diff --git a/security/krb5-devel/Makefile b/security/krb5-devel/Makefile index 2f646b746585..3c2377b09eb5 100644 --- a/security/krb5-devel/Makefile +++ b/security/krb5-devel/Makefile @@ -1,135 +1,135 @@ PORTNAME= krb5 PORTVERSION= 1.23.${MIT_COMMIT_DATE} CATEGORIES= security .if !defined(MASTERDIR) PKGNAME_X= -${FLAVOR:S/default//}-devel .else PKGNAME_X= -${FLAVOR:S/default//} .endif PKGNAMESUFFIX= ${PKGNAME_X:S/--/-/:C/-$//} -HASH= f8a0bee0a -MIT_COMMIT_DATE= 2026.03.23 +HASH= 0138cbef6 +MIT_COMMIT_DATE= 2026.04.23 PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 MAINTAINER= cy@FreeBSD.org COMMENT= MIT implementation of RFC 4120 network authentication service WWW= https://web.mit.edu/kerberos/ LICENSE= MIT USE_GITHUB= yes GH_TAGNAME= ${HASH} CONFLICTS= heimdal krb5 krb5-1* KERBEROSV_URL= http://web.mit.edu/kerberos/ USE_PERL5= build USE_LDCONFIG= yes USE_CSTD= gnu99 GNU_CONFIGURE= yes USES= autoreconf compiler:c11 cpe gmake localbase perl5 \ libtool:build gssapi:bootstrap,mit pkgconfig ssl CONFIGURE_ARGS?= --enable-shared --without-system-verto \ --disable-rpath GNU_CONFIGURE_MANPREFIX=${PREFIX}/share CONFIGURE_ENV= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" YACC="${YACC}" WARN_CFLAGS=-Wno-strict-prototypes MAKE_ARGS= INSTALL="${INSTALL}" INSTALL_LIB="${INSTALL_LIB}" CPE_VENDOR= mit CPE_VERSION= 5-${PORTVERSION} CPE_PRODUCT= kerberos FLAVORS= default ldap OPTIONS_DEFINE= EXAMPLES NLS DNS_FOR_REALM LDAP LMDB OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE CRYPTO_BUILTIN OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm LDAP= Enable LDAP support LDAP_USES= ldap LDAP_CONFIGURE_WITH= ldap LMDB_DESC= OpenLDAP Lightning Memory-Mapped Database support LMDB_CONFIGURE_WITH= lmdb LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb LMDB_IMPLIES= LDAP NLS_USES= gettext NLS_CONFIGURE_OFF= --disable-nls READLINE_USES= readline READLINE_CONFIGURE_WITH=readline LIBEDIT_USES= libedit LIBEDIT_CONFIGURE_WITH= libedit LIBEDIT_BASE_CONFIGURE_WITH= libedit LIBEDIT_BASE_DESC= Use libedit in FreeBSD base CRYPTO_BUILTIN_DESC= Use crypto built into KRB5 CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin CRYPTO_OPENSSL_DESC= Use OpenSSL crypto CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl .if ${FLAVOR:U} == ldap OPTIONS_DEFAULT+= LDAP LMDB .endif .if defined(KRB5_HOME) PREFIX= ${KRB5_HOME} .endif .if !defined(KRB5_LOCALSTATEDIR) KRB5_LOCALSTATEDIR= "${PREFIX}/var" .endif .if !defined(KRB5_RUNSTATEDIR) KRB5_RUNSTATEDIR= "${PREFIX}/var/run" .endif CONFIGURE_ARGS+= --runstatedir="${KRB5_RUNSTATEDIR}" CONFIGURE_ARGS+= --localstatedir="${KRB5_LOCALSTATEDIR}" PLIST_SUB+= KRB5_LOCALSTATEDIR=${KRB5_LOCALSTATEDIR} PLIST_SUB+= KRB5_RUNSTATEDIR=${KRB5_RUNSTATEDIR} CPPFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} USE_RC_SUBR= kpropd OPTIONS_SUB= yes WRKSRC_SUBDIR= src PORTEXAMPLES= kdc.conf krb5.conf services.append .include # Fix up -Wl,-rpath in LDFLAGS .if !empty(KRB5_HOME) _RPATH= ${KRB5_HOME}/lib: .else _RPATH= ${LOCALBASE}/lib: .endif .if !empty(LDFLAGS:M-Wl,-rpath,*) .for F in ${LDFLAGS:M-Wl,-rpath,*} LDFLAGS:= -Wl,-rpath,${_RPATH}${F:S/-Wl,-rpath,//} \ ${LDFLAGS:N-Wl,-rpath,*} .endfor .endif .if defined(KRB5_HOME) && ${KRB5_HOME} != ${LOCALBASE} BROKEN= LIB_DEPENDS when using KRB5_HOME is broken .endif .if defined(PROGRAM_TRANSFORM_NAME) && ${PROGRAM_TRANSFORM_NAME} != "" CONFIGURE_ARGS+= --program-transform-name="${PROGRAM_TRANSFORM_NAME}" .endif .include post-install: @${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/krb5 post-install-LDAP-on: ${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema \ ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif \ ${STAGEDIR}${DATADIR} .include diff --git a/security/krb5-devel/distinfo b/security/krb5-devel/distinfo index 9995bc93bef9..04b3817650dc 100644 --- a/security/krb5-devel/distinfo +++ b/security/krb5-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1774455077 -SHA256 (krb5-krb5-1.23.2026.03.23-f8a0bee0a_GH0.tar.gz) = 48005a52e92099f588737782ece32092e5197ba4bee4cc67bf2d312cfb7361ad -SIZE (krb5-krb5-1.23.2026.03.23-f8a0bee0a_GH0.tar.gz) = 4678952 +TIMESTAMP = 1777387626 +SHA256 (krb5-krb5-1.23.2026.04.23-0138cbef6_GH0.tar.gz) = 7543ad7544514c562089c68b1d16abeab98236fe7b8cb73f6ab8c30ee70a84ea +SIZE (krb5-krb5-1.23.2026.04.23-0138cbef6_GH0.tar.gz) = 4677660 diff --git a/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c index a26d295ebf75..65f7fc262601 100644 --- a/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c +++ b/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -1,23 +1,15 @@ ---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700 -+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800 -@@ -178,7 +178,8 @@ - (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ -+ defined(LIBRESSL_VERSION_NUMBER) - - /* 1.1 standardizes constructor and destructor names, renaming - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -@@ -722,6 +723,10 @@ - DH_free(dh); - return pkey; +diff --git plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 11c570f..cba4515 100644 +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -787,6 +787,10 @@ oerr(krb5_context context, krb5_error_code code, const char *fmt, ...) + return code; } -+ + +#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) +#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name +#endif - - static struct pkcs11_errstrings { - short code; ++ + /* + * Set an appropriate error string containing msg for a certificate + * verification failure from certctx. Write the message and all pending