diff options
| author |   Eray Aslan <eras@gentoo.org> | 2011-12-27 21:15:10 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2011-12-27 21:15:10 +0000 |
| commit | 82b75f9a8c89c61fb05cbc31481bb09557d086db (patch) | |
| tree | 35f62ae9d83d61f5cefcfd1b4bff20df569c771e /app-crypt | |
| parent | x86 stable, bug #394393 (diff) | |
| download | gentoo-2-82b75f9a8c89c61fb05cbc31481bb09557d086db.tar.gz gentoo-2-82b75f9a8c89c61fb05cbc31481bb09557d086db.tar.bz2 gentoo-2-82b75f9a8c89c61fb05cbc31481bb09557d086db.zip | |
security bump - bug #396105
(Portage version: 2.1.10.43/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt')
| -rw-r--r-- | app-crypt/heimdal/ChangeLog | 8 | ||||
| -rw-r--r-- | app-crypt/heimdal/files/CVE-2011-4862.patch | 16 | ||||
| -rw-r--r-- | app-crypt/heimdal/files/heimdal_missing-include.patch | 11 | ||||
| -rw-r--r-- | app-crypt/heimdal/heimdal-1.5.1-r1.ebuild | 138 |
4 files changed, 172 insertions, 1 deletions
diff --git a/app-crypt/heimdal/ChangeLog b/app-crypt/heimdal/ChangeLog index c83b11626cd7..59383271b323 100644 --- a/app-crypt/heimdal/ChangeLog +++ b/app-crypt/heimdal/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/heimdal # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.181 2011/11/28 10:05:08 eras Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.182 2011/12/27 21:15:10 eras Exp $ + +*heimdal-1.5.1-r1 (27 Dec 2011) + + 27 Dec 2011; Eray Aslan <eras@gentoo.org> +heimdal-1.5.1-r1.ebuild, + +files/CVE-2011-4862.patch, +files/heimdal_missing-include.patch: + security bump - bug #396105 28 Nov 2011; Eray Aslan <eras@gentoo.org> heimdal-1.5.1.ebuild: Drop autotools-utils - bug #392081 diff --git a/app-crypt/heimdal/files/CVE-2011-4862.patch b/app-crypt/heimdal/files/CVE-2011-4862.patch new file mode 100644 index 000000000000..1c4672fcaf98 --- /dev/null +++ b/app-crypt/heimdal/files/CVE-2011-4862.patch @@ -0,0 +1,16 @@ +Stolen shamelessly from FreeBSD + +Index: crypto/heimdal/appl/telnet/libtelnet/encrypt.c +=================================================================== +--- appl/telnet/libtelnet/encrypt.c (revision 228798) ++++ appl/telnet/libtelnet/encrypt.c (working copy) +@@ -736,6 +736,9 @@ + int dir = kp->dir; + int ret = 0; + ++ if (len > MAXKEYLEN) ++ len = MAXKEYLEN; ++ + if (!(ep = (*kp->getcrypt)(*kp->modep))) { + if (len == 0) + return; diff --git a/app-crypt/heimdal/files/heimdal_missing-include.patch b/app-crypt/heimdal/files/heimdal_missing-include.patch new file mode 100644 index 000000000000..e245cf8fff07 --- /dev/null +++ b/app-crypt/heimdal/files/heimdal_missing-include.patch @@ -0,0 +1,11 @@ +--- base/test_base.c 2011-09-30 15:58:45.000000000 +0300 ++++ base/test_base.c 2011-12-27 23:04:50.482955923 +0200 +@@ -39,6 +39,8 @@ + #include "heimbase.h" + #include "heimbasepriv.h" + ++#include <stdlib.h> ++ + static void + memory_free(heim_object_t obj) + { diff --git a/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild b/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild new file mode 100644 index 000000000000..9d029170b0cd --- /dev/null +++ b/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild,v 1.1 2011/12/27 21:15:10 eras Exp $ + +EAPI=2 +# PYTHON_BDEPEND="2" +VIRTUALX_REQUIRED="manual" + +inherit autotools db-use eutils libtool python toolchain-funcs virtualx flag-o-matic + +MY_P="${P}" +DESCRIPTION="Kerberos 5 implementation from KTH" +HOMEPAGE="http://www.h5l.org/" +SRC_URI="http://www.h5l.org/dist/src/${MY_P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="afs +berkdb caps hdb-ldap ipv6 otp +pkinit ssl static-libs threads test X" + +RDEPEND="ssl? ( dev-libs/openssl ) + berkdb? ( sys-libs/db ) + !berkdb? ( sys-libs/gdbm ) + caps? ( sys-libs/libcap-ng ) + >=dev-db/sqlite-3.5.7 + >=sys-libs/e2fsprogs-libs-1.41.11 + afs? ( net-fs/openafs ) + hdb-ldap? ( >=net-nds/openldap-2.3.0 ) + !!app-crypt/mit-krb5" + +DEPEND="${RDEPEND} + =dev-lang/python-2* + dev-util/pkgconfig + >=sys-devel/autoconf-2.62 + test? ( X? ( ${VIRTUALX_DEPEND} ) )" + +pkg_setup() { + python_set_active_version 2 + python_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}/heimdal_missing-include.patch" + epatch "${FILESDIR}/CVE-2011-4862.patch" + epatch "${FILESDIR}/heimdal_db5.patch" + epatch "${FILESDIR}/heimdal_disable-check-iprop.patch" + epatch "${FILESDIR}/heimdal_link_order.patch" + eautoreconf +} + +src_configure() { + # QA + append-flags -fno-strict-aliasing + + local myconf="" + if use berkdb; then + myconf="--with-berkeley-db --with-berkeley-db-include=$(db_includedir)" + else + myconf="--without-berkeley-db" + fi + econf \ + --enable-kcm \ + --disable-osfc2 \ + --enable-shared \ + --with-libintl=/usr \ + --with-readline=/usr \ + --with-sqlite3=/usr \ + --libexecdir=/usr/sbin \ + $(use_enable afs afs-support) \ + $(use_enable otp) \ + $(use_enable pkinit kx509) \ + $(use_enable pkinit pk-init) \ + $(use_enable static-libs static) \ + $(use_enable threads pthread-support) \ + $(use_with caps capng) \ + $(use_with hdb-ldap openldap /usr) \ + $(use_with ipv6) \ + $(use_with ssl openssl /usr) \ + $(use_with X x) \ + ${myconf} +} + +src_compile() { + emake -j1 || die "emake failed" +} + +src_install() { + INSTALL_CATPAGES="no" emake DESTDIR="${D}" install || die "emake install failed" + + dodoc ChangeLog README NEWS TODO + + # Begin client rename and install + for i in {telnetd,ftpd,rshd,popper} + do + mv "${D}"/usr/share/man/man8/{,k}${i}.8 + mv "${D}"/usr/sbin/{,k}${i} + done + + for i in {rcp,rsh,telnet,ftp,su,login,pagsh,kf} + do + mv "${D}"/usr/share/man/man1/{,k}${i}.1 + mv "${D}"/usr/bin/{,k}${i} + done + + mv "${D}"/usr/share/man/man5/{,k}ftpusers.5 + mv "${D}"/usr/share/man/man5/{,k}login.access.5 + + newinitd "${FILESDIR}"/heimdal-kdc.initd-r1 heimdal-kdc + newinitd "${FILESDIR}"/heimdal-kadmind.initd-r1 heimdal-kadmind + newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r1 heimdal-kpasswdd + newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm + + newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc + newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind + newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd + newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm + + insinto /etc + newins "${FILESDIR}"/krb5.conf krb5.conf.example + + if use hdb-ldap; then + insinto /etc/openldap/schema + doins "${S}/lib/hdb/hdb.schema" + fi + + use static-libs || find "${D}"/usr/lib* -name '*.la' -delete + + # default database dir + keepdir /var/heimdal +} + +pkg_preinst() { + preserve_old_lib /usr/$(get_libdir)/libgssapi.so.2 +} + +pkg_postinst() { + preserve_old_lib_notify /usr/$(get_libdir)/libgssapi.so.2 +} |