diff --git a/security/krb5-120/Makefile b/security/krb5-120/Makefile index d7fd0095f7a3..71b22f51b4fc 100644 --- a/security/krb5-120/Makefile +++ b/security/krb5-120/Makefile @@ -1,148 +1,146 @@ PORTNAME= krb5 PORTVERSION= 1.20 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) PKGNAMESUFFIX= -120 .endif PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 MAINTAINER= cy@FreeBSD.org COMMENT= MIT implementation of RFC 4120 network authentication service WWW= https://web.mit.edu/kerberos/ LICENSE= MIT CONFLICTS= heimdal krb5 krb5-11* CONFLICTS_BUILD= boringssl -IGNORE_SSL= libressl libressl-devel - KERBEROSV_URL= http://web.mit.edu/kerberos/ USES= compiler:c++11-lang cpe gmake gettext-runtime \ gssapi:bootstrap,mit libtool:build localbase \ perl5 pkgconfig ssl USE_CSTD= gnu99 USE_LDCONFIG= yes USE_PERL5= build GNU_CONFIGURE= yes CONFIGURE_ARGS?= --enable-shared --without-system-verto \ --disable-rpath --localstatedir="${PREFIX}/var" \ --runstatedir="${PREFIX}/var/run" CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" CPE_VENDOR= mit CPE_VERSION= 5-${PORTVERSION} CPE_PRODUCT= kerberos OPTIONS_DEFINE= EXAMPLES NLS KRB5_PDF KRB5_HTML DNS_FOR_REALM LDAP LMDB OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE OPTIONS_RADIO= CMD_LINE_EDITING OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil KRB5_PDF_DESC= Install krb5 PDF documentation KRB5_HTML_DESC= Install krb5 HTML documentation DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm LDAP= Enable LDAP support LDAP_USE= OPENLDAP=yes LDAP_CONFIGURE_WITH= ldap LMDB_DESC= OpenLDAP Lightning Memory-Mapped Database support LMDB_CONFIGURE_WITH= lmdb LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb LMDB_IMPLIES= LDAP NLS_USES= gettext READLINE_USES= readline READLINE_CONFIGURE_WITH=readline LIBEDIT_USES= libedit LIBEDIT_CONFIGURE_WITH= libedit .if defined(KRB5_HOME) PREFIX= ${KRB5_HOME} .endif CPPFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} USE_RC_SUBR= kpropd OPTIONS_SUB= yes WRKSRC_SUBDIR= src PORTEXAMPLES= kdc.conf krb5.conf services.append .include # Fix up -Wl,-rpath in LDFLAGS .if !empty(KRB5_HOME) _RPATH= ${KRB5_HOME}/lib: .else _RPATH= ${LOCALBASE}/lib: .endif .if !empty(LDFLAGS:M-Wl,-rpath,*) .for F in ${LDFLAGS:M-Wl,-rpath,*} LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ ${LDFLAGS:N-Wl,-rpath,*} .endfor .endif .if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} BROKEN= LIB_DEPENDS when using KRB5_HOME is broken .endif .if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" .endif HTML_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/html PDF_DOC_DIR= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc/pdf .include post-install: @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 @${SED} "s|%%PREFIX%%|${PREFIX}|" ${FILESDIR}/kdc.in > ${STAGEDIR}${PREFIX}/sbin/kdc; \ ${CHMOD} +x ${STAGEDIR}${PREFIX}/sbin/kdc # html documentation .if ${PORT_OPTIONS:MKRB5_PDF} pdf_files=`${FIND} ${PDF_DOC_DIR} ! -type d` pdf_dirs=`${FIND} ${PDF_DOC_DIR} -type d` for i in $${pdf_dirs}; do \ ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5/$${i}; \ done; \ for i in $${pdf_files}; do \ ${INSTALL_DATA} $${pdf} ${PREFIX}/share/doc/krb5/$${i}; \ ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ done .endif .if ${PORT_OPTIONS:MKRB5_HTML} html_files=`${FIND} ${HTML_DOC_DIR} ! -type d | ${GREP} -v /_sources` html_dirs=`${FIND} ${HTML_DOC_DIR} -type d | ${GREP} -v /_sources` for i in $${html_dirs}; do \ ${MKDIR} ${PREFIX}/share/doc/krb5/$${i}; \ done; \ for i in $${html_files}; do \ ${INSTALL_DATA} $${i} ${PREFIX}/share/doc/krb5/$${i}; \ ${ECHO_CMD} share/doc/krb5/$${i} >> ${TMPPLIST}; \ done .endif .if ${PORT_OPTIONS:MKRB5_PDF} for i in $${pdf_dirs}; do \ ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ done | ${TAIL} -r >> ${TMPPLIST} .endif .if ${PORT_OPTIONS:MKRB5_HTML} for i in $${html_dirs}; do \ ${ECHO_CMD} @dir share/doc/krb5/$${i} >> ${TMPPLIST}; \ done | ${TAIL} -r >> ${TMPPLIST} .endif ${ECHO_CMD} @dir share/doc/krb5 >> ${TMPPLIST} post-install-LDAP-on: ${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \ ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \ ${STAGEDIR}${DATADIR} .include diff --git a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c index a26d295ebf75..71d27a31b406 100644 --- a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c +++ b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -1,23 +1,43 @@ ---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700 -+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800 -@@ -178,7 +178,8 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -184,6 +184,17 @@ pkcs11err(int err); (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) #endif --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ -+ defined(LIBRESSL_VERSION_NUMBER) - - /* 1.1 standardizes constructor and destructor names, renaming - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -@@ -722,6 +723,10 @@ - DH_free(dh); - return pkey; - } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + -+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) -+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams +#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L - static struct pkcs11_errstrings { - short code; + /* 1.1 standardizes constructor and destructor names, renaming +@@ -193,13 +204,6 @@ pkcs11err(int err); + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + {