diff options
| author |   Eray Aslan <eras@gentoo.org> | 2011-02-08 22:45:14 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2011-02-08 22:45:14 +0000 |
| commit | 8a6f73c6c2fe8a90afbe71243f005ca03b717aa9 (patch) | |
| tree | 1e14f86311a16ad601cd0914cfc9524566ea73cd /app-crypt/mit-krb5 | |
| parent | Fix type for new glib/gtk+ mask. (diff) | |
| download | historical-8a6f73c6c2fe8a90afbe71243f005ca03b717aa9.tar.gz historical-8a6f73c6c2fe8a90afbe71243f005ca03b717aa9.tar.bz2 historical-8a6f73c6c2fe8a90afbe71243f005ca03b717aa9.zip | |
Security bump - bug 352859.
Package-Manager: portage-2.1.9.38/cvs/Linux x86_64
Diffstat (limited to 'app-crypt/mit-krb5')
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 13 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/Manifest | 7 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-4022.patch | 19 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch | 126 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch | 112 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.8.3-r3.ebuild | 119 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.9-r1.ebuild | 120 |
7 files changed, 513 insertions, 3 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 37f88be1798a..4a1ebf63f343 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-crypt/mit-krb5 -# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.252 2010/12/30 08:07:09 eras Exp $ +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.253 2011/02/08 22:45:14 eras Exp $ + +*mit-krb5-1.9-r1 (08 Feb 2011) +*mit-krb5-1.8.3-r3 (08 Feb 2011) + + 08 Feb 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.3-r3.ebuild, + +files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch, + +mit-krb5-1.9-r1.ebuild, +files/CVE-2010-4022.patch, + +files/CVE-2011-0281.0282.0283.patch: + Security bump - bug #352859 *mit-krb5-1.9 (30 Dec 2010) diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 061d1b3cb08b..3a2e43bc8798 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -1,12 +1,17 @@ AUX CVE-2010-1322.patch 1066 RMD160 fc262a23e9aa118262a4258f74832445062444e4 SHA1 600f0890de65f96112f267b56317a4fd0166cba0 SHA256 7d9fbfffdaa0cde0ca499ccbb2cf09a6c7253e537755bbf6da9e08715fd9a474 AUX CVE-2010-1323.1324.4020.patch 7908 RMD160 848b776218473200e5a54beb4f3adfc3db915cf4 SHA1 a6fbc3b6ab15ca98c1aa1521fd42dad1f5003ee8 SHA256 ec08fca9738b5fae619154379ae0158531cb630b6f25551c14d87313c2d2a5f0 +AUX CVE-2010-4022.patch 632 RMD160 62a7b2b0d4acbca919fd9df52e707bf0b9fff076 SHA1 79ece8b1c140deb2c01bfb64af575636b9bc7704 SHA256 25f50e9406a36525b5f727041c9d584ef3f188fa5d3a39b4e63d1a853219a9e2 +AUX CVE-2011-0281.0282.0283.patch 6663 RMD160 15913f4fccc2424f4264ce222563685b29b53fb2 SHA1 fb2486168ce128cb1a2866bd0df8cd7c4bcd7824 SHA256 1b3ccea9022527c36e153c5d89ecfd9609a111e235b1d0430e1fcc6933e76e48 AUX kpropd.xinetd 194 RMD160 5772b04bf7f6b8a5588331a4d9dca03738756f15 SHA1 a9c84a4197ba133144e754d68847cece6203ed4a SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736 +AUX mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch 6130 RMD160 23cb2560f0d87e6128cdbb12f1e7d8aae85f85f5 SHA1 574a3c82ad7d3c9a1c9c62c6ff95c2d6f0e0fc96 SHA256 7831c9a9553404b41774f40f3fc0df6769342c1923c5b1177062710fd5f0f2bb AUX mit-krb5_testsuite.patch 3069 RMD160 59af8c128fbaeadc472111c4bef4dfe3ac7567f0 SHA1 e0896cac3d99a3e4f9d06afdab58a6d5cda82e7a SHA256 3c8cfdb012a5388b1a92658437dce619593b91f0b0c582ef66194347274b26f9 AUX mit-krb5kadmind.initd 687 RMD160 7602d12d570e80edf24953befbe4ec03d247e4ba SHA1 753a5875659d3bef63c1a50bb0228f1c3c06bdf9 SHA256 427953b3a2dbe0a8f85bee1294a348c97dbbdac4741f06c2a3768170ba29161a AUX mit-krb5kdc.initd 656 RMD160 8c4c508273f9d715ac0e0a8d9c54e36f63526b9b SHA1 62017fc3a2f5adbd6e0c1421041593a268a6252d SHA256 d813dbf3ee89f0da6b73455fd8759898223529c4cf7c1c2ec64a3128363194e2 DIST krb5-1.8.3-signed.tar 11642880 RMD160 bdf3a505e4b2447af0c9080b441918d665dcdd9c SHA1 69696f63b6c2b0e3238156b19eed68cecd661c6b SHA256 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0aa22f6500f53381567019 DIST krb5-1.9-signed.tar 11888640 RMD160 bb067cb2fde9cb2a7ea04140683b9bc4a616bd38 SHA1 a7ad1b4ed37bff4b9087f6c4561b2b222208d779 SHA256 c30e012226f04943411dbb28d303d1a488955af74eb7d1ab50d6f4f21a6e1d06 EBUILD mit-krb5-1.8.3-r2.ebuild 2827 RMD160 5cf10ae6078d81a9a31850f759b51ea67bf9781c SHA1 c6093bdb58fc1809838836ea69e77493954a72d0 SHA256 30b8a5ac67b5e1ebb151519bf4470da7509da720968af4510921bec1451e622c +EBUILD mit-krb5-1.8.3-r3.ebuild 2914 RMD160 06fdcb9f98325494745a49aa15a53b0237f3f642 SHA1 17d6dfea6031763959fbbee5588b80231f97cd0c SHA256 7657a59b3829a0a73028926aba1ae664655a7fda91f28a20c061726889f3dbcf +EBUILD mit-krb5-1.9-r1.ebuild 2903 RMD160 f228ee314b141b83e268a19399c62e19515c6df1 SHA1 aecdded4051e75e17c751e19b9dc233412e74809 SHA256 41591f3a4e3b807cb06c3082848635a2e204cee0cf31229cd8e5207014d9d9b9 EBUILD mit-krb5-1.9.ebuild 2809 RMD160 e06348ad5396cf27ef2c53b3a93df92117b408be SHA1 f840523ffb270f39cbcf323bf49e5d6fb25d47c2 SHA256 9bc5527d7f03e4ab554d3f45163faab1fa56fa9508851993451b3dba00478c0a -MISC ChangeLog 40511 RMD160 a064f5b6e1d377b76f3ca719d5873bcb67f62540 SHA1 17b7c7a98cac4cf5940a00315e2f2e0f544bf6f1 SHA256 85fea4dcef7c4f795c8317555e9386ad4d096eb4f19c918caa3f9f356dd6a78c +MISC ChangeLog 40828 RMD160 959b2dc72b1813a5c72bf212865a3956fcc360e6 SHA1 3705368a803127df462e1cecc3c79d21b54b09de SHA256 03af91f35bb1fc4d57fbf46032cef45eceac707426481b0723c2655baaaa9d31 MISC metadata.xml 513 RMD160 1fdd6ccb4acec66644c9e542df12aa75a586a6fe SHA1 83d50a7790fa92668019c39b9153b6ee96e1d90f SHA256 77b1100b25aed0652738c7d5885fe98feb47c783a242221938afd44a235720c9 diff --git a/app-crypt/mit-krb5/files/CVE-2010-4022.patch b/app-crypt/mit-krb5/files/CVE-2010-4022.patch new file mode 100644 index 000000000000..30ebf9638f4e --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2010-4022.patch @@ -0,0 +1,19 @@ +diff -up krb5/src/slave/kpropd.c krb5/src/slave/kpropd.c +--- krb5/src/slave/kpropd.c 2010-12-17 11:14:26.000000000 -0500 ++++ krb5/src/slave/kpropd.c 2010-12-17 11:41:19.000000000 -0500 +@@ -404,11 +404,11 @@ retry: + } + + close(s); +- if (iproprole == IPROP_SLAVE) ++ if (iproprole == IPROP_SLAVE) { + close(finet); +- +- if ((ret = WEXITSTATUS(status)) != 0) +- return (ret); ++ if ((ret = WEXITSTATUS(status)) != 0) ++ return (ret); ++ } + } + if (iproprole == IPROP_SLAVE) + break; diff --git a/app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch b/app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch new file mode 100644 index 000000000000..e4623e910fa1 --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2011-0281.0282.0283.patch @@ -0,0 +1,126 @@ +diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c +index 63ff3b3..b4a90bb 100644 +--- a/src/kdc/dispatch.c ++++ b/src/kdc/dispatch.c +@@ -115,7 +115,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from, + kdc_insert_lookaside(pkt, *response); + #endif + +- if (is_tcp == 0 && (*response)->length > max_dgram_reply_size) { ++ if (is_tcp == 0 && *response != NULL && ++ (*response)->length > max_dgram_reply_size) { + too_big_for_udp: + krb5_free_data(kdc_context, *response); + retval = make_too_big_error(response); +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +index d677bb2..a356907 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h ++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er + #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) + + #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \ +- do { \ +- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ +- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ +- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ +- if (ldap_server_handle) \ +- ld = ldap_server_handle->ldap_handle; \ +- } \ +- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ ++ tempst = 0; \ ++ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \ ++ NULL, &timelimit, LDAP_NO_LIMIT, &result); \ ++ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ ++ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ ++ if (ldap_server_handle) \ ++ ld = ldap_server_handle->ldap_handle; \ ++ if (tempst == 0) \ ++ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \ ++ NULL, NULL, &timelimit, \ ++ LDAP_NO_LIMIT, &result); \ ++ } \ + \ + if (status_check != IGNORE_STATUS) { \ + if (tempst != 0) { \ +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +index 82b0333..84e80ee 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context, + { + krb5_ldap_server_handle *handle = *ldap_server_handle; + ++ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); + if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) + || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) + return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +index 86fa4d1..0f49c86 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +@@ -487,12 +487,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context, + * portion, then the first portion of the principal name SHOULD be + * "krbtgt". All this check is done in the immediate block. + */ +- if (searchfor->length == 2) +- if ((strncasecmp(searchfor->data[0].data, "krbtgt", +- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && +- (strncasecmp(searchfor->data[1].data, defrealm, +- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) ++ if (searchfor->length == 2) { ++ if (data_eq_string(searchfor->data[0], "krbtgt") && ++ data_eq_string(searchfor->data[1], defrealm)) + return 0; ++ } + + /* first check the length, if they are not equal, then they are not same */ + if (strlen(defrealm) != searchfor->realm.length) +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +index 140db1a..552e39a 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +@@ -78,10 +78,10 @@ krb5_error_code + krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, + unsigned int flags, krb5_db_entry **entry_ptr) + { +- char *user=NULL, *filter=NULL, **subtree=NULL; ++ char *user=NULL, *filter=NULL, *filtuser=NULL; + unsigned int tree=0, ntrees=1, princlen=0; + krb5_error_code tempst=0, st=0; +- char **values=NULL, *cname=NULL; ++ char **values=NULL, **subtree=NULL, *cname=NULL; + LDAP *ld=NULL; + LDAPMessage *result=NULL, *ent=NULL; + krb5_ldap_context *ldap_context=NULL; +@@ -115,12 +115,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, + if ((st=krb5_ldap_unparse_principal_name(user)) != 0) + goto cleanup; + +- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ ++ filtuser = ldap_filter_correct(user); ++ if (filtuser == NULL) { ++ st = ENOMEM; ++ goto cleanup; ++ } ++ ++ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */ + if ((filter = malloc(princlen)) == NULL) { + st = ENOMEM; + goto cleanup; + } +- snprintf(filter, princlen, FILTER"%s))", user); ++ snprintf(filter, princlen, FILTER"%s))", filtuser); + + if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) + goto cleanup; +@@ -207,6 +213,9 @@ cleanup: + if (user) + free(user); + ++ if (filtuser) ++ free(filtuser); ++ + if (cname) + free(cname); + diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch b/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch new file mode 100644 index 000000000000..5e0da20c882c --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch @@ -0,0 +1,112 @@ +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +index 1ca09b4..60caf3d 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h ++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er + #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) + + #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \ +- do { \ +- st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \ +- if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ +- tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ +- if (ldap_server_handle) \ +- ld = ldap_server_handle->ldap_handle; \ +- } \ +- }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \ ++ tempst = 0; \ ++ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, \ ++ NULL, &timelimit, LDAP_NO_LIMIT, &result); \ ++ if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \ ++ tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \ ++ if (ldap_server_handle) \ ++ ld = ldap_server_handle->ldap_handle; \ ++ if (tempst == 0) \ ++ st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, \ ++ NULL, NULL, &timelimit, \ ++ LDAP_NO_LIMIT, &result); \ ++ } \ + \ + if (status_check != IGNORE_STATUS) { \ + if (tempst != 0) { \ +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +index 82b0333..84e80ee 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context, + { + krb5_ldap_server_handle *handle = *ldap_server_handle; + ++ ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); + if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) + || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) + return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +index f549e23..b70940f 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +@@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context, + * portion, then the first portion of the principal name SHOULD be + * "krbtgt". All this check is done in the immediate block. + */ +- if (searchfor->length == 2) +- if ((strncasecmp(searchfor->data[0].data, "krbtgt", +- FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && +- (strncasecmp(searchfor->data[1].data, defrealm, +- FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) ++ if (searchfor->length == 2) { ++ if (data_eq_string(searchfor->data[0], "krbtgt") && ++ data_eq_string(searchfor->data[1], defrealm)) + return 0; ++ } + + /* first check the length, if they are not equal, then they are not same */ + if (strlen(defrealm) != searchfor->realm.length) +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +index 7ad31da..626ed1f 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +@@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, + unsigned int flags, krb5_db_entry *entries, + int *nentries, krb5_boolean *more) + { +- char *user=NULL, *filter=NULL, **subtree=NULL; ++ char *user=NULL, *filter=NULL, *filtuser=NULL; + unsigned int tree=0, ntrees=1, princlen=0; + krb5_error_code tempst=0, st=0; +- char **values=NULL, *cname=NULL; ++ char **values=NULL, **subtree=NULL, *cname=NULL; + LDAP *ld=NULL; + LDAPMessage *result=NULL, *ent=NULL; + krb5_ldap_context *ldap_context=NULL; +@@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, + if ((st=krb5_ldap_unparse_principal_name(user)) != 0) + goto cleanup; + +- princlen = strlen(FILTER) + strlen(user) + 2 + 1; /* 2 for closing brackets */ ++ filtuser = ldap_filter_correct(user); ++ if (filtuser == NULL) { ++ st = ENOMEM; ++ goto cleanup; ++ } ++ ++ princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1; /* 2 for closing brackets */ + if ((filter = malloc(princlen)) == NULL) { + st = ENOMEM; + goto cleanup; + } +- snprintf(filter, princlen, FILTER"%s))", user); ++ snprintf(filter, princlen, FILTER"%s))", filtuser); + + if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) + goto cleanup; +@@ -231,6 +237,9 @@ cleanup: + if (user) + free(user); + ++ if (filtuser) ++ free(filtuser); ++ + if (cname) + free(cname); + diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.3-r3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.3-r3.ebuild new file mode 100644 index 000000000000..43845eef39f7 --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.8.3-r3.ebuild @@ -0,0 +1,119 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.3-r3.ebuild,v 1.1 2011/02/08 22:45:14 eras Exp $ + +EAPI=2 + +inherit eutils flag-o-matic versionator + +MY_P=${P/mit-} +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="doc ldap test xinetd" + +RDEPEND="!!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.41.0 + sys-apps/keyutils + ldap? ( net-nds/openldap ) + xinetd? ( sys-apps/xinetd )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base ) + test? ( dev-lang/tcl + dev-lang/perl + dev-util/dejagnu )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-1322.patch" + epatch "${FILESDIR}/CVE-2010-1323.1324.4020.patch" + epatch "${FILESDIR}/CVE-2010-4022.patch" + epatch "${FILESDIR}/${P}-CVE-2011-0281.0282.0283.patch" + epatch "${FILESDIR}/mit-krb5_testsuite.patch" +} + +src_configure() { + append-flags "-I/usr/include/et" + econf \ + $(use_with ldap) \ + $(use_with test tcl /usr) \ + --without-krb4 \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-replay-cache \ + --disable-rpath +} + +src_compile() { + emake -j1 || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="/usr/share/doc/${PF}/examples" \ + install || die "install failed" + + # default database dir + keepdir /var/lib/krb5kdc + + cd .. + dodoc README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + + # die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd || die + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + fi +} diff --git a/app-crypt/mit-krb5/mit-krb5-1.9-r1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.9-r1.ebuild new file mode 100644 index 000000000000..a00dc95cacf9 --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.9-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.9-r1.ebuild,v 1.1 2011/02/08 22:45:14 eras Exp $ + +EAPI=2 + +inherit eutils flag-o-matic versionator + +MY_P="${P/mit-}" +MY_P="${MY_P/_/-}" +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="doc ldap +pkinit +threads test xinetd" + +RDEPEND="!!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.41.0 + sys-apps/keyutils + ldap? ( net-nds/openldap ) + xinetd? ( sys-apps/xinetd )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base ) + test? ( dev-lang/tcl + dev-lang/python + dev-util/dejagnu )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-4022.patch" + epatch "${FILESDIR}/CVE-2011-0281.0282.0283.patch" +} + +src_configure() { + append-flags "-I/usr/include/et" + econf \ + $(use_with ldap) \ + $(use_with test tcl /usr) \ + $(use_enable pkinit) \ + $(use_enable threads thread-support) \ + --without-krb4 \ + --without-hesiod \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-lookaside-cache \ + --disable-rpath +} + +src_compile() { + emake -j1 || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="/usr/share/doc/${PF}/examples" \ + install || die "install failed" + + # default database dir + keepdir /var/lib/krb5kdc + + cd .. + dodoc NOTICE README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + + # die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd || die + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + fi +} |