diff options
author | Christian Heim <phreak@gentoo.org> | 2007-01-10 21:48:46 +0000 |
---|---|---|
committer | Christian Heim <phreak@gentoo.org> | 2007-01-10 21:48:46 +0000 |
commit | df3622f5df6bcd8539aebe20d57fe7913f3a5854 (patch) | |
tree | fe756e2155c798d6c74b59516ef1214535b84a31 /net-www/mod_auth_kerb | |
parent | Add missing email address for herd with name != alias. (diff) | |
download | historical-df3622f5df6bcd8539aebe20d57fe7913f3a5854.tar.gz historical-df3622f5df6bcd8539aebe20d57fe7913f3a5854.tar.bz2 historical-df3622f5df6bcd8539aebe20d57fe7913f3a5854.zip |
Revision bump for bug 155782 (CVE-2006-5989), also fixing compilation with gcc4.
Package-Manager: portage-2.1.2_rc4-r6
Diffstat (limited to 'net-www/mod_auth_kerb')
11 files changed, 378 insertions, 8 deletions
diff --git a/net-www/mod_auth_kerb/ChangeLog b/net-www/mod_auth_kerb/ChangeLog index 4e634167674c..7c7afe83a3f2 100644 --- a/net-www/mod_auth_kerb/ChangeLog +++ b/net-www/mod_auth_kerb/ChangeLog @@ -1,6 +1,19 @@ # ChangeLog for net-www/mod_auth_kerb # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_auth_kerb/ChangeLog,v 1.15 2007/01/07 16:29:45 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_auth_kerb/ChangeLog,v 1.16 2007/01/10 21:48:46 phreak Exp $ + +*mod_auth_kerb-5.0_rc7-r1 (10 Jan 2007) +*mod_auth_kerb-5.0_rc6-r1 (10 Jan 2007) + + 10 Jan 2007; Christian Heim <phreak@gentoo.org> + +files/mod_auth_kerb-5.0-CVE-2006-5989.patch, + +files/mod_auth_kerb-5.0-axps1.patch, + +files/mod_auth_kerb-5.0-cache.patch, + +files/mod_auth_kerb-5.0-exports.patch, + +files/mod_auth_kerb-5.0-gcc4.patch, +mod_auth_kerb-5.0_rc6-r1.ebuild, + +mod_auth_kerb-5.0_rc7-r1.ebuild: + Revision bump for bug 155782 (CVE-2006-5989), also fixing compilation with + gcc4. *mod_auth_kerb-5.3 (07 Jan 2007) diff --git a/net-www/mod_auth_kerb/Manifest b/net-www/mod_auth_kerb/Manifest index dcb8515d303b..00511d95da75 100644 --- a/net-www/mod_auth_kerb/Manifest +++ b/net-www/mod_auth_kerb/Manifest @@ -5,13 +5,41 @@ AUX 11_mod_auth_kerb.conf 360 RMD160 927b4d9efe81bbe6af2584d542b747d15891703a SH MD5 20c0b6288def0974624689c3d1cc3a68 files/11_mod_auth_kerb.conf 360 RMD160 927b4d9efe81bbe6af2584d542b747d15891703a files/11_mod_auth_kerb.conf 360 SHA256 e4da65c33b031724778df016c21eab6dd6a191eb63bebdbd4c49c50411466be9 files/11_mod_auth_kerb.conf 360 +AUX mod_auth_kerb-5.0-CVE-2006-5989.patch 559 RMD160 86d4d70c3b9b5b1d0765d930b50f3e79e9260bed SHA1 82ff751a15ce586bcdf111aec7bc6520be1c0428 SHA256 0a2ec61ab9c0724f74408a3f3a255e22264dfbe394fcf6170b3eba744e209f56 +MD5 170086289392ee5e12b223374f9a25ae files/mod_auth_kerb-5.0-CVE-2006-5989.patch 559 +RMD160 86d4d70c3b9b5b1d0765d930b50f3e79e9260bed files/mod_auth_kerb-5.0-CVE-2006-5989.patch 559 +SHA256 0a2ec61ab9c0724f74408a3f3a255e22264dfbe394fcf6170b3eba744e209f56 files/mod_auth_kerb-5.0-CVE-2006-5989.patch 559 +AUX mod_auth_kerb-5.0-axps1.patch 1221 RMD160 d78138c76731b5c171223a9afe642810ae53c881 SHA1 41716821ca51ca05ba36382a24dcb7b1b79e62ac SHA256 8099a65774b994694b96c2b4208f12a76afded08de751850821d24fa359eaa20 +MD5 6d880586081cd4476b03738ae19c69c8 files/mod_auth_kerb-5.0-axps1.patch 1221 +RMD160 d78138c76731b5c171223a9afe642810ae53c881 files/mod_auth_kerb-5.0-axps1.patch 1221 +SHA256 8099a65774b994694b96c2b4208f12a76afded08de751850821d24fa359eaa20 files/mod_auth_kerb-5.0-axps1.patch 1221 +AUX mod_auth_kerb-5.0-cache.patch 3983 RMD160 f786581b6a502594e69c08a3eecf356ac09c1f34 SHA1 924e20a93da1095e6eb103e4e7df1d5fd19f8c0a SHA256 a3b7ce4d0dd182248017440de984db996187cce7083347e32407348e320547a0 +MD5 183d5abb723d11c7b7c95c09fb95f3be files/mod_auth_kerb-5.0-cache.patch 3983 +RMD160 f786581b6a502594e69c08a3eecf356ac09c1f34 files/mod_auth_kerb-5.0-cache.patch 3983 +SHA256 a3b7ce4d0dd182248017440de984db996187cce7083347e32407348e320547a0 files/mod_auth_kerb-5.0-cache.patch 3983 +AUX mod_auth_kerb-5.0-exports.patch 534 RMD160 8ffaffa0258fda749abb3552c4bcbd2eca4ef47c SHA1 b23daa8c5bb7db639b10cbd512b7556567c73485 SHA256 19344bfb976e255f8e151384992611ec60b76680bd507246515cb112a08e3e16 +MD5 c06d57f8d72243191bec0bd7c1d3c9c7 files/mod_auth_kerb-5.0-exports.patch 534 +RMD160 8ffaffa0258fda749abb3552c4bcbd2eca4ef47c files/mod_auth_kerb-5.0-exports.patch 534 +SHA256 19344bfb976e255f8e151384992611ec60b76680bd507246515cb112a08e3e16 files/mod_auth_kerb-5.0-exports.patch 534 +AUX mod_auth_kerb-5.0-gcc4.patch 391 RMD160 08ec1ca63d949a13b6afb96a95886dde68cae63f SHA1 58e96133e4e6a9b12534ede89878b32fa44de815 SHA256 f60a7cc4234ab5fc732323487057f36e2483655db676172867df2b2d845d9186 +MD5 6c5267823db912830883a671ccf7a023 files/mod_auth_kerb-5.0-gcc4.patch 391 +RMD160 08ec1ca63d949a13b6afb96a95886dde68cae63f files/mod_auth_kerb-5.0-gcc4.patch 391 +SHA256 f60a7cc4234ab5fc732323487057f36e2483655db676172867df2b2d845d9186 files/mod_auth_kerb-5.0-gcc4.patch 391 DIST mod_auth_kerb-5.0-rc6.tar.gz 68761 RMD160 a9a277c532e7f72b3a649346e88db7aea1889036 SHA1 b1700b4eca2d50691977849750f5e614c7caa80d SHA256 ae33ab3ae5b419819725091d154add1a1d1a5d6d97e31e9f327f71a0b6370d3e DIST mod_auth_kerb-5.0rc7.tar.gz 72272 RMD160 f336f1c9c4b67a88fd162395ec1299f73c5e89c4 SHA1 5a3e699b86c0f08b09fe44aa2747bfd8a67f5b87 SHA256 8cd4cdcc635ad153c82041d2256b17566bc74618ee79336f432e74b1d5a0930a DIST mod_auth_kerb-5.3.tar.gz 73530 RMD160 c1ba0dc27470ad4b355d795ba51374726ce57f03 SHA1 934e8afbd4e13e208ee0f1cf9e7498d7b6f7acd5 SHA256 89cd779a94405521770cbcb169af5af61e7f2aad91c4f4b82efaae35df7595ec +EBUILD mod_auth_kerb-5.0_rc6-r1.ebuild 1335 RMD160 304f2c71ab500c630e3c08df3938e066c7d13a99 SHA1 1d925fc2dde4eb50713183088924d02381139e1f SHA256 dbebe95389b7d212aa0a26dedfdd9d437798dac8d44a8462d5fa787ecb3e81e8 +MD5 3053b81c949dbde4f088e71454d298b8 mod_auth_kerb-5.0_rc6-r1.ebuild 1335 +RMD160 304f2c71ab500c630e3c08df3938e066c7d13a99 mod_auth_kerb-5.0_rc6-r1.ebuild 1335 +SHA256 dbebe95389b7d212aa0a26dedfdd9d437798dac8d44a8462d5fa787ecb3e81e8 mod_auth_kerb-5.0_rc6-r1.ebuild 1335 EBUILD mod_auth_kerb-5.0_rc6.ebuild 994 RMD160 59884098014995847824de37c745f7b59396c5df SHA1 5411cdeec70c0ca17b953e6881cbde8e5897cc93 SHA256 a46dcfcf816a75f05e19d422a4df210935e5f2aa9fbf41ee51a1625dfee1eb29 MD5 f27c51774dfa20631dfbc8ee83e76267 mod_auth_kerb-5.0_rc6.ebuild 994 RMD160 59884098014995847824de37c745f7b59396c5df mod_auth_kerb-5.0_rc6.ebuild 994 SHA256 a46dcfcf816a75f05e19d422a4df210935e5f2aa9fbf41ee51a1625dfee1eb29 mod_auth_kerb-5.0_rc6.ebuild 994 +EBUILD mod_auth_kerb-5.0_rc7-r1.ebuild 1334 RMD160 f43683d4f3c0425c4f95c097951f04bd75b939ef SHA1 e6c5a3580fbca061d587f74791c85cf87b40c31c SHA256 ed73f817469f141bfa5faed96a6ee4617205857035468db0e4d2b38091fee269 +MD5 02cbccb1e0a4f2c7a3c205dfc6ec4fba mod_auth_kerb-5.0_rc7-r1.ebuild 1334 +RMD160 f43683d4f3c0425c4f95c097951f04bd75b939ef mod_auth_kerb-5.0_rc7-r1.ebuild 1334 +SHA256 ed73f817469f141bfa5faed96a6ee4617205857035468db0e4d2b38091fee269 mod_auth_kerb-5.0_rc7-r1.ebuild 1334 EBUILD mod_auth_kerb-5.0_rc7.ebuild 994 RMD160 e3eac2c0d1c0a104572656e8a526fa8b0a94f64d SHA1 6cb92235ea481a3afc0ff3fa0de6b55bcced47d2 SHA256 e8941b81333972497934727dba7de00f49f391261713ed29a633a5cd31a6ffe1 MD5 5a22278bd688624404ea66a059b8d0c9 mod_auth_kerb-5.0_rc7.ebuild 994 RMD160 e3eac2c0d1c0a104572656e8a526fa8b0a94f64d mod_auth_kerb-5.0_rc7.ebuild 994 @@ -20,10 +48,10 @@ EBUILD mod_auth_kerb-5.3.ebuild 990 RMD160 bbda8b2899044236f1998883e30de1a8321bb MD5 b9ded4dd06eec4a770f372c014a05fa8 mod_auth_kerb-5.3.ebuild 990 RMD160 bbda8b2899044236f1998883e30de1a8321bbcc6 mod_auth_kerb-5.3.ebuild 990 SHA256 8099dac3a3b101658b80680d09cdcdc3c719f1800dec320fe104ae93951ff42b mod_auth_kerb-5.3.ebuild 990 -MISC ChangeLog 2186 RMD160 fb54804f86b4bb0977baae89c14e1eb298f1a8fb SHA1 359d00408c60bf73b77894e269b6ac434fd82c74 SHA256 6b314132fb208cf489585aa0c523e0ca6c9d24e63d94936ce14e39b547f151ac -MD5 3847b660860a21be2b449e72f521b42d ChangeLog 2186 -RMD160 fb54804f86b4bb0977baae89c14e1eb298f1a8fb ChangeLog 2186 -SHA256 6b314132fb208cf489585aa0c523e0ca6c9d24e63d94936ce14e39b547f151ac ChangeLog 2186 +MISC ChangeLog 2682 RMD160 5e6156449823cd8d0ffec46c4ed944322b20d84c SHA1 d75c372c68ca9de9422c0858dfe6cfb2ab753447 SHA256 67eeb0fab907104640423d13994aa17f6ed1be2f5bb232efbf9054e00301e86f +MD5 b900147cd4e983b9fe4650005561b173 ChangeLog 2682 +RMD160 5e6156449823cd8d0ffec46c4ed944322b20d84c ChangeLog 2682 +SHA256 67eeb0fab907104640423d13994aa17f6ed1be2f5bb232efbf9054e00301e86f ChangeLog 2682 MISC metadata.xml 231 RMD160 a4a252abe4fb2922d19ccc4952d0128c3ccefbce SHA1 66b21c56c3a98e5a4b489dc000ff1d5956ab63d0 SHA256 79cc89f7b494dc5097d6dc5fedeb567e0dbc13e2adfcbe3f80082ad4625b38b3 MD5 94cc9443fa6aead0b11dda55a10e117e metadata.xml 231 RMD160 a4a252abe4fb2922d19ccc4952d0128c3ccefbce metadata.xml 231 @@ -31,16 +59,22 @@ SHA256 79cc89f7b494dc5097d6dc5fedeb567e0dbc13e2adfcbe3f80082ad4625b38b3 metadata MD5 60f00513746bd78dbbc905dd2d53e152 files/digest-mod_auth_kerb-5.0_rc6 262 RMD160 fa455b7e746ac6bf818fd367d02082f3dbc66309 files/digest-mod_auth_kerb-5.0_rc6 262 SHA256 b6392e5b1608dfcfb0632eaec96f533227c874ea1116a3ef4ed930bbc2aad86a files/digest-mod_auth_kerb-5.0_rc6 262 +MD5 60f00513746bd78dbbc905dd2d53e152 files/digest-mod_auth_kerb-5.0_rc6-r1 262 +RMD160 fa455b7e746ac6bf818fd367d02082f3dbc66309 files/digest-mod_auth_kerb-5.0_rc6-r1 262 +SHA256 b6392e5b1608dfcfb0632eaec96f533227c874ea1116a3ef4ed930bbc2aad86a files/digest-mod_auth_kerb-5.0_rc6-r1 262 MD5 fc55498aaa35d757cea367eba2c831be files/digest-mod_auth_kerb-5.0_rc7 259 RMD160 0f4f3f0812f45c3e16393cb17873f7d9cbb38eb2 files/digest-mod_auth_kerb-5.0_rc7 259 SHA256 cfeffa27bace1ffa987700b0c868278af65e71c6b8265639e4ada382eeadf0b9 files/digest-mod_auth_kerb-5.0_rc7 259 +MD5 fc55498aaa35d757cea367eba2c831be files/digest-mod_auth_kerb-5.0_rc7-r1 259 +RMD160 0f4f3f0812f45c3e16393cb17873f7d9cbb38eb2 files/digest-mod_auth_kerb-5.0_rc7-r1 259 +SHA256 cfeffa27bace1ffa987700b0c868278af65e71c6b8265639e4ada382eeadf0b9 files/digest-mod_auth_kerb-5.0_rc7-r1 259 MD5 5b0e8742c4eb761068186e43d74621ac files/digest-mod_auth_kerb-5.3 250 RMD160 cce8f5bf396131c0edd35c9427da5d0e5322933c files/digest-mod_auth_kerb-5.3 250 SHA256 7a09875fc28474a3531327dad26f07afc4ed8ad73b27b6600583c046d3a618bc files/digest-mod_auth_kerb-5.3 250 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (GNU/Linux) -iD8DBQFFoR+sugEuf3OQ0akRAui0AJwIDZPLJJuE7sWo+t2KVST0/FiZTQCgkjkG -FN6q4uJc0/uoE60P8CvjPNw= -=v/7B +iD4DBQFFpV8LyuNVb5qfaOYRApATAJUb/7/EMIe68IhO77t8MaJAmki8AJsHUi7W +Opzf/8ZxxJwpXyhMbQMRbQ== +=NLP2 -----END PGP SIGNATURE----- diff --git a/net-www/mod_auth_kerb/files/digest-mod_auth_kerb-5.0_rc6-r1 b/net-www/mod_auth_kerb/files/digest-mod_auth_kerb-5.0_rc6-r1 new file mode 100644 index 000000000000..f2c5c3caa645 --- /dev/null +++ b/net-www/mod_auth_kerb/files/digest-mod_auth_kerb-5.0_rc6-r1 @@ -0,0 +1,3 @@ +MD5 274edfb950af20ce6ef0ddcb7c20263a mod_auth_kerb-5.0-rc6.tar.gz 68761 +RMD160 a9a277c532e7f72b3a649346e88db7aea1889036 mod_auth_kerb-5.0-rc6.tar.gz 68761 +SHA256 ae33ab3ae5b419819725091d154add1a1d1a5d6d97e31e9f327f71a0b6370d3e mod_auth_kerb-5.0-rc6.tar.gz 68761 diff --git a/net-www/mod_auth_kerb/files/digest-mod_auth_kerb-5.0_rc7-r1 b/net-www/mod_auth_kerb/files/digest-mod_auth_kerb-5.0_rc7-r1 new file mode 100644 index 000000000000..6b594c76c730 --- /dev/null +++ b/net-www/mod_auth_kerb/files/digest-mod_auth_kerb-5.0_rc7-r1 @@ -0,0 +1,3 @@ +MD5 139b63c98333682e611515b225b5222d mod_auth_kerb-5.0rc7.tar.gz 72272 +RMD160 f336f1c9c4b67a88fd162395ec1299f73c5e89c4 mod_auth_kerb-5.0rc7.tar.gz 72272 +SHA256 8cd4cdcc635ad153c82041d2256b17566bc74618ee79336f432e74b1d5a0930a mod_auth_kerb-5.0rc7.tar.gz 72272 diff --git a/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-CVE-2006-5989.patch b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-CVE-2006-5989.patch new file mode 100644 index 000000000000..db64f8831f23 --- /dev/null +++ b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-CVE-2006-5989.patch @@ -0,0 +1,13 @@ +Index: mod_auth_kerb-5.0-rc6/spnegokrb5/der_get.c +=================================================================== +--- mod_auth_kerb-5.0-rc6.orig/spnegokrb5/der_get.c ++++ mod_auth_kerb-5.0-rc6/spnegokrb5/der_get.c +@@ -151,7 +151,7 @@ der_get_oid (const unsigned char *p, siz + if (len < 1) + return ASN1_OVERRUN; + +- data->components = malloc(len * sizeof(*data->components)); ++ data->components = malloc((len + 1) * sizeof(*data->components)); + if (data->components == NULL && len != 0) + return ENOMEM; + data->components[0] = (*p) / 40; diff --git a/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-axps1.patch b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-axps1.patch new file mode 100644 index 000000000000..8b40aa7ddee1 --- /dev/null +++ b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-axps1.patch @@ -0,0 +1,38 @@ +Index: mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c +=================================================================== +--- mod_auth_kerb-5.0-rc6.orig/src/mod_auth_kerb.c ++++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c +@@ -56,7 +56,7 @@ + #include <http_request.h> + + #ifdef STANDARD20_MODULE_STUFF +-#include <ap_compat.h> ++#include <ap_mmn.h> + #include <apr_strings.h> + #include <apr_base64.h> + #endif +@@ -105,6 +105,24 @@ module auth_kerb_module; + #define MK_TABLE_GET apr_table_get + #define MK_USER r->user + #define MK_AUTH_TYPE r->ap_auth_type ++ ++#if AP_MODULE_MAGIC_AT_LEAST(20051115, 0) ++/* APR 1.x compatibility */ ++#define ap_pstrdup apr_pstrdup ++#define ap_psprintf apr_psprintf ++#define ap_pcalloc apr_pcalloc ++#define ap_table_setn apr_table_setn ++#define ap_register_cleanup apr_pool_cleanup_register ++#define APR_XtOffsetOf APR_OFFSETOF ++#define ap_pstrcat apr_pstrcat ++#define ap_null_cleanup apr_pool_cleanup_null ++#define ap_base64decode apr_base64_decode ++#define ap_base64decode_len apr_base64_decode_len ++#define ap_base64encode apr_base64_encode ++#define ap_base64encode_len apr_base64_encode_len ++#define ap_table_add apr_table_add ++#endif ++ + #else + #define MK_POOL pool + #define MK_TABLE_GET ap_table_get diff --git a/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-cache.patch b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-cache.patch new file mode 100644 index 000000000000..d3260c925bbf --- /dev/null +++ b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-cache.patch @@ -0,0 +1,128 @@ +Index: mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c +=================================================================== +--- mod_auth_kerb-5.0-rc6.orig/src/mod_auth_kerb.c ++++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c +@@ -61,6 +61,8 @@ + #include <apr_base64.h> + #endif + ++#include <unistd.h> ++ + #ifdef KRB5 + #include <krb5.h> + #ifdef HEIMDAL +@@ -137,7 +139,7 @@ set_kerb_auth_headers(request_rec *r, co + int use_krb4, int use_krb5pwd, char *negotiate_ret_value); + + static const char* +-krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg); ++krb5_save_realms(cmd_parms *cmd, void *config, const char *arg); + + #ifdef STANDARD20_MODULE_STUFF + #define command(name, func, var, type, usage) \ +@@ -247,8 +249,9 @@ static void *kerb_dir_create_config(MK_P + } + + static const char* +-krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg) ++krb5_save_realms(cmd_parms *cmd, void *config, const char *arg) + { ++ kerb_auth_config *sec = config; + sec->krb_auth_realms= ap_pstrdup(cmd->pool, arg); + return NULL; + } +@@ -1086,6 +1089,8 @@ cmp_gss_type(gss_buffer_t token, gss_OID + return memcmp(p, oid->elements, oid->length); + } + ++#define NAMEKEY "mod_auth_kerb:client_name" ++ + static int + authenticate_user_gss(request_rec *r, kerb_auth_config *conf, + const char *auth_line, char **negotiate_ret_value) +@@ -1224,7 +1229,16 @@ authenticate_user_gss(request_rec *r, ke + } + + MK_AUTH_TYPE = "Negotiate"; +- MK_USER = ap_pstrdup(r->pool, output_token.value); ++ MK_USER = ap_pstrdup(r->connection->pool, output_token.value); ++ ++#ifndef APXS1 ++ { ++ apr_status_t rv; ++ rv = apr_pool_userdata_set(r->user, NAMEKEY, NULL, r->connection->pool); ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, ++ "set cached name %s for connection", r->user); ++ } ++#endif + + if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) + store_gss_creds(r, conf, (char *)output_token.value, delegated_cred); +@@ -1256,17 +1270,6 @@ end: + } + #endif /* KRB5 */ + +-static int +-already_succeeded(request_rec *r) +-{ +- if (ap_is_initial_req(r) || MK_AUTH_TYPE == NULL) +- return 0; +- if (strcmp(MK_AUTH_TYPE, "Negotiate") || +- (strcmp(MK_AUTH_TYPE, "Basic") && strchr(MK_USER, '@'))) +- return 1; +- return 0; +-} +- + static void + set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf, + int use_krb4, int use_krb5pwd, char *negotiate_ret_value) +@@ -1313,7 +1316,6 @@ int kerb_authenticate_user(request_rec * + const char *type = NULL; + int use_krb5 = 0, use_krb4 = 0; + int ret; +- static int last_return = HTTP_UNAUTHORIZED; + char *negotiate_ret_value = NULL; + + /* get the type specified in .htaccess */ +@@ -1332,6 +1334,23 @@ int kerb_authenticate_user(request_rec * + else + return DECLINED; + ++#ifndef APXS1 ++ if (use_krb5 && conf->krb_method_gssapi) { ++ void *data = NULL; ++ const char *name; ++ ++ if (apr_pool_userdata_get(&data, NAMEKEY, r->connection->pool) == APR_SUCCESS ++ && data != NULL) { ++ name = data; ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "using cached name %s", name); ++ r->user = ap_pstrdup(r->pool, name); ++ r->ap_auth_type = "Negotiate"; ++ return OK; ++ } ++ } ++#endif ++ + /* get what the user sent us in the HTTP header */ + auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY) + ? "Proxy-Authorization" +@@ -1354,9 +1373,6 @@ int kerb_authenticate_user(request_rec * + (strcasecmp(auth_type, "Basic") == 0)) + return DECLINED; + +- if (already_succeeded(r)) +- return last_return; +- + ret = HTTP_UNAUTHORIZED; + + #ifdef KRB5 +@@ -1380,7 +1396,6 @@ int kerb_authenticate_user(request_rec * + + /* XXX log_debug: if ret==OK, log(user XY authenticated) */ + +- last_return = ret; + return ret; + } + diff --git a/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-exports.patch b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-exports.patch new file mode 100644 index 000000000000..3df03c9e698a --- /dev/null +++ b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-exports.patch @@ -0,0 +1,13 @@ +Index: mod_auth_kerb-5.0-rc6/Makefile.in +=================================================================== +--- mod_auth_kerb-5.0-rc6.orig/Makefile.in ++++ mod_auth_kerb-5.0-rc6/Makefile.in +@@ -7,7 +7,7 @@ LIB_resolv = @LIB_resolv@ + SPNEGO_SRCS = @SPNEGO_SRCS@ + + CPPFLAGS = -I. -Ispnegokrb5 $(KRB5_CPPFLAGS) $(KRB4_CPPFLAGS) $(DEFS) +-LDFLAGS = $(KRB5_LDFLAGS) $(KRB4_LDFLAGS) $(LIB_resolv) ++LDFLAGS = $(KRB5_LDFLAGS) $(KRB4_LDFLAGS) $(LIB_resolv) -Wl,-export-symbols-regex -Wl,auth_kerb_module + CFLAGS = + + all: src/mod_auth_kerb.so diff --git a/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-gcc4.patch b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-gcc4.patch new file mode 100644 index 000000000000..8d563739e0a7 --- /dev/null +++ b/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-gcc4.patch @@ -0,0 +1,13 @@ +Index: mod_auth_kerb-5.0-rc6/spnegokrb5/spnego_asn1.h +=================================================================== +--- mod_auth_kerb-5.0-rc6.orig/spnegokrb5/spnego_asn1.h ++++ mod_auth_kerb-5.0-rc6/spnegokrb5/spnego_asn1.h +@@ -7,6 +7,8 @@ + #include <stddef.h> + #include <time.h> + ++#include "parse_units.h" ++ + #ifndef __asn1_common_definitions__ + #define __asn1_common_definitions__ + diff --git a/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc6-r1.ebuild b/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc6-r1.ebuild new file mode 100644 index 000000000000..c18b45c597f3 --- /dev/null +++ b/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc6-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc6-r1.ebuild,v 1.1 2007/01/10 21:48:46 phreak Exp $ + +MY_PV="${PV/_rc/-rc}" + +inherit eutils apache-module autotools + +WANT_AUTOMAKE="1.9" +WANT_AUTOCONF="2.6" + +DESCRIPTION="An Apache2 authentication DSO using Kerberos." +HOMEPAGE="http://modauthkerb.sourceforge.net/" +SRC_URI="mirror://sourceforge/modauthkerb/${PN}-${MY_PV}.tar.gz" + +LICENSE="as-is" +KEYWORDS="~x86" +IUSE="apache2" +SLOT="0" + +DEPEND="virtual/krb5" +RDEPEND="" + +APACHE1_MOD_CONF="11_${PN}" +APACHE1_MOD_DEFINE="AUTH_KERB" + +APACHE2_MOD_CONF="11_${PN}" +APACHE2_MOD_DEFINE="AUTH_KERB" + +DOCFILES="INSTALL README" + +need_apache + +S="${WORKDIR}/${PN}-${MY_PV}" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${PN}-5.0-CVE-2006-5989.patch" + epatch "${FILESDIR}/${PN}-5.0-axps1.patch" + epatch "${FILESDIR}/${PN}-5.0-gcc4.patch" + epatch "${FILESDIR}/${PN}-5.0-exports.patch" + epatch "${FILESDIR}/${PN}-5.0-cache.patch" + + eautoreconf +} + +src_compile() { + if use apache2 ; then + CFLAGS="" APXS="${APXS2}" econf --with-krb5=/usr --without-krb4 || die "econf failed" + else + CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 || die "econf failed" + fi + emake || die "make failed" +} diff --git a/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc7-r1.ebuild b/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc7-r1.ebuild new file mode 100644 index 000000000000..ee402a9267d5 --- /dev/null +++ b/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc7-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_auth_kerb/mod_auth_kerb-5.0_rc7-r1.ebuild,v 1.1 2007/01/10 21:48:46 phreak Exp $ + +MY_PV="${PV/_rc/rc}" + +inherit eutils apache-module autotools + +WANT_AUTOMAKE="1.9" +WANT_AUTOCONF="2.6" + +DESCRIPTION="An Apache2 authentication DSO using Kerberos." +HOMEPAGE="http://modauthkerb.sourceforge.net/" +SRC_URI="mirror://sourceforge/modauthkerb/${PN}-${MY_PV}.tar.gz" + +LICENSE="as-is" +KEYWORDS="~x86" +IUSE="apache2" +SLOT="0" + +DEPEND="virtual/krb5" +RDEPEND="" + +APACHE1_MOD_CONF="11_${PN}" +APACHE1_MOD_DEFINE="AUTH_KERB" + +APACHE2_MOD_CONF="11_${PN}" +APACHE2_MOD_DEFINE="AUTH_KERB" + +DOCFILES="INSTALL README" + +need_apache + +S="${WORKDIR}/${PN}-${MY_PV}" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${PN}-5.0-CVE-2006-5989.patch" + epatch "${FILESDIR}/${PN}-5.0-axps1.patch" + epatch "${FILESDIR}/${PN}-5.0-gcc4.patch" + epatch "${FILESDIR}/${PN}-5.0-exports.patch" + epatch "${FILESDIR}/${PN}-5.0-cache.patch" + + eautoreconf +} + +src_compile() { + if use apache2 ; then + CFLAGS="" APXS="${APXS2}" econf --with-krb5=/usr --without-krb4 || die "econf failed" + else + CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 || die "econf failed" + fi + emake || die "make failed" +} |