pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/mit-krb5 mit-krb5: Update to 1.19.3.
details: https://anonhg.NetBSD.org/pkgsrc/rev/295114b591ca
branches: trunk
changeset: 382495:295114b591ca
user: jperkin <jperkin%pkgsrc.org@localhost>
date: Fri Jul 29 20:22:44 2022 +0000
description:
mit-krb5: Update to 1.19.3.
Major changes in 1.19.3 (2022-03-11)
------------------------------------
This is a bug fix release.
* Fix a denial of service attack against the KDC [CVE-2021-37750].
krb5-1.19.3 changes by ticket ID
--------------------------------
9008 Fix KDC null deref on TGS inner body null server
9023 Fix conformance issue in GSSAPI tests
Major changes in 1.19.2 (2021-07-22)
------------------------------------
This is a bug fix release.
* Fix a denial of service attack against the KDC encrypted challenge
code [CVE-2021-36222].
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
krb5-1.19.2 changes by ticket ID
--------------------------------
8989 Fix typo in enctypes.rst
8992 Avoid rand() in aes-gen test program
9005 Fix argument type errors on Windows
9006 doc build fails with Sphinx 4.0.2
9007 Fix KDC null deref on bad encrypted challenge
9014 Using locking in MEMORY krb5_cc_get_principal()
9015 Fix use-after-free during krad remote_shutdown()
9016 Memory leak in krb5_gss_inquire_cred
Major changes in 1.19.1 (2021-02-18)
------------------------------------
This is a bug fix release.
* Fix a linking issue with Samba.
* Better support multiple pkinit_identities values by checking whether
certificates can be loaded for each value.
krb5-1.19.1 changes by ticket ID
--------------------------------
8984 Load certs when checking pkinit_identities values
8985 Restore krb5_set_default_tgs_ktypes()
8987 Synchronize command-line option documentation
Major changes in 1.19 (2021-02-01)
----------------------------------
Administrator experience:
* When a client keytab is present, the GSSAPI krb5 mech will refresh
credentials even if the current credentials were acquired manually.
* It is now harder to accidentally delete the K/M entry from a KDB.
Developer experience:
* gss_acquire_cred_from() now supports the "password" and "verify"
options, allowing credentials to be acquired via password and
verified using a keytab key.
* When an application accepts a GSS security context, the new
GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
both provided matching channel bindings.
* Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self
requests to identify the desired client principal by certificate.
* PKINIT certauth modules can now cause the hw-authent flag to be set
in issued tickets.
* The krb5_init_creds_step() API will now issue the same password
expiration warnings as krb5_get_init_creds_password().
Protocol evolution:
* Added client and KDC support for Microsoft's Resource-Based
Constrained Delegation, which allows cross-realm S4U2Proxy requests.
A third-party database module is required for KDC support.
* kadmin/admin is now the preferred server principal name for kadmin
connections, and the host-based form is no longer created by
default. The client will still try the host-based form as a
fallback.
* Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
extension, which causes channel bindings to be required for the
initiator if the acceptor provided them. The client will send this
option if the client_aware_gss_bindings profile option is set.
User experience:
* kinit will now issue a warning if the des3-cbc-sha1 encryption type
is used in the reply. This encryption type will be deprecated and
removed in future releases.
* Added kvno flags --out-cache, --no-store, and --cached-only
(inspired by Heimdal's kgetcred).
krb5-1.19 changes by ticket ID
------------------------------
7976 Client keytab does not refresh manually obtained ccaches
8332 Referral and cross-realm TGS requests fail with anonymous cache
8871 Zero length fields when freeing object contents
8879 Allow certauth modules to set hw-authent flag
8885 PKINIT calls responder twice
8890 Add finalization safety check to com_err
8893 Do expiration warnings for all init_creds APIs
8897 Pass gss_localname() through SPNEGO
8899 Implement GSS_C_CHANNEL_BOUND_FLAG
8900 Implement KERB_AP_OPTIONS_CBT (server side)
8901 Stop reporting krb5 mech from IAKERB
8902 Omit KDC indicator check for S4U2Self requests
8904 Add KRB5_PRINCIPAL_PARSE_NO_DEF_REALM flag
8907 Pass channel bindings through SPNEGO
8909 Return GSS_S_NO_CRED from krb5 gss_acquire_cred
8910 Building with --enable-static fails when Yasm is available
8911 Default dns_canonicalize_hostname to "fallback"
8912 Omit PA_FOR_USER if we can't compute its checksum
8913 Deleting master key principal entry shouldn't be possible
8914 Invalid negative record length in keytab file
8915 Try to find <target>-ar when cross compiling
8917 Add three kvno options from Heimdal kgetcred
8919 Interop with Heimdal KDC for S4U2Self requests
8920 Fix KDC choice to send encrypted S4U_X509_USER
8921 Use the term "primary KDC" in source and docs
8922 Trace plugin module loading errors
8923 Add GSS_KRB5_NT_X509_CERT name type
8927 getdate.y %type warnings with bison 3.5
8928 Fix three configure tests for Xcode 12
8929 Ignore bad enctypes in krb5_string_to_keysalts()
8930 Expand dns_canonicalize_host=fallback support
8931 Cache S4U2Proxy requests by second ticket
8932 Do proper length decoding in SPNEGO gss_get_oid()
8934 Try kadmin/admin first in libkadm5clnt
8935 Don't create hostbased principals in new KDBs
8937 Fix Leash console option
8940 Remove Leash import functionality
8942 Fix KRB5_GC_CACHED for S4U2Self requests
8943 Allow KDC to canonicalize realm in TGS client
8944 Harmonize macOS pack declarations with Heimdal
8946 Improve KDC alias checking for S4U requests
8947 Warn when des3-cbc-sha1 is used for initial auth
8948 Update SRV record documentation
8950 Document enctype migration
8951 Allow aliases when matching U2U second ticket
8952 Fix doc issues with newer Doxygen and Sphinx
8953 Move more KDC checks to validate_tgs_request()
8954 Update Gladman AES code to a version with a clearer license
8957 Use PKG_CHECK_MODULES for system library com_err
8961 Fix gss_acquire_cred_from() IAKERB handling
8962 Add password option to cred store
8963 Add verify option to cred store
8964 Add GSS credential store documentation
8965 Install shared libraries as executable
8966 Improve duplicate checking in gss_add_cred()
8967 Continue on KRB5_FCC_NOFILE in KCM cache iteration
8969 Update kvno(1) synopsis with missing options
8971 Implement fallback for GSS acceptor names
8973 Revert dns_canonicalize_hostname default to true
8975 Incorrect runstatedir substitution affecting "make install"
Major changes in 1.18.5 (2022-03-11)
------------------------------------
This is a bug fix release.
* Fix a denial of service attack against the KDC [CVE-2021-37750].
krb5-1.18.5 changes by ticket ID
--------------------------------
9008 Fix KDC null deref on TGS inner body null server
diffstat:
security/mit-krb5/Makefile | 7 +-
security/mit-krb5/buildlink3.mk | 4 +-
security/mit-krb5/builtin.mk | 4 +-
security/mit-krb5/distinfo | 15 +-
security/mit-krb5/patches/patch-config_shlib.conf | 46 +++++-----
security/mit-krb5/patches/patch-kadmin_cli_getdate.y | 23 -----
security/mit-krb5/patches/patch-plugins_kdb_db2_Makefile.in | 6 +-
security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in | 6 +-
8 files changed, 43 insertions(+), 68 deletions(-)
diffs (truncated from 345 to 300 lines):
diff -r bd795a686e94 -r 295114b591ca security/mit-krb5/Makefile
--- a/security/mit-krb5/Makefile Fri Jul 29 19:00:36 2022 +0000
+++ b/security/mit-krb5/Makefile Fri Jul 29 20:22:44 2022 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.114 2022/06/28 11:35:38 wiz Exp $
+# $NetBSD: Makefile,v 1.115 2022/07/29 20:22:44 jperkin Exp $
-BRANCHNAME= 1.18
-DISTNAME= krb5-${BRANCHNAME}.4
+BRANCHNAME= 1.19
+DISTNAME= krb5-${BRANCHNAME}.3
PKGNAME= mit-${DISTNAME}
-PKGREVISION= 1
CATEGORIES= security
# It is not clear how stable this URL scheme is.
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${BRANCHNAME}/
diff -r bd795a686e94 -r 295114b591ca security/mit-krb5/buildlink3.mk
--- a/security/mit-krb5/buildlink3.mk Fri Jul 29 19:00:36 2022 +0000
+++ b/security/mit-krb5/buildlink3.mk Fri Jul 29 20:22:44 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.16 2022/06/28 11:35:38 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.17 2022/07/29 20:22:44 jperkin Exp $
BUILDLINK_TREE+= mit-krb5
@@ -6,7 +6,7 @@
MIT_KRB5_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.mit-krb5+= mit-krb5>=1.4
-BUILDLINK_ABI_DEPENDS.mit-krb5?= mit-krb5>=1.18.4nb1
+BUILDLINK_ABI_DEPENDS.mit-krb5?= mit-krb5>=1.18.4nb1
BUILDLINK_PKGSRCDIR.mit-krb5?= ../../security/mit-krb5
.endif # MIT_KRB5_BUILDLINK3_MK
diff -r bd795a686e94 -r 295114b591ca security/mit-krb5/builtin.mk
--- a/security/mit-krb5/builtin.mk Fri Jul 29 19:00:36 2022 +0000
+++ b/security/mit-krb5/builtin.mk Fri Jul 29 20:22:44 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.17 2021/05/13 09:06:15 thor Exp $
+# $NetBSD: builtin.mk,v 1.18 2022/07/29 20:22:44 jperkin Exp $
BUILTIN_PKG:= mit-krb5
@@ -12,7 +12,7 @@
BUILTIN_FIND_HEADERS.H_MIT_KRB5= kerberosv5/krb5.h
.elif !empty(MACHINE_PLATFORM:MLinux-*)
# Assuming mit-krb5 >= 1.5 on GNU/Linux.
-BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5/krb5.h
+BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5/krb5.h
.else
BUILTIN_FIND_HEADERS.H_MIT_KRB5= krb5.h
.endif
diff -r bd795a686e94 -r 295114b591ca security/mit-krb5/distinfo
--- a/security/mit-krb5/distinfo Fri Jul 29 19:00:36 2022 +0000
+++ b/security/mit-krb5/distinfo Fri Jul 29 20:22:44 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.79 2021/10/26 11:17:19 nia Exp $
+$NetBSD: distinfo,v 1.80 2022/07/29 20:22:44 jperkin Exp $
-BLAKE2s (krb5-1.18.4.tar.gz) = d0d569f367231e1d57d73260a79c7bb73bd4ff66d4cf4ea67aa27c6c4efd3c78
-SHA512 (krb5-1.18.4.tar.gz) = 7d9f1e937ba122f5af1340b5025420903a4cc3692bdf4093289921ad09b3fd02c8684b65a783d4b397ba15c4cf29c728cbf24a6405c5fff72fb882137703539e
-Size (krb5-1.18.4.tar.gz) = 8716664 bytes
+BLAKE2s (krb5-1.19.3.tar.gz) = 25b6d084dcc560252f6ee576da976a6f6a1972537eb355dc0aa240dcab4400d2
+SHA512 (krb5-1.19.3.tar.gz) = 18235440d6f7d8a72c5d7ca5cd8c6465e8adf091d85c483225c7b00d64b4688c1c7924cb800c2fc17e590b2709f1a9de48e6ec79f6debd11dcb7d6fa16c6f351
+Size (krb5-1.19.3.tar.gz) = 8741343 bytes
SHA1 (patch-Makefile.in) = 24f915d7a4340b9a4a454b9b67c94147fdc49c34
SHA1 (patch-aclocal.m4) = 07b5d9ae38c74eaea6ba62aed9062dca1bf7f3fb
SHA1 (patch-build-tools_krb5-config.in) = 4ab922df1d86d86f9ef043f2c5cdf048c0477d3a
@@ -12,9 +12,8 @@
SHA1 (patch-config_libobj.in) = c7395b9de5baf6612b8787fad55dbc051a680bfd
SHA1 (patch-config_libpriv.in) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b
SHA1 (patch-config_pre.in) = 255973132db9327190211214c3e33b4551bd283b
-SHA1 (patch-config_shlib.conf) = c47a647307e7d883e7c22528b7b0f5ad038cbcb3
+SHA1 (patch-config_shlib.conf) = 74859f18c5bf7c723face05873a219a839b28942
SHA1 (patch-include_osconf.hin) = d31a8164f417bc31a787c8e16d1bd24f27b7140d
-SHA1 (patch-kadmin_cli_getdate.y) = 81fda2911fabdcfe88085dae69ff44ea0b0608a1
SHA1 (patch-kadmin_cli_ss_wrapper.c) = e32e6180f8d508cb2eb18489ce2fef0a1ad0f51d
SHA1 (patch-kprop_kproplog.c) = 9b751de7eb70d026b54e15275bb878bdb0ce52eb
SHA1 (patch-lib_apputils_Makefile.in) = 085004041a2bb8c4bb3074c2e71e71f22f4f06d7
@@ -24,10 +23,10 @@
SHA1 (patch-lib_kdb_Makefile.in) = 0c45e34ea8b5d0270c386d430b0d37469e8440ea
SHA1 (patch-lib_kdb_kdb__log.c) = dc759fae6099e7586686bcf14d7cd775854e0360
SHA1 (patch-lib_krb5_ccache_Makefile.in) = 330ae21ec3b290ae16478c2c49a138acac5bf2fd
-SHA1 (patch-plugins_kdb_db2_Makefile.in) = f374fc5915b735075fbb751ef736f4ce54abc289
+SHA1 (patch-plugins_kdb_db2_Makefile.in) = eae56f7f450a299bdf1d86ee491af1fd51bd1d0c
SHA1 (patch-plugins_kdb_db2_libdb2_Makefile.in) = b4b7e8e4192b5e5318f1e42c49315789619f3ae9
SHA1 (patch-plugins_kdb_ldap_ldap__util_Makefile.in) = 7aa0f44cc02c523c837e7e3e1766624d2323deb9
SHA1 (patch-plugins_preauth_otp_Makefile.in) = 8c779e3b37cab4138f300f4a09325387092c79f8
-SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = c778366d5bd1cae85424643a582013101fc9632d
+SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = 7d9e5429737536bf1577a41040e6587bb55d8142
SHA1 (patch-util_k5ev_verto-k5ev.c) = 8f074ddccbaaa03576f0302437aed3aaad1b738d
SHA1 (patch-util_ss_Makefile.in) = 5ca0bf7295a8f4c1d8e59097863940f88d224ee7
diff -r bd795a686e94 -r 295114b591ca security/mit-krb5/patches/patch-config_shlib.conf
--- a/security/mit-krb5/patches/patch-config_shlib.conf Fri Jul 29 19:00:36 2022 +0000
+++ b/security/mit-krb5/patches/patch-config_shlib.conf Fri Jul 29 20:22:44 2022 +0000
@@ -1,19 +1,19 @@
-$NetBSD: patch-config_shlib.conf,v 1.2 2018/06/15 20:46:01 tez Exp $
+$NetBSD: patch-config_shlib.conf,v 1.3 2022/07/29 20:22:44 jperkin Exp $
Add --enable-pkgsrc-libtool option
(was patch-ag)
---- config/shlib.conf.orig 2016-02-29 19:50:13.000000000 +0000
+--- config/shlib.conf.orig 2022-03-11 06:54:31.000000000 +0000
+++ config/shlib.conf
@@ -22,6 +22,7 @@ SHLIBVEXT=.so.v-nobuild
SHLIBSEXT=.so.s-nobuild
# Most systems support profiled libraries.
PFLIBEXT=_p.a
+LALIBEXT=.la
- # Most systems install shared libs as mode 644, etc. while hpux wants 755
- INSTALL_SHLIB='$(INSTALL_DATA)'
- # Most systems use the same objects for shared libraries and dynamically
-@@ -37,6 +38,7 @@ use_linker_fini_option=no
+ # Install libraries executable. Some systems (e.g., RPM-based ones) require
+ # this for package dependency generation, while others are ambivalent or will
+ # strip it during packaging.
+@@ -39,6 +40,7 @@ use_linker_fini_option=no
STOBJEXT=.o
SHOBJEXT=.so
PFOBJEXT=.po
@@ -21,7 +21,7 @@
# Default for systems w/o shared libraries
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
-@@ -51,6 +53,9 @@ INIT_FINI_PREP=:
+@@ -53,6 +55,9 @@ INIT_FINI_PREP=:
default_static=no
default_shared=yes
@@ -31,7 +31,7 @@
# Set up architecture-specific variables.
case $krb5_cv_host in
alpha*-dec-osf*)
-@@ -65,11 +70,9 @@ alpha*-dec-osf*)
+@@ -67,11 +72,9 @@ alpha*-dec-osf*)
use_linker_init_option=yes
use_linker_fini_option=yes
EXTRA_FILES="$EXTRA_FILES export"
@@ -43,7 +43,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
if test "$ac_cv_c_compiler_gnu" = yes \
-@@ -132,17 +135,14 @@ alpha*-dec-osf*)
+@@ -133,17 +136,14 @@ alpha*-dec-osf*)
RPATH_FLAG='-Wl,+b,'
if test "$ac_cv_c_compiler_gnu" = yes; then
PICFLAGS=-fPIC
@@ -61,7 +61,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -172,12 +172,10 @@ mips-sgi-irix6.3) # This is a Kludge; se
+@@ -173,12 +173,10 @@ mips-sgi-irix6.3) # This is a Kludge; se
else
LDCOMBINE='ld -shared -ignore_unresolved -update_registry $(BUILDTOP)/so_locations -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
fi
@@ -74,7 +74,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -221,12 +219,10 @@ mips-sgi-irix*)
+@@ -222,12 +220,10 @@ mips-sgi-irix*)
opts=''
fi
LDCOMBINE='$(CC) -shared '$opts' -Wl,-soname -Wl,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $$initfini'
@@ -87,7 +87,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -258,13 +254,11 @@ mips-sni-sysv4)
+@@ -259,13 +255,11 @@ mips-sni-sysv4)
PICFLAGS=-Kpic
LDCOMBINE='$(CC) -G -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
fi
@@ -101,7 +101,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -280,10 +274,8 @@ mips-*-netbsd*)
+@@ -281,10 +275,8 @@ mips-*-netbsd*)
SHLIBSEXT='.so.$(LIBMAJOR)'
SHLIBEXT=.so
LDCOMBINE='ld -shared -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
@@ -112,7 +112,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -293,15 +285,13 @@ mips-*-netbsd*)
+@@ -294,15 +286,13 @@ mips-*-netbsd*)
PROFFLAGS=-pg
;;
@@ -130,7 +130,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -322,12 +312,10 @@ mips-*-netbsd*)
+@@ -323,12 +313,10 @@ mips-*-netbsd*)
esac
SHLIBVEXT='.so.$(LIBMAJOR)'
RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
@@ -143,7 +143,7 @@
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
-@@ -341,10 +329,8 @@ mips-*-netbsd*)
+@@ -342,10 +330,8 @@ mips-*-netbsd*)
SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
SHLIBEXT=.so
LDCOMBINE='ld -Bshareable'
@@ -155,7 +155,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -370,7 +356,7 @@ mips-*-netbsd*)
+@@ -371,7 +357,7 @@ mips-*-netbsd*)
for lib in libkrb5support.1.1.dylib libkadm5srv.5.1.dylib libkdb5.4.0.dylib; do
LDCOMBINE_TAIL="$LDCOMBINE_TAIL -dylib_file \"\$(KRB5_LIBDIR)/$lib\":\$(TOPLIBD)/$lib"
done
@@ -164,7 +164,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -dynamic $(CXXFLAGS) $(LDFLAGS)'
-@@ -402,11 +388,9 @@ mips-*-netbsd*)
+@@ -403,11 +389,9 @@ mips-*-netbsd*)
SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
SHLIBSEXT='.so.$(LIBMAJOR)'
SHLIBEXT=.so
@@ -177,7 +177,7 @@
CC_LINK_SHARED='$(PURE) $(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(PURE) $(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(PURE) $(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -429,10 +413,8 @@ mips-*-netbsd*)
+@@ -432,10 +416,8 @@ mips-*-netbsd*)
RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
# For cases where we do have dependencies on other libraries
# built in this tree...
@@ -188,7 +188,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -457,9 +439,7 @@ mips-*-netbsd*)
+@@ -460,9 +442,7 @@ mips-*-netbsd*)
SHLIBVEXT='.so.$(LIBMAJOR)'
SHLIBEXT=.so
LDCOMBINE='ld -Bshareable'
@@ -198,7 +198,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)'
-@@ -489,9 +469,8 @@ mips-*-netbsd*)
+@@ -492,9 +472,8 @@ mips-*-netbsd*)
# Assume initialization always delayed.
INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done'
use_linker_fini_option=yes
@@ -209,7 +209,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -526,10 +505,9 @@ mips-*-netbsd*)
+@@ -529,10 +508,9 @@ mips-*-netbsd*)
# Assume initialization always delayed.
INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done'
use_linker_fini_option=yes
@@ -222,7 +222,7 @@
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -542,8 +520,14 @@ esac
+@@ -545,8 +523,14 @@ esac
if test "${MAKE_SHLIB_COMMAND}" = "x" ; then
if test "${INIT_FINI_PREP}" != ":"; then
diff -r bd795a686e94 -r 295114b591ca security/mit-krb5/patches/patch-kadmin_cli_getdate.y
--- a/security/mit-krb5/patches/patch-kadmin_cli_getdate.y Fri Jul 29 19:00:36 2022 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-$NetBSD: patch-kadmin_cli_getdate.y,v 1.1 2021/01/16 09:00:23 jperkin Exp $
-
-Backport upstream fix https://github.com/krb5/krb5/commit/d3356bc4
-
---- kadmin/cli/getdate.y.orig 2020-11-17 17:17:59.000000000 +0000
-+++ kadmin/cli/getdate.y
-@@ -185,12 +185,10 @@ static time_t yyRelSeconds;
- enum _MERIDIAN Meridian;
- }
-
--%token tAGO tDAY tDAYZONE tID tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT
--%token tSEC_UNIT tSNUMBER tUNUMBER tZONE tDST tNEVER
--
--%type <Number> tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
--%type <Number> tSEC_UNIT tSNUMBER tUNUMBER tZONE
--%type <Meridian> tMERIDIAN o_merid
-+%token tAGO tID tDST tNEVER
-+%token <Number> tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
-+%token <Number> tSEC_UNIT tSNUMBER tUNUMBER tZONE tMERIDIAN
-+%type <Meridian> o_merid
-
- %%
Home |
Main Index |
Thread Index |
Old Index