Implement OPTIONS menu.

Implement options that will allow the user to:

        - rename ftp and ftpd to kftp and kftpd
        - rename telnet and telnetd to ktelnet and ktelnetd
        - rename rlogin to krlogin
        - rename rsh to krsh
        - rename rcp to krcp

This avoids shadowing by or being shadowed by, depending on one's PATH,
system utilities of the same name.

Fixes for multiple vulnerabilities.

Security:       US-CERT Technical Cyber Security Alert TA08-079B --
                        MIT Kerberos Updates for Multiple Vulnerabilities
                US-CERT Vulnerability Note VU#895609,
                US-CERT Vulnerability Note VU#374121
                MIT krb5 Security Advisory 2008-001
                MIT krb5 Security Advisory 2008-002

Fix pkinit install brokenness under 5.5 and 6.2.

Approved by:    portmgr (linimon)

Mark as broken: fails to install.

Approved by:    portmgr (self)

Fix build for OpenSSL 0.9.8.

PR:             117552
Submitted by:   Hirohisa Yamaguchi <umq@umo.co.jp>

Fix build under 7.0-PRERELEASE.

Fix erroneous patch.

PR:             117469
Submitted by:   Karen Andrews <dearmiss@optusnet.com.au>

Update 1.6.2 --> 1.6.3

Security:       fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
                fix CVE-2007-4000 modify_policy vulnerability

Also:           add PKINIT support

Patch for MIT krb5 Security Advisory 2007-006 - kadmind RPC lib buffer
overflow, uninitialized pointer
Security:       MIT krb5 Security Advisory 2007-006

Update 1.6.1 --> 1.6.2

Patches for:

MITKRB5-SA-2007-004: kadmind affected by multiple RPC library vulnerabilities
MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow

Security:       US CERT Technical Cyber Security Alert TA07-177A --
                MIT Kerberos Vulnerabilities

- Welcome X.org 7.2 \o/.
- Set X11BASE to ${LOCALBASE} for recent ${OSVERSION}.
- Bump PORTREVISION for ports intalling files in ${X11BASE}.

Remove defunct (zero length) patch files.

Pointy hat to:          yours truly

Update from 1.6 to 1.6.1.

MIT KRB5 Security patches:

1. MIT krb5 Security Advisory 2007-001: Telnetd allows login as arbitrary user
   CVE: CVE-2007-0956
   CERT: VU#220816

2. MIT krb5 Security Advisory 2007-002: KDC, kadmind stack overflow in
krb5_klog_syslog
   CVE: CVE-2007-0957
   CERT: VU#704024

Fix double-free vulnerability in kadmind (via GSS-API library).

Obtained from:  MIT krb5 Security Advisory 2007-003
Security:       US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos
Vulnerabilities

- Fix after objformat removal

Reported by:    pointyhat

- Remove support for a.out format and PORTOBJFORMAT variable from individual
  ports

With hat:       portmgr

Change a dependency from teTeX-base to the smaller texinfo.

Include new documentation dependencies.

Conditionally build and install documentation using a new knob.

Update 1.5.1 --> 1.6

Security:       MITKRB5-SA-2006-002,  MITKRB5-SA-2006-003, and
                US-CERT Technical Cyber Security Alert TA07-009B

Register conflicts for srp in security/heimdal, security/krb4, and
securiry/krb5.
Bump PORTREVISION accordingly.

PR:             ports/105442
Submitted by:   Ruben van Staveren <ruben@verweg.com>
Reviewed by:    shaun@, cy@
Approved by:    flz (mentor)

Update krb5-1.5 --> krb5-1.5.1

Submitted by:   Paul Vixie <paul@vix.com>

Cause the KDC to also listen on the loopback interface. This is useful
for situations when the database is replicated to a secure environment
that does not have network access, by hand.

Fix plugin loader. This fixes krb5kdc and kdb5_util.

Update 1.4.3 --> 1.5

Remove USE_REINPLACE from all categories starting with S

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

SHA256ify

Approved by: krion@

Remove install-info from Makefile, it's automatically done when INFO is defined

Add INFO macro

Improve runtime performance on Sparc 64 platform.

Fix the Sparc 64 build.

Flag Sparc64 build as broken.

Update 1.4.2 --> 1.4.3

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

Fix FreeBSD-4.11 build problem

PR:             87888

Fix makeinfo problem under FreeBSD-6.0.

Makeinfo 4.8 problem.

Relocate BROKEN conditional.

Fails to build on 4.11.

BROKEN: Does not build

- Set CONFLICTS with heimdal and krb4
- Portlint

PR:             ports/85027
Submitted by:   lofi
Approved by:    maintainer timeout (cy, 7 weeks)

Update 1.4.1 --> 1.4.2

Fix:

- MIT KRB5 Security Advisory 2005-002: Buffer overflow, heap corruption in KDC

- MIT KRB5 Security Advisory 2005-003: Double free in krb5_recvauth

Update 1.4 --> 1.4.1.

Package list fixup when KRB5_KRB4_COMPAT is not specified.

Packing list fixups.

Noticed by:     kris
Pointy hat to:  yours truly

Remove NDEBUG flag as it fails to build at some installations.

Update web page URL.

Update 1.3.6 --> 1.4

Implement a fix for MITKRB5-SA-2005-001: buffer overflows in telnet client.

Approved by:    portsmgr (krion)
Obtained from:  Tom Yu <tlyu@mit.edu> on kerberos-announce

Update 1.3.5 --> 1.3.6

Crypto-publish.org no longer maintains a current release of MIT-KRB5.
Remove code to alternatively fetch from that site.

Update 1.3.4 --> 1.3.5

Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilities
in KDC and libraries

Heads-up by:    nectar

Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.

Heads-up by:    nectar

Update KRB5 1.3.3 --> 1.3.4

Updated patch for MITKRB5-SA-2004-001: krb5_aname_to_localname buffer overrun.

Obtained from:  Tom Yu <tlyu@mit.edu> on BUGTRAQ

Fix MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname

Obtained from:  Tom Yu <tlyu@MIT.EDU> on kerberos-announce list

Update 1.3.2 --> 1.3.3

- Update MIT KRB5 1.3.1 --> 1.3.2. (As crypto-publish.org does not have
  1.3.2 yet, when USE_KRB5_TARBALL=CRYPTO-PUBLISH is specified, 1.3.1
  will be installed.)

- Add SIZE to distinfo

Use ports infrastructure provided PERL5 variable to locate Perl
interpreter.

Define unique LATEST_LINK.

Reported by:    kris

Bump PORTREVISION on all ports that depend on gettext to aid with upgrading.

(Part 1)

Change to src/include/netdb.h 1.31 caused a compile error. This
commit fixes that error.

Reported by:    bento

Fix crypto-publish extract.

Add missing slash (/) to the end of MIT MASTER_SITE.

MIT has removed the web form, downloads of MIT KRB5 can be automated.
Unfortunately MIT and crypto-publish.org distribute two distinctly
different tarballs and the user must select the source/format they
wish to fetch. MIT now becomes the default.

1. Fix pkg-plist.

2. Fix build on -STABLE.

PR:             57128

Mark BROKEN (see bento logs).  These ports are scheduled for removal
after Feb 2 2004 if they are still broken at that time and no fixes
have been submitted by PR.

BROKEN: Broken pkg-plist

The `man2html' script that krb5 uses is written in Perl.

Noticed by:     wollman
Approved by:    marcus (wearing his portsmgr hat)

Crypto-publish.org is now distributing krb5-1.3.1.

Patch to fix compiles under -STABLE (RELENG_4).

PR:             56169
Submitted by:   Sergey Matveychuk <sem@ciam.ru>

Update 1.3 --> 1.3.1

Update 1.2.8 --> 1.3

Put SONAME entries into shared libraries.

Submitted by:   wollman

Change default for V4 compatibility to reflect best practices
for new installations.

Submitted by:   wollman

Default is to fetch from crypto-publish.org. USA_RESIDENT replaced
by USE_MIT_TARBALL. Users can still fetch manually from MIT by
setting USE_MIT_TARBALL=YES.

Suggested by:   wollman

Update 1.2.7 --> 1.2.8.

Patches from:
  - MITKRB5-SA-2003-005:
       Buffer overrun and underrun in principal name handling

  - MITKRB5-SA-2003-004:
       Cryptographic weaknesses in Kerberos v4 protocol; KDC and realm
       compromise possible.

  - MITKRB5-SA-2003-003:
       Faulty length checks in xdrmem_getbytes may allow kadmind DoS.

  - Additional patches from RedHat.

Approved by:    kris (wearing his portmgr hat)
Obtained from:  MIT Website and Nalin Dahyabhai <nalin@redhat.com>

Clear moonlight beckons.
Requiem mors pacem pkg-comment,
And be calm ports tree.

E Nomini Patri, E Fili, E Spiritu Sancti.

Remove RESTRICTED tag for crypto stuff.

Approved by:    kris (implicitly)

Update 1.2.6 --> 1.2.7

Note:   Since crypto-publish.org does not yet have krb5-1.2.7 up on their
        website, fetch from their site has been temporarily disabled.

Use PORTCOMMENT.

Fix pkg-plist when KRB5_KRB4_COMPAT=NO is specified.

Submitted by:   Craig Boston <craig@olyun.gank.org>

Circumvent the use of bison, use FreeBSD yacc instead.

PR:             44446

Fix buffer overflow in kadmind4 (remote user can gain root access to
KDC host).

Obtained from:  Tom Yu <tlyu@mit.edu> on kerberos-announce mailing list,
                MIT krb5 Security Advisory 2002-002

Crypto-publish.org has finally put krb5-1.2.6 up on their site. The
patch reimplements code to fetch MIT Kerberos from their site when
USA_RESIDENT=NO.

Approved by:    kris

Update 1.2.5 --> 1.2.6

Note:   Since crypto-publish.org does not yet have krb5-1.2.6 up on their
        website, fetch from their site has been temporarily disabled.

Fix extract for non-root users.

Noticed by:     nectar
Pointy hat to:  cy

Correct Sun RPC buffer overflow.
<URL:http://online.securityfocus.com/archive/1/285308>
<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>

README.FreeBSD fix.

PR:             39936
Submitted by:   Matthew West <mwest@uct.ac.za>

Fix problem with V4 keys.  We should get KRB5_KDB_NO_MATCHING_KEY, not
ENOENT.  Obtained from /cvs/krbdev/krb5/src/kdc/kdc_preauth.c,v rev 5.31
in MIT KRB5 tree (fix etype info; wrong termination condition used in
get_etype_info).

Obtained from:  Sam Hartman <hartmans@mit.edu>

I add missing krb5-config.

Now that www.crypto-publish.org has put the latest version of MIT KRB5
up on their website again, reimplementation of the Makefile patch that
fetched the the tarball from their site for users outside of the US
(originally in Makefile rev 1.29).  USA_RESIDENT=YES still supports
manual fetching from web.mit.edu.

Upgrade 1.2.4 --> 1.2.5

www.crypto-publish.org does not have krb5-1.2.4.{tar,tar.Z,tar.gz,tar.bz2}.

Reported by:    bento

MIT currently distributes their KRB5 distribution in a tarball (.tar)
that contains the distribution itself, in a tar.gz file, and a signature
certificate, contained in a detached .tar.gz.asc file.  Prior to this
patch, users installing MIT KRB5 had to extract the tarball into
/usr/ports/distfiles, then proceed with the installation.  This caused
confusion among those installing the port.  This patch addresses the
problem by extracting the .tar.gz file from the tarball, then unpacking
the .tar.gz file before continuing with the build.

Update 1.2.3 --> 1.2.4