cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to heimdal-7.0.3.

Browse Source 
This is still an RC but the final version is supposed to come out in a
couple of days. Committing early to catch regressions and all.
Not much depends on this in ports anyway...
This commit is contained in:
ajacoutot 2016-12-17 14:58:31 +00:00
parent 6141893a28
commit f297390480
31 changed files with 299 additions and 470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
security/heimdal/Makefile
View File

@ -1,37 +1,34 @@
# $OpenBSD: Makefile,v 1.19 2016/11/10 08:54:43 ajacoutot Exp $
# $OpenBSD: Makefile,v 1.20 2016/12/17 14:58:31 ajacoutot Exp $
COMMENT-main= Kerberos 5 implementation
COMMENT-devel-docs= Heimdal C functions documentation
COMMENT-libs= Heimdal libraries and headers
V= 1.5.3
V= 7.0.3
DISTNAME= heimdal-${V}
PKGNAME-main= ${DISTNAME}
PKGNAME-devel-docs= heimdal-devel-docs-${V}
PKGNAME-libs= heimdal-libs-${V}
REVISION-main= 1
REVISION-libs= 1
CATEGORIES= security net
SHARED_LIBS += heimbase 1.1 # 1.0
SHARED_LIBS += roken 2.1 # 19.0
SHARED_LIBS += heimedit 0.0 # 0.36
SHARED_LIBS += sl 0.1 # 2.1
SHARED_LIBS += wind 2.1 # 0.0
SHARED_LIBS += asn1 21.1 # 8.0
SHARED_LIBS += heimsqlite 0.1 # unknown
SHARED_LIBS += hx509 0.1 # 5.0
SHARED_LIBS += krb5 21.1 # 26.0
SHARED_LIBS += heimntlm 0.0 # 1.0
SHARED_LIBS += kafs 21.0 # 5.1
SHARED_LIBS += gssapi 8.1 # 3.0
SHARED_LIBS += hdb 2.1 # 11.0
SHARED_LIBS += kadm5srv 2.1 # 8.1
SHARED_LIBS += kadm5clnt 2.0 # 7.1
SHARED_LIBS += kdc 2.1 # 2.0
SHARED_LIBS += roken 3.0 # 19.0
SHARED_LIBS += heimbase 2.0 # 1.0
SHARED_LIBS += heimedit 1.0 # 0.36
SHARED_LIBS += sl 1.0 # 2.1
SHARED_LIBS += wind 3.0 # 0.0
SHARED_LIBS += asn1 22.0 # 8.0
SHARED_LIBS += heimsqlite 1.0 # unknown
SHARED_LIBS += hcrypto 0.0 # 5.0
SHARED_LIBS += hx509 1.0 # 5.0
SHARED_LIBS += krb5 22.0 # 26.0
SHARED_LIBS += heimntlm 1.0 # 1.0
SHARED_LIBS += gssapi 9.0 # 3.0
SHARED_LIBS += hdb 3.0 # 11.0
SHARED_LIBS += kadm5srv 3.0 # 8.1
SHARED_LIBS += kadm5clnt 3.0 # 7.1
SHARED_LIBS += kdc 3.0 # 2.0
HOMEPAGE= http://www.h5l.org/
@ -42,17 +39,19 @@ PERMIT_PACKAGE_CDROM= Yes
MULTI_PACKAGES= -main -devel-docs -libs
MASTER_SITES= http://www.h5l.org/dist/src/
MASTER_SITES= https://github.com/heimdal/heimdal/releases/download/heimdal-${V}/
BUILD_DEPENDS= devel/bison
BUILD_DEPENDS= devel/bison \
converters/p5-JSON
SYSCONFDIR= ${BASESYSCONFDIR}/heimdal
WANTLIB += c crypto curses pthread termcap
WANTLIB += c crypto curses pthread termcap util
WANTLIB-main= ${WANTLIB} com_err util
WANTLIB-main += heimdal/lib/asn1
WANTLIB-main += heimdal/lib/gssapi
WANTLIB-main += heimdal/lib/hcrypto
WANTLIB-main += heimdal/lib/hdb
WANTLIB-main += heimdal/lib/heimbase
WANTLIB-main += heimdal/lib/heimedit
@ -61,7 +60,6 @@ WANTLIB-main += heimdal/lib/heimsqlite
WANTLIB-main += heimdal/lib/hx509
WANTLIB-main += heimdal/lib/kadm5clnt
WANTLIB-main += heimdal/lib/kadm5srv
WANTLIB-main += heimdal/lib/kafs
WANTLIB-main += heimdal/lib/kdc
WANTLIB-main += heimdal/lib/krb5
WANTLIB-main += heimdal/lib/roken
@ -84,13 +82,13 @@ CONFIGURE_STYLE= gnu
CONFIGURE_ENV= LDFLAGS="-L${LOCALBASE}/lib" \
CPPFLAGS="-I${LOCALBASE}/include"
CONFIGURE_ARGS= --disable-afs-support \
--disable-otp \
--without-x
--disable-otp
# make sure we only pickup db from base
CONFIGURE_ENV += ac_cv_funclib_db_create=no \
ac_cv_header_db3_db_h=no \
ac_cv_header_db4_db_h=no \
ac_cv_header_db5_db_h=no \
ac_cv_header_db5_db_h=no
# symbol versioning suspected to trigger weird linking problems
@ -109,30 +107,6 @@ CONFIGURE_ARGS += --bindir=${PREFIX}/heimdal/bin \
MAKE_ENV= INSTALL_CATPAGES=no
RM_BIN= bin/afslog \
bin/ftp \
bin/login \
bin/pfrom \
bin/su \
libexec/ftpd \
libexec/push
RM_MAN= man1/afslog.1 \
man1/ftp.1 \
man1/kx.1 \
man1/login.1 \
man1/pfrom.1 \
man1/rxterm.1 \
man1/su.1 \
man1/rxtelnet.1 \
man1/tenletxr.1 \
man1/xnlock.1 \
man5/ftpusers.5 \
man5/login.access.5 \
man8/ftpd.8 \
man8/kxd.8 \
man8/push.8
pre-configure:
${SUBST_CMD} ${WRKSRC}/tools/krb5-config.in
@ -140,15 +114,5 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/heimdal
${INSTALL_DATA} ${FILESDIR}/krb5.conf \
${PREFIX}/share/examples/heimdal/
# fix bogus symlink
cd ${PREFIX}/man/man5/ && \
ln -sf mech.5 qop.5
# remove until proven useful
.for i in ${RM_BIN}
rm ${PREFIX}/heimdal/$i
.endfor
.for i in ${RM_MAN}
rm ${PREFIX}/man/$i
.endfor
.include <bsd.port.mk>

4
security/heimdal/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (heimdal-1.5.3.tar.gz) = qsJ77bM8NBtq7SAq8HzMgWFGqJMUhyH4Ejq7v5O7/qU=
SIZE (heimdal-1.5.3.tar.gz) = 6798305
SHA256 (heimdal-7.0.3.tar.gz) = Ux77cSPv60YU1Nj4zSFSmJF4KHrkly+GJUn4fwA1lIY=
SIZE (heimdal-7.0.3.tar.gz) = 9925280

11
security/heimdal/heimdal.port.mk
View File

@ -1,15 +1,16 @@
# $OpenBSD: heimdal.port.mk,v 1.3 2014/12/09 15:55:10 ajacoutot Exp $
# $OpenBSD: heimdal.port.mk,v 1.4 2016/12/17 14:58:31 ajacoutot Exp $
MODHEIMDAL_WANTLIB += com_err pthread util
MODHEIMDAL_WANTLIB += heimdal/lib/asn1
MODHEIMDAL_WANTLIB += heimdal/lib/hcrypto
MODHEIMDAL_WANTLIB += heimdal/lib/heimbase
MODHEIMDAL_WANTLIB += heimdal/lib/hx509
MODHEIMDAL_WANTLIB += heimdal/lib/krb5
MODHEIMDAL_WANTLIB += heimdal/lib/roken
MODHEIMDAL_WANTLIB += heimdal/lib/wind
MODHEIMDAL_LIB_DEPENDS= security/heimdal,-libs
LIB_DEPENDS += ${MODHEIMDAL_LIB_DEPENDS}
WANTLIB += ${MODHEIMDAL_WANTLIB}
MODHEIMDAL_LIB_DEPENDS= security/heimdal,-libs
LIB_DEPENDS += ${MODHEIMDAL_LIB_DEPENDS}
MODHEIMDAL_post-patch= ln -sf ${LOCALBASE}/heimdal/bin/krb5-config ${WRKDIR}/bin/krb5-config

20
security/heimdal/patches/patch-appl_Makefile_in
View File

@ -1,20 +0,0 @@
$OpenBSD: patch-appl_Makefile_in,v 1.1 2014/07/28 09:49:44 ajacoutot Exp $
http://repo.or.cz/w/heimdal.git/commitdiff/e55b0d0ca5038a8101276a593ffbb6be4c27c8d0
--- appl/Makefile.in.orig Mon Jul 28 10:18:54 2014
+++ appl/Makefile.in Mon Jul 28 10:20:19 2014
@@ -391,13 +391,9 @@ SUBDIRS = \
login \
$(dir_otp) \
gssmask \
- popper \
push \
- rsh \
- rcp \
su \
xnlock \
- telnet \
test \
kx \
kf \

29
security/heimdal/patches/patch-appl_xnlock_xnlock_c
View File

@ -1,29 +0,0 @@
$OpenBSD: patch-appl_xnlock_xnlock_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- appl/xnlock/xnlock.c.orig Sun Dec 9 23:06:44 2012
+++ appl/xnlock/xnlock.c Thu Apr 24 15:41:58 2014
@@ -377,7 +377,9 @@ walk(int dir)
static long
my_random (void)
{
-#ifdef HAVE_RANDOM
+#if defined (HAVE_ARC4RANDOM)
+ return arc4random();
+#elif defined (HAVE_RANDOM)
return random();
#else
return rand();
@@ -938,7 +940,9 @@ main (int argc, char **argv)
strlcpy(login, pw->pw_name, sizeof(login));
}
-#if defined(HAVE_SRANDOMDEV)
+#if defined(HAVE_ARC4RANDOM)
+ /* do nothing */
+#elif defined(HAVE_SRANDOMDEV)
srandomdev();
#elif defined(HAVE_RANDOM)
srandom(time(NULL));

8
security/heimdal/patches/patch-kadmin_add-random-users_c
View File

@ -1,11 +1,11 @@
$OpenBSD: patch-kadmin_add-random-users_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-kadmin_add-random-users_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- kadmin/add-random-users.c.orig Sun Dec 9 23:06:44 2012
+++ kadmin/add-random-users.c Thu Apr 24 14:15:42 2014
@@ -86,9 +86,13 @@ add_user (krb5_context context, void *kadm_handle,
--- kadmin/add-random-users.c.orig Tue Nov 29 02:35:27 2016
+++ kadmin/add-random-users.c Thu Dec 15 11:29:38 2016
@@ -85,9 +85,13 @@ add_user (krb5_context ctx, void *hndl, unsigned nword
krb5_error_code ret;
int mask;

18
security/heimdal/patches/patch-kpasswd_kpasswd-generator_c
View File

@ -1,21 +1,21 @@
$OpenBSD: patch-kpasswd_kpasswd-generator_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-kpasswd_kpasswd-generator_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- kpasswd/kpasswd-generator.c.orig Sun Dec 9 23:06:44 2012
+++ kpasswd/kpasswd-generator.c Thu Apr 24 14:52:14 2014
@@ -78,7 +78,7 @@ generate_requests (const char *filename, unsigned nreq
--- kpasswd/kpasswd-generator.c.orig Tue Nov 29 02:35:27 2016
+++ kpasswd/kpasswd-generator.c Thu Dec 15 11:30:30 2016
@@ -78,7 +78,7 @@ generate_requests(const char *filename, unsigned nreq)
{
krb5_context context;
krb5_error_code ret;
- int i;
+ int i, rnd;
char **words;
unsigned nwords;
unsigned nwords, k;
@@ -89,7 +89,12 @@ generate_requests (const char *filename, unsigned nreq
nwords = read_words (filename, &words);
@@ -89,7 +89,12 @@ generate_requests(const char *filename, unsigned nreq)
nwords = read_words(filename, &words);
for (i = 0; i < nreq; ++i) {
- char *name = words[rand() % nwords];
@ -28,13 +28,13 @@ and rand() and friends.
krb5_get_init_creds_opt *opt;
krb5_creds cred;
krb5_principal principal;
@@ -198,7 +203,9 @@ main(int argc, char **argv)
@@ -207,7 +212,9 @@ main(int argc, char **argv)
if (argc != 2)
usage (1);
+#ifndef HAVE_ARC4RANDOM
srand (0);
+#endif
nreq = strtol (argv[1], &end, 0);
nreq = strtol(argv[1], &end, 0);
if (argv[1] == end || *end != '\0')
usage (1);

8
security/heimdal/patches/patch-kuser_generate-requests_c
View File

@ -1,10 +1,10 @@
$OpenBSD: patch-kuser_generate-requests_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-kuser_generate-requests_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- kuser/generate-requests.c.orig Sun Dec 9 23:06:44 2012
+++ kuser/generate-requests.c Thu Apr 24 14:15:49 2014
--- kuser/generate-requests.c.orig Tue Nov 29 02:35:27 2016
+++ kuser/generate-requests.c Thu Dec 15 11:29:38 2016
@@ -67,7 +67,7 @@ generate_requests (const char *filename, unsigned nreq
krb5_context context;
krb5_error_code ret;
@ -28,7 +28,7 @@ and rand() and friends.
memset(&cred, 0, sizeof(cred));
@@ -136,7 +141,9 @@ main(int argc, char **argv)
@@ -137,7 +142,9 @@ main(int argc, char **argv)
if (argc != 2)
usage (1);

16
security/heimdal/patches/patch-kuser_kswitch_1
View File

@ -1,16 +0,0 @@
$OpenBSD: patch-kuser_kswitch_1,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
--- kuser/kswitch.1.orig Thu Apr 24 14:18:45 2014
+++ kuser/kswitch.1 Thu Apr 24 14:19:52 2014
@@ -29,9 +29,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd Augusti 25, 2009
-.Dt KSWITCH SECTION
-.Os OPERATING_SYSTEM
+.Dd August 25, 2009
+.Dt KSWITCH 1
+.Os HEIMDAL
.Sh NAME
.Nm kswitch
.Nd switch between default credential caches

14
security/heimdal/patches/patch-lib_com_err_com_right_h
View File

@ -1,14 +0,0 @@
$OpenBSD: patch-lib_com_err_com_right_h,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
https://github.com/heimdal/heimdal/commit/db85d0998e4a000ed684e62b9fbfcb484adc9ebd
--- lib/com_err/com_right.h.orig Thu Apr 24 14:02:02 2014
+++ lib/com_err/com_right.h Thu Apr 24 14:02:35 2014
@@ -58,6 +58,7 @@
#ifdef __STDC__
#include <stdarg.h>
+#include <stddef.h>
#endif
struct error_table {

16
security/heimdal/patches/patch-lib_gssapi_spnego_external_c
View File

@ -1,16 +0,0 @@
$OpenBSD: patch-lib_gssapi_spnego_external_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
http://repo.or.cz/w/heimdal.git/blobdiff/5f29169afce289a60805126b7a5a730c1b5ff65e..617f4b7bd589f0c86ebd654fd9bfe4e755b9e3d3:/lib/gssapi/spnego/external.c
(prevents unlocking an already unlocked or non-existent mutex)
--- lib/gssapi/spnego/external.c.orig Sun Dec 9 23:06:44 2012
+++ lib/gssapi/spnego/external.c Tue May 13 11:05:29 2014
@@ -84,7 +84,7 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_init_sec_context,
_gss_spnego_accept_sec_context,
_gss_spnego_process_context_token,
- _gss_spnego_internal_delete_sec_context,
+ _gss_spnego_delete_sec_context,
_gss_spnego_context_time,
_gss_spnego_get_mic,
_gss_spnego_verify_mic,

15
security/heimdal/patches/patch-lib_hcrypto_evp-openssl_c Normal file
View File

@ -0,0 +1,15 @@
$OpenBSD: patch-lib_hcrypto_evp-openssl_c,v 1.1 2016/12/17 14:58:31 ajacoutot Exp $
https://github.com/heimdal/heimdal/pull/231
--- lib/hcrypto/evp-openssl.c.orig Fri Dec 16 11:03:01 2016
+++ lib/hcrypto/evp-openssl.c Fri Dec 16 11:03:48 2016
@@ -75,7 +75,7 @@
/* Now it's safe to include OpenSSL headers */
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif

31
security/heimdal/patches/patch-lib_hcrypto_rand_h
View File

@ -1,31 +0,0 @@
$OpenBSD: patch-lib_hcrypto_rand_h,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
Make it build with LibreSSL.
--- lib/hcrypto/rand.h.orig Sun Dec 9 23:06:44 2012
+++ lib/hcrypto/rand.h Thu Apr 24 14:33:58 2014
@@ -56,10 +56,7 @@ typedef struct RAND_METHOD RAND_METHOD;
#define RAND_load_file hc_RAND_load_file
#define RAND_write_file hc_RAND_write_file
#define RAND_status hc_RAND_status
-#define RAND_egd hc_RAND_egd
-#define RAND_egd_bytes hc_RAND_egd_bytes
#define RAND_fortuna_method hc_RAND_fortuna_method
-#define RAND_egd_method hc_RAND_egd_method
#define RAND_unix_method hc_RAND_unix_method
#define RAND_w32crypto_method hc_RAND_w32crypto_method
@@ -97,13 +94,10 @@ const char *
int RAND_load_file(const char *, size_t);
int RAND_write_file(const char *);
int RAND_status(void);
-int RAND_egd(const char *);
-int RAND_egd_bytes(const char *, int);
const RAND_METHOD * RAND_fortuna_method(void);
const RAND_METHOD * RAND_unix_method(void);
-const RAND_METHOD * RAND_egd_method(void);
const RAND_METHOD * RAND_w32crypto_method(void);
#endif /* _HEIM_RAND_H */

14
security/heimdal/patches/patch-lib_hcrypto_randi_h
View File

@ -1,14 +0,0 @@
$OpenBSD: patch-lib_hcrypto_randi_h,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
Make it build with LibreSSL.
--- lib/hcrypto/randi.h.orig Sun Dec 9 23:06:44 2012
+++ lib/hcrypto/randi.h Thu Apr 24 14:34:01 2014
@@ -40,7 +40,6 @@
extern const RAND_METHOD hc_rand_fortuna_method;
extern const RAND_METHOD hc_rand_unix_method;
-extern const RAND_METHOD hc_rand_egd_method;
extern const RAND_METHOD hc_rand_timer_method;
extern const RAND_METHOD hc_rand_w32crypto_method;

10
security/heimdal/patches/patch-lib_hcrypto_test_rsa_c
View File

@ -1,10 +1,10 @@
$OpenBSD: patch-lib_hcrypto_test_rsa_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-lib_hcrypto_test_rsa_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
%ld / (long)tv_sec -> %lld / (long long)tv_sec
--- lib/hcrypto/test_rsa.c.orig Sun Dec 9 23:06:44 2012
+++ lib/hcrypto/test_rsa.c Thu Apr 24 14:11:04 2014
@@ -268,9 +268,9 @@ main(int argc, char **argv)
--- lib/hcrypto/test_rsa.c.orig Tue Nov 29 02:35:27 2016
+++ lib/hcrypto/test_rsa.c Thu Dec 15 11:29:38 2016
@@ -265,9 +265,9 @@ main(int argc, char **argv)
gettimeofday(&tv2, NULL);
timevalsub(&tv2, &tv1);
@ -17,7 +17,7 @@ $OpenBSD: patch-lib_hcrypto_test_rsa_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
BN_free(e);
ENGINE_finish(engine);
@@ -310,9 +310,9 @@ main(int argc, char **argv)
@@ -307,9 +307,9 @@ main(int argc, char **argv)
timevalsub(&tv2, &tv1);

78
security/heimdal/patches/patch-lib_hx509_ref_pkcs11_h
View File

@ -1,78 +0,0 @@
$OpenBSD: patch-lib_hx509_ref_pkcs11_h,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
cleanup 1 << 31 idioms
--- lib/hx509/ref/pkcs11.h.orig Sun Dec 9 23:06:44 2012
+++ lib/hx509/ref/pkcs11.h Thu Apr 24 14:13:11 2014
@@ -318,7 +318,7 @@ typedef unsigned long ck_object_class_t;
#define CKO_HW_FEATURE (5)
#define CKO_DOMAIN_PARAMETERS (6)
#define CKO_MECHANISM (7)
-#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKO_VENDOR_DEFINED ((unsigned long) (1U << 31))
typedef unsigned long ck_hw_feature_type_t;
@@ -326,7 +326,7 @@ typedef unsigned long ck_hw_feature_type_t;
#define CKH_MONOTONIC_COUNTER (1)
#define CKH_CLOCK (2)
#define CKH_USER_INTERFACE (3)
-#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKH_VENDOR_DEFINED ((unsigned long) (1U << 31))
typedef unsigned long ck_key_type_t;
@@ -356,7 +356,7 @@ typedef unsigned long ck_key_type_t;
#define CKK_AES (0x1f)
#define CKK_BLOWFISH (0x20)
#define CKK_TWOFISH (0x21)
-#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKK_VENDOR_DEFINED ((unsigned long) (1U << 31))
typedef unsigned long ck_certificate_type_t;
@@ -364,7 +364,7 @@ typedef unsigned long ck_certificate_type_t;
#define CKC_X_509 (0)
#define CKC_X_509_ATTR_CERT (1)
#define CKC_WTLS (2)
-#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKC_VENDOR_DEFINED ((unsigned long) (1U << 31))
typedef unsigned long ck_attribute_type_t;
@@ -453,7 +453,7 @@ typedef unsigned long ck_attribute_type_t;
#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
-#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKA_VENDOR_DEFINED ((unsigned long) (1U << 31))
struct ck_attribute
@@ -672,7 +672,7 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_DSA_PARAMETER_GEN (0x2000)
#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
-#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKM_VENDOR_DEFINED ((unsigned long) (1U << 31))
struct ck_mechanism
@@ -703,7 +703,7 @@ struct ck_mechanism_info
#define CKF_WRAP (1 << 17)
#define CKF_UNWRAP (1 << 18)
#define CKF_DERIVE (1 << 19)
-#define CKF_EXTENSION ((unsigned long) (1 << 31))
+#define CKF_EXTENSION ((unsigned long) (1U << 31))
/* Flags for C_WaitForSlotEvent. */
@@ -1179,7 +1179,7 @@ struct ck_c_initialize_args
#define CKR_MUTEX_BAD (0x1a0)
#define CKR_MUTEX_NOT_LOCKED (0x1a1)
#define CKR_FUNCTION_REJECTED (0x200)
-#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKR_VENDOR_DEFINED ((unsigned long) (1U << 31))

14
security/heimdal/patches/patch-lib_hx509_softp11_c
View File

@ -1,17 +1,17 @@
$OpenBSD: patch-lib_hx509_softp11_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-lib_hx509_softp11_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- lib/hx509/softp11.c.orig Sun Dec 9 23:06:44 2012
+++ lib/hx509/softp11.c Thu Apr 24 14:15:52 2014
--- lib/hx509/softp11.c.orig Tue Nov 29 02:35:27 2016
+++ lib/hx509/softp11.c Thu Dec 15 11:29:38 2016
@@ -33,6 +33,7 @@
#define CRYPTOKI_EXPORTS 1
+#include <config.h>
#include "hx_locl.h"
#include "pkcs11.h"
#include "ref/pkcs11.h"
@@ -304,6 +305,7 @@ static struct st_object *
add_st_object(void)
@ -37,7 +37,7 @@ and rand() and friends.
return o;
}
@@ -868,7 +876,9 @@ C_Initialize(CK_VOID_PTR a)
@@ -878,7 +886,9 @@ C_Initialize(CK_VOID_PTR a)
OpenSSL_add_all_algorithms();
@ -47,7 +47,7 @@ and rand() and friends.
for (i = 0; i < MAX_NUM_SESSION; i++) {
soft_token.state[i].session_handle = CK_INVALID_HANDLE;
@@ -1114,6 +1124,7 @@ C_OpenSession(CK_SLOT_ID slotID,
@@ -1124,6 +1134,7 @@ C_OpenSession(CK_SLOT_ID slotID,
CK_SESSION_HANDLE_PTR phSession)
{
size_t i;
@ -55,7 +55,7 @@ and rand() and friends.
INIT_CONTEXT();
st_logf("OpenSession: slot: %d\n", (int)slotID);
@@ -1129,10 +1140,15 @@ C_OpenSession(CK_SLOT_ID slotID,
@@ -1139,10 +1150,15 @@ C_OpenSession(CK_SLOT_ID slotID,
if (i == MAX_NUM_SESSION)
abort();

15
security/heimdal/patches/patch-lib_ipc_server_c
View File

@ -1,15 +0,0 @@
$OpenBSD: patch-lib_ipc_server_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
--- lib/ipc/server.c.orig Thu Apr 24 13:55:44 2014
+++ lib/ipc/server.c Thu Apr 24 13:56:02 2014
@@ -528,7 +528,11 @@ update_client_creds(struct client *c)
#ifdef SO_PEERCRED
/* Linux */
{
+#ifndef __OpenBSD__
struct ucred pc;
+#else
+ struct sockpeercred pc;
+#endif
socklen_t pclen = sizeof(pc);
if (getsockopt(c->fd, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) {

62
security/heimdal/patches/patch-lib_krb5_crypto-rand_c
View File

@ -1,12 +1,12 @@
$OpenBSD: patch-lib_krb5_crypto-rand_c,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-lib_krb5_crypto-rand_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Make it build with LibreSSL.
Simpler: just use arc4random_buf(3).
--- lib/krb5/crypto-rand.c.orig Thu Apr 24 14:36:16 2014
+++ lib/krb5/crypto-rand.c Thu Apr 24 14:36:12 2014
@@ -33,77 +33,8 @@
#include "krb5_locl.h"
--- lib/krb5/crypto-rand.c.orig Sat Dec 17 14:01:13 2016
+++ lib/krb5/crypto-rand.c Sat Dec 17 14:21:27 2016
@@ -36,53 +36,6 @@
#undef HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
#define HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
-#define ENTROPY_NEEDED 128
-
@ -15,6 +15,7 @@ Make it build with LibreSSL.
-static int
-seed_something(void)
-{
-#ifndef NO_RANDFILE
- char buf[1024], seedfile[256];
-
- /* If there is a seed file, load it. But such a file cannot be trusted,
@ -33,53 +34,54 @@ Make it build with LibreSSL.
- seedfile[0] = '\0';
- } else
- seedfile[0] = '\0';
-#endif
-
- /* Calling RAND_status() will try to use /dev/urandom if it exists so
- we do not have to deal with it. */
- if (RAND_status() != 1) {
-#ifndef _WIN32
- krb5_context context;
- const char *p;
-
- /* Try using egd */
- if (!krb5_init_context(&context)) {
- p = krb5_config_get_string(context, NULL, "libdefaults",
- "egd_socket", NULL);
- if (p != NULL)
- RAND_egd_bytes(p, ENTROPY_NEEDED);
- krb5_free_context(context);
- }
-#else
- /* TODO: Once a Windows CryptoAPI RAND method is defined, we
- can use that and failover to another method. */
-#endif
- }
-
- if (RAND_status() == 1) {
-#ifndef NO_RANDFILE
- /* Update the seed file */
- if (seedfile[0])
- RAND_write_file(seedfile);
-#endif
-
- return 0;
- } else
- return -1;
-}
-
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_generate_random_block(void *buf, size_t len)
/**
* Fill buffer buf with len bytes of PRNG randomness that is ok to use
* for key generation, padding and public diclosing the randomness w/o
@@ -103,24 +56,8 @@ HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_random(void *buf, size_t len)
{
- static int rng_initialized = 0;
- int ret;
-
- HEIMDAL_MUTEX_lock(&crypto_mutex);
- if (!rng_initialized) {
- if (seed_something())
- krb5_abortx(NULL, "Fatal: could not seed the "
- "random number generator");
-
- if (seed_something()) {
- HEIMDAL_MUTEX_unlock(&crypto_mutex);
- return HEIM_ERR_RANDOM_OFFLINE;
- }
- rng_initialized = 1;
- }
- HEIMDAL_MUTEX_unlock(&crypto_mutex);
- if (RAND_bytes(buf, len) <= 0)
- krb5_abortx(NULL, "Failed to generate random block");
+ arc4random_buf(buf, len);
- ret = HEIM_ERR_RANDOM_OFFLINE;
- else
- ret = 0;
- HEIMDAL_MUTEX_unlock(&crypto_mutex);
-
- return ret;
+ arc4random_buf(buf, len);
+ return (0); /* arc4random_buf(3) cannot fail */
}
/**

8
security/heimdal/patches/patch-lib_krb5_krb5_h
View File

@ -1,10 +1,10 @@
$OpenBSD: patch-lib_krb5_krb5_h,v 1.1 2014/07/13 14:10:13 ajacoutot Exp $
$OpenBSD: patch-lib_krb5_krb5_h,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
cleanup 1 << 31 idioms
--- lib/krb5/krb5.h.orig Sun Dec 9 23:06:44 2012
+++ lib/krb5/krb5.h Thu Apr 24 14:14:21 2014
@@ -412,7 +412,7 @@ typedef union {
--- lib/krb5/krb5.h.orig Tue Nov 29 02:35:27 2016
+++ lib/krb5/krb5.h Thu Dec 15 11:29:38 2016
@@ -429,7 +429,7 @@ typedef union {
#define KDC_OPT_RENEWABLE_OK (1 << 27)
#define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
#define KDC_OPT_RENEW (1 << 30)

15
security/heimdal/patches/patch-lib_krb5_send_to_kdc_c Normal file
View File

@ -0,0 +1,15 @@
$OpenBSD: patch-lib_krb5_send_to_kdc_c,v 1.1 2016/12/17 14:58:31 ajacoutot Exp $
64 bit time_t
--- lib/krb5/send_to_kdc.c.orig Sat Dec 17 14:13:55 2016
+++ lib/krb5/send_to_kdc.c Sat Dec 17 14:14:26 2016
@@ -1244,7 +1244,7 @@ out:
}
_krb5_debug(context, 1,
- "krb5_sendto_context %s done: %d hosts %lu packets %lu wc: %ld.%06ld nr: %ld.%06ld kh: %ld.%06ld tid: %08x",
+ "krb5_sendto_context %s done: %d hosts %lu packets %lu wc: %lld.%06ld nr: %lld.%06ld kh: %lld.%06ld tid: %08x",
realm, ret,
ctx->stats.num_hosts, ctx->stats.sent_packets,
stop_time.tv_sec, (long)stop_time.tv_usec,

14
security/heimdal/patches/patch-lib_libedit_src_unvis_c
View File

@ -1,14 +0,0 @@
$OpenBSD: patch-lib_libedit_src_unvis_c,v 1.1 2014/07/13 14:10:14 ajacoutot Exp $
--- lib/libedit/src/unvis.c.orig Thu Apr 24 13:50:55 2014
+++ lib/libedit/src/unvis.c Thu Apr 24 13:51:01 2014
@@ -46,8 +46,10 @@ __RCSID("$NetBSD: unvis.c,v 1.32 2010/11/27 21:22:11 c
#include <stdio.h>
#include <vis.h>
+#if !defined(__OpenBSD__)
#ifdef __weak_alias
__weak_alias(strunvis,_strunvis)
+#endif
#endif
#if !HAVE_VIS

19
security/heimdal/patches/patch-lib_libedit_src_vis_c
View File

@ -1,19 +0,0 @@
$OpenBSD: patch-lib_libedit_src_vis_c,v 1.1 2014/07/13 14:10:14 ajacoutot Exp $
--- lib/libedit/src/vis.c.orig Thu Apr 24 13:51:29 2014
+++ lib/libedit/src/vis.c Thu Apr 24 13:51:44 2014
@@ -67,6 +67,7 @@ __RCSID("$NetBSD: vis.c,v 1.41 2009/11/23 10:08:47 plu
#include <vis.h>
#include <stdlib.h>
+#if !defined(__OpenBSD__)
#ifdef __weak_alias
__weak_alias(strsvis,_strsvis)
__weak_alias(strsvisx,_strsvisx)
@@ -74,6 +75,7 @@ __weak_alias(strvis,_strvis)
__weak_alias(strvisx,_strvisx)
__weak_alias(svis,_svis)
__weak_alias(vis,_vis)
+#endif
#endif
#if !HAVE_VIS || !HAVE_SVIS

18
security/heimdal/patches/patch-lib_roken_Makefile_in Normal file
View File

@ -0,0 +1,18 @@
$OpenBSD: patch-lib_roken_Makefile_in,v 1.1 2016/12/17 14:58:31 ajacoutot Exp $
From 33e4cc0fe272b3479b324fd9cb08d47a0f40940f Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Fri, 16 Dec 2016 12:05:51 -0600
Subject: [PATCH] Fix lib/roken can't find pidfile() (#230)
--- lib/roken/Makefile.in.orig Fri Dec 16 23:41:18 2016
+++ lib/roken/Makefile.in Fri Dec 16 23:41:36 2016
@@ -918,7 +918,7 @@ EXTRA_libroken_la_SOURCES = \
search.hin \
vis.hin
-libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt)
+libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt) $(LIB_pidfile)
BUILT_SOURCES = roken.h $(am__append_6)
@have_err_h_FALSE@err_h = err.h
@have_err_h_TRUE@err_h =

15
security/heimdal/patches/patch-lib_roken_rand_c
View File

@ -1,18 +1,11 @@
$OpenBSD: patch-lib_roken_rand_c,v 1.1 2014/07/13 14:10:14 ajacoutot Exp $
$OpenBSD: patch-lib_roken_rand_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- lib/roken/rand.c.orig Sun Dec 9 23:06:44 2012
+++ lib/roken/rand.c Thu Apr 24 14:15:56 2014
@@ -31,13 +31,14 @@
* SUCH DAMAGE.
*/
+#include <config.h>
#include "roken.h"
void ROKEN_LIB_FUNCTION
--- lib/roken/rand.c.orig Tue Nov 29 02:35:27 2016
+++ lib/roken/rand.c Thu Dec 15 11:32:07 2016
@@ -42,7 +42,7 @@ void ROKEN_LIB_FUNCTION
rk_random_init(void)
{
#if defined(HAVE_ARC4RANDOM)

28
security/heimdal/patches/patch-lib_roken_roken_h_in Normal file
View File

@ -0,0 +1,28 @@
$OpenBSD: patch-lib_roken_roken_h_in,v 1.1 2016/12/17 14:58:31 ajacoutot Exp $
innetgr(3)
pidfile(3)
--- lib/roken/roken.h.in.orig Sat Dec 17 10:28:21 2016
+++ lib/roken/roken.h.in Sat Dec 17 10:30:24 2016
@@ -230,6 +230,9 @@ struct sockaddr_dl;
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
+#ifdef HAVE_NETGROUP_H
+#include <netgroup.h>
+#endif
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
@@ -259,6 +262,10 @@ struct sockaddr_dl;
#include <sys/time.h>
#else
#include <time.h>
+#endif
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
#endif
#ifdef HAVE_PATHS_H

8
security/heimdal/patches/patch-lib_sqlite_sqlite3_c
View File

@ -1,11 +1,11 @@
$OpenBSD: patch-lib_sqlite_sqlite3_c,v 1.1 2014/07/13 14:10:14 ajacoutot Exp $
$OpenBSD: patch-lib_sqlite_sqlite3_c,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
Use HAVE_ARC4RANDOM and choose to call arc4random() instead of srand()
and rand() and friends.
--- lib/sqlite/sqlite3.c.orig Sun Dec 9 23:06:44 2012
+++ lib/sqlite/sqlite3.c Thu Apr 24 14:16:00 2014
@@ -27259,7 +27259,11 @@ static int afpLock(sqlite3_file *id, int eFileLock){
--- lib/sqlite/sqlite3.c.orig Tue Nov 29 02:35:28 2016
+++ lib/sqlite/sqlite3.c Thu Dec 15 11:29:38 2016
@@ -32221,7 +32221,11 @@ static int afpLock(sqlite3_file *id, int eFileLock){
mask = (sizeof(long)==8) ? LARGEST_INT64 : 0x7fffffff;
/* Now get the read-lock SHARED_LOCK */
/* note that the quality of the randomness doesn't matter that much */

34
security/heimdal/patches/patch-tools_krb5-config_in
View File

@ -1,16 +1,24 @@
$OpenBSD: patch-tools_krb5-config_in,v 1.2 2016/11/10 08:54:43 ajacoutot Exp $
$OpenBSD: patch-tools_krb5-config_in,v 1.3 2016/12/17 14:58:31 ajacoutot Exp $
- help ld.so(1) find libs out of its default search path
- help ld(1) find libcom_err in ${LOCALBASE}
Search /usr/local/{include,lib} for libcom_err.
--- tools/krb5-config.in.orig Tue Nov 1 02:23:30 2016
+++ tools/krb5-config.in Tue Nov 1 02:23:53 2016
@@ -120,7 +120,7 @@ if test "$print_exec_prefix" = "yes"; then
--- tools/krb5-config.in.orig Tue Nov 29 02:35:28 2016
+++ tools/krb5-config.in Sat Dec 17 15:34:10 2016
@@ -229,7 +229,7 @@ if test "$do_libs" = "yes"; then
if test "$lib_krb5" = yes; then
lib_flags="$lib_flags -lkrb5"
fi
- deplibs="$deplibs @LIB_pkinit@ -lcom_err"
+ deplibs="$deplibs @LIB_pkinit@ -L${LOCALBASE}/lib -lcom_err"
deplibs="$deplibs @LIB_hcrypto_appl@ -lasn1 -lwind -lheimbase -lroken"
deplibs="$deplibs @LIB_crypt@ @PTHREAD_LIBADD@ @LIB_dlopen@"
deplibs="$deplibs @LIB_door_create@ @LIBS@"
@@ -248,7 +248,7 @@ fi
if test "$do_cflags" = "yes"; then
cflags=""
if test X"${includedir}" != X/usr/include; then
- cflags="-I${includedir} $cflags"
+ cflags="-I${includedir} -I${LOCALBASE}/include $cflags"
fi
echo $cflags
fi
if test "$do_libs" = "yes"; then
- lib_flags="-L${libdir}"
+ lib_flags="-L${libdir} -R${libdir} -L${LOCALBASE}/lib"
case $library in
gssapi)
lib_flags="$lib_flags -lgssapi -lheimntlm"

75
security/heimdal/pkg/PLIST-devel-docs
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST-devel-docs,v 1.1 2014/07/13 14:10:14 ajacoutot Exp $
@comment $OpenBSD: PLIST-devel-docs,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
@man man/man3/DES_cbc_cksum.3
@man man/man3/DES_cbc_encrypt.3
@man man/man3/DES_cfb64_encrypt.3
@ -117,9 +117,11 @@
@man man/man3/EVP_sha512.3
@man man/man3/EVP_wincrypt_des_ede3_cbc.3
@man man/man3/HDB.3
@man man/man3/OSSL_CIPHER_ALGORITHM.3
@man man/man3/OpenSSL_add_all_algorithms.3
@man man/man3/OpenSSL_add_all_algorithms_conf.3
@man man/man3/OpenSSL_add_all_algorithms_noconf.3
@man man/man3/PKCS5_PBKDF2_HMAC.3
@man man/man3/PKCS5_PBKDF2_HMAC_SHA1.3
@man man/man3/RAND_add.3
@man man/man3/RAND_bytes.3
@ -141,12 +143,10 @@
@man man/man3/RSA_set_app_data.3
@man man/man3/RSA_set_method.3
@man man/man3/RSA_up_ref.3
@man man/man3/__gss_c_attr_stream_sizes_oid_desc.3
@man man/man3/WINCNG_CIPHER_ALGORITHM.3
@man man/man3/WINCNG_CIPHER_ALGORITHM_UNAVAILABLE.3
@man man/man3/arg_printusage.3
@man man/man3/challenge.3
@man man/man3/context.3
@man man/man3/data.3
@man man/man3/domain.3
@man man/man3/ecalloc.3
@man man/man3/emalloc.3
@man man/man3/eread.3
@ -154,7 +154,6 @@
@man man/man3/esetenv.3
@man man/man3/estrdup.3
@man man/man3/ewrite.3
@man man/man3/flags.3
@man man/man3/getarg.3
@man man/man3/gss_accept_sec_context.3
@man man/man3/gss_acquire_cred.3
@ -261,7 +260,7 @@
@man man/man3/heim_ntlm_nt_key.3
@man man/man3/heim_ntlm_ntlmv2_key.3
@man man/man3/heim_ntlm_verify_ntlm2.3
@man man/man3/hostname.3
@man man/man3/heimbase.3
@man man/man3/hx509.3
@man man/man3/hx509_bitstring_print.3
@man man/man3/hx509_ca.3
@ -284,6 +283,7 @@
@man man/man3/hx509_ca_tbs_set_notBefore.3
@man man/man3/hx509_ca_tbs_set_proxy.3
@man man/man3/hx509_ca_tbs_set_serialnumber.3
@man man/man3/hx509_ca_tbs_set_signature_algorithm.3
@man man/man3/hx509_ca_tbs_set_spki.3
@man man/man3/hx509_ca_tbs_set_subject.3
@man man/man3/hx509_ca_tbs_set_template.3
@ -423,28 +423,19 @@
@man man/man3/hx509_verify_set_time.3
@man man/man3/hx509_verify_signature.3
@man man/man3/hx509_xfree.3
@man man/man3/internalvsmechname.3
@man man/man3/k_afs_cell_of_file.3
@man man/man3/k_hasafs.3
@man man/man3/k_hasafs_recheck.3
@man man/man3/k_pioctl.3
@man man/man3/k_setpag.3
@man man/man3/k_unlog.3
@man man/man3/internal_v_smechname.3
@man man/man3/kadm5_add_passwd_quality_verifier.3
@man man/man3/kadm5_check_password_quality.3
@man man/man3/kadm5_pwcheck.3
@man man/man3/kadm5_setup_passwd_quality_check.3
@man man/man3/kafs.3
@man man/man3/kafs_set_verbose.3
@man man/man3/kafs_settoken.3
@man man/man3/kafs_settoken5.3
@man man/man3/kafs_settoken_rxkad.3
@man man/man3/krb5.3
@man man/man3/krb524_convert_creds_kdc.3
@man man/man3/krb524_convert_creds_kdc_ccache.3
@man man/man3/krb5_425_conv_principal.3
@man man/man3/krb5_425_conv_principal_ext.3
@man man/man3/krb5_524_conv_principal.3
@man man/man3/krb5_abort.3
@man man/man3/krb5_abortx.3
@man man/man3/krb5_acc_ops.3
@man man/man3/krb5_acl_match_file.3
@man man/man3/krb5_acl_match_string.3
@ -459,8 +450,6 @@
@man man/man3/krb5_address_order.3
@man man/man3/krb5_address_prefixlen_boundary.3
@man man/man3/krb5_address_search.3
@man man/man3/krb5_afslog.3
@man man/man3/krb5_afslog_uid.3
@man man/man3/krb5_allow_weak_crypto.3
@man man/man3/krb5_aname_to_localname.3
@man man/man3/krb5_anyaddr.3
@ -644,6 +633,7 @@
@man man/man3/krb5_data_free.3
@man man/man3/krb5_data_realloc.3
@man man/man3/krb5_data_zero.3
@man man/man3/krb5_dcc_ops.3
@man man/man3/krb5_decrypt.3
@man man/man3/krb5_decrypt_EncryptedData.3
@man man/man3/krb5_decrypt_iov_ivec.3
@ -693,8 +683,10 @@
@man man/man3/krb5_enctype_to_string.3
@man man/man3/krb5_enctype_valid.3
@man man/man3/krb5_enctypes_compatible_keys.3
@man man/man3/krb5_err.3
@man man/man3/krb5_error.3
@man man/man3/krb5_error_from_rd_error.3
@man man/man3/krb5_errx.3
@man man/man3/krb5_expand_hostname.3
@man man/man3/krb5_expand_hostname_realms.3
@man man/man3/krb5_fcc_ops.3
@ -715,6 +707,7 @@
@man man/man3/krb5_free_data_contents.3
@man man/man3/krb5_free_error.3
@man man/man3/krb5_free_error_contents.3
@man man/man3/krb5_free_error_message.3
@man man/man3/krb5_free_error_string.3
@man man/man3/krb5_free_host_realm.3
@man man/man3/krb5_free_kdc_rep.3
@ -726,6 +719,7 @@
@man man/man3/krb5_free_ticket.3
@man man/man3/krb5_free_unparsed_name.3
@man man/man3/krb5_fwd_tgt_creds.3
@man man/man3/krb5_generate_random.3
@man man/man3/krb5_generate_random_block.3
@man man/man3/krb5_generate_subkey.3
@man man/man3/krb5_generate_subkey_extended.3
@ -750,6 +744,9 @@
@man man/man3/krb5_get_default_realms.3
@man man/man3/krb5_get_dns_canonicalize_hostname.3
@man man/man3/krb5_get_dns_canonize_hostname.3
@man man/man3/krb5_get_err_text.3
@man man/man3/krb5_get_error_message.3
@man man/man3/krb5_get_error_string.3
@man man/man3/krb5_get_extra_addresses.3
@man man/man3/krb5_get_fcache_version.3
@man man/man3/krb5_get_forwarded_creds.3
@ -796,6 +793,7 @@
@man man/man3/krb5_get_server_rcache.3
@man man/man3/krb5_get_use_admin_kdc.3
@man man/man3/krb5_get_validated_creds.3
@man man/man3/krb5_get_warn_dest.3
@man man/man3/krb5_get_wrapped_length.3
@man man/man3/krb5_getportbyname.3
@man man/man3/krb5_h_addr2addr.3
@ -816,6 +814,7 @@
@man man/man3/krb5_initlog.3
@man man/man3/krb5_introduction.3
@man man/man3/krb5_is_config_principal.3
@man man/man3/krb5_is_enctype_weak.3
@man man/man3/krb5_is_thread_safe.3
@man man/man3/krb5_kerberos_enctypes.3
@man man/man3/krb5_keyblock_get_enctype.3
@ -895,7 +894,12 @@
@man man/man3/krb5_principal_get_realm.3
@man man/man3/krb5_principal_get_type.3
@man man/man3/krb5_principal_intro.3
@man man/man3/krb5_principal_is_gss_hostbased_service.3
@man man/man3/krb5_principal_is_krbtgt.3
@man man/man3/krb5_principal_is_lkdc.3
@man man/man3/krb5_principal_is_null.3
@man man/man3/krb5_principal_is_pku2u.3
@man man/man3/krb5_principal_is_root_krbtgt.3
@man man/man3/krb5_principal_match.3
@man man/man3/krb5_principal_set_realm.3
@man man/man3/krb5_principal_set_type.3
@ -933,6 +937,7 @@
@man man/man3/krb5_rd_req_with_keyblock.3
@man man/man3/krb5_rd_safe.3
@man man/man3/krb5_realm_compare.3
@man man/man3/krb5_realm_is_lkdc.3
@man man/man3/krb5_ret_address.3
@man man/man3/krb5_ret_addrs.3
@man man/man3/krb5_ret_authdata.3
@ -941,6 +946,7 @@
@man man/man3/krb5_ret_data.3
@man man/man3/krb5_ret_int16.3
@man man/man3/krb5_ret_int32.3
@man man/man3/krb5_ret_int64.3
@man man/man3/krb5_ret_int8.3
@man man/man3/krb5_ret_keyblock.3
@man man/man3/krb5_ret_principal.3
@ -949,6 +955,7 @@
@man man/man3/krb5_ret_times.3
@man man/man3/krb5_ret_uint16.3
@man man/man3/krb5_ret_uint32.3
@man man/man3/krb5_ret_uint64.3
@man man/man3/krb5_ret_uint8.3
@man man/man3/krb5_set_config_files.3
@man man/man3/krb5_set_default_in_tkt_etypes.3
@ -967,6 +974,7 @@
@man man/man3/krb5_set_password_using_ccache.3
@man man/man3/krb5_set_real_time.3
@man man/man3/krb5_set_use_admin_kdc.3
@man man/man3/krb5_set_warn_dest.3
@man man/man3/krb5_sname_to_principal.3
@man man/man3/krb5_sock_to_principal.3
@man man/man3/krb5_sockaddr2address.3
@ -980,6 +988,8 @@
@man man/man3/krb5_storage_from_fd.3
@man man/man3/krb5_storage_from_mem.3
@man man/man3/krb5_storage_from_readonly_mem.3
@man man/man3/krb5_storage_from_socket.3
@man man/man3/krb5_storage_fsync.3
@man man/man3/krb5_storage_get_byteorder.3
@man man/man3/krb5_storage_get_eof_code.3
@man man/man3/krb5_storage_is_flags.3
@ -1000,6 +1010,7 @@
@man man/man3/krb5_store_data.3
@man man/man3/krb5_store_int16.3
@man man/man3/krb5_store_int32.3
@man man/man3/krb5_store_int64.3
@man man/man3/krb5_store_int8.3
@man man/man3/krb5_store_keyblock.3
@man man/man3/krb5_store_principal.3
@ -1008,6 +1019,7 @@
@man man/man3/krb5_store_times.3
@man man/man3/krb5_store_uint16.3
@man man/man3/krb5_store_uint32.3
@man man/man3/krb5_store_uint64.3
@man man/man3/krb5_store_uint8.3
@man man/man3/krb5_string_to_deltat.3
@man man/man3/krb5_string_to_enctype.3
@ -1034,6 +1046,7 @@
@man man/man3/krb5_unparse_name_short.3
@man man/man3/krb5_us_timeofday.3
@man man/man3/krb5_v4compat.3
@man man/man3/krb5_vabort.3
@man man/man3/krb5_verify_ap_req.3
@man man/man3/krb5_verify_checksum.3
@man man/man3/krb5_verify_checksum_iov.3
@ -1051,21 +1064,26 @@
@man man/man3/krb5_verify_user.3
@man man/man3/krb5_verify_user_lrealm.3
@man man/man3/krb5_verify_user_opt.3
@man man/man3/krb5_verr.3
@man man/man3/krb5_verrx.3
@man man/man3/krb5_vlog.3
@man man/man3/krb5_vlog_msg.3
@man man/man3/krb5_vprepend_error_message.3
@man man/man3/krb5_vset_error_message.3
@man man/man3/krb5_vset_error_string.3
@man man/man3/krb5_vwarn.3
@man man/man3/krb_afslog.3
@man man/man3/krb_afslog_uid.3
@man man/man3/krb5_vwarnx.3
@man man/man3/krb5_warn.3
@man man/man3/krb5_warnx.3
@man man/man3/krb5plugin_an2ln_ftable_desc.3
@man man/man3/krb5plugin_db_ftable_desc.3
@man man/man3/krb5plugin_kuserok_ftable_desc.3
@man man/man3/length.3
@man man/man3/lm.3
@man man/man3/ntlm.3
@man man/man3/ntlm_buf.3
@man man/man3/ntlm_core.3
@man man/man3/ntlm_type1.3
@man man/man3/ntlm_type2.3
@man man/man3/ntlm_type3.3
@man man/man3/os.3
@man man/man3/page_ca.3
@man man/man3/page_cert.3
@man man/man3/page_cms.3
@ -1099,12 +1117,8 @@
@man man/man3/rtbl_set_flags.3
@man man/man3/rtbl_set_prefix.3
@man man/man3/rtbl_set_separator.3
@man man/man3/sessionkey.3
@man man/man3/targetinfo.3
@man man/man3/targetname.3
@man man/man3/unparse_time.3
@man man/man3/unparse_time_approx.3
@man man/man3/username.3
@man man/man3/wind.3
@man man/man3/wind_profile.3
@man man/man3/wind_punycode_label_toascii.3
@ -1119,4 +1133,3 @@
@man man/man3/wind_utf8ucs2_length.3
@man man/man3/wind_utf8ucs4.3
@man man/man3/wind_utf8ucs4_length.3
@man man/man3/ws.3

47
security/heimdal/pkg/PLIST-libs
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST-libs,v 1.1 2014/07/13 14:10:14 ajacoutot Exp $
@comment $OpenBSD: PLIST-libs,v 1.2 2016/12/17 14:58:31 ajacoutot Exp $
heimdal/
heimdal/bin/
heimdal/bin/krb5-config
@ -21,6 +21,33 @@ heimdal/include/gssapi/gssapi_krb5.h
heimdal/include/gssapi/gssapi_ntlm.h
heimdal/include/gssapi/gssapi_oid.h
heimdal/include/gssapi/gssapi_spnego.h
heimdal/include/hcrypto/
heimdal/include/hcrypto/aes.h
heimdal/include/hcrypto/bn.h
heimdal/include/hcrypto/des.h
heimdal/include/hcrypto/dh.h
heimdal/include/hcrypto/dsa.h
heimdal/include/hcrypto/ec.h
heimdal/include/hcrypto/ecdh.h
heimdal/include/hcrypto/ecdsa.h
heimdal/include/hcrypto/engine.h
heimdal/include/hcrypto/evp-cc.h
heimdal/include/hcrypto/evp-hcrypto.h
heimdal/include/hcrypto/evp-openssl.h
heimdal/include/hcrypto/evp-pkcs11.h
heimdal/include/hcrypto/evp.h
heimdal/include/hcrypto/hmac.h
heimdal/include/hcrypto/md2.h
heimdal/include/hcrypto/md4.h
heimdal/include/hcrypto/md5.h
heimdal/include/hcrypto/pkcs12.h
heimdal/include/hcrypto/rand.h
heimdal/include/hcrypto/rc2.h
heimdal/include/hcrypto/rc4.h
heimdal/include/hcrypto/rsa.h
heimdal/include/hcrypto/sha.h
heimdal/include/hcrypto/ui.h
heimdal/include/hcrypto/undef.h
heimdal/include/hdb-protos.h
heimdal/include/hdb.h
heimdal/include/hdb_asn1.h
@ -43,15 +70,15 @@ heimdal/include/kadm5/kadm5-protos.h
heimdal/include/kadm5/kadm5-pwcheck.h
heimdal/include/kadm5/kadm5_err.h
heimdal/include/kadm5/private.h
heimdal/include/kafs.h
heimdal/include/kdc-protos.h
heimdal/include/kdc.h
heimdal/include/krb5/
heimdal/include/krb5-private.h
heimdal/include/krb5-protos.h
heimdal/include/krb5-types.h
heimdal/include/krb5.h
heimdal/include/krb5/an2ln_plugin.h
heimdal/include/krb5/ccache_plugin.h
heimdal/include/krb5/db_plugin.h
heimdal/include/krb5/locate_plugin.h
heimdal/include/krb5/send_to_kdc_plugin.h
heimdal/include/krb5/windc_plugin.h
@ -87,6 +114,9 @@ heimdal/lib/libasn1.la
heimdal/lib/libgssapi.a
heimdal/lib/libgssapi.la
@lib heimdal/lib/libgssapi.so.${LIBgssapi_VERSION}
heimdal/lib/libhcrypto.a
heimdal/lib/libhcrypto.la
@lib heimdal/lib/libhcrypto.so.${LIBhcrypto_VERSION}
heimdal/lib/libhdb.a
heimdal/lib/libhdb.la
@lib heimdal/lib/libhdb.so.${LIBhdb_VERSION}
@ -111,9 +141,6 @@ heimdal/lib/libkadm5clnt.la
heimdal/lib/libkadm5srv.a
heimdal/lib/libkadm5srv.la
@lib heimdal/lib/libkadm5srv.so.${LIBkadm5srv_VERSION}
heimdal/lib/libkafs.a
heimdal/lib/libkafs.la
@lib heimdal/lib/libkafs.so.${LIBkafs_VERSION}
heimdal/lib/libkdc.a
heimdal/lib/libkdc.la
@lib heimdal/lib/libkdc.so.${LIBkdc_VERSION}
@ -131,6 +158,14 @@ heimdal/lib/libwind.la
@lib heimdal/lib/libwind.so.${LIBwind_VERSION}
heimdal/lib/pkgconfig/
heimdal/lib/pkgconfig/heimdal-gssapi.pc
heimdal/lib/pkgconfig/heimdal-kadm-client.pc
heimdal/lib/pkgconfig/heimdal-kadm-server.pc
heimdal/lib/pkgconfig/heimdal-krb5.pc
heimdal/lib/pkgconfig/kadm-client.pc
heimdal/lib/pkgconfig/kadm-server.pc
heimdal/lib/pkgconfig/kafs.pc
heimdal/lib/pkgconfig/krb5-gssapi.pc
heimdal/lib/pkgconfig/krb5.pc
heimdal/lib/windc.a
heimdal/lib/windc.la
heimdal/lib/windc.so.0.0

19
security/heimdal/pkg/PLIST-main
View File

@ -1,8 +1,10 @@
@comment $OpenBSD: PLIST-main,v 1.2 2014/07/28 09:49:44 ajacoutot Exp $
@comment $OpenBSD: PLIST-main,v 1.3 2016/12/17 14:58:31 ajacoutot Exp $
@bin heimdal/bin/bsearch
@bin heimdal/bin/gsstool
@bin heimdal/bin/heimtools
@bin heimdal/bin/hxtool
@bin heimdal/bin/idn-lookup
@bin heimdal/bin/kcc
@bin heimdal/bin/kadmin
@bin heimdal/bin/kdestroy
@bin heimdal/bin/kf
@bin heimdal/bin/kgetcred
@ -10,8 +12,9 @@
heimdal/bin/klist
@bin heimdal/bin/kpasswd
heimdal/bin/kswitch
@bin heimdal/bin/pagsh
@bin heimdal/bin/ktutil
@bin heimdal/bin/string2key
@bin heimdal/bin/su
@bin heimdal/bin/verify_krb5_conf
@bin heimdal/libexec/digest-service
@bin heimdal/libexec/hprop
@ -27,11 +30,11 @@ heimdal/bin/kswitch
@bin heimdal/libexec/kpasswdd
heimdal/sbin/
@bin heimdal/sbin/iprop-log
@bin heimdal/sbin/kadmin
@bin heimdal/sbin/kstash
@bin heimdal/sbin/ktutil
@info info/heimdal.info
@info info/hx509.info
@man man/man1/bsearch.1
@man man/man1/kadmin.1
@man man/man1/kdestroy.1
@man man/man1/kf.1
@man man/man1/kgetcred.1
@ -39,17 +42,18 @@ heimdal/sbin/
@man man/man1/klist.1
@man man/man1/kpasswd.1
@man man/man1/kswitch.1
@man man/man1/pagsh.1
@man man/man1/ktutil.1
@man man/man1/su.1
@man man/man5/krb5.conf.5
@man man/man5/mech.5
@man man/man5/qop.5
@man man/man7/krb5-plugin.7
@man man/man8/hprop.8
@man man/man8/hpropd.8
@man man/man8/iprop-log.8
@man man/man8/iprop.8
@man man/man8/ipropd-master.8
@man man/man8/ipropd-slave.8
@man man/man8/kadmin.8
@man man/man8/kadmind.8
@man man/man8/kcm.8
@man man/man8/kdc.8
@ -59,7 +63,6 @@ heimdal/sbin/
@man man/man8/kimpersonate.8
@man man/man8/kpasswdd.8
@man man/man8/kstash.8
@man man/man8/ktutil.8
@man man/man8/string2key.8
@man man/man8/verify_krb5_conf.8
@mode 0700