krb5: upgrade to 1.13.6

* fix CVEs: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 * update LIC_FILES_CHKSUM, only Copyright changed in NOTICE file: -Copyright (C) 1985-2015 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2016 by the Massachusetts Institute of Technology. * remove useless functions: krb5_do_unpack(), do_unpack() * remove patches that included by new release: - 0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch - Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch - Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch - Fix-build_principal-memory-bug-CVE-2015-2697.patch - Fix-IAKERB-context-export-import-CVE-2015-2698.patch - krb5-CVE-2016-3119.patch - krb5-CVE-2016-3120.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2016-09-12 04:55:16 -0400
committer: Martin Jansa <Martin.Jansa@gmail.com> 2016-09-15 10:22:49 +0200
commit: 2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28 (patch)
tree: a23fe60e6020c0c476757e79297a1d55231d1c7b /meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
parent: dd0f1adc981a8517cfd0ab4395147316053278de (diff)
download: meta-openembedded-2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28.tar.gz
1 files changed, 0 insertions, 120 deletions
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
deleted file mode 100644
index 12d35319c..000000000
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
+++ /dev/null
@@ -1,120 +0,0 @@
-SUMMARY = "A network authentication protocol"
-DESCRIPTION = "Kerberos is a system for authenticating users and services on a network. \
- Kerberos is a trusted third-party service.  That means that there is a \
- third party (the Kerberos server) that is trusted by all the entities on \
- the network (users and services, usually called "principals"). \
- . \
- This is the MIT reference implementation of Kerberos V5. \
- . \
- This package contains the Kerberos key server (KDC).  The KDC manages all \
- authentication credentials for a Kerberos realm, holds the master keys \
- for the realm, and responds to authentication requests.  This package \
- should be installed on both master and slave KDCs."
-HOMEPAGE = "http://web.mit.edu/Kerberos/"
-SECTION = "console/network"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f"
-DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native"
-inherit autotools-brokensep binconfig perlnative systemd
-SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
-SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \
-           file://0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch \
-           file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \
-           file://Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch;striplevel=2 \
-           file://Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch;striplevel=2 \
-           file://Fix-build_principal-memory-bug-CVE-2015-2697.patch;striplevel=2 \
-           file://Fix-IAKERB-context-export-import-CVE-2015-2698.patch;striplevel=2 \
-           file://crosscompile_nm.patch \
-           file://etc/init.d/krb5-kdc \
-           file://etc/init.d/krb5-admin-server \
-           file://etc/default/krb5-kdc \
-           file://etc/default/krb5-admin-server \
-           file://krb5-kdc.service \
-           file://krb5-admin-server.service \
-           file://krb5-CVE-2016-3119.patch;striplevel=2 \
-           file://0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch;striplevel=2 \
-           file://krb5-CVE-2016-3120.patch;striplevel=2 \
-"
-SRC_URI[md5sum] = "f7ebfa6c99c10b16979ebf9a98343189"
-SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3ff6de1"
-S = "${WORKDIR}/${BP}/src"
-SYSTEMD_SERVICE_${PN} = "krb5-admin-server.service krb5-kdc.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-PACKAGECONFIG ??= "openssl"
-PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
-PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl"
-PACKAGECONFIG[keyutils] = "--enable-keyutils,--disable-keyutils,keyutils"
-PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
-PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline"
-EXTRA_OECONF += " --without-tcl --with-system-et --disable-rpath"
-CACHED_CONFIGUREVARS += "krb5_cv_attr_constructor_destructor=yes ac_cv_func_regcomp=yes \
-                  ac_cv_printf_positional=yes ac_cv_file__etc_environment=yes \
-                  ac_cv_file__etc_TIMEZONE=no"
-CFLAGS_append = " -DDESTRUCTOR_ATTR_WORKS=1 -I${STAGING_INCDIR}/et"
-LDFLAGS_append = " -lpthread"
-FILES_${PN} += "${datadir}/gnats"
-FILES_${PN}-doc += "${datadir}/examples"
-FILES_${PN}-dbg += "${libdir}/krb5/plugins/*/.debug"
-# As this recipe doesn't inherit update-rc.d, we need to add this dependency here
-RDEPENDS_${PN}_class-target += "initscripts-functions"
-krb5_do_unpack() {
-    # ${P}-signed.tar contains ${P}.tar.gz.asc and ${P}.tar.gz
-    tar xzf ${WORKDIR}/${BP}.tar.gz -C ${WORKDIR}/
-}
-python do_unpack() {
-    bb.build.exec_func('base_do_unpack', d)
-    bb.build.exec_func('krb5_do_unpack', d)
-}
-do_configure() {
-    gnu-configize --force
-    autoreconf
-    oe_runconf
-}
-do_install_append() {
-    rm -rf ${D}/${localstatedir}/run
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
-        mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default
-        install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d
-        install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default
-        mkdir -p ${D}/${sysconfdir}/default/volatiles
-        echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \
-              > ${D}${sysconfdir}/default/volatiles/87_krb5
-    fi
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        install -d ${D}${sysconfdir}/tmpfiles.d
-        echo "d /run/krb5kdc - - - -" \
-              > ${D}${sysconfdir}/tmpfiles.d/krb5.conf
-        install -d ${D}${systemd_system_unitdir}
-        install -m 0644 ${WORKDIR}/krb5-admin-server.service ${D}${systemd_system_unitdir}
-        install -m 0644 ${WORKDIR}/krb5-kdc.service ${D}${systemd_system_unitdir}
-    fi
-}
-pkg_postinst_${PN} () {
-    if [ -z "$D" ]; then
-        if command -v systemd-tmpfiles >/dev/null; then
-            systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/krb5.conf
-        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
-            ${sysconfdir}/init.d/populate-volatile.sh update
-        fi
-    fi
-}
-BBCLASSEXTEND = "native nativesdk"
author	Wenzong Fan <wenzong.fan@windriver.com>	2016-09-12 04:55:16 -0400
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-09-15 10:22:49 +0200
commit	2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28 (patch)
tree	a23fe60e6020c0c476757e79297a1d55231d1c7b /meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
parent	dd0f1adc981a8517cfd0ab4395147316053278de (diff)
download	meta-openembedded-2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28.tar.gz

diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb deleted file mode 100644 index 12d35319c..000000000 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb +++ /dev/null
@@ -1,120 +0,0 @@
1	SUMMARY = "A network authentication protocol"
2	DESCRIPTION = "Kerberos is a system for authenticating users and services on a network. \
3	Kerberos is a trusted third-party service. That means that there is a \
4	third party (the Kerberos server) that is trusted by all the entities on \
5	the network (users and services, usually called "principals"). \
6	. \
7	This is the MIT reference implementation of Kerberos V5. \
8	. \
9	This package contains the Kerberos key server (KDC). The KDC manages all \
10	authentication credentials for a Kerberos realm, holds the master keys \
11	for the realm, and responds to authentication requests. This package \
12	should be installed on both master and slave KDCs."
13
14	HOMEPAGE = "http://web.mit.edu/Kerberos/"
15	SECTION = "console/network"
16	LICENSE = "MIT"
17	LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f"
18	DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native"
19
20	inherit autotools-brokensep binconfig perlnative systemd
21
22	SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
23	SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \
24	file://0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch \
25	file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \
26	file://Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch;striplevel=2 \
27	file://Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch;striplevel=2 \
28	file://Fix-build_principal-memory-bug-CVE-2015-2697.patch;striplevel=2 \
29	file://Fix-IAKERB-context-export-import-CVE-2015-2698.patch;striplevel=2 \
30	file://crosscompile_nm.patch \
31	file://etc/init.d/krb5-kdc \
32	file://etc/init.d/krb5-admin-server \
33	file://etc/default/krb5-kdc \
34	file://etc/default/krb5-admin-server \
35	file://krb5-kdc.service \
36	file://krb5-admin-server.service \
37	file://krb5-CVE-2016-3119.patch;striplevel=2 \
38	file://0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch;striplevel=2 \
39	file://krb5-CVE-2016-3120.patch;striplevel=2 \
40	"
41	SRC_URI[md5sum] = "f7ebfa6c99c10b16979ebf9a98343189"
42	SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3ff6de1"
43
44	S = "${WORKDIR}/${BP}/src"
45
46	SYSTEMD_SERVICE_${PN} = "krb5-admin-server.service krb5-kdc.service"
47	SYSTEMD_AUTO_ENABLE = "disable"
48
49	PACKAGECONFIG ??= "openssl"
50	PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
51	PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl"
52	PACKAGECONFIG[keyutils] = "--enable-keyutils,--disable-keyutils,keyutils"
53	PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
54	PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline"
55
56	EXTRA_OECONF += " --without-tcl --with-system-et --disable-rpath"
57	CACHED_CONFIGUREVARS += "krb5_cv_attr_constructor_destructor=yes ac_cv_func_regcomp=yes \
58	ac_cv_printf_positional=yes ac_cv_file__etc_environment=yes \
59	ac_cv_file__etc_TIMEZONE=no"
60
61	CFLAGS_append = " -DDESTRUCTOR_ATTR_WORKS=1 -I${STAGING_INCDIR}/et"
62	LDFLAGS_append = " -lpthread"
63
64	FILES_${PN} += "${datadir}/gnats"
65	FILES_${PN}-doc += "${datadir}/examples"
66	FILES_${PN}-dbg += "${libdir}/krb5/plugins/*/.debug"
67
68	# As this recipe doesn't inherit update-rc.d, we need to add this dependency here
69	RDEPENDS_${PN}_class-target += "initscripts-functions"
70
71	krb5_do_unpack() {
72	# ${P}-signed.tar contains ${P}.tar.gz.asc and ${P}.tar.gz
73	tar xzf ${WORKDIR}/${BP}.tar.gz -C ${WORKDIR}/
74	}
75
76	python do_unpack() {
77	bb.build.exec_func('base_do_unpack', d)
78	bb.build.exec_func('krb5_do_unpack', d)
79	}
80
81	do_configure() {
82	gnu-configize --force
83	autoreconf
84	oe_runconf
85	}
86
87	do_install_append() {
88	rm -rf ${D}/${localstatedir}/run
89
90	if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
91	mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default
92	install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d
93	install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default
94
95	mkdir -p ${D}/${sysconfdir}/default/volatiles
96	echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \
97	> ${D}${sysconfdir}/default/volatiles/87_krb5
98	fi
99	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
100	install -d ${D}${sysconfdir}/tmpfiles.d
101	echo "d /run/krb5kdc - - - -" \
102	> ${D}${sysconfdir}/tmpfiles.d/krb5.conf
103
104	install -d ${D}${systemd_system_unitdir}
105	install -m 0644 ${WORKDIR}/krb5-admin-server.service ${D}${systemd_system_unitdir}
106	install -m 0644 ${WORKDIR}/krb5-kdc.service ${D}${systemd_system_unitdir}
107	fi
108	}
109
110	pkg_postinst_${PN} () {
111	if [ -z "$D" ]; then
112	if command -v systemd-tmpfiles >/dev/null; then
113	systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/krb5.conf
114	elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
115	${sysconfdir}/init.d/populate-volatile.sh update
116	fi
117	fi
118	}
119
120	BBCLASSEXTEND = "native nativesdk"