FreeBSD Bugzilla – Attachment 169561 Details for
Bug 208976
Rework SSL/GSSAPI
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch-v1
ssl.diff (text/plain), 50.20 KB, created by
Mathieu Arnold
on 2016-04-22 13:08:55 UTC
(
hide
)
Description:
patch-v1
Filename:
MIME Type:
Creator:
Mathieu Arnold
Created:
2016-04-22 13:08:55 UTC
Size:
50.20 KB
patch
obsolete
>diff --git a/Mk/Scripts/qa.sh b/Mk/Scripts/qa.sh >index aca3df2..6e07a79 100644 >--- a/Mk/Scripts/qa.sh >+++ b/Mk/Scripts/qa.sh >@@ -96,6 +96,7 @@ shebang() { > > baselibs() { > local rc >+ local found_openssl > [ "${PKGBASE}" = "pkg" -o "${PKGBASE}" = "pkg-devel" ] && return > while read f; do > case ${f} in >@@ -107,12 +108,40 @@ baselibs() { > err "Bad linking on ${f##* } please add USES=libedit" > rc=1 > ;; >+ *NEEDED*\[libcrypto.so.[67]]|*NEEDED*\[libssl.so.[67]]) >+ err "Bad linking on ${f##* } please add USES=ssl" >+ rc=1 >+ ;; >+ *NEEDED*\[libcrypto.so.*]|*NEEDED*\[libssl.so.*]) >+ found_openssl=1 >+ ;; >+ *NEEDED*\[libasn1.so.1[01]] | >+ *NEEDED*\[libcom_err.so.5] | >+ *NEEDED*\[libgssapi.so.10] | >+ *NEEDED*\[libhdb.so.1[01]] | >+ *NEEDED*\[libheimbase.so.11] | >+ *NEEDED*\[libheimntlm.so.1[01]] | >+ *NEEDED*\[libhx509.so.1[01]] | >+ *NEEDED*\[libkadm5clnt.so.1[01]] | >+ *NEEDED*\[libkadm5srv.so.10[1]] | >+ *NEEDED*\[libkdc.so.11] | >+ *NEEDED*\[libkrb5.so.1[01] |] >+ *NEEDED*\[libroken.so.1[01]] | >+ *NEEDED*\[libwind.so.11]) >+ err "Bad linking on ${f##* } please add USES=gssapi" >+ rc=1 >+ ;; > esac > done <<-EOF > $(find ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \ > ${STAGEDIR}${PREFIX}/lib ${STAGEDIR}${PREFIX}/libexec \ > -type f -exec readelf -d {} + 2>/dev/null) > EOF >+ if [ -z "${USESSSL}" -a -n "${found_openssl}" ]; then >+ warn "you need USES=nssl" >+ elif [ -n "${USESSSL}" -a -z "${found_openssl}" ]; then >+ warn "you may not need USES=ssl" >+ fi > return ${rc} > } > >diff --git a/Mk/Uses/gssapi.mk b/Mk/Uses/gssapi.mk >index 35aba018..8d1f405 100644 >--- a/Mk/Uses/gssapi.mk >+++ b/Mk/Uses/gssapi.mk >@@ -4,11 +4,11 @@ > # > # Feature: gssapi > # Usage: USES=gssapi or USES=gssapi:ARGS >-# Valid ARGS: base (default, implicit), heimdal, mit. >+# Valid ARGS: heimdal, mit (default). > # "bootstrap" is a special prefix only for krb5 or heimdal ports. > # ("bootstrap,mit") > # flags is a special suffix to define CFLAGS, LDFLAGS, and LDADD. >-# ("base,flags") >+# ("mit,flags") > # > # MAINTAINER: hrs@FreeBSD.org > # >@@ -41,11 +41,7 @@ > # A typical example: > # > # OPTIONS_SINGLE= GSSAPI >-# OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >-# >-# GSSAPI_BASE_USES= gssapi >-# GSSAPI_BASE_CONFIGURE_ON= \ >-# --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} >+# OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > # > # GSSAPI_HEIMDAL_USES=gssapi:heimdal > # GSSAPI_HEIMDAL_CONFIGURE_ON= \ >@@ -81,23 +77,11 @@ _HEADERS= sys/types.h sys/stat.h stdint.h > > .undef _FIXUP_KRB5CONFIG > .if empty(gssapi_ARGS) >-gssapi_ARGS= base >+gssapi_ARGS= mit > .endif > .for _A in ${gssapi_ARGS} > _local:= ${_A} >-.if ${_local} == "base" >-HEIMDAL_HOME= /usr >-GSSAPIBASEDIR= ${HEIMDAL_HOME} >-GSSAPILIBDIR= ${GSSAPIBASEDIR}/lib >-GSSAPIINCDIR= ${GSSAPIBASEDIR}/include >-_HEADERS+= gssapi/gssapi.h gssapi/gssapi_krb5.h krb5.h >-GSSAPICPPFLAGS= -I"${GSSAPIINCDIR}" >-GSSAPILIBS= -lkrb5 -lgssapi -lgssapi_krb5 >-GSSAPILDFLAGS= -L"${GSSAPILIBDIR}" >-.if empty(OSREL:N9.3) >-_FIXUP_KRB5CONFIG= yes >-.endif >-.elif ${_local} == "heimdal" >+.if ${_local} == "heimdal" > HEIMDAL_HOME?= ${LOCALBASE} > GSSAPIBASEDIR= ${HEIMDAL_HOME} > GSSAPILIBDIR= ${GSSAPIBASEDIR}/lib/heimdal >diff --git a/Mk/Uses/localbase.mk b/Mk/Uses/localbase.mk >index 8f0c3c6..ef1581d 100644 >--- a/Mk/Uses/localbase.mk >+++ b/Mk/Uses/localbase.mk >@@ -14,7 +14,7 @@ _INCLUDE_USES_LOCALBASE_MK= yes > CPPFLAGS+= -isystem ${LOCALBASE}/include > CFLAGS+= -isystem ${LOCALBASE}/include > CXXFLAGS+= -isystem ${LOCALBASE}/include >-LDFLAGS+= -L${LOCALBASE}/lib >+LDFLAGS+= -L${LOCALBASE}/lib -Wl,-rpath=${LOCALBASE}/lib -Wl,--enable-new-dtags > > # Use CONFIGURE_ENV instead of CMAKE_ARGS because devel/cmake itself also needs > # this, and CMAKE_ARGS is not used when bootstrapping CMake. >diff --git a/Mk/Uses/ssl.mk b/Mk/Uses/ssl.mk >new file mode 100644 >index 0000000..5b95b16 >--- /dev/null >+++ b/Mk/Uses/ssl.mk >@@ -0,0 +1,38 @@ >+# $FreeBSD$ >+# >+.if !defined(_INCLUDE_USES_SSL_MK) >+_INCLUDE_USES_SSL_MK= yes >+ >+.include "${USESDIR}/localbase.mk" >+.include "${PORTSDIR}/Mk/bsd.default-versions.mk" >+ >+# If you add another SSL flavor, remember to add it to bsd.default-versions.mk. >+.if ${SSL_DEFAULT} == libressl-devel >+OPENSSL_SHLIBVER= 37 >+OPENSSL_PORT= security/libressl-devel >+.elif ${SSL_DEFAULT} == libressl >+OPENSSL_SHLIBVER= 35 >+OPENSSL_PORT= security/libressl >+.else >+OPENSSL_SHLIBVER= 8 >+OPENSSL_PORT= security/openssl >+.if exists(${LOCALBASE}/lib/libcrypto.so) && !exists(${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}) >+.error You seem not to be using OpenSSL for your crypto. You must set \ >+ DEFAULT_VERSIONS+=ssl=libressl or libressl-devel in your make.conf >+.endif >+.endif >+ >+LIB_DEPENDS+= libcrypto.so.${OPENSSL_SHLIBVER}:${PORTSDIR}/${OPENSSL_PORT} >+ >+# Those are DEPRECATED but still here for compat reasons >+OPENSSLBASE= ${LOCALBASE} >+OPENSSLDIR?= ${OPENSSLBASE}/openssl >+OPENSSLLIB= ${OPENSSLBASE}/lib >+OPENSSLINC= ${OPENSSLBASE}/include >+ >+MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} >+MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} >+MAKE_ENV+= OPENSSLINC=${OPENSSLINC} >+MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} >+ >+.endif >diff --git a/Mk/bsd.default-versions.mk b/Mk/bsd.default-versions.mk >index d187feb..a6c4332 100644 >--- a/Mk/bsd.default-versions.mk >+++ b/Mk/bsd.default-versions.mk >@@ -59,6 +59,8 @@ PYTHON2_DEFAULT?= 2.7 > PYTHON3_DEFAULT?= 3.4 > # Possible values: 2.0, 2.1, 2.2, 2.3 > RUBY_DEFAULT?= 2.2 >+# Possible values: openssl, libressl, libressl-devel >+SSL_DEFAULT?= openssl > # Possible values: 8.4, 8.5, 8.6 > TCLTK_DEFAULT?= 8.6 > >diff --git a/Mk/bsd.openssl.mk b/Mk/bsd.openssl.mk >deleted file mode 100644 >index ba51d88..0000000 >--- a/Mk/bsd.openssl.mk >+++ /dev/null >@@ -1,142 +0,0 @@ >-# >-# $FreeBSD$ >-# bsd.openssl.mk - Support for OpenSSL based ports. >-# >-# Use of 'USE_OPENSSL=yes' includes this Makefile after bsd.ports.pre.mk >-# >-# The user/port can now set these options in the Makefiles. >-# >-# WITH_OPENSSL_BASE=yes - Use the version in the base system. >-# WITH_OPENSSL_PORT=yes - Use the OpenSSL port, even if base is up to date. >-# >-# USE_OPENSSL_RPATH=yes - Pass RFLAGS options in CFLAGS, >-# needed for ports who don't use LDFLAGS. >-# >-# Overrideable defaults: >-# >-# OPENSSL_SHLIBVER= 8 >-# OPENSSL_PORT= security/openssl >-# >-# The Makefile sets these variables: >-# OPENSSLBASE - "/usr" or ${LOCALBASE} >-# OPENSSLDIR - path to openssl >-# OPENSSLLIB - path to the libs >-# OPENSSLINC - path to the matching includes >-# OPENSSLRPATH - rpath for dynamic linker >-# >-# MAKE_ENV - extended with the variables above >-# CONFIGURE_ENV - extended with LDFLAGS >-# BUILD_DEPENDS - are added if needed >-# RUN_DEPENDS - are added if needed >- >-OpenSSL_Include_MAINTAINER= dinoex@FreeBSD.org >- >-# If no preference was set, check for an installed base version >-# but give an installed port preference over it. >-.if !defined(WITH_OPENSSL_BASE) && \ >- !defined(WITH_OPENSSL_PORT) && \ >- !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ >- exists(${DESTDIR}/usr/include/openssl/opensslv.h) >-WITH_OPENSSL_BASE=yes >-.endif >- >-.if defined(WITH_OPENSSL_BASE) >-OPENSSLBASE= /usr >-OPENSSLDIR?= /etc/ssl >- >-.if !exists(${DESTDIR}/usr/lib/libcrypto.so) >-check-depends:: >- @${ECHO_CMD} "Dependency error: This port requires the OpenSSL library, which is part of" >- @${ECHO_CMD} "the FreeBSD crypto distribution, but not installed on your" >- @${ECHO_CMD} "machine. Please see the \"OpenSSL\" section in the handbook" >- @${ECHO_CMD} "(at \"http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/openssl.html\", for instance)" >- @${ECHO_CMD} "for instructions on how to obtain and install the FreeBSD" >- @${ECHO_CMD} "OpenSSL distribution." >- @${FALSE} >-.endif >-.if exists(${LOCALBASE}/lib/libcrypto.so) >-check-depends:: >- @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" >- @${ECHO_CMD} "base system. You can't build against it, while a newer" >- @${ECHO_CMD} "version is installed by a port." >- @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." >- @${FALSE} >-.endif >- >-# OpenSSL in the base system may not include IDEA for patent licensing reasons. >-.if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA) >-OPENSSL_IDEA= ${MAKE_IDEA} >-.else >-OPENSSL_IDEA?= NO >-.endif >- >-.if ${OPENSSL_IDEA} == "NO" >-# XXX This is a hack to work around the fact that /etc/make.conf clobbers >-# our CFLAGS. It might not be enough for all future ports. >-.if defined(HAS_CONFIGURE) >-CFLAGS+= -DNO_IDEA >-.else >-OPENSSL_CFLAGS+= -DNO_IDEA >-.endif >-MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" >-.endif >- >-.else >- >-OPENSSLBASE= ${LOCALBASE} >-.if !defined(OPENSSL_PORT) && \ >- exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) >-# find installed port and use it for dependency >-.if !defined(OPENSSL_INSTALLED) >-.if defined(DESTDIR) >-PKGARGS= -c ${DESTDIR} >-.else >-PKGARGS= >-.endif >-OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : >-.endif >-.if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" >-OPENSSL_PORT= ${OPENSSL_INSTALLED} >-OPENSSL_SHLIBFILE!= ${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$" >-OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E} >-.endif >-.endif >- >-# LibreSSL specific SHLIBVER >-.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl >-OPENSSL_SHLIBVER?= 35 >-.elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel >-OPENSSL_SHLIBVER?= 37 >-.endif >- >-# default >-OPENSSL_PORT?= security/openssl >-OPENSSL_SHLIBVER?= 8 >- >-OPENSSLDIR?= ${OPENSSLBASE}/openssl >-BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} >-RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} >-OPENSSLRPATH= ${LOCALBASE}/lib >- >-.endif >- >-OPENSSLLIB= ${OPENSSLBASE}/lib >-OPENSSLINC= ${OPENSSLBASE}/include >- >-MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} >-MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} >-MAKE_ENV+= OPENSSLINC=${OPENSSLINC} >-MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} >- >-.if defined(OPENSSLRPATH) >-.if defined(USE_OPENSSL_RPATH) >-CFLAGS+= -Wl,-rpath,${OPENSSLRPATH} >-.endif >-MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH} >-OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH} >-.endif >- >-LDFLAGS+= ${OPENSSL_LDFLAGS} >- >-### crypto >-#RESTRICTED= "Contains cryptography." >diff --git a/Mk/bsd.port.mk b/Mk/bsd.port.mk >index e804fb4..76628b5 100644 >--- a/Mk/bsd.port.mk >+++ b/Mk/bsd.port.mk >@@ -1352,7 +1352,7 @@ PKGCOMPATDIR?= ${LOCALBASE}/lib/compat/pkg > .endif > > .if defined(USE_OPENSSL) >-.include "${PORTSDIR}/Mk/bsd.openssl.mk" >+USES+= ssl > .endif > > .if defined(USE_EMACS) >@@ -1505,6 +1505,9 @@ QA_ENV+= STAGEDIR=${STAGEDIR} \ > "STRIP=${STRIP}" \ > TMPPLIST=${TMPPLIST} \ > PKGBASE=${PKGBASE} >+.if !empty(USES:Mssl) >+QA_ENV+= USESSSL=yes >+.endif > .if !empty(USES:Mdesktop-file-utils) > QA_ENV+= USESDESKTOPFILEUTILS=yes > .endif >diff --git a/Mk/bsd.sanity.mk b/Mk/bsd.sanity.mk >index 929650c..7da7c8b 100644 >--- a/Mk/bsd.sanity.mk >+++ b/Mk/bsd.sanity.mk >@@ -170,7 +170,7 @@ SANITY_UNSUPPORTED= USE_OPENAL USE_FAM USE_MAKESELF USE_ZIP USE_LHA USE_CMAKE \ > USE_PYTHON_PREFIX USE_BZIP2 USE_XZ USE_PGSQL NEED_ROOT \ > UNIQUENAME LATEST_LINK > SANITY_DEPRECATED= PYTHON_PKGNAMESUFFIX USE_AUTOTOOLS PLIST_DIRSTRY USE_SQLITE \ >- USE_FIREBIRD >+ USE_FIREBIRD USE_OPENSSL > SANITY_NOTNEEDED= WX_UNICODE > > USE_AUTOTOOLS_ALT= USES=autoreconf and GNU_CONFIGURE=yes >@@ -211,6 +211,7 @@ WX_UNICODE_REASON= Now no-op as only unicode is supported now > PLIST_DIRSTRY_ALT= PLIST_DIRS > USE_SQLITE_ALT= USES=sqlite > USE_FIREBIRD_ALT= USES=firebird >+USE_OPENSSL_ALT= USES=ssl > > .for a in ${SANITY_DEPRECATED} > .if defined(${a}) >diff --git a/benchmarks/polygraph/Makefile b/benchmarks/polygraph/Makefile >index cae6e8c..bb03b9e 100644 >--- a/benchmarks/polygraph/Makefile >+++ b/benchmarks/polygraph/Makefile >@@ -27,7 +27,7 @@ OPTIONS_DEFAULT= SSL ZLIB > > GNUPLOT_DESC= GNUPlot for full reporting functionality > GNUPLOT_RUN_DEPENDS= gnuplot:math/gnuplot >-GSSAPI_USES= gssapi:mit >+GSSAPI_USES= gssapi > GSSAPI_CONFIGURE_ON= --with-kerberos=${KRB5CONFIG} ${GSSAPI_CONFIGURE_ARGS} > GSSAPI_CONFIGURE_OFF= --without-kerberos > LDNS_DESC= DNS zone file support via libldns >diff --git a/databases/mariadb101-server/Makefile b/databases/mariadb101-server/Makefile >index 8b354c8..9d34771 100644 >--- a/databases/mariadb101-server/Makefile >+++ b/databases/mariadb101-server/Makefile >@@ -35,8 +35,8 @@ DOCSDIR= ${PREFIX}/share/doc/mysql > > OPTIONS_DEFINE= FASTMTX > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >-OPTIONS_DEFAULT= GSSAPI_BASE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_DEFAULT= GSSAPI_MIT > > FASTMTX_DESC= Replace mutexes with spinlocks > >@@ -58,7 +58,6 @@ SPIDER_DESC= Partitioning and XA-transactions engine > TOKUDB_DESC= Fractal tree index tree data structure engine > .endif > >-GSSAPI_BASE_USES= gssapi > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_MIT_USES= gssapi:mit > >@@ -146,10 +145,6 @@ post-install: > ${RM} ${STAGEDIR}/${PREFIX}/bin/maria_add_gis_sp.sql > .endif # defined(CLIENT_ONLY) > >-.if defined(WITH_OPENSSL_PORT) >-GSSAPI_BASE_IGNORE= BASE_GSSAPI is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system >-.endif >- > .include <bsd.port.pre.mk> > > .if ${OPSYS} == DragonFly >@@ -160,9 +155,6 @@ CMAKE_ARGS+= -DWITHOUT_TOKUDB > CMAKE_ARGS+= -DWITH_JEMALLOC="system" > .else > CMAKE_ARGS+= -DWITH_JEMALLOC="no" >-.if ${PORT_OPTIONS:MGSSAPI_BASE} >-IGNORE= requires a Kerberos implementation from ports on FreeBSD < 10. Select GSSAPI_HEIMDAL or GSSAPI_MIT option >-.endif > .endif > > post-patch: >diff --git a/databases/postgresql91-server/Makefile b/databases/postgresql91-server/Makefile >index f030b45..0d762f2 100644 >--- a/databases/postgresql91-server/Makefile >+++ b/databases/postgresql91-server/Makefile >@@ -181,6 +181,7 @@ CONFIGURE_ARGS+=--without-gssapi > .endif > > . if ${PORT_OPTIONS:MMIT_KRB5} >+# Not sure this is right. > . if defined(IGNORE_WITH_SRC_KRB5) && (exists(/usr/lib/libkrb5.so) || exists(/usr/bin/krb5-config)) > IGNORE= requires that you remove heimdal's /usr/bin/krb5-config and /usr/lib/libkrb5.so*, and set NO_KERBEROS=true in /etc/src.conf to build successfully with MIT-KRB > . else >diff --git a/databases/postgresql92-server/Makefile b/databases/postgresql92-server/Makefile >index 547a34f..b69e16e 100644 >--- a/databases/postgresql92-server/Makefile >+++ b/databases/postgresql92-server/Makefile >@@ -182,6 +182,7 @@ CONFIGURE_ARGS+=--without-gssapi > .endif > > . if ${PORT_OPTIONS:MMIT_KRB5} >+# Not sure this is right. > . if defined(IGNORE_WITH_SRC_KRB5) && (exists(/usr/lib/libkrb5.so) || exists(/usr/bin/krb5-config)) > IGNORE= requires that you remove heimdal's /usr/bin/krb5-config and /usr/lib/libkrb5.so*, and set NO_KERBEROS=true in /etc/src.conf to build successfully with MIT-KRB > . else >diff --git a/devel/gnome-vfs/Makefile b/devel/gnome-vfs/Makefile >index df1615f..9360e17 100644 >--- a/devel/gnome-vfs/Makefile >+++ b/devel/gnome-vfs/Makefile >@@ -49,6 +49,8 @@ MDNS_DESC= Enable Bonjour/Rendezvous support > USES+= fam > .endif > >+# Does this mean it always has krb5 support but only uses it from ports if >+# already there ? > .if exists(${LOCALBASE}/lib/libkrb5.so) > LIB_DEPENDS+= libkrb5.so:security/heimdal > .endif >diff --git a/dns/bind9-devel/Makefile b/dns/bind9-devel/Makefile >index f09451d..f2e4bf6 100644 >--- a/dns/bind9-devel/Makefile >+++ b/dns/bind9-devel/Makefile >@@ -61,7 +61,7 @@ OPTIONS_GROUP= DLZ > OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ > DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > > OPTIONS_SUB= yes > >@@ -95,7 +95,6 @@ DLZ_BDB_DESC= DLZ BDB driver > DLZ_LDAP_DESC= DLZ LDAP driver > DLZ_FILESYSTEM_DESC= DLZ filesystem driver > DLZ_STUB_DESC= DLZ stub driver >-GSSAPI_BASE_DESC= Using Heimdal in base > GSSAPI_HEIMDAL_DESC= Using security/heimdal > GSSAPI_MIT_DESC= Using security/krb5 > GSSAPI_NONE_DESC= Disable >@@ -162,9 +161,6 @@ START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ > START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ > NAMED_BEFORE="SERVERS" > >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= \ >- --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ON= \ > --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" >diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile >index d5c3a6f..6515244 100644 >--- a/dns/bind910/Makefile >+++ b/dns/bind910/Makefile >@@ -77,7 +77,7 @@ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ > DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB > .endif # BIND_TOOLS_SLAVE > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > > OPTIONS_SUB= yes > >@@ -111,7 +111,6 @@ DLZ_BDB_DESC= DLZ BDB driver > DLZ_LDAP_DESC= DLZ LDAP driver > DLZ_FILESYSTEM_DESC= DLZ filesystem driver > DLZ_STUB_DESC= DLZ stub driver >-GSSAPI_BASE_DESC= Using Heimdal in base > GSSAPI_HEIMDAL_DESC= Using security/heimdal > GSSAPI_MIT_DESC= Using security/krb5 > GSSAPI_NONE_DESC= Disable >@@ -184,9 +183,6 @@ START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ > START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ > NAMED_BEFORE="SERVERS" > >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= \ >- --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ON= \ > --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" >diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile >index 79af9b0..73ce4b4 100644 >--- a/dns/bind99/Makefile >+++ b/dns/bind99/Makefile >@@ -51,7 +51,7 @@ OPTIONS_GROUP= DLZ > OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ > DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > > OPTIONS_SUB= yes > >@@ -82,7 +82,6 @@ DLZ_BDB_DESC= DLZ BDB driver > DLZ_LDAP_DESC= DLZ LDAP driver > DLZ_FILESYSTEM_DESC= DLZ filesystem driver > DLZ_STUB_DESC= DLZ stub driver >-GSSAPI_BASE_DESC= ${GSSAPI_DESC} (Heimdal in base) > GSSAPI_HEIMDAL_DESC= ${GSSAPI_DESC} (security/heimdal) > GSSAPI_MIT_DESC= ${GSSAPI_DESC} (security/krb5) > GSSAPI_NONE_DESC= No ${GSSAPI_DESC} >@@ -146,9 +145,6 @@ START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ > START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ > NAMED_BEFORE="SERVERS" > >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= \ >- --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ON= \ > --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" >diff --git a/dns/samba-nsupdate/Makefile b/dns/samba-nsupdate/Makefile >index b096a8a..508fb8d 100644 >--- a/dns/samba-nsupdate/Makefile >+++ b/dns/samba-nsupdate/Makefile >@@ -57,8 +57,6 @@ CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE} > CONFIGURE_ARGS+= --with-gssapi="${KRB5_HOME}" > .elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.so) > CONFIGURE_ARGS+= --with-gssapi="${HEIMDAL_HOME}" >-.elif exists(/usr/lib/libkrb5.so) && exists(/usr/bin/krb5-config) >-CONFIGURE_ARGS+= --with-gssapi="/usr" > .else > LIB_DEPENDS+= libkrb5.so:security/heimdal > CONFIGURE_ARGS+= --with-gssapi="${LOCALBASE}" >diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile >index 524eca5..0ea6f33 100644 >--- a/ftp/curl/Makefile >+++ b/ftp/curl/Makefile >@@ -19,7 +19,7 @@ OPTIONS_RADIO= RESOLV SSL > OPTIONS_SINGLE= GSSAPI > OPTIONS_RADIO_RESOLV= CARES THREADED_RESOLVER > OPTIONS_RADIO_SSL= GNUTLS NSS OPENSSL POLARSSL WOLFSSL >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > OPTIONS_DEFAULT= CA_BUNDLE COOKIES IPV6 OPENSSL PROXY RESOLV THREADED_RESOLVER TLS_SRP > CA_BUNDLE_DESC= Install CA bundle for OpenSSL > CA_BUNDLE_IMPLIES= OPENSSL >@@ -33,11 +33,7 @@ THREADED_RESOLVER_DESC= Threaded DNS resolver > TLS_SRP_DESC= TLS-SRP (Secure Remote Password) support > > LOCALBASE?= /usr/local >-.if defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so)) > OPTIONS_DEFAULT+= GSSAPI_NONE >-.else >-OPTIONS_DEFAULT+= GSSAPI_BASE >-.endif > > CONFIGURE_ARGS+=--disable-werror \ > --enable-imap --enable-pop3 --enable-rtsp --enable-smtp \ >@@ -81,11 +77,6 @@ CURL_DEBUG_CONFIGURE_ENABLE= curldebug > DEBUG_CONFIGURE_ENABLE= debug > GNUTLS_CONFIGURE_WITH= gnutls > GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls >-GSSAPI_BASE_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} >-GSSAPI_BASE_CPPFLAGS= ${GSSAPICPPFLAGS} >-GSSAPI_BASE_LDFLAGS= ${GSSAPILDFLAGS} >-GSSAPI_BASE_LIBS= ${GSSAPILIBS} >-GSSAPI_BASE_USES= gssapi > GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} > GSSAPI_HEIMDAL_CPPFLAGS=${GSSAPICPPFLAGS} > GSSAPI_HEIMDAL_LDFLAGS= ${GSSAPILDFLAGS} >@@ -145,14 +136,7 @@ IGNORE= only supports TLS-SRP with either OpenSSL or GnuTLS > IGNORE= only supports LDAPS with SSL > .endif > >-.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && (defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so))) >-IGNORE= GSSAPI_BASE is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system >-.endif >- >-.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == "security/libressl" >-.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} >-IGNORE= GSSAPI_BASE is not compatible with LibreSSL. Use other GSSAPI options >-.endif >+.if ${SSL_DEFAULT:Mlibressl*} > .if ${PORT_OPTIONS:MTLS_SRP} > IGNORE= unsupported TLS-SRP in LibreSSL > .endif >diff --git a/mail/cyrus-imapd24/Makefile b/mail/cyrus-imapd24/Makefile >index 3d72a07..e63bdf2 100644 >--- a/mail/cyrus-imapd24/Makefile >+++ b/mail/cyrus-imapd24/Makefile >@@ -82,13 +82,7 @@ SQLITE_CONFIGURE_ON= --with-sqlite=${LOCALBASE} > > OPTIONS_RADIO= GSSAPI > OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT >-.if exists(/usr/lib/libkrb5.a) >-OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE >-OPTIONS_DEFAULT+= GSSAPI_BASE >-.endif >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ >- --with-gss_impl=heimdal >+OPTIONS_DEFAULT= GSSAPI_MIT > GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags > GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ > --with-gss_impl=heimdal >@@ -150,8 +144,7 @@ INVALID_BDB_VER=2 > BDB_LIB_NAME= no > .endif > >-.if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && \ >- !${PORT_OPTIONS:MGSSAPI_MIT} >+.if !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && !${PORT_OPTIONS:MGSSAPI_MIT} > CONFIGURE_ARGS+=--disable-gssapi > .endif > >diff --git a/mail/cyrus-imapd25/Makefile b/mail/cyrus-imapd25/Makefile >index f1075a7..a4fac1d 100644 >--- a/mail/cyrus-imapd25/Makefile >+++ b/mail/cyrus-imapd25/Makefile >@@ -94,15 +94,7 @@ OSMAJOR= ${UNAMER:C/[.-].*//} > > OPTIONS_RADIO= GSSAPI > OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT >-.if exists(/usr/lib/libkrb5.a) >-OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE >-.if ${OSMAJOR} >= 9 >-OPTIONS_DEFAULT+= GSSAPI_BASE >-.endif >-.endif >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ >- --with-gss_impl=heimdal >+OPTIONS_DEFAULT= GSSAPI_MIT > GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags > GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ > --with-gss_impl=heimdal >@@ -164,8 +156,7 @@ IGNORE= DRAC is not available > USES+= sqlite > .endif > >-.if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && \ >- !${PORT_OPTIONS:MGSSAPI_MIT} >+.if !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && !${PORT_OPTIONS:MGSSAPI_MIT} > CONFIGURE_ARGS+=--disable-gssapi > .endif > >diff --git a/mail/dovecot2/Makefile b/mail/dovecot2/Makefile >index 2072761..0cc50a3 100644 >--- a/mail/dovecot2/Makefile >+++ b/mail/dovecot2/Makefile >@@ -51,7 +51,7 @@ OPTIONS_GROUP_DB= CDB LDAP MYSQL PGSQL SQLITE > OPTIONS_GROUP_FTS= ICU LUCENE SOLR TEXTCAT > > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_HEIMDAL GSSAPI_MIT > > KQUEUE_DESC= kqueue(2) support > LZ4_DESC= LZ4 compression support >@@ -67,7 +67,6 @@ SOLR_DESC= Solr FTS support > TEXTCAT_DESC= Libtextcat FTS support > > GSSAPI_NONE_DESC= Build without GSSAPI support >-GSSAPI_BASE_DESC= Use GSSAPI from base > GSSAPI_HEIMDAL_DESC= Use Heimdal GSSAPI from security/heimdal > GSSAPI_MIT_DESC= Use MIT GSSAPI from security/krb5 > >@@ -75,8 +74,6 @@ CDB_CONFIGURE_WITH= cdb > CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb > > GSSAPI_NONE_CONFIGURE_ON= --without-gssapi >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= --with-gssapi ${GSSAPI_CONFIGURE_ARGS} > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi ${GSSAPI_CONFIGURE_ARGS} > GSSAPI_MIT_USES= gssapi:mit >diff --git a/mail/mutt/Makefile b/mail/mutt/Makefile >index 27a37f7..b28333a 100644 >--- a/mail/mutt/Makefile >+++ b/mail/mutt/Makefile >@@ -67,7 +67,7 @@ OPTIONS_DEFINE= COMPRESSED_FOLDERS SASL DEBUG DOCS EXAMPLES FLOCK \ > OPTIONS_SINGLE= GSSAPI SCREEN > OPTIONS_RADIO= SPELL > OPTIONS_RADIO_SPELL= ASPELL ISPELL >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > OPTIONS_SINGLE_SCREEN= NCURSES SLANG > > COMPRESSED_FOLDERS_DESC= Compressed folders >@@ -145,8 +145,6 @@ NLS_CONFIGURE_OFF= --disable-nls > NLS_IMPLIES= ICONV > > # Handle GSSAPI from various places >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= --with-gss=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gss=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} > GSSAPI_MIT_USES= gssapi:mit >diff --git a/mail/mutt14/Makefile b/mail/mutt14/Makefile >index bb9a402..a1475ce 100644 >--- a/mail/mutt14/Makefile >+++ b/mail/mutt14/Makefile >@@ -127,13 +127,8 @@ CONFIGURE_ARGS+= --with-curses=${NCURSESBASE} > CFLAGS+= -I${NCURSESINC} > .endif > .if ${PORT_OPTIONS:MGSSAPI} >-.if exists(${LOCALBASE}/bin/gss-client) > LIB_DEPENDS+= libgssapi_krb5.so:security/krb5 > CONFIGURE_ARGS+= --with-gss=${LOCALBASE} >-.elif (defined(MAKE_KERBEROS5)) || exists(/usr/lib/libkrb5.a) >-CONFIGURE_ARGS+= --with-gss >-WITH_MUTT_KRB5_SYS=YES >-.endif > .endif > > post-patch: >diff --git a/mail/postfix-current/Makefile b/mail/postfix-current/Makefile >index 65780e8..3ce72b7 100644 >--- a/mail/postfix-current/Makefile >+++ b/mail/postfix-current/Makefile >@@ -53,6 +53,7 @@ LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb > MYSQL_USE= MYSQL=yes > PCRE_LIB_DEPENDS= libpcre.so:devel/pcre > PGSQL_USES= pgsql >+# pretty sure here is missing a SASLKRB5_LIB_DEPENDS line > SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 > SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 > SQLITE_USES= sqlite >diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile >index 5949708..68c7f60 100644 >--- a/mail/postfix/Makefile >+++ b/mail/postfix/Makefile >@@ -54,6 +54,7 @@ LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb > MYSQL_USE= MYSQL=yes > PCRE_LIB_DEPENDS= libpcre.so:devel/pcre > PGSQL_USES= pgsql >+# pretty sure here is missing a SASLKRB5_LIB_DEPENDS line > SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 > SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 > SQLITE_USES= sqlite >diff --git a/mail/postfix211/Makefile b/mail/postfix211/Makefile >index ec3b85f..b1e2ec3 100644 >--- a/mail/postfix211/Makefile >+++ b/mail/postfix211/Makefile >@@ -55,6 +55,7 @@ LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb > MYSQL_USE= MYSQL=yes > PCRE_LIB_DEPENDS= libpcre.so:devel/pcre > PGSQL_USES= pgsql >+# pretty sure here is missing a SASLKRB5_LIB_DEPENDS line > SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 > SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 > SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 >diff --git a/net-im/zephyr/Makefile b/net-im/zephyr/Makefile >index 637a22c..aef8857 100644 >--- a/net-im/zephyr/Makefile >+++ b/net-im/zephyr/Makefile >@@ -42,6 +42,7 @@ KRB5_DIR?= ${LOCALBASE} > .endif > .else > LIB_DEPENDS+= libss.so.2:devel/e2fsprogs-libss >+# I think this is wrong. > KRB5_DIR?= ${DESTDIR}/usr > .endif > >diff --git a/net-mgmt/net-snmp/Makefile b/net-mgmt/net-snmp/Makefile >index 3dc4eb7..19d40a8 100644 >--- a/net-mgmt/net-snmp/Makefile >+++ b/net-mgmt/net-snmp/Makefile >@@ -52,7 +52,7 @@ CONFIGURE_ARGS+=--enable-shared --enable-internal-md5 \ > --with-logfile="${NET_SNMP_LOGFILE}" \ > --with-persistent-directory="${NET_SNMP_PERSISTENTDIR}" \ > --with-gnu-ld --with-libwrap \ >- --with-ldflags="-lm -lkvm -ldevstat -L${PKG_PREFIX}/lib -L${LOCALBASE}/lib ${LCRYPTO}" >+ --with-ldflags="-lm -lkvm -ldevstat -L${PKG_PREFIX}/lib -L${LOCALBASE}/lib -lcrypto" > SUB_FILES= pkg-message > > .if !defined(WITHOUT_SSP) >@@ -210,12 +210,6 @@ CONFLICTS= ucd-snmp-4.* net-snmp-5.3.* > > .include <bsd.port.pre.mk> > >-.if defined(WITH_OPENSSL_PORT) || defined(OPENSSL_PORT) >-LCRYPTO= -lcrypto >-.else >-LCRYPTO= >-.endif >- > pre-everything:: > @${ECHO_MSG} > @${ECHO_MSG} "You may use the following build options:" >diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile >index bbf31d5..e232058 100644 >--- a/net/freeradius2/Makefile >+++ b/net/freeradius2/Makefile >@@ -80,15 +80,14 @@ GROUPS= ${RADIUS_GROUP} > # Default requirements for rc script > _REQUIRE= NETWORKING SERVERS > >-OPTIONS_DEFINE= USER KERBEROS HEIMDAL HEIMDAL_PORT LDAP MYSQL \ >+OPTIONS_DEFINE= USER KERBEROS HEIMDAL LDAP MYSQL \ > PGSQL UNIXODBC FIREBIRD PERL PYTHON OCI8 RUBY DHCP \ > EXPERIMENTAL UDPFROMTO DEVELOPER EDIR SSL_PORT DOCS > OPTIONS_DEFAULT=USER PERL PYTHON > > DHCP_DESC= With DHCP support (EXPERIMENTAL) > USER_DESC= Run as user freeradius, group freeradius >-HEIMDAL_DESC= With Heimdal Kerberos support >-HEIMDAL_PORT_DESC= With Heimdal Kerberos from ports >+HEIMDAL_DESC= With Heimdal Kerberos from ports > UNIXODBC_DESC= With unixODBC database support > FIREBIRD_DESC= With Firebird database support (EXPERIMENTAL) > OCI8_DESC= With Oracle support (currently experimental) >@@ -108,22 +107,14 @@ SUB_LIST+= RUN_AS_USER="no" > > .if ${PORT_OPTIONS:MKERBEROS} || ${PORT_OPTIONS:MHEIMDAL} > .if ${PORT_OPTIONS:MHEIMDAL} >-.if ${PORT_OPTIONS:MHEIMDAL_PORT} > LIB_DEPENDS+= libkrb5.so:security/heimdal >-.endif > CONFIGURE_ARGS+=--enable-heimdal-krb5 > .else > LIB_DEPENDS+= libkrb5support.so:security/krb5 > .endif > CONFIGURE_ARGS+=--with-rlm_krb5 >-.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) >-CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=/usr/lib >-CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=/usr/include >-CONFIGURE_ENV+= KRB5LIBS="$$(${KRB5_CONFIG})" >-.else > CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=${LOCALBASE}/lib > CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=${LOCALBASE}/include >-.endif > PLIST_SUB+= KRB5="" > .else > CONFIGURE_ARGS+=--without-rlm_krb5 >@@ -315,13 +306,6 @@ post-patch: > @${REINPLACE_CMD} -E \ > -e "s:^([[:space:]])+openssl:\1${OPENSSLBASE}/bin/openssl:g" \ > ${WRKSRC}/raddb/certs/Makefile >-# If we're using Heimdal from base, alter the LIBS variable >-# XXX Should patch configure.in instead of configure because it is regenerated >-.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) >- @${REINPLACE_CMD} -e 's|LIBS|KRB5LIBS|g' ${WRKSRC}/src/modules/rlm_krb5/configure >- @${REINPLACE_CMD} -e 's|-lkrb5|$$(${KRB5_CONFIG})|g' \ >- ${WRKSRC}/src/modules/rlm_krb5/configure >-.endif > # If DHCP is enabled, enable the DHCP dictionary > .if ${PORT_OPTIONS:MDHCP} > @${REINPLACE_CMD} -Ee 's:^#(.+ dictionary\.dhcp)$$:\1:g' \ >diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile >index ab483f7..a0b9ea1 100644 >--- a/net/freeradius3/Makefile >+++ b/net/freeradius3/Makefile >@@ -41,15 +41,14 @@ LDFLAGS+= -L${LOCALBASE}/lib > PLIST_SUB= PORTVERSION=${DISTVERSION} LIBVER=0${PORTVERSION:C/\./0/g} > > OPTIONS_SUB= yes >-OPTIONS_DEFINE= USER KERBEROS HEIMDAL HEIMDAL_PORT LDAP MYSQL \ >+OPTIONS_DEFINE= USER KERBEROS HEIMDAL LDAP MYSQL \ > PGSQL UNIXODBC FIREBIRD REDIS PYTHON RUBY \ > EXPERIMENTAL UDPFROMTO DEVELOPER EDIR PERL REST \ > FREETDS IDN SSL_PORT DOCS SQLITE3 > OPTIONS_DEFAULT=USER PERL > > USER_DESC= Run as user freeradius, group freeradius >-HEIMDAL_DESC= With Heimdal Kerberos support >-HEIMDAL_PORT_DESC= With Heimdal Kerberos from ports >+HEIMDAL_DESC= With Heimdal Kerberos from ports > UNIXODBC_DESC= With unixODBC database support > FIREBIRD_DESC= With Firebird database support (EXPERIMENTAL) > EXPERIMENTAL_DESC= Build experimental modules >@@ -82,22 +81,14 @@ GROUPS= ${RADIUS_GROUP} > > .if ${PORT_OPTIONS:MKERBEROS} || ${PORT_OPTIONS:MHEIMDAL} > .if ${PORT_OPTIONS:MHEIMDAL} >-.if ${PORT_OPTIONS:MHEIMDAL_PORT} > LIB_DEPENDS+= libkrb5.so:security/heimdal >-.endif > CONFIGURE_ARGS+=--enable-heimdal-krb5 --enable-pthread-support > .else > LIB_DEPENDS+= libkrb5support.so:security/krb5 > .endif > CONFIGURE_ARGS+=--with-rlm_krb5 >-.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) >-CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=/usr/lib >-CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=/usr/include >-CONFIGURE_ENV+= KRB5LIBS="$$(${KRB5_CONFIG})" >-.else > CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=${LOCALBASE}/lib > CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=${LOCALBASE}/include >-.endif > PLIST_SUB+= KRB5="" > .else > CONFIGURE_ARGS+=--without-rlm_krb5 >@@ -355,12 +346,6 @@ post-patch: > @${REINPLACE_CMD} -Ee 's: ..R...sbindir./rc.radiusd : :' \ > ${WRKSRC}/scripts/all.mk > >-# If we're using Heimdal from base, alter the LIBS variable >-.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) >- @${REINPLACE_CMD} -e 's|LIBS|KRB5LIBS|g' ${WRKSRC}/src/modules/rlm_krb5/configure >- @${REINPLACE_CMD} -e 's|-lkrb5|$$(${KRB5_CONFIG})|g' \ >- ${WRKSRC}/src/modules/rlm_krb5/configure >-.endif > .if empty(PORT_OPTIONS:MRUBY) > @${RM} -fr ${WRKSRC}/src/modules/rlm_ruby/ > .endif >diff --git a/net/samba36/Makefile b/net/samba36/Makefile >index 6b3862e..c3aa4c6 100644 >--- a/net/samba36/Makefile >+++ b/net/samba36/Makefile >@@ -120,7 +120,7 @@ OPTIONS_DEFINE= ACL_SUPPORT ADS AIO_SUPPORT AVAHI CUPS DNSUPDATE \ > MAX_DEBUG PAM_SMBPASS POPT PTHREADPOOL QUOTAS \ > SMBTORTURE SWAT SYSLOG UTMP WINBIND > OPTIONS_RADIO= GSSAPI >-OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >+OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE > > OPTIONS_DEFAULT= ACL_SUPPORT AIO_SUPPORT CUPS LDAP POPT PTHREADPOOL \ > WINBIND GSSAPI_NONE >@@ -135,8 +135,6 @@ AIO_SUPPORT_DESC= Asyncronous IO support > DNSUPDATE_DESC= Dynamic DNS update(require ADS) > EXP_MODULES_DESC= Experimental modules > >-GSSAPI_BASE_DESC= Use Heimdal in base >-GSSAPI_BASE_USES= gssapi > GSSAPI_HEIMDAL_DESC= Use Heimdal from ports > GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags > GSSAPI_MIT_DESC= Use MIT Kerberos V5 >diff --git a/net/wireshark/Makefile b/net/wireshark/Makefile >index 942c254..ba5eda3 100644 >--- a/net/wireshark/Makefile >+++ b/net/wireshark/Makefile >@@ -61,16 +61,15 @@ OPTIONS_SINGLE= KERBEROS > > OPTIONS_RADIO_ASYNCDNS= ADNS CARES > OPTIONS_RADIO_GUI= GTK2 GTK3 QT5 >-OPTIONS_SINGLE_KERBEROS=KRB_BASE KRB_HEIMDAL KRB_MIT KRB_NONE >+OPTIONS_SINGLE_KERBEROS=KRB_HEIMDAL KRB_MIT KRB_NONE > >-OPTIONS_DEFAULT?= SNMP ADNS IPV6 GEOIP KRB_BASE GTK3 >+OPTIONS_DEFAULT?= SNMP ADNS IPV6 GEOIP KRB_MIT GTK3 > > RTP_DESC= Enable support for playing back RTP streams > DECRYPT_DESC= Decryption support for SSL and IPSec > ASYNCDNS_DESC= Asynchronous DNS lookup support > ADNS_DESC= Asynchronous DNS resolution via GNU adns > KERBEROS_DESC= Kerberos dissection support >-KRB_BASE_DESC= Kerberos support via base system > KRB_HEIMDAL_DESC= Kerberos support via security/heimdal > KRB_MIT_DESC= Kerberos support via security/krb5 > KRB_NONE_DESC= Disable Kerberos support >@@ -80,7 +79,6 @@ GTK3_USE= GNOME=gtk30 > QT5_USE= QT5=core,gui,widgets,printsupport,buildtools_build > > LUA_USES= lua:5[1-2] >-KRB_BASE_USES= gssapi > KRB_HEIMDAL_USES= gssapi:heimdal > KRB_MIT_USES= gssapi:mit > >@@ -132,11 +130,6 @@ INSTALLS_ICONS= yes > PLIST_SUB+= GUI="" > .endif > >-.if ${PORT_OPTIONS:MKRB_BASE} && exists(${LOCALBASE}/include/krb5.h) >-IGNORE= cannot build with base Kerberos if krb5 port is installed. \ >- Use ``make config'' to choose a different option >-.endif >- > .if empty(PORT_OPTIONS:MGTK2) && empty(PORT_OPTIONS:MGTK3) && \ > ${PORT_OPTIONS:MRTP} > IGNORE= the RTP support requires GTK+ frontend >diff --git a/news/inn/Makefile b/news/inn/Makefile >index a797102..d4e801c 100644 >--- a/news/inn/Makefile >+++ b/news/inn/Makefile >@@ -67,12 +67,8 @@ CONFIGURE_ARGS+= --with-bdb=${LOCALBASE} \ > .endif > > .if ${PORT_OPTIONS:MKERBEROS} >-. if exists(${LOCALBASE}/bin/krb5-config) > LIB_DEPENDS+= libgssapi_krb5.so:security/krb5 > CONFIGURE_ARGS+= --with-krb5=${LOCALBASE} >-. else >-CONFIGURE_ARGS+= --with-krb5=/usr >-. endif > CONFIGURE_ENV+= ac_cv_search_krb5_parse_name="-lcrypt -lcrypto -lkrb5 -lasn1 -lroken -lhx509" > CONFIGURE_ENV+= ac_cv_func_krb5_init_ets=yes > .else >diff --git a/security/cyrus-sasl2-gssapi/Makefile b/security/cyrus-sasl2-gssapi/Makefile >index 48bd979..4f97d03 100644 >--- a/security/cyrus-sasl2-gssapi/Makefile >+++ b/security/cyrus-sasl2-gssapi/Makefile >@@ -6,11 +6,8 @@ PORTREVISION= 7 > COMMENT= SASL GSSAPI authentication plugin > > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >-OPTIONS_DEFAULT= GSSAPI_BASE >-GSSAPI_BASE_USES= gssapi:base >-GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ >- --with-gss_impl=heimdal >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_DEFAULT= GSSAPI_MIT > GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags > GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ > --with-gss_impl=heimdal >diff --git a/security/cyrus-sasl2-saslauthd/Makefile b/security/cyrus-sasl2-saslauthd/Makefile >index 88b65df..e3a48a21 100644 >--- a/security/cyrus-sasl2-saslauthd/Makefile >+++ b/security/cyrus-sasl2-saslauthd/Makefile >@@ -17,7 +17,7 @@ CONFIGURE_ENV+= andrew_cv_runpath_switch=none > OPTIONS_DEFINE= DOCS HTTPFORM OPENLDAP OPENLDAP_SASL > OPTIONS_RADIO= GSSAPI SASLDB > OPTIONS_RADIO_SASLDB= BDB1 BDB GDBM >-OPTIONS_DEFAULT= BDB1 >+OPTIONS_DEFAULT= BDB1 GSSAPI_MIT > > HTTPFORM_DESC= Enable HTTP form authentication > HTTPFORM_CONFIGURE_ENABLE=httpform >@@ -41,14 +41,7 @@ GDBM_CONFIGURE_ON= --enable-auth-sasldb \ > --with-dblib=gdbm \ > --with-gdbm=${LOCALBASE} > >-.if exists(/usr/lib/libkrb5.a) >-OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE >-OPTIONS_DEFAULT+= GSSAPI_BASE >-.endif >-OPTIONS_RADIO_GSSAPI+= GSSAPI_HEIMDAL GSSAPI_MIT >-GSSAPI_BASE_USES= gssapi:base >-GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ >- --with-gss_impl=heimdal >+OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT > GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags > GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ > --with-gss_impl=heimdal >diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile >index 1412c81..28cbe09 100644 >--- a/security/openssh-portable/Makefile >+++ b/security/openssh-portable/Makefile >@@ -31,7 +31,7 @@ OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \ > OVERWRITE_BASE SCTP LDNS NONECIPHER > OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS HPN LDNS > OPTIONS_RADIO= KERBEROS >-OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE >+OPTIONS_RADIO_KERBEROS= MIT HEIMDAL > TCP_WRAPPERS_DESC= tcp_wrappers support > BSM_DESC= OpenBSM Auditing > KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI) >@@ -41,7 +41,6 @@ X509_DESC= x509 certificate patch > SCTP_DESC= SCTP support > OVERWRITE_BASE_DESC= EOL, No longer supported. > HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) >-HEIMDAL_BASE_DESC= Heimdal Kerberos (base) > MIT_DESC= MIT Kerberos (security/krb5) > NONECIPHER_DESC= NONE Cipher support > >@@ -138,28 +137,11 @@ BROKEN= X509 patch incompatible with KERB_GSSAPI patch > > .endif > >-.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} >-BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently >-.endif >- >-.if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so) >-IGNORE= you have selected HEIMDAL_BASE but do not have heimdal installed in base >-.endif >- >-.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE} >-. if ${PORT_OPTIONS:MHEIMDAL_BASE} >-CONFIGURE_LIBS+= -lgssapi_krb5 >-CONFIGURE_ARGS+= --with-kerberos5=/usr >-. else >+.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} > CONFIGURE_ARGS+= --with-kerberos5=${LOCALBASE} >-. endif >-. if ${OPENSSLBASE} == "/usr" >-CONFIGURE_ARGS+= --without-rpath >-LDFLAGS= # empty >-. endif > .else > . if ${PORT_OPTIONS:MKERB_GSSAPI} >-IGNORE= KERB_GSSAPI requires one of MIT HEIMDAL or HEIMDAL_BASE >+IGNORE= KERB_GSSAPI requires one of MIT or HEIMDAL > . endif > .endif > >diff --git a/security/p5-Authen-Krb5-Simple/Makefile b/security/p5-Authen-Krb5-Simple/Makefile >index f7071ff..85bd780 100644 >--- a/security/p5-Authen-Krb5-Simple/Makefile >+++ b/security/p5-Authen-Krb5-Simple/Makefile >@@ -14,11 +14,9 @@ USE_PERL5= configure > CONFIGURE_ENV= GSSAPIBASEDIR="${GSSAPIBASEDIR}" > > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >-OPTIONS_DEFAULT= GSSAPI_BASE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_DEFAULT= GSSAPI_MIT > >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ENV= HAVE_HEIMDAL=1 > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ENV= HAVE_HEIMDAL=1 > GSSAPI_MIT_USES= gssapi:mit >diff --git a/security/p5-Authen-Krb5/Makefile b/security/p5-Authen-Krb5/Makefile >index e3fbb8a..879a7b4 100644 >--- a/security/p5-Authen-Krb5/Makefile >+++ b/security/p5-Authen-Krb5/Makefile >@@ -17,11 +17,9 @@ USE_PERL5= configure > CONFIGURE_ENV= GSSAPIBASEDIR="${GSSAPIBASEDIR}" > > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >-OPTIONS_DEFAULT= GSSAPI_BASE >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_DEFAULT= GSSAPI_MIT > >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ENV= HAVE_HEIMDAL=1 > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ENV= HAVE_HEIMDAL=1 > GSSAPI_MIT_USES= gssapi:mit >diff --git a/security/p5-GSSAPI/Makefile b/security/p5-GSSAPI/Makefile >index 2ff80d1..30a0eba 100644 >--- a/security/p5-GSSAPI/Makefile >+++ b/security/p5-GSSAPI/Makefile >@@ -14,11 +14,10 @@ COMMENT= Perl extension providing access to the GSSAPIv2 library > USES= perl5 > USE_PERL5= configure > >-OPTIONS_DEFAULT= GSSAPI_BASE >+OPTIONS_DEFAULT= GSSAPI_MIT > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT > >-GSSAPI_BASE_USES= gssapi > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_MIT_USES= gssapi:mit > >diff --git a/security/p5-Heimdal-Kadm5/Makefile b/security/p5-Heimdal-Kadm5/Makefile >index efa1a55..d6e6459 100644 >--- a/security/p5-Heimdal-Kadm5/Makefile >+++ b/security/p5-Heimdal-Kadm5/Makefile >@@ -10,17 +10,10 @@ PKGNAMEPREFIX= p5- > MAINTAINER= hrs@FreeBSD.org > COMMENT= Perl extension for Heimdal administrative client library > >-USES= perl5 >+USES= perl5 gssapi:heimdal > USE_PERL5= configure > CONFIGURE_ENV= GSSAPIBASEDIR="${GSSAPIBASEDIR}" > >-OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL >-OPTIONS_DEFAULT= GSSAPI_BASE >- >-GSSAPI_BASE_USES= gssapi >-GSSAPI_HEIMDAL_USES= gssapi:heimdal >- > post-build: > ${STRIP_CMD} ${WRKSRC}/blib/arch/auto/Heimdal/Kadm5/Kadm5.so > >diff --git a/security/p5-openxpki/Makefile b/security/p5-openxpki/Makefile >index 4fc5cc0..af8ab7a 100644 >--- a/security/p5-openxpki/Makefile >+++ b/security/p5-openxpki/Makefile >@@ -114,7 +114,7 @@ post-stage: > > .include <bsd.port.pre.mk> > >-.if defined(WITH_OPENSSL_PORT) && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl >+.if ${SSL_DEFAULT:Mlibressl*} > IGNORE= this version of OpenXPKI is not fully functional with LibreSSL library, use OpenSSL instead > .endif > >diff --git a/security/pam_krb5/Makefile b/security/pam_krb5/Makefile >index a708be3..da3ff53 100644 >--- a/security/pam_krb5/Makefile >+++ b/security/pam_krb5/Makefile >@@ -20,14 +20,12 @@ USES= gmake libtool perl5 > USE_PERL5= build > > OPTIONS_SINGLE= LINK >-OPTIONS_SINGLE_LINK= MIT HEIMDAL_BASE HEIMDAL_PORT >+OPTIONS_SINGLE_LINK= MIT HEIMDAL_PORT > OPTIONS_DEFAULT= MIT > MIT_DESC= Link against MIT Kerberos > MIT_USES= gssapi:mit > HEIMDAL_PORT_DESC= Link against Heimdal in ports Kerberos > HEIMDAL_PORT_USES= gssapi:heimdal >-HEIMDAL_BASE_DESC= Link against Heimdal in base Kerberos >-HEIMDAL_BASE_USES= gssapi:base > > CONFIGURE_ARGS+= --with-krb5="${GSSAPIBASEDIR}" \ > --with-krb5-include="${GSSAPIINCDIR}" \ >diff --git a/security/py-kerberos/Makefile b/security/py-kerberos/Makefile >index b3923e1..06a4334 100644 >--- a/security/py-kerberos/Makefile >+++ b/security/py-kerberos/Makefile >@@ -13,24 +13,21 @@ COMMENT= Kerberos bindings for python > > LICENSE= APACHE20 > >-OPTIONS_DEFAULT= GSSAPI_BASE >+OPTIONS_DEFAULT= GSSAPI_MIT > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT > >-GSSAPI_BASE_USES= gssapi > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_MIT_USES= gssapi:mit > > USES= python > USE_PYTHON= distutils autoplist > >-GSSAPI_BASE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_kerberosbasic.h \ >+GSSAPI_HEIMDAL_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_kerberosbasic.h \ > ${PATCHDIR}/extra-patch-src_kerberosgss.c \ > ${PATCHDIR}/extra-patch-src_kerberosgss.h \ > ${PATCHDIR}/extra-patch-src_kerberospw.h > >-GSSAPI_HEIMDAL_EXTRA_PATCHES= ${GSSAPI_BASE_EXTRA_PATCHES} >- > post-patch: > @${REINPLACE_CMD} -e 's|commands.getoutput("krb5-config|commands.getoutput("${GSSAPIBASEDIR}/bin/krb5-config|g' ${WRKSRC}/setup.py > >diff --git a/security/softhsm2/Makefile b/security/softhsm2/Makefile >index a519524..c321542 100644 >--- a/security/softhsm2/Makefile >+++ b/security/softhsm2/Makefile >@@ -38,7 +38,7 @@ CRYP_OPEN_USE= openssl=yes > CRYP_OPEN_VARS= WITH_OPENSSL_PORT=yes > CRYP_OPEN_CONFIGURE_ON= --with-crypto-backend=openssl > >-.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl >+.if ${SSL_DEFAULT:Mlibressl*} > CONFIGURE_ARGS+= --disable-gost > .endif > >diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile >index 9e2a36e..8530ce0 100644 >--- a/security/stunnel/Makefile >+++ b/security/stunnel/Makefile >@@ -74,11 +74,11 @@ CONFIGURE_ARGS+=--with-threads=pthread > LDFLAGS+= -lpthread > .endif > >-.if ${PORT_OPTIONS:MFIPS} && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl >+.if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT:Mlibressl*} > IGNORE= LibreSSL does not support FIPS standard > .endif > >-.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl >+.if ${SSL_DEFAULT:Mlibressl*} > NO_PACKAGE= The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries > .endif > >diff --git a/www/mod_auth_kerb2/Makefile b/www/mod_auth_kerb2/Makefile >index 5f83265..e4b102f 100644 >--- a/www/mod_auth_kerb2/Makefile >+++ b/www/mod_auth_kerb2/Makefile >@@ -24,22 +24,12 @@ GNU_CONFIGURE= yes > CONFIGURE_ARGS= -with-krb5=${GSSAPIBASEDIR} --without-krb4 > > OPTIONS_SINGLE= GSSAPI >-OPTIONS_DEFAULT= GSSAPI_BASE >-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >-GSSAPI_BASE_DESC= Use Base version of GSS API >+OPTIONS_DEFAULT= GSSAPI_MIT >+OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT > GSSAPI_HEIMDAL_DESC= Use Heimdal implementation of GSS API > GSSAPI_MIT_DESC= Use MIT implementation of GSS API > GSSAPI_DESC= Use Base version of GSS API >-GSSAPI_BASE_USES= gssapi > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_MIT_USES= gssapi:mit > >-.include <bsd.port.options.mk> >- >-.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${OSVERSION} < 903504 >-post-patch: >- ${REINPLACE_CMD} -e 's|@KRB5_LDFLAGS@|@KRB5_LDFLAGS@ -lgssapi_krb5|' \ >- ${WRKSRC}/Makefile.in >-.endif >- > .include <bsd.port.mk> >diff --git a/www/serf/Makefile b/www/serf/Makefile >index cdada44..5c00713 100644 >--- a/www/serf/Makefile >+++ b/www/serf/Makefile >@@ -21,10 +21,9 @@ USE_LDCONFIG= yes > > OPTIONS_DEFINE= DOCS > OPTIONS_RADIO= KERBEROS >-OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE >+OPTIONS_RADIO_KERBEROS= MIT HEIMDAL > > HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) >-HEIMDAL_BASE_DESC= Heimdal Kerberos (base) > MIT_DESC= MIT Kerberos (security/krb5) > MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 > HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal >@@ -39,9 +38,6 @@ INSTALL_TARGET= install --install-sandbox=${STAGEDIR} > > .include <bsd.port.options.mk> > >-.if ${PORT_OPTIONS:MHEIMDAL_BASE} >-SCONS_ARGS+= GSSAPI="/usr" >-.endif > .if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} > SCONS_ARGS+= GSSAPI="${LOCALBASE}" > .endif >diff --git a/www/squid/Makefile b/www/squid/Makefile >index 8e7c0d7..e884cde 100644 >--- a/www/squid/Makefile >+++ b/www/squid/Makefile >@@ -53,12 +53,12 @@ OPTIONS_DEFINE= ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \ > TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES > > OPTIONS_SINGLE= GSSAPI >-OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT >+OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_HEIMDAL GSSAPI_MIT > > OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS DOCS EXAMPLES FOLLOW_XFF \ > FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE \ > LAX_HTTP SNMP SSL SSL_CRTD TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 \ >- GSSAPI_BASE >+ GSSAPI_MIT > > ARP_ACL_CONFIGURE_ENABLE= eui > AUTH_LDAP_CFLAGS= -I${LOCALBASE}/include >@@ -112,9 +112,6 @@ GSSAPI_NONE_CONFIGURE_ON= --without-heimdal-krb5 \ > --without-mit-krb5 \ > --without-gss > >-GSSAPI_BASE_USES= gssapi >-GSSAPI_BASE_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} >- > GSSAPI_HEIMDAL_USES= gssapi:heimdal > GSSAPI_HEIMDAL_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} > >@@ -128,7 +125,6 @@ ARP_ACL_DESC= ARP/MAC/EUI based authentification > AUTH_DESC= Authentication helpers > GSSAPI_DESC= Install Kerberos authentication helpers > GSSAPI_NONE_DESC= Build without Kerberos support >-GSSAPI_BASE_DESC= Build with Kerberos support from base > GSSAPI_HEIMDAL_DESC= Build with Kerberos support from security/heimdal > GSSAPI_MIT_DESC= Build with Kerberos support from security/krb5 > AUTH_LDAP_DESC= Install LDAP authentication helpers >@@ -256,11 +252,6 @@ negotiate_auth= kerberos wrapper > PLIST_SUB+= AUTH_KERB="" > .endif > >-# Make it build on FreeBSD < 10 >-.if ${PORT_OPTIONS:MGSSAPI_BASE} >-EXTRA_PATCHES+= ${FILESDIR}/extra-patch-build-8-9 >-.endif >- > CONFIGURE_ARGS+= --enable-auth-basic="${basic_auth}" \ > --enable-auth-digest="${digest_auth}" \ > --enable-external-acl-helpers="${external_acl}" \ >diff --git a/www/squid/files/extra-patch-build-8-9 b/www/squid/files/extra-patch-build-8-9 >deleted file mode 100644 >index 337c147..0000000 >--- a/www/squid/files/extra-patch-build-8-9 >+++ /dev/null >@@ -1,11 +0,0 @@ >---- helpers/negotiate_auth/kerberos/negotiate_kerberos.h.orig 2015-08-01 06:08:17 UTC >-+++ helpers/negotiate_auth/kerberos/negotiate_kerberos.h >-@@ -140,7 +140,7 @@ int check_gss_err(OM_uint32 major_status >- >- char *gethost_name(void); >- >--#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC >-+#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC && __FreeBSD__ >= 10 >- #define HAVE_PAC_SUPPORT 1 >- #define MAX_PAC_GROUP_SIZE 200*60 >- typedef struct {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 208976
: 169561