The idea is to prevent needing to patch source files for packages that
use OpenSSL for DES support by ensuring that including <openssl/des.h>
will always present the old DES API.
(1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
<openssl/des.h> already does the right thing.
(2) If des_old.h doesn't exist, then one of two things is happening:
(a) If <openssl/des.h> is old and (only) supports the old DES API,
then <openssl/des.h> does the right thing.
(b) If it's NetBSD's Special(TM) one that stripped out the old DES
support into a separate library and header (-ldes, <des.h>),
then we create a new header <openssl/des.h> that includes the
system one and <des.h>.
Also modify existing packages that set USE_OLD_DES_API to simply include
<openssl/des.h> instead of either <des.h> or <openssl/des_old.h> (This
step is mostly just removing unnecessary patches).
This should fix building packages that use OpenSSL's old DES API support
on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7.
* fix vulnerabilities in ftpd
* support for linux AFS /proc "syscalls"
* support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd
* fix possible KDC denial of service
* Fix possible buffer overrun in v4 kadmin (which now defaults to off)
be linked in when testing -lreadline usability so that test fails on
Solaris - so pass that lib into configure at the start via the environment.
Also allow optional use of db4 rather that db.
Heimdal is a free implementation of Kerberos 5.
Kerberos is a system for authenticating users and services on a network.
It is built upon the assumption that the network is "unsafe". Kerberos
is a trusted third-party service. That means that there is a third
party (the Kerberos server) that is trusted by all the entities on the
network (users and services, usually called "principals"). All
principals share a secret password (or key) with the Kerberos server and
this enables principals to verify that the messages from the Kerberos
server are authentic. Thus trusting the Kerberos server, users and
services can authenticate each other.
