net-nds/389-ds-base: remove old

Package-Manager: Portage-3.0.23, Repoman-3.0.3
Signed-off-by: Robert Förster <Dessa@gmake.de>
Closes: https://github.com/gentoo/gentoo/pull/22388
Signed-off-by: Florian Schmaus <flow@gentoo.org>

3 files changed, 0 insertions, 419 deletions

diff --git a/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild b/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild
deleted file mode 100644
index e3ef7ffdf4bf..000000000000
--- a/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild
+++ /dev/null
@@ -1,300 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-CRATES="
-ahash-0.7.2
-ansi_term-0.11.0
-atty-0.2.14
-autocfg-1.0.1
-base64-0.13.0
-bitflags-1.2.1
-byteorder-1.4.3
-cbindgen-0.9.1
-cc-1.0.67
-cfg-if-1.0.0
-clap-2.33.3
-concread-0.2.9
-crossbeam-0.8.0
-crossbeam-channel-0.5.1
-crossbeam-deque-0.8.0
-crossbeam-epoch-0.9.3
-crossbeam-queue-0.3.1
-crossbeam-utils-0.8.3
-fernet-0.1.4
-foreign-types-0.3.2
-foreign-types-shared-0.1.1
-getrandom-0.2.2
-hermit-abi-0.1.18
-instant-0.1.9
-itoa-0.4.7
-jobserver-0.1.21
-lazy_static-1.4.0
-libc-0.2.93
-lock_api-0.4.3
-log-0.4.14
-memoffset-0.6.3
-once_cell-1.7.2
-openssl-0.10.33
-openssl-sys-0.9.61
-parking_lot-0.11.1
-parking_lot_core-0.8.3
-paste-0.1.18
-paste-impl-0.1.18
-pkg-config-0.3.19
-ppv-lite86-0.2.10
-proc-macro-hack-0.5.19
-proc-macro2-1.0.26
-quote-1.0.9
-rand-0.8.3
-rand_chacha-0.3.0
-rand_core-0.6.2
-rand_hc-0.3.0
-redox_syscall-0.2.6
-remove_dir_all-0.5.3
-ryu-1.0.5
-scopeguard-1.1.0
-serde-1.0.125
-serde_derive-1.0.125
-serde_json-1.0.64
-smallvec-1.6.1
-strsim-0.8.0
-syn-1.0.69
-synstructure-0.12.4
-tempfile-3.2.0
-textwrap-0.11.0
-toml-0.5.8
-unicode-width-0.1.8
-unicode-xid-0.2.1
-uuid-0.8.2
-vcpkg-0.2.11
-vec_map-0.8.2
-version_check-0.9.3
-wasi-0.10.2+wasi-snapshot-preview1
-winapi-0.3.9
-winapi-i686-pc-windows-gnu-0.4.0
-winapi-x86_64-pc-windows-gnu-0.4.0
-zeroize-1.2.0
-zeroize_derive-1.0.1
-"
-
-PYTHON_COMPAT=( python3_{8,9} )
-
-DISTUTILS_SINGLE_IMPL=1
-DISTUTILS_USE_SETUPTOOLS=rdepend
-
-inherit multilib flag-o-matic autotools distutils-r1 systemd tmpfiles db-use cargo
-
-DESCRIPTION="389 Directory Server (core libraries and daemons)"
-HOMEPAGE="https://directory.fedoraproject.org/"
-SRC_URI="https://github.com/389ds/${PN}/archive/refs/tags/${P}.tar.gz
-	$(cargo_crate_uris ${CRATES})"
-LICENSE="GPL-3+ Apache-2.0 BSD MIT MPL-2.0"
-SLOT="$(ver_cut 1-2)/0"
-KEYWORDS="~amd64"
-IUSE_PLUGINS="+accountpolicy +bitwise +dna +pam-passthru"
-IUSE="${IUSE_PLUGINS} +autobind auto-dn-suffix debug doc +ldapi selinux systemd"
-
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-
-# lib389 tests (which is most of the suite) can't find their own modules.
-RESTRICT="test"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BERKDB_SLOTS=( 5.3 4.8 )
-
-DEPEND="
-	>=app-crypt/mit-krb5-1.7-r100[openldap]
-	>=dev-libs/cyrus-sasl-2.1.19[kerberos]
-	>=dev-libs/icu-60.2:=
-	dev-libs/nspr
-	>=dev-libs/nss-3.22[utils]
-	dev-libs/libevent:=
-	dev-libs/libpcre:3
-	dev-libs/openssl:0=
-	>=net-analyzer/net-snmp-5.1.2:=
-	net-nds/openldap[sasl]
-	|| (
-		$(for slot in ${BERKDB_SLOTS[@]} ; do printf '%s\n' "sys-libs/db:${slot}" ; done)
-	)
-	sys-libs/cracklib
-	sys-fs/e2fsprogs
-	sys-libs/zlib
-	pam-passthru? ( sys-libs/pam )
-	selinux? (
-		$(python_gen_cond_dep '
-			sys-libs/libselinux[python,${PYTHON_USEDEP}]
-		')
-	)
-	systemd? ( >=sys-apps/systemd-244 )
-	virtual/libcrypt:=
-	"
-
-BDEPEND=">=sys-devel/autoconf-2.69-r5
-	virtual/pkgconfig
-	${PYTHON_DEPS}
-	$(python_gen_cond_dep '
-		dev-python/argparse-manpage[${PYTHON_USEDEP}]
-	')
-	doc? ( app-doc/doxygen )
-	test? ( dev-util/cmocka )
-"
-
-# perl dependencies are for logconv.pl
-RDEPEND="${DEPEND}
-	!dev-libs/svrcore
-	!net-nds/389-ds-base:0
-	acct-user/dirsrv
-	acct-group/dirsrv
-	${PYTHON_DEPS}
-	$(python_gen_cond_dep '
-		dev-python/pyasn1[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		dev-python/argcomplete[${PYTHON_USEDEP}]
-		dev-python/python-dateutil[${PYTHON_USEDEP}]
-		dev-python/python-ldap[sasl,${PYTHON_USEDEP}]
-		dev-python/distro[${PYTHON_USEDEP}]
-	')
-	virtual/perl-Archive-Tar
-	virtual/perl-DB_File
-	virtual/perl-IO
-	virtual/perl-Getopt-Long
-	virtual/perl-IO-Compress
-	virtual/perl-MIME-Base64
-	virtual/perl-Scalar-List-Utils
-	virtual/perl-Time-Local
-	virtual/logger
-	selinux? ( sec-policy/selinux-dirsrv )
-"
-
-S="${WORKDIR}/${PN}-${P}"
-
-PATCHES=(
-	"${FILESDIR}/${P}-crypt-import.patch"
-	"${FILESDIR}/${PN}-db-gentoo.patch"
-)
-
-distutils_enable_tests pytest
-
-src_prepare() {
-	# this is for upstream GitHub issue 4292
-	if use !systemd; then
-		sed -i \
-			-e 's|WITH_SYSTEMD = 1|WITH_SYSTEMD = 0|' \
-			Makefile.am || die
-	fi
-
-	# GH issue 4092
-	sed -i \
-		-e 's|@localstatedir@/run|/run|' \
-		ldap/admin/src/defaults.inf.in || die
-
-	default
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		$(use_enable accountpolicy acctpolicy)
-		$(use_enable bitwise)
-		$(use_enable dna)
-		$(use_enable pam-passthru)
-		$(use_enable autobind)
-		$(use_enable auto-dn-suffix)
-		$(use_enable debug)
-		$(use_enable ldapi)
-		$(use_with selinux)
-		$(use_with systemd)
-		$(use_with systemd systemdgroupname "dirsrv.target")
-		$(use_with systemd tmpfiles-d "/usr/lib/tmpfiles.d")
-		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
-		$(use_with !systemd initddir "/etc/init.d")
-		$(use_enable test cmocka)
-		--enable-rust
-		--enable-rust-offline
-		--with-pythonexec="${PYTHON}"
-		--with-fhs
-		--with-openldap
-		--with-db-inc="$(db_includedir)"
-		--disable-cockpit
-	)
-
-	econf "${myeconfargs[@]}"
-
-	rm "${S}"/.cargo/config || die
-}
-
-src_compile() {
-	export CARGO_HOME="${ECARGO_HOME}"
-
-	default
-
-	if use doc; then
-		doxygen "${S}"/docs/slapi.doxy || die
-	fi
-
-	cd "${S}"/src/lib389 || die
-	distutils-r1_src_compile
-
-	# argparse-manpage dynamic man pages have hardcoded man v1 in header
-	sed -i \
-		"1s/\"1\"/\"8\"/" \
-		"${S}"/src/lib389/man/{openldap_to_ds,ds{conf,ctl,idm,create}}.8 || die
-}
-
-src_test () {
-	emake check
-	cd "${S}"/src/lib389 || die
-	distutils-r1_src_test
-}
-
-src_install() {
-	# -j1 is a temporary workaround for bug #605432
-	emake -j1 DESTDIR="${D}" install
-
-	# Install gentoo style init script
-	# Get these merged upstream
-	newinitd "${FILESDIR}"/389-ds.initd-r1 389-ds
-	newinitd "${FILESDIR}"/389-ds-snmp.initd 389-ds-snmp
-
-	dotmpfiles "${FILESDIR}"/389-ds-base.conf
-
-	# cope with libraries being in /usr/lib/dirsrv
-	dodir /etc/env.d
-	echo "LDPATH=/usr/$(get_libdir)/dirsrv" > "${ED}"/etc/env.d/08dirsrv || die
-
-	if use doc; then
-		cd "${S}" || die
-		docinto html/
-		dodoc -r html/.
-	fi
-
-	cd "${S}"/src/lib389 || die
-	distutils-r1_src_install
-	python_fix_shebang "${ED}"
-
-	find "${ED}" -type f \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_postinst() {
-	tmpfiles_process 389-ds-base.conf
-
-	echo
-	elog "If you are planning to use 389-ds-snmp (ldap-agent),"
-	elog "make sure to properly configure: /etc/dirsrv/config/ldap-agent.conf"
-	elog "adding proper 'server' entries, and adding the lines below to"
-	elog " => /etc/snmp/snmpd.conf"
-	elog
-	elog "master agentx"
-	elog "agentXSocket /var/agentx/master"
-	elog
-	elog "To start 389 Directory Server (LDAP service) at boot:"
-	elog
-	elog "    rc-update add 389-ds default"
-	elog
-	echo
-}
diff --git a/net-nds/389-ds-base/Manifest b/net-nds/389-ds-base/Manifest
index 6a79ee183ac1..2074aba01af2 100644
--- a/net-nds/389-ds-base/Manifest
+++ b/net-nds/389-ds-base/Manifest
@@ -1,4 +1,3 @@
-DIST 389-ds-base-1.4.4.16.tar.gz 5456272 BLAKE2B bb157de3ebfdf214a56a56cd991255080890b28ca5fbd4ce5437e1ab4ca03181b7c2a58630ee26112771aaf9037cff8102926f48da136d6af43024c70ca1eeb8 SHA512 2c8d446dd26f67345351a6ea5f6095d89ed5eb26df09e09b19d625fb01418c5354b93ac0272e68b2d444a70b63180ce53042e0e43b6ea826948f6c93f4c22fc0
 DIST 389-ds-base-1.4.4.17.tar.gz 5356426 BLAKE2B 4972d7a7a7d12fb13f76db5cb2c8b896d5bb02c9f1e4bfbfae709f5fc01b9f662b5557710ca52d9f0a6ac3dc9e36bfab594e597db90ab146a5a5f252e11b4175 SHA512 83cc20915d59d4a45febad1462103c51108deee271cae7f98ff28e0a939451060edca28046719a417b3d3b956a74687a288880d64a6ab201e682ad577bf70583
 DIST ahash-0.7.2.crate 37192 BLAKE2B a2ea98d408f6ac72b96a7e14b22999d52a6839d724f3e8fc82f67ea985a110d8dc17847087e6aaeca477ef93afadda3488ee77cc5425cab5f77c00cd67ff4463 SHA512 77886a994102c1edf93b133e27658e3c84152c83597191d58c571dc7dfc765d41c2879ea55d64e04e3af804a4f10aeb1c10e33a924fd967b288e6d0b12728b34
 DIST ansi_term-0.11.0.crate 17087 BLAKE2B 9bd35c045a01ce4c6c4a5db1b4f15e9412bb97426eec19d4421dffbec633de8d13452c13c1dc1b30998690b78d7ed38311aca700087f13a81f66bd1d5d7300c4 SHA512 a637466a380748f939b3af090b8c0333f35581925bc03f4dda9b3f95d338836403cf5487ae3af9ff68f8245a837f8ab061aabe57a126a6a2c20f2e972c77d1fa
diff --git a/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch b/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch
deleted file mode 100644
index cf8c7d9b4524..000000000000
--- a/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
-From: Firstyear <william@blackhats.net.au>
-Date: Fri, 9 Jul 2021 11:53:35 +1000
-Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
- all passwords (#4819)
-
-Bug Description: Due to mishanding of short dbpwd hashes, the
-crypt_r algorithm was misused and was only comparing salts
-in some cases, rather than checking the actual content
-of the password.
-
-Fix Description: Stricter checks on dbpwd lengths to ensure
-that content passed to crypt_r has at least 2 salt bytes and
-1 hash byte, as well as stricter checks on ct_memcmp to ensure
-that compared values are the same length, rather than potentially
-allowing overruns/short comparisons.
-
-fixes: https://github.com/389ds/389-ds-base/issues/4817
-
-Author: William Brown <william@blackhats.net.au>
-
-Review by: @mreynolds389
----
- .../password/pwd_crypt_asterisk_test.py       | 50 +++++++++++++++++++
- ldap/servers/plugins/pwdstorage/crypt_pwd.c   | 20 +++++---
- 2 files changed, 64 insertions(+), 6 deletions(-)
- create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-
-diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-new file mode 100644
-index 000000000..d76614db1
---- /dev/null
-+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-@@ -0,0 +1,50 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details.
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import ldap
-+import pytest
-+from lib389.topologies import topology_st
-+from lib389.idm.user import UserAccounts
-+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
-+
-+pytestmark = pytest.mark.tier1
-+
-+def test_password_crypt_asterisk_is_rejected(topology_st):
-+    """It was reported that {CRYPT}* was allowing all passwords to be
-+    valid in the bind process. This checks that we should be rejecting
-+    these as they should represent locked accounts. Similar, {CRYPT}!
-+
-+    :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
-+    :setup: Single instance
-+    :steps: 1. Set a password hash in with CRYPT and the content *
-+            2. Test a bind
-+            3. Set a password hash in with CRYPT and the content !
-+            4. Test a bind
-+    :expectedresults:
-+            1. Successfully set the values
-+            2. The bind fails
-+            3. Successfully set the values
-+            4. The bind fails
-+    """
-+    topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
-+    topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
-+
-+    users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
-+    user = users.create_test_user()
-+
-+    user.set('userPassword', "{CRYPT}*")
-+
-+    # Attempt to bind with incorrect password.
-+    with pytest.raises(ldap.INVALID_CREDENTIALS):
-+        badconn = user.bind('badpassword')
-+
-+    user.set('userPassword', "{CRYPT}!")
-+    # Attempt to bind with incorrect password.
-+    with pytest.raises(ldap.INVALID_CREDENTIALS):
-+        badconn = user.bind('badpassword')
-+
-diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-index 9031b2199..1b37d41ed 100644
---- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
- int
- crypt_pw_cmp(const char *userpwd, const char *dbpwd)
- {
--    int rc;
--    char *cp;
-+    int rc = -1;
-+    char *cp = NULL;
-+    size_t dbpwd_len = strlen(dbpwd);
-     struct crypt_data data;
-     data.initialized = 0;
- 
--    /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
--    cp = crypt_r(userpwd, dbpwd, &data);
--    if (cp) {
--        rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
-+    /*
-+     * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
-+     * allow any password to bind as we then only compare SALTS.
-+     */
-+    if (dbpwd_len >= 3) {
-+        /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
-+        cp = crypt_r(userpwd, dbpwd, &data);
-+    }
-+    /* If these are not the same length, we can not proceed safely with memcmp. */
-+    if (cp && dbpwd_len == strlen(cp)) {
-+        rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
-     } else {
-         rc = -1;
-     }