1 |
commit: bd1940d2e752a50a37710fcec0984fc1ff0234e7 |
2 |
Author: Matt Turner <mattst88 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 28 18:25:58 2019 +0000 |
4 |
Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 28 18:27:13 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd1940d2 |
7 |
|
8 |
app-crypt/mit-krb5: Drop old versions |
9 |
|
10 |
Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org> |
11 |
|
12 |
app-crypt/mit-krb5/Manifest | 4 - |
13 |
app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch | 297 --------------------- |
14 |
.../mit-krb5/files/mit-krb5-1.16.3-libressl.patch | 101 ------- |
15 |
.../mit-krb5/files/mit-krb5-config_LDFLAGS.patch | 12 - |
16 |
.../files/mit-krb5-libressl-version-check.patch | 31 --- |
17 |
app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 154 ----------- |
18 |
app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild | 153 ----------- |
19 |
app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild | 161 ----------- |
20 |
app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild | 161 ----------- |
21 |
9 files changed, 1074 deletions(-) |
22 |
|
23 |
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest |
24 |
index 0911382bd22..4b2ab0c10a3 100644 |
25 |
--- a/app-crypt/mit-krb5/Manifest |
26 |
+++ b/app-crypt/mit-krb5/Manifest |
27 |
@@ -1,5 +1 @@ |
28 |
-DIST krb5-1.16.1.tar.gz 9477480 BLAKE2B 16bdd7d6d03ddbd4b070663c3a7a3d2331d54e8590b24f1dc162be2531bfbbbd65878d426a160c65ffc1ba4751f16bbbd177a8a91c01002fde0e886cc1bd91b9 SHA512 fa4ec14a4ffe690861e2dd7ea39d7698af2058ce181bb733ea891f80279f4dde4bb891adec5ccb0eaddf737306e6ceb1fe3744a2946e6189a7d7d2dd3bc5ba84 |
29 |
-DIST krb5-1.16.2.tar.gz 9652415 BLAKE2B 21c4d56e43476a9b87a4ca9a8b7d0dd5739d3d70731fb4727de5ae248d8638e2016581cd2462f5e2ec7950d9e216aa165199505e581fa10db81ce26062fc097e SHA512 738c071a90e0f38680bb17bdcf950310bc4549f3cb851e1d34de11239ae88178e6ee1a5e5d48c6d3efef544339b07d22dba5347dd763a4266d8d4df7cf47afc9 |
30 |
-DIST krb5-1.16.3.tar.gz 9656985 BLAKE2B 92e6d2b5f27e80f495d7bb3fb64acfb03530156fb8e1a07dbc8d045616fd2ac4be8047d844580e3aa01d5e8b733ceea9024290dcc53b691696201f02a31e3034 SHA512 77da5f8bb19108e158c3df5a17b9141b7cbbae7d01f9f0dca5c504dc4b468953d67a1f4566bed5a062d8ff8e0d80796094dea12d2e45bdda810a1633bb08318d |
31 |
-DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9 |
32 |
DIST krb5-1.17.tar.gz 8761763 BLAKE2B 76f636836c67e9eefca91c9417118efdcf4437c1220691f43f3d246daf3eabd53b40a30956f0e57703c3fde5d7193b1d86b68becf3ae1c0c803d2462e79d3014 SHA512 7462a578b936bd17f155a362dbb5d388e157a80a096549028be6c55400b11361c7f8a28e424fd5674801873651df4e694d536cae66728b7ae5e840e532358c52 |
33 |
|
34 |
diff --git a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch b/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch |
35 |
deleted file mode 100644 |
36 |
index 114cfe688e7..00000000000 |
37 |
--- a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch |
38 |
+++ /dev/null |
39 |
@@ -1,297 +0,0 @@ |
40 |
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c |
41 |
-index 2420f2c2be..a59a65e8f6 100644 |
42 |
---- a/src/lib/kadm5/srv/svr_principal.c |
43 |
-+++ b/src/lib/kadm5/srv/svr_principal.c |
44 |
-@@ -330,6 +330,13 @@ kadm5_create_principal_3(void *server_handle, |
45 |
- return KADM5_BAD_MASK; |
46 |
- if((mask & ~ALL_PRINC_MASK)) |
47 |
- return KADM5_BAD_MASK; |
48 |
-+ if (mask & KADM5_TL_DATA) { |
49 |
-+ for (tl_data_tail = entry->tl_data; tl_data_tail != NULL; |
50 |
-+ tl_data_tail = tl_data_tail->tl_data_next) { |
51 |
-+ if (tl_data_tail->tl_data_type < 256) |
52 |
-+ return KADM5_BAD_TL_TYPE; |
53 |
-+ } |
54 |
-+ } |
55 |
- |
56 |
- /* |
57 |
- * Check to see if the principal exists |
58 |
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h |
59 |
-index 535a1f309e..8b8420faa9 100644 |
60 |
---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h |
61 |
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h |
62 |
-@@ -141,7 +141,7 @@ extern int set_ldap_error (krb5_context ctx, int st, int op); |
63 |
- #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr)) |
64 |
- #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr)) |
65 |
- |
66 |
--#define KDB_TL_USER_INFO 0x7ffe |
67 |
-+#define KDB_TL_USER_INFO 0xff |
68 |
- |
69 |
- #define KDB_TL_PRINCTYPE 0x01 |
70 |
- #define KDB_TL_PRINCCOUNT 0x02 |
71 |
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |
72 |
-index 88a1704950..b7c9212cb2 100644 |
73 |
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |
74 |
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |
75 |
-@@ -651,6 +651,107 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry, |
76 |
- return ret; |
77 |
- } |
78 |
- |
79 |
-+static krb5_error_code |
80 |
-+check_dn_in_container(krb5_context context, const char *dn, |
81 |
-+ char *const *subtrees, unsigned int ntrees) |
82 |
-+{ |
83 |
-+ unsigned int i; |
84 |
-+ size_t dnlen = strlen(dn), stlen; |
85 |
-+ |
86 |
-+ for (i = 0; i < ntrees; i++) { |
87 |
-+ if (subtrees[i] == NULL || *subtrees[i] == '\0') |
88 |
-+ return 0; |
89 |
-+ stlen = strlen(subtrees[i]); |
90 |
-+ if (dnlen >= stlen && |
91 |
-+ strcasecmp(dn + dnlen - stlen, subtrees[i]) == 0 && |
92 |
-+ (dnlen == stlen || dn[dnlen - stlen - 1] == ',')) |
93 |
-+ return 0; |
94 |
-+ } |
95 |
-+ |
96 |
-+ k5_setmsg(context, EINVAL, _("DN is out of the realm subtree")); |
97 |
-+ return EINVAL; |
98 |
-+} |
99 |
-+ |
100 |
-+static krb5_error_code |
101 |
-+check_dn_exists(krb5_context context, |
102 |
-+ krb5_ldap_server_handle *ldap_server_handle, |
103 |
-+ const char *dn, krb5_boolean nonkrb_only) |
104 |
-+{ |
105 |
-+ krb5_error_code st = 0, tempst; |
106 |
-+ krb5_ldap_context *ldap_context = context->dal_handle->db_context; |
107 |
-+ LDAP *ld = ldap_server_handle->ldap_handle; |
108 |
-+ LDAPMessage *result = NULL, *ent; |
109 |
-+ char *attrs[] = { "krbticketpolicyreference", "krbprincipalname", NULL }; |
110 |
-+ char **values; |
111 |
-+ |
112 |
-+ LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attrs, IGNORE_STATUS); |
113 |
-+ if (st != LDAP_SUCCESS) |
114 |
-+ return set_ldap_error(context, st, OP_SEARCH); |
115 |
-+ |
116 |
-+ ent = ldap_first_entry(ld, result); |
117 |
-+ CHECK_NULL(ent); |
118 |
-+ |
119 |
-+ values = ldap_get_values(ld, ent, "krbticketpolicyreference"); |
120 |
-+ if (values != NULL) |
121 |
-+ ldap_value_free(values); |
122 |
-+ |
123 |
-+ values = ldap_get_values(ld, ent, "krbprincipalname"); |
124 |
-+ if (values != NULL) { |
125 |
-+ ldap_value_free(values); |
126 |
-+ if (nonkrb_only) { |
127 |
-+ st = EINVAL; |
128 |
-+ k5_setmsg(context, st, _("ldap object is already kerberized")); |
129 |
-+ goto cleanup; |
130 |
-+ } |
131 |
-+ } |
132 |
-+ |
133 |
-+cleanup: |
134 |
-+ ldap_msgfree(result); |
135 |
-+ return st; |
136 |
-+} |
137 |
-+ |
138 |
-+static krb5_error_code |
139 |
-+validate_xargs(krb5_context context, |
140 |
-+ krb5_ldap_server_handle *ldap_server_handle, |
141 |
-+ const xargs_t *xargs, const char *standalone_dn, |
142 |
-+ char *const *subtrees, unsigned int ntrees) |
143 |
-+{ |
144 |
-+ krb5_error_code st; |
145 |
-+ |
146 |
-+ if (xargs->dn != NULL) { |
147 |
-+ /* The supplied dn must be within a realm container. */ |
148 |
-+ st = check_dn_in_container(context, xargs->dn, subtrees, ntrees); |
149 |
-+ if (st) |
150 |
-+ return st; |
151 |
-+ /* The supplied dn must exist without Kerberos attributes. */ |
152 |
-+ st = check_dn_exists(context, ldap_server_handle, xargs->dn, TRUE); |
153 |
-+ if (st) |
154 |
-+ return st; |
155 |
-+ } |
156 |
-+ |
157 |
-+ if (xargs->linkdn != NULL) { |
158 |
-+ /* The supplied linkdn must be within a realm container. */ |
159 |
-+ st = check_dn_in_container(context, xargs->linkdn, subtrees, ntrees); |
160 |
-+ if (st) |
161 |
-+ return st; |
162 |
-+ /* The supplied linkdn must exist. */ |
163 |
-+ st = check_dn_exists(context, ldap_server_handle, xargs->linkdn, |
164 |
-+ FALSE); |
165 |
-+ if (st) |
166 |
-+ return st; |
167 |
-+ } |
168 |
-+ |
169 |
-+ if (xargs->containerdn != NULL && standalone_dn != NULL) { |
170 |
-+ /* standalone_dn (likely composed using containerdn) must be within a |
171 |
-+ * container. */ |
172 |
-+ st = check_dn_in_container(context, standalone_dn, subtrees, ntrees); |
173 |
-+ if (st) |
174 |
-+ return st; |
175 |
-+ } |
176 |
-+ |
177 |
-+ return 0; |
178 |
-+} |
179 |
-+ |
180 |
- krb5_error_code |
181 |
- krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, |
182 |
- char **db_args) |
183 |
-@@ -662,12 +763,12 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, |
184 |
- LDAPMessage *result=NULL, *ent=NULL; |
185 |
- char **subtreelist = NULL; |
186 |
- char *user=NULL, *subtree=NULL, *principal_dn=NULL; |
187 |
-- char **values=NULL, *strval[10]={NULL}, errbuf[1024]; |
188 |
-+ char *strval[10]={NULL}, errbuf[1024]; |
189 |
- char *filtuser=NULL; |
190 |
- struct berval **bersecretkey=NULL; |
191 |
- LDAPMod **mods=NULL; |
192 |
- krb5_boolean create_standalone=FALSE; |
193 |
-- krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE; |
194 |
-+ krb5_boolean establish_links=FALSE; |
195 |
- char *standalone_principal_dn=NULL; |
196 |
- krb5_tl_data *tl_data=NULL; |
197 |
- krb5_key_data **keys=NULL; |
198 |
-@@ -860,24 +961,6 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, |
199 |
- * any of the subtrees |
200 |
- */ |
201 |
- if (xargs.dn_from_kbd == TRUE) { |
202 |
-- /* make sure the DN falls in the subtree */ |
203 |
-- int dnlen=0, subtreelen=0; |
204 |
-- char *dn=NULL; |
205 |
-- krb5_boolean outofsubtree=TRUE; |
206 |
-- |
207 |
-- if (xargs.dn != NULL) { |
208 |
-- dn = xargs.dn; |
209 |
-- } else if (xargs.linkdn != NULL) { |
210 |
-- dn = xargs.linkdn; |
211 |
-- } else if (standalone_principal_dn != NULL) { |
212 |
-- /* |
213 |
-- * Even though the standalone_principal_dn is constructed |
214 |
-- * within this function, there is the containerdn input |
215 |
-- * from the user that can become part of the it. |
216 |
-- */ |
217 |
-- dn = standalone_principal_dn; |
218 |
-- } |
219 |
-- |
220 |
- /* Get the current subtree list if we haven't already done so. */ |
221 |
- if (subtreelist == NULL) { |
222 |
- st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees); |
223 |
-@@ -885,81 +968,10 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, |
224 |
- goto cleanup; |
225 |
- } |
226 |
- |
227 |
-- for (tre=0; tre<ntrees; ++tre) { |
228 |
-- if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) { |
229 |
-- outofsubtree = FALSE; |
230 |
-- break; |
231 |
-- } else { |
232 |
-- dnlen = strlen (dn); |
233 |
-- subtreelen = strlen(subtreelist[tre]); |
234 |
-- if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) { |
235 |
-- outofsubtree = FALSE; |
236 |
-- break; |
237 |
-- } |
238 |
-- } |
239 |
-- } |
240 |
-- |
241 |
-- if (outofsubtree == TRUE) { |
242 |
-- st = EINVAL; |
243 |
-- k5_setmsg(context, st, _("DN is out of the realm subtree")); |
244 |
-+ st = validate_xargs(context, ldap_server_handle, &xargs, |
245 |
-+ standalone_principal_dn, subtreelist, ntrees); |
246 |
-+ if (st) |
247 |
- goto cleanup; |
248 |
-- } |
249 |
-- |
250 |
-- /* |
251 |
-- * dn value will be set either by dn, linkdn or the standalone_principal_dn |
252 |
-- * In the first 2 cases, the dn should be existing and in the last case we |
253 |
-- * are supposed to create the ldap object. so the below should not be |
254 |
-- * executed for the last case. |
255 |
-- */ |
256 |
-- |
257 |
-- if (standalone_principal_dn == NULL) { |
258 |
-- /* |
259 |
-- * If the ldap object is missing, this results in an error. |
260 |
-- */ |
261 |
-- |
262 |
-- /* |
263 |
-- * Search for krbprincipalname attribute here. |
264 |
-- * This is to find if a kerberos identity is already present |
265 |
-- * on the ldap object, in which case adding a kerberos identity |
266 |
-- * on the ldap object should result in an error. |
267 |
-- */ |
268 |
-- char *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL}; |
269 |
-- |
270 |
-- ldap_msgfree(result); |
271 |
-- result = NULL; |
272 |
-- LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS); |
273 |
-- if (st == LDAP_SUCCESS) { |
274 |
-- ent = ldap_first_entry(ld, result); |
275 |
-- if (ent != NULL) { |
276 |
-- if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) { |
277 |
-- ldap_value_free(values); |
278 |
-- } |
279 |
-- |
280 |
-- if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) { |
281 |
-- krb_identity_exists = TRUE; |
282 |
-- ldap_value_free(values); |
283 |
-- } |
284 |
-- } |
285 |
-- } else { |
286 |
-- st = set_ldap_error(context, st, OP_SEARCH); |
287 |
-- goto cleanup; |
288 |
-- } |
289 |
-- } |
290 |
-- } |
291 |
-- |
292 |
-- /* |
293 |
-- * If xargs.dn is set then the request is to add a |
294 |
-- * kerberos principal on a ldap object, but if |
295 |
-- * there is one already on the ldap object this |
296 |
-- * should result in an error. |
297 |
-- */ |
298 |
-- |
299 |
-- if (xargs.dn != NULL && krb_identity_exists == TRUE) { |
300 |
-- st = EINVAL; |
301 |
-- snprintf(errbuf, sizeof(errbuf), |
302 |
-- _("ldap object is already kerberized")); |
303 |
-- k5_setmsg(context, st, "%s", errbuf); |
304 |
-- goto cleanup; |
305 |
- } |
306 |
- |
307 |
- if (xargs.linkdn != NULL) { |
308 |
-diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py |
309 |
-index 217f2cdc3b..6e563b1032 100755 |
310 |
---- a/src/tests/t_kdb.py |
311 |
-+++ b/src/tests/t_kdb.py |
312 |
-@@ -203,6 +203,12 @@ def ldap_add(dn, objectclass, attrs=[]): |
313 |
- # in the test LDAP server. |
314 |
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=krb5', 'princ1'], |
315 |
- expected_code=1, expected_msg='DN is out of the realm subtree') |
316 |
-+# Check that the DN container check is a hierarchy test, not a simple |
317 |
-+# suffix match (CVE-2018-5730). We expect this operation to fail |
318 |
-+# either way (because "xcn" isn't a valid DN tag) but the container |
319 |
-+# check should happen before the DN is parsed. |
320 |
-+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=xcn=t1,cn=krb5', 'princ1'], |
321 |
-+ expected_code=1, expected_msg='DN is out of the realm subtree') |
322 |
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'princ1']) |
323 |
- realm.run([kadminl, 'getprinc', 'princ1'], expected_msg='Principal: princ1') |
324 |
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'again'], |
325 |
-@@ -226,6 +232,11 @@ def ldap_add(dn, objectclass, attrs=[]): |
326 |
- 'princ3']) |
327 |
- realm.run([kadminl, 'modprinc', '-x', 'containerdn=cn=t2,cn=krb5', 'princ3'], |
328 |
- expected_code=1, expected_msg='containerdn option not supported') |
329 |
-+# Verify that containerdn is checked when linkdn is also supplied |
330 |
-+# (CVE-2018-5730). |
331 |
-+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5', |
332 |
-+ '-x', 'linkdn=cn=t2,cn=krb5', 'princ4'], expected_code=1, |
333 |
-+ expected_msg='DN is out of the realm subtree') |
334 |
- |
335 |
- # Create and modify a ticket policy. |
336 |
- kldaputil(['create_policy', '-maxtktlife', '3hour', '-maxrenewlife', '6hour', |
337 |
|
338 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch |
339 |
deleted file mode 100644 |
340 |
index 7a655fb9a1d..00000000000 |
341 |
--- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch |
342 |
+++ /dev/null |
343 |
@@ -1,101 +0,0 @@ |
344 |
-From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 |
345 |
-From: Stefan Strogin <stefan.strogin@×××××.com> |
346 |
-Date: Thu, 25 Apr 2019 03:48:10 +0300 |
347 |
-Subject: [PATCH] Fix build for LibreSSL 2.9.x |
348 |
- |
349 |
-asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods |
350 |
-are not defined. Define them. |
351 |
- |
352 |
-Upstream-Status: Pending |
353 |
-[Needs to be amended if |
354 |
-https://github.com/libressl-portable/openbsd/pull/109 is accepted] |
355 |
-Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com> |
356 |
---- |
357 |
- .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- |
358 |
- .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- |
359 |
- 2 files changed, 28 insertions(+), 5 deletions(-) |
360 |
- |
361 |
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
362 |
-index 2064eb7bd..81d5d3cf2 100644 |
363 |
---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
364 |
-+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
365 |
-@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); |
366 |
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) |
367 |
- #endif |
368 |
- |
369 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
370 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
371 |
- |
372 |
--/* 1.1 standardizes constructor and destructor names, renaming |
373 |
-- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
374 |
-+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, |
375 |
-+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
376 |
- |
377 |
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL |
378 |
- #define EVP_MD_CTX_new EVP_MD_CTX_create |
379 |
- #define EVP_MD_CTX_free EVP_MD_CTX_destroy |
380 |
- #define ASN1_STRING_get0_data ASN1_STRING_data |
381 |
-+#endif |
382 |
- |
383 |
- /* 1.1 makes many handle types opaque and adds accessors. Add compatibility |
384 |
- * versions of the new accessors we use for pre-1.1. */ |
385 |
-@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); |
386 |
- #define OBJ_get0_data(o) ((o)->data) |
387 |
- #define OBJ_length(o) ((o)->length) |
388 |
- |
389 |
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL |
390 |
- #define DH_set0_pqg compat_dh_set0_pqg |
391 |
- static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
392 |
- { |
393 |
-@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, |
394 |
- if (priv != NULL) |
395 |
- *priv = dh->priv_key; |
396 |
- } |
397 |
-+#endif /* LIBRESSL_VERSION_NUMBER */ |
398 |
- |
399 |
- /* Return true if the cert c includes a key usage which doesn't include u. |
400 |
- * Define using direct member access for pre-1.1. */ |
401 |
-@@ -3040,7 +3044,8 @@ cleanup: |
402 |
- return retval; |
403 |
- } |
404 |
- |
405 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
406 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ |
407 |
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL |
408 |
- |
409 |
- /* |
410 |
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would |
411 |
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
412 |
-index 7411348fa..ac91408c4 100644 |
413 |
---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
414 |
-+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
415 |
-@@ -46,7 +46,25 @@ |
416 |
- #include <openssl/asn1.h> |
417 |
- #include <openssl/pem.h> |
418 |
- |
419 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
420 |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ |
421 |
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL |
422 |
-+ |
423 |
-+#ifndef static_ASN1_SEQUENCE_END_name |
424 |
-+#define static_ASN1_ITEM_start(itname) \ |
425 |
-+ static const ASN1_ITEM itname##_it = { |
426 |
-+#define static_ASN1_SEQUENCE_END_name(stname, tname) \ |
427 |
-+ ;\ |
428 |
-+ static_ASN1_ITEM_start(tname) \ |
429 |
-+ ASN1_ITYPE_SEQUENCE,\ |
430 |
-+ V_ASN1_SEQUENCE,\ |
431 |
-+ tname##_seq_tt,\ |
432 |
-+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ |
433 |
-+ NULL,\ |
434 |
-+ sizeof(stname),\ |
435 |
-+ #stname \ |
436 |
-+ ASN1_ITEM_end(tname) |
437 |
-+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ |
438 |
-+ |
439 |
- #include <openssl/asn1t.h> |
440 |
- #else |
441 |
- #include <openssl/asn1_mac.h> |
442 |
--- |
443 |
-2.21.0 |
444 |
- |
445 |
|
446 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch |
447 |
deleted file mode 100644 |
448 |
index 8490e629a37..00000000000 |
449 |
--- a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch |
450 |
+++ /dev/null |
451 |
@@ -1,12 +0,0 @@ |
452 |
-Bug #448778 |
453 |
---- a/src/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000 |
454 |
-+++ b/src/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000 |
455 |
-@@ -217,7 +217,7 @@ |
456 |
- -e 's#\$(PROG_RPATH)#'$libdir'#' \ |
457 |
- -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ |
458 |
- -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ |
459 |
-- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ |
460 |
-+ -e 's#\$(LDFLAGS)##' \ |
461 |
- -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ |
462 |
- -e 's#\$(CFLAGS)##'` |
463 |
- |
464 |
|
465 |
diff --git a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch b/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch |
466 |
deleted file mode 100644 |
467 |
index 5c979cfd1ef..00000000000 |
468 |
--- a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch |
469 |
+++ /dev/null |
470 |
@@ -1,31 +0,0 @@ |
471 |
---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
472 |
-+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |
473 |
-@@ -191,7 +191,7 @@ pkinit_pkcs11_code_to_text(int err); |
474 |
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) |
475 |
- #endif |
476 |
- |
477 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
478 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
479 |
- |
480 |
- /* 1.1 standardizes constructor and destructor names, renaming |
481 |
- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ |
482 |
-@@ -3059,7 +3059,7 @@ cleanup: |
483 |
- return retval; |
484 |
- } |
485 |
- |
486 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
487 |
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
488 |
- |
489 |
- /* |
490 |
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would |
491 |
---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
492 |
-+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.h |
493 |
-@@ -46,7 +46,7 @@ |
494 |
- #include <openssl/asn1.h> |
495 |
- #include <openssl/pem.h> |
496 |
- |
497 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
498 |
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
499 |
- #include <openssl/asn1t.h> |
500 |
- #else |
501 |
- #include <openssl/asn1_mac.h> |
502 |
|
503 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild |
504 |
deleted file mode 100644 |
505 |
index 1953c395599..00000000000 |
506 |
--- a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild |
507 |
+++ /dev/null |
508 |
@@ -1,154 +0,0 @@ |
509 |
-# Copyright 1999-2018 Gentoo Foundation |
510 |
-# Distributed under the terms of the GNU General Public License v2 |
511 |
- |
512 |
-EAPI=6 |
513 |
- |
514 |
-PYTHON_COMPAT=( python2_7 ) |
515 |
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator |
516 |
- |
517 |
-MY_P="${P/mit-}" |
518 |
-P_DIR=$(get_version_component_range 1-2) |
519 |
-DESCRIPTION="MIT Kerberos V" |
520 |
-HOMEPAGE="https://web.mit.edu/kerberos/www/" |
521 |
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" |
522 |
- |
523 |
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" |
524 |
-SLOT="0" |
525 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86" |
526 |
-IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" |
527 |
- |
528 |
-# Test suite require network access |
529 |
-RESTRICT="test" |
530 |
- |
531 |
-CDEPEND=" |
532 |
- !!app-crypt/heimdal |
533 |
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] |
534 |
- || ( |
535 |
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] |
536 |
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] |
537 |
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] |
538 |
- ) |
539 |
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) |
540 |
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) |
541 |
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) |
542 |
- pkinit? ( |
543 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
544 |
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
545 |
- ) |
546 |
- xinetd? ( sys-apps/xinetd )" |
547 |
-DEPEND="${CDEPEND} |
548 |
- ${PYTHON_DEPS} |
549 |
- virtual/yacc |
550 |
- doc? ( virtual/latex-base ) |
551 |
- test? ( |
552 |
- ${PYTHON_DEPS} |
553 |
- dev-lang/tcl:0 |
554 |
- dev-util/dejagnu |
555 |
- )" |
556 |
-RDEPEND="${CDEPEND} |
557 |
- selinux? ( sec-policy/selinux-kerberos )" |
558 |
- |
559 |
-S=${WORKDIR}/${MY_P}/src |
560 |
- |
561 |
-MULTILIB_CHOST_TOOLS=( |
562 |
- /usr/bin/krb5-config |
563 |
-) |
564 |
- |
565 |
-src_prepare() { |
566 |
- eapply -p2 "${FILESDIR}/CVE-2018-5729-5730.patch" |
567 |
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
568 |
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" |
569 |
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch" |
570 |
- |
571 |
- # Make sure we always use the system copies. |
572 |
- rm -rf util/{et,ss,verto} |
573 |
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die |
574 |
- |
575 |
- eapply_user |
576 |
- eautoreconf |
577 |
-} |
578 |
- |
579 |
-src_configure() { |
580 |
- # QA |
581 |
- append-flags -fno-strict-aliasing |
582 |
- append-flags -fno-strict-overflow |
583 |
- |
584 |
- multilib-minimal_src_configure |
585 |
-} |
586 |
- |
587 |
-multilib_src_configure() { |
588 |
- use keyutils || export ac_cv_header_keyutils_h=no |
589 |
- ECONF_SOURCE=${S} \ |
590 |
- WARN_CFLAGS="set" \ |
591 |
- econf \ |
592 |
- $(use_with openldap ldap) \ |
593 |
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ |
594 |
- $(use_enable nls) \ |
595 |
- $(use_enable pkinit) \ |
596 |
- $(use_enable threads thread-support) \ |
597 |
- --without-hesiod \ |
598 |
- --enable-shared \ |
599 |
- --with-system-et \ |
600 |
- --with-system-ss \ |
601 |
- --enable-dns-for-realm \ |
602 |
- --enable-kdc-lookaside-cache \ |
603 |
- --with-system-verto \ |
604 |
- --disable-rpath |
605 |
-} |
606 |
- |
607 |
-multilib_src_compile() { |
608 |
- emake -j1 |
609 |
-} |
610 |
- |
611 |
-multilib_src_test() { |
612 |
- multilib_is_native_abi && emake -j1 check |
613 |
-} |
614 |
- |
615 |
-multilib_src_install() { |
616 |
- emake \ |
617 |
- DESTDIR="${D}" \ |
618 |
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ |
619 |
- install |
620 |
-} |
621 |
- |
622 |
-multilib_src_install_all() { |
623 |
- # default database dir |
624 |
- keepdir /var/lib/krb5kdc |
625 |
- |
626 |
- cd .. |
627 |
- dodoc README |
628 |
- |
629 |
- if use doc; then |
630 |
- dodoc -r doc/html |
631 |
- docinto pdf |
632 |
- dodoc doc/pdf/*.pdf |
633 |
- fi |
634 |
- |
635 |
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind |
636 |
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc |
637 |
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd |
638 |
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind |
639 |
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc |
640 |
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd |
641 |
- |
642 |
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service |
643 |
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service |
644 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service |
645 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" |
646 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket |
647 |
- |
648 |
- insinto /etc |
649 |
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example |
650 |
- insinto /var/lib/krb5kdc |
651 |
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example |
652 |
- |
653 |
- if use openldap ; then |
654 |
- insinto /etc/openldap/schema |
655 |
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" |
656 |
- fi |
657 |
- |
658 |
- if use xinetd ; then |
659 |
- insinto /etc/xinetd.d |
660 |
- newins "${FILESDIR}/kpropd.xinetd" kpropd |
661 |
- fi |
662 |
-} |
663 |
|
664 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild |
665 |
deleted file mode 100644 |
666 |
index 6e6edde5000..00000000000 |
667 |
--- a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild |
668 |
+++ /dev/null |
669 |
@@ -1,153 +0,0 @@ |
670 |
-# Copyright 1999-2018 Gentoo Foundation |
671 |
-# Distributed under the terms of the GNU General Public License v2 |
672 |
- |
673 |
-EAPI=6 |
674 |
- |
675 |
-PYTHON_COMPAT=( python2_7 ) |
676 |
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator |
677 |
- |
678 |
-MY_P="${P/mit-}" |
679 |
-P_DIR=$(get_version_component_range 1-2) |
680 |
-DESCRIPTION="MIT Kerberos V" |
681 |
-HOMEPAGE="https://web.mit.edu/kerberos/www/" |
682 |
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" |
683 |
- |
684 |
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" |
685 |
-SLOT="0" |
686 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
687 |
-IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" |
688 |
- |
689 |
-# Test suite require network access |
690 |
-RESTRICT="test" |
691 |
- |
692 |
-CDEPEND=" |
693 |
- !!app-crypt/heimdal |
694 |
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] |
695 |
- || ( |
696 |
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] |
697 |
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] |
698 |
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] |
699 |
- ) |
700 |
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) |
701 |
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) |
702 |
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) |
703 |
- pkinit? ( |
704 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
705 |
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
706 |
- ) |
707 |
- xinetd? ( sys-apps/xinetd )" |
708 |
-DEPEND="${CDEPEND} |
709 |
- ${PYTHON_DEPS} |
710 |
- virtual/yacc |
711 |
- doc? ( virtual/latex-base ) |
712 |
- test? ( |
713 |
- ${PYTHON_DEPS} |
714 |
- dev-lang/tcl:0 |
715 |
- dev-util/dejagnu |
716 |
- )" |
717 |
-RDEPEND="${CDEPEND} |
718 |
- selinux? ( sec-policy/selinux-kerberos )" |
719 |
- |
720 |
-S=${WORKDIR}/${MY_P}/src |
721 |
- |
722 |
-MULTILIB_CHOST_TOOLS=( |
723 |
- /usr/bin/krb5-config |
724 |
-) |
725 |
- |
726 |
-src_prepare() { |
727 |
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
728 |
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" |
729 |
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch" |
730 |
- |
731 |
- # Make sure we always use the system copies. |
732 |
- rm -rf util/{et,ss,verto} |
733 |
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die |
734 |
- |
735 |
- eapply_user |
736 |
- eautoreconf |
737 |
-} |
738 |
- |
739 |
-src_configure() { |
740 |
- # QA |
741 |
- append-flags -fno-strict-aliasing |
742 |
- append-flags -fno-strict-overflow |
743 |
- |
744 |
- multilib-minimal_src_configure |
745 |
-} |
746 |
- |
747 |
-multilib_src_configure() { |
748 |
- use keyutils || export ac_cv_header_keyutils_h=no |
749 |
- ECONF_SOURCE=${S} \ |
750 |
- WARN_CFLAGS="set" \ |
751 |
- econf \ |
752 |
- $(use_with openldap ldap) \ |
753 |
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ |
754 |
- $(use_enable nls) \ |
755 |
- $(use_enable pkinit) \ |
756 |
- $(use_enable threads thread-support) \ |
757 |
- --without-hesiod \ |
758 |
- --enable-shared \ |
759 |
- --with-system-et \ |
760 |
- --with-system-ss \ |
761 |
- --enable-dns-for-realm \ |
762 |
- --enable-kdc-lookaside-cache \ |
763 |
- --with-system-verto \ |
764 |
- --disable-rpath |
765 |
-} |
766 |
- |
767 |
-multilib_src_compile() { |
768 |
- emake -j1 |
769 |
-} |
770 |
- |
771 |
-multilib_src_test() { |
772 |
- multilib_is_native_abi && emake -j1 check |
773 |
-} |
774 |
- |
775 |
-multilib_src_install() { |
776 |
- emake \ |
777 |
- DESTDIR="${D}" \ |
778 |
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ |
779 |
- install |
780 |
-} |
781 |
- |
782 |
-multilib_src_install_all() { |
783 |
- # default database dir |
784 |
- keepdir /var/lib/krb5kdc |
785 |
- |
786 |
- cd .. |
787 |
- dodoc README |
788 |
- |
789 |
- if use doc; then |
790 |
- dodoc -r doc/html |
791 |
- docinto pdf |
792 |
- dodoc doc/pdf/*.pdf |
793 |
- fi |
794 |
- |
795 |
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind |
796 |
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc |
797 |
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd |
798 |
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind |
799 |
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc |
800 |
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd |
801 |
- |
802 |
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service |
803 |
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service |
804 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service |
805 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" |
806 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket |
807 |
- |
808 |
- insinto /etc |
809 |
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example |
810 |
- insinto /var/lib/krb5kdc |
811 |
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example |
812 |
- |
813 |
- if use openldap ; then |
814 |
- insinto /etc/openldap/schema |
815 |
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" |
816 |
- fi |
817 |
- |
818 |
- if use xinetd ; then |
819 |
- insinto /etc/xinetd.d |
820 |
- newins "${FILESDIR}/kpropd.xinetd" kpropd |
821 |
- fi |
822 |
-} |
823 |
|
824 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild |
825 |
deleted file mode 100644 |
826 |
index 75bb0cdbf0b..00000000000 |
827 |
--- a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild |
828 |
+++ /dev/null |
829 |
@@ -1,161 +0,0 @@ |
830 |
-# Copyright 1999-2018 Gentoo Authors |
831 |
-# Distributed under the terms of the GNU General Public License v2 |
832 |
- |
833 |
-EAPI=7 |
834 |
- |
835 |
-PYTHON_COMPAT=( python2_7 ) |
836 |
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd |
837 |
- |
838 |
-MY_P="${P/mit-}" |
839 |
-P_DIR=$(ver_cut 1-2) |
840 |
-DESCRIPTION="MIT Kerberos V" |
841 |
-HOMEPAGE="https://web.mit.edu/kerberos/www/" |
842 |
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" |
843 |
- |
844 |
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" |
845 |
-SLOT="0" |
846 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
847 |
-IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" |
848 |
- |
849 |
-# Test suite require network access |
850 |
-RESTRICT="test" |
851 |
- |
852 |
-CDEPEND=" |
853 |
- !!app-crypt/heimdal |
854 |
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] |
855 |
- || ( |
856 |
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] |
857 |
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] |
858 |
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] |
859 |
- ) |
860 |
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) |
861 |
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) |
862 |
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) |
863 |
- pkinit? ( |
864 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
865 |
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
866 |
- ) |
867 |
- xinetd? ( sys-apps/xinetd ) |
868 |
- " |
869 |
-DEPEND="${CDEPEND} |
870 |
- ${PYTHON_DEPS} |
871 |
- virtual/yacc |
872 |
- cpu_flags_x86_aes? ( |
873 |
- amd64? ( dev-lang/yasm ) |
874 |
- x86? ( dev-lang/yasm ) |
875 |
- ) |
876 |
- doc? ( virtual/latex-base ) |
877 |
- test? ( |
878 |
- ${PYTHON_DEPS} |
879 |
- dev-lang/tcl:0 |
880 |
- dev-util/dejagnu |
881 |
- dev-util/cmocka |
882 |
- )" |
883 |
-RDEPEND="${CDEPEND} |
884 |
- selinux? ( sec-policy/selinux-kerberos )" |
885 |
- |
886 |
-S=${WORKDIR}/${MY_P}/src |
887 |
- |
888 |
-MULTILIB_CHOST_TOOLS=( |
889 |
- /usr/bin/krb5-config |
890 |
-) |
891 |
- |
892 |
-src_prepare() { |
893 |
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
894 |
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" |
895 |
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch" |
896 |
- |
897 |
- # Make sure we always use the system copies. |
898 |
- rm -rf util/{et,ss,verto} |
899 |
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die |
900 |
- |
901 |
- eapply_user |
902 |
- eautoreconf |
903 |
-} |
904 |
- |
905 |
-src_configure() { |
906 |
- # QA |
907 |
- append-flags -fno-strict-aliasing |
908 |
- append-flags -fno-strict-overflow |
909 |
- |
910 |
- multilib-minimal_src_configure |
911 |
-} |
912 |
- |
913 |
-multilib_src_configure() { |
914 |
- use keyutils || export ac_cv_header_keyutils_h=no |
915 |
- ECONF_SOURCE=${S} \ |
916 |
- WARN_CFLAGS="set" \ |
917 |
- econf \ |
918 |
- $(use_with openldap ldap) \ |
919 |
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ |
920 |
- $(use_enable nls) \ |
921 |
- $(use_enable pkinit) \ |
922 |
- $(use_enable threads thread-support) \ |
923 |
- --without-hesiod \ |
924 |
- --enable-shared \ |
925 |
- --with-system-et \ |
926 |
- --with-system-ss \ |
927 |
- --enable-dns-for-realm \ |
928 |
- --enable-kdc-lookaside-cache \ |
929 |
- --with-system-verto \ |
930 |
- --disable-rpath |
931 |
-} |
932 |
- |
933 |
-multilib_src_compile() { |
934 |
- emake -j1 |
935 |
-} |
936 |
- |
937 |
-multilib_src_test() { |
938 |
- multilib_is_native_abi && emake -j1 check |
939 |
-} |
940 |
- |
941 |
-multilib_src_install() { |
942 |
- emake \ |
943 |
- DESTDIR="${D}" \ |
944 |
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ |
945 |
- install |
946 |
-} |
947 |
- |
948 |
-multilib_src_install_all() { |
949 |
- # default database dir |
950 |
- keepdir /var/lib/krb5kdc |
951 |
- |
952 |
- rmdir "${ED}"/var/lib/{run/krb5kdc,run} |
953 |
- |
954 |
- cd .. |
955 |
- dodoc README |
956 |
- |
957 |
- if use doc; then |
958 |
- dodoc -r doc/html |
959 |
- docinto pdf |
960 |
- dodoc doc/pdf/*.pdf |
961 |
- fi |
962 |
- |
963 |
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind |
964 |
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc |
965 |
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd |
966 |
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind |
967 |
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc |
968 |
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd |
969 |
- |
970 |
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service |
971 |
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service |
972 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service |
973 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" |
974 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket |
975 |
- |
976 |
- insinto /etc |
977 |
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example |
978 |
- insinto /var/lib/krb5kdc |
979 |
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example |
980 |
- |
981 |
- if use openldap ; then |
982 |
- insinto /etc/openldap/schema |
983 |
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" |
984 |
- fi |
985 |
- |
986 |
- if use xinetd ; then |
987 |
- insinto /etc/xinetd.d |
988 |
- newins "${FILESDIR}/kpropd.xinetd" kpropd |
989 |
- fi |
990 |
-} |
991 |
|
992 |
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild |
993 |
deleted file mode 100644 |
994 |
index 9d8b9911639..00000000000 |
995 |
--- a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild |
996 |
+++ /dev/null |
997 |
@@ -1,161 +0,0 @@ |
998 |
-# Copyright 1999-2019 Gentoo Authors |
999 |
-# Distributed under the terms of the GNU General Public License v2 |
1000 |
- |
1001 |
-EAPI=7 |
1002 |
- |
1003 |
-PYTHON_COMPAT=( python2_7 ) |
1004 |
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd |
1005 |
- |
1006 |
-MY_P="${P/mit-}" |
1007 |
-P_DIR=$(ver_cut 1-2) |
1008 |
-DESCRIPTION="MIT Kerberos V" |
1009 |
-HOMEPAGE="https://web.mit.edu/kerberos/www/" |
1010 |
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" |
1011 |
- |
1012 |
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" |
1013 |
-SLOT="0" |
1014 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
1015 |
-IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd" |
1016 |
- |
1017 |
-# Test suite require network access |
1018 |
-#RESTRICT="test" |
1019 |
- |
1020 |
-CDEPEND=" |
1021 |
- !!app-crypt/heimdal |
1022 |
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] |
1023 |
- || ( |
1024 |
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] |
1025 |
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] |
1026 |
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] |
1027 |
- ) |
1028 |
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) |
1029 |
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) |
1030 |
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) |
1031 |
- pkinit? ( |
1032 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
1033 |
- libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] ) |
1034 |
- ) |
1035 |
- xinetd? ( sys-apps/xinetd ) |
1036 |
- " |
1037 |
-DEPEND="${CDEPEND} |
1038 |
- ${PYTHON_DEPS} |
1039 |
- virtual/yacc |
1040 |
- cpu_flags_x86_aes? ( |
1041 |
- amd64? ( dev-lang/yasm ) |
1042 |
- x86? ( dev-lang/yasm ) |
1043 |
- ) |
1044 |
- doc? ( virtual/latex-base ) |
1045 |
- test? ( |
1046 |
- ${PYTHON_DEPS} |
1047 |
- dev-lang/tcl:0 |
1048 |
- dev-util/dejagnu |
1049 |
- dev-util/cmocka |
1050 |
- )" |
1051 |
-RDEPEND="${CDEPEND} |
1052 |
- selinux? ( sec-policy/selinux-kerberos )" |
1053 |
- |
1054 |
-S=${WORKDIR}/${MY_P}/src |
1055 |
- |
1056 |
-MULTILIB_CHOST_TOOLS=( |
1057 |
- /usr/bin/krb5-config |
1058 |
-) |
1059 |
- |
1060 |
-src_prepare() { |
1061 |
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch" |
1062 |
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch" |
1063 |
- eapply -p2 "${FILESDIR}/${P}-libressl.patch" |
1064 |
- |
1065 |
- # Make sure we always use the system copies. |
1066 |
- rm -rf util/{et,ss,verto} |
1067 |
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die |
1068 |
- |
1069 |
- eapply_user |
1070 |
- eautoreconf |
1071 |
-} |
1072 |
- |
1073 |
-src_configure() { |
1074 |
- # QA |
1075 |
- append-flags -fno-strict-aliasing |
1076 |
- append-flags -fno-strict-overflow |
1077 |
- |
1078 |
- multilib-minimal_src_configure |
1079 |
-} |
1080 |
- |
1081 |
-multilib_src_configure() { |
1082 |
- use keyutils || export ac_cv_header_keyutils_h=no |
1083 |
- ECONF_SOURCE=${S} \ |
1084 |
- WARN_CFLAGS="set" \ |
1085 |
- econf \ |
1086 |
- $(use_with openldap ldap) \ |
1087 |
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ |
1088 |
- $(use_enable nls) \ |
1089 |
- $(use_enable pkinit) \ |
1090 |
- $(use_enable threads thread-support) \ |
1091 |
- --without-hesiod \ |
1092 |
- --enable-shared \ |
1093 |
- --with-system-et \ |
1094 |
- --with-system-ss \ |
1095 |
- --enable-dns-for-realm \ |
1096 |
- --enable-kdc-lookaside-cache \ |
1097 |
- --with-system-verto \ |
1098 |
- --disable-rpath |
1099 |
-} |
1100 |
- |
1101 |
-multilib_src_compile() { |
1102 |
- emake -j1 |
1103 |
-} |
1104 |
- |
1105 |
-multilib_src_test() { |
1106 |
- multilib_is_native_abi && emake -j1 check |
1107 |
-} |
1108 |
- |
1109 |
-multilib_src_install() { |
1110 |
- emake \ |
1111 |
- DESTDIR="${D}" \ |
1112 |
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ |
1113 |
- install |
1114 |
-} |
1115 |
- |
1116 |
-multilib_src_install_all() { |
1117 |
- # default database dir |
1118 |
- keepdir /var/lib/krb5kdc |
1119 |
- |
1120 |
- rmdir "${ED}"/var/lib/{run/krb5kdc,run} |
1121 |
- |
1122 |
- cd .. |
1123 |
- dodoc README |
1124 |
- |
1125 |
- if use doc; then |
1126 |
- dodoc -r doc/html |
1127 |
- docinto pdf |
1128 |
- dodoc doc/pdf/*.pdf |
1129 |
- fi |
1130 |
- |
1131 |
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind |
1132 |
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc |
1133 |
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd |
1134 |
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind |
1135 |
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc |
1136 |
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd |
1137 |
- |
1138 |
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service |
1139 |
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service |
1140 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service |
1141 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" |
1142 |
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket |
1143 |
- |
1144 |
- insinto /etc |
1145 |
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example |
1146 |
- insinto /var/lib/krb5kdc |
1147 |
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example |
1148 |
- |
1149 |
- if use openldap ; then |
1150 |
- insinto /etc/openldap/schema |
1151 |
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" |
1152 |
- fi |
1153 |
- |
1154 |
- if use xinetd ; then |
1155 |
- insinto /etc/xinetd.d |
1156 |
- newins "${FILESDIR}/kpropd.xinetd" kpropd |
1157 |
- fi |
1158 |
-} |