summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Förster <Dessa@gmake.de>2021-09-24 17:49:58 +0200
committerFlorian Schmaus <flow@gentoo.org>2021-09-24 18:29:42 +0200
commit67ab0251459d99b0e383c958c1fbe0ec11980c0a (patch)
treebd44ac9817d1795af63c63c1645bb5f62b7aee50 /net-nds/389-ds-base
parentnet-nds/389-ds-base: bump to 1.4.4.17 (diff)
downloadgentoo-67ab0251459d99b0e383c958c1fbe0ec11980c0a.tar.gz
gentoo-67ab0251459d99b0e383c958c1fbe0ec11980c0a.tar.bz2
gentoo-67ab0251459d99b0e383c958c1fbe0ec11980c0a.zip
net-nds/389-ds-base: remove old
Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Robert Förster <Dessa@gmake.de> Closes: https://github.com/gentoo/gentoo/pull/22388 Signed-off-by: Florian Schmaus <flow@gentoo.org>
Diffstat (limited to 'net-nds/389-ds-base')
-rw-r--r--net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild300
-rw-r--r--net-nds/389-ds-base/Manifest1
-rw-r--r--net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch118
3 files changed, 0 insertions, 419 deletions
diff --git a/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild b/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild
deleted file mode 100644
index e3ef7ffdf4bf..000000000000
--- a/net-nds/389-ds-base/389-ds-base-1.4.4.16-r1.ebuild
+++ /dev/null
@@ -1,300 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-CRATES="
-ahash-0.7.2
-ansi_term-0.11.0
-atty-0.2.14
-autocfg-1.0.1
-base64-0.13.0
-bitflags-1.2.1
-byteorder-1.4.3
-cbindgen-0.9.1
-cc-1.0.67
-cfg-if-1.0.0
-clap-2.33.3
-concread-0.2.9
-crossbeam-0.8.0
-crossbeam-channel-0.5.1
-crossbeam-deque-0.8.0
-crossbeam-epoch-0.9.3
-crossbeam-queue-0.3.1
-crossbeam-utils-0.8.3
-fernet-0.1.4
-foreign-types-0.3.2
-foreign-types-shared-0.1.1
-getrandom-0.2.2
-hermit-abi-0.1.18
-instant-0.1.9
-itoa-0.4.7
-jobserver-0.1.21
-lazy_static-1.4.0
-libc-0.2.93
-lock_api-0.4.3
-log-0.4.14
-memoffset-0.6.3
-once_cell-1.7.2
-openssl-0.10.33
-openssl-sys-0.9.61
-parking_lot-0.11.1
-parking_lot_core-0.8.3
-paste-0.1.18
-paste-impl-0.1.18
-pkg-config-0.3.19
-ppv-lite86-0.2.10
-proc-macro-hack-0.5.19
-proc-macro2-1.0.26
-quote-1.0.9
-rand-0.8.3
-rand_chacha-0.3.0
-rand_core-0.6.2
-rand_hc-0.3.0
-redox_syscall-0.2.6
-remove_dir_all-0.5.3
-ryu-1.0.5
-scopeguard-1.1.0
-serde-1.0.125
-serde_derive-1.0.125
-serde_json-1.0.64
-smallvec-1.6.1
-strsim-0.8.0
-syn-1.0.69
-synstructure-0.12.4
-tempfile-3.2.0
-textwrap-0.11.0
-toml-0.5.8
-unicode-width-0.1.8
-unicode-xid-0.2.1
-uuid-0.8.2
-vcpkg-0.2.11
-vec_map-0.8.2
-version_check-0.9.3
-wasi-0.10.2+wasi-snapshot-preview1
-winapi-0.3.9
-winapi-i686-pc-windows-gnu-0.4.0
-winapi-x86_64-pc-windows-gnu-0.4.0
-zeroize-1.2.0
-zeroize_derive-1.0.1
-"
-
-PYTHON_COMPAT=( python3_{8,9} )
-
-DISTUTILS_SINGLE_IMPL=1
-DISTUTILS_USE_SETUPTOOLS=rdepend
-
-inherit multilib flag-o-matic autotools distutils-r1 systemd tmpfiles db-use cargo
-
-DESCRIPTION="389 Directory Server (core libraries and daemons)"
-HOMEPAGE="https://directory.fedoraproject.org/"
-SRC_URI="https://github.com/389ds/${PN}/archive/refs/tags/${P}.tar.gz
- $(cargo_crate_uris ${CRATES})"
-LICENSE="GPL-3+ Apache-2.0 BSD MIT MPL-2.0"
-SLOT="$(ver_cut 1-2)/0"
-KEYWORDS="~amd64"
-IUSE_PLUGINS="+accountpolicy +bitwise +dna +pam-passthru"
-IUSE="${IUSE_PLUGINS} +autobind auto-dn-suffix debug doc +ldapi selinux systemd"
-
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-
-# lib389 tests (which is most of the suite) can't find their own modules.
-RESTRICT="test"
-
-# always list newer first
-# Do not add any AGPL-3 BDB here!
-# See bug 525110, comment 15.
-BERKDB_SLOTS=( 5.3 4.8 )
-
-DEPEND="
- >=app-crypt/mit-krb5-1.7-r100[openldap]
- >=dev-libs/cyrus-sasl-2.1.19[kerberos]
- >=dev-libs/icu-60.2:=
- dev-libs/nspr
- >=dev-libs/nss-3.22[utils]
- dev-libs/libevent:=
- dev-libs/libpcre:3
- dev-libs/openssl:0=
- >=net-analyzer/net-snmp-5.1.2:=
- net-nds/openldap[sasl]
- || (
- $(for slot in ${BERKDB_SLOTS[@]} ; do printf '%s\n' "sys-libs/db:${slot}" ; done)
- )
- sys-libs/cracklib
- sys-fs/e2fsprogs
- sys-libs/zlib
- pam-passthru? ( sys-libs/pam )
- selinux? (
- $(python_gen_cond_dep '
- sys-libs/libselinux[python,${PYTHON_USEDEP}]
- ')
- )
- systemd? ( >=sys-apps/systemd-244 )
- virtual/libcrypt:=
- "
-
-BDEPEND=">=sys-devel/autoconf-2.69-r5
- virtual/pkgconfig
- ${PYTHON_DEPS}
- $(python_gen_cond_dep '
- dev-python/argparse-manpage[${PYTHON_USEDEP}]
- ')
- doc? ( app-doc/doxygen )
- test? ( dev-util/cmocka )
-"
-
-# perl dependencies are for logconv.pl
-RDEPEND="${DEPEND}
- !dev-libs/svrcore
- !net-nds/389-ds-base:0
- acct-user/dirsrv
- acct-group/dirsrv
- ${PYTHON_DEPS}
- $(python_gen_cond_dep '
- dev-python/pyasn1[${PYTHON_USEDEP}]
- dev-python/pyasn1-modules[${PYTHON_USEDEP}]
- dev-python/argcomplete[${PYTHON_USEDEP}]
- dev-python/python-dateutil[${PYTHON_USEDEP}]
- dev-python/python-ldap[sasl,${PYTHON_USEDEP}]
- dev-python/distro[${PYTHON_USEDEP}]
- ')
- virtual/perl-Archive-Tar
- virtual/perl-DB_File
- virtual/perl-IO
- virtual/perl-Getopt-Long
- virtual/perl-IO-Compress
- virtual/perl-MIME-Base64
- virtual/perl-Scalar-List-Utils
- virtual/perl-Time-Local
- virtual/logger
- selinux? ( sec-policy/selinux-dirsrv )
-"
-
-S="${WORKDIR}/${PN}-${P}"
-
-PATCHES=(
- "${FILESDIR}/${P}-crypt-import.patch"
- "${FILESDIR}/${PN}-db-gentoo.patch"
-)
-
-distutils_enable_tests pytest
-
-src_prepare() {
- # this is for upstream GitHub issue 4292
- if use !systemd; then
- sed -i \
- -e 's|WITH_SYSTEMD = 1|WITH_SYSTEMD = 0|' \
- Makefile.am || die
- fi
-
- # GH issue 4092
- sed -i \
- -e 's|@localstatedir@/run|/run|' \
- ldap/admin/src/defaults.inf.in || die
-
- default
-
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- $(use_enable accountpolicy acctpolicy)
- $(use_enable bitwise)
- $(use_enable dna)
- $(use_enable pam-passthru)
- $(use_enable autobind)
- $(use_enable auto-dn-suffix)
- $(use_enable debug)
- $(use_enable ldapi)
- $(use_with selinux)
- $(use_with systemd)
- $(use_with systemd systemdgroupname "dirsrv.target")
- $(use_with systemd tmpfiles-d "/usr/lib/tmpfiles.d")
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(use_with !systemd initddir "/etc/init.d")
- $(use_enable test cmocka)
- --enable-rust
- --enable-rust-offline
- --with-pythonexec="${PYTHON}"
- --with-fhs
- --with-openldap
- --with-db-inc="$(db_includedir)"
- --disable-cockpit
- )
-
- econf "${myeconfargs[@]}"
-
- rm "${S}"/.cargo/config || die
-}
-
-src_compile() {
- export CARGO_HOME="${ECARGO_HOME}"
-
- default
-
- if use doc; then
- doxygen "${S}"/docs/slapi.doxy || die
- fi
-
- cd "${S}"/src/lib389 || die
- distutils-r1_src_compile
-
- # argparse-manpage dynamic man pages have hardcoded man v1 in header
- sed -i \
- "1s/\"1\"/\"8\"/" \
- "${S}"/src/lib389/man/{openldap_to_ds,ds{conf,ctl,idm,create}}.8 || die
-}
-
-src_test () {
- emake check
- cd "${S}"/src/lib389 || die
- distutils-r1_src_test
-}
-
-src_install() {
- # -j1 is a temporary workaround for bug #605432
- emake -j1 DESTDIR="${D}" install
-
- # Install gentoo style init script
- # Get these merged upstream
- newinitd "${FILESDIR}"/389-ds.initd-r1 389-ds
- newinitd "${FILESDIR}"/389-ds-snmp.initd 389-ds-snmp
-
- dotmpfiles "${FILESDIR}"/389-ds-base.conf
-
- # cope with libraries being in /usr/lib/dirsrv
- dodir /etc/env.d
- echo "LDPATH=/usr/$(get_libdir)/dirsrv" > "${ED}"/etc/env.d/08dirsrv || die
-
- if use doc; then
- cd "${S}" || die
- docinto html/
- dodoc -r html/.
- fi
-
- cd "${S}"/src/lib389 || die
- distutils-r1_src_install
- python_fix_shebang "${ED}"
-
- find "${ED}" -type f \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_postinst() {
- tmpfiles_process 389-ds-base.conf
-
- echo
- elog "If you are planning to use 389-ds-snmp (ldap-agent),"
- elog "make sure to properly configure: /etc/dirsrv/config/ldap-agent.conf"
- elog "adding proper 'server' entries, and adding the lines below to"
- elog " => /etc/snmp/snmpd.conf"
- elog
- elog "master agentx"
- elog "agentXSocket /var/agentx/master"
- elog
- elog "To start 389 Directory Server (LDAP service) at boot:"
- elog
- elog " rc-update add 389-ds default"
- elog
- echo
-}
diff --git a/net-nds/389-ds-base/Manifest b/net-nds/389-ds-base/Manifest
index 6a79ee183ac1..2074aba01af2 100644
--- a/net-nds/389-ds-base/Manifest
+++ b/net-nds/389-ds-base/Manifest
@@ -1,4 +1,3 @@
-DIST 389-ds-base-1.4.4.16.tar.gz 5456272 BLAKE2B bb157de3ebfdf214a56a56cd991255080890b28ca5fbd4ce5437e1ab4ca03181b7c2a58630ee26112771aaf9037cff8102926f48da136d6af43024c70ca1eeb8 SHA512 2c8d446dd26f67345351a6ea5f6095d89ed5eb26df09e09b19d625fb01418c5354b93ac0272e68b2d444a70b63180ce53042e0e43b6ea826948f6c93f4c22fc0
DIST 389-ds-base-1.4.4.17.tar.gz 5356426 BLAKE2B 4972d7a7a7d12fb13f76db5cb2c8b896d5bb02c9f1e4bfbfae709f5fc01b9f662b5557710ca52d9f0a6ac3dc9e36bfab594e597db90ab146a5a5f252e11b4175 SHA512 83cc20915d59d4a45febad1462103c51108deee271cae7f98ff28e0a939451060edca28046719a417b3d3b956a74687a288880d64a6ab201e682ad577bf70583
DIST ahash-0.7.2.crate 37192 BLAKE2B a2ea98d408f6ac72b96a7e14b22999d52a6839d724f3e8fc82f67ea985a110d8dc17847087e6aaeca477ef93afadda3488ee77cc5425cab5f77c00cd67ff4463 SHA512 77886a994102c1edf93b133e27658e3c84152c83597191d58c571dc7dfc765d41c2879ea55d64e04e3af804a4f10aeb1c10e33a924fd967b288e6d0b12728b34
DIST ansi_term-0.11.0.crate 17087 BLAKE2B 9bd35c045a01ce4c6c4a5db1b4f15e9412bb97426eec19d4421dffbec633de8d13452c13c1dc1b30998690b78d7ed38311aca700087f13a81f66bd1d5d7300c4 SHA512 a637466a380748f939b3af090b8c0333f35581925bc03f4dda9b3f95d338836403cf5487ae3af9ff68f8245a837f8ab061aabe57a126a6a2c20f2e972c77d1fa
diff --git a/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch b/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch
deleted file mode 100644
index cf8c7d9b4524..000000000000
--- a/net-nds/389-ds-base/files/389-ds-base-1.4.4.16-crypt-import.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
-From: Firstyear <william@blackhats.net.au>
-Date: Fri, 9 Jul 2021 11:53:35 +1000
-Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
- all passwords (#4819)
-
-Bug Description: Due to mishanding of short dbpwd hashes, the
-crypt_r algorithm was misused and was only comparing salts
-in some cases, rather than checking the actual content
-of the password.
-
-Fix Description: Stricter checks on dbpwd lengths to ensure
-that content passed to crypt_r has at least 2 salt bytes and
-1 hash byte, as well as stricter checks on ct_memcmp to ensure
-that compared values are the same length, rather than potentially
-allowing overruns/short comparisons.
-
-fixes: https://github.com/389ds/389-ds-base/issues/4817
-
-Author: William Brown <william@blackhats.net.au>
-
-Review by: @mreynolds389
----
- .../password/pwd_crypt_asterisk_test.py | 50 +++++++++++++++++++
- ldap/servers/plugins/pwdstorage/crypt_pwd.c | 20 +++++---
- 2 files changed, 64 insertions(+), 6 deletions(-)
- create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-
-diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-new file mode 100644
-index 000000000..d76614db1
---- /dev/null
-+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
-@@ -0,0 +1,50 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details.
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import ldap
-+import pytest
-+from lib389.topologies import topology_st
-+from lib389.idm.user import UserAccounts
-+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
-+
-+pytestmark = pytest.mark.tier1
-+
-+def test_password_crypt_asterisk_is_rejected(topology_st):
-+ """It was reported that {CRYPT}* was allowing all passwords to be
-+ valid in the bind process. This checks that we should be rejecting
-+ these as they should represent locked accounts. Similar, {CRYPT}!
-+
-+ :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
-+ :setup: Single instance
-+ :steps: 1. Set a password hash in with CRYPT and the content *
-+ 2. Test a bind
-+ 3. Set a password hash in with CRYPT and the content !
-+ 4. Test a bind
-+ :expectedresults:
-+ 1. Successfully set the values
-+ 2. The bind fails
-+ 3. Successfully set the values
-+ 4. The bind fails
-+ """
-+ topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
-+ topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
-+
-+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
-+ user = users.create_test_user()
-+
-+ user.set('userPassword', "{CRYPT}*")
-+
-+ # Attempt to bind with incorrect password.
-+ with pytest.raises(ldap.INVALID_CREDENTIALS):
-+ badconn = user.bind('badpassword')
-+
-+ user.set('userPassword', "{CRYPT}!")
-+ # Attempt to bind with incorrect password.
-+ with pytest.raises(ldap.INVALID_CREDENTIALS):
-+ badconn = user.bind('badpassword')
-+
-diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-index 9031b2199..1b37d41ed 100644
---- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
-@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
- int
- crypt_pw_cmp(const char *userpwd, const char *dbpwd)
- {
-- int rc;
-- char *cp;
-+ int rc = -1;
-+ char *cp = NULL;
-+ size_t dbpwd_len = strlen(dbpwd);
- struct crypt_data data;
- data.initialized = 0;
-
-- /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
-- cp = crypt_r(userpwd, dbpwd, &data);
-- if (cp) {
-- rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
-+ /*
-+ * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
-+ * allow any password to bind as we then only compare SALTS.
-+ */
-+ if (dbpwd_len >= 3) {
-+ /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
-+ cp = crypt_r(userpwd, dbpwd, &data);
-+ }
-+ /* If these are not the same length, we can not proceed safely with memcmp. */
-+ if (cp && dbpwd_len == strlen(cp)) {
-+ rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
- } else {
- rc = -1;
- }