diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2019-10-13 22:19:36 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2019-10-14 23:22:23 +0100 |
| commit | 4b19be30aa626b327c885dae62c559ec0e9fb935 (patch) | |
| tree | 76e74807bc479502e13866b581b6bf86734ec634 /app-crypt/mit-krb5 | |
| parent | 30d6f67c98d149508509d5e86f176d558793acc0 (diff) | |
gentoo resync : 13.10.2019
Diffstat (limited to 'app-crypt/mit-krb5')
| -rw-r--r-- | app-crypt/mit-krb5/Manifest | 12 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch | 297 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch | 101 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch | 12 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch | 31 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 154 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild | 153 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild | 161 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild | 161 |
9 files changed, 0 insertions, 1082 deletions
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 0565e98cb651..72fab5f848dd 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -1,11 +1,7 @@ -AUX CVE-2018-5729-5730.patch 11896 BLAKE2B 324bbd80acf4a2520909fc26f90f67cec06148ee0effecc43fbadd6c6445b57ee17eae57864c92a5ce0cdc3dbfb0540758910133195fd2078d334bc6e209a452 SHA512 b59ba6cb5d40cca6c8f539c028ba24c2fa6bd1750133545e912f519b91043d426cecf782209c373598fd895c6294e44fc2bc27af34c033ff367bdfb2cb4f91c4 AUX kpropd.xinetd 194 BLAKE2B cfc40af2e75b0ce5a71e0dfdcfe076d13d996b25d2cb50d4282bc88d7b33b317a202d57df0bb4a2b47113f0d38cb508614e122e4a3bb7dfd2397e2daa3178396 SHA512 c9bbd13f2fadfd2a925bfae834ba61f227cd4386b4c4466b5227d93c792f4549778ef4d6e08353372df99804459277c71f61b41ec71f3afcc600d73c5705f72f AUX mit-krb5-1.12_warn_cflags.patch 448 BLAKE2B cd9793866173b394bab3497d19653ca3296924cc49aaf540499b149254265af1d995b4d7493b76185ce35d123e70827cb5fcb221efc6499b86a346cfad7478ab SHA512 42364d9cd8c0a6fd28ae661eeac4d0dd3f2001fe290bf9731ee99c2c786a6488805fc93057d59e201e2cef1e5280af4c170187aa5603f4cf542906abc0fccc2b AUX mit-krb5-1.16.3-libressl-r1.patch 3815 BLAKE2B b3ad56fee5fd5ace5e5ef0b1002c2f69c14383ca156182c65f4b1d2a5b8010d30677aabab271726c0fa9cbccf4734a3dda54cc492c9b1e5e1bdc7e8757292a73 SHA512 1298cadf15e5f1512af66c6584cff99b1d8f7c9764cb91e1e606fd331da1747b5fd7080c928a373369ab3817acadfa214121fee694a0ac515c0f4d6a623fb834 -AUX mit-krb5-1.16.3-libressl.patch 3831 BLAKE2B 1f386529069a08e100154640387354644e6e2e64475980af7c1a5be67c8880160f8532cdf4c4d677199a67b7131c495a02370edff08b5ac291d3f0a5adc369ab SHA512 655ce5f28688d06e57bf808f5363ae1bf3276a9c4aad7c08629a459f24efe07b462e8b56f9aaafe3e9cbe54e1846e3d97bd7857e420a7e7268f3a7c89d212383 AUX mit-krb5-config_LDFLAGS-r1.patch 458 BLAKE2B adf95690d6bb698dbdb6bf9c4220f3498a332186b059986c5a699aeec81b3342931ca664244fbcb76a61f9a5177972f0e47535035dbf88c949691d5d80d58084 SHA512 4c7ff3f63c9615dae1dbbf03795fede34d54d043acfd91f77f7fef7534253ea308a59657fa93d09f99d1d5ff5d21b58eb6b86bfbe6d65aa82ca1fa187b65d1dc -AUX mit-krb5-config_LDFLAGS.patch 466 BLAKE2B 2dd4f1cfc20bea229d08201d66e3de71472dccfa45dee9b260c51578187e706b864c0b4ff81c0c5a09fd29401c2abdbe334441ca075208299b02d5e1d49aff94 SHA512 9a1ca9b33e7708346eda78d199fdc51f0d7bd08d3d65ea15a19955a6155ab71b8ee0c8989859d6dff293a141f197ea19394a91b3b641181140a289b743e0f0e7 -AUX mit-krb5-libressl-version-check.patch 1123 BLAKE2B ca8bad504949c8dcbffe5f9906a38287a2483ffef8b0326cf361f7a07c44787aa0972a24a832aa4da9a1450fa41035bf216c55e1aafb8a890cc8d88f1e210e88 SHA512 cec03ab3577fd8f96f34e51e9380622b09ac5964687b2e8e45e066d16846a9add71c3fd44f6de305ee5c5be5a27a07e4758b6752afdd8a70149b3f191be609f8 AUX mit-krb5kadmind.confd 76 BLAKE2B ca69357a77ddaf67e2f9c104b17d49af5da9891b13bd855f8b04d54bfb6ccf07ae8c5cb694f65a47646675c844c8f8c7224e8487081df678c73c554498259516 SHA512 dbf968800959f0463899031e823f003e9ece90132f452ebf03df08caf0e6a6e6ca2cfdee91491d269cfa24bef19e72dd33c7d818a4bb13ef85edfb6f0e8299f3 AUX mit-krb5kadmind.initd-r2 612 BLAKE2B ba2a70a7c123d63b9c58f4ec31c3c2366949e6971ff4f203cb38e1efb5a69991533291e118066e680d880c5221168c8eb5b047ec70dac857888330978d1e5a9b SHA512 3791af603380277a9d2632a01a86f96f68c9eb38a2c9574cca462fe9a01bef60f24785051d0215a8d71dd5022f1404e281929278e2bfd31603a0415dd9df6a98 AUX mit-krb5kadmind.service 137 BLAKE2B fcbb450a9bd39407801c93d7ffe050eadb27adbfe3165f27fe9a6ad1b18464153109bdab61a85a6a908dbb8e57b14d577165d9144a6f311d90167d01a92de748 SHA512 65a507b84e8280a9e417e32f8667941f52802f1afe9de513718db5a414ba84569b95a5c4d84eb9d39c232901c4ae1f674e6c95ea2c6895dc0c495b78ec04a026 @@ -17,14 +13,6 @@ AUX mit-krb5kpropd.initd-r2 608 BLAKE2B 9737f5ff711b8e30444c14ca871e01f2c45e9aec AUX mit-krb5kpropd.service 128 BLAKE2B 31d002c16987bd6fc42e22e64dd9bd1f9db36655dd5170a4f9f16c6a889a4303a4dc276aca09b3a213a1de3e6ab759c66790141708ec95c4393bbbe79e8fb16f SHA512 b7419d1c728eda86fbab2fbf83794ae754e3cdaec7dcdc12c2105e3a75f9903c25fe8fee48f57acf6f0a8c62d27f7934fae81c0cbd67b997541aef7060a4de46 AUX mit-krb5kpropd.socket 122 BLAKE2B 2ce51e67b909c6955d9796f80f7985c9209af398ad2a60beebe83bd766d42261bd44c712df14608a1e5e922715780a6c4aa8ad294c34ba4e8fc336a24d038fd3 SHA512 4e7ae175425e0787a1d5ff959471a88bf5af4cd6e213dc6d4048902fab7547c1186a082370b523f9549f5096acfab1fb03b4839e42bd80dc539130ae4bb3ea55 AUX mit-krb5kpropd_at.service 162 BLAKE2B ccd1dea2419656a95ea1e5068457ea45a765a831f36e7abe3e27cdd9b42f2b703cd6ddad1ac60d75feff4d74bf31dbf146ee2cbfdd34ac38c11908d44162e77a SHA512 4b7121da07b11fa65db4edc185c57197ebb25ed5c49797e36bc31b8b7bbb22a6f512f4a986c8430dfc31b1b8fcfba66dcfe154cd6eeb8b4bb445d5006fff3802 -DIST krb5-1.16.1.tar.gz 9477480 BLAKE2B 16bdd7d6d03ddbd4b070663c3a7a3d2331d54e8590b24f1dc162be2531bfbbbd65878d426a160c65ffc1ba4751f16bbbd177a8a91c01002fde0e886cc1bd91b9 SHA512 fa4ec14a4ffe690861e2dd7ea39d7698af2058ce181bb733ea891f80279f4dde4bb891adec5ccb0eaddf737306e6ceb1fe3744a2946e6189a7d7d2dd3bc5ba84 -DIST krb5-1.16.2.tar.gz 9652415 BLAKE2B 21c4d56e43476a9b87a4ca9a8b7d0dd5739d3d70731fb4727de5ae248d8638e2016581cd2462f5e2ec7950d9e216aa165199505e581fa10db81ce26062fc097e SHA512 738c071a90e0f38680bb17bdcf950310bc4549f3cb851e1d34de11239ae88178e6ee1a5e5d48c6d3efef544339b07d22dba5347dd763a4266d8d4df7cf47afc9 -DIST krb5-1.16.3.tar.gz 9656985 BLAKE2B 92e6d2b5f27e80f495d7bb3fb64acfb03530156fb8e1a07dbc8d045616fd2ac4be8047d844580e3aa01d5e8b733ceea9024290dcc53b691696201f02a31e3034 SHA512 77da5f8bb19108e158c3df5a17b9141b7cbbae7d01f9f0dca5c504dc4b468953d67a1f4566bed5a062d8ff8e0d80796094dea12d2e45bdda810a1633bb08318d -DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9 DIST krb5-1.17.tar.gz 8761763 BLAKE2B 76f636836c67e9eefca91c9417118efdcf4437c1220691f43f3d246daf3eabd53b40a30956f0e57703c3fde5d7193b1d86b68becf3ae1c0c803d2462e79d3014 SHA512 7462a578b936bd17f155a362dbb5d388e157a80a096549028be6c55400b11361c7f8a28e424fd5674801873651df4e694d536cae66728b7ae5e840e532358c52 -EBUILD mit-krb5-1.16-r2.ebuild 4212 BLAKE2B eac567c47b44a75e06ea412da95ecfb5e65278132cca0757cc83804b71a61a55c6e6c226c2033eac323d237bcb804f674b033403c95caadd7fc35a8d6b5a57a7 SHA512 8c0d1dfb71cd9d5c08bbad176b1ed1b232f31da0e6dc09c1f239f6c90f55879774ef0b9b41b9a4ad5ab67896d1dbb2138bb13087152cb348bd52ea639de78a98 -EBUILD mit-krb5-1.16.1.ebuild 4172 BLAKE2B 4b120ec5bb2d750c6d76c1f6fda2cd21aedbfe771eb234e4d7b392868b6e9d9bcef4b6897df456d8ae30b9cc96a8b83636028d854cb2646172c4f0c27ecc0087 SHA512 af0736e57376a42e44e4a2d97587386590c5a3c5de56485b6db2016494b2bc392ba4bf573462576de5a909fd963da8095d349eaa5866f3ec3ffd427224650eb3 -EBUILD mit-krb5-1.16.2.ebuild 4294 BLAKE2B 4e36bfd702bf28bf73d81265a4d410ce53631c012b9090b6296f1ccb0b923b598ba7bf378451a3490d7018b0681fc9a882805707feb165975ef9ee072536cc89 SHA512 f026e3e3f59e6d4747a3bc3e71292092668f388b61a6d53db437b6fc79311f11c95f6d70e21c36911733900556015a4ebbfa01fc7bcca073561359ce72e9659f -EBUILD mit-krb5-1.16.3.ebuild 4287 BLAKE2B adfa76bf62c6c9ebd4d854307e77ded4dc6a061e54249332f3ea0ea16863063a18bb142ee02a4fc253ad6a0dc199242796b8b085b324800a12712a98753fc6c4 SHA512 0858f94f587c452c23952f533418ff134723c76061dd244e7ed800ca5d7d16bda1ab3c24494e989c1c6c2f11176c4dda3715d48b54862b643080d05d8d4481cb EBUILD mit-krb5-1.17-r1.ebuild 4316 BLAKE2B adf1993cf5479ac7230d02c9652b9f482a772cc2a86dd6bf6fc0b76e84fc4252b19b401772980c8885f5c33cfe2856e098defde2f840c3f24328bc3f275223c3 SHA512 fdd3ac833ec1c0bf9ace7f35b4f2946eb9afaad9c580005a46f866f272178954a5d076591ed21451b3da986c53687823cd50a3a5373dfcd0401cb21c3497bad4 MISC metadata.xml 903 BLAKE2B 57a48ed1fb3f046b8a4a6a80ae6223bc923f30ddf350b8ee0f5769c78b28c0bd14c35539d9552bfca02901e054332a4dc22f88c48d4eb4db4d143a7f0b938d74 SHA512 44909c99698b78ad01f72cd1d74ad6807f12154c8675b7fe31f4bd95744d8e7dca53446875c57408a294e5f87fc5aa038e6f869d3ff957cab870cd75f8e45464 diff --git a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch b/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch deleted file mode 100644 index 114cfe688e73..000000000000 --- a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch +++ /dev/null @@ -1,297 +0,0 @@ -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 2420f2c2be..a59a65e8f6 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -330,6 +330,13 @@ kadm5_create_principal_3(void *server_handle, - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -+ if (mask & KADM5_TL_DATA) { -+ for (tl_data_tail = entry->tl_data; tl_data_tail != NULL; -+ tl_data_tail = tl_data_tail->tl_data_next) { -+ if (tl_data_tail->tl_data_type < 256) -+ return KADM5_BAD_TL_TYPE; -+ } -+ } - - /* - * Check to see if the principal exists -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -index 535a1f309e..8b8420faa9 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h -@@ -141,7 +141,7 @@ extern int set_ldap_error (krb5_context ctx, int st, int op); - #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr)) - #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr)) - --#define KDB_TL_USER_INFO 0x7ffe -+#define KDB_TL_USER_INFO 0xff - - #define KDB_TL_PRINCTYPE 0x01 - #define KDB_TL_PRINCCOUNT 0x02 -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -index 88a1704950..b7c9212cb2 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -@@ -651,6 +651,107 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry, - return ret; - } - -+static krb5_error_code -+check_dn_in_container(krb5_context context, const char *dn, -+ char *const *subtrees, unsigned int ntrees) -+{ -+ unsigned int i; -+ size_t dnlen = strlen(dn), stlen; -+ -+ for (i = 0; i < ntrees; i++) { -+ if (subtrees[i] == NULL || *subtrees[i] == '\0') -+ return 0; -+ stlen = strlen(subtrees[i]); -+ if (dnlen >= stlen && -+ strcasecmp(dn + dnlen - stlen, subtrees[i]) == 0 && -+ (dnlen == stlen || dn[dnlen - stlen - 1] == ',')) -+ return 0; -+ } -+ -+ k5_setmsg(context, EINVAL, _("DN is out of the realm subtree")); -+ return EINVAL; -+} -+ -+static krb5_error_code -+check_dn_exists(krb5_context context, -+ krb5_ldap_server_handle *ldap_server_handle, -+ const char *dn, krb5_boolean nonkrb_only) -+{ -+ krb5_error_code st = 0, tempst; -+ krb5_ldap_context *ldap_context = context->dal_handle->db_context; -+ LDAP *ld = ldap_server_handle->ldap_handle; -+ LDAPMessage *result = NULL, *ent; -+ char *attrs[] = { "krbticketpolicyreference", "krbprincipalname", NULL }; -+ char **values; -+ -+ LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attrs, IGNORE_STATUS); -+ if (st != LDAP_SUCCESS) -+ return set_ldap_error(context, st, OP_SEARCH); -+ -+ ent = ldap_first_entry(ld, result); -+ CHECK_NULL(ent); -+ -+ values = ldap_get_values(ld, ent, "krbticketpolicyreference"); -+ if (values != NULL) -+ ldap_value_free(values); -+ -+ values = ldap_get_values(ld, ent, "krbprincipalname"); -+ if (values != NULL) { -+ ldap_value_free(values); -+ if (nonkrb_only) { -+ st = EINVAL; -+ k5_setmsg(context, st, _("ldap object is already kerberized")); -+ goto cleanup; -+ } -+ } -+ -+cleanup: -+ ldap_msgfree(result); -+ return st; -+} -+ -+static krb5_error_code -+validate_xargs(krb5_context context, -+ krb5_ldap_server_handle *ldap_server_handle, -+ const xargs_t *xargs, const char *standalone_dn, -+ char *const *subtrees, unsigned int ntrees) -+{ -+ krb5_error_code st; -+ -+ if (xargs->dn != NULL) { -+ /* The supplied dn must be within a realm container. */ -+ st = check_dn_in_container(context, xargs->dn, subtrees, ntrees); -+ if (st) -+ return st; -+ /* The supplied dn must exist without Kerberos attributes. */ -+ st = check_dn_exists(context, ldap_server_handle, xargs->dn, TRUE); -+ if (st) -+ return st; -+ } -+ -+ if (xargs->linkdn != NULL) { -+ /* The supplied linkdn must be within a realm container. */ -+ st = check_dn_in_container(context, xargs->linkdn, subtrees, ntrees); -+ if (st) -+ return st; -+ /* The supplied linkdn must exist. */ -+ st = check_dn_exists(context, ldap_server_handle, xargs->linkdn, -+ FALSE); -+ if (st) -+ return st; -+ } -+ -+ if (xargs->containerdn != NULL && standalone_dn != NULL) { -+ /* standalone_dn (likely composed using containerdn) must be within a -+ * container. */ -+ st = check_dn_in_container(context, standalone_dn, subtrees, ntrees); -+ if (st) -+ return st; -+ } -+ -+ return 0; -+} -+ - krb5_error_code - krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, - char **db_args) -@@ -662,12 +763,12 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, - LDAPMessage *result=NULL, *ent=NULL; - char **subtreelist = NULL; - char *user=NULL, *subtree=NULL, *principal_dn=NULL; -- char **values=NULL, *strval[10]={NULL}, errbuf[1024]; -+ char *strval[10]={NULL}, errbuf[1024]; - char *filtuser=NULL; - struct berval **bersecretkey=NULL; - LDAPMod **mods=NULL; - krb5_boolean create_standalone=FALSE; -- krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE; -+ krb5_boolean establish_links=FALSE; - char *standalone_principal_dn=NULL; - krb5_tl_data *tl_data=NULL; - krb5_key_data **keys=NULL; -@@ -860,24 +961,6 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, - * any of the subtrees - */ - if (xargs.dn_from_kbd == TRUE) { -- /* make sure the DN falls in the subtree */ -- int dnlen=0, subtreelen=0; -- char *dn=NULL; -- krb5_boolean outofsubtree=TRUE; -- -- if (xargs.dn != NULL) { -- dn = xargs.dn; -- } else if (xargs.linkdn != NULL) { -- dn = xargs.linkdn; -- } else if (standalone_principal_dn != NULL) { -- /* -- * Even though the standalone_principal_dn is constructed -- * within this function, there is the containerdn input -- * from the user that can become part of the it. -- */ -- dn = standalone_principal_dn; -- } -- - /* Get the current subtree list if we haven't already done so. */ - if (subtreelist == NULL) { - st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees); -@@ -885,81 +968,10 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, - goto cleanup; - } - -- for (tre=0; tre<ntrees; ++tre) { -- if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) { -- outofsubtree = FALSE; -- break; -- } else { -- dnlen = strlen (dn); -- subtreelen = strlen(subtreelist[tre]); -- if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) { -- outofsubtree = FALSE; -- break; -- } -- } -- } -- -- if (outofsubtree == TRUE) { -- st = EINVAL; -- k5_setmsg(context, st, _("DN is out of the realm subtree")); -+ st = validate_xargs(context, ldap_server_handle, &xargs, -+ standalone_principal_dn, subtreelist, ntrees); -+ if (st) - goto cleanup; -- } -- -- /* -- * dn value will be set either by dn, linkdn or the standalone_principal_dn -- * In the first 2 cases, the dn should be existing and in the last case we -- * are supposed to create the ldap object. so the below should not be -- * executed for the last case. -- */ -- -- if (standalone_principal_dn == NULL) { -- /* -- * If the ldap object is missing, this results in an error. -- */ -- -- /* -- * Search for krbprincipalname attribute here. -- * This is to find if a kerberos identity is already present -- * on the ldap object, in which case adding a kerberos identity -- * on the ldap object should result in an error. -- */ -- char *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL}; -- -- ldap_msgfree(result); -- result = NULL; -- LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS); -- if (st == LDAP_SUCCESS) { -- ent = ldap_first_entry(ld, result); -- if (ent != NULL) { -- if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) { -- ldap_value_free(values); -- } -- -- if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) { -- krb_identity_exists = TRUE; -- ldap_value_free(values); -- } -- } -- } else { -- st = set_ldap_error(context, st, OP_SEARCH); -- goto cleanup; -- } -- } -- } -- -- /* -- * If xargs.dn is set then the request is to add a -- * kerberos principal on a ldap object, but if -- * there is one already on the ldap object this -- * should result in an error. -- */ -- -- if (xargs.dn != NULL && krb_identity_exists == TRUE) { -- st = EINVAL; -- snprintf(errbuf, sizeof(errbuf), -- _("ldap object is already kerberized")); -- k5_setmsg(context, st, "%s", errbuf); -- goto cleanup; - } - - if (xargs.linkdn != NULL) { -diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py -index 217f2cdc3b..6e563b1032 100755 ---- a/src/tests/t_kdb.py -+++ b/src/tests/t_kdb.py -@@ -203,6 +203,12 @@ def ldap_add(dn, objectclass, attrs=[]): - # in the test LDAP server. - realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=krb5', 'princ1'], - expected_code=1, expected_msg='DN is out of the realm subtree') -+# Check that the DN container check is a hierarchy test, not a simple -+# suffix match (CVE-2018-5730). We expect this operation to fail -+# either way (because "xcn" isn't a valid DN tag) but the container -+# check should happen before the DN is parsed. -+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=xcn=t1,cn=krb5', 'princ1'], -+ expected_code=1, expected_msg='DN is out of the realm subtree') - realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'princ1']) - realm.run([kadminl, 'getprinc', 'princ1'], expected_msg='Principal: princ1') - realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'again'], -@@ -226,6 +232,11 @@ def ldap_add(dn, objectclass, attrs=[]): - 'princ3']) - realm.run([kadminl, 'modprinc', '-x', 'containerdn=cn=t2,cn=krb5', 'princ3'], - expected_code=1, expected_msg='containerdn option not supported') -+# Verify that containerdn is checked when linkdn is also supplied -+# (CVE-2018-5730). -+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5', -+ '-x', 'linkdn=cn=t2,cn=krb5', 'princ4'], expected_code=1, -+ expected_msg='DN is out of the realm subtree') - - # Create and modify a ticket policy. - kldaputil(['create_policy', '-maxtktlife', '3hour', '-maxrenewlife', '6hour', diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch deleted file mode 100644 index 7a655fb9a1d8..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 -From: Stefan Strogin <stefan.strogin@gmail.com> -Date: Thu, 25 Apr 2019 03:48:10 +0300 -Subject: [PATCH] Fix build for LibreSSL 2.9.x - -asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods -are not defined. Define them. - -Upstream-Status: Pending -[Needs to be amended if -https://github.com/libressl-portable/openbsd/pull/109 is accepted] -Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> ---- - .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- - .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- - 2 files changed, 28 insertions(+), 5 deletions(-) - -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index 2064eb7bd..81d5d3cf2 100644 ---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); - (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - --/* 1.1 standardizes constructor and destructor names, renaming -- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, -+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ - -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL - #define EVP_MD_CTX_new EVP_MD_CTX_create - #define EVP_MD_CTX_free EVP_MD_CTX_destroy - #define ASN1_STRING_get0_data ASN1_STRING_data -+#endif - - /* 1.1 makes many handle types opaque and adds accessors. Add compatibility - * versions of the new accessors we use for pre-1.1. */ -@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); - #define OBJ_get0_data(o) ((o)->data) - #define OBJ_length(o) ((o)->length) - -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL - #define DH_set0_pqg compat_dh_set0_pqg - static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) - { -@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, - if (priv != NULL) - *priv = dh->priv_key; - } -+#endif /* LIBRESSL_VERSION_NUMBER */ - - /* Return true if the cert c includes a key usage which doesn't include u. - * Define using direct member access for pre-1.1. */ -@@ -3040,7 +3044,8 @@ cleanup: - return retval; - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ -+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL - - /* - * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h -index 7411348fa..ac91408c4 100644 ---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h -+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h -@@ -46,7 +46,25 @@ - #include <openssl/asn1.h> - #include <openssl/pem.h> - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ -+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL -+ -+#ifndef static_ASN1_SEQUENCE_END_name -+#define static_ASN1_ITEM_start(itname) \ -+ static const ASN1_ITEM itname##_it = { -+#define static_ASN1_SEQUENCE_END_name(stname, tname) \ -+ ;\ -+ static_ASN1_ITEM_start(tname) \ -+ ASN1_ITYPE_SEQUENCE,\ -+ V_ASN1_SEQUENCE,\ -+ tname##_seq_tt,\ -+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ -+ NULL,\ -+ sizeof(stname),\ -+ #stname \ -+ ASN1_ITEM_end(tname) -+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ -+ - #include <openssl/asn1t.h> - #else - #include <openssl/asn1_mac.h> --- -2.21.0 - diff --git a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch deleted file mode 100644 index 8490e629a377..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch +++ /dev/null @@ -1,12 +0,0 @@ -Bug #448778 ---- a/src/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000 -+++ b/src/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000 -@@ -217,7 +217,7 @@ - -e 's#\$(PROG_RPATH)#'$libdir'#' \ - -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ - -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ -- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ -+ -e 's#\$(LDFLAGS)##' \ - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ - -e 's#\$(CFLAGS)##'` - diff --git a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch b/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch deleted file mode 100644 index 5c979cfd1ef7..000000000000 --- a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -@@ -191,7 +191,7 @@ pkinit_pkcs11_code_to_text(int err); - (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /* 1.1 standardizes constructor and destructor names, renaming - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -@@ -3059,7 +3059,7 @@ cleanup: - return retval; - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - - /* - * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would ---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.h -+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.h -@@ -46,7 +46,7 @@ - #include <openssl/asn1.h> - #include <openssl/pem.h> - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - #include <openssl/asn1t.h> - #else - #include <openssl/asn1_mac.h> diff --git a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild deleted file mode 100644 index 1953c395599b..000000000000 --- a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python2_7 ) -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator - -MY_P="${P/mit-}" -P_DIR=$(get_version_component_range 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="https://web.mit.edu/kerberos/www/" -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" - -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86" -IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" - -# Test suite require network access -RESTRICT="test" - -CDEPEND=" - !!app-crypt/heimdal - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] - || ( - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] - ) - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) - pkinit? ( - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) - libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) - ) - xinetd? ( sys-apps/xinetd )" -DEPEND="${CDEPEND} - ${PYTHON_DEPS} - virtual/yacc - doc? ( virtual/latex-base ) - test? ( - ${PYTHON_DEPS} - dev-lang/tcl:0 - dev-util/dejagnu - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-kerberos )" - -S=${WORKDIR}/${MY_P}/src - -MULTILIB_CHOST_TOOLS=( - /usr/bin/krb5-config -) - -src_prepare() { - eapply -p2 "${FILESDIR}/CVE-2018-5729-5730.patch" - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" - eapply "${FILESDIR}/${PN}-libressl-version-check.patch" - - # Make sure we always use the system copies. - rm -rf util/{et,ss,verto} - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die - - eapply_user - eautoreconf -} - -src_configure() { - # QA - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use keyutils || export ac_cv_header_keyutils_h=no - ECONF_SOURCE=${S} \ - WARN_CFLAGS="set" \ - econf \ - $(use_with openldap ldap) \ - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ - $(use_enable nls) \ - $(use_enable pkinit) \ - $(use_enable threads thread-support) \ - --without-hesiod \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --enable-dns-for-realm \ - --enable-kdc-lookaside-cache \ - --with-system-verto \ - --disable-rpath -} - -multilib_src_compile() { - emake -j1 -} - -multilib_src_test() { - multilib_is_native_abi && emake -j1 check -} - -multilib_src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ - install -} - -multilib_src_install_all() { - # default database dir - keepdir /var/lib/krb5kdc - - cd .. - dodoc README - - if use doc; then - dodoc -r doc/html - docinto pdf - dodoc doc/pdf/*.pdf - fi - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd - - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket - - insinto /etc - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - insinto /var/lib/krb5kdc - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - if use openldap ; then - insinto /etc/openldap/schema - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" - fi - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/kpropd.xinetd" kpropd - fi -} diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild deleted file mode 100644 index 6e6edde5000f..000000000000 --- a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python2_7 ) -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator - -MY_P="${P/mit-}" -P_DIR=$(get_version_component_range 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="https://web.mit.edu/kerberos/www/" -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" - -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" - -# Test suite require network access -RESTRICT="test" - -CDEPEND=" - !!app-crypt/heimdal - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] - || ( - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] - ) - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) - pkinit? ( - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) - libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) - ) - xinetd? ( sys-apps/xinetd )" -DEPEND="${CDEPEND} - ${PYTHON_DEPS} - virtual/yacc - doc? ( virtual/latex-base ) - test? ( - ${PYTHON_DEPS} - dev-lang/tcl:0 - dev-util/dejagnu - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-kerberos )" - -S=${WORKDIR}/${MY_P}/src - -MULTILIB_CHOST_TOOLS=( - /usr/bin/krb5-config -) - -src_prepare() { - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" - eapply "${FILESDIR}/${PN}-libressl-version-check.patch" - - # Make sure we always use the system copies. - rm -rf util/{et,ss,verto} - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die - - eapply_user - eautoreconf -} - -src_configure() { - # QA - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use keyutils || export ac_cv_header_keyutils_h=no - ECONF_SOURCE=${S} \ - WARN_CFLAGS="set" \ - econf \ - $(use_with openldap ldap) \ - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ - $(use_enable nls) \ - $(use_enable pkinit) \ - $(use_enable threads thread-support) \ - --without-hesiod \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --enable-dns-for-realm \ - --enable-kdc-lookaside-cache \ - --with-system-verto \ - --disable-rpath -} - -multilib_src_compile() { - emake -j1 -} - -multilib_src_test() { - multilib_is_native_abi && emake -j1 check -} - -multilib_src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ - install -} - -multilib_src_install_all() { - # default database dir - keepdir /var/lib/krb5kdc - - cd .. - dodoc README - - if use doc; then - dodoc -r doc/html - docinto pdf - dodoc doc/pdf/*.pdf - fi - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd - - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket - - insinto /etc - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - insinto /var/lib/krb5kdc - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - if use openldap ; then - insinto /etc/openldap/schema - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" - fi - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/kpropd.xinetd" kpropd - fi -} diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild deleted file mode 100644 index 75bb0cdbf0b0..000000000000 --- a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2018 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python2_7 ) -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd - -MY_P="${P/mit-}" -P_DIR=$(ver_cut 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="https://web.mit.edu/kerberos/www/" -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" - -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" - -# Test suite require network access -RESTRICT="test" - -CDEPEND=" - !!app-crypt/heimdal - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] - || ( - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] - ) - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) - pkinit? ( - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) - libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) - ) - xinetd? ( sys-apps/xinetd ) - " -DEPEND="${CDEPEND} - ${PYTHON_DEPS} - virtual/yacc - cpu_flags_x86_aes? ( - amd64? ( dev-lang/yasm ) - x86? ( dev-lang/yasm ) - ) - doc? ( virtual/latex-base ) - test? ( - ${PYTHON_DEPS} - dev-lang/tcl:0 - dev-util/dejagnu - dev-util/cmocka - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-kerberos )" - -S=${WORKDIR}/${MY_P}/src - -MULTILIB_CHOST_TOOLS=( - /usr/bin/krb5-config -) - -src_prepare() { - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" - eapply "${FILESDIR}/${PN}-libressl-version-check.patch" - - # Make sure we always use the system copies. - rm -rf util/{et,ss,verto} - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die - - eapply_user - eautoreconf -} - -src_configure() { - # QA - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use keyutils || export ac_cv_header_keyutils_h=no - ECONF_SOURCE=${S} \ - WARN_CFLAGS="set" \ - econf \ - $(use_with openldap ldap) \ - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ - $(use_enable nls) \ - $(use_enable pkinit) \ - $(use_enable threads thread-support) \ - --without-hesiod \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --enable-dns-for-realm \ - --enable-kdc-lookaside-cache \ - --with-system-verto \ - --disable-rpath -} - -multilib_src_compile() { - emake -j1 -} - -multilib_src_test() { - multilib_is_native_abi && emake -j1 check -} - -multilib_src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ - install -} - -multilib_src_install_all() { - # default database dir - keepdir /var/lib/krb5kdc - - rmdir "${ED}"/var/lib/{run/krb5kdc,run} - - cd .. - dodoc README - - if use doc; then - dodoc -r doc/html - docinto pdf - dodoc doc/pdf/*.pdf - fi - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd - - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket - - insinto /etc - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - insinto /var/lib/krb5kdc - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - if use openldap ; then - insinto /etc/openldap/schema - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" - fi - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/kpropd.xinetd" kpropd - fi -} diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild deleted file mode 100644 index 9d8b99116396..000000000000 --- a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python2_7 ) -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd - -MY_P="${P/mit-}" -P_DIR=$(ver_cut 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="https://web.mit.edu/kerberos/www/" -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" - -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" - -# Test suite require network access -#RESTRICT="test" - -CDEPEND=" - !!app-crypt/heimdal - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] - || ( - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] - ) - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) - pkinit? ( - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) - libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] ) - ) - xinetd? ( sys-apps/xinetd ) - " -DEPEND="${CDEPEND} - ${PYTHON_DEPS} - virtual/yacc - cpu_flags_x86_aes? ( - amd64? ( dev-lang/yasm ) - x86? ( dev-lang/yasm ) - ) - doc? ( virtual/latex-base ) - test? ( - ${PYTHON_DEPS} - dev-lang/tcl:0 - dev-util/dejagnu - dev-util/cmocka - )" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-kerberos )" - -S=${WORKDIR}/${MY_P}/src - -MULTILIB_CHOST_TOOLS=( - /usr/bin/krb5-config -) - -src_prepare() { - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" - eapply -p2 "${FILESDIR}/${P}-libressl.patch" - - # Make sure we always use the system copies. - rm -rf util/{et,ss,verto} - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die - - eapply_user - eautoreconf -} - -src_configure() { - # QA - append-flags -fno-strict-aliasing - append-flags -fno-strict-overflow - - multilib-minimal_src_configure -} - -multilib_src_configure() { - use keyutils || export ac_cv_header_keyutils_h=no - ECONF_SOURCE=${S} \ - WARN_CFLAGS="set" \ - econf \ - $(use_with openldap ldap) \ - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ - $(use_enable nls) \ - $(use_enable pkinit) \ - $(use_enable threads thread-support) \ - --without-hesiod \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --enable-dns-for-realm \ - --enable-kdc-lookaside-cache \ - --with-system-verto \ - --disable-rpath -} - -multilib_src_compile() { - emake -j1 -} - -multilib_src_test() { - multilib_is_native_abi && emake -j1 check -} - -multilib_src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ - install -} - -multilib_src_install_all() { - # default database dir - keepdir /var/lib/krb5kdc - - rmdir "${ED}"/var/lib/{run/krb5kdc,run} - - cd .. - dodoc README - - if use doc; then - dodoc -r doc/html - docinto pdf - dodoc doc/pdf/*.pdf - fi - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd - - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket - - insinto /etc - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - insinto /var/lib/krb5kdc - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - if use openldap ; then - insinto /etc/openldap/schema - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" - fi - - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/kpropd.xinetd" kpropd - fi -} |