summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEray Aslan <eras@gentoo.org>2019-05-17 10:47:28 +0300
committerEray Aslan <eras@gentoo.org>2019-05-17 10:47:55 +0300
commit5c8fbea00ec59fad9583f6b815e89dcd33271faa (patch)
tree6b55d9fcfc28e9e3c90ff3bf8eed268c3885f790 /app-crypt/heimdal
parentapp-emulation/qemu: mds fixes for 4.0.0 (diff)
downloadgentoo-5c8fbea00ec59fad9583f6b815e89dcd33271faa.tar.gz
gentoo-5c8fbea00ec59fad9583f6b815e89dcd33271faa.tar.bz2
gentoo-5c8fbea00ec59fad9583f6b815e89dcd33271faa.zip
app-crypt/heimdal: security bump to 7.6.0
Bug: https://bugs.gentoo.org/686034 Closes: https://bugs.gentoo.org/649492 Closes: https://bugs.gentoo.org/647880 Closes: https://bugs.gentoo.org/641762 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras@gentoo.org>
Diffstat (limited to 'app-crypt/heimdal')
-rw-r--r--app-crypt/heimdal/Manifest1
-rw-r--r--app-crypt/heimdal/files/heimdal_build-headers-before-use.patch29
-rw-r--r--app-crypt/heimdal/files/heimdal_fix-db60.patch11
-rw-r--r--app-crypt/heimdal/files/heimdal_hcrypto.patch45
-rw-r--r--app-crypt/heimdal/heimdal-7.6.0.ebuild185
-rw-r--r--app-crypt/heimdal/metadata.xml3
6 files changed, 274 insertions, 0 deletions
diff --git a/app-crypt/heimdal/Manifest b/app-crypt/heimdal/Manifest
index afa3849a21a6..998162ba10a0 100644
--- a/app-crypt/heimdal/Manifest
+++ b/app-crypt/heimdal/Manifest
@@ -1 +1,2 @@
DIST heimdal-7.5.0.tar.gz 10071281 BLAKE2B 917f5855248c333e5ec35bf992973d8b5fb84581b9c3bc8d42c328e5f878ce24c5596c5a1e3fbca786a71be04984068efbb817f7336135056d1feae38895758f SHA512 6d1ad77e795df786680b5e68e2bfefee27bd0207eab507295d7af7053135de9c9ebb517d2c0235bc3a7d50945e18044515f0d76c0899b6b74aa839f1f3e5b131
+DIST heimdal-7.6.0.tar.gz 10186832 BLAKE2B 456b495a3d0a196cf02d6042c6db72c772327545fbc84f7bb758f55f3fca025432bf319fc33e9e0b5fe5ca78b83aea9dc47d77bf1f5b69ae88f1286a22c41263 SHA512 3f7ce090cf8da91f19675a1d9f6bd65c83b3a847337739481506f09d74001cb44283b103ba684dac8a5f11ec48605b5476240c534f6fc36442fb874b73680200
diff --git a/app-crypt/heimdal/files/heimdal_build-headers-before-use.patch b/app-crypt/heimdal/files/heimdal_build-headers-before-use.patch
new file mode 100644
index 000000000000..9460e3dcc245
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_build-headers-before-use.patch
@@ -0,0 +1,29 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906623
+
+--- a/lib/hx509/Makefile.am 2019-05-16 08:59:34.326758842 +0300
++++ b/lib/hx509/Makefile.am 2019-05-16 08:58:43.140804423 +0300
+@@ -147,8 +147,8 @@
+
+ $(ALL_OBJECTS): $(HX509_PROTOS)
+
+-$(libhx509_la_OBJECTS): $(srcdir)/hx_locl.h
+-$(libhx509_la_OBJECTS): ocsp_asn1.h pkcs10_asn1.h
++$(ALL_OBJECTS): $(srcdir)/hx_locl.h
++$(ALL_OBJECTS): ocsp_asn1.h pkcs10_asn1.h $(dist_include_HEADERS)
+
+ $(srcdir)/hx509-protos.h: $(dist_libhx509_la_SOURCES)
+ $(heim_verbose)cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
+--- a/lib/hcrypto/Makefile.am 2019-05-16 09:02:28.154602045 +0300
++++ b/lib/hcrypto/Makefile.am 2019-05-16 09:02:10.600617878 +0300
+@@ -102,6 +102,11 @@
+
+ TESTS = $(PROGRAM_TESTS) $(SCRIPT_TESTS)
+
++ALL_OBJECTS = $(libhcrypto_la_OBJECTS)
++ALL_OBJECTS += $(test_rand_OBJECTS)
++ALL_OBJECTS += $(libhctest_la_OBJECTS)
++$(ALL_OBJECTS): | install-build-headers
++
+ LDADD = $(lib_LTLIBRARIES) $(LIB_roken) $(LIB_openssl_crypto)
+ test_rand_LDADD = $(LDADD) -lm
+
diff --git a/app-crypt/heimdal/files/heimdal_fix-db60.patch b/app-crypt/heimdal/files/heimdal_fix-db60.patch
new file mode 100644
index 000000000000..7f012007e1ed
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_fix-db60.patch
@@ -0,0 +1,11 @@
+--- a/lib/roken/ndbm_wrap.c 2016-12-20 17:23:06.000000000 +0300
++++ b/lib/roken/ndbm_wrap.c 2019-05-17 10:00:00.107905769 +0300
+@@ -175,7 +175,7 @@
+ return NULL;
+ }
+
+-#if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
++#if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR > 3 && DB_VERSION_MINOR > 0)
+ if(db->open(db, NULL, fn, NULL, DB_BTREE, myflags, mode) != 0) {
+ #else
+ if(db->open(db, fn, NULL, DB_BTREE, myflags, mode) != 0) {
diff --git a/app-crypt/heimdal/files/heimdal_hcrypto.patch b/app-crypt/heimdal/files/heimdal_hcrypto.patch
new file mode 100644
index 000000000000..ff3228d4973a
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_hcrypto.patch
@@ -0,0 +1,45 @@
+From 329918bd671c89de6e1c2874baba48d658a89a10 Mon Sep 17 00:00:00 2001
+From: Damir Franusic <df@release14.org>
+Date: Sun, 9 Dec 2018 19:53:58 +0100
+Subject: [PATCH] hcrypto: fix include path
+
+---
+ lib/hcrypto/Makefile.am | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/hcrypto/Makefile.am b/lib/hcrypto/Makefile.am
+index 469176b6c6..195117d174 100644
+--- a/lib/hcrypto/Makefile.am
++++ b/lib/hcrypto/Makefile.am
+@@ -9,7 +9,8 @@ AM_CPPFLAGS += $(INCLUDE_openssl_crypto)
+ endif
+
+ AM_CPPFLAGS += -I$(top_srcdir)/lib/hx509 \
+- -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1
++ -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1 \
++ -I$(srcdir)/..
+
+ lib_LTLIBRARIES = libhcrypto.la
+ check_LTLIBRARIES = libhctest.la
+From 572a6fd7ac41e9210ef3eb765fe7da4ec8a94bb2 Mon Sep 17 00:00:00 2001
+From: Luke Howard <lukeh@padl.com>
+Date: Mon, 24 Dec 2018 02:21:32 +0000
+Subject: [PATCH] hx509: fix dependency, hxtool requires ASN.1 headers
+
+---
+ lib/hx509/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am
+index b58deb3e37..09643c43a0 100644
+--- a/lib/hx509/Makefile.am
++++ b/lib/hx509/Makefile.am
+@@ -164,7 +164,7 @@ hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
+ dist_hxtool_SOURCES = hxtool.c
+ nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
+
+-$(hxtool_OBJECTS): hxtool-commands.h hx509_err.h
++$(hxtool_OBJECTS): hxtool-commands.h $(nodist_include_HEADERS)
+
+ hxtool_LDADD = \
+ libhx509.la \
diff --git a/app-crypt/heimdal/heimdal-7.6.0.ebuild b/app-crypt/heimdal/heimdal-7.6.0.ebuild
new file mode 100644
index 000000000000..8f46bd07e4e4
--- /dev/null
+++ b/app-crypt/heimdal/heimdal-7.6.0.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_{5,6,7}} )
+VIRTUALX_REQUIRED="manual"
+
+inherit autotools db-use multilib multilib-minimal python-any-r1 virtualx flag-o-matic
+
+MY_P="${P}"
+DESCRIPTION="Kerberos 5 implementation from KTH"
+HOMEPAGE="http://www.h5l.org/"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd"
+IUSE="afs +berkdb caps gdbm hdb-ldap ipv6 libressl +lmdb otp +pkinit selinux ssl static-libs test X"
+
+CDEPEND="
+ ssl? (
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
+ libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
+ )
+ berkdb? ( >=sys-libs/db-4.8.30-r1:*[${MULTILIB_USEDEP}] )
+ gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+ lmdb? ( dev-db/lmdb )
+ caps? ( sys-libs/libcap-ng )
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
+ sys-libs/ncurses:0=
+ >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}]
+ afs? ( net-fs/openafs )
+ hdb-ldap? ( >=net-nds/openldap-2.3.0 )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXau
+ x11-libs/libXt
+ )
+ !!app-crypt/mit-krb5
+ !!app-crypt/mit-krb5-appl"
+
+DEPEND="${CDEPEND}
+ ${PYTHON_DEPS}
+ dev-perl/JSON
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ >=sys-devel/autoconf-2.62
+ test? ( X? ( ${VIRTUALX_DEPEND} ) )"
+
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-kerberos )"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/krb5-types.h
+ /usr/include/cms_asn1.h
+ /usr/include/digest_asn1.h
+ /usr/include/hdb_asn1.h
+ /usr/include/krb5_asn1.h
+ /usr/include/pkcs12_asn1.h
+ /usr/include/pkinit_asn1.h
+ /usr/include/rfc2459_asn1.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/krb5-config
+)
+
+PATCHES=(
+ "${FILESDIR}/heimdal_disable-check-iprop.patch"
+ "${FILESDIR}/heimdal_tinfo.patch"
+ "${FILESDIR}/heimdal_hcrypto.patch"
+ "${FILESDIR}/heimdal_build-headers-before-use.patch"
+ "${FILESDIR}/heimdal_fix-db60.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # QA
+ append-flags -fno-strict-aliasing
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ --enable-kcm
+ --disable-osfc2
+ --enable-shared
+ --with-libintl="${EPREFIX}"/usr
+ --with-readline="${EPREFIX}"/usr
+ --with-sqlite3="${EPREFIX}"/usr
+ --libexecdir="${EPREFIX}"/usr/sbin
+ --enable-pthread-support
+ $(use_enable afs afs-support)
+ $(use_enable gdbm ndbm-db)
+ $(use_enable lmdb mdb-db)
+ $(use_enable otp)
+ $(use_enable pkinit kx509)
+ $(use_enable pkinit pk-init)
+ $(use_enable static-libs static)
+ $(multilib_native_use_with caps capng)
+ $(multilib_native_use_with hdb-ldap openldap "${EPREFIX}"/usr)
+ $(use_with ipv6)
+ $(use_with ssl openssl "${EPREFIX}"/usr)
+ $(multilib_native_use_with X x)
+ )
+ if use berkdb; then
+ myeconfargs+=(
+ --with-berkeley-db
+ --with-berkeley-db-include="$(db_includedir)"
+ )
+ else
+ myeconfargs+=(
+ --without-berkeley-db
+ )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ emake
+ else
+ emake -C include
+ emake -C lib
+ emake -C kdc
+ emake -C tools
+ emake -C tests/plugin
+ fi
+}
+
+multilib_src_test() {
+ multilib_is_native_abi && emake -j1 check
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ INSTALL_CATPAGES="no" emake DESTDIR="${D}" install
+ else
+ emake -C include DESTDIR="${D}" install
+ emake -C lib DESTDIR="${D}" install
+ emake -C kdc DESTDIR="${D}" install
+ emake -C tools DESTDIR="${D}" install
+ emake -C tests/plugin DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc ChangeLog* README NEWS TODO
+
+ # client rename
+ mv "${ED%/}"/usr/share/man/man1/{,k}su.1
+ mv "${ED%/}"/usr/bin/{,k}su
+
+ newinitd "${FILESDIR}"/heimdal-kdc.initd-r2 heimdal-kdc
+ newinitd "${FILESDIR}"/heimdal-kadmind.initd-r2 heimdal-kadmind
+ newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r2 heimdal-kpasswdd
+ newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm
+
+ newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc
+ newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind
+ newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd
+ newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm
+
+ insinto /etc
+ newins "${S}"/krb5.conf krb5.conf.example
+
+ if use hdb-ldap; then
+ insinto /etc/openldap/schema
+ doins "${S}/lib/hdb/hdb.schema"
+ fi
+
+ if ! use static-libs ; then
+ find "${ED}" -name "*.la" -delete || die
+ fi
+
+ # default database dir
+ keepdir /var/heimdal
+}
diff --git a/app-crypt/heimdal/metadata.xml b/app-crypt/heimdal/metadata.xml
index 0862feb8ed96..c31b6673e508 100644
--- a/app-crypt/heimdal/metadata.xml
+++ b/app-crypt/heimdal/metadata.xml
@@ -16,6 +16,9 @@
<flag name="hdb-ldap">
Adds support for LDAP as a database backend
</flag>
+ <flag name="lmdb">
+ Add support for using dev-db/lmdb for lookup tables
+ </flag>
</use>
<upstream>
<remote-id type="github">heimdal/heimdal</remote-id>