commit: 5c8fbea00ec59fad9583f6b815e89dcd33271faa Author: Eray Aslan <eras <AT> gentoo <DOT> org> AuthorDate: Fri May 17 07:47:28 2019 +0000 Commit: Eray Aslan <eras <AT> gentoo <DOT> org> CommitDate: Fri May 17 07:47:55 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c8fbea0
app-crypt/heimdal: security bump to 7.6.0 Bug: https://bugs.gentoo.org/686034 Closes: https://bugs.gentoo.org/649492 Closes: https://bugs.gentoo.org/647880 Closes: https://bugs.gentoo.org/641762 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras <AT> gentoo.org> app-crypt/heimdal/Manifest | 1 + .../files/heimdal_build-headers-before-use.patch | 29 ++++ app-crypt/heimdal/files/heimdal_fix-db60.patch | 11 ++ app-crypt/heimdal/files/heimdal_hcrypto.patch | 45 +++++ app-crypt/heimdal/heimdal-7.6.0.ebuild | 185 +++++++++++++++++++++ app-crypt/heimdal/metadata.xml | 3 + 6 files changed, 274 insertions(+) diff --git a/app-crypt/heimdal/Manifest b/app-crypt/heimdal/Manifest index afa3849a21a..998162ba10a 100644 --- a/app-crypt/heimdal/Manifest +++ b/app-crypt/heimdal/Manifest @@ -1 +1,2 @@ DIST heimdal-7.5.0.tar.gz 10071281 BLAKE2B 917f5855248c333e5ec35bf992973d8b5fb84581b9c3bc8d42c328e5f878ce24c5596c5a1e3fbca786a71be04984068efbb817f7336135056d1feae38895758f SHA512 6d1ad77e795df786680b5e68e2bfefee27bd0207eab507295d7af7053135de9c9ebb517d2c0235bc3a7d50945e18044515f0d76c0899b6b74aa839f1f3e5b131 +DIST heimdal-7.6.0.tar.gz 10186832 BLAKE2B 456b495a3d0a196cf02d6042c6db72c772327545fbc84f7bb758f55f3fca025432bf319fc33e9e0b5fe5ca78b83aea9dc47d77bf1f5b69ae88f1286a22c41263 SHA512 3f7ce090cf8da91f19675a1d9f6bd65c83b3a847337739481506f09d74001cb44283b103ba684dac8a5f11ec48605b5476240c534f6fc36442fb874b73680200 diff --git a/app-crypt/heimdal/files/heimdal_build-headers-before-use.patch b/app-crypt/heimdal/files/heimdal_build-headers-before-use.patch new file mode 100644 index 00000000000..9460e3dcc24 --- /dev/null +++ b/app-crypt/heimdal/files/heimdal_build-headers-before-use.patch @@ -0,0 +1,29 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906623 + +--- a/lib/hx509/Makefile.am 2019-05-16 08:59:34.326758842 +0300 ++++ b/lib/hx509/Makefile.am 2019-05-16 08:58:43.140804423 +0300 +@@ -147,8 +147,8 @@ + + $(ALL_OBJECTS): $(HX509_PROTOS) + +-$(libhx509_la_OBJECTS): $(srcdir)/hx_locl.h +-$(libhx509_la_OBJECTS): ocsp_asn1.h pkcs10_asn1.h ++$(ALL_OBJECTS): $(srcdir)/hx_locl.h ++$(ALL_OBJECTS): ocsp_asn1.h pkcs10_asn1.h $(dist_include_HEADERS) + + $(srcdir)/hx509-protos.h: $(dist_libhx509_la_SOURCES) + $(heim_verbose)cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h +--- a/lib/hcrypto/Makefile.am 2019-05-16 09:02:28.154602045 +0300 ++++ b/lib/hcrypto/Makefile.am 2019-05-16 09:02:10.600617878 +0300 +@@ -102,6 +102,11 @@ + + TESTS = $(PROGRAM_TESTS) $(SCRIPT_TESTS) + ++ALL_OBJECTS = $(libhcrypto_la_OBJECTS) ++ALL_OBJECTS += $(test_rand_OBJECTS) ++ALL_OBJECTS += $(libhctest_la_OBJECTS) ++$(ALL_OBJECTS): | install-build-headers ++ + LDADD = $(lib_LTLIBRARIES) $(LIB_roken) $(LIB_openssl_crypto) + test_rand_LDADD = $(LDADD) -lm + diff --git a/app-crypt/heimdal/files/heimdal_fix-db60.patch b/app-crypt/heimdal/files/heimdal_fix-db60.patch new file mode 100644 index 00000000000..7f012007e1e --- /dev/null +++ b/app-crypt/heimdal/files/heimdal_fix-db60.patch @@ -0,0 +1,11 @@ +--- a/lib/roken/ndbm_wrap.c 2016-12-20 17:23:06.000000000 +0300 ++++ b/lib/roken/ndbm_wrap.c 2019-05-17 10:00:00.107905769 +0300 +@@ -175,7 +175,7 @@ + return NULL; + } + +-#if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0) ++#if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR > 3 && DB_VERSION_MINOR > 0) + if(db->open(db, NULL, fn, NULL, DB_BTREE, myflags, mode) != 0) { + #else + if(db->open(db, fn, NULL, DB_BTREE, myflags, mode) != 0) { diff --git a/app-crypt/heimdal/files/heimdal_hcrypto.patch b/app-crypt/heimdal/files/heimdal_hcrypto.patch new file mode 100644 index 00000000000..ff3228d4973 --- /dev/null +++ b/app-crypt/heimdal/files/heimdal_hcrypto.patch @@ -0,0 +1,45 @@ +From 329918bd671c89de6e1c2874baba48d658a89a10 Mon Sep 17 00:00:00 2001 +From: Damir Franusic <[email protected]> +Date: Sun, 9 Dec 2018 19:53:58 +0100 +Subject: [PATCH] hcrypto: fix include path + +--- + lib/hcrypto/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/hcrypto/Makefile.am b/lib/hcrypto/Makefile.am +index 469176b6c6..195117d174 100644 +--- a/lib/hcrypto/Makefile.am ++++ b/lib/hcrypto/Makefile.am +@@ -9,7 +9,8 @@ AM_CPPFLAGS += $(INCLUDE_openssl_crypto) + endif + + AM_CPPFLAGS += -I$(top_srcdir)/lib/hx509 \ +- -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1 ++ -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1 \ ++ -I$(srcdir)/.. + + lib_LTLIBRARIES = libhcrypto.la + check_LTLIBRARIES = libhctest.la +From 572a6fd7ac41e9210ef3eb765fe7da4ec8a94bb2 Mon Sep 17 00:00:00 2001 +From: Luke Howard <[email protected]> +Date: Mon, 24 Dec 2018 02:21:32 +0000 +Subject: [PATCH] hx509: fix dependency, hxtool requires ASN.1 headers + +--- + lib/hx509/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am +index b58deb3e37..09643c43a0 100644 +--- a/lib/hx509/Makefile.am ++++ b/lib/hx509/Makefile.am +@@ -164,7 +164,7 @@ hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC) + dist_hxtool_SOURCES = hxtool.c + nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h + +-$(hxtool_OBJECTS): hxtool-commands.h hx509_err.h ++$(hxtool_OBJECTS): hxtool-commands.h $(nodist_include_HEADERS) + + hxtool_LDADD = \ + libhx509.la \ diff --git a/app-crypt/heimdal/heimdal-7.6.0.ebuild b/app-crypt/heimdal/heimdal-7.6.0.ebuild new file mode 100644 index 00000000000..8f46bd07e4e --- /dev/null +++ b/app-crypt/heimdal/heimdal-7.6.0.ebuild @@ -0,0 +1,185 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_{5,6,7}} ) +VIRTUALX_REQUIRED="manual" + +inherit autotools db-use multilib multilib-minimal python-any-r1 virtualx flag-o-matic + +MY_P="${P}" +DESCRIPTION="Kerberos 5 implementation from KTH" +HOMEPAGE="http://www.h5l.org/"; +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz"; + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd" +IUSE="afs +berkdb caps gdbm hdb-ldap ipv6 libressl +lmdb otp +pkinit selinux ssl static-libs test X" + +CDEPEND=" + ssl? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] ) + ) + berkdb? ( >=sys-libs/db-4.8.30-r1:*[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + lmdb? ( dev-db/lmdb ) + caps? ( sys-libs/libcap-ng ) + >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] + >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] + sys-libs/ncurses:0= + >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}] + afs? ( net-fs/openafs ) + hdb-ldap? ( >=net-nds/openldap-2.3.0 ) + X? ( + x11-libs/libX11 + x11-libs/libXau + x11-libs/libXt + ) + !!app-crypt/mit-krb5 + !!app-crypt/mit-krb5-appl" + +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + dev-perl/JSON + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + >=sys-devel/autoconf-2.62 + test? ( X? ( ${VIRTUALX_DEPEND} ) )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-kerberos )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/krb5-types.h + /usr/include/cms_asn1.h + /usr/include/digest_asn1.h + /usr/include/hdb_asn1.h + /usr/include/krb5_asn1.h + /usr/include/pkcs12_asn1.h + /usr/include/pkinit_asn1.h + /usr/include/rfc2459_asn1.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/krb5-config +) + +PATCHES=( + "${FILESDIR}/heimdal_disable-check-iprop.patch" + "${FILESDIR}/heimdal_tinfo.patch" + "${FILESDIR}/heimdal_hcrypto.patch" + "${FILESDIR}/heimdal_build-headers-before-use.patch" + "${FILESDIR}/heimdal_fix-db60.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # QA + append-flags -fno-strict-aliasing + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myeconfargs=( + --enable-kcm + --disable-osfc2 + --enable-shared + --with-libintl="${EPREFIX}"/usr + --with-readline="${EPREFIX}"/usr + --with-sqlite3="${EPREFIX}"/usr + --libexecdir="${EPREFIX}"/usr/sbin + --enable-pthread-support + $(use_enable afs afs-support) + $(use_enable gdbm ndbm-db) + $(use_enable lmdb mdb-db) + $(use_enable otp) + $(use_enable pkinit kx509) + $(use_enable pkinit pk-init) + $(use_enable static-libs static) + $(multilib_native_use_with caps capng) + $(multilib_native_use_with hdb-ldap openldap "${EPREFIX}"/usr) + $(use_with ipv6) + $(use_with ssl openssl "${EPREFIX}"/usr) + $(multilib_native_use_with X x) + ) + if use berkdb; then + myeconfargs+=( + --with-berkeley-db + --with-berkeley-db-include="$(db_includedir)" + ) + else + myeconfargs+=( + --without-berkeley-db + ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + emake + else + emake -C include + emake -C lib + emake -C kdc + emake -C tools + emake -C tests/plugin + fi +} + +multilib_src_test() { + multilib_is_native_abi && emake -j1 check +} + +multilib_src_install() { + if multilib_is_native_abi; then + INSTALL_CATPAGES="no" emake DESTDIR="${D}" install + else + emake -C include DESTDIR="${D}" install + emake -C lib DESTDIR="${D}" install + emake -C kdc DESTDIR="${D}" install + emake -C tools DESTDIR="${D}" install + emake -C tests/plugin DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + dodoc ChangeLog* README NEWS TODO + + # client rename + mv "${ED%/}"/usr/share/man/man1/{,k}su.1 + mv "${ED%/}"/usr/bin/{,k}su + + newinitd "${FILESDIR}"/heimdal-kdc.initd-r2 heimdal-kdc + newinitd "${FILESDIR}"/heimdal-kadmind.initd-r2 heimdal-kadmind + newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r2 heimdal-kpasswdd + newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm + + newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc + newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind + newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd + newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm + + insinto /etc + newins "${S}"/krb5.conf krb5.conf.example + + if use hdb-ldap; then + insinto /etc/openldap/schema + doins "${S}/lib/hdb/hdb.schema" + fi + + if ! use static-libs ; then + find "${ED}" -name "*.la" -delete || die + fi + + # default database dir + keepdir /var/heimdal +} diff --git a/app-crypt/heimdal/metadata.xml b/app-crypt/heimdal/metadata.xml index 0862feb8ed9..c31b6673e50 100644 --- a/app-crypt/heimdal/metadata.xml +++ b/app-crypt/heimdal/metadata.xml @@ -15,6 +15,9 @@ </flag> <flag name="hdb-ldap"> Adds support for LDAP as a database backend + </flag> + <flag name="lmdb"> + Add support for using dev-db/lmdb for lookup tables </flag> </use> <upstream>
