blob: 03492c58c13e5f870df7166520e08b5e5202c866 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#!/bin/sh
MAKEDEPS="make "
DEPS="musl e2fsprogs libldap keyutils gdbm"
PKG_VER=1.19.2
SOURCE=http://web.mit.edu/kerberos/dist/krb5/${PKG_VER%.*}/krb5-${PKG_VER}.tar.gz
ADDITIONAL="
https://cgit.freebsd.org/ports/plain/security/krb5-119/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
https://cgit.freebsd.org/ports/plain/security/krb5-119/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h
"
DESC="The Kerberos network authentication system"
prepare () {
# fix denial of service vulnerability
sed -i '210a if (sprinc == NULL) {\
status = "NULL_SERVER";\
errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;\
goto cleanup;\
}' src/kdc/do_tgs_req.c
cd src &&
patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h
sed -e "/LDFLAGS=/d" -i build-tools/krb5-config.in
sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp || true
sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test || true
sed -i '/t_iprop.py/d' tests/Makefile.in || true
}
build () {
# would be ideal to use libressl rather than builtin library
./configure ${configure_args} --sbindir=/usr/bin \
--disable-rpath --with-system-et --without-system-verto --with-ldap \
--with-system-ss --enable-shared --without-tcl \
ac_cv_func_pthread_once=yes ac_cv_func_pthread_rwlock_init=yes \
acx_pthread_ok=yes ac_cv_func_regcomp=yes ac_cv_printf_positional=yes \
krb5_cv_attr_constructor_destructor=yes,yes
make
}
package () {
make DESTDIR=$PKG_DEST install
install -dm755 $PKG_DEST/usr/share/doc/krb5-$PKG_VER &&
cp -fr ../doc/* $PKG_DEST/usr/share/doc/krb5-$PKG_VER
}
|
