summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Olexa <darkside@gentoo.org>2010-05-23 04:10:43 +0000
committerJeremy Olexa <darkside@gentoo.org>2010-05-23 04:10:43 +0000
commit6b7d797553759832c92560d30fad0c137e2ed7b1 (patch)
tree13917d10c2cb29b8d6af1fac68df1d20ea21e1d5 /app-crypt
parentVersion bump for bug fixes, bug 321077 by Eray Aslan (diff)
downloadhistorical-6b7d797553759832c92560d30fad0c137e2ed7b1.tar.gz
historical-6b7d797553759832c92560d30fad0c137e2ed7b1.tar.bz2
historical-6b7d797553759832c92560d30fad0c137e2ed7b1.zip
Patch for CVE-2010-1321 - bug #320445. Disable rpath - bug #187201. Installs kerberos.schema - bug #318017. Ebuild clean up. Enable parallel make. Thanks to Eray Aslan
Package-Manager: portage-2.1.8.3/cvs/Linux x86_64
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/mit-krb5/ChangeLog10
-rw-r--r--app-crypt/mit-krb5/Manifest4
-rw-r--r--app-crypt/mit-krb5/files/CVE-2010-1321.patch18
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild114
4 files changed, 144 insertions, 2 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog
index 3b9837daa9d6..04d374025ecb 100644
--- a/app-crypt/mit-krb5/ChangeLog
+++ b/app-crypt/mit-krb5/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-crypt/mit-krb5
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.217 2010/05/01 14:43:06 darkside Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.218 2010/05/23 04:10:42 darkside Exp $
+
+*mit-krb5-1.8.1-r1 (23 May 2010)
+
+ 23 May 2010; Jeremy Olexa <darkside@gentoo.org> +mit-krb5-1.8.1-r1.ebuild,
+ +files/CVE-2010-1321.patch:
+ Patch for CVE-2010-1321 - bug #320445. Disable rpath - bug #187201.
+ Installs kerberos.schema - bug #318017. Ebuild clean up. Enable parallel
+ make. Thanks to Eray Aslan
01 May 2010; Jeremy Olexa <darkside@gentoo.org> mit-krb5-1.8.1.ebuild:
Fix configure call, patch by Eray Aslan
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
index 91e886273341..aacf27378a5e 100644
--- a/app-crypt/mit-krb5/Manifest
+++ b/app-crypt/mit-krb5/Manifest
@@ -4,6 +4,7 @@ AUX 1.7-CVE-2009-4212.patch 13085 RMD160 98b9d7adab15a198cf6380458e9960e41385f2f
AUX CVE-2009-0844+CVE-2009-0847.patch 2075 RMD160 eba543da0eafa13158a71947bf22783292d23951 SHA1 087e0dfcdff3dd08b9085fda47099c438871488d SHA256 abdff5ffb07b57d6156722ea6ee12a73ae3337ff05687e384a59989074ab4316
AUX CVE-2009-0846.patch 1682 RMD160 80292c97735b2e45eb450d2c8f6c30e6b0dbf199 SHA1 4bde9e943f4604bfde41cb91f923c123716add71 SHA256 71914affe6f8623b44f3b8ac9c98a83783e41200f8965ea5d68e7fb8a4bc3088
AUX CVE-2010-1320.patch 701 RMD160 f5ebcbf5a5cb872644aa3d7f28bea0de2e4cc281 SHA1 775ae45e20b67d1de7f2a21c52afbfbaacdae5a1 SHA256 251757cc449ba11f0147febc1b69e8aee37ec6c200a25c08e9a9eac02cdb3c60
+AUX CVE-2010-1321.patch 670 RMD160 941777d0914ae3363eae2be9d62a09e00e074c7e SHA1 fc85fead1fcbd3a8c0f867084a934c97abfc3f31 SHA256 02d778775bf3f7576f5cf7a9a1a3d14ccf1654b71c77a6a4e00a7bd5b775b221
AUX MITKRB5-SA-2008-002.patch 1505 RMD160 35bb24ae802b532836810588e13c775ef8522cc1 SHA1 70fb0d83da33eb3e00355a11894c37f7c9d2b9aa SHA256 8e84a55080461f117f61501550c364f9ac25d9079601281a0d413bff664fc386
AUX mit-krb5-lazyldflags.patch 509 RMD160 47515882e93e0db7db6980a4460a01f2cbc3f382 SHA1 db880ff82bd72afd2815a8e8d345c815c2769715 SHA256 272b3a18303b43c64bbcc1da9bcb7cd60d56337700d84c78741c7096c18044d5
AUX mit-krb5kadmind.initd 687 RMD160 7602d12d570e80edf24953befbe4ec03d247e4ba SHA1 753a5875659d3bef63c1a50bb0228f1c3c06bdf9 SHA256 427953b3a2dbe0a8f85bee1294a348c97dbbdac4741f06c2a3768170ba29161a
@@ -16,6 +17,7 @@ DIST mit-krb5-1.7-patches-0.6.tar.bz2 707 RMD160 8849cc7c663cd1cfed35af9647197af
EBUILD mit-krb5-1.6.3-r6.ebuild 2816 RMD160 d9207dc3a1d6aa54eaad45c04092704631743b43 SHA1 436537036eabe1f3eeff5ab28d7b37c63e12353f SHA256 00b60f4ef14978fc41a60cee257f7b2e2265ffc5a7c754fe075ff0c1dcbb35d0
EBUILD mit-krb5-1.6.3-r7.ebuild 2874 RMD160 e9ad37cd27b80b94296226c279431a58dd8d799e SHA1 2706e5949d6d5a32734aa63988c74b2f9b324239 SHA256 c4ca4f284cf02a6e11bde53f39a550af444c75de7ea3f9a131ad40aa41c29f78
EBUILD mit-krb5-1.7-r2.ebuild 2644 RMD160 44ca6704cff27f8a18d2769af001972bbe87cc45 SHA1 40b2d880d86a70e5b4b6dccb84eee95856284f21 SHA256 e61f5835d96fafb5fe99fa5e42eb5e069f4f5b6927ac069744e89855e56925d5
+EBUILD mit-krb5-1.8.1-r1.ebuild 2614 RMD160 34a7bfc6221dfe7c0367c05d3cf71cd1b4db9f50 SHA1 75a6a012670cf615a7247919d4788d7a148146b5 SHA256 6d49e47bb92a9a60e12f1aea000f1848435769073a3a9b26425231632a1f2a20
EBUILD mit-krb5-1.8.1.ebuild 2669 RMD160 b1284638024694d311f5d322404b1fdd8c12e940 SHA1 9eb5f51492703bb86dcb769d4621162ec65706f6 SHA256 56d0ba61272e9cf5b58895909eecee909d56be5d14d2655a02ed0392c2bc6f65
-MISC ChangeLog 35267 RMD160 bfe6737a31e0983197b0cce241c640f1f85ffb17 SHA1 6e9087f8ffab32a4abbcc776a7fc3b9e65f3f46a SHA256 232bde9bc7e2883cfd1bba9574ff54da5272ef21cdb1539887920bb0e27342f1
+MISC ChangeLog 35583 RMD160 73518e59e87194610a325b68508f53a54aba122a SHA1 e00c6fdda77b689c4b3628ae6944db9deb385ae3 SHA256 d34a95b5c7296bf3e97e0908acb206ff916c29391b85ec80918830889618156a
MISC metadata.xml 639 RMD160 5e0f0a281fd7c2db9cef027d510f4f65fe769e2e SHA1 5ff055ed4d8a80384cba07293c41dd10983d2792 SHA256 fe666e55cb89f0dda7aa81fefe167f1cf2934053c83f1ee147781c34b7f28595
diff --git a/app-crypt/mit-krb5/files/CVE-2010-1321.patch b/app-crypt/mit-krb5/files/CVE-2010-1321.patch
new file mode 100644
index 000000000000..7f9f7a4c94af
--- /dev/null
+++ b/app-crypt/mit-krb5/files/CVE-2010-1321.patch
@@ -0,0 +1,18 @@
+diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
+index ce3075f..6241055 100644
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
+ }
+ #endif
+
++ if (authdat->checksum == NULL) {
++ /* missing checksum counts as "inappropriate type" */
++ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
++ major_status = GSS_S_FAILURE;
++ goto fail;
++ }
++
+ if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
+ /* Samba does not send 0x8003 GSS-API checksums */
+ krb5_boolean valid;
diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild
new file mode 100644
index 000000000000..07a1559bf601
--- /dev/null
+++ b/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild,v 1.1 2010/05/23 04:10:42 darkside Exp $
+
+EAPI="2"
+
+inherit eutils flag-o-matic versionator autotools
+
+MY_P=${P/mit-}
+P_DIR=$(get_version_component_range 1-2)
+DESCRIPTION="MIT Kerberos V"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ldap doc"
+
+RDEPEND="!virtual/krb5
+ >=sys-libs/e2fsprogs-libs-1.41.0
+ ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+ doc? ( virtual/latex-base )"
+
+S=${WORKDIR}/${MY_P}/src
+
+PROVIDE="virtual/krb5"
+
+src_unpack() {
+ unpack ${A}
+ unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/CVE-2010-1320.patch"
+ epatch "${FILESDIR}/CVE-2010-1321.patch"
+
+}
+
+src_configure() {
+
+ append-flags "-I/usr/include/et"
+ econf \
+ $(use_with ldap) \
+ --without-krb4 \
+ --enable-shared \
+ --with-system-et \
+ --with-system-ss \
+ --enable-dns-for-realm \
+ --enable-kdc-replay-cache \
+ --disable-rpath
+}
+
+src_compile() {
+ emake || die "emake failed"
+
+ if use doc ; then
+ cd ../doc
+ for dir in api implement ; do
+ emake -C "${dir}" || die "doc emake failed"
+ done
+ fi
+}
+
+src_test() {
+ einfo "Tests do not run in sandbox, they need mit-krb5 to be already installed to test it."
+}
+
+src_install() {
+ emake \
+ DESTDIR="${D}" \
+ EXAMPLEDIR=/usr/share/doc/${PF}/examples \
+ install || die "install failed"
+
+ keepdir /var/lib/krb5kdc
+
+ cd ..
+ dodoc README
+ dodoc doc/*.ps
+ doinfo doc/*.info*
+ dohtml -r doc/*
+
+# die if we cannot respect a USE flag
+ if use doc ; then
+ dodoc doc/{api,implement}/*.ps || die "dodoc failed"
+ fi
+
+ newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind
+ newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc
+
+ insinto /etc
+ newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
+ insinto /var/lib/krb5kdc
+ newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
+
+ if use ldap ; then
+ insinto /etc/openldap/schema
+ newins "${S}/plugins/kdb/ldap/libkdb/ldap/kerberos_schema" \
+ kerberos.schema
+ fi
+}
+
+pkg_preinst() {
+
+ if has_version "<${CATEGORY}/${PN}-1.8.0" ; then
+ einfo
+ elog "MIT split the Kerberos applications from the base Kerberos"
+ elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp,"
+ elog "ftp clients and telnet, ftp deamons now live in"
+ elog "\"app-crypt/mit-krb5-appl\" package."
+ einfo
+ fi
+}