[pkgsrc/trunk]: pkgsrc/security/kth-krb4 security/kth-krb4: Add DragonFly and...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/kth-krb4 security/kth-krb4: Add DragonFly and...
From: marino <marino%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 11:33:56 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/a900ba85abed
branches:  trunk
changeset: 596038:a900ba85abed
user:      marino <marino%pkgsrc.org@localhost>
date:      Mon Nov 28 19:33:13 2011 +0000

description:
security/kth-krb4: Add DragonFly and FreeBSD support

The majority of these patches were inspired from FreeBSD's ports.  FreeBSD,
along with at least Debian, have removed Kerberos4 due to secuity concerns.
From: http://web.mit.edu/kerberos/krb4-end-of-life.html :

"Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit
attacks which require far less effort than an exhaustive search of the DES
key space. These flaws make Kerberos 4 cross-realm authentication an
unacceptable security risk and raise serious questions about the security of
the entire Kerberos 4 protocol.

The known insecurity of DES, combined with the recently discovered protocol
flaws, make it extremely inadvisable to rely on the security of version 4 of
the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove
support for Kerberos version 4 from the MIT implementation of Kerberos."

This end-of-life announcement is dated 19 October 2006.  I think it's a
good question to ask why this package and the packages that depend on it
are still in pkgsrc.

diffstat:

 security/kth-krb4/Makefile                                |  15 ++-
 security/kth-krb4/PLIST                                   |  14 +-
 security/kth-krb4/distinfo                                |  14 ++-
 security/kth-krb4/patches/patch-aa                        |  29 +++++-
 security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y    |  31 +++++++
 security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h |  14 +++
 security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c  |  18 ++++
 security/kth-krb4/patches/patch-lib_krb_krb-protos.h      |  64 +++++++++++++++
 security/kth-krb4/patches/patch-lib_krb_krb_check_auth.c  |  16 +++
 security/kth-krb4/patches/patch-lib_krb_mk_priv.c         |  18 ++++
 security/kth-krb4/patches/patch-lib_krb_rd_priv.c         |  18 ++++
 security/kth-krb4/patches/patch-lib_krb_recvauth.c        |  16 +++
 security/kth-krb4/patches/patch-lib_krb_sendauth.c        |  16 +++
 security/kth-krb4/patches/patch-lib_krb_solaris_compat.c  |  32 +++++++
 14 files changed, 299 insertions(+), 16 deletions(-)

diffs (truncated from 438 to 300 lines):

diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/Makefile
--- a/security/kth-krb4/Makefile        Mon Nov 28 16:50:44 2011 +0000
+++ b/security/kth-krb4/Makefile        Mon Nov 28 19:33:13 2011 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.53 2011/03/24 05:38:01 obache Exp $
+# $NetBSD: Makefile,v 1.54 2011/11/28 19:33:13 marino Exp $
 #
 
 DISTNAME=              krb4-1.2.2
 PKGNAME=               kth-krb4-1.2.2
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            security net
 MASTER_SITES=          ftp://ftp.pdc.kth.se/pub/krb/src/
 
@@ -66,7 +66,16 @@
 .include "../../devel/readline/buildlink3.mk"
 .endif
 
-PLIST_VARS+=           glob
+PLIST_VARS+=   glob wantdes
+
+.if ${OPSYS} == "DragonFly" || ${OPSYS} == "FreeBSD"
+CPPFLAGS+=     -DOPENSSL_DES_LIBDES_COMPATIBILITY
+.if ${MACHINE_ARCH} == "x86_64" || ${MACHINE_ARCH} == "amd64"
+CFLAGS+=       -fPIC
+.endif
+.else
+PLIST.wantdes= yes
+.endif
 
 post-install:
        ${INSTALL_DATA_DIR} ${DESTDIR}${EXAMPLEDIR}
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/PLIST
--- a/security/kth-krb4/PLIST   Mon Nov 28 16:50:44 2011 +0000
+++ b/security/kth-krb4/PLIST   Mon Nov 28 19:33:13 2011 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2011/03/24 05:38:01 obache Exp $
+@comment $NetBSD: PLIST,v 1.18 2011/11/28 19:33:13 marino Exp $
 bin/afslog
 bin/compile_et
 bin/k4ftp
@@ -51,27 +51,27 @@
 include/kerberosIV/krb_err.h
 include/kerberosIV/krb_log.h
 include/kerberosIV/ktypes.h
-include/kerberosIV/md4.h
-include/kerberosIV/md5.h
+${PLIST.wantdes}include/kerberosIV/md4.h
+${PLIST.wantdes}include/kerberosIV/md5.h
 include/kerberosIV/otp.h
 include/kerberosIV/parse_bytes.h
 include/kerberosIV/parse_time.h
 include/kerberosIV/parse_units.h
 include/kerberosIV/prot.h
 include/kerberosIV/protos.h
-include/kerberosIV/rc4.h
+${PLIST.wantdes}include/kerberosIV/rc4.h
 include/kerberosIV/resolve.h
 include/kerberosIV/roken-common.h
 include/kerberosIV/roken.h
 include/kerberosIV/rtbl.h
-include/kerberosIV/sha.h
+${PLIST.wantdes}include/kerberosIV/sha.h
 include/kerberosIV/sl.h
 include/kerberosIV/ss/ss.h
 include/kerberosIV/xdbm.h
 info/kth-krb.info
 lib/libacl.la
 lib/libcom_err.la
-lib/libdes.la
+${PLIST.wantdes}lib/libdes.la
 lib/libeditline.la
 lib/libkadm.la
 lib/libkafs.la
@@ -125,7 +125,7 @@
 man/man1/xnlock.1
 man/man3/acl_check.3
 man/man3/arg_printusage.3
-man/man3/des_crypt.3
+${PLIST.wantdes}man/man3/des_crypt.3
 man/man3/editline.3
 man/man3/getarg.3
 man/man3/k_afs_cell_of_file.3
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/distinfo
--- a/security/kth-krb4/distinfo        Mon Nov 28 16:50:44 2011 +0000
+++ b/security/kth-krb4/distinfo        Mon Nov 28 19:33:13 2011 +0000
@@ -1,14 +1,24 @@
-$NetBSD: distinfo,v 1.13 2011/03/24 05:38:01 obache Exp $
+$NetBSD: distinfo,v 1.14 2011/11/28 19:33:13 marino Exp $
 
 SHA1 (krb4-1.2.2.tar.gz) = 41379763161d0b94646adb8847b83f92e5c985a4
 RMD160 (krb4-1.2.2.tar.gz) = 585f19767c610c31ca5be59d8cf61724739969f1
 Size (krb4-1.2.2.tar.gz) = 1876603 bytes
-SHA1 (patch-aa) = 0585d1b3a0242c013dbe09b61c28049cbae0cb92
+SHA1 (patch-aa) = 7e5978bc3e4b5c6d65cb00a092b1fa9f06e062e8
 SHA1 (patch-ab) = 94e4abdeeb0263eac7207fac120e10d190fb0f30
 SHA1 (patch-ac) = 8e3f1ea92fdb45c1d48c5f1719dcf3eb0ed2a52d
 SHA1 (patch-ad) = 48ebf93893662ecc10e56e0653351f80359b12b0
 SHA1 (patch-ae) = 654d92268a6c693d566acde1a7c881dc6dea2166
 SHA1 (patch-ah) = 5d09fc774b0d35070036aebd1339b32ed38137de
 SHA1 (patch-ai) = dc9db52ff819cc08753e8fe98397187df1dd0310
+SHA1 (patch-appl_ftp_ftpd_ftpcmd.y) = bdc54dd4e955b0202afd4fcd45ef6c9a08e8863d
+SHA1 (patch-appl_ftp_ftpd_pathnames.h) = b55d56593aaff44b0ffd5f89fe46eccce53e5f50
 SHA1 (patch-cf_Makefile.am.common) = 259477799fd5c473ec6561c1046dd5977eb58cdb
+SHA1 (patch-lib_kadm_kadm_cli_wrap.c) = c99ab4c066e03b7545b36089588ab7b6b3043d9d
+SHA1 (patch-lib_krb_krb-protos.h) = 44721a1a231cc6794b298962cb1e5078fb0c5770
+SHA1 (patch-lib_krb_krb_check_auth.c) = dd8b1724ba8448f0478bb1eee1477deebc985955
+SHA1 (patch-lib_krb_mk_priv.c) = 7e55c4927021850f7f4a59ee18139d54cc9b97a1
+SHA1 (patch-lib_krb_rd_priv.c) = f2d9956089a07ffa74634e0397c71ff099134441
+SHA1 (patch-lib_krb_recvauth.c) = 036dc80a0dd452d3d323b44734b39826c8d8806c
+SHA1 (patch-lib_krb_sendauth.c) = 1beb1514eae8876eae0efd758a38f1e6055942f7
+SHA1 (patch-lib_krb_solaris_compat.c) = a12a1f2338a8cf750945d8295cc2fbdd621d7d4e
 SHA1 (patch-lib_roken_Makefile.in) = 2d29e181a45ba5618f409fe41ecd0c1e7e6b895b
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/patches/patch-aa
--- a/security/kth-krb4/patches/patch-aa        Mon Nov 28 16:50:44 2011 +0000
+++ b/security/kth-krb4/patches/patch-aa        Mon Nov 28 19:33:13 2011 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.6 2006/09/07 08:46:20 wennmach Exp $
+$NetBSD: patch-aa,v 1.7 2011/11/28 19:33:13 marino Exp $
 
---- appl/bsd/encrypt.c.orig    2001-09-09 22:27:22.000000000 +0200
-+++ appl/bsd/encrypt.c 2006-09-07 10:19:23.000000000 +0200
-@@ -63,7 +63,6 @@
+--- appl/bsd/encrypt.c.orig    2001-09-09 20:27:22.000000000 +0000
++++ appl/bsd/encrypt.c
+@@ -63,12 +63,15 @@ RCSID("$Id: encrypt.c,v 1.6 2001/09/09 2
                         *((c)++)=(unsigned char)(((l)    )&0xff))
  
  /* This has some uglies in it but it works - even over sockets. */
@@ -10,3 +10,24 @@
  int des_rw_mode=DES_PCBC_MODE;
  int LEFT_JUSTIFIED = 0;
  
+ int
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++bsd_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, des_cblock *iv)
++#else
+ bsd_des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
++#endif
+ {
+   /* data to be unencrypted */
+   int net_num=0;
+@@ -213,7 +216,11 @@ bsd_des_enc_read(int fd, char *buf, int
+ }
+ 
+ int
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++bsd_des_enc_write(int fd, char *buf, int len, des_key_schedule sched, des_cblock *iv)
++#else
+ bsd_des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
++#endif
+ {
+   long rnum;
+   int i,j,k,outnum;
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/kth-krb4/patches/patch-appl_ftp_ftpd_ftpcmd.y    Mon Nov 28 19:33:13 2011 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-appl_ftp_ftpd_ftpcmd.y,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- appl/ftp/ftpd/ftpcmd.y.orig        2001-08-05 06:39:29.000000000 +0000
++++ appl/ftp/ftpd/ftpcmd.y
+@@ -103,7 +103,7 @@ static int          yylex (void);
+       UMASK   IDLE    CHMOD
+ 
+       AUTH    ADAT    PROT    PBSZ    CCC     MIC
+-      CONF    ENC
++      CNFX    ENC
+ 
+       KAUTH   KLIST   KDESTROY KRBTKFILE AFSLOG
+       LOCATE  URL
+@@ -695,7 +695,7 @@ rcmd
+                       mec($3, prot_safe);
+                       free($3);
+               }
+-      | CONF SP STRING CRLF
++      | CNFX SP STRING CRLF
+               {
+                       mec($3, prot_confidential);
+                       free($3);
+@@ -984,7 +984,7 @@ struct tab cmdtab[] = {            /* In order def
+       { "PROT", PROT, STR1, 1,        "<sp> prot-level" },
+       { "CCC",  CCC,  ARGS, 1,        "" },
+       { "MIC",  MIC,  STR1, 1,        "<sp> integrity command" },
+-      { "CONF", CONF, STR1, 1,        "<sp> confidentiality command" },
++      { "CONF", CNFX, STR1, 1,        "<sp> confidentiality command" },
+       { "ENC",  ENC,  STR1, 1,        "<sp> privacy command" },
+ 
+       /* RFC2389 */
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/kth-krb4/patches/patch-appl_ftp_ftpd_pathnames.h Mon Nov 28 19:33:13 2011 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-appl_ftp_ftpd_pathnames.h,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- appl/ftp/ftpd/pathnames.h.orig     2002-08-12 15:09:14.000000000 +0000
++++ appl/ftp/ftpd/pathnames.h
+@@ -49,7 +49,9 @@
+ #define _PATH_BSHELL "/bin/sh"
+ #endif
+ 
++#ifndef _PATH_FTPUSERS
+ #define       _PATH_FTPUSERS          SYSCONFDIR "/ftpusers"
++#endif
+ #define       _PATH_FTPCHROOT         SYSCONFDIR "/ftpchroot"
+ #define       _PATH_FTPWELCOME        SYSCONFDIR "/ftpwelcome"
+ #define       _PATH_FTPLOGINMESG      SYSCONFDIR "/motd"
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/kth-krb4/patches/patch-lib_kadm_kadm_cli_wrap.c  Mon Nov 28 19:33:13 2011 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-lib_kadm_kadm_cli_wrap.c,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/kadm/kadm_cli_wrap.c.orig      2011-11-28 02:10:03.761978000 +0000
++++ lib/kadm/kadm_cli_wrap.c
+@@ -138,7 +143,12 @@ kadm_cli_conn(void)
+ /* takes in the sess_key and key_schedule and sets them appropriately */
+ static int
+ kadm_cli_keyd(des_cblock (*s_k), /* session key */
+-            struct des_ks_struct *s_s) /* session key schedule */
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++            des_key_schedule s_s
++#else
++            struct des_ks_struct *s_s
++#endif
++) /* session key schedule */
+ {
+       CREDENTIALS cred;              /* to get key data */
+       int stat;
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/patches/patch-lib_krb_krb-protos.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/kth-krb4/patches/patch-lib_krb_krb-protos.h      Mon Nov 28 19:33:13 2011 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-lib_krb_krb-protos.h,v 1.1 2011/11/28 19:33:13 marino Exp $
+
+--- lib/krb/krb-protos.h.orig  2001-08-26 01:46:51.000000000 +0000
++++ lib/krb/krb-protos.h
+@@ -177,7 +177,11 @@ krb_check_auth __P((
+       u_int32_t checksum,
+       MSG_DAT *msg_data,
+       des_cblock *session,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++      des_key_schedule schedule,
++#else
+       struct des_ks_struct *schedule,
++#endif
+       struct sockaddr_in *laddr,
+       struct sockaddr_in *faddr));
+ 
+@@ -457,7 +461,11 @@ krb_mk_priv __P((
+       void *in,
+       void *out,
+       u_int32_t length,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++      des_key_schedule schedule,
++#else
+       struct des_ks_struct *schedule,
++#endif
+       des_cblock *key,
+       struct sockaddr_in *sender,
+       struct sockaddr_in *receiver));
+@@ -540,7 +548,11 @@ int32_t KRB_LIB_FUNCTION
+ krb_rd_priv __P((
+       void *in,
+       u_int32_t in_length,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++      des_key_schedule schedule,
++#else
+       struct des_ks_struct *schedule,
++#endif
+       des_cblock *key,
+       struct sockaddr_in *sender,
+       struct sockaddr_in *receiver,
+@@ -583,7 +595,11 @@ krb_recvauth __P((
+       struct sockaddr_in *laddr,
+       AUTH_DAT *kdata,
+       char *filename,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++      des_key_schedule schedule,
++#else
+       struct des_ks_struct *schedule,
++#endif
+       char *version));
+ 
+ int KRB_LIB_FUNCTION
+@@ -597,7 +613,11 @@ krb_sendauth __P((
+       u_int32_t checksum,
+       MSG_DAT *msg_data,
+       CREDENTIALS *cred,
++#if defined(__DragonFly__) || defined (__FreeBSD__)
++      des_key_schedule schedule,
++#else
+       struct des_ks_struct *schedule,
++#endif
+       struct sockaddr_in *laddr,
+       struct sockaddr_in *faddr,
+       char *version));
diff -r fe9f8b84680c -r a900ba85abed security/kth-krb4/patches/patch-lib_krb_krb_check_auth.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
Prev by Date: [pkgsrc/trunk]: pkgsrc/print Add tex-texmate packages:
Next by Date: [pkgsrc/trunk]: pkgsrc/news/suck Add devel/gdbm_compat buildlink on Linux.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/print Add tex-texmate packages:
Next by Thread: [pkgsrc/trunk]: pkgsrc/news/suck Add devel/gdbm_compat buildlink on Linux.
Indexes:
Home | Main Index | Thread Index | Old Index