summaryrefslogtreecommitdiff
path: root/app-crypt/mit-krb5
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-07-14 20:56:41 +0100
committerV3n3RiX <venerix@redcorelinux.org>2018-07-14 20:56:41 +0100
commitd87262dd706fec50cd150aab3e93883b6337466d (patch)
tree246b44c33ad7a57550430b0a60fa0df86a3c9e68 /app-crypt/mit-krb5
parent71bc00c87bba1ce31de0dac6c3b7fd1aee6917fc (diff)
gentoo resync : 14.07.2018
Diffstat (limited to 'app-crypt/mit-krb5')
-rw-r--r--app-crypt/mit-krb5/Manifest21
-rw-r--r--app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch297
-rw-r--r--app-crypt/mit-krb5/files/kpropd.xinetd11
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-1.12_warn_cflags.patch11
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch12
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch31
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kadmind.confd2
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kadmind.initd-r225
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kadmind.service8
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kdc.confd2
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kdc.initd-r224
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kdc.service9
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kpropd.confd2
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kpropd.initd-r224
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kpropd.service8
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kpropd.socket9
-rw-r--r--app-crypt/mit-krb5/files/mit-krb5kpropd_at.service8
-rw-r--r--app-crypt/mit-krb5/metadata.xml22
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild154
-rw-r--r--app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild153
20 files changed, 0 insertions, 833 deletions
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
deleted file mode 100644
index 5a84e9135df4..000000000000
--- a/app-crypt/mit-krb5/Manifest
+++ /dev/null
@@ -1,21 +0,0 @@
-AUX CVE-2018-5729-5730.patch 11896 BLAKE2B 324bbd80acf4a2520909fc26f90f67cec06148ee0effecc43fbadd6c6445b57ee17eae57864c92a5ce0cdc3dbfb0540758910133195fd2078d334bc6e209a452 SHA512 b59ba6cb5d40cca6c8f539c028ba24c2fa6bd1750133545e912f519b91043d426cecf782209c373598fd895c6294e44fc2bc27af34c033ff367bdfb2cb4f91c4
-AUX kpropd.xinetd 194 BLAKE2B cfc40af2e75b0ce5a71e0dfdcfe076d13d996b25d2cb50d4282bc88d7b33b317a202d57df0bb4a2b47113f0d38cb508614e122e4a3bb7dfd2397e2daa3178396 SHA512 c9bbd13f2fadfd2a925bfae834ba61f227cd4386b4c4466b5227d93c792f4549778ef4d6e08353372df99804459277c71f61b41ec71f3afcc600d73c5705f72f
-AUX mit-krb5-1.12_warn_cflags.patch 448 BLAKE2B cd9793866173b394bab3497d19653ca3296924cc49aaf540499b149254265af1d995b4d7493b76185ce35d123e70827cb5fcb221efc6499b86a346cfad7478ab SHA512 42364d9cd8c0a6fd28ae661eeac4d0dd3f2001fe290bf9731ee99c2c786a6488805fc93057d59e201e2cef1e5280af4c170187aa5603f4cf542906abc0fccc2b
-AUX mit-krb5-config_LDFLAGS.patch 466 BLAKE2B 2dd4f1cfc20bea229d08201d66e3de71472dccfa45dee9b260c51578187e706b864c0b4ff81c0c5a09fd29401c2abdbe334441ca075208299b02d5e1d49aff94 SHA512 9a1ca9b33e7708346eda78d199fdc51f0d7bd08d3d65ea15a19955a6155ab71b8ee0c8989859d6dff293a141f197ea19394a91b3b641181140a289b743e0f0e7
-AUX mit-krb5-libressl-version-check.patch 1123 BLAKE2B ca8bad504949c8dcbffe5f9906a38287a2483ffef8b0326cf361f7a07c44787aa0972a24a832aa4da9a1450fa41035bf216c55e1aafb8a890cc8d88f1e210e88 SHA512 cec03ab3577fd8f96f34e51e9380622b09ac5964687b2e8e45e066d16846a9add71c3fd44f6de305ee5c5be5a27a07e4758b6752afdd8a70149b3f191be609f8
-AUX mit-krb5kadmind.confd 76 BLAKE2B ca69357a77ddaf67e2f9c104b17d49af5da9891b13bd855f8b04d54bfb6ccf07ae8c5cb694f65a47646675c844c8f8c7224e8487081df678c73c554498259516 SHA512 dbf968800959f0463899031e823f003e9ece90132f452ebf03df08caf0e6a6e6ca2cfdee91491d269cfa24bef19e72dd33c7d818a4bb13ef85edfb6f0e8299f3
-AUX mit-krb5kadmind.initd-r2 612 BLAKE2B ba2a70a7c123d63b9c58f4ec31c3c2366949e6971ff4f203cb38e1efb5a69991533291e118066e680d880c5221168c8eb5b047ec70dac857888330978d1e5a9b SHA512 3791af603380277a9d2632a01a86f96f68c9eb38a2c9574cca462fe9a01bef60f24785051d0215a8d71dd5022f1404e281929278e2bfd31603a0415dd9df6a98
-AUX mit-krb5kadmind.service 137 BLAKE2B fcbb450a9bd39407801c93d7ffe050eadb27adbfe3165f27fe9a6ad1b18464153109bdab61a85a6a908dbb8e57b14d577165d9144a6f311d90167d01a92de748 SHA512 65a507b84e8280a9e417e32f8667941f52802f1afe9de513718db5a414ba84569b95a5c4d84eb9d39c232901c4ae1f674e6c95ea2c6895dc0c495b78ec04a026
-AUX mit-krb5kdc.confd 54 BLAKE2B d8cbcf8dfb6e9d249b1990587f7e5880f32f3e69df2b44d7e973adcf3809185de76f0c2a12d3c4c4ff590c26b2e3fcd69aedd3881ef23b0216e5bff57993c62b SHA512 bd51139b644350f464fe4d254cc5036e96a7f5b0156033e1fdeed1acee6867052bddfe3495893295e83f56dfdff1c30a606bd64faeba58cc9a5bcd6cde5c6b9c
-AUX mit-krb5kdc.initd-r2 572 BLAKE2B f9115cc452891e1267268df6d4beb7eeb69ec27edc924744a6cee957ec8e3d9e1b062fc6a86f83692d95163419f80e1a7c781afd373cd3c135227ede2ebf7f1a SHA512 42cbc315a4e28a78cd29ee6f9aa9401ac6185cc78d39528f0c498d6b04a8edba7b7efadaaeae52ac2c4f89faa846787da9aee645f9ef0bdb79cd6289454586a3
-AUX mit-krb5kdc.service 129 BLAKE2B f1cfb303cfef67c138e04bb2a7e2b61755370819a5dd4cb921ac7590df9c6c9934d49ac719784743c691c93f78b96d8b63609e3dc4c9eb3142451ee6f30f7c87 SHA512 0b4d41f658769b0134764dafeab9008fa0a5916adc9bd9362dfda6f92681d8a8cc4c6b78058b2c2ec6e6e3d991e2de3d883dac1813530ce791cd8df2b73c9658
-AUX mit-krb5kpropd.confd 84 BLAKE2B e3f47a3c520af14794c2fe11368651ba56e8aa059babb91b3112af9682403a6409b3fb39ed6313f9cd87169c3754e4c4fc17bc24b0b773cfdf01e7df3eb03490 SHA512 afd1cf21a6afd3bc73b1ef3cb0a26ec3420b26ed31196f8c092ae880b235043273c95e2ecb3b88e65ea008cd8ea6a10553d1966f45646cf5993d5752dfc945ac
-AUX mit-krb5kpropd.initd-r2 608 BLAKE2B 9737f5ff711b8e30444c14ca871e01f2c45e9aecdab99d3dcfd8c16bae65ed05fc732f2007c65f0abfab10cf766035c03c557d217f750ab06f804b639722b27e SHA512 28b9d9bc9d132d8bd87d5fd9e74103d4772f26cba48d28ad53f40ade037a5ac91e07c01aa3180d50c3624673bf4e534f76689b03feb4888cdd9198755576b6a7
-AUX mit-krb5kpropd.service 128 BLAKE2B 31d002c16987bd6fc42e22e64dd9bd1f9db36655dd5170a4f9f16c6a889a4303a4dc276aca09b3a213a1de3e6ab759c66790141708ec95c4393bbbe79e8fb16f SHA512 b7419d1c728eda86fbab2fbf83794ae754e3cdaec7dcdc12c2105e3a75f9903c25fe8fee48f57acf6f0a8c62d27f7934fae81c0cbd67b997541aef7060a4de46
-AUX mit-krb5kpropd.socket 122 BLAKE2B 2ce51e67b909c6955d9796f80f7985c9209af398ad2a60beebe83bd766d42261bd44c712df14608a1e5e922715780a6c4aa8ad294c34ba4e8fc336a24d038fd3 SHA512 4e7ae175425e0787a1d5ff959471a88bf5af4cd6e213dc6d4048902fab7547c1186a082370b523f9549f5096acfab1fb03b4839e42bd80dc539130ae4bb3ea55
-AUX mit-krb5kpropd_at.service 162 BLAKE2B ccd1dea2419656a95ea1e5068457ea45a765a831f36e7abe3e27cdd9b42f2b703cd6ddad1ac60d75feff4d74bf31dbf146ee2cbfdd34ac38c11908d44162e77a SHA512 4b7121da07b11fa65db4edc185c57197ebb25ed5c49797e36bc31b8b7bbb22a6f512f4a986c8430dfc31b1b8fcfba66dcfe154cd6eeb8b4bb445d5006fff3802
-DIST krb5-1.16.1.tar.gz 9477480 BLAKE2B 16bdd7d6d03ddbd4b070663c3a7a3d2331d54e8590b24f1dc162be2531bfbbbd65878d426a160c65ffc1ba4751f16bbbd177a8a91c01002fde0e886cc1bd91b9 SHA512 fa4ec14a4ffe690861e2dd7ea39d7698af2058ce181bb733ea891f80279f4dde4bb891adec5ccb0eaddf737306e6ceb1fe3744a2946e6189a7d7d2dd3bc5ba84
-DIST krb5-1.16.tar.gz 9474479 BLAKE2B 0c5caa0a0d2308a447d47ab94d7b8dc92a67ad78b3bac1678c3f3ece3905f27feda5a23d28b3c13ebd64d1760726888c759fb19da82ad960c6f84a433b753873 SHA512 7e162467b95dad2b6aaa11686d08a00f1cc4eb08247fca8f0e5a8bcaa5f9f7b42cdf00db69c5c6111bdf9eb8063d53cef3bb207ce5d6a287615ca10b710153f9
-EBUILD mit-krb5-1.16-r2.ebuild 4213 BLAKE2B 9e517ec5e62264bd9ddd59fbc20473ae0f5e053fefd793006edd8ed47d6c780f02a4f73dc7f3a7b73a253014d30cb457020dd426b50164354229d847ffacbab4 SHA512 8f64302076f3348f0f89d3630f1724999310567224ae0fc4f3b2cdb267db81bd3cadd77380f79e3e9a1ddf1e8a04ed168a9b0407950790b0f9ebe1d2b6785a4d
-EBUILD mit-krb5-1.16.1.ebuild 4172 BLAKE2B 4b120ec5bb2d750c6d76c1f6fda2cd21aedbfe771eb234e4d7b392868b6e9d9bcef4b6897df456d8ae30b9cc96a8b83636028d854cb2646172c4f0c27ecc0087 SHA512 af0736e57376a42e44e4a2d97587386590c5a3c5de56485b6db2016494b2bc392ba4bf573462576de5a909fd963da8095d349eaa5866f3ec3ffd427224650eb3
-MISC metadata.xml 828 BLAKE2B f317440eac9d164e0640cb059dee0c3bdcfeaeb2d0e346d962f09b7152224efc10084611768663b84c67fdf73c9d89481370fe0b70ffe14aa10a360f60bd00f6 SHA512 c0f45699280d49b91eab24de6cbb28900170c3c4526b8c6ef0f6a996d3e53abd49911ce4f6ce7b28c69d37e86cc9e5b830977b9640809734e7fccf078886685c
diff --git a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch b/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch
deleted file mode 100644
index 114cfe688e73..000000000000
--- a/app-crypt/mit-krb5/files/CVE-2018-5729-5730.patch
+++ /dev/null
@@ -1,297 +0,0 @@
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
-index 2420f2c2be..a59a65e8f6 100644
---- a/src/lib/kadm5/srv/svr_principal.c
-+++ b/src/lib/kadm5/srv/svr_principal.c
-@@ -330,6 +330,13 @@ kadm5_create_principal_3(void *server_handle,
- return KADM5_BAD_MASK;
- if((mask & ~ALL_PRINC_MASK))
- return KADM5_BAD_MASK;
-+ if (mask & KADM5_TL_DATA) {
-+ for (tl_data_tail = entry->tl_data; tl_data_tail != NULL;
-+ tl_data_tail = tl_data_tail->tl_data_next) {
-+ if (tl_data_tail->tl_data_type < 256)
-+ return KADM5_BAD_TL_TYPE;
-+ }
-+ }
-
- /*
- * Check to see if the principal exists
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-index 535a1f309e..8b8420faa9 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
-@@ -141,7 +141,7 @@ extern int set_ldap_error (krb5_context ctx, int st, int op);
- #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
- #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
-
--#define KDB_TL_USER_INFO 0x7ffe
-+#define KDB_TL_USER_INFO 0xff
-
- #define KDB_TL_PRINCTYPE 0x01
- #define KDB_TL_PRINCCOUNT 0x02
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index 88a1704950..b7c9212cb2 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -651,6 +651,107 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
- return ret;
- }
-
-+static krb5_error_code
-+check_dn_in_container(krb5_context context, const char *dn,
-+ char *const *subtrees, unsigned int ntrees)
-+{
-+ unsigned int i;
-+ size_t dnlen = strlen(dn), stlen;
-+
-+ for (i = 0; i < ntrees; i++) {
-+ if (subtrees[i] == NULL || *subtrees[i] == '\0')
-+ return 0;
-+ stlen = strlen(subtrees[i]);
-+ if (dnlen >= stlen &&
-+ strcasecmp(dn + dnlen - stlen, subtrees[i]) == 0 &&
-+ (dnlen == stlen || dn[dnlen - stlen - 1] == ','))
-+ return 0;
-+ }
-+
-+ k5_setmsg(context, EINVAL, _("DN is out of the realm subtree"));
-+ return EINVAL;
-+}
-+
-+static krb5_error_code
-+check_dn_exists(krb5_context context,
-+ krb5_ldap_server_handle *ldap_server_handle,
-+ const char *dn, krb5_boolean nonkrb_only)
-+{
-+ krb5_error_code st = 0, tempst;
-+ krb5_ldap_context *ldap_context = context->dal_handle->db_context;
-+ LDAP *ld = ldap_server_handle->ldap_handle;
-+ LDAPMessage *result = NULL, *ent;
-+ char *attrs[] = { "krbticketpolicyreference", "krbprincipalname", NULL };
-+ char **values;
-+
-+ LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attrs, IGNORE_STATUS);
-+ if (st != LDAP_SUCCESS)
-+ return set_ldap_error(context, st, OP_SEARCH);
-+
-+ ent = ldap_first_entry(ld, result);
-+ CHECK_NULL(ent);
-+
-+ values = ldap_get_values(ld, ent, "krbticketpolicyreference");
-+ if (values != NULL)
-+ ldap_value_free(values);
-+
-+ values = ldap_get_values(ld, ent, "krbprincipalname");
-+ if (values != NULL) {
-+ ldap_value_free(values);
-+ if (nonkrb_only) {
-+ st = EINVAL;
-+ k5_setmsg(context, st, _("ldap object is already kerberized"));
-+ goto cleanup;
-+ }
-+ }
-+
-+cleanup:
-+ ldap_msgfree(result);
-+ return st;
-+}
-+
-+static krb5_error_code
-+validate_xargs(krb5_context context,
-+ krb5_ldap_server_handle *ldap_server_handle,
-+ const xargs_t *xargs, const char *standalone_dn,
-+ char *const *subtrees, unsigned int ntrees)
-+{
-+ krb5_error_code st;
-+
-+ if (xargs->dn != NULL) {
-+ /* The supplied dn must be within a realm container. */
-+ st = check_dn_in_container(context, xargs->dn, subtrees, ntrees);
-+ if (st)
-+ return st;
-+ /* The supplied dn must exist without Kerberos attributes. */
-+ st = check_dn_exists(context, ldap_server_handle, xargs->dn, TRUE);
-+ if (st)
-+ return st;
-+ }
-+
-+ if (xargs->linkdn != NULL) {
-+ /* The supplied linkdn must be within a realm container. */
-+ st = check_dn_in_container(context, xargs->linkdn, subtrees, ntrees);
-+ if (st)
-+ return st;
-+ /* The supplied linkdn must exist. */
-+ st = check_dn_exists(context, ldap_server_handle, xargs->linkdn,
-+ FALSE);
-+ if (st)
-+ return st;
-+ }
-+
-+ if (xargs->containerdn != NULL && standalone_dn != NULL) {
-+ /* standalone_dn (likely composed using containerdn) must be within a
-+ * container. */
-+ st = check_dn_in_container(context, standalone_dn, subtrees, ntrees);
-+ if (st)
-+ return st;
-+ }
-+
-+ return 0;
-+}
-+
- krb5_error_code
- krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- char **db_args)
-@@ -662,12 +763,12 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- LDAPMessage *result=NULL, *ent=NULL;
- char **subtreelist = NULL;
- char *user=NULL, *subtree=NULL, *principal_dn=NULL;
-- char **values=NULL, *strval[10]={NULL}, errbuf[1024];
-+ char *strval[10]={NULL}, errbuf[1024];
- char *filtuser=NULL;
- struct berval **bersecretkey=NULL;
- LDAPMod **mods=NULL;
- krb5_boolean create_standalone=FALSE;
-- krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE;
-+ krb5_boolean establish_links=FALSE;
- char *standalone_principal_dn=NULL;
- krb5_tl_data *tl_data=NULL;
- krb5_key_data **keys=NULL;
-@@ -860,24 +961,6 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- * any of the subtrees
- */
- if (xargs.dn_from_kbd == TRUE) {
-- /* make sure the DN falls in the subtree */
-- int dnlen=0, subtreelen=0;
-- char *dn=NULL;
-- krb5_boolean outofsubtree=TRUE;
--
-- if (xargs.dn != NULL) {
-- dn = xargs.dn;
-- } else if (xargs.linkdn != NULL) {
-- dn = xargs.linkdn;
-- } else if (standalone_principal_dn != NULL) {
-- /*
-- * Even though the standalone_principal_dn is constructed
-- * within this function, there is the containerdn input
-- * from the user that can become part of the it.
-- */
-- dn = standalone_principal_dn;
-- }
--
- /* Get the current subtree list if we haven't already done so. */
- if (subtreelist == NULL) {
- st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees);
-@@ -885,81 +968,10 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
- goto cleanup;
- }
-
-- for (tre=0; tre<ntrees; ++tre) {
-- if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
-- outofsubtree = FALSE;
-- break;
-- } else {
-- dnlen = strlen (dn);
-- subtreelen = strlen(subtreelist[tre]);
-- if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
-- outofsubtree = FALSE;
-- break;
-- }
-- }
-- }
--
-- if (outofsubtree == TRUE) {
-- st = EINVAL;
-- k5_setmsg(context, st, _("DN is out of the realm subtree"));
-+ st = validate_xargs(context, ldap_server_handle, &xargs,
-+ standalone_principal_dn, subtreelist, ntrees);
-+ if (st)
- goto cleanup;
-- }
--
-- /*
-- * dn value will be set either by dn, linkdn or the standalone_principal_dn
-- * In the first 2 cases, the dn should be existing and in the last case we
-- * are supposed to create the ldap object. so the below should not be
-- * executed for the last case.
-- */
--
-- if (standalone_principal_dn == NULL) {
-- /*
-- * If the ldap object is missing, this results in an error.
-- */
--
-- /*
-- * Search for krbprincipalname attribute here.
-- * This is to find if a kerberos identity is already present
-- * on the ldap object, in which case adding a kerberos identity
-- * on the ldap object should result in an error.
-- */
-- char *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
--
-- ldap_msgfree(result);
-- result = NULL;
-- LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
-- if (st == LDAP_SUCCESS) {
-- ent = ldap_first_entry(ld, result);
-- if (ent != NULL) {
-- if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
-- ldap_value_free(values);
-- }
--
-- if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-- krb_identity_exists = TRUE;
-- ldap_value_free(values);
-- }
-- }
-- } else {
-- st = set_ldap_error(context, st, OP_SEARCH);
-- goto cleanup;
-- }
-- }
-- }
--
-- /*
-- * If xargs.dn is set then the request is to add a
-- * kerberos principal on a ldap object, but if
-- * there is one already on the ldap object this
-- * should result in an error.
-- */
--
-- if (xargs.dn != NULL && krb_identity_exists == TRUE) {
-- st = EINVAL;
-- snprintf(errbuf, sizeof(errbuf),
-- _("ldap object is already kerberized"));
-- k5_setmsg(context, st, "%s", errbuf);
-- goto cleanup;
- }
-
- if (xargs.linkdn != NULL) {
-diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
-index 217f2cdc3b..6e563b1032 100755
---- a/src/tests/t_kdb.py
-+++ b/src/tests/t_kdb.py
-@@ -203,6 +203,12 @@ def ldap_add(dn, objectclass, attrs=[]):
- # in the test LDAP server.
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=krb5', 'princ1'],
- expected_code=1, expected_msg='DN is out of the realm subtree')
-+# Check that the DN container check is a hierarchy test, not a simple
-+# suffix match (CVE-2018-5730). We expect this operation to fail
-+# either way (because "xcn" isn't a valid DN tag) but the container
-+# check should happen before the DN is parsed.
-+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=xcn=t1,cn=krb5', 'princ1'],
-+ expected_code=1, expected_msg='DN is out of the realm subtree')
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'princ1'])
- realm.run([kadminl, 'getprinc', 'princ1'], expected_msg='Principal: princ1')
- realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'again'],
-@@ -226,6 +232,11 @@ def ldap_add(dn, objectclass, attrs=[]):
- 'princ3'])
- realm.run([kadminl, 'modprinc', '-x', 'containerdn=cn=t2,cn=krb5', 'princ3'],
- expected_code=1, expected_msg='containerdn option not supported')
-+# Verify that containerdn is checked when linkdn is also supplied
-+# (CVE-2018-5730).
-+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5',
-+ '-x', 'linkdn=cn=t2,cn=krb5', 'princ4'], expected_code=1,
-+ expected_msg='DN is out of the realm subtree')
-
- # Create and modify a ticket policy.
- kldaputil(['create_policy', '-maxtktlife', '3hour', '-maxrenewlife', '6hour',
diff --git a/app-crypt/mit-krb5/files/kpropd.xinetd b/app-crypt/mit-krb5/files/kpropd.xinetd
deleted file mode 100644
index af542fcf8a54..000000000000
--- a/app-crypt/mit-krb5/files/kpropd.xinetd
+++ /dev/null
@@ -1,11 +0,0 @@
-service tell
-{
- disable = yes
- socket_type = stream
- user = root
- wait = no
- server = /usr/sbin/kpropd
- only_from = 0.0.0.0
- log_on_success = PID HOST EXIT DURATION
- log_on_failure = HOST
-}
diff --git a/app-crypt/mit-krb5/files/mit-krb5-1.12_warn_cflags.patch b/app-crypt/mit-krb5/files/mit-krb5-1.12_warn_cflags.patch
deleted file mode 100644
index 53037d970214..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5-1.12_warn_cflags.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-gentoo bug #498794
---- src/aclocal.m4 2014-01-16 00:44:15.000000000 +0000
-+++ src/aclocal.m4 2014-03-26 10:20:54.000000000 +0000
-@@ -501,6 +501,7 @@
- fi
- if test "x$krb5_ac_warn_cflags_set" = xset ; then
- AC_MSG_NOTICE(not adding extra gcc warning flags because WARN_CFLAGS was set)
-+ WARN_CFLAGS=""
- else
- AC_MSG_NOTICE(adding extra warning flags for gcc)
- WARN_CFLAGS="$WARN_CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes"
diff --git a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch b/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch
deleted file mode 100644
index 8490e629a377..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5-config_LDFLAGS.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Bug #448778
---- a/src/build-tools/krb5-config.in 2012-12-18 02:47:04.000000000 +0000
-+++ b/src/build-tools/krb5-config.in 2012-12-28 07:13:16.582693363 +0000
-@@ -217,7 +217,7 @@
- -e 's#\$(PROG_RPATH)#'$libdir'#' \
- -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \
- -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
-- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
-+ -e 's#\$(LDFLAGS)##' \
- -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
- -e 's#\$(CFLAGS)##'`
-
diff --git a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch b/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch
deleted file mode 100644
index 5c979cfd1ef7..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5-libressl-version-check.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -191,7 +191,7 @@ pkinit_pkcs11_code_to_text(int err);
- (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-
- /* 1.1 standardizes constructor and destructor names, renaming
- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
-@@ -3059,7 +3059,7 @@ cleanup:
- return retval;
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-
- /*
- * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
---- src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
-@@ -46,7 +46,7 @@
- #include <openssl/asn1.h>
- #include <openssl/pem.h>
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- #include <openssl/asn1t.h>
- #else
- #include <openssl/asn1_mac.h>
diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.confd b/app-crypt/mit-krb5/files/mit-krb5kadmind.confd
deleted file mode 100644
index f6029b60979c..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kadmind.confd
+++ /dev/null
@@ -1,2 +0,0 @@
-# Define startup options for Kerberos administration server
-KADMIND_OPTS=""
diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd-r2 b/app-crypt/mit-krb5/files/mit-krb5kadmind.initd-r2
deleted file mode 100644
index 03e64f83e238..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd-r2
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/sbin/openrc-run
-
-#---------------------------------------------------------------------------
-# This script starts/stops the MIT Kerberos 5 Admin daemon
-#---------------------------------------------------------------------------
-
-daemon="MIT Kerberos 5 Admin daemon"
-exec="/usr/sbin/kadmind"
-
-depend() {
- need mit-krb5kdc
- use net
-}
-
-start() {
- ebegin "Starting $daemon"
- start-stop-daemon --start --quiet --exec ${exec} -- ${KADMIND_OPTS} 1>&2
- eend $? "Error starting $daemon"
-}
-
-stop() {
- ebegin "Stopping $daemon"
- start-stop-daemon --stop --quiet --exec ${exec} 1>&2
- eend $? "Error stopping $daemon"
-}
diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.service b/app-crypt/mit-krb5/files/mit-krb5kadmind.service
deleted file mode 100644
index f3836c89862d..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kadmind.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Kerberos 5 administration server
-
-[Service]
-ExecStart=/usr/sbin/kadmind -nofork
-
-[Install]
-WantedBy=multi-user.target
diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.confd b/app-crypt/mit-krb5/files/mit-krb5kdc.confd
deleted file mode 100644
index 887d3d8c7bd4..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kdc.confd
+++ /dev/null
@@ -1,2 +0,0 @@
-# Define startup options for Kerberos KDC
-KDC_OPTS=""
diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.initd-r2 b/app-crypt/mit-krb5/files/mit-krb5kdc.initd-r2
deleted file mode 100644
index ecd47e45689b..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kdc.initd-r2
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/sbin/openrc-run
-
-#---------------------------------------------------------------------------
-# This script starts/stops the MIT Kerberos 5 KDC
-#---------------------------------------------------------------------------
-
-daemon="MIT Kerberos 5 KDC"
-exec="/usr/sbin/krb5kdc"
-
-depend() {
- use net
-}
-
-start() {
- ebegin "Starting $daemon"
- start-stop-daemon --start --quiet --exec ${exec} -- ${KDC_OPTS} 1>&2
- eend $? "Error starting $daemon"
-}
-
-stop() {
- ebegin "Stopping $daemon"
- start-stop-daemon --stop --quiet --exec ${exec} 1>&2
- eend $? "Error stopping $daemon"
-}
diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.service b/app-crypt/mit-krb5/files/mit-krb5kdc.service
deleted file mode 100644
index 6ec93bb7232b..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kdc.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Kerberos 5 KDC
-
-[Service]
-ExecStart=/usr/sbin/krb5kdc -n
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.confd b/app-crypt/mit-krb5/files/mit-krb5kpropd.confd
deleted file mode 100644
index d75d41ab813a..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kpropd.confd
+++ /dev/null
@@ -1,2 +0,0 @@
-# Define startup options for Kerberos incremental propagation server
-KPROPD_OPTS=""
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.initd-r2 b/app-crypt/mit-krb5/files/mit-krb5kpropd.initd-r2
deleted file mode 100644
index f6ab7872c9ce..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kpropd.initd-r2
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/sbin/openrc-run
-
-#---------------------------------------------------------------------------
-# This script starts/stops the MIT Kerberos 5 kpropd
-#---------------------------------------------------------------------------
-
-daemon="MIT Kerberos 5 kpropd"
-exec="/usr/sbin/kpropd"
-
-depend() {
- use net mit-krb5kdc mit-krb5kadmind
-}
-
-start() {
- ebegin "Starting $daemon"
- start-stop-daemon --start --quiet --exec ${exec} -- ${KPROPD_OPTS} 1>&2
- eend $? "Error starting $daemon"
-}
-
-stop() {
- ebegin "Stopping $daemon"
- start-stop-daemon --stop --quiet --exec ${exec} 1>&2
- eend $? "Error stopping $daemon"
-}
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.service b/app-crypt/mit-krb5/files/mit-krb5kpropd.service
deleted file mode 100644
index a7c5b579d2b9..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kpropd.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Kerberos 5 propagation server
-
-[Service]
-ExecStart=/usr/sbin/kpropd -S
-
-[Install]
-WantedBy=multi-user.target
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.socket b/app-crypt/mit-krb5/files/mit-krb5kpropd.socket
deleted file mode 100644
index 4389290c0b16..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kpropd.socket
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Kerberos 5 propagation server
-
-[Socket]
-ListenStream=754
-Accept=yes
-
-[Install]
-WantedBy=sockets.target
diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service b/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service
deleted file mode 100644
index f826eb33cb33..000000000000
--- a/app-crypt/mit-krb5/files/mit-krb5kpropd_at.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Kerberos 5 propagation server
-Conflicts=mit-krb5kpropd.service
-
-[Service]
-ExecStart=/usr/sbin/kpropd
-StandardInput=socket
-StandardError=syslog
diff --git a/app-crypt/mit-krb5/metadata.xml b/app-crypt/mit-krb5/metadata.xml
deleted file mode 100644
index 253338743989..000000000000
--- a/app-crypt/mit-krb5/metadata.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<maintainer type="project">
- <email>kerberos@gentoo.org</email>
- <name>Kerberos</name>
-</maintainer>
-<longdescription>Kerberos 5 reference implementation from MIT</longdescription>
-<use>
- <flag name="doc">
- Creates and installs the API and implementation
- documentation. This is only useful if you want to develop software
- which depends on kerberos.
- </flag>
- <flag name="keyutils">Enable for the keyring ccache using keyutils.</flag>
- <flag name="pkinit">Enable pkinit support for the initial ticket.</flag>
- <flag name="openldap">Enable support for ldap as a database backend.</flag>
-</use>
-<upstream>
- <remote-id type="cpe">cpe:/a:mit:kerberos</remote-id>
-</upstream>
-</pkgmetadata>
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild
deleted file mode 100644
index 4ebb3adf4df4..000000000000
--- a/app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild
+++ /dev/null
@@ -1,154 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 )
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
-
-MY_P="${P/mit-}"
-P_DIR=$(get_version_component_range 1-2)
-DESCRIPTION="MIT Kerberos V"
-HOMEPAGE="https://web.mit.edu/kerberos/www/"
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
-
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86"
-IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
-
-# Test suite require network access
-RESTRICT="test"
-
-CDEPEND="
- !!app-crypt/heimdal
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
- || (
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
- )
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
- pkinit? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- )
- xinetd? ( sys-apps/xinetd )"
-DEPEND="${CDEPEND}
- ${PYTHON_DEPS}
- virtual/yacc
- doc? ( virtual/latex-base )
- test? (
- ${PYTHON_DEPS}
- dev-lang/tcl:0
- dev-util/dejagnu
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-kerberos )"
-
-S=${WORKDIR}/${MY_P}/src
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/krb5-config
-)
-
-src_prepare() {
- eapply -p2 "${FILESDIR}/CVE-2018-5729-5730.patch"
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
-
- # Make sure we always use the system copies.
- rm -rf util/{et,ss,verto}
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
-
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # QA
- append-flags -fno-strict-aliasing
- append-flags -fno-strict-overflow
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use keyutils || export ac_cv_header_keyutils_h=no
- ECONF_SOURCE=${S} \
- WARN_CFLAGS="set" \
- econf \
- $(use_with openldap ldap) \
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
- $(use_enable nls) \
- $(use_enable pkinit) \
- $(use_enable threads thread-support) \
- --without-hesiod \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --enable-dns-for-realm \
- --enable-kdc-lookaside-cache \
- --with-system-verto \
- --disable-rpath
-}
-
-multilib_src_compile() {
- emake -j1
-}
-
-multilib_src_test() {
- multilib_is_native_abi && emake -j1 check
-}
-
-multilib_src_install() {
- emake \
- DESTDIR="${D}" \
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
- install
-}
-
-multilib_src_install_all() {
- # default database dir
- keepdir /var/lib/krb5kdc
-
- cd ..
- dodoc README
-
- if use doc; then
- dodoc -r doc/html
- docinto pdf
- dodoc doc/pdf/*.pdf
- fi
-
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
-
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
-
- insinto /etc
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
- insinto /var/lib/krb5kdc
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
-
- if use openldap ; then
- insinto /etc/openldap/schema
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
- fi
-
- if use xinetd ; then
- insinto /etc/xinetd.d
- newins "${FILESDIR}/kpropd.xinetd" kpropd
- fi
-}
diff --git a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild b/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
deleted file mode 100644
index 6e6edde5000f..000000000000
--- a/app-crypt/mit-krb5/mit-krb5-1.16.1.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 )
-inherit autotools flag-o-matic multilib-minimal python-any-r1 systemd versionator
-
-MY_P="${P/mit-}"
-P_DIR=$(get_version_component_range 1-2)
-DESCRIPTION="MIT Kerberos V"
-HOMEPAGE="https://web.mit.edu/kerberos/www/"
-SRC_URI="https://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}.tar.gz"
-
-LICENSE="openafs-krb5-a BSD MIT OPENLDAP BSD-2 HPND BSD-4 ISC RSA CC-BY-SA-3.0 || ( BSD-2 GPL-2+ )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="doc +keyutils libressl nls openldap +pkinit selinux +threads test xinetd"
-
-# Test suite require network access
-RESTRICT="test"
-
-CDEPEND="
- !!app-crypt/heimdal
- >=sys-libs/e2fsprogs-libs-1.42.9[${MULTILIB_USEDEP}]
- || (
- >=dev-libs/libverto-0.2.5[libev,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[libevent,${MULTILIB_USEDEP}]
- >=dev-libs/libverto-0.2.5[tevent,${MULTILIB_USEDEP}]
- )
- keyutils? ( >=sys-apps/keyutils-1.5.8[${MULTILIB_USEDEP}] )
- nls? ( sys-devel/gettext[${MULTILIB_USEDEP}] )
- openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
- pkinit? (
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
- libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] )
- )
- xinetd? ( sys-apps/xinetd )"
-DEPEND="${CDEPEND}
- ${PYTHON_DEPS}
- virtual/yacc
- doc? ( virtual/latex-base )
- test? (
- ${PYTHON_DEPS}
- dev-lang/tcl:0
- dev-util/dejagnu
- )"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-kerberos )"
-
-S=${WORKDIR}/${MY_P}/src
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/krb5-config
-)
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-1.12_warn_cflags.patch"
- eapply -p2 "${FILESDIR}/${PN}-config_LDFLAGS.patch"
- eapply "${FILESDIR}/${PN}-libressl-version-check.patch"
-
- # Make sure we always use the system copies.
- rm -rf util/{et,ss,verto}
- sed -i 's:^[[:space:]]*util/verto$::' configure.in || die
-
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # QA
- append-flags -fno-strict-aliasing
- append-flags -fno-strict-overflow
-
- multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
- use keyutils || export ac_cv_header_keyutils_h=no
- ECONF_SOURCE=${S} \
- WARN_CFLAGS="set" \
- econf \
- $(use_with openldap ldap) \
- "$(multilib_native_use_with test tcl "${EPREFIX}/usr")" \
- $(use_enable nls) \
- $(use_enable pkinit) \
- $(use_enable threads thread-support) \
- --without-hesiod \
- --enable-shared \
- --with-system-et \
- --with-system-ss \
- --enable-dns-for-realm \
- --enable-kdc-lookaside-cache \
- --with-system-verto \
- --disable-rpath
-}
-
-multilib_src_compile() {
- emake -j1
-}
-
-multilib_src_test() {
- multilib_is_native_abi && emake -j1 check
-}
-
-multilib_src_install() {
- emake \
- DESTDIR="${D}" \
- EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
- install
-}
-
-multilib_src_install_all() {
- # default database dir
- keepdir /var/lib/krb5kdc
-
- cd ..
- dodoc README
-
- if use doc; then
- dodoc -r doc/html
- docinto pdf
- dodoc doc/pdf/*.pdf
- fi
-
- newinitd "${FILESDIR}"/mit-krb5kadmind.initd-r2 mit-krb5kadmind
- newinitd "${FILESDIR}"/mit-krb5kdc.initd-r2 mit-krb5kdc
- newinitd "${FILESDIR}"/mit-krb5kpropd.initd-r2 mit-krb5kpropd
- newconfd "${FILESDIR}"/mit-krb5kadmind.confd mit-krb5kadmind
- newconfd "${FILESDIR}"/mit-krb5kdc.confd mit-krb5kdc
- newconfd "${FILESDIR}"/mit-krb5kpropd.confd mit-krb5kpropd
-
- systemd_newunit "${FILESDIR}"/mit-krb5kadmind.service mit-krb5kadmind.service
- systemd_newunit "${FILESDIR}"/mit-krb5kdc.service mit-krb5kdc.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.service mit-krb5kpropd.service
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd_at.service "mit-krb5kpropd@.service"
- systemd_newunit "${FILESDIR}"/mit-krb5kpropd.socket mit-krb5kpropd.socket
-
- insinto /etc
- newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
- insinto /var/lib/krb5kdc
- newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
-
- if use openldap ; then
- insinto /etc/openldap/schema
- doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"
- fi
-
- if use xinetd ; then
- insinto /etc/xinetd.d
- newins "${FILESDIR}/kpropd.xinetd" kpropd
- fi
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 05:48:13 +0000