diff options
author | Sam Hartman <hartmans@debian.org> | 2019-01-13 16:46:47 -0500 |
---|---|---|
committer | Sam Hartman <hartmans@debian.org> | 2019-01-13 16:46:47 -0500 |
commit | 09f965eac3472f4bf98e4313362d3453855243f6 (patch) | |
tree | 38316d7ffd942f4b709dd39e4adfc1670da275af | |
parent | 66f03875cf45e75df20ec4f78f896fa5209a1389 (diff) |
update debian/patches directory
11 files changed, 43 insertions, 85 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index a205b4e8f..ec64f2d8b 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm @@ -1,5 +1,5 @@ # see git-dpm(1) from git-dpm package -2de32da21c17e0daa9a47d610c3fab3f10a58513 +d2a401455564fa2a51c78a0856492dfe3329a68f d2a401455564fa2a51c78a0856492dfe3329a68f a75eb54fd955cbf7a8ac44e527fd0e400e87844a a75eb54fd955cbf7a8ac44e527fd0e400e87844a diff --git a/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch b/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch index baa5d6ead..9f7778fcd 100644 --- a/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch +++ b/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch @@ -1,4 +1,4 @@ -From a0a91429b7ad38d677ee7b28492dba501156313b Mon Sep 17 00:00:00 2001 +From 85fcf9fc43e0b10fd0f90e056200ed028e50d297 Mon Sep 17 00:00:00 2001 From: Sam Hartman <hartmans@debian.org> Date: Mon, 26 Dec 2011 18:05:13 -0500 Subject: Debian: HURD compatibility @@ -10,10 +10,10 @@ Patch-Category: debian-local src/clients/ksu/ksu.h | 4 ++++ src/include/k5-int.h | 3 +++ src/kadmin/ktutil/ktutil_funcs.c | 4 ++++ + src/kprop/kprop_util.c | 4 ++++ src/lib/gssapi/spnego/spnego_mech.c | 3 +++ src/lib/krb5/os/sn2princ.c | 4 ++++ src/plugins/kdb/db2/libdb2/include/db-int.h | 4 ++++ - src/slave/kprop_util.c | 4 ++++ src/tests/resolve/resolve.c | 4 ++++ 8 files changed, 30 insertions(+) @@ -33,10 +33,10 @@ index 3bf0bd4384..f680b332c3 100644 extern int optind; extern char * optarg; diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index e1b1cb040d..eadc7360d3 100644 +index 652242207a..e4f1678be6 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h -@@ -581,6 +581,9 @@ extern char *strdup (const char *); +@@ -589,6 +589,9 @@ extern char *strdup (const char *); #ifdef HAVE_SYS_PARAM_H #include <sys/param.h> /* MAXPATHLEN */ #endif @@ -47,10 +47,10 @@ index e1b1cb040d..eadc7360d3 100644 #ifdef HAVE_SYS_FILE_H #include <sys/file.h> /* prototypes for file-related diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c -index 7a3aa0dcad..c9397a4486 100644 +index 6d119a2b64..fb7fa22f54 100644 --- a/src/kadmin/ktutil/ktutil_funcs.c +++ b/src/kadmin/ktutil/ktutil_funcs.c -@@ -33,6 +33,10 @@ +@@ -34,6 +34,10 @@ #include <string.h> #include <ctype.h> @@ -61,6 +61,21 @@ index 7a3aa0dcad..c9397a4486 100644 /* * Free a kt_list */ +diff --git a/src/kprop/kprop_util.c b/src/kprop/kprop_util.c +index c32d174b95..d72ab18967 100644 +--- a/src/kprop/kprop_util.c ++++ b/src/kprop/kprop_util.c +@@ -32,6 +32,10 @@ + #include <sys/types.h> + #include <sys/socket.h> + ++#ifndef MAXHOSTNAMELEN ++#define MAXHOSTNAMELEN 256 ++#endif ++ + /* + * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. + * There is similar code elsewhere in the tree, so this should possibly become diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 9d6027ce80..585d8a6581 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c @@ -103,21 +118,6 @@ index 7e981d4a5f..d83b3b6a6f 100644 +# define MAXPATHLEN 4096 +#endif #endif /* _DB_INT_H_ */ -diff --git a/src/slave/kprop_util.c b/src/slave/kprop_util.c -index 7e1ec229d0..49030ec020 100644 ---- a/src/slave/kprop_util.c -+++ b/src/slave/kprop_util.c -@@ -32,6 +32,10 @@ - #include <sys/types.h> - #include <sys/socket.h> - -+#ifndef MAXHOSTNAMELEN -+#define MAXHOSTNAMELEN 256 -+#endif -+ - /* - * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. - * There is similar code elsewhere in the tree, so this should possibly become diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c index 7339d21bd9..38f725322b 100644 --- a/src/tests/resolve/resolve.c diff --git a/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch b/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch index 23b13fdfa..3f6a4bd0a 100644 --- a/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch +++ b/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch @@ -1,4 +1,4 @@ -From b1f73c56bbac5e2dceed23f2904ffc983c6d6b24 Mon Sep 17 00:00:00 2001 +From 8cbb465da2e4ae37b8afd884910506422eadd0f8 Mon Sep 17 00:00:00 2001 From: Sam Hartman <hartmans@debian.org> Date: Mon, 26 Dec 2011 18:19:53 -0500 Subject: debian: Handle multi-arch paths in krb5-config diff --git a/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch b/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch index 844af0c47..bb5aac91b 100644 --- a/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch +++ b/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch @@ -1,33 +1,35 @@ -From 5ec003b1363ccd4d89d88f83165f850bb082b98a Mon Sep 17 00:00:00 2001 +From d0706297a8a7a9fb45deb0973e15506dc31b1c83 Mon Sep 17 00:00:00 2001 From: Sam Hartman <hartmans@debian.org> Date: Mon, 26 Dec 2011 18:20:11 -0500 Subject: debian: osconf.hin path changes Patch-Category: debian-local --- - src/include/osconf.hin | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + src/include/osconf.hin | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/osconf.hin b/src/include/osconf.hin -index 98a467454b..2f51cc13c7 100644 +index c24717be67..c103424955 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin -@@ -59,7 +59,7 @@ - #define PLUGIN_EXT "@DYNOBJEXT" +@@ -70,8 +70,8 @@ + #endif #define KDC_DIR "@LOCALSTATEDIR/krb5kdc" -#define KDC_RUN_DIR "@RUNSTATEDIR/krb5kdc" +-#define DEFAULT_KDB_FILE KDC_DIR "/principal" +#define KDC_RUN_DIR "/run/krb5kdc" - #define DEFAULT_KDB_FILE KDC_DIR "/principal" ++#define DEFAULT_KDB_FILE "/var/lib/krb5kdc/principal" #define DEFAULT_KEYFILE_STUB KDC_DIR "/.k5." #define KRB5_DEFAULT_ADMIN_ACL KDC_DIR "/krb5_adm.acl" -@@ -114,8 +114,8 @@ - * krb5 slave support follows + /* Used by old admin server */ +@@ -125,8 +125,8 @@ + * krb5 replica support follows */ --#define KPROP_DEFAULT_FILE KDC_DIR "/slave_datatrans" +-#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans" -#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master" -+#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/slave_datatrans" ++#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/replica_datatrans" +#define KPROPD_DEFAULT_FILE "/var/lib/krb5kdc/from_master" #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util" #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop" diff --git a/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch b/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch index e332d4c09..e28dd7065 100644 --- a/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch +++ b/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch @@ -1,4 +1,4 @@ -From 738f1fe8e2529f51bc9a50716a8ffcdbaa61b8dd Mon Sep 17 00:00:00 2001 +From de937376c58397109ef2bf087ce4073caa37fb29 Mon Sep 17 00:00:00 2001 From: Sam Hartman <hartmans@debian.org> Date: Mon, 26 Dec 2011 18:12:39 -0500 Subject: debian: install ldap library in subdirectory diff --git a/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch b/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch index fcfb65069..501ae30a5 100644 --- a/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch +++ b/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch @@ -1,4 +1,4 @@ -From f88cb0d8e81ba3f8f700ea62d4c770218c29ad20 Mon Sep 17 00:00:00 2001 +From dd3d9bb7d1c07fd5e12b5a0595a8aa351cdaff82 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <kaduk@mit.edu> Date: Fri, 29 Mar 2013 17:18:40 -0400 Subject: gssapi: never unload mechanisms @@ -20,10 +20,10 @@ Patch-Category: debian-local 1 file changed, 2 deletions(-) diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c -index 9197666e10..890bd2c037 100644 +index 0ad11c0b02..a3926e166e 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c -@@ -562,8 +562,6 @@ releaseMechInfo(gss_mech_info *pCf) +@@ -559,8 +559,6 @@ releaseMechInfo(gss_mech_info *pCf) generic_gss_release_oid(&minor_status, &cf->mech_type); if (cf->freeMech) zapfree(cf->mech, sizeof(*cf->mech)); diff --git a/debian/patches/debian-local/0006-Add-substpdf-target.patch b/debian/patches/debian-local/0006-Add-substpdf-target.patch index 97cbf07b5..7a287f162 100644 --- a/debian/patches/debian-local/0006-Add-substpdf-target.patch +++ b/debian/patches/debian-local/0006-Add-substpdf-target.patch @@ -1,4 +1,4 @@ -From 05d1fa84b8fef75d33a1fc83093fec390a27bc17 Mon Sep 17 00:00:00 2001 +From cbb7f2bbb739cc8766cacc64141a1a5a87642692 Mon Sep 17 00:00:00 2001 From: Ben Kaduk <kaduk@mit.edu> Date: Fri, 29 Mar 2013 20:53:37 -0400 Subject: Add substpdf target diff --git a/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch b/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch index 6bd9d8b5f..1c67b9a42 100644 --- a/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch +++ b/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch @@ -1,4 +1,4 @@ -From 764e2ddaab1c9503efd07d08192fbb679fcb25ea Mon Sep 17 00:00:00 2001 +From baeaf3b108107146437608f3fc14249e3cdaed99 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij <jelmer@debian.org> Date: Wed, 27 Aug 2014 16:40:29 -0400 Subject: Fix pkg-config library/include paths diff --git a/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch b/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch index c9c2349e8..6465bb039 100644 --- a/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch +++ b/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch @@ -1,4 +1,4 @@ -From bfee7ec7d0e66b80bf034609bfd34cb76bc07137 Mon Sep 17 00:00:00 2001 +From d2a401455564fa2a51c78a0856492dfe3329a68f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij <jelmer@debian.org> Date: Wed, 3 Sep 2014 22:41:55 -0400 Subject: Use -isystem for include paths diff --git a/debian/patches/series b/debian/patches/series index c2160d09e..e63244523 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,4 +6,3 @@ debian-local/0005-gssapi-never-unload-mechanisms.patch debian-local/0006-Add-substpdf-target.patch debian-local/0007-Fix-pkg-config-library-include-paths.patch debian-local/0008-Use-isystem-for-include-paths.patch -upstream/0009-Remove-incorrect-KDC-assertion.patch diff --git a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch b/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch deleted file mode 100644 index 7b4868fdf..000000000 --- a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2de32da21c17e0daa9a47d610c3fab3f10a58513 Mon Sep 17 00:00:00 2001 -From: Isaac Boukris <iboukris@gmail.com> -Date: Sat, 15 Dec 2018 11:56:36 +0200 -Subject: Remove incorrect KDC assertion - -The assertion in return_enc_padata() is reachable because -kdc_make_s4u2self_rep() may have previously added encrypted padata. -It is no longer necessary because the code uses add_pa_data_element() -instead of allocating a new list. - -CVE-2018-20217: - -In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT -using an older encryption type (DES, DES3, or RC4) can cause an -assertion failure in the KDC by sending an S4U2Self request. - -[ghudson@mit.edu: rewrote commit message with CVE description] - -ticket: 8767 (new) -tags: pullup -target_version: 1.17 -target_version: 1.16-next -target_version: 1.15-next - -(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def) - -Patch-Category: upstream ---- - src/kdc/kdc_preauth.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c -index 81d0b8cffd..787a09684c 100644 ---- a/src/kdc/kdc_preauth.c -+++ b/src/kdc/kdc_preauth.c -@@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, - krb5_error_code code = 0; - /* This should be initialized and only used for Win2K compat and other - * specific standardized uses such as FAST negotiation. */ -- assert(reply_encpart->enc_padata == NULL); - if (is_referral) { - code = return_referral_enc_padata(context, reply_encpart, server); - if (code) |