From: Eray Aslan Date: Thu, 20 Jun 2019 11:07:51 +0000 (+0300) Subject: app-crypt/mit-krb5: bump to 1.17 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2bacefac07dbccfa01942e1ec9245d6cbd598268;p=gentoo.git app-crypt/mit-krb5: bump to 1.17 Closes: https://bugs.gentoo.org/687730 Package-Manager: Portage-2.3.67, Repoman-2.3.15 Signed-off-by: Eray Aslan --- diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 3d33ce756dba..0911382bd22c 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -2,3 +2,4 @@ DIST krb5-1.16.1.tar.gz 9477480 BLAKE2B 16bdd7d6d03ddbd4b070663c3a7a3d2331d54e85 DIST krb5-1.16.2.tar.gz 9652415 BLAKE2B 21c4d56e43476a9b87a4ca9a8b7d0dd5739d3d70731fb4727de5ae248d8638e2016581cd2462f5e2ec7950d9e216aa165199505e581fa10db81ce26062fc097e SHA512 738c071a90e0f38680bb17bdcf950310bc4549f3cb851e1d34de11239ae88178e6ee1a5e5d48c6d3efef544339b07d22dba5347dd763a4266d8d4df7cf47afc9 DIST krb5-1.16.3.tar.gz 9656985 BLAKE2B 92e6d2b5f27e80f495d7bb3fb64acfb03530156fb8e1a07dbc8d045616fd2ac4be8047d844580e3aa01d5e8b733ceea9024290dcc53b691696201f02a31e3034 SHA512 77da5f8bb19108e158c3df5a17b9141b7cbbae7d01f9f0dca5c504dc4b468953d67a1f4566bed5a062d8ff8e0d80796094dea12d2e45bdda810a1633bb08318d DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9 +DIST krb5-1.17.tar.gz 8761763 BLAKE2B 76f636836c67e9eefca91c9417118efdcf4437c1220691f43f3d246daf3eabd53b40a30956f0e57703c3fde5d7193b1d86b68becf3ae1c0c803d2462e79d3014 SHA512 7462a578b936bd17f155a362dbb5d388e157a80a096549028be6c55400b11361c7f8a28e424fd5674801873651df4e694d536cae66728b7ae5e840e532358c52 diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch new file mode 100644 index 000000000000..ca74b88bb0f3 --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5-1.16.3-libressl-r1.patch @@ -0,0 +1,101 @@ +From 58263cbf3106f4c9c9a2252794093014a2f9c01f Mon Sep 17 00:00:00 2001 +From: Stefan Strogin +Date: Thu, 25 Apr 2019 03:48:10 +0300 +Subject: [PATCH] Fix build for LibreSSL 2.9.x + +asn1_mac.h is removed from LibreSSL 2.9.0, but static_ASN1_*() methods +are not defined. Define them. + +Upstream-Status: Pending +[Needs to be amended if +https://github.com/libressl-portable/openbsd/pull/109 is accepted] +Signed-off-by: Stefan Strogin +--- + .../preauth/pkinit/pkinit_crypto_openssl.c | 13 ++++++++---- + .../preauth/pkinit/pkinit_crypto_openssl.h | 20 ++++++++++++++++++- + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 2064eb7bd..81d5d3cf2 100644 +--- a/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -188,14 +188,16 @@ pkinit_pkcs11_code_to_text(int err); + (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + +-/* 1.1 standardizes constructor and destructor names, renaming +- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ ++/* 1.1 (and LibreSSL 2.7) standardizes constructor and destructor names, ++ * renaming EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data ++#endif + + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ +@@ -203,6 +205,7 @@ pkinit_pkcs11_code_to_text(int err); + #define OBJ_get0_data(o) ((o)->data) + #define OBJ_length(o) ((o)->length) + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL + #define DH_set0_pqg compat_dh_set0_pqg + static int compat_dh_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) + { +@@ -235,6 +238,7 @@ static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub, + if (priv != NULL) + *priv = dh->priv_key; + } ++#endif /* LIBRESSL_VERSION_NUMBER */ + + /* Return true if the cert c includes a key usage which doesn't include u. + * Define using direct member access for pre-1.1. */ +@@ -3040,7 +3044,8 @@ cleanup: + return retval; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ ++ LIBRESSL_VERSION_NUMBER >= 0x2090000fL + + /* + * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h +index 7411348fa..ac91408c4 100644 +--- a/plugins/preauth/pkinit/pkinit_crypto_openssl.h ++++ b/plugins/preauth/pkinit/pkinit_crypto_openssl.h +@@ -46,7 +46,25 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || \ ++ LIBRESSL_VERSION_NUMBER >= 0x2090000fL ++ ++#ifndef static_ASN1_SEQUENCE_END_name ++#define static_ASN1_ITEM_start(itname) \ ++ static const ASN1_ITEM itname##_it = { ++#define static_ASN1_SEQUENCE_END_name(stname, tname) \ ++ ;\ ++ static_ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_SEQUENCE,\ ++ V_ASN1_SEQUENCE,\ ++ tname##_seq_tt,\ ++ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ ++ NULL,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) ++#endif /* !defined(static_ASN1_SEQUENCE_END_name) */ ++ + #include + #else + #include +-- +2.21.0 + diff --git a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS-r1.patch b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS-r1.patch new file mode 100644 index 000000000000..39bac974afca --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS-r1.patch @@ -0,0 +1,12 @@ +Bug #448778 +--- a/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000 ++++ b/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000 +@@ -217,7 +217,7 @@ + -e 's#\$(PROG_RPATH)#'$libdir'#' \ + -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ + -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ +- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ ++ -e 's#\$(LDFLAGS)##' \ + -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ + -e 's#\$(CFLAGS)##'` + diff --git a/app-crypt/mit-krb5/metadata.xml b/app-crypt/mit-krb5/metadata.xml index 253338743989..70f026233c95 100644 --- a/app-crypt/mit-krb5/metadata.xml +++ b/app-crypt/mit-krb5/metadata.xml @@ -10,11 +10,12 @@ Creates and installs the API and implementation documentation. This is only useful if you want to develop software - which depends on kerberos. + which depends on kerberos - Enable for the keyring ccache using keyutils. - Enable pkinit support for the initial ticket. - Enable support for ldap as a database backend. + Enable for the keyring ccache using keyutils + Add support for using dev-db/lmdb for lookup tables + Enable pkinit support for the initial ticket + Enable support for ldap as a database backend cpe:/a:mit:kerberos diff --git a/app-crypt/mit-krb5/mit-krb5-1.17.ebuild b/app-crypt/mit-krb5/mit-krb5-1.17.ebuild new file mode 100644 index 000000000000..f1ff44b3a29b --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.17.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{5,6,7} ) +inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd + +MY_P="${P/mit-}" +P_DIR=$(ver_cut 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="https://web.mit.edu/kerberos/www/" +SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz" + +LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="cpu_flags_x86_aes doc +keyutils libressl lmdb nls openldap +pkinit selinux +threads test xinetd" + +# Test suite requires network access +RESTRICT="test" + +CDEPEND=" + !!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}] + || ( + >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}] + >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}] + >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}] + ) + keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] ) + lmdb? ( dev-db/lmdb ) + nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + pkinit? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] ) + ) + xinetd? ( sys-apps/xinetd ) + " +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + virtual/yacc + cpu_flags_x86_aes? ( + amd64? ( dev-lang/yasm ) + x86? ( dev-lang/yasm ) + ) + doc? ( virtual/latex-base ) + test? ( + ${PYTHON_DEPS} + dev-lang/tcl:0 + dev-util/dejagnu + dev-util/cmocka + )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-kerberos )" + +S=${WORKDIR}/${MY_P}/src + +PATCHES=( + "${FILESDIR}/${PN}-1.12_warn_cflags.patch" + "${FILESDIR}/${PN}-config_LDFLAGS-r1.patch" + "${FILESDIR}/${PN}-1.16.3-libressl-r1.patch" +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/krb5-config +) + +src_prepare() { + default + # Make sure we always use the system copies. + rm -rf util/{et,ss,verto} + sed -i 's:^[[:space:]]*util/verto$::' configure.in || die + + eautoreconf +} + +src_configure() { + # QA + append-flags -fno-strict-aliasing + append-flags -fno-strict-overflow + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use keyutils || export ac_cv_header_keyutils_h=no + ECONF_SOURCE=${S} \ + WARN_CFLAGS="set" \ + econf \ + $(use_with openldap ldap) \ + "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \ + $(use_enable nls) \ + $(use_enable pkinit) \ + $(use_enable threads thread-support) \ + $(use_with lmdb) \ + --without-hesiod \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-lookaside-cache \ + --with-system-verto \ + --disable-rpath +} + +multilib_src_compile() { + emake -j1 +} + +multilib_src_test() { + multilib_is_native_abi && emake -j1 check +} + +multilib_src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ + install +} + +multilib_src_install_all() { + # default database dir + keepdir /var/lib/krb5kdc + + rmdir "${ED}"/var/lib/{run/krb5kdc,run} + + cd .. + dodoc README + + if use doc; then + dodoc -r doc/html + docinto pdf + dodoc doc/pdf/*.pdf + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind + newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc + newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd + newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind + newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc + newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd + + systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service + systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service + systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service + systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service" + systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket + + insinto /etc + newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use openldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd + fi +}