Expiry date has passed, retire security/krb5-111.
EOLed by MIT in December 2014.

Remove UNIQUENAME and LATEST_LINK.

UNIQUENAME was never unique, it was only used by USE_LDCONFIG and now,
we won't have conflicts there.

Use PKGBASE instead of LATEST_LINK in PKGLATESTFILE, the *only* consumer
is pkg-devel, and it works just fine without LATEST_LINK as pkg-devel
has the correct PKGNAME anyway.

Now that UNIQUENAME is gone, OPTIONSFILE is too. (it's been called
OPTIONS_FILE now.)

Reviewed by:	antoine, bapt
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D3336

MIT KRB5 ports build unusable binaries due to incorrect linking
when build under poudriere. This commit fixes that.

- Display a stage-qa warning when ports use PREFIX/var instead of /var
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
  when CONFIGURE_ARGS already sets it.  (GNU configure scripts set it to
  PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
  they aren't affected by this change (for now at least).  This commit is
  meant to ensure that new ports don't make the same mistake.

- games/acm: the configure script in this port is very old; instead of
  patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
  changed the behaviour of the configure script; adjust the port to this.

PR:		199506
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Fix build with libressl.

PR:		198749, 198750

Advertise CPE data for Kerberos.

PR:		197465, 197466, 197467

Update 1.11.5 --> 1.11.6

This is a bugfix release.  The krb5-1.11 release series has reached
the end of its maintenance period, and krb5-1.11.6 is the last planned
release in the krb5-1.11 series.  For new deployments, installers
should prefer the krb5-1.13 release series or later.
This commit deprecates this port.

* Work around a gcc optimizer bug that could cause DB2 KDC database
  operations to spin in an infinite loop

* Fix a backward compatibility problem with the LDAP KDB schema that
  could prevent krb5-1.11 and later from decoding entries created by
  krb5-1.6.

Fix broken rpath.

Submitted by:	hrs

Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT
for krb5-111 and krb5-112.

Obtained from:	Greg Hudson <ghudson@mit.edu>
Security:	CVE-2014-5353, CVE-2014-5354

Forbid krb5-111 and krb5-112.

Security:	CVE-2014-5353, CVE-2014-5354
Security:	VUXML: 3a888a1e-b321-11e4-83b2-206a8a720317

Correct various packaging issues:

 - Libraries are not installed stripped;
 - pkgconfig files should be installed to libdata;
 - Use of deprecated @dirrm[try]

PR:		PR/197338
Submitted by:	delphij

Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
gss_process_context_token VU#540092

CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security:	MIT KRB5: VU#540092
Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

- Remove support for EXTRACT_PRESERVE_OWNERSHIP
- Update a few comments related to extract

Differential Revision:	https://reviews.freebsd.org/D1189
With hat:	portmgr

Fix LATEST_LINK.

Unbreak

MIT Kerberos released 1.13; 1.12 becomes a maintenance release,
1.11 remains a maintenance release.

- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
  (now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
  security/krb5-111 (the old maintenance release still supported by MIT)