Add patch for security problem in bug #96767.

(Portage version: 2.0.51.22-r1)
author: Robin H. Johnson <robbat2@gentoo.org> 2005-07-06 23:45:20 +0000
committer: Robin H. Johnson <robbat2@gentoo.org> 2005-07-06 23:45:20 +0000
commit: 056503e7e2a72bea12baba58732da858a48f7e71 (patch)
tree: d8cafd5627fda6f1e257e9318f964930a887799f /sys-auth
parent: Marked ~amd64. (diff)
download: gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.tar.gz
gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.tar.bz2
gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.zip
7 files changed, 172 insertions, 1 deletions
diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog
index 282281ca333a..5446356aac69 100644
--- a/sys-auth/nss_ldap/ChangeLog
+++ b/sys-auth/nss_ldap/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-auth/nss_ldap
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.2 2005/07/02 23:44:22 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.3 2005/07/06 23:45:20 robbat2 Exp $
+
+*nss_ldap-239-r1 (06 Jul 2005)
+*nss_ldap-226-r1 (06 Jul 2005)
+
+  06 Jul 2005; Robin H. Johnson <robbat2@gentoo.org>
+  +files/nss_ldap-239-tls-security-bug.patch, +nss_ldap-226-r1.ebuild,
+  +nss_ldap-239-r1.ebuild:
+  Add patch for security problem in bug #96767.
 
 *nss_ldap-239 (02 Jul 2005)
 
diff --git a/sys-auth/nss_ldap/Manifest b/sys-auth/nss_ldap/Manifest
index 5a095c8f410a..b62fbebf75e1 100644
--- a/sys-auth/nss_ldap/Manifest
+++ b/sys-auth/nss_ldap/Manifest
@@ -5,6 +5,7 @@ MD5 18518c2e3dd5a043a1ca052a2d0bee3b nss_ldap-207-r1.ebuild 986
 MD5 974d7abe6772fa6246b7a3082cb33cfe nss_ldap-215.ebuild 1303
 MD5 c0754505ff6a26ef50a332da9d807e87 nss_ldap-210.ebuild 1444
 MD5 9b63a0c29f8a6fe291d120b4918f6438 nss_ldap-226.ebuild 1277
+MD5 3836daac1d646afc6cb1388a5959f29b nss_ldap-226-r1.ebuild 1335
 MD5 5c58ca9482b42b82c7bfe7b4e009698b nss_ldap-239.ebuild 1273
 MD5 e1bddbfa5c678467d44c7b523b3a04d1 nss_ldap-234.ebuild 1282
 MD5 874a6850a3d761baf871bd22c7079c30 nss_ldap-220.ebuild 1574
@@ -14,10 +15,13 @@ MD5 9eb6230d204098fe102143fc52733514 nss_ldap-207.ebuild 1046
 MD5 2facb9b8b2db2a53cdcb1ffca8254a4a nss_ldap-202.ebuild 1006
 MD5 9a6cf19fbd33af5a9d7c1b4dfa32185c ChangeLog 7231
 MD5 5ba8c9c9be079ebcbc93c08f838665bd metadata.xml 255
+MD5 b3877d8d379e6f2f2b23da06b747bf41 nss_ldap-239-r1.ebuild 1326
 MD5 2af7b597298bb9269f739cbb8a25224d files/nss_ldap-220-db4.2-patch.diff 1707
 MD5 a2d9a9c16028097d3f2ade6550440711 files/digest-nss_ldap-174-r2 64
 MD5 8d358c3dda5ce728c6fd5f8f4bc448d2 files/digest-nss_ldap-207-r1 64
 MD5 b2dc517b69cad6d24fce3d19a7879dcf files/digest-nss_ldap-215-r1 64
+MD5 94ff5d327f98e3aceb7fa140493e8dd5 files/digest-nss_ldap-226-r1 64
+MD5 2c0782010f3906c38562b1d459f16bea files/digest-nss_ldap-239-r1 64
 MD5 d8021fe04d76482091c816f28edad140 files/digest-nss_ldap-202 64
 MD5 8d358c3dda5ce728c6fd5f8f4bc448d2 files/digest-nss_ldap-207 64
 MD5 c1919ec630e0278d0e09787a14d497a9 files/digest-nss_ldap-210 64
@@ -29,6 +33,7 @@ MD5 3c0eac03246d1f38124da6c86821ce4c files/digest-nss_ldap-233 64
 MD5 7d2b7694b9c68b4538679a6973c23d49 files/digest-nss_ldap-234 64
 MD5 f4606a6bf13f616f9fda25ac76493653 files/digest-nss_ldap-238 64
 MD5 2c0782010f3906c38562b1d459f16bea files/digest-nss_ldap-239 64
+MD5 a85a2ad9e438c3ac6f0fb7087621ed35 files/nss_ldap-239-tls-security-bug.patch 1022
 MD5 a4302c4120b75a23e43cc824423169c8 files/db4_1.85.diff 1569
 MD5 1923bbb463805e6cad70e98e567297f5 files/nss_ldap-238-whitespace-fix.diff 2043
 MD5 1fe060c70b1c673346b696dbe194260a files/nsswitch.ldap.diff 575
diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-226-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-226-r1
new file mode 100644
index 000000000000..9fca9879a7ff
--- /dev/null
+++ b/sys-auth/nss_ldap/files/digest-nss_ldap-226-r1
@@ -0,0 +1 @@
+MD5 b741a705c112b8c51f6b32abe2540a5d nss_ldap-226.tar.gz 212923
diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-239-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-239-r1
new file mode 100644
index 000000000000..10acc3790dd7
--- /dev/null
+++ b/sys-auth/nss_ldap/files/digest-nss_ldap-239-r1
@@ -0,0 +1 @@
+MD5 e30e3a3035e75933cd1a0acdeded1394 nss_ldap-239.tar.gz 222276
diff --git a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
new file mode 100644
index 000000000000..1dbd8dc889a1
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
@@ -0,0 +1,42 @@
+--- ldap-nss.c	2004-09-28 03:20:11.000000000 +0100
++++ ldap-nss.c.new	2005-07-04 01:32:12.000000000 +0100
+@@ -330,6 +330,39 @@
+ 
+   timelimit = __session.ls_config->ldc_bind_timelimit;
+ 
++#ifdef HAVE_LDAP_START_TLS_S
++  if (__session.ls_config->ldc_ssl_on == SSL_START_TLS)
++    {
++      int version;
++
++      if (ldap_get_option
++	  (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++	   &version) == LDAP_OPT_SUCCESS)
++	{
++	  if (version < LDAP_VERSION3)
++	    {
++	      version = LDAP_VERSION3;
++	      ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++			       &version);
++	    }
++	}
++
++      debug ("==> start_tls");
++      if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS)
++	{
++	  debug ("TLS startup succeeded");
++	}
++      else
++	{
++	  debug ("TLS startup failed");
++	  do_close ();
++	  debug ("<== do_open");
++	  return NSS_UNAVAIL;
++	}
++      debug ("<== start_tls");
++    }
++#endif /* HAVE_LDAP_START_TLS_S */
++
+   return do_bind (ld, timelimit, who, cred, with_sasl);
+ }
+ #else
diff --git a/sys-auth/nss_ldap/nss_ldap-226-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-226-r1.ebuild
new file mode 100644
index 000000000000..f8c4740d7e37
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-226-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-226-r1.ebuild,v 1.1 2005/07/06 23:45:20 robbat2 Exp $
+
+inherit fixheadtails eutils gnuconfig
+
+IUSE="debug"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~x86 ~sparc ~amd64 ~ppc ~hppa ~alpha ~ppc64"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/nsswitch.ldap.diff
+	epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch
+	# fix head/tail stuff
+	ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp
+	# update config.{guess,sub}
+	gnuconfig_update
+}
+
+src_compile() {
+	local myconf=""
+	use debug && myconf="${myconf} --enable-debugging"
+
+	econf \
+		--with-ldap-lib=openldap \
+		--libdir=/lib \
+		--enable-schema-mapping \
+		--enable-paged-results \
+		--enable-rfc2307bis \
+		${myconf} || die "configure failed"
+
+	emake || die "make failed"
+}
+
+src_install() {
+	dodir /lib
+
+	make DESTDIR=${D} install || die "make install failed"
+
+	insinto /etc
+	doins ldap.conf
+
+	dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+		COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+	docinto docs; dodoc doc/*
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-239-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-239-r1.ebuild
new file mode 100644
index 000000000000..5c3f5a2c8c01
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-239-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-239-r1.ebuild,v 1.1 2005/07/06 23:45:20 robbat2 Exp $
+
+inherit fixheadtails eutils gnuconfig
+
+IUSE="debug"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~x86 ~sparc ~amd64 ~ppc ~hppa ~alpha"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/nsswitch.ldap.diff
+	epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch
+	# fix head/tail stuff
+	ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp
+	# update config.{guess,sub}
+	gnuconfig_update
+}
+
+src_compile() {
+	local myconf=""
+	use debug && myconf="${myconf} --enable-debugging"
+
+	econf \
+		--with-ldap-lib=openldap \
+		--libdir=/lib \
+		--enable-schema-mapping \
+		--enable-paged-results \
+		--enable-rfc2307bis \
+		${myconf} || die "configure failed"
+
+	emake || die "make failed"
+}
+
+src_install() {
+	dodir /lib
+
+	make DESTDIR=${D} install || die "make install failed"
+
+	insinto /etc
+	doins ldap.conf
+
+	dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+		COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+	docinto docs; dodoc doc/*
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2005-07-06 23:45:20 +0000
committer	Robin H. Johnson <robbat2@gentoo.org>	2005-07-06 23:45:20 +0000
commit	056503e7e2a72bea12baba58732da858a48f7e71 (patch)
tree	d8cafd5627fda6f1e257e9318f964930a887799f /sys-auth
parent	Marked ~amd64. (diff)
download	gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.tar.gz gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.tar.bz2 gentoo-2-056503e7e2a72bea12baba58732da858a48f7e71.zip