10 files changed, 720 insertions, 1 deletions
diff --git a/doc/CHANGES b/doc/CHANGES
index c715bf4ba97..c81faac2634 100644
--- a/doc/CHANGES
+++ b/doc/CHANGES
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.4416 2004/01/10 14:27:57 recht Exp $
+$NetBSD: CHANGES,v 1.4417 2004/01/10 14:57:02 jlam Exp $
 
 Changes to the packages collection and infrastructure in 2004:
 
@@ -153,3 +153,4 @@ Changes to the packages collection and infrastructure in 2004:
 	Updated pyslsk to 1.2.4nb3 [recht 2004-01-10]
 	Updated xmule to 1.7.1nb3 [recht 2004-01-10]
 	Updated py-wxWindows to 2.4.2.4nb3 [recht 2004-01-10]
+	Added heimdal-0.6 [jlam 2004-01-10]
diff --git a/security/heimdal/DESCR b/security/heimdal/DESCR
new file mode 100644
index 00000000000..99134b39533
--- /dev/null
+++ b/security/heimdal/DESCR
@@ -0,0 +1,11 @@
+Heimdal is a free implementation of Kerberos 5.
+
+Kerberos is a system for authenticating users and services on a network.
+It is built upon the assumption that the network is "unsafe".  Kerberos
+is a trusted third-party service.  That means that there is a third
+party (the Kerberos server) that is trusted by all the entities on the
+network (users and services, usually called "principals").  All
+principals share a secret password (or key) with the Kerberos server and
+this enables principals to verify that the messages from the Kerberos
+server are authentic.  Thus trusting the Kerberos server, users and
+services can authenticate each other.
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
new file mode 100644
index 00000000000..c7f73a889b8
--- /dev/null
+++ b/security/heimdal/Makefile
@@ -0,0 +1,64 @@
+# $NetBSD: Makefile,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+DISTNAME=		heimdal-0.6
+CATEGORIES=		security
+MASTER_SITES=		ftp://ftp.pdc.kth.se/pub/heimdal/src/		\
+			ftp://ftp.pdc.kth.se/pub/heimdal/src/old/	\
+			ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/
+
+MAINTAINER=		jlam@NetBSD.org
+HOMEPAGE=		http://www.pdc.kth.se/heimdal/
+COMMENT=		Kerberos 5 implementation
+
+PKG_INSTALLATION_TYPES=	overwrite pkgviews
+
+USE_BUILDLINK3=		yes
+USE_LIBTOOL=		yes
+LIBTOOL_OVERRIDE=	${WRKSRC}/libtool
+
+HEIMDAL_STATEDIR?=	/var/heimdal
+
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+=	--localstatedir=${HEIMDAL_STATEDIR}
+CONFIGURE_ARGS+=	--includedir=${PREFIX}/include/krb5
+CONFIGURE_ARGS+=	--without-x
+CONFIGURE_ARGS+=	--without-krb4
+
+# Heimdal's configure script expects to find the readline.h header as
+# <readline.h>.
+#
+BUILDLINK_INCDIRS.readline=	include/readline
+.include "../../devel/readline/buildlink3.mk"
+CONFIGURE_ARGS+=	--with-readline=${BUILDLINK_PREFIX.readline}
+
+USE_DB185=		yes
+.include "../../databases/db/buildlink3.mk"
+
+CONFIGURE_ARGS+=	--with-openssl=${SSLBASE}
+.include "../../security/openssl/buildlink3.mk"
+
+# XXX Using heimdal with an LDAP backend isn't supported yet.
+#BUILD_DEFS+=		HEIMDAL_USE_LDAP
+#.if defined(HEIMDAL_USE_LDAP) && !empty(HEIMDAL_USE_LDAP:M[yY][eE][sS])
+#.  include "../../databases/openldap/buildlink3.mk"
+#CONFIGURE_ARGS+=	--with-openldap=${BUILDLINK_PREFIX.openldap}
+#.endif
+
+# Rename heimdal's ftp/ftpd to kftp/kftpd so we don't conflict with
+# net/tnftp and net/tnftpd.
+#
+CONFIGURE_ARGS+=	--program-transform-name=${HEIMDAL_TRANSFORM}
+HEIMDAL_TRANSFORM=	"s/^ftp/kftp/"
+
+USE_PKGINSTALL=		yes
+OWN_DIRS_PERMS=		${HEIMDAL_STATEDIR} ${ROOT_USER} ${ROOT_GROUP} 0700
+
+pre-configure:
+	cd ${WRKSRC}; for file in lib/hdb/hdb.h; do			\
+		${SED}	-e "s|/var/heimdal|${HEIMDAL_STATEDIR}|g"	\
+			$$file > $$file.new;				\
+		${MV} -f $$file.new $$file;				\
+	done
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/heimdal/PLIST b/security/heimdal/PLIST
new file mode 100644
index 00000000000..5fd0a022d2f
--- /dev/null
+++ b/security/heimdal/PLIST
@@ -0,0 +1,445 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+bin/afslog
+bin/compile_et
+bin/kauth
+bin/kdestroy
+bin/kf
+bin/kftp
+bin/kgetcred
+bin/kinit
+bin/klist
+bin/kpasswd
+bin/krb5-config
+bin/login
+bin/mk_cmds
+bin/otp
+bin/otpprint
+bin/pagsh
+bin/pfrom
+bin/rcp
+bin/rsh
+bin/string2key
+bin/su
+bin/telnet
+bin/verify_krb5_conf
+include/krb5/asn1_err.h
+include/krb5/base64.h
+include/krb5/com_err.h
+include/krb5/com_right.h
+include/krb5/der.h
+include/krb5/editline.h
+include/krb5/fnmatch.h
+include/krb5/getarg.h
+include/krb5/gssapi.h
+include/krb5/hdb-private.h
+include/krb5/hdb-protos.h
+include/krb5/hdb.h
+include/krb5/hdb_asn1.h
+include/krb5/hdb_err.h
+include/krb5/heim_err.h
+include/krb5/k524_err.h
+include/krb5/kadm5/admin.h
+include/krb5/kadm5/kadm5-private.h
+include/krb5/kadm5/kadm5-protos.h
+include/krb5/kadm5/kadm5_err.h
+include/krb5/kadm5/private.h
+include/krb5/kafs.h
+include/krb5/krb5-private.h
+include/krb5/krb5-protos.h
+include/krb5/krb5-types.h
+include/krb5/krb5.h
+include/krb5/krb5_asn1.h
+include/krb5/krb5_err.h
+include/krb5/otp.h
+include/krb5/parse_bytes.h
+include/krb5/parse_time.h
+include/krb5/parse_units.h
+include/krb5/resolve.h
+include/krb5/roken-common.h
+include/krb5/roken.h
+include/krb5/rtbl.h
+include/krb5/sl.h
+include/krb5/ss/ss.h
+include/krb5/xdbm.h
+info/heimdal.info
+info/heimdal.info-1
+info/heimdal.info-2
+lib/libasn1.a
+lib/libasn1.la
+lib/libasn1.so
+lib/libasn1.so.6
+lib/libasn1.so.6.1
+lib/libcom_err.a
+lib/libcom_err.la
+lib/libcom_err.so
+lib/libcom_err.so.2
+lib/libcom_err.so.2.1
+lib/libeditline.a
+lib/libeditline.la
+lib/libgssapi.a
+lib/libgssapi.la
+lib/libgssapi.so
+lib/libgssapi.so.4
+lib/libgssapi.so.4.0
+lib/libhdb.a
+lib/libhdb.la
+lib/libhdb.so
+lib/libhdb.so.7
+lib/libhdb.so.7.6
+lib/libkadm5clnt.a
+lib/libkadm5clnt.la
+lib/libkadm5clnt.so
+lib/libkadm5clnt.so.6
+lib/libkadm5clnt.so.6.4
+lib/libkadm5srv.a
+lib/libkadm5srv.la
+lib/libkadm5srv.so
+lib/libkadm5srv.so.7
+lib/libkadm5srv.so.7.6
+lib/libkafs.a
+lib/libkafs.la
+lib/libkafs.so
+lib/libkafs.so.4
+lib/libkafs.so.4.0
+lib/libkrb5.a
+lib/libkrb5.la
+lib/libkrb5.so
+lib/libkrb5.so.19
+lib/libkrb5.so.19.0
+lib/libotp.a
+lib/libotp.la
+lib/libotp.so
+lib/libotp.so.1
+lib/libotp.so.1.4
+lib/libroken.a
+lib/libroken.la
+lib/libroken.so
+lib/libroken.so.16
+lib/libroken.so.16.2
+lib/libsl.a
+lib/libsl.la
+lib/libsl.so
+lib/libsl.so.1
+lib/libsl.so.1.2
+lib/libss.a
+lib/libss.la
+lib/libss.so
+lib/libss.so.1
+lib/libss.so.1.4
+libexec/hprop
+libexec/hpropd
+libexec/ipropd-master
+libexec/ipropd-slave
+libexec/kadmind
+libexec/kdc
+libexec/kfd
+libexec/kftpd
+libexec/kpasswdd
+libexec/popper
+libexec/push
+libexec/rshd
+libexec/telnetd
+man/man1/afslog.1
+man/man1/kauth.1
+man/man1/kdestroy.1
+man/man1/kf.1
+man/man1/kftp.1
+man/man1/kgetcred.1
+man/man1/kinit.1
+man/man1/klist.1
+man/man1/kpasswd.1
+man/man1/krb5-config.1
+man/man1/kx.1
+man/man1/login.1
+man/man1/otp.1
+man/man1/otpprint.1
+man/man1/pfrom.1
+man/man1/rsh.1
+man/man1/rxtelnet.1
+man/man1/rxterm.1
+man/man1/telnet.1
+man/man1/tenletxr.1
+man/man1/xnlock.1
+man/man3/arg_printusage.3
+man/man3/editline.3
+man/man3/getarg.3
+man/man3/gss_accept_sec_context.3
+man/man3/gss_acquire_cred.3
+man/man3/gss_add_cred.3
+man/man3/gss_add_oid_set_member.3
+man/man3/gss_canonicalize_name.3
+man/man3/gss_compare_name.3
+man/man3/gss_context_time.3
+man/man3/gss_create_empty_oid_set.3
+man/man3/gss_delete_sec_context.3
+man/man3/gss_display_name.3
+man/man3/gss_display_status.3
+man/man3/gss_duplicate_name.3
+man/man3/gss_export_name.3
+man/man3/gss_export_sec_context.3
+man/man3/gss_get_mic.3
+man/man3/gss_import_name.3
+man/man3/gss_import_sec_context.3
+man/man3/gss_indicate_mechs.3
+man/man3/gss_init_sec_context.3
+man/man3/gss_inquire_context.3
+man/man3/gss_inquire_cred.3
+man/man3/gss_inquire_cred_by_mech.3
+man/man3/gss_inquire_mechs_for_name.3
+man/man3/gss_inquire_names_for_mech.3
+man/man3/gss_krb5_compat_des3_mic.3
+man/man3/gss_krb5_copy_ccache.3
+man/man3/gss_process_context_token.3
+man/man3/gss_release_buffer.3
+man/man3/gss_release_cred.3
+man/man3/gss_release_name.3
+man/man3/gss_release_oid_set.3
+man/man3/gss_seal.3
+man/man3/gss_sign.3
+man/man3/gss_test_oid_set_member.3
+man/man3/gss_unseal.3
+man/man3/gss_unwrap.3
+man/man3/gss_verify.3
+man/man3/gss_verify_mic.3
+man/man3/gss_wrap.3
+man/man3/gss_wrap_size_limit.3
+man/man3/gssapi.3
+man/man3/k_afs_cell_of_file.3
+man/man3/k_hasafs.3
+man/man3/k_pioctl.3
+man/man3/k_setpag.3
+man/man3/k_unlog.3
+man/man3/kafs.3
+man/man3/kafs_set_verbose.3
+man/man3/kafs_settoken.3
+man/man3/kafs_settoken5.3
+man/man3/kafs_settoken_rxkad.3
+man/man3/krb5.3
+man/man3/krb5_425_conv_principal.3
+man/man3/krb5_425_conv_principal_ext.3
+man/man3/krb5_524_conv_principal.3
+man/man3/krb5_addlog_dest.3
+man/man3/krb5_addlog_func.3
+man/man3/krb5_addr2sockaddr.3
+man/man3/krb5_address.3
+man/man3/krb5_address_compare.3
+man/man3/krb5_address_order.3
+man/man3/krb5_address_search.3
+man/man3/krb5_addresses.3
+man/man3/krb5_afslog.3
+man/man3/krb5_afslog_uid.3
+man/man3/krb5_aname_to_localname.3
+man/man3/krb5_anyaddr.3
+man/man3/krb5_appdefault.3
+man/man3/krb5_appdefault_boolean.3
+man/man3/krb5_appdefault_string.3
+man/man3/krb5_appdefault_time.3
+man/man3/krb5_append_addresses.3
+man/man3/krb5_auth_con_free.3
+man/man3/krb5_auth_con_genaddrs.3
+man/man3/krb5_auth_con_getaddrs.3
+man/man3/krb5_auth_con_getflags.3
+man/man3/krb5_auth_con_getkey.3
+man/man3/krb5_auth_con_getlocalsubkey.3
+man/man3/krb5_auth_con_getrcache.3
+man/man3/krb5_auth_con_getremotesubkey.3
+man/man3/krb5_auth_con_getuserkey.3
+man/man3/krb5_auth_con_init.3
+man/man3/krb5_auth_con_initivector.3
+man/man3/krb5_auth_con_setaddrs.3
+man/man3/krb5_auth_con_setaddrs_from_fd.3
+man/man3/krb5_auth_con_setflags.3
+man/man3/krb5_auth_con_setivector.3
+man/man3/krb5_auth_con_setkey.3
+man/man3/krb5_auth_con_setlocalsubkey.3
+man/man3/krb5_auth_con_setrcache.3
+man/man3/krb5_auth_con_setremotesubkey.3
+man/man3/krb5_auth_con_setuserkey.3
+man/man3/krb5_auth_context.3
+man/man3/krb5_auth_getauthenticator.3
+man/man3/krb5_auth_getcksumtype.3
+man/man3/krb5_auth_getkeytype.3
+man/man3/krb5_auth_getlocalseqnumber.3
+man/man3/krb5_auth_getremoteseqnumber.3
+man/man3/krb5_auth_setcksumtype.3
+man/man3/krb5_auth_setkeytype.3
+man/man3/krb5_auth_setlocalseqnumber.3
+man/man3/krb5_auth_setremoteseqnumber.3
+man/man3/krb5_build_principal.3
+man/man3/krb5_build_principal_ext.3
+man/man3/krb5_build_principal_va.3
+man/man3/krb5_build_principal_va_ext.3
+man/man3/krb5_cc_close.3
+man/man3/krb5_cc_copy_cache.3
+man/man3/krb5_cc_cursor.3
+man/man3/krb5_cc_default.3
+man/man3/krb5_cc_default_name.3
+man/man3/krb5_cc_destroy.3
+man/man3/krb5_cc_end_seq_get.3
+man/man3/krb5_cc_gen_new.3
+man/man3/krb5_cc_get_name.3
+man/man3/krb5_cc_get_ops.3
+man/man3/krb5_cc_get_principal.3
+man/man3/krb5_cc_get_type.3
+man/man3/krb5_cc_get_version.3
+man/man3/krb5_cc_initialize.3
+man/man3/krb5_cc_next_cred.3
+man/man3/krb5_cc_ops.3
+man/man3/krb5_cc_register.3
+man/man3/krb5_cc_remove_cred.3
+man/man3/krb5_cc_resolve.3
+man/man3/krb5_cc_retrieve_cred.3
+man/man3/krb5_cc_set_default_name.3
+man/man3/krb5_cc_set_flags.3
+man/man3/krb5_cc_store_cred.3
+man/man3/krb5_ccache.3
+man/man3/krb5_checksum_is_collision_proof.3
+man/man3/krb5_checksum_is_keyed.3
+man/man3/krb5_checksumsize.3
+man/man3/krb5_closelog.3
+man/man3/krb5_config.3
+man/man3/krb5_config_get_bool_default.3
+man/man3/krb5_config_get_int_default.3
+man/man3/krb5_config_get_string_default.3
+man/man3/krb5_config_get_time_default.3
+man/man3/krb5_context.3
+man/man3/krb5_copy_address.3
+man/man3/krb5_copy_addresses.3
+man/man3/krb5_copy_data.3
+man/man3/krb5_create_checksum.3
+man/man3/krb5_crypto_destroy.3
+man/man3/krb5_crypto_init.3
+man/man3/krb5_data.3
+man/man3/krb5_data_alloc.3
+man/man3/krb5_data_copy.3
+man/man3/krb5_data_free.3
+man/man3/krb5_data_realloc.3
+man/man3/krb5_data_zero.3
+man/man3/krb5_decrypt.3
+man/man3/krb5_decrypt_EncryptedData.3
+man/man3/krb5_encrypt.3
+man/man3/krb5_encrypt_EncryptedData.3
+man/man3/krb5_err.3
+man/man3/krb5_errx.3
+man/man3/krb5_fcc_ops.3
+man/man3/krb5_free_address.3
+man/man3/krb5_free_addresses.3
+man/man3/krb5_free_context.3
+man/man3/krb5_free_data.3
+man/man3/krb5_free_data_contents.3
+man/man3/krb5_free_host_realm.3
+man/man3/krb5_free_krbhst.3
+man/man3/krb5_free_principal.3
+man/man3/krb5_get_all_client_addrs.3
+man/man3/krb5_get_all_server_addrs.3
+man/man3/krb5_get_default_realm.3
+man/man3/krb5_get_default_realms.3
+man/man3/krb5_get_host_realm.3
+man/man3/krb5_get_krb524hst.3
+man/man3/krb5_get_krb_admin_hst.3
+man/man3/krb5_get_krb_changepw_hst.3
+man/man3/krb5_get_krbhst.3
+man/man3/krb5_h_addr2addr.3
+man/man3/krb5_h_addr2sockaddr.3
+man/man3/krb5_init_context.3
+man/man3/krb5_initlog.3
+man/man3/krb5_keytab.3
+man/man3/krb5_keytab_entry.3
+man/man3/krb5_krbhst_format_string.3
+man/man3/krb5_krbhst_free.3
+man/man3/krb5_krbhst_get_addrinfo.3
+man/man3/krb5_krbhst_init.3
+man/man3/krb5_krbhst_next.3
+man/man3/krb5_krbhst_next_as_string.3
+man/man3/krb5_krbhst_reset.3
+man/man3/krb5_kt_add_entry.3
+man/man3/krb5_kt_close.3
+man/man3/krb5_kt_compare.3
+man/man3/krb5_kt_copy_entry_contents.3
+man/man3/krb5_kt_cursor.3
+man/man3/krb5_kt_default.3
+man/man3/krb5_kt_default_name.3
+man/man3/krb5_kt_end_seq_get.3
+man/man3/krb5_kt_free_entry.3
+man/man3/krb5_kt_get_entry.3
+man/man3/krb5_kt_get_name.3
+man/man3/krb5_kt_get_type.3
+man/man3/krb5_kt_next_entry.3
+man/man3/krb5_kt_ops.3
+man/man3/krb5_kt_read_service_key.3
+man/man3/krb5_kt_register.3
+man/man3/krb5_kt_remove_entry.3
+man/man3/krb5_kt_resolve.3
+man/man3/krb5_kt_start_seq_get.3
+man/man3/krb5_kuserok.3
+man/man3/krb5_log.3
+man/man3/krb5_log_msg.3
+man/man3/krb5_make_addrport.3
+man/man3/krb5_make_principal.3
+man/man3/krb5_max_sockaddr_size.3
+man/man3/krb5_mcc_ops.3
+man/man3/krb5_openlog.3
+man/man3/krb5_parse_address.3
+man/man3/krb5_parse_name.3
+man/man3/krb5_principal_get_comp_string.3
+man/man3/krb5_principal_get_realm.3
+man/man3/krb5_print_address.3
+man/man3/krb5_set_default_realm.3
+man/man3/krb5_set_warn_dest.3
+man/man3/krb5_sname_to_principal.3
+man/man3/krb5_sock_to_principal.3
+man/man3/krb5_sockaddr2address.3
+man/man3/krb5_sockaddr2port.3
+man/man3/krb5_sockaddr_uninteresting.3
+man/man3/krb5_timeofday.3
+man/man3/krb5_unparse_name.3
+man/man3/krb5_us_timeofday.3
+man/man3/krb5_verify_checksum.3
+man/man3/krb5_verify_opt_init.3
+man/man3/krb5_verify_opt_set_flags.3
+man/man3/krb5_verify_opt_set_keytab.3
+man/man3/krb5_verify_opt_set_secure.3
+man/man3/krb5_verify_opt_set_service.3
+man/man3/krb5_verify_user.3
+man/man3/krb5_verify_user_lrealm.3
+man/man3/krb5_verify_user_opt.3
+man/man3/krb5_verr.3
+man/man3/krb5_verrx.3
+man/man3/krb5_vlog.3
+man/man3/krb5_vlog_msg.3
+man/man3/krb5_vwarn.3
+man/man3/krb5_vwarnx.3
+man/man3/krb5_warn.3
+man/man3/krb5_warnx.3
+man/man3/krb_afslog.3
+man/man3/krb_afslog_uid.3
+man/man5/kftpusers.5
+man/man5/krb5.conf.5
+man/man5/login.access.5
+man/man8/hprop.8
+man/man8/hpropd.8
+man/man8/kadmin.8
+man/man8/kadmind.8
+man/man8/kdc.8
+man/man8/kerberos.8
+man/man8/kfd.8
+man/man8/kftpd.8
+man/man8/kpasswdd.8
+man/man8/kstash.8
+man/man8/ktutil.8
+man/man8/kxd.8
+man/man8/popper.8
+man/man8/push.8
+man/man8/rshd.8
+man/man8/string2key.8
+man/man8/telnetd.8
+man/man8/verify_krb5_conf.8
+sbin/dump_log
+sbin/kadmin
+sbin/kstash
+sbin/ktutil
+sbin/replay_log
+sbin/truncate_log
+@dirrm include/krb5/ss
+@dirrm include/krb5/kadm5
+@dirrm include/krb5
diff --git a/security/heimdal/buildlink3.mk b/security/heimdal/buildlink3.mk
new file mode 100644
index 00000000000..aa81a57164b
--- /dev/null
+++ b/security/heimdal/buildlink3.mk
@@ -0,0 +1,103 @@
+# $NetBSD: buildlink3.mk,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
+HEIMDAL_BUILDLINK3_MK:=	${HEIMDAL_BUILDLINK3_MK}+
+
+.include "../../mk/bsd.prefs.mk"
+
+.if !empty(HEIMDAL_BUILDLINK3_MK:M+)
+BUILDLINK_PACKAGES+=		heimdal
+BUILDLINK_DEPENDS.heimdal?=	heimdal>=0.4e
+BUILDLINK_PKGSRCDIR.heimdal?=	../../security/heimdal
+BUILDLINK_INCDIRS.heimdal?=	include/krb5
+.endif	# HEIMDAL_BUILDLINK3_MK
+
+BUILDLINK_CHECK_BUILTIN.heimdal?=	NO
+
+_KRB5_KRB5_H=	/usr/include/krb5/krb5.h
+
+.if !defined(BUILDLINK_IS_BUILTIN.heimdal)
+BUILDLINK_IS_BUILTIN.heimdal=	NO
+.  if exists(${_KRB5_KRB5_H})
+BUILDLINK_IS_BUILTIN.heimdal!=						\
+	if ${GREP} -q heimdal_version ${_KRB5_KRB5_H}; then		\
+		${ECHO} "YES";						\
+	else								\
+		${ECHO} "NO";						\
+	fi
+.  endif
+MAKEFLAGS+=	BUILDLINK_IS_BUILTIN.heimdal="${BUILDLINK_IS_BUILTIN.heimdal}"
+.endif
+
+.if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[yY][eE][sS])
+BUILDLINK_USE_BUILTIN.heimdal=	YES
+.endif
+
+.if !defined(BUILDLINK_USE_BUILTIN.heimdal)
+.  if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[nN][oO])
+BUILDLINK_USE_BUILTIN.heimdal=	NO
+.  else
+#
+# Create an appropriate name for the built-in package distributed
+# with the system.  This package name can be used to check against
+# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc
+# version or if the built-in one is sufficient.
+#
+# heimdal<=0.6 doesn't have a method of checking the headers to discover
+# the version number of the software.  Match up heimdal versions with
+# OS versions for an approximate determination of the heimdal version.
+#
+.if !defined(_HEIMDAL_VERSION)
+_HEIMDAL_VERSIONS=	0.6 0.5 0.4e 0.3f 0.3e
+_HEIMDAL_0.6=		NetBSD-1.6[U-Z]-* NetBSD-1.6Z*-*
+_HEIMDAL_0.5=		NetBSD-1.6[I-T]-*
+_HEIMDAL_0.4e=		NetBSD-1.6[A-H]-*				\
+			NetBSD-1.6-* NetBSD-1.6_*-* NetBSD-1.6.*-*	\
+			NetBSD-1.5[YZ]-* NetBSD-1.5Z*-*
+_HEIMDAL_0.3f=		NetBSD-1.5X-*
+_HEIMDAL_0.3e=		NetBSD-1.5[UVW]-*				\
+			NetBSD-1.5.*-*
+.  for _heimdal_version_ in ${_HEIMDAL_VERSIONS}
+.    for _pattern_ in ${_HEIMDAL_${_heimdal_version_}}
+.      if !empty(MACHINE_PLATFORM:M${_pattern_})
+_HEIMDAL_VERSION?=	${_heimdal_version_}
+.      endif
+.    endfor
+.  endfor
+_HEIMDAL_VERSION?=	0.2t
+MAKEFLAGS+=	_HEIMDAL_VERSION="${_HEIMDAL_VERSION}"
+.endif
+
+_HEIMDAL_PKG=		heimdal-${_HEIMDAL_VERSION}
+_HEIMDAL_DEPENDS=	${BUILDLINK_DEPENDS.heimdal}
+BUILDLINK_USE_BUILTIN.heimdal!=		\
+	if ${PKG_ADMIN} pmatch '${_HEIMDAL_DEPENDS}' ${_HEIMDAL_PKG}; then \
+		${ECHO} "YES";						\
+	else								\
+		${ECHO} "NO";						\
+	fi
+.  endif
+MAKEFLAGS+=	\
+	BUILDLINK_USE_BUILTIN.heimdal="${BUILDLINK_USE_BUILTIN.heimdal}"
+.endif
+
+.if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO])
+#
+# If we depend on the package, depend on the latest version with a library
+# major number bump.
+#
+BUILDLINK_DEPENDS.heimdal=	heimdal>=0.6
+.  if !empty(BUILDLINK_DEPTH:M+)
+BUILDLINK_DEPENDS+=		heimdal
+.  endif
+.endif
+
+.if !empty(HEIMDAL_BUILDLINK3_MK:M+)
+.  if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO])
+KRB5_CONFIG?=	${BUILDLINK_PREFIX.heimdal}/bin/krb5-config
+CONFIGURE_ENV+=	KRB5_CONFIG="${KRB5_CONFIG}"
+MAKE_ENV+=	KRB5_CONFIG="${KRB5_CONFIG}"
+.  endif
+.endif	# HEIMDAL_BUILDLINK3_MK
+
+BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH:S/+$//}
diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
new file mode 100644
index 00000000000..bd574af7c52
--- /dev/null
+++ b/security/heimdal/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+SHA1 (heimdal-0.6.tar.gz) = 06f00ea8ec26d64729806960f2f7f66bee8275bd
+Size (heimdal-0.6.tar.gz) = 3135319 bytes
+SHA1 (patch-aa) = 26482a8a642df10a2d816e660a2b80a6127c54d0
+SHA1 (patch-ab) = 400a9ac3a76ac7e8b4dcc230e0bdf7fc5222fbb7
+SHA1 (patch-ac) = 121961811f559822c6a4f3d7f7e4646b16908942
+SHA1 (patch-ad) = 47b4a76c1021f2683bd7f9940df78e2b38cf5448
diff --git a/security/heimdal/patches/patch-aa b/security/heimdal/patches/patch-aa
new file mode 100644
index 00000000000..4c1e5c7b35b
--- /dev/null
+++ b/security/heimdal/patches/patch-aa
@@ -0,0 +1,19 @@
+$NetBSD: patch-aa,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+--- appl/ftp/ftp/gssapi.c.orig	Sun Mar 16 14:40:18 2003
++++ appl/ftp/ftp/gssapi.c
+@@ -228,12 +228,13 @@ gss_adat(void *app_data, void *buf, size
+ 	    gss_release_buffer(&min_stat, &export_name);
+ 	    goto out;
+ 	}
+-	name = realloc(export_name.value, export_name.length + 1);
++	name = malloc(export_name.length + 1);
+ 	if(name == NULL) {
+ 	    reply(500, "Out of memory");
+ 	    gss_release_buffer(&min_stat, &export_name);
+ 	    goto out;
+ 	}
++	memcpy(name, export_name.value, export_name.length);
+ 	name[export_name.length] = '\0';
+ 	gss_release_buffer(&min_stat, &export_name);
+ 	d->client_name = name;
diff --git a/security/heimdal/patches/patch-ab b/security/heimdal/patches/patch-ab
new file mode 100644
index 00000000000..9905a3e27ea
--- /dev/null
+++ b/security/heimdal/patches/patch-ab
@@ -0,0 +1,40 @@
+$NetBSD: patch-ab,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+--- cf/install-catman.sh.orig	Sat Sep 29 12:05:38 2001
++++ cf/install-catman.sh
+@@ -14,16 +14,7 @@ for f in "$@"; do
+ 	base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
+ 	section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'`
+ 	mandir="$manbase/man$section"
+-	catdir="$manbase/cat$section"
+-	c="$base.cat$section"
+ 
+-	if test -f "$srcdir/$c"; then
+-		if test \! -d "$catdir"; then
+-			eval "$mkinstalldirs $catdir"
+-		fi
+-		eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
+-		eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
+-	fi
+ 	for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do
+ 		if [ "$link" != "$base" ]; then
+ 			target="$mandir/$link.$section"
+@@ -36,18 +27,6 @@ for f in "$@"; do
+ 					break
+ 				fi
+ 			done
+-			if test -f "$srcdir/$c"; then
+-				target="$catdir/$link.$suffix"
+-				for cmd in "ln -f $catdir/$base.$suffix $target" \
+-					   "ln -fs $base.$suffix $target" \
+-					   "cp -f $catdir/$base.$suffix $target"
+-				do
+-					if eval "$cmd"; then
+-						eval echo "$cmd"
+-						break
+-					fi
+-				done
+-			fi
+ 		fi
+ 	done
+ done
diff --git a/security/heimdal/patches/patch-ac b/security/heimdal/patches/patch-ac
new file mode 100644
index 00000000000..ade79ffbd10
--- /dev/null
+++ b/security/heimdal/patches/patch-ac
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+--- configure.in.orig	Mon May 12 11:26:39 2003
++++ configure.in
+@@ -16,9 +16,6 @@ AM_MAINTAINER_MODE
+ 
+ AC_PREFIX_DEFAULT(/usr/heimdal)
+ 
+-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
+-
+ AC_CANONICAL_HOST
+ CANONICAL_HOST=$host
+ AC_SUBST(CANONICAL_HOST)
diff --git a/security/heimdal/patches/patch-ad b/security/heimdal/patches/patch-ad
new file mode 100644
index 00000000000..262cfc5cdf0
--- /dev/null
+++ b/security/heimdal/patches/patch-ad
@@ -0,0 +1,14 @@
+$NetBSD: patch-ad,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $
+
+--- configure.orig	Mon May 12 11:28:20 2003
++++ configure
+@@ -3036,9 +3036,6 @@ fi
+ 
+ 
+ 
+-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
+-
+ # Make sure we can run config.sub.
+ $ac_config_sub sun4 >/dev/null 2>&1 ||
+   { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5