After a discussion on the mailing list on moving manpages to
${PREFIX}/share/man for consistency with base where it is
installed in usr/share/man, it appeared the same should happen
to GNU info files which were installed under share in base and
not in ports.
Now texinfo is not in base on any of the supported version of FreeBSD
it is possible to proceed to this move and it is easier to do than
the manpage change.
Other benefit than consistency are less patching: all build tools but
cmake are expecting info files to be under share/info and cmake (patched here)
was having an exception for BSD so the patch makes FreeBSD case less
specific for them
Bump revision of all impacted ports
PR: 232907
exp-run by: antoine
Differential Revision: https://reviews.freebsd.org/D17816
- In Heimdal 7.1 through 7.4, remote unauthenticated
attackers are able to crash the KDC by sending a crafted UDP packet
containing empty data fields for client name or realm.
Security: CVE-2017-17439
PR: 224191
- hcrypto is now thread safe on all platforms and as much as possible
hcrypto now uses the operating system's preferred crypto
implementation ensuring that optimized hardware assisted
implementations of AES-NI are used.
- RFC 6113 Generalized Framework for Kerberos Pre-Authentication
(FAST).
- Hierarchical capath support
- iprop has been revamped to fix a number of race conditions that
could lead to inconsistent replication.
- The KDC process now uses a multi-process model improving resiliency
and performance.
- AES Encryption with HMAC-SHA2 for Kerberos 5
draft-ietf-kitten-aes-cts-hmac-sha2-11
- Moved kadmin and ktutil to /usr/bin
- Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
- Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
telnet, xnlock
Mk/Uses/bdb.mk instead of db185 interfaces in libc.
As a side-effect, this causes a compatibility issue between
heimdal.db created by kadmin(8) in the base system or one by
an older security/heimdal. See UPDATING about this issue.
- Fix readline dependency end eliminate libheimedit.
- Use -lpthread instead of -pthread.
- Use FOO_CONFIGURE_WITH=foo instead of FOO_CONFIGURE_ON=--with-foo.
While there replace USE_SQLITE=x by USES=sqlite:x.
PR: 208971
Submitted by: mat
Exp-run by: antoine
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D5951
prevents build breakage when a port depends on heimdal in base and
some other libraries in LOCALBASE/lib such as OpenSSL from ports
at the same time.
- Always build libcom_err[*].
PR: 194475 [*]
The 30 AUG 14 commit to fix libcom_err on some FreeBSD releases crippled
Heimdal on DragonFly such that samba-nsupdate no longer would configure.
The culprit was once again using OSVERSION without checking OPSYS, so
adjusting for OPSYS fixes this regression.
The MAKE_JOBS_UNSAFE flag was set 10 June 2014 (PR 181923) and it
was removed without explanation on 30 Aug 2014 (r366616). I have
first-hand confirmation that it is still required with default
options set. I'm resetting this flag as it shouldn't have been removed.
- Build kcm by default.
- Use gssapi.mk.
- Use ${opt}_* variables instead of .if ${PORT_OPTIONS:Mopt} wherever possible.
- Use /var/heimdal as $hdbdir for compatibility with Heimdal in base.
- Merge pkg-plist.* into pkg-plist.
- Remove lines that are no longer valid.
- Remove stale kdc.sh. rc.d scripts in base system work with this port.
- Mk/bsd.database.mk rewrite, new default to db5.
- db6 is eligible by default only if installed on the system.
- Bump PORTREVISION of all ports that directly depend on BerkeleyDB or
where USE_BDB is found in the port's directory
- Patch a few ports such that they will pick up or work with newer
versions.
- Add UPDATING entry
- Drive-by format fix for pks
- Drop BerkeleyDB option from mail/popular for now, requires more work.
- Exp-run logs linked from the PR below.
- Ports that do not build (IGNORE, BROKEN, etc.) have pro-forma changes
for new Berkeley DB, but are untested.
NOTE: please read UPDATING and the Wiki page before proceeding!
Announcement: http://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-August/000090.html
Wiki reference: https://wiki.freebsd.org/Ports/BerkeleyDBCleanup
PR: 192690
Approved by: portmgr (implicit, PORTREVISION bump on unstaged ports)
This patch enables heimdal port and heimdal bad to be consistent [in byte
order for seed data] and talk nicely to each other. Please refer to
FreeBSD Errata Notice FreeBSD-EN-14:08.heimdal. This port is not
unmaintained.
PR: 191356
Submitted by: dewayne (heuristicsystems.com.au)
this option is very confusing. This option does not enable SQLite support
but enables building with existing SQLite library, i.e., disables building
with bundled SQLite source.
Submitted by: mat
While here:
* Clean up options and PLIST_SUB with new option framework capabilities
* Remove condition for FreeBSD 6 and earlier
- Remove never-fulfilled plist condition
- Move extra-patch to always-patch
* minor cosmetic realignment
PR: 181923
Submitted by: dewayne
Enable heimdal to properly build against net/openldap-sasl-client when
openldap24-server is built with SASL support. It did not before.
Heimdal is currently unmaintained.
PR: 183697
Submitted by: pcm
