#!/bin/sh MAKEDEPS="make " DEPS="musl e2fsprogs libldap keyutils gdbm" PKG_VER=1.19.2 SOURCE=http://web.mit.edu/kerberos/dist/krb5/${PKG_VER%.*}/krb5-${PKG_VER}.tar.gz ADDITIONAL=" https://cgit.freebsd.org/ports/plain/security/krb5-119/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c https://cgit.freebsd.org/ports/plain/security/krb5-119/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h " DESC="The Kerberos network authentication system" prepare () { # fix denial of service vulnerability sed -i '210a if (sprinc == NULL) {\ status = "NULL_SERVER";\ errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;\ goto cleanup;\ }' src/kdc/do_tgs_req.c cd src && patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h sed -e "/LDFLAGS=/d" -i build-tools/krb5-config.in sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp || true sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test || true sed -i '/t_iprop.py/d' tests/Makefile.in || true } build () { # would be ideal to use libressl rather than builtin library ./configure ${configure_args} --sbindir=/usr/bin \ --disable-rpath --with-system-et --without-system-verto --with-ldap \ --with-system-ss --enable-shared --without-tcl \ ac_cv_func_pthread_once=yes ac_cv_func_pthread_rwlock_init=yes \ acx_pthread_ok=yes ac_cv_func_regcomp=yes ac_cv_printf_positional=yes \ krb5_cv_attr_constructor_destructor=yes,yes make } package () { make DESTDIR=$PKG_DEST install install -dm755 $PKG_DEST/usr/share/doc/krb5-$PKG_VER && cp -fr ../doc/* $PKG_DEST/usr/share/doc/krb5-$PKG_VER }