diff options
| author |   Eray Aslan <eras@gentoo.org> | 2010-12-01 07:22:44 +0000 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2010-12-01 07:22:44 +0000 |
| commit | df9a3f1f67101f368e72771d92dce76bed1baadd (patch) | |
| tree | ec983d146ef06a952408cc0103e914d41ffcdc90 /app-crypt/mit-krb5 | |
| parent | Add CPL-0.5 to the MISC-FREE license group, as it is almost identical with CP... (diff) | |
| download | historical-df9a3f1f67101f368e72771d92dce76bed1baadd.tar.gz historical-df9a3f1f67101f368e72771d92dce76bed1baadd.tar.bz2 historical-df9a3f1f67101f368e72771d92dce76bed1baadd.zip | |
Security bump for CVE-2010-{1323,1324,4020}. Working test suite and test USE flag added.
Package-Manager: portage-2.1.9.25/cvs/Linux x86_64
Diffstat (limited to 'app-crypt/mit-krb5')
| -rw-r--r-- | app-crypt/mit-krb5/ChangeLog | 8 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/Manifest | 5 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch | 202 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/files/mit-krb5_testsuite.patch | 93 | ||||
| -rw-r--r-- | app-crypt/mit-krb5/mit-krb5-1.8.3-r2.ebuild | 123 |
5 files changed, 429 insertions, 2 deletions
diff --git a/app-crypt/mit-krb5/ChangeLog b/app-crypt/mit-krb5/ChangeLog index 0145625da24f..24a72d4840dd 100644 --- a/app-crypt/mit-krb5/ChangeLog +++ b/app-crypt/mit-krb5/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/mit-krb5 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.240 2010/11/27 15:23:06 eras Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/ChangeLog,v 1.241 2010/12/01 07:22:44 eras Exp $ + +*mit-krb5-1.8.3-r2 (01 Dec 2010) + + 01 Dec 2010; Eray Aslan <eras@gentoo.org> +mit-krb5-1.8.3-r2.ebuild, + +files/CVE-2010-1323.1324.4020.patch, +files/mit-krb5_testsuite.patch: + Security bump. Working test suite with test USE flag. 27 Nov 2010; Eray Aslan <eras@gentoo.org> -mit-krb5-1.8.2.ebuild, -mit-krb5-1.8.2-r1.ebuild, -mit-krb5-1.8.3.ebuild: diff --git a/app-crypt/mit-krb5/Manifest b/app-crypt/mit-krb5/Manifest index 4871b8283532..6009faa8ea47 100644 --- a/app-crypt/mit-krb5/Manifest +++ b/app-crypt/mit-krb5/Manifest @@ -1,10 +1,13 @@ AUX CVE-2010-1322.patch 1066 RMD160 fc262a23e9aa118262a4258f74832445062444e4 SHA1 600f0890de65f96112f267b56317a4fd0166cba0 SHA256 7d9fbfffdaa0cde0ca499ccbb2cf09a6c7253e537755bbf6da9e08715fd9a474 +AUX CVE-2010-1323.1324.4020.patch 7908 RMD160 848b776218473200e5a54beb4f3adfc3db915cf4 SHA1 a6fbc3b6ab15ca98c1aa1521fd42dad1f5003ee8 SHA256 ec08fca9738b5fae619154379ae0158531cb630b6f25551c14d87313c2d2a5f0 AUX kpropd.xinetd 194 RMD160 5772b04bf7f6b8a5588331a4d9dca03738756f15 SHA1 a9c84a4197ba133144e754d68847cece6203ed4a SHA256 eaa3838a6ca8db901db359cac3435d4f703a9a10534f02eeb37f494dd21a1736 +AUX mit-krb5_testsuite.patch 3069 RMD160 59af8c128fbaeadc472111c4bef4dfe3ac7567f0 SHA1 e0896cac3d99a3e4f9d06afdab58a6d5cda82e7a SHA256 3c8cfdb012a5388b1a92658437dce619593b91f0b0c582ef66194347274b26f9 AUX mit-krb5kadmind.initd 687 RMD160 7602d12d570e80edf24953befbe4ec03d247e4ba SHA1 753a5875659d3bef63c1a50bb0228f1c3c06bdf9 SHA256 427953b3a2dbe0a8f85bee1294a348c97dbbdac4741f06c2a3768170ba29161a AUX mit-krb5kdc.initd 656 RMD160 8c4c508273f9d715ac0e0a8d9c54e36f63526b9b SHA1 62017fc3a2f5adbd6e0c1421041593a268a6252d SHA256 d813dbf3ee89f0da6b73455fd8759898223529c4cf7c1c2ec64a3128363194e2 DIST krb5-1.8.3-signed.tar 11642880 RMD160 bdf3a505e4b2447af0c9080b441918d665dcdd9c SHA1 69696f63b6c2b0e3238156b19eed68cecd661c6b SHA256 2c5988ddd8b409134cd0e77e9ce8f762605ce8d8fb0aa22f6500f53381567019 DIST krb5-1.9-beta1-signed.tar 11868160 RMD160 5de0522f82073f9fe305b6fa7d6b9ac673abbee8 SHA1 db8f23bf16a75dd6d72c5229ff29584132e97bee SHA256 fdc0998b8985c048cf43f84536e925ce08ba623f429c83a7e814e1228da2a541 EBUILD mit-krb5-1.8.3-r1.ebuild 2716 RMD160 1ba809f8181ae17b49f967b38735df2478d7f527 SHA1 5f166a6a0119a1046e9881402004aaf7d9f11d67 SHA256 5572ea7d8d97cb2d7b0d373393860c12befe0a4af157b2eec849c46ff7ff8c31 +EBUILD mit-krb5-1.8.3-r2.ebuild 2910 RMD160 436f240e895995930332d476138baeb9100d2bb0 SHA1 c000cd746be2e7e13788816058dfb2553a4bedb5 SHA256 605d35e8787d89c9a5dd27a08ae0977c36bedf174f909d1ec91f870528555c5a EBUILD mit-krb5-1.9_beta1.ebuild 2733 RMD160 2b6b285b249d73bda885c3972179b035410b4e50 SHA1 abc745be63c14114f635f23dd76410cfdf0f4729 SHA256 544633e96e2f51d136d9d96d461cc9dae2b8a400ca487c9fe6a50192f93a76f2 -MISC ChangeLog 38888 RMD160 f788cedc51d2f861c458b624b89402b8c51a22a0 SHA1 2b991e3dcae2774f2baf8844fa31215e602ff1d8 SHA256 0597977ede2f8553c3fc964229634eaad02c33208439265ed73ee7e215e771e7 +MISC ChangeLog 39123 RMD160 c4de387210b27f76842f64cb9c7d0126b759ddb3 SHA1 6face24ae73826e243392a9f60c8b09b93ea9edb SHA256 3547d86ea97514050f2310929e526598ae64f5ea8b47b653888fd989d8be2f6d MISC metadata.xml 513 RMD160 1fdd6ccb4acec66644c9e542df12aa75a586a6fe SHA1 83d50a7790fa92668019c39b9153b6ee96e1d90f SHA256 77b1100b25aed0652738c7d5885fe98feb47c783a242221938afd44a235720c9 diff --git a/app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch b/app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch new file mode 100644 index 000000000000..b1c3793b9ffb --- /dev/null +++ b/app-crypt/mit-krb5/files/CVE-2010-1323.1324.4020.patch @@ -0,0 +1,202 @@ +Index: krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c +=================================================================== +--- krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c (revision 24455) ++++ krb5-1.8/src/plugins/preauth/pkinit/pkinit_srv.c (working copy) +@@ -691,8 +691,7 @@ + krb5_reply_key_pack *key_pack = NULL; + krb5_reply_key_pack_draft9 *key_pack9 = NULL; + krb5_data *encoded_key_pack = NULL; +- unsigned int num_types; +- krb5_cksumtype *cksum_types = NULL; ++ krb5_cksumtype cksum_type; + + pkinit_kdc_context plgctx; + pkinit_kdc_req_context reqctx; +@@ -882,14 +881,25 @@ + retval = ENOMEM; + goto cleanup; + } +- /* retrieve checksums for a given enctype of the reply key */ +- retval = krb5_c_keyed_checksum_types(context, +- encrypting_key->enctype, &num_types, &cksum_types); +- if (retval) +- goto cleanup; + +- /* pick the first of acceptable enctypes for the checksum */ +- retval = krb5_c_make_checksum(context, cksum_types[0], ++ switch (encrypting_key->enctype) { ++ case ENCTYPE_DES_CBC_MD4: ++ cksum_type = CKSUMTYPE_RSA_MD4_DES; ++ break; ++ case ENCTYPE_DES_CBC_MD5: ++ case ENCTYPE_DES_CBC_CRC: ++ cksum_type = CKSUMTYPE_RSA_MD5_DES; ++ break; ++ default: ++ retval = krb5int_c_mandatory_cksumtype(context, ++ encrypting_key->enctype, ++ &cksum_type); ++ if (retval) ++ goto cleanup; ++ break; ++ } ++ ++ retval = krb5_c_make_checksum(context, cksum_type, + encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, + req_pkt, &key_pack->asChecksum); + if (retval) { +@@ -1033,7 +1043,6 @@ + krb5_free_data(context, encoded_key_pack); + free(dh_pubkey); + free(server_key); +- free(cksum_types); + + switch ((int)padata->pa_type) { + case KRB5_PADATA_PK_AS_REQ: +Index: krb5-1.8/src/lib/crypto/krb/cksumtypes.c +=================================================================== +--- krb5-1.8/src/lib/crypto/krb/cksumtypes.c (revision 24455) ++++ krb5-1.8/src/lib/crypto/krb/cksumtypes.c (working copy) +@@ -101,7 +101,7 @@ + + { CKSUMTYPE_MD5_HMAC_ARCFOUR, + "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC", +- NULL, &krb5int_hash_md5, ++ &krb5int_enc_arcfour, &krb5int_hash_md5, + krb5int_hmacmd5_checksum, NULL, + 16, 16, 0 }, + }; +Index: krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c +=================================================================== +--- krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c (revision 24455) ++++ krb5-1.8/src/lib/crypto/krb/keyed_checksum_types.c (working copy) +@@ -35,6 +35,13 @@ + { + if (ctp->flags & CKSUM_UNKEYED) + return FALSE; ++ /* Stream ciphers do not play well with RFC 3961 key derivation, so be ++ * conservative with RC4. */ ++ if ((ktp->etype == ENCTYPE_ARCFOUR_HMAC || ++ ktp->etype == ENCTYPE_ARCFOUR_HMAC_EXP) && ++ ctp->ctype != CKSUMTYPE_HMAC_MD5_ARCFOUR && ++ ctp->ctype != CKSUMTYPE_MD5_HMAC_ARCFOUR) ++ return FALSE; + return (!ctp->enc || ktp->enc == ctp->enc); + } + +Index: krb5-1.8/src/lib/crypto/krb/dk/derive.c +=================================================================== +--- krb5-1.8/src/lib/crypto/krb/dk/derive.c (revision 24455) ++++ krb5-1.8/src/lib/crypto/krb/dk/derive.c (working copy) +@@ -91,6 +91,8 @@ + blocksize = enc->block_size; + keybytes = enc->keybytes; + ++ if (blocksize == 1) ++ return KRB5_BAD_ENCTYPE; + if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) + return KRB5_CRYPTO_INTERNAL; + +Index: krb5-1.8/src/lib/gssapi/krb5/util_crypt.c +=================================================================== +--- krb5-1.8/src/lib/gssapi/krb5/util_crypt.c (revision 24455) ++++ krb5-1.8/src/lib/gssapi/krb5/util_crypt.c (working copy) +@@ -119,10 +119,22 @@ + if (code != 0) + return code; + +- code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype, +- cksumtype); +- if (code != 0) +- return code; ++ switch (subkey->keyblock.enctype) { ++ case ENCTYPE_DES_CBC_MD4: ++ *cksumtype = CKSUMTYPE_RSA_MD4_DES; ++ break; ++ case ENCTYPE_DES_CBC_MD5: ++ case ENCTYPE_DES_CBC_CRC: ++ *cksumtype = CKSUMTYPE_RSA_MD5_DES; ++ break; ++ default: ++ code = (*kaccess.mandatory_cksumtype)(context, ++ subkey->keyblock.enctype, ++ cksumtype); ++ if (code != 0) ++ return code; ++ break; ++ } + + switch (subkey->keyblock.enctype) { + case ENCTYPE_DES_CBC_MD5: +Index: krb5-1.8/src/lib/krb5/krb/pac.c +=================================================================== +--- krb5-1.8/src/lib/krb5/krb/pac.c (revision 24455) ++++ krb5-1.8/src/lib/krb5/krb/pac.c (working copy) +@@ -582,6 +582,8 @@ + checksum.checksum_type = load_32_le(p); + checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH; + checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH; ++ if (!krb5_c_is_keyed_cksum(checksum.checksum_type)) ++ return KRB5KRB_AP_ERR_INAPP_CKSUM; + + pac_data.length = pac->data.length; + pac_data.data = malloc(pac->data.length); +Index: krb5-1.8/src/lib/krb5/krb/preauth2.c +=================================================================== +--- krb5-1.8/src/lib/krb5/krb/preauth2.c (revision 24455) ++++ krb5-1.8/src/lib/krb5/krb/preauth2.c (working copy) +@@ -1578,7 +1578,9 @@ + + cksum = sc2->sam_cksum; + +- while (*cksum) { ++ for (; *cksum; cksum++) { ++ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type)) ++ continue; + /* Check this cksum */ + retval = krb5_c_verify_checksum(context, as_key, + KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, +@@ -1592,7 +1594,6 @@ + } + if (valid_cksum) + break; +- cksum++; + } + + if (!valid_cksum) { +Index: krb5-1.8/src/lib/krb5/krb/mk_safe.c +=================================================================== +--- krb5-1.8/src/lib/krb5/krb/mk_safe.c (revision 24455) ++++ krb5-1.8/src/lib/krb5/krb/mk_safe.c (working copy) +@@ -215,10 +215,28 @@ + for (i = 0; i < nsumtypes; i++) + if (auth_context->safe_cksumtype == sumtypes[i]) + break; +- if (i == nsumtypes) +- i = 0; +- sumtype = sumtypes[i]; + krb5_free_cksumtypes (context, sumtypes); ++ if (i < nsumtypes) ++ sumtype = auth_context->safe_cksumtype; ++ else { ++ switch (enctype) { ++ case ENCTYPE_DES_CBC_MD4: ++ sumtype = CKSUMTYPE_RSA_MD4_DES; ++ break; ++ case ENCTYPE_DES_CBC_MD5: ++ case ENCTYPE_DES_CBC_CRC: ++ sumtype = CKSUMTYPE_RSA_MD5_DES; ++ break; ++ default: ++ retval = krb5int_c_mandatory_cksumtype(context, enctype, ++ &sumtype); ++ if (retval) { ++ CLEANUP_DONE(); ++ goto error; ++ } ++ break; ++ } ++ } + } + if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata, + plocal_fulladdr, premote_fulladdr, diff --git a/app-crypt/mit-krb5/files/mit-krb5_testsuite.patch b/app-crypt/mit-krb5/files/mit-krb5_testsuite.patch new file mode 100644 index 000000000000..a91136aafbc5 --- /dev/null +++ b/app-crypt/mit-krb5/files/mit-krb5_testsuite.patch @@ -0,0 +1,93 @@ +--- a/src/tests/dejagnu/config/default.exp 2010-04-21 01:37:22.000000000 +0300 ++++ b/src/tests/dejagnu/config/default.exp 2010-11-24 16:51:53.000000000 +0200 +@@ -1619,7 +1619,7 @@ + set spawnid $spawn_id + set pid [exp_pid] + +- set markstr "===MARK $pid [clock format [clock seconds]] ===" ++ set markstr "===MARK $pid [clock seconds] ===" + puts $f $markstr + flush $f + +--- a/src/tests/dejagnu/krb-standalone/gssapi.exp 2009-06-11 20:27:45.000000000 +0300 ++++ b/src/tests/dejagnu/krb-standalone/gssapi.exp 2010-11-24 16:52:21.000000000 +0200 +@@ -182,7 +182,7 @@ + } + } + catch "expect_after" +- if ![check_exit_status $test] { ++ if { [check_exit_status $test] == 0 } { + # check_exit_staus already calls fail for us + return + } +@@ -209,59 +209,59 @@ + global portbase + + # Start up the kerberos and kadmind daemons. +- if ![start_kerberos_daemons 0] { ++ if { [start_kerberos_daemons 0] == 0 } { + perror "failed to start kerberos daemons" + } + + # Use kadmin to add a key for us. +- if ![add_kerberos_key gsstest0 0] { ++ if { [add_kerberos_key gsstest0 0] == 0 } { + perror "failed to set up gsstest0 key" + } + + # Use kadmin to add a key for us. +- if ![add_kerberos_key gsstest1 0] { ++ if { [add_kerberos_key gsstest1 0] ==0 } { + perror "failed to set up gsstest1 key" + } + + # Use kadmin to add a key for us. +- if ![add_kerberos_key gsstest2 0] { ++ if { [add_kerberos_key gsstest2 0] == 0 } { + perror "failed to set up gsstest2 key" + } + + # Use kadmin to add a key for us. +- if ![add_kerberos_key gsstest3 0] { ++ if { [add_kerberos_key gsstest3 0] == 0 } { + perror "failed to set up gsstest3 key" + } + + # Use kadmin to add a service key for us. +- if ![add_random_key gssservice/$hostname 0] { ++ if { [add_random_key gssservice/$hostname 0] == 0 } { + perror "failed to set up gssservice/$hostname key" + } + + # Use kdb5_edit to create a srvtab entry for gssservice +- if ![setup_srvtab 0 gssservice] { ++ if { [setup_srvtab 0 gssservice] == 0 } { + perror "failed to set up gssservice srvtab" + } + + catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3" + + # Use kinit to get a ticket. +- if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] { ++ if { [our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] == 0 } { + perror "failed to kinit gsstest0" + } + + # Use kinit to get a ticket. +- if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] { ++ if { [our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] == 0 } { + perror "failed to kinit gsstest1" + } + + # Use kinit to get a ticket. +- if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] { ++ if { [our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] == 0 } { + perror "failed to kinit gsstest2" + } + + # Use kinit to get a ticket. +- if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] { ++ if { [our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] == 0 } { + perror "failed to kinit gsstest3" + } + diff --git a/app-crypt/mit-krb5/mit-krb5-1.8.3-r2.ebuild b/app-crypt/mit-krb5/mit-krb5-1.8.3-r2.ebuild new file mode 100644 index 000000000000..5e5518b1599c --- /dev/null +++ b/app-crypt/mit-krb5/mit-krb5-1.8.3-r2.ebuild @@ -0,0 +1,123 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.3-r2.ebuild,v 1.1 2010/12/01 07:22:44 eras Exp $ + +EAPI=2 + +inherit eutils flag-o-matic versionator + +MY_P=${P/mit-} +P_DIR=$(get_version_component_range 1-2) +DESCRIPTION="MIT Kerberos V" +HOMEPAGE="http://web.mit.edu/kerberos/www/" +SRC_URI="http://web.mit.edu/kerberos/dist/krb5/${P_DIR}/${MY_P}-signed.tar" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="doc ldap test xinetd" + +RDEPEND="!!app-crypt/heimdal + >=sys-libs/e2fsprogs-libs-1.41.0 + sys-apps/keyutils + ldap? ( net-nds/openldap ) + xinetd? ( sys-apps/xinetd )" +DEPEND="${RDEPEND} + doc? ( virtual/latex-base ) + test? ( dev-lang/tcl + dev-lang/perl + dev-util/dejagnu )" + +S=${WORKDIR}/${MY_P}/src + +PROVIDE="virtual/krb5" + +src_unpack() { + unpack ${A} + unpack ./"${MY_P}".tar.gz +} + +src_prepare() { + epatch "${FILESDIR}/CVE-2010-1322.patch" + epatch "${FILESDIR}/CVE-2010-1323.1324.4020.patch" + epatch "${FILESDIR}/mit-krb5_testsuite.patch" +} + +src_configure() { + local myconf="" + if use test; then + myconf="--with-tcl=/usr" + fi + append-flags "-I/usr/include/et" + econf \ + $(use_with ldap) \ + $(use_with test tcl /usr) \ + --without-krb4 \ + --enable-shared \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + --enable-kdc-replay-cache \ + --disable-rpath +} + +src_compile() { + emake -j1 || die "emake failed" + + if use doc ; then + cd ../doc + for dir in api implement ; do + emake -C "${dir}" || die "doc emake failed" + done + fi +} + +src_install() { + emake \ + DESTDIR="${D}" \ + EXAMPLEDIR="/usr/share/doc/${PF}/examples" \ + install || die "install failed" + + # default database dir + keepdir /var/lib/krb5kdc + + cd .. + dodoc README + dodoc doc/*.ps + doinfo doc/*.info* + dohtml -r doc/* + + # die if we cannot respect a USE flag + if use doc ; then + dodoc doc/{api,implement}/*.ps || die "dodoc failed" + fi + + newinitd "${FILESDIR}"/mit-krb5kadmind.initd mit-krb5kadmind || die + newinitd "${FILESDIR}"/mit-krb5kdc.initd mit-krb5kdc || die + + insinto /etc + newins "${D}/usr/share/doc/${PF}/examples/krb5.conf" krb5.conf.example + insinto /var/lib/krb5kdc + newins "${D}/usr/share/doc/${PF}/examples/kdc.conf" kdc.conf.example + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema" || die + fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/kpropd.xinetd" kpropd || die + fi +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-1.8.0" ; then + einfo "" + elog "MIT split the Kerberos applications from the base Kerberos" + elog "distribution. Kerberized versions of telnet, rlogin, rsh, rcp," + elog "ftp clients and telnet, ftp deamons now live in" + elog "\"app-crypt/mit-krb5-appl\" package." + einfo "" + fi +} |