Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b000714da3b197de1385325ab5831aa4e6cd796
rpi-buildroot/package/libkrb5/libkrb5.mk
Thomas Petazzoni a7216460a3 package/libkrb5: bump to version 1.22.1 
This version builds fine with GCC 15.x, without passing -std=gnu99.

Changes are described at
https://web.mit.edu/Kerberos/www/krb5-1.22/. Most relevant details:

User experience

        The libdefaults configuration variable "request_timeout" can
	be set to limit the total timeout for KDC requests. When
	making a KDC request, the client will now wait
	indefinitely (or until the request timeout has elapsed) on a
	KDC which accepts a TCP connection, without contacting any
	additional KDCs. Clients will make fewer DNS queries in some
	configurations.

        The realm configuration variable "sitename" can be set to
	cause the client to query site-specific DNS records when
	making KDC requests.

Administrator experience

        Principal aliases are supported in the DB2 and LMDB KDB
	modules and in the kadmin protocol. (The LDAP KDB module has
	supported aliases since release 1.7.)

        UNIX domain sockets are supported for the Kerberos and kpasswd
	protocols.

        systemd socket activation is supported for krb5kdc and kadmind.

Developer experience

        KDB modules can be be implemented in terms of other modules
	using the new krb5_db_load_module() function.

        The profile library supports the modification of empty
	profiles and the copying of modified profiles, making it
	possible to construct an in-memory profile and pass it to
	krb5_init_context_profile().

        GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to
	gss_init_sec_context() to request strict enforcement of
	channel bindings by the acceptor.

Protocol evolution

        The PKINIT preauth module supports elliptic curve client
	certificates, ECDH key exchange, and the Microsoft paChecksum2
	field.

        The IAKERB implementation has been changed to comply with the
	most recent draft standard and to support realm discovery.

        Message-Authenticator is supported in the RADIUS
	implementation used by the OTP kdcpreauth module.

Code quality

        Removed old-style function declarations, to accomodate
	compilers which have removed support for them.

        Added OSS-Fuzz to the project's continuous integration
	infrastructure.

        Rewrote the GSS per-message token parsing code for improved
	safety.

This commit also updates the NOTICE license file hash after year update
and few other minor reformatting.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Julien: update NOTICE license file hash]
Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-09-04 18:55:04 +02:00

94 lines
2.5 KiB
Makefile
Raw Blame History

################################################################################
#
# libkrb5
#
################################################################################
LIBKRB5_VERSION_MAJOR = 1.22
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).1
LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR)
LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz
LIBKRB5_SUBDIR = src
LIBKRB5_LICENSE = MIT, BSD-2-Clause, BSD-3-Clause, BSD-4-Clause, others
LIBKRB5_LICENSE_FILES = NOTICE
LIBKRB5_CPE_ID_VENDOR = mit
LIBKRB5_CPE_ID_PRODUCT = kerberos_5
LIBKRB5_DEPENDENCIES = host-bison $(TARGET_NLS_DEPENDENCIES)
LIBKRB5_INSTALL_STAGING = YES
LIBKRB5_CFLAGS = $(TARGET_CFLAGS)
# The configure script uses AC_TRY_RUN tests to check for those values,
# which doesn't work in a cross-compilation scenario. Therefore,
# we feed the configure script with the correct answer for those tests
LIBKRB5_CONF_ENV = \
ac_cv_printf_positional=yes \
ac_cv_func_regcomp=yes \
krb5_cv_attr_constructor_destructor=yes,yes \
LIBS=$(TARGET_NLS_LIBS)
# Never use the host packages
LIBKRB5_CONF_OPTS = \
--without-system-db \
--without-system-et \
--without-system-ss \
--without-system-verto \
--without-tcl \
--disable-rpath
# libkrb5 has some assembly function that is not present in Thumb mode:
# Error: selected processor does not support `mcr p15,0,r2,c7,c10,5' in Thumb mode
# so, we deactivate Thumb mode
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
LIBKRB5_CFLAGS += -marm
endif
LIBKRB5_CONF_ENV += CFLAGS="$(LIBKRB5_CFLAGS)"
# Enabling static and shared at the same time is not supported
ifeq ($(BR2_SHARED_STATIC_LIBS),y)
LIBKRB5_CONF_OPTS += --disable-static
endif
ifeq ($(BR2_PACKAGE_OPENLDAP),y)
LIBKRB5_CONF_OPTS += --with-ldap
LIBKRB5_DEPENDENCIES += openldap
else
LIBKRB5_CONF_OPTS += --without-ldap
endif
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
LIBKRB5_CONF_OPTS += \
--enable-pkinit \
--with-crypto-impl=openssl \
--with-spake-openssl \
--with-tls-impl=openssl
LIBKRB5_DEPENDENCIES += openssl
else
LIBKRB5_CONF_OPTS += \
--disable-pkinit \
--with-crypto-impl=builtin \
--without-spake-openssl \
--without-tls-impl
endif
ifeq ($(BR2_PACKAGE_LIBEDIT),y)
LIBKRB5_CONF_OPTS += --with-libedit
LIBKRB5_DEPENDENCIES += host-pkgconf libedit
else
LIBKRB5_CONF_OPTS += --without-libedit
endif
ifeq ($(BR2_PACKAGE_READLINE),y)
LIBKRB5_CONF_OPTS += --with-readline
LIBKRB5_DEPENDENCIES += readline
else
LIBKRB5_CONF_OPTS += --without-readline
endif
ifneq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
LIBKRB5_CONF_OPTS += --disable-thread-support
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink