Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Jun 2023 18:41:23 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 49e70b32f3d1 - main - security/krb5-121: Welcome new krb5 1.21
Message-ID:  <202306061841.356IfNk4026246@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=49e70b32f3d1610c7a398e8f82343935362d6466

commit 49e70b32f3d1610c7a398e8f82343935362d6466
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-06-06 18:08:55 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-06-06 18:35:40 +0000

    security/krb5-121: Welcome new krb5 1.21
    
    Welcome the new krb5-121 (1.21) from MIT.
    
    krb5-119 is now deprecated and scheduled for removal a year from
    now.
---
 security/Makefile                                  |   1 +
 security/krb5-119/Makefile                         |   3 +
 security/krb5-121/Makefile                         | 146 +++++++++++++++++
 security/krb5-121/distinfo                         |   3 +
 security/krb5-121/files/kdc.in                     |   4 +
 security/krb5-121/files/kpropd.in                  |  26 +++
 .../krb5-121/files/patch-clients__ksu__Makefile.in |  18 +++
 security/krb5-121/files/patch-config__pre.in       |  23 +++
 security/krb5-121/files/patch-config__shlib.conf   |  22 +++
 .../krb5-121/files/patch-lib-krb5-os-localaddr.c   |  75 +++++++++
 .../files/patch-lib__gssapi__krb5__import_name.c   |  14 ++
 ...lugins_preauth_pkinit_pkinit__crypto__openssl.c |  43 +++++
 security/krb5-121/pkg-descr                        |  22 +++
 security/krb5-121/pkg-plist                        | 178 +++++++++++++++++++++
 14 files changed, 578 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index 4eea6943f296..815ce6240119 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -265,6 +265,7 @@
     SUBDIR += krb5-118
     SUBDIR += krb5-119
     SUBDIR += krb5-120
+    SUBDIR += krb5-121
     SUBDIR += krb5-appl
     SUBDIR += krb5-devel
     SUBDIR += kstart
diff --git a/security/krb5-119/Makefile b/security/krb5-119/Makefile
index 5b295da36e8d..9e708d614760 100644
--- a/security/krb5-119/Makefile
+++ b/security/krb5-119/Makefile
@@ -6,6 +6,9 @@ MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-
 PKGNAMESUFFIX=		-119
 .endif
 
+DEPECATED=		Desupported by MIT following 1.21
+EXPIRY=			2024-06-06
+
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 PATCH_DIST_STRIP=	-p2
 
diff --git a/security/krb5-121/Makefile b/security/krb5-121/Makefile
new file mode 100644
index 000000000000..5f593293f08a
--- /dev/null
+++ b/security/krb5-121/Makefile
@@ -0,0 +1,146 @@
+PORTNAME=		krb5
+PORTVERSION=		1.21
+CATEGORIES=		security
+MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
+.if !defined(MASTERDIR)
+PKGNAMESUFFIX=		-121
+.endif
+
+PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
+PATCH_DIST_STRIP=	-p2
+
+MAINTAINER=		cy@FreeBSD.org
+COMMENT=		MIT implementation of RFC 4120 network authentication service
+WWW=			https://web.mit.edu/kerberos/
+
+LICENSE=		MIT
+
+CONFLICTS=		heimdal krb5 krb5-11* krb5-120
+CONFLICTS_BUILD=	boringssl
+
+KERBEROSV_URL=		http://web.mit.edu/kerberos/
+USES=			compiler:c++11-lang cpe gmake gettext-runtime \
+			gssapi:bootstrap,mit libtool:build localbase \
+			perl5 pkgconfig ssl
+USE_CSTD=		gnu99
+USE_LDCONFIG=		yes
+USE_PERL5=		build
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS?=	--enable-shared --without-system-verto \
+			--disable-rpath --localstatedir="${PREFIX}/var" \
+			--runstatedir="${PREFIX}/var/run"
+CONFIGURE_ENV=		INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}"
+MAKE_ARGS=		INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}"
+
+CPE_VENDOR=		mit
+CPE_VERSION=		5-${PORTVERSION}
+CPE_PRODUCT=		kerberos
+
+OPTIONS_DEFINE=		EXAMPLES NLS KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP LMDB
+OPTIONS_DEFAULT=	KRB5_PDF KRB5_HTML READLINE
+OPTIONS_RADIO=		CMD_LINE_EDITING
+OPTIONS_RADIO_CMD_LINE_EDITING=	READLINE LIBEDIT
+CMD_LINE_EDITING_DESC=	Command line editing for kadmin and ktutil
+KRB5_PDF_DESC=		Install krb5 PDF documentation
+KRB5_HTML_DESC=		Install krb5 HTML documentation
+DNS_FOR_REALM_DESC=	Enable DNS lookups for Kerberos realm names
+DNS_FOR_REALM_CONFIGURE_ENABLE=	dns-for-realm
+LDAP=			Enable LDAP support
+LDAP_USES=		ldap
+LDAP_CONFIGURE_WITH=	ldap
+LMDB_DESC=		OpenLDAP Lightning Memory-Mapped Database support
+LMDB_CONFIGURE_WITH=	lmdb
+LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
+LMDB_IMPLIES=		LDAP
+NLS_USES=		gettext
+READLINE_USES=		readline
+READLINE_CONFIGURE_WITH=readline
+LIBEDIT_USES=		libedit
+LIBEDIT_CONFIGURE_WITH=	libedit
+
+.if defined(KRB5_HOME)
+PREFIX=			${KRB5_HOME}
+.endif
+CPPFLAGS+=		-I${OPENSSLINC}
+LDFLAGS+=		-L${OPENSSLLIB}
+
+USE_RC_SUBR=		kpropd
+OPTIONS_SUB=		yes
+WRKSRC_SUBDIR=		src
+PORTEXAMPLES=		kdc.conf krb5.conf services.append
+
+.include <bsd.port.options.mk>
+
+# Fix up -Wl,-rpath in LDFLAGS
+.if !empty(KRB5_HOME)
+_RPATH=	${KRB5_HOME}/lib:
+.else
+_RPATH=	${LOCALBASE}/lib:
+.endif
+.if !empty(LDFLAGS:M-Wl,-rpath,*)
+.for F in ${LDFLAGS:M-Wl,-rpath,*}
+LDFLAGS:=	-Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \
+		${LDFLAGS:N-Wl,-rpath,*}
+.endfor
+.endif
+
+.if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE}
+BROKEN=			LIB_DEPENDS when using KRB5_HOME is broken
+.endif
+
+.if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
+CONFIGURE_ARGS+=	--program-transform-name="${PROGRAM_TRANSFORM_NAME}"
+.endif
+
+HTML_DOC_DIR=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html
+PDF_DOC_DIR=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf
+
+.include <bsd.port.pre.mk>
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5
+	@${SED} "s|%%PREFIX%%|${PREFIX}|" ${FILESDIR}/kdc.in > ${STAGEDIR}${PREFIX}/sbin/kdc; \
+	${CHMOD} +x ${STAGEDIR}${PREFIX}/sbin/kdc
+# html documentation
+.if ${PORT_OPTIONS:MKRB5_PDF}
+	pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d`
+	pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d`
+	for i in $${pdf_dirs}; do \
+		${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \
+	done; \
+	for i in $${pdf_files}; do \
+		${INSTALL_DATA} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \
+		${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \
+	done
+.endif
+.if ${PORT_OPTIONS:MKRB5_HTML}
+	html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources`
+	html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources`
+	for i in $${html_dirs}; do \
+		${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \
+	done; \
+	for i in $${html_files}; do \
+		${INSTALL_DATA} $${i} ${PREFIX}/share/doc/krb5/$${i}; \
+		${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \
+	done
+.endif
+.if ${PORT_OPTIONS:MKRB5_PDF}
+	for i in $${pdf_dirs}; do \
+		${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \
+	done | ${TAIL} -r >> ${TMPPLIST}
+.endif
+.if ${PORT_OPTIONS:MKRB5_HTML}
+	for i in $${html_dirs}; do \
+		${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \
+	done | ${TAIL} -r >> ${TMPPLIST}
+.endif
+	${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST}
+
+post-install-LDAP-on:
+	${MKDIR} ${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \
+		${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \
+		${STAGEDIR}${DATADIR}
+
+.include <bsd.port.post.mk>
diff --git a/security/krb5-121/distinfo b/security/krb5-121/distinfo
new file mode 100644
index 000000000000..8683ef9cde1e
--- /dev/null
+++ b/security/krb5-121/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1686074406
+SHA256 (krb5-1.21.tar.gz) = 69f8aaff85484832df67a4bbacd99b9259bd95aab8c651fbbe65cdc9620ea93b
+SIZE (krb5-1.21.tar.gz) = 8622539
diff --git a/security/krb5-121/files/kdc.in b/security/krb5-121/files/kdc.in
new file mode 100644
index 000000000000..d462d45d47f6
--- /dev/null
+++ b/security/krb5-121/files/kdc.in
@@ -0,0 +1,4 @@
+#!/bin/sh -
+
+set -- $(echo "$*" | sed 's/--detach//')
+exec %%PREFIX%%/sbin/krb5kdc "$@"
diff --git a/security/krb5-121/files/kpropd.in b/security/krb5-121/files/kpropd.in
new file mode 100644
index 000000000000..d2147af059d7
--- /dev/null
+++ b/security/krb5-121/files/kpropd.in
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# PROVIDE: kpropd
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# kpropd_enable (bool):      Set to NO by default.
+#                            Set it to YES to enable kpropd.
+# kpropd_flags (str):        Set to "" by default.
+
+. /etc/rc.subr
+
+name=kpropd
+rcvar=kpropd_enable
+
+load_rc_config $name
+
+: ${kpropd_enable:="NO"}
+: ${kpropd_flags=""}
+
+command=%%PREFIX%%/sbin/${name}
+
+run_rc_command "$1"
diff --git a/security/krb5-121/files/patch-clients__ksu__Makefile.in b/security/krb5-121/files/patch-clients__ksu__Makefile.in
new file mode 100644
index 000000000000..3544db84fc2c
--- /dev/null
+++ b/security/krb5-121/files/patch-clients__ksu__Makefile.in
@@ -0,0 +1,18 @@
+--- clients/ksu/Makefile.in.orig	2019-05-21 14:09:23.000000000 -0700
++++ clients/ksu/Makefile.in	2019-05-21 20:30:48.612847000 -0700
+@@ -1,6 +1,6 @@
+ mydir=clients$(S)ksu
+ BUILDTOP=$(REL)..$(S)..
+-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"'
++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/sbin /bin /usr/sbin /usr/bin"' -DDEBUG
+ 
+ KSU_LIBS=@KSU_LIBS@
+ 
+@@ -30,6 +30,6 @@
+ 
+ install:
+ 	-for f in ksu; do \
+-	  $(INSTALL_SETUID) $$f \
++	  $(INSTALL_PROGRAM) $$f \
+ 		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+ 	done
diff --git a/security/krb5-121/files/patch-config__pre.in b/security/krb5-121/files/patch-config__pre.in
new file mode 100644
index 000000000000..8527c550dc25
--- /dev/null
+++ b/security/krb5-121/files/patch-config__pre.in
@@ -0,0 +1,23 @@
+--- config/pre.in.orig	2014-10-15 16:55:10.000000000 -0700
++++ config/pre.in	2015-02-04 12:43:45.693875606 -0800
+@@ -178,9 +178,9 @@
+ INSTALL=@INSTALL@
+ INSTALL_STRIP=
+ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
+-INSTALL_SCRIPT=@INSTALL_PROGRAM@
++INSTALL_SCRIPT=@INSTALL_SCRIPT@
+ INSTALL_DATA=@INSTALL_DATA@
+-INSTALL_SHLIB=@INSTALL_SHLIB@
++INSTALL_SHLIB=$(INSTALL_LIB)
+ INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
+ ## This is needed because autoconf will sometimes define @exec_prefix@ to be
+ ## ${prefix}.
+@@ -197,7 +197,7 @@
+ ADMIN_BINDIR = @sbindir@
+ SERVER_BINDIR = @sbindir@
+ CLIENT_BINDIR =@bindir@
+-PKGCONFIG_DIR = @libdir@/pkgconfig
++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig
+ ADMIN_MANDIR = $(KRB5MANROOT)/man8
+ SERVER_MANDIR = $(KRB5MANROOT)/man8
+ CLIENT_MANDIR = $(KRB5MANROOT)/man1
diff --git a/security/krb5-121/files/patch-config__shlib.conf b/security/krb5-121/files/patch-config__shlib.conf
new file mode 100644
index 000000000000..3697783e47be
--- /dev/null
+++ b/security/krb5-121/files/patch-config__shlib.conf
@@ -0,0 +1,22 @@
+--- config/shlib.conf.orig	2015-05-08 16:27:02.000000000 -0700
++++ config/shlib.conf	2015-10-20 21:54:39.834348929 -0700
+@@ -320,14 +320,15 @@
+ 			PICFLAGS=-fpic
+ 			;;
+ 	esac
+-	SHLIBVEXT='.so.$(LIBMAJOR)'
+-	RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
++	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
++	SHLIBSEXT='.so.$(LIBMAJOR)'
++	LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)'
++	RPATH_FLAG='-Wl,-rpath -Wl,'
+ 	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+ 	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+ 	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+ 	SHLIBEXT=.so
+-	LDCOMBINE='ld -Bshareable'
+-	SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
++	SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
+ 	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+ 	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+ 	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
diff --git a/security/krb5-121/files/patch-lib-krb5-os-localaddr.c b/security/krb5-121/files/patch-lib-krb5-os-localaddr.c
new file mode 100644
index 000000000000..06b6043f22c9
--- /dev/null
+++ b/security/krb5-121/files/patch-lib-krb5-os-localaddr.c
@@ -0,0 +1,75 @@
+--- lib/krb5/os/localaddr.c.orig	2009-10-30 20:17:27.000000000 -0700
++++ lib/krb5/os/localaddr.c	2010-04-19 12:39:56.707090973 -0700
+@@ -175,6 +175,7 @@
+ }
+ #endif
+ 
++#if 0
+ static int
+ is_loopback_address(struct sockaddr *sa)
+ {
+@@ -191,6 +192,7 @@
+         return 0;
+     }
+ }
++#endif
+ 
+ #ifdef HAVE_IFADDRS_H
+ #include <ifaddrs.h>
+@@ -467,12 +469,14 @@
+             ifp->ifa_flags &= ~IFF_UP;
+             continue;
+         }
++#if 0
+         if (is_loopback_address(ifp->ifa_addr)) {
+             /* Pretend it's not up, so the second pass will skip
+                it.  */
+             ifp->ifa_flags &= ~IFF_UP;
+             continue;
+         }
++#endif
+         /* If this address is a duplicate, punt.  */
+         match = 0;
+         for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
+@@ -601,11 +605,13 @@
+             }
+             /*@=moduncon@*/
+ 
++#if 0
+             /* None of the current callers want loopback addresses.  */
+             if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
+                 Tprintf (("  loopback\n"));
+                 goto skip;
+             }
++#endif
+             /* Ignore interfaces that are down.  */
+             if ((lifreq.lifr_flags & IFF_UP) == 0) {
+                 Tprintf (("  down\n"));
+@@ -772,11 +778,13 @@
+             }
+             /*@=moduncon@*/
+ 
++#if 0
+             /* None of the current callers want loopback addresses.  */
+             if (is_loopback_address(&lifr->iflr_addr)) {
+                 Tprintf (("  loopback\n"));
+                 goto skip;
+             }
++#endif
+             /* Ignore interfaces that are down.  */
+             if ((lifreq.iflr_flags & IFF_UP) == 0) {
+                 Tprintf (("  down\n"));
+@@ -987,11 +995,13 @@
+         }
+         /*@=moduncon@*/
+ 
++#if 0
+         /* None of the current callers want loopback addresses.  */
+         if (is_loopback_address(&ifreq.ifr_addr)) {
+             Tprintf (("  loopback\n"));
+             goto skip;
+         }
++#endif
+         /* Ignore interfaces that are down.  */
+         if ((ifreq.ifr_flags & IFF_UP) == 0) {
+             Tprintf (("  down\n"));
diff --git a/security/krb5-121/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-121/files/patch-lib__gssapi__krb5__import_name.c
new file mode 100644
index 000000000000..40f116af2196
--- /dev/null
+++ b/security/krb5-121/files/patch-lib__gssapi__krb5__import_name.c
@@ -0,0 +1,14 @@
+--- lib/gssapi/krb5/import_name.c.orig	Mon Jul 18 15:12:42 2005
++++ lib/gssapi/krb5/import_name.c	Tue Nov  8 09:53:58 2005
+@@ -33,6 +33,11 @@
+ #endif
+ #endif
+ 
++#include <sys/param.h>
++#if __FreeBSD_version < 500100
++#include <stdio.h>
++#endif
++
+ #ifdef HAVE_STRING_H
+ #include <string.h>
+ #else
diff --git a/security/krb5-121/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-121/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
new file mode 100644
index 000000000000..71d27a31b406
--- /dev/null
+++ b/security/krb5-121/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
@@ -0,0 +1,43 @@
+--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig	2022-10-17 09:52:43 UTC
++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -184,6 +184,17 @@ pkcs11err(int err);
+     (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++
++/*
++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we
++ * need for PKINIT.  For 1.0 we must use the original DH type when creating
++ * EVP_PKEY objects.
++ */
++#define EVP_PKEY_DHX EVP_PKEY_DH
++#define d2i_DHxparams d2i_DHparams
++#endif
++
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 
+ /* 1.1 standardizes constructor and destructor names, renaming
+@@ -193,13 +204,6 @@ pkcs11err(int err);
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+ #define ASN1_STRING_get0_data ASN1_STRING_data
+ 
+-/*
+- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we
+- * need for PKINIT.  For 1.0 we must use the original DH type when creating
+- * EVP_PKEY objects.
+- */
+-#define EVP_PKEY_DHX EVP_PKEY_DH
+-
+ /* 1.1 makes many handle types opaque and adds accessors.  Add compatibility
+  * versions of the new accessors we use for pre-1.1. */
+ 
+@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx)
+ {
+     EVP_PKEY_CTX_set_dh_pad(ctx, 1);
+ }
+-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ static void
+ set_padded_derivation(EVP_PKEY_CTX *ctx)
+ {
diff --git a/security/krb5-121/pkg-descr b/security/krb5-121/pkg-descr
new file mode 100644
index 000000000000..04d20cac8766
--- /dev/null
+++ b/security/krb5-121/pkg-descr
@@ -0,0 +1,22 @@
+Kerberos V5 is an authentication system developed at MIT.
+Abridged from the User Guide:
+       Under Kerberos, a client sends a request for a ticket to the
+   Key Distribution Center (KDC). The KDC creates a ticket-granting
+   ticket (TGT) for the client, encrypts it using the client's
+   password as the key, and sends the encrypted TGT back to the
+   client. The client then attempts to decrypt the TGT, using
+   its password. If the client successfully decrypts the TGT, it
+   keeps the decrypted TGT, which indicates proof of the client's
+   identity. The TGT permits the client to obtain additional tickets,
+   which give permission for specific services.
+       Since Kerberos negotiates authenticated, and optionally encrypted,
+   communications between two points anywhere on the internet, it
+   provides a layer of security that is not dependent on which side of a
+   firewall either client is on.
+       The Kerberos V5 package is designed to be easy to use. Most of the
+   commands are nearly identical to UNIX network programs you are already
+   used to. Kerberos V5 is a single-sign-on system, which means that you
+   have to type your password only once per session, and Kerberos does
+   the authenticating and encrypting transparently.
+
+Jacques Vidrine <n@nectar.com>
diff --git a/security/krb5-121/pkg-plist b/security/krb5-121/pkg-plist
new file mode 100644
index 000000000000..11b1e585bfa0
--- /dev/null
+++ b/security/krb5-121/pkg-plist
@@ -0,0 +1,178 @@
+bin/compile_et
+bin/gss-client
+bin/k5srvutil
+bin/kadmin
+bin/kdestroy
+bin/kinit
+bin/klist
+bin/kpasswd
+bin/krb5-config
+@mode 04755
+@owner root
+@group wheel
+bin/ksu
+@mode
+@owner root
+@group wheel
+bin/kswitch
+bin/ktutil
+bin/kvno
+bin/sclient
+bin/sim_client
+bin/uuclient
+include/com_err.h
+include/gssapi.h
+include/gssapi/gssapi.h
+include/gssapi/gssapi_alloc.h
+include/gssapi/gssapi_ext.h
+include/gssapi/gssapi_generic.h
+include/gssapi/gssapi_krb5.h
+include/gssapi/mechglue.h
+include/gssrpc/auth.h
+include/gssrpc/auth_gss.h
+include/gssrpc/auth_gssapi.h
+include/gssrpc/auth_unix.h
+include/gssrpc/clnt.h
+include/gssrpc/netdb.h
+include/gssrpc/pmap_clnt.h
+include/gssrpc/pmap_prot.h
+include/gssrpc/pmap_rmt.h
+include/gssrpc/rename.h
+include/gssrpc/rpc.h
+include/gssrpc/rpc_msg.h
+include/gssrpc/svc.h
+include/gssrpc/svc_auth.h
+include/gssrpc/types.h
+include/gssrpc/xdr.h
+include/krad.h
+include/krb5.h
+include/krb5/ccselect_plugin.h
+include/krb5/clpreauth_plugin.h
+include/krb5/hostrealm_plugin.h
+include/krb5/kadm5_hook_plugin.h
+include/krb5/kdcpolicy_plugin.h
+include/krb5/kdcpreauth_plugin.h
+include/krb5/localauth_plugin.h
+include/krb5/krb5.h
+include/krb5/locate_plugin.h
+include/krb5/plugin.h
+include/krb5/pwqual_plugin.h
+include/kadm5/admin.h
+include/kadm5/chpass_util_strings.h
+include/krb5/kadm5_auth_plugin.h
+include/kadm5/kadm_err.h
+include/kdb.h
+include/krb5/certauth_plugin.h
+include/krb5/preauth_plugin.h
+include/profile.h
+include/verto-module.h
+include/verto.h
+lib/libcom_err.so
+lib/libcom_err.so.3
+lib/libcom_err.so.3.0
+lib/libgssapi_krb5.so
+lib/libgssapi_krb5.so.2
+lib/libgssapi_krb5.so.2.2
+lib/libgssrpc.so
+lib/libgssrpc.so.4
+lib/libgssrpc.so.4.2
+lib/libk5crypto.so
+lib/libk5crypto.so.3
+lib/libk5crypto.so.3.1
+lib/libkadm5clnt.so
+lib/libkadm5clnt_mit.so
+lib/libkadm5clnt_mit.so.12
+lib/libkadm5clnt_mit.so.12.0
+lib/libkadm5srv.so
+lib/libkadm5srv_mit.so
+lib/libkadm5srv_mit.so.12
+lib/libkadm5srv_mit.so.12.0
+lib/libkdb5.so
+lib/libkdb5.so.10
+lib/libkdb5.so.10.0
+lib/libkrb5.so
+lib/libkrb5.so.3
+lib/libkrb5.so.3.3
+lib/libkrb5support.so
+lib/libkrb5support.so.0
+lib/libkrb5support.so.0.1
+lib/krb5/plugins/kdb/db2.so
+%%LMDB%%lib/krb5/plugins/kdb/klmdb.so
+lib/krb5/plugins/tls/k5tls.so
+%%LDAP%%lib/krb5/plugins/kdb/kldap.so
+lib/krb5/plugins/preauth/otp.so
+lib/krb5/plugins/preauth/pkinit.so
+lib/krb5/plugins/preauth/spake.so
+lib/krb5/plugins/preauth/test.so
+%%LDAP%%lib/libkdb_ldap.so
+%%LDAP%%lib/libkdb_ldap.so.1
+%%LDAP%%lib/libkdb_ldap.so.1.0
+lib/libkrad.so
+lib/libkrad.so.0
+lib/libkrad.so.0.0
+lib/libverto.so
+lib/libverto.so.0
+lib/libverto.so.0.0
+libdata/pkgconfig/gssrpc.pc
+libdata/pkgconfig/kadm-client.pc
+libdata/pkgconfig/kadm-server.pc
+libdata/pkgconfig/kdb.pc
+libdata/pkgconfig/krb5-gssapi.pc
+libdata/pkgconfig/krb5.pc
+libdata/pkgconfig/mit-krb5-gssapi.pc
+libdata/pkgconfig/mit-krb5.pc
+man/man1/compile_et.1.gz
+man/man1/k5srvutil.1.gz
+man/man1/kadmin.1.gz
+man/man1/kdestroy.1.gz
+man/man1/kinit.1.gz
+man/man1/klist.1.gz
+man/man1/kpasswd.1.gz
+man/man1/krb5-config.1.gz
+man/man1/ksu.1.gz
+man/man1/kswitch.1.gz
+man/man1/ktutil.1.gz
+man/man1/kvno.1.gz
+man/man1/sclient.1.gz
+man/man5/.k5identity.5.gz
+man/man5/.k5login.5.gz
+man/man5/k5identity.5.gz
+man/man5/k5login.5.gz
+man/man5/kadm5.acl.5.gz
+man/man5/kdc.conf.5.gz
+man/man5/krb5.conf.5.gz
+man/man7/kerberos.7.gz
+man/man8/kadmin.local.8.gz
+man/man8/kadmind.8.gz
+man/man8/kdb5_ldap_util.8.gz
+man/man8/kdb5_util.8.gz
+man/man8/kprop.8.gz
+man/man8/kpropd.8.gz
+man/man8/kproplog.8.gz
+man/man8/krb5kdc.8.gz
+man/man8/sserver.8.gz
+sbin/gss-server
+sbin/kadmin.local
+sbin/kadmind
+%%LDAP%%sbin/kdb5_ldap_util
+sbin/kdc
+sbin/kdb5_util
+sbin/kprop
+sbin/kpropd
+sbin/kproplog
+sbin/krb5-send-pr
+sbin/krb5kdc
+sbin/sim_server
+sbin/sserver
+sbin/uuserver
+share/et/et_c.awk
+share/et/et_h.awk
+%%NLS%%share/locale/de/LC_MESSAGES/mit-krb5.mo
+%%NLS%%share/locale/en_US/LC_MESSAGES/mit-krb5.mo
+%%NLS%%share/locale/ka/LC_MESSAGES/mit-krb5.mo
+%%LDAP%%%%DATADIR%%/kerberos.schema
+%%LDAP%%%%DATADIR%%/kerberos.ldif
+@dir lib/krb5/plugins/authdata
+@dir lib/krb5/plugins/libkrb5
+@dir var/run/krb5kdc
+@dir var/krb5kdc



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202306061841.356IfNk4026246>