Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matt Turner <mattst88@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/mit-krb5/, app-crypt/mit-krb5/files/
Date: Sat, 28 Sep 2019 18:27:33
Message-Id: 1569695233.bd1940d2e752a50a37710fcec0984fc1ff0234e7.mattst88@gentoo
1 commit: bd1940d2e752a50a37710fcec0984fc1ff0234e7
2 Author: Matt Turner <mattst88 <AT> gentoo <DOT> org>
3 AuthorDate: Sat Sep 28 18:25:58 2019 +0000
4 Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org>
5 CommitDate: Sat Sep 28 18:27:13 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd1940d2
7
8 app-crypt/mit-krb5: Drop old versions
9
10 Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>
11
12 app-crypt/mit-krb5/Manifest | 4 -
13 app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch | 297 ---------------------
14 .../mit-krb5/files/mit-krb5-1.16.3-libressl.patch | 101 -------
15 .../mit-krb5/files/mit-krb5-config_LDFLAGS.patch | 12 -
16 .../files/mit-krb5-libressl-version-check.patch | 31 ---
17 app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 154 -----------
18 app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild | 153 -----------
19 app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild | 161 -----------
20 app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild | 161 -----------
21 9 files changed, 1074 deletions(-)
22
23 diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
24 index 0911382bd22..4b2ab0c10a3 100644
25 --- a/app-crypt/mit-krb5/Manifest
26 +++ b/app-crypt/mit-krb5/Manifest
27 @@ -1,5 +1 @@
28 -DIST krb5-1.16.1.tar.gz 9477480 BLAKE2B 16bdd7d6d03ddbd4b070663c3a7a3d2331d54e8590b24f1dc162be2531bfbbbd65878d426a160c65ffc1ba4751f16bbbd177a8a91c01002fde0e886cc1bd91b9 SHA512 fa4ec14a4ffe690861e2dd7ea39d7698af2058ce181bb733ea891f80279f4dde4bb891adec5ccb0eaddf737306e6ceb1fe3744a2946e6189a7d7d2dd3bc5ba84
29 -DIST krb5-1.16.2.tar.gz 9652415 BLAKE2B 21c4d56e43476a9b87a4ca9a8b7d0dd5739d3d70731fb4727de5ae248d8638e2016581cd2462f5e2ec7950d9e216aa165199505e581fa10db81ce26062fc097e SHA512 738c071a90e0f38680bb17bdcf950310bc4549f3cb851e1d34de11239ae88178e6ee1a5e5d48c6d3efef544339b07d22dba5347dd763a4266d8d4df7cf47afc9
30 -DIST krb5-1.16.3.tar.gz 9656985 BLAKE2B 92e6d2b5f27e80f495d7bb3fb64acfb03530156fb8e1a07dbc8d045616fd2ac4be8047d844580e3aa01d5e8b733ceea9024290dcc53b691696201f02a31e3034 SHA512 77da5f8bb19108e158c3df5a17b9141b7cbbae7d01f9f0dca5c504dc4b468953d67a1f4566bed5a062d8ff8e0d80796094dea12d2e45bdda810a1633bb08318d
31 -DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9
32 DIST krb5-1.17.tar.gz 8761763 BLAKE2B 76f636836c67e9eefca91c9417118efdcf4437c1220691f43f3d246daf3eabd53b40a30956f0e57703c3fde5d7193b1d86b68becf3ae1c0c803d2462e79d3014 SHA512 7462a578b936bd17f155a362dbb5d388e157a80a096549028be6c55400b11361c7f8a28e424fd5674801873651df4e694d536cae66728b7ae5e840e532358c52
33
34 diff --git a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch b/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch
35 deleted file mode 100644
36 index 114cfe688e7..00000000000
37 --- a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch
38 +++ /dev/null
39 @@ -1,297 +0,0 @@
40 -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
41 -index 2420f2c2be..a59a65e8f6 100644
42 ---- a/src/lib/kadm5/srv/svr_principal.c
43 -+++ b/src/lib/kadm5/srv/svr_principal.c
44 -@@ -330,6 +330,13 @@ kadm5_create_principal_3(void *server_handle,
45 - return KADM5_BAD_MASK;
46 - if((mask & ~ALL_PRINC_MASK))
47 - return KADM5_BAD_MASK;
48 -+ if (mask & KADM5_TL_DATA) {
49 -+ for (tl_data_tail = entry->tl_data; tl_data_tail != NULL;
50 -+ tl_data_tail = tl_data_tail->tl_data_next) {
51 -+ if (tl_data_tail->tl_data_type < 256)
52 -+ return KADM5_BAD_TL_TYPE;
53 -+ }
54 -+ }
55 -
56 - /*
57 - * Check to see if the principal exists
58 -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
59 -index 535a1f309e..8b8420faa9 100644
60 ---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
61 -+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
62 -@@ -141,7 +141,7 @@ extern int set_ldap_error (krb5_context ctx, int st, int op);
63 - #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
64 - #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
65 -
66 --#define KDB_TL_USER_INFO 0x7ffe
67 -+#define KDB_TL_USER_INFO 0xff
68 -
69 - #define KDB_TL_PRINCTYPE 0x01
70 - #define KDB_TL_PRINCCOUNT 0x02
71 -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
72 -index 88a1704950..b7c9212cb2 100644
73 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
74 -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
75 -@@ -651,6 +651,107 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
76 - return ret;
77 - }
78 -
79 -+static krb5_error_code
80 -+check_dn_in_container(krb5_context context, const char *dn,
81 -+ char *const *subtrees, unsigned int ntrees)
82 -+{
83 -+ unsigned int i;
84 -+ size_t dnlen = strlen(dn), stlen;
85 -+
86 -+ for (i = 0; i < ntrees; i++) {
87 -+ if (subtrees[i] == NULL || *subtrees[i] == '\0')
88 -+ return 0;
89 -+ stlen = strlen(subtrees[i]);
90 -+ if (dnlen >= stlen &&
91 -+ strcasecmp(dn + dnlen - stlen, subtrees[i]) == 0 &&
92 -+ (dnlen == stlen || dn[dnlen - stlen - 1] == ','))
93 -+ return 0;
94 -+ }
95 -+
96 -+ k5_setmsg(context, EINVAL, _("DN is out of the realm subtree"));
97 -+ return EINVAL;
98 -+}
99 -+
100 -+static krb5_error_code
101 -+check_dn_exists(krb5_context context,
102 -+ krb5_ldap_server_handle *ldap_server_handle,
103 -+ const char *dn, krb5_boolean nonkrb_only)
104 -+{
105 -+ krb5_error_code st = 0, tempst;
106 -+ krb5_ldap_context *ldap_context = context->dal_handle->db_context;
107 -+ LDAP *ld = ldap_server_handle->ldap_handle;
108 -+ LDAPMessage *result = NULL, *ent;
109 -+ char *attrs[] = { "krbticketpolicyreference", "krbprincipalname", NULL };
110 -+ char **values;
111 -+
112 -+ LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attrs, IGNORE_STATUS);
113 -+ if (st != LDAP_SUCCESS)
114 -+ return set_ldap_error(context, st, OP_SEARCH);
115 -+
116 -+ ent = ldap_first_entry(ld, result);
117 -+ CHECK_NULL(ent);
118 -+
119 -+ values = ldap_get_values(ld, ent, "krbticketpolicyreference");
120 -+ if (values != NULL)
121 -+ ldap_value_free(values);
122 -+
123 -+ values = ldap_get_values(ld, ent, "krbprincipalname");
124 -+ if (values != NULL) {
125 -+ ldap_value_free(values);
126 -+ if (nonkrb_only) {
127 -+ st = EINVAL;
128 -+ k5_setmsg(context, st, _("ldap object is already kerberized"));
129 -+ goto cleanup;
130 -+ }
131 -+ }
132 -+
133 -+cleanup:
134 -+ ldap_msgfree(result);
135 -+ return st;
136 -+}
137 -+
138 -+static krb5_error_code
139 -+validate_xargs(krb5_context context,
140 -+ krb5_ldap_server_handle *ldap_server_handle,
141 -+ const xargs_t *xargs, const char *standalone_dn,
142 -+ char *const *subtrees, unsigned int ntrees)
143 -+{
144 -+ krb5_error_code st;
145 -+
146 -+ if (xargs->dn != NULL) {
147 -+ /* The supplied dn must be within a realm container. */
148 -+ st = check_dn_in_container(context, xargs->dn, subtrees, ntrees);
149 -+ if (st)
150 -+ return st;
151 -+ /* The supplied dn must exist without Kerberos attributes. */
152 -+ st = check_dn_exists(context, ldap_server_handle, xargs->dn, TRUE);
153 -+ if (st)
154 -+ return st;
155 -+ }
156 -+
157 -+ if (xargs->linkdn != NULL) {
158 -+ /* The supplied linkdn must be within a realm container. */
159 -+ st = check_dn_in_container(context, xargs->linkdn, subtrees, ntrees);
160 -+ if (st)
161 -+ return st;
162 -+ /* The supplied linkdn must exist. */
163 -+ st = check_dn_exists(context, ldap_server_handle, xargs->linkdn,
164 -+ FALSE);
165 -+ if (st)
166 -+ return st;
167 -+ }
168 -+
169 -+ if (xargs->containerdn != NULL && standalone_dn != NULL) {
170 -+ /* standalone_dn (likely composed using containerdn) must be within a
171 -+ * container. */
172 -+ st = check_dn_in_container(context, standalone_dn, subtrees, ntrees);
173 -+ if (st)
174 -+ return st;
175 -+ }
176 -+
177 -+ return 0;
178 -+}
179 -+
180 - krb5_error_code
181 - krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
182 - char **db_args)
183 -@@ -662,12 +763,12 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
184 - LDAPMessage *result=NULL, *ent=NULL;
185 - char **subtreelist = NULL;
186 - char *user=NULL, *subtree=NULL, *principal_dn=NULL;
187 -- char **values=NULL, *strval[10]={NULL}, errbuf[1024];
188 -+ char *strval[10]={NULL}, errbuf[1024];
189 - char *filtuser=NULL;
190 - struct berval **bersecretkey=NULL;
191 - LDAPMod **mods=NULL;
192 - krb5_boolean create_standalone=FALSE;
193 -- krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE;
194 -+ krb5_boolean establish_links=FALSE;
195 - char *standalone_principal_dn=NULL;
196 - krb5_tl_data *tl_data=NULL;
197 - krb5_key_data **keys=NULL;
198 -@@ -860,24 +961,6 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
199 - * any of the subtrees
200 - */
201 - if (xargs.dn_from_kbd == TRUE) {
202 -- /* make sure the DN falls in the subtree */
203 -- int dnlen=0, subtreelen=0;
204 -- char *dn=NULL;
205 -- krb5_boolean outofsubtree=TRUE;
206 --
207 -- if (xargs.dn != NULL) {
208 -- dn = xargs.dn;
209 -- } else if (xargs.linkdn != NULL) {
210 -- dn = xargs.linkdn;
211 -- } else if (standalone_principal_dn != NULL) {
212 -- /*
213 -- * Even though the standalone_principal_dn is constructed
214 -- * within this function, there is the containerdn input
215 -- * from the user that can become part of the it.
216 -- */
217 -- dn = standalone_principal_dn;
218 -- }
219 --
220 - /* Get the current subtree list if we haven't already done so. */
221 - if (subtreelist == NULL) {
222 - st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees);
223 -@@ -885,81 +968,10 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
224 - goto cleanup;
225 - }
226 -
227 -- for (tre=0; tre<ntrees; ++tre) {
228 -- if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
229 -- outofsubtree = FALSE;
230 -- break;
231 -- } else {
232 -- dnlen = strlen (dn);
233 -- subtreelen = strlen(subtreelist[tre]);
234 -- if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
235 -- outofsubtree = FALSE;
236 -- break;
237 -- }
238 -- }
239 -- }
240 --
241 -- if (outofsubtree == TRUE) {
242 -- st = EINVAL;
243 -- k5_setmsg(context, st, _("DN is out of the realm subtree"));
244 -+ st = validate_xargs(context, ldap_server_handle, &xargs,
245 -+ standalone_principal_dn, subtreelist, ntrees);
246 -+ if (st)
247 - goto cleanup;
248 -- }
249 --
250 -- /*
251 -- * dn value will be set either by dn, linkdn or the standalone_principal_dn
252 -- * In the first 2 cases, the dn should be existing and in the last case we
253 -- * are supposed to create the ldap object. so the below should not be
254 -- * executed for the last case.
255 -- */
256 --
257 -- if (standalone_principal_dn == NULL) {
258 -- /*
259 -- * If the ldap object is missing, this results in an error.
260 -- */
261 --
262 -- /*
263 -- * Search for krbprincipalname attribute here.
264 -- * This is to find if a kerberos identity is already present
265 -- * on the ldap object, in which case adding a kerberos identity
266 -- * on the ldap object should result in an error.
267 -- */
268 -- char *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
269 --
270 -- ldap_msgfree(result);
271 -- result = NULL;
272 -- LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
273 -- if (st == LDAP_SUCCESS) {
274 -- ent = ldap_first_entry(ld, result);
275 -- if (ent != NULL) {
276 -- if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
277 -- ldap_value_free(values);
278 -- }
279 --
280 -- if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
281 -- krb_identity_exists = TRUE;
282 -- ldap_value_free(values);
283 -- }
284 -- }
285 -- } else {
286 -- st = set_ldap_error(context, st, OP_SEARCH);
287 -- goto cleanup;
288 -- }
289 -- }
290 -- }
291 --
292 -- /*
293 -- * If xargs.dn is set then the request is to add a
294 -- * kerberos principal on a ldap object, but if
295 -- * there is one already on the ldap object this
296 -- * should result in an error.
297 -- */
298 --
299 -- if (xargs.dn != NULL && krb_identity_exists == TRUE) {
300 -- st = EINVAL;
301 -- snprintf(errbuf, sizeof(errbuf),
302 -- _("ldap object is already kerberized"));
303 -- k5_setmsg(context, st, "%s", errbuf);
304 -- goto cleanup;
305 - }
306 -
307 - if (xargs.linkdn != NULL) {
308 -diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
309 -index 217f2cdc3b..6e563b1032 100755
310 ---- a/src/tests/t_kdb.py
311 -+++ b/src/tests/t_kdb.py
312 -@@ -203,6 +203,12 @@ def ldap_add(dn, objectclass, attrs=[]):
313 - # in the test LDAP server.
314 - realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=krb5', 'princ1'],
315 - expected_code=1, expected_msg='DN is out of the realm subtree')
316 -+# Check that the DN container check is a hierarchy test, not a simple
317 -+# suffix match (CVE-2018-5730). We expect this operation to fail
318 -+# either way (because "xcn" isn't a valid DN tag) but the container
319 -+# check should happen before the DN is parsed.
320 -+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=xcn=t1,cn=krb5', 'princ1'],
321 -+ expected_code=1, expected_msg='DN is out of the realm subtree')
322 - realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'princ1'])
323 - realm.run([kadminl, 'getprinc', 'princ1'], expected_msg='Principal: princ1')
324 - realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'again'],
325 -@@ -226,6 +232,11 @@ def ldap_add(dn, objectclass, attrs=[]):
326 - 'princ3'])
327 - realm.run([kadminl, 'modprinc', '-x', 'containerdn=cn=t2,cn=krb5', 'princ3'],
328 - expected_code=1, expected_msg='containerdn option not supported')
329 -+# Verify that containerdn is checked when linkdn is also supplied
330 -+# (CVE-2018-5730).
331 -+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5',
332 -+ '-x', 'linkdn=cn=t2,cn=krb5', 'princ4'], expected_code=1,
333 -+ expected_msg='DN is out of the realm subtree')
334 -
335 - # Create and modify a ticket policy.
336 - kldaputil(['create_policy', '-maxtktlife', '3hour', '-maxrenewlife', '6hour',
337
338 diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch
339 deleted file mode 100644
340 index 7a655fb9a1d..00000000000
341 --- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch
342 +++ /dev/null
343 @@ -1,101 +0,0 @@
344 -From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001
345 -From: Stefan Strogin <stefan.strogin@×××××.com>
346 -Date: Thu, 25 Apr 2019 03:48:10 +0300
347 -Subject: [PATCH] Fix build for LibreSSL 2.9.x
348 -
349 -asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods
350 -are not defined. Define them.
351 -
352 -Upstream-Status: Pending
353 -[Needs to be amended if
354 -https://github.com/libressl-portable/openbsd/pull/109 is accepted]
355 -Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com>
356 ----
357 - .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++----
358 - .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++-
359 - 2 files changed, 28 insertions(+), 5 deletions(-)
360 -
361 -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
362 -index 2064eb7bd..81d5d3cf2 100644
363 ---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
364 -+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
365 -@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err);
366 - (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
367 - #endif
368 -
369 --#if OPENSSL_VERSION_NUMBER < 0x10100000L
370 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
371 -
372 --/* 1.1 standardizes constructor and destructor names, renaming
373 -- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
374 -+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names,
375 -+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
376 -
377 -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
378 - #define EVP_MD_CTX_new EVP_MD_CTX_create
379 - #define EVP_MD_CTX_free EVP_MD_CTX_destroy
380 - #define ASN1_STRING_get0_data ASN1_STRING_data
381 -+#endif
382 -
383 - /* 1.1 makes many handle types opaque and adds accessors. Add compatibility
384 - * versions of the new accessors we use for pre-1.1. */
385 -@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err);
386 - #define OBJ_get0_data(o) ((o)->data)
387 - #define OBJ_length(o) ((o)->length)
388 -
389 -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
390 - #define DH_set0_pqg compat_dh_set0_pqg
391 - static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
392 - {
393 -@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub,
394 - if (priv != NULL)
395 - *priv = dh->priv_key;
396 - }
397 -+#endif /* LIBRESSL_VERSION_NUMBER */
398 -
399 - /* Return true if the cert c includes a key usage which doesn't include u.
400 - * Define using direct member access for pre-1.1. */
401 -@@ -3040,7 +3044,8 @@ cleanup:
402 - return retval;
403 - }
404 -
405 --#if OPENSSL_VERSION_NUMBER >= 0x10100000L
406 -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
407 -+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL
408 -
409 - /*
410 - * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
411 -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
412 -index 7411348fa..ac91408c4 100644
413 ---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
414 -+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
415 -@@ -46,7 +46,25 @@
416 - #include <openssl/asn1.h>
417 - #include <openssl/pem.h>
418 -
419 --#if OPENSSL_VERSION_NUMBER >= 0x10100000L
420 -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
421 -+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL
422 -+
423 -+#ifndef static_ASN1_SEQUENCE_END_name
424 -+#define static_ASN1_ITEM_start(itname) \
425 -+ static const ASN1_ITEM itname##_it = {
426 -+#define static_ASN1_SEQUENCE_END_name(stname, tname) \
427 -+ ;\
428 -+ static_ASN1_ITEM_start(tname) \
429 -+ ASN1_ITYPE_SEQUENCE,\
430 -+ V_ASN1_SEQUENCE,\
431 -+ tname##_seq_tt,\
432 -+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
433 -+ NULL,\
434 -+ sizeof(stname),\
435 -+ #stname \
436 -+ ASN1_ITEM_end(tname)
437 -+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */
438 -+
439 - #include <openssl/asn1t.h>
440 - #else
441 - #include <openssl/asn1_mac.h>
442 ---
443 -2.21.0
444 -
445
446 diff --git a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch
447 deleted file mode 100644
448 index 8490e629a37..00000000000
449 --- a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch
450 +++ /dev/null
451 @@ -1,12 +0,0 @@
452 -Bug #448778
453 ---- a/src/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000
454 -+++ b/src/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000
455 -@@ -217,7 +217,7 @@
456 - -e 's#\$(PROG_RPATH)#'$libdir'#' \
457 - -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \
458 - -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
459 -- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
460 -+ -e 's#\$(LDFLAGS)##' \
461 - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
462 - -e 's#\$(CFLAGS)##'`
463 -
464
465 diff --git a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch b/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch
466 deleted file mode 100644
467 index 5c979cfd1ef..00000000000
468 --- a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch
469 +++ /dev/null
470 @@ -1,31 +0,0 @@
471 ---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
472 -+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
473 -@@ -191,7 +191,7 @@ pkinit_pkcs11_code_to_text(int err);
474 - (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
475 - #endif
476 -
477 --#if OPENSSL_VERSION_NUMBER < 0x10100000L
478 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
479 -
480 - /* 1.1 standardizes constructor and destructor names, renaming
481 - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
482 -@@ -3059,7 +3059,7 @@ cleanup:
483 - return retval;
484 - }
485 -
486 --#if OPENSSL_VERSION_NUMBER >= 0x10100000L
487 -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
488 -
489 - /*
490 - * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
491 ---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
492 -+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
493 -@@ -46,7 +46,7 @@
494 - #include <openssl/asn1.h>
495 - #include <openssl/pem.h>
496 -
497 --#if OPENSSL_VERSION_NUMBER >= 0x10100000L
498 -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
499 - #include <openssl/asn1t.h>
500 - #else
501 - #include <openssl/asn1_mac.h>
502
503 diff --git a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild
504 deleted file mode 100644
505 index 1953c395599..00000000000
506 --- a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild
507 +++ /dev/null
508 @@ -1,154 +0,0 @@
509 -# Copyright 1999-2018 Gentoo Foundation
510 -# Distributed under the terms of the GNU General Public License v2
511 -
512 -EAPI=6
513 -
514 -PYTHON_COMPAT=( python2_7 )
515 -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
516 -
517 -MY_P="${P/mit-}"
518 -P_DIR=$(get_version_component_range 1-2)
519 -DESCRIPTION="MIT Kerberos V"
520 -HOMEPAGE="https://web.mit.edu/kerberos/www/"
521 -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
522 -
523 -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
524 -SLOT="0"
525 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86"
526 -IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
527 -
528 -# Test suite require network access
529 -RESTRICT="test"
530 -
531 -CDEPEND="
532 - !!app-crypt/heimdal
533 - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
534 - || (
535 - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
536 - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
537 - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
538 - )
539 - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
540 - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
541 - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
542 - pkinit? (
543 - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
544 - libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
545 - )
546 - xinetd? ( sys-apps/xinetd )"
547 -DEPEND="${CDEPEND}
548 - ${PYTHON_DEPS}
549 - virtual/yacc
550 - doc? ( virtual/latex-base )
551 - test? (
552 - ${PYTHON_DEPS}
553 - dev-lang/tcl:0
554 - dev-util/dejagnu
555 - )"
556 -RDEPEND="${CDEPEND}
557 - selinux? ( sec-policy/selinux-kerberos )"
558 -
559 -S=${WORKDIR}/${MY_P}/src
560 -
561 -MULTILIB_CHOST_TOOLS=(
562 - /usr/bin/krb5-config
563 -)
564 -
565 -src_prepare() {
566 - eapply -p2 "${FILESDIR}/CVE-2018-5729-5730.patch"
567 - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
568 - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
569 - eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
570 -
571 - # Make sure we always use the system copies.
572 - rm -rf util/{et,ss,verto}
573 - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
574 -
575 - eapply_user
576 - eautoreconf
577 -}
578 -
579 -src_configure() {
580 - # QA
581 - append-flags -fno-strict-aliasing
582 - append-flags -fno-strict-overflow
583 -
584 - multilib-minimal_src_configure
585 -}
586 -
587 -multilib_src_configure() {
588 - use keyutils || export ac_cv_header_keyutils_h=no
589 - ECONF_SOURCE=${S} \
590 - WARN_CFLAGS="set" \
591 - econf \
592 - $(use_with openldap ldap) \
593 - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
594 - $(use_enable nls) \
595 - $(use_enable pkinit) \
596 - $(use_enable threads thread-support) \
597 - --without-hesiod \
598 - --enable-shared \
599 - --with-system-et \
600 - --with-system-ss \
601 - --enable-dns-for-realm \
602 - --enable-kdc-lookaside-cache \
603 - --with-system-verto \
604 - --disable-rpath
605 -}
606 -
607 -multilib_src_compile() {
608 - emake -j1
609 -}
610 -
611 -multilib_src_test() {
612 - multilib_is_native_abi && emake -j1 check
613 -}
614 -
615 -multilib_src_install() {
616 - emake \
617 - DESTDIR="${D}" \
618 - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
619 - install
620 -}
621 -
622 -multilib_src_install_all() {
623 - # default database dir
624 - keepdir /var/lib/krb5kdc
625 -
626 - cd ..
627 - dodoc README
628 -
629 - if use doc; then
630 - dodoc -r doc/html
631 - docinto pdf
632 - dodoc doc/pdf/*.pdf
633 - fi
634 -
635 - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
636 - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
637 - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
638 - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
639 - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
640 - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
641 -
642 - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
643 - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
644 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
645 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
646 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
647 -
648 - insinto /etc
649 - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
650 - insinto /var/lib/krb5kdc
651 - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
652 -
653 - if use openldap ; then
654 - insinto /etc/openldap/schema
655 - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
656 - fi
657 -
658 - if use xinetd ; then
659 - insinto /etc/xinetd.d
660 - newins "${FILESDIR}/kpropd.xinetd" kpropd
661 - fi
662 -}
663
664 diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
665 deleted file mode 100644
666 index 6e6edde5000..00000000000
667 --- a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
668 +++ /dev/null
669 @@ -1,153 +0,0 @@
670 -# Copyright 1999-2018 Gentoo Foundation
671 -# Distributed under the terms of the GNU General Public License v2
672 -
673 -EAPI=6
674 -
675 -PYTHON_COMPAT=( python2_7 )
676 -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
677 -
678 -MY_P="${P/mit-}"
679 -P_DIR=$(get_version_component_range 1-2)
680 -DESCRIPTION="MIT Kerberos V"
681 -HOMEPAGE="https://web.mit.edu/kerberos/www/"
682 -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
683 -
684 -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
685 -SLOT="0"
686 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
687 -IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
688 -
689 -# Test suite require network access
690 -RESTRICT="test"
691 -
692 -CDEPEND="
693 - !!app-crypt/heimdal
694 - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
695 - || (
696 - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
697 - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
698 - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
699 - )
700 - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
701 - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
702 - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
703 - pkinit? (
704 - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
705 - libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
706 - )
707 - xinetd? ( sys-apps/xinetd )"
708 -DEPEND="${CDEPEND}
709 - ${PYTHON_DEPS}
710 - virtual/yacc
711 - doc? ( virtual/latex-base )
712 - test? (
713 - ${PYTHON_DEPS}
714 - dev-lang/tcl:0
715 - dev-util/dejagnu
716 - )"
717 -RDEPEND="${CDEPEND}
718 - selinux? ( sec-policy/selinux-kerberos )"
719 -
720 -S=${WORKDIR}/${MY_P}/src
721 -
722 -MULTILIB_CHOST_TOOLS=(
723 - /usr/bin/krb5-config
724 -)
725 -
726 -src_prepare() {
727 - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
728 - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
729 - eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
730 -
731 - # Make sure we always use the system copies.
732 - rm -rf util/{et,ss,verto}
733 - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
734 -
735 - eapply_user
736 - eautoreconf
737 -}
738 -
739 -src_configure() {
740 - # QA
741 - append-flags -fno-strict-aliasing
742 - append-flags -fno-strict-overflow
743 -
744 - multilib-minimal_src_configure
745 -}
746 -
747 -multilib_src_configure() {
748 - use keyutils || export ac_cv_header_keyutils_h=no
749 - ECONF_SOURCE=${S} \
750 - WARN_CFLAGS="set" \
751 - econf \
752 - $(use_with openldap ldap) \
753 - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
754 - $(use_enable nls) \
755 - $(use_enable pkinit) \
756 - $(use_enable threads thread-support) \
757 - --without-hesiod \
758 - --enable-shared \
759 - --with-system-et \
760 - --with-system-ss \
761 - --enable-dns-for-realm \
762 - --enable-kdc-lookaside-cache \
763 - --with-system-verto \
764 - --disable-rpath
765 -}
766 -
767 -multilib_src_compile() {
768 - emake -j1
769 -}
770 -
771 -multilib_src_test() {
772 - multilib_is_native_abi && emake -j1 check
773 -}
774 -
775 -multilib_src_install() {
776 - emake \
777 - DESTDIR="${D}" \
778 - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
779 - install
780 -}
781 -
782 -multilib_src_install_all() {
783 - # default database dir
784 - keepdir /var/lib/krb5kdc
785 -
786 - cd ..
787 - dodoc README
788 -
789 - if use doc; then
790 - dodoc -r doc/html
791 - docinto pdf
792 - dodoc doc/pdf/*.pdf
793 - fi
794 -
795 - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
796 - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
797 - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
798 - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
799 - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
800 - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
801 -
802 - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
803 - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
804 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
805 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
806 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
807 -
808 - insinto /etc
809 - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
810 - insinto /var/lib/krb5kdc
811 - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
812 -
813 - if use openldap ; then
814 - insinto /etc/openldap/schema
815 - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
816 - fi
817 -
818 - if use xinetd ; then
819 - insinto /etc/xinetd.d
820 - newins "${FILESDIR}/kpropd.xinetd" kpropd
821 - fi
822 -}
823
824 diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild
825 deleted file mode 100644
826 index 75bb0cdbf0b..00000000000
827 --- a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild
828 +++ /dev/null
829 @@ -1,161 +0,0 @@
830 -# Copyright 1999-2018 Gentoo Authors
831 -# Distributed under the terms of the GNU General Public License v2
832 -
833 -EAPI=7
834 -
835 -PYTHON_COMPAT=( python2_7 )
836 -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd
837 -
838 -MY_P="${P/mit-}"
839 -P_DIR=$(ver_cut 1-2)
840 -DESCRIPTION="MIT Kerberos V"
841 -HOMEPAGE="https://web.mit.edu/kerberos/www/"
842 -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
843 -
844 -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
845 -SLOT="0"
846 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
847 -IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
848 -
849 -# Test suite require network access
850 -RESTRICT="test"
851 -
852 -CDEPEND="
853 - !!app-crypt/heimdal
854 - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
855 - || (
856 - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
857 - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
858 - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
859 - )
860 - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
861 - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
862 - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
863 - pkinit? (
864 - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
865 - libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
866 - )
867 - xinetd? ( sys-apps/xinetd )
868 - "
869 -DEPEND="${CDEPEND}
870 - ${PYTHON_DEPS}
871 - virtual/yacc
872 - cpu_flags_x86_aes? (
873 - amd64? ( dev-lang/yasm )
874 - x86? ( dev-lang/yasm )
875 - )
876 - doc? ( virtual/latex-base )
877 - test? (
878 - ${PYTHON_DEPS}
879 - dev-lang/tcl:0
880 - dev-util/dejagnu
881 - dev-util/cmocka
882 - )"
883 -RDEPEND="${CDEPEND}
884 - selinux? ( sec-policy/selinux-kerberos )"
885 -
886 -S=${WORKDIR}/${MY_P}/src
887 -
888 -MULTILIB_CHOST_TOOLS=(
889 - /usr/bin/krb5-config
890 -)
891 -
892 -src_prepare() {
893 - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
894 - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
895 - eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
896 -
897 - # Make sure we always use the system copies.
898 - rm -rf util/{et,ss,verto}
899 - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
900 -
901 - eapply_user
902 - eautoreconf
903 -}
904 -
905 -src_configure() {
906 - # QA
907 - append-flags -fno-strict-aliasing
908 - append-flags -fno-strict-overflow
909 -
910 - multilib-minimal_src_configure
911 -}
912 -
913 -multilib_src_configure() {
914 - use keyutils || export ac_cv_header_keyutils_h=no
915 - ECONF_SOURCE=${S} \
916 - WARN_CFLAGS="set" \
917 - econf \
918 - $(use_with openldap ldap) \
919 - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
920 - $(use_enable nls) \
921 - $(use_enable pkinit) \
922 - $(use_enable threads thread-support) \
923 - --without-hesiod \
924 - --enable-shared \
925 - --with-system-et \
926 - --with-system-ss \
927 - --enable-dns-for-realm \
928 - --enable-kdc-lookaside-cache \
929 - --with-system-verto \
930 - --disable-rpath
931 -}
932 -
933 -multilib_src_compile() {
934 - emake -j1
935 -}
936 -
937 -multilib_src_test() {
938 - multilib_is_native_abi && emake -j1 check
939 -}
940 -
941 -multilib_src_install() {
942 - emake \
943 - DESTDIR="${D}" \
944 - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
945 - install
946 -}
947 -
948 -multilib_src_install_all() {
949 - # default database dir
950 - keepdir /var/lib/krb5kdc
951 -
952 - rmdir "${ED}"/var/lib/{run/krb5kdc,run}
953 -
954 - cd ..
955 - dodoc README
956 -
957 - if use doc; then
958 - dodoc -r doc/html
959 - docinto pdf
960 - dodoc doc/pdf/*.pdf
961 - fi
962 -
963 - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
964 - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
965 - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
966 - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
967 - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
968 - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
969 -
970 - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
971 - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
972 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
973 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
974 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
975 -
976 - insinto /etc
977 - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
978 - insinto /var/lib/krb5kdc
979 - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
980 -
981 - if use openldap ; then
982 - insinto /etc/openldap/schema
983 - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
984 - fi
985 -
986 - if use xinetd ; then
987 - insinto /etc/xinetd.d
988 - newins "${FILESDIR}/kpropd.xinetd" kpropd
989 - fi
990 -}
991
992 diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild
993 deleted file mode 100644
994 index 9d8b9911639..00000000000
995 --- a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild
996 +++ /dev/null
997 @@ -1,161 +0,0 @@
998 -# Copyright 1999-2019 Gentoo Authors
999 -# Distributed under the terms of the GNU General Public License v2
1000 -
1001 -EAPI=7
1002 -
1003 -PYTHON_COMPAT=( python2_7 )
1004 -inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd
1005 -
1006 -MY_P="${P/mit-}"
1007 -P_DIR=$(ver_cut 1-2)
1008 -DESCRIPTION="MIT Kerberos V"
1009 -HOMEPAGE="https://web.mit.edu/kerberos/www/"
1010 -SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
1011 -
1012 -LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
1013 -SLOT="0"
1014 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
1015 -IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
1016 -
1017 -# Test suite require network access
1018 -#RESTRICT="test"
1019 -
1020 -CDEPEND="
1021 - !!app-crypt/heimdal
1022 - >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
1023 - || (
1024 - >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
1025 - >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
1026 - >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
1027 - )
1028 - keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
1029 - nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
1030 - openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
1031 - pkinit? (
1032 - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
1033 - libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
1034 - )
1035 - xinetd? ( sys-apps/xinetd )
1036 - "
1037 -DEPEND="${CDEPEND}
1038 - ${PYTHON_DEPS}
1039 - virtual/yacc
1040 - cpu_flags_x86_aes? (
1041 - amd64? ( dev-lang/yasm )
1042 - x86? ( dev-lang/yasm )
1043 - )
1044 - doc? ( virtual/latex-base )
1045 - test? (
1046 - ${PYTHON_DEPS}
1047 - dev-lang/tcl:0
1048 - dev-util/dejagnu
1049 - dev-util/cmocka
1050 - )"
1051 -RDEPEND="${CDEPEND}
1052 - selinux? ( sec-policy/selinux-kerberos )"
1053 -
1054 -S=${WORKDIR}/${MY_P}/src
1055 -
1056 -MULTILIB_CHOST_TOOLS=(
1057 - /usr/bin/krb5-config
1058 -)
1059 -
1060 -src_prepare() {
1061 - eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
1062 - eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
1063 - eapply -p2 "${FILESDIR}/${P}-libressl.patch"
1064 -
1065 - # Make sure we always use the system copies.
1066 - rm -rf util/{et,ss,verto}
1067 - sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
1068 -
1069 - eapply_user
1070 - eautoreconf
1071 -}
1072 -
1073 -src_configure() {
1074 - # QA
1075 - append-flags -fno-strict-aliasing
1076 - append-flags -fno-strict-overflow
1077 -
1078 - multilib-minimal_src_configure
1079 -}
1080 -
1081 -multilib_src_configure() {
1082 - use keyutils || export ac_cv_header_keyutils_h=no
1083 - ECONF_SOURCE=${S} \
1084 - WARN_CFLAGS="set" \
1085 - econf \
1086 - $(use_with openldap ldap) \
1087 - "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
1088 - $(use_enable nls) \
1089 - $(use_enable pkinit) \
1090 - $(use_enable threads thread-support) \
1091 - --without-hesiod \
1092 - --enable-shared \
1093 - --with-system-et \
1094 - --with-system-ss \
1095 - --enable-dns-for-realm \
1096 - --enable-kdc-lookaside-cache \
1097 - --with-system-verto \
1098 - --disable-rpath
1099 -}
1100 -
1101 -multilib_src_compile() {
1102 - emake -j1
1103 -}
1104 -
1105 -multilib_src_test() {
1106 - multilib_is_native_abi && emake -j1 check
1107 -}
1108 -
1109 -multilib_src_install() {
1110 - emake \
1111 - DESTDIR="${D}" \
1112 - EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
1113 - install
1114 -}
1115 -
1116 -multilib_src_install_all() {
1117 - # default database dir
1118 - keepdir /var/lib/krb5kdc
1119 -
1120 - rmdir "${ED}"/var/lib/{run/krb5kdc,run}
1121 -
1122 - cd ..
1123 - dodoc README
1124 -
1125 - if use doc; then
1126 - dodoc -r doc/html
1127 - docinto pdf
1128 - dodoc doc/pdf/*.pdf
1129 - fi
1130 -
1131 - newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
1132 - newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
1133 - newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
1134 - newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
1135 - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
1136 - newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
1137 -
1138 - systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
1139 - systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
1140 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
1141 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
1142 - systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
1143 -
1144 - insinto /etc
1145 - newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
1146 - insinto /var/lib/krb5kdc
1147 - newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
1148 -
1149 - if use openldap ; then
1150 - insinto /etc/openldap/schema
1151 - doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
1152 - fi
1153 -
1154 - if use xinetd ; then
1155 - insinto /etc/xinetd.d
1156 - newins "${FILESDIR}/kpropd.xinetd" kpropd
1157 - fi
1158 -}
Report Message
Find on MARC Find on Google Groups