# Maintainer: Leonardo Arena # Contributor: Natanael Copa pkgname=heimdal pkgver=7.1.0 _ver=${pkgver/_rc/rc} pkgrel=2 pkgdesc="An implementation of Kerberos 5" arch="all" url="http://www.h5l.org/" license="BSD" depends="krb5-conf" depends_dev="libressl-dev e2fsprogs-dev db-dev" makedepends="$depends_dev autoconf automake bash gawk libtool ncurses-dev perl readline-dev sqlite-dev texinfo perl-json" install= options="suid" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs" source="http://www.h5l.org/dist/src/heimdal-$pkgver.tar.gz heimdal-kadmind.initd heimdal-kdc.initd heimdal-kpasswdd.initd 005_all_heimdal-suid_fix.patch heimdal_missing-include.patch CVE-2017-11103.patch CVE-2017-17439.patch " # secfixes: # 7.1.0-r2: # - CVE-2017-17439 # 7.1.0-r1: # - CVE-2017-11103 # 7.4.0-r0: _builddir="$srcdir/$pkgname-$_ver" prepare() { [ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1 cd "$_builddir" for i in $source; do case $i in *.patch) msg "Applying patch $i"; patch -p1 -i "$srcdir"/$i || return 1;; esac done sh ./autogen.sh || return 1 } build() { cd "$_builddir" export LDFLAGS="${LDFLAGS} -Wl,--as-needed" export LIBS="-ldb" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --enable-shared=yes \ --without-x \ --with-berkeley-db \ --with-readline-lib=/usr/lib \ --with-readline-include=/usr/include/readline \ --with-sqlite3=/usr \ --without-openssl \ || return 1 # make sure we use system version rm -r lib/sqlite lib/com_err # workarount a parallell build issue make -C lib/asn1 der-protos.h der-private.h || return 1 make -C lib/kadm5 kadm5-protos.h kadm5-private.h kadm5_err.h || return 1 make -C lib/krb5 krb5-protos.h krb5-private.h krb5_err.h krb_err.h \ heim_err.h k524_err.h || return 1 make -C lib/hx509 hx509-private.h hx509-protos.h || return 1 make || return 1 } package() { cd "$_builddir" make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \ mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \ localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install install -m755 -D "$srcdir"/heimdal-kadmind.initd \ "$pkgdir"/etc/init.d/heimdal-kadmind || return 1 install -m755 -D "$srcdir"/heimdal-kdc.initd \ "$pkgdir"/etc/init.d/heimdal-kdc || return 1 install -m755 -D "$srcdir"/heimdal-kpasswdd.initd \ "$pkgdir"/etc/init.d/heimdal-kpasswdd || return 1 for i in 1 3 5 8; do rm -rf "$pkgdir"/usr/share/man/cat$i || return 1 done # Remove conflicts # e2fsprogs rm -f "$pkgdir"/usr/bin/compile_et \ "$pkgdir"/usr/share/man/man1/compile_et.1 || return 1 # Compress info pages for page in heimdal hx509; do gzip -9 "$pkgdir"/usr/share/info/${page}.info || return 1 done # Install the license install -d "$pkgdir"/usr/share/licenses/$pkgname install -D -m644 "$srcdir"/$pkgname-$_ver/LICENSE \ "$pkgdir"/usr/share/licenses/$pkgname/ || return 1 } libs() { pkgdesc="Heimdal libraries" replaces="heimdal" depends="krb5-conf" mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ || return 1 mv "$pkgdir"/usr/bin/string2key \ "$pkgdir"/usr/bin/verify_krb5_conf \ "$subpkgdir"/usr/bin/ || return 1 mv "$pkgdir"/usr/sbin/kdigest \ "$pkgdir"/usr/sbin/digest-service \ "$subpkgdir"/usr/sbin/ || return 1 } sha512sums="5afc9d183ff0db6e82e83d47955cc77e775bc60569e2905f9106c31b8a33e8d67fbc042dd4836ebae094db38bf70ba858c224189fed8d55f277738ee6e76352e heimdal-7.1.0.tar.gz 0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd heimdal-kadmind.initd 4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9 heimdal-kdc.initd abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09b0e8d1384e037c3cff6525e11def0122c35c32eebd0d196f heimdal-kpasswdd.initd 2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56 005_all_heimdal-suid_fix.patch e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1 heimdal_missing-include.patch dfb1c0dc115fb2c198784bd31c09ff638da3b66c1befc7de823eff209bdafc4916ecdec16a4d68729b92c993dcf6ea0ad43f5741e33893351d7f763f52df1e94 CVE-2017-11103.patch 66f92a3f0c68c7ff1f842b11ab456c94dd9fb2951b2dbb31fc4b1364d591687facd88aafadb0971a8156424470a65440111077ca02c064bdadd7490f671774b1 CVE-2017-17439.patch"