diff options
Diffstat (limited to 'app-crypt/heimdal')
-rw-r--r-- | app-crypt/heimdal/Manifest | 2 | ||||
-rw-r--r-- | app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch | 36 | ||||
-rw-r--r-- | app-crypt/heimdal/files/heimdal-7.8.0-configure-clang16.patch | 54 | ||||
-rw-r--r-- | app-crypt/heimdal/files/heimdal_fix-autoconf-2.70.patch | 29 | ||||
-rw-r--r-- | app-crypt/heimdal/files/heimdal_hcrypto.patch | 45 | ||||
-rw-r--r-- | app-crypt/heimdal/heimdal-7.8.0-r1.ebuild (renamed from app-crypt/heimdal/heimdal-7.7.0-r5.ebuild) | 20 | ||||
-rw-r--r-- | app-crypt/heimdal/heimdal-7.8.0-r2.ebuild | 191 | ||||
-rw-r--r-- | app-crypt/heimdal/heimdal-7.8.0-r3.ebuild | 180 | ||||
-rw-r--r-- | app-crypt/heimdal/metadata.xml | 2 |
9 files changed, 474 insertions, 85 deletions
diff --git a/app-crypt/heimdal/Manifest b/app-crypt/heimdal/Manifest index 7402ad50fecf..1c1d72c4ec6f 100644 --- a/app-crypt/heimdal/Manifest +++ b/app-crypt/heimdal/Manifest @@ -1 +1 @@ -DIST heimdal-7.7.0.tar.gz 10189293 BLAKE2B db9cdd1861dc9214a7f76b3d8b9656cfc0bad11cb6eadffa4fa29ea7f9aabd4c3d1b628c510644ec9abe1b3bf27a413ccf8cd590d602c4a4ac54ba3deb4cedc4 SHA512 6660939b5a36ce36310721a08a089fb671d1e3d2e8ac74ea4775bfa5f8f772d32de805551456200fe96cc486c092c44beb84f5dd877008bc305490ee971bbf99 +DIST heimdal-7.8.0.tar.gz 10024936 BLAKE2B bab8ed12a5257395b34bb88e22147912857015c652f0899c54809582c49f9c33b9ac748b28dd38ac7072d245e86e44c5dafb8725103fcb4a6dae16c8d1d4b623 SHA512 0167345aca77d65b7a1113874eee5b65ec6e1fec1f196d57e571265409fa35ef95a673a4fd4aafbb0ab5fb5b246b97412353a68d6613a8aff6393a9f1e72999e diff --git a/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch b/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch new file mode 100644 index 000000000000..dad75df4b3b8 --- /dev/null +++ b/app-crypt/heimdal/files/heimdal-7.8.0-CVE-2022-45142.patch @@ -0,0 +1,36 @@ +https://bugs.gentoo.org/893722 +https://www.openwall.com/lists/oss-security/2023/02/08/1 + +From: Helmut Grohne <helmut@...divi.de> +Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions + +The referenced commit attempted to fix miscompilations with gcc-9 and +gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, +it also inverted the result of the comparison in two occasions. This +inversion happened during backporting the patch to 7.7.1 and 7.8.0. + +Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() + for arcfour unwrap") +Signed-off-by: Helmut Grohne <helmut@...divi.de> +--- a/lib/gssapi/krb5/arcfour.c ++++ b/lib/gssapi/krb5/arcfour.c +@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0); ++ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; +@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */ ++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */ + if (cmp) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; +-- +2.38.1 diff --git a/app-crypt/heimdal/files/heimdal-7.8.0-configure-clang16.patch b/app-crypt/heimdal/files/heimdal-7.8.0-configure-clang16.patch new file mode 100644 index 000000000000..6e948bc51c3b --- /dev/null +++ b/app-crypt/heimdal/files/heimdal-7.8.0-configure-clang16.patch @@ -0,0 +1,54 @@ +https://bugs.gentoo.org/899072 +https://github.com/heimdal/heimdal/issues/790 +https://github.com/heimdal/heimdal/pull/1085 + +From 5b872a635c9c8f04f58e03c43e7953c35e1f66b7 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Thu, 13 Apr 2023 13:13:59 +0200 +Subject: [PATCH 1/2] cf: Include <string.h> for memset in AC_HAVE_STRUCT_FIELD + +Otherwise, the check relies on an implicit function declaration, +and will fail unconditionally with compilers that do not support +them. +--- a/cf/have-struct-field.m4 ++++ b/cf/have-struct-field.m4 +@@ -7,7 +7,8 @@ dnl AC_HAVE_STRUCT_FIELD(struct, field, headers) + AC_DEFUN([AC_HAVE_STRUCT_FIELD], [ + define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_])) + AC_CACHE_CHECK([for $2 in $1], cache_val,[ +-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$3]], ++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <string.h> ++$3]], + [[$1 x; memset(&x, 0, sizeof(x)); x.$2]])], + [cache_val=yes], + [cache_val=no]) + +From fc6d5b5c7677bb7271361c4bd60ea1bd36d944b9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Thu, 13 Apr 2023 13:26:29 +0200 +Subject: [PATCH 2/2] cf: Do not use headers and argument lists in + AC_FIND_FUNC_NO_LIBS2 + +The callers of this macro generally do not supply this information. +Without it, the checks rely on compiler support for implicit function +declarations. It would be possible to supply this information in +the callers. But even then, with the existing macro interface, it +would be necessary to pass eg. null pointers where they trigger +undefined behavior. Therefore, use the same kludge that autoconf +uses to make up prototypes, avoiding those implicit function +declarations. + +The includes/arguments macro parameters are now ignored, but preserved +for interface compatibility. +--- a/cf/find-func-no-libs2.m4 ++++ b/cf/find-func-no-libs2.m4 +@@ -21,7 +21,7 @@ if eval "test \"\$ac_cv_func_$1\" != yes" ; then + *) ac_lib="-l$ac_lib" ;; + esac + LIBS="$6 $ac_lib $5 $ac_save_LIBS" +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[$3]],[[$1($4)]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break]) ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[char $1 (void);]],[[$1()]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break]) + done + eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" + LIBS="$ac_save_LIBS" + diff --git a/app-crypt/heimdal/files/heimdal_fix-autoconf-2.70.patch b/app-crypt/heimdal/files/heimdal_fix-autoconf-2.70.patch deleted file mode 100644 index 0dcc31026203..000000000000 --- a/app-crypt/heimdal/files/heimdal_fix-autoconf-2.70.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 22352b90e78e2d162b98b5ef6c84672c397be40a Mon Sep 17 00:00:00 2001 -From: Lars Wendler <polynomial-c@gentoo.org> -Date: Wed, 17 Mar 2021 17:49:18 +0100 -Subject: [PATCH] autoconf-2.70 fix - -autoconf-2.70 and newer are more strict with quoting etc. and thus generate -a broken configure file: - - configure: 20855: Syntax error: ")" unexpected (expecting "fi") - -Gentoo-bug: https://bugs.gentoo.org/776241 -Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> ---- - cf/check-var.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cf/check-var.m4 b/cf/check-var.m4 -index 2fd7bca6f0..71d6f70ca8 100644 ---- a/cf/check-var.m4 -+++ b/cf/check-var.m4 -@@ -20,7 +20,7 @@ AC_MSG_RESULT($ac_foo) - if test "$ac_foo" = yes; then - AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, - [Define if you have the `]$1[' variable.]) -- m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2])) -+ m4_ifval([$2], [AC_CHECK_DECLS([$1],[],[],[$2])]) - fi - ]) - diff --git a/app-crypt/heimdal/files/heimdal_hcrypto.patch b/app-crypt/heimdal/files/heimdal_hcrypto.patch deleted file mode 100644 index ff3228d4973a..000000000000 --- a/app-crypt/heimdal/files/heimdal_hcrypto.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 329918bd671c89de6e1c2874baba48d658a89a10 Mon Sep 17 00:00:00 2001 -From: Damir Franusic <df@release14.org> -Date: Sun, 9 Dec 2018 19:53:58 +0100 -Subject: [PATCH] hcrypto: fix include path - ---- - lib/hcrypto/Makefile.am | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/hcrypto/Makefile.am b/lib/hcrypto/Makefile.am -index 469176b6c6..195117d174 100644 ---- a/lib/hcrypto/Makefile.am -+++ b/lib/hcrypto/Makefile.am -@@ -9,7 +9,8 @@ AM_CPPFLAGS += $(INCLUDE_openssl_crypto) - endif - - AM_CPPFLAGS += -I$(top_srcdir)/lib/hx509 \ -- -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1 -+ -I$(srcdir)/libtommath -DUSE_HCRYPTO_LTM=1 \ -+ -I$(srcdir)/.. - - lib_LTLIBRARIES = libhcrypto.la - check_LTLIBRARIES = libhctest.la -From 572a6fd7ac41e9210ef3eb765fe7da4ec8a94bb2 Mon Sep 17 00:00:00 2001 -From: Luke Howard <lukeh@padl.com> -Date: Mon, 24 Dec 2018 02:21:32 +0000 -Subject: [PATCH] hx509: fix dependency, hxtool requires ASN.1 headers - ---- - lib/hx509/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am -index b58deb3e37..09643c43a0 100644 ---- a/lib/hx509/Makefile.am -+++ b/lib/hx509/Makefile.am -@@ -164,7 +164,7 @@ hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC) - dist_hxtool_SOURCES = hxtool.c - nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h - --$(hxtool_OBJECTS): hxtool-commands.h hx509_err.h -+$(hxtool_OBJECTS): hxtool-commands.h $(nodist_include_HEADERS) - - hxtool_LDADD = \ - libhx509.la \ diff --git a/app-crypt/heimdal/heimdal-7.7.0-r5.ebuild b/app-crypt/heimdal/heimdal-7.8.0-r1.ebuild index 7faee15b679b..2db7d36fe6fe 100644 --- a/app-crypt/heimdal/heimdal-7.7.0-r5.ebuild +++ b/app-crypt/heimdal/heimdal-7.8.0-r1.ebuild @@ -1,16 +1,16 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -PYTHON_COMPAT=( python3_{8..10} ) +PYTHON_COMPAT=( python3_{10..11} ) VIRTUALX_REQUIRED="manual" -inherit autotools db-use multilib multilib-minimal python-any-r1 virtualx flag-o-matic +inherit autotools db-use multilib-minimal python-any-r1 virtualx flag-o-matic MY_P="${P}" DESCRIPTION="Kerberos 5 implementation from KTH" -HOMEPAGE="http://www.h5l.org/" +HOMEPAGE="https://www.heimdal.software/" SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz" LICENSE="BSD" @@ -19,6 +19,9 @@ KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 sparc IUSE="afs +berkdb caps gdbm hdb-ldap +lmdb otp selinux ssl static-libs test X" RESTRICT="!test? ( test )" +# 717740 +REQUIRED_USE="otp? ( berkdb )" + CDEPEND=" virtual/libcrypt:=[${MULTILIB_USEDEP}] ssl? ( @@ -47,7 +50,7 @@ DEPEND="${CDEPEND} dev-perl/JSON virtual/pkgconfig sys-apps/texinfo - >=sys-devel/autoconf-2.62 + >=dev-build/autoconf-2.62 test? ( X? ( ${VIRTUALX_DEPEND} ) )" RDEPEND="${CDEPEND} @@ -71,10 +74,9 @@ MULTILIB_CHOST_TOOLS=( PATCHES=( "${FILESDIR}/heimdal_disable-check-iprop.patch" "${FILESDIR}/heimdal_tinfo.patch" - "${FILESDIR}/heimdal_hcrypto.patch" "${FILESDIR}/heimdal_build-headers-before-use.patch" "${FILESDIR}/heimdal_fix-db60.patch" - "${FILESDIR}/heimdal_fix-autoconf-2.70.patch" + "${FILESDIR}/heimdal-7.8.0-CVE-2022-45142.patch" ) src_prepare() { @@ -123,7 +125,7 @@ multilib_src_configure() { ) fi - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + CONFIG_SHELL="${BROOT}"/bin/bash ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" } multilib_src_compile() { diff --git a/app-crypt/heimdal/heimdal-7.8.0-r2.ebuild b/app-crypt/heimdal/heimdal-7.8.0-r2.ebuild new file mode 100644 index 000000000000..8645dd099c0d --- /dev/null +++ b/app-crypt/heimdal/heimdal-7.8.0-r2.ebuild @@ -0,0 +1,191 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +VIRTUALX_REQUIRED="manual" + +inherit autotools db-use multilib-minimal python-any-r1 virtualx flag-o-matic + +MY_P="${P}" +DESCRIPTION="Kerberos 5 implementation from KTH" +HOMEPAGE="https://www.heimdal.software/" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="afs +berkdb caps gdbm hdb-ldap +lmdb otp selinux ssl static-libs test X" +RESTRICT="!test? ( test )" + +# 717740 +REQUIRED_USE="otp? ( berkdb )" + +CDEPEND=" + virtual/libcrypt:=[${MULTILIB_USEDEP}] + ssl? ( + >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] + ) + berkdb? ( >=sys-libs/db-4.8.30-r1:*[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + lmdb? ( dev-db/lmdb:= ) + caps? ( sys-libs/libcap-ng ) + >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + sys-libs/ncurses:0= + >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}] + afs? ( net-fs/openafs ) + hdb-ldap? ( >=net-nds/openldap-2.3.0:= ) + X? ( + x11-libs/libX11 + x11-libs/libXau + x11-libs/libXt + ) + !!app-crypt/mit-krb5 + !!app-crypt/mit-krb5-appl" + +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + dev-perl/JSON + virtual/pkgconfig + sys-apps/texinfo + >=dev-build/autoconf-2.62 + test? ( X? ( ${VIRTUALX_DEPEND} ) )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-kerberos )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/krb5-types.h + /usr/include/cms_asn1.h + /usr/include/digest_asn1.h + /usr/include/hdb_asn1.h + /usr/include/krb5_asn1.h + /usr/include/pkcs12_asn1.h + /usr/include/pkinit_asn1.h + /usr/include/rfc2459_asn1.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/krb5-config +) + +PATCHES=( + "${FILESDIR}/heimdal_disable-check-iprop.patch" + "${FILESDIR}/heimdal_tinfo.patch" + "${FILESDIR}/heimdal_build-headers-before-use.patch" + "${FILESDIR}/heimdal_fix-db60.patch" + "${FILESDIR}/heimdal-7.8.0-CVE-2022-45142.patch" + "${FILESDIR}/heimdal-7.8.0-configure-clang16.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # QA + append-flags -fno-strict-aliasing + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myeconfargs=( + --enable-kcm + --disable-osfc2 + --enable-shared + --with-libintl="${EPREFIX}"/usr + --with-readline="${EPREFIX}"/usr + --with-sqlite3="${EPREFIX}"/usr + --libexecdir="${EPREFIX}"/usr/sbin + --enable-pthread-support + --enable-kx509 + --enable-pk-init + --with-ipv6 + $(use_enable afs afs-support) + $(use_enable gdbm ndbm-db) + $(use_enable lmdb mdb-db) + $(use_enable otp) + $(use_enable static-libs static) + $(multilib_native_use_with caps capng) + $(multilib_native_use_with hdb-ldap openldap "${EPREFIX}"/usr) + $(use_with ssl openssl "${EPREFIX}"/usr) + $(multilib_native_use_with X x) + ) + if use berkdb; then + myeconfargs+=( + --with-berkeley-db + --with-berkeley-db-include="$(db_includedir)" + ) + else + myeconfargs+=( + --without-berkeley-db + ) + fi + + CONFIG_SHELL="${BROOT}"/bin/bash ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + emake + else + emake -C include + emake -C lib + emake -C kdc + emake -C tools + emake -C tests/plugin + fi +} + +multilib_src_test() { + multilib_is_native_abi && emake -j1 check +} + +multilib_src_install() { + if multilib_is_native_abi; then + INSTALL_CATPAGES="no" emake DESTDIR="${D}" install + else + emake -C include DESTDIR="${D}" install + emake -C lib DESTDIR="${D}" install + emake -C kdc DESTDIR="${D}" install + emake -C tools DESTDIR="${D}" install + emake -C tests/plugin DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + dodoc ChangeLog* README NEWS TODO + + # client rename + mv "${ED}"/usr/share/man/man1/{,k}su.1 + mv "${ED}"/usr/bin/{,k}su + + newinitd "${FILESDIR}"/heimdal-kdc.initd-r2 heimdal-kdc + newinitd "${FILESDIR}"/heimdal-kadmind.initd-r2 heimdal-kadmind + newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r2 heimdal-kpasswdd + newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm + + newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc + newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind + newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd + newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm + + insinto /etc + newins "${S}"/krb5.conf krb5.conf.example + + if use hdb-ldap; then + insinto /etc/openldap/schema + doins "${S}/lib/hdb/hdb.schema" + fi + + if ! use static-libs ; then + find "${ED}" -name "*.la" -delete || die + fi + + # default database dir + keepdir /var/heimdal +} diff --git a/app-crypt/heimdal/heimdal-7.8.0-r3.ebuild b/app-crypt/heimdal/heimdal-7.8.0-r3.ebuild new file mode 100644 index 000000000000..597d9cf695c5 --- /dev/null +++ b/app-crypt/heimdal/heimdal-7.8.0-r3.ebuild @@ -0,0 +1,180 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{11..12} ) + +inherit autotools db-use multilib-minimal python-any-r1 flag-o-matic + +MY_P="${P}" +DESCRIPTION="Kerberos 5 implementation from KTH" +HOMEPAGE="https://www.heimdal.software/" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="afs +berkdb caps gdbm hdb-ldap +lmdb otp selinux static-libs test X" +RESTRICT="!test? ( test )" + +# 717740 +REQUIRED_USE="otp? ( berkdb )" + +CDEPEND=" + virtual/libcrypt:=[${MULTILIB_USEDEP}] + berkdb? ( >=sys-libs/db-4.8.30-r1:*[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + lmdb? ( dev-db/lmdb:= ) + caps? ( sys-libs/libcap-ng ) + >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + sys-libs/ncurses:0= + >=sys-libs/readline-6.2_p5-r1:0=[${MULTILIB_USEDEP}] + afs? ( net-fs/openafs ) + hdb-ldap? ( >=net-nds/openldap-2.3.0:= ) + !!app-crypt/mit-krb5 + !!app-crypt/mit-krb5-appl" + +DEPEND="${CDEPEND} + ${PYTHON_DEPS} + dev-perl/JSON + virtual/pkgconfig + sys-apps/texinfo + >=dev-build/autoconf-2.62" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-kerberos )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/krb5-types.h + /usr/include/cms_asn1.h + /usr/include/digest_asn1.h + /usr/include/hdb_asn1.h + /usr/include/krb5_asn1.h + /usr/include/pkcs12_asn1.h + /usr/include/pkinit_asn1.h + /usr/include/rfc2459_asn1.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/krb5-config +) + +PATCHES=( + "${FILESDIR}/heimdal_disable-check-iprop.patch" + "${FILESDIR}/heimdal_tinfo.patch" + "${FILESDIR}/heimdal_build-headers-before-use.patch" + "${FILESDIR}/heimdal_fix-db60.patch" + "${FILESDIR}/heimdal-7.8.0-CVE-2022-45142.patch" + "${FILESDIR}/heimdal-7.8.0-configure-clang16.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # QA + append-flags -fno-strict-aliasing + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local myeconfargs=( + --enable-kcm + --disable-osfc2 + --enable-shared + --with-libintl="${EPREFIX}"/usr + --with-readline="${EPREFIX}"/usr + --with-sqlite3="${EPREFIX}"/usr + --libexecdir="${EPREFIX}"/usr/sbin + --enable-pthread-support + --enable-kx509 + --enable-pk-init + --with-ipv6 + --without-openssl + $(use_enable afs afs-support) + $(use_enable gdbm ndbm-db) + $(use_enable lmdb mdb-db) + $(use_enable otp) + $(use_enable static-libs static) + $(multilib_native_use_with caps capng) + $(multilib_native_use_with hdb-ldap openldap "${EPREFIX}"/usr) + ) + if use berkdb; then + myeconfargs+=( + --with-berkeley-db + --with-berkeley-db-include="$(db_includedir)" + ) + else + myeconfargs+=( + --without-berkeley-db + ) + fi + + CONFIG_SHELL="${BROOT}"/bin/bash ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + emake + else + emake -C include + emake -C lib + emake -C kdc + emake -C tools + emake -C tests/plugin + fi +} + +multilib_src_test() { + multilib_is_native_abi && emake -j1 check +} + +multilib_src_install() { + if multilib_is_native_abi; then + INSTALL_CATPAGES="no" emake DESTDIR="${D}" install + else + emake -C include DESTDIR="${D}" install + emake -C lib DESTDIR="${D}" install + emake -C kdc DESTDIR="${D}" install + emake -C tools DESTDIR="${D}" install + emake -C tests/plugin DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + dodoc ChangeLog* README NEWS TODO + + # client rename + mv "${ED}"/usr/share/man/man1/{,k}su.1 + mv "${ED}"/usr/bin/{,k}su + + newinitd "${FILESDIR}"/heimdal-kdc.initd-r2 heimdal-kdc + newinitd "${FILESDIR}"/heimdal-kadmind.initd-r2 heimdal-kadmind + newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r2 heimdal-kpasswdd + newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm + + newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc + newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind + newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd + newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm + + insinto /etc + newins "${S}"/krb5.conf krb5.conf.example + + if use hdb-ldap; then + insinto /etc/openldap/schema + doins "${S}/lib/hdb/hdb.schema" + fi + + if ! use static-libs ; then + find "${ED}" -name "*.la" -delete || die + fi + + # default database dir + keepdir /var/heimdal +} diff --git a/app-crypt/heimdal/metadata.xml b/app-crypt/heimdal/metadata.xml index 96f5c49962ab..9ac91f9e56c9 100644 --- a/app-crypt/heimdal/metadata.xml +++ b/app-crypt/heimdal/metadata.xml @@ -13,7 +13,7 @@ Adds support for LDAP as a database backend </flag> <flag name="lmdb"> - Add support for using dev-db/lmdb for lookup tables + Add support for using <pkg>dev-db/lmdb</pkg> for lookup tables </flag> </use> <upstream> |