security/krb5-119: Remove expired port

2024-04-15 security/krb5-119: Desupported by MIT following 1.21

security/krb5-119: Bring forward expiriation date

This port is now broken on FreeBSD 13 due to a syntax error in its
generated ./configure file. It was slated to be removed in two months.
Remove it early.

security/krb5*: Flavorize with default and ldap flavors

This provides a binary package to users who require MIT KRB5 with LDAP
support. This patch does not change the current, now default, package
name.

PR:		277015

security/krb5-*: Move man pages to share/man

security/krb5-1*: Fix plist error

Fix:

====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
===> Checking for items in pkg-plist which are not in STAGEDIR
Error: Missing: @dir %%DOCSDIR%%
===> Error: Plist issues found.
*** Error code 1

security/krb5*: Remve kdc wrappers script

Remove the kdc script that allowed krb5kdc to be stared using
the /etc/rc.d/kdc rc script. This is no longer needed since
src/ 91f78c32befa.

security/krb5*: Allow the user to specify state directory locations

localstatedir and runstatedir are set to ${PREFIX}/var and
${PREFIX}/var/run respectively. Users who wish to put their KDC
DB elsewhere can set the following in make.conf:
	KRB5_LOCALSTATEDIR=/va
	KRB5_RUNSTATEDIR=/var/run.

Unfortunately defaulting to /var instead of the current default would
result in MIT KDC not finding its KDC DB files. This would be disruptive
to all MIT KDC users. But new users of MIT KRB5 KDC can set the pathname
above as desired.

PR:	267560

security/openssl: Update BROKEN_SSL ports referring to openssl30

security/krb5-119: Mark BROKEN in 15-CURRENT

Now that -CURRENT is 15-CURRENT, mark broke for the same reason as
14-CURRENT. Adjust BROKEN_14 message to say 14-STABLE.

security/krb5: Support libedit in base

Even though libedit is in base FreeBSD, the krb5 ports still depend
on devel/libedit when the LIBEDIT option is selected. This is because
./configure uses pkgconf to determine if libedit exists, ignoring
libedit in FreeBSD base. This patch adds a new LIBEDIT_BASE option
which enables LIBEDIT (LIBEDIT_BASE) without installing the
devel/libedit port.

The GNU READLINE option will remain the default for now but it is
planned to switch the default to LIBEDIT_BASE at some point. This is
to reduce the dependency on GNU software and to bring it more into
line with the planned MIT KRB5 import into FreeBSD base.

security/krb5*: Disable NLS when option is deselected

When the NLS option is deselected, ./configure reverts to
enable_nls=check. As some prerequisites do require NLS, NLS is
always enabled even when deslected. This ensures that when NLS
is not wanted, that it is not used, regardless of its install status.

security/krb5-119: Spell DEPRECATED correctly

Reported by:	portfmt scan

security/krb5-119: Flag broken with OpenSSL 3.0 in 14-CURRENT

security/krb5-119: Fix EXPIRATION_DATE typo

security/krb5-*: Adjust conflicts

With the import of security/krb5-121, adjust conflicts of all krb5 ports.

security/krb5-121: Welcome new krb5 1.21

Welcome the new krb5-121 (1.21) from MIT.

krb5-119 is now deprecated and scheduled for removal a year from
now.

security/krb5-119: Mark BROKEN_SSL

- Requires OpenSSL 3.0.0 deprecated RSA_ routines

Approved by:	portmgr (blanket)

Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

security/krb5-119: Update to 1.19.4

MFH:		2022Q4
Security:	CVE-2022-42898

security/krb5-*: Address CVE-2022-42898

Topic: Vulnerabilities in PAC parsing

CVE-2022-42898: integer overflow vulnerabilities in PAC parsing

SUMMARY
=======

Three integer overflow vulnerabilities have been discovered in the MIT
krb5 library function krb5_parse_pac().

IMPACT
======

security/krb5-*: Bring CONFLICTS up to current status

Clean up CONFLICTS bitrot.

MFH:		2022Q3

Remove WWW lines that have been moved into Makefiles

Approved by:	portmgr (implicit)

Move more WWW entries from pkg-descr files into Makefiles

The WWW: lines in the pkg-descr files of these ports where not at the
end of those files and have been missed in prior conversion runs.

Approved by:	portmgr (implicit)

security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>

security/krb5-119: Update to 1.19.3

Fix CONFLICTS entries of multiple ports

There have been lots of missing CONFLICTS_INSTALL entries, either
because conflicting ports were added without updating existing ports,
due to name changes of generated packages, due to mis-understanding
the format and semantics of the conflicts entries, or just due to
typoes in package names.

This patch is the result of a comparison of all files contained in
the official packages with each other. This comparison was based on
packages built with default options and may therefore have missed
further conflicts with optionally installed files.

Where possible, version numbers in conflicts entries have been
generalized, some times taking advantage of the fact that a port

*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)

*/*: Remove redundant '-[0-9]*' from CONFLICTS

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Many CONFLICTS definitions used patterns like "bash-[0-9]*" to filter
for the bash package in any version. But that pattern is functionally
identical with just "bash".

Approved by:	portmgr (blanket)

security/krb5-119: Update to 1.19.2

The announcement as follows:

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Releases 1.19.2 and 1.18.4.  Please see below for a list of some major
changes included, or consult the README file in the source tree for a
more detailed list of significant changes.

Retrieving krb5-1.19.2 and krb5-1.18.4
======================================

You may retrieve the krb5-1.19.2 and krb5-1.18.4 sources from the
following URL:

*: Remove unnecessary 'port' argument from USES=readline

PR:		248459
Exp-run by:	antoine

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

security/krb5: update 1.19 --> 1.19.1.

Welcome the new KRB5 1.19 (krb5-119)

In addition, deprecate krb5-117 to retire one year after the release
of krb5-119: Feb 1, 2022.

krb5-119 becomes the default krb5 port.