diff options
Diffstat (limited to 'main/perl-net-ssleay/krb5')
-rw-r--r-- | main/perl-net-ssleay/krb5/APKBUILD | 130 | ||||
-rw-r--r-- | main/perl-net-ssleay/krb5/CVE-2002-2443.patch | 69 | ||||
-rw-r--r-- | main/perl-net-ssleay/krb5/krb5kadmind.initd | 25 | ||||
-rw-r--r-- | main/perl-net-ssleay/krb5/krb5kdc.initd | 24 | ||||
-rw-r--r-- | main/perl-net-ssleay/krb5/krb5kpropd.initd | 24 | ||||
-rw-r--r-- | main/perl-net-ssleay/krb5/mit-krb5-1.11_uninitialized.patch | 81 | ||||
-rw-r--r-- | main/perl-net-ssleay/krb5/mit-krb5_krb5-config_LDFLAGS.patch | 12 |
7 files changed, 0 insertions, 365 deletions
diff --git a/main/perl-net-ssleay/krb5/APKBUILD b/main/perl-net-ssleay/krb5/APKBUILD deleted file mode 100644 index 72ec854993..0000000000 --- a/main/perl-net-ssleay/krb5/APKBUILD +++ /dev/null @@ -1,130 +0,0 @@ -# Maintainer: Natanael Copa <ncopa@alpinelinux.org> -pkgname=krb5 -pkgver=1.11.3 -pkgrel=0 -pkgdesc="The Kerberos network authentication system" -url="http://web.mit.edu/kerberos/www/" -arch="all" -license="MIT" -depends="krb5-conf" -depends_dev="e2fsprogs-dev" -makedepends="$depends_dev libverto-dev openldap-dev openssl-dev - keyutils-dev bison flex perl" -install="" -subpackages="$pkgname-dev $pkgname-doc $pkgname-server - $pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs" -source="http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-$pkgver-signed.tar - mit-krb5-1.11_uninitialized.patch - mit-krb5_krb5-config_LDFLAGS.patch - krb5kadmind.initd - krb5kdc.initd - krb5kpropd.initd - " - -_builddir="$srcdir"/krb5-$pkgver -unpack() { - default_unpack - cd "$srcdir" - tar -zxf krb5-$pkgver.tar.gz -} - - -prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} - -build() { - cd "$_builddir"/src - ./configure \ - CPPFLAGS="$CPPFLAGS -fPIC -I/usr/include/et" \ - --prefix=/usr \ - --localstatedir=/var/lib \ - --enable-shared \ - --disable-static \ - --disable-rpath \ - --with-system-et \ - --with-system-ss \ - --with-system-verto \ - --without-tcl \ - --with-ldap \ - --with-crypto-impl=openssl \ - || return 1 - make -} - -package() { - cd "$_builddir"/src - make install DESTDIR="$pkgdir" || return 1 - mkdir -p "$pkgdir"/usr/share/doc/$pkgname - mv "$pkgdir"/usr/share/examples "$pkgdir"/usr/share/doc/$pkgname/ - - for i in $source; do - case $i in - *.initd) install -Dm755 "$srcdir"/$i \ - "$pkgdir"/etc/init.d/${i%.initd};; - esac - done -} - -server() { - pkgdesc="The KDC and related programs for Kerberos 5" - depends="libverto-libev" - mkdir -p "$subpkgdir"/usr/share \ - "$subpkgdir"/usr/bin \ - "$subpkgdir"/etc/ - install -d "$subpkgdir"/var/lib/krb5kdc || return 1 - mv "$pkgdir"/usr/sbin "$subpkgdir"/usr/ || return 1 - mv "$pkgdir"/usr/share/gnats "$subpkgdir"/usr/share/ || return 1 - mv "$pkgdir"/etc/init.d "$subpkgdir"/etc/ || return 1 - # used for testing server - mv "$pkgdir"/usr/bin/sclient "$subpkgdir"/usr/bin/ - -} - -ldap() { - pkgdesc="The LDAP storage plugin for the Kerberos 5 KDC" - mkdir -p "$subpkgdir"/usr/lib/krb5/plugins/kdb - mv "$pkgdir"/usr/lib/krb5/plugins/kdb/kldap.so \ - "$subpkgdir"/usr/lib/krb5/plugins/kdb/ || return 1 - mv "$pkgdir"/usr/lib/libkdb_ldap* \ - "$subpkgdir"/usr/lib/ -} - -pkinit() { - pkgdesc="The PKINIT module for Kerberos 5" - mkdir -p "$subpkgdir"/usr/lib/krb5/plugins/preauth - mv "$pkgdir"/usr/lib/krb5/plugins/preauth/pkinit.so \ - "$subpkgdir"/usr/lib/krb5/plugins/preauth/pkinit.so -} - -libs() { - pkgdesc="The shared libraries used by Kerberos 5" - depends="krb5-conf" - mkdir -p "$subpkgdir"/usr/ - mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ || return 1 -} - -md5sums="56f0ae274b285320b8a597cb89442449 krb5-1.11.3-signed.tar -597cd7ab74a8113b86e3405c15ccfecb mit-krb5-1.11_uninitialized.patch -656e242de9b5ada1edf398983db51eef mit-krb5_krb5-config_LDFLAGS.patch -29906e70e15025dda8b315d8209cab4c krb5kadmind.initd -47efe7f24c98316d38ea46ad629b3517 krb5kdc.initd -3e0b8313c1e5bfb7625f35e76a5e53f1 krb5kpropd.initd" -sha256sums="9abd94bb94a70996da0f8d90408957154bb543271b097e86c63eb33e5f5751b5 krb5-1.11.3-signed.tar -81a0d432b6d1686587b25b6ce70f0b8558e0c693da4c63b9de881962ae01c043 mit-krb5-1.11_uninitialized.patch -9ebfc38cc167bbf451105807512845cd961f839d64b7e2904a6c4e722e41fe2b mit-krb5_krb5-config_LDFLAGS.patch -c7a1ec03472996daaaaf1a4703566113c80f72ee8605d247098a25a13dad1f5f krb5kadmind.initd -709309dea043aa306c2fcf0960e0993a6db540c220de64cf92d6b85f1cca23c5 krb5kdc.initd -86b15d691e32b331ac756ee368b7364de6ab238dcae5adfed2a00b57d1b64ef4 krb5kpropd.initd" -sha512sums="4d4c5d5c3a495da141bca40fe73378db190ace8ed397b7bb8e38c53757e6df3ec55fa0eb5628f7c6204d1265f8451535e65c4ebd844821c64cdfd0c6e32468a5 krb5-1.11.3-signed.tar -4d2ea5189971df13bf874d29bcf89fa3bfeb1d25b3bd9245ee7c88f5c4834e950c5978ce13df3b8fc05f98dd7d5510dad43af0440436958fa23f9e1a51f60f76 mit-krb5-1.11_uninitialized.patch -8118518e359cb5e69e3321b7438b200d5d74ceeac16b4623bf4e4bfb4ead6c656de6fa153f9bcc454097b45a512bc8cd0798b1f062a2c4a09f75253b204a7a17 mit-krb5_krb5-config_LDFLAGS.patch -561af06b4e0f0e130dda345ad934bcdb9984ec00cc38d871df1d3bb3f9e1c7d86f06db5b03229707c88b96ad324e3a2222420f8494aa431002cacea0246b1153 krb5kadmind.initd -d6d0076886ce284fc395fafc2dc253b4b3ee97b2986dea51388d96a1e1294680fb171f475efc7844559e2c6aac44b26678a9255921db9a58dcf2e7164f0aeec5 krb5kdc.initd -f97d33fa977c132a470d95fd539d8e8db018e03f28dbc9d3e04faf78ebb7392196e7d5135f138c2390979bf37b3ae0265e6827f0c17b44b277eb2dfff0a96f77 krb5kpropd.initd" diff --git a/main/perl-net-ssleay/krb5/CVE-2002-2443.patch b/main/perl-net-ssleay/krb5/CVE-2002-2443.patch deleted file mode 100644 index 3ef88155c5..0000000000 --- a/main/perl-net-ssleay/krb5/CVE-2002-2443.patch +++ /dev/null @@ -1,69 +0,0 @@ -From cf1a0c411b2668c57c41e9c4efd15ba17b6b322c Mon Sep 17 00:00:00 2001 -From: Tom Yu <tlyu@mit.edu> -Date: Fri, 3 May 2013 16:26:46 -0400 -Subject: [PATCH] Fix kpasswd UDP ping-pong [CVE-2002-2443] - -The kpasswd service provided by kadmind was vulnerable to a UDP -"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless -they pass some basic validation, and don't respond to our own error -packets. - -Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong -attack or UDP ping-pong attacks in general, but there is discussion -leading toward narrowing the definition of CVE-1999-0103 to the echo, -chargen, or other similar built-in inetd services. - -Thanks to Vincent Danen for alerting us to this issue. - -CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C - -ticket: 7637 (new) -target_version: 1.11.3 -tags: pullup ---- - src/kadmin/server/schpw.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c -index 15b0ab5..7f455d8 100644 ---- a/src/kadmin/server/schpw.c -+++ b/src/kadmin/server/schpw.c -@@ -52,7 +52,7 @@ - ret = KRB5KRB_AP_ERR_MODIFIED; - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated", sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - ptr = req->data; -@@ -67,7 +67,7 @@ - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request length was inconsistent", - sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - /* verify version number */ -@@ -80,7 +80,7 @@ - numresult = KRB5_KPASSWD_BAD_VERSION; - snprintf(strresult, sizeof(strresult), - "Request contained unknown protocol version number %d", vno); -- goto chpwfail; -+ goto bailout; - } - - /* read, check ap-req length */ -@@ -93,7 +93,7 @@ - numresult = KRB5_KPASSWD_MALFORMED; - strlcpy(strresult, "Request was truncated in AP-REQ", - sizeof(strresult)); -- goto chpwfail; -+ goto bailout; - } - - /* verify ap_req */ --- -1.8.1.6 - diff --git a/main/perl-net-ssleay/krb5/krb5kadmind.initd b/main/perl-net-ssleay/krb5/krb5kadmind.initd deleted file mode 100644 index a1cdfef822..0000000000 --- a/main/perl-net-ssleay/krb5/krb5kadmind.initd +++ /dev/null @@ -1,25 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 Admin daemon -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 Admin daemon" -exec="/usr/sbin/kadmind" - -depend() { - need krb5kdc - use net -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} diff --git a/main/perl-net-ssleay/krb5/krb5kdc.initd b/main/perl-net-ssleay/krb5/krb5kdc.initd deleted file mode 100644 index 94f1f79379..0000000000 --- a/main/perl-net-ssleay/krb5/krb5kdc.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 KDC -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 KDC" -exec="/usr/sbin/krb5kdc" - -depend() { - use net -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} diff --git a/main/perl-net-ssleay/krb5/krb5kpropd.initd b/main/perl-net-ssleay/krb5/krb5kpropd.initd deleted file mode 100644 index 8b4b82975e..0000000000 --- a/main/perl-net-ssleay/krb5/krb5kpropd.initd +++ /dev/null @@ -1,24 +0,0 @@ -#!/sbin/runscript - -#--------------------------------------------------------------------------- -# This script starts/stops the MIT Kerberos 5 kpropd -#--------------------------------------------------------------------------- - -daemon="MIT Kerberos 5 kpropd" -exec="/usr/sbin/kpropd" - -depend() { - use net krb5kdc krb5kadmind -} - -start() { - ebegin "Starting $daemon" - start-stop-daemon --start --quiet --exec ${exec} -- -S 1>&2 - eend $? "Error starting $daemon" -} - -stop() { - ebegin "Stopping $daemon" - start-stop-daemon --stop --quiet --exec ${exec} 1>&2 - eend $? "Error stopping $daemon" -} diff --git a/main/perl-net-ssleay/krb5/mit-krb5-1.11_uninitialized.patch b/main/perl-net-ssleay/krb5/mit-krb5-1.11_uninitialized.patch deleted file mode 100644 index a32d01d51f..0000000000 --- a/main/perl-net-ssleay/krb5/mit-krb5-1.11_uninitialized.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/src/slave/kprop.c -+++ b/src/slave/kprop.c -@@ -91,7 +91,7 @@ main(argc, argv) - int argc; - char **argv; - { -- int fd, database_fd, database_size; -+ int fd = -1, database_fd, database_size; - krb5_error_code retval; - krb5_context context; - krb5_creds *my_creds; ---- a/src/kadmin/ktutil/ktutil_funcs.c -+++ b/src/kadmin/ktutil/ktutil_funcs.c -@@ -64,7 +64,7 @@ - krb5_kt_list *list; - int idx; - { -- krb5_kt_list lp, prev; -+ krb5_kt_list lp, prev = NULL; - int i; - - for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) { ---- a/src/lib/kadm5/alt_prof.c -+++ b/src/lib/kadm5/alt_prof.c -@@ -164,7 +164,7 @@ - char **values; - char *valp; - int idx; -- krb5_boolean val; -+ krb5_boolean val = 0; - - kret = krb5_aprof_getvals (acontext, hierarchy, &values); - if (kret) ---- a/src/lib/krb5/unicode/ucstr.c -+++ b/src/lib/krb5/unicode/ucstr.c -@@ -109,7 +109,7 @@ - krb5_data ** newdataptr, - unsigned flags) - { -- int i, j, len, clen, outpos, ucsoutlen, outsize; -+ int i, j, len, clen, outpos = 0, ucsoutlen, outsize; - char *out = NULL, *outtmp, *s; - krb5_ucs4 *ucs = NULL, *p, *ucsout = NULL; - krb5_data *newdata; -diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c -index 7dc5b47..cd90db8 100644 ---- a/src/util/profile/prof_init.c -+++ b/src/util/profile/prof_init.c -@@ -255,7 +255,7 @@ copy_vtable_profile(profile_t profile, profile_t *ret_new_profile) - { - errcode_t err; - void *cbdata; -- profile_t new_profile; -+ profile_t new_profile = NULL; - - *ret_new_profile = NULL; - ---- a/src/lib/krb5/krb/preauth2.c 2012-12-24 12:39:18.432678497 +0100 -+++ b/src/lib/krb5/krb/preauth2.c 2012-12-24 12:50:49.444099126 +0100 -@@ -956,7 +956,7 @@ - size_t i, h; - int out_pa_list_size = 0; - krb5_pa_data **out_pa_list = NULL; -- krb5_error_code ret, module_ret; -+ krb5_error_code ret, module_ret = 0; - krb5_responder_fn responder = opte->opt_private->responder; - static const int paorder[] = { PA_INFO, PA_REAL }; - ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.orig 2013-02-15 14:38:43.742293824 +0000 -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2013-02-15 14:41:06.806870075 +0000 -@@ -1359,8 +1359,8 @@ - goto cleanup; - - for (i=0; bvalues[i] != NULL; ++i) { -- krb5_int16 n_kd; -- krb5_key_data *kd; -+ krb5_int16 n_kd = 0; -+ krb5_key_data *kd = NULL; - krb5_data in; - - if (bvalues[i]->bv_len == 0) diff --git a/main/perl-net-ssleay/krb5/mit-krb5_krb5-config_LDFLAGS.patch b/main/perl-net-ssleay/krb5/mit-krb5_krb5-config_LDFLAGS.patch deleted file mode 100644 index 0b300cb44a..0000000000 --- a/main/perl-net-ssleay/krb5/mit-krb5_krb5-config_LDFLAGS.patch +++ /dev/null @@ -1,12 +0,0 @@ -Bug #448778 ---- krb5-1.11/src/krb5-config.in 2012-12-18 02:47:04.000000000 +0000 -+++ krb5-1.11/src/krb5-config.in 2012-12-28 07:13:16.582693363 +0000 -@@ -217,7 +217,7 @@ - -e 's#\$(PROG_RPATH)#'$libdir'#' \ - -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ - -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ -- -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \ -+ -e 's#\$(LDFLAGS)##' \ - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ - -e 's#\$(CFLAGS)##'` - |