ports/138929: [PATCH] security/heimdal update to 1.2.1

John Marshall john.marshall at riverwillow.com.au
Fri Sep 18 04:40:02 UTC 2009 

>Number:         138929
>Category:       ports
>Synopsis:       [PATCH] security/heimdal update to 1.2.1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 18 04:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     John Marshall
>Release:        FreeBSD 8.0-BETA4 i386
>Organization:
Riverwillow Pty Ltd
>Environment:
System: FreeBSD rwsrv05.mby.riverwillow.net.au 8.0-BETA4 FreeBSD 8.0-BETA4 #0: Mon Sep 7 12:24:09 AEST 2009 root at rwsrv05.mby.riverwillow.net.au:/spare/obj/usr/src/sys/RWSRV05 i386


	
>Description:

This patch updates the heimdal-1.0.1_1 port to heimdal-1.2.1.  It "works
for me" on 7.2/i386 and 8.0/i386 and passes portlint.  I needed to
upgrade to Heimdal 1.2.1 on 8.0-BETA2 (base Heimdal is 1.1.0) to get
GSSAPI authenticaion to work (through SASL) for the OpenLDAP server.

Makefile:

 - I started with a patched Makefile which someone else had used: it
   included the LDFLAGS patch and IPV6 knob; so I left them there.

 - I removed the CFLAGS line to make portlint happy.

 - I removed the --without-krb4 CONFIGURE switch to make the build happy.

I generated distinfo and the lists by following the porter's handbook: I
hope I got it right!

Any coaching to help get this in shape for a commit would be welcome.  I
think I've taken it as far as I can with my present level of experience.

Thank you.

>How-To-Repeat:
	
>Fix:

	

--- heimdal_101-121.diff begins here ---
diff -urN heimdal/Makefile heimdal121/Makefile
--- heimdal/Makefile	2009-09-02 13:27:29.000000000 +1000
+++ heimdal121/Makefile	2009-09-18 10:39:58.000000000 +1000
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	heimdal
-PORTVERSION=	1.0.1
-PORTREVISION=	1
+PORTVERSION=	1.2.1
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://ftp.pdc.kth.se/pub/heimdal/src/ \
 		ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
@@ -22,13 +21,15 @@
 OPTIONS+=	LDAP	 "Use OpenLDAP as the KDC backend"		off
 OPTIONS+=	CRACKLIB "Use CrackLib for password quality checking"	off
 OPTIONS+=	X11	 "Build X11 utilies"				off
+OPTIONS+=	IPV6	 "IPv6 enabled"					off
 
 USE_AUTOTOOLS=	libtool:22
 USE_OPENSSL=	yes
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
-CONFIGURE_ENV+=	CFLAGS="${CFLAGS}"
-CONFIGURE_ARGS+=	--enable-shared --without-krb4
+LDFLAGS+=	${PTHREAD_LIBS}
+CONFIGURE_ENV+=	LDFLAGS="${LDFLAGS}"
+CONFIGURE_ARGS+=	--enable-shared
 
 INFO=		heimdal hx509
 PLIST=		${WRKDIR}/PLIST
@@ -48,7 +49,6 @@
 .if defined(WITH_LDAP)
 USE_OPENLDAP=		yes
 CONFIGURE_ARGS+=	--with-openldap=${LOCALBASE}
-#EXTRA_PATCHES+=		${FILESDIR}/extrapatch-lib_hdb_hdb-ldap.c
 .  if defined(LDAP_SOCKET_PATH)
 _SOCK=		${LDAP_SOCKET_PATH:C|/|%2f|g}
 .  else
@@ -68,6 +68,10 @@
 CONFIGURE_ARGS+=	--without-x
 .endif
 
+.if !defined(WITH_IPV6)
+CONFIGURE_ARGS+=	--without-ipv6
+.endif
+
 .if defined(HEIMDAL_HOME)
 PREFIX=		${HEIMDAL_HOME}
 .else
diff -urN heimdal/Makefile.man heimdal121/Makefile.man
--- heimdal/Makefile.man	2007-09-27 10:16:01.000000000 +1000
+++ heimdal121/Makefile.man	2009-09-18 10:33:14.000000000 +1000
@@ -8,15 +8,28 @@
 MAN1+= klist.1
 MAN1+= kpasswd.1
 MAN1+= krb5-config.1
+MAN1+= kx.1
 MAN1+= login.1
 MAN1+= otp.1
 MAN1+= otpprint.1
 MAN1+= pagsh.1
 MAN1+= pfrom.1
+MAN1+= rcp.1
 MAN1+= rsh.1
+MAN1+= rxtelnet.1
+MAN1+= rxterm.1
 MAN1+= su.1
 MAN1+= telnet.1
+MAN1+= tenletxr.1
+MAN1+= xnlock.1
+MAN3+= ecalloc.3
 MAN3+= editline.3
+MAN3+= emalloc.3
+MAN3+= eread.3
+MAN3+= erealloc.3
+MAN3+= esetenv.3
+MAN3+= estrdup.3
+MAN3+= ewrite.3
 MAN3+= getarg.3
 MAN3+= gss_accept_sec_context.3
 MAN3+= gss_acquire_cred.3
@@ -333,12 +346,14 @@
 MAN3+= krb5_make_addrport.3
 MAN3+= krb5_max_sockaddr_size.3
 MAN3+= krb5_mcc_ops.3
+MAN3+= krb5_mk_priv.3
 MAN3+= krb5_mk_rep.3
 MAN3+= krb5_mk_rep_exact.3
 MAN3+= krb5_mk_rep_extended.3
 MAN3+= krb5_mk_req.3
 MAN3+= krb5_mk_req_exact.3
 MAN3+= krb5_mk_req_extended.3
+MAN3+= krb5_mk_safe.3
 MAN3+= krb5_openlog.3
 MAN3+= krb5_padata_add.3
 MAN3+= krb5_parse_address.3
@@ -380,9 +395,11 @@
 MAN3+= krb5_rc_store.3
 MAN3+= krb5_rcache.3
 MAN3+= krb5_rd_error.3
+MAN3+= krb5_rd_priv.3
 MAN3+= krb5_rd_rep.3
 MAN3+= krb5_rd_req.3
 MAN3+= krb5_rd_req_with_keyblock.3
+MAN3+= krb5_rd_safe.3
 MAN3+= krb5_realm_compare.3
 MAN3+= krb5_ret_address.3
 MAN3+= krb5_ret_addrs.3
@@ -510,6 +527,8 @@
 MAN5+= ftpusers.5
 MAN5+= krb5.conf.5
 MAN5+= login.access.5
+MAN5+= mech.5
+MAN5+= qop.5
 MAN8+= ftpd.8
 MAN8+= hprop.8
 MAN8+= hpropd.8
@@ -526,22 +545,13 @@
 MAN8+= kpasswdd.8
 MAN8+= kstash.8
 MAN8+= ktutil.8
+MAN8+= kxd.8
 MAN8+= popper.8
 MAN8+= push.8
 MAN8+= rshd.8
 MAN8+= string2key.8
 MAN8+= telnetd.8
 MAN8+= verify_krb5_conf.8
-# Heimdal 0.6 seems to install these man pages even if --without-x.
-# I'll not move these around yet, in case this gets fixed.
-#.if defined(USE_XLIB)
-MAN1+= kx.1
-MAN1+= rxtelnet.1
-MAN1+= rxterm.1
-MAN1+= tenletxr.1
-MAN1+= xnlock.1
-MAN8+= kxd.8
-#.endif
 MLINKS+= getarg.3 arg_printusage.3
 MLINKS+= kafs.3 k_afs_cell_of_file.3
 MLINKS+= kafs.3 k_hasafs.3
diff -urN heimdal/distinfo heimdal121/distinfo
--- heimdal/distinfo	2007-09-27 10:16:01.000000000 +1000
+++ heimdal121/distinfo	2009-09-18 10:33:14.000000000 +1000
@@ -1,6 +1,3 @@
-MD5 (heimdal-1.0.1.tar.gz) = 498e24f52b4f2e658e31f728a1279769
-SHA256 (heimdal-1.0.1.tar.gz) = b46222d18d52eb0b2f6e0959b4a047a4f4d992600a8d0fbe2f834c6c7fc54cc2
-SIZE (heimdal-1.0.1.tar.gz) = 3398032
-MD5 (heimdal-0.7.2-setuid-patch.txt) = b4413b9b8be35c87bf4b2f314047946c
-SHA256 (heimdal-0.7.2-setuid-patch.txt) = 5609bb6c97c7a0863881613ae985838b2dcdbaf5fc254dd890b2babfd39404e8
-SIZE (heimdal-0.7.2-setuid-patch.txt) = 7357
+MD5 (heimdal-1.2.1.tar.gz) = 6e5028077e2a6b101a4a72801ba71b9e
+SHA256 (heimdal-1.2.1.tar.gz) = 4e32be8d42824f2c58dffa435300e2dd0f0c3bbc6931afcbd450122067f76493
+SIZE (heimdal-1.2.1.tar.gz) = 5234882
diff -urN heimdal/files/patch-lib__hdb__hdb-ldap.c heimdal121/files/patch-lib__hdb__hdb-ldap.c
--- heimdal/files/patch-lib__hdb__hdb-ldap.c	2009-09-02 13:27:29.000000000 +1000
+++ heimdal121/files/patch-lib__hdb__hdb-ldap.c	1970-01-01 10:00:00.000000000 +1000
@@ -1,11 +0,0 @@
---- lib/hdb/hdb-ldap.c	2008-10-12 01:15:38.000000000 +0000
-+++ lib/hdb/hdb-ldap.c	2008-10-12 01:15:55.000000000 +0000
-@@ -222,7 +222,7 @@
- 
- 	(*modlist)[cMods]->mod_bvalues = bv;
- 
--	bv[i] = ber_memalloc(sizeof(*bv));;
-+	bv[i] = ber_memalloc(sizeof(**bv));;
- 	if (bv[i] == NULL)
- 	    return ENOMEM;
- 
diff -urN heimdal/pkg-plist heimdal121/pkg-plist
--- heimdal/pkg-plist	2007-11-13 10:27:08.000000000 +1100
+++ heimdal121/pkg-plist	2009-09-18 10:33:14.000000000 +1000
@@ -1,8 +1,8 @@
-bin/mk_cmds
 bin/afslog
 bin/ftp
 bin/gss
 bin/hxtool
+bin/idn-lookup
 bin/kauth
 bin/kdestroy
 bin/kf
@@ -11,6 +11,7 @@
 bin/klist
 bin/kpasswd
 bin/krb5-config
+bin/kswitch
 bin/login
 bin/otp
 bin/otpprint
@@ -36,24 +37,6 @@
 include/gssapi/gssapi.h
 include/gssapi/gssapi_krb5.h
 include/gssapi/gssapi_spnego.h
-%%HCRYPTO%%include/hcrypto/aes.h
-%%HCRYPTO%%include/hcrypto/bn.h
-%%HCRYPTO%%include/hcrypto/des.h
-%%HCRYPTO%%include/hcrypto/dh.h
-%%HCRYPTO%%include/hcrypto/dsa.h
-%%HCRYPTO%%include/hcrypto/engine.h
-%%HCRYPTO%%include/hcrypto/evp.h
-%%HCRYPTO%%include/hcrypto/hmac.h
-%%HCRYPTO%%include/hcrypto/md2.h
-%%HCRYPTO%%include/hcrypto/md4.h
-%%HCRYPTO%%include/hcrypto/md5.h
-%%HCRYPTO%%include/hcrypto/pkcs12.h
-%%HCRYPTO%%include/hcrypto/rand.h
-%%HCRYPTO%%include/hcrypto/rc2.h
-%%HCRYPTO%%include/hcrypto/rc4.h
-%%HCRYPTO%%include/hcrypto/rsa.h
-%%HCRYPTO%%include/hcrypto/sha.h
-%%HCRYPTO%%include/hcrypto/ui.h
 include/hdb-protos.h
 include/hdb.h
 include/hdb_asn1.h
@@ -99,8 +82,12 @@
 include/roken.h
 include/rtbl.h
 include/sl.h
-include/ss/ss.h
+include/wind.h
+include/wind_err.h
 include/xdbm.h
+info/dir
+info/heimdal.info
+info/hx509.info
 lib/libasn1.a
 lib/libasn1.la
 lib/libasn1.so
@@ -113,10 +100,6 @@
 lib/libgssapi.la
 lib/libgssapi.so
 lib/libgssapi.so.2
-%%HCRYPTO%%lib/libhcrypto.a
-%%HCRYPTO%%lib/libhcrypto.la
-%%HCRYPTO%%lib/libhcrypto.so
-%%HCRYPTO%%lib/libhcrypto.so.5
 lib/libhdb.a
 lib/libhdb.la
 lib/libhdb.so
@@ -128,7 +111,7 @@
 lib/libhx509.a
 lib/libhx509.la
 lib/libhx509.so
-lib/libhx509.so.2
+lib/libhx509.so.4
 lib/libkadm5clnt.a
 lib/libkadm5clnt.la
 lib/libkadm5clnt.so
@@ -148,7 +131,7 @@
 lib/libkrb5.a
 lib/libkrb5.la
 lib/libkrb5.so
-lib/libkrb5.so.23
+lib/libkrb5.so.25
 lib/libotp.a
 lib/libotp.la
 lib/libotp.so
@@ -161,10 +144,11 @@
 lib/libsl.la
 lib/libsl.so
 lib/libsl.so.2
-lib/libss.a
-lib/libss.la
-lib/libss.so
-lib/libss.so.1
+lib/libwind.a
+lib/libwind.la
+lib/libwind.so
+lib/libwind.so.0
+lib/pkgconfig/heimdal-gssapi.pc
 lib/windc.a
 lib/windc.la
 lib/windc.so
@@ -189,9 +173,8 @@
 sbin/kadmin
 sbin/kstash
 sbin/ktutil
- at dirrm include/ss
+ at dirrm lib/pkgconfig
 @dirrm include/krb5
 @dirrm include/kadm5
-%%HCRYPTO%%@dirrm include/hcrypto
 @dirrm include/gssapi
 @dirrm include/roken
--- heimdal_101-121.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list