update debian/patches directory

author: Sam Hartman <hartmans@debian.org> 2019-01-13 16:46:47 -0500
committer: Sam Hartman <hartmans@debian.org> 2019-01-13 16:46:47 -0500
commit: 09f965eac3472f4bf98e4313362d3453855243f6 (patch)
tree: 38316d7ffd942f4b709dd39e4adfc1670da275af
parent: 66f03875cf45e75df20ec4f78f896fa5209a1389 (diff)
11 files changed, 43 insertions, 85 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index a205b4e8f..ec64f2d8b 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,5 +1,5 @@
 # see git-dpm(1) from git-dpm package
-2de32da21c17e0daa9a47d610c3fab3f10a58513
+d2a401455564fa2a51c78a0856492dfe3329a68f
 d2a401455564fa2a51c78a0856492dfe3329a68f
 a75eb54fd955cbf7a8ac44e527fd0e400e87844a
 a75eb54fd955cbf7a8ac44e527fd0e400e87844a
diff --git a/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch b/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch
index baa5d6ead..9f7778fcd 100644
--- a/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch
+++ b/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch
@@ -1,4 +1,4 @@
-From a0a91429b7ad38d677ee7b28492dba501156313b Mon Sep 17 00:00:00 2001
+From 85fcf9fc43e0b10fd0f90e056200ed028e50d297 Mon Sep 17 00:00:00 2001
 From: Sam Hartman <hartmans@debian.org>
 Date: Mon, 26 Dec 2011 18:05:13 -0500
 Subject: Debian: HURD compatibility
@@ -10,10 +10,10 @@ Patch-Category: debian-local
  src/clients/ksu/ksu.h                       | 4 ++++
  src/include/k5-int.h                        | 3 +++
  src/kadmin/ktutil/ktutil_funcs.c            | 4 ++++
+ src/kprop/kprop_util.c                      | 4 ++++
  src/lib/gssapi/spnego/spnego_mech.c         | 3 +++
  src/lib/krb5/os/sn2princ.c                  | 4 ++++
  src/plugins/kdb/db2/libdb2/include/db-int.h | 4 ++++
- src/slave/kprop_util.c                      | 4 ++++
  src/tests/resolve/resolve.c                 | 4 ++++
  8 files changed, 30 insertions(+)
 
@@ -33,10 +33,10 @@ index 3bf0bd4384..f680b332c3 100644
  extern int optind;
  extern char * optarg;
 diff --git a/src/include/k5-int.h b/src/include/k5-int.h
-index e1b1cb040d..eadc7360d3 100644
+index 652242207a..e4f1678be6 100644
 --- a/src/include/k5-int.h
 +++ b/src/include/k5-int.h
-@@ -581,6 +581,9 @@ extern char *strdup (const char *);
+@@ -589,6 +589,9 @@ extern char *strdup (const char *);
  #ifdef HAVE_SYS_PARAM_H
  #include <sys/param.h>                  /* MAXPATHLEN */
  #endif
@@ -47,10 +47,10 @@ index e1b1cb040d..eadc7360d3 100644
  #ifdef HAVE_SYS_FILE_H
  #include <sys/file.h>                   /* prototypes for file-related
 diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c
-index 7a3aa0dcad..c9397a4486 100644
+index 6d119a2b64..fb7fa22f54 100644
 --- a/src/kadmin/ktutil/ktutil_funcs.c
 +++ b/src/kadmin/ktutil/ktutil_funcs.c
-@@ -33,6 +33,10 @@
+@@ -34,6 +34,10 @@
  #include <string.h>
  #include <ctype.h>
  
@@ -61,6 +61,21 @@ index 7a3aa0dcad..c9397a4486 100644
  /*
   * Free a kt_list
   */
+diff --git a/src/kprop/kprop_util.c b/src/kprop/kprop_util.c
+index c32d174b95..d72ab18967 100644
+--- a/src/kprop/kprop_util.c
++++ b/src/kprop/kprop_util.c
+@@ -32,6 +32,10 @@
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ 
++#ifndef MAXHOSTNAMELEN
++#define MAXHOSTNAMELEN 256
++#endif
++
+ /*
+  * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address.
+  * There is similar code elsewhere in the tree, so this should possibly become
 diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
 index 9d6027ce80..585d8a6581 100644
 --- a/src/lib/gssapi/spnego/spnego_mech.c
@@ -103,21 +118,6 @@ index 7e981d4a5f..d83b3b6a6f 100644
 +# define MAXPATHLEN 4096
 +#endif
  #endif /* _DB_INT_H_ */
-diff --git a/src/slave/kprop_util.c b/src/slave/kprop_util.c
-index 7e1ec229d0..49030ec020 100644
---- a/src/slave/kprop_util.c
-+++ b/src/slave/kprop_util.c
-@@ -32,6 +32,10 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- 
-+#ifndef MAXHOSTNAMELEN
-+#define MAXHOSTNAMELEN 256
-+#endif
-+
- /*
-  * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address.
-  * There is similar code elsewhere in the tree, so this should possibly become
 diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c
 index 7339d21bd9..38f725322b 100644
 --- a/src/tests/resolve/resolve.c
diff --git a/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch b/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch
index 23b13fdfa..3f6a4bd0a 100644
--- a/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch
+++ b/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch
@@ -1,4 +1,4 @@
-From b1f73c56bbac5e2dceed23f2904ffc983c6d6b24 Mon Sep 17 00:00:00 2001
+From 8cbb465da2e4ae37b8afd884910506422eadd0f8 Mon Sep 17 00:00:00 2001
 From: Sam Hartman <hartmans@debian.org>
 Date: Mon, 26 Dec 2011 18:19:53 -0500
 Subject: debian: Handle multi-arch paths in krb5-config
diff --git a/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch b/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch
index 844af0c47..bb5aac91b 100644
--- a/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch
+++ b/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch
@@ -1,33 +1,35 @@
-From 5ec003b1363ccd4d89d88f83165f850bb082b98a Mon Sep 17 00:00:00 2001
+From d0706297a8a7a9fb45deb0973e15506dc31b1c83 Mon Sep 17 00:00:00 2001
 From: Sam Hartman <hartmans@debian.org>
 Date: Mon, 26 Dec 2011 18:20:11 -0500
 Subject: debian: osconf.hin path changes
 
 Patch-Category: debian-local
 ---
- src/include/osconf.hin | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ src/include/osconf.hin | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/src/include/osconf.hin b/src/include/osconf.hin
-index 98a467454b..2f51cc13c7 100644
+index c24717be67..c103424955 100644
 --- a/src/include/osconf.hin
 +++ b/src/include/osconf.hin
-@@ -59,7 +59,7 @@
- #define PLUGIN_EXT              "@DYNOBJEXT"
+@@ -70,8 +70,8 @@
+ #endif
  
  #define KDC_DIR                 "@LOCALSTATEDIR/krb5kdc"
 -#define KDC_RUN_DIR             "@RUNSTATEDIR/krb5kdc"
+-#define DEFAULT_KDB_FILE        KDC_DIR "/principal"
 +#define KDC_RUN_DIR             "/run/krb5kdc"
- #define DEFAULT_KDB_FILE        KDC_DIR "/principal"
++#define DEFAULT_KDB_FILE        "/var/lib/krb5kdc/principal"
  #define DEFAULT_KEYFILE_STUB    KDC_DIR "/.k5."
  #define KRB5_DEFAULT_ADMIN_ACL  KDC_DIR "/krb5_adm.acl"
-@@ -114,8 +114,8 @@
-  * krb5 slave support follows
+ /* Used by old admin server */
+@@ -125,8 +125,8 @@
+  * krb5 replica support follows
   */
  
--#define KPROP_DEFAULT_FILE KDC_DIR "/slave_datatrans"
+-#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans"
 -#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master"
-+#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/slave_datatrans"
++#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/replica_datatrans"
 +#define KPROPD_DEFAULT_FILE "/var/lib/krb5kdc/from_master"
  #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
  #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop"
diff --git a/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch b/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch
index e332d4c09..e28dd7065 100644
--- a/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch
+++ b/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch
@@ -1,4 +1,4 @@
-From 738f1fe8e2529f51bc9a50716a8ffcdbaa61b8dd Mon Sep 17 00:00:00 2001
+From de937376c58397109ef2bf087ce4073caa37fb29 Mon Sep 17 00:00:00 2001
 From: Sam Hartman <hartmans@debian.org>
 Date: Mon, 26 Dec 2011 18:12:39 -0500
 Subject: debian: install ldap library in subdirectory
diff --git a/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch b/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch
index fcfb65069..501ae30a5 100644
--- a/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch
+++ b/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch
@@ -1,4 +1,4 @@
-From f88cb0d8e81ba3f8f700ea62d4c770218c29ad20 Mon Sep 17 00:00:00 2001
+From dd3d9bb7d1c07fd5e12b5a0595a8aa351cdaff82 Mon Sep 17 00:00:00 2001
 From: Benjamin Kaduk <kaduk@mit.edu>
 Date: Fri, 29 Mar 2013 17:18:40 -0400
 Subject: gssapi: never unload mechanisms
@@ -20,10 +20,10 @@ Patch-Category: debian-local
  1 file changed, 2 deletions(-)
 
 diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
-index 9197666e10..890bd2c037 100644
+index 0ad11c0b02..a3926e166e 100644
 --- a/src/lib/gssapi/mechglue/g_initialize.c
 +++ b/src/lib/gssapi/mechglue/g_initialize.c
-@@ -562,8 +562,6 @@ releaseMechInfo(gss_mech_info *pCf)
+@@ -559,8 +559,6 @@ releaseMechInfo(gss_mech_info *pCf)
  		generic_gss_release_oid(&minor_status, &cf->mech_type);
  	if (cf->freeMech)
  		zapfree(cf->mech, sizeof(*cf->mech));
diff --git a/debian/patches/debian-local/0006-Add-substpdf-target.patch b/debian/patches/debian-local/0006-Add-substpdf-target.patch
index 97cbf07b5..7a287f162 100644
--- a/debian/patches/debian-local/0006-Add-substpdf-target.patch
+++ b/debian/patches/debian-local/0006-Add-substpdf-target.patch
@@ -1,4 +1,4 @@
-From 05d1fa84b8fef75d33a1fc83093fec390a27bc17 Mon Sep 17 00:00:00 2001
+From cbb7f2bbb739cc8766cacc64141a1a5a87642692 Mon Sep 17 00:00:00 2001
 From: Ben Kaduk <kaduk@mit.edu>
 Date: Fri, 29 Mar 2013 20:53:37 -0400
 Subject: Add substpdf target
diff --git a/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch b/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch
index 6bd9d8b5f..1c67b9a42 100644
--- a/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch
+++ b/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch
@@ -1,4 +1,4 @@
-From 764e2ddaab1c9503efd07d08192fbb679fcb25ea Mon Sep 17 00:00:00 2001
+From baeaf3b108107146437608f3fc14249e3cdaed99 Mon Sep 17 00:00:00 2001
 From: Jelmer Vernooij <jelmer@debian.org>
 Date: Wed, 27 Aug 2014 16:40:29 -0400
 Subject: Fix pkg-config library/include paths
diff --git a/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch b/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch
index c9c2349e8..6465bb039 100644
--- a/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch
+++ b/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch
@@ -1,4 +1,4 @@
-From bfee7ec7d0e66b80bf034609bfd34cb76bc07137 Mon Sep 17 00:00:00 2001
+From d2a401455564fa2a51c78a0856492dfe3329a68f Mon Sep 17 00:00:00 2001
 From: Jelmer Vernooij <jelmer@debian.org>
 Date: Wed, 3 Sep 2014 22:41:55 -0400
 Subject: Use -isystem for include paths
diff --git a/debian/patches/series b/debian/patches/series
index c2160d09e..e63244523 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,4 +6,3 @@ debian-local/0005-gssapi-never-unload-mechanisms.patch
 debian-local/0006-Add-substpdf-target.patch
 debian-local/0007-Fix-pkg-config-library-include-paths.patch
 debian-local/0008-Use-isystem-for-include-paths.patch
-upstream/0009-Remove-incorrect-KDC-assertion.patch
diff --git a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch b/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch
deleted file mode 100644
index 7b4868fdf..000000000
--- a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 2de32da21c17e0daa9a47d610c3fab3f10a58513 Mon Sep 17 00:00:00 2001
-From: Isaac Boukris <iboukris@gmail.com>
-Date: Sat, 15 Dec 2018 11:56:36 +0200
-Subject: Remove incorrect KDC assertion
-
-The assertion in return_enc_padata() is reachable because
-kdc_make_s4u2self_rep() may have previously added encrypted padata.
-It is no longer necessary because the code uses add_pa_data_element()
-instead of allocating a new list.
-
-CVE-2018-20217:
-
-In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT
-using an older encryption type (DES, DES3, or RC4) can cause an
-assertion failure in the KDC by sending an S4U2Self request.
-
-[ghudson@mit.edu: rewrote commit message with CVE description]
-
-ticket: 8767 (new)
-tags: pullup
-target_version: 1.17
-target_version: 1.16-next
-target_version: 1.15-next
-
-(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def)
-
-Patch-Category: upstream
----
- src/kdc/kdc_preauth.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
-index 81d0b8cffd..787a09684c 100644
---- a/src/kdc/kdc_preauth.c
-+++ b/src/kdc/kdc_preauth.c
-@@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt,
-     krb5_error_code code = 0;
-     /* This should be initialized and only used for Win2K compat and other
-      * specific standardized uses such as FAST negotiation. */
--    assert(reply_encpart->enc_padata == NULL);
-     if (is_referral) {
-         code = return_referral_enc_padata(context, reply_encpart, server);
-         if (code)
author	Sam Hartman <hartmans@debian.org>	2019-01-13 16:46:47 -0500
committer	Sam Hartman <hartmans@debian.org>	2019-01-13 16:46:47 -0500
commit	09f965eac3472f4bf98e4313362d3453855243f6 (patch)
tree	38316d7ffd942f4b709dd39e4adfc1670da275af
parent	66f03875cf45e75df20ec4f78f896fa5209a1389 (diff)