diff options
Diffstat (limited to 'app-crypt/mit-krb5')
-rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 8 | ||||
-rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1320.patch | 20 | ||||
-rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.8.1.ebuild | 113 |
3 files changed, 140 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 4cabfa2e17bc..bb6a5d52e09a 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.215 2010/01/14 09:12:31 mueli Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.216 2010/04/30 22:17:14 darkside Exp $ + +*mit-krb5-1.8.1 (30 Apr 2010) + + 30 Apr 2010; Jeremy Olexa <darkside@gentoo.org> +mit-krb5-1.8.1.ebuild, + +files/CVE-2010-1320.patch: + Version bump by Eray Aslan, security bug 312481 *mit-krb5-1.7-r2 (14 Jan 2010) *mit-krb5-1.6.3-r7 (14 Jan 2010) diff --git a/app-crypt/mit-krb5/files/CVE-2010-1320.patch b/app-crypt/mit-krb5/files/CVE-2010-1320.patch new file mode 100644 index 000000000000..bb6261f48144 --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2010-1320.patch @@ -0,0 +1,20 @@ +diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c +index b2f0655..76ca94a 100644 +--- a/src/kdc/do_tgs_req.c ++++ b/src/kdc/do_tgs_req.c +@@ -543,6 +543,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + clear(enc_tkt_reply.flags, TKT_FLG_INVALID); + } + +@@ -554,6 +555,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + + old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime; + diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.1.ebuild new file mode 100644 index 000000000000..563440f7821a --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.8.1.ebuild @@ -0,0 +1,113 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.1.ebuild,v 1.1 2010/04/30 22:17:14 darkside Exp $ + +EAPI="2" + +inherit eutils flag-o-matic versionator autotools + +MY_P=${P/mit-} +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ldap doc" + +RDEPEND="!virtual/krb5 + >=sys-libs/e2fsprogs-libs-1.41.0 + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-1320.patch" + local subdir + for subdir in $(find . -name configure.in \ + | xargs grep -l 'AC_CONFIG_SUBDIRS' \ + | sed 's@/configure\.in$@@'); do + ebegin "Regenerating configure script in ${subdir}" + cd "${S}"/${subdir} + eautoconf --force -I "${S}" + eend $? + done +} + +src_configure() { + append-flags "-I/usr/include/et" + econf \ + $(use_enable ldap) \ + --without-krb4 \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-replay-cache +} + +src_compile() { + emake -j1 || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_test() { + einfo "Tests do not run in sandbox, they need mit-krb5 to be already installed to test it." +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR=/usr/share/doc/${PF}/examples \ + install || die "install failed" + + keepdir /var/lib/krb5kdc + + cd .. + dodoc README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + +# die if we cannot respect a USE flag + if use doc; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example +} + +pkg_preinst() { + + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + einfo + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + einfo + fi +} |