14:04 sunpoet 

Update devel/readline to 8.0

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://tiswww.case.edu/php/chet/readline/CHANGES
PR:		236156
Exp-run by:	antoine

 

04:37 cy 

Provide a script from which to start krb5kdc through /etc/rc.d/kdc.
Simply add kdc_enable="YES" and kdc_program="/usr/local/sbin/kdc"
to /etc/rc.d. The script removes the Heimdal kdc --detach argument
prior to invoking krb5kdc.

The other approach that was considered was to replace getopt() in
kdc/main.c with getopt_long() however this approach was considered too
intrusive.

 

15:57 cy 

pkgconfig is used at build time, not runtime.

MFH:		2019Q1 (krb5-devel will need to have all its previous
		commits brought up to level in 2019Q1 first)

 

20:29 cy 

Welcome the new KRB5 1.17 (krb5-117).

Major changes in 1.17 (2019-01-08)
==================================

Administrator experience:

* A new Kerberos database module using the Lightning Memory-Mapped
  Database library (LMDB) has been added.  The LMDB KDB module should
  be more performant and more robust than the DB2 module, and may
  become the default module for new databases in a future release.

* "kdb5_util dump" will no longer dump policy entries when specific
  principal names are requested.

Developer experience:

* The new krb5_get_etype_info() API can be used to retrieve enctype,
  salt, and string-to-key parameters from the KDC for a client
  principal.

* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
  principal names to be used with GSS-API functions.

* KDC and kadmind modules which call com_err() will now write to the
  log file in a format more consistent with other log messages.

* Programs which use large numbers of memory credential caches should
  perform better.

Protocol evolution:

* The SPAKE pre-authentication mechanism is now supported.  This
  mechanism protects against password dictionary attacks without
  requiring any additional infrastructure such as certificates.  SPAKE
  is enabled by default on clients, but must be manually enabled on
  the KDC for this release.

* PKINIT freshness tokens are now supported.  Freshness tokens can
  protect against scenarios where an attacker uses temporary access to
  a smart card to generate authentication requests for the future.

* Password change operations now prefer TCP over UDP, to avoid
  spurious error messages about replays when a response packet is
  dropped.

* The KDC now supports cross-realm S4U2Self requests when used with a
  third-party KDB module such as Samba's.  The client code for
  cross-realm S4U2Self requests is also now more robust.

User experience:

* The new ktutil addent -f flag can be used to fetch salt information
  from the KDC for password-based keys.

* The new kdestroy -p option can be used to destroy a credential cache
  within a collection by client principal name.

* The Kerberos man page has been restored, and documents the
  environment variables that affect programs using the Kerberos
  library.

Changes to the FreeBSD krb5* ports include:

* CONFLICTS updated in krb5-115 and krb5-116 taking krb5-117 in
  consideration.

* The default krb5 port is now krb5-117.

* MIT's practice is to EOL KRB5 n-2. krb5-115 is deprecated and set
  to expire Jan 31, 2020.

 

20:04 cy 

Correct CONFLICTS.

MFH:		2019Q1

 

01:41 cy 

Update 1.15.4 --> 1.15.5

Major changes in 1.15.5 (2019-01-07)
====================================

This is a bug fix release.

* Fix a regression in the MEMORY credential cache type which could
  cause client programs to crash.

* MEMORY credential caches will not be listed in the global
  collection, with the exception of the default credential cache if it
  is of type MEMORY.

* Remove an incorrect assertion in the KDC which could be used to
  cause a crash [CVE-2018-20217].

MFH:		2019Q1

 

15:51 cy 

krb5-115: update 1.15.3 --> 1.15.4

 

05:57 cy 

While working the ports fallout due to making Hemidal in base
private it was discovered that com_err.3, though distributed in
the tarball, was not installed. Install it.

 

13:38 cy 

Revert r472760 and instead use upstream git commit
beeb2828945a41d86488e391ce440bacee0ec committed to the krb5
development branch Saturday, June 16. The upstream commit
message follows:

  Author: Thomas Sondergaard <tsondergaard@vitalimages.com>
  Date:   Sat Jun 16 18:14:50 2018 +0200

     Eliminate use of the 'register' keyword

     'register' is a reserved and unused keyword in C++17 so having it
     present in the public headers presents a a compatibility issue. Also
     in C the 'register' keyword is mostly obsolete, so remove all uses of
     it.

     [ghudson@mit.edu: adjusted style of some of the affected lines]

 

06:51 cy 

While working on the ports fallout due to the private Heimdal in base
project, a port (www/squid-devel) was discovered to be grumpy due to
numerous errors such as below:

/usr/local/include/krb5/krb5.h:3566:19: error: 'register' storage class
specifier is deprecated and incompatible with C++17
[-Werror,-Wdeprecated-register]
                  register char **name);
                  ^~~~~~~~~

The "register" keyword is meaningless and can cause grief among ports
that build against any of the krb5 ports.

 

05:55 cy 

MIT krb5 fails to build with boringssl installed due to a missing
typedef for PKCS7 in the boringssl pkcs7.h.

 

05:44 cy 

Fix build with libressl and bearssl.

PR:		228970

 

03:42 cy 

Fix logic from patch supplied in PR 217027, committed in
r433966 and r433967.

PR:		228900

 

06:23 cy 

Update 1.15.2 --> 1.15.3

Major changes in 1.15.3 (2018-05-03)
====================================

This is a bug fix release.

* Fix flaws in LDAP DN checking, including a null dereference KDC
  crash which could be triggered by kadmin clients with administrative
  privileges [CVE-2018-5729, CVE-2018-5730].

* Fix a KDC PKINIT memory leak.

* Fix a small KDC memory leak on transited or authdata errors when
  processing TGS requests.

* Fix a null dereference when the KDC sends a large TGS reply.

* Fix "kdestroy -A" with the KCM credential cache type.

* Fix the handling of capaths "." values.

* Fix handling of repeated subsection specifications in profile files
  (such as when multiple included files specify relations in the same
  subsection).

 

06:50 cy 

Fix build when NLS option is unchecked.

Reported by:	Geraud CONTINSOUZAS <geraud.continsouzas@skazy.nc>

 

16:24 danfe 

Remove superfluous linefeeds.

 

15:08 danfe 

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files which are not actually manual pages.

 

16:55 mandree 

Reconcile e2fsprogs ./. krb5-* conflicts.

* Move conflicting e2fsprogs headers & libs into .../e2fsprogs/... subdirs.
* Move conflicting awk scripts into ${DATADIR}.
* Rename and patch compile_et to e2fsprogs-compile_et.
* Remove conflict markers (from e2fsprogs and krb5-*).
* Add CPPFLAGS/LDFLAGS to sysutils/fusefs-ext2, including
  --rpath setting.

While here, also:
* sort pkg-plist and files/unwanted
* use FUSEFS_CONFIGURE_ENABLE=fuse2fs to prevent e2fsprogs from picking up
  fusefs (implies --disable-fuse2fs if the option remains disabled)
* add --without-included-gettext to CONFIGURE_ARGS just to be on the safe
  side.

And of course, bump PORTREVISION to 3 in e2fsprogs. Since other ports
do not change files or runtime behaviour, their PORTREVISION remains
untouched.

 

00:16 mandree 

Add CONFLICTS between krb5-* and e2fsprogs.

Reported by: jbeich@

 

01:55 cy 

Register conflicts among the krb5 ports.

Reported by:	rodrigo

 

10:09 cy 

Update 1.15.1 --> 1.15.2

 

13:46 sunpoet 

Update devel/readline to 7.0 patch 3

- Bump PORTREVISION for shlib change

Changes:	https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
		https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
		https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision:	https://reviews.freebsd.org/D11172
PR:		219947
Exp-run by:	antoine

 

02:46 cy 

Switch to USES=localbase.

 

03:24 cy 

Pet portlint.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

03:22 cy 

Simplfy WRKSRC by using WRKSRC_SUBDIR.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

03:17 cy 

Describe CMD_LINE_EDITING RADIO group.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

03:15 cy 

Respect global NLS option.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

03:14 cy 

Convert to global EXAMPLES (default).

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

03:09 cy 

New READLINE_PORT option to select to use readline in base or
readline in ports.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

03:06 cy 

Remove redundant file that should have been removed in r253265.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

02:59 cy 

Use options helpers.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

02:55 cy 

Install LDIF and schema files if LDAP is enabled

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

02:51 cy 

Replace explicit PLIST_SUB with OPTIONS_SUB, simplifying Makefiles.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

02:48 cy 

Make READLINE default.

PR:		217552
Submitted by:	John W. O'brien <john@saltant.com>
Differential Revision:	D9889

 

04:02 cy 

Fix up typo.

 

03:27 cy 

Remove redundant message about Kerberos klogind and telnetd. These
programs ere moved to krb5-appl (by MIT) when krb5-appl was created
in r253265. This message should have been removed from this Makefile
at that time.

Pointy hat to:	cy (that's me)

 

00:09 cy 

Update 1.15 --> 1.15.1

 

21:29 cy 

Fix build with LbreSSL.

PR:		217027
Submitted by:	brnrd

 

01:37 cy 

pkgconfig is only needed at install/runtime.

Reported by:	des

 

11:01 mat 

Cleanup BROKEN/IGNORE for 10.3-

Sponsored by:	Absolight

 

20:16 cy 

Replace description with somthing more relevant to today.

Suggested by:	wollman

 

01:09 cy 

Register a build fail on FreeBSD-9 due to pkinit.so not being built,
causing orphan check to fail.

 

00:54 cy 

Welcome the new security/krb5-115 port. This port follows MIT's
KRB5 1.15 releases.

To support this new ports:

- The security/krb5 port includes an option to use this port instead
  of krb5-114 as its base. krb5-114 will remain the default until the
  next release of KRB5 1.15 (if it's stable of course).

- MIT by default deprecates KRB5 two versions back from the current
  release. krb5-113 has been deprecated and will expire one year from
  now.