Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/mit-krb5/files/, app-crypt/mit-krb5/
Date: Fri, 26 Jan 2018 21:07:47
Message-Id: 1517000849.f4a050c738af81bb82e7b640667f08e3199c5ca1.whissi@gentoo
1 commit: f4a050c738af81bb82e7b640667f08e3199c5ca1
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Fri Jan 26 21:07:00 2018 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Fri Jan 26 21:07:29 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a050c7
7
8 app-crypt/mit-krb5: bump, fixes CVE-2017-7562
9
10 Ebuild changes:
11 ===============
12 - Dropped the following upstreamed patches which are now included in v1.16:
13
14 - mit-krb5-1.14.2-redeclared-ttyname.patch
15 - mit-krb5-1.14.4-disable-nls.patch
16 - mit-krb5-1.15.2-fix-pkinit.patch
17
18 - We are now installing systemd services. [Bug 524412]
19
20 - Tests are now restricted because they are requiring network access.
21
22 Closes: https://bugs.gentoo.org/524412
23 Bug: https://bugs.gentoo.org/628936
24 Package-Manager: Portage-2.3.20, Repoman-2.3.6
25
26 app-crypt/mit-krb5/Manifest | 1 +
27 app-crypt/mit-krb5/files/mit-krb5kadmind.service | 8 ++
28 app-crypt/mit-krb5/files/mit-krb5kdc.service | 9 ++
29 app-crypt/mit-krb5/files/mit-krb5kpropd.service | 8 ++
30 app-crypt/mit-krb5/files/mit-krb5kpropd.socket | 9 ++
31 app-crypt/mit-krb5/files/mit-krb5kpropd_at.service | 8 ++
32 app-crypt/mit-krb5/mit-krb5-1.16.ebuild | 155 +++++++++++++++++++++
33 7 files changed, 198 insertions(+)
34
35 diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
36 index 58df981b5a6..ef54ec04904 100644
37 --- a/app-crypt/mit-krb5/Manifest
38 +++ b/app-crypt/mit-krb5/Manifest
39 @@ -1 +1,2 @@
40 DIST krb5-1.15.2.tar.gz 9380755 BLAKE2B 3f5d00a70bf44ef077872bde282e4753e82acb70632e136b8f9f8d3a192e3e7b692840803e5a3f67ddb202d53631767ea9eb8b7615d45a3479389a01a6390ac4 SHA512 e5814bb66384b13637c37918df694c6b9933c29c2d952da0ed0dcd2e623b269060b4c16b6c02162039dadebdab99ff1085e37e7621ae4748dafb036424e612c2
41 +DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9
42
43 diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.service b/app-crypt/mit-krb5/files/mit-krb5kadmind.service
44 new file mode 100644
45 index 00000000000..f3836c89862
46 --- /dev/null
47 +++ b/app-crypt/mit-krb5/files/mit-krb5kadmind.service
48 @@ -0,0 +1,8 @@
49 +[Unit]
50 +Description=Kerberos 5 administration server
51 +
52 +[Service]
53 +ExecStart=/usr/sbin/kadmind -nofork
54 +
55 +[Install]
56 +WantedBy=multi-user.target
57
58 diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.service b/app-crypt/mit-krb5/files/mit-krb5kdc.service
59 new file mode 100644
60 index 00000000000..6ec93bb7232
61 --- /dev/null
62 +++ b/app-crypt/mit-krb5/files/mit-krb5kdc.service
63 @@ -0,0 +1,9 @@
64 +[Unit]
65 +Description=Kerberos 5 KDC
66 +
67 +[Service]
68 +ExecStart=/usr/sbin/krb5kdc -n
69 +Restart=always
70 +
71 +[Install]
72 +WantedBy=multi-user.target
73
74 diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.service b/app-crypt/mit-krb5/files/mit-krb5kpropd.service
75 new file mode 100644
76 index 00000000000..a7c5b579d2b
77 --- /dev/null
78 +++ b/app-crypt/mit-krb5/files/mit-krb5kpropd.service
79 @@ -0,0 +1,8 @@
80 +[Unit]
81 +Description=Kerberos 5 propagation server
82 +
83 +[Service]
84 +ExecStart=/usr/sbin/kpropd -S
85 +
86 +[Install]
87 +WantedBy=multi-user.target
88
89 diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.socket b/app-crypt/mit-krb5/files/mit-krb5kpropd.socket
90 new file mode 100644
91 index 00000000000..4389290c0b1
92 --- /dev/null
93 +++ b/app-crypt/mit-krb5/files/mit-krb5kpropd.socket
94 @@ -0,0 +1,9 @@
95 +[Unit]
96 +Description=Kerberos 5 propagation server
97 +
98 +[Socket]
99 +ListenStream=754
100 +Accept=yes
101 +
102 +[Install]
103 +WantedBy=sockets.target
104
105 diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service b/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service
106 new file mode 100644
107 index 00000000000..f826eb33cb3
108 --- /dev/null
109 +++ b/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service
110 @@ -0,0 +1,8 @@
111 +[Unit]
112 +Description=Kerberos 5 propagation server
113 +Conflicts=mit-krb5kpropd.service
114 +
115 +[Service]
116 +ExecStart=/usr/sbin/kpropd
117 +StandardInput=socket
118 +StandardError=syslog
119
120 diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.ebuild
121 new file mode 100644
122 index 00000000000..acd4a3ed3b7
123 --- /dev/null
124 +++ b/app-crypt/mit-krb5/mit-krb5-1.16.ebuild
125 @@ -0,0 +1,155 @@
126 +# Copyright 1999-2018 Gentoo Foundation
127 +# Distributed under the terms of the GNU General Public License v2
128 +
129 +EAPI=6
130 +
131 +PYTHON_COMPAT=( python2_7 )
132 +inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
133 +
134 +MY_P="${P/mit-}"
135 +P_DIR=$(get_version_component_range 1-2)
136 +DESCRIPTION="MIT Kerberos V"
137 +HOMEPAGE="https://web.mit.edu/kerberos/www/"
138 +SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
139 +
140 +LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
141 +SLOT="0"
142 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
143 +IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
144 +
145 +# Test suite require network access
146 +RESTRICT="test"
147 +
148 +CDEPEND="
149 + !!app-crypt/heimdal
150 + >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
151 + || (
152 + >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
153 + >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
154 + >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
155 + )
156 + keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
157 + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
158 + pkinit? (
159 + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
160 + libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
161 + )
162 + xinetd? ( sys-apps/xinetd )
163 + abi_x86_32? (
164 + !<=app-emulation/emul-linux-x86-baselibs-20140508-r1
165 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
166 + )"
167 +DEPEND="${CDEPEND}
168 + ${PYTHON_DEPS}
169 + virtual/yacc
170 + doc? ( virtual/latex-base )
171 + test? (
172 + ${PYTHON_DEPS}
173 + dev-lang/tcl:0
174 + dev-util/dejagnu
175 + )"
176 +RDEPEND="${CDEPEND}
177 + selinux? ( sec-policy/selinux-kerberos )"
178 +
179 +S=${WORKDIR}/${MY_P}/src
180 +
181 +MULTILIB_CHOST_TOOLS=(
182 + /usr/bin/krb5-config
183 +)
184 +
185 +src_prepare() {
186 + eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
187 + eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
188 +
189 + # Make sure we always use the system copies.
190 + rm -rf util/{et,ss,verto}
191 + sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
192 +
193 + eapply_user
194 + eautoreconf
195 +}
196 +
197 +src_configure() {
198 + # QA
199 + append-flags -fno-strict-aliasing
200 + append-flags -fno-strict-overflow
201 +
202 + multilib-minimal_src_configure
203 +}
204 +
205 +multilib_src_configure() {
206 + use keyutils || export ac_cv_header_keyutils_h=no
207 + ECONF_SOURCE=${S} \
208 + WARN_CFLAGS="set" \
209 + econf \
210 + $(use_with openldap ldap) \
211 + "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
212 + $(use_enable nls) \
213 + $(use_enable pkinit) \
214 + $(use_enable threads thread-support) \
215 + --without-hesiod \
216 + --enable-shared \
217 + --with-system-et \
218 + --with-system-ss \
219 + --enable-dns-for-realm \
220 + --enable-kdc-lookaside-cache \
221 + --with-system-verto \
222 + --disable-rpath
223 +}
224 +
225 +multilib_src_compile() {
226 + emake -j1
227 +}
228 +
229 +multilib_src_test() {
230 + multilib_is_native_abi && emake -j1 check
231 +}
232 +
233 +multilib_src_install() {
234 + emake \
235 + DESTDIR="${D}" \
236 + EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
237 + install
238 +}
239 +
240 +multilib_src_install_all() {
241 + # default database dir
242 + keepdir /var/lib/krb5kdc
243 +
244 + cd ..
245 + dodoc README
246 +
247 + if use doc; then
248 + dodoc -r doc/html
249 + docinto pdf
250 + dodoc doc/pdf/*.pdf
251 + fi
252 +
253 + newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
254 + newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
255 + newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
256 + newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
257 + newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
258 + newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
259 +
260 + systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
261 + systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
262 + systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
263 + systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
264 + systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
265 +
266 + insinto /etc
267 + newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
268 + insinto /var/lib/krb5kdc
269 + newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
270 +
271 + if use openldap ; then
272 + insinto /etc/openldap/schema
273 + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
274 + fi
275 +
276 + if use xinetd ; then
277 + insinto /etc/xinetd.d
278 + newins "${FILESDIR}/kpropd.xinetd" kpropd
279 + fi
280 +}
Report Message
Find on MARC Find on Google Groups