head 1.74; access; symbols pkgsrc-2023Q4:1.74.0.2 pkgsrc-2023Q4-base:1.74 pkgsrc-2023Q3:1.72.0.2 pkgsrc-2023Q3-base:1.72 pkgsrc-2023Q2:1.71.0.2 pkgsrc-2023Q2-base:1.71 pkgsrc-2023Q1:1.70.0.4 pkgsrc-2023Q1-base:1.70 pkgsrc-2022Q4:1.70.0.2 pkgsrc-2022Q4-base:1.70 pkgsrc-2022Q3:1.68.0.2 pkgsrc-2022Q3-base:1.68 pkgsrc-2022Q2:1.67.0.2 pkgsrc-2022Q2-base:1.67 pkgsrc-2022Q1:1.66.0.4 pkgsrc-2022Q1-base:1.66 pkgsrc-2021Q4:1.66.0.2 pkgsrc-2021Q4-base:1.66 pkgsrc-2021Q3:1.64.0.4 pkgsrc-2021Q3-base:1.64 pkgsrc-2021Q2:1.64.0.2 pkgsrc-2021Q2-base:1.64 pkgsrc-2021Q1:1.63.0.4 pkgsrc-2021Q1-base:1.63 pkgsrc-2020Q4:1.63.0.2 pkgsrc-2020Q4-base:1.63 pkgsrc-2020Q3:1.62.0.4 pkgsrc-2020Q3-base:1.62 pkgsrc-2020Q2:1.62.0.2 pkgsrc-2020Q2-base:1.62 pkgsrc-2020Q1:1.60.0.2 pkgsrc-2020Q1-base:1.60 pkgsrc-2019Q4:1.59.0.4 pkgsrc-2019Q4-base:1.59 pkgsrc-2019Q3:1.58.0.4 pkgsrc-2019Q3-base:1.58 pkgsrc-2019Q2:1.58.0.2 pkgsrc-2019Q2-base:1.58 pkgsrc-2019Q1:1.57.0.4 pkgsrc-2019Q1-base:1.57 pkgsrc-2018Q4:1.57.0.2 pkgsrc-2018Q4-base:1.57 pkgsrc-2018Q3:1.56.0.2 pkgsrc-2018Q3-base:1.56 pkgsrc-2018Q2:1.55.0.2 pkgsrc-2018Q2-base:1.55 pkgsrc-2018Q1:1.54.0.4 pkgsrc-2018Q1-base:1.54 pkgsrc-2017Q4:1.54.0.2 pkgsrc-2017Q4-base:1.54 pkgsrc-2017Q3:1.53.0.4 pkgsrc-2017Q3-base:1.53 pkgsrc-2017Q2:1.52.0.2 pkgsrc-2017Q2-base:1.52 pkgsrc-2017Q1:1.51.0.4 pkgsrc-2017Q1-base:1.51 pkgsrc-2016Q4:1.51.0.2 pkgsrc-2016Q4-base:1.51 pkgsrc-2016Q3:1.50.0.4 pkgsrc-2016Q3-base:1.50 pkgsrc-2016Q2:1.50.0.2 pkgsrc-2016Q2-base:1.50 pkgsrc-2016Q1:1.49.0.2 pkgsrc-2016Q1-base:1.49 pkgsrc-2015Q4:1.48.0.6 pkgsrc-2015Q4-base:1.48 pkgsrc-2015Q3:1.48.0.4 pkgsrc-2015Q3-base:1.48 pkgsrc-2015Q2:1.48.0.2 pkgsrc-2015Q2-base:1.48 pkgsrc-2015Q1:1.47.0.4 pkgsrc-2015Q1-base:1.47 pkgsrc-2014Q4:1.47.0.2 pkgsrc-2014Q4-base:1.47 pkgsrc-2014Q3:1.46.0.4 pkgsrc-2014Q3-base:1.46 pkgsrc-2014Q2:1.46.0.2 pkgsrc-2014Q2-base:1.46 pkgsrc-2014Q1:1.45.0.2 pkgsrc-2014Q1-base:1.45 pkgsrc-2013Q4:1.44.0.2 pkgsrc-2013Q4-base:1.44 pkgsrc-2013Q3:1.43.0.6 pkgsrc-2013Q3-base:1.43 pkgsrc-2013Q2:1.43.0.4 pkgsrc-2013Q2-base:1.43 pkgsrc-2013Q1:1.43.0.2 pkgsrc-2013Q1-base:1.43 pkgsrc-2012Q4:1.41.0.2 pkgsrc-2012Q4-base:1.41 pkgsrc-2012Q3:1.40.0.4 pkgsrc-2012Q3-base:1.40 pkgsrc-2012Q2:1.40.0.2 pkgsrc-2012Q2-base:1.40 pkgsrc-2012Q1:1.39.0.6 pkgsrc-2012Q1-base:1.39 pkgsrc-2011Q4:1.39.0.4 pkgsrc-2011Q4-base:1.39 pkgsrc-2011Q3:1.39.0.2 pkgsrc-2011Q3-base:1.39 pkgsrc-2011Q2:1.38.0.8 pkgsrc-2011Q2-base:1.38 pkgsrc-2011Q1:1.38.0.6 pkgsrc-2011Q1-base:1.38 pkgsrc-2010Q4:1.38.0.4 pkgsrc-2010Q4-base:1.38 pkgsrc-2010Q3:1.38.0.2 pkgsrc-2010Q3-base:1.38 pkgsrc-2010Q2:1.36.0.4 pkgsrc-2010Q2-base:1.36 pkgsrc-2010Q1:1.36.0.2 pkgsrc-2010Q1-base:1.36 pkgsrc-2009Q4:1.35.0.8 pkgsrc-2009Q4-base:1.35 pkgsrc-2009Q3:1.35.0.6 pkgsrc-2009Q3-base:1.35 pkgsrc-2009Q2:1.35.0.4 pkgsrc-2009Q2-base:1.35 pkgsrc-2009Q1:1.35.0.2 pkgsrc-2009Q1-base:1.35 pkgsrc-2008Q4:1.34.0.12 pkgsrc-2008Q4-base:1.34 pkgsrc-2008Q3:1.34.0.10 pkgsrc-2008Q3-base:1.34 cube-native-xorg:1.34.0.8 cube-native-xorg-base:1.34 pkgsrc-2008Q2:1.34.0.6 pkgsrc-2008Q2-base:1.34 cwrapper:1.34.0.4 pkgsrc-2008Q1:1.34.0.2 pkgsrc-2008Q1-base:1.34 pkgsrc-2007Q4:1.32.0.6 pkgsrc-2007Q4-base:1.32 pkgsrc-2007Q3:1.32.0.4 pkgsrc-2007Q3-base:1.32 pkgsrc-2007Q2:1.32.0.2 pkgsrc-2007Q2-base:1.32 pkgsrc-2007Q1:1.31.0.4 pkgsrc-2007Q1-base:1.31 pkgsrc-2006Q4:1.31.0.2 pkgsrc-2006Q4-base:1.31 pkgsrc-2006Q3:1.30.0.2 pkgsrc-2006Q3-base:1.30 pkgsrc-2006Q2:1.28.0.2 pkgsrc-2006Q2-base:1.28 pkgsrc-2006Q1:1.26.0.4 pkgsrc-2006Q1-base:1.26 pkgsrc-2005Q4:1.26.0.2 pkgsrc-2005Q4-base:1.26 pkgsrc-2005Q3:1.25.0.4 pkgsrc-2005Q3-base:1.25 pkgsrc-2005Q2:1.25.0.2 pkgsrc-2005Q2-base:1.25 pkgsrc-2005Q1:1.20.0.4 pkgsrc-2005Q1-base:1.20 pkgsrc-2004Q4:1.20.0.2 pkgsrc-2004Q4-base:1.20 pkgsrc-2004Q3:1.18.0.2 pkgsrc-2004Q3-base:1.18 pkgsrc-2004Q2:1.16.0.2 pkgsrc-2004Q2-base:1.16 pkgsrc-2004Q1:1.15.0.2 pkgsrc-2004Q1-base:1.15 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.74 date 2023.11.08.13.20.46; author wiz; state Exp; branches; next 1.73; commitid PsuHTklAIsF4bOLE; 1.73 date 2023.10.24.22.10.48; author wiz; state Exp; branches; next 1.72; commitid MTsrqKm6aGrQAVJE; 1.72 date 2023.08.14.05.25.09; author wiz; state Exp; branches; next 1.71; commitid LOSB79OLVxvXjIAE; 1.71 date 2023.04.19.08.08.40; author adam; state Exp; branches; next 1.70; commitid B8gCWhWtMX9vZGlE; 1.70 date 2022.11.23.16.18.59; author adam; state Exp; branches; next 1.69; commitid ju2K3LUYlTJKqQ2E; 1.69 date 2022.11.22.12.51.00; author adam; state Exp; branches; next 1.68; commitid sxSmreqPXkvtjH2E; 1.68 date 2022.06.28.11.35.35; author wiz; state Exp; branches; next 1.67; commitid D2UoJrTHpoHEANJD; 1.67 date 2022.04.18.19.10.04; author adam; state Exp; branches; next 1.66; commitid eC9Na3jrfOOUpIAD; 1.66 date 2021.12.08.16.02.33; author adam; state Exp; branches; next 1.65; commitid 2PyWjHx5T8rqARjD; 1.65 date 2021.10.21.07.46.02; author wiz; state Exp; branches; next 1.64; commitid JtAcafnZ5m93oEdD; 1.64 date 2021.04.21.11.40.36; author adam; state Exp; branches; next 1.63; commitid fph0Axs0eT3az9QC; 1.63 date 2020.11.05.09.07.06; author ryoon; state Exp; branches; next 1.62; commitid VqGaBtHnBBcd5GuC; 1.62 date 2020.06.02.08.22.54; author adam; state Exp; branches; next 1.61; commitid nisovMpvvZm3RCaC; 1.61 date 2020.04.12.08.28.05; author adam; state Exp; branches; next 1.60; commitid 7jZFLCnc3RCww44C; 1.60 date 2020.01.18.21.48.21; author jperkin; state Exp; branches; next 1.59; commitid JW4hJgY8ZdoTFdTB; 1.59 date 2019.10.21.16.21.44; author wiz; state Exp; branches; next 1.58; commitid cJOZMgWf6YrHJKHB; 1.58 date 2019.04.03.00.33.04; author ryoon; state Exp; branches; next 1.57; commitid pkuNrSZ2MZiLWPhB; 1.57 date 2018.12.09.18.52.07; author adam; state Exp; branches; next 1.56; commitid Pdg91emznUBdJ93B; 1.56 date 2018.07.20.03.33.55; author ryoon; state Exp; branches; next 1.55; commitid 09Go9qhjDl36dPKA; 1.55 date 2018.04.14.07.34.00; author adam; state Exp; branches; next 1.54; commitid OW5IgFIaJWdTEnyA; 1.54 date 2017.11.30.16.45.07; author adam; state Exp; branches; next 1.53; commitid 2LNaDKcCKaKZ25hA; 1.53 date 2017.09.18.09.53.04; author maya; state Exp; branches; next 1.52; commitid BMfpJecGogsW6F7A; 1.52 date 2017.04.22.21.03.16; author adam; state Exp; branches; next 1.51; commitid FZEMSoU8Sj6ZBzOz; 1.51 date 2016.12.04.05.17.11; author ryoon; state Exp; branches; next 1.50; commitid xSaWu3mShoBjQCwz; 1.50 date 2016.04.11.19.01.38; author ryoon; state Exp; branches; next 1.49; commitid mgqGURJPmT1r1f2z; 1.49 date 2016.03.05.11.27.54; author jperkin; state Exp; branches; next 1.48; commitid 1LoxeQftu903HrXy; 1.48 date 2015.04.06.08.17.17; author adam; state Exp; branches; next 1.47; commitid dUs0ktQdJn8Wnvgy; 1.47 date 2014.10.07.16.47.14; author adam; state Exp; branches; next 1.46; commitid 7jTOvNj1CvwA1iTx; 1.46 date 2014.04.09.07.26.58; author obache; state Exp; branches; next 1.45; commitid 3Qx65Ha86azyJYvx; 1.45 date 2014.02.12.23.18.32; author tron; state Exp; branches; next 1.44; commitid dfJj7CwMMWJzNRox; 1.44 date 2013.10.19.09.06.56; author adam; state Exp; branches; next 1.43; commitid CGtwIKecGGJbPS9x; 1.43 date 2013.02.06.23.21.00; author jperkin; state Exp; branches; next 1.42; 1.42 date 2013.01.26.21.36.45; author adam; state Exp; branches; next 1.41; 1.41 date 2012.12.16.01.52.32; author obache; state Exp; branches; next 1.40; 1.40 date 2012.04.27.12.32.02; author obache; state Exp; branches; next 1.39; 1.39 date 2011.07.08.09.49.21; author adam; state Exp; branches; next 1.38; 1.38 date 2010.07.02.13.40.22; author joerg; state Exp; branches; next 1.37; 1.37 date 2010.07.01.18.14.19; author joerg; state Exp; branches; next 1.36; 1.36 date 2010.01.17.12.02.40; author wiz; state Exp; branches 1.36.4.1; next 1.35; 1.35 date 2009.03.20.19.25.18; author joerg; state Exp; branches; next 1.34; 1.34 date 2008.02.28.08.14.41; author jlam; state Exp; branches; next 1.33; 1.33 date 2008.01.18.05.09.37; author tnn; state Exp; branches; next 1.32; 1.32 date 2007.05.30.08.54.31; author rillig; state Exp; branches; next 1.31; 1.31 date 2006.12.12.21.52.37; author joerg; state Exp; branches; next 1.30; 1.30 date 2006.07.08.23.11.06; author jlam; state Exp; branches; next 1.29; 1.29 date 2006.07.08.22.39.37; author jlam; state Exp; branches; next 1.28; 1.28 date 2006.05.31.18.22.26; author ghen; state Exp; branches; next 1.27; 1.27 date 2006.04.06.06.22.40; author reed; state Exp; branches; next 1.26; 1.26 date 2005.10.26.15.12.45; author jlam; state Exp; branches; next 1.25; 1.25 date 2005.05.11.22.08.19; author jlam; state Exp; branches; next 1.24; 1.24 date 2005.05.11.22.03.52; author jlam; state Exp; branches; next 1.23; 1.23 date 2005.05.09.05.14.08; author jlam; state Exp; branches; next 1.22; 1.22 date 2005.05.09.05.06.56; author jlam; state Exp; branches; next 1.21; 1.21 date 2005.05.08.12.03.56; author jlam; state Exp; branches; next 1.20; 1.20 date 2004.11.19.23.16.02; author jlam; state Exp; branches; next 1.19; 1.19 date 2004.10.03.00.18.09; author tv; state Exp; branches; next 1.18; 1.18 date 2004.09.15.04.11.11; author jlam; state Exp; branches; next 1.17; 1.17 date 2004.09.14.14.41.34; author jlam; state Exp; branches; next 1.16; 1.16 date 2004.04.01.18.42.25; author joda; state Exp; branches; next 1.15; 1.15 date 2004.03.26.02.27.52; author wiz; state Exp; branches; next 1.14; 1.14 date 2004.03.10.17.57.14; author jlam; state Exp; branches; next 1.13; 1.13 date 2004.02.18.16.35.27; author jlam; state Exp; branches; next 1.12; 1.12 date 2004.02.12.02.35.07; author jlam; state Exp; branches; next 1.11; 1.11 date 2004.02.12.01.59.38; author jlam; state Exp; branches; next 1.10; 1.10 date 2004.02.06.19.04.25; author jlam; state Exp; branches; next 1.9; 1.9 date 2004.02.05.07.17.14; author jlam; state Exp; branches; next 1.8; 1.8 date 2004.02.05.07.06.15; author jlam; state Exp; branches; next 1.7; 1.7 date 2004.02.05.06.58.03; author jlam; state Exp; branches; next 1.6; 1.6 date 2004.02.02.11.30.45; author jlam; state Exp; branches; next 1.5; 1.5 date 2004.01.24.03.12.32; author jlam; state Exp; branches; next 1.4; 1.4 date 2004.01.13.00.00.32; author jlam; state Exp; branches; next 1.3; 1.3 date 2004.01.10.21.35.26; author jlam; state Exp; branches; next 1.2; 1.2 date 2004.01.10.19.44.16; author jlam; state Exp; branches; next 1.1; 1.1 date 2004.01.10.14.56.45; author jlam; state Exp; branches 1.1.1.1; next ; 1.36.4.1 date 2010.07.04.07.25.36; author agc; state Exp; branches; next ; 1.1.1.1 date 2004.01.10.14.56.45; author jlam; state Exp; branches; next ; desc @@ 1.74 log @*: recursive bump for icu 74.1 @ text @# $NetBSD: buildlink3.mk,v 1.73 2023/10/24 22:10:48 wiz Exp $ BUILDLINK_TREE+= heimdal .if !defined(HEIMDAL_BUILDLINK3_MK) HEIMDAL_BUILDLINK3_MK:= BUILDLINK_API_DEPENDS.heimdal+= heimdal>=0.4e BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.8.0nb7 BUILDLINK_PKGSRCDIR.heimdal?= ../../security/heimdal BUILDLINK_INCDIRS.heimdal?= include/krb5 .include "../../mk/bsd.fast.prefs.mk" pkgbase := heimdal .include "../../mk/pkg-build-options.mk" .if ${PKG_BUILD_OPTIONS.heimdal:Mldap} . include "../../databases/openldap-client/buildlink3.mk" .endif CHECK_BUILTIN.heimdal:= yes .include "../../security/heimdal/builtin.mk" CHECK_BUILTIN.heimdal:= no .if ${USE_BUILTIN.heimdal:tl} == no .include "../../databases/sqlite3/buildlink3.mk" .include "../../mk/bdb.buildlink3.mk" .endif .include "../../security/openssl/buildlink3.mk" .endif # HEIMDAL_BUILDLINK3_MK BUILDLINK_TREE+= -heimdal @ 1.73 log @*: bump for openssl 3 @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.72 2023/08/14 05:25:09 wiz Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.8.0nb6 @ 1.72 log @*: recursive bump for Python 3.11 as new default @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.71 2023/04/19 08:08:40 adam Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.8.0nb5 @ 1.71 log @revbump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.70 2022/11/23 16:18:59 adam Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.8.0nb3 @ 1.70 log @massive revision bump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.69 2022/11/22 12:51:00 adam Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.8.0nb1 @ 1.69 log @heimdal: updated to 7.8 Heimdal 7.8 Latest This release includes both the Heimdal 7.7.1 Security Vulnerability fixes and non-Security bug fixes/improvements. Security Vulnerabilities: CVE-2022-42898 PAC parse integer overflows CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3, as we believe it should be possible to get an RCE on a KDC, which means that credentials can be compromised that can be used to impersonate anyone in a realm or forest of realms. Heimdal's ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker, in turn leading to a potential remote code execution (RCE) vulnerability. This error affects the DER codec for all extensible CHOICE types used in Heimdal, though not all cases will be exploitable. We have not completed a thorough analysis of all the Heimdal components affected, thus the Kerberos client, the X.509 library, and other parts, may be affected as well. This bug has been in Heimdal's ASN.1 compiler since 2005, but it may only affect Heimdal 1.6 and up. It was first reported by Douglas Bagnall, though it had been found independently by the Heimdal maintainers via fuzzing a few weeks earlier. While no zero-day exploit is known, such an exploit will likely be available soon after public disclosure. CVE-2019-14870: Validate client attributes in protocol-transition CVE-2019-14870: Apply forwardable policy in protocol-transition CVE-2019-14870: Always lookup impersonate client in DB Other changes: Bugs found by UBSAN (including the incorrect encoding of unconstrained INTEGER value -1). Errors found by the LLVM scan-build static analyzer. Errors found by the valgrind memory debugger. Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp). Correct ASN.1 OID typo for SHA-384 Fix a deadlock in in the MEMORY ccache type. TGS: strip forwardable and proxiable flags if the server is disallowed. CVE-2019-14870: Validate client attributes in protocol-transition CVE-2019-14870: Apply forwardable policy in protocol-transition CVE-2019-14870: Always lookup impersonate client in DB Incremental HDB propagation improvements Refactor send_diffs making it progressive Handle partial writes on non-blocking sockets Disable Nagle in iprop master and slave Use async I/O Don't send I_HAVE in response to AYT Do not recover log in kadm5_get_principal() Don't send diffs to slaves with not yet known version Don't stutter in send_diffs Optional backwards-compatible anon-pkinit behavior @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.68 2022/06/28 11:35:35 wiz Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.7.0nb5 @ 1.68 log @*: recursive bump for perl 5.36 @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.67 2022/04/18 19:10:04 adam Exp $ d25 1 a25 1 .if !empty(USE_BUILTIN.heimdal:M[nN][oO]) @ 1.67 log @revbump for textproc/icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.66 2021/12/08 16:02:33 adam Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.7.0nb4 @ 1.66 log @revbump for icu and libffi @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.65 2021/10/21 07:46:02 wiz Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=7.7.0nb2 @ 1.65 log @heimdal: update to 7.7.0. This version supports openssl 1.1, so re-enable it. Release Notes - Heimdal - Version Heimdal 7.7 Bug fixes - PKCS#11 hcrypto back-end . initialize the p11_module_load function list . verify that not only is a mechanism present but that its mechanism info states that it offers the required encryption, decryption or digest services - krb5: . Starting with 7.6, Heimdal permitted requesting authenticated anonymous tickets. However, it did not verify that a KDC in fact returned an anonymous ticket when one was requested. - Cease setting the KDCOption reaquest_anonymous flag when issuing S4UProxy (constrained delegation) TGS requests. . when the Win2K PKINIT compatibility option is set, do not require krbtgt otherName to match when validating KDC certificate. . set PKINIT_BTMM flag per Apple implementation . use memset_s() instead of memset() - kdc: . When generating KRB5SignedPath in the AS, use the reply client name rather than the one from the request, so validation will work correctly in the TGS. . allow checksum of PA-FOR-USER to be HMAC_MD5. Even if tgt used an enctype with a different checksum. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what Windows and MIT clients send. In heimdal both the client and kdc use instead the checksum of the tgt, and therefore work with each other but Windows and MIT clients fail against heimdal KDC. Both Windows and MIT KDCs would allow any keyed checksum to be used so Heimdal client interoperates with them. Change Heimdal KDC to allow HMAC_MD5 even for non RC4 based tgt in order to support per-spec clients. . use memset_s() instead of memset(). - Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy (constrained delegation) TGS Requests with the request anonymous flag set. These requests will be treated as S4UProxy requests and not anonymous requests. - HDB: . Set SQLite3 backend default page size to 8KB. . Add hdb_set_sync() method - kadmind: . disable HDB sync during database load avoiding unnecessary disk i/o. - ipropd: . disable HDB sync during receive_everything. Doing an fsync per-record when receiving the complete HDB is a performance disaster. Among other things, if the HDB is very large, then one slave receving a full HDB can cause other slaves to timeout and, if HDB write activity is high enough to cause iprop log truncation, then also need full syncs, which leads to a cycle of full syncs for all slaves until HDB write activity drops. Allowing the iprop log to be larger helps, but improving receive_everything() performance helps even more. - kinit: . Anonymous PKINIT tickets discard the realm information used to locate the issuing AS. Store the issuing realm in the credentials cache in order to locate a KDC which can renew them. . Do not leak the result of krb5_cc_get_config() when determining anonymous PKINIT start realm. - klist: . Show transited-policy-checked, ok-as-delegate and anonymous flags when listing credentials. - tests: . Regenerate certs so that they expire before the 2038 armageddon so the test suite will pass on 32-bit operating systems until the underlying issues can be resolved. - Solaris: . Define _STDC_C11_BCI for memset_s prototype - build tooling: . Convert from python 2 to python 3 - documentation . rename verify-password to verify-password-quality . hprop default mode is encrypt . kadmind "all" permission does not include "get-keys" . verify-password-quality might not be stateless Release Notes - Heimdal - Version Heimdal 7.6 Security - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum When the Heimdal KDC checks the checksum that is placed on the S4U2Self packet by the server to protect the requested principal against modification, it does not confirm that the checksum algorithm that protects the user name (principal) in the request is keyed. This allows a man-in-the-middle attacker who can intercept the request to the KDC to modify the packet by replacing the user name (principal) in the request with any desired user name (principal) that exists in the KDC and replace the checksum protecting that name with a CRC32 checksum (which requires no prior knowledge to compute). This would allow a S4U2Self ticket requested on behalf of user name (principal) user@@EXAMPLE.COM to any service to be changed to a S4U2Self ticket with a user name (principal) of Administrator@@EXAMPLE.COM. This ticket would then contain the PAC of the modified user name (principal). - CVE-2019-12098, client-only: RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge when anonymous PKINIT is used. Failure to do so can permit an active attacker to become a man-in-the-middle. Bug fixes - Happy eyeballs: Don't wait for responses from known-unreachable KDCs. - kdc: check return copy_Realm, copy_PrincipalName, copy_EncryptionKey - kinit: . cleanup temporary ccaches . see man page for "kinit --anonymous" command line syntax change - kdc: Make anonymous AS-requests more RFC8062-compliant. - Updated expired test certificates - Solaris: . PKCS#11 hcrypto backend broken since 7.0.1 . Building with Sun Pro C Features - kuser: support authenticated anonymous AS-REQs in kinit - kdc: support for anonymous TGS-REQs - kgetcred support for anonymous service tickets - Support builds with OpenSSL 1.1.1 Release Notes - Heimdal - Version Heimdal 7.5 Security - Fix CVE-2017-17439, which is a remote denial of service vulnerability: In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. Bug fixes - Handle long input lines when reloading database dumps. - In pre-forked mode (default on Unix), correctly clear the process ids of exited children, allowing new child processes to replace the old. - Fixed incorrect KDC response when no-cross realm TGT exists, allowing client requests to fail quickly rather than time out after trying to get a correct answer from each KDC. Release Notes - Heimdal - Version Heimdal 7.4 Security - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation This is a critical vulnerability. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. See https://www.orpheus-lyre.info/ for more details. Release Notes - Heimdal - Version Heimdal 7.3 Security - Fix transit path validation. Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594) Release Notes - Heimdal - Version Heimdal 7.2 Bug fixes - Portability improvements - More strict parsing of encoded URI components in HTTP KDC - Fixed memory leak in malloc error recovery in NTLM GSSAPI mechanism - Avoid overly specific CPU info in krb5-config in aid of reproducible builds - Don't do AFS string-to-key tests when feature is disabled - Skip mdb_stat test when the command is not available - Windows: update SHA2 timestamp server - hdb: add missing export hdb_generate_key_set_password_with_ks_tuple - Fix signature of hdb_generate_key_set_password() - Windows: enable KX509 support in the KDC - kdc: fix kx509 service principal match - iprop: handle case where master sends nothing new - ipropd-slave: fix incorrect error codes - Allow choice of sqlite for HDB pref - check-iprop: don't fail to kill daemons - roken: pidfile -> rk_pidfile - kdc: _kdc_do_kx509 fix use after free error - Do not detect x32 as 64-bit platform. - No sys/ttydefaults.h on CYGWIN - Fix check-iprop races - roken_detach_prep() close pipe Release Notes - Heimdal - Version Heimdal 7.1 Security - kx509 realm-chopping security bug - non-authorization of alias additions/removals in kadmind (CVE-2016-2400) Feature - iprop has been revamped to fix a number of race conditions that could lead to inconsistent replication - Hierarchical capath support - AES Encryption with HMAC-SHA2 for Kerberos 5 draft-ietf-kitten-aes-cts-hmac-sha2-11 - hcrypto is now thread safe on all platforms - libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for Solaris), and OpenSSL. OpenSSL is now a first-class libhcrypto backend. OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by backend - HDB now supports LMDB - Thread support on Windows - RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST) - New GSS APIs: . gss_localname - Allow setting what encryption types a principal should have with [kadmin] default_key_rules, see krb5.conf manpage for more info - Unify libhcrypto with LTC (libtomcrypto) - asn1_compile 64-bit INTEGER functionality - HDB key history support including --keepold kadmin password option - Improved cross-realm key rollover safety - New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces - Improved MIT compatibility . kadm5 API . Migration from MIT KDB via "mitdb" HDB backend . Capable of writing the HDB in MIT dump format - Improved Active Directory interoperability . Enctype selection issues for PAC and other authz-data signatures . Cross realm key rollover (kvno 0) - New [kdc] enctype negotiation configuration: . tgt-use-strongest-session-key . svc-use-strongest-session-key . preauth-use-strongest-session-key . use-strongest-server-key - The KDC process now uses a multi-process model improving resiliency and performance - Allow batch-mode kinit with password file - SIGINFO support added to kinit cmd - New kx509 configuration options: . kx509_ca . kca_service . kx509_include_pkinit_san . kx509_template - Improved Heimdal library/plugin version safety - Name canonicalization . DNS resolver searchlist . Improved referral support . Support host:port host-based services - Pluggable libheimbase interface for DBs - Improve IPv6 Support - LDAP . Bind DN and password . Start TLS - klist --json - DIR credential cache type - Updated upstream SQLite and libedit - Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh, telnet, xnlock - Completely remove RAND_egd support - Moved kadmin and ktutil to /usr/bin - Stricter fcache checks (see fcache_strict_checking krb5.conf setting) . use O_NOFOLLOW . don't follow symlinks . require cache files to be owned by the user . require sensible permissions (not group/other readable) - Implemented gss_store_cred() - Many more Bug fixes - iprop has been revamped to fix a number of race conditions that could lead to data loss - Include non-loopback addresses assigned to loopback interfaces when requesting tickets with addresses - KDC 1DES session key selection (for AFS rxkad-k5 compatibility) - Keytab file descriptor and lock leak - Credential cache corruption bugs (NOTE: The FILE ccache is still not entirely safe due to the fundamentally unsafe design of POSIX file locking) - gss_pseudo_random() interop bug - Plugins are now preferentially loaded from the run-time install tree - Reauthentication after password change in init_creds_password - Memory leak in the client kadmin library - TGS client requests renewable/forwardable/proxiable when possible - Locking issues in DB1 and DB3 HDB backends - Master HDB can remain locked while waiting for network I/O - Renewal/refresh logic when kinit is provided with a command - KDC handling of enterprise principals - Use correct bit for anon-pkinit - Many more @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.64 2021/04/21 11:40:36 adam Exp $ d9 1 a9 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb28 @ 1.64 log @revbump for textproc/icu @ text @d1 1 a1 3 # $NetBSD: buildlink3.mk,v 1.63 2020/11/05 09:07:06 ryoon Exp $ .include "../../mk/bsd.fast.prefs.mk" d13 2 d18 1 a18 1 .if !empty(PKG_BUILD_OPTIONS.heimdal:Mldap) d29 1 @ 1.63 log @*: Recursive revbump from textproc/icu-68.1 @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.62 2020/06/02 08:22:54 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb27 @ 1.62 log @Revbump for icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.61 2020/04/12 08:28:05 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb26 @ 1.61 log @Recursive revision bump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.60 2020/01/18 21:48:21 jperkin Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb25 @ 1.60 log @*: Recursive revision bump for openssl 1.1.1. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.59 2019/10/21 16:21:44 wiz Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb22 @ 1.59 log @heimdal: fix build on OpenSSL 1.1 systems by disabling OpenSSL. heimdal includes a copy of the relevant functions itself. Add a comment that the dependency should be re-enabled when updating this package. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.58 2019/04/03 00:33:04 ryoon Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb20 @ 1.58 log @Recursive revbump from textproc/icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.57 2018/12/09 18:52:07 adam Exp $ a20 1 .include "../../security/openssl/buildlink3.mk" @ 1.57 log @revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.56 2018/07/20 03:33:55 ryoon Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb19 @ 1.56 log @Recursive revbump from textproc/icu-62.1 @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.55 2018/04/14 07:34:00 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb18 @ 1.55 log @revbump after icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.54 2017/11/30 16:45:07 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb17 @ 1.54 log @Revbump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.53 2017/09/18 09:53:04 maya Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb16 @ 1.53 log @revbump for requiring ICU 59.x @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.52 2017/04/22 21:03:16 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb15 @ 1.52 log @Revbump after icu update @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.51 2016/12/04 05:17:11 ryoon Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb14 @ 1.51 log @Recursive revbump from textproc/icu 58.1 @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.50 2016/04/11 19:01:38 ryoon Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb13 @ 1.50 log @Recursive revbump from textproc/icu 57.1 @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.49 2016/03/05 11:27:54 jperkin Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb12 @ 1.49 log @Bump PKGREVISION for security/openssl ABI bump. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.48 2015/04/06 08:17:17 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb11 @ 1.48 log @Revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.47 2014/10/07 16:47:14 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb9 @ 1.47 log @Revbump after updating libwebp and icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.46 2014/04/09 07:26:58 obache Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb8 @ 1.46 log @recursive bump from icu shlib major bump. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.45 2014/02/12 23:18:32 tron Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb6 @ 1.45 log @Recursive PKGREVISION bump for OpenSSL API version bump. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.44 2013/10/19 09:06:56 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb4 @ 1.44 log @Revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.43 2013/02/06 23:21:00 jperkin Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.3nb3 @ 1.43 log @PKGREVISION bumps for the security/openssl 1.0.1d update. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.42 2013/01/26 21:36:45 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.2nb7 @ 1.42 log @Revbump after graphics/jpeg and textproc/icu @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.41 2012/12/16 01:52:32 obache Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.2nb6 @ 1.41 log @recursive bump from cyrus-sasl libsasl2 shlib major bump. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.40 2012/04/27 12:32:02 obache Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.2nb5 @ 1.40 log @Recursive bump from icu shlib major bumped to 49. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.39 2011/07/08 09:49:21 adam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.5.2nb2 @ 1.39 log @Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.38 2010/07/02 13:40:22 joerg Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.1nb4 @ 1.38 log @Use CHECK_BUILTIN.heimdal to prevent the fake-krb5-config target to be defined twice. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.37 2010/07/01 18:14:19 joerg Exp $ d27 1 @ 1.37 log @Don't include mk/bdb.m3.mk for the builtin heimdal. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.36 2010/01/17 12:02:40 wiz Exp $ d23 1 d25 1 @ 1.36 log @Recursive PKGREVISION bump for jpeg update to 8. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.35 2009/03/20 19:25:18 joerg Exp $ d22 3 d26 1 @ 1.36.4.1 log @Pullup previous changes on HEAD to pkgsrc-2010Q2 branch to fix branching error, and to sync with reality. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.38 2010/07/02 13:40:22 joerg Exp $ a21 5 CHECK_BUILTIN.heimdal:= yes .include "../../security/heimdal/builtin.mk" CHECK_BUILTIN.heimdal:= no .if !empty(USE_BUILTIN.heimdal:M[nN][oO]) a22 1 .endif @ 1.35 log @Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.34 2008/02/28 08:14:41 jlam Exp $ d11 1 a11 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=1.1 @ 1.34 log @Update security/heimdal to version 1.1. Changes from version 0.7.2 include: * Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes @ text @d1 1 a1 4 # $NetBSD: buildlink3.mk,v 1.33 2008/01/18 05:09:37 tnn Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ HEIMDAL_BUILDLINK3_MK:= ${HEIMDAL_BUILDLINK3_MK}+ d5 1 a5 3 .if !empty(BUILDLINK_DEPTH:M+) BUILDLINK_DEPENDS+= heimdal .endif d7 2 a8 3 BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Nheimdal} BUILDLINK_PACKAGES+= heimdal BUILDLINK_ORDER:= ${BUILDLINK_ORDER} ${BUILDLINK_DEPTH}heimdal a9 1 .if !empty(HEIMDAL_BUILDLINK3_MK:M+) a13 1 .endif # HEIMDAL_BUILDLINK3_MK d23 1 d25 1 a25 1 BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} @ 1.33 log @Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@@ @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.32 2007/05/30 08:54:31 rillig Exp $ d18 1 a18 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=0.7.2nb4 @ 1.32 log @Removed some code duplication from the buildlink3 files by using the new pkg-build-options.mk procedure. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.31 2006/12/12 21:52:37 joerg Exp $ d18 1 a18 1 BUILDLINK_ABI_DEPENDS.heimdal+= heimdal>=0.6.3nb2 @ 1.31 log @Replace mk/bsd.prefs.mk includes with bsd.fast.prefs.mk includes. The redundant parsing of bsd.prefs.mk is mostly avoided now and parse time e.g. for x11/kdebase3 gets reduced by up to 10%. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.30 2006/07/08 23:11:06 jlam Exp $ d23 2 a24 7 .if !defined(PKG_BUILD_OPTIONS.heimdal) PKG_BUILD_OPTIONS.heimdal!= \ cd ${BUILDLINK_PKGSRCDIR.heimdal} && \ ${MAKE} show-var ${MAKEFLAGS} VARNAME=PKG_OPTIONS MAKEFLAGS+= PKG_BUILD_OPTIONS.heimdal=${PKG_BUILD_OPTIONS.heimdal:Q} .endif MAKEVARS+= PKG_BUILD_OPTIONS.heimdal @ 1.30 log @Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.29 2006/07/08 22:39:37 jlam Exp $ d6 1 a6 1 .include "../../mk/bsd.prefs.mk" @ 1.29 log @Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.28 2006/05/31 18:22:26 ghen Exp $ d14 1 a14 1 BUILDLINK_ORDER+= heimdal @ 1.28 log @The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.27 2006/04/06 06:22:40 reed Exp $ d14 1 @ 1.27 log @Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day). @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.26 2005/10/26 15:12:45 jlam Exp $ d31 1 a31 1 . include "../../databases/openldap/buildlink3.mk" @ 1.26 log @Update security/heimdal to 0.7.1 (approved by lha). We drop support for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.25 2005/05/11 22:08:19 jlam Exp $ d16 2 a17 2 BUILDLINK_DEPENDS.heimdal+= heimdal>=0.4e BUILDLINK_RECOMMENDED.heimdal+= heimdal>=0.6.3nb2 @ 1.25 log @Rename MAKE_VARS to MAKEVARS so that it more closely resembles "MAKEFLAGS". Both "MAKEVARS" and "MAKEFLAGS" affect the package-level make process, not the software's own make process. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.24 2005/05/11 22:03:52 jlam Exp $ d30 3 d34 1 a34 5 .if !empty(PKG_BUILD_OPTIONS.heimdal:Mdb4) . include "../../databases/db4/buildlink3.mk" .else . include "../../mk/bdb.buildlink3.mk" .endif @ 1.24 log @I mixed up MAKE_FLAGS with MAKEFLAGS. The latter is what we actually use to pass make flags to bmake. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.23 2005/05/09 05:14:08 jlam Exp $ d28 1 a28 1 MAKE_VARS+= PKG_BUILD_OPTIONS.heimdal @ 1.23 log @Don't assign to PKG_OPTIONS. which has special meaning to the options framework. Rename PKG_OPTIONS.* to PKG_BUILD_OPTIONS.*. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.22 2005/05/09 05:06:56 jlam Exp $ d25 2 a26 2 ${MAKE} show-var ${MAKE_FLAGS} VARNAME=PKG_OPTIONS MAKE_FLAGS+= PKG_BUILD_OPTIONS.heimdal=${PKG_BUILD_OPTIONS.heimdal:Q} @ 1.22 log @Teach bsd.pkg.mk to create a phase-specific "makevars.mk" file that caches variable definitions that were computed by make. These variables are specified by listing them in MAKE_VARS, e.g., .if !defined(FOO) FOO!= very_time_consuming_command .endif MAKE_VARS+= FOO bsd.pkg.mk will include only the one generated during the most recent phase. A particular phase's makevars.mk file consists of variable definitions that are a superset of all of the ones produced in previous phases of the build. The caching is useful because bsd.pkg.mk invokes make recursively, which in the example above has the potential to run the very time-consuming command each time unless we cause FOO to be defined for the sub-make processes. We don't cache via MAKE_FLAGS because MAKE_FLAGS isn't consistently applied to every invocation of make, and also because MAKE_FLAGS can overflow the maximum length of a make variable very quickly if we add many values to it. One important and desirable property of variables cached via MAKE_VARS is that they only apply to the current package, and not to any dependencies whose builds may have been triggered by the current package. The makevars.mk files are generated by new targets fetch-vars, extract-vars, patch-vars, etc., and these targets are built during the corresponding real-* target to ensure that they are being invoked with PKG_PHASE set to the proper value. Also, remove the variables cache file that bsd.wrapper.mk was generating since the new makevars.mk files provide the same functionality at a higher level. Change all WRAPPER_VARS definitions that were used by the old wrapper-phase cache file into MAKE_VARS definitions. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.21 2005/05/08 12:03:56 jlam Exp $ d22 2 a23 2 .if !defined(PKG_OPTIONS.heimdal) PKG_OPTIONS.heimdal!= \ d26 1 a26 1 MAKE_FLAGS+= PKG_OPTIONS.heimdal=${PKG_OPTIONS.heimdal:Q} d28 1 a28 1 MAKE_VARS+= PKG_OPTIONS.heimdal d31 1 a31 1 .if !empty(PKG_OPTIONS.heimdal:Mdb4) @ 1.21 log @PKG_OPTIONS. isn't a good approximation to PKG_OPTIONS for the package because PKG_OPTION. could contain negative options, which are never part of PKG_OPTIONS. Instead, use the show-var target to display the value. We cache it in WRAPPER_VARS and in MAKE_FLAGS to prevent reinvoking the show-var target recursively. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.20 2004/11/19 23:16:02 jlam Exp $ d26 1 a26 2 MAKE_FLAGS+= PKG_OPTIONS.heimdal=${PKG_OPTIONS.heimdal:Q} WRAPPER_VARS+= PKG_OPTIONS.heimdal d28 1 @ 1.20 log @Correctly detect the old DES API in the OpenSSL in NetBSD's base install. This prevents Heimdal from building and installing its own DES library and headers. Bump the PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.19 2004/10/03 00:18:09 tv Exp $ d22 7 a28 1 PKG_OPTIONS.heimdal?= ${PKG_DEFAULT_OPTIONS} @ 1.19 log @Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.18 2004/09/15 04:11:11 jlam Exp $ d17 1 a17 1 BUILDLINK_RECOMMENDED.heimdal+= heimdal>=0.6.3nb1 @ 1.18 log @Include buildlink3.mk files for packages needed to satisfy library dependencies. This fixes link failures when the Heimdal dependency is satisfied by the package rather than the builtin Heimdal. Pointed out by Mark Davies in private email. I've intentionally left out including readline/buildlink3.mk. Although it is used by libsl.* and libss.*, those libraries are not actually critical or used by other packages that depend on Heimdal for Kerberos functionality. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.17 2004/09/14 14:41:34 jlam Exp $ d17 1 a17 1 BUILDLINK_RECOMMENDED.heimdal?= heimdal>=0.6.3 @ 1.17 log @Update security/heimdal to 0.6.3. Changes from version 0.6.1 include: * fix vulnerabilities in ftpd * support for linux AFS /proc "syscalls" * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd * fix possible KDC denial of service * Fix possible buffer overrun in v4 kadmin (which now defaults to off) @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.16 2004/04/01 18:42:25 joda Exp $ d6 2 d22 9 @ 1.16 log @Update to 0.6.1: * Fixed cross realm vulnerability * Fixed ARCFOUR suppport * kdc: fix denial of service attack * kdc: stop clients from renewing tickets into the future * bug fixes @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.15 2004/03/26 02:27:52 wiz Exp $ d15 1 a15 1 BUILDLINK_RECOMMENDED.heimdal?= heimdal>=0.6.1 @ 1.15 log @PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.14 2004/03/10 17:57:14 jlam Exp $ d15 1 a15 1 BUILDLINK_RECOMMENDED.heimdal?= heimdal>=0.6nb2 @ 1.14 log @Split out the code that deals with checking whether the software is built-in or not into a separate builtin.mk file. The code to deal checking for built-in software is much simpler to deal with in pkgsrc. The buildlink3.mk file for a package will be of the usual format regardless of the package, which makes it simpler for packagers to update a package. The builtin.mk file for a package must define a single yes/no variable USE_BUILTIN. that is used by bsd.buildlink3.mk to decide whether to use the built-in software or to use the pkgsrc software. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.13 2004/02/18 16:35:27 jlam Exp $ d15 1 @ 1.13 log @Reorder some lines so that BUILDLINK_USE_BUILTIN. set in the environment overrides all other settings. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.12 2004/02/12 02:35:07 jlam Exp $ d6 6 a11 1 .include "../../mk/bsd.prefs.mk" a13 1 BUILDLINK_PACKAGES+= heimdal a18 108 BUILDLINK_CHECK_BUILTIN.heimdal?= NO _KRB5_KRB5_H= /usr/include/krb5/krb5.h .if !defined(BUILDLINK_IS_BUILTIN.heimdal) BUILDLINK_IS_BUILTIN.heimdal= NO . if exists(${_KRB5_KRB5_H}) _IS_BUILTIN.heimdal!= \ if ${GREP} -q heimdal_version ${_KRB5_KRB5_H}; then \ ${ECHO} "YES"; \ else \ ${ECHO} "NO"; \ fi BUILDLINK_IS_BUILTIN.heimdal= ${_IS_BUILTIN.heimdal} . if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[nN][oO]) && \ !empty(_IS_BUILTIN.heimdal:M[yY][eE][sS]) # # Create an appropriate name for the built-in package distributed # with the system. This package name can be used to check against # BUILDLINK_DEPENDS. to see if we need to install the pkgsrc # version or if the built-in one is sufficient. # # heimdal<=0.6 doesn't have a method of checking the headers to discover # the version number of the software. Match up heimdal versions with # OS versions for an approximate determination of the heimdal version. # . if !defined(_HEIMDAL_VERSION) _HEIMDAL_VERSIONS= 0.6 0.5 0.4e 0.3f 0.3e _HEIMDAL_0.6= NetBSD-1.6[U-Z]-* NetBSD-1.6Z*-* NetBSD-[2-9]*-* _HEIMDAL_0.5= NetBSD-1.6[I-T]-* _HEIMDAL_0.4e= NetBSD-1.6[A-H]-* \ NetBSD-1.6-* NetBSD-1.6_*-* NetBSD-1.6.*-* \ NetBSD-1.5[YZ]-* NetBSD-1.5Z*-* _HEIMDAL_0.3f= NetBSD-1.5X-* _HEIMDAL_0.3e= NetBSD-1.5[UVW]-* \ NetBSD-1.5.*-* . for _heimdal_version_ in ${_HEIMDAL_VERSIONS} . for _pattern_ in ${_HEIMDAL_${_heimdal_version_}} . if !empty(MACHINE_PLATFORM:M${_pattern_}) _HEIMDAL_VERSION?= ${_heimdal_version_} . endif . endfor . endfor _HEIMDAL_VERSION?= 0.2t . endif _HEIMDAL_PKG= heimdal-${_HEIMDAL_VERSION} BUILDLINK_IS_BUILTIN.heimdal?= YES . for _depend_ in ${BUILDLINK_DEPENDS.heimdal} . if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_IS_BUILTIN.heimdal!= \ if ${PKG_ADMIN} pmatch '${_depend_}' ${_HEIMDAL_PKG}; then \ ${ECHO} "YES"; \ else \ ${ECHO} "NO"; \ fi . endif . endfor . endif . endif MAKEFLAGS+= BUILDLINK_IS_BUILTIN.heimdal=${BUILDLINK_IS_BUILTIN.heimdal} .endif .if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal= YES .endif .if !defined(BUILDLINK_USE_BUILTIN.heimdal) . if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal= YES . else BUILDLINK_USE_BUILTIN.heimdal= NO . endif . if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \ !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal= YES . endif . if !empty(PREFER_PKGSRC:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal= NO . endif . if !empty(PREFER_NATIVE:Mheimdal) && \ !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal= YES . endif . if !empty(PREFER_PKGSRC:Mheimdal) BUILDLINK_USE_BUILTIN.heimdal= NO . endif .endif .if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO]) # # If we depend on the package, depend on the latest version with a library # major number bump. # BUILDLINK_DEPENDS.heimdal+= heimdal>=0.6 . if !empty(BUILDLINK_DEPTH:M+) BUILDLINK_DEPENDS+= heimdal . endif .endif .if !empty(HEIMDAL_BUILDLINK3_MK:M+) . if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO]) KRB5_CONFIG?= ${BUILDLINK_PREFIX.heimdal}/bin/krb5-config CONFIGURE_ENV+= KRB5_CONFIG="${KRB5_CONFIG}" MAKE_ENV+= KRB5_CONFIG="${KRB5_CONFIG}" . endif .endif # HEIMDAL_BUILDLINK3_MK @ 1.12 log @Create a new variable PREFER_NATIVE that has the opposite semantics as PREFER_PKGSRC. Preferences are determined by the most specific instance of the package in either PREFER_PKGSRC or PREFER_NATIVE. If a package is specified in neither or in both variables, then PREFER_PKGSRC has precedence over PREFER_NATIVE. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.11 2004/02/12 01:59:38 jlam Exp $ d77 1 a77 1 .if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) a78 2 .else BUILDLINK_USE_BUILTIN.heimdal= NO d81 2 a82 2 .if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \ !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) d84 1 a84 2 .endif .if !empty(PREFER_PKGSRC:M[yY][eE][sS]) d86 4 a89 3 .endif .if !empty(PREFER_NATIVE:Mheimdal) && \ !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) d91 2 a92 2 .endif .if !empty(PREFER_PKGSRC:Mheimdal) d94 3 a96 3 .endif .if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[yY][eE][sS]) d98 4 @ 1.11 log @Reorganize code so that any dependencies are checked as part of deciding whether the software is built-in or not. This facilitates implementing the forthcoming PKGSRC_NATIVE variable. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.10 2004/02/06 19:04:25 jlam Exp $ d83 12 a94 2 .if !empty(PREFER_PKGSRC:M[yY][eE][sS]) || \ !empty(PREFER_PKGSRC:Mheimdal) @ 1.10 log @If we're passing through MAKEFLAGS variables whose values may contain spaces, use the :Q modifier instead of double-quoting the value. This avoids breakage when executing the just-in-time su targets. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.9 2004/02/05 07:17:14 jlam Exp $ d22 1 a22 1 BUILDLINK_IS_BUILTIN.heimdal!= \ d28 3 a30 17 . endif MAKEFLAGS+= BUILDLINK_IS_BUILTIN.heimdal=${BUILDLINK_IS_BUILTIN.heimdal} .endif .if !empty(PREFER_PKGSRC:M[yY][eE][sS]) || \ !empty(PREFER_PKGSRC:Mheimdal) BUILDLINK_USE_BUILTIN.heimdal= NO .endif .if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal= YES .endif .if !defined(BUILDLINK_USE_BUILTIN.heimdal) . if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[nN][oO]) BUILDLINK_USE_BUILTIN.heimdal= NO . else d41 1 a41 1 . if !defined(_HEIMDAL_VERSION) d51 3 a53 3 . for _heimdal_version_ in ${_HEIMDAL_VERSIONS} . for _pattern_ in ${_HEIMDAL_${_heimdal_version_}} . if !empty(MACHINE_PLATFORM:M${_pattern_}) d55 2 a56 1 . endif a57 1 . endfor d59 1 a59 3 MAKEFLAGS+= _HEIMDAL_VERSION=${_HEIMDAL_VERSION} . endif d61 4 a64 4 BUILDLINK_USE_BUILTIN.heimdal?= YES . for _depend_ in ${BUILDLINK_DEPENDS.heimdal} . if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_USE_BUILTIN.heimdal!= \ d70 3 a72 2 . endif . endfor d74 16 a89 2 MAKEFLAGS+= \ BUILDLINK_USE_BUILTIN.heimdal=${BUILDLINK_USE_BUILTIN.heimdal} @ 1.9 log @Make PREFER_PKGSRC just yes/no or a list of packages. This makes it simpler to understand. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.8 2004/02/05 07:06:15 jlam Exp $ d29 1 a29 1 MAKEFLAGS+= BUILDLINK_IS_BUILTIN.heimdal="${BUILDLINK_IS_BUILTIN.heimdal}" d73 1 a73 1 MAKEFLAGS+= _HEIMDAL_VERSION="${_HEIMDAL_VERSION}" d90 1 a90 1 BUILDLINK_USE_BUILTIN.heimdal="${BUILDLINK_USE_BUILTIN.heimdal}" @ 1.8 log @Rename BUILDLINK_PREFER_PKGSRC to PREFER_PKGSRC so that we can use its value outside of buildlink-related files. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.7 2004/02/05 06:58:03 jlam Exp $ d32 2 a33 3 .if defined(PREFER_PKGSRC) . if empty(PREFER_PKGSRC) || !empty(PREFER_PKGSRC:M[yY][eE][sS]) || \ !empty(PREFER_PKGSRC:Mheimdal) a34 1 . endif @ 1.7 log @Support a new global variable: BUILDLINK_PREFER_PKGSRC This variable determines whether or not to prefer the pkgsrc versions of software that is also present in the base system. This variable is multi-state: defined, or "yes" always prefer the pkgsrc versions not defined, or "no" only use the pkgsrc versions if needed by dependency requirements This can also take a list of packages for which to prefer the pkgsrc-installed software. The package names may be found by consulting the value added to BUILDLINK_PACKAGES in the buildlink[23].mk files for that package. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.6 2004/02/02 11:30:45 jlam Exp $ d32 3 a34 4 .if defined(BUILDLINK_PREFER_PKGSRC) . if empty(BUILDLINK_PREFER_PKGSRC) || \ !empty(BUILDLINK_PREFER_PKGSRC:M[yY][eE][sS]) || \ !empty(BUILDLINK_PREFER_PKGSRC:Mheimdal) @ 1.6 log @Pretend that all versions of NetBSD newer than 1.6U have Heimdal-0.6. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.5 2004/01/24 03:12:32 jlam Exp $ d32 8 @ 1.5 log @Support BUILDLINK_DEPENDS. being a list of values. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.4 2004/01/13 00:00:32 jlam Exp $ d52 1 a52 1 _HEIMDAL_0.6= NetBSD-1.6[U-Z]-* NetBSD-1.6Z*-* @ 1.4 log @whitespace. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.3 2004/01/10 21:35:26 jlam Exp $ d10 1 a10 1 BUILDLINK_DEPENDS.heimdal?= heimdal>=0.4e d72 3 a74 1 _HEIMDAL_DEPENDS= ${BUILDLINK_DEPENDS.heimdal} d76 1 a76 1 if ${PKG_ADMIN} pmatch '${_HEIMDAL_DEPENDS}' ${_HEIMDAL_PKG}; then \ d81 2 d93 1 a93 1 BUILDLINK_DEPENDS.heimdal= heimdal>=0.6 @ 1.3 log @Back out previous. This doesn't work as expected and needs more thought. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.2 2004/01/10 19:44:16 jlam Exp $ d50 1 a50 1 .if !defined(_HEIMDAL_VERSION) d60 3 a62 3 . for _heimdal_version_ in ${_HEIMDAL_VERSIONS} . for _pattern_ in ${_HEIMDAL_${_heimdal_version_}} . if !empty(MACHINE_PLATFORM:M${_pattern_}) d64 3 a66 3 . endif . endfor . endfor d69 1 a69 1 .endif @ 1.2 log @The buildlink3 wrappers automatically remove -I/usr/include/* from the command line options. We need -I/usr/include/krb5 to build against heimdal, so symlink the headers in /usr/include/krb5 into ${BUILDLINK_DIR} so they can be found. @ text @d1 1 a1 1 # $NetBSD: buildlink3.mk,v 1.1.1.1 2004/01/10 14:56:45 jlam Exp $ d96 1 a96 3 . if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[yY][eE][sS]) BUILDLINK_FILES.heimdal= include/krb5/*.h . else @ 1.1 log @Initial revision @ text @d1 1 a1 1 # $NetBSD$ d96 3 a98 1 . if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO]) @ 1.1.1.1 log @Initial import of heimdal-0.6 into security/heimdal. Heimdal is a free implementation of Kerberos 5. Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is "unsafe". Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). All principals share a secret password (or key) with the Kerberos server and this enables principals to verify that the messages from the Kerberos server are authentic. Thus trusting the Kerberos server, users and services can authenticate each other. @ text @@