main/heimdal/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
pkgname=heimdal
pkgver=7.1.0
_ver=${pkgver/_rc/rc}
pkgrel=2
pkgdesc="An implementation of Kerberos 5"
arch="all"
url="http://www.h5l.org/"
license="BSD"
depends="krb5-conf"
depends_dev="libressl-dev e2fsprogs-dev db-dev"
makedepends="$depends_dev autoconf automake bash gawk libtool
	ncurses-dev perl readline-dev sqlite-dev texinfo perl-json"
install=
options="suid"
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs"
source="http://www.h5l.org/dist/src/heimdal-$pkgver.tar.gz
	heimdal-kadmind.initd
	heimdal-kdc.initd
	heimdal-kpasswdd.initd

	005_all_heimdal-suid_fix.patch
	heimdal_missing-include.patch
	CVE-2017-11103.patch
	CVE-2017-17439.patch
	"

# secfixes:
#   7.1.0-r2:
#     - CVE-2017-17439
#   7.1.0-r1:
#     - CVE-2017-11103
#   7.4.0-r0:

_builddir="$srcdir/$pkgname-$_ver"

prepare() {
	[ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1

	cd "$_builddir"

	for i in $source; do
		case $i in
		*.patch) msg "Applying patch $i"; patch -p1 -i "$srcdir"/$i || return 1;;
		esac
	done

	sh ./autogen.sh || return 1
}

build() {
	cd "$_builddir"
	export LDFLAGS="${LDFLAGS} -Wl,--as-needed"
	export LIBS="-ldb"

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--enable-shared=yes \
		--without-x \
		--with-berkeley-db \
		--with-readline-lib=/usr/lib \
		--with-readline-include=/usr/include/readline \
		--with-sqlite3=/usr \
		--without-openssl \
		|| return 1

	# make sure we use system version
	rm -r lib/sqlite lib/com_err

	# workarount a parallell build issue
	make -C lib/asn1 der-protos.h der-private.h || return 1
	make -C lib/kadm5 kadm5-protos.h kadm5-private.h kadm5_err.h || return 1
	make -C lib/krb5 krb5-protos.h krb5-private.h krb5_err.h krb_err.h \
		heim_err.h k524_err.h || return 1
	make -C lib/hx509 hx509-private.h  hx509-protos.h || return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \
	mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \
	localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install


	install -m755 -D "$srcdir"/heimdal-kadmind.initd \
		"$pkgdir"/etc/init.d/heimdal-kadmind || return 1
	install -m755 -D "$srcdir"/heimdal-kdc.initd \
		"$pkgdir"/etc/init.d/heimdal-kdc || return 1
	install -m755 -D "$srcdir"/heimdal-kpasswdd.initd \
		"$pkgdir"/etc/init.d/heimdal-kpasswdd || return 1

	for i in 1 3 5 8; do
		rm -rf "$pkgdir"/usr/share/man/cat$i || return 1
	done

	# Remove conflicts 
	# e2fsprogs
	rm -f "$pkgdir"/usr/bin/compile_et \
		"$pkgdir"/usr/share/man/man1/compile_et.1 || return 1

	# Compress info pages
	for page in heimdal hx509; do
		gzip -9 "$pkgdir"/usr/share/info/${page}.info || return 1
	done

	# Install the license
	install -d "$pkgdir"/usr/share/licenses/$pkgname
	install -D -m644 "$srcdir"/$pkgname-$_ver/LICENSE \
		"$pkgdir"/usr/share/licenses/$pkgname/ || return 1
}

libs() {
	pkgdesc="Heimdal libraries"
	replaces="heimdal"
	depends="krb5-conf"
	mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin
	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ || return 1
	mv "$pkgdir"/usr/bin/string2key \
		"$pkgdir"/usr/bin/verify_krb5_conf \
		"$subpkgdir"/usr/bin/ || return 1
	mv "$pkgdir"/usr/sbin/kdigest \
		"$pkgdir"/usr/sbin/digest-service \
		"$subpkgdir"/usr/sbin/ || return 1

}

sha512sums="5afc9d183ff0db6e82e83d47955cc77e775bc60569e2905f9106c31b8a33e8d67fbc042dd4836ebae094db38bf70ba858c224189fed8d55f277738ee6e76352e  heimdal-7.1.0.tar.gz
0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd  heimdal-kadmind.initd
4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9  heimdal-kdc.initd
abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09b0e8d1384e037c3cff6525e11def0122c35c32eebd0d196f  heimdal-kpasswdd.initd
2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56  005_all_heimdal-suid_fix.patch
e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1  heimdal_missing-include.patch
dfb1c0dc115fb2c198784bd31c09ff638da3b66c1befc7de823eff209bdafc4916ecdec16a4d68729b92c993dcf6ea0ad43f5741e33893351d7f763f52df1e94  CVE-2017-11103.patch
66f92a3f0c68c7ff1f842b11ab456c94dd9fb2951b2dbb31fc4b1364d591687facd88aafadb0971a8156424470a65440111077ca02c064bdadd7490f671774b1  CVE-2017-17439.patch"