diff options
Diffstat (limited to 'user/heimdal')
-rw-r--r-- | user/heimdal/005_all_heimdal-suid_fix.patch | 20 | ||||
-rw-r--r-- | user/heimdal/APKBUILD | 131 | ||||
-rw-r--r-- | user/heimdal/CVE-2017-17439.patch | 45 | ||||
-rwxr-xr-x | user/heimdal/heimdal-kadmind.initd | 24 | ||||
-rwxr-xr-x | user/heimdal/heimdal-kdc.initd | 23 | ||||
-rwxr-xr-x | user/heimdal/heimdal-kpasswdd.initd | 24 | ||||
-rw-r--r-- | user/heimdal/heimdal_missing-include.patch | 11 | ||||
-rw-r--r-- | user/heimdal/only-build-libedit-when-necessary.patch | 21 |
8 files changed, 0 insertions, 299 deletions
diff --git a/user/heimdal/005_all_heimdal-suid_fix.patch b/user/heimdal/005_all_heimdal-suid_fix.patch deleted file mode 100644 index 0524db61e..000000000 --- a/user/heimdal/005_all_heimdal-suid_fix.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- appl/su/Makefile.am 2005-06-16 18:27:46.000000000 +0200 -+++ b/appl/su/Makefile.am 2005-06-27 23:25:21.000000000 +0200 -@@ -7,6 +7,7 @@ - bin_PROGRAMS = su - bin_SUIDS = su - su_SOURCES = su.c supaths.h -+su_LDFLAGS = -Wl,-z,now - man_MANS = su.1 - - LDADD = $(LIB_kafs) \ ---- appl/otp/Makefile.am 2005-06-16 18:28:46.000000000 +0200 -+++ b/appl/otp/Makefile.am 2005-06-27 23:25:40.000000000 +0200 -@@ -8,6 +8,7 @@ - bin_SUIDS = otp - otp_SOURCES = otp.c otp_locl.h - otpprint_SOURCES = otpprint.c otp_locl.h -+otp_LDFLAGS = -Wl,-z,now - - man_MANS = otp.1 otpprint.1 - diff --git a/user/heimdal/APKBUILD b/user/heimdal/APKBUILD deleted file mode 100644 index f8cb57211..000000000 --- a/user/heimdal/APKBUILD +++ /dev/null @@ -1,131 +0,0 @@ -# Contributor: Natanael Copa <ncopa@alpinelinux.org> -# Maintainer: -pkgname=heimdal -pkgver=7.5.0 -pkgrel=2 -pkgdesc="An implementation of Kerberos 5" -url="http://www.h5l.org/" -arch="all" -options="suid" -license="BSD-3-Clause AND BSD-2-Clause AND Public-Domain AND MIT" -depends="krb5-conf" -depends_dev="openssl-dev e2fsprogs-dev db-dev" -makedepends="$depends_dev autoconf automake bash libtool - ncurses-dev perl libedit-dev sqlite-dev texinfo perl-json" -install= -subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc" -source="https://github.com/heimdal/heimdal/releases/download/heimdal-$pkgver/heimdal-$pkgver.tar.gz - heimdal-kadmind.initd - heimdal-kdc.initd - heimdal-kpasswdd.initd - - 005_all_heimdal-suid_fix.patch - heimdal_missing-include.patch - only-build-libedit-when-necessary.patch - " - -# secfixes: -# 7.4.0-r2: -# - CVE-2017-17439 -# 7.4.0-r0: -# - CVE-2017-11103 - -prepare() { - [ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1 - - cd "$builddir" - default_prepare - - sh ./autogen.sh -} - -build() { - cd "$builddir" - export LDFLAGS="${LDFLAGS} -Wl,--as-needed" - export LIBS="-ldb" - - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --enable-shared=yes \ - --without-x \ - --with-berkeley-db \ - --with-libedit=/usr \ - --with-libedit-lib=/usr/lib \ - --with-sqlite3=/usr \ - --without-openssl - - # make sure we use system version - rm -r lib/sqlite lib/com_err - - # workarount a parallell build issue - make -C lib/asn1 der-protos.h der-private.h - make -C lib/kadm5 kadm5-protos.h kadm5-private.h kadm5_err.h - make -C lib/krb5 krb5-protos.h krb5-private.h krb5_err.h krb_err.h \ - heim_err.h k524_err.h - make -C lib/hx509 hx509-private.h hx509-protos.h - make -} - -check() { - cd "$builddir" - make -j1 check -} - -package() { - cd "$builddir" - make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \ - mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \ - localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install - - - install -m755 -D "$srcdir"/heimdal-kadmind.initd \ - "$pkgdir"/etc/init.d/heimdal-kadmind - install -m755 -D "$srcdir"/heimdal-kdc.initd \ - "$pkgdir"/etc/init.d/heimdal-kdc - install -m755 -D "$srcdir"/heimdal-kpasswdd.initd \ - "$pkgdir"/etc/init.d/heimdal-kpasswdd - - for i in 1 3 5 8; do - rm -rf "$pkgdir"/usr/share/man/cat$i - done - - # Remove conflicts - # e2fsprogs - rm -f "$pkgdir"/usr/bin/compile_et \ - "$pkgdir"/usr/share/man/man1/compile_et.1 - - # Compress info pages - for page in heimdal hx509; do - gzip -9 "$pkgdir"/usr/share/info/${page}.info - done - - # Install the license - install -d "$pkgdir"/usr/share/licenses/$pkgname - install -D -m644 "$builddir"/LICENSE \ - "$pkgdir"/usr/share/licenses/$pkgname/ -} - -libs() { - pkgdesc="Heimdal libraries" - replaces="heimdal" - depends="krb5-conf" - mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin - mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ - mv "$pkgdir"/usr/bin/string2key \ - "$pkgdir"/usr/bin/verify_krb5_conf \ - "$subpkgdir"/usr/bin/ - mv "$pkgdir"/usr/sbin/kdigest \ - "$pkgdir"/usr/sbin/digest-service \ - "$subpkgdir"/usr/sbin/ - -} - -sha512sums="6d1ad77e795df786680b5e68e2bfefee27bd0207eab507295d7af7053135de9c9ebb517d2c0235bc3a7d50945e18044515f0d76c0899b6b74aa839f1f3e5b131 heimdal-7.5.0.tar.gz -0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd heimdal-kadmind.initd -4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9 heimdal-kdc.initd -abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09b0e8d1384e037c3cff6525e11def0122c35c32eebd0d196f heimdal-kpasswdd.initd -2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56 005_all_heimdal-suid_fix.patch -e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1 heimdal_missing-include.patch -d1c50b0a656f15afeae78ce0ace0f9adceea028e118f3952a724d23c63bba7d5c9a50980de16c7606a93769c0aa48ce3b932e8a64f5d7a2127d31d2f39e9688d only-build-libedit-when-necessary.patch" diff --git a/user/heimdal/CVE-2017-17439.patch b/user/heimdal/CVE-2017-17439.patch deleted file mode 100644 index 8c3273971..000000000 --- a/user/heimdal/CVE-2017-17439.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 749d377fa357351a7bbba51f8aae72cdf0629592 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni <viktor@twosigma.com> -Date: Tue, 5 Dec 2017 18:49:50 -0500 -Subject: [PATCH] Security: Avoid NULL structure pointer member dereference - -This can happen in the error path when processing malformed AS -requests with a NULL client name. Bug originally introduced on -Fri Feb 13 09:26:01 2015 +0100 in commit: - - a873e21d7c06f22943a90a41dc733ae76799390d - - kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext() - -Original patch by Jeffrey Altman <jaltman@secure-endpoints.com> - -(cherry picked from commit 1a6a6e462dc2ac6111f9e02c6852ddec4849b887) ---- - kdc/kerberos5.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c -index 95a74927f7..675b406b82 100644 ---- a/kdc/kerberos5.c -+++ b/kdc/kerberos5.c -@@ -2226,15 +2226,17 @@ _kdc_as_rep(kdc_request_t r, - /* - * In case of a non proxy error, build an error message. - */ -- if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { -+ if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { - ret = _kdc_fast_mk_error(context, r, - &error_method, - r->armor_crypto, - &req->req_body, - ret, r->e_text, - r->server_princ, -- &r->client_princ->name, -- &r->client_princ->realm, -+ r->client_princ ? -+ &r->client_princ->name : NULL, -+ r->client_princ ? -+ &r->client_princ->realm : NULL, - NULL, NULL, - reply); - if (ret) diff --git a/user/heimdal/heimdal-kadmind.initd b/user/heimdal/heimdal-kadmind.initd deleted file mode 100755 index 73f23815c..000000000 --- a/user/heimdal/heimdal-kadmind.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kadmind,v 1.3 2004/09/13 22:44:54 solar Exp $ - -depend() { - need net - use heimdal-kdc - after logger -} - -start() { - ebegin "Starting heimdal kadmind" - /usr/sbin/kadmind & - echo $! > /var/run/heimdal-kadmind.pid - eend $? -} - -stop() { - ebegin "Stopping heimdal kadmind" - start-stop-daemon --stop --quiet --exec \ - /usr/sbin/kadmind - eend $? -} diff --git a/user/heimdal/heimdal-kdc.initd b/user/heimdal/heimdal-kdc.initd deleted file mode 100755 index 32288c4e7..000000000 --- a/user/heimdal/heimdal-kdc.initd +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kdc,v 1.2 2004/09/13 15:40:34 dragonheart Exp $ - -depend() { - need net - after logger -} - -start() { - ebegin "Starting heimdal kdc" - start-stop-daemon --start --quiet --exec \ - /usr/sbin/kdc -- --detach - eend $? -} - -stop() { - ebegin "Stopping heimdal kdc" - start-stop-daemon --stop --quiet --exec \ - /usr/sbin/kdc - eend $? -} diff --git a/user/heimdal/heimdal-kpasswdd.initd b/user/heimdal/heimdal-kpasswdd.initd deleted file mode 100755 index 5fc21e0dc..000000000 --- a/user/heimdal/heimdal-kpasswdd.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kpasswdd,v 1.3 2004/09/13 22:44:54 solar Exp $ - -depend() { - need net - use heimdal-kdc - after logger -} - -start() { - ebegin "Starting heimdal kpasswdd" - start-stop-daemon --background --start --quiet --exec \ - /usr/sbin/kpasswdd - eend $? -} - -stop() { - ebegin "Stopping heimdal kpasswdd" - start-stop-daemon --stop --quiet --exec \ - /usr/sbin/kpasswdd - eend $? -} diff --git a/user/heimdal/heimdal_missing-include.patch b/user/heimdal/heimdal_missing-include.patch deleted file mode 100644 index 8cca906a7..000000000 --- a/user/heimdal/heimdal_missing-include.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/base/test_base.c 2011-09-30 15:58:45.000000000 +0300 -+++ b/lib/base/test_base.c 2011-12-27 23:04:50.482955923 +0200 -@@ -39,6 +39,8 @@ - #include "heimbase.h" - #include "heimbasepriv.h" - -+#include <stdlib.h> -+ - static void - memory_free(heim_object_t obj) - { diff --git a/user/heimdal/only-build-libedit-when-necessary.patch b/user/heimdal/only-build-libedit-when-necessary.patch deleted file mode 100644 index 105c7019d..000000000 --- a/user/heimdal/only-build-libedit-when-necessary.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- heimdal-7.5.0/configure.ac.old 2017-12-08 01:36:46.000000000 -0600 -+++ heimdal-7.5.0/configure.ac 2018-07-04 18:50:45.720000000 -0500 -@@ -309,8 +309,6 @@ - #endif - ],-ledit,,, READLINE,, [readline.h readline/readline.h editline/readline.h]) - --AC_CONFIG_SUBDIRS([lib/libedit]) -- - KRB_C_BIGENDIAN - AC_C_INLINE - ---- heimdal-7.5.0/cf/krb-readline.m4.old 2016-12-20 08:23:06.000000000 -0600 -+++ heimdal-7.5.0/cf/krb-readline.m4 2018-07-04 18:50:04.140000000 -0500 -@@ -19,6 +19,7 @@ - : - else - build_libedit=yes -+ AC_CONFIG_SUBDIRS([lib/libedit]) - LIB_readline="\$(top_builddir)/lib/libedit/src/libheimedit.la \$(LIB_tgetent)" - fi - AM_CONDITIONAL(LIBEDIT, test "$build_libedit" = yes) |