diff --git a/security/heimdal-devel/Makefile b/security/heimdal-devel/Makefile index 890391647bc5..8112494057d3 100644 --- a/security/heimdal-devel/Makefile +++ b/security/heimdal-devel/Makefile @@ -1,129 +1,129 @@ PORTNAME= heimdal PORTVERSION= ${HEIMDAL_COMMIT_DATE} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security PKGNAMESUFFIX= -devel HASH= 8f9c2d115 HEIMDAL_COMMIT_DATE= 2022.11.18 MAINTAINER= cy@FreeBSD.org COMMENT= Popular BSD-licensed implementation of Kerberos 5 WWW= https://www.h5l.org/ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE USE_GITHUB= yes GH_TAGNAME= ${HASH} CONFLICTS= krb5 krb5-* USES= autoreconf:build cpe gettext-runtime gssapi:bootstrap,heimdal \ libtool pathfix pkgconfig python:build readline makeinfo ssl CPE_VENDOR= ${PORTNAME}_project USE_LDCONFIG= ${GSSAPILIBDIR} BUILD_DEPENDS= p5-JSON>0:converters/p5-JSON GNU_CONFIGURE= yes CONFIGURE_ENV= ac_cv_header_fnmatch_h=yes \ ac_cv_header_db_h=no \ ac_cv_header_db3_db_h=no \ ac_cv_header_db4_db_h=no \ ac_cv_header_db5_db_h=no \ ac_cv_header_db6_db_h=no \ ac_cv_prog_COMPILE_ET=${WRKSRC}/lib/com_err/compile_et CONFIGURE_ARGS= --with-berkeley-db \ --with-libintl \ --with-libintl-include="${LOCALBASE}/include" \ --with-libintl-lib="${LOCALBASE}/lib" \ --libdir="${GSSAPILIBDIR}" \ --includedir="${GSSAPIINCDIR}" \ --with-kcm \ --with-openssl \ --with-openssl-include="${OPENSSLINC}" \ --with-openssl-lib="${OPENSSLLIB}" \ --enable-otp \ --enable-pthread-support \ --with-readline="${LOCALBASE}" \ --with-hdbdir="/var/${PORTNAME}" \ --sysconfdir="${PREFIX}/etc" \ CLANG_FORMAT="${LOCALBASE}/bin/clang-format${LLVM_DEFAULT}" \ --enable-kx509 \ --without-microhttpd # XXX --with-readline picks up libreadline even if found in /usr/lib. MAKE_ENV= INSTALL_CATPAGES=no INSTALL_TARGET= install-strip .if !exists(/etc/rc.d/ipropd_master) USE_RC_SUBR= ipropd_master ipropd_slave .endif INFO= heimdal hx509 MAKE_JOBS_UNSAFE= yes OPTIONS_DEFINE= IPV6 BDB LMDB SQLITE LDAP PKINIT DIGEST KX509 CRACKLIB OPTIONS_DEFAULT=IPV6 BDB PKINIT DIGEST KX509 OPTIONS_SUB= yes IPV6_CONFIGURE_WITH= ipv6 BDB_DESC= Enable BerkeleyDB KDC backend support BDB_USES= bdb:5 localbase BDB_CONFIGURE_ENV= ac_cv_header_db${BDB_VER}_db_h=yes \ ac_cv_func_db_create=yes \ ac_cv_funclib_db_create="-l${BDB_LIB_NAME}" BDB_CONFIGURE_ON= --disable-ndbm-db BDB_CONFIGURE_ENV_OFF= ac_cv_header_db_h=yes \ ac_cv_func_db_create=no \ ac_cv_funclib_db_create=no BDB_CONFIGURE_OFF= --enable-ndbm-db LMDB_DESC= Enable LMDB KDC backend support LMDB_CONFIGURE_ENABLE= mdb_db LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb SQLITE_DESC= Enable SQLite KDC backend support SQLITE_USES= sqlite SQLITE_CONFIGURE_ON= --with-sqlite3-include="${LOCALBASE}/include" \ --with-sqlite3-lib="${LOCALBASE}/lib" SQLITE_CONFIGURE_WITH= sqlite3 LDAP_DESC= Enable OpenLDAP KDC backend support LDAP_USE= OPENLDAP=yes LDAP_CONFIGURE_ON= --with-openldap-include="${LOCALBASE}/include" \ --with-openldap-lib="${LOCALBASE}/lib" LDAP_CONFIGURE_WITH= openldap PKINIT_DESC= Enable PK-INIT support PKINIT_CONFIGURE_ENABLE=pk-init DIGEST_DESC= Enable DIGEST support DIGEST_CONFIGURE_ENABLE=digest KX509_DESC= Enable kx509 support KX509_CONFIGURE_ENABLE= kx509 CRACKLIB_DESC= Use CrackLib for password quality checking CRACKLIB_LIB_DEPENDS= libcrack.so:security/cracklib .include post-extract: @${MKDIR} ${WRKSRC}/kpasswdd-cracklib ${INSTALL_DATA} ${FILESDIR}/kpasswdd-cracklib.c \ ${WRKSRC}/kpasswdd-cracklib ${INSTALL_DATA} ${FILESDIR}/kpasswdd-Makefile \ ${WRKSRC}/kpasswdd-cracklib/Makefile pre-configure: cd ${WRKSRC} && ./autogen.sh post-build-CRACKLIB-on: cd ${WRKSRC}/kpasswdd-cracklib && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_ARGS} ${BUILD_TARGET} post-install-CRACKLIB-on: cd ${WRKSRC}/kpasswdd-cracklib && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_ARGS} ${INSTALL_TARGET} .include diff --git a/security/heimdal-devel/files/patch-lib_kadm5_marshall.c b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c new file mode 100644 index 000000000000..8cc79bafcc8c --- /dev/null +++ b/security/heimdal-devel/files/patch-lib_kadm5_marshall.c @@ -0,0 +1,16 @@ +--- lib/kadm5/marshall.c.orig 2022-11-17 16:55:32.000000000 -0800 ++++ lib/kadm5/marshall.c 2022-11-24 08:17:04.255672000 -0800 +@@ -465,8 +465,12 @@ + goto out; + params->mask = mask; + +- if(params->mask & KADM5_CONFIG_REALM) ++ if (params->mask & KADM5_CONFIG_REALM) { + ret = krb5_ret_string(sp, ¶ms->realm); ++ if (params->realm == NULL) { ++ ret = EINVAL; ++ } ++ } + out: + krb5_storage_free(sp); + diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index 3d92a0c2fd3b..93995fde6703 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,118 +1,118 @@ PORTNAME= heimdal PORTVERSION= 7.8.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/${DISTNAME}/ MAINTAINER= hrs@FreeBSD.org COMMENT= Popular BSD-licensed implementation of Kerberos 5 WWW= https://www.h5l.org/ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE CONFLICTS= krb5 krb5-* USES= cpe gettext-runtime gssapi:bootstrap,heimdal libtool pathfix \ pkgconfig readline makeinfo ssl CPE_VENDOR= ${PORTNAME}_project USE_LDCONFIG= ${GSSAPILIBDIR} GNU_CONFIGURE= yes CONFIGURE_ENV= ac_cv_header_fnmatch_h=yes \ ac_cv_header_db_h=no \ ac_cv_header_db3_db_h=no \ ac_cv_header_db4_db_h=no \ ac_cv_header_db5_db_h=no \ ac_cv_header_db6_db_h=no \ ac_cv_prog_COMPILE_ET=${WRKSRC}/lib/com_err/compile_et \ PYTHON="${TRUE}" CONFIGURE_ARGS= --with-berkeley-db \ --with-libintl \ --with-libintl-include="${LOCALBASE}/include" \ --with-libintl-lib="${LOCALBASE}/lib" \ --libdir="${GSSAPILIBDIR}" \ --includedir="${GSSAPIINCDIR}" \ --with-kcm \ --with-openssl \ --with-openssl-include="${OPENSSLINC}" \ --with-openssl-lib="${OPENSSLLIB}" \ --enable-otp \ --enable-pthread-support \ --with-readline="${LOCALBASE}" \ --with-hdbdir="/var/${PORTNAME}" \ --sysconfdir="${PREFIX}/etc" \ CLANG_FORMAT="${LOCALBASE}/bin/clang-format${LLVM_DEFAULT}" # XXX --with-readline picks up libreadline even if found in /usr/lib. MAKE_ENV= INSTALL_CATPAGES=no INSTALL_TARGET= install-strip .if !exists(/etc/rc.d/ipropd_master) USE_RC_SUBR= ipropd_master ipropd_slave .endif INFO= heimdal hx509 MAKE_JOBS_UNSAFE= yes OPTIONS_DEFINE= IPV6 BDB LMDB SQLITE LDAP PKINIT DIGEST KX509 CRACKLIB OPTIONS_DEFAULT=IPV6 BDB PKINIT DIGEST KX509 OPTIONS_SUB= yes IPV6_CONFIGURE_WITH= ipv6 BDB_DESC= Enable BerkeleyDB KDC backend support BDB_USES= bdb:5 localbase BDB_CONFIGURE_ENV= ac_cv_header_db${BDB_VER}_db_h=yes \ ac_cv_func_db_create=yes \ ac_cv_funclib_db_create="-l${BDB_LIB_NAME}" BDB_CONFIGURE_ON= --disable-ndbm-db BDB_CONFIGURE_ENV_OFF= ac_cv_header_db_h=yes \ ac_cv_func_db_create=no \ ac_cv_funclib_db_create=no BDB_CONFIGURE_OFF= --enable-ndbm-db LMDB_DESC= Enable LMDB KDC backend support LMDB_CONFIGURE_ENABLE= mdb_db LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb SQLITE_DESC= Enable SQLite KDC backend support SQLITE_USES= sqlite SQLITE_CONFIGURE_ON= --with-sqlite3-include="${LOCALBASE}/include" \ --with-sqlite3-lib="${LOCALBASE}/lib" SQLITE_CONFIGURE_WITH= sqlite3 LDAP_DESC= Enable OpenLDAP KDC backend support LDAP_USE= OPENLDAP=yes LDAP_CONFIGURE_ON= --with-openldap-include="${LOCALBASE}/include" \ --with-openldap-lib="${LOCALBASE}/lib" LDAP_CONFIGURE_WITH= openldap PKINIT_DESC= Enable PK-INIT support PKINIT_CONFIGURE_ENABLE=pk-init DIGEST_DESC= Enable DIGEST support DIGEST_CONFIGURE_ENABLE=digest KX509_DESC= Enable kx509 support KX509_CONFIGURE_ENABLE= kx509 CRACKLIB_DESC= Use CrackLib for password quality checking CRACKLIB_LIB_DEPENDS= libcrack.so:security/cracklib .include post-extract: @${MKDIR} ${WRKSRC}/kpasswdd-cracklib ${INSTALL_DATA} ${FILESDIR}/kpasswdd-cracklib.c \ ${WRKSRC}/kpasswdd-cracklib ${INSTALL_DATA} ${FILESDIR}/kpasswdd-Makefile \ ${WRKSRC}/kpasswdd-cracklib/Makefile post-build-CRACKLIB-on: cd ${WRKSRC}/kpasswdd-cracklib && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_ARGS} ${BUILD_TARGET} post-install-CRACKLIB-on: cd ${WRKSRC}/kpasswdd-cracklib && \ ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_ARGS} ${INSTALL_TARGET} .include diff --git a/security/heimdal/files/patch-kadmin_server.c b/security/heimdal/files/patch-kadmin_server.c new file mode 100644 index 000000000000..d4a2439f3bdb --- /dev/null +++ b/security/heimdal/files/patch-kadmin_server.c @@ -0,0 +1,13 @@ +--- kadmin/server.c.orig 2022-09-15 16:54:19.000000000 -0700 ++++ kadmin/server.c 2022-11-24 08:26:55.919761000 -0800 +@@ -787,7 +787,9 @@ + ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms); + if(ret) + krb5_err(contextp, 1, ret, "krb5_read_priv_message"); +- _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); ++ ret = _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); ++ if(ret) ++ krb5_err(contextp, 1, ret, "_kadm5_unmarshal_params"); + } + + initial = ticket->ticket.flags.initial; diff --git a/security/heimdal/files/patch-lib_kadm5_marshall.c b/security/heimdal/files/patch-lib_kadm5_marshall.c new file mode 100644 index 000000000000..d02a364d7011 --- /dev/null +++ b/security/heimdal/files/patch-lib_kadm5_marshall.c @@ -0,0 +1,16 @@ +--- lib/kadm5/marshall.c.orig 2022-09-15 16:54:19.000000000 -0700 ++++ lib/kadm5/marshall.c 2022-11-24 08:26:55.920305000 -0800 +@@ -409,8 +409,12 @@ + goto out; + params->mask = mask; + +- if(params->mask & KADM5_CONFIG_REALM) ++ if (params->mask & KADM5_CONFIG_REALM) { + ret = krb5_ret_string(sp, ¶ms->realm); ++ if (params->realm == NULL) { ++ ret = EINVAL; ++ } ++ } + out: + krb5_storage_free(sp); +