# Buildsheet autogenerated by ravenadm tool -- Do not edit. NAMEBASE= krb5 VERSION= 1.21.2 KEYWORDS= security VARIANTS= standard SDESC[standard]= MIT Kerberos 5 authentication system HOMEPAGE= http://web.mit.edu/kerberos/www/ CONTACT= nobody DOWNLOAD_GROUPS= main SITES[main]= https://web.mit.edu/kerberos/dist/krb5/1.21/ DISTFILE[1]= krb5-1.21.2.tar.gz:main DF_INDEX= 1 SPKGS[standard]= complete primary dev tools nls examples man docs OPTIONS_AVAILABLE= none OPTIONS_STANDARD= none USES= cpe gmake perl:build libtool:build pkgconfig ssl:openssl11 gettext readline DISTNAME= krb5-1.21.2/src LICENSE= MIT:primary LICENSE_FILE= MIT:{{WRKSRC}}/../NOTICE LICENSE_SCHEME= solo CPE_PRODUCT= kerberos CPE_VENDOR= mit CPE_VERSION= 5-1.21.2 FPC_EQUIVALENT= security/krb5 MUST_CONFIGURE= gnu CONFIGURE_ARGS= --enable-shared --with-readline --without-system-verto --disable-rpath --localstatedir="{{PREFIX}}/var" --runstatedir="{{PREFIX}}/var/run" CONFIGURE_ENV= INSTALL="{{INSTALL}}" INSTALL_LIB="{{INSTALL_LIB}}" YACC="{{YACC}}" MAKE_ARGS= INSTALL="{{INSTALL}}" INSTALL_LIB="{{INSTALL_LIB}}" RC_SUBR= kpropd:primary CPPFLAGS= -I{{OPENSSLINC}} LDFLAGS= -L{{OPENSSLLIB}} VAR_OPSYS[sunos]= LDFLAGS=-lintl post-patch: ${REINPLACE_CMD} -e "s|/usr/local|${PREFIX}|" \ ${WRKSRC}/clients/ksu/Makefile.in post-install: ${MKDIR} ${STAGEDIR}${STD_DOCDIR} # install PDF documentation (cd ${WRKSRC}/../doc && \ ${COPYTREE_SHARE} pdf ${STAGEDIR}${STD_DOCDIR}) # install HTML documentation (cd ${WRKSRC}/../doc && \ ${COPYTREE_SHARE} html ${STAGEDIR}${STD_DOCDIR} \ "! -path 'html/_sources*'") # remove cat directories ${FIND} ${STAGEDIR}${PREFIX}/share/man -type d -empty -delete [FILE:1253:descriptions/desc.primary] Kerberos V5 is an authentication system developed at MIT. Abridged from the User Guide: Under Kerberos, a client sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password. If the client successfully decrypts the TGT, it keeps the decrypted TGT, which indicates proof of the client's identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already used to. Kerberos V5 is a single-sign-on system, which means that you have to type your password only once per session, and Kerberos does the authenticating and encrypting transparently. [FILE:48:descriptions/desc.tools] This package contains Kerberos version 5 tools. [FILE:97:distinfo] 9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491 8622513 krb5-1.21.2.tar.gz [FILE:605:manifests/plist.primary] lib/ libcom_err.so.3 libcom_err.so.3.0 libgssapi_krb5.so.2 libgssapi_krb5.so.2.2 libgssrpc.so.4 libgssrpc.so.4.2 libk5crypto.so.3 libk5crypto.so.3.1 libkadm5clnt_mit.so libkadm5clnt_mit.so.12 libkadm5clnt_mit.so.12.0 libkadm5srv_mit.so libkadm5srv_mit.so.12 libkadm5srv_mit.so.12.0 libkdb5.so.10 libkdb5.so.10.0 libkrad.so.0 libkrad.so.0.0 libkrb5.so.3 libkrb5.so.3.3 libkrb5support.so libkrb5support.so.0 libkrb5support.so.0.1 libverto.so.0 libverto.so.0.0 lib/krb5/plugins/kdb/db2.so lib/krb5/plugins/preauth/ otp.so pkinit.so spake.so test.so lib/krb5/plugins/tls/k5tls.so [FILE:987:manifests/plist.dev] bin/krb5-config include/ com_err.h gssapi.h kdb.h krad.h krb5.h profile.h verto-module.h verto.h include/gssapi/ gssapi.h gssapi_alloc.h gssapi_ext.h gssapi_generic.h gssapi_krb5.h mechglue.h include/gssrpc/ auth.h auth_gss.h auth_gssapi.h auth_unix.h clnt.h netdb.h pmap_clnt.h pmap_prot.h pmap_rmt.h rename.h rpc.h rpc_msg.h svc.h svc_auth.h types.h xdr.h include/kadm5/ admin.h chpass_util_strings.h kadm_err.h include/krb5/ ccselect_plugin.h certauth_plugin.h clpreauth_plugin.h hostrealm_plugin.h kadm5_auth_plugin.h kadm5_hook_plugin.h kdcpolicy_plugin.h kdcpreauth_plugin.h krb5.h localauth_plugin.h locate_plugin.h plugin.h preauth_plugin.h pwqual_plugin.h lib/ libcom_err.so libgssapi_krb5.so libgssrpc.so libk5crypto.so libkadm5clnt.so libkadm5srv.so libkdb5.so libkrad.so libkrb5.so libverto.so lib/pkgconfig/ gssrpc.pc kadm-client.pc kadm-server.pc kdb.pc krb5-gssapi.pc krb5.pc mit-krb5-gssapi.pc mit-krb5.pc [FILE:423:manifests/plist.tools] bin/ compile_et gss-client k5srvutil kadmin kdestroy kinit klist kpasswd @(root,wheel,04755) bin/ksu kswitch ktutil kvno sclient sim_client uuclient sbin/ gss-server kadmin.local kadmind kdb5_util kprop kpropd kproplog krb5-send-pr krb5kdc sim_server sserver uuserver share/et/ et_c.awk et_h.awk @dir lib/krb5/plugins/authdata @dir lib/krb5/plugins/libkrb5 @dir var/krb5kdc @dir var/run/krb5kdc [FILE:123:manifests/plist.nls] share/locale/de/LC_MESSAGES/mit-krb5.mo share/locale/en_US/LC_MESSAGES/mit-krb5.mo share/locale/ka/LC_MESSAGES/mit-krb5.mo [FILE:59:manifests/plist.examples] share/examples/krb5/ kdc.conf krb5.conf services.append [FILE:533:manifests/plist.man] share/man/man1/ compile_et.1.gz k5srvutil.1.gz kadmin.1.gz kdestroy.1.gz kinit.1.gz klist.1.gz kpasswd.1.gz krb5-config.1.gz ksu.1.gz kswitch.1.gz ktutil.1.gz kvno.1.gz sclient.1.gz share/man/man3/com_err.3.gz share/man/man5/ .k5identity.5.gz .k5login.5.gz k5identity.5.gz k5login.5.gz kadm5.acl.5.gz kdc.conf.5.gz krb5.conf.5.gz share/man/man7/kerberos.7.gz share/man/man8/ kadmin.local.8.gz kadmind.8.gz kdb5_ldap_util.8.gz kdb5_util.8.gz kprop.8.gz kpropd.8.gz kproplog.8.gz krb5kdc.8.gz sserver.8.gz [FILE:271:patches/patch-clients_ksu_Makefile.in] --- clients/ksu/Makefile.in.orig 2023-08-14 16:16:43 UTC +++ clients/ksu/Makefile.in @@ -30,6 +30,6 @@ clean: install: -for f in ksu; do \ - $(INSTALL_SETUID) $$f \ + $(INSTALL_PROGRAM) $$f \ $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ done [FILE:804:patches/patch-config__pre.in] --- config/pre.in.orig 2023-08-14 16:16:43 UTC +++ config/pre.in @@ -181,9 +181,9 @@ LIBS = @LIBS@ INSTALL=@INSTALL@ INSTALL_STRIP= INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) -INSTALL_SCRIPT=@INSTALL_PROGRAM@ +INSTALL_SCRIPT=@INSTALL_SCRIPT@ INSTALL_DATA=@INSTALL_DATA@ -INSTALL_SHLIB=@INSTALL_SHLIB@ +INSTALL_SHLIB=$(INSTALL_LIB) INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root ## This is needed because autoconf will sometimes define @exec_prefix@ to be ## ${prefix}. @@ -205,6 +205,7 @@ PKGCONFIG_DIR = @libdir@/pkgconfig ADMIN_MANDIR = $(KRB5MANROOT)/man8 SERVER_MANDIR = $(KRB5MANROOT)/man8 CLIENT_MANDIR = $(KRB5MANROOT)/man1 +SUBR_MANDIR = $(KRB5MANROOT)/man3 FILE_MANDIR = $(KRB5MANROOT)/man5 ADMIN_CATDIR = $(KRB5MANROOT)/cat8 SERVER_CATDIR = $(KRB5MANROOT)/cat8 [FILE:1365:patches/patch-config_shlib.conf] --- config/shlib.conf.orig 2023-08-14 16:16:43 UTC +++ config/shlib.conf @@ -294,7 +294,7 @@ mips-*-netbsd*) PROFFLAGS=-pg ;; -*-*-netbsd*) +*-*-xxnetbsd*) PICFLAGS=-fPIC SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBEXT=.so @@ -312,7 +312,7 @@ mips-*-netbsd*) PROFFLAGS=-pg ;; -*-*-freebsd*) +*-*-freebsd* | *-*-dragonfly* | *-*-netbsd* | *-*-midnight*) case $krb5_cv_host in sparc64-*) PICFLAGS=-fPIC @@ -321,14 +321,15 @@ mips-*-netbsd*) PICFLAGS=-fpic ;; esac - SHLIBVEXT='.so.$(LIBMAJOR)' - RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' + SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' + SHLIBSEXT='.so.$(LIBMAJOR)' + LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' + RPATH_FLAG='-Wl,-rpath -Wl,' PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' SHLIBEXT=.so - LDCOMBINE='ld -Bshareable' - SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' [FILE:243:patches/patch-include_gssrpc_rpc.h] --- include/gssrpc/rpc.h.orig 2023-08-14 16:16:43 UTC +++ include/gssrpc/rpc.h @@ -39,6 +39,7 @@ #ifndef GSSRPC_RPC_H #define GSSRPC_RPC_H +#include #include /* some typedefs */ #include [FILE:396:patches/patch-kprop_kproplog.c] --- kprop/kproplog.c.orig 2023-08-14 16:16:43 UTC +++ kprop/kproplog.c @@ -415,7 +415,7 @@ map_ulog(const char *filename, int *fd_o close(fd); return NULL; } - ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + ulog = (kdb_hlog_t *)mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (ulog == MAP_FAILED) { close(fd); return NULL; [FILE:2325:patches/patch-lib-krb5-os-localaddr.c] --- lib/krb5/os/localaddr.c.orig 2023-08-14 16:16:43 UTC +++ lib/krb5/os/localaddr.c @@ -176,6 +176,7 @@ printaddr(struct sockaddr *sa) } #endif +#if 0 static int is_loopback_address(struct sockaddr *sa) { @@ -192,6 +193,7 @@ is_loopback_address(struct sockaddr *sa) return 0; } } +#endif #ifdef HAVE_IFADDRS_H #include @@ -449,12 +451,14 @@ foreach_localaddr (/*@null@*/ void *data ifp->ifa_flags &= ~IFF_UP; continue; } +#if 0 if (is_loopback_address(ifp->ifa_addr)) { /* Pretend it's not up, so the second pass will skip it. */ ifp->ifa_flags &= ~IFF_UP; continue; } +#endif /* If this address is a duplicate, punt. */ match = 0; for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { @@ -583,11 +587,13 @@ foreach_localaddr (/*@null@*/ void *data } /*@=moduncon@*/ +#if 0 /* None of the current callers want loopback addresses. */ if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { Tprintf ((" loopback\n")); goto skip; } +#endif /* Ignore interfaces that are down. */ if ((lifreq.lifr_flags & IFF_UP) == 0) { Tprintf ((" down\n")); @@ -754,11 +760,13 @@ foreach_localaddr (/*@null@*/ void *data } /*@=moduncon@*/ +#if 0 /* None of the current callers want loopback addresses. */ if (is_loopback_address(&lifr->iflr_addr)) { Tprintf ((" loopback\n")); goto skip; } +#endif /* Ignore interfaces that are down. */ if ((lifreq.iflr_flags & IFF_UP) == 0) { Tprintf ((" down\n")); @@ -972,11 +980,13 @@ foreach_localaddr (/*@null@*/ void *data } /*@=moduncon@*/ +#if 0 /* None of the current callers want loopback addresses. */ if (is_loopback_address(&ifreq.ifr_addr)) { Tprintf ((" loopback\n")); goto skip; } +#endif /* Ignore interfaces that are down. */ if ((ifreq.ifr_flags & IFF_UP) == 0) { Tprintf ((" down\n")); [FILE:525:patches/patch-lib_crypto_builtin_aes_brg__endian.h] --- lib/crypto/builtin/aes/brg_endian.h.orig 2023-08-14 16:16:43 UTC +++ lib/crypto/builtin/aes/brg_endian.h @@ -35,6 +35,8 @@ Issue Date: 10/09/2018 # include #elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ ) # include +#elif defined( __DragonFly__) +# include #elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \ defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ ) # include [FILE:857:patches/patch-lib_kdb_kdb__log.c] $NetBSD: patch-lib_kdb_kdb__log.c,v 1.2 2020/04/09 10:57:05 adam Exp $ Fix mmap/munmap -Werror=incompatible-pointer-types --- lib/kdb/kdb_log.c.orig 2023-08-14 16:16:43 UTC +++ lib/kdb/kdb_log.c @@ -498,7 +498,7 @@ ulog_map(krb5_context context, const cha } } - ulog = mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED, + ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED, log_ctx->ulogfd, 0); if (ulog == MAP_FAILED) { retval = errno; @@ -680,7 +680,11 @@ ulog_fini(krb5_context context) if (log_ctx == NULL) return; if (log_ctx->ulog != NULL) +#ifdef __sun + munmap((caddr_t)log_ctx->ulog, MAXLOGLEN); +#else munmap(log_ctx->ulog, MAXLOGLEN); +#endif if (log_ctx->ulogfd != -1) close(log_ctx->ulogfd); free(log_ctx); [FILE:692:patches/patch-util_et_Makefile.in] --- util/et/Makefile.in.orig 2023-08-14 16:16:43 UTC +++ util/et/Makefile.in @@ -111,12 +111,13 @@ check-windows: $(OUTPRE)test_et$(EXEEXT) path $(OUTPRE)test_et$(EXEEXT) -install-unix: compile_et compile_et.1 +install-unix: compile_et compile_et.1 com_err.3 $(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir) $(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir) $(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir) $(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1 + $(INSTALL_DATA) $(srcdir)/com_err.3 $(DESTDIR)$(SUBR_MANDIR)/com_err.3 install-headers: compile_et [FILE:496:files/kpropd.in] #!/bin/sh # # PROVIDE: kpropd # REQUIRE: LOGIN # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # kpropd_enable (bool): Set to NO by default. # Set it to YES to enable kpropd. # kpropd_flags (str): Set to "" by default. . /etc/rc.subr name=kpropd rcvar=kpropd_enable load_rc_config $name : ${kpropd_enable:="NO"} : ${kpropd_flags=""} command=%%PREFIX%%/sbin/${name} run_rc_command "$1"