMAND='${LIBTOOL} --mode=link $(CC) -bundle $(CFLAGS) $(LDFLAGS) -o $@ $$objlist $(DYNOBJ_EXPFLAGS) $(LDFLAGS) -exported_symbols_list darwin.exports'" ${LDCOMBINE_TAIL}" + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic $(CFLAGS) $(LDFLAGS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -dynamic $(CXXFLAGS) $(LDFLAGS)' +@@ -473,7 +475,7 @@ + # Assume initialization always delayed. + INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done' + use_linker_fini_option=yes +- MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}" ++ MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LIBTOOL} --mode=link ${LDCOMBINE}" + RPATH_TAIL=:/usr/lib:/lib + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL" + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' +@@ -509,8 +511,8 @@ + # Assume initialization always delayed. + INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done' + use_linker_fini_option=yes +- MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}"' && ar cq $@ shr.o.$(LIBMAJOR).$(LIBMINOR) && chmod +x $@ && rm -f shr.o.$(LIBMAJOR).$(LIBMINOR)' +- MAKE_DYNOBJ_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE_DYN}" ++ MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LIBTOOL} --mode=link ${LDCOMBINE}"' && ar cq $@ shr.o.$(LIBMAJOR).$(LIBMINOR) && chmod +x $@ && rm -f shr.o.$(LIBMAJOR).$(LIBMINOR)' ++ MAKE_DYNOBJ_COMMAND="${INIT_FINI_PREP} && ${LIBTOOL} --mode=link ${LDCOMBINE_DYN}" + RPATH_TAIL=:/usr/lib:/lib + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL" + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' +@@ -524,8 +526,14 @@ + + if test "${MAKE_SHLIB_COMMAND}" = "x" ; then + if test "${INIT_FINI_PREP}" != ":"; then +- MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) \$(LDFLAGS) ${LDCOMBINE_TAIL}" ++ MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LIBTOOL} --mode=link ${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) \$(LDFLAGS) ${LDCOMBINE_TAIL}" + else +- MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) \$(LDFLAGS) ${LDCOMBINE_TAIL}" ++ MAKE_SHLIB_COMMAND="${LIBTOOL} --mode=link ${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) \$(LDFLAGS) ${LDCOMBINE_TAIL}" fi fi + -+# Settings for building with libtool. ++# Settings for building with pkgsrc libtool. +CC_LINK_LIBTOOL='$(LIBTOOL) --mode=link '"$CC_LINK_SHARED" +LALIB_EXPFLAGS='$(SHLIB_EXPFLAGS)' +LIBTOOL_TAIL='-rpath $(KRB5_LIBDIR) -version-info $(LIBMAJOR):$(LIBMINOR)' ++INSTALL_SHLIB='$(INSTALL)' diff --git a/security/mit-krb5/patches/patch-ah b/security/mit-krb5/patches/patch-ah index bffd6047fdc..e2b7e5faf10 100644 --- a/security/mit-krb5/patches/patch-ah +++ b/security/mit-krb5/patches/patch-ah @@ -1,31 +1,27 @@ -$NetBSD: patch-ah,v 1.1.1.1 2004/03/30 18:07:18 jlam Exp $ +$NetBSD: patch-ah,v 1.2 2011/03/22 23:31:04 tez Exp $ ---- include/krb5/stock/osconf.h.orig Thu Jun 5 21:26:46 2003 -+++ include/krb5/stock/osconf.h -@@ -44,13 +44,13 @@ - #define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt" +prefer @SYSCONFDIR as location for krb5.conf and krb5.keytab + +--- include/osconf.hin.orig Sat Dec 11 19:54:46 2010 ++++ include/osconf.hin Sat Dec 11 20:06:48 2010 +@@ -48,16 +48,16 @@ + #define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt" #else /* !_WINDOWS */ #if TARGET_OS_MAC -#define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf" -#define DEFAULT_PROFILE_PATH ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH) +#define DEFAULT_SECURE_PROFILE_PATH "@SYSCONFDIR/krb5.conf:/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf" -+#define DEFAULT_PROFILE_PATH ("@SYSCONFDIR/krb5.conf:~/Library/Preferences/edu.mit.Kerberos:/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf") ++#define DEFAULT_PROFILE_PATH ("@SYSCONFDIR/krb5.conf:~/Library/Preferences/edu.mit.Kerberos:/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf") + #define KRB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosFrameworkPlugins" + #define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins" + #define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosAuthDataPlugins" #else --#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf" -+#define DEFAULT_SECURE_PROFILE_PATH "@SYSCONFDIR/krb5.conf:/etc/krb5.conf" +-#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf" ++#define DEFAULT_SECURE_PROFILE_PATH "@SYSCONFDIR/krb5.conf:/etc/krb5.conf" #define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH #endif --#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab" -+#define DEFAULT_KEYTAB_NAME "FILE:@SYSCONFDIR/krb5.keytab" - #define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname" +-#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab" ++#define DEFAULT_KEYTAB_NAME "FILE:@SYSCONFDIR/krb5.keytab" + #define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname" #endif /* _WINDOWS */ -@@ -97,7 +97,7 @@ - - #define KRB5_PATH_TTY "/dev/tty" - #define KRB5_PATH_LOGIN "@SBINDIR/login.krb5" --#define KRB5_PATH_RLOGIN "@BINDIR/rlogin" -+#define KRB5_PATH_RLOGIN "@BINDIR/krlogin" - - #define KRB5_ENV_CCNAME "KRB5CCNAME" - diff --git a/security/mit-krb5/patches/patch-aj b/security/mit-krb5/patches/patch-aj index 9793ba194ba..7d31843bd24 100644 --- a/security/mit-krb5/patches/patch-aj +++ b/security/mit-krb5/patches/patch-aj @@ -1,12 +1,14 @@ -$NetBSD: patch-aj,v 1.2 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-aj,v 1.3 2011/03/22 23:31:04 tez Exp $ ---- krb5-config.in.orig 2004-12-16 16:28:13.000000000 -0500 -+++ krb5-config.in -@@ -174,6 +174,7 @@ if test -n "$do_libs"; then +Add --enable-pkgsrc-libtool option + +--- krb5-config.in.orig 2010-12-12 17:46:49.027864000 -0600 ++++ krb5-config.in 2010-12-12 17:48:58.611160100 -0600 +@@ -180,6 +180,7 @@ # Ugly gross hack for our build tree lib_flags=`echo $CC_LINK | sed -e 's/\$(CC)//' \ -e 's/\$(PURE)//' \ + -e 's/\$(LIBTOOL) --mode=link//' \ + -e 's#\$(PROG_RPATH_FLAGS)#'"$PROG_RPATH_FLAGS"'#' \ -e 's#\$(PROG_RPATH)#'$libdir'#' \ - -e 's#\$(PROG_LIBPATH)#-L'$libdir'#' \ - -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ + -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ diff --git a/security/mit-krb5/patches/patch-ak b/security/mit-krb5/patches/patch-ak index 894f3c74efe..5a629e1cd72 100644 --- a/security/mit-krb5/patches/patch-ak +++ b/security/mit-krb5/patches/patch-ak @@ -1,8 +1,10 @@ -$NetBSD: patch-ak,v 1.1 2005/04/10 07:15:25 jlam Exp $ +$NetBSD: patch-ak,v 1.2 2011/03/22 23:31:04 tez Exp $ ---- Makefile.in.orig 2004-12-15 15:28:30.000000000 -0500 -+++ Makefile.in -@@ -64,7 +64,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO +No idea why... copied from previous instance of this package. + +--- Makefile.in.orig 2010-12-12 17:50:34.797814500 -0600 ++++ Makefile.in 2010-12-12 17:51:28.015746400 -0600 +@@ -88,7 +88,7 @@ install-strip: $(MAKE) install INSTALL_STRIP=-s @@ -11,10 +13,10 @@ $NetBSD: patch-ak,v 1.1 2005/04/10 07:15:25 jlam Exp $ install-mkdirs: @for i in $(INSTALLMKDIRS); do \ -@@ -76,7 +76,7 @@ install-headers-mkdirs: +@@ -99,7 +99,7 @@ + $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR) $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssapi $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssrpc - $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/kerberosIV -install-headers-prerecurse: install-headers-mkdirs +install-headers-prerecurse: diff --git a/security/mit-krb5/patches/patch-al b/security/mit-krb5/patches/patch-al index 65cd8bf34ce..8e098b95d8c 100644 --- a/security/mit-krb5/patches/patch-al +++ b/security/mit-krb5/patches/patch-al @@ -1,20 +1,22 @@ -$NetBSD: patch-al,v 1.4 2006/03/17 15:44:46 joerg Exp $ +$NetBSD: patch-al,v 1.5 2011/03/22 23:31:04 tez Exp $ ---- lib/gssapi/krb5/import_name.c.orig 2005-07-18 22:12:42.000000000 +0000 -+++ lib/gssapi/krb5/import_name.c -@@ -27,10 +27,15 @@ +Add DragonFly support. Fallback to LINE_MAX if BUFSIZ is not defined. + +--- ./lib/gssapi/krb5/import_name.c.orig Sat Dec 11 20:12:52 2010 ++++ ./lib/gssapi/krb5/import_name.c Sat Dec 11 20:13:40 2010 +@@ -28,10 +28,15 @@ #include "gssapiP_krb5.h" #ifndef NO_PASSWORD +#include <limits.h> #include <pwd.h> - #ifdef HAVE_GETPWUID_R #include <stdio.h> #endif -+ + +#ifndef BUFSIZ +#define BUFSIZ LINE_MAX +#endif - #endif - ++ #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/mit-krb5/patches/patch-am b/security/mit-krb5/patches/patch-am deleted file mode 100644 index da683b8dcd1..00000000000 --- a/security/mit-krb5/patches/patch-am +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-am,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- appl/gssftp/ftpd/ftpd.c.orig 2005-01-21 23:46:46.000000000 +0100 -+++ appl/gssftp/ftpd/ftpd.c 2006-08-09 18:52:53.000000000 +0200 -@@ -1368,7 +1368,9 @@ getdatasock(fmode) - goto bad; - sleep(tries); - } -- (void) krb5_seteuid((uid_t)pw->pw_uid); -+ if (krb5_seteuid((uid_t)pw->pw_uid)) { -+ fatal("seteuid user"); -+ } - #ifdef IP_TOS - #ifdef IPTOS_THROUGHPUT - on = IPTOS_THROUGHPUT; -@@ -1378,7 +1380,9 @@ getdatasock(fmode) - #endif - return (fdopen(s, fmode)); - bad: -- (void) krb5_seteuid((uid_t)pw->pw_uid); -+ if (krb5_seteuid((uid_t)pw->pw_uid)) { -+ fatal("seteuid user"); -+ } - (void) close(s); - return (NULL); - } -@@ -2187,7 +2191,9 @@ passive() - (void) krb5_seteuid((uid_t)pw->pw_uid); - goto pasv_error; - } -- (void) krb5_seteuid((uid_t)pw->pw_uid); -+ if (krb5_seteuid((uid_t)pw->pw_uid)) { -+ fatal("seteuid user"); -+ } - len = sizeof(pasv_addr); - if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0) - goto pasv_error; diff --git a/security/mit-krb5/patches/patch-an b/security/mit-krb5/patches/patch-an deleted file mode 100644 index 822a5c6353b..00000000000 --- a/security/mit-krb5/patches/patch-an +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-an,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- appl/bsd/v4rcp.c.orig 2002-07-12 22:21:31.000000000 +0200 -+++ appl/bsd/v4rcp.c 2006-08-09 18:52:53.000000000 +0200 -@@ -436,7 +436,10 @@ int main(argc, argv) - kstream_set_buffer_mode (krem, 0); - #endif /* KERBEROS && !NOENCRYPTION */ - (void) response(); -- (void) setuid(userid); -+ if (setuid(userid)) { -+ error("rcp: can't setuid(user)\n"); -+ exit(1); -+ } - source(--argc, ++argv); - exit(errs); - -@@ -452,7 +455,10 @@ int main(argc, argv) - krem = kstream_create_from_fd (rem, 0, 0); - kstream_set_buffer_mode (krem, 0); - #endif /* KERBEROS && !NOENCRYPTION */ -- (void) setuid(userid); -+ if (setuid(userid)) { -+ error("rcp: can't setuid(user)\n"); -+ exit(1); -+ } - sink(--argc, ++argv); - exit(errs); - diff --git a/security/mit-krb5/patches/patch-ao b/security/mit-krb5/patches/patch-ao deleted file mode 100644 index 1623919578d..00000000000 --- a/security/mit-krb5/patches/patch-ao +++ /dev/null @@ -1,38 +0,0 @@ -$NetBSD: patch-ao,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- appl/bsd/krcp.c.orig 2003-05-10 02:00:58.000000000 +0200 -+++ appl/bsd/krcp.c 2006-08-09 18:52:53.000000000 +0200 -@@ -620,7 +620,9 @@ int main(argc, argv) - - euid = geteuid(); - if (euid == 0) { -- (void) setuid(0); -+ if (setuid(0)) { -+ perror("rcp setuid 0"); errs++; exit(errs); -+ } - if(krb5_seteuid(userid)) { - perror("rcp seteuid user"); errs++; exit(errs); - } -@@ -638,11 +640,17 @@ int main(argc, argv) - continue; - rcmd_stream_init_normal(); - #ifdef HAVE_SETREUID -- (void) setreuid(0, userid); -+ if (setreuid(0, userid)) { -+ perror("rcp setreuid 0,user"); errs++; exit(errs); -+ } - sink(1, argv+argc-1); -- (void) setreuid(userid, 0); -+ if (setreuid(userid, 0)) { -+ perror("rcp setreuid user,0"); errs++; exit(errs); -+ } - #else -- (void) setuid(0); -+ if (setuid(0)) { -+ perror("rcp setuid 0"); errs++; exit(errs); -+ } - if(seteuid(userid)) { - perror("rcp seteuid user"); errs++; exit(errs); - } diff --git a/security/mit-krb5/patches/patch-ap b/security/mit-krb5/patches/patch-ap deleted file mode 100644 index 612b419b981..00000000000 --- a/security/mit-krb5/patches/patch-ap +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-ap,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- appl/bsd/login.c.orig 2005-04-07 23:17:25.000000000 +0200 -+++ appl/bsd/login.c 2006-08-09 18:52:53.000000000 +0200 -@@ -1648,7 +1648,10 @@ int main(argc, argv) - } - #endif /* HAVE_SETLUID */ - #ifdef _IBMR2 -- setuidx(ID_LOGIN, pwd->pw_uid); -+ if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) { -+ perror("setuidx"); -+ sleepexit(1); -+ }; - #endif - - /* This call MUST succeed */ diff --git a/security/mit-krb5/patches/patch-aq b/security/mit-krb5/patches/patch-aq deleted file mode 100644 index c91badb3ddc..00000000000 --- a/security/mit-krb5/patches/patch-aq +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- appl/bsd/krshd.c.orig 2005-04-07 23:17:25.000000000 +0200 -+++ appl/bsd/krshd.c 2006-08-09 18:52:53.000000000 +0200 -@@ -1379,9 +1379,15 @@ void doit(f, fromp) - * If we're on a system which keeps track of login uids, then - * set the login uid. - */ -- setluid((uid_t) pwd->pw_uid); -+ if (setluid((uid_t) pwd->pw_uid) < 0) { -+ perror("setluid"); -+ _exit(1); -+ } - #endif /* HAVE_SETLUID */ -- (void) setuid((uid_t)pwd->pw_uid); -+ if (setuid((uid_t)pwd->pw_uid) < 0) { -+ perror("setuid"); -+ _exit(1); -+ } - /* if TZ is set in the parent, drag it in */ - { - char **findtz = environ; diff --git a/security/mit-krb5/patches/patch-ar b/security/mit-krb5/patches/patch-ar deleted file mode 100644 index 6443fdae025..00000000000 --- a/security/mit-krb5/patches/patch-ar +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-ar,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- clients/ksu/main.c.orig 2002-08-14 21:14:49.000000000 +0200 -+++ clients/ksu/main.c 2006-08-09 18:52:53.000000000 +0200 -@@ -892,8 +892,11 @@ static void sweep_up(context, cc) - const char * cc_name; - struct stat st_temp; - -- krb5_seteuid(0); -- krb5_seteuid(target_uid); -+ if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) { -+ com_err(prog_name, errno, -+ "while returning to source uid for destroying ccache"); -+ exit(1); -+ } - - cc_name = krb5_cc_get_name(context, cc); - if ( ! stat(cc_name, &st_temp)){ diff --git a/security/mit-krb5/patches/patch-as b/security/mit-krb5/patches/patch-as deleted file mode 100644 index dd64800c0d2..00000000000 --- a/security/mit-krb5/patches/patch-as +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-as,v 1.1 2006/08/09 17:31:10 salo Exp $ - -Security fix for SA21402. - ---- lib/krb4/kuserok.c.orig 2003-03-05 04:38:51.000000000 +0100 -+++ lib/krb4/kuserok.c 2006-08-09 18:52:53.000000000 +0200 -@@ -159,9 +159,11 @@ kuserok(kdata, luser) - */ - if(getuid() == 0) { - uid_t old_euid = geteuid(); -- seteuid(pwd->pw_uid); -+ if (seteuid(pwd->pw_uid) < 0) -+ return NOTOK; - fp = fopen(pbuf, "r"); -- seteuid(old_euid); -+ if (seteuid(old_euid) < 0) -+ return NOTOK; - if ((fp) == NULL) { - return(NOTOK); - } diff --git a/security/mit-krb5/patches/patch-at b/security/mit-krb5/patches/patch-at deleted file mode 100644 index a012b6a16d3..00000000000 --- a/security/mit-krb5/patches/patch-at +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-at,v 1.2 2008/06/07 23:58:11 tonnerre Exp $ - ---- lib/rpc/svc.c.orig 2004-09-21 20:20:15.000000000 +0200 -+++ lib/rpc/svc.c -@@ -108,15 +108,17 @@ xprt_register(SVCXPRT *xprt) - if (sock < FD_SETSIZE) { - xports[sock] = xprt; - FD_SET(sock, &svc_fdset); -+ if (sock > svc_maxfd) -+ svc_maxfd = sock; - } - #else - if (sock < NOFILE) { - xports[sock] = xprt; - svc_fds |= (1 << sock); -+ if (sock > svc_maxfd) -+ svc_maxfd = sock; - } - #endif /* def FD_SETSIZE */ -- if (sock > svc_maxfd) -- svc_maxfd = sock; - } - - /* -@@ -436,6 +438,8 @@ svc_getreqset(FDSET_TYPE *readfds) - #endif - } - -+extern struct svc_auth_ops svc_auth_gss_ops; -+ - static void - svc_do_xprt(SVCXPRT *xprt) - { -@@ -517,6 +521,9 @@ svc_do_xprt(SVCXPRT *xprt) - if ((stat = SVC_STAT(xprt)) == XPRT_DIED){ - SVC_DESTROY(xprt); - break; -+ } else if ((xprt->xp_auth != NULL) && -+ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) { -+ xprt->xp_auth = NULL; - } - } while (stat == XPRT_MOREREQS); - diff --git a/security/mit-krb5/patches/patch-au b/security/mit-krb5/patches/patch-au deleted file mode 100644 index a330db70432..00000000000 --- a/security/mit-krb5/patches/patch-au +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD$ - ---- appl/telnet/telnetd/state.c.orig 2002-11-15 21:21:51.000000000 +0100 -+++ appl/telnet/telnetd/state.c -@@ -1665,7 +1665,8 @@ static int envvarok(varp) - strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ - strcmp(varp, "NLSPATH") && /* locale stuff */ - strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ -- strcmp(varp, "IFS")) { -+ strcmp(varp, "IFS") && -+ !strchr(varp, '-')) { - return 1; - } else { - syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); diff --git a/security/mit-krb5/patches/patch-av b/security/mit-krb5/patches/patch-av deleted file mode 100644 index 321e8c5571e..00000000000 --- a/security/mit-krb5/patches/patch-av +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD$ - ---- kdc/kdc_util.c.orig 2004-02-13 05:20:56.000000000 +0100 -+++ kdc/kdc_util.c -@@ -404,6 +404,7 @@ kdc_get_server_key(krb5_ticket *ticket, - - krb5_db_free_principal(kdc_context, &server, nprincs); - if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { -+ limit_string(sname); - krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'", - sname); - free(sname); diff --git a/security/mit-krb5/patches/patch-aw b/security/mit-krb5/patches/patch-aw deleted file mode 100644 index 9994307832d..00000000000 --- a/security/mit-krb5/patches/patch-aw +++ /dev/null @@ -1,68 +0,0 @@ -$NetBSD$ - ---- kdc/do_tgs_req.c.orig 2005-07-12 22:59:51.000000000 +0200 -+++ kdc/do_tgs_req.c -@@ -490,27 +490,38 @@ tgt_again: - newtransited = 1; - } - if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) { -+ unsigned int tlen; -+ char *tdots; -+ - errcode = krb5_check_transited_list (kdc_context, - &enc_tkt_reply.transited.tr_contents, - krb5_princ_realm (kdc_context, header_ticket->enc_part2->client), - krb5_princ_realm (kdc_context, request->server)); -+ tlen = enc_tkt_reply.transited.tr_contents.length; -+ tdots = tlen > 125 ? "..." : ""; -+ tlen = tlen > 125 ? 125 : tlen; -+ - if (errcode == 0) { - setflag (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED); - } else if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT) - krb5_klog_syslog (LOG_INFO, -- "bad realm transit path from '%s' to '%s' via '%.*s'", -+ "bad realm transit path from '%s' to '%s' " -+ "via '%.*s%s'", - cname ? cname : "<unknown client>", - sname ? sname : "<unknown server>", -- enc_tkt_reply.transited.tr_contents.length, -- enc_tkt_reply.transited.tr_contents.data); -- else -+ tlen, -+ enc_tkt_reply.transited.tr_contents.data, -+ tdots); -+ else { - krb5_klog_syslog (LOG_ERR, -- "unexpected error checking transit from '%s' to '%s' via '%.*s': %s", -+ "unexpected error checking transit from " -+ "'%s' to '%s' via '%.*s%s': %s", - cname ? cname : "<unknown client>", - sname ? sname : "<unknown server>", -- enc_tkt_reply.transited.tr_contents.length, -+ tlen, - enc_tkt_reply.transited.tr_contents.data, -- error_message (errcode)); -+ tdots, error_message (errcode)); -+ } - } else - krb5_klog_syslog (LOG_INFO, "not checking transit path"); - if (reject_bad_transit -@@ -538,6 +549,9 @@ tgt_again: - if (!krb5_principal_compare(kdc_context, request->server, client2)) { - if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp))) - tmp = 0; -+ if (tmp != NULL) -+ limit_string(tmp); -+ - krb5_klog_syslog(LOG_INFO, - "TGS_REQ %s: 2ND_TKT_MISMATCH: " - "authtime %d, %s for %s, 2nd tkt client %s", -@@ -800,6 +814,7 @@ find_alternate_tgs(krb5_kdc_req *request - krb5_klog_syslog(LOG_INFO, - "TGS_REQ: issuing alternate <un-unparseable> TGT"); - } else { -+ limit_string(sname); - krb5_klog_syslog(LOG_INFO, - "TGS_REQ: issuing TGT %s", sname); - free(sname); diff --git a/security/mit-krb5/patches/patch-ax b/security/mit-krb5/patches/patch-ax deleted file mode 100644 index b10511d45d4..00000000000 --- a/security/mit-krb5/patches/patch-ax +++ /dev/null @@ -1,53 +0,0 @@ -$NetBSD$ - ---- kadmin/server/ovsec_kadmd.c.orig 2004-09-21 20:20:16.000000000 +0200 -+++ kadmin/server/ovsec_kadmd.c -@@ -952,13 +952,25 @@ void log_badverf(gss_name_t client_name, - rpcproc_t proc; - int i; - const char *procname; -+ size_t clen, slen; -+ char *cdots, *sdots; - - (void) gss_display_name(&minor, client_name, &client, &gss_type); - (void) gss_display_name(&minor, server_name, &server, &gss_type); -- if (client.value == NULL) -+ if (client.value == NULL) { - client.value = "(null)"; -- if (server.value == NULL) -+ clen = sizeof("(null)") -1; -+ } else { -+ clen = client.length; -+ } -+ trunc_name(&clen, &cdots); -+ if (server.value == NULL) { - server.value = "(null)"; -+ slen = sizeof("(null)") - 1; -+ } else { -+ slen = server.length; -+ } -+ trunc_name(&slen, &sdots); - a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); - - proc = msg->rm_call.cb_proc; -@@ -971,14 +983,14 @@ void log_badverf(gss_name_t client_name, - } - if (procname != NULL) - krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, " -- "claimed client = %s, server = %s, addr = %s", -- procname, client.value, -- server.value, a); -+ "claimed client = %.*s%s, server = %.*s%s, addr = %s", -+ procname, clen, client.value, cdots, -+ slen, server.value, sdots, a); - else - krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, " -- "claimed client = %s, server = %s, addr = %s", -- proc, client.value, -- server.value, a); -+ "claimed client = %.*s%s, server = %.*s%s, addr = %s", -+ proc, clen, client.value, cdots, -+ slen, server.value, sdots, a); - - (void) gss_release_buffer(&minor, &client); - (void) gss_release_buffer(&minor, &server); diff --git a/security/mit-krb5/patches/patch-ay b/security/mit-krb5/patches/patch-ay deleted file mode 100644 index 5001ee60e7e..00000000000 --- a/security/mit-krb5/patches/patch-ay +++ /dev/null @@ -1,10 +0,0 @@ -$NetBSD$ - ---- kadmin/server/misc.h.orig 2004-10-28 00:12:48.000000000 +0200 -+++ kadmin/server/misc.h -@@ -44,3 +44,5 @@ krb5_error_code process_chpw_request(krb - #ifdef SVC_GETARGS - void kadm_1(struct svc_req *, SVCXPRT *); - #endif -+ -+void trunc_name(size_t *len, char **dots); diff --git a/security/mit-krb5/patches/patch-az b/security/mit-krb5/patches/patch-az deleted file mode 100644 index db82de61702..00000000000 --- a/security/mit-krb5/patches/patch-az +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD$ - ---- kadmin/server/schpw.c.orig 2004-10-28 00:12:48.000000000 +0200 -+++ kadmin/server/schpw.c -@@ -41,6 +41,8 @@ process_chpw_request(context, server_han - int numresult; - char strresult[1024]; - char *clientstr; -+ size_t clen; -+ char *cdots; - - ret = 0; - rep->length = 0; -@@ -259,9 +261,12 @@ process_chpw_request(context, server_han - free(ptr); - clear.length = 0; - -- krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s", -+ clen = strlen(clientstr); -+ trunc_name(&clen, &cdots); -+ krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", - inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), -- clientstr, ret ? error_message(ret) : "success"); -+ clen, clientstr, cdots, -+ ret ? error_message(ret) : "success"); - krb5_free_unparsed_name(context, clientstr); - - if (ret) { diff --git a/security/mit-krb5/patches/patch-ba b/security/mit-krb5/patches/patch-ba deleted file mode 100644 index 2e8efa90974..00000000000 --- a/security/mit-krb5/patches/patch-ba +++ /dev/null @@ -1,630 +0,0 @@ -$NetBSD$ - ---- kadmin/server/server_stubs.c.orig 2004-08-20 20:45:30.000000000 +0200 -+++ kadmin/server/server_stubs.c -@@ -14,6 +14,7 @@ - #include <arpa/inet.h> /* inet_ntoa */ - #include <krb5/adm_proto.h> /* krb5_klog_syslog */ - #include "misc.h" -+#include <string.h> - - #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" - #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" -@@ -237,6 +238,61 @@ gss_name_to_string(gss_name_t gss_name, - return 0; - } - -+static int -+log_unauth( -+ char *op, -+ char *target, -+ gss_buffer_t client, -+ gss_buffer_t server, -+ struct svc_req *rqstp) -+{ -+ size_t tlen, clen, slen; -+ char *tdots, *cdots, *sdots; -+ -+ tlen = strlen(target); -+ trunc_name(&tlen, &tdots); -+ clen = client->length; -+ trunc_name(&clen, &cdots); -+ slen = server->length; -+ trunc_name(&slen, &sdots); -+ -+ return krb5_klog_syslog(LOG_NOTICE, -+ "Unauthorized request: %s, %.*s%s, " -+ "client=%.*s%s, service=%.*s%s, addr=%s", -+ op, tlen, target, tdots, -+ clen, client->value, cdots, -+ slen, server->value, sdots, -+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+} -+ -+static int -+log_done( -+ char *op, -+ char *target, -+ char *errmsg, -+ gss_buffer_t client, -+ gss_buffer_t server, -+ struct svc_req *rqstp) -+{ -+ size_t tlen, clen, slen; -+ char *tdots, *cdots, *sdots; -+ -+ tlen = strlen(target); -+ trunc_name(&tlen, &tdots); -+ clen = client->length; -+ trunc_name(&clen, &cdots); -+ slen = server->length; -+ trunc_name(&slen, &sdots); -+ -+ return krb5_klog_syslog(LOG_NOTICE, -+ "Request: %s, %.*s%s, %s, " -+ "client=%.*s%s, service=%.*s%s, addr=%s", -+ op, tlen, target, tdots, errmsg, -+ clen, client->value, cdots, -+ slen, server->value, sdots, -+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+} -+ - generic_ret * - create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) - { -@@ -274,18 +330,15 @@ create_principal_1_svc(cprinc_arg *arg, - || kadm5int_acl_impose_restrictions(handle->context, - &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_ADD; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_create_principal", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_create_principal((void *)handle, - &arg->rec, arg->mask, - arg->passwd); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", -- prime_arg,((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_create_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - free(prime_arg); -@@ -331,20 +384,18 @@ create_principal3_1_svc(cprinc3_arg *arg - || kadm5int_acl_impose_restrictions(handle->context, - &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_ADD; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_create_principal", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_create_principal_3((void *)handle, - &arg->rec, arg->mask, - arg->n_ks_tuple, - arg->ks_tuple, - arg->passwd); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", -- prime_arg,((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ -+ log_done("kadm5_create_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - free(prime_arg); -@@ -388,15 +439,13 @@ delete_principal_1_svc(dprinc_arg *arg, - || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, - arg->princ, NULL)) { - ret.code = KADM5_AUTH_DELETE; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_delete_principal", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_delete_principal((void *)handle, arg->princ); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_delete_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free(prime_arg); - free_server_handle(handle); -@@ -441,17 +490,14 @@ modify_principal_1_svc(mprinc_arg *arg, - || kadm5int_acl_impose_restrictions(handle->context, - &arg->rec, &arg->mask, rp)) { - ret.code = KADM5_AUTH_MODIFY; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_modify_principal", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_modify_principal((void *)handle, &arg->rec, - arg->mask); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_modify_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - free(prime_arg); -@@ -466,12 +512,13 @@ rename_principal_1_svc(rprinc_arg *arg, - static generic_ret ret; - char *prime_arg1, - *prime_arg2; -- char prime_arg[BUFSIZ]; - gss_buffer_desc client_name, - service_name; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -+ size_t tlen1, tlen2, clen, slen; -+ char *tdots1, *tdots2, *cdots, *sdots; - - xdr_free(xdr_generic_ret, &ret); - -@@ -492,7 +539,14 @@ rename_principal_1_svc(rprinc_arg *arg, - ret.code = KADM5_BAD_PRINCIPAL; - return &ret; - } -- sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); -+ tlen1 = strlen(prime_arg1); -+ trunc_name(&tlen1, &tdots1); -+ tlen2 = strlen(prime_arg2); -+ trunc_name(&tlen2, &tdots2); -+ clen = client_name.length; -+ trunc_name(&clen, &cdots); -+ slen = service_name.length; -+ trunc_name(&slen, &sdots); - - ret.code = KADM5_OK; - if (! CHANGEPW_SERVICE(rqstp)) { -@@ -510,17 +564,29 @@ rename_principal_1_svc(rprinc_arg *arg, - } else - ret.code = KADM5_AUTH_INSUFFICIENT; - if (ret.code != KADM5_OK) { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ krb5_klog_syslog(LOG_NOTICE, -+ "Unauthorized request: kadm5_rename_principal, " -+ "%.*s%s to %.*s%s, " -+ "client=%.*s%s, service=%.*s%s, addr=%s", -+ tlen1, prime_arg1, tdots1, -+ tlen2, prime_arg2, tdots2, -+ clen, client_name.value, cdots, -+ slen, service_name.value, sdots, -+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - } else { - ret.code = kadm5_rename_principal((void *)handle, arg->src, - arg->dest); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ krb5_klog_syslog(LOG_NOTICE, -+ "Request: kadm5_rename_principal, " -+ "%.*s%s to %.*s%s, %s, " -+ "client=%.*s%s, service=%.*s%s, addr=%s", -+ tlen1, prime_arg1, tdots1, -+ tlen2, prime_arg2, tdots2, -+ ((ret.code == 0) ? "success" : -+ error_message(ret.code)), -+ clen, client_name.value, cdots, -+ slen, service_name.value, sdots, -+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - } - free_server_handle(handle); - free(prime_arg1); -@@ -572,9 +638,8 @@ get_principal_1_svc(gprinc_arg *arg, str - arg->princ, - NULL))) { - ret.code = KADM5_AUTH_GET; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth(funcname, prime_arg, -+ &client_name, &service_name, rqstp); - } else { - if (handle->api_version == KADM5_API_VERSION_1) { - ret.code = kadm5_get_principal_v1((void *)handle, -@@ -588,12 +653,10 @@ get_principal_1_svc(gprinc_arg *arg, str - arg->princ, &ret.rec, - arg->mask); - } -- -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, -- prime_arg, -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ -+ log_done(funcname, prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - free(prime_arg); -@@ -638,18 +701,15 @@ get_princs_1_svc(gprincs_arg *arg, struc - NULL, - NULL)) { - ret.code = KADM5_AUTH_LIST; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_get_principals", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_get_principals((void *)handle, - arg->exp, &ret.princs, - &ret.count); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", -- prime_arg, -+ log_done("kadm5_get_principals", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); -@@ -697,18 +757,15 @@ chpass_principal_1_svc(chpass_arg *arg, - ret.code = kadm5_chpass_principal((void *)handle, arg->princ, - arg->pass); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_chpass_principal", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; - } - - if(ret.code != KADM5_AUTH_CHANGEPW) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_chpass_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - - free_server_handle(handle); -@@ -764,18 +821,15 @@ chpass_principal3_1_svc(chpass3_arg *arg - arg->ks_tuple, - arg->pass); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_chpass_principal", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; - } - - if(ret.code != KADM5_AUTH_CHANGEPW) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_chpass_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - - free_server_handle(handle); -@@ -822,18 +876,15 @@ setv4key_principal_1_svc(setv4key_arg *a - ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, - arg->keyblock); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_setv4key_principal", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; - } - - if(ret.code != KADM5_AUTH_SETKEY) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_setv4key_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - - free_server_handle(handle); -@@ -880,18 +931,15 @@ setkey_principal_1_svc(setkey_arg *arg, - ret.code = kadm5_setkey_principal((void *)handle, arg->princ, - arg->keyblocks, arg->n_keys); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_setkey_principal", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; - } - - if(ret.code != KADM5_AUTH_SETKEY) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_setkey_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - - free_server_handle(handle); -@@ -941,18 +989,15 @@ setkey_principal3_1_svc(setkey3_arg *arg - arg->ks_tuple, - arg->keyblocks, arg->n_keys); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_setkey_principal", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_SETKEY; - } - - if(ret.code != KADM5_AUTH_SETKEY) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_setkey_principal", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - - free_server_handle(handle); -@@ -1008,9 +1053,8 @@ chrand_principal_1_svc(chrand_arg *arg, - ret.code = kadm5_randkey_principal((void *)handle, arg->princ, - &k, &nkeys); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth(funcname, prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; - } - -@@ -1025,11 +1069,9 @@ chrand_principal_1_svc(chrand_arg *arg, - } - - if(ret.code != KADM5_AUTH_CHANGEPW) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done(funcname, prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - free(prime_arg); -@@ -1090,9 +1132,8 @@ chrand_principal3_1_svc(chrand3_arg *arg - arg->ks_tuple, - &k, &nkeys); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth(funcname, prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_CHANGEPW; - } - -@@ -1107,11 +1148,9 @@ chrand_principal3_1_svc(chrand3_arg *arg - } - - if(ret.code != KADM5_AUTH_CHANGEPW) { -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, -- prime_arg, ((ret.code == 0) ? "success" : -- error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done(funcname, prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - free(prime_arg); -@@ -1152,18 +1191,15 @@ create_policy_1_svc(cpol_arg *arg, struc - rqst2name(rqstp), - ACL_ADD, NULL, NULL)) { - ret.code = KADM5_AUTH_ADD; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -- -+ log_unauth("kadm5_create_policy", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_create_policy((void *)handle, &arg->rec, - arg->mask); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", -- ((prime_arg == NULL) ? "(null)" : prime_arg), -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_create_policy", -+ ((prime_arg == NULL) ? "(null)" : prime_arg), -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); -@@ -1202,17 +1238,15 @@ delete_policy_1_svc(dpol_arg *arg, struc - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_DELETE, NULL, NULL)) { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_delete_policy", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_DELETE; - } else { - ret.code = kadm5_delete_policy((void *)handle, arg->name); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", -- ((prime_arg == NULL) ? "(null)" : prime_arg), -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_delete_policy", -+ ((prime_arg == NULL) ? "(null)" : prime_arg), -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); -@@ -1251,18 +1285,16 @@ modify_policy_1_svc(mpol_arg *arg, struc - if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, - rqst2name(rqstp), - ACL_MODIFY, NULL, NULL)) { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_modify_policy", prime_arg, -+ &client_name, &service_name, rqstp); - ret.code = KADM5_AUTH_MODIFY; - } else { - ret.code = kadm5_modify_policy((void *)handle, &arg->rec, - arg->mask); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", -- ((prime_arg == NULL) ? "(null)" : prime_arg), -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_modify_policy", -+ ((prime_arg == NULL) ? "(null)" : prime_arg), -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); -@@ -1337,15 +1369,13 @@ get_policy_1_svc(gpol_arg *arg, struct s - &ret.rec); - } - -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, -- ((prime_arg == NULL) ? "(null)" : prime_arg), -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done(funcname, -+ ((prime_arg == NULL) ? "(null)" : prime_arg), -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } else { -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth(funcname, prime_arg, -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); -@@ -1388,18 +1418,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv - rqst2name(rqstp), - ACL_LIST, NULL, NULL)) { - ret.code = KADM5_AUTH_LIST; -- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", -- prime_arg, client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_unauth("kadm5_get_policies", prime_arg, -+ &client_name, &service_name, rqstp); - } else { - ret.code = kadm5_get_policies((void *)handle, - arg->exp, &ret.pols, - &ret.count); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", -- prime_arg, -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_get_policies", prime_arg, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - } - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); -@@ -1432,11 +1459,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 - } - - ret.code = kadm5_get_privs((void *)handle, &ret.privs); -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", -- client_name.value, -- ((ret.code == 0) ? "success" : error_message(ret.code)), -- client_name.value, service_name.value, -- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); -+ log_done("kadm5_get_privs", client_name.value, -+ ((ret.code == 0) ? "success" : error_message(ret.code)), -+ &client_name, &service_name, rqstp); - free_server_handle(handle); - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); -@@ -1450,6 +1475,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, - service_name; - kadm5_server_handle_t handle; - OM_uint32 minor_stat; -+ size_t clen, slen; -+ char *cdots, *sdots; - - xdr_free(xdr_generic_ret, &ret); - -@@ -1466,12 +1493,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, - return &ret; - } - -- krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", -+ clen = client_name.length; -+ trunc_name(&clen, &cdots); -+ slen = service_name.length; -+ trunc_name(&slen, &sdots); -+ krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " -+ "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", - (ret.api_version == KADM5_API_VERSION_1 ? - "kadm5_init (V1)" : "kadm5_init"), -- client_name.value, -+ clen, client_name.value, cdots, - (ret.code == 0) ? "success" : error_message(ret.code), -- client_name.value, service_name.value, -+ clen, client_name.value, cdots, -+ slen, service_name.value, sdots, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), - rqstp->rq_cred.oa_flavor); - gss_release_buffer(&minor_stat, &client_name); diff --git a/security/mit-krb5/patches/patch-bb b/security/mit-krb5/patches/patch-bb deleted file mode 100644 index c2da26fd0b7..00000000000 --- a/security/mit-krb5/patches/patch-bb +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD$ - ---- kadmin/server/kadm_rpc_svc.c.orig 2004-06-16 05:11:51.000000000 +0200 -+++ kadmin/server/kadm_rpc_svc.c -@@ -249,6 +249,8 @@ check_rpcsec_auth(struct svc_req *rqstp) - krb5_data *c1, *c2, *realm; - gss_buffer_desc gss_str; - kadm5_server_handle_t handle; -+ size_t slen; -+ char *sdots; - - success = 0; - handle = (kadm5_server_handle_t)global_server_handle; -@@ -273,6 +275,9 @@ check_rpcsec_auth(struct svc_req *rqstp) - if (ret == 0) - goto fail_name; - -+ slen = gss_str.length; -+ trunc_name(&slen, &sdots); -+ - /* - * Since we accept with GSS_C_NO_NAME, the client can authenticate - * against the entire kdb. Therefore, ensure that the service -@@ -295,8 +300,8 @@ check_rpcsec_auth(struct svc_req *rqstp) - - fail_princ: - if (!success) { -- krb5_klog_syslog(LOG_ERR, "bad service principal %.*s", -- gss_str.length, gss_str.value); -+ krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s", -+ slen, gss_str.value, sdots); - } - gss_release_buffer(&min_stat, &gss_str); - krb5_free_principal(kctx, princ); diff --git a/security/mit-krb5/patches/patch-bc b/security/mit-krb5/patches/patch-bc deleted file mode 100644 index c267502a29f..00000000000 --- a/security/mit-krb5/patches/patch-bc +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD$ - ---- kadmin/server/misc.c.orig 2004-10-29 01:41:10.000000000 +0200 -+++ kadmin/server/misc.c -@@ -149,3 +149,12 @@ check_min_life(void *server_handle, krb5 - - return kadm5_free_principal_ent(handle->lhandle, &princ); - } -+ -+#define MAXPRINCLEN 125 -+ -+void -+trunc_name(size_t *len, char **dots) -+{ -+ *dots = *len > MAXPRINCLEN ? "..." : ""; -+ *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len; -+} diff --git a/security/mit-krb5/patches/patch-bd b/security/mit-krb5/patches/patch-bd deleted file mode 100644 index 5e37a3adcd1..00000000000 --- a/security/mit-krb5/patches/patch-bd +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD$ - ---- lib/kadm5/logger.c.orig 2002-09-18 22:44:13.000000000 +0200 -+++ lib/kadm5/logger.c -@@ -45,7 +45,7 @@ - #include <varargs.h> - #endif /* HAVE_STDARG_H */ - --#define KRB5_KLOG_MAX_ERRMSG_SIZE 1024 -+#define KRB5_KLOG_MAX_ERRMSG_SIZE 2048 - #ifndef MAXHOSTNAMELEN - #define MAXHOSTNAMELEN 256 - #endif /* MAXHOSTNAMELEN */ -@@ -256,7 +256,9 @@ klog_com_err_proc(const char *whoami, lo - #endif /* HAVE_SYSLOG */ - - /* Now format the actual message */ --#if HAVE_VSPRINTF -+#if HAVE_VSNPRINTF -+ vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap); -+#elif HAVE_VSPRINTF - vsprintf(cp, actual_format, ap); - #else /* HAVE_VSPRINTF */ - sprintf(cp, actual_format, ((int *) ap)[0], ((int *) ap)[1], -@@ -843,7 +845,9 @@ klog_vsyslog(int priority, const char *f - syslogp = &outbuf[strlen(outbuf)]; - - /* Now format the actual message */ --#ifdef HAVE_VSPRINTF -+#ifdef HAVE_VSNPRINTF -+ vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist); -+#elif HAVE_VSPRINTF - vsprintf(syslogp, format, arglist); - #else /* HAVE_VSPRINTF */ - sprintf(syslogp, format, ((int *) arglist)[0], ((int *) arglist)[1], diff --git a/security/mit-krb5/patches/patch-be b/security/mit-krb5/patches/patch-be deleted file mode 100644 index 4a2083c5d9d..00000000000 --- a/security/mit-krb5/patches/patch-be +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD$ - ---- lib/gssapi/krb5/k5unseal.c.orig 2004-04-13 22:00:19.000000000 +0200 -+++ lib/gssapi/krb5/k5unseal.c -@@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, - - if ((ctx->initiate && direction != 0xff) || - (!ctx->initiate && direction != 0)) { -- if (toktype == KG_TOK_SEAL_MSG) -+ if (toktype == KG_TOK_SEAL_MSG) { - xfree(token.value); -+ message_buffer->value = NULL; -+ message_buffer->length = 0; -+ } - *minor_status = G_BAD_DIRECTION; - return(GSS_S_BAD_SIG); - } diff --git a/security/mit-krb5/patches/patch-bf b/security/mit-krb5/patches/patch-bf deleted file mode 100644 index fa61d5cae50..00000000000 --- a/security/mit-krb5/patches/patch-bf +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-bf,v 1.1 2008/06/07 22:26:10 tonnerre Exp $ - ---- lib/rpc/svc_auth_gssapi.c.orig 2004-09-17 23:52:11.000000000 +0200 -+++ lib/rpc/svc_auth_gssapi.c -@@ -148,6 +148,8 @@ enum auth_stat gssrpc__svcauth_gssapi( - rqst->rq_xprt->xp_auth = &svc_auth_none; - - memset((char *) &call_res, 0, sizeof(call_res)); -+ creds.client_handle.length = 0; -+ creds.client_handle.value = NULL; - - cred = &msg->rm_call.cb_cred; - verf = &msg->rm_call.cb_verf; diff --git a/security/mit-krb5/patches/patch-bg b/security/mit-krb5/patches/patch-bg deleted file mode 100644 index 18c587200e6..00000000000 --- a/security/mit-krb5/patches/patch-bg +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-bg,v 1.1 2008/06/07 22:26:10 tonnerre Exp $ - ---- lib/rpc/svc_auth_unix.c.orig 2004-09-17 23:52:11.000000000 +0200 -+++ lib/rpc/svc_auth_unix.c -@@ -64,8 +64,7 @@ gssrpc__svcauth_unix( - char area_machname[MAX_MACHINE_NAME+1]; - int area_gids[NGRPS]; - } *area; -- u_int auth_len; -- int str_len, gid_len; -+ u_int auth_len, str_len, gid_len; - register int i; - - rqst->rq_xprt->xp_auth = &svc_auth_none; -@@ -74,7 +73,9 @@ gssrpc__svcauth_unix( - aup = &area->area_aup; - aup->aup_machname = area->area_machname; - aup->aup_gids = area->area_gids; -- auth_len = (u_int)msg->rm_call.cb_cred.oa_length; -+ auth_len = msg->rm_call.cb_cred.oa_length; -+ if (auth_len > INT_MAX) -+ return AUTH_BADCRED; - xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); - buf = XDR_INLINE(&xdrs, (int)auth_len); - if (buf != NULL) { -@@ -84,7 +85,7 @@ gssrpc__svcauth_unix( - stat = AUTH_BADCRED; - goto done; - } -- memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len); -+ memmove(aup->aup_machname, buf, str_len); - aup->aup_machname[str_len] = 0; - str_len = RNDUP(str_len); - buf += str_len / BYTES_PER_XDR_UNIT; -@@ -104,7 +105,7 @@ gssrpc__svcauth_unix( - * timestamp, hostname len (0), uid, gid, and gids len (0). - */ - if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { -- (void) printf("bad auth_len gid %d str %d auth %d\n", -+ (void) printf("bad auth_len gid %u str %u auth %u\n", - gid_len, str_len, auth_len); - stat = AUTH_BADCRED; - goto done; diff --git a/security/mit-krb5/patches/patch-bh b/security/mit-krb5/patches/patch-bh deleted file mode 100644 index 5184077a57a..00000000000 --- a/security/mit-krb5/patches/patch-bh +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-bh,v 1.1 2008/06/07 23:58:11 tonnerre Exp $ - ---- lib/rpc/svc_auth_gss.c.orig 2004-09-17 23:52:11.000000000 +0200 -+++ lib/rpc/svc_auth_gss.c -@@ -355,6 +355,15 @@ svcauth_gss_validate(struct svc_req *rqs - memset(rpchdr, 0, sizeof(rpchdr)); - - /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ -+ oa = &msg->rm_call.cb_cred; -+ if (oa->oa_length > MAX_AUTH_BYTES) -+ return (FALSE); -+ -+ /* 8 XDR units from the IXDR macro calls. */ -+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT + -+ RNDUP(oa->oa_length))) -+ return (FALSE); -+ - buf = (int32_t *)(void *)rpchdr; - IXDR_PUT_LONG(buf, msg->rm_xid); - IXDR_PUT_ENUM(buf, msg->rm_direction); -@@ -362,7 +371,6 @@ svcauth_gss_validate(struct svc_req *rqs - IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); - IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); - IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); -- oa = &msg->rm_call.cb_cred; - IXDR_PUT_ENUM(buf, oa->oa_flavor); - IXDR_PUT_LONG(buf, oa->oa_length); - if (oa->oa_length) { diff --git a/security/mit-krb5/patches/patch-bi b/security/mit-krb5/patches/patch-bi deleted file mode 100644 index bc1c2d9a6d9..00000000000 --- a/security/mit-krb5/patches/patch-bi +++ /dev/null @@ -1,51 +0,0 @@ -$NetBSD: patch-bi,v 1.1 2008/06/07 23:58:11 tonnerre Exp $ - ---- lib/rpc/svc_tcp.c.orig 2004-09-21 20:20:16.000000000 +0200 -+++ lib/rpc/svc_tcp.c -@@ -52,6 +52,14 @@ static char sccsid[] = "@(#)svc_tcp.c 1. - extern errno; - */ - -+#ifndef FD_SETSIZE -+#ifdef NBBY -+#define NOFILE (sizeof(int) * NBBY) -+#else -+#define NOFILE (sizeof(int) * 8) -+#endif -+#endif -+ - /* - * Ops vector for TCP/IP based rpc service handle - */ -@@ -211,6 +219,20 @@ makefd_xprt( - { - register SVCXPRT *xprt; - register struct tcp_conn *cd; -+ -+#ifdef FD_SETSIZE -+ if (fd >= FD_SETSIZE) { -+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); -+ xprt = NULL; -+ goto done; -+ } -+#else -+ if (fd >= NOFILE) { -+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); -+ xprt = NULL; -+ goto done; -+ } -+#endif - - xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); - if (xprt == (SVCXPRT *)NULL) { -@@ -267,6 +289,10 @@ rendezvous_request( - * make a new transporter (re-uses xprt) - */ - xprt = makefd_xprt(sock, r->sendsize, r->recvsize); -+ if (xprt == NULL) { -+ close(sock); -+ return (FALSE); -+ } - xprt->xp_raddr = addr; - xprt->xp_addrlen = len; - xprt->xp_laddr = laddr; diff --git a/security/mit-krb5/patches/patch-bj b/security/mit-krb5/patches/patch-bj deleted file mode 100644 index f9f90dea606..00000000000 --- a/security/mit-krb5/patches/patch-bj +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-bj,v 1.1 2008/06/07 23:58:11 tonnerre Exp $ - ---- kdc/dispatch.c.orig 2002-09-11 05:59:26.000000000 +0200 -+++ kdc/dispatch.c -@@ -108,7 +108,7 @@ dispatch(krb5_data *pkt, const krb5_full - retval = KRB5KRB_AP_ERR_MSG_TYPE; - #ifndef NOCACHE - /* put the response into the lookaside buffer */ -- if (!retval) -+ if (!retval && *response != NULL) - kdc_insert_lookaside(pkt, from, *response); - #endif - diff --git a/security/mit-krb5/patches/patch-bk b/security/mit-krb5/patches/patch-bk deleted file mode 100644 index 29e7feef1c9..00000000000 --- a/security/mit-krb5/patches/patch-bk +++ /dev/null @@ -1,283 +0,0 @@ -$NetBSD: patch-bk,v 1.1 2008/06/07 23:58:11 tonnerre Exp $ - ---- kdc/kerberos_v4.c.orig 2004-07-24 02:40:18.000000000 +0200 -+++ kdc/kerberos_v4.c -@@ -86,11 +86,6 @@ extern int krbONE; - #define MSB_FIRST 0 /* 68000, IBM RT/PC */ - #define LSB_FIRST 1 /* Vax, PC8086 */ - --int f; -- --/* XXX several files in libkdb know about this */ --char *progname; -- - #ifndef BACKWARD_COMPAT - static Key_schedule master_key_schedule; - static C_Block master_key; -@@ -142,10 +137,8 @@ static void hang(void); - #include "com_err.h" - #include "extern.h" /* to pick up master_princ */ - --static krb5_data *response; -- --void kerberos_v4 (struct sockaddr_in *, KTEXT); --void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); -+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT); -+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); - static int set_tgtkey (char *, krb5_kvno, krb5_boolean); - - /* Attributes converted from V5 to V4 - internal representation */ -@@ -261,12 +254,12 @@ process_v4(const krb5_data *pkt, const k - (void) klog(L_KRB_PERR, "V4 request too long."); - return KRB5KRB_ERR_FIELD_TOOLONG; - } -+ memset( &v4_pkt, 0, sizeof(v4_pkt)); - v4_pkt.length = pkt->length; - v4_pkt.mbz = 0; - memcpy( v4_pkt.dat, pkt->data, pkt->length); - -- kerberos_v4( &client_sockaddr, &v4_pkt); -- *resp = response; -+ *resp = kerberos_v4( &client_sockaddr, &v4_pkt); - return(retval); - } - -@@ -299,19 +292,20 @@ char * v4_klog( int type, const char *fo - } - - static --int krb4_sendto(int s, const char *msg, int len, int flags, -- const struct sockaddr *to, int to_len) -+krb5_data *make_response(const char *msg, int len) - { -+ krb5_data *response; -+ - if ( !(response = (krb5_data *) malloc( sizeof *response))) { -- return ENOMEM; -+ return 0; - } - if ( !(response->data = (char *) malloc( len))) { - krb5_free_data(kdc_context, response); -- return ENOMEM; -+ return 0; - } - response->length = len; - memcpy( response->data, msg, len); -- return( 0); -+ return response; - } - static void - hang(void) -@@ -590,7 +584,7 @@ static void str_length_check(char *str, - *cp = 0; - } - --void -+static krb5_data * - kerberos_v4(struct sockaddr_in *client, KTEXT pkt) - { - static KTEXT_ST rpkt_st; -@@ -603,7 +597,7 @@ kerberos_v4(struct sockaddr_in *client, - KTEXT auth = &auth_st; - AUTH_DAT ad_st; - AUTH_DAT *ad = &ad_st; -- -+ krb5_data *response = 0; - - static struct in_addr client_host; - static int msg_byte_order; -@@ -641,8 +635,7 @@ kerberos_v4(struct sockaddr_in *client, - inet_ntoa(client_host)); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - - /* check packet version */ -@@ -652,8 +645,7 @@ kerberos_v4(struct sockaddr_in *client, - KRB_PROT_VERSION, req_version, 0); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - msg_byte_order = req_msg_type & 1; - -@@ -711,10 +703,10 @@ kerberos_v4(struct sockaddr_in *client, - - if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, - &a_name_data, &k5key, 0, &ck5life))) { -- kerb_err_reply(client, pkt, i, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_low = a_name_data.key_high = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* don't use k5key for client */ - krb5_free_keyblock_contents(kdc_context, &k5key); -@@ -726,11 +718,11 @@ kerberos_v4(struct sockaddr_in *client, - /* this does all the checking */ - if ((i = check_princ(service, instance, lifetime, - &s_name_data, &k5key, 1, &sk5life))) { -- kerb_err_reply(client, pkt, i, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_high = a_name_data.key_low = 0; - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* Bound requested lifetime with service and user */ - v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life); -@@ -801,8 +793,7 @@ kerberos_v4(struct sockaddr_in *client, - rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, - req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, - a_name_data.key_version, ciph); -- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, -- (struct sockaddr *) client, S_AD_SZ); -+ response = make_response((char *) rpkt->dat, rpkt->length); - memset(&a_name_data, 0, sizeof(a_name_data)); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; -@@ -828,9 +819,8 @@ kerberos_v4(struct sockaddr_in *client, - lt = klog(L_KRB_PERR, - "APPL request with realm length too long from %s", - inet_ntoa(client_host)); -- kerb_err_reply(client, pkt, RD_AP_INCON, -- "realm length too long"); -- return; -+ return kerb_err_reply(client, pkt, RD_AP_INCON, -+ "realm length too long"); - } - - auth->length += (int) *(pkt->dat + auth->length) + -@@ -839,9 +829,8 @@ kerberos_v4(struct sockaddr_in *client, - lt = klog(L_KRB_PERR, - "APPL request with funky tkt or req_id length from %s", - inet_ntoa(client_host)); -- kerb_err_reply(client, pkt, RD_AP_INCON, -- "funky tkt or req_id length"); -- return; -+ return kerb_err_reply(client, pkt, RD_AP_INCON, -+ "funky tkt or req_id length"); - } - - memcpy(auth->dat, pkt->dat, auth->length); -@@ -852,18 +841,16 @@ kerberos_v4(struct sockaddr_in *client, - if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) { - lt = klog(L_ERR_UNK, - "Cross realm ticket from %s denied by policy,", tktrlm); -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - if (set_tgtkey(tktrlm, kvno, 0)) { -- lt = klog(L_ERR_UNK, -+ lt = klog(L_ERR_UNK, - "FAILED set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -@@ -873,9 +860,8 @@ kerberos_v4(struct sockaddr_in *client, - "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -@@ -885,8 +871,7 @@ kerberos_v4(struct sockaddr_in *client, - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_get_err_text(kerno)); - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); -- return; -+ return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); - } - ptr = (char *) pkt->dat + auth->length; - -@@ -908,22 +893,20 @@ kerberos_v4(struct sockaddr_in *client, - req_realm_ptr = ad->prealm; - - if (strcmp(ad->prealm, tktrlm)) { -- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -- "Can't hop realms"); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -+ "Can't hop realms"); - } - if (!strcmp(service, "changepw")) { -- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -- "Can't authorize password changed based on TGT"); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -+ "Can't authorize password changed based on TGT"); - } - kerno = check_princ(service, instance, req_life, - &s_name_data, &k5key, 1, &sk5life); - if (kerno) { -- kerb_err_reply(client, pkt, kerno, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, kerno, "check_princ failed"); - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* Bound requested lifetime with service and user */ - v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life); -@@ -979,8 +962,7 @@ kerberos_v4(struct sockaddr_in *client, - rpkt = create_auth_reply(ad->pname, ad->pinst, - ad->prealm, time_ws, - 0, 0, 0, ciph); -- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, -- (struct sockaddr *) client, S_AD_SZ); -+ response = make_response((char *) rpkt->dat, rpkt->length); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; - } -@@ -1005,6 +987,8 @@ kerberos_v4(struct sockaddr_in *client, - break; - } - } -+ -+ return response; - } - - -@@ -1014,7 +998,7 @@ kerberos_v4(struct sockaddr_in *client, - * client. - */ - --void -+static krb5_data * - kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) - { - static KTEXT_ST e_pkt_st; -@@ -1025,9 +1009,7 @@ kerb_err_reply(struct sockaddr_in *clien - strncat(e_msg, string, sizeof(e_msg) - 1 - 19); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); -- krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0, -- (struct sockaddr *) client, S_AD_SZ); -- -+ return make_response((char *) e_pkt->dat, e_pkt->length); - } - - static int diff --git a/security/mit-krb5/patches/patch-bl b/security/mit-krb5/patches/patch-bl deleted file mode 100644 index 18f6fd9d84c..00000000000 --- a/security/mit-krb5/patches/patch-bl +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-bl,v 1.1 2008/06/07 23:58:11 tonnerre Exp $ - ---- kdc/network.c.orig 2005-07-12 22:59:51.000000000 +0200 -+++ kdc/network.c -@@ -748,6 +748,8 @@ static void process_packet(struct connec - com_err(prog, retval, "while dispatching (udp)"); - return; - } -+ if (response == NULL) -+ return; - cc = sendto(port_fd, response->data, (socklen_t) response->length, 0, - (struct sockaddr *)&saddr, saddr_len); - if (cc == -1) { diff --git a/security/mit-krb5/patches/patch-bm b/security/mit-krb5/patches/patch-bm deleted file mode 100644 index 7928c7f62f4..00000000000 --- a/security/mit-krb5/patches/patch-bm +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-bm,v 1.1 2008/12/11 09:42:25 wiz Exp $ - ---- lib/krb5/os/dnsglue.c.orig 2005-01-15 00:10:53.000000000 +0000 -+++ lib/krb5/os/dnsglue.c -@@ -87,6 +87,7 @@ krb5int_dns_init(struct krb5int_dns_stat - #endif - - #if HAVE_RES_NSEARCH -+ bzero(&statbuf,(sizeof(struct __res_state))); - ret = res_ninit(&statbuf); - if (ret < 0) - return -1; diff --git a/security/mit-krb5/patches/patch-bn b/security/mit-krb5/patches/patch-bn deleted file mode 100644 index 32528119801..00000000000 --- a/security/mit-krb5/patches/patch-bn +++ /dev/null @@ -1,32 +0,0 @@ ---- lib/krb5/asn.1/asn1buf.c.orig 2009-04-17 16:07:27.348357800 -0500 -+++ lib/krb5/asn.1/asn1buf.c 2009-04-17 16:23:10.726869700 -0500 -@@ -78,11 +78,11 @@ - - asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) - { -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - subbuf->base = subbuf->next = buf->next; - if (!indef) { -+ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - subbuf->bound = subbuf->base + length - 1; -- if (subbuf->bound > buf->bound) -- return ASN1_OVERRUN; - } else /* constructed indefinite */ - subbuf->bound = buf->bound; - return 0; -@@ -200,6 +200,7 @@ - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; -@@ -218,6 +219,7 @@ - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; diff --git a/security/mit-krb5/patches/patch-bo b/security/mit-krb5/patches/patch-bo deleted file mode 100644 index 4e6939c92f3..00000000000 --- a/security/mit-krb5/patches/patch-bo +++ /dev/null @@ -1,10 +0,0 @@ ---- lib/krb5/asn.1/asn1_decode.c.orig 2009-04-17 16:24:41.318878800 -0500 -+++ lib/krb5/asn.1/asn1_decode.c 2009-04-17 16:25:52.914274500 -0500 -@@ -231,6 +231,7 @@ - - if(length != 15) return ASN1_BAD_LENGTH; - retval = asn1buf_remove_charstring(buf,15,&s); -+ if (retval) return retval; - /* Time encoding: YYYYMMDDhhmmssZ */ - if(s[14] != 'Z') { - free(s); diff --git a/security/mit-krb5/patches/patch-bp b/security/mit-krb5/patches/patch-bp deleted file mode 100644 index 3bc1fb177f0..00000000000 --- a/security/mit-krb5/patches/patch-bp +++ /dev/null @@ -1,25 +0,0 @@ ---- tests/asn.1/krb5_decode_test.c.orig 2009-04-17 16:25:31.678326000 -0500 -+++ tests/asn.1/krb5_decode_test.c 2009-04-17 16:26:03.499429900 -0500 -@@ -485,6 +485,22 @@ - ktest_destroy_keyblock(&(ref.subkey)); - ref.seq_number = 0; - decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); -+ -+ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40"); -+ if (retval) { -+ com_err("krb5_decode_test", retval, "while parsing"); -+ exit(1); -+ } -+ retval = decode_krb5_ap_rep_enc_part(&code, &var); -+ if (retval != ASN1_OVERRUN) { -+ printf("ERROR: "); -+ } else { -+ printf("OK: "); -+ } -+ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n"); -+ krb5_free_data_contents(test_context, &code); -+ krb5_free_ap_rep_enc_part(test_context, var); -+ - ktest_empty_ap_rep_enc_part(&ref); - } - diff --git a/security/mit-krb5/patches/patch-bq b/security/mit-krb5/patches/patch-bq deleted file mode 100644 index 05b83735d3f..00000000000 --- a/security/mit-krb5/patches/patch-bq +++ /dev/null @@ -1,62 +0,0 @@ -$NetBSD: patch-bq,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/Makefile.in.orig 2004-06-16 20:56:28.000000000 -0500 -+++ lib/crypto/Makefile.in 2010-02-23 17:33:02.605810700 -0600 -@@ -20,6 +20,7 @@ - $(srcdir)/t_hmac.c \ - $(srcdir)/t_pkcs5.c \ - $(srcdir)/t_cts.c \ -+ $(srcdir)/t_short.c \ - $(srcdir)/vectors.c - - ##DOSBUILDTOP = ..\.. -@@ -170,12 +171,13 @@ - - clean-unix:: clean-liblinks clean-libs clean-libobjs - --check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5 -+check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5 t_short - $(RUN_SETUP) ./t_nfold - $(RUN_SETUP) ./t_encrypt - $(RUN_SETUP) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ - diff t_prng.output $(srcdir)/t_prng.expected - $(RUN_SETUP) ./t_hmac -+ $(RUN_SETUP) ./t_short - - # $(RUN_SETUP) ./t_pkcs5 - -@@ -201,10 +203,14 @@ - $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ - $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) - -+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) -+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \ -+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) -+ - - clean:: - $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ -- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o -+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_short t_short.o - -$(RM) t_prng.output - - all-windows:: -@@ -595,6 +601,13 @@ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h -+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): t_short.c $(BUILDTOP)/include/krb5.h \ -+ $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \ -+ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ -+ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ -+ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ -+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ -+ $(SRCTOP)/include/krb5/kdb.h - vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): vectors.c $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ -@@ -602,4 +615,3 @@ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h -- diff --git a/security/mit-krb5/patches/patch-br b/security/mit-krb5/patches/patch-br deleted file mode 100644 index 25d0ebe7c84..00000000000 --- a/security/mit-krb5/patches/patch-br +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-br,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/arcfour/arcfour.c.orig 2004-02-18 20:46:26.000000000 -0600 -+++ lib/crypto/arcfour/arcfour.c 2010-02-23 17:43:53.543585400 -0600 -@@ -203,6 +203,12 @@ - keylength = enc->keylength; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < hashsize + CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH) -+ return KRB5_BAD_MSIZE; -+ - d1.length=keybytes; - d1.data=malloc(d1.length); - if (d1.data == NULL) diff --git a/security/mit-krb5/patches/patch-bs b/security/mit-krb5/patches/patch-bs deleted file mode 100644 index 4b442da0bdf..00000000000 --- a/security/mit-krb5/patches/patch-bs +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-bs,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/enc_provider/aes.c.orig 2004-05-25 13:06:13.000000000 -0500 -+++ lib/crypto/enc_provider/aes.c 2010-02-23 17:43:53.574980200 -0600 -@@ -68,9 +68,11 @@ - nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - if (nblocks == 1) { -- /* XXX Used for DK function. */ -+ /* Used when deriving keys. */ -+ if (input->length < BLOCK_SIZE) -+ return KRB5_BAD_MSIZE; - enc(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - unsigned int nleft; - - for (blockno = 0; blockno < nblocks - 2; blockno++) { -@@ -123,9 +125,9 @@ - - if (nblocks == 1) { - if (input->length < BLOCK_SIZE) -- abort(); -+ return KRB5_BAD_MSIZE; - dec(output->data, input->data, &ctx); -- } else { -+ } else if (nblocks > 1) { - - for (blockno = 0; blockno < nblocks - 2; blockno++) { - dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx); diff --git a/security/mit-krb5/patches/patch-bt b/security/mit-krb5/patches/patch-bt deleted file mode 100644 index 6148ecc96f5..00000000000 --- a/security/mit-krb5/patches/patch-bt +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-bt,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/dk/dk_decrypt.c.orig 2004-02-24 15:07:21.000000000 -0600 -+++ lib/crypto/dk/dk_decrypt.c 2010-02-23 17:43:53.607557500 -0600 -@@ -89,6 +89,12 @@ - else if (hmacsize > hashsize) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hmacsize) -+ return KRB5_BAD_MSIZE; -+ if (output->length < input->length - blocksize - hmacsize) -+ return KRB5_BAD_MSIZE; -+ - enclen = input->length - hmacsize; - - if ((kedata = (unsigned char *) malloc(keylength)) == NULL) diff --git a/security/mit-krb5/patches/patch-bu b/security/mit-krb5/patches/patch-bu deleted file mode 100644 index df48d67201f..00000000000 --- a/security/mit-krb5/patches/patch-bu +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-bu,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/raw/raw_decrypt.c.orig 2004-02-18 20:46:30.000000000 -0600 -+++ lib/crypto/raw/raw_decrypt.c 2010-02-23 17:43:53.638863200 -0600 -@@ -34,5 +34,7 @@ - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) - { -+ if (output->length < input->length) -+ return KRB5_BAD_MSIZE; - return((*(enc->decrypt))(key, ivec, input, output)); - } diff --git a/security/mit-krb5/patches/patch-bv b/security/mit-krb5/patches/patch-bv deleted file mode 100644 index f2b272b8e13..00000000000 --- a/security/mit-krb5/patches/patch-bv +++ /dev/null @@ -1,117 +0,0 @@ -$NetBSD: patch-bv,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/t_short.c.orig 2010-02-23 17:43:53.669981000 -0600 -+++ lib/crypto/t_short.c 2010-02-23 17:43:53.670274200 -0600 -@@ -0,0 +1,112 @@ -+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -+/* -+ * lib/crypto/crypto_tests/t_short.c -+ * -+ * Copyright (C) 2009 by the Massachusetts Institute of Technology. -+ * All rights reserved. -+ * -+ * Export of this software from the United States of America may -+ * require a specific license from the United States Government. -+ * It is the responsibility of any person or organization contemplating -+ * export to obtain such a license before exporting. -+ * -+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -+ * distribute this software and its documentation for any purpose and -+ * without fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright notice and -+ * this permission notice appear in supporting documentation, and that -+ * the name of M.I.T. not be used in advertising or publicity pertaining -+ * to distribution of the software without specific, written prior -+ * permission. Furthermore if you modify this software you must label -+ * your software as modified software and not distribute it in such a -+ * fashion that it might be confused with the original M.I.T. software. -+ * M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" without express -+ * or implied warranty. -+ * -+ * Tests the outcome of decrypting overly short tokens. This program can be -+ * run under a tool like valgrind to detect bad memory accesses; when run -+ * normally by the test suite, it verifies that each operation returns -+ * KRB5_BAD_MSIZE. -+ */ -+ -+#include "k5-int.h" -+ -+krb5_enctype interesting_enctypes[] = { -+ ENCTYPE_DES_CBC_CRC, -+ ENCTYPE_DES_CBC_MD4, -+ ENCTYPE_DES_CBC_MD5, -+ ENCTYPE_DES3_CBC_SHA1, -+ ENCTYPE_ARCFOUR_HMAC, -+ ENCTYPE_ARCFOUR_HMAC_EXP, -+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, -+ ENCTYPE_AES128_CTS_HMAC_SHA1_96, -+ 0 -+}; -+ -+/* Abort if an operation unexpectedly fails. */ -+static void -+x(krb5_error_code code) -+{ -+ if (code != 0) -+ abort(); -+} -+ -+/* Abort if a decrypt operation doesn't have the expected result. */ -+static void -+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) -+{ -+ if (len < min_len) { -+ /* Undersized tokens should always result in BAD_MSIZE. */ -+ if (code != KRB5_BAD_MSIZE) -+ abort(); -+ } else { -+ /* Min-size tokens should succeed or fail the integrity check. */ -+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY) -+ abort(); -+ } -+} -+ -+static void -+test_enctype(krb5_enctype enctype) -+{ -+ krb5_error_code ret; -+ krb5_keyblock keyblock; -+ krb5_enc_data input; -+ krb5_data output; -+ size_t min_len, len; -+ -+ printf("Testing enctype %d\n", (int) enctype); -+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); -+ x(krb5_c_make_random_key(NULL, enctype, &keyblock)); -+ input.enctype = enctype; -+ -+ /* Try each length up to the minimum length. */ -+ for (len = 0; len <= min_len; len++) { -+ input.ciphertext.data = calloc(len, 1); -+ input.ciphertext.length = len; -+ output.data = calloc(len, 1); -+ output.length = len; -+ -+ /* Attempt a normal decryption. */ -+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output); -+ check_decrypt_result(ret, len, min_len); -+ -+ free(input.ciphertext.data); -+ free(output.data); -+ } -+} -+ -+int -+main(int argc, char **argv) -+{ -+ int i; -+ krb5_data notrandom; -+ -+ notrandom.data = "notrandom"; -+ notrandom.length = 9; -+ krb5_c_random_seed(NULL, ¬random); -+ for (i = 0; interesting_enctypes[i]; i++) -+ test_enctype(interesting_enctypes[i]); -+ return 0; -+} diff --git a/security/mit-krb5/patches/patch-bw b/security/mit-krb5/patches/patch-bw deleted file mode 100644 index f4e8c70b63c..00000000000 --- a/security/mit-krb5/patches/patch-bw +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-bw,v 1.1 2010/02/24 19:07:51 tez Exp $ - ---- lib/crypto/old/old_decrypt.c.orig 2003-07-22 14:09:31.000000000 -0500 -+++ lib/crypto/old/old_decrypt.c 2010-02-23 17:43:53.702276900 -0600 -@@ -45,8 +45,10 @@ - blocksize = enc->block_size; - hashsize = hash->hashsize; - -+ /* Verify input and output lengths. */ -+ if (input->length < blocksize + hashsize || input->length % blocksize != 0) -+ return(KRB5_BAD_MSIZE); - plainsize = input->length - blocksize - hashsize; -- - if (arg_output->length < plainsize) - return(KRB5_BAD_MSIZE); - diff --git a/security/mit-krb5/patches/patch-bx b/security/mit-krb5/patches/patch-bx deleted file mode 100644 index 85eed7a746d..00000000000 --- a/security/mit-krb5/patches/patch-bx +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-bx,v 1.1 2010/05/20 14:21:23 tez Exp $ -fix http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt - ---- lib/gssapi/krb5/accept_sec_context.c.orig 2010-05-20 07:13:48.258046700 -0500 -+++ lib/gssapi/krb5/accept_sec_context.c 2010-05-20 07:16:20.228175200 -0500 -@@ -423,6 +423,13 @@ - } - #endif - -+ if (authdat->checksum == NULL) { -+ /* missing checksum counts as "inappropriate type" */ -+ code = KRB5KRB_AP_ERR_INAPP_CKSUM; -+ major_status = GSS_S_FAILURE; -+ goto fail; -+ } -+ - { - /* gss krb5 v1 */ - diff --git a/security/mit-krb5/patches/patch-ca b/security/mit-krb5/patches/patch-ca deleted file mode 100644 index cca444783d2..00000000000 --- a/security/mit-krb5/patches/patch-ca +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ca,v 1.1 2010/12/03 20:11:31 tez Exp $ - -CVE-2010-1323 fix - ---- lib/crypto/keyed_checksum_types.c.orig 2010-12-03 11:36:00.476825900 -0600 -+++ lib/crypto/keyed_checksum_types.c 2010-12-03 11:37:44.915328600 -0600 -@@ -51,6 +51,15 @@ - { - unsigned int i, c; - -+ if (enctype == ENCTYPE_ARCFOUR_HMAC || -+ enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { -+ *count = 1; -+ if ((*cksumtypes = malloc(sizeof(krb5_cksumtype))) == NULL) -+ return(ENOMEM); -+ (*cksumtypes)[0] = CKSUMTYPE_HMAC_MD5_ARCFOUR; -+ return(0); -+ } -+ - c = 0; - for (i=0; i<krb5_cksumtypes_length; i++) { - if ((krb5_cksumtypes_list[i].keyhash && diff --git a/security/mit-krb5/patches/patch-cb b/security/mit-krb5/patches/patch-cb deleted file mode 100644 index a23d93ae113..00000000000 --- a/security/mit-krb5/patches/patch-cb +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-cb,v 1.1 2010/12/03 20:11:31 tez Exp $ - -CVE-2010-1323 fix - ---- lib/crypto/dk/derive.c.orig 2010-12-03 11:38:08.683111800 -0600 -+++ lib/crypto/dk/derive.c 2010-12-03 11:38:50.395857000 -0600 -@@ -40,6 +40,8 @@ - keybytes = enc->keybytes; - keylength = enc->keylength; - -+ if (blocksize == 1) -+ return(KRB5_BAD_ENCTYPE); - if ((inkey->length != keylength) || - (outkey->length != keylength)) - return(KRB5_CRYPTO_INTERNAL); diff --git a/security/mit-krb5/patches/patch-cc b/security/mit-krb5/patches/patch-cc deleted file mode 100644 index 3868c38dc8b..00000000000 --- a/security/mit-krb5/patches/patch-cc +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-cc,v 1.1 2010/12/03 20:11:31 tez Exp $ - -CVE-2010-1323 fix - ---- lib/krb5/krb/preauth2.c.orig 2010-12-03 11:39:40.124063600 -0600 -+++ lib/krb5/krb/preauth2.c 2010-12-03 11:41:33.300010400 -0600 -@@ -665,7 +665,9 @@ - - cksum = sc2->sam_cksum; - -- while (*cksum) { -+ for (; *cksum; cksum++) { -+ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type)) -+ continue; - /* Check this cksum */ - retval = krb5_c_verify_checksum(context, as_key, - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, -@@ -679,7 +681,6 @@ - } - if (valid_cksum) - break; -- cksum++; - } - - if (!valid_cksum) { diff --git a/security/mit-krb5/patches/patch-cd b/security/mit-krb5/patches/patch-cd deleted file mode 100644 index 81163f62103..00000000000 --- a/security/mit-krb5/patches/patch-cd +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-cd,v 1.1 2010/12/03 20:11:31 tez Exp $ - -CVE-2010-1323 fix - ---- lib/krb5/krb/mk_safe.c.orig 2010-12-03 11:41:53.890970000 -0600 -+++ lib/krb5/krb/mk_safe.c 2010-12-03 11:44:00.588325800 -0600 -@@ -212,10 +212,29 @@ - for (i = 0; i < nsumtypes; i++) - if (auth_context->safe_cksumtype == sumtypes[i]) - break; -- if (i == nsumtypes) -- i = 0; -- sumtype = sumtypes[i]; - krb5_free_cksumtypes (context, sumtypes); -+ if (i < nsumtypes) -+ sumtype = auth_context->safe_cksumtype; -+ else { -+ switch (keyblock->enctype) { -+ case ENCTYPE_DES_CBC_MD4: -+ sumtype = CKSUMTYPE_RSA_MD4_DES; -+ break; -+ case ENCTYPE_DES_CBC_MD5: -+ case ENCTYPE_DES_CBC_CRC: -+ sumtype = CKSUMTYPE_RSA_MD5_DES; -+ break; -+ default: -+ retval = krb5int_c_mandatory_cksumtype(context, -+ keyblock->enctype, -+ &sumtype); -+ if (retval) { -+ CLEANUP_DONE(); -+ goto error; -+ } -+ break; -+ } -+ } - } - if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, - plocal_fulladdr, premote_fulladdr, diff --git a/security/mit-krb5/patches/patch-ce b/security/mit-krb5/patches/patch-ce new file mode 100644 index 00000000000..1ded6191035 --- /dev/null +++ b/security/mit-krb5/patches/patch-ce @@ -0,0 +1,59 @@ +$NetBSD: patch-ce,v 1.1 2011/03/22 23:31:05 tez Exp $ + +Fixup configure.in for newer autoconf + +--- configure.in.orig 2010-07-20 17:28:41.000000000 -0500 ++++ configure.in 2010-12-12 19:40:52.640487500 -0600 +@@ -11,11 +11,11 @@ + KRB5_VERSION=K5_VERSION + AC_SUBST(KRB5_VERSION) + +- ++AC_LANG(C) + AC_REQUIRE_CPP + + AC_CACHE_CHECK(if va_copy is available, krb5_cv_va_copy, +-[AC_LINK_IFELSE([ ++[AC_LINK_IFELSE([AC_LANG_SOURCE([ + #include <stdarg.h> + void f(va_list ap) { + va_list ap2; +@@ -27,7 +27,7 @@ + { + f(x); + return 0; +-}], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)]) ++}])], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)]) + if test "$krb5_cv_va_copy" = yes; then + AC_DEFINE(HAS_VA_COPY,1,[Define if va_copy macro or function is available.]) + fi +@@ -37,12 +37,12 @@ + # va_list is defined as an array type, it can't be assigned. + AC_CACHE_CHECK(if va_list objects can be copied by assignment, + krb5_cv_va_simple_copy, +-[AC_COMPILE_IFELSE([ ++[AC_COMPILE_IFELSE([AC_LANG_SOURCE([ + #include <stdarg.h> + void f(va_list va2) { + va_list va1; + va1 = va2; +-}], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)]) ++}])], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)]) + if test "$krb5_cv_va_simple_copy" = yes; then + AC_DEFINE(CAN_COPY_VA_LIST,1,[Define if va_list objects can be simply copied by assignment.]) + fi +@@ -903,12 +903,12 @@ + enable_pkinit=try) + if test "$enable_pkinit" = yes || test "$enable_pkinit" = try; then + AC_CACHE_CHECK(for a recent enough OpenSSL, k5_cv_openssl_version_okay, +-[AC_COMPILE_IFELSE([#include <openssl/opensslv.h> ++[AC_COMPILE_IFELSE([AC_LANG_SOURCE([#include <openssl/opensslv.h> + #if OPENSSL_VERSION_NUMBER < 0x00908000L + # error openssl is too old, need 0.9.8 + #endif + int i = 1; +-], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)]) ++])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)]) + old_LIBS="$LIBS" + AC_CHECK_LIB(crypto, PKCS7_get_signer_info) + LIBS="$old_LIBS" diff --git a/security/mit-krb5/patches/patch-cf b/security/mit-krb5/patches/patch-cf new file mode 100644 index 00000000000..78722d7acea --- /dev/null +++ b/security/mit-krb5/patches/patch-cf @@ -0,0 +1,15 @@ +$NetBSD: patch-cf,v 1.1 2011/03/22 23:31:05 tez Exp $ + +add needed headers + +--- lib/gssapi/Makefile.in.orig 2010-12-22 17:13:19.073797300 -0600 ++++ lib/gssapi/Makefile.in 2010-12-22 17:14:58.061262500 -0600 +@@ -125,7 +125,7 @@ + # appears to be properly serializing the subdir processing and local + # compiles... so far. + ##DOS##!if 0 +-$(EXPORTED_HEADERS) generic/gssapi.h krb5/gssapi_err_krb5.h generic/gssapi_err_generic.h krb5/gssapi_krb5.h: all-recurse ++$(EXPORTED_HEADERS) generic/gssapi.h generic/errmap.h krb5/error_map.h krb5/gssapi_err_krb5.h generic/gssapi_err_generic.h krb5/gssapi_krb5.h: all-recurse + : $@ updated by recursion rule + ##DOS##!endif + diff --git a/security/mit-krb5/patches/patch-cg b/security/mit-krb5/patches/patch-cg new file mode 100644 index 00000000000..1d221a3ff16 --- /dev/null +++ b/security/mit-krb5/patches/patch-cg @@ -0,0 +1,15 @@ +$NetBSD: patch-cg,v 1.1 2011/03/22 23:31:05 tez Exp $ + +add two files that need to be generated and otherwise are not + +--- lib/kdb/Makefile.in.orig 2010-12-23 11:35:38.448878800 -0600 ++++ lib/kdb/Makefile.in 2010-12-23 11:40:32.324026100 -0600 +@@ -57,7 +57,7 @@ + clean-unix:: clean-liblinks clean-libs clean-libobjs + $(RM) adb_err.c adb_err.h + +-generate-files-mac: darwin.exports ++generate-files-mac: darwin.exports adb_err.h adb_err.c + + depend:: adb_err.h + diff --git a/security/mit-krb5/patches/patch-ch b/security/mit-krb5/patches/patch-ch new file mode 100644 index 00000000000..79ecc6cd994 --- /dev/null +++ b/security/mit-krb5/patches/patch-ch @@ -0,0 +1,35 @@ +$NetBSD: patch-ch,v 1.1 2011/03/22 23:31:05 tez Exp $ + +Add --enable-pkgsrc-libtool option + +--- plugins/kdb/db2/Makefile.in.orig 2009-11-22 12:13:29.000000000 -0600 ++++ plugins/kdb/db2/Makefile.in 2011-01-04 17:08:39.419207800 -0600 +@@ -35,8 +35,8 @@ + # Also on gssrpc, for xdr stuff. + SHLIB_EXPDEPS = \ + $(GSSRPC_DEPLIBS) \ +- $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ +- $(TOPLIBD)/libkrb5$(SHLIBEXT) ++ $(TOPLIBD)/libk5crypto$(DEPLIBEXT) \ ++ $(TOPLIBD)/libkrb5$(DEPLIBEXT) + SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(KADMSRV_LIBS) $(SUPPORT_LIB) $(LIBS) @DB_EXTRA_LIBS@ + + SHLIB_DIRS=-L$(TOPLIBD) +@@ -47,7 +47,7 @@ + DBOBJLISTS-sys = + DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \ + $(DBDIR)/db/OBJS.ST $(DBDIR)/mpool/OBJS.ST $(DBDIR)/recno/OBJS.ST +-DBSHOBJLISTS = $(DBOBJLISTS:.ST=.SH) ++DBSHOBJLISTS = $(DBOBJLISTS:.ST=.LA) + + SRCS= \ + $(srcdir)/kdb_xdr.c \ +@@ -59,7 +59,7 @@ + $(srcdir)/db2_exp.c \ + $(srcdir)/lockout.c + +-STOBJLISTS=OBJS.ST $(DBOBJLISTS) ++STOBJLISTS=OBJS.LA $(DBOBJLISTS) + STLIBOBJS= \ + kdb_xdr.o \ + adb_openclose.o \ diff --git a/security/mit-krb5/patches/patch-ci b/security/mit-krb5/patches/patch-ci new file mode 100644 index 00000000000..78947e94774 --- /dev/null +++ b/security/mit-krb5/patches/patch-ci @@ -0,0 +1,58 @@ +$NetBSD: patch-ci,v 1.1 2011/03/22 23:31:05 tez Exp $ + +Add --enable-pkgsrc-libtool option + +--- config/libnover.in.orig Sun Nov 22 12:13:29 2009 ++++ config/libnover.in Wed Jan 5 19:09:38 2011 +@@ -28,8 +28,10 @@ + # STOBJLISTS=dir1/OBJS.ST dir2/OBJS.ST etc... + SHOBJLISTS=$(STOBJLISTS:.ST=.SH) + PFOBJLISTS=$(STOBJLISTS:.ST=.PF) ++LAOBJLISTS=$(STOBJLISTS:.ST=.LA) ++LIBTOOL_TAIL=-rpath $(MODULE_INSTALL_DIR) -shared -module -avoid-version + +-dummy-target-1 $(SUBDIROBJLISTS) $(SUBDIROBJLISTS:.ST=.SH) $(SUBDIROBJLISTS:.ST=.PF): all-recurse ++dummy-target-1 $(SUBDIROBJLISTS) $(SUBDIROBJLISTS:.ST=.SH) $(SUBDIROBJLISTS:.ST=.PF) $(SUBDIROBJLISTS:.ST=.LA): all-recurse + + # Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files + PARSE_OBJLISTS= set -x && $(PERL) -p -e 'BEGIN { $$SIG{__WARN__} = sub {die @_} }; $$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;' +@@ -91,6 +93,21 @@ + set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist + $(RANLIB) $@ + ++lib$(LIBBASE)$(LALIBEXT): ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) ++ $(RM) $@ ++ $(LN_S) ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) $@ ++ ++${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT): $(LAOBJLISTS) ++ $(RM) $@ ++ @echo "building $(LIBBASE) libtool archive ($(LIBMAJOR).$(LIBMINOR))" ++ @dirs=`echo $(LAOBJLISTS) | \ ++ sed -e 's%/OBJS.LA%%g' -e 's%OBJS.LA%.%'`; \ ++ $(LIBTOOL) --mode=link $(CC) -o $@ `for d in $$dirs; do \ ++ sed -e '/^$$/d' -e "s%^%$$d/%" -e "s% % $$d/%g" \ ++ $$d/OBJS.LA; done` \ ++ $(LALIB_EXPFLAGS) \ ++ $(LIBTOOL_TAIL) ++ + $(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT): + $(RM) $@ + (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/libkrb5_$(LIBBASE)$(STLIBEXT) .) +@@ -100,6 +117,7 @@ + + clean-libs: + $(RM) $(LIBBASE)$(DYNOBJEXT) ++ $(LIBTOOL) --mode=uninstall $(RM) ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) + $(RM) binutils.versions osf1.exports darwin.exports hpux10.exports + + install-libs: $(PLUGININST) +@@ -110,6 +128,9 @@ + install-plugin: + $(RM) $(DESTDIR)$(MODULE_INSTALL_DIR)/$(LIBBASE)$(DYNOBJEXT) + $(INSTALL_SHLIB) $(LIBBASE)$(DYNOBJEXT) $(DESTDIR)$(MODULE_INSTALL_DIR) ++install-libtool: ++ $(LIBTOOL) --mode=uninstall $(RM) $(DESTDIR)$(MODULE_INSTALL_DIR)/lib$(LIBBASE)$(LALIBEXT) ++ $(LIBTOOL) --mode=install $(INSTALL_SHLIB) ${TOPLIBD}/lib$(LIBBASE)$(LALIBEXT) $(DESTDIR)$(MODULE_INSTALL_DIR)/lib$(LIBBASE)$(LALIBEXT) + + Makefile: $(top_srcdir)/config/libnover.in + $(BUILDTOP)/config.status: $(top_srcdir)/config/shlib.conf diff --git a/security/mit-krb5/patches/patch-cj b/security/mit-krb5/patches/patch-cj new file mode 100644 index 00000000000..aedd0c53bcb --- /dev/null +++ b/security/mit-krb5/patches/patch-cj @@ -0,0 +1,19 @@ +$NetBSD: patch-cj,v 1.1 2011/03/22 23:31:05 tez Exp $ + +Add --enable-pkgsrc-libtool option + +--- config/libpriv.in.orig Wed Jan 5 12:25:20 2011 ++++ config/libpriv.in Wed Jan 5 12:26:34 2011 +@@ -3,9 +3,9 @@ + # + # The defaults (for installed shared libraries) are in pre.in. We + # override them here, before lib.in uses them. +-LIBLIST=lib$(LIBBASE)$(STLIBEXT) +-LIBLINKS=$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT) +-OBJLISTS=OBJS.ST ++LIBLIST=lib$(LIBBASE)$(LALIBEXT) ++LIBLINKS=$(TOPLIBD)/lib$(LIBBASE)$(LALIBEXT) ++OBJLISTS=OBJS.LA + LIBINSTLIST= + SHLIBEXT=.so-nobuild + SHLIBVEXT=.so.v-nobuild |