ports/152071: security/cyrus-sasl2: fix GSSAPI when using heimdal from ports

Joerg Pulz Joerg.Pulz at frm2.tum.de
Tue Nov 9 10:00:23 UTC 2010 

>Number:         152071
>Category:       ports
>Synopsis:       security/cyrus-sasl2: fix GSSAPI when using heimdal from ports
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 09 10:00:22 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Joerg Pulz
>Release:        FreeBSD 8.0-STABLE amd64
>Organization:
TU-Munchen / FRM II
>Environment:
System: FreeBSD hades.admin.frm2 8.0-STABLE FreeBSD 8.0-STABLE #2: Thu Jan 21 12:42:55 CET 2010 root at hades.admin.frm2:/usr/obj/usr/src/sys/GENERIC amd64


	
>Description:
	Enable the configure tests for GSS_C_NT_HOSTBASED_SERVICE and
	GSS_C_NT_USER_NAME if --with-gss_impl=heimdal is used.
	Currently the tests are only done for CyberSafe gss implementation.
	After the update of security/heimdal to version 1.4, one gets unresolved
	symbol "gss_nt_service_name" errors when dlopening
	lib/sasl2/libgssapiv2.so.2 which is linked against the ports libraries.

	The relevant code block is in plugins/gssapi.c :
		#ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
		extern gss_OID gss_nt_service_name;
		#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
		#endif

	The attached patch resolves the above mentioned problem.
	As both base heimdal and security/heimdal provide
	GSS_C_NT_HOSTBASED_SERVICE and GSS_C_NT_USER_NAME it will work with
	both.
>How-To-Repeat:
	
>Fix:

	

--- security__cyrus-sasl2.diff begins here ---
--- files/patch-configure.orig	2006-05-19 22:45:36.000000000 +0200
+++ files/patch-configure	2010-11-09 10:33:21.000000000 +0100
@@ -1,7 +1,5 @@
-Index: configure
-diff -u configure.orig configure
---- configure.orig	Fri May 19 04:30:13 2006
-+++ configure	Sat May 20 04:04:39 2006
+--- configure.orig	2009-05-07 16:24:25.000000000 +0200
++++ configure	2010-11-09 10:26:27.000000000 +0100
 @@ -1586,6 +1586,7 @@
  fi
  echo "$as_me:$LINENO: result: yes" >&5
@@ -10,7 +8,7 @@
  test "$program_prefix" != NONE &&
    program_transform_name="s,^,$program_prefix,;$program_transform_name"
  # Use a double $ so make ignores it.
-@@ -5125,7 +5126,7 @@
+@@ -5147,7 +5148,7 @@
  	fi
  
  	saved_LIBS=$LIBS
@@ -19,7 +17,7 @@
            do
  	    LIBS="$saved_LIBS -l$dbname"
  	    cat >conftest.$ac_ext <<_ACEOF
-@@ -5135,6 +5136,7 @@
+@@ -5157,6 +5158,7 @@
  cat confdefs.h >>conftest.$ac_ext
  cat >>conftest.$ac_ext <<_ACEOF
  /* end confdefs.h.  */
@@ -27,7 +25,7 @@
  #include <db.h>
  int
  main ()
-@@ -5882,7 +5884,7 @@
+@@ -5904,7 +5906,7 @@
  	fi
  
  	saved_LIBS=$LIBS
@@ -36,7 +34,7 @@
            do
  	    LIBS="$saved_LIBS -l$dbname"
  	    cat >conftest.$ac_ext <<_ACEOF
-@@ -5892,6 +5894,7 @@
+@@ -5914,6 +5916,7 @@
  cat confdefs.h >>conftest.$ac_ext
  cat >>conftest.$ac_ext <<_ACEOF
  /* end confdefs.h.  */
@@ -44,7 +42,7 @@
  #include <db.h>
  int
  main ()
-@@ -7193,6 +7196,8 @@
+@@ -7215,6 +7218,8 @@
    SASLAUTHD_TRUE='#'
    SASLAUTHD_FALSE=
  fi
@@ -53,7 +51,7 @@
  
  echo "$as_me:$LINENO: checking if I should include saslauthd" >&5
  echo $ECHO_N "checking if I should include saslauthd... $ECHO_C" >&6
-@@ -10650,7 +10655,7 @@
+@@ -10672,7 +10677,7 @@
    echo $ECHO_N "(cached) $ECHO_C" >&6
  else
    ac_check_lib_save_LIBS=$LIBS
@@ -62,7 +60,7 @@
  cat >conftest.$ac_ext <<_ACEOF
  #line $LINENO "configure"
  /* confdefs.h.  */
-@@ -11060,7 +11065,7 @@
+@@ -11082,7 +11087,7 @@
      GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}"
    elif test "$gss_impl" = "heimdal"; then
      CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL"
@@ -71,7 +69,25 @@
      GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}"
    elif test "$gss_impl" = "cybersafe03"; then
  # Version of CyberSafe with two libraries
-@@ -11898,7 +11903,7 @@
+@@ -11119,7 +11124,7 @@
+ # in gssapi\rfckrb5.h
+ #
+ if test "$gssapi" != "no"; then
+-  if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then
++  if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03" -o "$gss_impl" = "heimdal"; then
+     cat >conftest.$ac_ext <<_ACEOF
+ #line $LINENO "configure"
+ /* confdefs.h.  */
+@@ -11190,7 +11195,7 @@
+ 
+   fi
+ 
+-  if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then
++  if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03" -o "$gss_impl" = "heimdal"; then
+     cat >conftest.$ac_ext <<_ACEOF
+ #line $LINENO "configure"
+ /* confdefs.h.  */
+@@ -11920,7 +11925,7 @@
    echo $ECHO_N "(cached) $ECHO_C" >&6
  else
    ac_check_lib_save_LIBS=$LIBS
--- security__cyrus-sasl2.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list