Welcome the new Kerberos V 1.7.

PR: 138246
author: Cy Schubert <cy@FreeBSD.org> 2009-08-28 23:35:15 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2009-08-28 23:35:15 +0000
commit: e7a3c62a9fc7450d03e136dee2eac1edd8e10a1b (patch)
tree: 823cbc819c37f58f199297400197b76040b37e91 /security
parent: Io_lib is a library of file reading and writing code to provide a (diff)
26 files changed, 162 insertions, 456 deletions
diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile
index c3bc68fef620..8e2cb9aa2eef 100644
--- a/security/krb5-17/Makefile
+++ b/security/krb5-17/Makefile
@@ -6,15 +6,12 @@
 #
 
 PORTNAME=		krb5
-PORTVERSION=		1.6.3
-PORTREVISION=		5
+PORTVERSION=		1.7
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
-PATCHFILES=		2008-001-patch.txt
-PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=		cy@FreeBSD.org
 COMMENT=		An authentication system developed at MIT, successor to Kerberos IV
@@ -51,7 +48,7 @@ OPTIONS=		KRB5_RENAME_FTP "Rename ftp to kftp" off \
 .if defined(WITH_KRB5_DOC)
 BUILD_DEPENDS+=		texi2dvi:${PORTSDIR}/print/texinfo \
 			dvips:${PORTSDIR}/print/dvipsk-tetex
-INFO=			krb425 krb5-admin krb5-install krb5-user
+INFO=			krb5-admin krb5-install krb5-user
 .endif
 
 .if !defined(WITH_KRB5_KRB4_COMPAT)
@@ -65,17 +62,14 @@ PLIST_SUB+=		KRB4=""
 PREFIX=			${KRB5_HOME}
 .endif
 
-MAN1=			krb5-send-pr.1 krb5-config.1 kpasswd.1 klist.1 \
-			kinit.1 kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 \
-			rlogin.1 ftp.1 telnet.1 kerberos.1 kvno.1 compile_et.1
+MAN1=			k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \
+			kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \
+			sclient.1 rsh.1 rcp.1 rlogin.1 ftp.1 telnet.1 \
+			kerberos.1 kvno.1 compile_et.1
 MAN5=			kdc.conf.5 krb5.conf.5 .k5login.5
-MAN8=			krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \
-			ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \
-			kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8 \
-			k5srvutil.8
-.if defined(WITH_KRB5_KRB4_COMPAT)
-MAN8+=			krb524d.8
-.endif
+MAN8=			krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \
+			kprop.8 kpropd.8 kproplog.8 sserver.8 kshd.8 \
+			klogind.8 login.krb5.8 ftpd.8 telnetd.8
 
 .if defined(WITH_KRB5_RENAME_FTP)
 MAN1:=			${MAN1:C/ftp/kftp/}
@@ -119,10 +113,6 @@ PLIST_SUB+=		RCP_PROG="krcp"
 PLIST_SUB+=		RCP_PROG="rcp"
 .endif
 
-.if defined(WITH_KRB5_KRB4_COMPAT)
-MAN1+=			krb524init.1 v4rcp.1
-.endif
-
 .if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
 CONFIGURE_ARGS+=	--program-transform-name="${PROGRAM_TRANSFORM_NAME}"
 .endif
@@ -131,7 +121,7 @@ WRKSRC=			${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
 
 HTML_DOC_DIR=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc
 HTML_DOCS=		ftp.html kdestroy.html kinit.html klist.html \
-			kpasswd.html krb425.html krb5-admin.html \
+			kpasswd.html krb5-admin.html \
 			krb5-install.html krb5-user.html ksu.html \
 			rcp.html rlogin.html rsh.html telnet.html
 
diff --git a/security/krb5-17/distinfo b/security/krb5-17/distinfo
index 76109873f356..aef68fcdf9a2 100644
--- a/security/krb5-17/distinfo
+++ b/security/krb5-17/distinfo
@@ -1,6 +1,3 @@
-MD5 (krb5-1.6.3-signed.tar) = 2dc1307686eb1c2bf1ab08ea805dad46
-SHA256 (krb5-1.6.3-signed.tar) = 7a1bd7d4bd326828c8ee382ed2b69ccd6c58762601df897d6a32169d84583d2a
-SIZE (krb5-1.6.3-signed.tar) = 11909120
-MD5 (2008-001-patch.txt) = 3bbb7a6a7738c086f5d5dfcf09da9cbb
-SHA256 (2008-001-patch.txt) = 4d02be765ff12d21ddf1cfa170e5ff4067e9c364a401d7e06ece329566139736
-SIZE (2008-001-patch.txt) = 10854
+MD5 (krb5-1.7-signed.tar) = 9f7b3402b4731a7fa543db193bf1b564
+SHA256 (krb5-1.7-signed.tar) = a370cae8386e8b82b309c44a220542af78cbcbb42028fb3c2224eae6dba1ffd5
+SIZE (krb5-1.7-signed.tar) = 12226560
diff --git a/security/krb5-17/files/patch-af b/security/krb5-17/files/patch-af
deleted file mode 100644
index 49425d6efceb..000000000000
--- a/security/krb5-17/files/patch-af
+++ /dev/null
@@ -1,13 +0,0 @@
---- ../doc/krb425.texinfo	Fri Feb  6 21:40:57 1998
-+++ krb425.texinfo	Fri Jun 19 15:13:45 1998
-@@ -5,6 +5,10 @@
- @c guide
- @setfilename krb425.info
- @settitle Upgrading to Kerberos V5 from Kerberos V4
-+@dircategory Kerberos V5
-+@direntry
-+* Upgrading from V4 to V5: (krb425).     Upgrading from Kerberos V4 to V5
-+@end direntry
- @c @setchapternewpage odd                  @c chapter begins on next odd page
- @c @setchapternewpage on                   @c chapter begins on next page
- @c @smallbook                              @c Format for 7" X 9.25" paper
diff --git a/security/krb5-17/files/patch-ai b/security/krb5-17/files/patch-ai
index f5b733194344..3588a76ed199 100644
--- a/security/krb5-17/files/patch-ai
+++ b/security/krb5-17/files/patch-ai
@@ -15,14 +15,3 @@
  
  	addrlen = sizeof (his_addr);
  	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
-@@ -2312,6 +2318,10 @@
- 		if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum),
- 					  &kdata.session,&ctrl_addr, &his_addr)) == -1) {
- 			secure_error("ADAT: krb_mk_safe failed");
-+			return(0);
-+		}
-+		if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
-+			secure_error("ADAT: reply too long");
- 			return(0);
- 		}
- 		if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
diff --git a/security/krb5-17/files/patch-appl::bsd::klogind.M b/security/krb5-17/files/patch-appl::bsd::klogind.M
index 9cddd5fc222d..48544cba8955 100644
--- a/security/krb5-17/files/patch-appl::bsd::klogind.M
+++ b/security/krb5-17/files/patch-appl::bsd::klogind.M
@@ -1,7 +1,7 @@
---- appl/bsd/klogind.M.orig	Wed Feb 28 14:06:43 2001
-+++ appl/bsd/klogind.M	Mon Dec 31 21:22:27 2001
-@@ -14,7 +14,7 @@
- .B \-kr54cpPef
+--- appl/bsd/klogind.M.orig	2008-12-15 12:29:01.000000000 -0800
++++ appl/bsd/klogind.M	2009-08-28 13:13:28.000000000 -0700
+@@ -13,7 +13,7 @@
+ .B \-rcpPef
  ]
  [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ]
 -[ \fB\-D\fP \fIport\fP ]
@@ -9,27 +9,18 @@
  .SH DESCRIPTION
  .I Klogind
  is the server for the 
-@@ -107,6 +108,10 @@
- Beta5 (May 1995)--present bogus checksums that prevent Kerberos
- authentication from succeeding in the default mode.
- 
-+.IP \fB\-L\ loginpath\fP
-+Specify pathname to an alternative login program.  Default: /usr/bin/login.
-+KRB5_HOME/sbin/login.krb5 may be specified.
-+
- 
- .PP
- If the
-@@ -157,12 +162,6 @@
- 
+@@ -136,11 +136,9 @@
  .IP \fB\-M\ realm\fP
  Set the Kerberos realm to use.
--
+ 
 -.IP \fB\-L\ login\fP
 -Set the login program to use.  This option only has an effect if
 -DO_NOT_USE_K_LOGIN was not defined when
 -.I klogind
 -was compiled.
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program.  Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
  
  .IP \fB\-D\ port\fP
  Run in standalone mode, listening on \fBport\fP.  The daemon will exit
diff --git a/security/krb5-17/files/patch-at b/security/krb5-17/files/patch-at
deleted file mode 100644
index 060207ec644a..000000000000
--- a/security/krb5-17/files/patch-at
+++ /dev/null
@@ -1,14 +0,0 @@
-*** include/syslog.h.ORIG	Fri Feb  6 19:42:12 1998
---- include/syslog.h	Tue Jun 30 19:46:02 1998
-***************
-*** 34,39 ****
---- 34,42 ----
-  #define LOG_LPR		(6<<3)	/* line printer subsystem */
-  #define LOG_NEWS	(7<<3)	/* network news subsystem */
-  #define LOG_UUCP	(8<<3)	/* UUCP subsystem */
-+ #if (defined(BSD) && (BSD >= 199306))
-+ #define LOG_FTP		(11<<3) /* ftp daemon */
-+ #endif
-  	/* other codes through 15 reserved for system use */
-  #define LOG_LOCAL0	(16<<3)	/* reserved for local use */
-  #define LOG_LOCAL1	(17<<3)	/* reserved for local use */
diff --git a/security/krb5-17/files/patch-ay b/security/krb5-17/files/patch-ay
index a6cb9ebbfd13..a2141724855b 100644
--- a/security/krb5-17/files/patch-ay
+++ b/security/krb5-17/files/patch-ay
@@ -1,8 +1,9 @@
 --- appl/libpty/getpty.c.orig	Wed Jan  9 14:28:37 2002
 +++ appl/libpty/getpty.c	Thu Jan 10 21:30:40 2002
-@@ -24,13 +24,26 @@
+@@ -24,14 +24,27 @@
  #include "libpty.h"
  #include "pty-int.h"
+ #include "k5-platform.h"
  
 +#ifdef __FreeBSD__
 +#define PTYCHARS1	"pqrsPQRS"
@@ -35,7 +36,7 @@
      } else {
 -    	for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
 +    	for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) {
- 	    sprintf(slavebuf,"/dev/ptyXX");
+ 	    snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX");
 -	    slavebuf[sizeof("/dev/pty") - 1] = *cp;
 +	    slavebuf[sizeof("/dev/pty") - 1] = *cp1;
  	    slavebuf[sizeof("/dev/ptyp") - 1] = '0';
diff --git a/security/krb5-17/files/patch-config::shlib.conf b/security/krb5-17/files/patch-config::shlib.conf
index 18f91fffc6d5..210d812ede50 100644
--- a/security/krb5-17/files/patch-config::shlib.conf
+++ b/security/krb5-17/files/patch-config::shlib.conf
@@ -1,6 +1,6 @@
---- config/shlib.conf.orig	Mon Oct 23 05:20:11 2006
-+++ config/shlib.conf	Wed Mar 28 17:17:55 2007
-@@ -258,22 +258,15 @@
+--- config/shlib.conf.orig	2008-12-08 14:33:07.000000000 -0800
++++ config/shlib.conf	2009-08-28 13:27:39.000000000 -0700
+@@ -299,24 +299,17 @@
  	;;
  
  *-*-freebsd*)
@@ -12,8 +12,8 @@
 -	PICFLAGS=-fpic
 -	if test "x$objformat" = "xelf" ; then
 +	case $krb5_cv_host in
-+	sparc64-*)	PICFLAGS=-fPIC;;
-+	*)		PICFLAGS=-fpic;;
++	sparc64-*)      PICFLAGS=-fPIC;;
++	*)              PICFLAGS=-fpic;;
 +	esac
  		SHLIBVEXT='.so.$(LIBMAJOR)'
 +		LDCOMBINE="libtool --mode=link cc -shared"
@@ -22,9 +22,11 @@
 -		RPATH_FLAG=-R
 -		SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
 -	fi
- 	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
+ 	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+ 	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+ 	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
  	SHLIBEXT=.so
 -	LDCOMBINE='ld -Bshareable'
- 	SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+ 	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+ 	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
  	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- 	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'
diff --git a/security/krb5-17/files/patch-lib-krb5-os-localaddr.c b/security/krb5-17/files/patch-lib-krb5-os-localaddr.c
index 9e701ba97985..d8956daea367 100644
--- a/security/krb5-17/files/patch-lib-krb5-os-localaddr.c
+++ b/security/krb5-17/files/patch-lib-krb5-os-localaddr.c
@@ -1,75 +1,75 @@
---- lib/krb5/os/localaddr.c.orig	Wed Apr 13 09:55:43 2005
-+++ lib/krb5/os/localaddr.c	Sun Jul 16 09:29:05 2006
-@@ -436,12 +436,14 @@
+--- lib/krb5/os/localaddr.c.orig	2009-02-18 10:14:48.000000000 -0800
++++ lib/krb5/os/localaddr.c	2009-08-28 13:37:41.000000000 -0700
+@@ -173,6 +173,7 @@
+ }
  #endif
- 	if ((ifp->ifa_flags & IFF_UP) == 0)
+ 
++#if 0
+ static int
+ is_loopback_address(struct sockaddr *sa)
+ {
+@@ -189,6 +190,7 @@
+ 	return 0;
+     }
+ }
++#endif
+ 
+ #ifdef HAVE_IFADDRS_H
+ #include <ifaddrs.h>
+@@ -464,12 +466,14 @@
+ 	    ifp->ifa_flags &= ~IFF_UP;
  	    continue;
+ 	}
 +#if 0
- 	if (ifp->ifa_flags & IFF_LOOPBACK) {
+ 	if (is_loopback_address(ifp->ifa_addr)) {
  	    /* Pretend it's not up, so the second pass will skip
  	       it.  */
  	    ifp->ifa_flags &= ~IFF_UP;
  	    continue;
  	}
 +#endif
- 	if (ifp->ifa_addr == NULL) {
- 	    /* Can't use an interface without an address.  Linux
- 	       apparently does this sometimes.  [RT ticket 1770 from
-@@ -459,8 +461,10 @@
+ 	/* If this address is a duplicate, punt.  */
+ 	match = 0;
  	for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
- 	    if ((ifp2->ifa_flags & IFF_UP) == 0)
- 		continue;
-+#if 0
- 	    if (ifp2->ifa_flags & IFF_LOOPBACK)
- 		continue;
-+#endif
- 	    if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
- 		match = 1;
- 		ifp->ifa_flags &= ~IFF_UP;
-@@ -583,6 +587,7 @@
+@@ -598,11 +602,13 @@
  	    }
  	    /*@=moduncon@*/
  
 +#if 0
- #ifdef IFF_LOOPBACK
  	    /* None of the current callers want loopback addresses.  */
- 	    if (lifreq.lifr_flags & IFF_LOOPBACK) {
-@@ -590,6 +595,7 @@
+ 	    if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
+ 		Tprintf (("  loopback\n"));
  		goto skip;
  	    }
- #endif
 +#endif
  	    /* Ignore interfaces that are down.  */
  	    if ((lifreq.lifr_flags & IFF_UP) == 0) {
  		Tprintf (("  down\n"));
-@@ -755,6 +761,7 @@
+@@ -769,11 +775,13 @@
  	    }
  	    /*@=moduncon@*/
  
 +#if 0
- #ifdef IFF_LOOPBACK
  	    /* None of the current callers want loopback addresses.  */
- 	    if (lifreq.iflr_flags & IFF_LOOPBACK) {
-@@ -762,6 +769,7 @@
+ 	    if (is_loopback_address(&lifr->iflr_addr)) {
+ 		Tprintf (("  loopback\n"));
  		goto skip;
  	    }
- #endif
 +#endif
  	    /* Ignore interfaces that are down.  */
  	    if ((lifreq.iflr_flags & IFF_UP) == 0) {
  		Tprintf (("  down\n"));
-@@ -971,12 +979,14 @@
+@@ -984,11 +992,13 @@
  	}
  	/*@=moduncon@*/
  
 +#if 0
- #ifdef IFF_LOOPBACK
  	/* None of the current callers want loopback addresses.  */
- 	if (ifreq.ifr_flags & IFF_LOOPBACK) {
+ 	if (is_loopback_address(&ifreq.ifr_addr)) {
  	    Tprintf (("  loopback\n"));
  	    goto skip;
  	}
 +#endif
- #endif
  	/* Ignore interfaces that are down.  */
  	if ((ifreq.ifr_flags & IFF_UP) == 0) {
+ 	    Tprintf (("  down\n"));
diff --git a/security/krb5-17/files/patch-lib-rpc-svc.c b/security/krb5-17/files/patch-lib-rpc-svc.c
deleted file mode 100644
index 395039040b04..000000000000
--- a/security/krb5-17/files/patch-lib-rpc-svc.c
+++ /dev/null
@@ -1,24 +0,0 @@
-=== lib/rpc/svc.c
-==================================================================
---- lib/rpc/svc.c	(revision 1666)
-+++ lib/rpc/svc.c	(local)
-@@ -109,15 +109,17 @@
- 	if (sock < FD_SETSIZE) {
- 		xports[sock] = xprt;
- 		FD_SET(sock, &svc_fdset);
-+		if (sock > svc_maxfd)
-+			svc_maxfd = sock;
- 	}
- #else
- 	if (sock < NOFILE) {
- 		xports[sock] = xprt;
- 		svc_fds |= (1 << sock);
-+		if (sock > svc_maxfd)
-+			svc_maxfd = sock;
- 	}
- #endif /* def FD_SETSIZE */
--	if (sock > svc_maxfd)
--		svc_maxfd = sock;
- }
- 
- /*
diff --git a/security/krb5-17/files/patch-lib-rpc-svc_tcp.c b/security/krb5-17/files/patch-lib-rpc-svc_tcp.c
deleted file mode 100644
index 9c51fafc62bf..000000000000
--- a/security/krb5-17/files/patch-lib-rpc-svc_tcp.c
+++ /dev/null
@@ -1,51 +0,0 @@
-=== lib/rpc/svc_tcp.c
-==================================================================
---- lib/rpc/svc_tcp.c	(revision 1666)
-+++ lib/rpc/svc_tcp.c	(local)
-@@ -54,6 +54,14 @@
- extern errno;
- */
- 
-+#ifndef FD_SETSIZE
-+#ifdef NBBY
-+#define NOFILE (sizeof(int) * NBBY)
-+#else
-+#define NOFILE (sizeof(int) * 8)
-+#endif
-+#endif
-+
- /*
-  * Ops vector for TCP/IP based rpc service handle
-  */
-@@ -215,6 +223,19 @@
- 	register SVCXPRT *xprt;
- 	register struct tcp_conn *cd;
-  
-+#ifdef FD_SETSIZE
-+	if (fd >= FD_SETSIZE) {
-+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
-+		xprt = NULL;
-+		goto done;
-+	}
-+#else
-+	if (fd >= NOFILE) {
-+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
-+		xprt = NULL;
-+		goto done;
-+	}
-+#endif
- 	xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
- 	if (xprt == (SVCXPRT *)NULL) {
- 		(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
-@@ -271,6 +292,10 @@
- 	 * make a new transporter (re-uses xprt)
- 	 */
- 	xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
-+	if (xprt == NULL) {
-+		close(sock);
-+		return (FALSE);
-+	}
- 	xprt->xp_raddr = addr;
- 	xprt->xp_addrlen = len;
- 	xprt->xp_laddr = laddr;
-
diff --git a/security/krb5-17/files/patch-plugins-preauth-pkinit-Makefile.in b/security/krb5-17/files/patch-plugins-preauth-pkinit-Makefile.in
deleted file mode 100644
index cb464470b1cf..000000000000
--- a/security/krb5-17/files/patch-plugins-preauth-pkinit-Makefile.in
+++ /dev/null
@@ -1,11 +0,0 @@
---- plugins/preauth/pkinit/Makefile.in.orig	2007-09-28 18:02:10.000000000 -0700
-+++ plugins/preauth/pkinit/Makefile.in	2007-10-29 07:03:24.000000000 -0700
-@@ -21,7 +21,7 @@
- 	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- 	$(TOPLIBD)/libkrb5$(SHLIBEXT)
- LIBS+= -lcrypto
--SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -ldl $(SUPPORT_LIB) $(LIBS)
-+SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
- 
- SHLIB_DIRS=-L$(TOPLIBD)
- SHLIB_RDIRS=$(KRB5_LIBDIR)
diff --git a/security/krb5-17/pkg-plist b/security/krb5-17/pkg-plist
index 1f5aa77cda2b..bb3f01f28121 100644
--- a/security/krb5-17/pkg-plist
+++ b/security/krb5-17/pkg-plist
@@ -1,13 +1,15 @@
 bin/compile_et
 bin/%%FTP_PROG%%
 bin/gss-client
+bin/k5srvutil
+bin/kadmin
 bin/kdestroy
 bin/kinit
 bin/klist
 bin/kpasswd
 bin/krb5-config
-%%KRB4%%bin/krb524init
 bin/ksu
+bin/ktutil
 bin/kvno
 bin/%%RCP_PROG%%
 bin/%%RLOGIN_PROG%%
@@ -16,10 +18,10 @@ bin/sclient
 bin/sim_client
 bin/%%TELNET_PROG%%
 bin/uuclient
-%%KRB4%%bin/v4rcp
 include/com_err.h
 include/gssapi.h
 include/gssapi/gssapi.h
+include/gssapi/gssapi_ext.h
 include/gssapi/gssapi_generic.h
 include/gssapi/gssapi_krb5.h
 include/gssapi/mechglue.h
@@ -39,19 +41,16 @@ include/gssrpc/svc.h
 include/gssrpc/svc_auth.h
 include/gssrpc/types.h
 include/gssrpc/xdr.h
-%%KRB4%%include/kerberosIV/des.h
-%%KRB4%%include/kerberosIV/kadm_err.h
-%%KRB4%%include/kerberosIV/krb.h
-%%KRB4%%include/kerberosIV/krb_err.h
-%%KRB4%%include/kerberosIV/mit-copyright.h
 include/krb5.h
 include/krb5/krb5.h
 include/krb5/locate_plugin.h
+include/kadm5/admin.h
+include/kadm5/chpass_util_strings.h
+include/kadm5/kadm_err.h
+include/kdb.h
 include/profile.h
 lib/libcom_err.so
 lib/libcom_err.so.3
-lib/libdes425.so
-lib/libdes425.so.3
 lib/libgssapi_krb5.so
 lib/libgssapi_krb5.so.2
 lib/libgssrpc.so
@@ -59,34 +58,30 @@ lib/libgssrpc.so.4
 lib/libk5crypto.so
 lib/libk5crypto.so.3
 lib/libkadm5clnt.so
-lib/libkadm5clnt.so.5
+lib/libkadm5clnt.so.6
 lib/libkadm5srv.so
-lib/libkadm5srv.so.5
+lib/libkadm5srv.so.6
 lib/libkdb5.so
 lib/libkdb5.so.4
-%%KRB4%%lib/libkrb4.so
-%%KRB4%%lib/libkrb4.so.2
 lib/libkrb5.so
 lib/libkrb5.so.3
 lib/libkrb5support.so
 lib/libkrb5support.so.0
 lib/krb5/plugins/kdb/db2.so
+lib/krb5/plugins/preauth/encrypted_challenge.so
 lib/krb5/plugins/preauth/pkinit.so
 sbin/%%FTP_PROG%%d
 sbin/gss-server
-sbin/k5srvutil
-sbin/kadmin
 sbin/kadmin.local
 sbin/kadmind
 sbin/kdb5_util
 sbin/klogind
 sbin/kprop
 sbin/kpropd
+sbin/kproplog
 sbin/krb5-send-pr
-%%KRB4%%sbin/krb524d
 sbin/krb5kdc
 sbin/kshd
-sbin/ktutil
 sbin/login.krb5
 sbin/sim_server
 sbin/sserver
@@ -102,12 +97,13 @@ share/gnats/mit
 @dirrm lib/krb5/plugins/preauth
 @dirrm lib/krb5/plugins/libkrb5
 @dirrm lib/krb5/plugins/kdb
+@dirrm lib/krb5/plugins/authdata
 @dirrm lib/krb5/plugins
 @dirrm lib/krb5
 @dirrm include/gssapi
 @dirrm include/gssrpc
-@dirrm include/kerberosIV
 @dirrm include/krb5
+@dirrm include/kadm5
 @dirrm share/et
 @dirrmtry share/gnats
 @dirrm share/examples/krb5
diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile
index c3bc68fef620..8e2cb9aa2eef 100644
--- a/security/krb5-appl/Makefile
+++ b/security/krb5-appl/Makefile
@@ -6,15 +6,12 @@
 #
 
 PORTNAME=		krb5
-PORTVERSION=		1.6.3
-PORTREVISION=		5
+PORTVERSION=		1.7
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/krb5/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 PATCH_SITES=		http://web.mit.edu/kerberos/advisories/
 DISTNAME=		${PORTNAME}-${PORTVERSION}-signed
 EXTRACT_SUFX=		.tar
-PATCHFILES=		2008-001-patch.txt
-PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=		cy@FreeBSD.org
 COMMENT=		An authentication system developed at MIT, successor to Kerberos IV
@@ -51,7 +48,7 @@ OPTIONS=		KRB5_RENAME_FTP "Rename ftp to kftp" off \
 .if defined(WITH_KRB5_DOC)
 BUILD_DEPENDS+=		texi2dvi:${PORTSDIR}/print/texinfo \
 			dvips:${PORTSDIR}/print/dvipsk-tetex
-INFO=			krb425 krb5-admin krb5-install krb5-user
+INFO=			krb5-admin krb5-install krb5-user
 .endif
 
 .if !defined(WITH_KRB5_KRB4_COMPAT)
@@ -65,17 +62,14 @@ PLIST_SUB+=		KRB4=""
 PREFIX=			${KRB5_HOME}
 .endif
 
-MAN1=			krb5-send-pr.1 krb5-config.1 kpasswd.1 klist.1 \
-			kinit.1 kdestroy.1 ksu.1 sclient.1 rsh.1 rcp.1 \
-			rlogin.1 ftp.1 telnet.1 kerberos.1 kvno.1 compile_et.1
+MAN1=			k5srvutil.1 kadmin.1 krb5-send-pr.1 krb5-config.1 \
+			kpasswd.1 klist.1 kinit.1 kdestroy.1 ksu.1 ktutil.1 \
+			sclient.1 rsh.1 rcp.1 rlogin.1 ftp.1 telnet.1 \
+			kerberos.1 kvno.1 compile_et.1
 MAN5=			kdc.conf.5 krb5.conf.5 .k5login.5
-MAN8=			krb5kdc.8 kadmin.8 kadmin.local.8 kdb5_util.8 \
-			ktutil.8 kadmind.8 kprop.8 kpropd.8 sserver.8 \
-			kshd.8 klogind.8 login.krb5.8 ftpd.8 telnetd.8 \
-			k5srvutil.8
-.if defined(WITH_KRB5_KRB4_COMPAT)
-MAN8+=			krb524d.8
-.endif
+MAN8=			krb5kdc.8 kadmin.local.8 kdb5_util.8 kadmind.8 \
+			kprop.8 kpropd.8 kproplog.8 sserver.8 kshd.8 \
+			klogind.8 login.krb5.8 ftpd.8 telnetd.8
 
 .if defined(WITH_KRB5_RENAME_FTP)
 MAN1:=			${MAN1:C/ftp/kftp/}
@@ -119,10 +113,6 @@ PLIST_SUB+=		RCP_PROG="krcp"
 PLIST_SUB+=		RCP_PROG="rcp"
 .endif
 
-.if defined(WITH_KRB5_KRB4_COMPAT)
-MAN1+=			krb524init.1 v4rcp.1
-.endif
-
 .if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != ""
 CONFIGURE_ARGS+=	--program-transform-name="${PROGRAM_TRANSFORM_NAME}"
 .endif
@@ -131,7 +121,7 @@ WRKSRC=			${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
 
 HTML_DOC_DIR=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/doc
 HTML_DOCS=		ftp.html kdestroy.html kinit.html klist.html \
-			kpasswd.html krb425.html krb5-admin.html \
+			kpasswd.html krb5-admin.html \
 			krb5-install.html krb5-user.html ksu.html \
 			rcp.html rlogin.html rsh.html telnet.html
 
diff --git a/security/krb5-appl/distinfo b/security/krb5-appl/distinfo
index 76109873f356..aef68fcdf9a2 100644
--- a/security/krb5-appl/distinfo
+++ b/security/krb5-appl/distinfo
@@ -1,6 +1,3 @@
-MD5 (krb5-1.6.3-signed.tar) = 2dc1307686eb1c2bf1ab08ea805dad46
-SHA256 (krb5-1.6.3-signed.tar) = 7a1bd7d4bd326828c8ee382ed2b69ccd6c58762601df897d6a32169d84583d2a
-SIZE (krb5-1.6.3-signed.tar) = 11909120
-MD5 (2008-001-patch.txt) = 3bbb7a6a7738c086f5d5dfcf09da9cbb
-SHA256 (2008-001-patch.txt) = 4d02be765ff12d21ddf1cfa170e5ff4067e9c364a401d7e06ece329566139736
-SIZE (2008-001-patch.txt) = 10854
+MD5 (krb5-1.7-signed.tar) = 9f7b3402b4731a7fa543db193bf1b564
+SHA256 (krb5-1.7-signed.tar) = a370cae8386e8b82b309c44a220542af78cbcbb42028fb3c2224eae6dba1ffd5
+SIZE (krb5-1.7-signed.tar) = 12226560
diff --git a/security/krb5-appl/files/patch-af b/security/krb5-appl/files/patch-af
deleted file mode 100644
index 49425d6efceb..000000000000
--- a/security/krb5-appl/files/patch-af
+++ /dev/null
@@ -1,13 +0,0 @@
---- ../doc/krb425.texinfo	Fri Feb  6 21:40:57 1998
-+++ krb425.texinfo	Fri Jun 19 15:13:45 1998
-@@ -5,6 +5,10 @@
- @c guide
- @setfilename krb425.info
- @settitle Upgrading to Kerberos V5 from Kerberos V4
-+@dircategory Kerberos V5
-+@direntry
-+* Upgrading from V4 to V5: (krb425).     Upgrading from Kerberos V4 to V5
-+@end direntry
- @c @setchapternewpage odd                  @c chapter begins on next odd page
- @c @setchapternewpage on                   @c chapter begins on next page
- @c @smallbook                              @c Format for 7" X 9.25" paper
diff --git a/security/krb5-appl/files/patch-ai b/security/krb5-appl/files/patch-ai
index f5b733194344..3588a76ed199 100644
--- a/security/krb5-appl/files/patch-ai
+++ b/security/krb5-appl/files/patch-ai
@@ -15,14 +15,3 @@
  
  	addrlen = sizeof (his_addr);
  	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
-@@ -2312,6 +2318,10 @@
- 		if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum),
- 					  &kdata.session,&ctrl_addr, &his_addr)) == -1) {
- 			secure_error("ADAT: krb_mk_safe failed");
-+			return(0);
-+		}
-+		if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
-+			secure_error("ADAT: reply too long");
- 			return(0);
- 		}
- 		if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
diff --git a/security/krb5-appl/files/patch-appl::bsd::klogind.M b/security/krb5-appl/files/patch-appl::bsd::klogind.M
index 9cddd5fc222d..48544cba8955 100644
--- a/security/krb5-appl/files/patch-appl::bsd::klogind.M
+++ b/security/krb5-appl/files/patch-appl::bsd::klogind.M
@@ -1,7 +1,7 @@
---- appl/bsd/klogind.M.orig	Wed Feb 28 14:06:43 2001
-+++ appl/bsd/klogind.M	Mon Dec 31 21:22:27 2001
-@@ -14,7 +14,7 @@
- .B \-kr54cpPef
+--- appl/bsd/klogind.M.orig	2008-12-15 12:29:01.000000000 -0800
++++ appl/bsd/klogind.M	2009-08-28 13:13:28.000000000 -0700
+@@ -13,7 +13,7 @@
+ .B \-rcpPef
  ]
  [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ]
 -[ \fB\-D\fP \fIport\fP ]
@@ -9,27 +9,18 @@
  .SH DESCRIPTION
  .I Klogind
  is the server for the 
-@@ -107,6 +108,10 @@
- Beta5 (May 1995)--present bogus checksums that prevent Kerberos
- authentication from succeeding in the default mode.
- 
-+.IP \fB\-L\ loginpath\fP
-+Specify pathname to an alternative login program.  Default: /usr/bin/login.
-+KRB5_HOME/sbin/login.krb5 may be specified.
-+
- 
- .PP
- If the
-@@ -157,12 +162,6 @@
- 
+@@ -136,11 +136,9 @@
  .IP \fB\-M\ realm\fP
  Set the Kerberos realm to use.
--
+ 
 -.IP \fB\-L\ login\fP
 -Set the login program to use.  This option only has an effect if
 -DO_NOT_USE_K_LOGIN was not defined when
 -.I klogind
 -was compiled.
++.IP \fB\-L\ loginpath\fP
++Specify pathname to an alternative login program.  Default: /usr/bin/login.
++KRB5_HOME/sbin/login.krb5 may be specified.
  
  .IP \fB\-D\ port\fP
  Run in standalone mode, listening on \fBport\fP.  The daemon will exit
diff --git a/security/krb5-appl/files/patch-at b/security/krb5-appl/files/patch-at
deleted file mode 100644
index 060207ec644a..000000000000
--- a/security/krb5-appl/files/patch-at
+++ /dev/null
@@ -1,14 +0,0 @@
-*** include/syslog.h.ORIG	Fri Feb  6 19:42:12 1998
---- include/syslog.h	Tue Jun 30 19:46:02 1998
-***************
-*** 34,39 ****
---- 34,42 ----
-  #define LOG_LPR		(6<<3)	/* line printer subsystem */
-  #define LOG_NEWS	(7<<3)	/* network news subsystem */
-  #define LOG_UUCP	(8<<3)	/* UUCP subsystem */
-+ #if (defined(BSD) && (BSD >= 199306))
-+ #define LOG_FTP		(11<<3) /* ftp daemon */
-+ #endif
-  	/* other codes through 15 reserved for system use */
-  #define LOG_LOCAL0	(16<<3)	/* reserved for local use */
-  #define LOG_LOCAL1	(17<<3)	/* reserved for local use */
diff --git a/security/krb5-appl/files/patch-ay b/security/krb5-appl/files/patch-ay
index a6cb9ebbfd13..a2141724855b 100644
--- a/security/krb5-appl/files/patch-ay
+++ b/security/krb5-appl/files/patch-ay
@@ -1,8 +1,9 @@
 --- appl/libpty/getpty.c.orig	Wed Jan  9 14:28:37 2002
 +++ appl/libpty/getpty.c	Thu Jan 10 21:30:40 2002
-@@ -24,13 +24,26 @@
+@@ -24,14 +24,27 @@
  #include "libpty.h"
  #include "pty-int.h"
+ #include "k5-platform.h"
  
 +#ifdef __FreeBSD__
 +#define PTYCHARS1	"pqrsPQRS"
@@ -35,7 +36,7 @@
      } else {
 -    	for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
 +    	for (cp1 = PTYCHARS1; *cp1 != '\0'; cp1++) {
- 	    sprintf(slavebuf,"/dev/ptyXX");
+ 	    snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX");
 -	    slavebuf[sizeof("/dev/pty") - 1] = *cp;
 +	    slavebuf[sizeof("/dev/pty") - 1] = *cp1;
  	    slavebuf[sizeof("/dev/ptyp") - 1] = '0';
diff --git a/security/krb5-appl/files/patch-config::shlib.conf b/security/krb5-appl/files/patch-config::shlib.conf
index 18f91fffc6d5..210d812ede50 100644
--- a/security/krb5-appl/files/patch-config::shlib.conf
+++ b/security/krb5-appl/files/patch-config::shlib.conf
@@ -1,6 +1,6 @@
---- config/shlib.conf.orig	Mon Oct 23 05:20:11 2006
-+++ config/shlib.conf	Wed Mar 28 17:17:55 2007
-@@ -258,22 +258,15 @@
+--- config/shlib.conf.orig	2008-12-08 14:33:07.000000000 -0800
++++ config/shlib.conf	2009-08-28 13:27:39.000000000 -0700
+@@ -299,24 +299,17 @@
  	;;
  
  *-*-freebsd*)
@@ -12,8 +12,8 @@
 -	PICFLAGS=-fpic
 -	if test "x$objformat" = "xelf" ; then
 +	case $krb5_cv_host in
-+	sparc64-*)	PICFLAGS=-fPIC;;
-+	*)		PICFLAGS=-fpic;;
++	sparc64-*)      PICFLAGS=-fPIC;;
++	*)              PICFLAGS=-fpic;;
 +	esac
  		SHLIBVEXT='.so.$(LIBMAJOR)'
 +		LDCOMBINE="libtool --mode=link cc -shared"
@@ -22,9 +22,11 @@
 -		RPATH_FLAG=-R
 -		SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
 -	fi
- 	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)'
+ 	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+ 	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+ 	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
  	SHLIBEXT=.so
 -	LDCOMBINE='ld -Bshareable'
- 	SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+ 	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+ 	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
  	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- 	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;'
diff --git a/security/krb5-appl/files/patch-lib-krb5-os-localaddr.c b/security/krb5-appl/files/patch-lib-krb5-os-localaddr.c
index 9e701ba97985..d8956daea367 100644
--- a/security/krb5-appl/files/patch-lib-krb5-os-localaddr.c
+++ b/security/krb5-appl/files/patch-lib-krb5-os-localaddr.c
@@ -1,75 +1,75 @@
---- lib/krb5/os/localaddr.c.orig	Wed Apr 13 09:55:43 2005
-+++ lib/krb5/os/localaddr.c	Sun Jul 16 09:29:05 2006
-@@ -436,12 +436,14 @@
+--- lib/krb5/os/localaddr.c.orig	2009-02-18 10:14:48.000000000 -0800
++++ lib/krb5/os/localaddr.c	2009-08-28 13:37:41.000000000 -0700
+@@ -173,6 +173,7 @@
+ }
  #endif
- 	if ((ifp->ifa_flags & IFF_UP) == 0)
+ 
++#if 0
+ static int
+ is_loopback_address(struct sockaddr *sa)
+ {
+@@ -189,6 +190,7 @@
+ 	return 0;
+     }
+ }
++#endif
+ 
+ #ifdef HAVE_IFADDRS_H
+ #include <ifaddrs.h>
+@@ -464,12 +466,14 @@
+ 	    ifp->ifa_flags &= ~IFF_UP;
  	    continue;
+ 	}
 +#if 0
- 	if (ifp->ifa_flags & IFF_LOOPBACK) {
+ 	if (is_loopback_address(ifp->ifa_addr)) {
  	    /* Pretend it's not up, so the second pass will skip
  	       it.  */
  	    ifp->ifa_flags &= ~IFF_UP;
  	    continue;
  	}
 +#endif
- 	if (ifp->ifa_addr == NULL) {
- 	    /* Can't use an interface without an address.  Linux
- 	       apparently does this sometimes.  [RT ticket 1770 from
-@@ -459,8 +461,10 @@
+ 	/* If this address is a duplicate, punt.  */
+ 	match = 0;
  	for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
- 	    if ((ifp2->ifa_flags & IFF_UP) == 0)
- 		continue;
-+#if 0
- 	    if (ifp2->ifa_flags & IFF_LOOPBACK)
- 		continue;
-+#endif
- 	    if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
- 		match = 1;
- 		ifp->ifa_flags &= ~IFF_UP;
-@@ -583,6 +587,7 @@
+@@ -598,11 +602,13 @@
  	    }
  	    /*@=moduncon@*/
  
 +#if 0
- #ifdef IFF_LOOPBACK
  	    /* None of the current callers want loopback addresses.  */
- 	    if (lifreq.lifr_flags & IFF_LOOPBACK) {
-@@ -590,6 +595,7 @@
+ 	    if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
+ 		Tprintf (("  loopback\n"));
  		goto skip;
  	    }
- #endif
 +#endif
  	    /* Ignore interfaces that are down.  */
  	    if ((lifreq.lifr_flags & IFF_UP) == 0) {
  		Tprintf (("  down\n"));
-@@ -755,6 +761,7 @@
+@@ -769,11 +775,13 @@
  	    }
  	    /*@=moduncon@*/
  
 +#if 0
- #ifdef IFF_LOOPBACK
  	    /* None of the current callers want loopback addresses.  */
- 	    if (lifreq.iflr_flags & IFF_LOOPBACK) {
-@@ -762,6 +769,7 @@
+ 	    if (is_loopback_address(&lifr->iflr_addr)) {
+ 		Tprintf (("  loopback\n"));
  		goto skip;
  	    }
- #endif
 +#endif
  	    /* Ignore interfaces that are down.  */
  	    if ((lifreq.iflr_flags & IFF_UP) == 0) {
  		Tprintf (("  down\n"));
-@@ -971,12 +979,14 @@
+@@ -984,11 +992,13 @@
  	}
  	/*@=moduncon@*/
  
 +#if 0
- #ifdef IFF_LOOPBACK
  	/* None of the current callers want loopback addresses.  */
- 	if (ifreq.ifr_flags & IFF_LOOPBACK) {
+ 	if (is_loopback_address(&ifreq.ifr_addr)) {
  	    Tprintf (("  loopback\n"));
  	    goto skip;
  	}
 +#endif
- #endif
  	/* Ignore interfaces that are down.  */
  	if ((ifreq.ifr_flags & IFF_UP) == 0) {
+ 	    Tprintf (("  down\n"));
diff --git a/security/krb5-appl/files/patch-lib-rpc-svc.c b/security/krb5-appl/files/patch-lib-rpc-svc.c
deleted file mode 100644
index 395039040b04..000000000000
--- a/security/krb5-appl/files/patch-lib-rpc-svc.c
+++ /dev/null
@@ -1,24 +0,0 @@
-=== lib/rpc/svc.c
-==================================================================
---- lib/rpc/svc.c	(revision 1666)
-+++ lib/rpc/svc.c	(local)
-@@ -109,15 +109,17 @@
- 	if (sock < FD_SETSIZE) {
- 		xports[sock] = xprt;
- 		FD_SET(sock, &svc_fdset);
-+		if (sock > svc_maxfd)
-+			svc_maxfd = sock;
- 	}
- #else
- 	if (sock < NOFILE) {
- 		xports[sock] = xprt;
- 		svc_fds |= (1 << sock);
-+		if (sock > svc_maxfd)
-+			svc_maxfd = sock;
- 	}
- #endif /* def FD_SETSIZE */
--	if (sock > svc_maxfd)
--		svc_maxfd = sock;
- }
- 
- /*
diff --git a/security/krb5-appl/files/patch-lib-rpc-svc_tcp.c b/security/krb5-appl/files/patch-lib-rpc-svc_tcp.c
deleted file mode 100644
index 9c51fafc62bf..000000000000
--- a/security/krb5-appl/files/patch-lib-rpc-svc_tcp.c
+++ /dev/null
@@ -1,51 +0,0 @@
-=== lib/rpc/svc_tcp.c
-==================================================================
---- lib/rpc/svc_tcp.c	(revision 1666)
-+++ lib/rpc/svc_tcp.c	(local)
-@@ -54,6 +54,14 @@
- extern errno;
- */
- 
-+#ifndef FD_SETSIZE
-+#ifdef NBBY
-+#define NOFILE (sizeof(int) * NBBY)
-+#else
-+#define NOFILE (sizeof(int) * 8)
-+#endif
-+#endif
-+
- /*
-  * Ops vector for TCP/IP based rpc service handle
-  */
-@@ -215,6 +223,19 @@
- 	register SVCXPRT *xprt;
- 	register struct tcp_conn *cd;
-  
-+#ifdef FD_SETSIZE
-+	if (fd >= FD_SETSIZE) {
-+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
-+		xprt = NULL;
-+		goto done;
-+	}
-+#else
-+	if (fd >= NOFILE) {
-+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
-+		xprt = NULL;
-+		goto done;
-+	}
-+#endif
- 	xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
- 	if (xprt == (SVCXPRT *)NULL) {
- 		(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
-@@ -271,6 +292,10 @@
- 	 * make a new transporter (re-uses xprt)
- 	 */
- 	xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
-+	if (xprt == NULL) {
-+		close(sock);
-+		return (FALSE);
-+	}
- 	xprt->xp_raddr = addr;
- 	xprt->xp_addrlen = len;
- 	xprt->xp_laddr = laddr;
-
diff --git a/security/krb5-appl/files/patch-plugins-preauth-pkinit-Makefile.in b/security/krb5-appl/files/patch-plugins-preauth-pkinit-Makefile.in
deleted file mode 100644
index cb464470b1cf..000000000000
--- a/security/krb5-appl/files/patch-plugins-preauth-pkinit-Makefile.in
+++ /dev/null
@@ -1,11 +0,0 @@
---- plugins/preauth/pkinit/Makefile.in.orig	2007-09-28 18:02:10.000000000 -0700
-+++ plugins/preauth/pkinit/Makefile.in	2007-10-29 07:03:24.000000000 -0700
-@@ -21,7 +21,7 @@
- 	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- 	$(TOPLIBD)/libkrb5$(SHLIBEXT)
- LIBS+= -lcrypto
--SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -ldl $(SUPPORT_LIB) $(LIBS)
-+SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS)
- 
- SHLIB_DIRS=-L$(TOPLIBD)
- SHLIB_RDIRS=$(KRB5_LIBDIR)
diff --git a/security/krb5-appl/pkg-plist b/security/krb5-appl/pkg-plist
index 1f5aa77cda2b..bb3f01f28121 100644
--- a/security/krb5-appl/pkg-plist
+++ b/security/krb5-appl/pkg-plist
@@ -1,13 +1,15 @@
 bin/compile_et
 bin/%%FTP_PROG%%
 bin/gss-client
+bin/k5srvutil
+bin/kadmin
 bin/kdestroy
 bin/kinit
 bin/klist
 bin/kpasswd
 bin/krb5-config
-%%KRB4%%bin/krb524init
 bin/ksu
+bin/ktutil
 bin/kvno
 bin/%%RCP_PROG%%
 bin/%%RLOGIN_PROG%%
@@ -16,10 +18,10 @@ bin/sclient
 bin/sim_client
 bin/%%TELNET_PROG%%
 bin/uuclient
-%%KRB4%%bin/v4rcp
 include/com_err.h
 include/gssapi.h
 include/gssapi/gssapi.h
+include/gssapi/gssapi_ext.h
 include/gssapi/gssapi_generic.h
 include/gssapi/gssapi_krb5.h
 include/gssapi/mechglue.h
@@ -39,19 +41,16 @@ include/gssrpc/svc.h
 include/gssrpc/svc_auth.h
 include/gssrpc/types.h
 include/gssrpc/xdr.h
-%%KRB4%%include/kerberosIV/des.h
-%%KRB4%%include/kerberosIV/kadm_err.h
-%%KRB4%%include/kerberosIV/krb.h
-%%KRB4%%include/kerberosIV/krb_err.h
-%%KRB4%%include/kerberosIV/mit-copyright.h
 include/krb5.h
 include/krb5/krb5.h
 include/krb5/locate_plugin.h
+include/kadm5/admin.h
+include/kadm5/chpass_util_strings.h
+include/kadm5/kadm_err.h
+include/kdb.h
 include/profile.h
 lib/libcom_err.so
 lib/libcom_err.so.3
-lib/libdes425.so
-lib/libdes425.so.3
 lib/libgssapi_krb5.so
 lib/libgssapi_krb5.so.2
 lib/libgssrpc.so
@@ -59,34 +58,30 @@ lib/libgssrpc.so.4
 lib/libk5crypto.so
 lib/libk5crypto.so.3
 lib/libkadm5clnt.so
-lib/libkadm5clnt.so.5
+lib/libkadm5clnt.so.6
 lib/libkadm5srv.so
-lib/libkadm5srv.so.5
+lib/libkadm5srv.so.6
 lib/libkdb5.so
 lib/libkdb5.so.4
-%%KRB4%%lib/libkrb4.so
-%%KRB4%%lib/libkrb4.so.2
 lib/libkrb5.so
 lib/libkrb5.so.3
 lib/libkrb5support.so
 lib/libkrb5support.so.0
 lib/krb5/plugins/kdb/db2.so
+lib/krb5/plugins/preauth/encrypted_challenge.so
 lib/krb5/plugins/preauth/pkinit.so
 sbin/%%FTP_PROG%%d
 sbin/gss-server
-sbin/k5srvutil
-sbin/kadmin
 sbin/kadmin.local
 sbin/kadmind
 sbin/kdb5_util
 sbin/klogind
 sbin/kprop
 sbin/kpropd
+sbin/kproplog
 sbin/krb5-send-pr
-%%KRB4%%sbin/krb524d
 sbin/krb5kdc
 sbin/kshd
-sbin/ktutil
 sbin/login.krb5
 sbin/sim_server
 sbin/sserver
@@ -102,12 +97,13 @@ share/gnats/mit
 @dirrm lib/krb5/plugins/preauth
 @dirrm lib/krb5/plugins/libkrb5
 @dirrm lib/krb5/plugins/kdb
+@dirrm lib/krb5/plugins/authdata
 @dirrm lib/krb5/plugins
 @dirrm lib/krb5
 @dirrm include/gssapi
 @dirrm include/gssrpc
-@dirrm include/kerberosIV
 @dirrm include/krb5
+@dirrm include/kadm5
 @dirrm share/et
 @dirrmtry share/gnats
 @dirrm share/examples/krb5
author	Cy Schubert <cy@FreeBSD.org>	2009-08-28 23:35:15 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2009-08-28 23:35:15 +0000
commit	e7a3c62a9fc7450d03e136dee2eac1edd8e10a1b (patch)
tree	823cbc819c37f58f199297400197b76040b37e91 /security
parent	Io_lib is a library of file reading and writing code to provide a (diff)