From e303b03ae7b4c91a7236b94c9ad232e299ba6967 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Fri, 18 May 2012 18:19:46 -0400 Subject: [PATCH] Add live app-crypt/mit-krb5 ebuild. --- app-crypt/mit-krb5/ChangeLog | 1398 +++++++++++++++++ app-crypt/mit-krb5/Manifest | 11 + ...01-k5-trace.h-document-keytab-format.patch | 25 + ...type-format-support-in-krb5int_trace.patch | 71 + ...e.c-Add-tests-for-trace.c-formatting.patch | 293 ++++ ...-DEBUG_REFERRALS-to-TRACE_-framework.patch | 328 ++++ app-crypt/mit-krb5/files/kpropd.xinetd | 11 + .../mit-krb5/files/mit-krb5kadmind.initd | 24 + app-crypt/mit-krb5/files/mit-krb5kdc.initd | 24 + app-crypt/mit-krb5/files/mit-krb5kpropd.initd | 25 + app-crypt/mit-krb5/metadata.xml | 20 + app-crypt/mit-krb5/mit-krb5-9999.ebuild | 138 ++ 12 files changed, 2368 insertions(+) create mode 100644 app-crypt/mit-krb5/ChangeLog create mode 100644 app-crypt/mit-krb5/Manifest create mode 100644 app-crypt/mit-krb5/files/9999-0001-k5-trace.h-document-keytab-format.patch create mode 100644 app-crypt/mit-krb5/files/9999-0002-trace.c-ptype-format-support-in-krb5int_trace.patch create mode 100644 app-crypt/mit-krb5/files/9999-0003-t_trace.c-Add-tests-for-trace.c-formatting.patch create mode 100644 app-crypt/mit-krb5/files/9999-0004-Convert-DEBUG_REFERRALS-to-TRACE_-framework.patch create mode 100644 app-crypt/mit-krb5/files/kpropd.xinetd create mode 100644 app-crypt/mit-krb5/files/mit-krb5kadmind.initd create mode 100644 app-crypt/mit-krb5/files/mit-krb5kdc.initd create mode 100644 app-crypt/mit-krb5/files/mit-krb5kpropd.initd create mode 100644 app-crypt/mit-krb5/metadata.xml create mode 100644 app-crypt/mit-krb5/mit-krb5-9999.ebuild diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog new file mode 100644 index 0000000..3ff2151 --- /dev/null +++ b/app-crypt/mit-krb5/ChangeLog @@ -0,0 +1,1398 @@ +# ChangeLog for app-crypt/mit-krb5 +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.315 2012/03/23 14:05:32 eras Exp $ + +*mit-krb5-9999 (18 May 2012) + + 18 May 2012; W. Trevor King +mit-krb5-9999.ebuild, + +files/9999-0001-k5-trace.h-document-keytab-format.patch + +files/9999-0002-trace.c-ptype-format-support-in-krb5int_trace.patch + +files/9999-0003-t_trace.c-Add-tests-for-trace.c-formatting.patch + +files/9999-0004-Convert-DEBUG_REFERRALS-to-TRACE_-framework.patch + Add live ebuild (based on mit-krb5-1.10.1-r1.ebuild), so I can test + my referral-debugging patches. + +*mit-krb5-1.10.1-r1 (23 Mar 2012) + + 23 Mar 2012; Eray Aslan +mit-krb5-1.10.1-r1.ebuild, + +files/mit-krb5-1.10.1_uninitialized_extra.patch: + Fix -Werror=uninitialized errors - bug #408411 + +*mit-krb5-1.10.1 (09 Mar 2012) + + 09 Mar 2012; Eray Aslan +mit-krb5-1.10.1.ebuild: + version bump + + 09 Feb 2012; Eray Aslan + +files/mit-krb5-1.10_uninitialized.patch: + add missing patch + +*mit-krb5-1.10-r1 (09 Feb 2012) + + 09 Feb 2012; Eray Aslan +mit-krb5-1.10-r1.ebuild: + Fix compling with -O3 - bug #401359. Thanks to Ed Catmur + +*mit-krb5-1.9.3 (07 Feb 2012) +*mit-krb5-1.8.6 (07 Feb 2012) + + 07 Feb 2012; Eray Aslan +mit-krb5-1.8.6.ebuild, + +mit-krb5-1.9.3.ebuild: + version bump + +*mit-krb5-1.10 (28 Jan 2012) + + 28 Jan 2012; Eray Aslan +mit-krb5-1.10.ebuild: + version bump + +*mit-krb5-1.9.2-r2 (31 Dec 2011) +*mit-krb5-1.8.5-r1 (31 Dec 2011) +*mit-krb5-1.8.4-r2 (31 Dec 2011) +*mit-krb5-1.8.3-r6 (31 Dec 2011) + + 31 Dec 2011; Christian Ruppert -mit-krb5-1.8.3-r5.ebuild, + +mit-krb5-1.8.3-r6.ebuild, -mit-krb5-1.8.4-r1.ebuild, + +mit-krb5-1.8.4-r2.ebuild, -mit-krb5-1.8.5.ebuild, +mit-krb5-1.8.5-r1.ebuild, + -mit-krb5-1.9.2-r1.ebuild, +mit-krb5-1.9.2-r2.ebuild, + files/mit-krb5kadmind.initd, files/mit-krb5kdc.initd, + files/mit-krb5kpropd.initd: + Revbump. Don't use deprecated start-stop-daemon options, bug 377843. + + 23 Dec 2011; Eray Aslan + -mit-krb5-1.9.1-r2.ebuild, -files/mit-krb5-1.9.1-fd-leak.patch, + -mit-krb5-1.9.2.ebuild, -files/CVE-2011-1527.1528.1529.patch: + remove vulnerable versions + + 22 Dec 2011; Mark Loeser mit-krb5-1.9.2-r1.ebuild: + Stable for ppc/ppc64; bug #393429 + + 11 Dec 2011; Agostino Sarubbo mit-krb5-1.9.2-r1.ebuild: + Stable for AMD64, wrt security bug #393429 + + 11 Dec 2011; Raúl Porcel mit-krb5-1.9.2-r1.ebuild: + alpha/arm/ia64/s390/sh/sparc stable wrt #393429 + + 08 Dec 2011; Pawel Hajdan jr + mit-krb5-1.9.2-r1.ebuild: + x86 stable wrt bug #393429 + + 07 Dec 2011; Jeroen Roovers mit-krb5-1.9.2-r1.ebuild: + Stable for HPPA (bug #393429). + +*mit-krb5-1.9.2-r1 (07 Dec 2011) + + 07 Dec 2011; Eray Aslan +mit-krb5-1.9.2-r1.ebuild, + +files/CVE-2011-1530.patch: + security bump - bug #393429 + + 04 Dec 2011; Sven Wegener files/mit-krb5kadmind.initd, + files/mit-krb5kdc.initd, files/mit-krb5kpropd.initd: + drop opts from init script + +*mit-krb5-1.9.2 (05 Nov 2011) +*mit-krb5-1.8.5 (05 Nov 2011) + + 05 Nov 2011; Eray Aslan + +files/mit-krb5-kprop_exit_on_error.patch, +mit-krb5-1.8.5.ebuild, + +mit-krb5-1.9.2.ebuild: + version bump - bug #389573 + + 24 Oct 2011; Eray Aslan mit-krb5-1.8.3-r5.ebuild, + -mit-krb5-1.8.4.ebuild, -mit-krb5-1.9.1.ebuild, -mit-krb5-1.9.1-r1.ebuild: + remove vulnerable versions + + 24 Oct 2011; Eray Aslan mit-krb5-1.8.3-r5.ebuild: + Last version with m68k. Drop other keywords instead of punting the entire + ebuild. + + 23 Oct 2011; Kacper Kowalik mit-krb5-1.9.1-r2.ebuild, + mit-krb5-1.8.4-r1.ebuild: + ppc/ppc64 stable wrt #387585 + + 22 Oct 2011; Raúl Porcel mit-krb5-1.8.4-r1.ebuild, + mit-krb5-1.9.1-r2.ebuild: + alpha/arm/ia64/s390/sh/sparc stable wrt #387585 + + 22 Oct 2011; Pawel Hajdan jr + mit-krb5-1.8.4-r1.ebuild, mit-krb5-1.9.1-r2.ebuild: + x86 stable wrt bug #387585 + + 20 Oct 2011; Tony Vroon mit-krb5-1.8.4-r1.ebuild, + mit-krb5-1.9.1-r2.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #387585. + + 19 Oct 2011; Jeroen Roovers mit-krb5-1.9.1-r2.ebuild: + Stable for HPPA (bug #387585). + + 18 Oct 2011; Jeroen Roovers mit-krb5-1.8.4-r1.ebuild: + Stable for HPPA (bug #387585). + +*mit-krb5-1.9.1-r2 (18 Oct 2011) +*mit-krb5-1.8.4-r1 (18 Oct 2011) + + 18 Oct 2011; Eray Aslan +mit-krb5-1.8.4-r1.ebuild, + +mit-krb5-1.9.1-r2.ebuild, +files/2011-006-patch-r18.patch, + +files/CVE-2011-1527.1528.1529.patch: + security bump - bug #387585 + +*mit-krb5-1.9.1-r1 (18 Oct 2011) + + 18 Oct 2011; Eray Aslan +mit-krb5-1.9.1-r1.ebuild, + +files/mit-krb5-1.9.1-fd-leak.patch: + patch for fd leak in kadmin - bug #387485 + + 11 Oct 2011; Jeroen Roovers mit-krb5-1.9.1.ebuild: + Stable for HPPA (bug #374119). + + 11 Aug 2011; Mike Frysinger mit-krb5-1.9.1.ebuild: + Use virtual/yacc instead of hardcoding list ourselves. + + 07 Aug 2011; Raúl Porcel mit-krb5-1.9.1.ebuild: + alpha/ia64/s390/sh/sparc stable wrt #374119 + + 06 Aug 2011; Eray Aslan mit-krb5-1.9.1.ebuild: + Add bison/yacc to DEPEND - bug #377923 + + 25 Jul 2011; Kacper Kowalik mit-krb5-1.9.1.ebuild: + ppc/ppc64 stable wrt #374241 + + 23 Jul 2011; Markus Meier mit-krb5-1.9.1.ebuild: + arm stable, bug #374119 + + 21 Jul 2011; Markus Meier mit-krb5-1.9.1.ebuild: + x86 stable, bug #374119 + + 16 Jul 2011; Markos Chandras mit-krb5-1.9.1.ebuild: + Stable on amd64 wrt bug #374119 + + 04 Jul 2011; Eray Aslan mit-krb5-1.9.1.ebuild: + Quiet down QA warnings + +*mit-krb5-1.8.4 (25 May 2011) + + 25 May 2011; Eray Aslan +mit-krb5-1.8.4.ebuild, + -mit-krb5-1.9-r3.ebuild, -mit-krb5-1.9-r4.ebuild: + Version bump and remove old + +*mit-krb5-1.9.1 (06 May 2011) + + 06 May 2011; Eray Aslan +mit-krb5-1.9.1.ebuild: + version bump + + 26 Apr 2011; Eray Aslan -mit-krb5-1.8.3-r4.ebuild: + remove vulnerable version + + 26 Apr 2011; Kacper Kowalik mit-krb5-1.8.3-r5.ebuild: + ppc/ppc64 stable wrt #363507 + + 22 Apr 2011; Raúl Porcel mit-krb5-1.8.3-r5.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #363507 + +*mit-krb5-1.9-r4 (22 Apr 2011) + + 22 Apr 2011; Eray Aslan +files/mit-krb5kpropd.initd, + -mit-krb5-1.9-r2.ebuild, +mit-krb5-1.9-r4.ebuild: + Add init script for kpropd - bug #364073. Drop old. + + 15 Apr 2011; Christoph Mende mit-krb5-1.8.3-r5.ebuild: + Stable on amd64 wrt bug #363507 + + 15 Apr 2011; Pawel Hajdan jr + mit-krb5-1.8.3-r5.ebuild: + x86 stable wrt security bug #363507 + + 14 Apr 2011; Jeroen Roovers mit-krb5-1.8.3-r5.ebuild: + Stable for HPPA (bug #363507). + +*mit-krb5-1.9-r3 (14 Apr 2011) +*mit-krb5-1.8.3-r5 (14 Apr 2011) + + 14 Apr 2011; Eray Aslan +mit-krb5-1.8.3-r5.ebuild, + +files/mit-krb5-1.8.3-CVE-2011-0285.patch, +mit-krb5-1.9-r3.ebuild, + +files/CVE-2011-0285.patch: + security bump - bug 363507 + + 22 Mar 2011; Eray Aslan -mit-krb5-1.8.3-r3.ebuild: + remove vulnerable version + + 21 Mar 2011; Markos Chandras mit-krb5-1.8.3-r4.ebuild: + Stable on amd64 wrt bug #359129 + + 19 Mar 2011; Eray Aslan -mit-krb5-1.9-r1.ebuild: + remove vulnerable version. + + 18 Mar 2011; Raúl Porcel mit-krb5-1.8.3-r4.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #359129 + + 17 Mar 2011; Thomas Kahle mit-krb5-1.8.3-r4.ebuild: + x86 stable per bug 359129 + + 17 Mar 2011; Jeroen Roovers mit-krb5-1.8.3-r4.ebuild: + Stable for HPPA (bug #359129). + + 16 Mar 2011; Kacper Kowalik mit-krb5-1.8.3-r4.ebuild: + ppc/ppc64 stable wrt #359129 + +*mit-krb5-1.9-r2 (16 Mar 2011) +*mit-krb5-1.8.3-r4 (16 Mar 2011) + + 16 Mar 2011; Eray Aslan +mit-krb5-1.8.3-r4.ebuild, + +mit-krb5-1.9-r2.ebuild, +files/CVE-2011-0284.patch: + version bump - security bug #359129 + + 13 Mar 2011; Eray Aslan mit-krb5-1.8.3-r3.ebuild, + mit-krb5-1.9-r1.ebuild: + Change to new style virtual: Remove PROVIDE. + + 12 Mar 2011; Jonathan Callen mit-krb5-1.9-r1.ebuild, + metadata.xml: + Add prefix support from prefix overlay. Bump to EAPI 3. Add prefix keywords. + + 12 Mar 2011; Eray Aslan mit-krb5-1.9-r1.ebuild, + metadata.xml: + Remove circular dependency with global kerberos and ldap USE flags. ldap + -> openldap renamed + + 14 Feb 2011; Eray Aslan -mit-krb5-1.8.3-r2.ebuild: + Remove vulnerable version. + + 12 Feb 2011; Jeroen Roovers mit-krb5-1.8.3-r3.ebuild: + Stable for HPPA (bug #352859). + + 12 Feb 2011; Raúl Porcel mit-krb5-1.8.3-r3.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #352859 + + 12 Feb 2011; Eray Aslan -mit-krb5-1.9.ebuild: + Remove vulnerable version. + + 11 Feb 2011; Pawel Hajdan jr + mit-krb5-1.8.3-r3.ebuild: + x86 stable wrt security bug #352859 + + 11 Feb 2011; Kacper Kowalik + mit-krb5-1.8.3-r3.ebuild: + ppc/ppc64 stable wrt #352859 + + 10 Feb 2011; Markos Chandras mit-krb5-1.8.3-r3.ebuild: + Stable on amd64 wrt bug #352859 + +*mit-krb5-1.9-r1 (08 Feb 2011) +*mit-krb5-1.8.3-r3 (08 Feb 2011) + + 08 Feb 2011; Eray Aslan +mit-krb5-1.8.3-r3.ebuild, + +files/mit-krb5-1.8.3-CVE-2011-0281.0282.0283.patch, + +mit-krb5-1.9-r1.ebuild, +files/CVE-2010-4022.patch, + +files/CVE-2011-0281.0282.0283.patch: + Security bump - bug #352859 + +*mit-krb5-1.9 (30 Dec 2010) + + 30 Dec 2010; Eray Aslan -mit-krb5-1.9_beta3.ebuild, + +mit-krb5-1.9.ebuild: + Version bump. + +*mit-krb5-1.9_beta3 (20 Dec 2010) + + 20 Dec 2010; Eray Aslan -mit-krb5-1.9_beta2.ebuild, + +mit-krb5-1.9_beta3.ebuild: + Version bump for the beta version. + +*mit-krb5-1.9_beta2 (12 Dec 2010) + + 12 Dec 2010; Eray Aslan +mit-krb5-1.9_beta2.ebuild: + Version bump. + + 12 Dec 2010; Eray Aslan -mit-krb5-1.8.3-r1.ebuild, + -mit-krb5-1.9_beta1.ebuild: + Remove vulnerable versions. + + 10 Dec 2010; Brent Baude mit-krb5-1.8.3-r2.ebuild: + Marking mit-krb5-1.8.3-r2 ppc64 for bug 347369 + + 04 Dec 2010; Raúl Porcel mit-krb5-1.8.3-r2.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #347369 + + 04 Dec 2010; Jeroen Roovers mit-krb5-1.8.3-r2.ebuild: + Stable for PPC (bug #347369). + + 03 Dec 2010; Jeroen Roovers mit-krb5-1.8.3-r2.ebuild: + Stable for HPPA (bug #347369). + + 02 Dec 2010; Pawel Hajdan jr + mit-krb5-1.8.3-r2.ebuild: + x86 stable wrt security bug #347369 + + 02 Dec 2010; Markos Chandras mit-krb5-1.8.3-r2.ebuild: + Stable on amd64 wrt bug #347369 + + 01 Dec 2010; Eray Aslan mit-krb5-1.8.3-r2.ebuild: + Ebuild clean up. No functional change. + +*mit-krb5-1.8.3-r2 (01 Dec 2010) + + 01 Dec 2010; Eray Aslan +mit-krb5-1.8.3-r2.ebuild, + +files/CVE-2010-1323.1324.4020.patch, +files/mit-krb5_testsuite.patch: + Security bump. Working test suite with test USE flag. + + 27 Nov 2010; Eray Aslan -mit-krb5-1.8.2.ebuild, + -mit-krb5-1.8.2-r1.ebuild, -mit-krb5-1.8.3.ebuild: + Remove vulnerable versions. + + 27 Nov 2010; Raúl Porcel mit-krb5-1.8.3-r1.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #339866 + + 26 Nov 2010; Markos Chandras mit-krb5-1.8.3-r1.ebuild: + Stable on amd64 wrt bug #339866 + + 25 Nov 2010; Brent Baude mit-krb5-1.8.3-r1.ebuild: + Marking mit-krb5-1.8.3-r1 ppc64 for bug 339866 + +*mit-krb5-1.9_beta1 (24 Nov 2010) + + 24 Nov 2010; Eray Aslan +mit-krb5-1.9_beta1.ebuild, + metadata.xml: + Version bump. Dropped m68k bug #324087. Working test suite bug #346549. + Added test and pkinit USE flags. + + 23 Nov 2010; Jeroen Roovers mit-krb5-1.8.3-r1.ebuild: + Stable for HPPA PPC (bug #339866). + + 23 Nov 2010; Christian Faulhammer + mit-krb5-1.8.3-r1.ebuild: + stable x86, security bug 339866 + + 05 Nov 2010; Eray Aslan + -files/1.6-MITKRB5-SA-2008-001.patch, -files/MITKRB5-SA-2008-002.patch, + -files/CVE-2009-0844+CVE-2009-0847.patch, + -files/mit-krb5-lazyldflags.patch, -files/CVE-2009-0846.patch, + -files/1.6-CVE-2009-4212.patch, -files/1.7-CVE-2009-4212.patch, + -files/CVE-2010-1320.patch, -files/CVE-2010-1321.patch: + Remove old patches - bug #340195 + +*mit-krb5-1.8.3-r1 (05 Nov 2010) + + 05 Nov 2010; Eray Aslan +mit-krb5-1.8.3-r1.ebuild, + +files/CVE-2010-1322.patch: + Security bump - bug #339866 + + 05 Aug 2010; Jeremy Olexa metadata.xml, + -mit-krb5-1.6.3-r6.ebuild: + remove old version + +*mit-krb5-1.8.3 (05 Aug 2010) + + 05 Aug 2010; Jeremy Olexa +mit-krb5-1.8.3.ebuild: + Verion bump bug #331297 by Eray Aslan + + 19 Jul 2010; Joseph Jezak mit-krb5-1.8.2.ebuild: + Marked ppc stable for bug #323525. + + 18 Jul 2010; Raúl Porcel mit-krb5-1.8.2.ebuild: + arm/ia64/m68k/s390/sh/sparc stable wrt #323525 + +*mit-krb5-1.8.2-r1 (14 Jul 2010) + + 14 Jul 2010; Jeremy Olexa -mit-krb5-1.6.3-r7.ebuild, + -mit-krb5-1.7-r2.ebuild, -mit-krb5-1.8.1.ebuild, + -mit-krb5-1.8.1-r1.ebuild, +mit-krb5-1.8.2-r1.ebuild: + Rev bump for: sys-apps/keyutils added to DEPEND - bug #326201. Remove + vulnerable versions + + 11 Jul 2010; Tobias Klausmann mit-krb5-1.8.2.ebuild: + Stable on alpha, bug #323525 + + 08 Jul 2010; Brent Baude mit-krb5-1.8.2.ebuild: + Marking mit-krb5-1.8.2 ppc64 for bug 323525 + + 23 Jun 2010; Christoph Mende mit-krb5-1.8.2.ebuild: + Stable on amd64 wrt bug #323525 + + 22 Jun 2010; Jeroen Roovers mit-krb5-1.8.2.ebuild: + Stable for HPPA (bug #323525). + + 16 Jun 2010; Pawel Hajdan jr + mit-krb5-1.8.2.ebuild: + x86 stable wrt security bug #323525 + +*mit-krb5-1.8.2 (11 Jun 2010) + + 11 Jun 2010; Jeremy Olexa +mit-krb5-1.8.2.ebuild, + +files/kpropd.xinetd: + Version bump bug #323525. Added xinetd USE flag bug #321939. Disabled + parallel make bug #321141. No need to inherit autotools anymore. + + 24 May 2010; Jeremy Olexa mit-krb5-1.8.1-r1.ebuild: + Fix kerberos.schema install issue. bug 318017 by Tilman Giese + +*mit-krb5-1.8.1-r1 (23 May 2010) + + 23 May 2010; Jeremy Olexa +mit-krb5-1.8.1-r1.ebuild, + +files/CVE-2010-1321.patch: + Patch for CVE-2010-1321 - bug #320445. Disable rpath - bug #187201. + Installs kerberos.schema - bug #318017. Ebuild clean up. Enable parallel + make. Thanks to Eray Aslan + + 01 May 2010; Jeremy Olexa mit-krb5-1.8.1.ebuild: + Fix configure call, patch by Eray Aslan + +*mit-krb5-1.8.1 (30 Apr 2010) + + 30 Apr 2010; Jeremy Olexa +mit-krb5-1.8.1.ebuild, + +files/CVE-2010-1320.patch: + Version bump by Eray Aslan, security bug 312481 + +*mit-krb5-1.7-r2 (14 Jan 2010) +*mit-krb5-1.6.3-r7 (14 Jan 2010) + + 14 Jan 2010; Michael Hammer +mit-krb5-1.6.3-r7.ebuild, + -mit-krb5-1.7-r1.ebuild, +mit-krb5-1.7-r2.ebuild, + +files/1.6-CVE-2009-4212.patch, +files/1.7-CVE-2009-4212.patch: + added new revision to fix CVE-2009-4212 + + 12 Jan 2010; Michael Hammer mit-krb5-1.7-r1.ebuild: + fixed bug 300574 + + 12 Jan 2010; Michael Hammer mit-krb5-1.6.3-r6.ebuild, + -mit-krb5-1.7.ebuild, mit-krb5-1.7-r1.ebuild: + - fixed Bug 300498 + - removed old 1.7 release + +*mit-krb5-1.7-r1 (29 Jul 2009) + + 29 Jul 2009; Samuli Suominen + +mit-krb5-1.7-r1.ebuild: + Don't apply 0001_all_lazyldflags.patch which is same as bindnow-flags. + + 22 Jul 2009; Michael Hammer -mit-krb5-1.6.3-r3.ebuild, + -mit-krb5-1.6.3-r4.ebuild, -mit-krb5-1.6.3-r5.ebuild: + removed outdated releases + +*mit-krb5-1.7 (22 Jul 2009) + + 22 Jul 2009; Michael Hammer +mit-krb5-1.7.ebuild: + added mit-krb5-1.7 release + + 08 Apr 2009; Tobias Heinlein + mit-krb5-1.6.3-r6.ebuild: + amd64 stable wrt security bug #263398 + + 08 Apr 2009; Raúl Porcel mit-krb5-1.6.3-r6.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable wrt #263398 and also + stabilize on hppa/ppc/ppc64 + +*mit-krb5-1.6.3-r6 (08 Apr 2009) + + 08 Apr 2009; Michael Hammer + +files/CVE-2009-0844+CVE-2009-0847.patch, +files/CVE-2009-0846.patch, + +mit-krb5-1.6.3-r6.ebuild: + added mit-krb5-1.6.3-r6 - see bug #263398 + + 27 Mar 2009; Jeroen Roovers mit-krb5-1.6.3-r5.ebuild: + Stable for HPPA (bug #262736). + + 23 Mar 2009; Raúl Porcel mit-krb5-1.6.3-r5.ebuild: + arm/ia64/s390/sh/sparc stable wrt #262736 + + 22 Mar 2009; Tobias Klausmann + mit-krb5-1.6.3-r5.ebuild: + Stable on alpha, bug #262736 + + 20 Mar 2009; Markus Meier mit-krb5-1.6.3-r5.ebuild: + amd64/x86 stable, bug #262736 + + 20 Mar 2009; Brent Baude mit-krb5-1.6.3-r5.ebuild: + Marking mit-krb5-1.6.3-r5 ppc64 and ppc for bug 262736 + +*mit-krb5-1.6.3-r5 (20 Mar 2009) + + 20 Mar 2009; Michael Hammer metadata.xml, + mit-krb5-1.6.3-r3.ebuild, mit-krb5-1.6.3-r4.ebuild, + +mit-krb5-1.6.3-r5.ebuild: + added mit-krb5-1.6.3-r5 with new patchset + + 20 Mar 2009; Michael Hammer -mit-krb5-1.5.3-r1.ebuild, + -mit-krb5-1.6.3.ebuild, -mit-krb5-1.6.3-r1.ebuild, + -mit-krb5-1.6.3-r2.ebuild: + removed old mit-krb5 versions + + 29 Dec 2008; Friedrich Oslage + mit-krb5-1.6.3-r4.ebuild: + Stable on sparc, bug #241670 + + 08 Nov 2008; Raúl Porcel mit-krb5-1.6.3-r4.ebuild: + alpha/ia64 stable wrt #241670 + + 02 Nov 2008; Tobias Scherbaum + mit-krb5-1.6.3-r4.ebuild: + ppc stable, bug #241670 + + 29 Oct 2008; Torsten Veller mit-krb5-1.6.3-r4.ebuild: + Stable on x86 (#241670) + + 28 Oct 2008; Doug Goldstein mit-krb5-1.6.3-r2.ebuild, + mit-krb5-1.6.3-r3.ebuild: + preferred depends need to go first + + 28 Oct 2008; Christoph Mende + mit-krb5-1.6.3-r4.ebuild: + Stable on amd64, bug #241670 + + 28 Oct 2008; Brent Baude mit-krb5-1.6.3-r4.ebuild: + Marking mit-krb5-1.6.3-r4 ppc64 for bug 241670 + + 27 Oct 2008; Jeroen Roovers mit-krb5-1.6.3-r4.ebuild: + Stable for HPPA (bug #241670). + + 16 Oct 2008; Michael Hammer mit-krb5-1.6.3.ebuild, + mit-krb5-1.6.3-r1.ebuild, mit-krb5-1.6.3-r2.ebuild, + mit-krb5-1.6.3-r3.ebuild, mit-krb5-1.6.3-r4.ebuild: + once again bug #241670 + + 16 Oct 2008; Michael Hammer mit-krb5-1.6.3.ebuild, + mit-krb5-1.6.3-r4.ebuild: + fixed quoting - see bug #241670 + + 05 Oct 2008; Diego Pettenò + mit-krb5-1.6.3-r4.ebuild: + Fix obvious typo in quoting for newins. + +*mit-krb5-1.6.3-r4 (11 Sep 2008) + + 11 Sep 2008; Michael Hammer +mit-krb5-1.6.3-r4.ebuild: + changed sed statement for $(LDFLAGS) problem in krb5-config - bug #237273 + and removed the || statement in RDEPEND - bug #235409 + +*mit-krb5-1.6.3-r3 (09 Sep 2008) + + 09 Sep 2008; Michael Hammer mit-krb5-1.6.3-r2.ebuild, + +mit-krb5-1.6.3-r3.ebuild: + removed LDFLAGS from krb5-config -> bug #184668 + + 05 Sep 2008; Christian Faulhammer + mit-krb5-1.5.3-r1.ebuild, mit-krb5-1.6.3.ebuild: + change dependency from virtual/tetex to virtual/latex-base for all ebuilds + + 22 Aug 2008; Michael Hammer mit-krb5-1.6.3-r2.ebuild: + fixed bug #235409 + +*mit-krb5-1.6.3-r2 (19 Aug 2008) + + 19 Aug 2008; Michael Hammer +mit-krb5-1.6.3-r2.ebuild: + revision bump to 1.6.3-r2 to fix bug #234886 with a hack - should use + pkg-config + + 31 Jul 2008; Michael Hammer metadata.xml: + fixed manifest.xml due to GLEP 56 + + 25 Jul 2008; Michael Hammer +mit-krb5-1.5.3-r1.ebuild: + commited mit-krb5-1.5.3-r1 back into tree + + 22 Jul 2008; Michael Hammer -mit-krb5-1.5.3.ebuild, + -mit-krb5-1.5.3-r1.ebuild: + cleaned 1.5.x releases - really old and dangerous, please upgrade + + 22 Jul 2008; Michael Hammer mit-krb5-1.6.3-r1.ebuild: + Fixed bug #232394 - virtual/tetex and wrong doc info + + 11 Jul 2008; Michael Hammer mit-krb5-1.6.3-r1.ebuild: + workaround for autoconf bug - see bug #181404. No revision bump necessary + because it only effects build system. Thx to truedfx. + + 03 Jun 2008; Doug Goldstein mit-krb5-1.5.3.ebuild, + mit-krb5-1.5.3-r1.ebuild: + Fix depend issue in bug #217021. Thanks Fabio Erculiani + for the good debug. + +*mit-krb5-1.6.3-r1 (19 Mar 2008) + + 19 Mar 2008; Markus Ullmann +mit-krb5-1.6.3-r1.ebuild: + Stick patches into a patchset so we don't ship them over rsync + + 19 Mar 2008; Markus Ullmann mit-krb5-1.6.3.ebuild: + Stable on amd64/arm + + 19 Mar 2008; Raúl Porcel mit-krb5-1.6.3.ebuild: + alpha/ia64/sparc stable wrt security #212363 + + 19 Mar 2008; Markus Rothe mit-krb5-1.6.3.ebuild: + Stable on ppc64; bug #212363 + + 19 Mar 2008; Christian Faulhammer + mit-krb5-1.6.3.ebuild: + stable x86, security bug 212363 + + 19 Mar 2008; Jeroen Roovers mit-krb5-1.6.3.ebuild: + Stable for HPPA (bug #212363). + + 18 Mar 2008; Tobias Scherbaum + mit-krb5-1.6.3.ebuild: + ppc stable, bug #212363 + +*mit-krb5-1.6.3 (18 Mar 2008) + + 18 Mar 2008; Markus Ullmann + +files/1.6-MITKRB5-SA-2008-001.patch, +files/MITKRB5-SA-2008-002.patch, + +mit-krb5-1.6.3.ebuild: + Security version bump for bug #212363 + + 22 Sep 2007; Joshua Kinard mit-krb5-1.5.3-r1.ebuild: + Stable on mips + + 11 Sep 2007; Jeroen Roovers mit-krb5-1.5.3-r1.ebuild: + Stable for SPARC (bug #191301). + + 08 Sep 2007; Markus Rothe mit-krb5-1.5.3-r1.ebuild: + Stable on ppc64; bug #191301 + + 07 Sep 2007; Chris Gianelloni + mit-krb5-1.5.3-r1.ebuild: + Stable on amd64 wrt bug #191301. + + 07 Sep 2007; Tobias Scherbaum + mit-krb5-1.5.3-r1.ebuild: + ppc stable, bug #191301 + + 07 Sep 2007; Raúl Porcel mit-krb5-1.5.3-r1.ebuild: + alpha/ia64/x86 stable wrt #191301 + + 07 Sep 2007; Jeroen Roovers mit-krb5-1.5.3-r1.ebuild: + Stable for HPPA (bug #191301). + +*mit-krb5-1.5.3-r1 (07 Sep 2007) + + 07 Sep 2007; Seemant Kulleen + -mit-krb5-1.4.3-r3.ebuild, +mit-krb5-1.5.3-r1.ebuild: + removed the 1.4 stuff, because it's totally unmaintained upstream and here. + Bumped to 1.5.3-r1 for the newest security fix. See bug #191301 + + 07 Sep 2007; Seemant Kulleen + -mit-krb5-1.5.2-r1.ebuild, -mit-krb5-1.5.2-r2.ebuild, + -mit-krb5-1.5.2-r3.ebuild: + remove crufty versions + + 01 Sep 2007; Ryan Hill ChangeLog, Manifest: + Fix lost ChangeLog history. + + 16 Jul 2007; Markus Rothe mit-krb5-1.5.3.ebuild: + Stable on ppc64; bug #183338 + + 16 Jul 2007; Gustavo Zacarias mit-krb5-1.5.3.ebuild: + Stable on sparc wrt security #183338 + + 16 Jul 2007; Jeroen Roovers mit-krb5-1.5.2-r3.ebuild: + Stable for HPPA (bug #183338). + + 16 Jul 2007; Jeroen Roovers mit-krb5-1.5.3.ebuild: + Stable for HPPA (bug #183338). + + 15 Jul 2007; Tobias Scherbaum + mit-krb5-1.5.3.ebuild: + ppc stable, bug #183338 + + 15 Jul 2007; Steve Dibb mit-krb5-1.5.2-r3.ebuild, + mit-krb5-1.5.3.ebuild: + amd64 stable, security bug 183338 + + 15 Jul 2007; Raúl Porcel mit-krb5-1.5.3.ebuild: + alpha/ia64/x86 stable wrt security #183338 + +*mit-krb5-1.5.3 (03 Jul 2007) + + 03 Jul 2007; Seemant Kulleen +mit-krb5-1.5.3.ebuild: + version bump + the same two security fixes as for 1.5.2-r3. This solves bug + #183338 + +*mit-krb5-1.5.2-r3 (03 Jul 2007) + + 03 Jul 2007; Seemant Kulleen + +mit-krb5-1.5.2-r3.ebuild: + security fixes for security advisories 004 and 005. + + 13 May 2007; Joshua Kinard mit-krb5-1.5.2-r1.ebuild: + Stable on mips. + + 04 Apr 2007; Seemant Kulleen + -files/mit-krb5-1.4.3-setuid.patch, + -files/mit-krb5-SA-2007-001-telnetd.patch, + -files/mit-krb5-SA-2007-002-syslog.patch, + -files/mit-krb5-SA-2007-003.patch, -files/mit-krb5-pthreads.patch, + -files/mit-krb5-robustgnu.patch, -files/mit-krb5-setupterm.patch, + mit-krb5-1.4.3-r3.ebuild, mit-krb5-1.5.2-r1.ebuild, + mit-krb5-1.5.2-r2.ebuild: + removed the patches from filesdir and into their own tarballs, otherwise (as + the prior cleanup showed) things just die in that director + +*mit-krb5-1.5.2-r2 (03 Apr 2007) + + 03 Apr 2007; Seemant Kulleen -files/krb5.confd, + -files/kdc.conf, -files/krb5.conf, -files/krb5.initd, + -files/mit-krb5-notermcap.patch, mit-krb5-1.4.3-r3.ebuild, + +mit-krb5-1.5.2-r2.ebuild: + Added a warning about the db switch, closing bug #143605 by Olivier Calle, + and a suggestion from Doug Paul + +*mit-krb5-1.5.2-r1 (03 Apr 2007) + + 03 Apr 2007; Seemant Kulleen + +files/mit-krb5-SA-2007-001-telnetd.patch, + +files/mit-krb5-SA-2007-002-syslog.patch, + +files/mit-krb5-SA-2007-003.patch, +mit-krb5-1.5.2-r1.ebuild: + Fixes for 3 security bugs. See bug #171889 for full details. Also, fixed bug + #164703 by GNUtoo -- we now create a /var/lib/krb5kdc directory so that a + kdc database is created more easily + + 15 Jan 2007; Bryan Østergaard mit-krb5-1.5.2.ebuild: + Stable on Alpha, bug 158810. + + 12 Jan 2007; René Nussbaumer + mit-krb5-1.5.2.ebuild: + Stable on hppa. See bug #158810. + + 11 Jan 2007; Gustavo Zacarias mit-krb5-1.5.2.ebuild: + Stable on sparc wrt security #158810 + + 11 Jan 2007; Chris Gianelloni mit-krb5-1.5.2.ebuild: + Stable on amd64 wrt bug #158810. + + 11 Jan 2007; Christian Faulhammer + mit-krb5-1.5.2.ebuild: + stable x86, security bug #158810 + + 11 Jan 2007; Markus Rothe mit-krb5-1.5.2.ebuild: + Stable on ppc64; bug #158810 + + 10 Jan 2007; Tobias Scherbaum + mit-krb5-1.5.2.ebuild: + Stable on ppc wrt bug #158810. + +*mit-krb5-1.5.2 (10 Jan 2007) + + 10 Jan 2007; Seemant Kulleen -mit-krb5-1.5.1.ebuild, + +mit-krb5-1.5.2.ebuild: + Version bump to 1.5.2 -- new candidate for stability, owing to bug #158810 + and bug #161260. Upstream seems to have abandoned 1.4 series, so we're stuck + with the 1.5 series for now (and 1.6 soon). The only problem is lack of + --enable-static. + + 06 Jan 2007; Timothy Redaelli -mit-krb5-1.4.3.ebuild, + -mit-krb5-1.4.3-r1.ebuild, -mit-krb5-1.4.3-r2.ebuild, + mit-krb5-1.4.3-r3.ebuild, mit-krb5-1.5.1.ebuild: + s/einfo/elog/ + Removed static USE wrt bug #155530 (thx vapier) + Security cleanup wrt bug #143240 + Acknowledged by exg + + 07 Nov 2006; Seemant Kulleen mit-krb5-1.5.1.ebuild: + seems like the notermcap is deprecated by the new version. should close bug + #154298 + + 05 Sep 2006; Seemant Kulleen mit-krb5-1.5.1.ebuild: + reflect correct path to the notermcap patch -- version independent now + + 04 Sep 2006; Joshua Kinard mit-krb5-1.4.3-r3.ebuild: + Marked stable on mips. + + 02 Sep 2006; Bryan Østergaard + mit-krb5-1.4.3-r3.ebuild: + Stable on ia64. + +*mit-krb5-1.5.1 (01 Sep 2006) + + 01 Sep 2006; Emanuele Giaquinta + +files/mit-krb5-notermcap.patch, +mit-krb5-1.5.1.ebuild: + Version bump. Use a clearer patch to not link to libtermcap. + + 10 Aug 2006; Thomas Cort mit-krb5-1.4.3-r3.ebuild: + Stable on alpha wrt security Bug #143240. + + 10 Aug 2006; Jason Wever mit-krb5-1.4.3-r3.ebuild: + Stable on SPARC wrt security bug #143240. + + 10 Aug 2006; Rene Nussbaumer + mit-krb5-1.4.3-r3.ebuild: + Stable on hppa. See bug #143240. + + 09 Aug 2006; Tobias Scherbaum + mit-krb5-1.4.3-r3.ebuild: + ppc stable, bug #143240 + + 09 Aug 2006; Chris Gianelloni + mit-krb5-1.4.3-r3.ebuild: + Stable on amd64 and x86 wrt bug #143240. + + 09 Aug 2006; Markus Rothe mit-krb5-1.4.3-r3.ebuild: + Stable on ppc64; bug #143240 + +*mit-krb5-1.4.3-r3 (08 Aug 2006) + + 08 Aug 2006; Emanuele Giaquinta + +files/mit-krb5-1.4.3-setuid.patch, +mit-krb5-1.4.3-r3.ebuild: + Revision bump for security bug #143240. + + 12 Jul 2006; Aron Griffis mit-krb5-1.4.3-r1.ebuild: + Mark 1.4.3-r1 stable on ia64 + + 11 Jul 2006; Emanuele Giaquinta mit-krb5-1.4.3.ebuild, + mit-krb5-1.4.3-r1.ebuild, mit-krb5-1.4.3-r2.ebuild: + tcltk -> tcl + +*mit-krb5-1.4.3-r2 (06 Jul 2006) + + 06 Jul 2006; Emanuele Giaquinta + +mit-krb5-1.4.3-r2.ebuild: + Do not override localstatedir, bug #137433. Use always the internal berkdb, + see bug #137438. Install more docs; tetex use flag is gone, use doc to build + the developer docs. Install upstream configuration files examples and correct + krb5.conf for stable ebuild, bug #53520. + + 05 Jul 2006; Emanuele Giaquinta files/krb5.conf, + mit-krb5-1.4.3.ebuild, mit-krb5-1.4.3-r1.ebuild: + Fix build when configure is regenerated using autoconf-2.60 by + ed@catmur.co.uk, bug #138535. Use ewarn consistenly, bug #137484. + + 29 Jun 2006; Seemant Kulleen + mit-krb5-1.4.3-r1.ebuild: + stabling on x86 and amd64 + + 27 Jun 2006; Guy Martin mit-krb5-1.4.3-r1.ebuild: + Stable on hppa. + + 25 Jun 2006; Tobias Scherbaum + mit-krb5-1.4.3-r1.ebuild: + ppc stable, bug #137040 + + 21 Jun 2006; Gustavo Zacarias + mit-krb5-1.4.3-r1.ebuild: + Stable on sparc wrt #137040 + + 18 Jun 2006; Markus Rothe mit-krb5-1.4.3-r1.ebuild: + Stable on ppc64; bug #137040 + + 12 Jun 2006; Seemant Kulleen + mit-krb5-1.4.3-r1.ebuild: + need to force autoreconf in the telnet directory to force the libtermcap + patch to have an effect. Thanks to Mark Gilnes in bug #135288 + + 22 May 2006; Seemant Kulleen + mit-krb5-1.4.3-r1.ebuild: + Install the sample conf files as .conf.example files instead, fixing bug + #115443 by Trev Peterson, with the fix by Axel Dyks + + 22 May 2006; Seemant Kulleen mit-krb5-1.4.3.ebuild, + mit-krb5-1.4.3-r1.ebuild: + update the dependency list to take into account the tcltk USE flag and tcl + as a dep. Closes bug #114202 by James Ausmus + + 22 May 2006; Seemant Kulleen + -mit-krb5-1.4.1-r2.ebuild: + removing cruft versions + + 21 May 2006; Seemant Kulleen + mit-krb5-1.4.1-r2.ebuild, mit-krb5-1.4.3.ebuild, mit-krb5-1.4.3-r1.ebuild: + Remove old einfo messages, closing bug #108722 by Mikkel Krautz + +*mit-krb5-1.4.3-r1 (21 May 2006) + + 21 May 2006; Seemant Kulleen + +files/mit-krb5-pthreads.patch, +files/mit-krb5-robustgnu.patch, + +files/mit-krb5-setupterm.patch, +mit-krb5-1.4.3-r1.ebuild: + The setupterm patch fixes bug #124405 by Juergen Rose. The pthreads and + robusgnu patches were submitted in bug #125966 by Jose daLuz. Sorry for the + delay on both. Also, install all the headers -- which was alerted to in + bug #129657 which is not, unfortunately, fixed yet. + + 22 Feb 2006; Simon Stelling mit-krb5-1.4.3.ebuild: + amd64 stable wrt bug 113741 + + 20 Feb 2006; Joshua Kinard mit-krb5-1.4.3.ebuild: + Marked stable on mips. + + 18 Feb 2006; Bryan Østergaard mit-krb5-1.4.3.ebuild: + Stable on x86; bug #113741 + + 17 Feb 2006; Joseph Jezak mit-krb5-1.4.3.ebuild: + Marked ppc stable for bug #113741. + + 16 Feb 2006; Rene Nussbaumer mit-krb5-1.4.3.ebuild: + Stable on hppa. See bug #113741. + + 16 Feb 2006; Markus Rothe mit-krb5-1.4.3.ebuild: + Stable on ppc64; bug #113741 + + 16 Feb 2006; Gustavo Zacarias mit-krb5-1.4.3.ebuild: + Stable on sparc wrt security #113741 + +*mit-krb5-1.4.3 (16 Feb 2006) + + 16 Feb 2006; Seemant Kulleen +mit-krb5-1.4.3.ebuild: + Version bump from upstream, which fixes bug #113741, by Frederik Tolf + + 30 Sep 2005; MATSUU Takuto mit-krb5-1.4.1-r2.ebuild: + Stable on sh. + + 03 Aug 2005; Seemant Kulleen + -mit-krb5-1.3.6-r3.ebuild, mit-krb5-1.4.1-r2.ebuild: + remove 1.3.6 again. Also, fix the DEPEND from app-text/tetex to + virtual/tetex: See bug #101004 + + 27 Jul 2005; Joel Martin mit-krb5-1.4.1-r2.ebuild: + If doc and tetex use flags set, add dep on tetex + +*mit-krb5-1.3.6-r3 (13 Jul 2005) + + 13 Jul 2005; Seemant Kulleen + -files/mit-krb5-1.4.1-lazyldflags.patch, + +files/mit-krb5-lazyldflags.patch, +mit-krb5-1.3.6-r3.ebuild, + mit-krb5-1.4.1-r2.ebuild: + restore 1.3.6 at the request of: WGi in bug #98303, but + I'll like to get 1.4.1 solved and working for people + +*mit-krb5-1.4.1-r2 (12 Jul 2005) + + 12 Jul 2005; Seemant Kulleen + +mit-krb5-1.4.1-r2.ebuild: + Flake me. localstatedir is supposed to be /etc, not /var/lib -- and use the + system db ONLY with berkdb in USE + +*mit-krb5-1.4.1-r1 (12 Jul 2005) + + 12 Jul 2005; Seemant Kulleen + -files/mit-krb5-1.3.6-64bit.patch, -files/mit-krb5-1.3.6-gcc4.patch, + -files/mit-krb5-1.3.6-telnet.patch.bz2, -mit-krb5-1.3.6-r2.ebuild, + -mit-krb5-1.4.1.ebuild, +mit-krb5-1.4.1-r1.ebuild: + revision bump straight to stable for all architectures. This fixes two + security holes, as per bug #98799 by Thierry Carrez + + 06 Jul 2005; Seemant Kulleen + -files/mit-krb5-1.4-2005-001.patch, -files/mit-krb5-1.4-lazyldflags.patch, + -mit-krb5-1.4-r1.ebuild: + remove cruft version + + 02 Jul 2005; Hardave Riar mit-krb5-1.4.1.ebuild: + Stable on mips, bug #96156. + + 28 Jun 2005; Bryan Østergaard mit-krb5-1.4.1.ebuild: + Stable on alpha + ia64, bug 96727. + + 27 Jun 2005; Michael Hanselmann mit-krb5-1.4.1.ebuild: + Stable on hppa. + + 27 Jun 2005; Seemant Kulleen mit-krb5-1.4.1.ebuild: + stable x86 and amd64 because of bug 96727 + + 26 Jun 2005; Markus Rothe mit-krb5-1.4.1.ebuild: + Stable on ppc64 (bug #96156) + + 24 Jun 2005; Gustavo Zacarias mit-krb5-1.4.1.ebuild: + Added com_err einfo warnings too, stable on sparc wrt #96727 + + 22 Jun 2005; Michael Hanselmann mit-krb5-1.4.1.ebuild: + Stable on ppc (#96727). + +*mit-krb5-1.4.1 (21 Jun 2005) + + 21 Jun 2005; Seemant Kulleen + +files/mit-krb5-1.4.1-lazyldflags.patch, +mit-krb5-1.4.1.ebuild: + version bump, which also fixes the db-4 specific issue. I do not like it, + for the record, but then the sys-libs/db package has always been a thorn in + gentoo's side, so what else is new. Fixes bug #95549 by Justin Guyett + . Will probably not pass make test, but I'm working + on that. + +*mit-krb5-1.4-r1 (07 Jun 2005) + + 07 Jun 2005; Seemant Kulleen +mit-krb5-1.4-r1.ebuild: + fix for bug #95305 by Rouslan Solomakhin -- no more + file collisions with ftp and telnet packages + + 06 Jun 2005; Seemant Kulleen mit-krb5-1.4.ebuild: + ok, this is now usable + + 03 Jun 2005; Mark Loeser + +files/mit-krb5-1.3.6-gcc4.patch, mit-krb5-1.3.6-r2.ebuild: + Adding GCC4 patch, thanks to wuno@lsvw.de + + 08 Apr 2005; Seemant Kulleen mit-krb5-1.4.ebuild: + OK, so the scheme is settled -- includes in /usr/include/kerberos/mit, libs + in /usr/$(get_libdir)/kerberos/mit. You may install this if you wish, but + you'll need to generate a whole bunch of symlinks to get it to work. The + kerberos-update script is on its way, but it'll take a few days probably. + + 08 Apr 2005; Seemant Kulleen mit-krb5-1.4.ebuild: + should now install into completely non-clobbering locations. Warning: please + do NOT install this YET (still). kerberos-update and heimdal need to be + fixed up first + +*mit-krb5-1.4 (07 Apr 2005) + + 07 Apr 2005; Seemant Kulleen + -files/mit-krb5-1.3.1-res_search.patch.bz2, + -files/mit-krb5-1.3.3-aname.patch.bz2, + -files/mit-krb5-1.3.3-autoheader.patch.bz2, + -files/mit-krb5-1.3.3-res_search.patch.bz2, + -files/mit-krb5-1.3.4-autoheader.patch.bz2, + -files/mit-krb5-1.3.4-res_search.patch.bz2, + -files/mit-krb5-1.3.4-tempfile.patch.bz2, + -files/mit-krb5-1.3.5-autoheader.patch.bz2, + -files/mit-krb5-1.3.5-res_search.patch.bz2, + -files/mit-krb5-1.3.5-suid_fix.patch.bz2, + +files/mit-krb5-1.4-2005-001.patch, -files/2004-002-patch_1.3.4.txt, + -files/2004-003-patch_1.3.4.txt, +mit-krb5-1.4.ebuild: + version bump. This is HARDMASKED because the ebuild is still a work in + progress. Please do NOT emerge this, unless you read my blog (I will give + clearance in my blog for emerging this when the time arrives -- that time is + certainly not now. Back away and forget you saw this. + + 07 Apr 2005; mit-krb5-1.3.6-r2.ebuild: + Mark stable on IA64; #87145. + + 07 Apr 2005; Seemant Kulleen -mit-krb5-1.3.1.ebuild, + -mit-krb5-1.3.1-r1.ebuild, -mit-krb5-1.3.3.ebuild, + -mit-krb5-1.3.3-r1.ebuild, -mit-krb5-1.3.4.ebuild, + -mit-krb5-1.3.4-r1.ebuild, -mit-krb5-1.3.5.ebuild, + -mit-krb5-1.3.5-r1.ebuild, -mit-krb5-1.3.6.ebuild: + took out crufty versions -- -r1 needs also to disappear, people + + 06 Apr 2005; Bryan Østergaard + mit-krb5-1.3.6-r2.ebuild: + Stable on alpha, bug 87145. + + 05 Apr 2005; Jan Brinkmann mit-krb5-1.3.6-r2.ebuild: + stable on amd64 wrt #87145 + + 05 Apr 2005; Hardave Riar mit-krb5-1.3.6-r2.ebuild: + Stable on mips, bug #87145. + + 05 Apr 2005; Markus Rothe mit-krb5-1.3.6-r2.ebuild: + Stable on ppc64; bug #87145 + + 04 Apr 2005; Gustavo Zacarias + mit-krb5-1.3.6-r2.ebuild: + Stable on sparc wrt #87145 + + 04 Apr 2005; Michael Hanselmann + mit-krb5-1.3.6-r2.ebuild: + Stable on ppc. + +*mit-krb5-1.3.6-r2 (04 Apr 2005) + + 04 Apr 2005; +files/mit-krb5-1.3.6-telnet.patch.bz2, + +mit-krb5-1.3.6-r2.ebuild: + Added telnet security patch which fixes #87145 + + 22 Feb 2005; mit-krb5-1.3.6-r1.ebuild: + stable on ppc + + 22 Feb 2005; Hardave Riar mit-krb5-1.3.6-r1.ebuild: + Stable on mips. + + 18 Jan 2005; Bryan Østergaard + mit-krb5-1.3.6-r1.ebuild: + Stable on alpha. + + 05 Jan 2005; Gustavo Zacarias + mit-krb5-1.3.6-r1.ebuild: + Stable on sparc for consistency + + 04 Jan 2005; Olivier Crête mit-krb5-1.3.6-r1.ebuild: + Stable on x86 wrt security bug #75143 + + 01 Jan 2005; Simon Stelling + +files/mit-krb5-1.3.6-64bit.patch, -files/mit-krb5-1.3.6-ppc64.patch, + mit-krb5-1.3.6-r1.ebuild: + stable on amd64; bug #75143 + +*mit-krb5-1.3.6-r1 (31 Dec 2004) + + 31 Dec 2004; Markus Rothe +mit-krb5-1.3.6-r1.ebuild, + mit-krb5-1.3.6.ebuild: + implemented Koon's suggestions from bug #75143 + + 30 Dec 2004; Bryan Østergaard mit-krb5-1.3.6.ebuild: + Stable on alpha, bug 75143. + + 30 Dec 2004; Markus Rothe + +files/mit-krb5-1.3.6-ppc64.patch, mit-krb5-1.3.6.ebuild: + Added patch for ppc64 and marked stable + + 29 Dec 2004; Hardave Riar mit-krb5-1.3.6.ebuild: + Stable on mips, bug #75143 + + 29 Dec 2004; Gustavo Zacarias mit-krb5-1.3.6.ebuild: + Stable on sparc wrt #75143 + +*mit-krb5-1.3.6 (28 Dec 2004) + + 28 Dec 2004; mit-krb5-1.3.6.ebuild: + Version bump to 1.3.6 to fix a security flaw. Bug #75143 + + 25 Oct 2004; Kurt Lieber mit-krb5-1.3.4-r1.ebuild: + x86 bumpage, #66359 + + 20 Oct 2004; Guy Martin mit-krb5-1.3.4-r1.ebuild: + Stable on hppa. + + 18 Oct 2004; Tom Gall mit-krb5-1.3.4-r1.ebuild: + stable on ppc64, bug #66359 + + 17 Oct 2004; Akinori Hattori mit-krb5-1.3.4-r1.ebuild: + stable on ia64, bug #66359 + + 16 Oct 2004; Hardave Riar mit-krb5-1.3.4-r1.ebuild: + Stable on mips, bug #66359 + + 16 Oct 2004; Danny van Dyk + mit-krb5-1.3.4-r1.ebuild: + Marked stable on amd64. + + 15 Oct 2004; Jason Wever mit-krb5-1.3.4-r1.ebuild: + Stable on sparc wrt security bug #66359. + + 15 Oct 2004; Bryan Østergaard mit-krb5-1.3.4-r1.ebuild: + Stable on alpha, bug 66359. + + 15 Oct 2004; mit-krb5-1.3.4-r1.ebuild: + stable on ppc gsla: 66359 + +*mit-krb5-1.3.5-r1 (14 Oct 2004) + + 14 Oct 2004; mit-krb5-1.3.4-r1.ebuild, + mit-krb5-1.3.5-r1.ebuild, files/mit-krb5-1.3.4-tempfile.patch.bz2: + Added tempfile patch to fix GLSA and bug #66539 + + 09 Oct 2004; Tom Gall mit-krb5-1.3.4.ebuild: + stable on ppc64, bug #62417 + +*mit-krb5-1.3.5 (14 Sep 2004) + + 14 Sep 2004; Daniel Ahlberg mit-krb5-1.3.1-r1.ebuild, + mit-krb5-1.3.1.ebuild, mit-krb5-1.3.3-r1.ebuild, mit-krb5-1.3.3.ebuild, + mit-krb5-1.3.4.ebuild, mit-krb5-1.3.5.ebuild, + files/mit-krb5-1.3.1-res_search.patch, + files/mit-krb5-1.3.1-res_search.patch.bz2, files/mit-krb5-1.3.3-aname.patch, + files/mit-krb5-1.3.3-aname.patch.bz2, files/mit-krb5-1.3.3-autoheader.patch, + files/mit-krb5-1.3.3-autoheader.patch.bz2, + files/mit-krb5-1.3.3-res_search.patch, + files/mit-krb5-1.3.3-res_search.patch.bz2, + files/mit-krb5-1.3.4-autoheader.patch, + files/mit-krb5-1.3.4-autoheader.patch.bz2, + files/mit-krb5-1.3.4-res_search.patch, + files/mit-krb5-1.3.4-res_search.patch.bz2, + files/mit-krb5-1.3.5-autoheader.patch.bz2, + files/mit-krb5-1.3.5-res_search.patch.bz2, + files/mit-krb5-1.3.5-suid_fix.patch.bz2: + +Version bump. + +Fixed insecure suid binary. + +Compressed patches. + + 05 Sep 2004; Daniel Ahlberg mit-krb5-1.3.4.ebuild: + Stable on x86. + + 02 Sep 2004; Hardave Riar mit-krb5-1.3.4.ebuild: + Stable on mips. Bug #62417 + + 02 Sep 2004; Bryan Østergaard mit-krb5-1.3.4.ebuild: + Stable on alpha, bug 62417. + + 01 Sep 2004; mit-krb5-1.3.4.ebuild: + marked stable on ppc + + 01 Sep 2004; Gustavo Zacarias mit-krb5-1.3.4.ebuild: + Stable on sparc wrt #62417 + + 01 Sep 2004; Travis Tilley mit-krb5-1.3.4.ebuild: + stable on amd64 + +*mit-krb5-1.3.4 (01 Sep 2004) + + 01 Sep 2004; Daniel Ahlberg mit-krb5-1.3.4.ebuild, + files/2004-002-patch_1.3.4.txt, files/2004-003-patch_1.3.4.txt: + Version bump with two security related patched added. + + 20 Jul 2004; files/mit-krb5-1.3.3-autoheader.patch: + updated autoheader patch. Fixes #57185. Contributed by Axel Buttchereit + + 16 Jul 2004; files/mit-krb5-1.3.3-autoheader.patch: + added Tuan's patch to the autoheader patch + + 15 Jul 2004; Daniel Ahlberg metadata.xml, + mit-krb5-1.3.3-r1.ebuild, files/mit-krb5-1.3.3-autoheader.patch: + Fixed autohead args, closing #44799. + Updated description. + + 13 Jul 2004; Tom Gall mit-krb5-1.3.1-r1.ebuild, + mit-krb5-1.3.3-r1.ebuild: + stable on ppc64 + + 28 Jun 2004; Luca Barbato mit-krb5-1.3.3-r1.ebuild: + Marked ppc + + 27 Jun 2004; Jeremy Huddleston + mit-krb5-1.3.3-r1.ebuild: + Stable amd64. + + 27 Jun 2004; Jon Hood mit-krb5-1.3.3-r1.ebuild: + stable on x86 + + 25 Jun 2004; Joshua Kinard mit-krb5-1.3.3-r1.ebuild: + Marked stable on mips. + + 18 Jun 2004; Guy Martin mit-krb5-1.3.3-r1.ebuild: + Marked stable on hppa. + + 17 Jun 2004; Jason Wever mit-krb5-1.3.3-r1.ebuild: + Marked stable on sparc wrt bug #52744. + + 17 Jun 2004; Bryan Østergaard mit-krb5-1.3.3-r1.ebuild: + Stable on alpha, see bug #52744. + +*mit-krb5-1.3.3-r1 (15 Jun 2004) + + 15 Jun 2004; Jon Hood + +files/mit-krb5-1.3.3-aname.patch, +mit-krb5-1.3.3-r1.ebuild: + fix krb5_aname_to_localname buffer overflow irt #52744 + + 12 Jun 2004; Tom Gall mit-krb5-1.3.3.ebuild: + ppc64 stable, bug #53766 + + 12 May 2004; Michael McCabe mit-krb5-1.3.1.ebuild, + mit-krb5-1.3.3.ebuild: + added s390 keywords + +*mit-krb5-1.3.3 (10 May 2004) + + 10 May 2004; Daniel Ahlberg mit-krb5-1.3.3.ebuild: + Version bump, closing #49598. Also springcleaning. + +*mit-krb5-1.3.1-r1 (10 May 2004) + + 10 May 2004; Daniel Ahlberg mit-krb5-1.3.1-r1.ebuild: + Version bump to block virtual/krb5. + + 20 Apr 2004; Daniel Black mit-krb5-1.3.1.ebuild: + QA - removed runtime dependance on autoconf + + 23 Mar 2004; Joshua Kinard mit-krb5-1.3.1.ebuild: + Marked stable on mips. + + 27 Feb 2004; Joshua Kinard mit-krb5-1.3.1.ebuild: + Added ~mips to KEYWORDS to satisfy repoman deps. + + 21 Feb 2004; Daniel Ahlberg mit-krb5-1.3.1.ebuild, + files/mit-krb5-1.3.1-res_search.patch: + Fix res_search search in configure + + 19 Feb 2004; Ryan Phillips mit-krb5-1.3.1.ebuild: + marked stable 1.3.1. Fixes #40982 + + 08 Nov 2003; Todd Sunderlin mit-krb5-1.2.7.ebuild: + added sparc keyword + +*mit-krb5-1.3.1 (17 Sep 2003) + + 17 Sep 2003; Daniel Ahlberg mit-krb5-1.3.1.ebuild: + Version bump. Ebuild contributed by Marcin Wisnicki + in #26746 + + 26 Jun 2003; Bartosch Pixa mit-krb5-1.2.8.ebuild: + set ppc in keywords + + 19 Jun 2003; Will Woods mit-krb5-1.2.8.ebuild: + Marked stable for alpha + +*mit-krb5-1.3_alpha1 (17 Jun 2003) + + 17 Jun 2003; Donny Davies mit-krb5-1.3_alpha1.ebuild: + Add new 1.3.x series. This is in package.mask for a while. Hey it builds + with gcc-3.3 even! + +*mit-krb5-1.2.8 (6 Jun 2003) + + 14 Jun 2003; Guy Martin mit-krb5-1.2.8.ebuild : + Added a fix for hppa. It needs to link with gcc and not with ld. + Added hppa to KEYWORDS. + + 7 Jun 2003; Ryan Phillips mit-krb5-1.2.6-r3.ebuild : + Initd script split, merge mit packages into one mit-krb5 ebuild, + support for static build with USE="static", have html docs installed, pass + $CFLAGS and $CXXFLAGS to configure, remove the unnecessary 1.2.2 patch. + +*mit-krb5-1.2.7 (30 Mar 2003) + + 20 Apr 2003; Joshua Brindle mit-krb5-1.2.6-r2.ebuild, + mit-krb5-1.2.6-r3.ebuild, mit-krb5-1.2.7.ebuild: + added --with-ccopts= so it won't disregard user CFLAGS + + 30 Mar 2003; Daniel Ahlberg mit-krb5-1.2.7.ebuid : + Security update. Various patches from MIT applied. + +*mit-krb5-1.2.6-r3 (22 Apr 2003) + + 29 Jun 2003; Daniel Ahlberg : + Added missing changelog entry. + +*mit-krb5-1.2.6-r2 (07 Dec 2002) + + 30 Dec 2002; Ryan Phillips mit-krb5-1.2.6-r3 : + Added Martti Rannajarvi's fixes. Fixes #3480 + + 07 Dec 2002; Dave Love , + Martti Rannanjärvi : + + Optional kerberos4 support by krb4 USE flag, default configuration + files and an init.d script. --localstatedir to /etc. + +*krb5-1.2.6-r1 (06 Dec 2002) + + 06 Dec 2002; Matt Keadle krb5-1.2.6-r1.ebuild + files/digest-krb5-1.2.6-r1 files/krb5-1.2.6-r1.diff + + Now provides virtual/krb5. Client utils are also installed now with + a leading "k" to signify their kerberos use and not to overlap the + standard tool. IE: /usr/bin/ftp is the standard ftp client, while + /usr/bin/kftp is the kerbized client. This resolves bug #8669. + +*krb5-1.2.6 (28 Oct 2002) + + 28 Oct 2002; Daniel Ahlberg : + Security update. + +*krb5-1.2.5-r2 (02 aug 2002) + + 02 Aug 2002; Daniel Ahlberg krb5-1.2.5-r2.ebuild : + + Security update, compile fix and updated homepage URL. + +*krb5-1.2.5-r1 (22 Jun 2002) + + 22 Jun 2002; William McArthur : + + Changed --localstatedir from /var/krb5kdc to /var because the /krb5kdc is + automatically appended. + +*krb5-1.2.3 (21 Feb 2002) + + 21 Feb 2002; Grant Goodyear : + + Updated to 1.2.3. + +*krb5-1.2.2-r1 (21 Feb 2002) + + 21 Feb 2002; Grant Goodyear : + + Thanks to Michael Kaufman, we now have a working ebuild. Previous ebuild + failed to build klist, kvno, kpasswd, kinit, and kdestroy. There was + also a linker problem which has been fixed. + +*krb5-1.2.2 (1 Feb 2002) + + 1 Feb 2002; G.Bevin ChangeLog : + + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest new file mode 100644 index 0000000..97b3682 --- /dev/null +++ b/app-crypt/mit-krb5/Manifest @@ -0,0 +1,11 @@ +AUX 9999-0001-k5-trace.h-document-keytab-format.patch 867 RMD160 82ac7841f22f05a3972afe00bca3fbb920bfc248 SHA1 4247e843c22357a3e76b81a9ee4f83013b46dbb6 SHA256 8cc4dee4a7cc6179969a2c01db0a15f6391f13d4ed8d480ef7d0d9a62d26050f +AUX 9999-0002-trace.c-ptype-format-support-in-krb5int_trace.patch 3044 RMD160 f08c2197d14915e8094259d1c32d4522e17e3ec9 SHA1 66eb500c90b8b16cbedd2f9d76fc10a74cd5ebd0 SHA256 1f230128c57c38425b6758afea61b8da90fc7fc84fec63a6b774a8ee7d7e1913 +AUX 9999-0003-t_trace.c-Add-tests-for-trace.c-formatting.patch 10743 RMD160 38eaef4a5083ca7fdca729756a132a4c70ed1382 SHA1 e0a7bfcfab2c009c0f0bda935211e2af8b184783 SHA256 08fe93072fc7dd023333bba5727aa79a01a39351cafae8d601f2c9f6543e2bbf +AUX 9999-0004-Convert-DEBUG_REFERRALS-to-TRACE_-framework.patch 13328 RMD160 66c148a5ead0ba1d236cc0cf36b2b2f10d92a782 SHA1 b52b1d365177dc2b23749299eb17b1244dc5c1e9 SHA256 1e13a4d8541529de469b6439f37ae6ac4cf2ee4188981c007ddec82a459abb69 +AUX kpropd.xinetd 194 RMD160 5772b04bf7f6b8a5588331a4d9dca03738756f15 SHA1 a9c84a4197ba133144e754d68847cece6203ed4a SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736 +AUX mit-krb5kadmind.initd 587 RMD160 ea3566dee43ed12e2e562ac0016b564712cac85e SHA1 8366e0ae27070a9db1ba28912b505e830e46a337 SHA256 fcf92aa6a325bee8b5a1a5d9f627a1ee85d36eb1d410f8fb169550e61d7b1da5 +AUX mit-krb5kdc.initd 557 RMD160 9d6ea960cb29932d5b05bcb2b9ed4c34027b6b00 SHA1 dbf3ee4b13eec58f826da4d4e8e7fe80c9215076 SHA256 12c642b59b821121beabd09e78fcf46aeea8269d29e14e5dc2f20236d6cf3f0f +AUX mit-krb5kpropd.initd 601 RMD160 64995e9a5de44366a2178a3515f835167253906a SHA1 b7b8a9475e8730a9f8add0314feed3060b978dc7 SHA256 29e48df9b21ad4acb73618273c6cb1244d15343a71610763f3c292ac934ca189 +EBUILD mit-krb5-9999.ebuild 3281 RMD160 a87d20a8753d5d682412c68fc842831041cdc068 SHA1 94e7666f62e4f483794e27f498699184093a942d SHA256 7fc10b7adcf513e011197f98800d97593693c3b7dd314bedbd6908f1965837d9 +MISC ChangeLog 50462 RMD160 f3c56d46adc1c99d584607db4b792c7cc1f89062 SHA1 72671e9a227f47e33755223186935997bdb925c7 SHA256 7357482ff8016473d8a7d2cf1cd60ff8abb473d56a81eefeb816f9f7238968d2 +MISC metadata.xml 751 RMD160 e5ae1df42f609f898165f1d141bdb8b53f6d4810 SHA1 b254ac5ec30e9eb27643dbab1de6280ce88009b1 SHA256 976ab9979e0f40c170c0eb6b409ef0b87dc4c6c7d83e94ee92da75f5c7042d5c diff --git a/app-crypt/mit-krb5/files/9999-0001-k5-trace.h-document-keytab-format.patch b/app-crypt/mit-krb5/files/9999-0001-k5-trace.h-document-keytab-format.patch new file mode 100644 index 0000000..8156b71 --- /dev/null +++ b/app-crypt/mit-krb5/files/9999-0001-k5-trace.h-document-keytab-format.patch @@ -0,0 +1,25 @@ +From eb0c798d2320353988e81a74c074ebd96e2afc24 Mon Sep 17 00:00:00 2001 +Message-Id: +From: W. Trevor King +Date: Thu, 17 May 2012 21:07:07 -0400 +Subject: [PATCH 1/4] k5-trace.h: document "{keytab}" format. + +--- + src/include/k5-trace.h | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h +index 9dd2fbc..ee826ec 100644 +--- a/src/include/k5-trace.h ++++ b/src/include/k5-trace.h +@@ -73,6 +73,7 @@ + * {etype} krb5_enctype, display shortest name of enctype + * {etypes} krb5_enctype *, display list of enctypes + * {ccache} krb5_ccache, display type:name ++ * {keytab} krb5_keytab, display name + * {creds} krb5_creds *, display clientprinc -> serverprinc + */ + +-- +1.7.3.4 + diff --git a/app-crypt/mit-krb5/files/9999-0002-trace.c-ptype-format-support-in-krb5int_trace.patch b/app-crypt/mit-krb5/files/9999-0002-trace.c-ptype-format-support-in-krb5int_trace.patch new file mode 100644 index 0000000..168a09e --- /dev/null +++ b/app-crypt/mit-krb5/files/9999-0002-trace.c-ptype-format-support-in-krb5int_trace.patch @@ -0,0 +1,71 @@ +From 8f7ce1af1b80424a329368d5e83dae3580c020ab Mon Sep 17 00:00:00 2001 +Message-Id: <8f7ce1af1b80424a329368d5e83dae3580c020ab.1337366789.git.wking@tremily.us> +In-Reply-To: +References: +From: W. Trevor King +Date: Thu, 17 May 2012 21:10:20 -0400 +Subject: [PATCH 2/4] trace.c: "{ptype}" format support in `krb5int_trace()'. + +Also document the new option in the `k5-trace.h' comments. +--- + src/include/k5-trace.h | 1 + + src/lib/krb5/os/trace.c | 24 ++++++++++++++++++++++++ + 2 files changed, 25 insertions(+), 0 deletions(-) + +diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h +index ee826ec..ebc963f 100644 +--- a/src/include/k5-trace.h ++++ b/src/include/k5-trace.h +@@ -69,6 +69,7 @@ + * {key} krb5_key, display enctype and hash of key + * {cksum} const krb5_checksum *, display cksumtype and hex checksum + * {princ} krb5_principal, unparse and display ++ * {ptype} int, krb5_principal type, display name + * {patypes} krb5_pa_data **, display list of padata type numbers + * {etype} krb5_enctype, display shortest name of enctype + * {etypes} krb5_enctype *, display list of enctypes +diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c +index bc52f2b..3d69a08 100644 +--- a/src/lib/krb5/os/trace.c ++++ b/src/lib/krb5/os/trace.c +@@ -64,6 +64,27 @@ hash_bytes(krb5_context context, const void *ptr, size_t len) + } + + static char * ++principal_type_string(int type) ++{ ++ switch (type) { ++ case KRB5_NT_UNKNOWN: return "unknown"; ++ case KRB5_NT_PRINCIPAL: return "principal"; ++ case KRB5_NT_SRV_INST: return "service instance"; ++ case KRB5_NT_SRV_HST: return "service with host as instance"; ++ case KRB5_NT_SRV_XHST: return "service with host as components"; ++ case KRB5_NT_UID: return "unique ID"; ++ case KRB5_NT_X500_PRINCIPAL: return "X.509"; ++ case KRB5_NT_SMTP_NAME: return "SMTP email"; ++ case KRB5_NT_ENTERPRISE_PRINCIPAL: return "Windows 2000 UPN"; ++ case KRB5_NT_WELLKNOWN: return "well-known"; ++ case KRB5_NT_MS_PRINCIPAL: return "Windows 2000 UPN and SID"; ++ case KRB5_NT_MS_PRINCIPAL_AND_ID: return "NT 4 style name"; ++ case KRB5_NT_ENT_PRINCIPAL_AND_ID: return "NT 4 style name and SID"; ++ default: return "?"; ++ } ++} ++ ++static char * + trace_format(krb5_context context, const char *fmt, va_list ap) + { + struct k5buf buf; +@@ -207,6 +228,9 @@ trace_format(krb5_context context, const char *fmt, va_list ap) + krb5int_buf_add(&buf, str); + krb5_free_unparsed_name(context, str); + } ++ } else if (strcmp(tmpbuf, "ptype") == 0) { ++ p = principal_type_string(va_arg(ap, int)); ++ krb5int_buf_add(&buf, p); + } else if (strcmp(tmpbuf, "patypes") == 0) { + padata = va_arg(ap, krb5_pa_data **); + if (padata == NULL || *padata == NULL) +-- +1.7.3.4 + diff --git a/app-crypt/mit-krb5/files/9999-0003-t_trace.c-Add-tests-for-trace.c-formatting.patch b/app-crypt/mit-krb5/files/9999-0003-t_trace.c-Add-tests-for-trace.c-formatting.patch new file mode 100644 index 0000000..816e057 --- /dev/null +++ b/app-crypt/mit-krb5/files/9999-0003-t_trace.c-Add-tests-for-trace.c-formatting.patch @@ -0,0 +1,293 @@ +From 71f7402d057f6b8a530601f414771abc6c07227d Mon Sep 17 00:00:00 2001 +Message-Id: <71f7402d057f6b8a530601f414771abc6c07227d.1337366789.git.wking@tremily.us> +In-Reply-To: +References: +From: W. Trevor King +Date: Thu, 17 May 2012 21:12:49 -0400 +Subject: [PATCH 3/4] t_trace.c: Add tests for trace.c formatting. + +This improves the previously minimal test coverage of `trace.c'. +--- + src/lib/krb5/os/Makefile.in | 14 +++- + src/lib/krb5/os/t_trace.c | 216 +++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 228 insertions(+), 2 deletions(-) + create mode 100644 src/lib/krb5/os/t_trace.c + +diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in +index 19f5c33..9faab25 100644 +--- a/src/lib/krb5/os/Makefile.in ++++ b/src/lib/krb5/os/Makefile.in +@@ -155,7 +155,7 @@ clean-unix:: clean-libobjs + shared: + mkdir shared + +-TEST_PROGS= t_std_conf t_an_to_ln t_kuserok t_locate_kdc ++TEST_PROGS= t_std_conf t_an_to_ln t_kuserok t_locate_kdc t_trace + + T_STD_CONF_OBJS= t_std_conf.o + +@@ -163,6 +163,8 @@ T_AN_TO_LN_OBJS = t_an_to_ln.o an_to_ln.o + + T_KUSEROK_OBJS = t_kuserok.o + ++T_TRACE_OBJS = t_trace.o ++ + t_std_conf: $(T_STD_CONF_OBJS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o t_std_conf $(T_STD_CONF_OBJS) $(KRB5_BASE_LIBS) + +@@ -183,6 +185,9 @@ $(OUTPRE)t_locate_kdc.exe: $(OUTPRE)t_locate_kdc.obj \ + $(KLIB) $(PLIB) $(CLIB) $(SLIB) + link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(DNSLIBS) + ++t_trace: $(T_TRACE_OBJS) $(KRB5_BASE_DEPLIBS) ++ $(CC_LINK) -o t_trace $(T_TRACE_OBJS) $(KRB5_BASE_LIBS) ++ + LCLINT=lclint + LCLINTOPTS= -warnposix \ + -usedef +charintliteral +ignoresigns -predboolint +boolint \ +@@ -192,7 +197,8 @@ lclint-localaddr: localaddr.c + $(LCLINT) $(LCLINTOPTS) $(CPPFLAGS) $(LOCALINCLUDES) $(DEFS) \ + -DTEST $(srcdir)/localaddr.c + +-check-unix:: check-unix-stdconf check-unix-locate check-unix-antoln t_kuserok ++check-unix:: check-unix-stdconf check-unix-locate check-unix-antoln \ ++ check-unix-trace t_kuserok + + check-unix-stdconf:: t_std_conf + KRB5_CONFIG=$(srcdir)/td_krb5.conf ; export KRB5_CONFIG ;\ +@@ -254,6 +260,10 @@ check-unix-antoln:: t_an_to_ln + $(KRB5_RUN_ENV) $(VALGRIND) ./t_an_to_ln fred/r@r barney/r@r x/r/r/r@r + $(RM) ./t_an.* + ++check-unix-trace:: t_trace ++ export KRB5_TRACE=/dev/stdout ; \ ++ $(KRB5_RUN_ENV) $(VALGRIND) ./t_trace ++ + clean:: + $(RM) $(TEST_PROGS) test.out t_std_conf.o t_an_to_ln.o t_locate_kdc.o + $(RM) t_kuserok.o +diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c +new file mode 100644 +index 0000000..ad15df3 +--- /dev/null ++++ b/src/lib/krb5/os/t_trace.c +@@ -0,0 +1,216 @@ ++/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ ++#include ++#include ++#include ++#include "port-sockets.h" ++#include ++ ++#define TEST ++#include "k5-int.h" ++#include "cm.h" ++ ++const char *prog; ++ ++static void ++kfatal (krb5_error_code err) ++{ ++ com_err (prog, err, "- exiting"); ++ exit (1); ++} ++ ++int ++main (int argc, char *argv[]) ++{ ++ char *p; ++ krb5_context ctx; ++ krb5_error_code err; ++ int i = -1; ++ long ln = -2; ++ size_t s = 0; ++ char *str = "example.data"; ++ krb5_octet *oct = (krb5_octet *) str; ++ unsigned int oct_length = strlen(str); ++ struct conn_state conn; ++ struct sockaddr_in *addr_in; ++ krb5_data data; ++ struct krb5_key_st key; ++ krb5_checksum checksum; ++ krb5_principal_data principal_data, principal_data2; ++ krb5_principal princ = &principal_data; ++ krb5_pa_data padata, padata2, **padatap; ++ krb5_enctype enctypes[4] = { ++ ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN, ++ ENCTYPE_NULL}; ++ krb5_ccache ccache; ++ krb5_keytab keytab; ++ krb5_creds creds; ++ ++ p = strrchr (argv[0], '/'); ++ if (p) ++ prog = p+1; ++ else ++ prog = argv[0]; ++ ++ if (argc != 1) { ++ fprintf (stderr, "%s: usage: %s\n", prog, prog); ++ return 1; ++ } ++ ++ err = krb5_init_context (&ctx); ++ if (err) ++ kfatal (err); ++ ++ krb5int_trace(NULL, NULL); ++ TRACE(ctx, "simple format"); ++ ++ TRACE(ctx, "int, in decimal: {int}", i); ++ TRACE(ctx, "long, in decimal: {long}", ln); ++ ++ TRACE(ctx, "const char *, display as C string: {str}", str); ++ s = strlen(str); ++ TRACE(ctx, "size_t and const char *, as a counted string: {lenstr}", ++ s, str); ++ TRACE(ctx, "size_t and const char *, as a counted string: {lenstr}", ++ 1, NULL); ++ TRACE(ctx, "size_t and const char *, as hex bytes: {hexlenstr}", ++ s, str); ++ TRACE(ctx, "size_t and const char *, as hex bytes: {hexlenstr}", ++ 1, NULL); ++ TRACE(ctx, "size_t and const char *, as four-character hex hash: " ++ "{hashlenstr}", s, str); ++ TRACE(ctx, "size_t and const char *, as four-character hex hash: " ++ "{hashlenstr}", 1, NULL); ++ ++ conn.socktype = SOCK_STREAM; ++ addr_in = (struct sockaddr_in *) &conn.addr; ++ addr_in->sin_family = AF_INET; ++ addr_in->sin_addr.s_addr = INADDR_ANY; ++ addr_in->sin_port = htons(88); ++ TRACE(ctx, "struct conn_state *, show socket type, address, port: " ++ "{connstate}", &conn); ++ conn.socktype = SOCK_DGRAM; ++ TRACE(ctx, "struct conn_state *, show socket type, address, port: " ++ "{connstate}", &conn); ++ conn.socktype = SOCK_RDM; ++ addr_in->sin_family = AF_UNSPEC; ++ TRACE(ctx, "struct conn_state *, show socket type, address, port: " ++ "{connstate}", &conn); ++ conn.family = AF_UNSPEC; ++ TRACE(ctx, "struct conn_state *, show socket type, address, port: " ++ "{connstate}", &conn); ++ ++ data.magic = 0; ++ data.length = strlen(str); ++ data.data = str; ++ TRACE(ctx, "krb5_data *, display as counted string: {data}", &data); ++ TRACE(ctx, "krb5_data *, display as counted string: {data}", NULL); ++ TRACE(ctx, "krb5_data *, display as hex bytes: {hexdata}", &data); ++ TRACE(ctx, "krb5_data *, display as hex bytes: {hexdata}", NULL); ++ ++ TRACE(ctx, "int, display as number/errorstring: {errno}", 0); ++ TRACE(ctx, "int, display as number/errorstring: {errno}", 1); ++ TRACE(ctx, "krb5_error_code, display as number/errorstring: {kerr}", 0); ++ ++ key.keyblock.magic = 0; ++ key.keyblock.enctype = ENCTYPE_UNKNOWN; ++ key.keyblock.length = strlen(str); ++ key.keyblock.contents = (krb5_octet *)str; ++ key.refcount = 0; ++ key.derived = NULL; ++ key.cache = NULL; ++ TRACE(ctx, "const krb5_keyblock *, display enctype and hash of key: " ++ "{keyblock}", &key.keyblock); ++ TRACE(ctx, "const krb5_keyblock *, display enctype and hash of key: " ++ "{keyblock}", NULL); ++ TRACE(ctx, "krb5_key, display enctype and hash of key: {key}", &key); ++ TRACE(ctx, "krb5_key, display enctype and hash of key: {key}", NULL); ++ ++ checksum.magic = 0; ++ checksum.checksum_type = -1; ++ checksum.length = oct_length; ++ checksum.contents = oct; ++ TRACE(ctx, "const krb5_checksum *, display cksumtype and hex checksum: " ++ "{cksum}", &checksum); ++ ++ principal_data.magic = 0; ++ principal_data.realm.magic = 0; ++ principal_data.realm.data = "ATHENA.MIT.EDU"; ++ principal_data.realm.length = strlen(principal_data.realm.data); ++ principal_data.data = &data; ++ principal_data.length = 0; ++ principal_data.type = KRB5_NT_UNKNOWN; ++ TRACE(ctx, "krb5_principal, unparse and display: {princ}", princ); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_UNKNOWN); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_PRINCIPAL); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_INST); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_HST); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_XHST); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_UID); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_X500_PRINCIPAL); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SMTP_NAME); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", ++ KRB5_NT_ENTERPRISE_PRINCIPAL); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_WELLKNOWN); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_MS_PRINCIPAL); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", ++ KRB5_NT_MS_PRINCIPAL_AND_ID); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", ++ KRB5_NT_ENT_PRINCIPAL_AND_ID); ++ TRACE(ctx, "int, krb5_principal type: {ptype}", -1); ++ ++ padatap = (krb5_pa_data **) malloc(sizeof(krb5_pa_data *)*2); ++ padatap[0] = &padata; ++ memcpy(&padata2, &padata, sizeof(padata)); ++ padatap[1] = &padata2; ++ padatap[2] = NULL; ++ padata.magic = 0; ++ padata.pa_type = KRB5_PADATA_NONE; ++ padata.length = oct_length; ++ padata.contents = oct; ++ TRACE(ctx, "krb5_pa_data **, display list of padata type numbers: " ++ "{patypes}", padatap); ++ TRACE(ctx, "krb5_pa_data **, display list of padata type numbers: " ++ "{patypes}", NULL); ++ free(padatap); ++ padatap = NULL; ++ ++ TRACE(ctx, "krb5_enctype, display shortest name of enctype: {etype}", ++ ENCTYPE_DES_CBC_CRC); ++ TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", enctypes); ++ TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", NULL); ++ ++ err = krb5_cc_default(ctx, &ccache); ++ TRACE(ctx, "krb5_ccache, display type:name: {ccache}", ccache); ++ krb5_cc_close(ctx, ccache); ++ ++ err = krb5_kt_default(ctx, &keytab); ++ TRACE(ctx, "krb5_keytab, display name: {keytab}", keytab); ++ krb5_kt_close(ctx, keytab); ++ ++ creds.magic = 0; ++ creds.client = &principal_data; ++ memcpy(&principal_data2, &principal_data, sizeof(principal_data)); ++ principal_data2.realm.data = "ZEUS.MIT.EDU"; ++ principal_data2.realm.length = strlen(principal_data2.realm.data); ++ creds.server = &principal_data2; ++ memcpy(&creds.keyblock, &key.keyblock, sizeof(creds.keyblock)); ++ creds.times.authtime = 0; ++ creds.times.starttime = 1; ++ creds.times.endtime = 2; ++ creds.times.renew_till = 3; ++ creds.is_skey = FALSE; ++ creds.ticket_flags = 0; ++ creds.addresses = NULL; ++ creds.ticket.magic = 0; ++ creds.ticket.length = strlen(str); ++ creds.ticket.data = str; ++ creds.second_ticket.magic = 0; ++ creds.second_ticket.length = strlen(str); ++ creds.second_ticket.data = str; ++ creds.authdata = NULL; ++ TRACE(ctx, "krb5_creds *, display clientprinc -> serverprinc: {creds}", ++ &creds); ++ ++ krb5_free_context(ctx); ++ return 0; ++} +-- +1.7.3.4 + diff --git a/app-crypt/mit-krb5/files/9999-0004-Convert-DEBUG_REFERRALS-to-TRACE_-framework.patch b/app-crypt/mit-krb5/files/9999-0004-Convert-DEBUG_REFERRALS-to-TRACE_-framework.patch new file mode 100644 index 0000000..08de41b --- /dev/null +++ b/app-crypt/mit-krb5/files/9999-0004-Convert-DEBUG_REFERRALS-to-TRACE_-framework.patch @@ -0,0 +1,328 @@ +From 282629dc9274364f9fd06802404e99c0e58aace2 Mon Sep 17 00:00:00 2001 +Message-Id: <282629dc9274364f9fd06802404e99c0e58aace2.1337366789.git.wking@tremily.us> +In-Reply-To: +References: +From: W. Trevor King +Date: Thu, 17 May 2012 21:26:36 -0400 +Subject: [PATCH 4/4] Convert DEBUG_REFERRALS to TRACE_* framework. + +--- + src/include/k5-int.h | 7 +----- + src/include/k5-trace.h | 46 +++++++++++++++++++++++++++++++++++++++++ + src/lib/krb5/krb/gc_via_tkt.c | 21 +++++------------- + src/lib/krb5/krb/princ_comp.c | 6 ----- + src/lib/krb5/os/hst_realm.c | 33 ++++++++--------------------- + src/lib/krb5/os/sn2princ.c | 27 ++++------------------- + 6 files changed, 67 insertions(+), 73 deletions(-) + +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 1ea8c10..ca18baf 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -2272,14 +2272,9 @@ extern krb5_error_code + krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); + + /* +- * Referral definitions, debugging hooks, and subfunctions. ++ * Referral definitions and subfunctions. + */ + #define KRB5_REFERRAL_MAXHOPS 10 +-/* #define DEBUG_REFERRALS */ +- +-#ifdef DEBUG_REFERRALS +-void krb5int_dbgref_dump_principal(char *, krb5_principal); +-#endif + + /* Common hostname-parsing code. */ + krb5_error_code +diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h +index ebc963f..f796e00 100644 +--- a/src/include/k5-trace.h ++++ b/src/include/k5-trace.h +@@ -386,4 +386,50 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); + #define TRACE_TKT_CREDS_WRONG_ENCTYPE(c) \ + TRACE(c, "Retrying TGS request with desired service ticket enctypes") + ++#define TRACE_GET_HOST_REALM(c, host) \ ++ TRACE(c, "Get host realm for {str}", host) ++#define TRACE_GET_HOST_REALM_LOCALHOST(c, localhost) \ ++ TRACE(c, "Use local host {str} to get host realm", localhost) ++#define TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(c, host) \ ++ TRACE(c, "Look up {str} in the domain_realm map", host) ++#define TRACE_GET_HOST_REALM_TEMP_REALM(c, realm) \ ++ TRACE(c, "Temporary realm is {str}", realm) ++#define TRACE_GET_HOST_REALM_RETURN(c, host, realm) \ ++ TRACE(c, "Got realm {str} for host {str}", realm, host) ++ ++#define TRACE_GET_FALLBACK_HOST_REALM(c, host) \ ++ TRACE(c, "Get fallback host realm for {str}", host) ++#define TRACE_GET_FALLBACK_HOST_REALM_RETURN(c, host, realm) \ ++ TRACE(c, "Got fallback realm {str} for host {str}", realm, host) ++ ++#define TRACE_CLEAN_HOSTNAME(c, host, size, localhost) \ ++ TRACE(c, "Clean host {str} with local host {lenstr}", \ ++ host, size, localhost) ++#define TRACE_CLEAN_HOSTNAME_RETURN(c, host, size, localhost) \ ++ TRACE(c, "Cleaned host {str} to local host {lenstr}", \ ++ host, size, localhost) ++ ++#define TRACE_SNAME_TO_PRINCIPAL(c, host, sname, type) \ ++ TRACE(c, "Convert service {str} ({ptype}) on host {str} to principal", \ ++ sname, type, host) ++#define TRACE_SNAME_TO_PRINCIPAL_NOCANON(c, host) \ ++ TRACE(c, "Failed to canonicalize {str}; using as-is", host) ++#define TRACE_SNAME_TO_PRINCIPAL_CANON(c, host) \ ++ TRACE(c, "Remote host after forward canonicalization: {str}", host) ++#define TRACE_SNAME_TO_PRINCIPAL_RDNS(c, host) \ ++ TRACE(c, "Remote host after reverse DNS processing: {str}", host) ++#define TRACE_SNAME_TO_PRINCIPAL_RETURN(c, princ) \ ++ TRACE(c, "Got service principal {princ}", princ) ++ ++#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \ ++ TRACE(c, "Reply server {princ} differs from requested {princ}", \ ++ reply, request) ++ ++#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \ ++ TRACE(c, "Get cred via TGT {princ} after requesting {prince} " \ ++ "(canonicalize {str})", \ ++ reply, request, kdcoptions & KDC_OPT_CANONICALIZE ? "on" : "off") ++#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, ret) \ ++ TRACE(c, "Got cred; {kerr}", ret) ++ + #endif /* K5_TRACE_H */ +diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c +index 0c25f79..b6b8232 100644 +--- a/src/lib/krb5/krb/gc_via_tkt.c ++++ b/src/lib/krb5/krb/gc_via_tkt.c +@@ -118,13 +118,9 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions, + if (kdcoptions & KDC_OPT_CANONICALIZE) { + /* in_cred server differs from ticket returned, but ticket + returned is consistent and we requested canonicalization. */ +-#if 0 +-#ifdef DEBUG_REFERRALS +- printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n"); +- krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server); +- krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server); +-#endif +-#endif ++ ++ TRACE_CHECK_REPLY_SERVER_DIFFERS(context, in_cred->server, ++ dec_rep->enc_part2->server); + return 0; + } + +@@ -434,11 +430,8 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt, + if (retval) + goto cleanup; + +-#ifdef DEBUG_REFERRALS +- printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off"); +- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server); +- krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server); +-#endif ++ TRACE_GET_CRED_VIA_TKT_EXT(context, in_cred->server, tkt->server, ++ kdcoptions); + + retval = krb5int_make_tgs_request(context, fast_state, tkt, kdcoptions, + address, in_padata, in_cred, +@@ -487,9 +480,7 @@ send_again: + + cleanup: + krb5int_fast_free_state(context, fast_state); +-#ifdef DEBUG_REFERRALS +- printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error"); +-#endif ++ TRACE_GET_CRED_VIA_TKT_EXT_RETURN(context, retval); + + krb5_free_data_contents(context, &request_data); + krb5_free_data_contents(context, &response_data); +diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c +index 9d83487..db0d305 100644 +--- a/src/lib/krb5/krb/princ_comp.c ++++ b/src/lib/krb5/krb/princ_comp.c +@@ -143,12 +143,6 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r) + * on that string constant being zero-length. (Unlike principal realm + * names, KRB5_REFERRAL_REALM is known to be a string.) + */ +-#ifdef DEBUG_REFERRALS +-#if 0 +- printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n", +- r->data,(r->length==0)?"true":"false"); +-#endif +-#endif + assert(strlen(KRB5_REFERRAL_REALM)==0); + if (r->length==0) + return TRUE; +diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c +index d780433..9266222 100644 +--- a/src/lib/krb5/os/hst_realm.c ++++ b/src/lib/krb5/os/hst_realm.c +@@ -140,9 +140,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) + krb5_error_code retval; + char local_host[MAXDNAME+1]; + +-#ifdef DEBUG_REFERRALS +- printf("get_host_realm(host:%s) called\n",host); +-#endif ++ TRACE_GET_HOST_REALM(context, host); + + retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host); + if (retval) +@@ -161,15 +159,11 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) + */ + + cp = local_host; +-#ifdef DEBUG_REFERRALS +- printf(" local_host: %s\n",local_host); +-#endif ++ TRACE_GET_HOST_REALM_LOCALHOST(context, local_host); + realm = (char *)NULL; + temp_realm = 0; + while (cp) { +-#ifdef DEBUG_REFERRALS +- printf(" trying to look up %s in the domain_realm map\n",cp); +-#endif ++ TRACE_GET_HOST_REALM_DOMAIN_REALM_MAP(context, cp); + retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, + 0, (char *)NULL, &temp_realm); + if (retval) +@@ -184,13 +178,8 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) + cp = strchr(cp, '.'); + } + } +-#ifdef DEBUG_REFERRALS +- printf(" done searching the domain_realm map\n"); +-#endif + if (temp_realm) { +-#ifdef DEBUG_REFERRALS +- printf(" temp_realm is %s\n",temp_realm); +-#endif ++ TRACE_GET_HOST_REALM_TEMP_REALM(context, temp_realm); + realm = strdup(temp_realm); + if (!realm) { + profile_release_string(temp_realm); +@@ -214,6 +203,7 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) + retrealms[0] = realm; + retrealms[1] = 0; + ++ TRACE_GET_HOST_REALM_RETURN(context, host, realm); + *realmsp = retrealms; + return 0; + } +@@ -285,9 +275,7 @@ krb5_get_fallback_host_realm(krb5_context context, + memcpy(host, hdata->data, hdata->length); + host[hdata->length]=0; + +-#ifdef DEBUG_REFERRALS +- printf("get_fallback_host_realm(host >%s<) called\n",host); +-#endif ++ TRACE_GET_FALLBACK_HOST_REALM(context, host); + + retval = krb5int_clean_hostname(context, host, local_host, sizeof local_host); + if (retval) +@@ -367,6 +355,7 @@ krb5_get_fallback_host_realm(krb5_context context, + retrealms[0] = realm; + retrealms[1] = 0; + ++ TRACE_GET_FALLBACK_HOST_REALM_RETURN(context, host, realm); + *realmsp = retrealms; + return 0; + } +@@ -384,9 +373,7 @@ krb5int_clean_hostname(krb5_context context, + int l; + + local_host[0]=0; +-#ifdef DEBUG_REFERRALS +- printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); +-#endif ++ TRACE_CLEAN_HOSTNAME(context, host, lhsize, local_host); + if (host) { + /* Filter out numeric addresses if the caller utterly failed to + convert them to names. */ +@@ -429,9 +416,7 @@ krb5int_clean_hostname(krb5_context context, + if (l && local_host[l-1] == '.') + local_host[l-1] = 0; + +-#ifdef DEBUG_REFERRALS +- printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); +-#endif ++ TRACE_CLEAN_HOSTNAME_RETURN(context, host, lhsize, local_host); + return 0; + } + +diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c +index edf1318..cc99934 100644 +--- a/src/lib/krb5/os/sn2princ.c ++++ b/src/lib/krb5/os/sn2princ.c +@@ -68,10 +68,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * + register char *cp; + char localname[MAXHOSTNAMELEN]; + +-#ifdef DEBUG_REFERRALS +- printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type); +- printf(" name types: 0=unknown, 3=srv_host\n"); +-#endif ++ TRACE_SNAME_TO_PRINCIPAL(context, hostname, sname, type); + + if ((type == KRB5_NT_UNKNOWN) || + (type == KRB5_NT_SRV_HST)) { +@@ -108,10 +105,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * + hints.ai_flags = AI_CANONNAME; + err = getaddrinfo(hostname, 0, &hints, &ai); + if (err) { +-#ifdef DEBUG_REFERRALS +- printf("sname_to_princ: failed to canonicalize %s; " +- "using as-is\n", hostname); +-#endif ++ TRACE_SNAME_TO_PRINCIPAL_NOCANON(context, hostname); + } + remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname); + if (!remote_host) { +@@ -119,7 +113,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * + freeaddrinfo(ai); + return ENOMEM; + } +- ++ TRACE_SNAME_TO_PRINCIPAL_CANON(context, remote_host); + if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { + /* + * Do a reverse resolution to get the full name, just in +@@ -148,9 +142,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * + } + if (!remote_host) + return ENOMEM; +-#ifdef DEBUG_REFERRALS +- printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host); +-#endif ++ TRACE_SNAME_TO_PRINCIPAL_RDNS(context, remote_host); + + if (type == KRB5_NT_SRV_HST) + for (cp = remote_host; *cp; cp++) +@@ -174,10 +166,6 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * + return retval; + } + +-#ifdef DEBUG_REFERRALS +- printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]); +-#endif +- + if (!hrealms[0]) { + free(remote_host); + free(hrealms); +@@ -191,12 +179,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * + if (retval == 0) + krb5_princ_type(context, *ret_princ) = type; + +-#ifdef DEBUG_REFERRALS +- printf("krb5_sname_to_principal returning\n"); +- printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n", +- realm,sname,remote_host); +- krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ); +-#endif ++ TRACE_SNAME_TO_PRINCIPAL_RETURN(context, *ret_princ); + + free(remote_host); + +-- +1.7.3.4 + diff --git a/app-crypt/mit-krb5/files/kpropd.xinetd b/app-crypt/mit-krb5/files/kpropd.xinetd new file mode 100644 index 0000000..af542fc --- /dev/null +++ b/app-crypt/mit-krb5/files/kpropd.xinetd @@ -0,0 +1,11 @@ +service tell +{ + disable = yes + socket_type = stream + user = root + wait = no + server = /usr/sbin/kpropd + only_from = 0.0.0.0 + log_on_success = PID HOST EXIT DURATION + log_on_failure = HOST +} diff --git a/app-crypt/mit-krb5/files/mit-krb5kadmind.initd b/app-crypt/mit-krb5/files/mit-krb5kadmind.initd new file mode 100644 index 0000000..75d411c --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5kadmind.initd @@ -0,0 +1,24 @@ +#!/sbin/runscript + +#--------------------------------------------------------------------------- +# This script starts/stops the MIT Kerberos 5 Admin daemon +#--------------------------------------------------------------------------- + +daemon="MIT Kerberos 5 Admin daemon" +exec="/usr/sbin/kadmind" + +depend() { + need net mit-krb5kdc +} + +start() { + ebegin "Starting $daemon" + start-stop-daemon --start --quiet --exec ${exec} 1>&2 + eend $? "Error starting $daemon" +} + +stop() { + ebegin "Stopping $daemon" + start-stop-daemon --stop --quiet --exec ${exec} 1>&2 + eend $? "Error stopping $daemon" +} diff --git a/app-crypt/mit-krb5/files/mit-krb5kdc.initd b/app-crypt/mit-krb5/files/mit-krb5kdc.initd new file mode 100644 index 0000000..d0ab859 --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5kdc.initd @@ -0,0 +1,24 @@ +#!/sbin/runscript + +#--------------------------------------------------------------------------- +# This script starts/stops the MIT Kerberos 5 KDC +#--------------------------------------------------------------------------- + +daemon="MIT Kerberos 5 KDC" +exec="/usr/sbin/krb5kdc" + +depend() { + need net +} + +start() { + ebegin "Starting $daemon" + start-stop-daemon --start --quiet --exec ${exec} 1>&2 + eend $? "Error starting $daemon" +} + +stop() { + ebegin "Stopping $daemon" + start-stop-daemon --stop --quiet --exec ${exec} 1>&2 + eend $? "Error stopping $daemon" +} diff --git a/app-crypt/mit-krb5/files/mit-krb5kpropd.initd b/app-crypt/mit-krb5/files/mit-krb5kpropd.initd new file mode 100644 index 0000000..76841da --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5kpropd.initd @@ -0,0 +1,25 @@ +#!/sbin/runscript + +#--------------------------------------------------------------------------- +# This script starts/stops the MIT Kerberos 5 kpropd +#--------------------------------------------------------------------------- + +daemon="MIT Kerberos 5 kpropd" +exec="/usr/sbin/kpropd" + +depend() { + need net + use mit-krb5kdc mit-krb5kadmind +} + +start() { + ebegin "Starting $daemon" + start-stop-daemon --start --quiet --exec ${exec} -- -S 1>&2 + eend $? "Error starting $daemon" +} + +stop() { + ebegin "Stopping $daemon" + start-stop-daemon --stop --quiet --exec ${exec} 1>&2 + eend $? "Error stopping $daemon" +} diff --git a/app-crypt/mit-krb5/metadata.xml b/app-crypt/mit-krb5/metadata.xml new file mode 100644 index 0000000..38b3206 --- /dev/null +++ b/app-crypt/mit-krb5/metadata.xml @@ -0,0 +1,20 @@ + + + + + + wking@drexel.edu + W. Trevor King + +Kerberos 5 reference implementation from MIT + + + Creates and installs the API and implementation + documentation. This is only useful if you want to develop software + which depends on kerberos. + + Enable for the keyring ccache using keyutils. + Enable pkinit support for the initial ticket. + Enable support for ldap as a database backend. + + diff --git a/app-crypt/mit-krb5/mit-krb5-9999.ebuild b/app-crypt/mit-krb5/mit-krb5-9999.ebuild new file mode 100644 index 0000000..2e42904 --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-9999.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.10.1-r1.ebuild,v 1.1 2012/03/23 14:05:32 eras Exp $ + +EAPI=4 + +inherit eutils flag-o-matic versionator + +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" + +if [[ "${PV}" == "9999" ]]; then + inherit git-2 + EGIT_REPO_URI="git://github.com/krb5/krb5" + MY_P="${PN/mit-}" + EGIT_SOURCEDIR="${WORKDIR}/${MY_P}" +else + MY_P="${P/mit-}" + P_DIR=$(get_version_component_range 1-2) + SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" +fi + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="doc +keyutils openldap +pkinit +threads test xinetd" + +RDEPEND="!!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.41.0 + keyutils? ( sys-apps/keyutils ) + openldap? ( net-nds/openldap ) + xinetd? ( sys-apps/xinetd )" +DEPEND="${RDEPEND} + virtual/yacc + doc? ( virtual/latex-base ) + test? ( dev-lang/tcl + dev-lang/python + dev-util/dejagnu )" + +S="${WORKDIR}/${MY_P}/src" + +src_unpack() { + if [[ "${PV}" == "9999" ]]; then + git-2_src_unpack + else + unpack "${A}" + unpack ./"${MY_P}".tar.gz + fi +} + +S=${WORKDIR}/${MY_P}/src + +src_prepare() { + epatch "${FILESDIR}/${PV}"-*.patch + if [[ "${PV}" == "9999" ]]; then + cd "${S}/src" + util/reconf + fi +} + +src_configure() { + append-flags "-I${EPREFIX}/usr/include/et" + # QA + append-flags -fno-strict-aliasing + append-flags -fno-strict-overflow + use keyutils || export ac_cv_header_keyutils_h=no + econf \ + $(use_with openldap ldap) \ + "$(use_with test tcl "${EPREFIX}/usr")" \ + $(use_enable pkinit) \ + $(use_enable threads thread-support) \ + --without-hesiod \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-lookaside-cache \ + --disable-rpath +} + +src_compile() { + emake -j1 + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" + done + fi +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="${EPREFIX}/usr/share/doc/${PF}/examples" \ + install + + # default database dir + keepdir /var/lib/krb5kdc + + cd .. + dodoc NOTICE README + + if use doc ; then + dodoc doc/*.{ps,txt} + doinfo doc/*.info* + dohtml -r doc/*.html + dodoc doc/{api,implement}/*.ps + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc + newinitd "${FILESDIR}"/mit-krb5kpropd.initd mit-krb5kpropd + + insinto /etc + newins "${ED}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${ED}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use openldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + fi +} -- 2.26.2