| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
MAKE_JOBS=2 and worked without.
|
|
|
|
|
|
major change.
Reported by Robert Elz in PR 41345.
|
|
block). Uncomment some commented out LICENSE lines while here.
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
OK by wiz@.
|
|
|
|
PR 38622 for some time.
|
|
so make it only end up in the PLIST if that is the case.
|
|
this heimdal on 3.x.
Bump PKGREVISION.
|
|
through PLIST_SUBST to the plist module.
|
|
/usr/bin/krb5-config exists. Fixes build of imap-uw package with the
kerberos option on NetBSD-current and possibly other platforms.
|
|
transformed into the correct set of libraries, so we no longer need to
override the configure script's check for which library has tgetent().
|
|
into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5.
This is good because it reduces the likelihood of a conflict with any
other similarly named headers if you simply add -I${PREFIX}/include/krb5
to the compiler command line.
Patch from PR pkg/38119 by charlie.
|
|
are trying to use (the termcap t*() API).
|
|
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
|
|
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
it can therefore be detected properly as up-to-date.
|
|
pkg-build-options.mk procedure.
|
|
|
|
The redundant parsing of bsd.prefs.mk is mostly avoided now and
parse time e.g. for x11/kdebase3 gets reduced by up to 10%.
|
|
build of imap-uw package with the kerberos option.
|
|
"A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled rcp application. This may
be exploited to perform certain actions with root privileges if the
"setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Bump PKGREVISION.
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.
|
|
heimdal, so heimdal installs its own. Add them in PLIST.SunOS
Fixes PR pkg/33656. Bump PKGREVISION.
|
|
packages. Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
|
|
installs its own glob.h and vis.h. Add them to PLIST.Linux.
Bump PKGREVISION.
|
|
|
|
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
for the gss_* functions.
|
|
exists on the disk -- we can just check whether a variable defined by
find-files.mk is "__nonexistent__" or not.
|
|
* List the info files directly in the PLIST.
|
|
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
Changes in Heimdal 0.7.2
* Fix security problem in rshd that enable an attacker to overwrite
and change ownership of any file that root could write.
* Fix a DOS in telnetd. The attacker could force the server to crash
in a NULL de-reference before the user logged in, resulting in inetd
turning telnetd off because it forked too fast.
* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
exists in the keytab before returning success. This allows servers
to check if its even possible to use GSSAPI.
* Fix receiving end of token delegation for GSS-API. It still wrongly
uses subkey for sending for compatibility reasons, this will change
in 0.8.
* telnetd, login and rshd are now more verbose in logging failed and
successful logins.
* Bug fixes
|
|
krb5-config then create one to use in the buildlink tree. Useful
for packages that expect krb5-config to exist to determine kerberos
existence/locations.
|
|
script not to find any system-installed compile_et.
(This should really be done by using our own PATH that doesn't include
any system paths, but we're not quite ready to do that yet.)
|
|
bin/compile_et
bin/kpasswd
bin/pagsh
Addresses PR 32610 and PR 32612 by Ola Eriksson.
|
|
bin/mk_cmds
lib/libroken.la
lib/libsl.la
lib/libss.la
man/man3/arg_printusage.3
man/man3/getarg.3
Addresses PR 32610 and PR 32611 by Ola Eriksson.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
platforms with older versions of /etc/rc.subr can run smbd.sh and
winbindd.sh without updating /etc/rc.subr.
Bump PKGREVISION to 2.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
the necessary headers.
XXX Ask upstream, why this isn't a #if / #elif list
Reported-by: walt <wa1ter AT myrealbox DOT com> on tech-pkg
|
|
in a publicly-exported structure was renamed from "private" to
"opt_private". This allows <krb5.h> to be used by C++ compilers.
Bump the PKGREVISION to 1.
|
|
for the "db4" option and just rely on the appropriate BDB_* settings
via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use
krb5-config, if it's available, to check the version of the built-in
heimdal. Patches patch-ab, patch-ae and patch-af have been sent back
upstream and will be incorporated into future Heimdal releases.
Changes between version 0.6.5 and version 0.7.1 include:
* Support for KCM, a process based credential cache
* Support CCAPI credential cache
* SPNEGO support
* AES (and the gssapi conterpart, CFX) support
* Adding new and improve old documentation
* Bug fixes
|
