head 1.163; access; symbols pkgsrc-2023Q4:1.163.0.2 pkgsrc-2023Q4-base:1.163 pkgsrc-2023Q3:1.161.0.2 pkgsrc-2023Q3-base:1.161 pkgsrc-2023Q2:1.160.0.2 pkgsrc-2023Q2-base:1.160 pkgsrc-2023Q1:1.157.0.2 pkgsrc-2023Q1-base:1.157 pkgsrc-2022Q4:1.156.0.2 pkgsrc-2022Q4-base:1.156 pkgsrc-2022Q3:1.154.0.2 pkgsrc-2022Q3-base:1.154 pkgsrc-2022Q2:1.153.0.2 pkgsrc-2022Q2-base:1.153 pkgsrc-2022Q1:1.152.0.4 pkgsrc-2022Q1-base:1.152 pkgsrc-2021Q4:1.152.0.2 pkgsrc-2021Q4-base:1.152 pkgsrc-2021Q3:1.146.0.4 pkgsrc-2021Q3-base:1.146 pkgsrc-2021Q2:1.146.0.2 pkgsrc-2021Q2-base:1.146 pkgsrc-2021Q1:1.144.0.4 pkgsrc-2021Q1-base:1.144 pkgsrc-2020Q4:1.144.0.2 pkgsrc-2020Q4-base:1.144 pkgsrc-2020Q3:1.143.0.2 pkgsrc-2020Q3-base:1.143 pkgsrc-2020Q2:1.142.0.2 pkgsrc-2020Q2-base:1.142 pkgsrc-2020Q1:1.140.0.2 pkgsrc-2020Q1-base:1.140 pkgsrc-2019Q4:1.134.0.4 pkgsrc-2019Q4-base:1.134 pkgsrc-2019Q3:1.132.0.4 pkgsrc-2019Q3-base:1.132 pkgsrc-2019Q2:1.132.0.2 pkgsrc-2019Q2-base:1.132 pkgsrc-2019Q1:1.131.0.2 pkgsrc-2019Q1-base:1.131 pkgsrc-2018Q4:1.129.0.2 pkgsrc-2018Q4-base:1.129 pkgsrc-2018Q3:1.127.0.2 pkgsrc-2018Q3-base:1.127 pkgsrc-2018Q2:1.126.0.2 pkgsrc-2018Q2-base:1.126 pkgsrc-2018Q1:1.125.0.4 pkgsrc-2018Q1-base:1.125 pkgsrc-2017Q4:1.125.0.2 pkgsrc-2017Q4-base:1.125 pkgsrc-2017Q3:1.124.0.4 pkgsrc-2017Q3-base:1.124 pkgsrc-2017Q2:1.123.0.2 pkgsrc-2017Q2-base:1.123 pkgsrc-2017Q1:1.122.0.4 pkgsrc-2017Q1-base:1.122 pkgsrc-2016Q4:1.122.0.2 pkgsrc-2016Q4-base:1.122 pkgsrc-2016Q3:1.121.0.4 pkgsrc-2016Q3-base:1.121 pkgsrc-2016Q2:1.121.0.2 pkgsrc-2016Q2-base:1.121 pkgsrc-2016Q1:1.119.0.2 pkgsrc-2016Q1-base:1.119 pkgsrc-2015Q4:1.116.0.2 pkgsrc-2015Q4-base:1.116 pkgsrc-2015Q3:1.115.0.4 pkgsrc-2015Q3-base:1.115 pkgsrc-2015Q2:1.115.0.2 pkgsrc-2015Q2-base:1.115 pkgsrc-2015Q1:1.114.0.4 pkgsrc-2015Q1-base:1.114 pkgsrc-2014Q4:1.114.0.2 pkgsrc-2014Q4-base:1.114 pkgsrc-2014Q3:1.113.0.2 pkgsrc-2014Q3-base:1.113 pkgsrc-2014Q2:1.112.0.2 pkgsrc-2014Q2-base:1.112 pkgsrc-2014Q1:1.111.0.2 pkgsrc-2014Q1-base:1.111 pkgsrc-2013Q4:1.107.0.2 pkgsrc-2013Q4-base:1.107 pkgsrc-2013Q3:1.103.0.2 pkgsrc-2013Q3-base:1.103 pkgsrc-2013Q2:1.98.0.2 pkgsrc-2013Q2-base:1.98 pkgsrc-2013Q1:1.97.0.2 pkgsrc-2013Q1-base:1.97 pkgsrc-2012Q4:1.95.0.2 pkgsrc-2012Q4-base:1.95 pkgsrc-2012Q3:1.92.0.2 pkgsrc-2012Q3-base:1.92 pkgsrc-2012Q2:1.90.0.2 pkgsrc-2012Q2-base:1.90 pkgsrc-2012Q1:1.89.0.2 pkgsrc-2012Q1-base:1.89 pkgsrc-2011Q4:1.84.0.2 pkgsrc-2011Q4-base:1.84 pkgsrc-2011Q3:1.82.0.2 pkgsrc-2011Q3-base:1.82 pkgsrc-2011Q2:1.79.0.12 pkgsrc-2011Q2-base:1.79 pkgsrc-2011Q1:1.79.0.10 pkgsrc-2011Q1-base:1.79 pkgsrc-2010Q4:1.79.0.8 pkgsrc-2010Q4-base:1.79 pkgsrc-2010Q3:1.79.0.6 pkgsrc-2010Q3-base:1.79 pkgsrc-2010Q2:1.79.0.4 pkgsrc-2010Q2-base:1.79 pkgsrc-2010Q1:1.79.0.2 pkgsrc-2010Q1-base:1.79 pkgsrc-2009Q4:1.76.0.6 pkgsrc-2009Q4-base:1.76 pkgsrc-2009Q3:1.76.0.4 pkgsrc-2009Q3-base:1.76 pkgsrc-2009Q2:1.76.0.2 pkgsrc-2009Q2-base:1.76 pkgsrc-2009Q1:1.72.0.2 pkgsrc-2009Q1-base:1.72 pkgsrc-2008Q4:1.71.0.10 pkgsrc-2008Q4-base:1.71 pkgsrc-2008Q3:1.71.0.8 pkgsrc-2008Q3-base:1.71 cube-native-xorg:1.71.0.6 cube-native-xorg-base:1.71 pkgsrc-2008Q2:1.71.0.4 pkgsrc-2008Q2-base:1.71 cwrapper:1.71.0.2 pkgsrc-2008Q1:1.68.0.2 pkgsrc-2008Q1-base:1.68 pkgsrc-2007Q4:1.63.0.8 pkgsrc-2007Q4-base:1.63 pkgsrc-2007Q3:1.63.0.6 pkgsrc-2007Q3-base:1.63 pkgsrc-2007Q2:1.63.0.4 pkgsrc-2007Q2-base:1.63 pkgsrc-2007Q1:1.63.0.2 pkgsrc-2007Q1-base:1.63 pkgsrc-2006Q4:1.62.0.4 pkgsrc-2006Q4-base:1.62 pkgsrc-2006Q3:1.62.0.2 pkgsrc-2006Q3-base:1.62 pkgsrc-2006Q2:1.59.0.2 pkgsrc-2006Q2-base:1.59 pkgsrc-2006Q1:1.54.0.2 pkgsrc-2006Q1-base:1.54 pkgsrc-2005Q4:1.49.0.2 pkgsrc-2005Q4-base:1.49 pkgsrc-2005Q3:1.42.0.2 pkgsrc-2005Q3-base:1.42 pkgsrc-2005Q2:1.40.0.2 pkgsrc-2005Q2-base:1.40 pkgsrc-2005Q1:1.32.0.2 pkgsrc-2005Q1-base:1.32 pkgsrc-2004Q4:1.30.0.2 pkgsrc-2004Q4-base:1.30 pkgsrc-2004Q3:1.22.0.2 pkgsrc-2004Q3-base:1.22 pkgsrc-2004Q2:1.14.0.2 pkgsrc-2004Q2-base:1.14 pkgsrc-2004Q1:1.11.0.2 pkgsrc-2004Q1-base:1.11 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.163 date 2023.11.08.13.20.46; author wiz; state Exp; branches; next 1.162; commitid PsuHTklAIsF4bOLE; 1.162 date 2023.10.24.22.10.48; author wiz; state Exp; branches; next 1.161; commitid MTsrqKm6aGrQAVJE; 1.161 date 2023.08.14.05.25.09; author wiz; state Exp; branches; next 1.160; commitid LOSB79OLVxvXjIAE; 1.160 date 2023.06.19.19.13.03; author riastradh; state Exp; branches; next 1.159; commitid FxsM8Aj2rXucIAtE; 1.159 date 2023.06.06.12.42.13; author riastradh; state Exp; branches; next 1.158; commitid xhspr6Z8JLQOWSrE; 1.158 date 2023.04.19.08.08.40; author adam; state Exp; branches; next 1.157; commitid B8gCWhWtMX9vZGlE; 1.157 date 2023.02.08.07.41.25; author wiz; state Exp; branches 1.157.2.1; next 1.156; commitid BSL243sBfphW5HcE; 1.156 date 2022.11.23.16.18.59; author adam; state Exp; branches; next 1.155; commitid ju2K3LUYlTJKqQ2E; 1.155 date 2022.11.22.12.51.00; author adam; state Exp; branches; next 1.154; commitid sxSmreqPXkvtjH2E; 1.154 date 2022.06.28.11.35.35; author wiz; state Exp; branches; next 1.153; commitid D2UoJrTHpoHEANJD; 1.153 date 2022.04.18.19.10.04; author adam; state Exp; branches; next 1.152; commitid eC9Na3jrfOOUpIAD; 1.152 date 2021.12.08.16.02.33; author adam; state Exp; branches; next 1.151; commitid 2PyWjHx5T8rqARjD; 1.151 date 2021.11.17.08.46.02; author wiz; state Exp; branches; next 1.150; commitid H5NbQmKZcKtTQ7hD; 1.150 date 2021.10.22.07.31.54; author wiz; state Exp; branches; next 1.149; commitid is31vUcVSJjbhMdD; 1.149 date 2021.10.21.09.02.25; author wiz; state Exp; branches; next 1.148; commitid WId0Ot5AY7RoOEdD; 1.148 date 2021.10.21.07.51.41; author wiz; state Exp; branches; next 1.147; commitid 2OId04C1IZ56qEdD; 1.147 date 2021.10.21.07.46.02; author wiz; state Exp; branches; next 1.146; commitid JtAcafnZ5m93oEdD; 1.146 date 2021.05.09.16.04.34; author thor; state Exp; branches; next 1.145; commitid qonlyRBgEMXaruSC; 1.145 date 2021.04.21.11.40.36; author adam; state Exp; branches; next 1.144; commitid fph0Axs0eT3az9QC; 1.144 date 2020.11.05.09.07.06; author ryoon; state Exp; branches; next 1.143; commitid VqGaBtHnBBcd5GuC; 1.143 date 2020.07.26.09.30.14; author bsiegert; state Exp; branches; next 1.142; commitid kor1iapJr9LiuzhC; 1.142 date 2020.06.02.08.22.54; author adam; state Exp; branches; next 1.141; commitid nisovMpvvZm3RCaC; 1.141 date 2020.04.12.08.28.05; author adam; state Exp; branches; next 1.140; commitid 7jZFLCnc3RCww44C; 1.140 date 2020.03.21.00.15.11; author markd; state Exp; branches; next 1.139; commitid c0XOA3ESz1divc1C; 1.139 date 2020.03.18.13.18.57; author gdt; state Exp; branches; next 1.138; commitid spHG2s3hNdVAVS0C; 1.138 date 2020.02.20.21.01.09; author rillig; state Exp; branches; next 1.137; commitid 2e9ZghtbqsCBmsXB; 1.137 date 2020.02.13.21.12.21; author rillig; state Exp; branches; next 1.136; commitid 31nPTA4DMeAfEyWB; 1.136 date 2020.02.13.21.04.25; author rillig; state Exp; branches; next 1.135; commitid qZf2uUwQGdCpByWB; 1.135 date 2020.01.18.21.48.21; author jperkin; state Exp; branches; next 1.134; commitid JW4hJgY8ZdoTFdTB; 1.134 date 2019.11.04.21.12.53; author rillig; state Exp; branches; next 1.133; commitid G51T39p39YNQTzJB; 1.133 date 2019.10.21.16.21.44; author wiz; state Exp; branches; next 1.132; commitid cJOZMgWf6YrHJKHB; 1.132 date 2019.04.03.00.33.04; author ryoon; state Exp; branches; next 1.131; commitid pkuNrSZ2MZiLWPhB; 1.131 date 2019.02.06.11.36.38; author tnn; state Exp; branches; next 1.130; commitid bxrrRkiTCRv8pHaB; 1.130 date 2019.01.06.12.53.56; author bsiegert; state Exp; branches; next 1.129; commitid TmafLwnaNyDkQI6B; 1.129 date 2018.12.09.18.52.07; author adam; state Exp; branches; next 1.128; commitid Pdg91emznUBdJ93B; 1.128 date 2018.11.27.23.36.00; author sevan; state Exp; branches; next 1.127; commitid H1xbLg2oE5vjGD1B; 1.127 date 2018.07.20.03.33.55; author ryoon; state Exp; branches; next 1.126; commitid 09Go9qhjDl36dPKA; 1.126 date 2018.04.14.07.34.00; author adam; state Exp; branches; next 1.125; commitid OW5IgFIaJWdTEnyA; 1.125 date 2017.11.30.16.45.07; author adam; state Exp; branches; next 1.124; commitid 2LNaDKcCKaKZ25hA; 1.124 date 2017.09.18.09.53.04; author maya; state Exp; branches; next 1.123; commitid BMfpJecGogsW6F7A; 1.123 date 2017.04.22.21.03.16; author adam; state Exp; branches; next 1.122; commitid FZEMSoU8Sj6ZBzOz; 1.122 date 2016.12.04.05.17.11; author ryoon; state Exp; branches; next 1.121; commitid xSaWu3mShoBjQCwz; 1.121 date 2016.06.02.16.01.12; author jperkin; state Exp; branches; next 1.120; commitid i27DmnbjoV5LlU8z; 1.120 date 2016.04.11.19.01.38; author ryoon; state Exp; branches; next 1.119; commitid mgqGURJPmT1r1f2z; 1.119 date 2016.03.09.06.01.09; author tnn; state Exp; branches; next 1.118; commitid I47S6fWo80eELVXy; 1.118 date 2016.03.05.11.27.54; author jperkin; state Exp; branches; next 1.117; commitid 1LoxeQftu903HrXy; 1.117 date 2016.02.25.08.27.04; author jperkin; state Exp; branches; next 1.116; commitid YcxXXIgYfdTxZgWy; 1.116 date 2015.10.10.01.57.55; author ryoon; state Exp; branches; next 1.115; commitid 78BsYZiClqZSgvEy; 1.115 date 2015.04.06.08.17.17; author adam; state Exp; branches; next 1.114; commitid dUs0ktQdJn8Wnvgy; 1.114 date 2014.10.07.16.47.14; author adam; state Exp; branches; next 1.113; commitid 7jTOvNj1CvwA1iTx; 1.113 date 2014.07.30.11.05.04; author fhajny; state Exp; branches; next 1.112; commitid KTw62soMfOJrloKx; 1.112 date 2014.04.09.07.26.58; author obache; state Exp; branches; next 1.111; commitid 3Qx65Ha86azyJYvx; 1.111 date 2014.03.22.09.05.24; author bsiegert; state Exp; branches; next 1.110; commitid Iwfxwmlm0c6pRFtx; 1.110 date 2014.03.19.13.25.04; author bsiegert; state Exp; branches; next 1.109; commitid LBzbX9hiAcoBojtx; 1.109 date 2014.02.20.08.19.43; author obache; state Exp; branches; next 1.108; commitid MnQlneIqR7jQxOpx; 1.108 date 2014.02.12.23.18.32; author tron; state Exp; branches; next 1.107; commitid dfJj7CwMMWJzNRox; 1.107 date 2013.12.04.10.01.30; author bsiegert; state Exp; branches; next 1.106; commitid yYm33UGyn2GLDNfx; 1.106 date 2013.10.19.09.06.56; author adam; state Exp; branches; next 1.105; commitid CGtwIKecGGJbPS9x; 1.105 date 2013.10.14.09.55.52; author ryoon; state Exp; branches; next 1.104; commitid kQ5jIkOqSiXVff9x; 1.104 date 2013.10.11.16.21.40; author roy; state Exp; branches; next 1.103; commitid rwRxK2lsopfiuT8x; 1.103 date 2013.08.24.16.45.08; author richard; state Exp; branches; next 1.102; commitid lYrqjuI1Eoh0aJ2x; 1.102 date 2013.08.22.21.17.00; author joerg; state Exp; branches; next 1.101; commitid wvLGcvOvfGVWIu2x; 1.101 date 2013.08.16.08.30.14; author adam; state Exp; branches; next 1.100; commitid HwPqVAc9STl6GE1x; 1.100 date 2013.08.15.11.15.11; author jperkin; state Exp; branches; next 1.99; commitid o3QXRYbCpelxCx1x; 1.99 date 2013.07.15.02.02.28; author ryoon; state Exp; branches; next 1.98; commitid aGblgSa9xp3HyvXw; 1.98 date 2013.05.09.07.39.19; author adam; state Exp; branches; next 1.97; 1.97 date 2013.02.06.23.20.59; author jperkin; state Exp; branches; next 1.96; 1.96 date 2013.01.26.21.36.45; author adam; state Exp; branches; next 1.95; 1.95 date 2012.12.16.01.52.32; author obache; state Exp; branches; next 1.94; 1.94 date 2012.11.15.03.32.00; author sbd; state Exp; branches; next 1.93; 1.93 date 2012.10.23.18.16.30; author asau; state Exp; branches; next 1.92; 1.92 date 2012.09.09.09.23.06; author cheusov; state Exp; branches; next 1.91; 1.91 date 2012.07.18.09.48.10; author jperkin; state Exp; branches; next 1.90; 1.90 date 2012.04.27.12.32.02; author obache; state Exp; branches; next 1.89; 1.89 date 2012.03.13.09.04.49; author fhajny; state Exp; branches; next 1.88; 1.88 date 2012.03.11.11.30.06; author shattered; state Exp; branches; next 1.87; 1.87 date 2012.02.27.12.39.11; author asau; state Exp; branches; next 1.86; 1.86 date 2012.02.15.22.39.54; author asau; state Exp; branches; next 1.85; 1.85 date 2012.01.18.14.45.37; author adam; state Exp; branches; next 1.84; 1.84 date 2011.12.30.18.59.05; author tez; state Exp; branches; next 1.83; 1.83 date 2011.12.09.01.53.11; author sbd; state Exp; branches; next 1.82; 1.82 date 2011.09.14.17.33.00; author hans; state Exp; branches; next 1.81; 1.81 date 2011.07.31.21.21.01; author gls; state Exp; branches; next 1.80; 1.80 date 2011.07.08.09.49.21; author adam; state Exp; branches; next 1.79; 1.79 date 2010.03.23.15.37.56; author wiz; state Exp; branches; next 1.78; 1.78 date 2010.02.19.20.16.05; author joerg; state Exp; branches; next 1.77; 1.77 date 2010.01.17.12.02.40; author wiz; state Exp; branches; next 1.76; 1.76 date 2009.06.30.00.07.22; author joerg; state Exp; branches; next 1.75; 1.75 date 2009.06.14.22.58.08; author joerg; state Exp; branches; next 1.74; 1.74 date 2009.05.20.00.58.26; author wiz; state Exp; branches; next 1.73; 1.73 date 2009.05.19.08.59.31; author wiz; state Exp; branches; next 1.72; 1.72 date 2009.02.01.21.39.43; author shattered; state Exp; branches; next 1.71; 1.71 date 2008.05.14.18.01.26; author jwise; state Exp; branches; next 1.70; 1.70 date 2008.05.05.02.26.03; author jwise; state Exp; branches; next 1.69; 1.69 date 2008.04.12.22.43.09; author jlam; state Exp; branches; next 1.68; 1.68 date 2008.03.04.22.37.46; author jlam; state Exp; branches; next 1.67; 1.67 date 2008.03.02.06.41.32; author jlam; state Exp; branches; next 1.66; 1.66 date 2008.02.29.22.41.13; author jlam; state Exp; branches; next 1.65; 1.65 date 2008.02.28.08.14.41; author jlam; state Exp; branches; next 1.64; 1.64 date 2008.01.18.05.09.37; author tnn; state Exp; branches; next 1.63; 1.63 date 2007.02.20.10.17.14; author rillig; state Exp; branches; next 1.62; 1.62 date 2006.08.09.17.58.09; author salo; state Exp; branches; next 1.61; 1.61 date 2006.07.05.04.39.14; author jlam; state Exp; branches; next 1.60; 1.60 date 2006.07.02.13.53.28; author markd; state Exp; branches; next 1.59; 1.59 date 2006.05.31.18.22.26; author ghen; state Exp; branches 1.59.2.1; next 1.58; 1.58 date 2006.05.15.09.17.14; author minskim; state Exp; branches; next 1.57; 1.57 date 2006.05.06.01.05.51; author minskim; state Exp; branches; next 1.56; 1.56 date 2006.03.31.23.44.39; author jlam; state Exp; branches; next 1.55; 1.55 date 2006.03.30.03.44.43; author jlam; state Exp; branches; next 1.54; 1.54 date 2006.02.07.12.20.52; author lha; state Exp; branches; next 1.53; 1.53 date 2006.01.25.03.47.51; author jlam; state Exp; branches; next 1.52; 1.52 date 2006.01.24.18.56.23; author wiz; state Exp; branches; next 1.51; 1.51 date 2006.01.24.18.55.21; author wiz; state Exp; branches; next 1.50; 1.50 date 2005.12.29.06.22.09; author jlam; state Exp; branches; next 1.49; 1.49 date 2005.12.21.04.17.49; author jlam; state Exp; branches 1.49.2.1; next 1.48; 1.48 date 2005.12.05.23.55.17; author rillig; state Exp; branches; next 1.47; 1.47 date 2005.12.05.20.50.56; author rillig; state Exp; branches; next 1.46; 1.46 date 2005.10.26.16.44.24; author jlam; state Exp; branches; next 1.45; 1.45 date 2005.10.26.15.12.45; author jlam; state Exp; branches; next 1.44; 1.44 date 2005.10.25.01.17.57; author rillig; state Exp; branches; next 1.43; 1.43 date 2005.10.05.13.29.50; author wiz; state Exp; branches; next 1.42; 1.42 date 2005.08.23.14.07.25; author reed; state Exp; branches; next 1.41; 1.41 date 2005.08.04.16.50.18; author tonio; state Exp; branches; next 1.40; 1.40 date 2005.06.20.09.51.02; author lha; state Exp; branches; next 1.39; 1.39 date 2005.06.01.02.49.39; author yyamano; state Exp; branches; next 1.38; 1.38 date 2005.05.31.11.31.07; author dillo; state Exp; branches; next 1.37; 1.37 date 2005.05.31.10.01.39; author dillo; state Exp; branches; next 1.36; 1.36 date 2005.05.22.20.08.30; author jlam; state Exp; branches; next 1.35; 1.35 date 2005.04.21.14.35.47; author lha; state Exp; branches; next 1.34; 1.34 date 2005.04.21.14.00.36; author wiz; state Exp; branches; next 1.33; 1.33 date 2005.04.11.21.47.12; author tv; state Exp; branches; next 1.32; 1.32 date 2004.12.28.02.47.49; author reed; state Exp; branches 1.32.2.1; next 1.31; 1.31 date 2004.12.23.14.43.28; author jlam; state Exp; branches; next 1.30; 1.30 date 2004.12.04.03.59.26; author jlam; state Exp; branches; next 1.29; 1.29 date 2004.11.28.19.19.52; author jlam; state Exp; branches; next 1.28; 1.28 date 2004.11.19.23.16.02; author jlam; state Exp; branches; next 1.27; 1.27 date 2004.11.15.14.56.36; author jlam; state Exp; branches; next 1.26; 1.26 date 2004.11.09.19.48.52; author jlam; state Exp; branches; next 1.25; 1.25 date 2004.10.19.04.01.13; author reed; state Exp; branches; next 1.24; 1.24 date 2004.10.03.00.18.09; author tv; state Exp; branches; next 1.23; 1.23 date 2004.09.22.08.09.52; author jlam; state Exp; branches; next 1.22; 1.22 date 2004.09.15.04.53.21; author jlam; state Exp; branches; next 1.21; 1.21 date 2004.09.14.14.41.34; author jlam; state Exp; branches; next 1.20; 1.20 date 2004.08.22.19.32.52; author jlam; state Exp; branches; next 1.19; 1.19 date 2004.08.05.16.28.45; author jlam; state Exp; branches; next 1.18; 1.18 date 2004.07.30.21.05.42; author jlam; state Exp; branches; next 1.17; 1.17 date 2004.07.24.14.01.20; author jlam; state Exp; branches; next 1.16; 1.16 date 2004.06.25.15.44.30; author jlam; state Exp; branches; next 1.15; 1.15 date 2004.06.25.15.42.52; author jlam; state Exp; branches; next 1.14; 1.14 date 2004.04.01.20.51.50; author jlam; state Exp; branches; next 1.13; 1.13 date 2004.04.01.18.42.25; author joda; state Exp; branches; next 1.12; 1.12 date 2004.03.29.17.22.26; author jlam; state Exp; branches; next 1.11; 1.11 date 2004.03.28.01.00.11; author jlam; state Exp; branches; next 1.10; 1.10 date 2004.03.26.18.48.52; author jlam; state Exp; branches; next 1.9; 1.9 date 2004.03.26.02.27.52; author wiz; state Exp; branches; next 1.8; 1.8 date 2004.03.10.18.07.16; author jlam; state Exp; branches; next 1.7; 1.7 date 2004.02.23.12.35.11; author wiz; state Exp; branches; next 1.6; 1.6 date 2004.02.22.11.59.50; author markd; state Exp; branches; next 1.5; 1.5 date 2004.02.14.17.21.52; author jlam; state Exp; branches; next 1.4; 1.4 date 2004.01.15.12.48.00; author jlam; state Exp; branches; next 1.3; 1.3 date 2004.01.11.00.00.28; author jlam; state Exp; branches; next 1.2; 1.2 date 2004.01.10.21.59.29; author jlam; state Exp; branches; next 1.1; 1.1 date 2004.01.10.14.56.45; author jlam; state Exp; branches 1.1.1.1; next ; 1.157.2.1 date 2023.06.20.17.57.33; author bsiegert; state Exp; branches; next ; commitid bWpZW6BlNlDjgItE; 1.59.2.1 date 2006.08.10.07.14.03; author ghen; state Exp; branches; next ; 1.49.2.1 date 2006.02.08.15.59.35; author salo; state Exp; branches; next ; 1.32.2.1 date 2005.04.21.15.55.33; author salo; state Exp; branches; next ; 1.1.1.1 date 2004.01.10.14.56.45; author jlam; state Exp; branches; next ; desc @@ 1.163 log @*: recursive bump for icu 74.1 @ text @# $NetBSD: Makefile,v 1.162 2023/10/24 22:10:48 wiz Exp $ DISTNAME= heimdal-7.8.0 PKGREVISION= 7 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GITHUB:=heimdal/} GITHUB_RELEASE= ${DISTNAME} MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= http://www.h5l.org/ COMMENT= Kerberos 5 implementation LICENSE= modified-bsd TOOL_DEPENDS+= p5-JSON-[0-9]*:../../converters/p5-JSON CONFLICTS+= arla-[0-9]* CONFLICTS+= mit-krb5-[0-9]* CONFLICTS+= openafs-[0-9]* CONFLICTS+= gss-[0-9]* CONFLICTS+= kth-krb4-[0-9]* USE_LIBTOOL= yes USE_TOOLS+= bison flex:run perl PKGCONFIG_OVERRIDE+= tools/heimdal-gssapi.pc.in MAKE_ENV+= INSTALL_CATPAGES=no BUILD_DEFS+= VARBASE .include "options.mk" HEIMDAL_HDB_DIR= ${VARBASE}/heimdal GNU_CONFIGURE= yes GNU_CONFIGURE_STRICT= no # has multiple configure scripts CONFIGURE_ARGS+= --enable-kcm CONFIGURE_ARGS+= --enable-pthread-support CONFIGURE_ARGS+= --includedir=${PREFIX}/include/krb5 CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --with-hdbdir=${HEIMDAL_HDB_DIR} CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.editlinereadline} CONFIGURE_ARGS+= --with-sqlite3=${BUILDLINK_PREFIX.sqlite3} CONFIGURE_ARGS+= --without-x CONFIGURE_ARGS+= ${ABI:D--with-mips-abi=${ABI}} CONFIGURE_ENV+= COMPILE_ET=no # build Heimdal's compile_et(1) CONFIGURE_ENV+= PYTHON=${PYTHONBIN} .include "../../mk/bdb.buildlink3.mk" # XXX Don't detect db1 when a newer version is available; otherwise build fails .if ${BDB_TYPE} != "db1" CONFIGURE_ENV+= ac_cv_funclib_dbopen=no .endif CFLAGS.Darwin+= -DBIND_8_COMPAT # Newer illumos has extended functions in glob(3C) but it's easier to # say it doesn't for simpler PLIST.glob handling. CONFIGURE_ENV.SunOS+= ac_cv_func_glob_working=no # Though Solaris has a header, it does something very unrelated # to the BSD header. CONFIGURE_ENV.SunOS+= ac_cv_header_vis_h=no PLIST_VARS+= glob vis afskauth .if ${OPSYS} == "SunOS" PLIST.vis= yes PLIST.glob= yes .endif .if ${OPSYS} == "IRIX" PLIST.afskauth= yes .endif OWN_DIRS_PERMS= ${HEIMDAL_HDB_DIR} ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700 SPECIAL_PERMS+= ${PREFIX}/bin/otp ${SETUID_ROOT_PERMS} SPECIAL_PERMS+= ${PREFIX}/bin/${KRB5_PREFIX}su ${SETUID_ROOT_PERMS} RCD_SCRIPTS= kadmind kcm kdc kpasswdd INFO_FILES= yes TEST_TARGET= check # remove manpages conficting with OpenSSL keeping only the important ones pre-configure: cd ${WRKSRC}/doc/doxyout/hcrypto && \ ${GREP} -e /hcrypto_ -e /page_ manpages > manpages.new && \ mv manpages.new manpages .include "../../databases/sqlite3/buildlink3.mk" # Linux does not have include/vis.h and expected include/glob.h. .if ${OPSYS} == "Linux" PLIST.vis= yes PLIST.glob= yes # Without this I get undefined references to pthread_getspecific PTHREAD_AUTO_VARS= yes .endif .if ${OPSYS} == "MirBSD" PLIST.vis= yes # all of the tools need to link against pthread, force it. PTHREAD_AUTO_VARS= yes .endif .if ${OPSYS} == "Minix" # all of the tools need to link against pthread, force it. PTHREAD_AUTO_VARS= yes .endif .include "../../lang/python/pyversion.mk" .include "../../security/openssl/buildlink3.mk" # integrated editline configure script that always runs checks for this .include "../../mk/curses.buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" .include "../../mk/readline.buildlink3.mk" .include "../../mk/termcap.buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.162 log @*: bump for openssl 3 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.161 2023/08/14 05:25:09 wiz Exp $ d4 1 a4 1 PKGREVISION= 6 @ 1.161 log @*: recursive bump for Python 3.11 as new default @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.160 2023/06/19 19:13:03 riastradh Exp $ d4 1 a4 1 PKGREVISION= 5 @ 1.160 log @security/heimdal: Patch CVE-2022-42898 away. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.159 2023/06/06 12:42:13 riastradh Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.159 log @Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/. Almost all uses, if not all of them, are wrong, according to the semantics of BUILD_DEPENDS (packages built for target available for use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for host available for use _as_ tools at build-time). No change to BUILD_DEPENDS as used correctly inside buildlink3. As proposed on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.158 2023/04/19 08:08:40 adam Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.158 log @revbump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.157 2023/02/08 07:41:25 wiz Exp $ d14 1 a14 1 BUILD_DEPENDS+= p5-JSON-[0-9]*:../../converters/p5-JSON @ 1.157 log @heimdal: add patch against CVE-2022-45142 Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.156 2022/11/23 16:18:59 adam Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.157.2.1 log @Pullup ticket #6762 - requested by riastradh security/heimdal: security fix Revisions pulled up: - security/heimdal/Makefile 1.160 - security/heimdal/distinfo 1.57 - security/heimdal/patches/patch-lib_krb5_store-int.c 1.1 --- Module Name: pkgsrc Committed By: riastradh Date: Mon Jun 19 19:13:03 UTC 2023 Modified Files: pkgsrc/security/heimdal: Makefile distinfo Added Files: pkgsrc/security/heimdal/patches: patch-lib_krb5_store-int.c Log Message: security/heimdal: Patch CVE-2022-42898 away. @ text @d1 1 a1 1 # $NetBSD$ d4 1 a4 1 PKGREVISION= 4 @ 1.156 log @massive revision bump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.155 2022/11/22 12:51:00 adam Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.155 log @heimdal: updated to 7.8 Heimdal 7.8 Latest This release includes both the Heimdal 7.7.1 Security Vulnerability fixes and non-Security bug fixes/improvements. Security Vulnerabilities: CVE-2022-42898 PAC parse integer overflows CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3, as we believe it should be possible to get an RCE on a KDC, which means that credentials can be compromised that can be used to impersonate anyone in a realm or forest of realms. Heimdal's ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker, in turn leading to a potential remote code execution (RCE) vulnerability. This error affects the DER codec for all extensible CHOICE types used in Heimdal, though not all cases will be exploitable. We have not completed a thorough analysis of all the Heimdal components affected, thus the Kerberos client, the X.509 library, and other parts, may be affected as well. This bug has been in Heimdal's ASN.1 compiler since 2005, but it may only affect Heimdal 1.6 and up. It was first reported by Douglas Bagnall, though it had been found independently by the Heimdal maintainers via fuzzing a few weeks earlier. While no zero-day exploit is known, such an exploit will likely be available soon after public disclosure. CVE-2019-14870: Validate client attributes in protocol-transition CVE-2019-14870: Apply forwardable policy in protocol-transition CVE-2019-14870: Always lookup impersonate client in DB Other changes: Bugs found by UBSAN (including the incorrect encoding of unconstrained INTEGER value -1). Errors found by the LLVM scan-build static analyzer. Errors found by the valgrind memory debugger. Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp). Correct ASN.1 OID typo for SHA-384 Fix a deadlock in in the MEMORY ccache type. TGS: strip forwardable and proxiable flags if the server is disallowed. CVE-2019-14870: Validate client attributes in protocol-transition CVE-2019-14870: Apply forwardable policy in protocol-transition CVE-2019-14870: Always lookup impersonate client in DB Incremental HDB propagation improvements Refactor send_diffs making it progressive Handle partial writes on non-blocking sockets Disable Nagle in iprop master and slave Use async I/O Don't send I_HAVE in response to AYT Do not recover log in kadm5_get_principal() Don't send diffs to slaves with not yet known version Don't stutter in send_diffs Optional backwards-compatible anon-pkinit behavior @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.154 2022/06/28 11:35:35 wiz Exp $ d4 1 @ 1.154 log @*: recursive bump for perl 5.36 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.153 2022/04/18 19:10:04 adam Exp $ d3 1 a3 2 DISTNAME= heimdal-7.7.0 PKGREVISION= 5 a27 2 WRKSRC= ${WRKDIR}/${DISTNAME} d39 1 d44 1 a62 4 .include "../../mk/readline.buildlink3.mk" CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.editlinereadline} d109 1 a109 3 .include "../../mk/termcap.buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" .include "../../mk/readline.buildlink3.mk" d113 3 @ 1.153 log @revbump for textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.152 2021/12/08 16:02:33 adam Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.152 log @revbump for icu and libffi @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.151 2021/11/17 08:46:02 wiz Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.151 log @heimdal: Fix CVE-2021-3671 Patch from samba Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.150 2021/10/22 07:31:54 wiz Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.150 log @heimdal: fix su -> ksu name change with kerberos-prefix-cmds option Bump PKGREVISION, since it's on by default. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.149 2021/10/21 09:02:25 wiz Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.149 log @heimdal: fix fetch stage @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.148 2021/10/21 07:51:41 wiz Exp $ d4 1 @ 1.148 log @heimdal: remove hcrypto PLIST_VAR It was always set to yes. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.147 2021/10/21 07:46:02 wiz Exp $ d6 1 a6 1 GITHUB_TAG= ${DISTNAME} @ 1.147 log @heimdal: update to 7.7.0. This version supports openssl 1.1, so re-enable it. Release Notes - Heimdal - Version Heimdal 7.7 Bug fixes - PKCS#11 hcrypto back-end . initialize the p11_module_load function list . verify that not only is a mechanism present but that its mechanism info states that it offers the required encryption, decryption or digest services - krb5: . Starting with 7.6, Heimdal permitted requesting authenticated anonymous tickets. However, it did not verify that a KDC in fact returned an anonymous ticket when one was requested. - Cease setting the KDCOption reaquest_anonymous flag when issuing S4UProxy (constrained delegation) TGS requests. . when the Win2K PKINIT compatibility option is set, do not require krbtgt otherName to match when validating KDC certificate. . set PKINIT_BTMM flag per Apple implementation . use memset_s() instead of memset() - kdc: . When generating KRB5SignedPath in the AS, use the reply client name rather than the one from the request, so validation will work correctly in the TGS. . allow checksum of PA-FOR-USER to be HMAC_MD5. Even if tgt used an enctype with a different checksum. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what Windows and MIT clients send. In heimdal both the client and kdc use instead the checksum of the tgt, and therefore work with each other but Windows and MIT clients fail against heimdal KDC. Both Windows and MIT KDCs would allow any keyed checksum to be used so Heimdal client interoperates with them. Change Heimdal KDC to allow HMAC_MD5 even for non RC4 based tgt in order to support per-spec clients. . use memset_s() instead of memset(). - Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy (constrained delegation) TGS Requests with the request anonymous flag set. These requests will be treated as S4UProxy requests and not anonymous requests. - HDB: . Set SQLite3 backend default page size to 8KB. . Add hdb_set_sync() method - kadmind: . disable HDB sync during database load avoiding unnecessary disk i/o. - ipropd: . disable HDB sync during receive_everything. Doing an fsync per-record when receiving the complete HDB is a performance disaster. Among other things, if the HDB is very large, then one slave receving a full HDB can cause other slaves to timeout and, if HDB write activity is high enough to cause iprop log truncation, then also need full syncs, which leads to a cycle of full syncs for all slaves until HDB write activity drops. Allowing the iprop log to be larger helps, but improving receive_everything() performance helps even more. - kinit: . Anonymous PKINIT tickets discard the realm information used to locate the issuing AS. Store the issuing realm in the credentials cache in order to locate a KDC which can renew them. . Do not leak the result of krb5_cc_get_config() when determining anonymous PKINIT start realm. - klist: . Show transited-policy-checked, ok-as-delegate and anonymous flags when listing credentials. - tests: . Regenerate certs so that they expire before the 2038 armageddon so the test suite will pass on 32-bit operating systems until the underlying issues can be resolved. - Solaris: . Define _STDC_C11_BCI for memset_s prototype - build tooling: . Convert from python 2 to python 3 - documentation . rename verify-password to verify-password-quality . hprop default mode is encrypt . kadmind "all" permission does not include "get-keys" . verify-password-quality might not be stateless Release Notes - Heimdal - Version Heimdal 7.6 Security - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum When the Heimdal KDC checks the checksum that is placed on the S4U2Self packet by the server to protect the requested principal against modification, it does not confirm that the checksum algorithm that protects the user name (principal) in the request is keyed. This allows a man-in-the-middle attacker who can intercept the request to the KDC to modify the packet by replacing the user name (principal) in the request with any desired user name (principal) that exists in the KDC and replace the checksum protecting that name with a CRC32 checksum (which requires no prior knowledge to compute). This would allow a S4U2Self ticket requested on behalf of user name (principal) user@@EXAMPLE.COM to any service to be changed to a S4U2Self ticket with a user name (principal) of Administrator@@EXAMPLE.COM. This ticket would then contain the PAC of the modified user name (principal). - CVE-2019-12098, client-only: RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge when anonymous PKINIT is used. Failure to do so can permit an active attacker to become a man-in-the-middle. Bug fixes - Happy eyeballs: Don't wait for responses from known-unreachable KDCs. - kdc: check return copy_Realm, copy_PrincipalName, copy_EncryptionKey - kinit: . cleanup temporary ccaches . see man page for "kinit --anonymous" command line syntax change - kdc: Make anonymous AS-requests more RFC8062-compliant. - Updated expired test certificates - Solaris: . PKCS#11 hcrypto backend broken since 7.0.1 . Building with Sun Pro C Features - kuser: support authenticated anonymous AS-REQs in kinit - kdc: support for anonymous TGS-REQs - kgetcred support for anonymous service tickets - Support builds with OpenSSL 1.1.1 Release Notes - Heimdal - Version Heimdal 7.5 Security - Fix CVE-2017-17439, which is a remote denial of service vulnerability: In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. Bug fixes - Handle long input lines when reloading database dumps. - In pre-forked mode (default on Unix), correctly clear the process ids of exited children, allowing new child processes to replace the old. - Fixed incorrect KDC response when no-cross realm TGT exists, allowing client requests to fail quickly rather than time out after trying to get a correct answer from each KDC. Release Notes - Heimdal - Version Heimdal 7.4 Security - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation This is a critical vulnerability. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. See https://www.orpheus-lyre.info/ for more details. Release Notes - Heimdal - Version Heimdal 7.3 Security - Fix transit path validation. Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594) Release Notes - Heimdal - Version Heimdal 7.2 Bug fixes - Portability improvements - More strict parsing of encoded URI components in HTTP KDC - Fixed memory leak in malloc error recovery in NTLM GSSAPI mechanism - Avoid overly specific CPU info in krb5-config in aid of reproducible builds - Don't do AFS string-to-key tests when feature is disabled - Skip mdb_stat test when the command is not available - Windows: update SHA2 timestamp server - hdb: add missing export hdb_generate_key_set_password_with_ks_tuple - Fix signature of hdb_generate_key_set_password() - Windows: enable KX509 support in the KDC - kdc: fix kx509 service principal match - iprop: handle case where master sends nothing new - ipropd-slave: fix incorrect error codes - Allow choice of sqlite for HDB pref - check-iprop: don't fail to kill daemons - roken: pidfile -> rk_pidfile - kdc: _kdc_do_kx509 fix use after free error - Do not detect x32 as 64-bit platform. - No sys/ttydefaults.h on CYGWIN - Fix check-iprop races - roken_detach_prep() close pipe Release Notes - Heimdal - Version Heimdal 7.1 Security - kx509 realm-chopping security bug - non-authorization of alias additions/removals in kadmind (CVE-2016-2400) Feature - iprop has been revamped to fix a number of race conditions that could lead to inconsistent replication - Hierarchical capath support - AES Encryption with HMAC-SHA2 for Kerberos 5 draft-ietf-kitten-aes-cts-hmac-sha2-11 - hcrypto is now thread safe on all platforms - libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for Solaris), and OpenSSL. OpenSSL is now a first-class libhcrypto backend. OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by backend - HDB now supports LMDB - Thread support on Windows - RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST) - New GSS APIs: . gss_localname - Allow setting what encryption types a principal should have with [kadmin] default_key_rules, see krb5.conf manpage for more info - Unify libhcrypto with LTC (libtomcrypto) - asn1_compile 64-bit INTEGER functionality - HDB key history support including --keepold kadmin password option - Improved cross-realm key rollover safety - New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces - Improved MIT compatibility . kadm5 API . Migration from MIT KDB via "mitdb" HDB backend . Capable of writing the HDB in MIT dump format - Improved Active Directory interoperability . Enctype selection issues for PAC and other authz-data signatures . Cross realm key rollover (kvno 0) - New [kdc] enctype negotiation configuration: . tgt-use-strongest-session-key . svc-use-strongest-session-key . preauth-use-strongest-session-key . use-strongest-server-key - The KDC process now uses a multi-process model improving resiliency and performance - Allow batch-mode kinit with password file - SIGINFO support added to kinit cmd - New kx509 configuration options: . kx509_ca . kca_service . kx509_include_pkinit_san . kx509_template - Improved Heimdal library/plugin version safety - Name canonicalization . DNS resolver searchlist . Improved referral support . Support host:port host-based services - Pluggable libheimbase interface for DBs - Improve IPv6 Support - LDAP . Bind DN and password . Start TLS - klist --json - DIR credential cache type - Updated upstream SQLite and libedit - Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh, telnet, xnlock - Completely remove RAND_egd support - Moved kadmin and ktutil to /usr/bin - Stricter fcache checks (see fcache_strict_checking krb5.conf setting) . use O_NOFOLLOW . don't follow symlinks . require cache files to be owned by the user . require sensible permissions (not group/other readable) - Implemented gss_store_cred() - Many more Bug fixes - iprop has been revamped to fix a number of race conditions that could lead to data loss - Include non-loopback addresses assigned to loopback interfaces when requesting tickets with addresses - KDC 1DES session key selection (for AFS rxkad-k5 compatibility) - Keytab file descriptor and lock leak - Credential cache corruption bugs (NOTE: The FILE ccache is still not entirely safe due to the fundamentally unsafe design of POSIX file locking) - gss_pseudo_random() interop bug - Plugins are now preferentially loaded from the run-time install tree - Reauthentication after password change in init_creds_password - Memory leak in the client kadmin library - TGS client requests renewable/forwardable/proxiable when possible - Locking issues in DB1 and DB3 HDB backends - Master HDB can remain locked while waiting for network I/O - Renewal/refresh logic when kinit is provided with a command - KDC handling of enterprise principals - Use correct bit for anon-pkinit - Many more @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.146 2021/05/09 16:04:34 thor Exp $ d67 1 a67 1 PLIST_VARS+= glob vis hcrypto afskauth a92 1 PLIST.hcrypto= yes @ 1.146 log @security/heimdal: provide krb5-gssapi.pc as symlink This is needed for example for qt5-qtbase to pick up a pkgsrc-installed heimdal instead of possibly a mix of system mit-krb5 libs with pkgsrc headers, for its network auth that recently got GSSAPI. It makes sense to provide the same pkg-config package name if heimdal and mit-krb5 should be transparently compatible at that front. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.145 2021/04/21 11:40:36 adam Exp $ d3 1 a3 2 DISTNAME= heimdal-1.5.3 PKGREVISION= 29 d5 2 a6 3 # Original distfile is unavailable on Github #GITHUB_TAG= ${DISTNAME} #MASTER_SITES= ${MASTER_SITE_GITHUB:=heimdal/} d13 2 d22 1 a22 1 USE_TOOLS+= bison flex:run d26 3 a28 7 # heimdal-1.5.3 on NetBSD 8.1 fails with: # cc [...] -c hxtool.c # In file included from hxtool.c:34:0: # hx_locl.h:66:23: fatal error: ocsp_asn1.h: No such file or directory # # https://mail-index.netbsd.org/pkgsrc-users/2020/02/20/msg030473.html MAKE_JOBS_SAFE= no a40 3 # not compatible to openssl 1.1 # TODO: re-enable when updating from 1.5.3, also in buildlink3.mk CONFIGURE_ARGS+= --without-openssl a44 2 # XXX Grand Central Dispatch is broken in 1.4 CONFIGURE_ENV+= ac_cv_funclib_dispatch_async_f=no a64 1 .if ${READLINE_TYPE} == "readline" a65 3 .elif ${READLINE_TYPE} == "editline" CONFIGURE_ARGS+= --with-libedit=${BUILDLINK_PREFIX.editlinereadline} .endif d80 1 a80 1 SPECIAL_PERMS= ${PREFIX}/bin/${KRB5_PREFIX}su ${SETUID_ROOT_PERMS} a91 4 # Avoid 'cat: cannot open ./localefiles: No such file or directory' pre-build: ${TOUCH} ${WRKSRC}/po/localefiles a113 3 post-install: ${LN} -s heimdal-gssapi.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/krb5-gssapi.pc d117 3 @ 1.145 log @revbump for textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.144 2020/11/05 09:07:06 ryoon Exp $ d4 1 a4 1 PKGREVISION= 28 d131 3 @ 1.144 log @*: Recursive revbump from textproc/icu-68.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.143 2020/07/26 09:30:14 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 27 @ 1.143 log @heimdal: Update MASTER_SITES. The original master site is gone. The new one redirects to Github but for the ancient release we package (1.5.3, newest is 7.x), it does not have the distfile. Update NetBSD/pkgsrc#68 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.142 2020/06/02 08:22:54 adam Exp $ d4 1 a4 1 PKGREVISION= 26 @ 1.142 log @Revbump for icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.141 2020/04/12 08:28:05 adam Exp $ d6 3 a8 1 MASTER_SITES= http://www.h5l.org/dist/src/ @ 1.141 log @Recursive revision bump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.140 2020/03/21 00:15:11 markd Exp $ d4 1 a4 1 PKGREVISION= 25 @ 1.140 log @heimdal: fix runpath setting in krb5-config @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.139 2020/03/18 13:18:57 gdt Exp $ d4 1 a4 1 PKGREVISION= 24 @ 1.139 log @security/heimdal: Prefix kerberos commands by default It has long been an issue that heimdal installs "su" which shadows system su and behaves differently. Now, with openssl 1.1, many people are getting heimdal installed that did not expect it or ask for it. (Really, heimdal should be split into libraries and apps, so that programs can have kerberos support without adding commands to the user's namespace, but this is vastly easier.) (In response to on-list complaints, and believing this will not be contoversial.) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.138 2020/02/20 21:01:09 rillig Exp $ d4 1 a4 1 PKGREVISION= 23 @ 1.138 log @security/heimdal: add back MAKE_JOBS_SAFE=no @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.137 2020/02/13 21:12:21 rillig Exp $ d4 1 a4 1 PKGREVISION= 22 @ 1.137 log @security/heimdal: remove MAKE_JOBS_SAFE=no Heimdal built fine on NetBSD-8.0-x86_64 with MAKE_JOBS=7. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.136 2020/02/13 21:04:25 rillig Exp $ d24 8 a31 1 .include "../../mk/bsd.prefs.mk" @ 1.136 log @security/heimdal: disable check for unknown GNU configure options Heimdal has bundled libreadline, which has its own configure file with completely different options. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.135 2020/01/18 21:48:21 jperkin Exp $ a18 2 MAKE_JOBS_SAFE= no @ 1.135 log @*: Recursive revision bump for openssl 1.1.1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.134 2019/11/04 21:12:53 rillig Exp $ d32 1 @ 1.134 log @security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.133 2019/10/21 16:21:44 wiz Exp $ d4 1 a4 1 PKGREVISION= 21 @ 1.133 log @heimdal: fix build on OpenSSL 1.1 systems by disabling OpenSSL. heimdal includes a copy of the relevant functions itself. Add a comment that the dependency should be re-enabled when updating this package. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.132 2019/04/03 00:33:04 ryoon Exp $ d106 2 a107 2 PLIST.vis= yes PLIST.glob= yes @ 1.132 log @Recursive revbump from textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.131 2019/02/06 11:36:38 tnn Exp $ d4 1 a4 1 PKGREVISION= 20 d37 3 a39 1 CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} a101 7 .include "../../security/openssl/buildlink3.mk" CHECK_BUILTIN.openssl:= yes .include "../../security/openssl/builtin.mk" CHECK_BUILTIN.openssl:=no .if ${MACHINE_PLATFORM:MNetBSD-[1-3]*} != "" || \ (${OPSYS} == "SunOS" && !empty(USE_BUILTIN.openssl:Myes) && \ !empty(BUILTIN_LIB_FOUND.crypto:M[Nn][Oo])) a102 1 .endif a109 4 .if !empty(USE_BUILTIN.openssl:Myes) && \ empty(BUILTIN_VERSION.openssl:M1.0*) PLIST.hcrypto= yes .endif a112 3 .if !empty(USE_BUILTIN.openssl:Myes) PLIST.hcrypto= yes .endif @ 1.131 log @heimdal: fix Linux PLIST.hcrypto issue in a more generic way Tested under Debian unstable. PR pkg/53806 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.130 2019/01/06 12:53:56 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 19 @ 1.130 log @heimdal: Fix compilation under WSL This sets the "hcrypto" PLIST variable correct when pkgsrc is used under WSL (Windows Services for Linux). From David Weller-Fahy via PR pkg/53806. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.129 2018/12/09 18:52:07 adam Exp $ d70 2 a71 1 PLIST_VARS+= glob vis a76 15 PLIST_VARS+= hcrypto # Linux does not have include/vis.h and expected include/glob.h. .if ${OPSYS} == "Linux" PLIST.vis= yes PLIST.glob= yes # Without this I get undefined references to pthread_getspecific PTHREAD_AUTO_VARS= yes .if ${OS_VARIANT} == "Microsoft" # On Ubuntu hosted via WSL this is needed to avoid a DESTDIR/PLIST # conflict error. PLIST.hcrypto= yes .endif .endif PLIST_VARS+= afskauth d110 12 @ 1.129 log @revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.128 2018/11/27 23:36:00 sevan Exp $ d76 1 d83 5 d90 1 a90 1 PLIST_VARS+= afskauth hcrypto @ 1.128 log @Support Minix. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.127 2018/07/20 03:33:55 ryoon Exp $ d4 1 a4 1 PKGREVISION= 18 @ 1.127 log @Recursive revbump from textproc/icu-62.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.126 2018/04/14 07:34:00 adam Exp $ d127 5 @ 1.126 log @revbump after icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.125 2017/11/30 16:45:07 adam Exp $ d4 1 a4 1 PKGREVISION= 17 @ 1.125 log @Revbump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.124 2017/09/18 09:53:04 maya Exp $ d4 1 a4 1 PKGREVISION= 16 @ 1.124 log @revbump for requiring ICU 59.x @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.123 2017/04/22 21:03:16 adam Exp $ d4 1 a4 1 PKGREVISION= 15 @ 1.123 log @Revbump after icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.122 2016/12/04 05:17:11 ryoon Exp $ d4 1 a4 1 PKGREVISION= 14 @ 1.122 log @Recursive revbump from textproc/icu 58.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.121 2016/06/02 16:01:12 jperkin Exp $ d4 1 a4 1 PKGREVISION= 13 @ 1.121 log @Explicitly disable extended glob(3C) support on SunOS, despite it being available on newer illumos, as it simplifies PLIST.glob. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.120 2016/04/11 19:01:38 ryoon Exp $ d4 1 a4 1 PKGREVISION= 12 @ 1.120 log @Recursive revbump from textproc/icu 57.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.119 2016/03/09 06:01:09 tnn Exp $ d54 4 @ 1.119 log @fix build on Linux @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.118 2016/03/05 11:27:54 jperkin Exp $ d4 1 a4 1 PKGREVISION= 11 @ 1.118 log @Bump PKGREVISION for security/openssl ABI bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.117 2016/02/25 08:27:04 jperkin Exp $ d76 2 @ 1.117 log @Remove manual OPSYSVARS additions which are now part of the default set. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.116 2015/10/10 01:57:55 ryoon Exp $ d4 1 a4 1 PKGREVISION= 10 @ 1.116 log @Recursive revbump from textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.115 2015/04/06 08:17:17 adam Exp $ a55 1 OPSYSVARS+= CONFIGURE_ENV @ 1.115 log @Revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.114 2014/10/07 16:47:14 adam Exp $ d4 1 a4 1 PKGREVISION= 9 @ 1.114 log @Revbump after updating libwebp and icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.113 2014/07/30 11:05:04 fhajny Exp $ d4 1 a4 1 PKGREVISION= 8 @ 1.113 log @Add runtime dependency on flex (in bin/compile_et). Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.112 2014/04/09 07:26:58 obache Exp $ d4 1 a4 1 PKGREVISION= 7 @ 1.112 log @recursive bump from icu shlib major bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.111 2014/03/22 09:05:24 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 6 d22 1 a22 1 USE_TOOLS+= bison flex @ 1.111 log @The MirBSD stanza was wrong. Moved it below the builtin.mk inclusion and made the conditional more robust. Fixes at least "make describe", let's see if it helps for the bulk build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.110 2014/03/19 13:25:04 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 5 @ 1.110 log @Only build hcrypto on MirBSD if using the builtin OpenSSL. Fixes build now that we have OpenSSL from pkgsrc. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.109 2014/02/20 08:19:43 obache Exp $ a83 9 .if ${OPSYS} == "MirBSD" .if ${USE_BUILTIN.openssl} == "yes" PLIST.hcrypto= yes .endif PLIST.vis= yes # all of the tools need to link against pthread, force it. PTHREAD_AUTO_VARS= yes .endif d113 9 @ 1.109 log @Move check of builtin openssl below to buildlink with openssl and exactly set as checking builtin before including openssl/builtin.mk, so that wanted openssl will be picked up (formerly, BUILTINK_API_DEPENDS.openssl is ignored). Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.108 2014/02/12 23:18:32 tron Exp $ d85 1 d87 1 @ 1.108 log @Recursive PKGREVISION bump for OpenSSL API version bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.107 2013/12/04 10:01:30 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 4 a83 8 .include "../../security/openssl/builtin.mk" .if ${MACHINE_PLATFORM:MNetBSD-[1-3]*} != "" || \ (${OPSYS} == "SunOS" && !empty(USE_BUILTIN.openssl:Myes) && \ !empty(BUILTIN_LIB_FOUND.crypto:M[Nn][Oo])) PLIST.hcrypto= yes .endif d111 9 @ 1.107 log @Fix heimdal build under MirBSD. The three tommath patches (which patch the files into existence) have been included in the source code since heimdal 1.5, so remove them. Compile errors due to missing -pthread in MirBSD were fixed by adding PTHREAD_AUTO_VARS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.106 2013/10/19 09:06:56 adam Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.106 log @Revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.105 2013/10/14 09:55:52 ryoon Exp $ d92 7 @ 1.105 log @Fix pakaging on Linux. vis.h and glob.h are installed on Linux (Debian GNU/Linux 7.1 and CentOS 6.4 at least) * Makefile of Rev 1.100 removes vis.h and glob.h hack. My two Linux environments require vis.h and glob.h entries for PLIST. Set PLIST.vis and PLIST.glob for Linux. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.104 2013/10/11 16:21:40 roy Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.104 log @Heimdal really uses termcap @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.103 2013/08/24 16:45:08 richard Exp $ d73 6 @ 1.103 log @fix PLIST options for solaris, including builtin openssl support @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.102 2013/08/22 21:17:00 joerg Exp $ d4 1 a4 1 PKGREVISION= 1 d106 1 a106 1 .include "../../mk/curses.buildlink3.mk" @ 1.102 log @At least on my systems glob and vis are not installed, so introduce PLIST conditional. Please fix up the setting on your systems. Mark as not MAKE_JOBS_SAFE. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.101 2013/08/16 08:30:14 adam Exp $ d68 4 d81 2 a82 1 (${OPSYS} == "SunOS" && !empty(USE_BUILTIN.openssl:Myes)) @ 1.101 log @Changes 1.5.3: Bug fixes - Fix leaking file descriptors in KDC - Better socket/timeout handling in libkrb5 - General bug fixes - Build fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.100 2013/08/15 11:15:11 jperkin Exp $ d4 1 d19 2 d67 2 @ 1.100 log @Attempt to fix readline fallout. Tested with both READLINE_TYPE on SmartOS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.99 2013/07/15 02:02:28 ryoon Exp $ d3 1 a3 2 DISTNAME= heimdal-1.5.2 PKGREVISION= 8 a17 2 MAKE_JOBS_SAFE= no d42 7 a81 6 # Dynamically determine the "replacement" headers for bits needed by # Heimdal but are missing in the base system and add them to the PLIST. GENERATE_PLIST+= \ ( cd ${WRKSRC}/lib/roken && ${BUILD_MAKE_CMD} print-xheaders | \ ${XARGS} -n 1 | ${SED} -e "s,^,include/krb5/roken/," ); a95 1 .include "../../mk/bdb.buildlink3.mk" d98 1 @ 1.99 log @* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes are replaced with .include "../../devel/readline/buildlink3.mk", and USE_GNU_READLINE are removed, * .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE are replaced with .include "../../mk/readline.buildlink3.mk". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.98 2013/05/09 07:39:19 adam Exp $ d52 3 a54 2 # Heimdal's configure script expects to find the readline.h header as # . d56 3 a58 1 CPPFLAGS+= -I${BUILDLINK_PREFIX.editlinereadline}/include/readline a96 1 .include "../../mk/readline.buildlink3.mk" @ 1.98 log @Massive revbump after updating graphics/ilmbase, graphics/openexr, textproc/icu. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.97 2013/02/06 23:20:59 jperkin Exp $ d54 2 a55 2 CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} CPPFLAGS+= -I${BUILDLINK_PREFIX.readline}/include/readline d94 1 a94 1 .include "../../devel/readline/buildlink3.mk" @ 1.97 log @PKGREVISION bumps for the security/openssl 1.0.1d update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.96 2013/01/26 21:36:45 adam Exp $ d4 1 a4 1 PKGREVISION= 7 @ 1.96 log @Revbump after graphics/jpeg and textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.95 2012/12/16 01:52:32 obache Exp $ d4 1 a4 1 PKGREVISION= 6 @ 1.95 log @recursive bump from cyrus-sasl libsasl2 shlib major bump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.94 2012/11/15 03:32:00 sbd Exp $ d4 1 a4 1 PKGREVISION= 5 @ 1.94 log @When getting a file basename strip any leading directories. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.93 2012/10/23 18:16:30 asau Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.93 log @Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.92 2012/09/09 09:23:06 cheusov Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.92 log @Add CONFLICTS with kth-krb4 (lib/libsl.so) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.91 2012/07/18 09:48:10 jperkin Exp $ a18 2 PKG_DESTDIR_SUPPORT= user-destdir @ 1.91 log @Fix install on at least Solaris. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.90 2012/04/27 12:32:02 obache Exp $ d4 1 a4 1 PKGREVISION= 2 d17 1 @ 1.90 log @Recursive bump from icu shlib major bumped to 49. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.89 2012/03/13 09:04:49 fhajny Exp $ d90 4 @ 1.89 log @On SunOS, heimdal never builds hcrypto when pkgsrc OpenSSL used. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.88 2012/03/11 11:30:06 shattered Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.88 log @PR/39656 -- Use /var/heimdal as hdbdir, not /var. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.87 2012/02/27 12:39:11 asau Exp $ d62 3 d66 1 a66 1 ${OPSYS} == "SunOS" @ 1.87 log @Update to Heimdal 1.5.2 Release Notes - Heimdal - Version Heimdal 1.5.2 Security fixes - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege - Check that key types strictly match - denial of service Release Notes - Heimdal - Version Heimdal 1.5.1 Bug fixes - Fix building on Solaris, requires c99 - Fix building on Windows - Build system updates Release Notes - Heimdal - Version Heimdal 1.5 New features - Support GSS name extensions/attributes - SHA512 support - No Kerberos 4 support - Basic support for MIT Admin protocol (SECGSS flavor) in kadmind (extract keytab) - Replace editline with libedit @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.86 2012/02/15 22:39:54 asau Exp $ d4 1 d37 1 a37 1 CONFIGURE_ARGS+= --with-hdbdir=${HEIMDAL_HDB_DIR:H} @ 1.86 log @Provide access to tests (TEST_TARGET=check). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.85 2012/01/18 14:45:37 adam Exp $ d3 1 a3 2 DISTNAME= heimdal-1.4 PKGREVISION= 3 d90 1 @ 1.85 log @Revbump after db5 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.84 2011/12/30 18:59:05 tez Exp $ d79 2 @ 1.84 log @Fix for CVE-2011-4862 from FreeBSD When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.82 2011/09/14 17:33:00 hans Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.83 log @In OWN_DIRS_PERMS change ROOT_GROUP to REAL_ROOT_GROUP @ text @d4 1 a4 1 PKGREVISION= 1 @ 1.82 log @Fix build on SunOS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.81 2011/07/31 21:21:01 gls Exp $ d67 1 a67 1 OWN_DIRS_PERMS= ${HEIMDAL_HDB_DIR} ${REAL_ROOT_USER} ${ROOT_GROUP} 0700 @ 1.81 log @Adds the symbols _kdc_db_fetch and _kdc_free_ent to global visibility, so that they can be referenced from kdc/digest-service. Fixes build on Dragonfly. From Alex Hornung in PR pkg/45195. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.80 2011/07/08 09:49:21 adam Exp $ d62 2 a63 1 .if ${MACHINE_PLATFORM:MNetBSD-[1-3]*} != "" @ 1.80 log @Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.79 2010/03/23 15:37:56 wiz Exp $ d4 1 @ 1.79 log @Reset maintainer, lost his commit bit. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.78 2010/02/19 20:16:05 joerg Exp $ d3 1 a3 2 DISTNAME= heimdal-1.1 PKGREVISION= 5 d32 2 a33 1 CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} d35 4 a38 1 CONFIGURE_ARGS+= --with-hdbdir=${HEIMDAL_HDB_DIR:H:Q} a39 3 CONFIGURE_ARGS+= --without-krb4 CONFIGURE_ARGS+= --enable-kcm CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} d42 2 a48 1 # a53 1 # a72 1 # d77 7 d87 1 @ 1.78 log @Fix ownership. Bump revision. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.77 2010/01/17 12:02:40 wiz Exp $ d8 1 a8 1 MAINTAINER= lha@@NetBSD.org @ 1.77 log @Recursive PKGREVISION bump for jpeg update to 8. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.76 2009/06/30 00:07:22 joerg Exp $ d4 1 a4 1 PKGREVISION= 4 d65 1 a65 1 OWN_DIRS_PERMS= ${HEIMDAL_HDB_DIR} ${ROOT_USER} ${ROOT_GROUP} 0700 @ 1.76 log @Mark packages as MAKE_JOBS_SAFE=no that failed in a bulk build with MAKE_JOBS=2 and worked without. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.75 2009/06/14 22:58:08 joerg Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.75 log @Remove @@dirrm related logic. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.74 2009/05/20 00:58:26 wiz Exp $ d20 2 @ 1.74 log @Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib major change. Reported by Robert Elz in PR 41345. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.73 2009/05/19 08:59:31 wiz Exp $ d74 1 a74 2 ${XARGS} -n 1 | ${SED} -e "s,^,include/krb5/roken/," ); \ ${ECHO} "@@dirrm include/krb5"; @ 1.73 log @Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT block). Uncomment some commented out LICENSE lines while here. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.72 2009/02/01 21:39:43 shattered Exp $ d4 1 a6 1 PKGREVISION= 2 @ 1.72 log @heimdal leaves empty directories after deinstallation, fix that. OK by wiz@@. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.71 2008/05/14 18:01:26 jwise Exp $ d11 1 a17 2 #LICENSE= modified-bsd @ 1.71 log @libhcrypto.la only seems to get installed if we're building on 3.x or older, so make it only end up in the PLIST if that is the case. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.70 2008/05/05 02:26:03 jwise Exp $ d6 1 a6 1 PKGREVISION= 1 d68 1 a68 1 INFO_FILES= # PLIST @ 1.70 log @Add missing library (libhcrypto) to PLIST, allowing sudo to build against this heimdal on 3.x. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.69 2008/04/12 22:43:09 jlam Exp $ d56 1 a56 1 PLIST_VARS+= afskauth d60 3 @ 1.69 log @Convert to use PLIST_VARS instead of manually passing "@@comment " through PLIST_SUBST to the plist module. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.68 2008/03/04 22:37:46 jlam Exp $ d6 1 @ 1.68 log @As of revision 1.2 of termcap.buildlink3.mk, "-ltermcap" is automatically transformed into the correct set of libraries, so we no longer need to override the configure script's check for which library has tgetent(). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.67 2008/03/02 06:41:32 jlam Exp $ d55 1 d57 1 a57 3 PLIST_SUBST+= IF_IRIX="" .else PLIST_SUBST+= IF_IRIX="@@comment " @ 1.67 log @The "missing-from-system" headers that Heimdal installs are now placed into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5. This is good because it reduces the likelihood of a conflict with any other similarly named headers if you simply add -I${PREFIX}/include/krb5 to the compiler command line. Patch from PR pkg/38119 by charlie. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.66 2008/02/29 22:41:13 jlam Exp $ d50 1 a50 2 # . Also force the configure script to use the terminal # library needed by the readline library. a51 1 CONFIGURE_ENV+= ac_cv_funclib_tgetent=${BUILDLINK_LDADD.termcap:Q} @ 1.66 log @Rename termlib.* to termcap.* to better document exactly what packages are trying to use (the termcap t*() API). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.65 2008/02/28 08:14:41 jlam Exp $ d74 1 a74 1 ${XARGS} -n 1 | ${SED} -e "s,^,include/krb5/," ); \ @ 1.65 log @Update security/heimdal to version 1.1. Changes from version 0.7.2 include: * Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.64 2008/01/18 05:09:37 tnn Exp $ d53 1 a53 1 CONFIGURE_ENV+= ac_cv_funclib_tgetent=${BUILDLINK_LDADD.termlib:Q} @ 1.64 log @Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@@ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.63 2007/02/20 10:17:14 rillig Exp $ d3 1 a3 2 DISTNAME= heimdal-0.7.2 PKGREVISION= 4 d5 1 a5 2 MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/ d8 1 a8 1 HOMEPAGE= http://www.pdc.kth.se/heimdal/ d16 3 a18 1 PKG_INSTALLATION_TYPES= overwrite pkgviews d22 1 d25 4 a28 1 HEIMDAL_STATEDIR?= ${VARBASE}/heimdal a31 1 CONFIGURE_ARGS+= --localstatedir=${HEIMDAL_STATEDIR:Q} d33 1 d37 3 d45 1 a48 9 # Force building and installing Heimdal's own compile_et. CONFIGURE_ENV+= COMPILE_ET=no .include "../../mk/bsd.prefs.mk" .if defined(ABI) CONFIGURE_ARGS+= --with-mips-abi=${ABI} .endif d50 2 a51 1 # . d53 1 a55 43 BROKEN_READLINE_DETECTION= yes .include "../../devel/readline/buildlink3.mk" CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} .include "../../security/openssl/buildlink3.mk" PKG_OPTIONS_VAR= PKG_OPTIONS.heimdal PKG_SUPPORTED_OPTIONS= kerberos-prefix-cmds ldap .include "../../mk/bsd.options.mk" .if !empty(PKG_OPTIONS:Mldap) . include "../../databases/openldap-client/buildlink3.mk" CONFIGURE_ARGS+= --with-openldap=${BUILDLINK_PREFIX.openldap-client} PLIST_SUBST+= LDAP="" post-install: heimdal-ldap-schema heimdal-ldap-schema: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/heimdal ${INSTALL_DATA} ${WRKSRC}/lib/hdb/hdb.schema \ ${PREFIX}/share/examples/heimdal .else PLIST_SUBST+= LDAP="@@comment " .endif # Rename some of Heimdal's applications so they won't conflict with # other packages. # .if !empty(PKG_OPTIONS:Mkerberos-prefix-cmds) KRB5_PREFIX= k HEIMDAL_TRANSFORM= s/^ftp/${KRB5_PREFIX}&/; \ s/^login/${KRB5_PREFIX}&/; \ s/^${KRB5_PREFIX}login.access/login.access/; \ s/^rcp/${KRB5_PREFIX}&/; \ s/^rsh/${KRB5_PREFIX}&/; \ s/^su/${KRB5_PREFIX}&/; \ s/^telnet/${KRB5_PREFIX}&/ .else KRB5_PREFIX= # empty HEIMDAL_TRANSFORM= s/^ftp/k&/ .endif PLIST_SUBST+= KRB5_PREFIX=${KRB5_PREFIX:Q} CONFIGURE_ARGS+= --program-transform-name=${HEIMDAL_TRANSFORM:Q} d63 2 a64 1 OWN_DIRS_PERMS= ${HEIMDAL_STATEDIR} ${ROOT_USER} ${ROOT_GROUP} 0700 d69 2 a70 2 # Dynamically determine the "replacement" headers for things missing # in the base system and add them to the PLIST. d73 1 a73 1 ( cd ${WRKSRC}/lib/roken && ${MAKE_PROGRAM} print-xheaders | \ d77 2 a78 14 # Fix some places in the Heimdal sources that don't point to the correct # Kerberized binaries when exec'ing programs. # SUBST_CLASSES+= heimdal SUBST_STAGE.heimdal= pre-configure SUBST_FILES.heimdal= appl/rcp/rcp.c appl/rcp/rcp_locl.h \ appl/rsh/rsh_locl.h \ appl/telnet/telnetd/telnetd.h SUBST_SED.heimdal= \ -e "/RSH_PROGRAM/s,rsh,${KRB5_PREFIX}rsh,g" \ -e "/PATH_RSH/s,\"/usr/bin/rsh\",BINDIR \"${KRB5_PREFIX}rsh\",g" \ -e "/PATH_RSH/s,/rsh,/${KRB5_PREFIX}rsh,g" \ -e "/PATH_LOGIN/s,/login,/${KRB5_PREFIX}login,g" a79 8 pre-configure: cd ${WRKSRC}; for f in lib/hdb/hdb.h; do \ ${SED} -e "s|/var/heimdal|${HEIMDAL_STATEDIR}|g" \ $$f > $$f.new; \ ${MV} -f $$f.new $$f; \ done @ 1.63 log @Fixed the build on IRIX 6.5. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.62 2006/08/09 17:58:09 salo Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.62 log @Security fix for SA21436: "A security issue has been reported in Heimdal, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled rcp application. This may be exploited to perform certain actions with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21436/ http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.61 2006/07/05 04:39:14 jlam Exp $ d46 4 d99 6 @ 1.61 log @Back out previous and do the same thing more generally for all platforms. Since the heimdal install process will install additional headers in ${PREFIX}/include/krb5 depending on what the configure process detects, simply query the source Makefile at install-time for the extra headers that it will install and dynamically add them to the PLIST. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.60 2006/07/02 13:53:28 markd Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.60 log @Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with heimdal, so heimdal installs its own. Add them in PLIST.SunOS Fixes PR pkg/33656. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.59 2006/05/31 18:22:26 ghen Exp $ d100 8 @ 1.59 log @The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.58 2006/05/15 09:17:14 minskim Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.59.2.1 log @Pullup ticket 1784 - requested by salo security fix for heimdal Revisions pulled up: - pkgsrc/security/heimdal/Makefile 1.60-1.62 - pkgsrc/security/heimdal/distinfo 1.20-1.21 - pkgsrc/security/heimdal/PLIST 1.11 - pkgsrc/security/heimdal/PLIST.Linux removed - pkgsrc/security/heimdal/patches/patch-al 1.1 - pkgsrc/security/heimdal/patches/patch-am 1.1 - pkgsrc/security/heimdal/patches/patch-an 1.1 - pkgsrc/security/heimdal/patches/patch-ao 1.1 - pkgsrc/security/heimdal/patches/patch-ap 1.1 - pkgsrc/security/heimdal/patches/patch-aq 1.1 Module Name: pkgsrc Committed By: markd Date: Sun Jul 2 13:53:28 UTC 2006 Modified Files: pkgsrc/security/heimdal: Makefile Added Files: pkgsrc/security/heimdal: PLIST.SunOS Log Message: Solaris does not have err.h, glob.h, ifaddrs.h and vis.h compatible with heimdal, so heimdal installs its own. Add them in PLIST.SunOS Fixes PR pkg/33656. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: jlam Date: Wed Jul 5 04:39:15 UTC 2006 Modified Files: pkgsrc/security/heimdal: Makefile PLIST distinfo Added Files: pkgsrc/security/heimdal/patches: patch-al Removed Files: pkgsrc/security/heimdal: PLIST.Linux PLIST.SunOS Log Message: Back out previous and do the same thing more generally for all platforms. Since the heimdal install process will install additional headers in ${PREFIX}/include/krb5 depending on what the configure process detects, simply query the source Makefile at install-time for the extra headers that it will install and dynamically add them to the PLIST. --- Module Name: pkgsrc Committed By: salo Date: Wed Aug 9 17:58:09 UTC 2006 Modified Files: pkgsrc/security/heimdal: Makefile distinfo Added Files: pkgsrc/security/heimdal/patches: patch-am patch-an patch-ao patch-ap patch-aq Log Message: Security fix for SA21436: "A security issue has been reported in Heimdal, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled rcp application. This may be exploited to perform certain actions with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21436/ http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.62 2006/08/09 17:58:09 salo Exp $ d4 1 a4 1 PKGREVISION= 3 a99 8 # Dynamically determine the "replacement" headers for things missing # in the base system and add them to the PLIST. # GENERATE_PLIST+= \ ( cd ${WRKSRC}/lib/roken && ${MAKE_PROGRAM} print-xheaders | \ ${XARGS} -n 1 | ${SED} -e "s,^,include/krb5/," ); \ ${ECHO} "@@dirrm include/krb5"; @ 1.58 log @Linux does not have glob.h and vis.h compatible with heimdal, so heimdal installs its own glob.h and vis.h. Add them to PLIST.Linux. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.57 2006/05/06 01:05:51 minskim Exp $ d63 2 a64 2 . include "../../databases/openldap/buildlink3.mk" CONFIGURE_ARGS+= --with-openldap=${BUILDLINK_PREFIX.openldap} @ 1.57 log @This package requires flex to build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.56 2006/03/31 23:44:39 jlam Exp $ d4 1 @ 1.56 log @heimdal and gss conflict because they install a common set of manpages for the gss_* functions. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.55 2006/03/30 03:44:43 jlam Exp $ d20 1 a20 1 USE_TOOLS+= bison @ 1.55 log @* Honor PKGINFODIR. * List the info files directly in the PLIST. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.54 2006/02/07 12:20:52 lha Exp $ d15 1 @ 1.54 log @http://www.pdc.kth.se/heimdal/releases/0.7.2/ http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.53 2006/01/25 03:47:51 jlam Exp $ d96 1 a96 1 INFO_FILES= heimdal.info @ 1.53 log @Force Heimdal to compile its own compile_et by telling the configure script not to find any system-installed compile_et. (This should really be done by using our own PATH that doesn't include any system paths, but we're not quite ready to do that yet.) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.52 2006/01/24 18:56:23 wiz Exp $ d3 1 a3 2 DISTNAME= heimdal-0.7.1 PKGREVISION= 2 @ 1.52 log @security/heimdal and net/openafs conflict because of: bin/compile_et bin/kpasswd bin/pagsh Addresses PR 32610 and PR 32612 by Ola Eriksson. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.51 2006/01/24 18:55:21 wiz Exp $ d40 3 @ 1.51 log @security/heimdal and arla conflict with each other because of: bin/mk_cmds lib/libroken.la lib/libsl.la lib/libss.la man/man3/arg_printusage.3 man/man3/getarg.3 Addresses PR 32610 and PR 32611 by Ola Eriksson. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.50 2005/12/29 06:22:09 jlam Exp $ d15 1 @ 1.50 log @Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.49 2005/12/21 04:17:49 jlam Exp $ d13 1 @ 1.49 log @Add a non-conflicting definition for load_rc_config_var so that platforms with older versions of /etc/rc.subr can run smbd.sh and winbindd.sh without updating /etc/rc.subr. Bump PKGREVISION to 2. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.48 2005/12/05 23:55:17 rillig Exp $ a88 1 USE_PKGINSTALL= yes @ 1.49.2.1 log @Pullup ticket 1106 - requested by Love Hornquist Astrand security update for heimdal Revisions pulled up: - pkgsrc/security/heimdal/Makefile 1.54 - pkgsrc/security/heimdal/distinfo 1.19 - pkgsrc/security/heimdal/patches/patch-ab removed - pkgsrc/security/heimdal/patches/patch-ak removed - pkgsrc/security/heimdal/patches/patch-ae removed - pkgsrc/security/heimdal/patches/patch-af removed - pkgsrc/security/heimdal/patches/patch-ag removed - pkgsrc/security/heimdal/patches/patch-ah removed - pkgsrc/security/heimdal/patches/patch-ai removed - pkgsrc/security/heimdal/patches/patch-aj removed Module Name: pkgsrc Committed By: lha Date: Tue Feb 7 12:20:52 UTC 2006 Modified Files: pkgsrc/security/heimdal: Makefile distinfo Removed Files: pkgsrc/security/heimdal/patches: patch-ab patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak Log Message: http://www.pdc.kth.se/heimdal/releases/0.7.2/ http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.54 2006/02/07 12:20:52 lha Exp $ d3 2 a4 1 DISTNAME= heimdal-0.7.2 @ 1.48 log @Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.47 2005/12/05 20:50:56 rillig Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.47 log @Fixed pkglint warnings. The warnings are mostly quoting issues, for example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.46 2005/10/26 16:44:24 jlam Exp $ d24 2 a25 2 CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --localstatedir=${HEIMDAL_STATEDIR} d48 1 a48 1 CONFIGURE_ARGS+= --with-openssl=${SSLBASE} d87 1 a87 1 CONFIGURE_ARGS+= --program-transform-name="${HEIMDAL_TRANSFORM}" @ 1.46 log @Pull in change from Heimdal CVS committed on 20051012 where the field in a publicly-exported structure was renamed from "private" to "opt_private". This allows to be used by C++ compilers. Bump the PKGREVISION to 1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.45 2005/10/26 15:12:45 jlam Exp $ d86 1 a86 1 PLIST_SUBST+= KRB5_PREFIX=${KRB5_PREFIX} @ 1.45 log @Update security/heimdal to 0.7.1 (approved by lha). We drop support for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.44 2005/10/25 01:17:57 rillig Exp $ d4 1 @ 1.44 log @Solaris 9 has a header, but it is very different to the BSD header, which is expected by heimdal. Now the package builds on Solaris 9. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43 2005/10/05 13:29:50 wiz Exp $ d3 1 a3 2 DISTNAME= heimdal-0.6.5 PKGREVISION= 2 d18 1 d28 1 d30 1 a30 1 CFLAGS.Darwin+= -DBIND_8_COMPAT d43 1 a43 1 BUILDLINK_INCDIRS.readline= include/readline a47 1 USE_OLD_DES_API= yes d51 1 a51 1 PKG_SUPPORTED_OPTIONS= db4 ldap kerberos-prefix-cmds a54 6 .if !empty(PKG_OPTIONS:Mdb4) . include "../../databases/db4/buildlink3.mk" .else . include "../../mk/bdb.buildlink3.mk" .endif d58 9 d90 2 a91 1 RCD_SCRIPTS= kdc d108 2 @ 1.43 log @Remove some more *LEGACY* settings that are over a month old and thus were before 2005Q3. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.42 2005/08/23 14:07:25 reed Exp $ d31 5 @ 1.42 log @Include sys/types.h. This fixes configure on DragonFly. Bump PKGREVISION. Okayed by lha@@. I tested on Linux and DragonFly. I got this from Joerg Sonnenberger. On DragonFly, the configure errored like: /usr/include/openssl/md5.h:110: error: syntax error before "size_t" In file included from conftest.c:34: /usr/include/openssl/sha.h:109: error: syntax error before "size_t" This caused tests to break and it ended up building and installing libdes and des.h, md4.h, and related headers. So later libgssapi needed this libdes which was not buildlinked which broke kdelibs3 build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.41 2005/08/04 16:50:18 tonio Exp $ a46 2 PKG_OPTIONS_LEGACY_VARS+= KERBEROS_PREFIX_CMDS:kerberos-prefix-cmds PKG_OPTIONS_LEGACY_OPTS+= prefix-cmds:kerberos-prefix-cmds @ 1.41 log @Add patch-aa to make heimdal compile with gcc-4 (default with darwin 8) This patch is the same as revision 1.3 of /cvsroot/src/crypto/dist/heimdal/lib/asn1/gen_glue.c by matt@@ those cvs log: Don't emit struct units [] anymore. emit a struct units * const foo and in the C file initialize that to the static list. Bump pkgrevision: it changes the binary package on gcc<4 platforms approved by wiz@@ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2005/06/20 09:51:02 lha Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.40 log @Update to Heimdal 0.6.5 Changes in release 0.6.5 * fix vulnerabilities in telnetd * unbreak Kerberos 4 and kaserver @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.39 2005/06/01 02:49:39 yyamano Exp $ d4 1 @ 1.39 log @Make this build on Darwin. This fixes PR pkg/29147. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2005/05/31 11:31:07 dillo Exp $ d3 1 a3 1 DISTNAME= heimdal-0.6.4 @ 1.38 log @Rename option prefix-cmds to kerberos-prefix-cmds. Backwards compatibility provided via PKG_OPTIONS_LEGACY_OPTS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2005/05/31 10:01:39 dillo Exp $ d28 2 @ 1.37 log @Packages have no business modifying PKG_DEFAULT_OPTIONS -- it's a user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also, make use of PKG_OPTIONS_LEGACY_VARS. Reviewed by wiz. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2005/05/22 20:08:30 jlam Exp $ d43 3 a45 2 PKG_SUPPORTED_OPTIONS= db4 ldap prefix-cmds PKG_OPTIONS_LEGACY_VARS+= KERBEROS_PREFIX_CMDS:prefix-cmds d63 1 a63 1 .if !empty(PKG_OPTIONS:Mprefix-cmds) @ 1.36 log @Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions: USE_GNU_TOOLS -> USE_TOOLS awk -> gawk m4 -> gm4 make -> gmake sed -> gsed yacc -> bison @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2005/04/21 14:35:47 lha Exp $ a41 4 .if defined(KERBEROS_PREFIX_CMDS) && !empty(KERBEROS_PREFIX_CMDS:M[yY][eE][sS]) PKG_DEFAULT_OPTIONS+= prefix-cmds .endif d44 2 @ 1.35 log @Update to Heimdal 0.6.4. While I'm here, claim maintainership of this package. Also please pkglint. Changes in heimdal 0.6.4 include: * fix vulnerabilities in telnet * rshd: encryption without a separate error socket should now work * telnet now uses appdefaults for the encrypt and forward/forwardable settings * bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2005/04/21 14:00:36 wiz Exp $ d17 1 a17 1 USE_GNU_TOOLS+= yacc @ 1.34 log @lha agreed to maintain this package. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2005/04/11 21:47:12 tv Exp $ d3 1 a3 2 DISTNAME= heimdal-0.6.3 PKGREVISION= 3 d100 1 a100 1 cd ${WRKSRC}; for file in lib/hdb/hdb.h; do \ d102 2 a103 2 $$file > $$file.new; \ ${MV} -f $$file.new $$file; \ @ 1.33 log @Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2004/12/28 02:47:49 reed Exp $ d9 1 a9 1 MAINTAINER= tech-pkg@@NetBSD.org @ 1.32 log @The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.31 2004/12/23 14:43:28 jlam Exp $ a16 1 USE_BUILDLINK3= yes @ 1.32.2.1 log @Pullup ticket 458 - requested by Love Hornquist-Astrand security fix for heimdal Revisions pulled up: - pkgsrc/security/heimdal/Makefile 1.34-1.35 - pkgsrc/security/heimdal/PLIST 1.7 - pkgsrc/security/heimdal/distinfo 1.11 - pkgsrc/security/heimdal/patches/patch-ae removed Module Name: pkgsrc Committed By: wiz Date: Thu Apr 21 14:00:36 UTC 2005 Modified Files: pkgsrc/security/heimdal: Makefile Log Message: lha agreed to maintain this package. --- Module Name: pkgsrc Committed By: lha Date: Thu Apr 21 14:35:47 UTC 2005 Modified Files: pkgsrc/security/heimdal: Makefile PLIST distinfo Removed Files: pkgsrc/security/heimdal/patches: patch-ae Log Message: Update to Heimdal 0.6.4. While I'm here, claim maintainership of this package. Also please pkglint. Changes in heimdal 0.6.4 include: * fix vulnerabilities in telnet * rshd: encryption without a separate error socket should now work * telnet now uses appdefaults for the encrypt and forward/forwardable settings * bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2005/04/21 14:35:47 lha Exp $ d3 2 a4 1 DISTNAME= heimdal-0.6.4 d9 1 a9 1 MAINTAINER= lha@@NetBSD.org d102 1 a102 1 cd ${WRKSRC}; for f in lib/hdb/hdb.h; do \ d104 2 a105 2 $$f > $$f.new; \ ${MV} -f $$f.new $$f; \ @ 1.31 log @Enable building heimdal with the "ldap" option to allow using an LDAP server as a datastore for the KDC. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2004/12/04 03:59:26 jlam Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.30 log @Set USE_OLD_DES_API and replace custom changes to work with NetBSD-2.0's OpenSSL, with patches to use . @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2004/11/28 19:19:52 jlam Exp $ d49 1 a49 1 PKG_SUPPORTED_OPTIONS= db4 prefix-cmds #ldap d58 4 a61 5 # XXX Using Heimdal with an LDAP backend isn't supported yet. #.if !empty(PKG_OPTIONS:Mldap) #. include "../../databases/openldap/buildlink3.mk" #CONFIGURE_ARGS+= --with-openldap=${BUILDLINK_PREFIX.openldap} #.endif @ 1.29 log @Remove pre-buildlink and post-buildlink as part of getting pkgsrc ready for pkgsrc-2004Q4. The "buildlink" phase was removed for the last branch, and this is the final cleanup. "post-buildlink" is now "post-wrapper". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2004/11/19 23:16:02 jlam Exp $ d41 1 a101 16 # The configure script only groks the OpenSSL 0.9.6 DES API, so make the # newer OpenSSL releases look more like the old one. # post-wrapper: if ${GREP} -q des_cblock ${SSLBASE}/include/openssl/des.h 2>/dev/null; then \ : ; \ else \ ${MKDIR} -p ${BUILDLINK_DIR}/include/openssl; \ if [ -f ${SSLBASE}/include/openssl/des_old.h ]; then \ src="${SSLBASE}/include/openssl/des_old.h"; \ else \ src="${SSLBASE}/include/des.h"; \ fi; \ ${LN} -fs $$src ${BUILDLINK_DIR}/include/openssl; \ fi @ 1.28 log @Correctly detect the old DES API in the OpenSSL in NetBSD's base install. This prevents Heimdal from building and installing its own DES library and headers. Bump the PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2004/11/15 14:56:36 jlam Exp $ d104 1 a104 1 post-buildlink: @ 1.27 log @Add a new variable BROKEN_READLINE_DETECTION which should be set to yes/no by a package Makefile, depending on whether the configure process properly detects the additional libraries needed to link against -lreadline (typically, you need either "-lreadline -ltermcap", or "-lreadline -lcurses" to properly link against -lreadline). If this variable is set to "yes", then we automatically expand "-lreadline" into "-lreadline -l". BROKEN_READLINE_DETECTION defaults to "no". Set BROKEN_READLINE_DETECTION to "yes" in security/heimdal and remove the custom logic that did the same work. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2004/11/09 19:48:52 jlam Exp $ d4 1 a4 1 PKGREVISION= 1 d101 16 @ 1.26 log @Fix location of heimdal mirror at ftp.sunet.se. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2004/10/19 04:01:13 reed Exp $ d33 1 a33 4 # . Also, the configure script checks for some libraries # in the wrong order, since -lreadline also needs either -ltermcap, # -lcurses, -lncurses in the link command to resolve all symbols used # in the readline library. d35 1 d37 1 a37 1 BUILDLINK_TRANSFORM+= l:readline:readline:${READLINE_TERMLIB} a38 4 CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} OPSYSVARS+= READLINE_TERMLIB READLINE_TERMLIB.Linux= curses READLINE_TERMLIB.*= termcap @ 1.25 log @This needs a yacc. So used: USE_GNU_TOOLS+= yacc (But it didn't necessarily need a GNU version.) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2004/10/03 00:18:09 tv Exp $ d7 1 a7 1 ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/pub/heimdal/src/ @ 1.24 log @Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2004/09/22 08:09:52 jlam Exp $ d19 1 @ 1.23 log @Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST. All library names listed by *.la files no longer need to be listed in the PLIST, e.g., instead of: lib/libfoo.a lib/libfoo.la lib/libfoo.so lib/libfoo.so.0 lib/libfoo.so.0.1 one simply needs: lib/libfoo.la and bsd.pkg.mk will automatically ensure that the additional library names are listed in the installed package +CONTENTS file. Also make LIBTOOLIZE_PLIST default to "yes". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2004/09/15 04:53:21 jlam Exp $ d4 1 @ 1.22 log @The configure script checks for some libraries the wrong order, since -lreadline also needs either -ltermcap, -lcurses, -lncurses in the link command to resolve all symbols used in the readline library. Cause one of these libraries to automatically be added whenever "-lreadline" appears on the command line. This is a generalization of the change in revision 1.6 to work on more operating systems. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2004/09/14 14:41:34 jlam Exp $ a17 1 LIBTOOLIZE_PLIST= yes @ 1.21 log @Update security/heimdal to 0.6.3. Changes from version 0.6.1 include: * fix vulnerabilities in ftpd * support for linux AFS /proc "syscalls" * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd * fix possible KDC denial of service * Fix possible buffer overrun in v4 kadmin (which now defaults to off) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2004/08/22 19:32:52 jlam Exp $ d29 2 d32 4 a35 1 # . d38 1 d41 3 a43 1 LIBS.SunOS= -ltermcap @ 1.20 log @Change the way that legacy USE_* and FOO_USE_* options are converted into the bsd.options.mk framework. Instead of appending to ${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes the default options to be the union of PKG_DEFAULT_OPTIONS and any old USE_* and FOO_USE_* settings. This fixes PR pkg/26590. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2004/08/05 16:28:45 jlam Exp $ d3 1 a3 2 DISTNAME= heimdal-0.6.1 PKGREVISION= 1 d5 1 a5 1 MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ d18 1 @ 1.19 log @It's PKG_OPTIONS.heimdal, not PKG_OPTIONS.mit-krb5. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2004/07/30 21:05:42 jlam Exp $ d40 2 a41 10 # Global and legacy options .if defined(USE_DB4) || defined(KERBEROS_PREFIX_CMDS) . if !defined(PKG_OPTIONS.heimdal) . if defined(USE_DB4) && !empty(USE_DB4:M[yY][eE][sS]) PKG_OPTIONS.heimdal+= db4 . endif . if defined(KERBEROS_PREFIX_CMDS) && !empty(KERBEROS_PREFIX_CMDS:M[yY][eE][sS]) PKG_OPTIONS.heimdal+= prefix-cmds . endif . endif @ 1.18 log @Convert to use bsd.options.mk. The relevant options variable to set for each package can be determined by invoking: make show-var VARNAME=PKG_OPTIONS_VAR The old options are still supported unless the variable named in PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2004/07/24 14:01:20 jlam Exp $ d42 1 a42 1 . if !defined(PKG_OPTIONS.mit-krb5) d44 1 a44 1 PKG_OPTIONS.mit-krb5+= db4 d47 1 a47 1 PKG_OPTIONS.mit-krb5+= prefix-cmds @ 1.17 log @Honor VARBASE; bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2004/06/25 15:44:30 jlam Exp $ d37 20 a56 2 BUILD_DEFS+= USE_DB4 .if defined(USE_DB4) && !empty(USE_DB4:M[yY][eE][sS]) a61 3 CONFIGURE_ARGS+= --with-openssl=${SSLBASE} .include "../../security/openssl/buildlink3.mk" d63 1 a63 2 #BUILD_DEFS+= HEIMDAL_USE_LDAP #.if defined(HEIMDAL_USE_LDAP) && !empty(HEIMDAL_USE_LDAP:M[yY][eE][sS]) d71 1 a71 2 BUILD_DEFS+= KERBEROS_PREFIX_CMDS .if !empty(KERBEROS_PREFIX_CMDS:M[yY][eE][sS]) @ 1.16 log @Cede maintainership to the hard-working people on tech-pkg@@NetBSD.org. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2004/06/25 15:42:52 jlam Exp $ d4 1 d20 1 a20 1 HEIMDAL_STATEDIR?= /var/heimdal @ 1.15 log @Whitespace nits. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2004/04/01 20:51:50 jlam Exp $ d8 1 a8 1 MAINTAINER= jlam@@NetBSD.org @ 1.14 log @There is no PKGREVISION less than 1. Just remove it in this case. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2004/04/01 18:42:25 joda Exp $ d3 8 a10 8 DISTNAME= heimdal-0.6.1 CATEGORIES= security MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/pub/heimdal/src/ MAINTAINER= jlam@@NetBSD.org HOMEPAGE= http://www.pdc.kth.se/heimdal/ COMMENT= Kerberos 5 implementation d12 1 a12 1 CONFLICTS+= mit-krb5-[0-9]* d38 1 a38 1 .include "../../databases/db4/buildlink3.mk" d40 1 a40 1 .include "../../mk/bdb.buildlink3.mk" @ 1.13 log @Update to 0.6.1: * Fixed cross realm vulnerability * Fixed ARCFOUR suppport * kdc: fix denial of service attack * kdc: stop clients from renewing tickets into the future * bug fixes @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2004/03/29 17:22:26 jlam Exp $ a3 1 PKGREVISION= 0 @ 1.12 log @Note the info file for the new info file handling framework. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2004/03/28 01:00:11 jlam Exp $ d3 2 a4 2 DISTNAME= heimdal-0.6 PKGREVISION= 3 d7 1 a7 2 ftp://ftp.pdc.kth.se/pub/heimdal/src/old/ \ ftp://ftp.pdc.kth.se/pub/heimdal/src/snapshots/ @ 1.11 log @Fix the Kerberized telnetd and rsh to use the Heimdal binaries for login and rsh so that the correct programs (and not the system ones) are executed. Bump the PKGREVISION to 3. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2004/03/26 18:48:52 jlam Exp $ d78 1 @ 1.10 log @Reverse the use of USE_DB185 in bdb.buildlink3.mk -- it defaults to "yes" and packages that can't use the DB-1.85 API should set it to "no". This makes the native DB the preferred DB if it exists. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2004/03/26 02:27:52 wiz Exp $ d4 1 a4 1 PKGREVISION= 2 d60 8 a67 5 HEIMDAL_TRANSFORM= s/^ftp/k&/; \ s/^login/k&/;s/^klogin.access/login.access/; \ s/^rcp/k&/;s/^rsh/k&/; \ s/^su/k&/;s/^telnet/k&/ PLIST_SUBST+= KRB5_PREFIX=k d69 1 a70 1 PLIST_SUBST+= KRB5_PREFIX= d72 1 d79 14 @ 1.9 log @PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2004/03/10 18:07:16 jlam Exp $ a41 1 USE_DB185= yes @ 1.8 log @Convert to use bdb.buildlink3.mk. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2004/02/23 12:35:11 wiz Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.7 log @Let the rc.d script start kdc detached, as is the default for the in-tree kdc. From Jukka Salmi in PR 24489, ok'd by lukem@@. Bump PKGREVISION to 1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2004/02/22 11:59:50 markd Exp $ d43 1 a43 1 .include "../../databases/db/buildlink3.mk" @ 1.6 log @configure looks for and finds -ltermcap too late in the process for it to be linked in when testing -lreadline usability so that test fails on Solaris - so pass that lib into configure at the start via the environment. Also allow optional use of db4 rather that db. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2004/02/14 17:21:52 jlam Exp $ d4 1 @ 1.5 log @LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that are automatically handled by the default setting in bsd.pkg.mk. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2004/01/15 12:48:00 jlam Exp $ d35 1 d37 4 d43 1 @ 1.4 log @Support a new yes/no variable "KERBEROS_PREFIX_CMDS" that can be used by Kerberos implementation packages to decide whether to prefix certain commands with a "k" to differentiate it from system tools with similar names. KERBEROS_PREFIX_CMDS defaults to "no". @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2004/01/11 00:00:28 jlam Exp $ a18 1 LIBTOOL_OVERRIDE= ${WRKSRC}/libtool @ 1.3 log @Note CONFLICT with forthcoming mit-krb5 package. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2004/01/10 21:59:29 jlam Exp $ d43 1 a43 1 # XXX Using heimdal with an LDAP backend isn't supported yet. d50 2 a51 2 # Rename heimdal's ftp/ftpd to kftp/kftpd so we don't conflict with # net/tnftp and net/tnftpd. d53 12 a64 2 CONFIGURE_ARGS+= --program-transform-name=${HEIMDAL_TRANSFORM} HEIMDAL_TRANSFORM= "s/^ftp/kftp/" @ 1.2 log @Add a rc.d script to start the kdc daemon on the Kerberos master server. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $ d13 2 @ 1.1 log @Initial revision @ text @d1 1 a1 1 # $NetBSD$ d56 1 @ 1.1.1.1 log @Initial import of heimdal-0.6 into security/heimdal. Heimdal is a free implementation of Kerberos 5. Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is "unsafe". Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). All principals share a secret password (or key) with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Thus trusting the Kerberos server, users and services can authenticate each other. @ text @@