Date: Fri, 18 Sep 2009 11:50:45 +1000 (AEST) From: John Marshall <john.marshall@riverwillow.com.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/138929: [PATCH] security/heimdal update to 1.2.1 Message-ID: <200909180150.n8I1ojZw035788@rwsrv05.mby.riverwillow.net.au> Resent-Message-ID: <200909180440.n8I4e2x2010829@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138929 >Category: ports >Synopsis: [PATCH] security/heimdal update to 1.2.1 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Sep 18 04:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: John Marshall >Release: FreeBSD 8.0-BETA4 i386 >Organization: Riverwillow Pty Ltd >Environment: System: FreeBSD rwsrv05.mby.riverwillow.net.au 8.0-BETA4 FreeBSD 8.0-BETA4 #0: Mon Sep 7 12:24:09 AEST 2009 root@rwsrv05.mby.riverwillow.net.au:/spare/obj/usr/src/sys/RWSRV05 i386 >Description: This patch updates the heimdal-1.0.1_1 port to heimdal-1.2.1. It "works for me" on 7.2/i386 and 8.0/i386 and passes portlint. I needed to upgrade to Heimdal 1.2.1 on 8.0-BETA2 (base Heimdal is 1.1.0) to get GSSAPI authenticaion to work (through SASL) for the OpenLDAP server. Makefile: - I started with a patched Makefile which someone else had used: it included the LDFLAGS patch and IPV6 knob; so I left them there. - I removed the CFLAGS line to make portlint happy. - I removed the --without-krb4 CONFIGURE switch to make the build happy. I generated distinfo and the lists by following the porter's handbook: I hope I got it right! Any coaching to help get this in shape for a commit would be welcome. I think I've taken it as far as I can with my present level of experience. Thank you. >How-To-Repeat: >Fix: --- heimdal_101-121.diff begins here --- diff -urN heimdal/Makefile heimdal121/Makefile --- heimdal/Makefile 2009-09-02 13:27:29.000000000 +1000 +++ heimdal121/Makefile 2009-09-18 10:39:58.000000000 +1000 @@ -6,8 +6,7 @@ # PORTNAME= heimdal -PORTVERSION= 1.0.1 -PORTREVISION= 1 +PORTVERSION= 1.2.1 CATEGORIES= security ipv6 MASTER_SITES= http://ftp.pdc.kth.se/pub/heimdal/src/ \ ftp://ftp.pdc.kth.se/pub/heimdal/src/ \ @@ -22,13 +21,15 @@ OPTIONS+= LDAP "Use OpenLDAP as the KDC backend" off OPTIONS+= CRACKLIB "Use CrackLib for password quality checking" off OPTIONS+= X11 "Build X11 utilies" off +OPTIONS+= IPV6 "IPv6 enabled" off USE_AUTOTOOLS= libtool:22 USE_OPENSSL= yes GNU_CONFIGURE= yes USE_LDCONFIG= yes -CONFIGURE_ENV+= CFLAGS="${CFLAGS}" -CONFIGURE_ARGS+= --enable-shared --without-krb4 +LDFLAGS+= ${PTHREAD_LIBS} +CONFIGURE_ENV+= LDFLAGS="${LDFLAGS}" +CONFIGURE_ARGS+= --enable-shared INFO= heimdal hx509 PLIST= ${WRKDIR}/PLIST @@ -48,7 +49,6 @@ .if defined(WITH_LDAP) USE_OPENLDAP= yes CONFIGURE_ARGS+= --with-openldap=${LOCALBASE} -#EXTRA_PATCHES+= ${FILESDIR}/extrapatch-lib_hdb_hdb-ldap.c . if defined(LDAP_SOCKET_PATH) _SOCK= ${LDAP_SOCKET_PATH:C|/|%2f|g} . else @@ -68,6 +68,10 @@ CONFIGURE_ARGS+= --without-x .endif +.if !defined(WITH_IPV6) +CONFIGURE_ARGS+= --without-ipv6 +.endif + .if defined(HEIMDAL_HOME) PREFIX= ${HEIMDAL_HOME} .else diff -urN heimdal/Makefile.man heimdal121/Makefile.man --- heimdal/Makefile.man 2007-09-27 10:16:01.000000000 +1000 +++ heimdal121/Makefile.man 2009-09-18 10:33:14.000000000 +1000 @@ -8,15 +8,28 @@ MAN1+= klist.1 MAN1+= kpasswd.1 MAN1+= krb5-config.1 +MAN1+= kx.1 MAN1+= login.1 MAN1+= otp.1 MAN1+= otpprint.1 MAN1+= pagsh.1 MAN1+= pfrom.1 +MAN1+= rcp.1 MAN1+= rsh.1 +MAN1+= rxtelnet.1 +MAN1+= rxterm.1 MAN1+= su.1 MAN1+= telnet.1 +MAN1+= tenletxr.1 +MAN1+= xnlock.1 +MAN3+= ecalloc.3 MAN3+= editline.3 +MAN3+= emalloc.3 +MAN3+= eread.3 +MAN3+= erealloc.3 +MAN3+= esetenv.3 +MAN3+= estrdup.3 +MAN3+= ewrite.3 MAN3+= getarg.3 MAN3+= gss_accept_sec_context.3 MAN3+= gss_acquire_cred.3 @@ -333,12 +346,14 @@ MAN3+= krb5_make_addrport.3 MAN3+= krb5_max_sockaddr_size.3 MAN3+= krb5_mcc_ops.3 +MAN3+= krb5_mk_priv.3 MAN3+= krb5_mk_rep.3 MAN3+= krb5_mk_rep_exact.3 MAN3+= krb5_mk_rep_extended.3 MAN3+= krb5_mk_req.3 MAN3+= krb5_mk_req_exact.3 MAN3+= krb5_mk_req_extended.3 +MAN3+= krb5_mk_safe.3 MAN3+= krb5_openlog.3 MAN3+= krb5_padata_add.3 MAN3+= krb5_parse_address.3 @@ -380,9 +395,11 @@ MAN3+= krb5_rc_store.3 MAN3+= krb5_rcache.3 MAN3+= krb5_rd_error.3 +MAN3+= krb5_rd_priv.3 MAN3+= krb5_rd_rep.3 MAN3+= krb5_rd_req.3 MAN3+= krb5_rd_req_with_keyblock.3 +MAN3+= krb5_rd_safe.3 MAN3+= krb5_realm_compare.3 MAN3+= krb5_ret_address.3 MAN3+= krb5_ret_addrs.3 @@ -510,6 +527,8 @@ MAN5+= ftpusers.5 MAN5+= krb5.conf.5 MAN5+= login.access.5 +MAN5+= mech.5 +MAN5+= qop.5 MAN8+= ftpd.8 MAN8+= hprop.8 MAN8+= hpropd.8 @@ -526,22 +545,13 @@ MAN8+= kpasswdd.8 MAN8+= kstash.8 MAN8+= ktutil.8 +MAN8+= kxd.8 MAN8+= popper.8 MAN8+= push.8 MAN8+= rshd.8 MAN8+= string2key.8 MAN8+= telnetd.8 MAN8+= verify_krb5_conf.8 -# Heimdal 0.6 seems to install these man pages even if --without-x. -# I'll not move these around yet, in case this gets fixed. -#.if defined(USE_XLIB) -MAN1+= kx.1 -MAN1+= rxtelnet.1 -MAN1+= rxterm.1 -MAN1+= tenletxr.1 -MAN1+= xnlock.1 -MAN8+= kxd.8 -#.endif MLINKS+= getarg.3 arg_printusage.3 MLINKS+= kafs.3 k_afs_cell_of_file.3 MLINKS+= kafs.3 k_hasafs.3 diff -urN heimdal/distinfo heimdal121/distinfo --- heimdal/distinfo 2007-09-27 10:16:01.000000000 +1000 +++ heimdal121/distinfo 2009-09-18 10:33:14.000000000 +1000 @@ -1,6 +1,3 @@ -MD5 (heimdal-1.0.1.tar.gz) = 498e24f52b4f2e658e31f728a1279769 -SHA256 (heimdal-1.0.1.tar.gz) = b46222d18d52eb0b2f6e0959b4a047a4f4d992600a8d0fbe2f834c6c7fc54cc2 -SIZE (heimdal-1.0.1.tar.gz) = 3398032 -MD5 (heimdal-0.7.2-setuid-patch.txt) = b4413b9b8be35c87bf4b2f314047946c -SHA256 (heimdal-0.7.2-setuid-patch.txt) = 5609bb6c97c7a0863881613ae985838b2dcdbaf5fc254dd890b2babfd39404e8 -SIZE (heimdal-0.7.2-setuid-patch.txt) = 7357 +MD5 (heimdal-1.2.1.tar.gz) = 6e5028077e2a6b101a4a72801ba71b9e +SHA256 (heimdal-1.2.1.tar.gz) = 4e32be8d42824f2c58dffa435300e2dd0f0c3bbc6931afcbd450122067f76493 +SIZE (heimdal-1.2.1.tar.gz) = 5234882 diff -urN heimdal/files/patch-lib__hdb__hdb-ldap.c heimdal121/files/patch-lib__hdb__hdb-ldap.c --- heimdal/files/patch-lib__hdb__hdb-ldap.c 2009-09-02 13:27:29.000000000 +1000 +++ heimdal121/files/patch-lib__hdb__hdb-ldap.c 1970-01-01 10:00:00.000000000 +1000 @@ -1,11 +0,0 @@ ---- lib/hdb/hdb-ldap.c 2008-10-12 01:15:38.000000000 +0000 -+++ lib/hdb/hdb-ldap.c 2008-10-12 01:15:55.000000000 +0000 -@@ -222,7 +222,7 @@ - - (*modlist)[cMods]->mod_bvalues = bv; - -- bv[i] = ber_memalloc(sizeof(*bv));; -+ bv[i] = ber_memalloc(sizeof(**bv));; - if (bv[i] == NULL) - return ENOMEM; - diff -urN heimdal/pkg-plist heimdal121/pkg-plist --- heimdal/pkg-plist 2007-11-13 10:27:08.000000000 +1100 +++ heimdal121/pkg-plist 2009-09-18 10:33:14.000000000 +1000 @@ -1,8 +1,8 @@ -bin/mk_cmds bin/afslog bin/ftp bin/gss bin/hxtool +bin/idn-lookup bin/kauth bin/kdestroy bin/kf @@ -11,6 +11,7 @@ bin/klist bin/kpasswd bin/krb5-config +bin/kswitch bin/login bin/otp bin/otpprint @@ -36,24 +37,6 @@ include/gssapi/gssapi.h include/gssapi/gssapi_krb5.h include/gssapi/gssapi_spnego.h -%%HCRYPTO%%include/hcrypto/aes.h -%%HCRYPTO%%include/hcrypto/bn.h -%%HCRYPTO%%include/hcrypto/des.h -%%HCRYPTO%%include/hcrypto/dh.h -%%HCRYPTO%%include/hcrypto/dsa.h -%%HCRYPTO%%include/hcrypto/engine.h -%%HCRYPTO%%include/hcrypto/evp.h -%%HCRYPTO%%include/hcrypto/hmac.h -%%HCRYPTO%%include/hcrypto/md2.h -%%HCRYPTO%%include/hcrypto/md4.h -%%HCRYPTO%%include/hcrypto/md5.h -%%HCRYPTO%%include/hcrypto/pkcs12.h -%%HCRYPTO%%include/hcrypto/rand.h -%%HCRYPTO%%include/hcrypto/rc2.h -%%HCRYPTO%%include/hcrypto/rc4.h -%%HCRYPTO%%include/hcrypto/rsa.h -%%HCRYPTO%%include/hcrypto/sha.h -%%HCRYPTO%%include/hcrypto/ui.h include/hdb-protos.h include/hdb.h include/hdb_asn1.h @@ -99,8 +82,12 @@ include/roken.h include/rtbl.h include/sl.h -include/ss/ss.h +include/wind.h +include/wind_err.h include/xdbm.h +info/dir +info/heimdal.info +info/hx509.info lib/libasn1.a lib/libasn1.la lib/libasn1.so @@ -113,10 +100,6 @@ lib/libgssapi.la lib/libgssapi.so lib/libgssapi.so.2 -%%HCRYPTO%%lib/libhcrypto.a -%%HCRYPTO%%lib/libhcrypto.la -%%HCRYPTO%%lib/libhcrypto.so -%%HCRYPTO%%lib/libhcrypto.so.5 lib/libhdb.a lib/libhdb.la lib/libhdb.so @@ -128,7 +111,7 @@ lib/libhx509.a lib/libhx509.la lib/libhx509.so -lib/libhx509.so.2 +lib/libhx509.so.4 lib/libkadm5clnt.a lib/libkadm5clnt.la lib/libkadm5clnt.so @@ -148,7 +131,7 @@ lib/libkrb5.a lib/libkrb5.la lib/libkrb5.so -lib/libkrb5.so.23 +lib/libkrb5.so.25 lib/libotp.a lib/libotp.la lib/libotp.so @@ -161,10 +144,11 @@ lib/libsl.la lib/libsl.so lib/libsl.so.2 -lib/libss.a -lib/libss.la -lib/libss.so -lib/libss.so.1 +lib/libwind.a +lib/libwind.la +lib/libwind.so +lib/libwind.so.0 +lib/pkgconfig/heimdal-gssapi.pc lib/windc.a lib/windc.la lib/windc.so @@ -189,9 +173,8 @@ sbin/kadmin sbin/kstash sbin/ktutil -@dirrm include/ss +@dirrm lib/pkgconfig @dirrm include/krb5 @dirrm include/kadm5 -%%HCRYPTO%%@dirrm include/hcrypto @dirrm include/gssapi @dirrm include/roken --- heimdal_101-121.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909180150.n8I1ojZw035788>