diff options
Diffstat (limited to 'security/krb5-122/files')
| -rw-r--r-- | security/krb5-122/files/kdc.in | 4 | ||||
| -rw-r--r-- | security/krb5-122/files/kpropd.in | 26 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-clients__ksu__Makefile.in | 18 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-config__pre.in | 23 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-config__shlib.conf | 22 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-configure.ac | 17 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-lib-krb5-os-localaddr.c | 75 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c | 14 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-lib_krad_packet.c | 12 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c | 43 | ||||
| -rw-r--r-- | security/krb5-122/files/patch-util_ss_listen.c | 14 |
11 files changed, 268 insertions, 0 deletions
diff --git a/security/krb5-122/files/kdc.in b/security/krb5-122/files/kdc.in new file mode 100644 index 000000000000..d462d45d47f6 --- /dev/null +++ b/security/krb5-122/files/kdc.in @@ -0,0 +1,4 @@ +#!/bin/sh - + +set -- $(echo "$*" | sed 's/--detach//') +exec %%PREFIX%%/sbin/krb5kdc "$@" diff --git a/security/krb5-122/files/kpropd.in b/security/krb5-122/files/kpropd.in new file mode 100644 index 000000000000..d2147af059d7 --- /dev/null +++ b/security/krb5-122/files/kpropd.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# PROVIDE: kpropd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# kpropd_enable (bool): Set to NO by default. +# Set it to YES to enable kpropd. +# kpropd_flags (str): Set to "" by default. + +. /etc/rc.subr + +name=kpropd +rcvar=kpropd_enable + +load_rc_config $name + +: ${kpropd_enable:="NO"} +: ${kpropd_flags=""} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/krb5-122/files/patch-clients__ksu__Makefile.in b/security/krb5-122/files/patch-clients__ksu__Makefile.in new file mode 100644 index 000000000000..3544db84fc2c --- /dev/null +++ b/security/krb5-122/files/patch-clients__ksu__Makefile.in @@ -0,0 +1,18 @@ +--- clients/ksu/Makefile.in.orig 2019-05-21 14:09:23.000000000 -0700 ++++ clients/ksu/Makefile.in 2019-05-21 20:30:48.612847000 -0700 +@@ -1,6 +1,6 @@ + mydir=clients$(S)ksu + BUILDTOP=$(REL)..$(S).. +-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' ++DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/sbin /bin /usr/sbin /usr/bin"' -DDEBUG + + KSU_LIBS=@KSU_LIBS@ + +@@ -30,6 +30,6 @@ + + install: + -for f in ksu; do \ +- $(INSTALL_SETUID) $$f \ ++ $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + done diff --git a/security/krb5-122/files/patch-config__pre.in b/security/krb5-122/files/patch-config__pre.in new file mode 100644 index 000000000000..8527c550dc25 --- /dev/null +++ b/security/krb5-122/files/patch-config__pre.in @@ -0,0 +1,23 @@ +--- config/pre.in.orig 2014-10-15 16:55:10.000000000 -0700 ++++ config/pre.in 2015-02-04 12:43:45.693875606 -0800 +@@ -178,9 +178,9 @@ + INSTALL=@INSTALL@ + INSTALL_STRIP= + INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) +-INSTALL_SCRIPT=@INSTALL_PROGRAM@ ++INSTALL_SCRIPT=@INSTALL_SCRIPT@ + INSTALL_DATA=@INSTALL_DATA@ +-INSTALL_SHLIB=@INSTALL_SHLIB@ ++INSTALL_SHLIB=$(INSTALL_LIB) + INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. +@@ -197,7 +197,7 @@ + ADMIN_BINDIR = @sbindir@ + SERVER_BINDIR = @sbindir@ + CLIENT_BINDIR =@bindir@ +-PKGCONFIG_DIR = @libdir@/pkgconfig ++PKGCONFIG_DIR = $(prefix)/libdata/pkgconfig + ADMIN_MANDIR = $(KRB5MANROOT)/man8 + SERVER_MANDIR = $(KRB5MANROOT)/man8 + CLIENT_MANDIR = $(KRB5MANROOT)/man1 diff --git a/security/krb5-122/files/patch-config__shlib.conf b/security/krb5-122/files/patch-config__shlib.conf new file mode 100644 index 000000000000..6761ad7ef35c --- /dev/null +++ b/security/krb5-122/files/patch-config__shlib.conf @@ -0,0 +1,22 @@ +--- config/shlib.conf.orig 2025-08-05 07:15:15.000000000 -0700 ++++ config/shlib.conf 2025-08-06 00:01:20.148882000 -0700 +@@ -168,14 +168,15 @@ + PICFLAGS=-fpic + ;; + esac +- SHLIBVEXT='.so.$(LIBMAJOR)' +- RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,' ++ SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' ++ SHLIBSEXT='.so.$(LIBMAJOR)' ++ LDCOMBINE='libtool --tag=CC --mode=link cc -Xcompiler -shared -Wl,-soname=$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)' ++ RPATH_FLAG='-Wl,-rpath -Wl,' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + SHLIBEXT=.so +- LDCOMBINE='ld -Bshareable -z nodelete' +- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)' ++ SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/security/krb5-122/files/patch-configure.ac b/security/krb5-122/files/patch-configure.ac new file mode 100644 index 000000000000..abbae0e771b3 --- /dev/null +++ b/security/krb5-122/files/patch-configure.ac @@ -0,0 +1,17 @@ +--- configure.ac.orig 2023-08-07 11:38:21.000000000 -0700 ++++ configure.ac 2023-08-09 14:49:19.833149000 -0700 +@@ -1356,8 +1356,12 @@ + AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.]) + AC_MSG_NOTICE([Using libedit for readline support]) + elif test "x$with_libedit" = xyes; then +- # We were explicitly asked for libedit and couldn't find it. +- AC_MSG_ERROR([Could not detect libedit with pkg-config]) ++ AC_MSG_NOTICE([Using libedit in FreeBSD base]) ++ AC_CHECK_LIB([edit], [main], :, ++ AC_MSG_ERROR([Could not detect libedit])) ++ AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.]) ++ RL_CFLAGS=-DFreeBSD_BASE_EDITLINE ++ RL_LIBS='-ledit' + else + AC_MSG_NOTICE([Not using any readline support]) + fi diff --git a/security/krb5-122/files/patch-lib-krb5-os-localaddr.c b/security/krb5-122/files/patch-lib-krb5-os-localaddr.c new file mode 100644 index 000000000000..06b6043f22c9 --- /dev/null +++ b/security/krb5-122/files/patch-lib-krb5-os-localaddr.c @@ -0,0 +1,75 @@ +--- lib/krb5/os/localaddr.c.orig 2009-10-30 20:17:27.000000000 -0700 ++++ lib/krb5/os/localaddr.c 2010-04-19 12:39:56.707090973 -0700 +@@ -175,6 +175,7 @@ + } + #endif + ++#if 0 + static int + is_loopback_address(struct sockaddr *sa) + { +@@ -191,6 +192,7 @@ + return 0; + } + } ++#endif + + #ifdef HAVE_IFADDRS_H + #include <ifaddrs.h> +@@ -467,12 +469,14 @@ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#if 0 + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } ++#endif + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { +@@ -601,11 +605,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -772,11 +778,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); +@@ -987,11 +995,13 @@ + } + /*@=moduncon@*/ + ++#if 0 + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } ++#endif + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); diff --git a/security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c b/security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c new file mode 100644 index 000000000000..40f116af2196 --- /dev/null +++ b/security/krb5-122/files/patch-lib__gssapi__krb5__import_name.c @@ -0,0 +1,14 @@ +--- lib/gssapi/krb5/import_name.c.orig Mon Jul 18 15:12:42 2005 ++++ lib/gssapi/krb5/import_name.c Tue Nov 8 09:53:58 2005 +@@ -33,6 +33,11 @@ + #endif + #endif + ++#include <sys/param.h> ++#if __FreeBSD_version < 500100 ++#include <stdio.h> ++#endif ++ + #ifdef HAVE_STRING_H + #include <string.h> + #else diff --git a/security/krb5-122/files/patch-lib_krad_packet.c b/security/krb5-122/files/patch-lib_krad_packet.c new file mode 100644 index 000000000000..2668d9121524 --- /dev/null +++ b/security/krb5-122/files/patch-lib_krad_packet.c @@ -0,0 +1,12 @@ +--- lib/krad/packet.c.orig 2025-08-05 07:15:15.000000000 -0700 ++++ lib/krad/packet.c 2025-08-06 00:16:54.383533000 -0700 +@@ -477,6 +477,9 @@ + krb5_error_code retval; + + msgauth = krad_packet_get_attr(pkt, KRAD_ATTR_MESSAGE_AUTHENTICATOR, 0); ++/* XXX ENODATA does not exist in FreeBSD. The closest thing we have to */ ++/* XXX ENODATA is ENOATTR. We use that instead. */ ++#define ENODATA ENOATTR + if (msgauth == NULL) + return ENODATA; + diff --git a/security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c new file mode 100644 index 000000000000..71d27a31b406 --- /dev/null +++ b/security/krb5-122/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -0,0 +1,43 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -184,6 +184,17 @@ pkcs11err(int err); + (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams ++#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L + + /* 1.1 standardizes constructor and destructor names, renaming +@@ -193,13 +204,6 @@ pkcs11err(int err); + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + { diff --git a/security/krb5-122/files/patch-util_ss_listen.c b/security/krb5-122/files/patch-util_ss_listen.c new file mode 100644 index 000000000000..127784b0e2c0 --- /dev/null +++ b/security/krb5-122/files/patch-util_ss_listen.c @@ -0,0 +1,14 @@ +--- util/ss/listen.c.orig 2023-08-07 11:38:21.000000000 -0700 ++++ util/ss/listen.c 2023-08-09 13:09:30.816661000 -0700 +@@ -15,7 +15,11 @@ + #include <sys/param.h> + + #if defined(HAVE_LIBEDIT) ++#if defined(FreeBSD_BASE_EDITLINE) ++#include <edit/readline/readline.h> ++#else + #include <editline/readline.h> ++#endif + #elif defined(HAVE_READLINE) + #include <readline/readline.h> + #include <readline/history.h> |