security/krb5*: Flavorize with default and ldap flavors

This provides a binary package to users who require MIT KRB5 with LDAP
support. This patch does not change the current, now default, package
name.

PR:		277015

security/krb5: krb5-121 is now default

krb5-121 is the default krb5 package. While at it remove krb5-119
from the "supported" list.

security/krb5-120: Welcome new krb5 1.20

Welcome the new krb5-120 (1.20) from MIT.

krb5-118 is now deprecated and scheduled for removal a year from
now.

security/krb5: Remove expirred krb5 version

This makefile was not updated when krb5-117 was removed.

Fixes:		e2dd87ef868d82a7b51410eedd638c76340c88fa

security/sssd: Fix package with SMB=on

While here, add comment in security/krb5 to remember the obscure dependency in
security/sssd so it does not break again.

PR:	244778
Reported by:	tommyhp2@gmail.com
Tested by:	tommyhp2@gmail.com
MFH:		2021Q2 (build fix)

One more small cleanup, forgotten yesterday.
Reported by:	lwhsu

Remove # $FreeBSD$ from Makefiles.

security/krb5: Remove option for non-existant krb5-116

Welcome the new KRB5 1.19 (krb5-119)

In addition, deprecate krb5-117 to retire one year after the release
of krb5-119: Feb 1, 2022.

krb5-119 becomes the default krb5 port.

Welcome the new KRB5 1.18 (krb5-118)

In addition, deprecate krb5-116 to retire one year after the release
of krb5-118: Feb 12, 2021.

Major changes in 1.18 (2020-02-12)
==================================

Administrator experience:

* Remove support for single-DES encryption types.

* Change the replay cache format to be more efficient and robust.
  Replay cache filenames using the new format end with ".rcache2" by
  default.

krb5-115 is now history.

Welcome the new KRB5 1.17 (krb5-117).

Major changes in 1.17 (2019-01-08)
==================================

Administrator experience:

* A new Kerberos database module using the Lightning Memory-Mapped
  Database library (LMDB) has been added.  The LMDB KDB module should
  be more performant and more robust than the DB2 module, and may
  become the default module for new databases in a future release.

* "kdb5_util dump" will no longer dump policy entries when specific
  principal names are requested.

Now that krb5-114 is gone, remove the option too.

Make krb5-116 default.

Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.

Major changes in 1.16 (2017-12-05)
==================================

Administrator experience:

* The KDC can match PKINIT client certificates against the
  "pkinit_cert_match" string attribute on the client principal entry,
  using the same syntax as the existing "pkinit_cert_match" profile
  option.

* The ktutil addent command supports the "-k 0" option to ignore the
  key version, and the "-s" option to use a non-default salt string.

Follow up on r455423.

Pointy hat to:	rene

Now that krb5 1.15.1 is GA, make krb5-115 default.

Remove expired krb5-112. It was mistakenly "re-added" by r427588.

Welcome the new security/krb5-115 port. This port follows MIT's
KRB5 1.15 releases.

To support this new ports:

- The security/krb5 port includes an option to use this port instead
  of krb5-114 as its base. krb5-114 will remain the default until the
  next release of KRB5 1.15 (if it's stable of course).

- MIT by default deprecates KRB5 two versions back from the current
  release. krb5-113 has been deprecated and will expire one year from
  now.

This is the second part of two commits, the first being r403749.

Adopt the same port structure as used by the cfengine family of ports:

security/krb5 is renamed to security/krb5-114.

A brand new security/krb5 now becomes a master port for the family of
security/krb5-* ports. The default installs krb5-1.14. There is no
functional change to the port build nor does the name of the latest krb5
port and package change. Users can continue to install security/krb5
to track the latest major version of security/krb5.

Users wishing to install a specific version branch of krb5 can continue
to install any of the security/krb5-* ports or by setting KRB5_VERSION
in make.conf make.conf or including the branch on the make command line
during build:

	make KRB5_VERSIN=NNN

make -V VERSIONS lists available versions.

security/krb5-appl has been updated to support this change (also fixing
a typo in the krb5-appl/Makefile).

Inspired by:            sysutils/cfengine

Move security/krb5 to security/krb5-114 in preparation for restructuring
of the krb5 faimily of ports.

Inspired by:	the cfengine family of ports

Introduce the new krb5 1.14:

- move (copy) krb5 (krb5 1.13.2) to krb5-113 (new, added)
- update krb5 1.13.2 --> 1.14
- update CONFLICTS in krb5, krb5-112 and krb5-113.
- update krb5-appl to allow optional dependency on krb5-113.
- update security/Makefile with copied krb5-113.
- deprecate and expire krb5-112 (krb5-1.12) on November 20, 2016, as it
  will EOL twelve months after the release of krb5-1.14.

Add sonames and minor versioned library names.

PR:             203882

Bump PORTREVISION.

Fix READLINE option.
Add support for libedit (LIBEDIT option).
Both command line editing options now supported by RADIO button.

Remove configuration argument used during testing.

Fix build under 11-CURRENT. r378417 introduced a libreadline link
workaround due to libtool not working with 11-CURRENT at the time.
The workaround now causes grief under 11-CURRENT and needs to be
removed.

PR:		202782

MIT KRB5 ports build unusable binaries due to incorrect linking
when build under poudriere. This commit fixes that.

Fix armv5 build.

PR:		200100
Submitted by:	mikael.urankar@gmail.com

Update 1.13.1 --> 1.13.2

- Display a stage-qa warning when ports use PREFIX/var instead of /var
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
  when CONFIGURE_ARGS already sets it.  (GNU configure scripts set it to
  PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
  they aren't affected by this change (for now at least).  This commit is
  meant to ensure that new ports don't make the same mistake.

- games/acm: the configure script in this port is very old; instead of
  patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
  changed the behaviour of the configure script; adjust the port to this.

PR:		199506
Exp-run by:	antoine
Approved by:	portmgr (antoine)

dvertise CPE data for Kerberos.

PR:		197465

Fix broken rpath.

Submitted by:	hrs

Update 1.13 --> 1.13.1, incorporates MITKRB5-SA-2015-001 (committed in
r378417).

Fix gcc5 build for DragonFly BSD.

PR:		197561
Submitted by:	marino

Correct various packaging issues:

 - Libraries are not installed stripped;
 - pkgconfig files should be installed to libdata;
 - Use of deprecated @dirrm[try]

PR:		PR/197338
Submitted by:	delphij

Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
gss_process_context_token VU#540092

CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security:	MIT KRB5: VU#540092
Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

- Remove support for EXTRACT_PRESERVE_OWNERSHIP
- Update a few comments related to extract

Differential Revision:	https://reviews.freebsd.org/D1189
With hat:	portmgr

Fix LATEST_LINK.

MIT Kerberos released 1.13; 1.12 becomes a maintenance release,
1.11 remains a maintenance release.

- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
  (now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
  security/krb5-111 (the old maintenance release still supported by MIT)

Update 1.12.1 --> 1.12.2.

Add readline non-default option.

Rename security/ patches to reflect the files they modify.

net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

Fix build when KRB5_HOME != LOCALBASE.

Submitted by:	hrs

Allow package build (make stage/make package) for non-root user.

Submitted by:	John Hein <john.hein@microsemi.com>

Finely tune KRB5_HOME test when using LIB_DEPENDS. in the case when
KRB5_HOME is set to LOCALBASE.

Remove extraneious MAN assignments.

- Add a startup script for kpropd

PR:		183502
Submitted by:	brd@
Approved by:	bdrewery@

Fix new patch.

Point hat to:	self

KRB5_HOME no longer works with LIB_DEPENDS. Mark broken when set.

1. Fix build when using clang 3.4.
2. RTM_OLDADD and RTM_OLDDEL were removed from -stable. Thanks alfred@ for
   this patch.
3. Stagify.

Submitted by:	alfred (#2)

Update 1.12 --> 1.12.1

Update krb5 to 1.12. Security/krb5 tracks MIT KRB5 current release.

Adjust the newly created krb5-maint with a new portname and conflicts.
Krb5-maint is a maintenance release for those who wish to use the previous
release of krb5. krb5-maint remains at 1.11.3.

Adjust CONFLICTS in security/heimdal and security/srp to account for the
newly repocopied krb5-maint.

Adjust security/Makefile to include krb5-maint.

pkg-plist fixup.

Add LDAP support.

PR:		184557
Submitted by:	Erick Turnquist <jhujhiti@adjectivism.org>

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

Convert to new perl framework
Convert USE_GMAKE to USES=gmake

Add an empty directory created by the port to pkg-plist

Approved by:	portmgr (miwi)

Update krb5 1.11.2 --> 1.11.3.

This is a bugfix release.

* Fix a UDP ping-pong vulnerability in the kpasswd (password changing)
  service.  [CVE-2002-2443]

* Improve interoperability with some Windows native PKINIT clients.

Security:	CVE-2002-2443

- Convert USE_GETTEXT to USES (part 3)

Approved by:	portmgr (bapt)

Update 1.11.1 --> 1.11.2

Major changes in 1.11.2 (2013-04-12)
====================================

This is a bugfix release.

* Incremental propagation could erroneously act as if a slave's
  database were current after the slave received a full dump that
  failed to load.

* gss_import_sec_context incorrectly set internal state that
  identifies whether an imported context is from an interposer
  mechanism or from the underlying mechanism.

Feature safe:	yes

- Remove A/An in COMMENT
- Trim Header where applicable

Reset ulog if database load failed.
Avoids a slave reporting it is current when a full resync fails.

Obtained
from:	https://github.com/rbasch/krb5/commit/2ef5ae0607d1c317a936e439b4be7a6f5184dc

Update 1.11 --> 1.11.1.

Security:	Fix a null pointer dereference in the KDC PKINIT code [CVE-2013-1415].

Fix verto.h missing build error on some systems.

The following contributed by mandree@:
	- Header standardization.

	- Make use of OptionsNG.

	- Make portlint happy.

Update 1.10.3 --> 1.11

Fix plist.

Feature safe:	yes

Update krb5 1.9.2 --> 1.10.3

Feature safe:	yes

Fix build of security/krb5 with clang.

PR:             169740
Submitted by:           Niclas Zeising <zeising@daemonic.se>

- update png to 1.5.10

- pointyhat kludge - tetex drags in port-OpenSSL on 7.X, but only as a build
  dependency. Yet this triggers autodetection code in bsd.openssl.mk and
  OpenSSL dependency is registered with the resulting package, creating a
  discord between INDEX and actual package. Work around by explicitly recording
  the dependency in a way that INDEX build will see.

OK'ed by:       cy (maintainer)
Feature safe:   yes

PORTREVISION bump.

PR:             163272
Feature safe:   yes

Apply patch for MITKRB5-SA-2011-007, KDC null pointer dereference in TGS
handling.

PR:             163272
Submitted by:   zi
Security:       6c7d9a35-2608-11e1-89b4-001ec9578670
Feature safe:   yes

Update 1.9.1 --> 1.9.2. This is a bugfix release.

Feature safe:   yes

Apply patch from MIT KRB5 GIT tree commit: 043533c2f13d2bc69316.

libgssrpc was ignorant of the remote address of the kadmin socket,
even when it's IPv4.  This made old-style GSSAPI authentication fail
because it uses the wrong channel bindings.  Fix this problem by making
clnttcp_create() get the remote address from the socket using getpeername()
if the caller doesn't provide it and it's an IPv4 address.

PR:             160500
Submitted by:   Ben Kaduk <kaduk@mit.edu>

Update 1.9 --> 1.9.1.

PR:             158520
Submitted by:   Ryan Steinmetz <rpsfa@rit.edu>

Apply patch for MITKRB5-SA-2011-004, kadmind invalid pointer free()
[CVE-2011-0285]

Security:       MITKRB5-SA-2011-004, CVE-2011-0285
Feature safe:   yes

Bump PORTREVISION.

Adjust krb5-config when $KRB5_HOME is specified. This will allow applications
linking aganst the MIT krb5 libraries to link using the correct ones.

Apply patch for MITKRB5-SA-2011-003, KDC vulnerable to double-free when
PKINIT enabled.

Obtained from:  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
Security:       MITKRB5-SA-2011-003, CVE-2011-0284
Feature safe:   yes

Apply fixes for kpropd denial of service (MITKRB5-SA-2011-001) and KDC
denial of service (MITKRB5-SA-2011-002).

Security:       MITKRB5-SA-2011-001 (CVE-2010-4022),
                MITKRB5-SA-2011-002 (CVE-2011-0281)

Remove the OpenSSL port requirement. The base OpenSSL will work too.

Feature safe:   yes

Update from 1.8.3_2 to 1.9.

Sync to new bsd.autotools.mk

Fix security vulnerabilities CVE-2010-1324, CVE-2010-1323, CVE-2010-4020,
CVE-2010-4021, and CVE-2010-1322.

PR:             152755
Submitted by:   wollman
Security:       CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021,
                and CVE-2010-1322.
Feature safe:   Yes

Enable ksu DEBUG (-D) flag.

Update to 1.8.3.

PR:             149299
Submitted by:   gwollman

Apply patch for MIT KRB5 security vulnerability MITKRB5-SA-2010-005.

PR:             146939
Submitted by:   wollman
Security:       MIT krb5 Security Advisory 2010-005

- No longer broken on -current b/c of utmpx changes

PR:             ports/146384
Submitted by:   pgollucci@ (myself), others
Approved by:    maintainer timeout (cy@, 16 days)

Welcome the new krb5-1.8.1. Significant changes include the removal of
the MIT KRB5 applications (now in a separate tarball and port).

MFkrb5-17.

- Mark BROKEN: does not compile

Reported by:    pointyhat

- update to 1.4.1
Reviewed by:    exp8 run on pointyhat
Supported by:   miwi

- Mark BROKEN: fails to build with new utmpx

Reported by:    pointyhat

- update to jpeg-8

Remove commented out option from a bygone era.

Remove redundant length check.

-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.

It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.

With help:      marcus and kwm
Pointyhat-exp:  a few times by pav
Tested by:      pgollucci, "Romain Tartière" <romain@blogreen.org>, and
                a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by:    marcus
Approved by:    portmgr

- bump all port that indirectly depends on libjpeg and have not yet been bumped
or updated
Requested by:   edwin

Convert missing WANT_KRB5_DOC pieces.

Add HTML documentation OPTION knob.