summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Olexa <darkside@gentoo.org>2010-06-11 16:10:12 +0000
committerJeremy Olexa <darkside@gentoo.org>2010-06-11 16:10:12 +0000
commita20747e55544d50afaa2597eb4adcce71e0d72c8 (patch)
tree47c80c4a5d5964f27aed7aa34a2de22142df6418 /app-crypt
parentVersion bump. Remove old. (diff)
downloadgentoo-2-a20747e55544d50afaa2597eb4adcce71e0d72c8.tar.gz
gentoo-2-a20747e55544d50afaa2597eb4adcce71e0d72c8.tar.bz2
gentoo-2-a20747e55544d50afaa2597eb4adcce71e0d72c8.zip
Version bump - security bug #322709. Berkeley DB-5.0 compatibility - bug #319673. Working FEATURES=test. Ldap schema name changed to hdb.schema to follow upstream. eautoreconf not necessary.
(Portage version: 2.1.8.3/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/heimdal/ChangeLog11
-rw-r--r--app-crypt/heimdal/files/heimdal_db5.patch22
-rw-r--r--app-crypt/heimdal/files/heimdal_disable-check-iprop.patch16
-rw-r--r--app-crypt/heimdal/files/heimdal_testsuite.patch307
-rw-r--r--app-crypt/heimdal/files/heimdal_testsuite_extra.patch77
-rw-r--r--app-crypt/heimdal/heimdal-1.3.3.ebuild122
6 files changed, 554 insertions, 1 deletions
diff --git a/app-crypt/heimdal/ChangeLog b/app-crypt/heimdal/ChangeLog
index 736066e75080..8ed7188d3ecd 100644
--- a/app-crypt/heimdal/ChangeLog
+++ b/app-crypt/heimdal/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for app-crypt/heimdal
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.152 2010/05/09 16:32:44 darkside Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.153 2010/06/11 16:10:12 darkside Exp $
+
+*heimdal-1.3.3 (11 Jun 2010)
+
+ 11 Jun 2010; Jeremy Olexa <darkside@gentoo.org> +files/heimdal_db5.patch,
+ +heimdal-1.3.3.ebuild, +files/heimdal_disable-check-iprop.patch,
+ +files/heimdal_testsuite.patch, +files/heimdal_testsuite_extra.patch:
+ Version bump - security bug #322709. Berkeley DB-5.0 compatibility - bug
+ #319673. Working FEATURES=test. Ldap schema name changed to hdb.schema to
+ follow upstream. eautoreconf not necessary.
*heimdal-1.3.2-r1 (09 May 2010)
diff --git a/app-crypt/heimdal/files/heimdal_db5.patch b/app-crypt/heimdal/files/heimdal_db5.patch
new file mode 100644
index 000000000000..957a3169b29d
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_db5.patch
@@ -0,0 +1,22 @@
+diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c
+index 3b22c2e..a7bae76 100644
+--- a/lib/hdb/db3.c
++++ b/lib/hdb/db3.c
+@@ -268,7 +268,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
+ db_create(&d, NULL, 0);
+ db->hdb_db = d;
+
+-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
++#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
+ ret = (*d->open)(db->hdb_db, NULL, fn, NULL, DB_BTREE, myflags, mode);
+ #else
+ ret = (*d->open)(db->hdb_db, fn, NULL, DB_BTREE, myflags, mode);
+@@ -276,7 +276,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
+
+ if (ret == ENOENT) {
+ /* try to open without .db extension */
+-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
++#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
+ ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE,
+ myflags, mode);
+ #else
diff --git a/app-crypt/heimdal/files/heimdal_disable-check-iprop.patch b/app-crypt/heimdal/files/heimdal_disable-check-iprop.patch
new file mode 100644
index 000000000000..703fc7c94d46
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_disable-check-iprop.patch
@@ -0,0 +1,16 @@
+diff --git a/tests/kdc/check-iprop.in b/tests/kdc/check-iprop.in
+index ba9aff1..0bea2ed 100644
+--- a/tests/kdc/check-iprop.in
++++ b/tests/kdc/check-iprop.in
+@@ -31,6 +31,11 @@
+ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ # SUCH DAMAGE.
+
++# check-iprop is known to fail and there is no easy way out
++# http://article.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/5408
++# http://article.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/5409
++exit 77
++
+ top_builddir="@top_builddir@"
+ env_setup="@env_setup@"
+ objdir="@objdir@"
diff --git a/app-crypt/heimdal/files/heimdal_testsuite.patch b/app-crypt/heimdal/files/heimdal_testsuite.patch
new file mode 100644
index 000000000000..f860ec358448
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_testsuite.patch
@@ -0,0 +1,307 @@
+diff --git a/tests/bin/Makefile.am b/tests/bin/Makefile.am
+index 49accb0..3d54a97 100644
+--- a/tests/bin/Makefile.am
++++ b/tests/bin/Makefile.am
+@@ -8,7 +8,8 @@ do_subst = \
+ sed $(do_dlopen) \
+ -e "s,[@]EGREP[@],$(EGREP),g" \
+ -e "s,[@]top_srcdir[@],$${top_srcdir},g" \
+- -e "s,[@]top_builddir[@],$${top_builddir},g"
++ -e "s,[@]top_builddir[@],$${top_builddir},g" \
++ -e "s,[@]NO_AFS[@],$${NO_AFS},g"
+
+ setup-env: setup-env.in Makefile
+ $(do_subst) < $(srcdir)/setup-env.in > setup-env.tmp
+diff --git a/tests/bin/setup-env.in b/tests/bin/setup-env.in
+index a848482..4857e17 100644
+--- a/tests/bin/setup-env.in
++++ b/tests/bin/setup-env.in
+@@ -6,6 +6,7 @@ unset KRB5CCNAME
+ top_builddir="@top_builddir@"
+ top_srcdir="@top_srcdir@"
+ EGREP="@EGREP@"
++NO_AFS="@NO_AFS@"
+
+ # Meant to be sourced (source or .) by the tester application, offers
+ # most commands in heimdal as variables
+@@ -42,6 +43,14 @@ have_db="${top_builddir}/tests/db/have-db"
+ leaks_kill="${top_srcdir}/tests/kdc/leaks-kill.sh"
+ wait_kdc="${top_srcdir}/tests/kdc/wait-kdc.sh"
+
++if [ ! "${NO_AFS}" ] ; then
++ afs_no_unlog="--no-unlog"
++ afs_no_afslog="--no-afslog"
++else
++ afs_no_unlog=""
++ afs_no_afslog=""
++fi
++
+ # data
+ hx509_data="${top_srcdir}/lib/hx509/data"
+
+diff --git a/tests/gss/check-basic.in b/tests/gss/check-basic.in
+index 5599e5f..ef63097 100644
+--- a/tests/gss/check-basic.in
++++ b/tests/gss/check-basic.in
+@@ -51,8 +51,8 @@ cache="FILE:krb5ccfile"
+ cache2="FILE:krb5ccfile2"
+ nocache="FILE:no-such-cache"
+
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
++kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache ${afs_no_unlog}"
+ klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in
+index 06f7774..1b01e49 100644
+--- a/tests/gss/check-context.in
++++ b/tests/gss/check-context.in
+@@ -49,7 +49,7 @@ keytab="FILE:${keytabfile}"
+ nokeytab="FILE:no-such-keytab"
+ cache="FILE:krb5ccfile"
+
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+ klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+diff --git a/tests/gss/check-ntlm.in b/tests/gss/check-ntlm.in
+index c76f63d..a929e66 100644
+--- a/tests/gss/check-ntlm.in
++++ b/tests/gss/check-ntlm.in
+@@ -49,8 +49,8 @@ keytab="FILE:${keytabfile}"
+ cache="FILE:krb5ccfile"
+ cacheds="FILE:krb5ccfile-ds"
+
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+-kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
++kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds ${afs_no_afslog}"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+ kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest"
+diff --git a/tests/gss/check-spnego.in b/tests/gss/check-spnego.in
+index 3284715..7e90f5b 100644
+--- a/tests/gss/check-spnego.in
++++ b/tests/gss/check-spnego.in
+@@ -49,8 +49,8 @@ keytab="FILE:${keytabfile}"
+ cache="FILE:krb5ccfile"
+ cacheds="FILE:krb5ccfile-ds"
+
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog --forwardable"
+-kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog} --forwardable"
++kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds ${afs_no_afslog}"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+diff --git a/tests/kdc/check-cc.in b/tests/kdc/check-cc.in
+index 0a37703..aef5e16 100644
+--- a/tests/kdc/check-cc.in
++++ b/tests/kdc/check-cc.in
+@@ -51,8 +51,8 @@ R=TEST.H5L.SE
+ port=@port@
+ pwport=@pwport@
+
+-kinit="${kinit} --password-file=${objdir}/foopassword --no-afslog"
+-kdestroy="${kdestroy} --no-unlog"
++kinit="${kinit} --password-file=${objdir}/foopassword ${afs_no_afslog}"
++kdestroy="${kdestroy} ${afs_no_unlog}"
+ kadmin="${kadmin} -l -r $R"
+ kdc="${kdc} --addresses=localhost -P $port"
+
+diff --git a/tests/kdc/check-delegation.in b/tests/kdc/check-delegation.in
+index 7e23157..9cf11c3 100644
+--- a/tests/kdc/check-delegation.in
++++ b/tests/kdc/check-delegation.in
+@@ -54,10 +54,10 @@ kdc="${kdc} --addresses=localhost -P $port"
+ server=host/datan.test4.h5l.se@TEST4.H5L.ORG
+ cache="FILE:${objdir}/cache.krb5"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-des.in b/tests/kdc/check-des.in
+index 1eca6c4..77a39b1 100644
+--- a/tests/kdc/check-des.in
++++ b/tests/kdc/check-des.in
+@@ -54,10 +54,10 @@ afsserver=afs/test.h5l.se
+ hostserver=host/server.test.h5l.se
+ cache="FILE:${objdir}/cache.krb5"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-digest.in b/tests/kdc/check-digest.in
+index d253d59..90eb130 100644
+--- a/tests/kdc/check-digest.in
++++ b/tests/kdc/check-digest.in
+@@ -56,7 +56,7 @@ ocache="FILE:${objdir}/ocache.krb5"
+ keytabfile=${objdir}/server.keytab
+ keytab="FILE:${keytabfile}"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kdigest="${kdigest} --ccache=$cache"
+
+diff --git a/tests/kdc/check-iprop.in b/tests/kdc/check-iprop.in
+index 2bc5544..ba9aff1 100644
+--- a/tests/kdc/check-iprop.in
++++ b/tests/kdc/check-iprop.in
+@@ -54,7 +54,7 @@ keytab="FILE:${keytabfile}"
+
+ kdc="${kdc} --addresses=localhost -P $port"
+ kadmin="${kadmin} -r $R"
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-kadmin.in b/tests/kdc/check-kadmin.in
+index faba084..b761ef0 100644
+--- a/tests/kdc/check-kadmin.in
++++ b/tests/kdc/check-kadmin.in
+@@ -55,9 +55,9 @@ kadmind="${kadmind} -p $admport"
+
+ server=host/datan.test.h5l.se
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in
+index 0e1f9d7..5fc08fc 100644
+--- a/tests/kdc/check-kdc.in
++++ b/tests/kdc/check-kdc.in
+@@ -70,11 +70,11 @@ keytab="FILE:${keytabfile}"
+ ps="proxy-service@${R}"
+ aesenctype="aes256-cts-hmac-sha1-96"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+ kgetcred_imp="${kgetcred} -c $cache --out-cache=${ocache}"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ kimpersonate="${kimpersonate} -k ${keytab} --ccache=${ocache}"
+
+ rm -f ${keytabfile}
+diff --git a/tests/kdc/check-kpasswdd.in b/tests/kdc/check-kpasswdd.in
+index dd2162a..355930f 100644
+--- a/tests/kdc/check-kpasswdd.in
++++ b/tests/kdc/check-kpasswdd.in
+@@ -60,10 +60,10 @@ cache="FILE:${objdir}/cache.krb5"
+ keytabfile=${objdir}/server.keytab
+ keytab="FILE:${keytabfile}"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-pkinit.in b/tests/kdc/check-pkinit.in
+index 1cb7b50..723cc14 100644
+--- a/tests/kdc/check-pkinit.in
++++ b/tests/kdc/check-pkinit.in
+@@ -54,9 +54,9 @@ cache="FILE:${objdir}/cache.krb5"
+ keyfile="${hx509_data}/key.der"
+ keyfile2="${hx509_data}/key2.der"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+ KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-referral.in b/tests/kdc/check-referral.in
+index b64b06a..8ca2a31 100644
+--- a/tests/kdc/check-referral.in
++++ b/tests/kdc/check-referral.in
+@@ -54,10 +54,10 @@ kdc="${kdc} --addresses=localhost -P $port"
+
+ cache="FILE:${objdir}/cache.krb5"
+
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
+diff --git a/tests/kdc/check-uu.in b/tests/kdc/check-uu.in
+index 91e1e64..2670956 100644
+--- a/tests/kdc/check-uu.in
++++ b/tests/kdc/check-uu.in
+@@ -54,10 +54,10 @@ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+ cache1="FILE:${objdir}/cache1.krb5"
+ cache2="FILE:${objdir}/cache2.krb5"
+
+-kinit1="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache1 --no-afslog"
+-kinit2="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache2 --no-afslog"
+-kdestroy1="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache1 --no-unlog"
+-kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 --no-unlog"
++kinit1="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache1 ${afs_no_afslog}"
++kinit2="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache2 ${afs_no_afslog}"
++kdestroy1="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache1 ${afs_no_unlog}"
++kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 ${afs_no_unlog}"
+ uu_server="${TESTS_ENVIRONMENT} ../../appl/test/uu_server"
+ uu_client="${TESTS_ENVIRONMENT} ../../appl/test/uu_client"
+
+diff --git a/tests/ldap/check-ldap.in b/tests/ldap/check-ldap.in
+index ab61e48..3f706bd 100644
+--- a/tests/ldap/check-ldap.in
++++ b/tests/ldap/check-ldap.in
+@@ -45,7 +45,7 @@ port=@port@
+ server=host/datan.test.h5l.se
+ cache="FILE:${objdir}/cache.krb5"
+
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+diff --git a/tests/plugin/check-pac.in b/tests/plugin/check-pac.in
+index 8c15309..17f7216 100644
+--- a/tests/plugin/check-pac.in
++++ b/tests/plugin/check-pac.in
+@@ -55,10 +55,10 @@ cache="FILE:${objdir}/cache.krb5"
+ keytabfile=${objdir}/server.keytab
+ keytab="FILE:${keytabfile}"
+
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+ klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
++kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache ${afs_no_unlog}"
+ test_apreq="${TESTS_ENVIRONMENT} ../../lib/krb5/test_ap-req"
+
+ KRB5_CONFIG="${objdir}/krb5.conf"
diff --git a/app-crypt/heimdal/files/heimdal_testsuite_extra.patch b/app-crypt/heimdal/files/heimdal_testsuite_extra.patch
new file mode 100644
index 000000000000..40975942ce13
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_testsuite_extra.patch
@@ -0,0 +1,77 @@
+diff --git a/tests/can/Makefile.am b/tests/can/Makefile.am
+index f881667..12cd2fe 100644
+--- a/tests/can/Makefile.am
++++ b/tests/can/Makefile.am
+@@ -14,7 +14,8 @@ port = 49188
+ do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
+- -e 's,[@]EGREP[@],$(EGREP),g'
++ -e 's,[@]EGREP[@],$(EGREP),g' \
++ -e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g'
+
+ test_can: test_can.in Makefile
+ $(do_subst) < $(srcdir)/test_can.in > test_can.tmp
+diff --git a/tests/can/check-can.in b/tests/can/check-can.in
+index c687bce..70e5d38 100644
+--- a/tests/can/check-can.in
++++ b/tests/can/check-can.in
+@@ -36,12 +36,30 @@
+
+ srcdir="@srcdir@"
+ objdir="@objdir@"
++env_setup="@env_setup@"
++
++. ${env_setup}
+
+ # If there is no useful db support compile in, disable test
+ ../db/have-db || exit 77
+
+ ./test_can TEST.H5L.SE heim-0.8 || exit 1
+ ./test_can TEST.H5L.SE apple-10.4 || exit 1
+-./test_can HEIMDAL.CITI.UMICH.EDU mit-pkinit-20070607 || exit 1
++
++rsa=yes
++pkinit=no
++if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
++ rsa=no
++fi
++if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
++ rsa=no
++fi
++if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
++ pkinit=yes
++fi
++
++if test "$pkinit" = yes -a "$rsa" = yes ; then
++ ./test_can HEIMDAL.CITI.UMICH.EDU mit-pkinit-20070607 || exit 1
++fi
+
+ exit 0
+diff --git a/tests/ldap/init.ldif b/tests/ldap/init.ldif
+index 9cf39b1..d087172 100644
+--- a/tests/ldap/init.ldif
++++ b/tests/ldap/init.ldif
+@@ -22,7 +22,7 @@ loginShell: /bin/bash
+ gecos: Netbios root user
+ structuralObjectClass: inetOrgPerson
+ creatorsName: cn=root,dc=test,dc=h5l,dc=se
+-userPassword:: AAAAAA
++userPassword:: AAAAAA==
+ objectClass: krb5KDCEntry
+ krb5KeyVersionNumber: 2
+ krb5PrincipalName: suser@TEST.H5L.SE
+diff --git a/tests/can/Makefile.in b/tests/can/Makefile.in
+index e40eeb7..fb274b2 100644
+--- a/tests/can/Makefile.in
++++ b/tests/can/Makefile.in
+@@ -342,7 +342,8 @@ port = 49188
+ do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
+- -e 's,[@]EGREP[@],$(EGREP),g'
++ -e 's,[@]EGREP[@],$(EGREP),g' \
++ -e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g'
+
+ CLEANFILES = $(TESTS) *.tmp *.cf \
+ current-db* \
diff --git a/app-crypt/heimdal/heimdal-1.3.3.ebuild b/app-crypt/heimdal/heimdal-1.3.3.ebuild
new file mode 100644
index 000000000000..1df19dc7b8a1
--- /dev/null
+++ b/app-crypt/heimdal/heimdal-1.3.3.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/heimdal-1.3.3.ebuild,v 1.1 2010/06/11 16:10:12 darkside Exp $
+
+EAPI=2
+VIRTUALX_REQUIRED="manual"
+
+inherit libtool virtualx eutils toolchain-funcs
+
+#RESTRICT="test"
+
+DESCRIPTION="Kerberos 5 implementation from KTH"
+HOMEPAGE="http://www.h5l.org/"
+SRC_URI="http://www.h5l.org/dist/src/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh
+~sparc ~x86"
+IUSE="afs +berkdb hdb-ldap ipv6 otp pkinit ssl threads test X"
+
+RDEPEND="ssl? ( dev-libs/openssl )
+ berkdb? ( sys-libs/db )
+ !berkdb? ( sys-libs/gdbm )
+ >=dev-db/sqlite-3.5.7
+ >=sys-libs/e2fsprogs-libs-1.41.11
+ afs? ( net-fs/openafs )
+ hdb-ldap? ( >=net-nds/openldap-2.3.0 )
+ !virtual/krb5"
+
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig
+ >=sys-devel/autoconf-2.62
+ test? ( X? ( ${VIRTUALX_DEPEND} ) )"
+
+PROVIDE="virtual/krb5"
+
+src_prepare() {
+ epatch "${FILESDIR}/heimdal_db5.patch"
+ epatch "${FILESDIR}/heimdal_testsuite.patch"
+ epatch "${FILESDIR}/heimdal_testsuite_extra.patch"
+ epatch "${FILESDIR}/heimdal_disable-check-iprop.patch"
+}
+
+src_configure() {
+ econf \
+ --enable-kcm \
+ --disable-osfc2 \
+ --enable-shared \
+ --with-libintl=/usr \
+ --with-readline=/usr \
+ --with-sqlite3=/usr \
+ --libexecdir=/usr/sbin \
+ $(use_enable afs afs-support) \
+ $(use_enable berkdb berkeley-db) \
+ $(use_enable otp) \
+ $(use_enable pkinit kx509) \
+ $(use_enable pkinit pk-init) \
+ $(use_enable threads pthread-support) \
+ $(use_with hdb-ldap openldap /usr) \
+ $(use_with ipv6) \
+ $(use_with ssl openssl /usr) \
+ $(use_with X x)
+}
+
+src_compile() {
+ emake -j1 || die "emake failed"
+}
+
+src_test() {
+ einfo "Disabled check-iprop which is known to fail. Other tests should work."
+ default_src_test
+}
+
+src_install() {
+ INSTALL_CATPAGES="no" emake DESTDIR="${D}" install || die "emake install failed"
+
+ dodoc ChangeLog README NEWS TODO
+
+ # Begin client rename and install
+ for i in {telnetd,ftpd,rshd,popper}
+ do
+ mv "${D}"/usr/share/man/man8/{,k}${i}.8
+ mv "${D}"/usr/sbin/{,k}${i}
+ done
+
+ for i in {rcp,rsh,telnet,ftp,su,login,pagsh,kf}
+ do
+ mv "${D}"/usr/share/man/man1/{,k}${i}.1
+ mv "${D}"/usr/bin/{,k}${i}
+ done
+
+ mv "${D}"/usr/share/man/man5/{,k}ftpusers.5
+ mv "${D}"/usr/share/man/man5/{,k}login.access.5
+
+ newinitd "${FILESDIR}"/heimdal-kdc.initd heimdal-kdc
+ newinitd "${FILESDIR}"/heimdal-kadmind.initd heimdal-kadmind
+ newinitd "${FILESDIR}"/heimdal-kpasswdd.initd heimdal-kpasswdd
+ newinitd "${FILESDIR}"/heimdal-kcm.initd heimdal-kcm
+
+ insinto /etc
+ newins "${FILESDIR}"/krb5.conf krb5.conf.example
+
+ if use hdb-ldap; then
+ insinto /etc/openldap/schema
+ doins "${S}/lib/hdb/hdb.schema"
+ fi
+
+ # default database dir
+ keepdir /var/heimdal
+}
+
+pkg_preinst() {
+
+ if has_version "=${CATEGORY}/${PN}-1.3.2*" ; then
+ if use hdb-ldap ; then
+ ewarn "Schema name changed to hdb.schema to follow upstream."
+ ewarn "Please check you slapd conf file to make sure"
+ ewarn "that the correct schema file is included."
+ fi
+ fi
+}