mit-krb5: updated to 1.21.2 Major changes in 1.21.2 (2023-08-14) Fix double-free in KDC TGS processing [CVE-2023-39975]. Major changes in 1.21.1 (2023-07-10) Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. Major changes in 1.21 (2023-06-05) User experience Added a credential cache type providing compatibility with the macOS 11 native credential cache. Developer experience libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own. Added an interface to retrieve the ticket session key from a GSS context. Protocol evolution The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack. The PKINIT client will advertise a more modern set of supported CMS algorithms. Code quality Removed unused code in libkrb5, libkrb5support, and the PKINIT module. Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code. Improved the test framework's detection of memory errors in daemon processes when used with asan.diff -r1.116 -r1.117 pkgsrc/security/mit-krb5/Makefile
(adam)
@@ -1,19 +1,18 @@ | @@ -1,19 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.116 2023/10/24 22:10:52 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.117 2024/01/05 23:46:29 adam Exp $ | |
2 | 2 | |||
3 | BRANCHNAME= 1.19 | 3 | BRANCHNAME= 1.21 | |
4 | DISTNAME= krb5-${BRANCHNAME}.3 | 4 | DISTNAME= krb5-${BRANCHNAME}.2 | |
5 | PKGNAME= mit-${DISTNAME} | 5 | PKGNAME= mit-${DISTNAME} | |
6 | PKGREVISION= 1 | |||
7 | CATEGORIES= security | 6 | CATEGORIES= security | |
8 | # It is not clear how stable this URL scheme is. | 7 | # It is not clear how stable this URL scheme is. | |
9 | MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${BRANCHNAME}/ | 8 | MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${BRANCHNAME}/ | |
10 | 9 | |||
11 | MAINTAINER= tez@NetBSD.org | 10 | MAINTAINER= tez@NetBSD.org | |
12 | HOMEPAGE= https://web.mit.edu/kerberos/ | 11 | HOMEPAGE= https://web.mit.edu/kerberos/ | |
13 | COMMENT= MIT Kerberos 5 authentication system | 12 | COMMENT= MIT Kerberos 5 authentication system | |
14 | 13 | |||
15 | # There is a file NOTICE in the sources, which is enormous. Most | 14 | # There is a file NOTICE in the sources, which is enormous. Most | |
16 | # licenses appear to be some flavor of X11, 3-clause BSD, 4-clause | 15 | # licenses appear to be some flavor of X11, 3-clause BSD, 4-clause | |
17 | # BSD. | 16 | # BSD. | |
18 | # 20201007: gdt emailed upstream asking for clarification on the AES | 17 | # 20201007: gdt emailed upstream asking for clarification on the AES | |
19 | # license, which is not entirely clearly Free, by the text. | 18 | # license, which is not entirely clearly Free, by the text. |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.24 2020/07/03 13:36:57 hauke Exp $ | 1 | @comment $NetBSD: PLIST,v 1.25 2024/01/05 23:46:29 adam Exp $ | |
2 | bin/compile_et | 2 | bin/compile_et | |
3 | bin/gss-client | 3 | bin/gss-client | |
4 | bin/k5srvutil | 4 | bin/k5srvutil | |
5 | bin/kadmin | 5 | bin/kadmin | |
6 | bin/kdestroy | 6 | bin/kdestroy | |
7 | bin/kinit | 7 | bin/kinit | |
8 | bin/klist | 8 | bin/klist | |
9 | bin/kpasswd | 9 | bin/kpasswd | |
10 | bin/krb5-config | 10 | bin/krb5-config | |
11 | bin/ksu | 11 | bin/ksu | |
12 | bin/kswitch | 12 | bin/kswitch | |
13 | bin/ktutil | 13 | bin/ktutil | |
14 | bin/kvno | 14 | bin/kvno | |
@@ -52,55 +52,61 @@ include/krb5/hostrealm_plugin.h | @@ -52,55 +52,61 @@ include/krb5/hostrealm_plugin.h | |||
52 | include/krb5/kadm5_auth_plugin.h | 52 | include/krb5/kadm5_auth_plugin.h | |
53 | include/krb5/kadm5_hook_plugin.h | 53 | include/krb5/kadm5_hook_plugin.h | |
54 | include/krb5/kdcpolicy_plugin.h | 54 | include/krb5/kdcpolicy_plugin.h | |
55 | include/krb5/kdcpreauth_plugin.h | 55 | include/krb5/kdcpreauth_plugin.h | |
56 | include/krb5/krb5.h | 56 | include/krb5/krb5.h | |
57 | include/krb5/localauth_plugin.h | 57 | include/krb5/localauth_plugin.h | |
58 | include/krb5/locate_plugin.h | 58 | include/krb5/locate_plugin.h | |
59 | include/krb5/plugin.h | 59 | include/krb5/plugin.h | |
60 | include/krb5/preauth_plugin.h | 60 | include/krb5/preauth_plugin.h | |
61 | include/krb5/pwqual_plugin.h | 61 | include/krb5/pwqual_plugin.h | |
62 | include/profile.h | 62 | include/profile.h | |
63 | include/verto-module.h | 63 | include/verto-module.h | |
64 | include/verto.h | 64 | include/verto.h | |
65 | @pkgdir lib/krb5/plugins/authdata | |||
65 | lib/krb5/plugins/kdb/db2.la | 66 | lib/krb5/plugins/kdb/db2.la | |
66 | ${PLIST.ldap}lib/krb5/plugins/kdb/kldap.la | 67 | ${PLIST.ldap}lib/krb5/plugins/kdb/kldap.la | |
67 | lib/krb5/plugins/kdb/klmdb.la | 68 | lib/krb5/plugins/kdb/klmdb.la | |
69 | @pkgdir lib/krb5/plugins/libkrb5 | |||
68 | lib/krb5/plugins/preauth/otp.la | 70 | lib/krb5/plugins/preauth/otp.la | |
69 | lib/krb5/plugins/preauth/pkinit.la | 71 | lib/krb5/plugins/preauth/pkinit.la | |
70 | lib/krb5/plugins/preauth/spake.la | 72 | lib/krb5/plugins/preauth/spake.la | |
71 | lib/krb5/plugins/tls/k5tls.la | 73 | lib/krb5/plugins/tls/k5tls.la | |
72 | lib/libcom_err.la | 74 | lib/libcom_err.la | |
73 | lib/libgssapi_krb5.la | 75 | lib/libgssapi_krb5.la | |
74 | lib/libgssrpc.la | 76 | lib/libgssrpc.la | |
75 | lib/libk5crypto.la | 77 | lib/libk5crypto.la | |
76 | lib/libkadm5clnt.la | 78 | lib/libkadm5clnt.la | |
77 | lib/libkadm5clnt_mit.la | 79 | lib/libkadm5clnt_mit.la | |
78 | lib/libkadm5srv.la | 80 | lib/libkadm5srv.la | |
79 | lib/libkadm5srv_mit.la | 81 | lib/libkadm5srv_mit.la | |
80 | lib/libkdb5.la | 82 | lib/libkdb5.la | |
81 | ${PLIST.ldap}lib/libkdb_ldap.la | 83 | ${PLIST.ldap}lib/libkdb_ldap.la | |
82 | lib/libkrad.la | 84 | lib/libkrad.la | |
83 | lib/libkrb5.la | 85 | lib/libkrb5.la | |
84 | lib/libkrb5support.la | 86 | lib/libkrb5support.la | |
85 | lib/libverto.la | 87 | lib/libverto.la | |
86 | lib/pkgconfig/gssrpc.pc | 88 | lib/pkgconfig/gssrpc.pc | |
87 | lib/pkgconfig/kadm-client.pc | 89 | lib/pkgconfig/kadm-client.pc | |
88 | lib/pkgconfig/kadm-server.pc | 90 | lib/pkgconfig/kadm-server.pc | |
89 | lib/pkgconfig/kdb.pc | 91 | lib/pkgconfig/kdb.pc | |
90 | lib/pkgconfig/krb5-gssapi.pc | 92 | lib/pkgconfig/krb5-gssapi.pc | |
91 | lib/pkgconfig/krb5.pc | 93 | lib/pkgconfig/krb5.pc | |
92 | lib/pkgconfig/mit-krb5-gssapi.pc | 94 | lib/pkgconfig/mit-krb5-gssapi.pc | |
93 | lib/pkgconfig/mit-krb5.pc | 95 | lib/pkgconfig/mit-krb5.pc | |
96 | @pkgdir man/cat1 | |||
97 | @pkgdir man/cat5 | |||
98 | @pkgdir man/cat7 | |||
99 | @pkgdir man/cat8 | |||
94 | man/man1/compile_et.1 | 100 | man/man1/compile_et.1 | |
95 | man/man1/k5srvutil.1 | 101 | man/man1/k5srvutil.1 | |
96 | man/man1/kadmin.1 | 102 | man/man1/kadmin.1 | |
97 | man/man1/kdestroy.1 | 103 | man/man1/kdestroy.1 | |
98 | man/man1/kinit.1 | 104 | man/man1/kinit.1 | |
99 | man/man1/klist.1 | 105 | man/man1/klist.1 | |
100 | man/man1/kpasswd.1 | 106 | man/man1/kpasswd.1 | |
101 | man/man1/krb5-config.1 | 107 | man/man1/krb5-config.1 | |
102 | man/man1/ksu.1 | 108 | man/man1/ksu.1 | |
103 | man/man1/kswitch.1 | 109 | man/man1/kswitch.1 | |
104 | man/man1/ktutil.1 | 110 | man/man1/ktutil.1 | |
105 | man/man1/kvno.1 | 111 | man/man1/kvno.1 | |
106 | man/man1/sclient.1 | 112 | man/man1/sclient.1 | |
@@ -129,22 +135,17 @@ sbin/kdb5_util | @@ -129,22 +135,17 @@ sbin/kdb5_util | |||
129 | sbin/kprop | 135 | sbin/kprop | |
130 | sbin/kpropd | 136 | sbin/kpropd | |
131 | sbin/kproplog | 137 | sbin/kproplog | |
132 | sbin/krb5-send-pr | 138 | sbin/krb5-send-pr | |
133 | sbin/krb5kdc | 139 | sbin/krb5kdc | |
134 | sbin/sim_server | 140 | sbin/sim_server | |
135 | sbin/sserver | 141 | sbin/sserver | |
136 | sbin/uuserver | 142 | sbin/uuserver | |
137 | share/et/et_c.awk | 143 | share/et/et_c.awk | |
138 | share/et/et_h.awk | 144 | share/et/et_h.awk | |
139 | share/examples/krb5/kdc.conf | 145 | share/examples/krb5/kdc.conf | |
140 | share/examples/krb5/krb5.conf | 146 | share/examples/krb5/krb5.conf | |
141 | share/examples/krb5/services.append | 147 | share/examples/krb5/services.append | |
148 | @pkgdir share/gnats | |||
142 | share/locale/de/LC_MESSAGES/mit-krb5.mo | 149 | share/locale/de/LC_MESSAGES/mit-krb5.mo | |
143 | share/locale/en_US/LC_MESSAGES/mit-krb5.mo | 150 | share/locale/en_US/LC_MESSAGES/mit-krb5.mo | |
144 | @pkgdir share/gnats | 151 | share/locale/ka/LC_MESSAGES/mit-krb5.mo | |
145 | @pkgdir man/cat8 | |||
146 | @pkgdir man/cat7 | |||
147 | @pkgdir man/cat5 | |||
148 | @pkgdir man/cat1 | |||
149 | @pkgdir lib/krb5/plugins/libkrb5 | |||
150 | @pkgdir lib/krb5/plugins/authdata |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | # $NetBSD: buildlink3.mk,v 1.17 2022/07/29 20:22:44 jperkin Exp $ | 1 | # $NetBSD: buildlink3.mk,v 1.18 2024/01/05 23:46:29 adam Exp $ | |
2 | 2 | |||
3 | BUILDLINK_TREE+= mit-krb5 | 3 | BUILDLINK_TREE+= mit-krb5 | |
4 | 4 | |||
5 | .if !defined(MIT_KRB5_BUILDLINK3_MK) | 5 | .if !defined(MIT_KRB5_BUILDLINK3_MK) | |
6 | MIT_KRB5_BUILDLINK3_MK:= | 6 | MIT_KRB5_BUILDLINK3_MK:= | |
7 | 7 | |||
8 | BUILDLINK_API_DEPENDS.mit-krb5+= mit-krb5>=1.4 | 8 | BUILDLINK_API_DEPENDS.mit-krb5+= mit-krb5>=1.4 | |
9 | BUILDLINK_ABI_DEPENDS.mit-krb5?= mit-krb5>=1.18.4nb1 | 9 | BUILDLINK_ABI_DEPENDS.mit-krb5+= mit-krb5>=1.18.4nb1 | |
10 | BUILDLINK_PKGSRCDIR.mit-krb5?= ../../security/mit-krb5 | 10 | BUILDLINK_PKGSRCDIR.mit-krb5?= ../../security/mit-krb5 | |
11 | .endif # MIT_KRB5_BUILDLINK3_MK | 11 | .endif # MIT_KRB5_BUILDLINK3_MK | |
12 | 12 | |||
13 | BUILDLINK_TREE+= -mit-krb5 | 13 | BUILDLINK_TREE+= -mit-krb5 |
@@ -1,26 +1,26 @@ | @@ -1,26 +1,26 @@ | |||
1 | # $NetBSD: builtin.mk,v 1.18 2022/07/29 20:22:44 jperkin Exp $ | 1 | # $NetBSD: builtin.mk,v 1.19 2024/01/05 23:46:29 adam Exp $ | |
2 | 2 | |||
3 | BUILTIN_PKG:= mit-krb5 | 3 | BUILTIN_PKG:= mit-krb5 | |
4 | 4 | |||
5 | .include "../../mk/bsd.fast.prefs.mk" | 5 | .include "../../mk/bsd.fast.prefs.mk" | |
6 | 6 | |||
7 | BUILTIN_FIND_HEADERS_VAR:= H_MIT_KRB5 | 7 | BUILTIN_FIND_HEADERS_VAR:= H_MIT_KRB5 | |
8 | .if !(empty(MACHINE_PLATFORM:MDarwin-9.*-*) && \ | 8 | .if !(!${MACHINE_PLATFORM:MDarwin-9.*-*} && \ | |
9 | empty(MACHINE_PLATFORM:MDarwin-1?.*-*)) | 9 | empty(MACHINE_PLATFORM:MDarwin-1?.*-*)) | |
10 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5/krb5.h | 10 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5/krb5.h | |
11 | .elif !empty(MACHINE_PLATFORM:MSunOS-*-*) | 11 | .elif ${MACHINE_PLATFORM:MSunOS-*-*} | |
12 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= kerberosv5/krb5.h | 12 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= kerberosv5/krb5.h | |
13 | .elif !empty(MACHINE_PLATFORM:MLinux-*) | 13 | .elif ${MACHINE_PLATFORM:MLinux-*} | |
14 | # Assuming mit-krb5 >= 1.5 on GNU/Linux. | 14 | # Assuming mit-krb5 >= 1.5 on GNU/Linux. | |
15 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5/krb5.h | 15 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5/krb5.h | |
16 | .else | 16 | .else | |
17 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5.h | 17 | BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5.h | |
18 | .endif | 18 | .endif | |
19 | BUILTIN_FIND_GREP.H_MIT_KRB5= Massachusetts | 19 | BUILTIN_FIND_GREP.H_MIT_KRB5= Massachusetts | |
20 | BUILTIN_FIND_FILES_VAR:= SH_KRB5_CONFIG | 20 | BUILTIN_FIND_FILES_VAR:= SH_KRB5_CONFIG | |
21 | BUILTIN_FIND_FILES.SH_KRB5_CONFIG= /usr/bin/krb5-config | 21 | BUILTIN_FIND_FILES.SH_KRB5_CONFIG= /usr/bin/krb5-config | |
22 | BUILTIN_FIND_FILES.SH_KRB5_CONFIG+= /usr/lib/mit/bin/krb5-config | 22 | BUILTIN_FIND_FILES.SH_KRB5_CONFIG+= /usr/lib/mit/bin/krb5-config | |
23 | BUILTIN_FIND_GREP.SH_KRB5_CONFIG= ^[ ]*--version) | 23 | BUILTIN_FIND_GREP.SH_KRB5_CONFIG= ^[ ]*--version) | |
24 | 24 | |||
25 | .include "../../mk/buildlink3/bsd.builtin.mk" | 25 | .include "../../mk/buildlink3/bsd.builtin.mk" | |
26 | 26 | |||
@@ -31,70 +31,70 @@ BUILTIN_FIND_GREP.SH_KRB5_CONFIG= ^[ ]* | @@ -31,70 +31,70 @@ BUILTIN_FIND_GREP.SH_KRB5_CONFIG= ^[ ]* | |||
31 | .if !defined(IS_BUILTIN.mit-krb5) | 31 | .if !defined(IS_BUILTIN.mit-krb5) | |
32 | IS_BUILTIN.mit-krb5= no | 32 | IS_BUILTIN.mit-krb5= no | |
33 | . if empty(H_MIT_KRB5:M__nonexistent__) && empty(H_MIT_KRB5:M${LOCALBASE}/*) | 33 | . if empty(H_MIT_KRB5:M__nonexistent__) && empty(H_MIT_KRB5:M${LOCALBASE}/*) | |
34 | IS_BUILTIN.mit-krb5= yes | 34 | IS_BUILTIN.mit-krb5= yes | |
35 | . endif | 35 | . endif | |
36 | .endif | 36 | .endif | |
37 | MAKEVARS+= IS_BUILTIN.mit-krb5 | 37 | MAKEVARS+= IS_BUILTIN.mit-krb5 | |
38 | 38 | |||
39 | ### | 39 | ### | |
40 | ### If there is a built-in implementation, then set BUILTIN_PKG.<pkg> to | 40 | ### If there is a built-in implementation, then set BUILTIN_PKG.<pkg> to | |
41 | ### a package name to represent the built-in package. | 41 | ### a package name to represent the built-in package. | |
42 | ### | 42 | ### | |
43 | .if !defined(BUILTIN_PKG.mit-krb5) && \ | 43 | .if !defined(BUILTIN_PKG.mit-krb5) && \ | |
44 | !empty(IS_BUILTIN.mit-krb5:M[yY][eE][sS]) | 44 | ${IS_BUILTIN.mit-krb5:tl} == yes | |
45 | . if empty(SH_KRB5_CONFIG:M__nonexistent__) | 45 | . if empty(SH_KRB5_CONFIG:M__nonexistent__) | |
46 | BUILTIN_VERSION.mit-krb5!= ${SH_KRB5_CONFIG} --version | \ | 46 | BUILTIN_VERSION.mit-krb5!= ${SH_KRB5_CONFIG} --version | \ | |
47 | ${SED} -e 's/.*release //' -e 's/-.*//' -e 's/).*//' | 47 | ${SED} -e 's/.*release //' -e 's/-.*//' -e 's/).*//' | |
48 | . endif | 48 | . endif | |
49 | BUILTIN_VERSION.mit-krb5?= 1.4.0 | 49 | BUILTIN_VERSION.mit-krb5?= 1.4.0 | |
50 | BUILTIN_PKG.mit-krb5= mit-krb5-${BUILTIN_VERSION.mit-krb5} | 50 | BUILTIN_PKG.mit-krb5= mit-krb5-${BUILTIN_VERSION.mit-krb5} | |
51 | .endif | 51 | .endif | |
52 | MAKEVARS+= BUILTIN_PKG.mit-krb5 | 52 | MAKEVARS+= BUILTIN_PKG.mit-krb5 | |
53 | 53 | |||
54 | ### | 54 | ### | |
55 | ### Determine whether we should use the built-in implementation if it | 55 | ### Determine whether we should use the built-in implementation if it | |
56 | ### exists, and set USE_BUILTIN.<pkg> appropriate ("yes" or "no"). | 56 | ### exists, and set USE_BUILTIN.<pkg> appropriate ("yes" or "no"). | |
57 | ### | 57 | ### | |
58 | .if !defined(USE_BUILTIN.mit-krb5) | 58 | .if !defined(USE_BUILTIN.mit-krb5) | |
59 | . if ${PREFER.mit-krb5} == "pkgsrc" | 59 | . if ${PREFER.mit-krb5} == "pkgsrc" | |
60 | USE_BUILTIN.mit-krb5= no | 60 | USE_BUILTIN.mit-krb5= no | |
61 | . else | 61 | . else | |
62 | USE_BUILTIN.mit-krb5= ${IS_BUILTIN.mit-krb5} | 62 | USE_BUILTIN.mit-krb5= ${IS_BUILTIN.mit-krb5} | |
63 | . if defined(BUILTIN_PKG.mit-krb5) && \ | 63 | . if defined(BUILTIN_PKG.mit-krb5) && \ | |
64 | !empty(IS_BUILTIN.mit-krb5:M[yY][eE][sS]) | 64 | ${IS_BUILTIN.mit-krb5:tl} == yes | |
65 | USE_BUILTIN.mit-krb5= yes | 65 | USE_BUILTIN.mit-krb5= yes | |
66 | . for dep__ in ${BUILDLINK_API_DEPENDS.mit-krb5} | 66 | . for dep__ in ${BUILDLINK_API_DEPENDS.mit-krb5} | |
67 | . if !empty(USE_BUILTIN.mit-krb5:M[yY][eE][sS]) | 67 | . if ${USE_BUILTIN.mit-krb5:tl} == yes | |
68 | USE_BUILTIN.mit-krb5!= \ | 68 | USE_BUILTIN.mit-krb5!= \ | |
69 | if ${PKG_ADMIN} pmatch ${dep__:Q} ${BUILTIN_PKG.mit-krb5:Q}; then \ | 69 | if ${PKG_ADMIN} pmatch ${dep__:Q} ${BUILTIN_PKG.mit-krb5}; then \ | |
70 | ${ECHO} "yes"; \ | 70 | ${ECHO} "yes"; \ | |
71 | else \ | 71 | else \ | |
72 | ${ECHO} "no"; \ | 72 | ${ECHO} "no"; \ | |
73 | fi | 73 | fi | |
74 | . endif | 74 | . endif | |
75 | . endfor | 75 | . endfor | |
76 | . endif | 76 | . endif | |
77 | . endif | 77 | . endif | |
78 | .endif | 78 | .endif | |
79 | MAKEVARS+= USE_BUILTIN.mit-krb5 | 79 | MAKEVARS+= USE_BUILTIN.mit-krb5 | |
80 | 80 | |||
81 | ### | 81 | ### | |
82 | ### The section below only applies if we are not including this file | 82 | ### The section below only applies if we are not including this file | |
83 | ### solely to determine whether a built-in implementation exists. | 83 | ### solely to determine whether a built-in implementation exists. | |
84 | ### | 84 | ### | |
85 | CHECK_BUILTIN.mit-krb5?= no | 85 | CHECK_BUILTIN.mit-krb5?= no | |
86 | .if !empty(CHECK_BUILTIN.mit-krb5:M[nN][oO]) | 86 | .if ${CHECK_BUILTIN.mit-krb5:tl} == no | |
87 | . if !empty(USE_BUILTIN.mit-krb5:M[yY][eE][sS]) | 87 | . if ${USE_BUILTIN.mit-krb5:tl} == yes | |
88 | KRB5_CONFIG?= ${SH_KRB5_CONFIG} | 88 | KRB5_CONFIG?= ${SH_KRB5_CONFIG} | |
89 | ALL_ENV+= KRB5_CONFIG=${KRB5_CONFIG:Q} | 89 | ALL_ENV+= KRB5_CONFIG=${KRB5_CONFIG:Q} | |
90 | 90 | |||
91 | BUILDLINK_CPPFLAGS.mit-krb5!= ${SH_KRB5_CONFIG} --cflags | 91 | BUILDLINK_CPPFLAGS.mit-krb5!= ${SH_KRB5_CONFIG} --cflags | |
92 | BUILDLINK_LDFLAGS.mit-krb5!= ${SH_KRB5_CONFIG} --libs | 92 | BUILDLINK_LDFLAGS.mit-krb5!= ${SH_KRB5_CONFIG} --libs | |
93 | 93 | |||
94 | # | 94 | # | |
95 | # The SunOS builtin krb5-config does not support all of the arguments that the | 95 | # The SunOS builtin krb5-config does not support all of the arguments that the | |
96 | # MIT version does so we install a fake script which strips them out. | 96 | # MIT version does so we install a fake script which strips them out. | |
97 | # | 97 | # | |
98 | . if ${OPSYS} == "SunOS" | 98 | . if ${OPSYS} == "SunOS" | |
99 | KRB5_CONFIG= ${BUILDLINK_DIR}/bin/krb5-config | 99 | KRB5_CONFIG= ${BUILDLINK_DIR}/bin/krb5-config | |
100 | BUILDLINK_CPPFLAGS.mit-krb5+= -I/usr/include/gssapi | 100 | BUILDLINK_CPPFLAGS.mit-krb5+= -I/usr/include/gssapi |
@@ -1,32 +1,32 @@ | @@ -1,32 +1,32 @@ | |||
1 | $NetBSD: distinfo,v 1.80 2022/07/29 20:22:44 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.81 2024/01/05 23:46:29 adam Exp $ | |
2 | 2 | |||
3 | BLAKE2s (krb5-1.19.3.tar.gz) = 25b6d084dcc560252f6ee576da976a6f6a1972537eb355dc0aa240dcab4400d2 | 3 | BLAKE2s (krb5-1.21.2.tar.gz) = 409811ddde6dd93f489a655aa558e668af2a9fcf6768973d2109442feb828907 | |
4 | SHA512 (krb5-1.19.3.tar.gz) = 18235440d6f7d8a72c5d7ca5cd8c6465e8adf091d85c483225c7b00d64b4688c1c7924cb800c2fc17e590b2709f1a9de48e6ec79f6debd11dcb7d6fa16c6f351 | 4 | SHA512 (krb5-1.21.2.tar.gz) = 4e09296b412383d53872661718dbfaa90201e0d85f69db48e57a8d4bd73c95a90c7ec7b6f0f325f6bc967f8d203b256b071c0191facf080aca0e2caec5d0ac49 | |
5 | Size (krb5-1.19.3.tar.gz) = 8741343 bytes | 5 | Size (krb5-1.21.2.tar.gz) = 8622513 bytes | |
6 | SHA1 (patch-Makefile.in) = 24f915d7a4340b9a4a454b9b67c94147fdc49c34 | 6 | SHA1 (patch-Makefile.in) = 24f915d7a4340b9a4a454b9b67c94147fdc49c34 | |
7 | SHA1 (patch-aclocal.m4) = 07b5d9ae38c74eaea6ba62aed9062dca1bf7f3fb | 7 | SHA1 (patch-aclocal.m4) = 07b5d9ae38c74eaea6ba62aed9062dca1bf7f3fb | |
8 | SHA1 (patch-build-tools_krb5-config.in) = 4ab922df1d86d86f9ef043f2c5cdf048c0477d3a | 8 | SHA1 (patch-build-tools_krb5-config.in) = 4ab922df1d86d86f9ef043f2c5cdf048c0477d3a | |
9 | SHA1 (patch-ccapi_test_test__ccapi.sh) = 5210f31dd23e6f556d40f5ff2b436bf395eef4d0 | 9 | SHA1 (patch-ccapi_test_test__ccapi.sh) = 5210f31dd23e6f556d40f5ff2b436bf395eef4d0 | |
10 | SHA1 (patch-config_lib.in) = 974db26486b3239e4fcd53be7280b32c802f6007 | 10 | SHA1 (patch-config_lib.in) = 974db26486b3239e4fcd53be7280b32c802f6007 | |
11 | SHA1 (patch-config_libnover.in) = 9337e06792e2dcc50c610503ef842ebfc18fc08b | 11 | SHA1 (patch-config_libnover.in) = 9337e06792e2dcc50c610503ef842ebfc18fc08b | |
12 | SHA1 (patch-config_libobj.in) = c7395b9de5baf6612b8787fad55dbc051a680bfd | 12 | SHA1 (patch-config_libobj.in) = c7395b9de5baf6612b8787fad55dbc051a680bfd | |
13 | SHA1 (patch-config_libpriv.in) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b | 13 | SHA1 (patch-config_libpriv.in) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b | |
14 | SHA1 (patch-config_pre.in) = 255973132db9327190211214c3e33b4551bd283b | 14 | SHA1 (patch-config_pre.in) = 255973132db9327190211214c3e33b4551bd283b | |
15 | SHA1 (patch-config_shlib.conf) = 74859f18c5bf7c723face05873a219a839b28942 | 15 | SHA1 (patch-config_shlib.conf) = 74859f18c5bf7c723face05873a219a839b28942 | |
16 | SHA1 (patch-include_osconf.hin) = d31a8164f417bc31a787c8e16d1bd24f27b7140d | 16 | SHA1 (patch-include_osconf.hin) = d31a8164f417bc31a787c8e16d1bd24f27b7140d | |
17 | SHA1 (patch-kadmin_cli_ss_wrapper.c) = e32e6180f8d508cb2eb18489ce2fef0a1ad0f51d | 17 | SHA1 (patch-kadmin_cli_ss_wrapper.c) = e32e6180f8d508cb2eb18489ce2fef0a1ad0f51d | |
18 | SHA1 (patch-kprop_kproplog.c) = 9b751de7eb70d026b54e15275bb878bdb0ce52eb | 18 | SHA1 (patch-kprop_kproplog.c) = cbfd43495d40ecd9edf427c3dfb135b0fe2c9546 | |
19 | SHA1 (patch-lib_apputils_Makefile.in) = 085004041a2bb8c4bb3074c2e71e71f22f4f06d7 | 19 | SHA1 (patch-lib_apputils_Makefile.in) = 085004041a2bb8c4bb3074c2e71e71f22f4f06d7 | |
20 | SHA1 (patch-lib_apputils_udppktinfo.c) = 47ac861181faebfe5f95c28be329ce917ece872c | 20 | SHA1 (patch-lib_apputils_udppktinfo.c) = 47ac861181faebfe5f95c28be329ce917ece872c | |
21 | SHA1 (patch-lib_gssapi_Makefile.in) = 806b089d3b12ea9a17c6caab59cbdeb6ec17bbc3 | 21 | SHA1 (patch-lib_gssapi_Makefile.in) = 806b089d3b12ea9a17c6caab59cbdeb6ec17bbc3 | |
22 | SHA1 (patch-lib_gssapi_krb5_import__name.c) = 7445639b82eadf9b1feb1448c1654fa6ddc937aa | 22 | SHA1 (patch-lib_gssapi_krb5_import__name.c) = 7445639b82eadf9b1feb1448c1654fa6ddc937aa | |
23 | SHA1 (patch-lib_kdb_Makefile.in) = 0c45e34ea8b5d0270c386d430b0d37469e8440ea | 23 | SHA1 (patch-lib_kdb_Makefile.in) = 0c45e34ea8b5d0270c386d430b0d37469e8440ea | |
24 | SHA1 (patch-lib_kdb_kdb__log.c) = dc759fae6099e7586686bcf14d7cd775854e0360 | 24 | SHA1 (patch-lib_kdb_kdb__log.c) = dc759fae6099e7586686bcf14d7cd775854e0360 | |
25 | SHA1 (patch-lib_krb5_ccache_Makefile.in) = 330ae21ec3b290ae16478c2c49a138acac5bf2fd | 25 | SHA1 (patch-lib_krb5_ccache_Makefile.in) = 330ae21ec3b290ae16478c2c49a138acac5bf2fd | |
26 | SHA1 (patch-plugins_kdb_db2_Makefile.in) = eae56f7f450a299bdf1d86ee491af1fd51bd1d0c | 26 | SHA1 (patch-plugins_kdb_db2_Makefile.in) = eae56f7f450a299bdf1d86ee491af1fd51bd1d0c | |
27 | SHA1 (patch-plugins_kdb_db2_libdb2_Makefile.in) = b4b7e8e4192b5e5318f1e42c49315789619f3ae9 | 27 | SHA1 (patch-plugins_kdb_db2_libdb2_Makefile.in) = b4b7e8e4192b5e5318f1e42c49315789619f3ae9 | |
28 | SHA1 (patch-plugins_kdb_ldap_ldap__util_Makefile.in) = 7aa0f44cc02c523c837e7e3e1766624d2323deb9 | 28 | SHA1 (patch-plugins_kdb_ldap_ldap__util_Makefile.in) = 7aa0f44cc02c523c837e7e3e1766624d2323deb9 | |
29 | SHA1 (patch-plugins_preauth_otp_Makefile.in) = 8c779e3b37cab4138f300f4a09325387092c79f8 | 29 | SHA1 (patch-plugins_preauth_otp_Makefile.in) = 8c779e3b37cab4138f300f4a09325387092c79f8 | |
30 | SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = 7d9e5429737536bf1577a41040e6587bb55d8142 | 30 | SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = 7d9e5429737536bf1577a41040e6587bb55d8142 | |
31 | SHA1 (patch-util_k5ev_verto-k5ev.c) = 8f074ddccbaaa03576f0302437aed3aaad1b738d | |||
32 | SHA1 (patch-util_ss_Makefile.in) = 5ca0bf7295a8f4c1d8e59097863940f88d224ee7 | 31 | SHA1 (patch-util_ss_Makefile.in) = 5ca0bf7295a8f4c1d8e59097863940f88d224ee7 | |
32 | SHA1 (patch-util_verto_verto-k5ev.c) = 8f074ddccbaaa03576f0302437aed3aaad1b738d |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-kprop_kproplog.c,v 1.1 2020/04/09 10:57:49 adam Exp $ | 1 | $NetBSD: patch-kprop_kproplog.c,v 1.2 2024/01/05 23:46:29 adam Exp $ | |
2 | 2 | |||
3 | Fix mmap -Werror=incompatible-pointer-types. | 3 | Fix mmap -Werror=incompatible-pointer-types. | |
4 | 4 | |||
5 | --- kprop/kproplog.c.orig 2020-04-09 08:50:26.000000000 +0000 | 5 | --- kprop/kproplog.c.orig 2023-08-14 16:16:43.000000000 +0000 | |
6 | +++ kprop/kproplog.c | 6 | +++ kprop/kproplog.c | |
7 | @@ -412,7 +412,7 @@ map_ulog(const char *filename) | 7 | @@ -415,7 +415,7 @@ map_ulog(const char *filename, int *fd_o | |
8 | return NULL; | 8 | close(fd); | |
9 | if (fstat(fd, &st) < 0) | |||
10 | return NULL; | 9 | return NULL; | |
10 | } | |||
11 | - ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); | 11 | - ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); | |
12 | + ulog = (kdb_hlog_t *)mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); | 12 | + ulog = (kdb_hlog_t *)mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); | |
13 | return (ulog == MAP_FAILED) ? NULL : ulog; | 13 | if (ulog == MAP_FAILED) { | |
14 | } | 14 | close(fd); | |
15 | 15 | return NULL; |
$NetBSD: patch-util_verto_verto-k5ev.c,v 1.1 2024/01/05 23:46:29 adam Exp $
Fix include file path
--- util/verto/verto-k5ev.c.orig 2018-05-03 14:34:47.000000000 +0000
+++ util/verto/verto-k5ev.c
@@ -35,7 +35,7 @@
#include <verto.h>
#include <verto-module.h>
-#include "rename.h"
+#include "gssrpc/rename.h"
/* Ignore some warnings generated by the libev code, which the libev maintainer
* isn't interested in avoiding. */