diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2016-09-12 04:55:16 -0400 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-09-15 10:22:49 +0200 |
commit | 2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28 (patch) | |
tree | a23fe60e6020c0c476757e79297a1d55231d1c7b /meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | |
parent | dd0f1adc981a8517cfd0ab4395147316053278de (diff) | |
download | meta-openembedded-2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28.tar.gz |
krb5: upgrade to 1.13.6
* fix CVEs: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
* update LIC_FILES_CHKSUM, only Copyright changed in NOTICE file:
-Copyright (C) 1985-2015 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2016 by the Massachusetts Institute of Technology.
* remove useless functions: krb5_do_unpack(), do_unpack()
* remove patches that included by new release:
- 0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch
- Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
- Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
- Fix-build_principal-memory-bug-CVE-2015-2697.patch
- Fix-IAKERB-context-export-import-CVE-2015-2698.patch
- krb5-CVE-2016-3119.patch
- krb5-CVE-2016-3120.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb')
-rw-r--r-- | meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 120 |
1 files changed, 0 insertions, 120 deletions
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb deleted file mode 100644 index 12d35319c..000000000 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb +++ /dev/null | |||
@@ -1,120 +0,0 @@ | |||
1 | SUMMARY = "A network authentication protocol" | ||
2 | DESCRIPTION = "Kerberos is a system for authenticating users and services on a network. \ | ||
3 | Kerberos is a trusted third-party service. That means that there is a \ | ||
4 | third party (the Kerberos server) that is trusted by all the entities on \ | ||
5 | the network (users and services, usually called "principals"). \ | ||
6 | . \ | ||
7 | This is the MIT reference implementation of Kerberos V5. \ | ||
8 | . \ | ||
9 | This package contains the Kerberos key server (KDC). The KDC manages all \ | ||
10 | authentication credentials for a Kerberos realm, holds the master keys \ | ||
11 | for the realm, and responds to authentication requests. This package \ | ||
12 | should be installed on both master and slave KDCs." | ||
13 | |||
14 | HOMEPAGE = "http://web.mit.edu/Kerberos/" | ||
15 | SECTION = "console/network" | ||
16 | LICENSE = "MIT" | ||
17 | LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f" | ||
18 | DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native" | ||
19 | |||
20 | inherit autotools-brokensep binconfig perlnative systemd | ||
21 | |||
22 | SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" | ||
23 | SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \ | ||
24 | file://0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch \ | ||
25 | file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \ | ||
26 | file://Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch;striplevel=2 \ | ||
27 | file://Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch;striplevel=2 \ | ||
28 | file://Fix-build_principal-memory-bug-CVE-2015-2697.patch;striplevel=2 \ | ||
29 | file://Fix-IAKERB-context-export-import-CVE-2015-2698.patch;striplevel=2 \ | ||
30 | file://crosscompile_nm.patch \ | ||
31 | file://etc/init.d/krb5-kdc \ | ||
32 | file://etc/init.d/krb5-admin-server \ | ||
33 | file://etc/default/krb5-kdc \ | ||
34 | file://etc/default/krb5-admin-server \ | ||
35 | file://krb5-kdc.service \ | ||
36 | file://krb5-admin-server.service \ | ||
37 | file://krb5-CVE-2016-3119.patch;striplevel=2 \ | ||
38 | file://0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch;striplevel=2 \ | ||
39 | file://krb5-CVE-2016-3120.patch;striplevel=2 \ | ||
40 | " | ||
41 | SRC_URI[md5sum] = "f7ebfa6c99c10b16979ebf9a98343189" | ||
42 | SRC_URI[sha256sum] = "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3ff6de1" | ||
43 | |||
44 | S = "${WORKDIR}/${BP}/src" | ||
45 | |||
46 | SYSTEMD_SERVICE_${PN} = "krb5-admin-server.service krb5-kdc.service" | ||
47 | SYSTEMD_AUTO_ENABLE = "disable" | ||
48 | |||
49 | PACKAGECONFIG ??= "openssl" | ||
50 | PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" | ||
51 | PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl" | ||
52 | PACKAGECONFIG[keyutils] = "--enable-keyutils,--disable-keyutils,keyutils" | ||
53 | PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" | ||
54 | PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" | ||
55 | |||
56 | EXTRA_OECONF += " --without-tcl --with-system-et --disable-rpath" | ||
57 | CACHED_CONFIGUREVARS += "krb5_cv_attr_constructor_destructor=yes ac_cv_func_regcomp=yes \ | ||
58 | ac_cv_printf_positional=yes ac_cv_file__etc_environment=yes \ | ||
59 | ac_cv_file__etc_TIMEZONE=no" | ||
60 | |||
61 | CFLAGS_append = " -DDESTRUCTOR_ATTR_WORKS=1 -I${STAGING_INCDIR}/et" | ||
62 | LDFLAGS_append = " -lpthread" | ||
63 | |||
64 | FILES_${PN} += "${datadir}/gnats" | ||
65 | FILES_${PN}-doc += "${datadir}/examples" | ||
66 | FILES_${PN}-dbg += "${libdir}/krb5/plugins/*/.debug" | ||
67 | |||
68 | # As this recipe doesn't inherit update-rc.d, we need to add this dependency here | ||
69 | RDEPENDS_${PN}_class-target += "initscripts-functions" | ||
70 | |||
71 | krb5_do_unpack() { | ||
72 | # ${P}-signed.tar contains ${P}.tar.gz.asc and ${P}.tar.gz | ||
73 | tar xzf ${WORKDIR}/${BP}.tar.gz -C ${WORKDIR}/ | ||
74 | } | ||
75 | |||
76 | python do_unpack() { | ||
77 | bb.build.exec_func('base_do_unpack', d) | ||
78 | bb.build.exec_func('krb5_do_unpack', d) | ||
79 | } | ||
80 | |||
81 | do_configure() { | ||
82 | gnu-configize --force | ||
83 | autoreconf | ||
84 | oe_runconf | ||
85 | } | ||
86 | |||
87 | do_install_append() { | ||
88 | rm -rf ${D}/${localstatedir}/run | ||
89 | |||
90 | if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then | ||
91 | mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default | ||
92 | install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d | ||
93 | install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default | ||
94 | |||
95 | mkdir -p ${D}/${sysconfdir}/default/volatiles | ||
96 | echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ | ||
97 | > ${D}${sysconfdir}/default/volatiles/87_krb5 | ||
98 | fi | ||
99 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
100 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
101 | echo "d /run/krb5kdc - - - -" \ | ||
102 | > ${D}${sysconfdir}/tmpfiles.d/krb5.conf | ||
103 | |||
104 | install -d ${D}${systemd_system_unitdir} | ||
105 | install -m 0644 ${WORKDIR}/krb5-admin-server.service ${D}${systemd_system_unitdir} | ||
106 | install -m 0644 ${WORKDIR}/krb5-kdc.service ${D}${systemd_system_unitdir} | ||
107 | fi | ||
108 | } | ||
109 | |||
110 | pkg_postinst_${PN} () { | ||
111 | if [ -z "$D" ]; then | ||
112 | if command -v systemd-tmpfiles >/dev/null; then | ||
113 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/krb5.conf | ||
114 | elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then | ||
115 | ${sysconfdir}/init.d/populate-volatile.sh update | ||
116 | fi | ||
117 | fi | ||
118 | } | ||
119 | |||
120 | BBCLASSEXTEND = "native nativesdk" | ||