diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog deleted file mode 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ /dev/null @@ -1,28 +0,0 @@ -# ChangeLog for app-crypt/mit-krb5 -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: $ - - 06 May 2009; Nathan Phillip Brink - mit-krb5-1.6.3-r6.ebuild: - Trying sys-libs/db:3 because mit-krb5 doesn't start with db:4.5 - - 06 May 2009; Nathan Phillip Brink - mit-krb5-1.6.3-r6.ebuild, metadata.xml: - Removed ipv6 description, moved to EAPI="2", added --with-system-db (and - dependencies) - - 05 May 2009; Nathan Phillip Brink - +mit-krb5-1.6.3-r6.ebuild, +files/CVE-2009-0844+CVE-2009-0847.patch, - +files/CVE-2009-0846.patch: - Bumped ebuild parallel to Gentoo tree, dropped most KEYWORDS. - - 04 May 2009; Nathan Phillip Brink - mit-krb5-1.6.3-r4.ebuild: - removed untested KEYWORDS - - - 04 May 2009; Nathan Phillip Brink - -mit-krb5-1.6.2.ebuild: - Removed old package. - - diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest deleted file mode 100644 --- a/app-crypt/mit-krb5/Manifest +++ /dev/null @@ -1,15 +0,0 @@ -AUX 1.6-MITKRB5-SA-2008-001.patch 11080 RMD160 12415f2329536352cd4d4aaa340951771b1e5114 SHA1 0cc2549ab6fd44180b3cdf4327efeaa6fe43b6e2 SHA256 0af6931dd33d9a2622714de3e06e68dde0d6e9215d9b08c478a441ce7fb6d7a6 -AUX CVE-2009-0844+CVE-2009-0847.patch 2075 RMD160 eba543da0eafa13158a71947bf22783292d23951 SHA1 087e0dfcdff3dd08b9085fda47099c438871488d SHA256 abdff5ffb07b57d6156722ea6ee12a73ae3337ff05687e384a59989074ab4316 -AUX CVE-2009-0846.patch 1682 RMD160 80292c97735b2e45eb450d2c8f6c30e6b0dbf199 SHA1 4bde9e943f4604bfde41cb91f923c123716add71 SHA256 71914affe6f8623b44f3b8ac9c98a83783e41200f8965ea5d68e7fb8a4bc3088 -AUX MITKRB5-SA-2008-002.patch 1505 RMD160 35bb24ae802b532836810588e13c775ef8522cc1 SHA1 70fb0d83da33eb3e00355a11894c37f7c9d2b9aa SHA256 8e84a55080461f117f61501550c364f9ac25d9079601281a0d413bff664fc386 -AUX mit-krb5-lazyldflags.patch 509 RMD160 47515882e93e0db7db6980a4460a01f2cbc3f382 SHA1 db880ff82bd72afd2815a8e8d345c815c2769715 SHA256 272b3a18303b43c64bbcc1da9bcb7cd60d56337700d84c78741c7096c18044d5 -AUX mit-krb5kadmind.initd 687 RMD160 7602d12d570e80edf24953befbe4ec03d247e4ba SHA1 753a5875659d3bef63c1a50bb0228f1c3c06bdf9 SHA256 427953b3a2dbe0a8f85bee1294a348c97dbbdac4741f06c2a3768170ba29161a -AUX mit-krb5kdc.confd 89 RMD160 93f1e41e6baed5df7e33a2b407437f25c1a8d76e SHA1 b2843ab9c092333531f998a4e3c15004655aabbe SHA256 f392d00917a73c3abcf10b67c1b11d41907d75e3c0b176b97b1f2f6449aee62f -AUX mit-krb5kdc.initd 747 RMD160 27b1f758cfe391e91ce0ca9425d0ab798d8abb99 SHA1 75d5a726c5cdaf7747ba3ce076dfe7e791b84b33 SHA256 c9680132423b9f00a90bd072bf079c09a229f3d70f4cfce586e9cff826e459d1 -DIST krb5-1.6.3-signed.tar 11909120 RMD160 4f09e797d6e03c240353f3943875117a39c82c29 SHA1 c4c98801371895f84c6586c344c7f4bd850e6faf SHA256 7a1bd7d4bd326828c8ee382ed2b69ccd6c58762601df897d6a32169d84583d2a -DIST mit-krb5-1.6.3-patches-0.4r1.tar.bz2 5863 RMD160 1135281067a4b452a08887df9299a2f1322b34b9 SHA1 c31ea0cce528bc8c70e44a8e6d964ad1c84b375a SHA256 9523edeea365b14b98ab35e18e2cd24ce4cbc7d9ae16a0cfa309720ec61f0671 -DIST mit-krb5-1.6.3-patches-0.5.tar.bz2 5317 RMD160 423c728e6f399fb4605373495a36480147a35e8c SHA1 ec3327acc45ce29cfd4179adf23fbde52eefb774 SHA256 46538d6b59d6fd1756b9ed0f3002886578a90cf5366e2be1d6fd0ffffeea7d3e -EBUILD mit-krb5-1.6.3-r4.ebuild 2856 RMD160 0dc8918025d76b5286b70ec1deeb7a1503fca6d2 SHA1 5266a3b90be11c98dff10600005aa0af33dd9bbd SHA256 b77792e6cae5295188ea38112eb4d170d5177ac616559a809342ad1014207087 -EBUILD mit-krb5-1.6.3-r6.ebuild 3106 RMD160 fed98d4aa3eff2d64705e4838568b5527138f3f5 SHA1 3faa8946948b6cabb02c557953f7852ae8b11786 SHA256 47a536ac179f5636b9fd433f56321af8c46609aeb1ce70ef439f2a76ee70549f -MISC ChangeLog 926 RMD160 e1a02088aa5597aca7a17b46df7d4f4234505f96 SHA1 58aa1191f36b09a690915d8944169e9e4d132c97 SHA256 08e6bb63e943d4e22686ef22c7a0a8faa9e1874d68a7e351860799e15cedf724 -MISC metadata.xml 858 RMD160 f56079766274a7000a072853c26a9aaf82201af4 SHA1 9a0a21cd1612cc75fc823963d48a1f474aeab298 SHA256 a73a6d019df343c6eacf974423523eabc5e15850bc8addb6885857c7ab9d7305 diff --git a/app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch b/app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch deleted file mode 100644 --- a/app-crypt/mit-krb5/files/1.6-MITKRB5-SA-2008-001.patch +++ /dev/null @@ -1,331 +0,0 @@ ---- src/kdc/dispatch.c (revision 20192) -+++ src/kdc/dispatch.c (working copy) -@@ -1,7 +1,7 @@ - /* - * kdc/dispatch.c - * -- * Copyright 1990 by the Massachusetts Institute of Technology. -+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. -@@ -107,7 +107,7 @@ - retval = KRB5KRB_AP_ERR_MSG_TYPE; - #ifndef NOCACHE - /* put the response into the lookaside buffer */ -- if (!retval) -+ if (!retval && *response != NULL) - kdc_insert_lookaside(pkt, *response); - #endif - ---- src/kdc/kerberos_v4.c (revision 20192) -+++ src/kdc/kerberos_v4.c (working copy) -@@ -1,7 +1,7 @@ - /* - * kdc/kerberos_v4.c - * -- * Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute -+ * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * -@@ -87,11 +87,6 @@ - #define MSB_FIRST 0 /* 68000, IBM RT/PC */ - #define LSB_FIRST 1 /* Vax, PC8086 */ - --int f; -- --/* XXX several files in libkdb know about this */ --char *progname; -- - #ifndef BACKWARD_COMPAT - static Key_schedule master_key_schedule; - static C_Block master_key; -@@ -143,10 +138,8 @@ - #include "com_err.h" - #include "extern.h" /* to pick up master_princ */ - --static krb5_data *response; -- --void kerberos_v4 (struct sockaddr_in *, KTEXT); --void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); -+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT); -+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); - static int set_tgtkey (char *, krb5_kvno, krb5_boolean); - - /* Attributes converted from V5 to V4 - internal representation */ -@@ -262,12 +255,12 @@ - (void) klog(L_KRB_PERR, "V4 request too long."); - return KRB5KRB_ERR_FIELD_TOOLONG; - } -+ memset( &v4_pkt, 0, sizeof(v4_pkt)); - v4_pkt.length = pkt->length; - v4_pkt.mbz = 0; - memcpy( v4_pkt.dat, pkt->data, pkt->length); - -- kerberos_v4( &client_sockaddr, &v4_pkt); -- *resp = response; -+ *resp = kerberos_v4( &client_sockaddr, &v4_pkt); - return(retval); - } - -@@ -300,19 +293,20 @@ - } - - static --int krb4_sendto(int s, const char *msg, int len, int flags, -- const struct sockaddr *to, int to_len) -+krb5_data *make_response(const char *msg, int len) - { -+ krb5_data *response; -+ - if ( !(response = (krb5_data *) malloc( sizeof *response))) { -- return ENOMEM; -+ return 0; - } - if ( !(response->data = (char *) malloc( len))) { - krb5_free_data(kdc_context, response); -- return ENOMEM; -+ return 0; - } - response->length = len; - memcpy( response->data, msg, len); -- return( 0); -+ return response; - } - static void - hang(void) -@@ -586,7 +580,7 @@ - *cp = 0; - } - --void -+static krb5_data * - kerberos_v4(struct sockaddr_in *client, KTEXT pkt) - { - static KTEXT_ST rpkt_st; -@@ -599,8 +593,8 @@ - KTEXT auth = &auth_st; - AUTH_DAT ad_st; - AUTH_DAT *ad = &ad_st; -+ krb5_data *response = 0; - -- - static struct in_addr client_host; - static int msg_byte_order; - static int swap_bytes; -@@ -637,8 +631,7 @@ - inet_ntoa(client_host)); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - - /* check packet version */ -@@ -648,8 +641,7 @@ - KRB_PROT_VERSION, req_version, 0); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - msg_byte_order = req_msg_type & 1; - -@@ -707,10 +699,10 @@ - - if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, - &a_name_data, &k5key, 0, &ck5life))) { -- kerb_err_reply(client, pkt, i, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_low = a_name_data.key_high = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* don't use k5key for client */ - krb5_free_keyblock_contents(kdc_context, &k5key); -@@ -722,11 +714,11 @@ - /* this does all the checking */ - if ((i = check_princ(service, instance, lifetime, - &s_name_data, &k5key, 1, &sk5life))) { -- kerb_err_reply(client, pkt, i, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_high = a_name_data.key_low = 0; - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* Bound requested lifetime with service and user */ - v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life); -@@ -797,8 +789,7 @@ - rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, - req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, - a_name_data.key_version, ciph); -- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, -- (struct sockaddr *) client, sizeof (struct sockaddr_in)); -+ response = make_response((char *) rpkt->dat, rpkt->length); - memset(&a_name_data, 0, sizeof(a_name_data)); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; -@@ -824,9 +815,8 @@ - lt = klog(L_KRB_PERR, - "APPL request with realm length too long from %s", - inet_ntoa(client_host)); -- kerb_err_reply(client, pkt, RD_AP_INCON, -- "realm length too long"); -- return; -+ return kerb_err_reply(client, pkt, RD_AP_INCON, -+ "realm length too long"); - } - - auth->length += (int) *(pkt->dat + auth->length) + -@@ -835,9 +825,8 @@ - lt = klog(L_KRB_PERR, - "APPL request with funky tkt or req_id length from %s", - inet_ntoa(client_host)); -- kerb_err_reply(client, pkt, RD_AP_INCON, -- "funky tkt or req_id length"); -- return; -+ return kerb_err_reply(client, pkt, RD_AP_INCON, -+ "funky tkt or req_id length"); - } - - memcpy(auth->dat, pkt->dat, auth->length); -@@ -848,18 +837,16 @@ - if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) { - lt = klog(L_ERR_UNK, - "Cross realm ticket from %s denied by policy,", tktrlm); -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - if (set_tgtkey(tktrlm, kvno, 0)) { -- lt = klog(L_ERR_UNK, -+ lt = klog(L_ERR_UNK, - "FAILED set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -@@ -869,9 +856,8 @@ - "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ -- kerb_err_reply(client, pkt, -- KERB_ERR_PRINCIPAL_UNKNOWN, lt); -- return; -+ return kerb_err_reply(client, pkt, -+ KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); -@@ -881,8 +867,7 @@ - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_get_err_text(kerno)); - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; -- kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); -- return; -+ return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); - } - ptr = (char *) pkt->dat + auth->length; - -@@ -904,22 +889,21 @@ - req_realm_ptr = ad->prealm; - - if (strcmp(ad->prealm, tktrlm)) { -- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -- "Can't hop realms"); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -+ "Can't hop realms"); - } - if (!strcmp(service, "changepw")) { -- kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -- "Can't authorize password changed based on TGT"); -- return; -+ return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, -+ "Can't authorize password changed based on TGT"); - } - kerno = check_princ(service, instance, req_life, - &s_name_data, &k5key, 1, &sk5life); - if (kerno) { -- kerb_err_reply(client, pkt, kerno, "check_princ failed"); -+ response = kerb_err_reply(client, pkt, kerno, -+ "check_princ failed"); - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); -- return; -+ return response; - } - /* Bound requested lifetime with service and user */ - v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life); -@@ -975,8 +959,7 @@ - rpkt = create_auth_reply(ad->pname, ad->pinst, - ad->prealm, time_ws, - 0, 0, 0, ciph); -- krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, -- (struct sockaddr *) client, sizeof (struct sockaddr_in)); -+ response = make_response((char *) rpkt->dat, rpkt->length); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; - } -@@ -1001,6 +984,7 @@ - break; - } - } -+ return response; - } - - -@@ -1010,7 +994,7 @@ - * client. - */ - --void -+static krb5_data * - kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) - { - static KTEXT_ST e_pkt_st; -@@ -1021,9 +1005,7 @@ - strncat(e_msg, string, sizeof(e_msg) - 1 - 19); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); -- krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0, -- (struct sockaddr *) client, sizeof (struct sockaddr_in)); -- -+ return make_response((char *) e_pkt->dat, e_pkt->length); - } - - static int ---- src/kdc/network.c (revision 20192) -+++ src/kdc/network.c (working copy) -@@ -1,7 +1,7 @@ - /* - * kdc/network.c - * -- * Copyright 1990,2000 by the Massachusetts Institute of Technology. -+ * Copyright 1990,2000,2007 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. -@@ -747,6 +747,8 @@ - com_err(prog, retval, "while dispatching (udp)"); - return; - } -+ if (response == NULL) -+ return; - cc = sendto(port_fd, response->data, (socklen_t) response->length, 0, - (struct sockaddr *)&saddr, saddr_len); - if (cc == -1) { diff --git a/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch b/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch deleted file mode 100644 --- a/app-crypt/mit-krb5/files/CVE-2009-0844+CVE-2009-0847.patch +++ /dev/null @@ -1,48 +0,0 @@ -Index: krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c -=================================================================== ---- krb5-1.6.3.orig/src/lib/gssapi/spnego/spnego_mech.c -+++ krb5-1.6.3/src/lib/gssapi/spnego/spnego_mech.c -@@ -1815,7 +1815,8 @@ get_input_token(unsigned char **buff_in, - return (NULL); - - input_token->length = gssint_get_der_length(buff_in, buff_length, &bytes); -- if ((int)input_token->length == -1) { -+ if ((int)input_token->length == -1 || -+ input_token->length > buff_length) { - free(input_token); - return (NULL); - } -Index: krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c -=================================================================== ---- krb5-1.6.3.orig/src/lib/krb5/asn.1/asn1buf.c -+++ krb5-1.6.3/src/lib/krb5/asn.1/asn1buf.c -@@ -78,11 +78,11 @@ asn1_error_code asn1buf_wrap_data(asn1bu - - asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) - { -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - subbuf->base = subbuf->next = buf->next; - if (!indef) { -+ if (length > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; - subbuf->bound = subbuf->base + length - 1; -- if (subbuf->bound > buf->bound) -- return ASN1_OVERRUN; - } else /* constructed indefinite */ - subbuf->bound = buf->bound; - return 0; -@@ -200,6 +200,7 @@ asn1_error_code asn1buf_remove_octetstri - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; -@@ -218,6 +219,7 @@ asn1_error_code asn1buf_remove_charstrin - { - int i; - -+ if (buf->next > buf->bound + 1) return ASN1_OVERRUN; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; - if (len == 0) { - *s = 0; diff --git a/app-crypt/mit-krb5/files/CVE-2009-0846.patch b/app-crypt/mit-krb5/files/CVE-2009-0846.patch deleted file mode 100644 --- a/app-crypt/mit-krb5/files/CVE-2009-0846.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/lib/krb5/asn.1/asn1_decode.c -b/src/lib/krb5/asn.1/asn1_decode.c -index aa4be32..5f7461d 100644 ---- a/src/lib/krb5/asn.1/asn1_decode.c -+++ b/src/lib/krb5/asn.1/asn1_decode.c -@@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) - - if(length != 15) return ASN1_BAD_LENGTH; - retval = asn1buf_remove_charstring(buf,15,&s); -+ if (retval) return retval; - /* Time encoding: YYYYMMDDhhmmssZ */ - if(s[14] != 'Z') { - free(s); -diff --git a/src/tests/asn.1/krb5_decode_test.c -b/src/tests/asn.1/krb5_decode_test.c -index 0ff9343..1c427d1 100644 ---- a/src/tests/asn.1/krb5_decode_test.c -+++ b/src/tests/asn.1/krb5_decode_test.c -@@ -485,5 +485,21 @@ int main(argc, argv) - ktest_destroy_keyblock(&(ref.subkey)); - ref.seq_number = 0; - decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); -+ -+ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40"); -+ if (retval) { -+ com_err("krb5_decode_test", retval, "while parsing"); -+ exit(1); -+ } -+ retval = decode_krb5_ap_rep_enc_part(&code, &var); -+ if (retval != ASN1_OVERRUN) { -+ printf("ERROR: "); -+ } else { -+ printf("OK: "); -+ } -+ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n"); -+ krb5_free_data_contents(test_context, &code); -+ krb5_free_ap_rep_enc_part(test_context, var); -+ - ktest_empty_ap_rep_enc_part(&ref); - } diff --git a/app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch b/app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch deleted file mode 100644 --- a/app-crypt/mit-krb5/files/MITKRB5-SA-2008-002.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- src/lib/rpc/svc.c (revision 1666) -+++ src/lib/rpc/svc.c (local) -@@ -109,15 +109,17 @@ - if (sock < FD_SETSIZE) { - xports[sock] = xprt; - FD_SET(sock, &svc_fdset); -+ if (sock > svc_maxfd) -+ svc_maxfd = sock; - } - #else - if (sock < NOFILE) { - xports[sock] = xprt; - svc_fds |= (1 << sock); -+ if (sock > svc_maxfd) -+ svc_maxfd = sock; - } - #endif /* def FD_SETSIZE */ -- if (sock > svc_maxfd) -- svc_maxfd = sock; - } - - /* ---- src/lib/rpc/svc_tcp.c (revision 1666) -+++ src/lib/rpc/svc_tcp.c (local) -@@ -54,6 +54,14 @@ - extern errno; - */ - -+#ifndef FD_SETSIZE -+#ifdef NBBY -+#define NOFILE (sizeof(int) * NBBY) -+#else -+#define NOFILE (sizeof(int) * 8) -+#endif -+#endif -+ - /* - * Ops vector for TCP/IP based rpc service handle - */ -@@ -221,6 +221,19 @@ - register SVCXPRT *xprt; - register struct tcp_conn *cd; - -+#ifdef FD_SETSIZE -+ if (fd >= FD_SETSIZE) { -+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); -+ xprt = NULL; -+ goto done; -+ } -+#else -+ if (fd >= NOFILE) { -+ (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); -+ xprt = NULL; -+ goto done; -+ } -+#endif - xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT)); - if (xprt == (SVCXPRT *)NULL) { - (void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n"); -@@ -271,6 +292,10 @@ - * make a new transporter (re-uses xprt) - */ - xprt = makefd_xprt(sock, r->sendsize, r->recvsize); -+ if (xprt == NULL) { -+ close(sock); -+ return (FALSE); -+ } - xprt->xp_raddr = addr; - xprt->xp_addrlen = len; - xprt->xp_laddr = laddr; - diff --git a/app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch b/app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch deleted file mode 100644 --- a/app-crypt/mit-krb5/files/mit-krb5-lazyldflags.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- krb5-1.4/src/clients/ksu/Makefile.in.orig 2004-04-29 18:51:10.000000000 -0400 -+++ krb5-1.4/src/clients/ksu/Makefile.in 2005-04-28 16:51:37.000000000 -0400 -@@ -8,6 +8,7 @@ - PROG_RPATH=$(KRB5_LIBDIR) - - KSU_LIBS=@KSU_LIBS@ -+LAZY_LDFLAGS=-Wl,-z,now - - SRCS = \ - $(srcdir)/krb_auth_su.c \ -@@ -28,7 +29,7 @@ - all:: ksu - - ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) -- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) -+ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(LAZY_LDFLAGS) - - clean:: - $(RM) ksu diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd b/app-crypt/mit-krb5/files/mit-krb5kadmind.initd deleted file mode 100644 --- a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd +++ /dev/null @@ -1,31 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 Admin daemon -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 Admin daemon" -exec="/usr/sbin/kadmind" - -opts="start stop restart" - -depend() { - need net mit-krb5kdc -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --oknodo --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} - -restart() { - svc_stop - svc_start -} diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.confd b/app-crypt/mit-krb5/files/mit-krb5kdc.confd deleted file mode 100644 --- a/app-crypt/mit-krb5/files/mit-krb5kdc.confd +++ /dev/null @@ -1,2 +0,0 @@ -# Set the NEED_LDAP environment variable to 1 if you use the LDAP backend: -# NEED_LDAP=1 diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.initd b/app-crypt/mit-krb5/files/mit-krb5kdc.initd deleted file mode 100644 --- a/app-crypt/mit-krb5/files/mit-krb5kdc.initd +++ /dev/null @@ -1,35 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 KDC -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 KDC" -exec="/usr/sbin/krb5kdc" - -opts="start stop restart" - -depend() { - MYNEED="net" - if [ "${NEED_LDAP}x" = "1x" ]; then - MYNEED="${MYNEED} slapd" - fi - need ${MYNEED} -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --oknodo --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} - -restart() { - svc_stop - svc_start -} diff --git a/app-crypt/mit-krb5/metadata.xml b/app-crypt/mit-krb5/metadata.xml deleted file mode 100644 --- a/app-crypt/mit-krb5/metadata.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - -kerberos -Kerberos 5 reference implementation from MIT - - - This option enables Kerberos V4 backwards compatibility using the - builtin Kerberos V4 library. This is really outdated and dangerous - to use because not safe. - - - Creates and installs the API and implementation - documentation. This is only useful if you want to develop software - which depends on kerberos. - - - Some of the unit-tests in the build tree rely upon using a program - in Tcl. This flag is marked for removal. - - - Enables ldap backend support in krb5. - - - diff --git a/app-crypt/mit-krb5/mit-krb5-1.6.3-r4.ebuild b/app-crypt/mit-krb5/mit-krb5-1.6.3-r4.ebuild deleted file mode 100644 --- a/app-crypt/mit-krb5/mit-krb5-1.6.3-r4.ebuild +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.6.3-r4.ebuild,v 1.9 2008/11/02 10:56:53 dertobi123 Exp $ - -inherit eutils flag-o-matic versionator autotools - -PATCHV="0.4r1" -MY_P=${P/mit-} -P_DIR=$(get_version_component_range 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="http://web.mit.edu/kerberos/www/" -SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar - mirror://gentoo/${P}-patches-${PATCHV}.tar.bz2" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="~amd64" -IUSE="krb4 doc ldap" - -RDEPEND="!virtual/krb5 - >=sys-libs/e2fsprogs-libs-1.41.0 - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - doc? ( virtual/latex-base )" - -S=${WORKDIR}/${MY_P}/src - -PROVIDE="virtual/krb5" - -src_unpack() { - unpack ${A} - unpack ./${MY_P}.tar.gz - cd "${S}" - EPATCH_SUFFIX="patch" epatch "${PATCHDIR}" - einfo "Regenerating configure scripts (be patient)" - local subdir - for subdir in $(find . -name configure.in \ - | xargs grep -l 'AC_CONFIG_SUBDIRS' \ - | sed 's@/configure\.in$@@'); do - ebegin "Regenerating configure script in ${subdir}" - cd "${S}"/${subdir} - eautoconf --force -I "${S}" - eend $? - done -} - -src_compile() { - # needed to work with sys-libs/e2fsprogs-libs <- should be removed!! - append-flags "-I/usr/include/et" - econf \ - $(use_with krb4) \ - $(use_with ldap) \ - --enable-shared \ - --with-system-et --with-system-ss \ - --enable-dns-for-realm \ - --enable-kdc-replay-cache || die - - emake -j1 || die - - if use doc ; then - cd ../doc - for dir in api implement ; do - make -C ${dir} || die - done - fi -} - -src_test() { - einfo "Tests do not run in sandbox, have a lot of dependencies and are therefore completely disabled." -} - -src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR=/usr/share/doc/${PF}/examples \ - install || die - - keepdir /var/lib/krb5kdc - - cd .. - dodoc README - dodoc doc/*.ps - doinfo doc/*.info* - dohtml -r doc/* - - use doc && dodoc doc/{api,implement}/*.ps - - for i in {telnetd,ftpd} ; do - mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 - mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} - done - - for i in {rcp,rlogin,rsh,telnet,ftp} ; do - mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 - mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} - done - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc - - insinto /etc - newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - insinto /etc/openldap/schema - use ldap && doins "${S}"/plugins/kdb/ldap/libkdb_ldap/kerberos.schema -} - -pkg_postinst() { - elog "See /usr/share/doc/${PF}/html/krb5-admin.html for documentation." -} diff --git a/app-crypt/mit-krb5/mit-krb5-1.6.3-r6.ebuild b/app-crypt/mit-krb5/mit-krb5-1.6.3-r6.ebuild deleted file mode 100644 --- a/app-crypt/mit-krb5/mit-krb5-1.6.3-r6.ebuild +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.6.3-r4.ebuild,v 1.9 2008/11/02 10:56:53 dertobi123 Exp $ - -EAPI="2" - -inherit eutils flag-o-matic versionator autotools - -PATCHV="0.5" -MY_P=${P/mit-} -P_DIR=$(get_version_component_range 1-2) -DESCRIPTION="MIT Kerberos V" -HOMEPAGE="http://web.mit.edu/kerberos/www/" -SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar - mirror://gentoo/${P}-patches-${PATCHV}.tar.bz2" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="~amd64" -IUSE="krb4 ldap tcl doc" - -RDEPEND="!virtual/krb5 - sys-libs/e2fsprogs-libs - sys-libs/db:3 - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - doc? ( virtual/latex-base )" - -S=${WORKDIR}/${MY_P}/src - -PROVIDE="virtual/krb5" - -src_unpack() { - unpack ${A} - unpack ./${MY_P}.tar.gz -} - -src_prepare() { - EPATCH_SUFFIX="patch" epatch "${PATCHDIR}" - epatch "${FILESDIR}/CVE-2009-0844+CVE-2009-0847.patch" - epatch "${FILESDIR}/CVE-2009-0846.patch" - - einfo "Regenerating configure scripts (be patient)" - local subdir - for subdir in $(find . -name configure.in \ - | xargs grep -l 'AC_CONFIG_SUBDIRS' \ - | sed 's@/configure\.in$@@'); do - ebegin "Regenerating configure script in ${subdir}" - cd "${S}"/${subdir} - eautoconf --force -I "${S}" - eend $? - done -} - -src_configure() { - # needed to work with sys-libs/e2fsprogs-libs <- should be removed!! - append-flags "-I/usr/include/et" - - export DB_HEADER="db3/db_185.h" - export DB_LIB="-ldb-3" - econf \ - $(use_with krb4) \ - $(use_with ldap) \ - $(use_with tcl) \ - --enable-shared \ - --with-system-et \ - --with-system-ss \ - --with-system-db \ - --enable-dns-for-realm \ - --enable-kdc-replay-cache || die -} - -src_compile() { - emake -j1 || die - - if use doc ; then - cd ../doc - for dir in api implement ; do - make -C "${dir}" || die - done - fi -} - -src_test() { - einfo "Tests do not run in sandbox, have a lot of dependencies and are therefore completely disabled." -} - -src_install() { - emake \ - DESTDIR="${D}" \ - EXAMPLEDIR=/usr/share/doc/${PF}/examples \ - install || die - - keepdir /var/lib/krb5kdc - - cd .. - dodoc README - dodoc doc/*.ps - doinfo doc/*.info* - dohtml -r doc/* - - use doc && dodoc doc/{api,implement}/*.ps - - for i in {telnetd,ftpd} ; do - mv "${D}"/usr/share/man/man8/${i}.8 "${D}"/usr/share/man/man8/k${i}.8 - mv "${D}"/usr/sbin/${i} "${D}"/usr/sbin/k${i} - done - - for i in {rcp,rlogin,rsh,telnet,ftp} ; do - mv "${D}"/usr/share/man/man1/${i}.1 "${D}"/usr/share/man/man1/k${i}.1 - mv "${D}"/usr/bin/${i} "${D}"/usr/bin/k${i} - done - - newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind - newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc - newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc - - insinto /etc - newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example - newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example - - insinto /etc/openldap/schema - use ldap && doins "${S}"/plugins/kdb/ldap/libkdb_ldap/kerberos.schema -} - -pkg_postinst() { - elog "See /usr/share/doc/${PF}/html/krb5-admin.html for documentation." -}