diff options
Diffstat (limited to 'net-nds/openldap')
| -rw-r--r-- | net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch | 109 | ||||
| -rw-r--r-- | net-nds/openldap/openldap-2.4.49-r2.ebuild (renamed from net-nds/openldap/openldap-2.4.48.ebuild) | 52 |
2 files changed, 25 insertions, 136 deletions
diff --git a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch deleted file mode 100644 index e511746..0000000 --- a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch +++ /dev/null @@ -1,109 +0,0 @@ -If GnuTLS is used, the lmpasswd module for USE=samba does not compile. -Forward-port an old Debian patch that upstream never applied. - -Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> -Signed-off-by: Steffen Hau <steffen@hauihau.de> -X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633 -X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997 -X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 - ---- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700 -+++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700 -@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8]; - typedef PK11Context *des_context[1]; - #define DES_ENCRYPT CKA_ENCRYPT - -+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) -+# include <gcrypt.h> -+static int gcrypt_init = 0; -+ -+typedef const void* des_key; -+typedef unsigned char des_cblock[8]; -+typedef des_cblock des_data_block; -+typedef int des_key_schedule; /* unused */ -+typedef des_key_schedule des_context; /* unused */ -+#define des_failed(encrypted) 0 -+#define des_finish(key, schedule) -+ -+#define des_set_key_unchecked( key, key_sched ) \ -+ gcry_cipher_setkey( hd, key, 8 ) -+ -+#define des_ecb_encrypt( input, output, key_sched, enc ) \ -+ gcry_cipher_encrypt( hd, *output, 8, *input, 8 ) -+ -+#define des_set_odd_parity( key ) do {} while(0) -+ - #endif - - #endif /* SLAPD_LMHASH */ -@@ -651,7 +671,7 @@ static int chk_md5( - - #ifdef SLAPD_LMHASH - --#if defined(HAVE_OPENSSL) -+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H) - - /* - * abstract away setting the parity. -@@ -841,6 +861,19 @@ static int chk_lanman( - des_data_block StdText = "KGS!@#$%"; - des_data_block PasswordHash1, PasswordHash2; - char PasswordHash[33], storedPasswordHash[33]; -+ -+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) -+ gcry_cipher_hd_t hd; -+ -+ if ( !gcrypt_init ) { -+ gcry_check_version( GCRYPT_VERSION ); -+ gcrypt_init = 1; -+ } -+ -+ schedule = schedule; /* unused - avoid warning */ -+ -+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); -+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ - - for( i=0; i<cred->bv_len; i++) { - if(cred->bv_val[i] == '\0') { -@@ -883,6 +916,10 @@ static int chk_lanman( - strncpy( storedPasswordHash, passwd->bv_val, 32 ); - storedPasswordHash[32] = '\0'; - ldap_pvt_str2lower( storedPasswordHash ); -+ -+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) -+ gcry_cipher_close( hd ); -+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ - - return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; - } -@@ -1138,6 +1175,19 @@ static int hash_lanman( - des_data_block PasswordHash1, PasswordHash2; - char PasswordHash[33]; - -+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) -+ gcry_cipher_hd_t hd; -+ -+ if ( !gcrypt_init ) { -+ gcry_check_version( GCRYPT_VERSION ); -+ gcrypt_init = 1; -+ } -+ -+ schedule = schedule; /* unused - avoid warning */ -+ -+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); -+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ -+ - for( i=0; i<passwd->bv_len; i++) { - if(passwd->bv_val[i] == '\0') { - return LUTIL_PASSWD_ERR; /* NUL character in password */ -@@ -1168,6 +1218,10 @@ static int hash_lanman( - - hash->bv_val = PasswordHash; - hash->bv_len = 32; -+ -+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) -+ gcry_cipher_close( hd ); -+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ - - return pw_string( scheme, hash ); - } diff --git a/net-nds/openldap/openldap-2.4.48.ebuild b/net-nds/openldap/openldap-2.4.49-r2.ebuild index 78f2046..8f9fdac 100644 --- a/net-nds/openldap/openldap-2.4.48.ebuild +++ b/net-nds/openldap/openldap-2.4.49-r2.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 -inherit autotools db-use eapi7-ver flag-o-matic multilib multilib-minimal ssl-cert toolchain-funcs user systemd +inherit autotools db-use flag-o-matic multilib-minimal ssl-cert toolchain-funcs user systemd BIS_PN=rfc2307bis.schema BIS_PV=20140524 @@ -18,9 +18,9 @@ SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz LICENSE="OPENLDAP GPL-2" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-linux ~x86-linux ~x86-solaris" -IUSE_DAEMON="crypt samba slp tcpd experimental minimal" +IUSE_DAEMON="crypt samba tcpd experimental minimal" IUSE_BACKEND="+berkdb" IUSE_OVERLAY="overlays perl" IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs test" @@ -28,6 +28,7 @@ IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2" IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" +RESTRICT="!test? ( test )" REQUIRED_USE="cxx? ( sasl ) pbkdf2? ( ssl ) test? ( berkdb ) @@ -42,7 +43,7 @@ BDB_PKGS='' for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done # openssl is needed to generate lanman-passwords required by samba -CDEPEND=" +COMMON_DEPEND=" ssl? ( !gnutls? ( !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) @@ -61,7 +62,6 @@ CDEPEND=" tcpd? ( sys-apps/tcp-wrappers ) odbc? ( !iodbc? ( dev-db/unixODBC ) iodbc? ( dev-db/libiodbc ) ) - slp? ( net-libs/openslp ) perl? ( dev-lang/perl:=[-build(-)] ) samba? ( !libressl? ( dev-libs/openssl:0= ) @@ -83,10 +83,10 @@ CDEPEND=" cxx? ( dev-libs/cyrus-sasl:= ) ) " -DEPEND="${CDEPEND} +DEPEND="${COMMON_DEPEND} sys-apps/groff " -RDEPEND="${CDEPEND} +RDEPEND="${COMMON_DEPEND} selinux? ( sec-policy/selinux-ldap ) " # for tracking versions @@ -456,7 +456,7 @@ multilib_src_configure() { # slapd options myconf+=( $(use_enable crypt) - $(use_enable slp) + --disable-slp $(use_enable samba lmpasswd) $(use_enable syslog) ) @@ -723,7 +723,7 @@ multilib_src_compile() { multilib_src_test() { if multilib_is_native_abi; then cd tests || die - emake tests || die "make tests failed" + emake tests fi } @@ -741,19 +741,19 @@ multilib_src_install() { use prefix || fowners ldap:ldap /var/lib/openldap-data fperms 0700 /var/lib/openldap-data - echo "OLDPF='${PF}'" > "${ED%/}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" - echo "# do NOT delete this. it is used" >> "${ED%/}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" - echo "# to track versions for upgrading." >> "${ED%/}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" + echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" # use our config - rm "${ED%/}"/etc/openldap/slapd.conf + rm "${ED}"/etc/openldap/slapd.conf insinto /etc/openldap newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf - configfile="${ED%/}"/etc/openldap/slapd.conf + configfile="${ED}"/etc/openldap/slapd.conf # populate with built backends ebegin "populate config with built backends" - for x in "${ED%/}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do + for x in "${ED}"/usr/$(get_libdir)/openldap/openldap/back_*.so; do einfo "Adding $(basename ${x})" sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" || die done @@ -776,12 +776,10 @@ multilib_src_install() { systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf # If built without SLP, we don't need to be before avahi - if ! use slp ; then sed -i \ -e '/before/{s/avahi-daemon//g}' \ - "${ED%/}"/etc/init.d/slapd \ + "${ED}"/etc/init.d/slapd \ || die - fi if use cxx ; then einfo "Install the ldapc++ library" @@ -814,7 +812,7 @@ multilib_src_install() { for l in */*.la */*/*.la; do [[ -e ${l} ]] || continue "${lt}" --mode=install cp ${l} \ - "${ED%/}"/usr/$(get_libdir)/openldap/openldap || \ + "${ED}"/usr/$(get_libdir)/openldap/openldap || \ die "installing ${l} failed" done @@ -871,7 +869,7 @@ pkg_postinst() { # and a misconfiguration if multiple machines use the same key and cert. if use ssl; then install_cert /etc/openldap/ssl/ldap - use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* + use prefix || chown ldap:ldap "${EROOT}"/etc/openldap/ssl/ldap.* ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" ewarn "add 'TLS_REQCERT allow' if you want to use them." @@ -886,11 +884,11 @@ pkg_postinst() { fi # These lines force the permissions of various content to be correct - use prefix || chown ldap:ldap "${EROOT}"var/run/openldap - chmod 0755 "${EROOT}"var/run/openldap - use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} - chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} - use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data + use prefix || chown ldap:ldap "${EROOT}"/var/run/openldap + chmod 0755 "${EROOT}"/var/run/openldap || die + use prefix || chown root:ldap "${EROOT}"/etc/openldap/slapd.conf{,.default} + chmod 0640 "${EROOT}"/etc/openldap/slapd.conf{,.default} || die + use prefix || chown ldap:ldap "${EROOT}"/var/lib/openldap-data fi if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then |