are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
The majority of these patches were inspired from FreeBSD's ports. FreeBSD,
along with at least Debian, have removed Kerberos4 due to secuity concerns.
From: http://web.mit.edu/kerberos/krb4-end-of-life.html :
"Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit
attacks which require far less effort than an exhaustive search of the DES
key space. These flaws make Kerberos 4 cross-realm authentication an
unacceptable security risk and raise serious questions about the security of
the entire Kerberos 4 protocol.
The known insecurity of DES, combined with the recently discovered protocol
flaws, make it extremely inadvisable to rely on the security of version 4 of
the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove
support for Kerberos version 4 from the MIT implementation of Kerberos."
This end-of-life announcement is dated 19 October 2006. I think it's a
good question to ask why this package and the packages that depend on it
are still in pkgsrc.
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
This provides both, simple and fine-grained control over the Kerberos
prefix. If not specified, KRB4_PREFIX_CMDS will default to the value
of KERBEROS_PREFIX_CMDS. If specified, it overrides KERBEROS_PREFIX_CMDS.
of bootstrap-pkgsrc).
ftp is now always installed as bin/k4ftp. In addition, if the variable
KRB4_PREFIX_CMDS is set to YES, rcp, rlogin, rsh, su, and telnet will
be installed with a "k4" prefix.
This has been achieved by stealing the transform code from security/heimdal
and by tayloring it a bit.
Closes PR pkg/24354 by Tracy Di Marco White.
Changes in release 1.2.1:
* kadmind: fix remote exploit
Changes in release 1.2:
* fix buffer overrun in ftp
* fix openssl building
* don't try to force encryption in telnet if not talking to a default
telnet port
* recognise AIX 5
* should work with more DB libraries
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
attack described in SA2001-12 (noted by T. M. Pederson <salvage@plethora.net>
in PR pkg/13610).
Instead of applying the patch submitted by T. M. Pederson, we upgrade
kth-krb4 to 1.0.9 where the vulnerability has been fixed.
The upgrade to 1.0.9 was provided by Assar Westerlund <assar@netbsd.org>
and slightly modified by myself.
Also included is diff file for /etc/services for NetBSD-1.5 (and 1.5.1)
also submitted by T. M. Pederson <salvage@plethora.net> in PR 12540.
Note: files/services.diff resurfaces as files/services-1.4.2.diff.
Closes PR 13610 and PR 12540.
