summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Turner <mattst88@gentoo.org>2019-09-28 11:25:58 -0700
committerMatt Turner <mattst88@gentoo.org>2019-09-28 11:27:13 -0700
commitbd1940d2e752a50a37710fcec0984fc1ff0234e7 (patch)
tree92d535b2c31acac4d5b372f05ef24ba214de5cd2 /app-crypt
parentmedia-libs/waffle: Fix unquoted variable (diff)
downloadgentoo-bd1940d2e752a50a37710fcec0984fc1ff0234e7.tar.gz
gentoo-bd1940d2e752a50a37710fcec0984fc1ff0234e7.tar.bz2
gentoo-bd1940d2e752a50a37710fcec0984fc1ff0234e7.zip
app-crypt/mit-krb5: Drop old versions
Signed-off-by: Matt Turner <mattst88@gentoo.org>
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/mit-krb5/Manifest4
-rw-r--r--app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch297
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch101
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch12
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch31
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild154
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild153
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild161
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild161
9 files changed, 0 insertions, 1074 deletions
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
index 0911382bd22c..4b2ab0c10a3a 100644
--- a/app-crypt/mit-krb5/Manifest
+++ b/app-crypt/mit-krb5/Manifest
@@ -1,5 +1 @@
-DIST krb5-1.16.1.tar.gz 9477480 BLAKE2B 16bdd7d6d03ddbd4b070663c3a7a3d2331d54e8590b24f1dc162be2531bfbbbd65878d426a160c65ffc1ba4751f16bbbd177a8a91c01002fde0e886cc1bd91b9 SHA512 fa4ec14a4ffe690861e2dd7ea39d7698af2058ce181bb733ea891f80279f4dde4bb891adec5ccb0eaddf737306e6ceb1fe3744a2946e6189a7d7d2dd3bc5ba84
-DIST krb5-1.16.2.tar.gz 9652415 BLAKE2B 21c4d56e43476a9b87a4ca9a8b7d0dd5739d3d70731fb4727de5ae248d8638e2016581cd2462f5e2ec7950d9e216aa165199505e581fa10db81ce26062fc097e SHA512 738c071a90e0f38680bb17bdcf950310bc4549f3cb851e1d34de11239ae88178e6ee1a5e5d48c6d3efef544339b07d22dba5347dd763a4266d8d4df7cf47afc9
-DIST krb5-1.16.3.tar.gz 9656985 BLAKE2B 92e6d2b5f27e80f495d7bb3fb64acfb03530156fb8e1a07dbc8d045616fd2ac4be8047d844580e3aa01d5e8b733ceea9024290dcc53b691696201f02a31e3034 SHA512 77da5f8bb19108e158c3df5a17b9141b7cbbae7d01f9f0dca5c504dc4b468953d67a1f4566bed5a062d8ff8e0d80796094dea12d2e45bdda810a1633bb08318d
-DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9
DIST krb5-1.17.tar.gz 8761763 BLAKE2B 76f636836c67e9eefca91c9417118efdcf4437c1220691f43f3d246daf3eabd53b40a30956f0e57703c3fde5d7193b1d86b68becf3ae1c0c803d2462e79d3014 SHA512 7462a578b936bd17f155a362dbb5d388e157a80a096549028be6c55400b11361c7f8a28e424fd5674801873651df4e694d536cae66728b7ae5e840e532358c52
diff --git a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch b/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch
deleted file mode 100644
index 114cfe688e73..000000000000
--- a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch
+++ /dev/null
@@ -1,297 +0,0 @@
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
-index 2420f2c2be..a59a65e8f6 100644
---- a/src/lib/kadm5/srv/svr_principal.c
-+++ b/src/lib/kadm5/srv/svr_principal.c
-@@ -330,6 +330,13 @@ kadm5_create_principal_3(void *server_handle,
- return KADM5_BAD_MASK;
- if((mask & ~ALL_PRINC_MASK))
- return KADM5_BAD_MASK;
-+ if (mask & KADM5_TL_DATA) {
-+ for (tl_data_tail = entry->tl_data; tl_data_tail != NULL;
-+ tl_data_tail = tl_data_tail->tl_data_next) {
-+ if (tl_data_tail->tl_data_type < 256)
-+ return KADM5_BAD_TL_TYPE;
-+ }
-+ }
-
- /*
- * Check to see if the principal exists
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-index 535a1f309e..8b8420faa9 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-@@ -141,7 +141,7 @@ extern int set_ldap_error (krb5_context ctx, int st, int op);
- #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
- #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
-
--#define KDB_TL_USER_INFO 0x7ffe
-+#define KDB_TL_USER_INFO 0xff
-
- #define KDB_TL_PRINCTYPE 0x01
- #define KDB_TL_PRINCCOUNT 0x02
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index 88a1704950..b7c9212cb2 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -651,6 +651,107 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
- return ret;
- }
-
-+static krb5_error_code
-+check_dn_in_container(krb5_context context, const char *dn,
-+ char *const *subtrees, unsigned int ntrees)
-+{
-+ unsigned int i;
-+ size_t dnlen = strlen(dn), stlen;
-+
-+ for (i = 0; i < ntrees; i++) {
-+ if (subtrees[i] == NULL || *subtrees[i] == '\0')
-+ return 0;
-+ stlen = strlen(subtrees[i]);
-+ if (dnlen >= stlen &&
-+ strcasecmp(dn + dnlen - stlen, subtrees[i]) == 0 &&
-+ (dnlen == stlen || dn[dnlen - stlen - 1] == ','))
-+ return 0;
-+ }
-+
-+ k5_setmsg(context, EINVAL, _("DN is out of the realm subtree"));
-+ return EINVAL;
-+}
-+
-+static krb5_error_code
-+check_dn_exists(krb5_context context,
-+ krb5_ldap_server_handle *ldap_server_handle,
-+ const char *dn, krb5_boolean nonkrb_only)
-+{
-+ krb5_error_code st = 0, tempst;
-+ krb5_ldap_context *ldap_context = context->dal_handle->db_context;
-+ LDAP *ld = ldap_server_handle->ldap_handle;
-+ LDAPMessage *result = NULL, *ent;
-+ char *attrs[] = { "krbticketpolicyreference", "krbprincipalname", NULL };
-+ char **values;
-+
-+ LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attrs, IGNORE_STATUS);
-+ if (st != LDAP_SUCCESS)
-+ return set_ldap_error(context, st, OP_SEARCH);
-+
-+ ent = ldap_first_entry(ld, result);
-+ CHECK_NULL(ent);
-+
-+ values = ldap_get_values(ld, ent, "krbticketpolicyreference");
-+ if (values != NULL)
-+ ldap_value_free(values);
-+
-+ values = ldap_get_values(ld, ent, "krbprincipalname");
-+ if (values != NULL) {
-+ ldap_value_free(values);
-+ if (nonkrb_only) {
-+ st = EINVAL;
-+ k5_setmsg(context, st, _("ldap object is already kerberized"));
-+ goto cleanup;
-+ }
-+ }
-+
-+cleanup:
-+ ldap_msgfree(result);
-+ return st;
-+}
-+
-+static krb5_error_code
-+validate_xargs(krb5_context context,
-+ krb5_ldap_server_handle *ldap_server_handle,
-+ const xargs_t *xargs, const char *standalone_dn,
-+ char *const *subtrees, unsigned int ntrees)
-+{
-+ krb5_error_code st;
-+
-+ if (xargs->dn != NULL) {
-+ /* The supplied dn must be within a realm container. */
-+ st = check_dn_in_container(context, xargs->dn, subtrees, ntrees);
-+ if (st)
-+ return st;
-+ /* The supplied dn must exist without Kerberos attributes. */
-+ st = check_dn_exists(context, ldap_server_handle, xargs->dn, TRUE);
-+ if (st)
-+ return st;
-+ }
-+
-+ if (xargs->linkdn != NULL) {
-+ /* The supplied linkdn must be within a realm container. */
-+ st = check_dn_in_container(context, xargs->linkdn, subtrees, ntrees);
-+ if (st)
-+ return st;
-+ /* The supplied linkdn must exist. */
-+ st = check_dn_exists(context, ldap_server_handle, xargs->linkdn,
-+ FALSE);
-+ if (st)
-+ return st;
-+ }
-+
-+ if (xargs->containerdn != NULL && standalone_dn != NULL) {
-+ /* standalone_dn (likely composed using containerdn) must be within a
-+ * container. */
-+ st = check_dn_in_container(context, standalone_dn, subtrees, ntrees);
-+ if (st)
-+ return st;
-+ }
-+
-+ return 0;
-+}
-+
- krb5_error_code
- krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- char **db_args)
-@@ -662,12 +763,12 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- LDAPMessage *result=NULL, *ent=NULL;
- char **subtreelist = NULL;
- char *user=NULL, *subtree=NULL, *principal_dn=NULL;
-- char **values=NULL, *strval[10]={NULL}, errbuf[1024];
-+ char *strval[10]={NULL}, errbuf[1024];
- char *filtuser=NULL;
- struct berval **bersecretkey=NULL;
- LDAPMod **mods=NULL;
- krb5_boolean create_standalone=FALSE;
-- krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE;
-+ krb5_boolean establish_links=FALSE;
- char *standalone_principal_dn=NULL;
- krb5_tl_data *tl_data=NULL;
- krb5_key_data **keys=NULL;
-@@ -860,24 +961,6 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- * any of the subtrees
- */
- if (xargs.dn_from_kbd == TRUE) {
-- /* make sure the DN falls in the subtree */
-- int dnlen=0, subtreelen=0;
-- char *dn=NULL;
-- krb5_boolean outofsubtree=TRUE;
--
-- if (xargs.dn != NULL) {
-- dn = xargs.dn;
-- } else if (xargs.linkdn != NULL) {
-- dn = xargs.linkdn;
-- } else if (standalone_principal_dn != NULL) {
-- /*
-- * Even though the standalone_principal_dn is constructed
-- * within this function, there is the containerdn input
-- * from the user that can become part of the it.
-- */
-- dn = standalone_principal_dn;
-- }
--
- /* Get the current subtree list if we haven't already done so. */
- if (subtreelist == NULL) {
- st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees);
-@@ -885,81 +968,10 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- goto cleanup;
- }
-
-- for (tre=0; tre<ntrees; ++tre) {
-- if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
-- outofsubtree = FALSE;
-- break;
-- } else {
-- dnlen = strlen (dn);
-- subtreelen = strlen(subtreelist[tre]);
-- if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
-- outofsubtree = FALSE;
-- break;
-- }
-- }
-- }
--
-- if (outofsubtree == TRUE) {
-- st = EINVAL;
-- k5_setmsg(context, st, _("DN is out of the realm subtree"));
-+ st = validate_xargs(context, ldap_server_handle, &xargs,
-+ standalone_principal_dn, subtreelist, ntrees);
-+ if (st)
- goto cleanup;
-- }
--
-- /*
-- * dn value will be set either by dn, linkdn or the standalone_principal_dn
-- * In the first 2 cases, the dn should be existing and in the last case we
-- * are supposed to create the ldap object. so the below should not be
-- * executed for the last case.
-- */
--
-- if (standalone_principal_dn == NULL) {
-- /*
-- * If the ldap object is missing, this results in an error.
-- */
--
-- /*
-- * Search for krbprincipalname attribute here.
-- * This is to find if a kerberos identity is already present
-- * on the ldap object, in which case adding a kerberos identity
-- * on the ldap object should result in an error.
-- */
-- char *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
--
-- ldap_msgfree(result);
-- result = NULL;
-- LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
-- if (st == LDAP_SUCCESS) {
-- ent = ldap_first_entry(ld, result);
-- if (ent != NULL) {
-- if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
-- ldap_value_free(values);
-- }
--
-- if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-- krb_identity_exists = TRUE;
-- ldap_value_free(values);
-- }
-- }
-- } else {
-- st = set_ldap_error(context, st, OP_SEARCH);
-- goto cleanup;
-- }
-- }
-- }
--
-- /*
-- * If xargs.dn is set then the request is to add a
-- * kerberos principal on a ldap object, but if
-- * there is one already on the ldap object this
-- * should result in an error.
-- */
--
-- if (xargs.dn != NULL && krb_identity_exists == TRUE) {
-- st = EINVAL;
-- snprintf(errbuf, sizeof(errbuf),
-- _("ldap object is already kerberized"));
-- k5_setmsg(context, st, "%s", errbuf);
-- goto cleanup;
- }
-
- if (xargs.linkdn != NULL) {
-diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
-index 217f2cdc3b..6e563b1032 100755
---- a/src/tests/t_kdb.py
-+++ b/src/tests/t_kdb.py
-@@ -203,6 +203,12 @@ def ldap_add(dn, objectclass, attrs=[]):
- # in the test LDAP server.
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=krb5', 'princ1'],
- expected_code=1, expected_msg='DN is out of the realm subtree')
-+# Check that the DN container check is a hierarchy test, not a simple
-+# suffix match (CVE-2018-5730). We expect this operation to fail
-+# either way (because "xcn" isn't a valid DN tag) but the container
-+# check should happen before the DN is parsed.
-+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=xcn=t1,cn=krb5', 'princ1'],
-+ expected_code=1, expected_msg='DN is out of the realm subtree')
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'princ1'])
- realm.run([kadminl, 'getprinc', 'princ1'], expected_msg='Principal: princ1')
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'again'],
-@@ -226,6 +232,11 @@ def ldap_add(dn, objectclass, attrs=[]):
- 'princ3'])
- realm.run([kadminl, 'modprinc', '-x', 'containerdn=cn=t2,cn=krb5', 'princ3'],
- expected_code=1, expected_msg='containerdn option not supported')
-+# Verify that containerdn is checked when linkdn is also supplied
-+# (CVE-2018-5730).
-+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5',
-+ '-x', 'linkdn=cn=t2,cn=krb5', 'princ4'], expected_code=1,
-+ expected_msg='DN is out of the realm subtree')
-
- # Create and modify a ticket policy.
- kldaputil(['create_policy', '-maxtktlife', '3hour', '-maxrenewlife', '6hour',
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch
deleted file mode 100644
index 7a655fb9a1d8..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001
-From: Stefan Strogin <stefan.strogin@gmail.com>
-Date: Thu, 25 Apr 2019 03:48:10 +0300
-Subject: [PATCH] Fix build for LibreSSL 2.9.x
-
-asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods
-are not defined. Define them.
-
-Upstream-Status: Pending
-[Needs to be amended if
-https://github.com/libressl-portable/openbsd/pull/109 is accepted]
-Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
----
- .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++----
- .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++-
- 2 files changed, 28 insertions(+), 5 deletions(-)
-
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-index 2064eb7bd..81d5d3cf2 100644
---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err);
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-
--/* 1.1 standardizes constructor and destructor names, renaming
-- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
-+/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names,
-+ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
-
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
- #define EVP_MD_CTX_new EVP_MD_CTX_create
- #define EVP_MD_CTX_free EVP_MD_CTX_destroy
- #define ASN1_STRING_get0_data ASN1_STRING_data
-+#endif
-
- /* 1.1 makes many handle types opaque and adds accessors. Add compatibility
- * versions of the new accessors we use for pre-1.1. */
-@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err);
- #define OBJ_get0_data(o) ((o)->data)
- #define OBJ_length(o) ((o)->length)
-
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
- #define DH_set0_pqg compat_dh_set0_pqg
- static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
- {
-@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub,
- if (priv != NULL)
- *priv = dh->priv_key;
- }
-+#endif /* LIBRESSL_VERSION_NUMBER */
-
- /* Return true if the cert c includes a key usage which doesn't include u.
- * Define using direct member access for pre-1.1. */
-@@ -3040,7 +3044,8 @@ cleanup:
- return retval;
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL
-
- /*
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
-diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-index 7411348fa..ac91408c4 100644
---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-@@ -46,7 +46,25 @@
- #include <openssl/asn1.h>
- #include <openssl/pem.h>
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \
-+ LIBRESSL_VERSION_NUMBER >= 0x2090000fL
-+
-+#ifndef static_ASN1_SEQUENCE_END_name
-+#define static_ASN1_ITEM_start(itname) \
-+ static const ASN1_ITEM itname##_it = {
-+#define static_ASN1_SEQUENCE_END_name(stname, tname) \
-+ ;\
-+ static_ASN1_ITEM_start(tname) \
-+ ASN1_ITYPE_SEQUENCE,\
-+ V_ASN1_SEQUENCE,\
-+ tname##_seq_tt,\
-+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-+ NULL,\
-+ sizeof(stname),\
-+ #stname \
-+ ASN1_ITEM_end(tname)
-+#endif /* !defined(static_ASN1_SEQUENCE_END_name) */
-+
- #include <openssl/asn1t.h>
- #else
- #include <openssl/asn1_mac.h>
---
-2.21.0
-
diff --git a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch
deleted file mode 100644
index 8490e629a377..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Bug #448778
---- a/src/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000
-+++ b/src/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000
-@@ -217,7 +217,7 @@
- -e 's#\$(PROG_RPATH)#'$libdir'#' \
- -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \
- -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
-- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
-+ -e 's#\$(LDFLAGS)##' \
- -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
- -e 's#\$(CFLAGS)##'`
-
diff --git a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch b/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch
deleted file mode 100644
index 5c979cfd1ef7..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -191,7 +191,7 @@ pkinit_pkcs11_code_to_text(int err);
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-
- /* 1.1 standardizes constructor and destructor names, renaming
- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
-@@ -3059,7 +3059,7 @@ cleanup:
- return retval;
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-
- /*
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-@@ -46,7 +46,7 @@
- #include <openssl/asn1.h>
- #include <openssl/pem.h>
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- #include <openssl/asn1t.h>
- #else
- #include <openssl/asn1_mac.h>
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild
deleted file mode 100644
index 1953c395599b..000000000000
--- a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild
+++ /dev/null
@@ -1,154 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 )
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
-
-MY_P="${P/mit-}"
-P_DIR=$(get_version_component_range 1-2)
-DESCRIPTION="MIT Kerberos V"
-HOMEPAGE="https://web.mit.edu/kerberos/www/"
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
-
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86"
-IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
-
-# Test suite require network access
-RESTRICT="test"
-
-CDEPEND="
- !!app-crypt/heimdal
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
- || (
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
- )
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
- pkinit? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- )
- xinetd? ( sys-apps/xinetd )"
-DEPEND="${CDEPEND}
- ${PYTHON_DEPS}
- virtual/yacc
- doc? ( virtual/latex-base )
- test? (
- ${PYTHON_DEPS}
- dev-lang/tcl:0
- dev-util/dejagnu
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-kerberos )"
-
-S=${WORKDIR}/${MY_P}/src
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/krb5-config
-)
-
-src_prepare() {
- eapply -p2 "${FILESDIR}/CVE-2018-5729-5730.patch"
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
-
- # Make sure we always use the system copies.
- rm -rf util/{et,ss,verto}
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
-
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # QA
- append-flags -fno-strict-aliasing
- append-flags -fno-strict-overflow
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use keyutils || export ac_cv_header_keyutils_h=no
- ECONF_SOURCE=${S} \
- WARN_CFLAGS="set" \
- econf \
- $(use_with openldap ldap) \
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
- $(use_enable nls) \
- $(use_enable pkinit) \
- $(use_enable threads thread-support) \
- --without-hesiod \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --enable-dns-for-realm \
- --enable-kdc-lookaside-cache \
- --with-system-verto \
- --disable-rpath
-}
-
-multilib_src_compile() {
- emake -j1
-}
-
-multilib_src_test() {
- multilib_is_native_abi && emake -j1 check
-}
-
-multilib_src_install() {
- emake \
- DESTDIR="${D}" \
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
- install
-}
-
-multilib_src_install_all() {
- # default database dir
- keepdir /var/lib/krb5kdc
-
- cd ..
- dodoc README
-
- if use doc; then
- dodoc -r doc/html
- docinto pdf
- dodoc doc/pdf/*.pdf
- fi
-
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
-
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
-
- insinto /etc
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
- insinto /var/lib/krb5kdc
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
-
- if use openldap ; then
- insinto /etc/openldap/schema
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
- fi
-
- if use xinetd ; then
- insinto /etc/xinetd.d
- newins "${FILESDIR}/kpropd.xinetd" kpropd
- fi
-}
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
deleted file mode 100644
index 6e6edde5000f..000000000000
--- a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 )
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
-
-MY_P="${P/mit-}"
-P_DIR=$(get_version_component_range 1-2)
-DESCRIPTION="MIT Kerberos V"
-HOMEPAGE="https://web.mit.edu/kerberos/www/"
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
-
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
-
-# Test suite require network access
-RESTRICT="test"
-
-CDEPEND="
- !!app-crypt/heimdal
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
- || (
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
- )
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
- pkinit? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- )
- xinetd? ( sys-apps/xinetd )"
-DEPEND="${CDEPEND}
- ${PYTHON_DEPS}
- virtual/yacc
- doc? ( virtual/latex-base )
- test? (
- ${PYTHON_DEPS}
- dev-lang/tcl:0
- dev-util/dejagnu
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-kerberos )"
-
-S=${WORKDIR}/${MY_P}/src
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/krb5-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
-
- # Make sure we always use the system copies.
- rm -rf util/{et,ss,verto}
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
-
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # QA
- append-flags -fno-strict-aliasing
- append-flags -fno-strict-overflow
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use keyutils || export ac_cv_header_keyutils_h=no
- ECONF_SOURCE=${S} \
- WARN_CFLAGS="set" \
- econf \
- $(use_with openldap ldap) \
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
- $(use_enable nls) \
- $(use_enable pkinit) \
- $(use_enable threads thread-support) \
- --without-hesiod \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --enable-dns-for-realm \
- --enable-kdc-lookaside-cache \
- --with-system-verto \
- --disable-rpath
-}
-
-multilib_src_compile() {
- emake -j1
-}
-
-multilib_src_test() {
- multilib_is_native_abi && emake -j1 check
-}
-
-multilib_src_install() {
- emake \
- DESTDIR="${D}" \
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
- install
-}
-
-multilib_src_install_all() {
- # default database dir
- keepdir /var/lib/krb5kdc
-
- cd ..
- dodoc README
-
- if use doc; then
- dodoc -r doc/html
- docinto pdf
- dodoc doc/pdf/*.pdf
- fi
-
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
-
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
-
- insinto /etc
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
- insinto /var/lib/krb5kdc
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
-
- if use openldap ; then
- insinto /etc/openldap/schema
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
- fi
-
- if use xinetd ; then
- insinto /etc/xinetd.d
- newins "${FILESDIR}/kpropd.xinetd" kpropd
- fi
-}
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild
deleted file mode 100644
index 75bb0cdbf0b0..000000000000
--- a/app-crypt/mit-krb5/mit-krb5-1.16.2.ebuild
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python2_7 )
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd
-
-MY_P="${P/mit-}"
-P_DIR=$(ver_cut 1-2)
-DESCRIPTION="MIT Kerberos V"
-HOMEPAGE="https://web.mit.edu/kerberos/www/"
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
-
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
-
-# Test suite require network access
-RESTRICT="test"
-
-CDEPEND="
- !!app-crypt/heimdal
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
- || (
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
- )
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
- pkinit? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- )
- xinetd? ( sys-apps/xinetd )
- "
-DEPEND="${CDEPEND}
- ${PYTHON_DEPS}
- virtual/yacc
- cpu_flags_x86_aes? (
- amd64? ( dev-lang/yasm )
- x86? ( dev-lang/yasm )
- )
- doc? ( virtual/latex-base )
- test? (
- ${PYTHON_DEPS}
- dev-lang/tcl:0
- dev-util/dejagnu
- dev-util/cmocka
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-kerberos )"
-
-S=${WORKDIR}/${MY_P}/src
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/krb5-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
-
- # Make sure we always use the system copies.
- rm -rf util/{et,ss,verto}
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
-
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # QA
- append-flags -fno-strict-aliasing
- append-flags -fno-strict-overflow
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use keyutils || export ac_cv_header_keyutils_h=no
- ECONF_SOURCE=${S} \
- WARN_CFLAGS="set" \
- econf \
- $(use_with openldap ldap) \
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
- $(use_enable nls) \
- $(use_enable pkinit) \
- $(use_enable threads thread-support) \
- --without-hesiod \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --enable-dns-for-realm \
- --enable-kdc-lookaside-cache \
- --with-system-verto \
- --disable-rpath
-}
-
-multilib_src_compile() {
- emake -j1
-}
-
-multilib_src_test() {
- multilib_is_native_abi && emake -j1 check
-}
-
-multilib_src_install() {
- emake \
- DESTDIR="${D}" \
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
- install
-}
-
-multilib_src_install_all() {
- # default database dir
- keepdir /var/lib/krb5kdc
-
- rmdir "${ED}"/var/lib/{run/krb5kdc,run}
-
- cd ..
- dodoc README
-
- if use doc; then
- dodoc -r doc/html
- docinto pdf
- dodoc doc/pdf/*.pdf
- fi
-
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
-
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
-
- insinto /etc
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
- insinto /var/lib/krb5kdc
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
-
- if use openldap ; then
- insinto /etc/openldap/schema
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
- fi
-
- if use xinetd ; then
- insinto /etc/xinetd.d
- newins "${FILESDIR}/kpropd.xinetd" kpropd
- fi
-}
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild
deleted file mode 100644
index 9d8b99116396..000000000000
--- a/app-crypt/mit-krb5/mit-krb5-1.16.3.ebuild
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python2_7 )
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd
-
-MY_P="${P/mit-}"
-P_DIR=$(ver_cut 1-2)
-DESCRIPTION="MIT Kerberos V"
-HOMEPAGE="https://web.mit.edu/kerberos/www/"
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
-
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="cpu_flags_x86_aes doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
-
-# Test suite require network access
-#RESTRICT="test"
-
-CDEPEND="
- !!app-crypt/heimdal
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
- || (
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
- )
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
- pkinit? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
- )
- xinetd? ( sys-apps/xinetd )
- "
-DEPEND="${CDEPEND}
- ${PYTHON_DEPS}
- virtual/yacc
- cpu_flags_x86_aes? (
- amd64? ( dev-lang/yasm )
- x86? ( dev-lang/yasm )
- )
- doc? ( virtual/latex-base )
- test? (
- ${PYTHON_DEPS}
- dev-lang/tcl:0
- dev-util/dejagnu
- dev-util/cmocka
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-kerberos )"
-
-S=${WORKDIR}/${MY_P}/src
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/krb5-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
- eapply -p2 "${FILESDIR}/${P}-libressl.patch"
-
- # Make sure we always use the system copies.
- rm -rf util/{et,ss,verto}
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
-
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # QA
- append-flags -fno-strict-aliasing
- append-flags -fno-strict-overflow
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use keyutils || export ac_cv_header_keyutils_h=no
- ECONF_SOURCE=${S} \
- WARN_CFLAGS="set" \
- econf \
- $(use_with openldap ldap) \
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
- $(use_enable nls) \
- $(use_enable pkinit) \
- $(use_enable threads thread-support) \
- --without-hesiod \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --enable-dns-for-realm \
- --enable-kdc-lookaside-cache \
- --with-system-verto \
- --disable-rpath
-}
-
-multilib_src_compile() {
- emake -j1
-}
-
-multilib_src_test() {
- multilib_is_native_abi && emake -j1 check
-}
-
-multilib_src_install() {
- emake \
- DESTDIR="${D}" \
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
- install
-}
-
-multilib_src_install_all() {
- # default database dir
- keepdir /var/lib/krb5kdc
-
- rmdir "${ED}"/var/lib/{run/krb5kdc,run}
-
- cd ..
- dodoc README
-
- if use doc; then
- dodoc -r doc/html
- docinto pdf
- dodoc doc/pdf/*.pdf
- fi
-
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
-
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
-
- insinto /etc
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
- insinto /var/lib/krb5kdc
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
-
- if use openldap ; then
- insinto /etc/openldap/schema
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
- fi
-
- if use xinetd ; then
- insinto /etc/xinetd.d
- newins "${FILESDIR}/kpropd.xinetd" kpropd
- fi
-}