version bump - security bug #359129

Package-Manager: portage-2.1.9.43/cvs/Linux x86_64

5 files changed, 262 insertions, 2 deletions

diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog
index 70367a60181d..59410531e580 100644
--- a/app-crypt/mit-krb5/ChangeLog
+++ b/app-crypt/mit-krb5/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-crypt/mit-krb5
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.263 2011/03/13 03:42:16 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.264 2011/03/16 09:38:52 eras Exp $
+
+*mit-krb5-1.9-r2 (16 Mar 2011)
+*mit-krb5-1.8.3-r4 (16 Mar 2011)
+
+  16 Mar 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.3-r4.ebuild,
+  +mit-krb5-1.9-r2.ebuild, +files/CVE-2011-0284.patch:
+  version bump - security bug #359129
 
   13 Mar 2011; Eray Aslan <eras@gentoo.org> mit-krb5-1.8.3-r3.ebuild,
   mit-krb5-1.9-r1.ebuild:
diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest
index b3778581f093..0f26b1db235c 100644
--- a/app-crypt/mit-krb5/Manifest
+++ b/app-crypt/mit-krb5/Manifest
@@ -2,6 +2,7 @@ AUX CVE-2010-1322.patch 1066 RMD160 fc262a23e9aa118262a4258f74832445062444e4 SHA
 AUX CVE-2010-1323.1324.4020.patch 7908 RMD160 848b776218473200e5a54beb4f3adfc3db915cf4 SHA1 a6fbc3b6ab15ca98c1aa1521fd42dad1f5003ee8 SHA256 ec08fca9738b5fae619154379ae0158531cb630b6f25551c14d87313c2d2a5f0
 AUX CVE-2010-4022.patch 632 RMD160 62a7b2b0d4acbca919fd9df52e707bf0b9fff076 SHA1 79ece8b1c140deb2c01bfb64af575636b9bc7704 SHA256 25f50e9406a36525b5f727041c9d584ef3f188fa5d3a39b4e63d1a853219a9e2
 AUX CVE-2011-0281.0282.0283.patch 6663 RMD160 15913f4fccc2424f4264ce222563685b29b53fb2 SHA1 fb2486168ce128cb1a2866bd0df8cd7c4bcd7824 SHA256 1b3ccea9022527c36e153c5d89ecfd9609a111e235b1d0430e1fcc6933e76e48
+AUX CVE-2011-0284.patch 544 RMD160 9b0d172a1abfaf437edacc9f18fd0a6e83028b3e SHA1 1c72390c5d629eee592e5cb0c2b600b376e2fdc5 SHA256 bf93bbaf5d502f5b5bdcfa612e36c3828d3be869b154545bad1c7109f4eedae4
 AUX kpropd.xinetd 194 RMD160 5772b04bf7f6b8a5588331a4d9dca03738756f15 SHA1 a9c84a4197ba133144e754d68847cece6203ed4a SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736
 AUX mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch 6130 RMD160 23cb2560f0d87e6128cdbb12f1e7d8aae85f85f5 SHA1 574a3c82ad7d3c9a1c9c62c6ff95c2d6f0e0fc96 SHA256 7831c9a9553404b41774f40f3fc0df6769342c1923c5b1177062710fd5f0f2bb
 AUX mit-krb5_testsuite.patch 3069 RMD160 59af8c128fbaeadc472111c4bef4dfe3ac7567f0 SHA1 e0896cac3d99a3e4f9d06afdab58a6d5cda82e7a SHA256 3c8cfdb012a5388b1a92658437dce619593b91f0b0c582ef66194347274b26f9
@@ -10,6 +11,8 @@ AUX mit-krb5kdc.initd 656 RMD160 8c4c508273f9d715ac0e0a8d9c54e36f63526b9b SHA1 6
 DIST krb5-1.8.3-signed.tar 11642880 RMD160 bdf3a505e4b2447af0c9080b441918d665dcdd9c SHA1 69696f63b6c2b0e3238156b19eed68cecd661c6b SHA256 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0aa22f6500f53381567019
 DIST krb5-1.9-signed.tar 11888640 RMD160 bb067cb2fde9cb2a7ea04140683b9bc4a616bd38 SHA1 a7ad1b4ed37bff4b9087f6c4561b2b222208d779 SHA256 c30e012226f04943411dbb28d303d1a488955af74eb7d1ab50d6f4f21a6e1d06
 EBUILD mit-krb5-1.8.3-r3.ebuild 2878 RMD160 f978b46bb12d9218f98078478431f2a32ec6c0f6 SHA1 b634e557124e354246cca60d25d26d7664b2f719 SHA256 7251f3ff8080d1e5f8f707003c3ebcecf0cfe5fdc4e988687a2e04e5f70a5c73
+EBUILD mit-krb5-1.8.3-r4.ebuild 2964 RMD160 ca880172d610a264aecff46ed48e64df4c134cd4 SHA1 af9b025a08c8ce7c06ce7898f372927ec5e11b7e SHA256 f04f72c77ea4174b58f2f7f54a1cba3da998b350d026fdde58ca7bca66c73c73
 EBUILD mit-krb5-1.9-r1.ebuild 3038 RMD160 8f7137b499547c7adb7ccbc3097b2180f21c7e42 SHA1 f558dfb4fffacfb64142d68c10baba4e8582c15d SHA256 cfafe49dd42bdcc40d0ddb569803eef6f09bcf3489bb4bbd0ec1c33e2faddc07
-MISC ChangeLog 42108 RMD160 9cefc5ab1c517d6307241205eca377a35451df4c SHA1 0e55a87c1ebfd95f6fe908cf854899bd016ce3ac SHA256 f3374845983a59c32802c9225ac2b180076510b066254ee5b291baa71165c36d
+EBUILD mit-krb5-1.9-r2.ebuild 3091 RMD160 a4c175f78d15060bd3da149a6bcb2bfb915ad8fe SHA1 1099565c46286e5206b451ea750b4baaf9929ebd SHA256 f16bc017b4091cc232be5fe58e57299f3712f55a025631ea41762ab805e0d82f
+MISC ChangeLog 42338 RMD160 42dc7e3f2bc509b6fb39f7a3ccb64473eec548e4 SHA1 eadefd17d9ff9482b87baec0b8a5dc95f634589a SHA256 2e866fed1f1393e96413abe2ec737fe79aaae68cfc7714e7bd9cc27465546c30
 MISC metadata.xml 668 RMD160 825e73c2b8d1bdcfffb6c5cfa2110f596d7940ae SHA1 b9fca90e7a86fea05d8174d824e939cf61905310 SHA256 da5862dde92f34b882870961cb9f1e4aa8209fc549e32a43d99770a9de8b232d
diff --git a/app-crypt/mit-krb5/files/CVE-2011-0284.patch b/app-crypt/mit-krb5/files/CVE-2011-0284.patch
new file mode 100644
index 000000000000..c977275687af
--- /dev/null
+++ b/app-crypt/mit-krb5/files/CVE-2011-0284.patch
@@ -0,0 +1,13 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 46b5fa1..464cb6e 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -741,6 +741,8 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request,
+                     pad->contents = td[size]->data;
+                     pad->length = td[size]->length;
+                     pa[size] = pad;
++                    td[size]->data = NULL;
++                    td[size]->length = 0;
+                 }
+             krb5_free_typed_data(kdc_context, td);
+         }
diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.3-r4.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.3-r4.ebuild
new file mode 100644
index 000000000000..b61a74981e4d
--- /dev/null
+++ b/app-crypt/mit-krb5/mit-krb5-1.8.3-r4.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.3-r4.ebuild,v 1.1 2011/03/16 09:38:52 eras Exp $
+
+EAPI=2
+
+inherit eutils flag-o-matic versionator
+
+MY_P=${P/mit-}
+P_DIR=$(get_version_component_range 1-2)
+DESCRIPTION="MIT Kerberos V"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="doc openldap test xinetd"
+
+RDEPEND="!!app-crypt/heimdal
+	>=sys-libs/e2fsprogs-libs-1.41.0
+	sys-apps/keyutils
+	openldap? ( net-nds/openldap )
+	xinetd? ( sys-apps/xinetd )"
+DEPEND="${RDEPEND}
+	doc? ( virtual/latex-base )
+	test? (	dev-lang/tcl
+			dev-lang/perl
+			dev-util/dejagnu )"
+
+S=${WORKDIR}/${MY_P}/src
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/CVE-2010-1322.patch"
+	epatch "${FILESDIR}/CVE-2010-1323.1324.4020.patch"
+	epatch "${FILESDIR}/CVE-2010-4022.patch"
+	epatch "${FILESDIR}/${P}-CVE-2011-0281.0282.0283.patch"
+	epatch "${FILESDIR}/CVE-2011-0284.patch"
+	epatch "${FILESDIR}/mit-krb5_testsuite.patch"
+}
+
+src_configure() {
+	append-flags "-I/usr/include/et"
+	econf \
+		$(use_with openldap ldap) \
+		$(use_with test tcl /usr) \
+		--without-krb4 \
+		--enable-shared \
+		--with-system-et \
+		--with-system-ss \
+		--enable-dns-for-realm \
+		--enable-kdc-replay-cache \
+		--disable-rpath
+}
+
+src_compile() {
+	emake -j1 || die "emake failed"
+
+	if use doc ; then
+		cd ../doc
+		for dir in api implement ; do
+			emake -C "${dir}" || die "doc emake failed"
+		done
+	fi
+}
+
+src_install() {
+	emake \
+		DESTDIR="${D}" \
+		EXAMPLEDIR="/usr/share/doc/${PF}/examples" \
+		install || die "install failed"
+
+	# default database dir
+	keepdir /var/lib/krb5kdc
+
+	cd ..
+	dodoc README
+	dodoc doc/*.{ps,txt}
+	doinfo doc/*.info*
+	dohtml -r doc/*.html
+
+	# die if we cannot respect a USE flag
+	if use doc ; then
+	    dodoc doc/{api,implement}/*.ps || die "dodoc failed"
+	fi
+
+	newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die
+	newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die
+
+	insinto /etc
+	newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
+	insinto /var/lib/krb5kdc
+	newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
+
+	if use openldap ; then
+		insinto /etc/openldap/schema
+		doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die
+	fi
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/kpropd.xinetd" kpropd || die
+	fi
+}
+
+pkg_preinst() {
+	if has_version "<${CATEGORY}/${PN}-1.8.0" ; then
+		elog "MIT split the Kerberos applications from the base Kerberos"
+		elog "distribution.  Kerberized versions of telnet, rlogin, rsh, rcp,"
+		elog "ftp clients and telnet, ftp deamons now live in"
+		elog "\"app-crypt/mit-krb5-appl\" package."
+	fi
+}
diff --git a/app-crypt/mit-krb5/mit-krb5-1.9-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.9-r2.ebuild
new file mode 100644
index 000000000000..018455a79045
--- /dev/null
+++ b/app-crypt/mit-krb5/mit-krb5-1.9-r2.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.9-r2.ebuild,v 1.1 2011/03/16 09:38:52 eras Exp $
+
+EAPI=3
+
+inherit eutils flag-o-matic versionator
+
+MY_P="${P/mit-}"
+P_DIR=$(get_version_component_range 1-2)
+DESCRIPTION="MIT Kerberos V"
+HOMEPAGE="http://web.mit.edu/kerberos/www/"
+SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="doc +keyutils openldap +pkinit +threads test xinetd"
+
+RDEPEND="!!app-crypt/heimdal
+	>=sys-libs/e2fsprogs-libs-1.41.0
+	keyutils? ( sys-apps/keyutils )
+	openldap? ( net-nds/openldap )
+	xinetd? ( sys-apps/xinetd )"
+DEPEND="${RDEPEND}
+	doc? ( virtual/latex-base )
+	test? ( dev-lang/tcl
+	        dev-lang/python
+			dev-util/dejagnu )"
+
+S=${WORKDIR}/${MY_P}/src
+
+src_unpack() {
+	unpack ${A}
+	unpack ./"${MY_P}".tar.gz
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/CVE-2010-4022.patch"
+	epatch "${FILESDIR}/CVE-2011-0281.0282.0283.patch"
+	epatch "${FILESDIR}/CVE-2011-0284.patch"
+}
+
+src_configure() {
+	append-flags "-I${EPREFIX}/usr/include/et"
+	use keyutils || export ac_cv_header_keyutils_h=no
+	econf \
+		$(use_with openldap ldap) \
+		"$(use_with test tcl "${EPREFIX}/usr")" \
+		$(use_enable pkinit) \
+		$(use_enable threads thread-support) \
+		--without-krb4 \
+		--without-hesiod \
+		--enable-shared \
+		--with-system-et \
+		--with-system-ss \
+		--enable-dns-for-realm \
+		--enable-kdc-lookaside-cache \
+		--disable-rpath
+}
+
+src_compile() {
+	emake -j1 || die "emake failed"
+
+	if use doc ; then
+		cd ../doc
+		for dir in api implement ; do
+			emake -C "${dir}" || die "doc emake failed"
+		done
+	fi
+}
+
+src_install() {
+	emake \
+		DESTDIR="${D}" \
+		EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \
+		install || die "install failed"
+
+	# default database dir
+	keepdir /var/lib/krb5kdc
+
+	cd ..
+	dodoc NOTICE README
+	dodoc doc/*.{ps,txt}
+	doinfo doc/*.info*
+	dohtml -r doc/*.html
+
+	# die if we cannot respect a USE flag
+	if use doc ; then
+	    dodoc doc/{api,implement}/*.ps || die "dodoc failed"
+	fi
+
+	newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die
+	newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die
+
+	insinto /etc
+	newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example
+	insinto /var/lib/krb5kdc
+	newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example
+
+	if use openldap ; then
+		insinto /etc/openldap/schema
+		doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die
+	fi
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/kpropd.xinetd" kpropd || die
+	fi
+}
+
+pkg_preinst() {
+	if has_version "<${CATEGORY}/${PN}-1.8.0" ; then
+		elog "MIT split the Kerberos applications from the base Kerberos"
+		elog "distribution.  Kerberized versions of telnet, rlogin, rsh, rcp,"
+		elog "ftp clients and telnet, ftp deamons now live in"
+		elog "\"app-crypt/mit-krb5-appl\" package."
+	fi
+}