--- a/components/bind/Makefile Tue May 31 16:41:45 2016 -0700
+++ b/components/bind/Makefile Wed Jun 01 14:21:11 2016 +0100
@@ -68,7 +68,7 @@
CONFIGURE_OPTIONS += --sysconfdir=$(ETCDIR)
CONFIGURE_OPTIONS += --localstatedir=$(VARDIR)
CONFIGURE_OPTIONS += --with-randomdev=/dev/random
-CONFIGURE_OPTIONS += --with-gssapi=$(USRDIR)
+CONFIGURE_OPTIONS += --with-gssapi=krb5-config
# Compiler and compiler options:
# - configure will add "-mt" to CC which is already set in CFLAGS, so override.
@@ -163,6 +163,7 @@
REQUIRED_PACKAGES += library/security/openssl
REQUIRED_PACKAGES += library/security/openssl/openssl-fips-140
REQUIRED_PACKAGES += network/dns/bind
+REQUIRED_PACKAGES += security/kerberos-5
REQUIRED_PACKAGES += service/security/kerberos-5
REQUIRED_PACKAGES += shell/ksh93
REQUIRED_PACKAGES += system/core-os
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/patches/008-configure.patch Wed Jun 01 14:21:11 2016 +0100
@@ -0,0 +1,228 @@
+Patch file created at Oracle to use krb5-config to discover libraries
+and include paths for linking with gssapi.
+
+Intention is to share patch with ISC for their inclusion in future
+releases of BIND.
+
+diff -r 5650ddc7a736 -r 13365deff14a configure.in
+--- a/configure.in Fri May 27 19:07:55 2016 +0100
++++ b/configure.in Tue May 31 12:51:40 2016 +0100
+@@ -752,6 +752,49 @@
+ [ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
+ use_gssapi="$withval", use_gssapi="no")
+
++# first try using krb5-config, if that does not work then fall back to "yes" method.
++if test "$use_gssapi" = "krb5-config"
++then
++ AC_MSG_RESULT(trying krb5_config)
++ AC_PATH_PROG(KRB5_CONFIG, krb5-config)
++ gssapi_cflags=`$KRB5_CONFIG --cflags gssapi`
++ gssapi_libs=`$KRB5_CONFIG --libs gssapi`
++ saved_cppflags="$CPPFLAGS"
++ CPPFLAGS="$gssapi_cflags $CPPFLAGS"
++ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h,
++ [ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"])
++ if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then
++ AC_MSG_RESULT([krb5-config: gssapi.h not found])
++ CPPFLAGS="$saved_cppflags"
++ use_gssapi="yes"
++ else
++ AC_CHECK_HEADERS(krb5/krb5.h krb5.h,
++ [ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"])
++ if test "$ISC_PLATFORM_KRB5HEADER" = ""; then
++ AC_MSG_RESULT([krb5-config: krb5.h not found])
++ CPPFLAGS="$saved_cppflags"
++ use_gssapi="yes"
++ else
++ CPPFLAGS="$saved_cppflags"
++ saved_libs="$LIBS"
++ LIBS=$gssapi_libs
++ AC_MSG_CHECKING([krb5-config linking as $LIBS])
++ AC_TRY_LINK( , [gss_acquire_cred();krb5_init_context()],
++ gssapi_linked=yes, gssapi_linked=no)
++ case $gssapi_linked in
++ yes) AC_MSG_RESULT([krb5-config: linked]);;
++ no) AC_MSG_RESULT([krb5-config: could not determine proper GSSAPI linkage])
++ use_gssapi="yes"
++ ;;
++ esac
++ LIBS=$saved_libs
++ fi
++ fi
++ if test "$use_gssapi" = "yes"; then
++ AC_MSG_CHECKING([for GSSAPI library, non krb5-config method])
++ fi
++fi
++
+ gssapidirs="/usr/local /usr/pkg /usr/kerberos /usr"
+ if test "$use_gssapi" = "yes"
+ then
+@@ -773,6 +816,11 @@
+ yes)
+ AC_MSG_ERROR([--with-gssapi must specify a path])
+ ;;
++ krb5-config)
++ USE_GSSAPI='-DGSSAPI'
++ DST_GSSAPI_INC="$gssapi_cflags"
++ DNS_GSSAPI_LIBS="$gssapi_libs"
++ ;;
+ *)
+ AC_MSG_RESULT(looking in $use_gssapi/lib)
+ USE_GSSAPI='-DGSSAPI'
+diff -r 5650ddc7a736 -r 13365deff14a configure
+--- a/configure Fri May 27 19:07:55 2016 +0100
++++ b/configure Tue May 31 12:51:40 2016 +0100
+@@ -794,6 +794,7 @@
+ ISC_PLATFORM_KRB5HEADER
+ ISC_PLATFORM_GSSAPIHEADER
+ ISC_PLATFORM_HAVEGSSAPI
++KRB5_CONFIG
+ USE_PKCS11
+ OPENSSLLINKSRCS
+ OPENSSLLINKOBJS
+@@ -13519,6 +13520,133 @@
+ fi
+
+
++# first try using krb5-config, if that does not work then fall back to "yes" method.
++if test "$use_gssapi" = "krb5-config"
++then
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: trying krb5_config" >&5
++$as_echo "trying krb5_config" >&6; }
++ # Extract the first word of "krb5-config", so it can be a program name with args.
++set dummy krb5-config; ac_word=$2
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
++$as_echo_n "checking for $ac_word... " >&6; }
++if ${ac_cv_path_KRB5_CONFIG+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ case $KRB5_CONFIG in
++ [\\/]* | ?:[\\/]*)
++ ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path.
++ ;;
++ *)
++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
++for as_dir in $PATH
++do
++ IFS=$as_save_IFS
++ test -z "$as_dir" && as_dir=.
++ for ac_exec_ext in '' $ac_executable_extensions; do
++ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
++ ac_cv_path_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext"
++ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
++ break 2
++ fi
++done
++ done
++IFS=$as_save_IFS
++
++ ;;
++esac
++fi
++KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG
++if test -n "$KRB5_CONFIG"; then
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5_CONFIG" >&5
++$as_echo "$KRB5_CONFIG" >&6; }
++else
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++
++
++ gssapi_cflags=`$KRB5_CONFIG --cflags gssapi`
++ gssapi_libs=`$KRB5_CONFIG --libs gssapi`
++ saved_cppflags="$CPPFLAGS"
++ CPPFLAGS="$gssapi_cflags $CPPFLAGS"
++ for ac_header in gssapi.h gssapi/gssapi.h
++do :
++ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
++ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
++if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
++ cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
++_ACEOF
++ ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"
++fi
++
++done
++
++ if test "$ISC_PLATFORM_GSSAPIHEADER" = ""; then
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: gssapi.h not found" >&5
++$as_echo "krb5-config: gssapi.h not found" >&6; }
++ CPPFLAGS="$saved_cppflags"
++ use_gssapi="yes"
++ else
++ for ac_header in krb5/krb5.h krb5.h
++do :
++ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
++ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
++if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
++ cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
++_ACEOF
++ ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"
++fi
++
++done
++
++ if test "$ISC_PLATFORM_KRB5HEADER" = ""; then
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: krb5.h not found" >&5
++$as_echo "krb5-config: krb5.h not found" >&6; }
++ CPPFLAGS="$saved_cppflags"
++ use_gssapi="yes"
++ else
++ CPPFLAGS="$saved_cppflags"
++ saved_libs="$LIBS"
++ LIBS=$gssapi_libs
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config linking as $LIBS" >&5
++$as_echo_n "checking krb5-config linking as $LIBS... " >&6; }
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++int
++main ()
++{
++gss_acquire_cred();krb5_init_context()
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++ gssapi_linked=yes
++else
++ gssapi_linked=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++ case $gssapi_linked in
++ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: linked" >&5
++$as_echo "krb5-config: linked" >&6; };;
++ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5-config: could not determine proper GSSAPI linkage" >&5
++$as_echo "krb5-config: could not determine proper GSSAPI linkage" >&6; }
++ use_gssapi="yes"
++ ;;
++ esac
++ LIBS=$saved_libs
++ fi
++ fi
++ if test "$use_gssapi" = "yes"; then
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GSSAPI library, non krb5-config method" >&5
++$as_echo_n "checking for GSSAPI library, non krb5-config method... " >&6; }
++ fi
++fi
++
+ gssapidirs="/usr/local /usr/pkg /usr/kerberos /usr"
+ if test "$use_gssapi" = "yes"
+ then
+@@ -13541,6 +13669,11 @@
+ yes)
+ as_fn_error $? "--with-gssapi must specify a path" "$LINENO" 5
+ ;;
++ krb5-config)
++ USE_GSSAPI='-DGSSAPI'
++ DST_GSSAPI_INC="$gssapi_cflags"
++ DNS_GSSAPI_LIBS="$gssapi_libs"
++ ;;
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: looking in $use_gssapi/lib" >&5
+ $as_echo "looking in $use_gssapi/lib" >&6; }