pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/mit-krb5
Module Name: pkgsrc
Committed By: tnn
Date: Tue Apr 7 14:12:49 UTC 2026
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
pkgsrc/security/mit-krb5/patches: patch-Makefile.in
patch-config_shlib.conf patch-plugins_preauth_pkinit_Makefile.in
Added Files:
pkgsrc/security/mit-krb5/patches: patch-lib_krb5_ccache_ccbase.c
patch-lib_krb5_os_expand__path.c patch-lib_krb5_os_locate__kdc.c
patch-plugins_preauth_pkinit_pkinit__crypto.h
patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
patch-plugins_preauth_pkinit_pkinit__identity.c
patch-plugins_preauth_pkinit_pkinit__matching.c
Log Message:
mit-krb5: update to 1.22.2
Major changes in 1.22.2 (2026-01-29)
------------------------------------
* Fix a SPNEGO packet parsing bug which could cause GSS mechanism
negotiation failure.
Major changes in 1.22.1 (2025-08-20)
------------------------------------
* Fix a vulnerability in GSS MIC verification [CVE-2025-57736].
Major changes in 1.22 (2025-08-05)
----------------------------------
User experience:
* The libdefaults configuration variable "request_timeout" can be set
to limit the total timeout for KDC requests. When making a KDC
request, the client will now wait indefinitely (or until the request
timeout has elapsed) on a KDC which accepts a TCP connection,
without contacting any additional KDCs. Clients will make fewer DNS
queries in some configurations.
* The realm configuration variable "sitename" can be set to cause the
client to query site-specific DNS records when making KDC requests.
Administrator experience:
* Principal aliases are supported in the DB2 and LMDB KDB modules and
in the kadmin protocol. (The LDAP KDB module has supported aliases
since release 1.7.)
* UNIX domain sockets are supported for the Kerberos and kpasswd
protocols.
* systemd socket activation is supported for krb5kdc and kadmind.
Developer experience:
* KDB modules can be be implemented in terms of other modules using
the new krb5_db_load_module() function.
* The profile library supports the modification of empty profiles and
the copying of modified profiles, making it possible to construct an
in-memory profile and pass it to krb5_init_context_profile().
* GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to
gss_init_sec_context() to request strict enforcement of channel
bindings by the acceptor.
Protocol evolution:
* The PKINIT preauth module supports elliptic curve client
certificates, ECDH key exchange, and the Microsoft paChecksum2
field.
* The IAKERB implementation has been changed to comply with the most
recent draft standard and to support realm discovery.
* Message-Authenticator is supported in the RADIUS implementation used
by the OTP kdcpreauth module.
To generate a diff of this commit:
cvs rdiff -u -r1.123 -r1.124 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.82 -r1.83 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/mit-krb5/patches/patch-Makefile.in \
pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_ccbase.c \
pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_expand__path.c \
pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_locate__kdc.c \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto.h \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__identity.c \
pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__matching.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/mit-krb5/Makefile
diff -u pkgsrc/security/mit-krb5/Makefile:1.123 pkgsrc/security/mit-krb5/Makefile:1.124
--- pkgsrc/security/mit-krb5/Makefile:1.123 Thu May 1 11:32:44 2025
+++ pkgsrc/security/mit-krb5/Makefile Tue Apr 7 14:12:48 2026
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.123 2025/05/01 11:32:44 gdt Exp $
+# $NetBSD: Makefile,v 1.124 2026/04/07 14:12:48 tnn Exp $
-BRANCHNAME= 1.21
-DISTNAME= krb5-${BRANCHNAME}.3
+BRANCHNAME= 1.22
+DISTNAME= krb5-${BRANCHNAME}.2
PKGNAME= mit-${DISTNAME}
-PKGREVISION= 2
CATEGORIES= security
# It is not clear how stable this URL scheme is.
MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5/${BRANCHNAME}/
@@ -39,8 +38,7 @@ USE_LANGUAGES= c
# c99, and configure checks for that. The code uses strdup(3):
# https://pubs.opengroup.org/onlinepubs/9799919799/functions/strdup.html
# and that's hidden by default on Linux, with gnu99 making it visible.
-USE_CC_FEATURES+= gnu99
-# Further, the build fails in c23 mode,
+USE_CC_FEATURES+= c99
FORCE_C_STD= gnu99
USE_LIBTOOL= yes
Index: pkgsrc/security/mit-krb5/distinfo
diff -u pkgsrc/security/mit-krb5/distinfo:1.82 pkgsrc/security/mit-krb5/distinfo:1.83
--- pkgsrc/security/mit-krb5/distinfo:1.82 Mon Jul 22 06:18:21 2024
+++ pkgsrc/security/mit-krb5/distinfo Tue Apr 7 14:12:48 2026
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.82 2024/07/22 06:18:21 adam Exp $
+$NetBSD: distinfo,v 1.83 2026/04/07 14:12:48 tnn Exp $
-BLAKE2s (krb5-1.21.3.tar.gz) = d28dad82a214ee460e3d0315288a97dba957b9839aca31d25323ecb2a981f477
-SHA512 (krb5-1.21.3.tar.gz) = 87bc06607f4d95ff604169cea22180703a42d667af05f66f1569b8bd592670c42820b335e5c279e8b4f066d1e7da20f1948a1e4def7c5d295c170cbfc7f49c71
-Size (krb5-1.21.3.tar.gz) = 9136145 bytes
-SHA1 (patch-Makefile.in) = 24f915d7a4340b9a4a454b9b67c94147fdc49c34
+BLAKE2s (krb5-1.22.2.tar.gz) = d43a371657c4def55ee2502f9b5ac6ab2e9263b077dd94fecc717cb3cd85e6f5
+SHA512 (krb5-1.22.2.tar.gz) = 3237cacfb2019285107991a3211e0d74944c605942ab38a8b4b372703b8f02f5779fa2de80c4e201bd59703d557f37ac346bdc5ea14b986b0a0db23eb422fc6f
+Size (krb5-1.22.2.tar.gz) = 8747729 bytes
+SHA1 (patch-Makefile.in) = cebe3ea0cf9d142f6e4ee50a47940fe2bc3b8c03
SHA1 (patch-aclocal.m4) = 07b5d9ae38c74eaea6ba62aed9062dca1bf7f3fb
SHA1 (patch-build-tools_krb5-config.in) = 4ab922df1d86d86f9ef043f2c5cdf048c0477d3a
SHA1 (patch-ccapi_test_test__ccapi.sh) = 5210f31dd23e6f556d40f5ff2b436bf395eef4d0
@@ -12,7 +12,7 @@ SHA1 (patch-config_libnover.in) = 9337e0
SHA1 (patch-config_libobj.in) = c7395b9de5baf6612b8787fad55dbc051a680bfd
SHA1 (patch-config_libpriv.in) = 78342f649f8e9d3a3b5a4f83e65b6c46f589586b
SHA1 (patch-config_pre.in) = 255973132db9327190211214c3e33b4551bd283b
-SHA1 (patch-config_shlib.conf) = 74859f18c5bf7c723face05873a219a839b28942
+SHA1 (patch-config_shlib.conf) = ffd76099bc4882502835ca40ec9c78e6ec15043c
SHA1 (patch-include_osconf.hin) = d31a8164f417bc31a787c8e16d1bd24f27b7140d
SHA1 (patch-kadmin_cli_ss_wrapper.c) = e32e6180f8d508cb2eb18489ce2fef0a1ad0f51d
SHA1 (patch-kprop_kproplog.c) = cbfd43495d40ecd9edf427c3dfb135b0fe2c9546
@@ -23,10 +23,17 @@ SHA1 (patch-lib_gssapi_krb5_import__name
SHA1 (patch-lib_kdb_Makefile.in) = 0c45e34ea8b5d0270c386d430b0d37469e8440ea
SHA1 (patch-lib_kdb_kdb__log.c) = dc759fae6099e7586686bcf14d7cd775854e0360
SHA1 (patch-lib_krb5_ccache_Makefile.in) = 330ae21ec3b290ae16478c2c49a138acac5bf2fd
+SHA1 (patch-lib_krb5_ccache_ccbase.c) = 421b8f1f4fb9d42580e6cd493006b63eb077ce9e
+SHA1 (patch-lib_krb5_os_expand__path.c) = 20530c7a29cef443713d2c6e50b934ec0366796e
+SHA1 (patch-lib_krb5_os_locate__kdc.c) = fe0e9b3a5ad6c394e2a24d3e00192427661190ad
SHA1 (patch-plugins_kdb_db2_Makefile.in) = eae56f7f450a299bdf1d86ee491af1fd51bd1d0c
SHA1 (patch-plugins_kdb_db2_libdb2_Makefile.in) = b4b7e8e4192b5e5318f1e42c49315789619f3ae9
SHA1 (patch-plugins_kdb_ldap_ldap__util_Makefile.in) = 7aa0f44cc02c523c837e7e3e1766624d2323deb9
SHA1 (patch-plugins_preauth_otp_Makefile.in) = 8c779e3b37cab4138f300f4a09325387092c79f8
-SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = 7d9e5429737536bf1577a41040e6587bb55d8142
+SHA1 (patch-plugins_preauth_pkinit_Makefile.in) = 8764289caeb6b043cd2f8ee5ffbbabea4619a198
+SHA1 (patch-plugins_preauth_pkinit_pkinit__crypto.h) = 14ea95f7fef161380615d7a515838f1d96dd2426
+SHA1 (patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c) = a13b936d79b14b8f8d3cd73329be519831f06750
+SHA1 (patch-plugins_preauth_pkinit_pkinit__identity.c) = 27529ec668c65120acdd1dd8ea603a7a59e7d43a
+SHA1 (patch-plugins_preauth_pkinit_pkinit__matching.c) = 53d4cfdc808a1c14897fc83b7ad2772039a1f154
SHA1 (patch-util_ss_Makefile.in) = 5ca0bf7295a8f4c1d8e59097863940f88d224ee7
SHA1 (patch-util_verto_verto-k5ev.c) = 8f074ddccbaaa03576f0302437aed3aaad1b738d
Index: pkgsrc/security/mit-krb5/patches/patch-Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-Makefile.in:1.3 pkgsrc/security/mit-krb5/patches/patch-Makefile.in:1.4
--- pkgsrc/security/mit-krb5/patches/patch-Makefile.in:1.3 Thu Apr 9 10:57:05 2020
+++ pkgsrc/security/mit-krb5/patches/patch-Makefile.in Tue Apr 7 14:12:48 2026
@@ -1,8 +1,8 @@
-$NetBSD: patch-Makefile.in,v 1.3 2020/04/09 10:57:05 adam Exp $
+$NetBSD: patch-Makefile.in,v 1.4 2026/04/07 14:12:48 tnn Exp $
Don't build plugin examples and tests to avoid libtool problems.
---- Makefile.in.orig 2020-02-12 17:21:58.000000000 +0000
+--- Makefile.in.orig 2025-08-20 19:44:32.000000000 +0000
+++ Makefile.in
@@ -9,28 +9,15 @@ mydir=.
SUBDIRS=util include lib \
@@ -32,5 +32,5 @@ Don't build plugin examples and tests to
- kdc kadmin kprop clients appl tests \
+ kdc kadmin kprop clients appl \
config-files build-tools man doc @po@
- WINSUBDIRS=include util lib ccapi windows clients appl plugins\preauth\spake
- BUILDTOP=$(REL).
+ WINSUBDIRS=include util lib ccapi windows clients appl plugins\preauth\spake \
+ $(PKINIT_SUBDIR)
Index: pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf
diff -u pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf:1.3 pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf:1.4
--- pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf:1.3 Fri Jul 29 20:22:44 2022
+++ pkgsrc/security/mit-krb5/patches/patch-config_shlib.conf Tue Apr 7 14:12:48 2026
@@ -1,9 +1,9 @@
-$NetBSD: patch-config_shlib.conf,v 1.3 2022/07/29 20:22:44 jperkin Exp $
+$NetBSD: patch-config_shlib.conf,v 1.4 2026/04/07 14:12:48 tnn Exp $
Add --enable-pkgsrc-libtool option
(was patch-ag)
---- config/shlib.conf.orig 2022-03-11 06:54:31.000000000 +0000
+--- config/shlib.conf.orig 2025-08-20 19:44:32.000000000 +0000
+++ config/shlib.conf
@@ -22,6 +22,7 @@ SHLIBVEXT=.so.v-nobuild
SHLIBSEXT=.so.s-nobuild
@@ -13,7 +13,7 @@ Add --enable-pkgsrc-libtool option
# Install libraries executable. Some systems (e.g., RPM-based ones) require
# this for package dependency generation, while others are ambivalent or will
# strip it during packaging.
-@@ -39,6 +40,7 @@ use_linker_fini_option=no
+@@ -45,6 +46,7 @@ lib_unload_prevented=no
STOBJEXT=.o
SHOBJEXT=.so
PFOBJEXT=.po
@@ -21,7 +21,7 @@ Add --enable-pkgsrc-libtool option
# Default for systems w/o shared libraries
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
-@@ -53,6 +55,9 @@ INIT_FINI_PREP=:
+@@ -59,6 +61,9 @@ INIT_FINI_PREP=:
default_static=no
default_shared=yes
@@ -30,20 +30,8 @@ Add --enable-pkgsrc-libtool option
+
# Set up architecture-specific variables.
case $krb5_cv_host in
- alpha*-dec-osf*)
-@@ -67,11 +72,9 @@ alpha*-dec-osf*)
- use_linker_init_option=yes
- use_linker_fini_option=yes
- EXTRA_FILES="$EXTRA_FILES export"
-- SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
- PROFFLAGS=-pg
- RPATH_FLAG='-Wl,-rpath -Wl,'
-- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
- if test "$ac_cv_c_compiler_gnu" = yes \
-@@ -133,17 +136,14 @@ alpha*-dec-osf*)
+ # Note: "-Wl,+s" when building executables enables the use of the
+@@ -91,17 +96,14 @@ case $krb5_cv_host in
RPATH_FLAG='-Wl,+b,'
if test "$ac_cv_c_compiler_gnu" = yes; then
PICFLAGS=-fPIC
@@ -61,76 +49,45 @@ Add --enable-pkgsrc-libtool option
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -173,12 +173,10 @@ mips-sgi-irix6.3) # This is a Kludge; se
- else
- LDCOMBINE='ld -shared -ignore_unresolved -update_registry $(BUILDTOP)/so_locations -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
- fi
-- SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
- # no gprof for Irix...
- PROFFLAGS=-p
- RPATH_FLAG='-Wl,-rpath -Wl,'
-- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -222,12 +220,10 @@ mips-sgi-irix*)
- opts=''
- fi
- LDCOMBINE='$(CC) -shared '$opts' -Wl,-soname -Wl,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $$initfini'
-- SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
- # no gprof for Irix...
- PROFFLAGS=-p
- RPATH_FLAG='-Wl,-rpath -Wl,'
-- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -259,13 +255,11 @@ mips-sni-sysv4)
- PICFLAGS=-Kpic
- LDCOMBINE='$(CC) -G -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
- fi
-- SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
- SHLIBEXT=.so
- SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
- SHLIBSEXT='.so.$(LIBMAJOR)'
- RPATH_FLAG=-R
-- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -281,10 +275,8 @@ mips-*-netbsd*)
- SHLIBSEXT='.so.$(LIBMAJOR)'
- SHLIBEXT=.so
- LDCOMBINE='ld -shared -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
-- SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
- RPATH_FLAG='-Wl,-rpath -Wl,'
-- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -294,15 +286,13 @@ mips-*-netbsd*)
- PROFFLAGS=-pg
+@@ -120,35 +122,13 @@ case $krb5_cv_host in
+ use_linker_fini_option=yes
;;
+-mips-*-netbsd*)
+- PICFLAGS=-fPIC
+- SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+- SHLIBSEXT='.so.$(LIBMAJOR)'
+- SHLIBEXT=.so
+- LDCOMBINE='ld -shared -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -z nodelete'
+- SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+- RPATH_FLAG='-Wl,-rpath -Wl,'
+- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+- CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+- RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+- RUN_VARS='LD_LIBRARY_PATH'
+- PROFFLAGS=-pg
+- lib_unload_prevented=yes
+- ;;
+-
-*-*-netbsd*)
+*-*-netbsd* | *-*-dragonfly*)
PICFLAGS=-fPIC
SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
SHLIBEXT=.so
- LDCOMBINE='$(CC) -shared'
+ LDCOMBINE='$(CC) -shared -Wl,-z,nodelete'
- SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
- RPATH_FLAG=-R
- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
-+ RPATH_FLAG=${COMPILER_RPATH_FLAG}
++ RPATH_FLAG='${COMPILER_RPATH_FLAG}'
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -323,12 +313,10 @@ mips-*-netbsd*)
+@@ -170,12 +150,10 @@ mips-*-netbsd*)
esac
SHLIBVEXT='.so.$(LIBMAJOR)'
RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
@@ -138,24 +95,23 @@ Add --enable-pkgsrc-libtool option
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
SHLIBEXT=.so
- LDCOMBINE='ld -Bshareable'
+ LDCOMBINE='ld -Bshareable -z nodelete'
- SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
-@@ -342,10 +330,8 @@ mips-*-netbsd*)
+@@ -190,10 +168,8 @@ mips-*-netbsd*)
SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
SHLIBEXT=.so
- LDCOMBINE='ld -Bshareable'
+ LDCOMBINE='ld -Bshareable -z nodelete'
- SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
-- RPATH_FLAG=-R
+ RPATH_FLAG=-R
- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
-+ RPATH_FLAG=${COMPILER_RPATH_FLAG}
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -371,7 +357,7 @@ mips-*-netbsd*)
+@@ -220,7 +196,7 @@ mips-*-netbsd*)
for lib in libkrb5support.1.1.dylib libkadm5srv.5.1.dylib libkdb5.4.0.dylib; do
LDCOMBINE_TAIL="$LDCOMBINE_TAIL -dylib_file \"\$(KRB5_LIBDIR)/$lib\":\$(TOPLIBD)/$lib"
done
@@ -164,7 +120,7 @@ Add --enable-pkgsrc-libtool option
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -dynamic $(CXXFLAGS) $(LDFLAGS)'
-@@ -403,11 +389,9 @@ mips-*-netbsd*)
+@@ -251,11 +227,9 @@ mips-*-netbsd*)
SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
SHLIBSEXT='.so.$(LIBMAJOR)'
SHLIBEXT=.so
@@ -177,7 +133,7 @@ Add --enable-pkgsrc-libtool option
CC_LINK_SHARED='$(PURE) $(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(PURE) $(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(PURE) $(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -432,10 +416,8 @@ mips-*-netbsd*)
+@@ -281,10 +255,8 @@ mips-*-netbsd*)
RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
# For cases where we do have dependencies on other libraries
# built in this tree...
@@ -188,17 +144,7 @@ Add --enable-pkgsrc-libtool option
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -460,9 +442,7 @@ mips-*-netbsd*)
- SHLIBVEXT='.so.$(LIBMAJOR)'
- SHLIBEXT=.so
- LDCOMBINE='ld -Bshareable'
-- SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
- SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
-- PROG_RPATH_FLAGS='-Wl,-rpath,$(PROG_RPATH)'
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)'
- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)'
-@@ -492,9 +472,8 @@ mips-*-netbsd*)
+@@ -324,9 +296,8 @@ mips-*-netbsd*)
# Assume initialization always delayed.
INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done'
use_linker_fini_option=yes
@@ -209,20 +155,7 @@ Add --enable-pkgsrc-libtool option
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -529,10 +508,9 @@ mips-*-netbsd*)
- # Assume initialization always delayed.
- INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done'
- use_linker_fini_option=yes
-- MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}"' && ar cq $@ shr.o.$(LIBMAJOR).$(LIBMINOR) && chmod +x $@ && rm -f shr.o.$(LIBMAJOR).$(LIBMINOR)'
-- MAKE_DYNOBJ_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE_DYN}"
-+ MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LIBTOOL} --mode=link ${LDCOMBINE}"' && ar cq $@ shr.o.$(LIBMAJOR).$(LIBMINOR) && chmod +x $@ && rm -f shr.o.$(LIBMAJOR).$(LIBMINOR)'
-+ MAKE_DYNOBJ_COMMAND="${INIT_FINI_PREP} && ${LIBTOOL} --mode=link ${LDCOMBINE_DYN}"
- RPATH_TAIL=:/usr/lib:/lib
-- PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
- CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
- CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
-@@ -545,8 +523,14 @@ esac
+@@ -339,8 +310,14 @@ esac
if test "${MAKE_SHLIB_COMMAND}" = "x" ; then
if test "${INIT_FINI_PREP}" != ":"; then
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in
diff -u pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in:1.3 pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in:1.4
--- pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in:1.3 Fri Jul 29 20:22:44 2022
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_Makefile.in Tue Apr 7 14:12:48 2026
@@ -1,6 +1,6 @@
-$NetBSD: patch-plugins_preauth_pkinit_Makefile.in,v 1.3 2022/07/29 20:22:44 jperkin Exp $
+$NetBSD: patch-plugins_preauth_pkinit_Makefile.in,v 1.4 2026/04/07 14:12:48 tnn Exp $
---- plugins/preauth/pkinit/Makefile.in.orig 2022-03-11 06:54:31.000000000 +0000
+--- plugins/preauth/pkinit/Makefile.in.orig 2025-08-20 19:44:32.000000000 +0000
+++ plugins/preauth/pkinit/Makefile.in
@@ -8,8 +8,8 @@ LIBMINOR=0
RELDIR=../plugins/preauth/pkinit
@@ -12,4 +12,4 @@ $NetBSD: patch-plugins_preauth_pkinit_Ma
+ $(TOPLIBD)/libkrb5$(DEPLIBEXT)
SHLIB_EXPLIBS= -lkrb5 $(COM_ERR_LIB) -lk5crypto -lcrypto $(DL_LIB) $(SUPPORT_LIB) $(LIBS)
- STLIBOBJS= \
+ WINLIBS = $(KLIB) $(SLIB) $(PLIB) $(CLIB) $(OSSLLIB)
Added files:
Index: pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_ccbase.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_ccbase.c:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-lib_krb5_ccache_ccbase.c Tue Apr 7 14:12:48 2026
@@ -0,0 +1,17 @@
+$NetBSD: patch-lib_krb5_ccache_ccbase.c,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- lib/krb5/ccache/ccbase.c.orig 2026-04-07 12:37:27.187192166 +0000
++++ lib/krb5/ccache/ccbase.c
+@@ -201,8 +201,8 @@ krb5_cc_register(krb5_context context, c
+ krb5_error_code KRB5_CALLCONV
+ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
+ {
+- char *pfx, *cp;
+- const char *resid;
++ char *pfx;
++ const char *cp, *resid;
+ unsigned int pfxlen;
+ krb5_error_code err;
+ const krb5_cc_ops *ops;
Index: pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_expand__path.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_expand__path.c:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_expand__path.c Tue Apr 7 14:12:48 2026
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_krb5_os_expand__path.c,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- lib/krb5/os/expand_path.c.orig 2026-04-07 12:39:38.893505164 +0000
++++ lib/krb5/os/expand_path.c
+@@ -454,7 +454,8 @@ k5_expand_path_tokens_extra(krb5_context
+ {
+ krb5_error_code ret;
+ struct k5buf buf;
+- char *tok_begin, *tok_end, *tok_val, **extra_tokens = NULL, *path;
++ const char *tok_begin, *tok_end;
++ char *tok_val, **extra_tokens = NULL, *path;
+ const char *path_left;
+ size_t nargs = 0, i;
+ va_list ap;
Index: pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_locate__kdc.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_locate__kdc.c:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-lib_krb5_os_locate__kdc.c Tue Apr 7 14:12:48 2026
@@ -0,0 +1,49 @@
+$NetBSD: patch-lib_krb5_os_locate__kdc.c,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- lib/krb5/os/locate_kdc.c.orig 2025-08-20 19:44:32.000000000 +0000
++++ lib/krb5/os/locate_kdc.c
+@@ -214,8 +214,8 @@ oom:
+ }
+
+ static void
+-parse_uri_if_https(const char *host_or_uri, k5_transport *transport,
+- const char **host, const char **uri_path)
++parse_uri_if_https(char *host_or_uri, k5_transport *transport,
++ char **host, const char **uri_path)
+ {
+ char *cp;
+
+@@ -257,8 +257,7 @@ locate_srv_conf_1(krb5_context context,
+ k5_transport transport, int udpport)
+ {
+ const char *realm_srv_names[4];
+- char **hostlist = NULL, *realmstr = NULL, *host = NULL;
+- const char *hostspec;
++ char **hostlist = NULL, *realmstr = NULL, *host = NULL, *hostspec;
+ krb5_error_code code;
+ size_t i;
+ int default_port;
+@@ -587,8 +586,8 @@ prof_locate_server(krb5_context context,
+ * Return a NULL *host_out if there are any problems parsing the URI.
+ */
+ static void
+-parse_uri_fields(const char *uri, k5_transport *transport_out,
+- const char **host_out, int *primary_out)
++parse_uri_fields(char *uri, k5_transport *transport_out,
++ char **host_out, int *primary_out)
+
+ {
+ k5_transport transport;
+@@ -656,8 +655,8 @@ locate_uri(krb5_context context, const k
+ krb5_error_code ret;
+ k5_transport transport, host_trans;
+ struct srv_dns_entry *answers, *entry;
+- char *host, *sitename;
+- const char *host_field, *path;
++ char *host, *sitename, *host_field;
++ const char *path;
+ int port, def_port, primary;
+
+ ret = get_sitename(context, realm, &sitename);
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto.h
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto.h:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto.h Tue Apr 7 14:12:48 2026
@@ -0,0 +1,15 @@
+$NetBSD: patch-plugins_preauth_pkinit_pkinit__crypto.h,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- plugins/preauth/pkinit/pkinit_crypto.h.orig 2026-04-07 12:41:48.863872949 +0000
++++ plugins/preauth/pkinit/pkinit_crypto.h
+@@ -440,7 +440,7 @@ krb5_error_code crypto_load_cas_and_crls
+ defines the storage type (file, directory, etc) */
+ int catype, /* IN
+ defines the ca type (anchor, intermediate, crls) */
+- char *id); /* IN
++ const char *id); /* IN
+ defines the location (filename, directory name, etc) */
+
+ /*
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c Tue Apr 7 14:12:48 2026
@@ -0,0 +1,33 @@
+$NetBSD: patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2026-04-07 12:42:05.472824469 +0000
++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -4999,7 +4999,7 @@ load_cas_and_crls(krb5_context context,
+ pkinit_req_crypto_context req_cryptoctx,
+ pkinit_identity_crypto_context id_cryptoctx,
+ int catype,
+- char *filename)
++ const char *filename)
+ {
+ STACK_OF(X509_INFO) *sk = NULL;
+ STACK_OF(X509) *ca_certs = NULL;
+@@ -5157,7 +5157,7 @@ load_cas_and_crls_dir(krb5_context conte
+ pkinit_req_crypto_context req_cryptoctx,
+ pkinit_identity_crypto_context id_cryptoctx,
+ int catype,
+- char *dirname)
++ const char *dirname)
+ {
+ krb5_error_code retval = EINVAL;
+ char **fnames = NULL, *filename;
+@@ -5201,7 +5201,7 @@ crypto_load_cas_and_crls(krb5_context co
+ pkinit_identity_crypto_context id_cryptoctx,
+ int idtype,
+ int catype,
+- char *id)
++ const char *id)
+ {
+ switch (idtype) {
+ case IDTYPE_FILE:
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__identity.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__identity.c:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__identity.c Tue Apr 7 14:12:48 2026
@@ -0,0 +1,15 @@
+$NetBSD: patch-plugins_preauth_pkinit_pkinit__identity.c,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- plugins/preauth/pkinit/pkinit_identity.c.orig 2026-04-07 12:42:37.246002783 +0000
++++ plugins/preauth/pkinit/pkinit_identity.c
+@@ -473,7 +473,7 @@ process_option_ca_crl(krb5_context conte
+ const char *value,
+ int catype)
+ {
+- char *residual;
++ const char *residual;
+ unsigned int typelen;
+ int idtype;
+
Index: pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__matching.c
diff -u /dev/null pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__matching.c:1.1
--- /dev/null Tue Apr 7 14:12:49 2026
+++ pkgsrc/security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit__matching.c Tue Apr 7 14:12:48 2026
@@ -0,0 +1,15 @@
+$NetBSD: patch-plugins_preauth_pkinit_pkinit__matching.c,v 1.1 2026/04/07 14:12:48 tnn Exp $
+
+https://github.com/krb5/krb5/commit/ad4dcf1856dadc4b352b5c8ff08e51c7290fb41f
+
+--- plugins/preauth/pkinit/pkinit_matching.c.orig 2026-04-07 12:42:54.690188776 +0000
++++ plugins/preauth/pkinit/pkinit_matching.c
+@@ -262,7 +262,7 @@ parse_rule_component(krb5_context contex
+ char err_buf[128];
+ int ret;
+ struct keyword_desc *kw, *nextkw;
+- char *nk;
++ const char *nk;
+ int found_next_kw = 0;
+ char *value = NULL;
+ size_t len;
Home |
Main Index |
Thread Index |
Old Index