Log message:
security/mit-krb5: detect post-1.5 versions on GNU/Linux in builtin.mk

This might need proper reworking to safely detect the krb5 version
and/or header location without guessing. Asking krb5-config might
be a solution also to tell between heimdal and mit-krb5 from
--version output.

Log message:
security/mit-krb5: revert previous commit

The fix in the previous patch was already in the updated package, despite
information from upstream.

Log message:
security/mit-krb5: update patch-aclocal.m4 to avoid empty conditional branch.

Mainline autoconf generates no shell code for AC_CONFIG_AUX_DIR().
Call it unconditionally to avoid a syntax error.  See
https://github.com/krb5/krb5/commit/f78edbe30816f049e1360cb6e203fabfdf7b98df.

Log message:
mit-krb5: Update to 1.18.3.

Fixes issues the with autoconf 2.70 update and bison POSIX yacc errors.

Major changes in 1.18.3 (2020-11-17)
------------------------------------

This is a bug fix release.

* Fix a denial of service vulnerability when decoding Kerberos
  protocol messages.

* Fix a locking issue with the LMDB KDB module which could cause KDC
  and kadmind processes to lose access to the database.

* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
  and unloaded while libkrb5support remains loaded.

krb5-1.18.3 changes by ticket ID
--------------------------------

7476    updated manual page for kvno
8614    Assertion failure when repeatedly loading libgssapi_krb5
8882    kdb5_util load ignores password expiration with LDAP KDB module
8918    KDC and kadmind fork with DB open, breaking LMDB KDB module
8926    Allow gss_unwrap_iov() of unpadded RC4 tokens
8933    Fix input length checking in SPNEGO DER decoding
8936    Set lockdown attribute when creating LDAP KDB
8938    Leash crashes on failure to auto-renew tickets
8939    Suppress Leash error popup on MSLSA renew failure
8959    Add recursion limit for ASN.1 indefinite lengths
8960    Fix compatibility with upcoming autoconf 2.70

Log message:
mit-krb5: Add comment about missing LICENSE.

The license file is enormous.  While mostly BSDish, one license is
hard to safely read as Free.  I have asked upstream to clarify the
language.

Log message:
mit-krb5: Add patch comment and note that it has been filed upstream

Log message:
mit-kerberos: Update to 1.18.2

Upstream README excerpt:

Major changes in 1.18.2 (2020-05-21)

    Fix a SPNEGO regression where an acceptor using the default credential would \ 
improperly filter mechanisms, causing a negotiation failure.
    Fix a bug where the KDC would fail to issue tickets if the local krbtgt \ 
principal's first key has a single-DES enctype.
    Add stub functions to allow old versions of OpenSSL libcrypto to link \ 
against libkrb5.
    Fix a NegoEx bug where the client name and delegated credential might not be \ 
reported.

Major changes in 1.18.1 (2020-04-13)

    Fix a crash when qualifying short hostnames when the system has no primary \ 
DNS domain.
    Fix a regression when an application imports "service@" as a GSS \ 
host-based name for its acceptor credential handle.
    Fix KDC enforcement of auth indicators when they are modified by the KDB module.
    Fix removal of require_auth string attributes when the LDAP KDB module is used.
    Fix a compile error when building with musl libc on Linux.
    Fix a compile error when building with gcc 4.x.
    Change the KDC constrained delegation precedence order for consistency with \ 
Windows KDCs.

Log message:
mit-krb5: Remediate bashism

(I don't know how this built before, but it's in a test file, so no
PKGREVISION bump is necessary.)

Log message:
mit-krb5: Remove old MESSAGE content

The move of client programs to mit-krb5-appl was 2 years ago and no
longer news.  Also, it is clearly stated in the DESCR.

Log message:
*: bump PKGREVISION for perl-5.32.