USE_TOOLS and any of "autoconf", "autoconf213", "automake" or
"automake14". Also, we don't need to call the auto* tools via
${ACLOCAL}, ${AUTOCONF}, etc., since the tools framework takes care
to symlink the correct tool to the correct name, so we can just use
aclocal, autoconf, etc.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
* Merged Athena telnetd changes for creating a new option for requiring
encryption.
* Add implementation of the RPCSEC_GSS authentication flavor to the RPC
library.
* The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
* Thread safety for krb5 libraries.
* Yarrow code now uses AES.
* Merged Athena changes to allow ftpd to require encrypted passwords.
* Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
* Fix heap buffer overflow in password history mechanism.
[MITKRB5-SA-2004-004]
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
NOTE: THIS IS A SECURITY UPDATE.
Changes from version 1.3.4 include:
* [2841] Fix heap buffer overflow in password history
mechanism. [MITKRB5-SA-2004-004]
* [2682] Fix ftpd hang caused by empty PASS command.
* [2686] Fix double-free errors. [MITKRB5-SA-2004-002]
* [2687] Fix denial-of-service vulnerability in ASN.1
decoder. [MITKRB5-SA-2004-003]
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
for each package can be determined by invoking:
make show-var VARNAME=PKG_OPTIONS_VAR
The old options are still supported unless the variable named in
PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
[2284] Fixed accept_sec_context to use a replay cache in the
GSS_C_NO_CREDENTIAL case.
[2453] The AES string-to-key function no longer returns a pointer to
stack memory when given a password longer than 64 characters.
[2277] In sendto_kdc, a socket leak on connection failure was fixed.
[2384] A memory leak in the TCP handling code in the KDC has been fixed.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
* Support for AES in GSSAPI has been implemented. This corresponds to the
in-progress work in the IETF (CFX).
* To avoid compatibility problems, unrecognized TGS options will now be
ignored.
* 128-bit AES has been added to the default enctypes.
* AES cryptosystem now chains IVs. This WILL break backwards compatibility
for the kcmd applications, if they are using AES session keys.
* Assorted minor bug fixes and plugged memory leaks.
on the wip/mit-krb5 package by Jeremy Reed, but heavily modified by me to
libtoolize the build.
Kerberos V5 is an authentication system developed at MIT. It is a network
authentication protocol designed to provide strong authentication for
client/server applications by using secret-key cryptography. (Kerberos
5 is discussed in RFC 1510.)
This package provides Kerberos and GSSAPI (Generic Security Services
Application Programming Interface) development headers and libraries.
It also includes Kerberos ticket and principal tools, and Kerberized
r-services, telnet and ftp services.
