[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: be4dd3d866ae5600ef7e788f4bdf38b32fcc0146 Author: Sam James gentoo org> AuthorDate: Sun Jan 2 06:38:39 2022 + Commit: Sam James gentoo org> CommitDate: Sun Jan 2 06:38:39 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be4dd3d8 www-apache/mod_auth_kerb: drop 5.4-r2, 5.4-r3 Closes: https://bugs.gentoo.org/827679 Signed-off-by: Sam James gentoo.org> .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 58 - .../mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild | 60 -- 2 files changed, 118 deletions(-) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild deleted file mode 100644 index a83b2926d126.. --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit apache-module epatch tmpfiles - -DESCRIPTION="An Apache authentication module using Kerberos" -HOMEPAGE="http://modauthkerb.sourceforge.net/; -SRC_URI="mirror://sourceforge/modauthkerb/${P}.tar.gz - https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2; - -LICENSE="BSD openafs-krb5-a HPND" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="" - -DEPEND="virtual/krb5" -RDEPEND="${DEPEND}" - -APACHE2_MOD_CONF="11_${PN}" -APACHE2_MOD_DEFINE="AUTH_KERB" - -DOCFILES="INSTALL README" - -need_apache2 - -PATCHES=( - "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch -) - -src_prepare() { - epatch "${PATCHES[@]}" -} - -src_configure() { - CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 -} - -src_compile() { - emake -} - -src_install() { - apache-module_src_install - dotmpfiles "${FILESDIR}/${PN}.conf" -} - -pkg_postinst() { - tmpfiles_process ${PN}.conf -} diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild deleted file mode 100644 index 0a59d3214ff2.. --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit apache-module depend.apache tmpfiles - -DESCRIPTION="An Apache authentication module using Kerberos" -HOMEPAGE="http://modauthkerb.sourceforge.net/; -SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz - https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2; - -LICENSE="BSD openafs-krb5-a HPND" -SLOT="0" -KEYWORDS="~amd64 ~x86" - -DEPEND="virtual/krb5" -RDEPEND="${DEPEND}" - -APACHE2_MOD_CONF="11_${PN}" -APACHE2_MOD_DEFINE="AUTH_KERB" - -DOCFILES="INSTALL README" - -need_apache2 - -PATCHES=( - "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch - "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch -) - -# Work around Bug #616612 -pkg_setup() { - _init_apache2 - _init_apache2_late -} - -src_configure() { - CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 -} - -src_compile() { - emake -} - -src_install() { - apache-module_src_install - dotmpfiles "${FILESDIR}/${PN}.conf" -} - -pkg_postinst() { - tmpfiles_process ${PN}.conf -}
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: 56b04df98cd8ed80b1ed5c3ef21a6add27347e0c Author: Sam James gentoo org> AuthorDate: Sun Jan 2 00:02:25 2022 + Commit: Sam James gentoo org> CommitDate: Sun Jan 2 00:02:25 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56b04df9 www-apache/mod_auth_kerb: Stabilize 5.4-r5 x86, #830208 Signed-off-by: Sam James gentoo.org> www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild index cc01f53deabe..f06674c34353 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz LICENSE="BSD openafs-krb5-a HPND" SLOT="0" -KEYWORDS="amd64 ~x86" +KEYWORDS="amd64 x86" DEPEND="virtual/krb5" RDEPEND="${DEPEND}"
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: 0023a0ee217fcfe45f666e577b4bc0d99c2ea7a6 Author: Sam James gentoo org> AuthorDate: Sat Jan 1 11:06:03 2022 + Commit: Sam James gentoo org> CommitDate: Sat Jan 1 11:06:03 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0023a0ee www-apache/mod_auth_kerb: Stabilize 5.4-r5 amd64, #830208 Signed-off-by: Sam James gentoo.org> www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild index 59a03c89f542..cc01f53deabe 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz LICENSE="BSD openafs-krb5-a HPND" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="amd64 ~x86" DEPEND="virtual/krb5" RDEPEND="${DEPEND}"
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/files/
commit: e0ba60b7305896a86a5f2021e743e1aae9cd834d Author: Sam James gentoo org> AuthorDate: Wed Dec 29 08:46:34 2021 + Commit: Sam James gentoo org> CommitDate: Wed Dec 29 08:46:43 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0ba60b7 www-apache/mod_auth_kerb: add Debian patch metadata Signed-off-by: Sam James gentoo.org> .../files/mod_auth_kerb-5.4-api-change-krb5.patch | 22 ++ 1 file changed, 22 insertions(+) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch index d0421a0eb6ea..fb402de44a8d 100644 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch @@ -1,5 +1,27 @@ https://sources.debian.org/data/main/liba/libapache-mod-auth-kerb/5.4-2.5/debian/patches/0011-Always-use-NONE-replay-cache-type.patch https://bugs.gentoo.org/830208 + +From: Sam Hartman +Date: Mon, 23 Nov 2020 09:30:22 -0500 +Subject: Always use NONE replay cache type + +It's 2020. Any MIT Kerberos in the wild supports the none replay +cache type. The previous code used an internal function to detect +that replay cache type; that function is no longer available. +Instead, assume it is present. + +An alternative would be to enable the default replay cache. It was +originally disabled because of problems between Microsoft +authenticators and 2004-era MIT Kerberos 1.3. That's probably a good +idea. It probably closes off security attacks, although analyzing the +impact of replays in cases where neither channel binding nor +per-message services are used is difficult. I believe that a replay +cache is not strictly necessary in the common configuration where +mod-auth-kerb is used over a TLS-protected connection where the client +properly verifies the TLS certificate presented by the server prior to +sending a GSS token. + +I have elected not to enable replay cache to affect a minimal change. --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -2061,28 +2061,6 @@
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/files/, www-apache/mod_auth_kerb/
commit: 433bedfe250303e35202bcaacc054a157e409a57 Author: Sam James gentoo org> AuthorDate: Wed Dec 29 08:45:39 2021 + Commit: Sam James gentoo org> CommitDate: Wed Dec 29 08:46:42 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=433bedfe www-apache/mod_auth_kerb: add use-after-free patch Closes: https://bugs.gentoo.org/673066 Signed-off-by: Sam James gentoo.org> .../mod_auth_kerb-5.4-krb5pwd-double-free.patch| 22 ++ ...b-5.4-r4.ebuild => mod_auth_kerb-5.4-r5.ebuild} | 5 - 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-krb5pwd-double-free.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-krb5pwd-double-free.patch new file mode 100644 index ..aa8ced49c103 --- /dev/null +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-krb5pwd-double-free.patch @@ -0,0 +1,22 @@ +https://sources.debian.org/src/libapache-mod-auth-kerb/5.4-2.5/debian/patches/mod_auth_kerb-krb5_kt_close.patch/ +https://bugs.gentoo.org/673066 + +Description: fix use after free in authenticate_user_krb5pwd() +Origin: https://sourceforge.net/p/modauthkerb/bugs/61/attachment/mod_auth_kerb-krb5_kt_close.patch +Bug: https://sourceforge.net/p/modauthkerb/bugs/61/ +Bug-Debian: https://bugs.debian.org/934043 +Author: Johan Ymerson (https://sourceforge.net/u/ymerson/) +--- a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c +@@ -799,11 +799,9 @@ + "failed to verify krb5 credentials: %s", + krb5_get_err_text(context, ret)); + krb5_kt_end_seq_get(context, keytab, ); +- krb5_kt_close(context, keytab); + goto end; +} +krb5_kt_end_seq_get(context, keytab, ); +- krb5_kt_close(context, keytab); + } + else { +if ((ret = verify_krb5_init_creds(r, context, , server, keytab))) { diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild similarity index 93% rename from www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild rename to www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild index c8e1b13352e1..59a03c89f542 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r5.ebuild @@ -37,6 +37,8 @@ PATCHES=( # bug #830208 "${FILESDIR}"/${P}-api-change-krb5.patch + # bug #673066 + "${FILESDIR}"/${P}-krb5pwd-double-free.patch ) # Work around Bug #616612 @@ -55,7 +57,8 @@ src_compile() { src_install() { apache-module_src_install - dotmpfiles "${FILESDIR}/${PN}.conf" + + dotmpfiles "${FILESDIR}"/${PN}.conf } pkg_postinst() {
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: b4c542201cff236f67aac6eaa0ca86863d34df80 Author: Sam James gentoo org> AuthorDate: Wed Dec 29 08:38:06 2021 + Commit: Sam James gentoo org> CommitDate: Wed Dec 29 08:38:06 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4c54220 www-apache/mod_auth_kerb: add Debian patch for krb5 ABI break Was using an internal API. Closes: https://bugs.gentoo.org/830208 Signed-off-by: Sam James gentoo.org> .../files/mod_auth_kerb-5.4-api-change-krb5.patch | 51 ++ .../mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild | 63 ++ 2 files changed, 114 insertions(+) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch new file mode 100644 index ..d0421a0eb6ea --- /dev/null +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch @@ -0,0 +1,51 @@ +https://sources.debian.org/data/main/liba/libapache-mod-auth-kerb/5.4-2.5/debian/patches/0011-Always-use-NONE-replay-cache-type.patch +https://bugs.gentoo.org/830208 +--- a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c +@@ -2061,28 +2061,6 @@ +return ret; + } + +-static int +-have_rcache_type(const char *type) +-{ +- krb5_error_code ret; +- krb5_context context; +- krb5_rcache id = NULL; +- int found; +- +- ret = krb5_init_context(); +- if (ret) +- return 0; +- +- ret = krb5_rc_resolve_full(context, , "none:"); +- found = (ret == 0); +- +- if (ret == 0) +- krb5_rc_destroy(context, id); +- krb5_free_context(context); +- +- return found; +-} +- + /*** + Module Setup/Configuration + ***/ +@@ -2143,7 +2121,7 @@ + #ifndef HEIMDAL +/* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. + 1.3.x are covered by the hack overiding the replay calls */ +- if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) ++ if (getenv("KRB5RCACHETYPE") == NULL) + putenv(strdup("KRB5RCACHETYPE=none")); + #endif + } +@@ -2185,7 +2163,7 @@ + #ifndef HEIMDAL +/* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. + 1.3.x are covered by the hack overiding the replay calls */ +- if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) ++ if (getenv("KRB5RCACHETYPE") == NULL) + putenv(strdup("KRB5RCACHETYPE=none")); + #endif + #ifdef STANDARD20_MODULE_STUFF diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild new file mode 100644 index ..c8e1b13352e1 --- /dev/null +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit apache-module depend.apache tmpfiles + +DESCRIPTION="An Apache authentication module using Kerberos" +HOMEPAGE="http://modauthkerb.sourceforge.net/; +SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz + https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2; + +LICENSE="BSD openafs-krb5-a HPND" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="virtual/krb5" +RDEPEND="${DEPEND}" + +APACHE2_MOD_CONF="11_${PN}" +APACHE2_MOD_DEFINE="AUTH_KERB" + +DOCFILES="INSTALL README" + +need_apache2 + +PATCHES=( + "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch + + # bug #830208 + "${FILESDIR}"/${P}-api-change-krb5.patch +) + +# Work around Bug #616612 +pkg_setup() { + _init_apache2 + _init_apache2_late +} + +src_configure() { + CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 +} + +src_compile() { + emake +} + +src_install() { + apache-module_src_install + dotmpfiles "${FILESDIR}/${PN}.conf" +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf +}
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: a0aa837bf394e2564c7a417e8d4761d783f955bb Author: Marek Szuba gentoo org> AuthorDate: Sat Nov 27 12:24:41 2021 + Commit: Marek Szuba gentoo org> CommitDate: Sat Nov 27 13:04:11 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0aa837b www-apache/mod_auth_kerb: update EAPI 5 -> 7 Signed-off-by: Marek Szuba gentoo.org> .../mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild | 60 ++ 1 file changed, 60 insertions(+) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild new file mode 100644 index ..0a59d3214ff2 --- /dev/null +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r3.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit apache-module depend.apache tmpfiles + +DESCRIPTION="An Apache authentication module using Kerberos" +HOMEPAGE="http://modauthkerb.sourceforge.net/; +SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz + https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2; + +LICENSE="BSD openafs-krb5-a HPND" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="virtual/krb5" +RDEPEND="${DEPEND}" + +APACHE2_MOD_CONF="11_${PN}" +APACHE2_MOD_DEFINE="AUTH_KERB" + +DOCFILES="INSTALL README" + +need_apache2 + +PATCHES=( + "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch +) + +# Work around Bug #616612 +pkg_setup() { + _init_apache2 + _init_apache2_late +} + +src_configure() { + CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 +} + +src_compile() { + emake +} + +src_install() { + apache-module_src_install + dotmpfiles "${FILESDIR}/${PN}.conf" +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf +}
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: 198ce638123cb0b2d45015b1acb3e37d9fb8bec6 Author: Sam James gentoo org> AuthorDate: Fri Jul 30 23:15:04 2021 + Commit: Sam James gentoo org> CommitDate: Fri Jul 30 23:30:19 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=198ce638 www-apache/mod_auth_kerb: [QA] call tmpfiles_process in pkg_postinst This is needed to actually apply the tmpfiles configuration we've installed in the ebuild. See tmpfiles.eclass documentation. Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Sam James gentoo.org> www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 4 1 file changed, 4 insertions(+) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 8b56d40b4d0..a83b2926d12 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -52,3 +52,7 @@ src_install() { apache-module_src_install dotmpfiles "${FILESDIR}/${PN}.conf" } + +pkg_postinst() { + tmpfiles_process ${PN}.conf +}
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: dc6d506d2f82c1f26ac7f2997a73e0315e0092a8 Author: Theo Anderson posteo de> AuthorDate: Sun Mar 7 11:57:55 2021 + Commit: David Seifert gentoo org> CommitDate: Sun Mar 7 11:57:55 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc6d506d www-apache/mod_auth_kerb: migrate to tmpfiles.eclass Closes: https://bugs.gentoo.org/740628 Package-Manager: Portage-3.0.16, Repoman-3.0.2 Signed-off-by: Theo Anderson posteo.de> Signed-off-by: David Seifert gentoo.org> www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 9094681f3d4..40e71cf95be 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 -inherit apache-module eutils systemd +inherit apache-module eutils tmpfiles DESCRIPTION="An Apache authentication module using Kerberos" HOMEPAGE="http://modauthkerb.sourceforge.net/; @@ -50,5 +50,5 @@ src_compile() { src_install() { apache-module_src_install - systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + dotmpfiles "${FILESDIR}/${PN}.conf" }
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: bbc26ed7549d91670a993e6208d98eebdc6c2ade Author: Michał Górny gentoo org> AuthorDate: Sun Oct 15 11:40:11 2017 + Commit: Michał Górny gentoo org> CommitDate: Sun Oct 15 12:35:55 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbc26ed7 www-apache/mod_auth_kerb: Move patches to a dist tarball Closes: https://bugs.gentoo.org/620644 www-apache/mod_auth_kerb/Manifest | 1 + .../files/mod_auth_kerb-5.4-cachedir.patch | 15 - .../files/mod_auth_kerb-5.4-delegation.patch | 68 --- .../files/mod_auth_kerb-5.4-fixes.patch| 40 -- .../files/mod_auth_kerb-5.4-handle-continue.patch | 20 - .../files/mod_auth_kerb-5.4-heimdal.patch | 10 - .../files/mod_auth_kerb-5.4-httpd24.patch | 75 --- .../files/mod_auth_kerb-5.4-longuser.patch | 31 -- .../files/mod_auth_kerb-5.4-rcopshack.patch| 73 --- .../files/mod_auth_kerb-5.4-s4u2proxy.patch| 601 - .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 21 +- 11 files changed, 12 insertions(+), 943 deletions(-) diff --git a/www-apache/mod_auth_kerb/Manifest b/www-apache/mod_auth_kerb/Manifest index 2d942c7502e..772f8adc7b7 100644 --- a/www-apache/mod_auth_kerb/Manifest +++ b/www-apache/mod_auth_kerb/Manifest @@ -1 +1,2 @@ +DIST mod_auth_kerb-5.4-gentoo-patchset.tar.bz2 8717 SHA256 bc0445e337c88906bd254c26726ad3a1e45e613cf2058b402c944209550d9160 SHA512 3909c2677b30790cc17c0d8843feaa00d9acd14a012672443a887c0e88473d6b1572ba045e1491bcab53cbacff193c11cfe15e63ef1046cfcdf1f4ab60e0ac57 WHIRLPOOL 27bcb65e03d5148861a806f0bbb29550e8ab06145281fdf09064328be12a6c2242d46d3e69042be2b2ee6f17198acbdc3ec6c3709ea4341c08e4cc12fe1f4492 DIST mod_auth_kerb-5.4.tar.gz 93033 SHA256 690ddd66c6d941e2fa2dada46588329a6f57d0a3b9b2fd9bf055ebc427558265 SHA512 93fdf0e43af1c24e8c8204d09240b708747068ef99dd8d21b45cb4d132d31e6d582d49ea5e23b905f55cb0d4a20b1ecb58de1bcbfdad1d016e536fc622b63214 WHIRLPOOL 1b92217b7cf66d731a72cf9d58f188002ccadd75fc3d9075290347e6b4f151d3cff147fab73616951cbdb9430e8038adf5c4e204d374886bec3be69ff51c diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch deleted file mode 100644 index ebc435824c4..000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch +++ /dev/null @@ -1,15 +0,0 @@ - -Per https://bugzilla.redhat.com//show_bug.cgi?id=796430 -switch the cache dir to be relative to runtimedir. - mod_auth_kerb-5.4/src/mod_auth_kerb.c.cachedir -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -891,7 +891,7 @@ create_krb5_ccache(krb5_context kcontext -int ret; -krb5_ccache tmp_ccache = NULL; - -- ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir); -+ ccname = apr_pstrdup(r->connection->pool, "FILE:/run/httpd/krbcache/krb5cc_apache_XX"); -fd = mkstemp(ccname + strlen("FILE:")); -if (fd < 0) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch deleted file mode 100644 index a01e9f21e43..000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch +++ /dev/null @@ -1,68 +0,0 @@ - -https://bugzilla.redhat.com/show_bug.cgi?id=688210 - mod_auth_kerb-5.4/src/mod_auth_kerb.c.delegation -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -209,6 +209,7 @@ typedef struct krb5_conn_data { - char *authline; - char *user; - char *mech; -+ char *ccname; - int last_return; - } krb5_conn_data; - -@@ -875,7 +876,7 @@ create_krb5_ccache(krb5_context kcontext -int ret; -krb5_ccache tmp_ccache = NULL; - -- ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir); -+ ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir); -fd = mkstemp(ccname + strlen("FILE:")); -if (fd < 0) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -@@ -905,7 +906,7 @@ create_krb5_ccache(krb5_context kcontext -} - -apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname); -- apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup, -+ apr_pool_cleanup_register(r->connection->pool, ccname, krb5_cache_cleanup, -apr_pool_cleanup_null); - -*ccache = tmp_ccache; -@@ -1866,10 +1868,15 @@ already_succeeded(request_rec *r, char * -if (apr_pool_userdata_get((void**)_data, keyname, r->connection->pool) != 0) - return NULL; - -- if(conn_data) { -- if(strcmp(conn_data->authline, auth_line) == 0) { -- log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request"); -- return conn_data; -+ if(conn_data && conn_data->ccname != NULL) { -+ apr_finfo_t finfo; -+ -+ if (apr_stat(, conn_data->ccname +
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: 021b4128fab449a793151ee229d692b10ec248bf Author: Pacho Ramos gentoo org> AuthorDate: Sun Jun 4 18:30:07 2017 + Commit: Pacho Ramos gentoo org> CommitDate: Sun Jun 4 18:31:59 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=021b4128 www-apache/mod_auth_kerb: Fix building with heimdal (#327445) Package-Manager: Portage-2.3.6, Repoman-2.3.2 www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch | 10 ++ www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch new file mode 100644 index 000..a5d3d4ba62c --- /dev/null +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch @@ -0,0 +1,10 @@ +--- mod_auth_kerb-5.4/src/mod_auth_kerb.c 2010-10-04 16:21:22.169285716 +0200 mod_auth_kerb-5.4.new/src/mod_auth_kerb.c 2010-10-04 16:20:41.584250095 +0200 +@@ -89,6 +89,7 @@ + #include + #ifdef HEIMDAL + # include ++# include + #else + # include + # include diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 1b067a4769a..1d1b560367c 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -32,6 +32,7 @@ PATCHES=( "${FILESDIR}"/${P}-cachedir.patch "${FILESDIR}"/${P}-longuser.patch "${FILESDIR}"/${P}-handle-continue.patch + "${FILESDIR}"/${P}-heimdal.patch ) src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: d429134c9c62729169a429f95704bb3882a96ffc Author: Pacho Ramos gentoo org> AuthorDate: Thu Aug 18 16:55:53 2016 + Commit: Pacho Ramos gentoo org> CommitDate: Thu Aug 18 16:56:42 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d429134c www-apache/mod_auth_kerb: Properly provide and apply Fedora patches (#327445) Package-Manager: portage-2.3.0 .../files/mod_auth_kerb-5.4-s4u2proxy-r3.patch | 603 - .../files/mod_auth_kerb-5.4-s4u2proxy.patch| 46 +- .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 22 +- 3 files changed, 41 insertions(+), 630 deletions(-) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch deleted file mode 100644 index efc183a..000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch +++ /dev/null @@ -1,603 +0,0 @@ - -Add S4U2Proxy feature: - -https://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com_name=modauthkerb-help - -The attached patches add support for using s4u2proxy -(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the -web service to obtain credentials on behalf of the authenticated user. - -The first patch adds basic support for s4u2proxy. This requires the web -administrator to manually create and manage the credentails cache for -the apache user (via a cron job, for example). - -The second patch builds on this and makes mod_auth_kerb manage the -ccache instead. - -These are patches against the current CVS HEAD (mod_auth_krb 5.4). - -I've added a new module option to enable this support, -KrbConstrainedDelegation. The default is off. - mod_auth_kerb-5.4.orig/README 2008-11-26 11:51:05.0 -0500 -+++ mod_auth_kerb-5.4/README 2012-01-04 11:17:22.0 -0500 -@@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be - credential cache that will be available for the request handler. The ticket - file will be removed after request is handled. - -+Constrained Delegation -+-- -+S4U2Proxy, or constrained delegation, enables a service to use a client's -+ticket to itself to request another ticket for delegation. The KDC -+checks krbAllowedToDelegateTo to decide if it will issue a new ticket. -+If KrbConstrainedDelegation is enabled the server will use its own credentials -+to retrieve a delegated ticket for the user. For this to work the user must -+have a forwardable ticket (though the delegation flag need not be set). -+The server needs a valid credentials cache for this to work. -+ -+The module itself will obtain and manage the necessary credentials. -+ - $Id: README,v 1.12 2008/09/17 14:01:55 baalberith Exp $ -diff -up --recursive mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c mod_auth_kerb-5.4/src/mod_auth_kerb.c mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c 2011-12-09 17:55:05.0 -0500 -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c 2012-03-01 14:19:40.0 -0500 -@@ -42,6 +42,31 @@ - * POSSIBILITY OF SUCH DAMAGE. - */ - -+/* -+ * Locking mechanism inspired by mod_rewrite. -+ * -+ * Licensed to the Apache Software Foundation (ASF) under one or more -+ * contributor license agreements. See the NOTICE file distributed with -+ * this work for additional information regarding copyright ownership. -+ * The ASF licenses this file to You under the Apache License, Version 2.0 -+ * (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+/* -+ * S4U2Proxy code -+ * -+ * Copyright (C) 2012 Red Hat -+ */ -+ - #ident "$Id: mod_auth_kerb.c,v 1.150 2008/12/04 10:14:03 baalberith Exp $" - - #include "config.h" -@@ -49,6 +74,7 @@ - #include - #include - #include -+#include - - #define MODAUTHKERB_VERSION "5.4" - -@@ -122,6 +148,12 @@ - module auth_kerb_module; - #endif - -+#ifdef STANDARD20_MODULE_STUFF -+/* s4u2proxy only supported in 2.0+ */ -+static const char *lockname; -+static apr_global_mutex_t *s4u2proxy_lock = NULL; -+#endif -+ - /*** - Macros To Ease Compatibility - ***/ -@@ -156,6 +188,7 @@ - int krb_method_gssapi; - int krb_method_k5pass; - int krb5_do_auth_to_local; -+ int krb5_s4u2proxy; - #endif - #ifdef KRB4 - char *krb_4_srvtab; -@@ -176,6 +209,11 @@ - - static const char* -
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: eeb523e2f8fac7fcaebd8b6c36823a8ab0765888 Author: Pacho Ramos gentoo org> AuthorDate: Thu Aug 18 16:44:20 2016 + Commit: Pacho Ramos gentoo org> CommitDate: Thu Aug 18 16:44:20 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eeb523e2 www-apache/mod_auth_kerb: Drop old Package-Manager: portage-2.3.0 www-apache/mod_auth_kerb/Manifest | 1 - www-apache/mod_auth_kerb/mod_auth_kerb-5.3.ebuild | 29 --- 2 files changed, 30 deletions(-) diff --git a/www-apache/mod_auth_kerb/Manifest b/www-apache/mod_auth_kerb/Manifest index 741f1fd..2d942c7 100644 --- a/www-apache/mod_auth_kerb/Manifest +++ b/www-apache/mod_auth_kerb/Manifest @@ -1,2 +1 @@ -DIST mod_auth_kerb-5.3.tar.gz 73530 SHA256 89cd779a94405521770cbcb169af5af61e7f2aad91c4f4b82efaae35df7595ec SHA512 888c2c16c743a8ef12641cce3877b845afc9d8f035d8ed48252d7b10a5b5e194ffcf9b9c18df18e788d2da53ef42bc3e7315d20dfd41e48a2e195708c43c0e60 WHIRLPOOL 54c24285748f840d04fb545a1bbecc449f272e75ae7cf882d360d2ba7bda0ec79d3663248e5c4f8337f3a624325bd35b049717fa0253627cb65bf3322c48bee4 DIST mod_auth_kerb-5.4.tar.gz 93033 SHA256 690ddd66c6d941e2fa2dada46588329a6f57d0a3b9b2fd9bf055ebc427558265 SHA512 93fdf0e43af1c24e8c8204d09240b708747068ef99dd8d21b45cb4d132d31e6d582d49ea5e23b905f55cb0d4a20b1ecb58de1bcbfdad1d016e536fc622b63214 WHIRLPOOL 1b92217b7cf66d731a72cf9d58f188002ccadd75fc3d9075290347e6b4f151d3cff147fab73616951cbdb9430e8038adf5c4e204d374886bec3be69ff51c diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.3.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.3.ebuild deleted file mode 100644 index 69affa6..000 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.3.ebuild +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -inherit apache-module - -DESCRIPTION="An Apache authentication module using Kerberos" -HOMEPAGE="http://modauthkerb.sourceforge.net/; -SRC_URI="mirror://sourceforge/modauthkerb/${P}.tar.gz" - -LICENSE="BSD openafs-krb5-a HPND" -SLOT="0" -KEYWORDS="~amd64 x86" -IUSE="" - -DEPEND="virtual/krb5" -RDEPEND="${DEPEND}" - -APACHE2_MOD_CONF="11_${PN}" -APACHE2_MOD_DEFINE="AUTH_KERB" - -DOCFILES="INSTALL README" - -need_apache2_2 - -src_compile() { - CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 || die "econf failed" - emake || die "emake failed" -}
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: 902a424c5f75a143c43ca05684d0eb5775fec550 Author: Mikle Kolyada gentoo org> AuthorDate: Tue Oct 6 13:15:47 2015 + Commit: Mikle Kolyada gentoo org> CommitDate: Tue Oct 6 13:15:47 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=902a424c www-apache/mod_auth_kerb: x86 stable wrt bug #532790 Package-Manager: portage-2.2.20.1 www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 66bfc70..1463b5c 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/modauthkerb/${P}.tar.gz" LICENSE="BSD openafs-krb5-a HPND" SLOT="0" -KEYWORDS="amd64 ~x86" +KEYWORDS="amd64 x86" IUSE="" DEPEND="virtual/krb5"
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/
commit: 1752c92421f87449bfb7d3379b824ca7f2df1906 Author: Agostino Sarubbo gentoo org> AuthorDate: Thu Sep 24 12:47:08 2015 + Commit: Agostino Sarubbo gentoo org> CommitDate: Thu Sep 24 12:47:08 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1752c924 www-apache/mod_auth_kerb: amd64 stable wrt bug #532790 Package-Manager: portage-2.2.20.1 RepoMan-Options: --include-arches="amd64" www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 7b3fdf4..66bfc70 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/modauthkerb/${P}.tar.gz" LICENSE="BSD openafs-krb5-a HPND" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="amd64 ~x86" IUSE="" DEPEND="virtual/krb5"