diff options
| author |   Jeremy Olexa <darkside@gentoo.org> | 2010-05-23 04:10:43 +0000 |
|---|---|---|
| committer | Jeremy Olexa <darkside@gentoo.org> | 2010-05-23 04:10:43 +0000 |
| commit | 795a397929685799211c5ff63c7fa1cff87e5603 (patch) | |
| tree | e5fb10ae1d40e06d152f3985ebf78da34c247fed | |
| parent | Version bump for bug fixes, bug 321077 by Eray Aslan (diff) | |
| download | gentoo-2-795a397929685799211c5ff63c7fa1cff87e5603.tar.gz gentoo-2-795a397929685799211c5ff63c7fa1cff87e5603.tar.bz2 gentoo-2-795a397929685799211c5ff63c7fa1cff87e5603.zip | |
Patch for CVE-2010-1321 - bug #320445. Disable rpath - bug #187201. Installs kerberos.schema - bug #318017. Ebuild clean up. Enable parallel make. Thanks to Eray Aslan
(Portage version: 2.1.8.3/cvs/Linux x86_64)
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 10 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1321.patch | 18 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild | 114 |
3 files changed, 141 insertions, 1 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 3b9837daa9d6..04d374025ecb 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.217 2010/05/01 14:43:06 darkside Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.218 2010/05/23 04:10:42 darkside Exp $ + +*mit-krb5-1.8.1-r1 (23 May 2010) + + 23 May 2010; Jeremy Olexa <darkside@gentoo.org> +mit-krb5-1.8.1-r1.ebuild, + +files/CVE-2010-1321.patch: + Patch for CVE-2010-1321 - bug #320445. Disable rpath - bug #187201. + Installs kerberos.schema - bug #318017. Ebuild clean up. Enable parallel + make. Thanks to Eray Aslan 01 May 2010; Jeremy Olexa <darkside@gentoo.org> mit-krb5-1.8.1.ebuild: Fix configure call, patch by Eray Aslan diff --git a/app-crypt/mit-krb5/files/CVE-2010-1321.patch b/app-crypt/mit-krb5/files/CVE-2010-1321.patch new file mode 100644 index 000000000000..7f9f7a4c94af --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2010-1321.patch @@ -0,0 +1,18 @@ +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index ce3075f..6241055 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle, + } + #endif + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { + /* Samba does not send 0x8003 GSS-API checksums */ + krb5_boolean valid; diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild new file mode 100644 index 000000000000..07a1559bf601 --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.1-r1.ebuild,v 1.1 2010/05/23 04:10:42 darkside Exp $ + +EAPI="2" + +inherit eutils flag-o-matic versionator autotools + +MY_P=${P/mit-} +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ldap doc" + +RDEPEND="!virtual/krb5 + >=sys-libs/e2fsprogs-libs-1.41.0 + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-1320.patch" + epatch "${FILESDIR}/CVE-2010-1321.patch" + +} + +src_configure() { + + append-flags "-I/usr/include/et" + econf \ + $(use_with ldap) \ + --without-krb4 \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-replay-cache \ + --disable-rpath +} + +src_compile() { + emake || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_test() { + einfo "Tests do not run in sandbox, they need mit-krb5 to be already installed to test it." +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR=/usr/share/doc/${PF}/examples \ + install || die "install failed" + + keepdir /var/lib/krb5kdc + + cd .. + dodoc README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + +# die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use ldap ; then + insinto /etc/openldap/schema + newins "${S}/plugins/kdb/ldap/libkdb/ldap/kerberos_schema" \ + kerberos.schema + fi +} + +pkg_preinst() { + + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + einfo + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + einfo + fi +} |