[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/

2021-12-29 Thread Sam James 
commit: b4c542201cff236f67aac6eaa0ca86863d34df80
Author: Sam James  gentoo  org>
AuthorDate: Wed Dec 29 08:38:06 2021 +
Commit: Sam James  gentoo  org>
CommitDate: Wed Dec 29 08:38:06 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4c54220

www-apache/mod_auth_kerb: add Debian patch for krb5 ABI break

Was using an internal API.

Closes: https://bugs.gentoo.org/830208
Signed-off-by: Sam James  gentoo.org>

 .../files/mod_auth_kerb-5.4-api-change-krb5.patch  | 51 ++
 .../mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild  | 63 ++
 2 files changed, 114 insertions(+)

diff --git 
a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch 
b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch
new file mode 100644
index ..d0421a0eb6ea
--- /dev/null
+++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch
@@ -0,0 +1,51 @@
+https://sources.debian.org/data/main/liba/libapache-mod-auth-kerb/5.4-2.5/debian/patches/0011-Always-use-NONE-replay-cache-type.patch
+https://bugs.gentoo.org/830208
+--- a/src/mod_auth_kerb.c
 b/src/mod_auth_kerb.c
+@@ -2061,28 +2061,6 @@
+return ret;
+ }
+ 
+-static int
+-have_rcache_type(const char *type)
+-{
+-   krb5_error_code ret;
+-   krb5_context context;
+-   krb5_rcache id = NULL;
+-   int found;
+-
+-   ret = krb5_init_context();
+-   if (ret)
+-  return 0;
+-
+-   ret = krb5_rc_resolve_full(context, , "none:");
+-   found = (ret == 0);
+-
+-   if (ret == 0)
+-  krb5_rc_destroy(context, id);
+-   krb5_free_context(context);
+-
+-   return found;
+-}
+-
+ /*** 
+  Module Setup/Configuration
+  ***/
+@@ -2143,7 +2121,7 @@
+ #ifndef HEIMDAL
+/* Suppress the MIT replay cache.  Requires MIT Kerberos 1.4.0 or later.
+   1.3.x are covered by the hack overiding the replay calls */
+-   if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none"))
++   if (getenv("KRB5RCACHETYPE") == NULL)
+   putenv(strdup("KRB5RCACHETYPE=none"));
+ #endif
+ }
+@@ -2185,7 +2163,7 @@
+ #ifndef HEIMDAL
+/* Suppress the MIT replay cache.  Requires MIT Kerberos 1.4.0 or later.
+   1.3.x are covered by the hack overiding the replay calls */
+-   if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none"))
++   if (getenv("KRB5RCACHETYPE") == NULL)
+   putenv(strdup("KRB5RCACHETYPE=none"));
+ #endif
+ #ifdef STANDARD20_MODULE_STUFF

diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild 
b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild
new file mode 100644
index ..c8e1b13352e1
--- /dev/null
+++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit apache-module depend.apache tmpfiles
+
+DESCRIPTION="An Apache authentication module using Kerberos"
+HOMEPAGE="http://modauthkerb.sourceforge.net/;
+SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz
+   https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2;
+
+LICENSE="BSD openafs-krb5-a HPND"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND="virtual/krb5"
+RDEPEND="${DEPEND}"
+
+APACHE2_MOD_CONF="11_${PN}"
+APACHE2_MOD_DEFINE="AUTH_KERB"
+
+DOCFILES="INSTALL README"
+
+need_apache2
+
+PATCHES=(
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch
+   "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch
+
+   # bug #830208
+   "${FILESDIR}"/${P}-api-change-krb5.patch
+)
+
+# Work around Bug #616612
+pkg_setup() {
+   _init_apache2
+   _init_apache2_late
+}
+
+src_configure() {
+   CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4
+}
+
+src_compile() {
+   emake
+}
+
+src_install() {
+   apache-module_src_install
+   dotmpfiles "${FILESDIR}/${PN}.conf"
+}
+
+pkg_postinst() {
+   tmpfiles_process ${PN}.conf
+}

[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/

2017-10-15 Thread Michał Górny 
commit: bbc26ed7549d91670a993e6208d98eebdc6c2ade
Author: Michał Górny  gentoo  org>
AuthorDate: Sun Oct 15 11:40:11 2017 +
Commit: Michał Górny  gentoo  org>
CommitDate: Sun Oct 15 12:35:55 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbc26ed7

www-apache/mod_auth_kerb: Move patches to a dist tarball

Closes: https://bugs.gentoo.org/620644

 www-apache/mod_auth_kerb/Manifest  |   1 +
 .../files/mod_auth_kerb-5.4-cachedir.patch |  15 -
 .../files/mod_auth_kerb-5.4-delegation.patch   |  68 ---
 .../files/mod_auth_kerb-5.4-fixes.patch|  40 --
 .../files/mod_auth_kerb-5.4-handle-continue.patch  |  20 -
 .../files/mod_auth_kerb-5.4-heimdal.patch  |  10 -
 .../files/mod_auth_kerb-5.4-httpd24.patch  |  75 ---
 .../files/mod_auth_kerb-5.4-longuser.patch |  31 --
 .../files/mod_auth_kerb-5.4-rcopshack.patch|  73 ---
 .../files/mod_auth_kerb-5.4-s4u2proxy.patch| 601 -
 .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild  |  21 +-
 11 files changed, 12 insertions(+), 943 deletions(-)

diff --git a/www-apache/mod_auth_kerb/Manifest 
b/www-apache/mod_auth_kerb/Manifest
index 2d942c7502e..772f8adc7b7 100644
--- a/www-apache/mod_auth_kerb/Manifest
+++ b/www-apache/mod_auth_kerb/Manifest
@@ -1 +1,2 @@
+DIST mod_auth_kerb-5.4-gentoo-patchset.tar.bz2 8717 SHA256 
bc0445e337c88906bd254c26726ad3a1e45e613cf2058b402c944209550d9160 SHA512 
3909c2677b30790cc17c0d8843feaa00d9acd14a012672443a887c0e88473d6b1572ba045e1491bcab53cbacff193c11cfe15e63ef1046cfcdf1f4ab60e0ac57
 WHIRLPOOL 
27bcb65e03d5148861a806f0bbb29550e8ab06145281fdf09064328be12a6c2242d46d3e69042be2b2ee6f17198acbdc3ec6c3709ea4341c08e4cc12fe1f4492
 DIST mod_auth_kerb-5.4.tar.gz 93033 SHA256 
690ddd66c6d941e2fa2dada46588329a6f57d0a3b9b2fd9bf055ebc427558265 SHA512 
93fdf0e43af1c24e8c8204d09240b708747068ef99dd8d21b45cb4d132d31e6d582d49ea5e23b905f55cb0d4a20b1ecb58de1bcbfdad1d016e536fc622b63214
 WHIRLPOOL 
1b92217b7cf66d731a72cf9d58f188002ccadd75fc3d9075290347e6b4f151d3cff147fab73616951cbdb9430e8038adf5c4e204d374886bec3be69ff51c

diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch 
b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch
deleted file mode 100644
index ebc435824c4..000
--- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-
-Per https://bugzilla.redhat.com//show_bug.cgi?id=796430
-switch the cache dir to be relative to runtimedir.
-
 mod_auth_kerb-5.4/src/mod_auth_kerb.c.cachedir
-+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c
-@@ -891,7 +891,7 @@ create_krb5_ccache(krb5_context kcontext
-int ret;
-krb5_ccache tmp_ccache = NULL;
- 
--   ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XX", 
P_tmpdir);
-+   ccname = apr_pstrdup(r->connection->pool, 
"FILE:/run/httpd/krbcache/krb5cc_apache_XX");
-fd = mkstemp(ccname + strlen("FILE:"));
-if (fd < 0) {
-   log_rerror(APLOG_MARK, APLOG_ERR, 0, r,

diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch 
b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch
deleted file mode 100644
index a01e9f21e43..000
--- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-
-https://bugzilla.redhat.com/show_bug.cgi?id=688210
-
 mod_auth_kerb-5.4/src/mod_auth_kerb.c.delegation
-+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c
-@@ -209,6 +209,7 @@ typedef struct krb5_conn_data {
-   char *authline;
-   char *user;
-   char *mech;
-+  char *ccname;
-   int  last_return;
- } krb5_conn_data;
- 
-@@ -875,7 +876,7 @@ create_krb5_ccache(krb5_context kcontext
-int ret;
-krb5_ccache tmp_ccache = NULL;
- 
--   ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir);
-+   ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XX", 
P_tmpdir);
-fd = mkstemp(ccname + strlen("FILE:"));
-if (fd < 0) {
-   log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-@@ -905,7 +906,7 @@ create_krb5_ccache(krb5_context kcontext
-}
- 
-apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname);
--   apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup,
-+   apr_pool_cleanup_register(r->connection->pool, ccname, krb5_cache_cleanup,
-apr_pool_cleanup_null);
- 
-*ccache = tmp_ccache;
-@@ -1866,10 +1868,15 @@ already_succeeded(request_rec *r, char *
-if (apr_pool_userdata_get((void**)_data, keyname, 
r->connection->pool) != 0)
-   return NULL;
- 
--   if(conn_data) {
--  if(strcmp(conn_data->authline, auth_line) == 0) {
--  log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous 
auth request");
--  return conn_data;
-+   if(conn_data && conn_data->ccname != NULL) {
-+   apr_finfo_t finfo;
-+
-+   if (apr_stat(, conn_data->ccname +

[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/

2017-06-04 Thread Pacho Ramos 
commit: 021b4128fab449a793151ee229d692b10ec248bf
Author: Pacho Ramos  gentoo  org>
AuthorDate: Sun Jun  4 18:30:07 2017 +
Commit: Pacho Ramos  gentoo  org>
CommitDate: Sun Jun  4 18:31:59 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=021b4128

www-apache/mod_auth_kerb: Fix building with heimdal (#327445)

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch | 10 ++
 www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild   |  3 ++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch 
b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch
new file mode 100644
index 000..a5d3d4ba62c
--- /dev/null
+++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch
@@ -0,0 +1,10 @@
+--- mod_auth_kerb-5.4/src/mod_auth_kerb.c  2010-10-04 16:21:22.169285716 
+0200
 mod_auth_kerb-5.4.new/src/mod_auth_kerb.c  2010-10-04 16:20:41.584250095 
+0200
+@@ -89,6 +89,7 @@
+ #include 
+ #ifdef HEIMDAL
+ #  include 
++#  include 
+ #else
+ #  include 
+ #  include 

diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild 
b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild
index 1b067a4769a..1d1b560367c 100644
--- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild
+++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=5
@@ -32,6 +32,7 @@ PATCHES=(
"${FILESDIR}"/${P}-cachedir.patch
"${FILESDIR}"/${P}-longuser.patch
"${FILESDIR}"/${P}-handle-continue.patch
+   "${FILESDIR}"/${P}-heimdal.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/

2016-08-18 Thread Pacho Ramos 
commit: d429134c9c62729169a429f95704bb3882a96ffc
Author: Pacho Ramos  gentoo  org>
AuthorDate: Thu Aug 18 16:55:53 2016 +
Commit: Pacho Ramos  gentoo  org>
CommitDate: Thu Aug 18 16:56:42 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d429134c

www-apache/mod_auth_kerb: Properly provide and apply Fedora patches (#327445)

Package-Manager: portage-2.3.0

 .../files/mod_auth_kerb-5.4-s4u2proxy-r3.patch | 603 -
 .../files/mod_auth_kerb-5.4-s4u2proxy.patch|  46 +-
 .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild  |  22 +-
 3 files changed, 41 insertions(+), 630 deletions(-)

diff --git 
a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch 
b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch
deleted file mode 100644
index efc183a..000
--- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch
+++ /dev/null
@@ -1,603 +0,0 @@
-
-Add S4U2Proxy feature:
-
-https://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com_name=modauthkerb-help
-
-The attached patches add support for using s4u2proxy 
-(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the 
-web service to obtain credentials on behalf of the authenticated user.
-
-The first patch adds basic support for s4u2proxy. This requires the web 
-administrator to manually create and manage the credentails cache for 
-the apache user (via a cron job, for example).
-
-The second patch builds on this and makes mod_auth_kerb manage the 
-ccache instead.
-
-These are patches against the current CVS HEAD (mod_auth_krb 5.4).
-
-I've added a new module option to enable this support, 
-KrbConstrainedDelegation. The default is off.
-
 mod_auth_kerb-5.4.orig/README  2008-11-26 11:51:05.0 -0500
-+++ mod_auth_kerb-5.4/README   2012-01-04 11:17:22.0 -0500
-@@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be 
- credential cache that will be available for the request handler. The ticket
- file will be removed after request is handled.
- 
-+Constrained Delegation
-+--
-+S4U2Proxy, or constrained delegation, enables a service to use a client's
-+ticket to itself to request another ticket for delegation. The KDC
-+checks krbAllowedToDelegateTo to decide if it will issue a new ticket.
-+If KrbConstrainedDelegation is enabled the server will use its own credentials
-+to retrieve a delegated ticket for the user. For this to work the user must
-+have a forwardable ticket (though the delegation flag need not be set).
-+The server needs a valid credentials cache for this to work.
-+
-+The module itself will obtain and manage the necessary credentials.
-+
- $Id: README,v 1.12 2008/09/17 14:01:55 baalberith Exp $
-diff -up --recursive mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c 
mod_auth_kerb-5.4/src/mod_auth_kerb.c
 mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c 2011-12-09 17:55:05.0 
-0500
-+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c  2012-03-01 14:19:40.0 
-0500
-@@ -42,6 +42,31 @@
-  * POSSIBILITY OF SUCH DAMAGE.
-  */
- 
-+/*
-+ * Locking mechanism inspired by mod_rewrite.
-+ *
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements.  See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License.  You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+/*
-+ * S4U2Proxy code
-+ *
-+ * Copyright (C) 2012  Red Hat
-+ */
-+
- #ident "$Id: mod_auth_kerb.c,v 1.150 2008/12/04 10:14:03 baalberith Exp $"
- 
- #include "config.h"
-@@ -49,6 +74,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- #define MODAUTHKERB_VERSION "5.4"
- 
-@@ -122,6 +148,12 @@
- module auth_kerb_module;
- #endif
- 
-+#ifdef STANDARD20_MODULE_STUFF
-+/* s4u2proxy only supported in 2.0+ */
-+static const char *lockname;
-+static apr_global_mutex_t *s4u2proxy_lock = NULL;
-+#endif
-+
- /*** 
-  Macros To Ease Compatibility
-  ***/
-@@ -156,6 +188,7 @@
-   int krb_method_gssapi;
-   int krb_method_k5pass;
-   int krb5_do_auth_to_local;
-+   int krb5_s4u2proxy;
- #endif
- #ifdef KRB4
-   char *krb_4_srvtab;
-@@ -176,6 +209,11 @@
- 
- static const char*
-