Version bump - security bug #322709. Berkeley DB-5.0 compatibility - bug #319673. Working FEATURES=test. Ldap schema name changed to hdb.schema to follow upstream. eautoreconf not necessary.

Package-Manager: portage-2.1.8.3/cvs/Linux x86_64

7 files changed, 561 insertions, 2 deletions

diff --git a/app-crypt/heimdal/ChangeLog b/app-crypt/heimdal/ChangeLog
index 736066e75080..8ed7188d3ecd 100644
--- a/app-crypt/heimdal/ChangeLog
+++ b/app-crypt/heimdal/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for app-crypt/heimdal
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.152 2010/05/09 16:32:44 darkside Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/ChangeLog,v 1.153 2010/06/11 16:10:12 darkside Exp $
+
+*heimdal-1.3.3 (11 Jun 2010)
+
+  11 Jun 2010; Jeremy Olexa <darkside@gentoo.org> +files/heimdal_db5.patch,
+  +heimdal-1.3.3.ebuild, +files/heimdal_disable-check-iprop.patch,
+  +files/heimdal_testsuite.patch, +files/heimdal_testsuite_extra.patch:
+  Version bump - security bug #322709. Berkeley DB-5.0 compatibility - bug
+  #319673. Working FEATURES=test. Ldap schema name changed to hdb.schema to
+  follow upstream. eautoreconf not necessary.
 
 *heimdal-1.3.2-r1 (09 May 2010)
 
diff --git a/app-crypt/heimdal/Manifest b/app-crypt/heimdal/Manifest
index 165a6afb4461..f8aacd0ed193 100644
--- a/app-crypt/heimdal/Manifest
+++ b/app-crypt/heimdal/Manifest
@@ -11,12 +11,18 @@ AUX heimdal-r23235-kb5-libwind_la.patch 270 RMD160 17784aca21208c3ae29b1e26a45e6
 AUX heimdal-r23238-kb5_locl_h-wind_h.patch 328 RMD160 0cab54e8605b56ed0168e2f680bee2c1386ec035 SHA1 6058f52df83ce0f04ac9d70e8c465ea88d1dca62 SHA256 abb7522a6675cc362fdb9b95096a69423b5742ea311bca4c7100cf0f5a71c1ec
 AUX heimdal-symlinked-manpages.patch 1104 RMD160 e76c9089229a1a5a87807c306a73d5bb5be7936e SHA1 f256e1f9193d9dfb061086a221ce3567b6626cda SHA256 f8c45e49c0d4366e133d01172c92a01050b48fea21160da439563ca927598956
 AUX heimdal-system_sqlite.patch 1861 RMD160 fa9cf71fef33b3e434f8d3a5bce5c51f0d3c97e5 SHA1 9255730737444febe78ebc47f246893e3887e880 SHA256 79abe4fae56218066b6827989d22d1e0ea1060c027f3698370d1cf7988b487de
+AUX heimdal_db5.patch 923 RMD160 e7e74d67b2b8789b006ea0dae5695a49386f86f3 SHA1 66106a8c39db0c61a90f0e847417a107cd91931e SHA256 5dac2109683705b2ade8962abfd88f1d989a371b811bc17176c5b360a67bcbe3
+AUX heimdal_disable-check-iprop.patch 577 RMD160 ce3733c555c5c13f320bb9a11b5911ab43f7da85 SHA1 a5ab37be218e03e57cf637a5f45ba630bcb45bcf SHA256 b2ab6f335b5a756856a5df635df82488f9dcdb3ed02a7114f90b4a34911f9721
+AUX heimdal_testsuite.patch 11928 RMD160 4e5f3277b07b8c0dd08d8518e381d9d21c296332 SHA1 e9e35a7306f4c59d05a0934b41a192faaa638a6b SHA256 0edb8be49749b27c37d8a19d7129f52dde26a17cc029d541042e568b39fe1db3
+AUX heimdal_testsuite_extra.patch 2352 RMD160 1f2dd032c995d672d376821060ea10684720c5ad SHA1 5537e1d96bc5509c987a2ea75df8dc3d3a5a1cb8 SHA256 301a27f3b36e00ca289d35c3554c4f03f1688e5e16a883b15a3d75180f9c8052
 AUX krb5.conf 424 RMD160 80a0159824b8a44698d97d911c701bb05f2f0688 SHA1 7602cc72576d144429cae5cf568feb25a5906ab7 SHA256 3acbae7a561b0a76c90ab53f41d5ffb5b811a39049c5ed15b1e7a34e8c889c6e
 DIST heimdal-1.2.1.tar.gz 5234882 RMD160 055e858200e53108ac24760516ff9d58e4fee0d2 SHA1 68b013a68bca7d544d29af0f890b9c668ec16936 SHA256 4e32be8d42824f2c58dffa435300e2dd0f0c3bbc6931afcbd450122067f76493
 DIST heimdal-1.3.2.tar.gz 5743151 RMD160 57c2706a5893afc41e604f7821c10571cc8999dd SHA1 b31adedca3cec50469889ca9528be25db24b50f7 SHA256 965b3ff4764bd69b2f19abe774300b7dc4822829c831f27d4c5b3b67d3c18c63
+DIST heimdal-1.3.3.tar.gz 5744155 RMD160 ce97ac415e7c27912ba148b81c46e756dc54ba3e SHA1 a385d959e3edd144aee79e9df585e44347342049 SHA256 8c8d2b272529c87ae9800825e2f266821b696ae6b56837edf0d19e17fc2a8630
 DIST heimdal-gentoo-patches-0.2.tar.bz2 5215 RMD160 f6b87d3caf8f156fdcf7c61542ea612cdcd42d9a SHA1 2282ea687e2cc215bf77a61b9badfb4a347b2792 SHA256 c4074b06760e28ac9a9bd5f1bc54dd86f1c104463384ca2f79918029995bb45a
 EBUILD heimdal-1.2.1-r1.ebuild 4237 RMD160 4b3f562242cf2eabcaaeab583223b90cd38cb23d SHA1 db55235d6a779c80cff7ef11f09f6e033d397043 SHA256 e14cc0cacb4edc26c3df8366a40fbabd8ab444c1e2b4d6d37fdec9f0ed8d5cbf
 EBUILD heimdal-1.2.1-r4.ebuild 4064 RMD160 931764a654b3a4fe4aedb6d9163fe6125c959d51 SHA1 b1c3ba453075d6f4d398ce13b2516246a1315f4f SHA256 92eb7771c35730ca33e296a4d9cec6fa867e5df24040a263294d864b84833018
 EBUILD heimdal-1.3.2-r1.ebuild 2637 RMD160 b65f56b535b931375948fe47a16fc2ed4ae70e28 SHA1 2c94e7eab79c53d2bf7bcf094491e6361c764070 SHA256 c9639dc0714cc0d78ecacf5777c4d7ab1295b63fc3e7590cb99ad9253fde6581
-MISC ChangeLog 25023 RMD160 59802429f164e5eea6fa39b0c4b7615b8ab7eb78 SHA1 3dd85ad904f78257606582c22464f4a81aac01f8 SHA256 98d6fd486f1d1e59ab2df9772393947efd67b5c6fa4bba494fa0845836755b2d
+EBUILD heimdal-1.3.3.ebuild 3100 RMD160 0de7741daf3d8b9702bae511095009c27c632b7a SHA1 1e2adbc6efdb52bf61d78860974c60775921e270 SHA256 dd679b291b8ba51e495c2a022da29148b19103d67fb4e1d4519094c687b5e113
+MISC ChangeLog 25466 RMD160 381db0c3e29bcca79b93353276ac89f5413fc1e5 SHA1 d0db09b2aab33ce237bc6f21a8d7bf627d1cdc7e SHA256 7029df8bfcf1ddca243128eb0a6f5f017586b65735072175bf6f20bb75572b7e
 MISC metadata.xml 923 RMD160 47b35a8f1efeaa17ac7104932a7ac75fa58b2f48 SHA1 82f3c37e41de86ca104a021461613a23680b86cb SHA256 f3eb7cc9ed2e70bdf91b8b1817f352a9eb0ce22e8a026510250b064040e18a3b
diff --git a/app-crypt/heimdal/files/heimdal_db5.patch b/app-crypt/heimdal/files/heimdal_db5.patch
new file mode 100644
index 000000000000..957a3169b29d
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_db5.patch
@@ -0,0 +1,22 @@
+diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c
+index 3b22c2e..a7bae76 100644
+--- a/lib/hdb/db3.c
++++ b/lib/hdb/db3.c
+@@ -268,7 +268,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
+     db_create(&d, NULL, 0);
+     db->hdb_db = d;
+ 
+-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
++#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
+     ret = (*d->open)(db->hdb_db, NULL, fn, NULL, DB_BTREE, myflags, mode);
+ #else
+     ret = (*d->open)(db->hdb_db, fn, NULL, DB_BTREE, myflags, mode);
+@@ -276,7 +276,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
+ 
+     if (ret == ENOENT) {
+ 	/* try to open without .db extension */
+-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
++#if (DB_VERSION_MAJOR == 5) || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
+ 	ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE,
+ 			 myflags, mode);
+ #else
diff --git a/app-crypt/heimdal/files/heimdal_disable-check-iprop.patch b/app-crypt/heimdal/files/heimdal_disable-check-iprop.patch
new file mode 100644
index 000000000000..703fc7c94d46
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_disable-check-iprop.patch
@@ -0,0 +1,16 @@
+diff --git a/tests/kdc/check-iprop.in b/tests/kdc/check-iprop.in
+index ba9aff1..0bea2ed 100644
+--- a/tests/kdc/check-iprop.in
++++ b/tests/kdc/check-iprop.in
+@@ -31,6 +31,11 @@
+ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ # SUCH DAMAGE. 
+ 
++# check-iprop is known to fail and there is no easy way out
++# http://article.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/5408
++# http://article.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/5409
++exit 77
++
+ top_builddir="@top_builddir@"
+ env_setup="@env_setup@"
+ objdir="@objdir@"
diff --git a/app-crypt/heimdal/files/heimdal_testsuite.patch b/app-crypt/heimdal/files/heimdal_testsuite.patch
new file mode 100644
index 000000000000..f860ec358448
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_testsuite.patch
@@ -0,0 +1,307 @@
+diff --git a/tests/bin/Makefile.am b/tests/bin/Makefile.am
+index 49accb0..3d54a97 100644
+--- a/tests/bin/Makefile.am
++++ b/tests/bin/Makefile.am
+@@ -8,7 +8,8 @@ do_subst = \
+ 	sed $(do_dlopen) \
+ 	-e "s,[@]EGREP[@],$(EGREP),g" \
+ 	-e "s,[@]top_srcdir[@],$${top_srcdir},g" \
+-	-e "s,[@]top_builddir[@],$${top_builddir},g"
++	-e "s,[@]top_builddir[@],$${top_builddir},g" \
++	-e "s,[@]NO_AFS[@],$${NO_AFS},g"
+ 
+ setup-env: setup-env.in Makefile
+ 	$(do_subst) < $(srcdir)/setup-env.in > setup-env.tmp
+diff --git a/tests/bin/setup-env.in b/tests/bin/setup-env.in
+index a848482..4857e17 100644
+--- a/tests/bin/setup-env.in
++++ b/tests/bin/setup-env.in
+@@ -6,6 +6,7 @@ unset KRB5CCNAME
+ top_builddir="@top_builddir@"
+ top_srcdir="@top_srcdir@"
+ EGREP="@EGREP@"
++NO_AFS="@NO_AFS@"
+ 
+ # Meant to be sourced (source or .) by the tester application, offers
+ # most commands in heimdal as variables
+@@ -42,6 +43,14 @@ have_db="${top_builddir}/tests/db/have-db"
+ leaks_kill="${top_srcdir}/tests/kdc/leaks-kill.sh"
+ wait_kdc="${top_srcdir}/tests/kdc/wait-kdc.sh"
+ 
++if [ ! "${NO_AFS}" ] ; then
++    afs_no_unlog="--no-unlog"
++    afs_no_afslog="--no-afslog"
++else
++    afs_no_unlog=""
++    afs_no_afslog=""
++fi
++
+ # data
+ hx509_data="${top_srcdir}/lib/hx509/data"
+ 
+diff --git a/tests/gss/check-basic.in b/tests/gss/check-basic.in
+index 5599e5f..ef63097 100644
+--- a/tests/gss/check-basic.in
++++ b/tests/gss/check-basic.in
+@@ -51,8 +51,8 @@ cache="FILE:krb5ccfile"
+ cache2="FILE:krb5ccfile2"
+ nocache="FILE:no-such-cache"
+ 
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
++kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache ${afs_no_unlog}"
+ klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in
+index 06f7774..1b01e49 100644
+--- a/tests/gss/check-context.in
++++ b/tests/gss/check-context.in
+@@ -49,7 +49,7 @@ keytab="FILE:${keytabfile}"
+ nokeytab="FILE:no-such-keytab"
+ cache="FILE:krb5ccfile"
+ 
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+ klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+diff --git a/tests/gss/check-ntlm.in b/tests/gss/check-ntlm.in
+index c76f63d..a929e66 100644
+--- a/tests/gss/check-ntlm.in
++++ b/tests/gss/check-ntlm.in
+@@ -49,8 +49,8 @@ keytab="FILE:${keytabfile}"
+ cache="FILE:krb5ccfile"
+ cacheds="FILE:krb5ccfile-ds"
+ 
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+-kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
++kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds ${afs_no_afslog}"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+ kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest"
+diff --git a/tests/gss/check-spnego.in b/tests/gss/check-spnego.in
+index 3284715..7e90f5b 100644
+--- a/tests/gss/check-spnego.in
++++ b/tests/gss/check-spnego.in
+@@ -49,8 +49,8 @@ keytab="FILE:${keytabfile}"
+ cache="FILE:krb5ccfile"
+ cacheds="FILE:krb5ccfile-ds"
+ 
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog --forwardable"
+-kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog} --forwardable"
++kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds ${afs_no_afslog}"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+ 
+diff --git a/tests/kdc/check-cc.in b/tests/kdc/check-cc.in
+index 0a37703..aef5e16 100644
+--- a/tests/kdc/check-cc.in
++++ b/tests/kdc/check-cc.in
+@@ -51,8 +51,8 @@ R=TEST.H5L.SE
+ port=@port@
+ pwport=@pwport@
+ 
+-kinit="${kinit} --password-file=${objdir}/foopassword --no-afslog"
+-kdestroy="${kdestroy} --no-unlog"
++kinit="${kinit} --password-file=${objdir}/foopassword ${afs_no_afslog}"
++kdestroy="${kdestroy} ${afs_no_unlog}"
+ kadmin="${kadmin} -l -r $R"
+ kdc="${kdc} --addresses=localhost -P $port"
+ 
+diff --git a/tests/kdc/check-delegation.in b/tests/kdc/check-delegation.in
+index 7e23157..9cf11c3 100644
+--- a/tests/kdc/check-delegation.in
++++ b/tests/kdc/check-delegation.in
+@@ -54,10 +54,10 @@ kdc="${kdc} --addresses=localhost -P $port"
+ server=host/datan.test4.h5l.se@TEST4.H5L.ORG
+ cache="FILE:${objdir}/cache.krb5"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-des.in b/tests/kdc/check-des.in
+index 1eca6c4..77a39b1 100644
+--- a/tests/kdc/check-des.in
++++ b/tests/kdc/check-des.in
+@@ -54,10 +54,10 @@ afsserver=afs/test.h5l.se
+ hostserver=host/server.test.h5l.se
+ cache="FILE:${objdir}/cache.krb5"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-digest.in b/tests/kdc/check-digest.in
+index d253d59..90eb130 100644
+--- a/tests/kdc/check-digest.in
++++ b/tests/kdc/check-digest.in
+@@ -56,7 +56,7 @@ ocache="FILE:${objdir}/ocache.krb5"
+ keytabfile=${objdir}/server.keytab
+ keytab="FILE:${keytabfile}"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kdigest="${kdigest} --ccache=$cache"
+ 
+diff --git a/tests/kdc/check-iprop.in b/tests/kdc/check-iprop.in
+index 2bc5544..ba9aff1 100644
+--- a/tests/kdc/check-iprop.in
++++ b/tests/kdc/check-iprop.in
+@@ -54,7 +54,7 @@ keytab="FILE:${keytabfile}"
+ 
+ kdc="${kdc} --addresses=localhost -P $port"
+ kadmin="${kadmin} -r $R"
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-kadmin.in b/tests/kdc/check-kadmin.in
+index faba084..b761ef0 100644
+--- a/tests/kdc/check-kadmin.in
++++ b/tests/kdc/check-kadmin.in
+@@ -55,9 +55,9 @@ kadmind="${kadmind} -p $admport"
+ 
+ server=host/datan.test.h5l.se
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in
+index 0e1f9d7..5fc08fc 100644
+--- a/tests/kdc/check-kdc.in
++++ b/tests/kdc/check-kdc.in
+@@ -70,11 +70,11 @@ keytab="FILE:${keytabfile}"
+ ps="proxy-service@${R}"
+ aesenctype="aes256-cts-hmac-sha1-96"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+ kgetcred_imp="${kgetcred} -c $cache --out-cache=${ocache}"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ kimpersonate="${kimpersonate} -k ${keytab} --ccache=${ocache}"
+ 
+ rm -f ${keytabfile}
+diff --git a/tests/kdc/check-kpasswdd.in b/tests/kdc/check-kpasswdd.in
+index dd2162a..355930f 100644
+--- a/tests/kdc/check-kpasswdd.in
++++ b/tests/kdc/check-kpasswdd.in
+@@ -60,10 +60,10 @@ cache="FILE:${objdir}/cache.krb5"
+ keytabfile=${objdir}/server.keytab
+ keytab="FILE:${keytabfile}"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-pkinit.in b/tests/kdc/check-pkinit.in
+index 1cb7b50..723cc14 100644
+--- a/tests/kdc/check-pkinit.in
++++ b/tests/kdc/check-pkinit.in
+@@ -54,9 +54,9 @@ cache="FILE:${objdir}/cache.krb5"
+ keyfile="${hx509_data}/key.der"
+ keyfile2="${hx509_data}/key2.der"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ 
+ KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
+ export KRB5_CONFIG
+diff --git a/tests/kdc/check-referral.in b/tests/kdc/check-referral.in
+index b64b06a..8ca2a31 100644
+--- a/tests/kdc/check-referral.in
++++ b/tests/kdc/check-referral.in
+@@ -54,10 +54,10 @@ kdc="${kdc} --addresses=localhost -P $port"
+ 
+ cache="FILE:${objdir}/cache.krb5"
+ 
+-kinit="${kinit} -c $cache --no-afslog"
++kinit="${kinit} -c $cache ${afs_no_afslog}"
+ klist="${klist} -c $cache"
+ kgetcred="${kgetcred} -c $cache"
+-kdestroy="${kdestroy} -c $cache --no-unlog"
++kdestroy="${kdestroy} -c $cache ${afs_no_unlog}"
+ 
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
+diff --git a/tests/kdc/check-uu.in b/tests/kdc/check-uu.in
+index 91e1e64..2670956 100644
+--- a/tests/kdc/check-uu.in
++++ b/tests/kdc/check-uu.in
+@@ -54,10 +54,10 @@ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+ cache1="FILE:${objdir}/cache1.krb5"
+ cache2="FILE:${objdir}/cache2.krb5"
+ 
+-kinit1="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache1 --no-afslog"
+-kinit2="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache2 --no-afslog"
+-kdestroy1="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache1 --no-unlog"
+-kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 --no-unlog"
++kinit1="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache1 ${afs_no_afslog}"
++kinit2="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache2 ${afs_no_afslog}"
++kdestroy1="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache1 ${afs_no_unlog}"
++kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 ${afs_no_unlog}"
+ uu_server="${TESTS_ENVIRONMENT} ../../appl/test/uu_server"
+ uu_client="${TESTS_ENVIRONMENT} ../../appl/test/uu_client"
+ 
+diff --git a/tests/ldap/check-ldap.in b/tests/ldap/check-ldap.in
+index ab61e48..3f706bd 100644
+--- a/tests/ldap/check-ldap.in
++++ b/tests/ldap/check-ldap.in
+@@ -45,7 +45,7 @@ port=@port@
+ server=host/datan.test.h5l.se
+ cache="FILE:${objdir}/cache.krb5"
+ 
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+ kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+ kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+diff --git a/tests/plugin/check-pac.in b/tests/plugin/check-pac.in
+index 8c15309..17f7216 100644
+--- a/tests/plugin/check-pac.in
++++ b/tests/plugin/check-pac.in
+@@ -55,10 +55,10 @@ cache="FILE:${objdir}/cache.krb5"
+ keytabfile=${objdir}/server.keytab
+ keytab="FILE:${keytabfile}"
+ 
+-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
++kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache ${afs_no_afslog}"
+ klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
++kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache ${afs_no_unlog}"
+ test_apreq="${TESTS_ENVIRONMENT} ../../lib/krb5/test_ap-req"
+ 
+ KRB5_CONFIG="${objdir}/krb5.conf"
diff --git a/app-crypt/heimdal/files/heimdal_testsuite_extra.patch b/app-crypt/heimdal/files/heimdal_testsuite_extra.patch
new file mode 100644
index 000000000000..40975942ce13
--- /dev/null
+++ b/app-crypt/heimdal/files/heimdal_testsuite_extra.patch
@@ -0,0 +1,77 @@
+diff --git a/tests/can/Makefile.am b/tests/can/Makefile.am
+index f881667..12cd2fe 100644
+--- a/tests/can/Makefile.am
++++ b/tests/can/Makefile.am
+@@ -14,7 +14,8 @@ port = 49188
+ do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ 	-e 's,[@]port[@],$(port),g' \
+ 	-e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
+-	-e 's,[@]EGREP[@],$(EGREP),g' 
++	-e 's,[@]EGREP[@],$(EGREP),g' \
++	-e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g'
+ 
+ test_can: test_can.in Makefile
+ 	$(do_subst) < $(srcdir)/test_can.in > test_can.tmp
+diff --git a/tests/can/check-can.in b/tests/can/check-can.in
+index c687bce..70e5d38 100644
+--- a/tests/can/check-can.in
++++ b/tests/can/check-can.in
+@@ -36,12 +36,30 @@
+ 
+ srcdir="@srcdir@"
+ objdir="@objdir@"
++env_setup="@env_setup@"
++
++. ${env_setup}
+ 
+ # If there is no useful db support compile in, disable test
+ ../db/have-db || exit 77
+ 
+ ./test_can TEST.H5L.SE heim-0.8 || exit 1
+ ./test_can TEST.H5L.SE apple-10.4 || exit 1
+-./test_can HEIMDAL.CITI.UMICH.EDU mit-pkinit-20070607 || exit 1
++
++rsa=yes
++pkinit=no
++if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
++    rsa=no
++fi
++if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
++    rsa=no
++fi
++if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
++    pkinit=yes
++fi
++
++if test "$pkinit" = yes -a "$rsa" = yes ; then
++	./test_can HEIMDAL.CITI.UMICH.EDU mit-pkinit-20070607 || exit 1
++fi
+ 
+ exit 0
+diff --git a/tests/ldap/init.ldif b/tests/ldap/init.ldif
+index 9cf39b1..d087172 100644
+--- a/tests/ldap/init.ldif
++++ b/tests/ldap/init.ldif
+@@ -22,7 +22,7 @@ loginShell: /bin/bash
+ gecos: Netbios root user
+ structuralObjectClass: inetOrgPerson
+ creatorsName: cn=root,dc=test,dc=h5l,dc=se
+-userPassword:: AAAAAA
++userPassword:: AAAAAA==
+ objectClass: krb5KDCEntry
+ krb5KeyVersionNumber: 2
+ krb5PrincipalName: suser@TEST.H5L.SE
+diff --git a/tests/can/Makefile.in b/tests/can/Makefile.in
+index e40eeb7..fb274b2 100644
+--- a/tests/can/Makefile.in
++++ b/tests/can/Makefile.in
+@@ -342,7 +342,8 @@ port = 49188
+ do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ 	-e 's,[@]port[@],$(port),g' \
+ 	-e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
+-	-e 's,[@]EGREP[@],$(EGREP),g' 
++	-e 's,[@]EGREP[@],$(EGREP),g' \
++	-e 's,[@]env_setup[@],$(top_builddir)/tests/bin/setup-env,g'
+ 
+ CLEANFILES = $(TESTS) *.tmp *.cf \
+ 	current-db* \
diff --git a/app-crypt/heimdal/heimdal-1.3.3.ebuild b/app-crypt/heimdal/heimdal-1.3.3.ebuild
new file mode 100644
index 000000000000..1df19dc7b8a1
--- /dev/null
+++ b/app-crypt/heimdal/heimdal-1.3.3.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/heimdal-1.3.3.ebuild,v 1.1 2010/06/11 16:10:12 darkside Exp $
+
+EAPI=2
+VIRTUALX_REQUIRED="manual"
+
+inherit libtool virtualx eutils toolchain-funcs
+
+#RESTRICT="test"
+
+DESCRIPTION="Kerberos 5 implementation from KTH"
+HOMEPAGE="http://www.h5l.org/"
+SRC_URI="http://www.h5l.org/dist/src/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh
+~sparc ~x86"
+IUSE="afs +berkdb hdb-ldap ipv6 otp pkinit ssl threads test X"
+
+RDEPEND="ssl? ( dev-libs/openssl )
+	berkdb? ( sys-libs/db )
+	!berkdb? ( sys-libs/gdbm )
+	>=dev-db/sqlite-3.5.7
+	>=sys-libs/e2fsprogs-libs-1.41.11
+	afs? ( net-fs/openafs )
+	hdb-ldap? ( >=net-nds/openldap-2.3.0 )
+	!virtual/krb5"
+
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig
+	>=sys-devel/autoconf-2.62
+	test? ( X? ( ${VIRTUALX_DEPEND} ) )"
+
+PROVIDE="virtual/krb5"
+
+src_prepare() {
+	epatch "${FILESDIR}/heimdal_db5.patch"
+	epatch "${FILESDIR}/heimdal_testsuite.patch"
+	epatch "${FILESDIR}/heimdal_testsuite_extra.patch"
+	epatch "${FILESDIR}/heimdal_disable-check-iprop.patch"
+}
+
+src_configure() {
+	econf \
+		--enable-kcm \
+		--disable-osfc2 \
+		--enable-shared \
+		--with-libintl=/usr \
+		--with-readline=/usr \
+		--with-sqlite3=/usr \
+		--libexecdir=/usr/sbin \
+		$(use_enable afs afs-support) \
+		$(use_enable berkdb berkeley-db) \
+		$(use_enable otp) \
+		$(use_enable pkinit kx509) \
+		$(use_enable pkinit pk-init) \
+		$(use_enable threads pthread-support) \
+		$(use_with hdb-ldap openldap /usr) \
+		$(use_with ipv6) \
+		$(use_with ssl openssl /usr) \
+		$(use_with X x)
+}
+
+src_compile() {
+	emake -j1 || die "emake failed"
+}
+
+src_test() {
+	einfo "Disabled check-iprop which is known to fail.  Other tests should work."
+	default_src_test
+}
+
+src_install() {
+	INSTALL_CATPAGES="no" emake DESTDIR="${D}" install || die "emake install failed"
+
+	dodoc ChangeLog README NEWS TODO
+
+	# Begin client rename and install
+	for i in {telnetd,ftpd,rshd,popper}
+	do
+		mv "${D}"/usr/share/man/man8/{,k}${i}.8
+		mv "${D}"/usr/sbin/{,k}${i}
+	done
+
+	for i in {rcp,rsh,telnet,ftp,su,login,pagsh,kf}
+	do
+		mv "${D}"/usr/share/man/man1/{,k}${i}.1
+		mv "${D}"/usr/bin/{,k}${i}
+	done
+
+	mv "${D}"/usr/share/man/man5/{,k}ftpusers.5
+	mv "${D}"/usr/share/man/man5/{,k}login.access.5
+
+	newinitd "${FILESDIR}"/heimdal-kdc.initd heimdal-kdc
+	newinitd "${FILESDIR}"/heimdal-kadmind.initd heimdal-kadmind
+	newinitd "${FILESDIR}"/heimdal-kpasswdd.initd heimdal-kpasswdd
+	newinitd "${FILESDIR}"/heimdal-kcm.initd heimdal-kcm
+
+	insinto /etc
+	newins "${FILESDIR}"/krb5.conf krb5.conf.example
+
+	if use hdb-ldap; then
+		insinto /etc/openldap/schema
+		doins "${S}/lib/hdb/hdb.schema"
+	fi
+
+	# default database dir
+	keepdir /var/heimdal
+}
+
+pkg_preinst() {
+
+	if has_version "=${CATEGORY}/${PN}-1.3.2*" ; then
+		if use hdb-ldap ; then
+			ewarn "Schema name changed to hdb.schema to follow upstream."
+			ewarn "Please check you slapd conf file to make sure"
+			ewarn "that the correct schema file is included."
+		fi
+	fi
+}