summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch109
-rw-r--r--net-nds/openldap/openldap-2.4.49-r2.ebuild (renamed from net-nds/openldap/openldap-2.4.48.ebuild)52
2 files changed, 25 insertions, 136 deletions
diff --git a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch
deleted file mode 100644
index e511746..0000000
--- a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
-Forward-port an old Debian patch that upstream never applied.
-
-Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-Signed-off-by: Steffen Hau <steffen@hauihau.de>
-X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
-X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
-X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
-
---- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700
-+++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700
-@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
- typedef PK11Context *des_context[1];
- #define DES_ENCRYPT CKA_ENCRYPT
-
-+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
-+# include <gcrypt.h>
-+static int gcrypt_init = 0;
-+
-+typedef const void* des_key;
-+typedef unsigned char des_cblock[8];
-+typedef des_cblock des_data_block;
-+typedef int des_key_schedule; /* unused */
-+typedef des_key_schedule des_context; /* unused */
-+#define des_failed(encrypted) 0
-+#define des_finish(key, schedule)
-+
-+#define des_set_key_unchecked( key, key_sched ) \
-+ gcry_cipher_setkey( hd, key, 8 )
-+
-+#define des_ecb_encrypt( input, output, key_sched, enc ) \
-+ gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
-+
-+#define des_set_odd_parity( key ) do {} while(0)
-+
- #endif
-
- #endif /* SLAPD_LMHASH */
-@@ -651,7 +671,7 @@ static int chk_md5(
-
- #ifdef SLAPD_LMHASH
-
--#if defined(HAVE_OPENSSL)
-+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
-
- /*
- * abstract away setting the parity.
-@@ -841,6 +861,19 @@ static int chk_lanman(
- des_data_block StdText = "KGS!@#$%";
- des_data_block PasswordHash1, PasswordHash2;
- char PasswordHash[33], storedPasswordHash[33];
-+
-+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
-+ gcry_cipher_hd_t hd;
-+
-+ if ( !gcrypt_init ) {
-+ gcry_check_version( GCRYPT_VERSION );
-+ gcrypt_init = 1;
-+ }
-+
-+ schedule = schedule; /* unused - avoid warning */
-+
-+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
-+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
-
- for( i=0; i<cred->bv_len; i++) {
- if(cred->bv_val[i] == '\0') {
-@@ -883,6 +916,10 @@ static int chk_lanman(
- strncpy( storedPasswordHash, passwd->bv_val, 32 );
- storedPasswordHash[32] = '\0';
- ldap_pvt_str2lower( storedPasswordHash );
-+
-+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
-+ gcry_cipher_close( hd );
-+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
-
- return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
- }
-@@ -1138,6 +1175,19 @@ static int hash_lanman(
- des_data_block PasswordHash1, PasswordHash2;
- char PasswordHash[33];
-
-+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
-+ gcry_cipher_hd_t hd;
-+
-+ if ( !gcrypt_init ) {
-+ gcry_check_version( GCRYPT_VERSION );
-+ gcrypt_init = 1;
-+ }
-+
-+ schedule = schedule; /* unused - avoid warning */
-+
-+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
-+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
-+
- for( i=0; i<passwd->bv_len; i++) {
- if(passwd->bv_val[i] == '\0') {
- return LUTIL_PASSWD_ERR; /* NUL character in password */
-@@ -1168,6 +1218,10 @@ static int hash_lanman(
-
- hash->bv_val = PasswordHash;
- hash->bv_len = 32;
-+
-+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
-+ gcry_cipher_close( hd );
-+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
-
- return pw_string( scheme, hash );
- }
diff --git a/net-nds/openldap/openldap-2.4.48.ebuild b/net-nds/openldap/openldap-2.4.49-r2.ebuild
index 78f2046..8f9fdac 100644
--- a/net-nds/openldap/openldap-2.4.48.ebuild
+++ b/net-nds/openldap/openldap-2.4.49-r2.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI=7
-inherit autotools db-use eapi7-ver flag-o-matic multilib multilib-minimal ssl-cert toolchain-funcs user systemd
+inherit autotools db-use flag-o-matic multilib-minimal ssl-cert toolchain-funcs user systemd
BIS_PN=rfc2307bis.schema
BIS_PV=20140524
@@ -18,9 +18,9 @@ SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz
LICENSE="OPENLDAP GPL-2"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-linux ~x86-linux ~x86-solaris"
-IUSE_DAEMON="crypt samba slp tcpd experimental minimal"
+IUSE_DAEMON="crypt samba tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test"
@@ -28,6 +28,7 @@ IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+RESTRICT="!test? ( test )"
REQUIRED_USE="cxx? ( sasl )
pbkdf2? ( ssl )
test? ( berkdb )
@@ -42,7 +43,7 @@ BDB_PKGS=''
for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done
# openssl is needed to generate lanman-passwords required by samba
-CDEPEND="
+COMMON_DEPEND="
ssl? (
!gnutls? (
!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
@@ -61,7 +62,6 @@ CDEPEND="
tcpd? ( sys-apps/tcp-wrappers )
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
- slp? ( net-libs/openslp )
perl? ( dev-lang/perl:=[-build(-)] )
samba? (
!libressl? ( dev-libs/openssl:0= )
@@ -83,10 +83,10 @@ CDEPEND="
cxx? ( dev-libs/cyrus-sasl:= )
)
"
-DEPEND="${CDEPEND}
+DEPEND="${COMMON_DEPEND}
sys-apps/groff
"
-RDEPEND="${CDEPEND}
+RDEPEND="${COMMON_DEPEND}
selinux? ( sec-policy/selinux-ldap )
"
# for tracking versions
@@ -456,7 +456,7 @@ multilib_src_configure() {
# slapd options
myconf+=(
$(use_enable crypt)
- $(use_enable slp)
+ --disable-slp
$(use_enable samba lmpasswd)
$(use_enable syslog)
)
@@ -723,7 +723,7 @@ multilib_src_compile() {
multilib_src_test() {
if multilib_is_native_abi; then
cd tests || die
- emake tests || die "make tests failed"
+ emake tests
fi
}
@@ -741,19 +741,19 @@ multilib_src_install() {
use prefix || fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
- echo "OLDPF='${PF}'" > "${ED%/}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# do NOT delete this. it is used" >> "${ED%/}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
- echo "# to track versions for upgrading." >> "${ED%/}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# use our config
- rm "${ED%/}"/etc/openldap/slapd.conf
+ rm "${ED}"/etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf
- configfile="${ED%/}"/etc/openldap/slapd.conf
+ configfile="${ED}"/etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
- for x in "${ED%/}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
+ for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do
einfo "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die
done
@@ -776,12 +776,10 @@ multilib_src_install() {
systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf
# If built without SLP, we don't need to be before avahi
- if ! use slp ; then
sed -i \
-e '/before/{s/avahi-daemon//g}' \
- "${ED%/}"/etc/init.d/slapd \
+ "${ED}"/etc/init.d/slapd \
|| die
- fi
if use cxx ; then
einfo "Install the ldapc++ library"
@@ -814,7 +812,7 @@ multilib_src_install() {
for l in */*.la */*/*.la; do
[[ -e ${l} ]] || continue
"${lt}" --mode=install cp ${l} \
- "${ED%/}"/usr/$(get_libdir)/openldap/openldap || \
+ "${ED}"/usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
@@ -871,7 +869,7 @@ pkg_postinst() {
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
- use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.*
+ use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT allow' if you want to use them."
@@ -886,11 +884,11 @@ pkg_postinst() {
fi
# These lines force the permissions of various content to be correct
- use prefix || chown ldap:ldap "${EROOT}"var/run/openldap
- chmod 0755 "${EROOT}"var/run/openldap
- use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default}
- chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default}
- use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data
+ use prefix || chown ldap:ldap "${EROOT}"/var/run/openldap
+ chmod 0755 "${EROOT}"/var/run/openldap || die
+ use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default}
+ chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die
+ use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data
fi
if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then