diff options
| author | adam <adam> | 2012-07-16 19:12:33 +0000 |
|---|---|---|
| committer | adam <adam> | 2012-07-16 19:12:33 +0000 |
| commit | b8c11ef7265fc00f94862ccc890239e99809f709 (patch) | |
| tree | c25826936b7aacf02742a576b808ff5e53fd61e7 /security | |
| parent | 94f6b6eaed77dd0e0348cff0ce706886eae9e576 (diff) | |
| download | pkgsrc-b8c11ef7265fc00f94862ccc890239e99809f709.tar.gz | |
Changes 1.10.2:
This is a bugfix release.
* Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers.
* Update a workaround for a glibc bug that would cause DNS PTR queries to occur
even when rdns = false.
* Fix a kadmind denial of service issue (null pointer dereference), which could
only be triggered by an administrator with the "create" privilege.
[CVE-2012-1013]
Changes 1.10.1:
This is a bugfix release.
* Fix access controls for KDB string attributes [CVE-2012-1012]
* Make the ASN.1 encoding of key version numbers interoperate with Windows
Read-Only Domain Controllers
* Avoid generating spurious password expiry warnings in cases where the KDC
sends an account expiry time without a password expiry time.
Diffstat (limited to 'security')
| -rw-r--r-- | security/mit-krb5/Makefile | 8 | ||||
| -rw-r--r-- | security/mit-krb5/PLIST | 17 | ||||
| -rw-r--r-- | security/mit-krb5/distinfo | 33 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-aa | 14 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ad | 16 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-af | 28 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ag | 20 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ah | 14 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ak | 19 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-al | 6 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ce | 59 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-cf | 6 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-cg | 14 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ch | 4 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-ck | 12 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-lib_kadm5_srv_svr__principal.c | 16 | ||||
| -rw-r--r-- | security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c | 15 |
17 files changed, 131 insertions, 170 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile index 961be68c15d..439397a84bd 100644 --- a/security/mit-krb5/Makefile +++ b/security/mit-krb5/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.57 2012/06/06 18:17:46 tez Exp $ +# $NetBSD: Makefile,v 1.58 2012/07/16 19:12:33 adam Exp $ -DISTNAME= krb5-1.8.6 +DISTNAME= krb5-1.10.2 PKGNAME= mit-${DISTNAME} -PKGREVISION= 1 CATEGORIES= security -MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/1.8/ +MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/ EXTRACT_SUFX= .tar DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} @@ -27,6 +26,7 @@ BUILD_TARGET= generate-files-mac all CONFLICTS+= heimdal-[0-9]* CONFLICTS+= kth-krb4-[0-9]* +USE_LANGUAGES= c c++ USE_LIBTOOL= yes USE_TOOLS+= autoconf gmake m4 perl yacc MAKE_PROGRAM= gmake diff --git a/security/mit-krb5/PLIST b/security/mit-krb5/PLIST index a14b6484f03..19b500f2d66 100644 --- a/security/mit-krb5/PLIST +++ b/security/mit-krb5/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.15 2012/02/26 13:14:19 adam Exp $ +@comment $NetBSD: PLIST,v 1.16 2012/07/16 19:12:33 adam Exp $ bin/compile_et bin/gss-client bin/k5srvutil @@ -9,6 +9,7 @@ bin/klist bin/kpasswd bin/krb5-config bin/ksu +bin/kswitch bin/ktutil bin/kvno bin/sclient @@ -42,14 +43,19 @@ include/kadm5/chpass_util_strings.h include/kadm5/kadm_err.h include/kdb.h include/krb5.h +include/krb5/kadm5_hook_plugin.h include/krb5/krb5.h include/krb5/locate_plugin.h +include/krb5/plugin.h +include/krb5/preauth_plugin.h +include/krb5/pwqual_plugin.h include/profile.h +include/verto-module.h +include/verto.h info/krb5-admin.info info/krb5-install.info info/krb5-user.info lib/krb5/plugins/kdb/libdb2.la -lib/krb5/plugins/preauth/libencrypted_challenge.la lib/krb5/plugins/preauth/libpkinit.la lib/libcom_err.la lib/libgssapi_krb5.la @@ -62,6 +68,8 @@ lib/libkadm5srv_mit.la lib/libkdb5.la lib/libkrb5.la lib/libkrb5support.la +lib/libverto-k5ev.la +lib/libverto.la man/man1/compile_et.1 man/man1/k5srvutil.1 man/man1/kadmin.1 @@ -73,10 +81,14 @@ man/man1/kpasswd.1 man/man1/krb5-config.1 man/man1/krb5-send-pr.1 man/man1/ksu.1 +man/man1/kswitch.1 man/man1/ktutil.1 man/man1/kvno.1 man/man1/sclient.1 +man/man5/.k5identity.5 man/man5/.k5login.5 +man/man5/k5identity.5 +man/man5/k5login.5 man/man5/kdc.conf.5 man/man5/krb5.conf.5 man/man8/kadmin.local.8 @@ -107,3 +119,4 @@ share/examples/krb5/services.append share/examples/rc.d/kadmind share/examples/rc.d/kdc share/gnats/mit +share/locale/en_US/LC_MESSAGES/mit-krb5.mo diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo index 88896520294..4f527f458e7 100644 --- a/security/mit-krb5/distinfo +++ b/security/mit-krb5/distinfo @@ -1,23 +1,22 @@ -$NetBSD: distinfo,v 1.34 2012/06/06 18:17:46 tez Exp $ +$NetBSD: distinfo,v 1.35 2012/07/16 19:12:33 adam Exp $ -SHA1 (krb5-1.8.6-signed.tar) = 0a1356c6680578f683b6ffd33044f6f02d69b315 -RMD160 (krb5-1.8.6-signed.tar) = 3faad0306482f99c1467d045767090d298a20ce4 -Size (krb5-1.8.6-signed.tar) = 11950080 bytes -SHA1 (patch-aa) = cd8cdc594bc872d641ceaba0aa0d91b5f1caf2ae -SHA1 (patch-ad) = 49a9429d163adb872b1c97ade8ed0e13d8eec3cb +SHA1 (krb5-1.10.2-signed.tar) = 8b6e2c5bf0c65aacd368b3698add7888f2a7332d +RMD160 (krb5-1.10.2-signed.tar) = 7d8c4a04389695082fd5c95767e49ca560ad953c +Size (krb5-1.10.2-signed.tar) = 11520000 bytes +SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d +SHA1 (patch-ad) = b56a7218007560470179dd811c84b8c690c966ac SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd -SHA1 (patch-af) = 245b6dea2eff9da9911ac6eabf2ebdbe7fdac305 -SHA1 (patch-ag) = f8daf2dd247365d506e117cb49c5d0f50e9822ed -SHA1 (patch-ah) = 922542765f73dc25c464715c29c8d63c9cd9c718 +SHA1 (patch-af) = 1edab3a5f7eb6a7c5dc287e94ae4401c389dbabf +SHA1 (patch-ag) = 48c0ce35324f5757134c1c5da666bb0cb7a3aaa6 +SHA1 (patch-ah) = 4e40f36e8969974b3c2f68b2e3636921133c57ba SHA1 (patch-aj) = 8a00ca30db3c9c3c9a2f7506cdc4c5b20f7f42c6 -SHA1 (patch-ak) = 9ba29870084dfcd3f6f66e801b42d6577cda004a -SHA1 (patch-al) = 8660b932c999d5b3ac63be27fc1013cceff368b9 -SHA1 (patch-ce) = 72ec322894facfd75a010f82372cfa9ef96afb5f -SHA1 (patch-cf) = 651f223a5c3dff566d0b5c5279d47538576c5979 -SHA1 (patch-cg) = 8c89dd960ebbe444534a849827c78f077cce499b -SHA1 (patch-ch) = 0e36012b43c498b8920f204bab2ba9a68f8c851a +SHA1 (patch-ak) = 19d9b15048a5920ee15c82b33da50c40cf400e46 +SHA1 (patch-al) = 7445639b82eadf9b1feb1448c1654fa6ddc937aa +SHA1 (patch-cf) = 806b089d3b12ea9a17c6caab59cbdeb6ec17bbc3 +SHA1 (patch-cg) = 30b1e8943b0cbe67f37bac6883f4bdd82776e6d1 +SHA1 (patch-ch) = 0f7f45aeb52907b52a2b143c3a2e36a7656c68c5 SHA1 (patch-ci) = 4e310f0a4dfe27cf94d0e63d623590691b6c5970 SHA1 (patch-cj) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b -SHA1 (patch-ck) = 87b7704ca9de02880ef8b3dbb097e87d0252bd4b -SHA1 (patch-lib_kadm5_srv_svr__principal.c) = fd8f677ece32ae5ca1b5d66932e79115eb4d982d +SHA1 (patch-ck) = 37bfef80329f8ae0fb35c35e70032a0040ba5591 SHA1 (patch-lib_krb5_asn.1_asn1buf.h) = a1e46ca9256aea4facc1d41841b1707b044a69e7 +SHA1 (patch-util_k5ev_verto-k5ev.c) = e8f78ec46543793b284c321a6b7362af9f527489 diff --git a/security/mit-krb5/patches/patch-aa b/security/mit-krb5/patches/patch-aa index a4c17b0d070..1999f521460 100644 --- a/security/mit-krb5/patches/patch-aa +++ b/security/mit-krb5/patches/patch-aa @@ -1,11 +1,11 @@ -$NetBSD: patch-aa,v 1.3 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-aa,v 1.4 2012/07/16 19:12:33 adam Exp $ Don't make sunpro warnings into errors (warnings are seen in gcc too) Add --enable-pkgsrc-libtool option ---- aclocal.m4.orig 2009-11-22 11:00:45.000000000 -0600 -+++ aclocal.m4 2011-01-07 17:00:12.222547100 -0600 -@@ -620,7 +620,7 @@ +--- aclocal.m4.orig 2012-05-31 23:49:44.000000000 +0000 ++++ aclocal.m4 +@@ -611,7 +611,7 @@ else # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... @@ -14,7 +14,7 @@ Add --enable-pkgsrc-libtool option WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi -@@ -1090,6 +1090,9 @@ +@@ -1038,6 +1038,9 @@ AC_SUBST(SHLIBVEXT) AC_SUBST(SHLIBSEXT) AC_SUBST(DEPLIBEXT) AC_SUBST(PFLIBEXT) @@ -24,7 +24,7 @@ Add --enable-pkgsrc-libtool option AC_SUBST(LIBINSTLIST) AC_SUBST(DYNOBJEXT) AC_SUBST(MAKE_DYNOBJ_COMMAND) -@@ -1106,6 +1109,7 @@ +@@ -1054,6 +1057,7 @@ AC_SUBST(OBJLISTS) AC_SUBST(STOBJEXT) AC_SUBST(SHOBJEXT) AC_SUBST(PFOBJEXT) @@ -32,7 +32,7 @@ Add --enable-pkgsrc-libtool option AC_SUBST(PICFLAGS) AC_SUBST(PROFFLAGS)]) -@@ -1214,11 +1218,42 @@ +@@ -1168,11 +1172,42 @@ else KDB5_PLUGIN_DEPLIBS= KDB5_PLUGIN_LIBS= fi diff --git a/security/mit-krb5/patches/patch-ad b/security/mit-krb5/patches/patch-ad index f9cdc3bd0e7..63cb03c82fd 100644 --- a/security/mit-krb5/patches/patch-ad +++ b/security/mit-krb5/patches/patch-ad @@ -1,10 +1,10 @@ -$NetBSD: patch-ad,v 1.5 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-ad,v 1.6 2012/07/16 19:12:33 adam Exp $ Add --enable-pkgsrc-libtool option ---- config/lib.in.orig 2010-12-12 17:13:42.864774300 -0600 -+++ config/lib.in 2010-12-12 17:24:08.783385600 -0600 -@@ -29,8 +29,9 @@ +--- config/lib.in.orig 2012-05-31 23:49:44.000000000 +0000 ++++ config/lib.in +@@ -29,8 +29,9 @@ LIBPREFIX=lib # STOBJLISTS=dir1/OBJS.ST dir2/OBJS.ST etc... SHOBJLISTS=$(STOBJLISTS:.ST=.SH) PFOBJLISTS=$(STOBJLISTS:.ST=.PF) @@ -15,7 +15,7 @@ Add --enable-pkgsrc-libtool option # Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files PARSE_OBJLISTS= set -x && $(PERL) -p -e 'BEGIN { $$SIG{__WARN__} = sub {die @_} }; $$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;' -@@ -99,6 +100,21 @@ +@@ -101,6 +102,21 @@ lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS) set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist $(RANLIB) $@ @@ -37,7 +37,7 @@ Add --enable-pkgsrc-libtool option $(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT): lib$(LIBBASE)$(STLIBEXT) $(RM) $@ (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(STLIBEXT) .) -@@ -124,6 +140,7 @@ +@@ -128,6 +144,7 @@ clean-libs: $(RM) lib$(LIBBASE)$(SHLIBSEXT) $(RM) lib$(LIBBASE)$(SHLIBEXT) $(RM) lib$(LIBBASE)$(PFLIBEXT) @@ -45,7 +45,7 @@ Add --enable-pkgsrc-libtool option $(RM) binutils.versions osf1.exports darwin.exports hpux10.exports clean-liblinks: -@@ -132,6 +149,7 @@ +@@ -136,6 +153,7 @@ clean-liblinks: $(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT) $(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(RM) $(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT) @@ -53,7 +53,7 @@ Add --enable-pkgsrc-libtool option install-libs: $(LIBINSTLIST) install-static: -@@ -152,6 +170,9 @@ +@@ -156,6 +174,9 @@ install-profiled: $(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT) $(INSTALL_DATA) lib$(LIBBASE)$(PFLIBEXT) $(DESTDIR)$(KRB5_LIBDIR) $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT) diff --git a/security/mit-krb5/patches/patch-af b/security/mit-krb5/patches/patch-af index 4390ee08530..3d7efd4eed4 100644 --- a/security/mit-krb5/patches/patch-af +++ b/security/mit-krb5/patches/patch-af @@ -1,11 +1,11 @@ -$NetBSD: patch-af,v 1.4 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-af,v 1.5 2012/07/16 19:12:33 adam Exp $ Add --enable-pkgsrc-libtool option Use $(ROOT_USER) in place of root ---- config/pre.in.orig 2010-01-21 16:49:01.000000000 -0600 -+++ config/pre.in 2010-12-12 17:39:24.427787200 -0600 -@@ -170,6 +170,7 @@ +--- config/pre.in.orig 2012-05-31 23:49:44.000000000 +0000 ++++ config/pre.in +@@ -172,6 +172,7 @@ PTHREAD_LIBS = @PTHREAD_LIBS@ THREAD_LINKOPTS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS) CPPFLAGS = @CPPFLAGS@ DEFS = @DEFS@ @@ -13,7 +13,7 @@ Use $(ROOT_USER) in place of root CC = @CC@ CXX = @CXX@ LD = $(PURE) @LD@ -@@ -183,11 +184,12 @@ +@@ -185,11 +186,12 @@ LIBS = @LIBS@ INSTALL=@INSTALL@ INSTALL_STRIP= @@ -29,7 +29,7 @@ Use $(ROOT_USER) in place of root ## This is needed because autoconf will sometimes define @exec_prefix@ to be ## ${prefix}. prefix=@prefix@ -@@ -313,6 +315,10 @@ +@@ -320,6 +322,10 @@ PROG_RPATH_FLAGS=@PROG_RPATH_FLAGS@ # depending on whether we're building with shared libraries. DEPLIBEXT=@DEPLIBEXT@ @@ -40,7 +40,7 @@ Use $(ROOT_USER) in place of root KDB5_PLUGIN_DEPLIBS = @KDB5_PLUGIN_DEPLIBS@ KDB5_PLUGIN_LIBS = @KDB5_PLUGIN_LIBS@ -@@ -329,12 +335,12 @@ +@@ -337,12 +343,12 @@ COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_er SUPPORT_LIBNAME=krb5support SUPPORT_DEPLIB = $(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(DEPLIBEXT) @@ -56,16 +56,16 @@ Use $(ROOT_USER) in place of root KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) KDB5_DEPLIBS = $(KDB5_DEPLIB) $(KDB5_PLUGIN_DEPLIBS) -@@ -364,7 +370,7 @@ +@@ -384,7 +390,7 @@ RL_LIBS = @RL_LIBS@ SS_LIB = $(SS_LIB-@SS_VERSION@) SS_LIB-sys = @SS_LIB@ --SS_LIB-k5 = $(TOPLIBD)/libss.a -+SS_LIB-k5 = $(TOPLIBD)/libss$(DEPSTLIBEXT) +-SS_LIB-k5 = $(TOPLIBD)/libss.a $(RL_LIBS) ++SS_LIB-k5 = $(TOPLIBD)/libss$(DEPSTLIBEXT) $(RL_LIBS) KDB5_LIB = -lkdb5 $(KDB5_PLUGIN_LIBS) - DL_LIB = @DL_LIB@ -@@ -509,6 +515,9 @@ + VERTO_DEPLIB = $(VERTO_DEPLIB-@VERTO_VERSION@) +@@ -552,6 +558,9 @@ MAKE_DYNOBJ_COMMAND=@MAKE_DYNOBJ_COMMAND DYNOBJ_EXPDEPS=@DYNOBJ_EXPDEPS@ DYNOBJ_EXPFLAGS=@DYNOBJ_EXPFLAGS@ @@ -75,7 +75,7 @@ Use $(ROOT_USER) in place of root # File with symbol names to be exported, both functions and data, # currently not distinguished. SHLIB_EXPORT_FILE=$(srcdir)/$(LIBPREFIX)$(LIBBASE).exports -@@ -530,6 +539,7 @@ +@@ -573,6 +582,7 @@ SHLIB_RPATH_FLAGS=@SHLIB_RPATH_FLAGS@ # flags for explicit libraries depending on this one, # e.g. "$(SHLIB_RPATH_FLAGS) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)" SHLIB_EXPFLAGS=@SHLIB_EXPFLAGS@ @@ -83,7 +83,7 @@ Use $(ROOT_USER) in place of root ## Parameters to be set by configure for use in libobj.in: -@@ -541,10 +551,15 @@ +@@ -584,10 +594,15 @@ OBJLISTS=@OBJLISTS@ # the suffix substitution will break on some platforms! SHLIBOBJS=$(STLIBOBJS:.o=@SHOBJEXT@) PFLIBOBJS=$(STLIBOBJS:.o=@PFOBJEXT@) diff --git a/security/mit-krb5/patches/patch-ag b/security/mit-krb5/patches/patch-ag index e5fce9a6a68..fd73aa0e867 100644 --- a/security/mit-krb5/patches/patch-ag +++ b/security/mit-krb5/patches/patch-ag @@ -1,10 +1,10 @@ -$NetBSD: patch-ag,v 1.6 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-ag,v 1.7 2012/07/16 19:12:33 adam Exp $ Add --enable-pkgsrc-libtool option ---- config/shlib.conf.orig Mon Feb 8 14:55:48 2010 -+++ config/shlib.conf Thu Jan 6 15:14:39 2011 -@@ -22,6 +22,7 @@ +--- config/shlib.conf.orig 2012-05-31 23:49:44.000000000 +0000 ++++ config/shlib.conf +@@ -22,6 +22,7 @@ SHLIBVEXT=.so.v-nobuild SHLIBSEXT=.so.s-nobuild # Most systems support profiled libraries. PFLIBEXT=_p.a @@ -12,7 +12,7 @@ Add --enable-pkgsrc-libtool option # Most systems install shared libs as mode 644, etc. while hpux wants 755 INSTALL_SHLIB='$(INSTALL_DATA)' # Most systems use the same objects for shared libraries and dynamically -@@ -37,6 +38,7 @@ +@@ -37,6 +38,7 @@ use_linker_fini_option=no STOBJEXT=.o SHOBJEXT=.so PFOBJEXT=.po @@ -20,7 +20,7 @@ Add --enable-pkgsrc-libtool option # Default for systems w/o shared libraries CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' -@@ -281,7 +283,7 @@ +@@ -287,7 +289,7 @@ mips-*-netbsd*) PROFFLAGS=-pg ;; @@ -29,7 +29,7 @@ Add --enable-pkgsrc-libtool option PICFLAGS=-fPIC SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBEXT=.so -@@ -358,7 +360,7 @@ +@@ -367,7 +369,7 @@ mips-*-netbsd*) for lib in libkrb5support.1.1.dylib libkadm5srv.5.1.dylib libkdb5.4.0.dylib; do LDCOMBINE_TAIL="$LDCOMBINE_TAIL -dylib_file \"\$(KRB5_LIBDIR)/$lib\":\$(TOPLIBD)/$lib" done @@ -38,7 +38,7 @@ Add --enable-pkgsrc-libtool option CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -dynamic $(CXXFLAGS) $(LDFLAGS)' -@@ -473,7 +475,7 @@ +@@ -486,7 +488,7 @@ mips-*-netbsd*) # Assume initialization always delayed. INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done' use_linker_fini_option=yes @@ -47,7 +47,7 @@ Add --enable-pkgsrc-libtool option RPATH_TAIL=:/usr/lib:/lib PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL" CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' -@@ -509,8 +511,8 @@ +@@ -523,8 +525,8 @@ mips-*-netbsd*) # Assume initialization always delayed. INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done' use_linker_fini_option=yes @@ -58,7 +58,7 @@ Add --enable-pkgsrc-libtool option RPATH_TAIL=:/usr/lib:/lib PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL" CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' -@@ -524,8 +526,14 @@ +@@ -539,8 +541,14 @@ esac if test "${MAKE_SHLIB_COMMAND}" = "x" ; then if test "${INIT_FINI_PREP}" != ":"; then diff --git a/security/mit-krb5/patches/patch-ah b/security/mit-krb5/patches/patch-ah index e2b7e5faf10..a4a2a4409da 100644 --- a/security/mit-krb5/patches/patch-ah +++ b/security/mit-krb5/patches/patch-ah @@ -1,17 +1,17 @@ -$NetBSD: patch-ah,v 1.2 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-ah,v 1.3 2012/07/16 19:12:33 adam Exp $ prefer @SYSCONFDIR as location for krb5.conf and krb5.keytab ---- include/osconf.hin.orig Sat Dec 11 19:54:46 2010 -+++ include/osconf.hin Sat Dec 11 20:06:48 2010 -@@ -48,16 +48,16 @@ +--- include/osconf.hin.orig 2012-05-31 23:49:44.000000000 +0000 ++++ include/osconf.hin +@@ -45,16 +45,16 @@ #define DEFAULT_KEYTAB_NAME "FILE:%s\\krb5kt" #else /* !_WINDOWS */ #if TARGET_OS_MAC -#define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf" -#define DEFAULT_PROFILE_PATH ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH) -+#define DEFAULT_SECURE_PROFILE_PATH "@SYSCONFDIR/krb5.conf:/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf" -+#define DEFAULT_PROFILE_PATH ("@SYSCONFDIR/krb5.conf:~/Library/Preferences/edu.mit.Kerberos:/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf") ++#define DEFAULT_SECURE_PROFILE_PATH "@SYSCONFDIR/krb5.conf:/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf" ++#define DEFAULT_PROFILE_PATH ("@SYSCONFDIR/krb5.conf:~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH) #define KRB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosFrameworkPlugins" #define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins" #define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosAuthDataPlugins" @@ -22,6 +22,6 @@ prefer @SYSCONFDIR as location for krb5.conf and krb5.keytab #endif -#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab" +#define DEFAULT_KEYTAB_NAME "FILE:@SYSCONFDIR/krb5.keytab" - #define DEFAULT_LNAME_FILENAME "@PREFIX/lib/krb5.aname" #endif /* _WINDOWS */ + #define DEFAULT_PLUGIN_BASE_DIR "@LIBDIR/krb5/plugins" diff --git a/security/mit-krb5/patches/patch-ak b/security/mit-krb5/patches/patch-ak index 5a629e1cd72..a7f7610d7ce 100644 --- a/security/mit-krb5/patches/patch-ak +++ b/security/mit-krb5/patches/patch-ak @@ -1,10 +1,19 @@ -$NetBSD: patch-ak,v 1.2 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-ak,v 1.3 2012/07/16 19:12:33 adam Exp $ +Don't build kadm5_hook and avoid libtool problem. No idea why... copied from previous instance of this package. ---- Makefile.in.orig 2010-12-12 17:50:34.797814500 -0600 -+++ Makefile.in 2010-12-12 17:51:28.015746400 -0600 -@@ -88,7 +88,7 @@ +--- Makefile.in.orig 2012-05-31 23:49:44.000000000 +0000 ++++ Makefile.in +@@ -9,7 +9,6 @@ mydir=. + # plugins/authdata/greet + SUBDIRS=util include lib \ + @sam2_plugin@ \ +- plugins/kadm5_hook/test \ + plugins/kdb/db2 \ + @ldap_plugin_dir@ \ + plugins/preauth/pkinit \ +@@ -64,7 +63,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO install-strip: $(MAKE) install INSTALL_STRIP=-s @@ -13,7 +22,7 @@ No idea why... copied from previous instance of this package. install-mkdirs: @for i in $(INSTALLMKDIRS); do \ -@@ -99,7 +99,7 @@ +@@ -75,7 +74,7 @@ install-headers-mkdirs: $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR) $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssapi $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssrpc diff --git a/security/mit-krb5/patches/patch-al b/security/mit-krb5/patches/patch-al index 8e098b95d8c..d65b33c8746 100644 --- a/security/mit-krb5/patches/patch-al +++ b/security/mit-krb5/patches/patch-al @@ -1,9 +1,9 @@ -$NetBSD: patch-al,v 1.5 2011/03/22 23:31:04 tez Exp $ +$NetBSD: patch-al,v 1.6 2012/07/16 19:12:33 adam Exp $ Add DragonFly support. Fallback to LINE_MAX if BUFSIZ is not defined. ---- ./lib/gssapi/krb5/import_name.c.orig Sat Dec 11 20:12:52 2010 -+++ ./lib/gssapi/krb5/import_name.c Sat Dec 11 20:13:40 2010 +--- lib/gssapi/krb5/import_name.c.orig Sat Dec 11 20:12:52 2010 ++++ lib/gssapi/krb5/import_name.c Sat Dec 11 20:13:40 2010 @@ -28,10 +28,15 @@ #include "gssapiP_krb5.h" diff --git a/security/mit-krb5/patches/patch-ce b/security/mit-krb5/patches/patch-ce deleted file mode 100644 index 1ded6191035..00000000000 --- a/security/mit-krb5/patches/patch-ce +++ /dev/null @@ -1,59 +0,0 @@ -$NetBSD: patch-ce,v 1.1 2011/03/22 23:31:05 tez Exp $ - -Fixup configure.in for newer autoconf - ---- configure.in.orig 2010-07-20 17:28:41.000000000 -0500 -+++ configure.in 2010-12-12 19:40:52.640487500 -0600 -@@ -11,11 +11,11 @@ - KRB5_VERSION=K5_VERSION - AC_SUBST(KRB5_VERSION) - -- -+AC_LANG(C) - AC_REQUIRE_CPP - - AC_CACHE_CHECK(if va_copy is available, krb5_cv_va_copy, --[AC_LINK_IFELSE([ -+[AC_LINK_IFELSE([AC_LANG_SOURCE([ - #include <stdarg.h> - void f(va_list ap) { - va_list ap2; -@@ -27,7 +27,7 @@ - { - f(x); - return 0; --}], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)]) -+}])], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)]) - if test "$krb5_cv_va_copy" = yes; then - AC_DEFINE(HAS_VA_COPY,1,[Define if va_copy macro or function is available.]) - fi -@@ -37,12 +37,12 @@ - # va_list is defined as an array type, it can't be assigned. - AC_CACHE_CHECK(if va_list objects can be copied by assignment, - krb5_cv_va_simple_copy, --[AC_COMPILE_IFELSE([ -+[AC_COMPILE_IFELSE([AC_LANG_SOURCE([ - #include <stdarg.h> - void f(va_list va2) { - va_list va1; - va1 = va2; --}], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)]) -+}])], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)]) - if test "$krb5_cv_va_simple_copy" = yes; then - AC_DEFINE(CAN_COPY_VA_LIST,1,[Define if va_list objects can be simply copied by assignment.]) - fi -@@ -903,12 +903,12 @@ - enable_pkinit=try) - if test "$enable_pkinit" = yes || test "$enable_pkinit" = try; then - AC_CACHE_CHECK(for a recent enough OpenSSL, k5_cv_openssl_version_okay, --[AC_COMPILE_IFELSE([#include <openssl/opensslv.h> -+[AC_COMPILE_IFELSE([AC_LANG_SOURCE([#include <openssl/opensslv.h> - #if OPENSSL_VERSION_NUMBER < 0x00908000L - # error openssl is too old, need 0.9.8 - #endif - int i = 1; --], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)]) -+])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)]) - old_LIBS="$LIBS" - AC_CHECK_LIB(crypto, PKCS7_get_signer_info) - LIBS="$old_LIBS" diff --git a/security/mit-krb5/patches/patch-cf b/security/mit-krb5/patches/patch-cf index 78722d7acea..97f8a457021 100644 --- a/security/mit-krb5/patches/patch-cf +++ b/security/mit-krb5/patches/patch-cf @@ -1,10 +1,10 @@ -$NetBSD: patch-cf,v 1.1 2011/03/22 23:31:05 tez Exp $ +$NetBSD: patch-cf,v 1.2 2012/07/16 19:12:33 adam Exp $ -add needed headers +Add needed headers --- lib/gssapi/Makefile.in.orig 2010-12-22 17:13:19.073797300 -0600 +++ lib/gssapi/Makefile.in 2010-12-22 17:14:58.061262500 -0600 -@@ -125,7 +125,7 @@ +@@ -96,7 +96,7 @@ # appears to be properly serializing the subdir processing and local # compiles... so far. ##DOS##!if 0 diff --git a/security/mit-krb5/patches/patch-cg b/security/mit-krb5/patches/patch-cg index 1d221a3ff16..f62ac75c887 100644 --- a/security/mit-krb5/patches/patch-cg +++ b/security/mit-krb5/patches/patch-cg @@ -1,12 +1,12 @@ -$NetBSD: patch-cg,v 1.1 2011/03/22 23:31:05 tez Exp $ +$NetBSD: patch-cg,v 1.2 2012/07/16 19:12:33 adam Exp $ -add two files that need to be generated and otherwise are not +Add two files that need to be generated and otherwise are not ---- lib/kdb/Makefile.in.orig 2010-12-23 11:35:38.448878800 -0600 -+++ lib/kdb/Makefile.in 2010-12-23 11:40:32.324026100 -0600 -@@ -57,7 +57,7 @@ - clean-unix:: clean-liblinks clean-libs clean-libobjs - $(RM) adb_err.c adb_err.h +--- lib/kdb/Makefile.in.orig 2012-05-31 23:49:44.000000000 +0000 ++++ lib/kdb/Makefile.in +@@ -62,7 +62,7 @@ clean-unix:: clean-liblinks clean-libs c + check-pytests:: t_stringattr + $(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS) -generate-files-mac: darwin.exports +generate-files-mac: darwin.exports adb_err.h adb_err.c diff --git a/security/mit-krb5/patches/patch-ch b/security/mit-krb5/patches/patch-ch index 79ecc6cd994..c67f3650edb 100644 --- a/security/mit-krb5/patches/patch-ch +++ b/security/mit-krb5/patches/patch-ch @@ -1,4 +1,4 @@ -$NetBSD: patch-ch,v 1.1 2011/03/22 23:31:05 tez Exp $ +$NetBSD: patch-ch,v 1.2 2012/07/16 19:12:33 adam Exp $ Add --enable-pkgsrc-libtool option @@ -24,7 +24,7 @@ Add --enable-pkgsrc-libtool option SRCS= \ $(srcdir)/kdb_xdr.c \ -@@ -59,7 +59,7 @@ +@@ -58,7 +58,7 @@ $(srcdir)/db2_exp.c \ $(srcdir)/lockout.c diff --git a/security/mit-krb5/patches/patch-ck b/security/mit-krb5/patches/patch-ck index 5363a284980..218595d13d5 100644 --- a/security/mit-krb5/patches/patch-ck +++ b/security/mit-krb5/patches/patch-ck @@ -1,11 +1,11 @@ -$NetBSD: patch-ck,v 1.1 2011/04/09 00:16:18 tez Exp $ +$NetBSD: patch-ck,v 1.2 2012/07/16 19:12:33 adam Exp $ -fix build where libtool chokes on "--version-info : " (at least OS X) +Fix build where libtool chokes on "--version-info : " (at least OS X) ---- lib/apputils/Makefile.in.orig 2009-11-22 12:13:29.000000000 -0600 -+++ lib/apputils/Makefile.in 2011-04-08 16:54:37.000000000 -0500 -@@ -18,6 +18,8 @@ - STLIBOBJS=dummy.o @LIBOBJS@ +--- lib/apputils/Makefile.in.orig 2012-05-31 23:49:44.000000000 +0000 ++++ lib/apputils/Makefile.in +@@ -16,6 +16,8 @@ DEFS= + STLIBOBJS=net-server.o @LIBOBJS@ STOBJLISTS=OBJS.ST LIBBASE=apputils +LIBMAJOR=0 diff --git a/security/mit-krb5/patches/patch-lib_kadm5_srv_svr__principal.c b/security/mit-krb5/patches/patch-lib_kadm5_srv_svr__principal.c deleted file mode 100644 index 590d769ee72..00000000000 --- a/security/mit-krb5/patches/patch-lib_kadm5_srv_svr__principal.c +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-lib_kadm5_srv_svr__principal.c,v 1.1 2012/06/06 18:17:46 tez Exp $ - -Fix for CVE-2012-1013 from: - https://github.com/krb5/krb5/commit/ca2909440015d33be42e77d1955194963d8c0955 - ---- lib/kadm5/srv/svr_principal.c.orig 2012-06-06 17:25:54.168189200 +0000 -+++ lib/kadm5/srv/svr_principal.c -@@ -196,7 +196,7 @@ check_1_6_dummy(kadm5_principal_ent_t en - char *password = *passptr; - - /* Old-style randkey operations disallowed tickets to start. */ -- if (!(mask & KADM5_ATTRIBUTES) || -+ if (password == NULL || !(mask & KADM5_ATTRIBUTES) || - !(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)) - return; - diff --git a/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c b/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c new file mode 100644 index 00000000000..d2c8090204f --- /dev/null +++ b/security/mit-krb5/patches/patch-util_k5ev_verto-k5ev.c @@ -0,0 +1,15 @@ +$NetBSD: patch-util_k5ev_verto-k5ev.c,v 1.1 2012/07/16 19:12:33 adam Exp $ + +Fix include file path + +--- util/k5ev/verto-k5ev.c.orig 2012-06-27 13:41:58.000000000 +0000 ++++ util/k5ev/verto-k5ev.c +@@ -34,7 +34,7 @@ + + #include "verto-k5ev.h" + #include <verto-module.h> +-#include "rename.h" ++#include "gssrpc/rename.h" + #include "autoconf.h" + #define EV_STANDALONE 1 + /* Avoids using clock_gettime; we probably shouldn't have to do this. */ |