1 |
commit: f4a050c738af81bb82e7b640667f08e3199c5ca1 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jan 26 21:07:00 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jan 26 21:07:29 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a050c7 |
7 |
|
8 |
app-crypt/mit-krb5: bump, fixes CVE-2017-7562 |
9 |
|
10 |
Ebuild changes: |
11 |
=============== |
12 |
- Dropped the following upstreamed patches which are now included in v1.16: |
13 |
|
14 |
- mit-krb5-1.14.2-redeclared-ttyname.patch |
15 |
- mit-krb5-1.14.4-disable-nls.patch |
16 |
- mit-krb5-1.15.2-fix-pkinit.patch |
17 |
|
18 |
- We are now installing systemd services. [Bug 524412] |
19 |
|
20 |
- Tests are now restricted because they are requiring network access. |
21 |
|
22 |
Closes: https://bugs.gentoo.org/524412 |
23 |
Bug: https://bugs.gentoo.org/628936 |
24 |
Package-Manager: Portage-2.3.20, Repoman-2.3.6 |
25 |
|
26 |
app-crypt/mit-krb5/Manifest | 1 + |
27 |
app-crypt/mit-krb5/files/mit-krb5kadmind.service | 8 ++ |
28 |
app-crypt/mit-krb5/files/mit-krb5kdc.service | 9 ++ |
29 |
app-crypt/mit-krb5/files/mit-krb5kpropd.service | 8 ++ |
30 |
app-crypt/mit-krb5/files/mit-krb5kpropd.socket | 9 ++ |
31 |
app-crypt/mit-krb5/files/mit-krb5kpropd_at.service | 8 ++ |
32 |
app-crypt/mit-krb5/mit-krb5-1.16.ebuild | 155 +++++++++++++++++++++ |
33 |
7 files changed, 198 insertions(+) |
34 |
|
35 |
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest |
36 |
index 58df981b5a6..ef54ec04904 100644 |
37 |
--- a/app-crypt/mit-krb5/Manifest |
38 |
+++ b/app-crypt/mit-krb5/Manifest |
39 |
@@ -1 +1,2 @@ |
40 |
DIST krb5-1.15.2.tar.gz 9380755 BLAKE2B 3f5d00a70bf44ef077872bde282e4753e82acb70632e136b8f9f8d3a192e3e7b692840803e5a3f67ddb202d53631767ea9eb8b7615d45a3479389a01a6390ac4 SHA512 e5814bb66384b13637c37918df694c6b9933c29c2d952da0ed0dcd2e623b269060b4c16b6c02162039dadebdab99ff1085e37e7621ae4748dafb036424e612c2 |
41 |
+DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9 |
42 |
|
43 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.service b/app-crypt/mit-krb5/files/mit-krb5kadmind.service |
44 |
new file mode 100644 |
45 |
index 00000000000..f3836c89862 |
46 |
--- /dev/null |
47 |
+++ b/app-crypt/mit-krb5/files/mit-krb5kadmind.service |
48 |
@@ -0,0 +1,8 @@ |
49 |
+[Unit] |
50 |
+Description=Kerberos 5 administration server |
51 |
+ |
52 |
+[Service] |
53 |
+ExecStart=/usr/sbin/kadmind -nofork |
54 |
+ |
55 |
+[Install] |
56 |
+WantedBy=multi-user.target |
57 |
|
58 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.service b/app-crypt/mit-krb5/files/mit-krb5kdc.service |
59 |
new file mode 100644 |
60 |
index 00000000000..6ec93bb7232 |
61 |
--- /dev/null |
62 |
+++ b/app-crypt/mit-krb5/files/mit-krb5kdc.service |
63 |
@@ -0,0 +1,9 @@ |
64 |
+[Unit] |
65 |
+Description=Kerberos 5 KDC |
66 |
+ |
67 |
+[Service] |
68 |
+ExecStart=/usr/sbin/krb5kdc -n |
69 |
+Restart=always |
70 |
+ |
71 |
+[Install] |
72 |
+WantedBy=multi-user.target |
73 |
|
74 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.service b/app-crypt/mit-krb5/files/mit-krb5kpropd.service |
75 |
new file mode 100644 |
76 |
index 00000000000..a7c5b579d2b |
77 |
--- /dev/null |
78 |
+++ b/app-crypt/mit-krb5/files/mit-krb5kpropd.service |
79 |
@@ -0,0 +1,8 @@ |
80 |
+[Unit] |
81 |
+Description=Kerberos 5 propagation server |
82 |
+ |
83 |
+[Service] |
84 |
+ExecStart=/usr/sbin/kpropd -S |
85 |
+ |
86 |
+[Install] |
87 |
+WantedBy=multi-user.target |
88 |
|
89 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.socket b/app-crypt/mit-krb5/files/mit-krb5kpropd.socket |
90 |
new file mode 100644 |
91 |
index 00000000000..4389290c0b1 |
92 |
--- /dev/null |
93 |
+++ b/app-crypt/mit-krb5/files/mit-krb5kpropd.socket |
94 |
@@ -0,0 +1,9 @@ |
95 |
+[Unit] |
96 |
+Description=Kerberos 5 propagation server |
97 |
+ |
98 |
+[Socket] |
99 |
+ListenStream=754 |
100 |
+Accept=yes |
101 |
+ |
102 |
+[Install] |
103 |
+WantedBy=sockets.target |
104 |
|
105 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service b/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service |
106 |
new file mode 100644 |
107 |
index 00000000000..f826eb33cb3 |
108 |
--- /dev/null |
109 |
+++ b/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service |
110 |
@@ -0,0 +1,8 @@ |
111 |
+[Unit] |
112 |
+Description=Kerberos 5 propagation server |
113 |
+Conflicts=mit-krb5kpropd.service |
114 |
+ |
115 |
+[Service] |
116 |
+ExecStart=/usr/sbin/kpropd |
117 |
+StandardInput=socket |
118 |
+StandardError=syslog |
119 |
|
120 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.ebuild |
121 |
new file mode 100644 |
122 |
index 00000000000..acd4a3ed3b7 |
123 |
--- /dev/null |
124 |
+++ b/app-crypt/mit-krb5/mit-krb5-1.16.ebuild |
125 |
@@ -0,0 +1,155 @@ |
126 |
+# Copyright 1999-2018 Gentoo Foundation |
127 |
+# Distributed under the terms of the GNU General Public License v2 |
128 |
+ |
129 |
+EAPI=6 |
130 |
+ |
131 |
+PYTHON_COMPAT=( python2_7 ) |
132 |
+inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator |
133 |
+ |
134 |
+MY_P="${P/mit-}" |
135 |
+P_DIR=$(get_version_component_range 1-2) |
136 |
+DESCRIPTION="MIT Kerberos V" |
137 |
+HOMEPAGE="https://web.mit.edu/kerberos/www/" |
138 |
+SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" |
139 |
+ |
140 |
+LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" |
141 |
+SLOT="0" |
142 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
143 |
+IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" |
144 |
+ |
145 |
+# Test suite require network access |
146 |
+RESTRICT="test" |
147 |
+ |
148 |
+CDEPEND=" |
149 |
+ !!app-crypt/heimdal |
150 |
+ >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] |
151 |
+ || ( |
152 |
+ >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] |
153 |
+ >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] |
154 |
+ >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] |
155 |
+ ) |
156 |
+ keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) |
157 |
+ openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) |
158 |
+ pkinit? ( |
159 |
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) |
160 |
+ libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
161 |
+ ) |
162 |
+ xinetd? ( sys-apps/xinetd ) |
163 |
+ abi_x86_32? ( |
164 |
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r1 |
165 |
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
166 |
+ )" |
167 |
+DEPEND="${CDEPEND} |
168 |
+ ${PYTHON_DEPS} |
169 |
+ virtual/yacc |
170 |
+ doc? ( virtual/latex-base ) |
171 |
+ test? ( |
172 |
+ ${PYTHON_DEPS} |
173 |
+ dev-lang/tcl:0 |
174 |
+ dev-util/dejagnu |
175 |
+ )" |
176 |
+RDEPEND="${CDEPEND} |
177 |
+ selinux? ( sec-policy/selinux-kerberos )" |
178 |
+ |
179 |
+S=${WORKDIR}/${MY_P}/src |
180 |
+ |
181 |
+MULTILIB_CHOST_TOOLS=( |
182 |
+ /usr/bin/krb5-config |
183 |
+) |
184 |
+ |
185 |
+src_prepare() { |
186 |
+ eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
187 |
+ eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" |
188 |
+ |
189 |
+ # Make sure we always use the system copies. |
190 |
+ rm -rf util/{et,ss,verto} |
191 |
+ sed -i 's:^[[:space:]]*util/verto$::' configure.in || die |
192 |
+ |
193 |
+ eapply_user |
194 |
+ eautoreconf |
195 |
+} |
196 |
+ |
197 |
+src_configure() { |
198 |
+ # QA |
199 |
+ append-flags -fno-strict-aliasing |
200 |
+ append-flags -fno-strict-overflow |
201 |
+ |
202 |
+ multilib-minimal_src_configure |
203 |
+} |
204 |
+ |
205 |
+multilib_src_configure() { |
206 |
+ use keyutils || export ac_cv_header_keyutils_h=no |
207 |
+ ECONF_SOURCE=${S} \ |
208 |
+ WARN_CFLAGS="set" \ |
209 |
+ econf \ |
210 |
+ $(use_with openldap ldap) \ |
211 |
+ "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ |
212 |
+ $(use_enable nls) \ |
213 |
+ $(use_enable pkinit) \ |
214 |
+ $(use_enable threads thread-support) \ |
215 |
+ --without-hesiod \ |
216 |
+ --enable-shared \ |
217 |
+ --with-system-et \ |
218 |
+ --with-system-ss \ |
219 |
+ --enable-dns-for-realm \ |
220 |
+ --enable-kdc-lookaside-cache \ |
221 |
+ --with-system-verto \ |
222 |
+ --disable-rpath |
223 |
+} |
224 |
+ |
225 |
+multilib_src_compile() { |
226 |
+ emake -j1 |
227 |
+} |
228 |
+ |
229 |
+multilib_src_test() { |
230 |
+ multilib_is_native_abi && emake -j1 check |
231 |
+} |
232 |
+ |
233 |
+multilib_src_install() { |
234 |
+ emake \ |
235 |
+ DESTDIR="${D}" \ |
236 |
+ EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ |
237 |
+ install |
238 |
+} |
239 |
+ |
240 |
+multilib_src_install_all() { |
241 |
+ # default database dir |
242 |
+ keepdir /var/lib/krb5kdc |
243 |
+ |
244 |
+ cd .. |
245 |
+ dodoc README |
246 |
+ |
247 |
+ if use doc; then |
248 |
+ dodoc -r doc/html |
249 |
+ docinto pdf |
250 |
+ dodoc doc/pdf/*.pdf |
251 |
+ fi |
252 |
+ |
253 |
+ newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind |
254 |
+ newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc |
255 |
+ newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd |
256 |
+ newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind |
257 |
+ newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc |
258 |
+ newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd |
259 |
+ |
260 |
+ systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service |
261 |
+ systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service |
262 |
+ systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service |
263 |
+ systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" |
264 |
+ systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket |
265 |
+ |
266 |
+ insinto /etc |
267 |
+ newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example |
268 |
+ insinto /var/lib/krb5kdc |
269 |
+ newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example |
270 |
+ |
271 |
+ if use openldap ; then |
272 |
+ insinto /etc/openldap/schema |
273 |
+ doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" |
274 |
+ fi |
275 |
+ |
276 |
+ if use xinetd ; then |
277 |
+ insinto /etc/xinetd.d |
278 |
+ newins "${FILESDIR}/kpropd.xinetd" kpropd |
279 |
+ fi |
280 |
+} |