- Fix Berkeley DB dependency. It now properly uses BDB_LIB specified in

Mk/Uses/bdb.mk instead of db185 interfaces in libc.
  As a side-effect, this causes a compatibility issue between
  heimdal.db created by kadmin(8) in the base system or one by
  an older security/heimdal.  See UPDATING about this issue.

- Fix readline dependency end eliminate libheimedit.

- Use -lpthread instead of -pthread.

- Use FOO_CONFIGURE_WITH=foo instead of FOO_CONFIGURE_ON=--with-foo.

UPDATING

@@ -5,6 +5,66 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20161112:
+  AFFECTS: users of security/heimdal
+  AUTHOR: hrs@FreeBSD.org
+
+  Heimdal in the base system and security/heimdal <= 1.5.3_6 use
+  Berkeley DB to store principals into /var/heimdal/heimdal.db and
+  the database format is version 3 by default.  On the other hand,
+  security/heimdal 1.5.3_7 or newer use the newer version of
+  Berkeley DB and the database format is version 9.
+  These two versions are not compatible with each other.  If there is
+  a mismatch between Heimdal utilities and its database format,
+  you will get an error like the following:
+
+  # /usr/local/sbin/kadmin -l dump
+  BDB0641 __db_meta_setup: /var/heimdal/heimdal.db: unexpected file type or format
+  kadmin: hdb_open: opening /var/heimdal/heimdal: Invalid argument
+
+  This mismatch can occur in the following three cases:
+
+  1. You used Heimdal in the base system and switch to use security/heimdal
+     after creating /var/db/heimdal.db.
+
+  2. You used security/heimdal >= 1.5.3_7 and switch to use one in the
+     base system.
+
+  3. You used security/heimdal < 1.5.3_7 and upgrade it to 1.5.3_7 or later.
+
+  To fix this mismatch, you need to dump contents of heimdal.db and
+  rebuild the database by using kadmin(8) utility.
+
+  If you use Heimdal in the base system or older versions of
+  security/heimdal, and plan to switch to use
+  security/heimdal >= 1.5.3_7, execute the following command
+  *after* creating a backup copy of /var/heimdal and installing
+  security/heimdal:
+
+  # /usr/bin/kadmin -l dump /var/heimdal/heimdal.db.dump
+  # rm /var/heimdal/heimdal.db
+  # /usr/local/sbin/kadmin -l load /var/heimdal/heimdal.db.dump
+  # rm /var/heimdal/heimdal.db.dump
+
+  The above example assumes security/heimdal is installed into
+  /usr/local.  If your base system is compiled with WITHOUT_KERBEROS
+  use the following instead:
+
+  # db_dump185-5 /var/heimdal/heimdal.db | db_load-5 /var/heimdal/heimdal.db.new
+  # chown 0600 /var/heimdal/heimdal.db.new
+  # mv /var/heimdal/heimdal.db.new /var/heimdal/heimdal.db
+
+  db_dump and db_load utilitites are installed by database/db5 as
+  dependency of security/heimdal.
+
+  If you want to switch from security/heimdal to Heimdal in the base
+  system, use the following:
+
+  # /usr/local/sbin/kadmin -l dump /var/heimdal/heimdal.db.dump
+  # rm /var/heimdal/heimdal.db
+  # /usr/bin/kadmin -l load /var/heimdal/heimdal.db.dump
+  # rm /var/heimdal/heimdal.db.dump
+
 20161105:
   AFFECTS: users of security/heimdal
   AUTHOR: hrs@FreeBSD.org

security/heimdal/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	heimdal
 PORTVERSION=	1.5.3
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://www.h5l.org/dist/src/ \
 		http://ftp.pdc.kth.se/pub/heimdal/src/ \
@@ -25,6 +25,11 @@ USE_LDCONFIG=	${GSSAPILIBDIR}
 GNU_CONFIGURE=	yes
 INSTALL_TARGET=	install-strip
 CONFIGURE_ENV=	ac_cv_header_fnmatch_h=yes \
+		ac_cv_header_db_h=no \
+		ac_cv_header_db3_db_h=no \
+		ac_cv_header_db4_db_h=no \
+		ac_cv_header_db5_db_h=no \
+		ac_cv_header_db5_h=no \
 		ac_cv_prog_COMPILE_ET=${WRKSRC}/lib/com_err/compile_et
 CONFIGURE_ARGS=	--with-libintl \
 		--with-libintl-include="${LOCALBASE}/include" \
@@ -37,13 +42,14 @@ CONFIGURE_ARGS=	--with-libintl \
 		--with-openssl-lib="${OPENSSLLIB}" \
 		--enable-otp \
 		--enable-pthread-support \
+		--with-readline="${LOCALBASE}" \
 		--with-hdbdir="/var/${PORTNAME}" \
 		--sysconfdir="${PREFIX}/etc"
+# XXX --with-readline picks up libreadline even if found in /usr/lib.
 MAKE_ENV=	INSTALL_CATPAGES=no
 .if !exists(/etc/rc.d/ipropd_master)
 USE_RC_SUBR=	ipropd_master ipropd_slave
 .endif
-
 INFO=		heimdal hx509
 
 MAKE_JOBS_UNSAFE=	yes
@@ -55,22 +61,24 @@ OPTIONS_SUB=	yes
 IPV6_CONFIGURE_WITH=	ipv6
 
 BDB_DESC=		Enable BerkeleyDB KDC backend support
-BDB_CONFIGURE_ON=	--with-berkeley-db
-BDB_CONFIGURE_OFF=	--without-berkeley-db
+BDB_USES=		bdb:5 localbase
+BDB_CONFIGURE_WITH=	berkeley-db
+BDB_CONFIGURE_ENV=	ac_cv_header_db${BDB_VER}_db_h=yes \
+			ac_cv_func_db_create=yes \
+			ac_cv_funclib_db_create="-l${BDB_LIB_NAME}"
+BDB_CONFIGURE_ON=	--disable-ndbm-db
 
 SQLITE_DESC=		Enable SQLite KDC backend support
 SQLITE_USES=		sqlite
-SQLITE_CONFIGURE_ON=	--with-sqlite3 \
-			--with-sqlite3-include="${LOCALBASE}/include" \
+SQLITE_CONFIGURE_ON=	--with-sqlite3-include="${LOCALBASE}/include" \
 			--with-sqlite3-lib="${LOCALBASE}/lib"
-SQLITE_CONFIGURE_OFF=	--without-sqlite3
+SQLITE_CONFIGURE_WITH=	sqlite3
 
 LDAP_DESC=		Enable OpenLDAP KDC backend support
 LDAP_USE=		OPENLDAP=yes
-LDAP_CONFIGURE_ON=	--with-openldap \
-			--with-openldap-include="${LOCALBASE}/include" \
+LDAP_CONFIGURE_ON= 	--with-openldap-include="${LOCALBASE}/include" \
 			--with-openldap-lib="${LOCALBASE}/lib"
-LDAP_CONFIGURE_OFF=	--without-openldap
+LDAP_CONFIGURE_WITH=	openldap
 
 PKINIT_DESC=		Enable PK-INIT support
 PKINIT_CONFIGURE_ENABLE=pk-init

security/heimdal/files/patch-cf__db.m4

@@ -1,19 +0,0 @@
---- cf/db.m4.orig	2012-03-22 10:24:19.000000000 +0100
-+++ cf/db.m4	2012-03-22 10:27:20.000000000 +0100
-@@ -42,6 +42,7 @@
- 	           db4/db.h				\
- 	           db3/db.h				\
- 	           db.h					\
-+	           db_185.h				\
-     ])])
- 
- dnl db_create is used by db3 and db4 and db5
-@@ -77,6 +78,8 @@
-   #include <stdio.h>
-   #if defined(HAVE_DB2_DB_H)
-   #include <db2/db.h>
-+  #elif defined(HAVE_DB_185_H)
-+  #include <db_185.h>
-   #elif defined(HAVE_DB_H)
-   #include <db.h>
-   #else

security/heimdal/files/patch-configure

@@ -1,6 +1,15 @@
---- configure.orig	2012-12-09 22:09:32 UTC
-+++ configure
-@@ -9567,29 +9567,6 @@ fi
+--- configure.orig	2012-12-10 07:09:32.000000000 +0900
++++ configure	2016-11-13 03:23:46.814899000 +0900
+@@ -8869,7 +8869,7 @@
+   hardcode_minus_L=no
+   hardcode_shlibpath_var=unsupported
+   inherit_rpath=no
+-  link_all_deplibs=unknown
++  link_all_deplibs=no
+   module_cmds=
+   module_expsym_cmds=
+   old_archive_from_new_cmds=
+@@ -9567,29 +9567,6 @@
        hardcode_shlibpath_var=no
        ;;
  
@@ -30,7 +39,7 @@
      # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
      freebsd* | dragonfly*)
        archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-@@ -10561,10 +10538,6 @@ dgux*)
+@@ -10561,10 +10538,6 @@
    shlibpath_var=LD_LIBRARY_PATH
    ;;
  
@@ -41,7 +50,7 @@
  freebsd* | dragonfly*)
    # DragonFly does not have aout.  When/if they implement a new
    # versioning mechanism, adjust this.
-@@ -10572,7 +10545,6 @@ freebsd* | dragonfly*)
+@@ -10572,7 +10545,6 @@
      objformat=`/usr/bin/objformat`
    else
      case $host_os in
@@ -49,7 +58,7 @@
      *) objformat=elf ;;
      esac
    fi
-@@ -10590,18 +10562,6 @@ freebsd* | dragonfly*)
+@@ -10590,18 +10562,6 @@
    esac
    shlibpath_var=LD_LIBRARY_PATH
    case $host_os in
@@ -68,26 +77,37 @@
    *) # from 4.6 on, and DragonFly
      shlibpath_overrides_runpath=yes
      hardcode_into_libs=yes
-@@ -14227,7 +14187,7 @@ case "$host" in
+@@ -11661,7 +11621,7 @@
+ old_striplib=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+ $as_echo_n "checking whether stripping libraries is possible... " >&6; }
+-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
++if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "strip" >/dev/null; then
+   test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+   test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+@@ -14227,9 +14187,9 @@
  	native_pthread_support="netbsd 3 uses explict pthread"
  		PTHREAD_LIBADD="-lpthread"
  	;;
 -*-*-freebsd[56789]*)
 +*-*-freebsd*)
  	native_pthread_support=yes
- 	PTHREAD_LIBADD="-pthread"
+-	PTHREAD_LIBADD="-pthread"
++	PTHREAD_LIBADD="-lpthread"
  	;;
-@@ -14393,9 +14353,6 @@ done
+ *-*-openbsd*)
+ 	native_pthread_support=yes
+@@ -14488,7 +14448,7 @@
+ fi
+ # db_create
+ eval "ac_tr_func=HAVE_`echo db_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
++eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//;s/[-.]/_/g' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+ eval "LIB_db_create=$ac_res"
  
- else
-   for ac_header in 					\
--	           db5/db.h				\
--	           db4/db.h				\
--	           db3/db.h				\
- 	           db.h					\
- 
- do :
-@@ -28245,7 +28202,7 @@ fi
+ case "$ac_res" in
+@@ -28245,7 +28205,7 @@
  
  krb_cv_compile_et="no"
  krb_cv_com_err_need_r=""

security/heimdal/pkg-message

@@ -0,0 +1,7 @@
+====
+heimdal-1.5.3_7 uses a new database format which is incompatible
+with Heimdal in the base system and heimdal-1.5.3_6 or prior.
+
+Please read 20161112 in /usr/ports/UPDATING carefully to upgrade
+your database.
+====

security/heimdal/pkg-plist

@@ -124,10 +124,6 @@ lib/heimdal/libheimbase.a
 lib/heimdal/libheimbase.so
 lib/heimdal/libheimbase.so.1
 lib/heimdal/libheimbase.so.1.0.0
-lib/heimdal/libheimedit.a
-lib/heimdal/libheimedit.so
-lib/heimdal/libheimedit.so.0
-lib/heimdal/libheimedit.so.0.0.36
 lib/heimdal/libheimntlm.a
 lib/heimdal/libheimntlm.so
 lib/heimdal/libheimntlm.so.0