diff options
-rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 10 | ||||
-rw-r--r-- | app-crypt/mit-krb5/Manifest | 4 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1321.patch | 18 | ||||
-rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild | 114 |
4 files changed, 144 insertions, 2 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 3b9837daa9d6..04d374025ecb 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.217 2010/05/01 14:43:06 darkside Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.218 2010/05/23 04:10:42 darkside Exp $ + +*mit-krb5-1.8.1-r1 (23 May 2010) + + 23 May 2010; Jeremy Olexa <darkside@gentoo.org> +mit-krb5-1.8.1-r1.ebuild, + +files/CVE-2010-1321.patch: + Patch for CVE-2010-1321 - bug #320445. Disable rpath - bug #187201. + Installs kerberos.schema - bug #318017. Ebuild clean up. Enable parallel + make. Thanks to Eray Aslan 01 May 2010; Jeremy Olexa <darkside@gentoo.org> mit-krb5-1.8.1.ebuild: Fix configure call, patch by Eray Aslan diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 91e886273341..aacf27378a5e 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -4,6 +4,7 @@ AUX 1.7-CVE-2009-4212.patch 13085 RMD160 98b9d7adab15a198cf6380458e9960e41385f2f AUX CVE-2009-0844+CVE-2009-0847.patch 2075 RMD160 eba543da0eafa13158a71947bf22783292d23951 SHA1 087e0dfcdff3dd08b9085fda47099c438871488d SHA256 abdff5ffb07b57d6156722ea6ee12a73ae3337ff05687e384a59989074ab4316 AUX CVE-2009-0846.patch 1682 RMD160 80292c97735b2e45eb450d2c8f6c30e6b0dbf199 SHA1 4bde9e943f4604bfde41cb91f923c123716add71 SHA256 71914affe6f8623b44f3b8ac9c98a83783e41200f8965ea5d68e7fb8a4bc3088 AUX CVE-2010-1320.patch 701 RMD160 f5ebcbf5a5cb872644aa3d7f28bea0de2e4cc281 SHA1 775ae45e20b67d1de7f2a21c52afbfbaacdae5a1 SHA256 251757cc449ba11f0147febc1b69e8aee37ec6c200a25c08e9a9eac02cdb3c60 +AUX CVE-2010-1321.patch 670 RMD160 941777d0914ae3363eae2be9d62a09e00e074c7e SHA1 fc85fead1fcbd3a8c0f867084a934c97abfc3f31 SHA256 02d778775bf3f7576f5cf7a9a1a3d14ccf1654b71c77a6a4e00a7bd5b775b221 AUX MITKRB5-SA-2008-002.patch 1505 RMD160 35bb24ae802b532836810588e13c775ef8522cc1 SHA1 70fb0d83da33eb3e00355a11894c37f7c9d2b9aa SHA256 8e84a55080461f117f61501550c364f9ac25d9079601281a0d413bff664fc386 AUX mit-krb5-lazyldflags.patch 509 RMD160 47515882e93e0db7db6980a4460a01f2cbc3f382 SHA1 db880ff82bd72afd2815a8e8d345c815c2769715 SHA256 272b3a18303b43c64bbcc1da9bcb7cd60d56337700d84c78741c7096c18044d5 AUX mit-krb5kadmind.initd 687 RMD160 7602d12d570e80edf24953befbe4ec03d247e4ba SHA1 753a5875659d3bef63c1a50bb0228f1c3c06bdf9 SHA256 427953b3a2dbe0a8f85bee1294a348c97dbbdac4741f06c2a3768170ba29161a @@ -16,6 +17,7 @@ DIST mit-krb5-1.7-patches-0.6.tar.bz2 707 RMD160 8849cc7c663cd1cfed35af9647197af EBUILD mit-krb5-1.6.3-r6.ebuild 2816 RMD160 d9207dc3a1d6aa54eaad45c04092704631743b43 SHA1 436537036eabe1f3eeff5ab28d7b37c63e12353f SHA256 00b60f4ef14978fc41a60cee257f7b2e2265ffc5a7c754fe075ff0c1dcbb35d0 EBUILD mit-krb5-1.6.3-r7.ebuild 2874 RMD160 e9ad37cd27b80b94296226c279431a58dd8d799e SHA1 2706e5949d6d5a32734aa63988c74b2f9b324239 SHA256 c4ca4f284cf02a6e11bde53f39a550af444c75de7ea3f9a131ad40aa41c29f78 EBUILD mit-krb5-1.7-r2.ebuild 2644 RMD160 44ca6704cff27f8a18d2769af001972bbe87cc45 SHA1 40b2d880d86a70e5b4b6dccb84eee95856284f21 SHA256 e61f5835d96fafb5fe99fa5e42eb5e069f4f5b6927ac069744e89855e56925d5 +EBUILD mit-krb5-1.8.1-r1.ebuild 2614 RMD160 34a7bfc6221dfe7c0367c05d3cf71cd1b4db9f50 SHA1 75a6a012670cf615a7247919d4788d7a148146b5 SHA256 6d49e47bb92a9a60e12f1aea000f1848435769073a3a9b26425231632a1f2a20 EBUILD mit-krb5-1.8.1.ebuild 2669 RMD160 b1284638024694d311f5d322404b1fdd8c12e940 SHA1 9eb5f51492703bb86dcb769d4621162ec65706f6 SHA256 56d0ba61272e9cf5b58895909eecee909d56be5d14d2655a02ed0392c2bc6f65 -MISC ChangeLog 35267 RMD160 bfe6737a31e0983197b0cce241c640f1f85ffb17 SHA1 6e9087f8ffab32a4abbcc776a7fc3b9e65f3f46a SHA256 232bde9bc7e2883cfd1bba9574ff54da5272ef21cdb1539887920bb0e27342f1 +MISC ChangeLog 35583 RMD160 73518e59e87194610a325b68508f53a54aba122a SHA1 e00c6fdda77b689c4b3628ae6944db9deb385ae3 SHA256 d34a95b5c7296bf3e97e0908acb206ff916c29391b85ec80918830889618156a MISC metadata.xml 639 RMD160 5e0f0a281fd7c2db9cef027d510f4f65fe769e2e SHA1 5ff055ed4d8a80384cba07293c41dd10983d2792 SHA256 fe666e55cb89f0dda7aa81fefe167f1cf2934053c83f1ee147781c34b7f28595 diff --git a/app-crypt/mit-krb5/files/CVE-2010-1321.patch b/app-crypt/mit-krb5/files/CVE-2010-1321.patch new file mode 100644 index 000000000000..7f9f7a4c94af --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2010-1321.patch @@ -0,0 +1,18 @@ +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index ce3075f..6241055 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle, + } + #endif + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { + /* Samba does not send 0x8003 GSS-API checksums */ + krb5_boolean valid; diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild new file mode 100644 index 000000000000..07a1559bf601 --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild,v 1.1 2010/05/23 04:10:42 darkside Exp $ + +EAPI="2" + +inherit eutils flag-o-matic versionator autotools + +MY_P=${P/mit-} +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ldap doc" + +RDEPEND="!virtual/krb5 + >=sys-libs/e2fsprogs-libs-1.41.0 + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-1320.patch" + epatch "${FILESDIR}/CVE-2010-1321.patch" + +} + +src_configure() { + + append-flags "-I/usr/include/et" + econf \ + $(use_with ldap) \ + --without-krb4 \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-replay-cache \ + --disable-rpath +} + +src_compile() { + emake || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_test() { + einfo "Tests do not run in sandbox, they need mit-krb5 to be already installed to test it." +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR=/usr/share/doc/${PF}/examples \ + install || die "install failed" + + keepdir /var/lib/krb5kdc + + cd .. + dodoc README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + +# die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use ldap ; then + insinto /etc/openldap/schema + newins "${S}/plugins/kdb/ldap/libkdb/ldap/kerberos_schema" \ + kerberos.schema + fi +} + +pkg_preinst() { + + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + einfo + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + einfo + fi +} |