summaryrefslogtreecommitdiff
path: root/app-crypt/heimdal
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2023-02-12 09:56:54 +0000
committerV3n3RiX <venerix@koprulu.sector>2023-02-12 09:56:54 +0000
commitebc282ef4dfa408accac685565b8ee5f6faec119 (patch)
treec0a4f713228cda0ab17eed46f0bb7ca8cb8be2f6 /app-crypt/heimdal
parent6c8694a707151d59555b0e4e48235f085ce166c3 (diff)
gentoo auto-resync : 12:02:2023 - 09:56:54
Diffstat (limited to 'app-crypt/heimdal')
-rw-r--r--app-crypt/heimdal/Manifest6
-rw-r--r--app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch36
-rw-r--r--app-crypt/heimdal/heimdal-7.7.1.ebuild2
-rw-r--r--app-crypt/heimdal/heimdal-7.8.0-r1.ebuild187
-rw-r--r--app-crypt/heimdal/heimdal-7.8.0.ebuild2
5 files changed, 229 insertions, 4 deletions
diff --git a/app-crypt/heimdal/Manifest b/app-crypt/heimdal/Manifest
index c4b0fe7d2f78..d532ec997d6e 100644
--- a/app-crypt/heimdal/Manifest
+++ b/app-crypt/heimdal/Manifest
@@ -1,3 +1,4 @@
+AUX heimdal-7.8.0-CVE-2022-45142.patch 1320 BLAKE2B 2aa61a0a7c852b587b4313a13b4fa24415123590bd5779e972a395fa4e93e048544e874b238d8fabf7853001ff1eae668263bbf8f8f00d2ce395a5af869ba99f SHA512 9a03a218c0e523ed50051176f11f6939a5c9dd45c40495fa676b94083a1aa69ec9109fa415f836cec1b3a26ff77cd3ac44a7464f0395c8088627561fefbf2c66
AUX heimdal-kadmind.confd 151 BLAKE2B 1e916d248e9d93029e1e2a541c505c87f017e2a825383650dd8cf0e9c55d1740410312bf050270a382caef11250dbcf333724e5e73ce4ed4d2dacb53dbdb6a34 SHA512 2e2852fa6bebeb58da4bd80fb584339ab8c95fdc1e37f957045f9fcc9b212ccf61145d16c6f7a2fae6245e977200e48150f25bc4ac1d734692555ccfd9911810
AUX heimdal-kadmind.initd-r2 427 BLAKE2B 55f0d458b28c889bce8a98ce58112124983c284918c1db1b877c095bd9f573d60ec035afe3182d5ae3f6d484af6fdd09b9efe01b73821921afac8509b65abbf4 SHA512 fd8cf77b7786a6b78d775be3ee769a31ec27a085f4e0764722948a02122e9a4ce52143eb1d3ac2acd7c74a5bee4432220155eb9a49bfbafc0c23431b18da64b2
AUX heimdal-kcm.confd 130 BLAKE2B 5c182031eab38014f2f83c70989df31c9ddb664d166f2c92d93aac9cf352ac0975486d4edb8079cd77b74e52d480917297d00f966d0568b24ee70212e119de18 SHA512 dd70d57c3be5f0d4cf872463af1df6bec82774314e6462cd2433ff9fc4d2ff585210581c75bc76b33085e58b16e3ca795bbd531eba6b5f7a3f7f505b7e9ed50b
@@ -13,6 +14,7 @@ AUX heimdal_tinfo.patch 711 BLAKE2B 730ef4b1ba79d80c7257d1bd04783584cf616b2e51d6
AUX krb5.conf 424 BLAKE2B 49b8a0aab6e0dacb70b91e030bb5f2b8bdfe4253026f85e2c9d16bdf6f554c585572ed9d3835bed976c8953fc92d0f42270c6a0767e943ec5efa5b79f6f4cf89 SHA512 4dad6837344e30c6988355551b5b82bce748dad7aa7648204ba7852540ad3a546b5344926789d60e78d57ff20dff87b680b790dc8d86c8dec1008feb0d809e38
DIST heimdal-7.7.1.tar.gz 10009851 BLAKE2B 2d2b6cef4aea1dfab97106cc6be5f3f68736c93f153b650ba349ee32be2a415de8a550c462c6d0978628ac18403838145198e07b4710ebe21570878e2b44f595 SHA512 c77def1d32301caa8675297152a534919459a65bd1c5353cdc8795c07aa7a94fd319b697b98e02233ef25eaeedb36420edd139c1e22d68d54bb991343a11a369
DIST heimdal-7.8.0.tar.gz 10024936 BLAKE2B bab8ed12a5257395b34bb88e22147912857015c652f0899c54809582c49f9c33b9ac748b28dd38ac7072d245e86e44c5dafb8725103fcb4a6dae16c8d1d4b623 SHA512 0167345aca77d65b7a1113874eee5b65ec6e1fec1f196d57e571265409fa35ef95a673a4fd4aafbb0ab5fb5b246b97412353a68d6613a8aff6393a9f1e72999e
-EBUILD heimdal-7.7.1.ebuild 4460 BLAKE2B a28335e13388958c296d5b350571ba02c1356a08f79aa49aa7289c02b1576ea05bb2f30751ebd097efc6ef1a4db56fb6b835183d9af25942253ab51d26126f7f SHA512 85fad2ad0bb7103ce5db1267564a186a597cf54724e2d48049e0e8f8d33a4dfb9f82d4920f355714539fbaab330f5952c7becc0168a1f19aadd84af9d60d22d8
-EBUILD heimdal-7.8.0.ebuild 4466 BLAKE2B c3e283b6a601616d3f4eb18ab22ddaf8007c712b1b9a5d23ec74925b306b44b3214138cc60506708c7f028f0234841ad8a4221e11bb15a647f7f383b36e998a5 SHA512 5dbcbf1c2b71983bbe00f4ab38cebc134933307a0e81a0eaef273e562245ecb932c2292ebee4e8430856a1b34c2d9de8302f91bb1b46941d6c2f07cc755c75fd
+EBUILD heimdal-7.7.1.ebuild 4493 BLAKE2B a86f726d9586d6ab2e62ee7e96f1e8b179ec0460d6bdb0677f6a70b058e47ac7f9c8690e88c4963acc43de976cf5845e157523005284c951a6ee4f7a38dc5e7f SHA512 20496f6eeebdf26f687df3b7a585441091948f7aa2070951526a9233b3c407c266609ebad0099ba0e0bbd9c4eb95d2ddb58640253ea6296ab6d31b42b912ef8e
+EBUILD heimdal-7.8.0-r1.ebuild 4549 BLAKE2B 1b5f784ae815bd9f43cf7fd115b9497bd7c90789ed68c24ff8f464e132e1d750f9415be83aa05f9a7b6b60f9df9886aba9b2ee6f881bc267ab13a2f792144355 SHA512 8cd501a37756140791d61a6f6f9f76b3ae24aca94d90b07daff37483a02bf6235cab0d8a79925405674f93a67d087aafd87374a28cd508c03c91d0d5e6f4c3d2
+EBUILD heimdal-7.8.0.ebuild 4499 BLAKE2B 1f9d2bed92c3e1490e41c1728d0f1bd0da2a6e8353819325d68c68d0395082b8793f7bfc896e0145b693feb7a2a2f8dff0c7f34f3d11ea3802457677b9a9500c SHA512 72e792c5cc6aa65aa5cc74f7c4511251492bfc667a35878554e2789c1050592ab0be4af499d56f65af0e1274ea957c02ae30068283c325bc4c2fabb0b47069c0
MISC metadata.xml 582 BLAKE2B e38fb8048d899871775a690397627b0003cb3301aaa3c98cc8fb9d70e867bd0b922581d3e319464ff89929c4a34c608e23cecc72f0b4a320b3365cf23853268e SHA512 77b5b3da9ccbcb77c6e0985c7610b3ba5b698092327221477f30828f086ef3891c8170856cb6b26a5596239180e43c5b6d5e213ae6a7129c659bb34fe9c498cd
diff --git a/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch b/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch
new file mode 100644
index 000000000000..dad75df4b3b8
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch
@@ -0,0 +1,36 @@
+https://bugs.gentoo.org/893722
+https://www.openwall.com/lists/oss-security/2023/02/08/1
+
+From: Helmut Grohne <helmut@...divi.de>
+Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions
+
+The referenced commit attempted to fix miscompilations with gcc-9 and
+gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
+it also inverted the result of the comparison in two occasions. This
+inversion happened during backporting the patch to 7.7.1 and 7.8.0.
+
+Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
+ for arcfour unwrap")
+Signed-off-by: Helmut Grohne <helmut@...divi.de>
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+ return GSS_S_FAILURE;
+ }
+
+- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+ if (cmp) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+ return GSS_S_FAILURE;
+ }
+
+- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+ if (cmp) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = 0;
+--
+2.38.1
diff --git a/app-crypt/heimdal/heimdal-7.7.1.ebuild b/app-crypt/heimdal/heimdal-7.7.1.ebuild
index 3b0301eaac21..b36ce55b43e2 100644
--- a/app-crypt/heimdal/heimdal-7.7.1.ebuild
+++ b/app-crypt/heimdal/heimdal-7.7.1.ebuild
@@ -121,7 +121,7 @@ multilib_src_configure() {
)
fi
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+ CONFIG_SHELL="${BROOT}"/bin/bash ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {
diff --git a/app-crypt/heimdal/heimdal-7.8.0-r1.ebuild b/app-crypt/heimdal/heimdal-7.8.0-r1.ebuild
new file mode 100644
index 000000000000..7852376dbebc
--- /dev/null
+++ b/app-crypt/heimdal/heimdal-7.8.0-r1.ebuild
@@ -0,0 +1,187 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+VIRTUALX_REQUIRED="manual"
+
+inherit autotools db-use multilib-minimal python-any-r1 virtualx flag-o-matic
+
+MY_P="${P}"
+DESCRIPTION="Kerberos 5 implementation from KTH"
+HOMEPAGE="https://www.heimdal.software/"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="afs +berkdb caps gdbm hdb-ldap +lmdb otp selinux ssl static-libs test X"
+RESTRICT="!test? ( test )"
+
+CDEPEND="
+ virtual/libcrypt:=[${MULTILIB_USEDEP}]
+ ssl? (
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
+ )
+ berkdb? ( >=sys-libs/db-4.8.30-r1:*[${MULTILIB_USEDEP}] )
+ gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+ lmdb? ( dev-db/lmdb:= )
+ caps? ( sys-libs/libcap-ng )
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}]
+ sys-libs/ncurses:0=
+ >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}]
+ afs? ( net-fs/openafs )
+ hdb-ldap? ( >=net-nds/openldap-2.3.0:= )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXau
+ x11-libs/libXt
+ )
+ !!app-crypt/mit-krb5
+ !!app-crypt/mit-krb5-appl"
+
+DEPEND="${CDEPEND}
+ ${PYTHON_DEPS}
+ dev-perl/JSON
+ virtual/pkgconfig
+ sys-apps/texinfo
+ >=sys-devel/autoconf-2.62
+ test? ( X? ( ${VIRTUALX_DEPEND} ) )"
+
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-kerberos )"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/krb5-types.h
+ /usr/include/cms_asn1.h
+ /usr/include/digest_asn1.h
+ /usr/include/hdb_asn1.h
+ /usr/include/krb5_asn1.h
+ /usr/include/pkcs12_asn1.h
+ /usr/include/pkinit_asn1.h
+ /usr/include/rfc2459_asn1.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/krb5-config
+)
+
+PATCHES=(
+ "${FILESDIR}/heimdal_disable-check-iprop.patch"
+ "${FILESDIR}/heimdal_tinfo.patch"
+ "${FILESDIR}/heimdal_build-headers-before-use.patch"
+ "${FILESDIR}/heimdal_fix-db60.patch"
+ "${FILESDIR}/heimdal-7.8.0-CVE-2022-45142.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # QA
+ append-flags -fno-strict-aliasing
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ --enable-kcm
+ --disable-osfc2
+ --enable-shared
+ --with-libintl="${EPREFIX}"/usr
+ --with-readline="${EPREFIX}"/usr
+ --with-sqlite3="${EPREFIX}"/usr
+ --libexecdir="${EPREFIX}"/usr/sbin
+ --enable-pthread-support
+ --enable-kx509
+ --enable-pk-init
+ --with-ipv6
+ $(use_enable afs afs-support)
+ $(use_enable gdbm ndbm-db)
+ $(use_enable lmdb mdb-db)
+ $(use_enable otp)
+ $(use_enable static-libs static)
+ $(multilib_native_use_with caps capng)
+ $(multilib_native_use_with hdb-ldap openldap "${EPREFIX}"/usr)
+ $(use_with ssl openssl "${EPREFIX}"/usr)
+ $(multilib_native_use_with X x)
+ )
+ if use berkdb; then
+ myeconfargs+=(
+ --with-berkeley-db
+ --with-berkeley-db-include="$(db_includedir)"
+ )
+ else
+ myeconfargs+=(
+ --without-berkeley-db
+ )
+ fi
+
+ CONFIG_SHELL="${BROOT}"/bin/bash ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ emake
+ else
+ emake -C include
+ emake -C lib
+ emake -C kdc
+ emake -C tools
+ emake -C tests/plugin
+ fi
+}
+
+multilib_src_test() {
+ multilib_is_native_abi && emake -j1 check
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ INSTALL_CATPAGES="no" emake DESTDIR="${D}" install
+ else
+ emake -C include DESTDIR="${D}" install
+ emake -C lib DESTDIR="${D}" install
+ emake -C kdc DESTDIR="${D}" install
+ emake -C tools DESTDIR="${D}" install
+ emake -C tests/plugin DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ChangeLog* README NEWS TODO
+
+ # client rename
+ mv "${ED}"/usr/share/man/man1/{,k}su.1
+ mv "${ED}"/usr/bin/{,k}su
+
+ newinitd "${FILESDIR}"/heimdal-kdc.initd-r2 heimdal-kdc
+ newinitd "${FILESDIR}"/heimdal-kadmind.initd-r2 heimdal-kadmind
+ newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r2 heimdal-kpasswdd
+ newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm
+
+ newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc
+ newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind
+ newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd
+ newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm
+
+ insinto /etc
+ newins "${S}"/krb5.conf krb5.conf.example
+
+ if use hdb-ldap; then
+ insinto /etc/openldap/schema
+ doins "${S}/lib/hdb/hdb.schema"
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" -name "*.la" -delete || die
+ fi
+
+ # default database dir
+ keepdir /var/heimdal
+}
diff --git a/app-crypt/heimdal/heimdal-7.8.0.ebuild b/app-crypt/heimdal/heimdal-7.8.0.ebuild
index da4b148d20a2..c4cbe4271abd 100644
--- a/app-crypt/heimdal/heimdal-7.8.0.ebuild
+++ b/app-crypt/heimdal/heimdal-7.8.0.ebuild
@@ -121,7 +121,7 @@ multilib_src_configure() {
)
fi
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+ CONFIG_SHELL="${BROOT}"/bin/bash ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {