diff options
Diffstat (limited to 'security/krb5-122/files')
| -rw-r--r-- | security/krb5-122/files/kdc.in | 4 | ||||
| -rw-r--r-- | security/krb5-122/files/kpropd.in | 26 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-clients__ksu__Makefile.in | 19 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-config__pre.in | 23 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-config__shlib.conf | 22 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-configure.ac | 17 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-lib-krb5-os-localaddr.c | 75 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c | 14 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-lib_krad_packet.c | 12 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c | 43 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-util_ss_listen.c | 14 |
11 files changed, 269 insertions, 0 deletions
diff --git a/security/krb5-122/files/kdc.in b/security/krb5-122/files/kdc.in new file mode 100644 index 000000000000..d462d45d47f6 --- /dev/null +++ b/security/krb5-122/files/kdc.in @@ -0,0 +1,4 @@ +#!/bin/sh - + +set -- $(echo "$*" | sed 's/--detach//') +exec %%PREFIX%%/sbin/krb5kdc "$@" diff --git a/security/krb5-122/files/kpropd.in b/security/krb5-122/files/kpropd.in new file mode 100644 index 000000000000..d2147af059d7 --- /dev/null +++ b/security/krb5-122/files/kpropd.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-122/files/patch-clients__ksu__Makefile.in b/security/krb5-122/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..b664998ba9c5 --- /dev/null +++ b/security/krb5-122/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,19 @@ +--- clients/ksu/Makefile.in.orig 2025-08-05 14:15:15 UTC ++++ clients/ksu/Makefile.in +@@ -1,6 +1,6 @@ BUILDTOP=$(REL)..$(S).. + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/sbin /bin /usr/sbin /usr/bin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,7 +30,7 @@ install: + + install: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done + diff --git a/security/krb5-122/files/patch-config__pre.in b/security/krb5-122/files/patch-config__pre.in new file mode 100644 index 000000000000..8d4180f36d4b --- /dev/null +++ b/security/krb5-122/files/patch-config__pre.in @@ -0,0 +1,23 @@ +--- config/pre.in.orig 2025-08-05 14:15:15 UTC ++++ config/pre.in +@@ -182,9 +182,9 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ +-INSTALL_SHLIB=@INSTALL_SHLIB@ ++INSTALL_SHLIB=$(INSTALL_LIB) + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. +@@ -202,7 +202,7 @@ CLIENT_BINDIR =@bindir@ + ADMIN_BINDIR = @sbindir@ + SERVER_BINDIR = @sbindir@ + CLIENT_BINDIR =@bindir@ +-PKGCONFIG_DIR = @libdir@/pkgconfig ++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig + ADMIN_MANDIR = $(KRB5MANROOT)/man8 + SERVER_MANDIR = $(KRB5MANROOT)/man8 + CLIENT_MANDIR = $(KRB5MANROOT)/man1 diff --git a/security/krb5-122/files/patch-config__shlib.conf b/security/krb5-122/files/patch-config__shlib.conf new file mode 100644 index 000000000000..bd1630361860 --- /dev/null +++ b/security/krb5-122/files/patch-config__shlib.conf @@ -0,0 +1,22 @@ +--- config/shlib.conf.orig 2025-08-05 14:15:15 UTC ++++ config/shlib.conf +@@ -168,14 +168,15 @@ mips-*-netbsd*) + PICFLAGS=-fpic + ;; + esac +- SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' ++ SHLIBSEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable -z nodelete' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5-122/files/patch-configure.ac b/security/krb5-122/files/patch-configure.ac new file mode 100644 index 000000000000..c5348a6d82dd --- /dev/null +++ b/security/krb5-122/files/patch-configure.ac @@ -0,0 +1,17 @@ +--- configure.ac.orig 2025-08-05 14:15:15 UTC ++++ configure.ac +@@ -1365,8 +1365,12 @@ if test "x$with_libedit" != xno; then + AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.]) + AC_MSG_NOTICE([Using libedit for readline support]) + elif test "x$with_libedit" = xyes; then +- # We were explicitly asked for libedit and couldn't find it. +- AC_MSG_ERROR([Could not detect libedit with pkg-config]) ++ AC_MSG_NOTICE([Using libedit in FreeBSD base]) ++ AC_CHECK_LIB([edit], [main], :, ++ AC_MSG_ERROR([Could not detect libedit])) ++ AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.]) ++ RL_CFLAGS=-DFreeBSD_BASE_EDITLINE ++ RL_LIBS='-ledit' + else + AC_MSG_NOTICE([Not using any readline support]) + fi diff --git a/security/krb5-122/files/patch-lib-krb5-os-localaddr.c b/security/krb5-122/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..0eb941de968b --- /dev/null +++ b/security/krb5-122/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2025-08-05 14:15:15 UTC ++++ lib/krb5/os/localaddr.c +@@ -176,6 +176,7 @@ printaddr(struct sockaddr *sa) + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -188,6 +189,7 @@ is_loopback_address(struct sockaddr *sa) + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include <ifaddrs.h> +@@ -445,12 +447,14 @@ foreach_localaddr (/*@null@*/ void *data, + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -579,11 +583,13 @@ foreach_localaddr (/*@null@*/ void *data, + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -750,11 +756,13 @@ foreach_localaddr (/*@null@*/ void *data, + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -968,11 +976,13 @@ foreach_localaddr (/*@null@*/ void *data, + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..e316a6d6e4bf --- /dev/null +++ b/security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig 2025-08-05 14:15:15 UTC ++++ lib/gssapi/krb5/import_name.c +@@ -32,6 +32,11 @@ + #include <stdio.h> + #endif + ++#include <sys/param.h> ++#if __FreeBSD_version < 500100 ++#include <stdio.h> ++#endif ++ + #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/krb5-122/files/patch-lib_krad_packet.c b/security/krb5-122/files/patch-lib_krad_packet.c new file mode 100644 index 000000000000..33752633a2e5 --- /dev/null +++ b/security/krb5-122/files/patch-lib_krad_packet.c @@ -0,0 +1,12 @@ +--- lib/krad/packet.c.orig 2025-08-05 14:15:15 UTC ++++ lib/krad/packet.c +@@ -477,6 +477,9 @@ verify_msgauth(const char *secret, const krad_packet * + krb5_error_code retval; + + msgauth = krad_packet_get_attr(pkt, KRAD_ATTR_MESSAGE_AUTHENTICATOR, 0); ++/* XXX ENODATA does not exist in FreeBSD. The closest thing we have to */ ++/* XXX ENODATA is ENOATTR. We use that instead. */ ++#define ENODATA ENOATTR + if (msgauth == NULL) + return ENODATA; + diff --git a/security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c new file mode 100644 index 000000000000..da280356c92c --- /dev/null +++ b/security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -0,0 +1,43 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2025-08-05 14:15:15 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -201,6 +201,17 @@ create_identifiers_from_stack(STACK_OF(X509) *sk, + create_identifiers_from_stack(STACK_OF(X509) *sk, + krb5_external_principal_identifier *** ids); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams ++#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L + + /* 1.1 standardizes constructor and destructor names, renaming +@@ -210,13 +221,6 @@ create_identifiers_from_stack(STACK_OF(X509) *sk, + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -657,7 +661,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + { diff --git a/security/krb5-122/files/patch-util_ss_listen.c b/security/krb5-122/files/patch-util_ss_listen.c new file mode 100644 index 000000000000..86271a2041e6 --- /dev/null +++ b/security/krb5-122/files/patch-util_ss_listen.c @@ -0,0 +1,14 @@ +--- util/ss/listen.c.orig 2025-08-05 14:15:15 UTC ++++ util/ss/listen.c +@@ -15,7 +15,11 @@ + #include <sys/param.h> + + #if defined(HAVE_LIBEDIT) ++#if defined(FreeBSD_BASE_EDITLINE) ++#include <edit/readline/readline.h> ++#else + #include <editline/readline.h> ++#endif + #elif defined(HAVE_READLINE) + #include <readline/readline.h> + #include <readline/history.h> |