security bump - bug #396105

Package-Manager: portage-2.1.10.43/cvs/Linux x86_64

5 files changed, 189 insertions, 15 deletions

diff --git a/app-crypt/heimdal/ChangeLog b/app-crypt/heimdal/ChangeLog
index c83b11626cd7..59383271b323 100644
--- a/app-crypt/heimdal/ChangeLog
+++ b/app-crypt/heimdal/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-crypt/heimdal
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.181 2011/11/28 10:05:08 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.182 2011/12/27 21:15:10 eras Exp $
+
+*heimdal-1.5.1-r1 (27 Dec 2011)
+
+  27 Dec 2011; Eray Aslan <eras@gentoo.org> +heimdal-1.5.1-r1.ebuild,
+  +files/CVE-2011-4862.patch, +files/heimdal_missing-include.patch:
+  security bump - bug #396105
 
   28 Nov 2011; Eray Aslan <eras@gentoo.org> heimdal-1.5.1.ebuild:
   Drop autotools-utils - bug #392081
diff --git a/app-crypt/heimdal/Manifest b/app-crypt/heimdal/Manifest
index 80edb7102221..bbcea290d94a 100644
--- a/app-crypt/heimdal/Manifest
+++ b/app-crypt/heimdal/Manifest
@@ -1,6 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX CVE-2011-4862.patch 456 RMD160 e28419dffda573918ff5d6e0da1dc51fd5324629 SHA1 b927c7cb3f8a69fcfac34615c381b118d4c91a53 SHA256 856ef749a795087582849e6e14921d36271c110b6e1039e7e073e8b508031a08
 AUX heimdal-kadmind.confd 151 RMD160 25ae05e118d61a06871d4b7cea4caf3bf8b28cc1 SHA1 4187aa7ec5ddbc79f25d30d65c1f0d6dd2ab0992 SHA256 892f9650d4eb631eb1ea435dc8d3defd3805e6d1f2fa59a698d424c44915d644
 AUX heimdal-kadmind.initd 579 RMD160 d6cae14cfabe5b0170664b882fd8691870181f61 SHA1 b2c58d80917ae63eeb8eb120be076db0b673f6c5 SHA256 1f1e6a086d3f07620f0656bac67d1b3bbe0d8c9cca66dc3c5a01afd7fdbc0549
 AUX heimdal-kadmind.initd-r1 553 RMD160 aaa2e4a8918254f1f663089ef2f63161cebefb0b SHA1 fdda38fda6ad81e3dfe31aa20b8948a57d940ae5 SHA256 cb598a34926c9152072f77027da0106684245e6c53cb931233de32a2c8011a79
@@ -16,6 +17,7 @@ AUX heimdal-kpasswdd.initd-r1 575 RMD160 1f4a7c22a1594cbc280b7f8a85aafac33504441
 AUX heimdal_db5.patch 923 RMD160 e7e74d67b2b8789b006ea0dae5695a49386f86f3 SHA1 66106a8c39db0c61a90f0e847417a107cd91931e SHA256 5dac2109683705b2ade8962abfd88f1d989a371b811bc17176c5b360a67bcbe3
 AUX heimdal_disable-check-iprop.patch 577 RMD160 ce3733c555c5c13f320bb9a11b5911ab43f7da85 SHA1 a5ab37be218e03e57cf637a5f45ba630bcb45bcf SHA256 b2ab6f335b5a756856a5df635df82488f9dcdb3ed02a7114f90b4a34911f9721
 AUX heimdal_link_order.patch 1164 RMD160 5aaed57c15dd24e3f51e9fb10c2020bbec88d811 SHA1 5080b5d7d350da5c34e77ef11b990e59b2af4709 SHA256 794560047c549a996d03140ebcbd0476646f4a8e9e36d0cfe6cbaddba611e754
+AUX heimdal_missing-include.patch 255 RMD160 113517789c643163acec3a2f09870a87074af37e SHA1 b647d5a23f67c71febcf0a3b0fe4f2be867ebe1b SHA256 1ad9d71d01776e2d2dd49da5951f6f02630ce137be910ff8484968e8327837c3
 AUX heimdal_openssl-1.patch 4623 RMD160 1450ee6db0dc8f4603ad3db7f093f4e9021f34f7 SHA1 f0c03e0afe2daff84eec888c2025568628210358 SHA256 359c6201937e91ad9f78cbac07a7e74e467582400de16049eba0fbb30aad1a86
 AUX heimdal_testsuite.patch 11928 RMD160 4e5f3277b07b8c0dd08d8518e381d9d21c296332 SHA1 e9e35a7306f4c59d05a0934b41a192faaa638a6b SHA256 0edb8be49749b27c37d8a19d7129f52dde26a17cc029d541042e568b39fe1db3
 AUX heimdal_testsuite_extra.patch 2352 RMD160 1f2dd032c995d672d376821060ea10684720c5ad SHA1 5537e1d96bc5509c987a2ea75df8dc3d3a5a1cb8 SHA256 301a27f3b36e00ca289d35c3554c4f03f1688e5e16a883b15a3d75180f9c8052
@@ -26,24 +28,25 @@ DIST heimdal-1.5.1.tar.gz 6800347 RMD160 d66b09bddcd762e91092f862ea084abbcc3670c
 DIST heimdal-1.5.tar.gz 6594801 RMD160 308ef50e804402aab2fd3d8f25a798bec692c597 SHA1 fdf29096a1fa71a275881d64d178c211f148f0fc SHA256 8fe69a90e7ddbf5989054f899071365476689b7aed82bf0443b5bf85f934d53a
 EBUILD heimdal-1.3.3-r1.ebuild 3117 RMD160 60261063ae30fb906c353218b55d513adf4548fe SHA1 56b35803057793143fe26101a69be1ed44998cb2 SHA256 3194ddfc323737a8c00e44ddc7368480e100438c79b0dc4d30eb78a43ced0350
 EBUILD heimdal-1.4.1_pre20110304.ebuild 3642 RMD160 925071edf8d622763a2916b5cc595ea180432fe0 SHA1 3d40be95a8248c6a307838f60884625b0b87ef57 SHA256 9d43884ab18d00148ae7b5ce3321352d17ba00bc6e4ee72110581350d11dbd28
+EBUILD heimdal-1.5.1-r1.ebuild 3624 RMD160 1af591aaa1836f1cba115408cc3f4e791d9614ab SHA1 4b599a5490a2cb5599512f2ab583e0902aa73dfc SHA256 7cf0574d3b1e406f0b7c96f97eab69478b9072b69659d56b31d2940e97f173dd
 EBUILD heimdal-1.5.1.ebuild 3527 RMD160 fd1e1a9e6172dfa64ca3fe6f87153ad0637af9f8 SHA1 caa4cdbb79679b31192c951d940aef6621b5ecbb SHA256 4ba9352ab2ae5938f995cfc447f5676e866f5c2ec526f404d2c097b5dd9df781
 EBUILD heimdal-1.5.ebuild 3266 RMD160 5b520080e308b302669a8a3e8c9375e4aa01b0ac SHA1 876488d248c55e86c40a0681ddb0635d006abb47 SHA256 92e8fda935319fda977c6fe9ad8d4905bf043b7086974c27f92f7bf7ea8b210f
-MISC ChangeLog 29691 RMD160 d0a8a0c7e701828d4bf12d09006fcaf6a20db095 SHA1 94282456bcbbfb86d73372b9dee8383a16a5f59e SHA256 49eb1698fdc08050f09ddc958e31c45398799d10b540a3d079321ff1689b3014
+MISC ChangeLog 29893 RMD160 c8bc8584a981b3a52533da3b9eb24459da97b226 SHA1 b01259e18cdebd8beb91b014dbf655ce449ad5e4 SHA256 990312ae5528febb4dfae9d7c363425cae0baee77a2fbf97197bc3cec23daf6c
 MISC metadata.xml 469 RMD160 2dc8ebb842bdde2d766a1d35335d97581686cccc SHA1 f87ee646d52dc65e1c232b5ca15f7cfeef213304 SHA256 8d648750dfc00c8726d98166f672d9d35396cdad6f1ebed89e0ee4a29045abad
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
-iQIcBAEBCAAGBQJO01zjAAoJEHfx8XVYajsf3wYP/ig7yEXtjHTniU8ggPr5h05z
-vkwNDH3dpjDjui0ukBzrQ+At0N8NL/YMcDErxMqAWT5larUYBlqQIcfAjbjAd1WK
-BOzIDpQCoNMzkHD36c27Kya7g6Aip9y4PdrqrnU2ikasNvat8L6xZ+mFDWtPFmOl
-gdye0LMm59C9s8OpOMF4TD7UqUPcz6ROrTVXxxVj3MuGdoXxEKK8P3RzmI1Itto8
-S2KDkhHOW1ibkilwS4vnxnZTXHzJfKjXp80dB2dlGTt3qBcLBkuNqeMqbqvMr+B1
-z9iRHG6PXw9PeOfeVlWrGSJxm+xw98vIgKgYppaAmdYdVAlK4qcYOvGSADKkSie+
-uXid/os/uODUG6G1NMWb8vIsS4bicNDVKybUknqbT67SW71lHrZBFPQZq1O+JpPc
-LiFO6X3WV+Op3a0ZbQ0SsGdO9gKFRu2NgpGJHq61v9DDsiZNUc168REnd1gWY91s
-Pz5dIfo6TpFUSfkVJpEX2M6z44Y4qFgib1vBvTAn/TjyQStoAMrpU6WW3um8/A7O
-8yUI1x42/h66Rcrv+Jse5GfM4jPzEZG9lgSpPAd2XTXuLltaYmqJqfnTuJoiXv1u
-g8oh3MEYczcFg+CrBCIId6yN2yBkxUR+8o53AwQ8dCBHC3dZ6MF2ZTwxc8Oew7xK
-2FuRs18NUHmpycgOUckF
-=k+qm
+iQIcBAEBCAAGBQJO+jVtAAoJEHfx8XVYajsfTbEP/34PL2hetNRax84w0SMiXJ3K
+mKIJGovPkEKOdCro3C6ggtCpf+aemrrt6IaQPYmkkYeEY26T2cnbUqaw4Ew89wGf
+MRMMwjzNTfUV/faeCtrD9OB21W11PvTx2AJLrgmsHTbgtMpPBPA17yPOPlYoC91V
+RbF1BTFlEhcvD/9MX5GrV6d+sFE7dq0ns7MSdUPilc5Hr2uYxrIW3hGxAVUBIeZc
+kcfXCzQKTGR5zKVOVKbjTGoI0tcoQoffHbNzx6GPRpRf+m9eE4x50pKpYrPAUQSe
+T9EZCVXFyVBXU4l60Fy8h9BczJZ5zNM+BOI5Xr9zM+4l0iARusP3N7yGTuhycJZ1
+cGJ0A0DdHQpgimPwcsBrPkS5DgvBR9UPOTxI2M51fu54p9TSDsIO/ONMgCyYxbVq
+yBVj70wi1LJGaXxdvwlTQACw94f2dYZaruJYmXDn3h3vdNWASvub8y7A4+JzIQyY
+0YhEHxjpXgHFpd4hhcu57i0AVUPq6+TylxJbRyvLvb3rEkxkyCjJLEkqMswxzlxj
+OC475qn5xoSQglV9Fu2QQNurGrtb7LCo5Iu8SeRlm4L5VuZze3p8dhploDLtusg/
+TEU2BAKRJa35dJQVj1P1lK+FbZMIXvZRRZqGk4JSLyoBbOkY0E7d1xxN0sKK01cm
+eeKH47eXXGC6bBbvxUln
+=0R+X
 -----END PGP SIGNATURE-----
diff --git a/app-crypt/heimdal/files/CVE-2011-4862.patch b/app-crypt/heimdal/files/CVE-2011-4862.patch
new file mode 100644
index 000000000000..1c4672fcaf98
--- /dev/null
+++ b/app-crypt/heimdal/files/CVE-2011-4862.patch
@@ -0,0 +1,16 @@
+Stolen shamelessly from FreeBSD
+
+Index: crypto/heimdal/appl/telnet/libtelnet/encrypt.c
+===================================================================
+--- appl/telnet/libtelnet/encrypt.c	(revision 228798)
++++ appl/telnet/libtelnet/encrypt.c	(working copy)
+@@ -736,6 +736,9 @@
+     int dir = kp->dir;
+     int ret = 0;
+ 
++    if (len > MAXKEYLEN)
++        len = MAXKEYLEN;
++
+     if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ 	if (len == 0)
+ 	    return;
diff --git a/app-crypt/heimdal/files/heimdal_missing-include.patch b/app-crypt/heimdal/files/heimdal_missing-include.patch
new file mode 100644
index 000000000000..e245cf8fff07
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_missing-include.patch
@@ -0,0 +1,11 @@
+--- base/test_base.c	2011-09-30 15:58:45.000000000 +0300
++++ base/test_base.c	2011-12-27 23:04:50.482955923 +0200
+@@ -39,6 +39,8 @@
+ #include "heimbase.h"
+ #include "heimbasepriv.h"
+ 
++#include <stdlib.h>
++
+ static void
+ memory_free(heim_object_t obj)
+ {
diff --git a/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild b/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild
new file mode 100644
index 000000000000..9d029170b0cd
--- /dev/null
+++ b/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/heimdal-1.5.1-r1.ebuild,v 1.1 2011/12/27 21:15:10 eras Exp $
+
+EAPI=2
+# PYTHON_BDEPEND="2"
+VIRTUALX_REQUIRED="manual"
+
+inherit autotools db-use eutils libtool python toolchain-funcs virtualx flag-o-matic
+
+MY_P="${P}"
+DESCRIPTION="Kerberos 5 implementation from KTH"
+HOMEPAGE="http://www.h5l.org/"
+SRC_URI="http://www.h5l.org/dist/src/${MY_P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="afs +berkdb caps hdb-ldap ipv6 otp +pkinit ssl static-libs threads test X"
+
+RDEPEND="ssl? ( dev-libs/openssl )
+	berkdb? ( sys-libs/db )
+	!berkdb? ( sys-libs/gdbm )
+	caps? ( sys-libs/libcap-ng )
+	>=dev-db/sqlite-3.5.7
+	>=sys-libs/e2fsprogs-libs-1.41.11
+	afs? ( net-fs/openafs )
+	hdb-ldap? ( >=net-nds/openldap-2.3.0 )
+	!!app-crypt/mit-krb5"
+
+DEPEND="${RDEPEND}
+	=dev-lang/python-2*
+	dev-util/pkgconfig
+	>=sys-devel/autoconf-2.62
+	test? ( X? ( ${VIRTUALX_DEPEND} ) )"
+
+pkg_setup() {
+	python_set_active_version 2
+	python_pkg_setup
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/heimdal_missing-include.patch"
+	epatch "${FILESDIR}/CVE-2011-4862.patch"
+	epatch "${FILESDIR}/heimdal_db5.patch"
+	epatch "${FILESDIR}/heimdal_disable-check-iprop.patch"
+	epatch "${FILESDIR}/heimdal_link_order.patch"
+	eautoreconf
+}
+
+src_configure() {
+	# QA
+	append-flags -fno-strict-aliasing
+
+	local myconf=""
+	if use berkdb; then
+		myconf="--with-berkeley-db --with-berkeley-db-include=$(db_includedir)"
+	else
+		myconf="--without-berkeley-db"
+	fi
+	econf \
+		--enable-kcm \
+		--disable-osfc2 \
+		--enable-shared \
+		--with-libintl=/usr \
+		--with-readline=/usr \
+		--with-sqlite3=/usr \
+		--libexecdir=/usr/sbin \
+		$(use_enable afs afs-support) \
+		$(use_enable otp) \
+		$(use_enable pkinit kx509) \
+		$(use_enable pkinit pk-init) \
+		$(use_enable static-libs static) \
+		$(use_enable threads pthread-support) \
+		$(use_with caps capng) \
+		$(use_with hdb-ldap openldap /usr) \
+		$(use_with ipv6) \
+		$(use_with ssl openssl /usr) \
+		$(use_with X x) \
+		${myconf}
+}
+
+src_compile() {
+	emake -j1 || die "emake failed"
+}
+
+src_install() {
+	INSTALL_CATPAGES="no" emake DESTDIR="${D}" install || die "emake install failed"
+
+	dodoc ChangeLog README NEWS TODO
+
+	# Begin client rename and install
+	for i in {telnetd,ftpd,rshd,popper}
+	do
+		mv "${D}"/usr/share/man/man8/{,k}${i}.8
+		mv "${D}"/usr/sbin/{,k}${i}
+	done
+
+	for i in {rcp,rsh,telnet,ftp,su,login,pagsh,kf}
+	do
+		mv "${D}"/usr/share/man/man1/{,k}${i}.1
+		mv "${D}"/usr/bin/{,k}${i}
+	done
+
+	mv "${D}"/usr/share/man/man5/{,k}ftpusers.5
+	mv "${D}"/usr/share/man/man5/{,k}login.access.5
+
+	newinitd "${FILESDIR}"/heimdal-kdc.initd-r1 heimdal-kdc
+	newinitd "${FILESDIR}"/heimdal-kadmind.initd-r1 heimdal-kadmind
+	newinitd "${FILESDIR}"/heimdal-kpasswdd.initd-r1 heimdal-kpasswdd
+	newinitd "${FILESDIR}"/heimdal-kcm.initd-r1 heimdal-kcm
+
+	newconfd "${FILESDIR}"/heimdal-kdc.confd heimdal-kdc
+	newconfd "${FILESDIR}"/heimdal-kadmind.confd heimdal-kadmind
+	newconfd "${FILESDIR}"/heimdal-kpasswdd.confd heimdal-kpasswdd
+	newconfd "${FILESDIR}"/heimdal-kcm.confd heimdal-kcm
+
+	insinto /etc
+	newins "${FILESDIR}"/krb5.conf krb5.conf.example
+
+	if use hdb-ldap; then
+		insinto /etc/openldap/schema
+		doins "${S}/lib/hdb/hdb.schema"
+	fi
+
+	use static-libs || find "${D}"/usr/lib* -name '*.la' -delete
+
+	# default database dir
+	keepdir /var/heimdal
+}
+
+pkg_preinst() {
+	preserve_old_lib /usr/$(get_libdir)/libgssapi.so.2
+}
+
+pkg_postinst() {
+	preserve_old_lib_notify /usr/$(get_libdir)/libgssapi.so.2
+}