Date: Wed, 26 Feb 2003 18:35:05 -0600 (CST) From: "Scot W. Hetzel" <hetzels@westbend.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/48731: security/cyrus-sasl: Fix build of Kerberos 4 and Kerberos 5 mechs Message-ID: <200302270035.h1R0Z5QF023721@WBIw009.westbend.net>
next in thread | raw e-mail | index | archive | help
>Number: 48731 >Category: ports >Synopsis: security/cyrus-sasl: Fix build of Kerberos 4 and Kerberos 5 mechs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Feb 26 16:40:03 PST 2003 >Closed-Date: >Last-Modified: >Originator: Scot W. Hetzel >Release: FreeBSD 4.7-STABLE i386 >Organization: West Bend Internet >Environment: System: FreeBSD WBIw009.westbend.net 4.7-STABLE FreeBSD 4.7-STABLE #0: Mon Feb 17 22:11:48 CST 2003 root@WBIw009.westbend.net:/usr/obj/usr/src/src4/sys/GENERIC-SMP i386 >Description: The build of the Kerberos 4 mechs was broken due to the openssl version upgrade had changed a function to a macro. This ibreakage was reported by patrick as an additional comment PR 48442. The automatic building of the KERBEROS_V4 mech, if /usr/lib/libkrb.a is found, now depends on setting MAKE_KERBEROS4 in /etc/make.conf. Also, the GSSAPI mech is broken, due to the configure script detects the wrong version of Kerberos 5 (MIT instead of Hemidal) in the base system. Previously, the building of the GSSAPI mech depended on the setting of either KRB5_HOME or HEIMDAL_HOME in /etc/make.conf. I have added a check that if /usr/lib/libkrb5.a is found and MAKE_KERBEROS5 is set in /etc/make.conf, then the GSSAPI mech is automaticly activated. It is also overrideable by the *_HOME variables. >How-To-Repeat: Make sure that the Kerberos 4 & 5 libraries are installed from the base system. Then build the port and see it fail in building the Kerberos 4 mech. To see the Kerberos 5 build failure, disable the krb4 CONFIGURE_ARGS, and then use 'make configure KRB5_HOME=/usr' to see that the GSSAPI mech thinks it is building with MIT, instead of Heimdal. When the 'make build' is used it will fail in building the GSSAPI mech, as it is wants libgssapi_krb5.*. >Fix: Changed Files: Makefile files/patch-ab New Files: files/patch-plugins::kerberos4.c Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/Makefile,v retrieving revision 1.49 diff -u -r1.49 Makefile --- Makefile 26 Feb 2003 11:25:55 -0000 1.49 +++ Makefile 26 Feb 2003 23:56:07 -0000 @@ -7,7 +7,7 @@ PORTNAME= cyrus-sasl PORTVERSION= 1.5.28 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/%SUBDIR%/ \ ftp://ftp.westbend.net/pub/cyrus-mail/%SUBDIR%/ \ @@ -80,12 +80,14 @@ CONFIGURE_ARGS+= --enable-gssapi=${KRB5_HOME} .elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}) CONFIGURE_ARGS+= --enable-gssapi=${HEIMDAL_HOME} +.elif exists(/usr/lib/libkrb5.a) && defined(MAKE_KERBEROS5) +CONFIGURE_ARGS+= --enable-gssapi .else CONFIGURE_ARGS+= --disable-gssapi GSSAPI= "@comment " .endif -.if exists(/usr/lib/libkrb.a) +.if exists(/usr/lib/libkrb.a) && defined(MAKE_KERBEROS4) CONFIGURE_ARGS+= --enable-krb4 .else CONFIGURE_ARGS+= --disable-krb4 Index: files/patch-ab =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/patch-ab,v retrieving revision 1.15 diff -u -r1.15 patch-ab --- files/patch-ab 26 Feb 2003 11:25:55 -0000 1.15 +++ files/patch-ab 26 Feb 2003 23:22:21 -0000 @@ -1,5 +1,5 @@ ---- configure.in.orig Tue Feb 18 13:18:11 2003 -+++ configure.in Tue Feb 18 14:34:11 2003 +--- configure.in.orig Wed Feb 26 23:00:39 2003 ++++ configure.in Wed Feb 26 23:22:03 2003 @@ -66,8 +66,12 @@ dnl check for -R, etc. switch CMU_GUESS_RUNPATH_SWITCH @@ -104,3 +104,41 @@ AC_SUBST(LIB_DES) +@@ -563,8 +595,8 @@ + AC_CHECK_HEADER(krb.h, + AC_CHECK_LIB(com_err, com_err, + AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="-lcom_err", +- krb4=no, -ldes -lcom_err), +- AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", krb4=no, -ldes))) ++ krb4=no, ${LIB_DES} -lcom_err), ++ AC_CHECK_LIB(krb, krb_mk_priv, COM_ERR="", krb4=no, ${LIB_DES}))) + + else + AC_WARN(No DES library found for Kerberos V4 support) +@@ -592,7 +624,7 @@ + AC_MSG_RESULT(enabled) + SASL_MECHS="$SASL_MECHS libkerberos4.la" + AC_DEFINE(HAVE_KRB) +- SASL_KRB_LIB="-lkrb -ldes $COM_ERR" ++ SASL_KRB_LIB="-lkrb $LIB_DES $COM_ERR" + AC_SUBST(SASL_KRB_LIB) + else + AC_MSG_RESULT(disabled) +@@ -631,7 +663,7 @@ + + # the base64_decode check fails because libroken has dependencies + # FIXME: this is probabally non-optimal as well +- AC_CHECK_LIB(krb5,krb5_vlog,gss_impl="heimdal",,) ++ AC_CHECK_LIB(krb5,krb5_vlog,gss_impl="heimdal",, -lasn1 ${LIB_DES} -lroken ${LIB_CRYPT} -lcom_err) + # AC_CHECK_LIB(roken,base64_decode,gss_impl="heimdal",, $LIB_CRYPT) + + if test -d ${gssapi}; then +@@ -641,7 +673,7 @@ + if test "$gss_impl" = mit; then + GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" + elif test "$gss_impl" = "heimdal"; then +- GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -ldes -lasn1 -lroken ${LIB_CRYPT} -lcom_err" ++ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 ${LIB_DES} -lasn1 -lroken ${LIB_CRYPT} -lcom_err" + else + gssapi="no" + AC_WARN(Disabling GSSAPI) Index: files/patch-plugins::kerberos4.c =================================================================== RCS file: files/patch-plugins::kerberos4.c diff -N files/patch-plugins::kerberos4.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-plugins::kerberos4.c 26 Feb 2003 22:46:29 -0000 @@ -0,0 +1,48 @@ +--- plugins/kerberos4.c.orig Wed Feb 26 22:20:04 2003 ++++ plugins/kerberos4.c Wed Feb 26 22:30:25 2003 +@@ -711,14 +730,18 @@ + #ifdef __FreeBSD__ + des_pcbc_encrypt((const unsigned char *)in, + (unsigned char *)in, ++ clientinlen, ++ text->init_keysched, ++ &text->session, ++ DES_DECRYPT); + #else + des_pcbc_encrypt((des_cblock *)in, + (des_cblock *)in, +-#endif + clientinlen, + text->init_keysched, + &text->session, + DES_DECRYPT); ++#endif + + testnum=(in[0]*256*256*256)+(in[1]*256*256)+(in[2]*256)+in[3]; + +@@ -1255,18 +1278,22 @@ + len++; + } + sout[len]=0; ++ + #ifdef __FreeBSD__ + des_pcbc_encrypt((const unsigned char *)sout, +- (unsigned char *)sout, ++ (unsigned char *)sout, ++ len, ++ text->init_keysched, ++ (des_cblock *)text->session, ++ DES_ENCRYPT); + #else +- + des_pcbc_encrypt((des_cblock *)sout, + (des_cblock *)sout, +-#endif + len, + text->init_keysched, + (des_cblock *)text->session, + DES_ENCRYPT); ++#endif + + *clientout = params->utils->malloc(len); + memcpy((char *) *clientout, sout, len); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302270035.h1R0Z5QF023721>