blob: 4ed4ef76bdb982210d36e7019914d427de0683ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/bin/sh
MAKEDEPS="make "
DEPS="musl e2fsprogs libldap keyutils gdbm"
PKG_VER=1.19.2
SOURCE=http://kerberos.org/dist/krb5/${PKG_VER%.*}/krb5-${PKG_VER}.tar.gz
ADDITIONAL="
https://www.linuxfromscratch.org/patches/blfs/svn/mitkrb-${PKG_VER}-openssl3_fixes-1.patch
"
DESC="The Kerberos network authentication system"
prepare () {
# fix denial of service vulnerability
sed -i '210a if (sprinc == NULL) {\
status = "NULL_SERVER";\
errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;\
goto cleanup;\
}' src/kdc/do_tgs_req.c
cd src &&
#these were needed for libressl
#patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
#patch -Np0 -i ../patch-plugins_preauth_pkinit_pkinit__crypto__openssl.h
patch -Np2 -i ../mitkrb-$PKG_VER-openssl3_fixes-1.patch
sed -e "/LDFLAGS=/d" -i build-tools/krb5-config.in
sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp || true
sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test || true
sed -i '/t_iprop.py/d' tests/Makefile.in || true
}
build () {
# would be ideal to use openssl rather than builtin library
autoreconf
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var/lib \
--runstatedir=/run \
--with-system-et \
--with-system-ss \
--with-system-verto=no \
--with-crypto-impl=builtin \
--enable-dns-for-realm &&
make
}
package () {
make DESTDIR=$PKG_DEST install
install -dm755 $PKG_DEST/usr/share/doc/krb5-$PKG_VER &&
cp -fr ../doc/* $PKG_DEST/usr/share/doc/krb5-$PKG_VER
}
|