summaryrefslogtreecommitdiff
path: root/user/heimdal
diff options
context:
space:
mode:
Diffstat (limited to 'user/heimdal')
-rw-r--r--user/heimdal/005_all_heimdal-suid_fix.patch20
-rw-r--r--user/heimdal/APKBUILD131
-rw-r--r--user/heimdal/CVE-2017-17439.patch45
-rwxr-xr-xuser/heimdal/heimdal-kadmind.initd24
-rwxr-xr-xuser/heimdal/heimdal-kdc.initd23
-rwxr-xr-xuser/heimdal/heimdal-kpasswdd.initd24
-rw-r--r--user/heimdal/heimdal_missing-include.patch11
-rw-r--r--user/heimdal/only-build-libedit-when-necessary.patch21
8 files changed, 0 insertions, 299 deletions
diff --git a/user/heimdal/005_all_heimdal-suid_fix.patch b/user/heimdal/005_all_heimdal-suid_fix.patch
deleted file mode 100644
index 0524db61e..000000000
--- a/user/heimdal/005_all_heimdal-suid_fix.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- appl/su/Makefile.am 2005-06-16 18:27:46.000000000 +0200
-+++ b/appl/su/Makefile.am 2005-06-27 23:25:21.000000000 +0200
-@@ -7,6 +7,7 @@
- bin_PROGRAMS = su
- bin_SUIDS = su
- su_SOURCES = su.c supaths.h
-+su_LDFLAGS = -Wl,-z,now
- man_MANS = su.1
-
- LDADD = $(LIB_kafs) \
---- appl/otp/Makefile.am 2005-06-16 18:28:46.000000000 +0200
-+++ b/appl/otp/Makefile.am 2005-06-27 23:25:40.000000000 +0200
-@@ -8,6 +8,7 @@
- bin_SUIDS = otp
- otp_SOURCES = otp.c otp_locl.h
- otpprint_SOURCES = otpprint.c otp_locl.h
-+otp_LDFLAGS = -Wl,-z,now
-
- man_MANS = otp.1 otpprint.1
-
diff --git a/user/heimdal/APKBUILD b/user/heimdal/APKBUILD
deleted file mode 100644
index f8cb57211..000000000
--- a/user/heimdal/APKBUILD
+++ /dev/null
@@ -1,131 +0,0 @@
-# Contributor: Natanael Copa <ncopa@alpinelinux.org>
-# Maintainer:
-pkgname=heimdal
-pkgver=7.5.0
-pkgrel=2
-pkgdesc="An implementation of Kerberos 5"
-url="http://www.h5l.org/"
-arch="all"
-options="suid"
-license="BSD-3-Clause AND BSD-2-Clause AND Public-Domain AND MIT"
-depends="krb5-conf"
-depends_dev="openssl-dev e2fsprogs-dev db-dev"
-makedepends="$depends_dev autoconf automake bash libtool
- ncurses-dev perl libedit-dev sqlite-dev texinfo perl-json"
-install=
-subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc"
-source="https://github.com/heimdal/heimdal/releases/download/heimdal-$pkgver/heimdal-$pkgver.tar.gz
- heimdal-kadmind.initd
- heimdal-kdc.initd
- heimdal-kpasswdd.initd
-
- 005_all_heimdal-suid_fix.patch
- heimdal_missing-include.patch
- only-build-libedit-when-necessary.patch
- "
-
-# secfixes:
-# 7.4.0-r2:
-# - CVE-2017-17439
-# 7.4.0-r0:
-# - CVE-2017-11103
-
-prepare() {
- [ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1
-
- cd "$builddir"
- default_prepare
-
- sh ./autogen.sh
-}
-
-build() {
- cd "$builddir"
- export LDFLAGS="${LDFLAGS} -Wl,--as-needed"
- export LIBS="-ldb"
-
- ./configure \
- --build=$CBUILD \
- --host=$CHOST \
- --prefix=/usr \
- --enable-shared=yes \
- --without-x \
- --with-berkeley-db \
- --with-libedit=/usr \
- --with-libedit-lib=/usr/lib \
- --with-sqlite3=/usr \
- --without-openssl
-
- # make sure we use system version
- rm -r lib/sqlite lib/com_err
-
- # workarount a parallell build issue
- make -C lib/asn1 der-protos.h der-private.h
- make -C lib/kadm5 kadm5-protos.h kadm5-private.h kadm5_err.h
- make -C lib/krb5 krb5-protos.h krb5-private.h krb5_err.h krb_err.h \
- heim_err.h k524_err.h
- make -C lib/hx509 hx509-private.h hx509-protos.h
- make
-}
-
-check() {
- cd "$builddir"
- make -j1 check
-}
-
-package() {
- cd "$builddir"
- make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \
- mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \
- localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install
-
-
- install -m755 -D "$srcdir"/heimdal-kadmind.initd \
- "$pkgdir"/etc/init.d/heimdal-kadmind
- install -m755 -D "$srcdir"/heimdal-kdc.initd \
- "$pkgdir"/etc/init.d/heimdal-kdc
- install -m755 -D "$srcdir"/heimdal-kpasswdd.initd \
- "$pkgdir"/etc/init.d/heimdal-kpasswdd
-
- for i in 1 3 5 8; do
- rm -rf "$pkgdir"/usr/share/man/cat$i
- done
-
- # Remove conflicts
- # e2fsprogs
- rm -f "$pkgdir"/usr/bin/compile_et \
- "$pkgdir"/usr/share/man/man1/compile_et.1
-
- # Compress info pages
- for page in heimdal hx509; do
- gzip -9 "$pkgdir"/usr/share/info/${page}.info
- done
-
- # Install the license
- install -d "$pkgdir"/usr/share/licenses/$pkgname
- install -D -m644 "$builddir"/LICENSE \
- "$pkgdir"/usr/share/licenses/$pkgname/
-}
-
-libs() {
- pkgdesc="Heimdal libraries"
- replaces="heimdal"
- depends="krb5-conf"
- mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin
- mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
- mv "$pkgdir"/usr/bin/string2key \
- "$pkgdir"/usr/bin/verify_krb5_conf \
- "$subpkgdir"/usr/bin/
- mv "$pkgdir"/usr/sbin/kdigest \
- "$pkgdir"/usr/sbin/digest-service \
- "$subpkgdir"/usr/sbin/
-
-}
-
-sha512sums="6d1ad77e795df786680b5e68e2bfefee27bd0207eab507295d7af7053135de9c9ebb517d2c0235bc3a7d50945e18044515f0d76c0899b6b74aa839f1f3e5b131 heimdal-7.5.0.tar.gz
-0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd heimdal-kadmind.initd
-4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9 heimdal-kdc.initd
-abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09b0e8d1384e037c3cff6525e11def0122c35c32eebd0d196f heimdal-kpasswdd.initd
-2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56 005_all_heimdal-suid_fix.patch
-e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1 heimdal_missing-include.patch
-d1c50b0a656f15afeae78ce0ace0f9adceea028e118f3952a724d23c63bba7d5c9a50980de16c7606a93769c0aa48ce3b932e8a64f5d7a2127d31d2f39e9688d only-build-libedit-when-necessary.patch"
diff --git a/user/heimdal/CVE-2017-17439.patch b/user/heimdal/CVE-2017-17439.patch
deleted file mode 100644
index 8c3273971..000000000
--- a/user/heimdal/CVE-2017-17439.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 749d377fa357351a7bbba51f8aae72cdf0629592 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <viktor@twosigma.com>
-Date: Tue, 5 Dec 2017 18:49:50 -0500
-Subject: [PATCH] Security: Avoid NULL structure pointer member dereference
-
-This can happen in the error path when processing malformed AS
-requests with a NULL client name. Bug originally introduced on
-Fri Feb 13 09:26:01 2015 +0100 in commit:
-
- a873e21d7c06f22943a90a41dc733ae76799390d
-
- kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext()
-
-Original patch by Jeffrey Altman <jaltman@secure-endpoints.com>
-
-(cherry picked from commit 1a6a6e462dc2ac6111f9e02c6852ddec4849b887)
----
- kdc/kerberos5.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
-index 95a74927f7..675b406b82 100644
---- a/kdc/kerberos5.c
-+++ b/kdc/kerberos5.c
-@@ -2226,15 +2226,17 @@ _kdc_as_rep(kdc_request_t r,
- /*
- * In case of a non proxy error, build an error message.
- */
-- if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
-+ if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
- ret = _kdc_fast_mk_error(context, r,
- &error_method,
- r->armor_crypto,
- &req->req_body,
- ret, r->e_text,
- r->server_princ,
-- &r->client_princ->name,
-- &r->client_princ->realm,
-+ r->client_princ ?
-+ &r->client_princ->name : NULL,
-+ r->client_princ ?
-+ &r->client_princ->realm : NULL,
- NULL, NULL,
- reply);
- if (ret)
diff --git a/user/heimdal/heimdal-kadmind.initd b/user/heimdal/heimdal-kadmind.initd
deleted file mode 100755
index 73f23815c..000000000
--- a/user/heimdal/heimdal-kadmind.initd
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kadmind,v 1.3 2004/09/13 22:44:54 solar Exp $
-
-depend() {
- need net
- use heimdal-kdc
- after logger
-}
-
-start() {
- ebegin "Starting heimdal kadmind"
- /usr/sbin/kadmind &
- echo $! > /var/run/heimdal-kadmind.pid
- eend $?
-}
-
-stop() {
- ebegin "Stopping heimdal kadmind"
- start-stop-daemon --stop --quiet --exec \
- /usr/sbin/kadmind
- eend $?
-}
diff --git a/user/heimdal/heimdal-kdc.initd b/user/heimdal/heimdal-kdc.initd
deleted file mode 100755
index 32288c4e7..000000000
--- a/user/heimdal/heimdal-kdc.initd
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kdc,v 1.2 2004/09/13 15:40:34 dragonheart Exp $
-
-depend() {
- need net
- after logger
-}
-
-start() {
- ebegin "Starting heimdal kdc"
- start-stop-daemon --start --quiet --exec \
- /usr/sbin/kdc -- --detach
- eend $?
-}
-
-stop() {
- ebegin "Stopping heimdal kdc"
- start-stop-daemon --stop --quiet --exec \
- /usr/sbin/kdc
- eend $?
-}
diff --git a/user/heimdal/heimdal-kpasswdd.initd b/user/heimdal/heimdal-kpasswdd.initd
deleted file mode 100755
index 5fc21e0dc..000000000
--- a/user/heimdal/heimdal-kpasswdd.initd
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kpasswdd,v 1.3 2004/09/13 22:44:54 solar Exp $
-
-depend() {
- need net
- use heimdal-kdc
- after logger
-}
-
-start() {
- ebegin "Starting heimdal kpasswdd"
- start-stop-daemon --background --start --quiet --exec \
- /usr/sbin/kpasswdd
- eend $?
-}
-
-stop() {
- ebegin "Stopping heimdal kpasswdd"
- start-stop-daemon --stop --quiet --exec \
- /usr/sbin/kpasswdd
- eend $?
-}
diff --git a/user/heimdal/heimdal_missing-include.patch b/user/heimdal/heimdal_missing-include.patch
deleted file mode 100644
index 8cca906a7..000000000
--- a/user/heimdal/heimdal_missing-include.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- lib/base/test_base.c 2011-09-30 15:58:45.000000000 +0300
-+++ b/lib/base/test_base.c 2011-12-27 23:04:50.482955923 +0200
-@@ -39,6 +39,8 @@
- #include "heimbase.h"
- #include "heimbasepriv.h"
-
-+#include <stdlib.h>
-+
- static void
- memory_free(heim_object_t obj)
- {
diff --git a/user/heimdal/only-build-libedit-when-necessary.patch b/user/heimdal/only-build-libedit-when-necessary.patch
deleted file mode 100644
index 105c7019d..000000000
--- a/user/heimdal/only-build-libedit-when-necessary.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- heimdal-7.5.0/configure.ac.old 2017-12-08 01:36:46.000000000 -0600
-+++ heimdal-7.5.0/configure.ac 2018-07-04 18:50:45.720000000 -0500
-@@ -309,8 +309,6 @@
- #endif
- ],-ledit,,, READLINE,, [readline.h readline/readline.h editline/readline.h])
-
--AC_CONFIG_SUBDIRS([lib/libedit])
--
- KRB_C_BIGENDIAN
- AC_C_INLINE
-
---- heimdal-7.5.0/cf/krb-readline.m4.old 2016-12-20 08:23:06.000000000 -0600
-+++ heimdal-7.5.0/cf/krb-readline.m4 2018-07-04 18:50:04.140000000 -0500
-@@ -19,6 +19,7 @@
- :
- else
- build_libedit=yes
-+ AC_CONFIG_SUBDIRS([lib/libedit])
- LIB_readline="\$(top_builddir)/lib/libedit/src/libheimedit.la \$(LIB_tgetent)"
- fi
- AM_CONDITIONAL(LIBEDIT, test "$build_libedit" = yes)