1 files changed, 0 insertions, 43 deletions

diff --git a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch b/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch
deleted file mode 100644
index 7b4868fdf..000000000
--- a/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 2de32da21c17e0daa9a47d610c3fab3f10a58513 Mon Sep 17 00:00:00 2001
-From: Isaac Boukris <iboukris@gmail.com>
-Date: Sat, 15 Dec 2018 11:56:36 +0200
-Subject: Remove incorrect KDC assertion
-
-The assertion in return_enc_padata() is reachable because
-kdc_make_s4u2self_rep() may have previously added encrypted padata.
-It is no longer necessary because the code uses add_pa_data_element()
-instead of allocating a new list.
-
-CVE-2018-20217:
-
-In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT
-using an older encryption type (DES, DES3, or RC4) can cause an
-assertion failure in the KDC by sending an S4U2Self request.
-
-[ghudson@mit.edu: rewrote commit message with CVE description]
-
-ticket: 8767 (new)
-tags: pullup
-target_version: 1.17
-target_version: 1.16-next
-target_version: 1.15-next
-
-(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def)
-
-Patch-Category: upstream
----
- src/kdc/kdc_preauth.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
-index 81d0b8cffd..787a09684c 100644
---- a/src/kdc/kdc_preauth.c
-+++ b/src/kdc/kdc_preauth.c
-@@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt,
-     krb5_error_code code = 0;
-     /* This should be initialized and only used for Win2K compat and other
-      * specific standardized uses such as FAST negotiation. */
--    assert(reply_encpart->enc_padata == NULL);
-     if (is_referral) {
-         code = return_referral_enc_padata(context, reply_encpart, server);
-         if (code)