diff options
Diffstat (limited to 'debian/patches')
12 files changed, 703 insertions, 0 deletions
diff --git a/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch b/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch new file mode 100644 index 000000000..9f7778fcd --- /dev/null +++ b/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch @@ -0,0 +1,135 @@ +From 85fcf9fc43e0b10fd0f90e056200ed028e50d297 Mon Sep 17 00:00:00 2001 +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 26 Dec 2011 18:05:13 -0500 +Subject: Debian: HURD compatibility + +HURD has no MAXPATHLEN or MAXHOSTLEN. + +Patch-Category: debian-local +--- + src/clients/ksu/ksu.h | 4 ++++ + src/include/k5-int.h | 3 +++ + src/kadmin/ktutil/ktutil_funcs.c | 4 ++++ + src/kprop/kprop_util.c | 4 ++++ + src/lib/gssapi/spnego/spnego_mech.c | 3 +++ + src/lib/krb5/os/sn2princ.c | 4 ++++ + src/plugins/kdb/db2/libdb2/include/db-int.h | 4 ++++ + src/tests/resolve/resolve.c | 4 ++++ + 8 files changed, 30 insertions(+) + +diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h +index 3bf0bd4384..f680b332c3 100644 +--- a/src/clients/ksu/ksu.h ++++ b/src/clients/ksu/ksu.h +@@ -56,6 +56,10 @@ + #define MAX_CMD 2048 /* this is temp, should use realloc instead, + as done in most of the code */ + ++#ifndef MAXPATHLEN ++# define MAXPATHLEN 4096 ++#endif ++ + + extern int optind; + extern char * optarg; +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 652242207a..e4f1678be6 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -589,6 +589,9 @@ extern char *strdup (const char *); + #ifdef HAVE_SYS_PARAM_H + #include <sys/param.h> /* MAXPATHLEN */ + #endif ++#ifndef MAXPATHLEN ++# define MAXPATHLEN 4096 ++#endif + + #ifdef HAVE_SYS_FILE_H + #include <sys/file.h> /* prototypes for file-related +diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c +index 6d119a2b64..fb7fa22f54 100644 +--- a/src/kadmin/ktutil/ktutil_funcs.c ++++ b/src/kadmin/ktutil/ktutil_funcs.c +@@ -34,6 +34,10 @@ + #include <string.h> + #include <ctype.h> + ++#ifndef MAXPATHLEN ++# define MAXPATHLEN 4096 ++#endif ++ + /* + * Free a kt_list + */ +diff --git a/src/kprop/kprop_util.c b/src/kprop/kprop_util.c +index c32d174b95..d72ab18967 100644 +--- a/src/kprop/kprop_util.c ++++ b/src/kprop/kprop_util.c +@@ -32,6 +32,10 @@ + #include <sys/types.h> + #include <sys/socket.h> + ++#ifndef MAXHOSTNAMELEN ++#define MAXHOSTNAMELEN 256 ++#endif ++ + /* + * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. + * There is similar code elsewhere in the tree, so this should possibly become +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index 9d6027ce80..585d8a6581 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -65,6 +65,9 @@ + #include "gssapiP_spnego.h" + #include <gssapi_err_generic.h> + ++#ifndef MAXHOSTNAMELEN ++#define MAXHOSTNAMELEN 256 ++#endif + + #undef g_token_size + #undef g_verify_token_header +diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c +index 5932fd9b3f..187daa84d6 100644 +--- a/src/lib/krb5/os/sn2princ.c ++++ b/src/lib/krb5/os/sn2princ.c +@@ -126,6 +126,10 @@ find_trailer(const char *hostname) + return p; + } + ++#ifndef MAXHOSTNAMELEN ++# define MAXHOSTNAMELEN 256 ++#endif ++ + krb5_error_code KRB5_CALLCONV + krb5_sname_to_principal(krb5_context context, const char *hostname, + const char *sname, krb5_int32 type, +diff --git a/src/plugins/kdb/db2/libdb2/include/db-int.h b/src/plugins/kdb/db2/libdb2/include/db-int.h +index 7e981d4a5f..d83b3b6a6f 100644 +--- a/src/plugins/kdb/db2/libdb2/include/db-int.h ++++ b/src/plugins/kdb/db2/libdb2/include/db-int.h +@@ -280,4 +280,8 @@ void __dbpanic __P((DB *dbp)); + #ifndef O_BINARY + #define O_BINARY 0 /* Needed for Win32 compiles */ + #endif ++ ++#ifndef MAXPATHLEN ++# define MAXPATHLEN 4096 ++#endif + #endif /* _DB_INT_H_ */ +diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c +index 7339d21bd9..38f725322b 100644 +--- a/src/tests/resolve/resolve.c ++++ b/src/tests/resolve/resolve.c +@@ -73,6 +73,10 @@ char *strchr(); + #include <netinet/in.h> + #include <netdb.h> + ++#ifndef MAXHOSTNAMELEN ++# define MAXHOSTNAMELEN 256 ++#endif ++ + int + main(argc, argv) + int argc; diff --git a/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch b/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch new file mode 100644 index 000000000..3f6a4bd0a --- /dev/null +++ b/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch @@ -0,0 +1,66 @@ +From 8cbb465da2e4ae37b8afd884910506422eadd0f8 Mon Sep 17 00:00:00 2001 +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 26 Dec 2011 18:19:53 -0500 +Subject: debian: Handle multi-arch paths in krb5-config + +We cannot use @libdir@ because that will include the +multi-arch prefix in the built krb5-config, but we want krb5-config to +be identical on all arches so that krb5-multidev can be multi-arch: +same. So, instead, figure out our multi-arch tripple by calling CC +directly. + +Based on an approach suggested by Hugh McMaster. + +Also include --deps in the usage output, since it is a valid argument. + +Patch-Category: debian-local +--- + src/build-tools/krb5-config.in | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in +index f6184da3fb..ac2f5827d3 100755 +--- a/src/build-tools/krb5-config.in ++++ b/src/build-tools/krb5-config.in +@@ -26,11 +26,18 @@ + + # Configurable parameters set by autoconf + version_string="Kerberos 5 release @KRB5_VERSION@" ++CC=${CC-cc} ++tripple=`$CC -print-multiarch 2>/dev/null|| ( $CC -dumpmachine | sed 's/-pc//' )` ++if [ x$tripple = x ]; then ++ echo >&2 Failed to find installation architecture ++ exit 2 ++fi ++ + + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-includedir=@includedir@ +-libdir=@libdir@ ++includedir=@prefix@/include/mit-krb5 ++libdir=@prefix@/lib/${tripple}/mit-krb5 + CC_LINK='@CC_LINK@' + KDB5_DB_LIB=@KDB5_DB_LIB@ + LDFLAGS='@LDFLAGS@' +@@ -138,6 +145,7 @@ if test -n "$do_help"; then + echo " [--defktname] Show built-in default keytab name" + echo " [--defcktname] Show built-in default client keytab name" + echo " [--cflags] Compile time CFLAGS" ++ echo " [--deps] Include dependent libraries" + echo " [--libs] List libraries required to link [LIBRARIES]" + echo "Libraries:" + echo " krb5 Kerberos 5 application" +@@ -208,12 +216,7 @@ fi + + + if test -n "$do_libs"; then +- # Assumes /usr/lib is the standard library directory everywhere... +- if test "$libdir" = /usr/lib; then +- libdirarg= +- else + libdirarg="-L$libdir" +- fi + # Ugly gross hack for our build tree + lib_flags=`echo $CC_LINK | sed -e 's/\$(CC)//' \ + -e 's/\$(PURE)//' \ diff --git a/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch b/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch new file mode 100644 index 000000000..bb5aac91b --- /dev/null +++ b/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch @@ -0,0 +1,36 @@ +From d0706297a8a7a9fb45deb0973e15506dc31b1c83 Mon Sep 17 00:00:00 2001 +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 26 Dec 2011 18:20:11 -0500 +Subject: debian: osconf.hin path changes + +Patch-Category: debian-local +--- + src/include/osconf.hin | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/include/osconf.hin b/src/include/osconf.hin +index c24717be67..c103424955 100644 +--- a/src/include/osconf.hin ++++ b/src/include/osconf.hin +@@ -70,8 +70,8 @@ + #endif + + #define KDC_DIR "@LOCALSTATEDIR/krb5kdc" +-#define KDC_RUN_DIR "@RUNSTATEDIR/krb5kdc" +-#define DEFAULT_KDB_FILE KDC_DIR "/principal" ++#define KDC_RUN_DIR "/run/krb5kdc" ++#define DEFAULT_KDB_FILE "/var/lib/krb5kdc/principal" + #define DEFAULT_KEYFILE_STUB KDC_DIR "/.k5." + #define KRB5_DEFAULT_ADMIN_ACL KDC_DIR "/krb5_adm.acl" + /* Used by old admin server */ +@@ -125,8 +125,8 @@ + * krb5 replica support follows + */ + +-#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans" +-#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master" ++#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/replica_datatrans" ++#define KPROPD_DEFAULT_FILE "/var/lib/krb5kdc/from_master" + #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util" + #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop" + #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE diff --git a/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch b/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch new file mode 100644 index 000000000..e28dd7065 --- /dev/null +++ b/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch @@ -0,0 +1,41 @@ +From de937376c58397109ef2bf087ce4073caa37fb29 Mon Sep 17 00:00:00 2001 +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 26 Dec 2011 18:12:39 -0500 +Subject: debian: install ldap library in subdirectory + +Debian received a request to install the internal ldap library not in +the main lib directory. + +We are changing SHLIB_DIRS from the default that upstream sets in the +makefile includes; assign unconditionally the full value. + +Patch-Category: debian-local +--- + src/plugins/kdb/ldap/Makefile.in | 1 + + src/plugins/kdb/ldap/ldap_util/Makefile.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/plugins/kdb/ldap/Makefile.in b/src/plugins/kdb/ldap/Makefile.in +index 94df816eb5..2ed562b110 100644 +--- a/src/plugins/kdb/ldap/Makefile.in ++++ b/src/plugins/kdb/ldap/Makefile.in +@@ -20,6 +20,7 @@ SHLIB_EXPDEPS = \ + $(TOPLIBD)/libkrb5$(SHLIBEXT) \ + $(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(SHLIBEXT) + SHLIB_EXPLIBS= -lkdb_ldap $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto -lkrb5support $(LIBS) ++SHLIB_DIRS=-L$(TOPLIBD) -Wl,-rpath,$(KRB5_LIBDIR)/krb5 + + SRCS= $(srcdir)/ldap_exp.c + +diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in +index 8669c2436c..2d92a26be5 100644 +--- a/src/plugins/kdb/ldap/ldap_util/Makefile.in ++++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in +@@ -2,6 +2,7 @@ mydir=plugins$(S)kdb$(S)ldap$(S)ldap_util + BUILDTOP=$(REL)..$(S)..$(S)..$(S).. + DEFINES = -DKDB4_DISABLE + LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(top_srcdir)/lib/kdb ++PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) -Wl,-rpath,$(KRB5_LIBDIR)/krb5 + #KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) + KDB_DEP_LIB=$(DL_LIB) -lkdb_ldap $(THREAD_LINKOPTS) + diff --git a/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch b/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch new file mode 100644 index 000000000..501ae30a5 --- /dev/null +++ b/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch @@ -0,0 +1,34 @@ +From dd3d9bb7d1c07fd5e12b5a0595a8aa351cdaff82 Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <kaduk@mit.edu> +Date: Fri, 29 Mar 2013 17:18:40 -0400 +Subject: gssapi: never unload mechanisms + +It turns out that many GSSAPI mechanisms link to the main gss-api +library creating a circular reference. Depending on how the linker +breaks the cycle at process exit time, the linker may unload the GSS +library after unloading the mechanisms. The explicit dlclose from the +GSS library tends to cause a libdl assertion failure at that +point. So, never unload plugins. They are refcounted, so dlopen +handles will not leak, although obviously the memory from the plugin +is never reclaimed. + +ticket: 7135 + +Patch-Category: debian-local +--- + src/lib/gssapi/mechglue/g_initialize.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c +index 0ad11c0b02..a3926e166e 100644 +--- a/src/lib/gssapi/mechglue/g_initialize.c ++++ b/src/lib/gssapi/mechglue/g_initialize.c +@@ -559,8 +559,6 @@ releaseMechInfo(gss_mech_info *pCf) + generic_gss_release_oid(&minor_status, &cf->mech_type); + if (cf->freeMech) + zapfree(cf->mech, sizeof(*cf->mech)); +- if (cf->dl_handle != NULL) +- krb5int_close_plugin(cf->dl_handle); + if (cf->int_mech_type != GSS_C_NO_OID) + generic_gss_release_oid(&minor_status, &cf->int_mech_type); + diff --git a/debian/patches/debian-local/0006-Add-substpdf-target.patch b/debian/patches/debian-local/0006-Add-substpdf-target.patch new file mode 100644 index 000000000..7a287f162 --- /dev/null +++ b/debian/patches/debian-local/0006-Add-substpdf-target.patch @@ -0,0 +1,40 @@ +From cbb7f2bbb739cc8766cacc64141a1a5a87642692 Mon Sep 17 00:00:00 2001 +From: Ben Kaduk <kaduk@mit.edu> +Date: Fri, 29 Mar 2013 20:53:37 -0400 +Subject: Add substpdf target + +Akin to substhtml, so that we can build PDF documents without +overwriting the upstream-provided versions and causing debian/rules clean +to not return to the original state. + +Patch-Category: debian-local +--- + src/doc/Makefile.in | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/src/doc/Makefile.in b/src/doc/Makefile.in +index 1fb5fea927..043de76fa5 100644 +--- a/src/doc/Makefile.in ++++ b/src/doc/Makefile.in +@@ -87,6 +87,21 @@ pdf: $(PDFDIR) + rm -f *.dvi *.log *.ind *.aux *.toc *.syn *.idx *.out *.ilg *.pla \ + ) + ++substpdf: rst_composite ++ $(SPHINX_BUILD) -t pathsubs -b latex -q rst_composite pdf_subst ++ mv pdf_subst/Makefile pdf_subst/GMakefile ++ (cd pdf_subst && \ ++ for i in $(PDFDOCS); do \ ++ texfile=`echo $${i}.tex` && \ ++ idxfile=`echo $${i}.idx` && \ ++ pdflatex $(LATEXOPTS) $$texfile && \ ++ pdflatex $(LATEXOPTS) $$texfile && \ ++ makeindex -s python.ist $$idxfile || true; \ ++ pdflatex $(LATEXOPTS) $$texfile && \ ++ pdflatex $(LATEXOPTS) $$texfile; done && \ ++ rm -f *.dvi *.log *.ind *.aux *.toc *.syn *.idx *.out *.ilg *.pla \ ++ ) ++ + # Use doxygen to generate API documentation, translate it into RST + # format, and then create a composite of $(docsrc)'s RST and the + # generated files in rst_composite. Used by the html and substhtml targets. diff --git a/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch b/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch new file mode 100644 index 000000000..1c67b9a42 --- /dev/null +++ b/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch @@ -0,0 +1,102 @@ +From baeaf3b108107146437608f3fc14249e3cdaed99 Mon Sep 17 00:00:00 2001 +From: Jelmer Vernooij <jelmer@debian.org> +Date: Wed, 27 Aug 2014 16:40:29 -0400 +Subject: Fix pkg-config library/include paths + +Include library and include flags in pkg-config files, so they work when the +symlinks provided by libkrb5-dev are not installed. + +Patch-Category: debian-local +--- + src/build-tools/gssrpc.pc.in | 4 ++-- + src/build-tools/kadm-client.pc.in | 4 ++-- + src/build-tools/kadm-server.pc.in | 4 ++-- + src/build-tools/kdb.pc.in | 4 ++-- + src/build-tools/mit-krb5-gssapi.pc.in | 4 ++-- + src/build-tools/mit-krb5.pc.in | 4 ++-- + 6 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/build-tools/gssrpc.pc.in b/src/build-tools/gssrpc.pc.in +index ca909217eb..e08c2e840a 100644 +--- a/src/build-tools/gssrpc.pc.in ++++ b/src/build-tools/gssrpc.pc.in +@@ -1,7 +1,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ ++libdir=@libdir@/mit-krb5 ++includedir=@includedir@/mit-krb5 + vendor=MIT + + Name: gssrpc +diff --git a/src/build-tools/kadm-client.pc.in b/src/build-tools/kadm-client.pc.in +index c8d1cd1262..de56a75213 100644 +--- a/src/build-tools/kadm-client.pc.in ++++ b/src/build-tools/kadm-client.pc.in +@@ -1,7 +1,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ ++libdir=@libdir@/mit-krb5 ++includedir=@includedir@/mit-krb5 + + Name: kadm-client + Description: Kerberos administration client library +diff --git a/src/build-tools/kadm-server.pc.in b/src/build-tools/kadm-server.pc.in +index cd2f86c649..a73ff86cfe 100644 +--- a/src/build-tools/kadm-server.pc.in ++++ b/src/build-tools/kadm-server.pc.in +@@ -1,7 +1,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ ++libdir=@libdir@/mit-krb5 ++includedir=@includedir@/mit-krb5 + + Name: kadm-server + Description: Kerberos administration server library +diff --git a/src/build-tools/kdb.pc.in b/src/build-tools/kdb.pc.in +index 461a8d01d0..356501d38c 100644 +--- a/src/build-tools/kdb.pc.in ++++ b/src/build-tools/kdb.pc.in +@@ -1,7 +1,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ ++libdir=@libdir@/mit-krb5 ++includedir=@includedir@/mit-krb5 + + KDB5_DB_LIB=@KDB5_DB_LIB@ + +diff --git a/src/build-tools/mit-krb5-gssapi.pc.in b/src/build-tools/mit-krb5-gssapi.pc.in +index 7b91b19f19..b2b243630c 100644 +--- a/src/build-tools/mit-krb5-gssapi.pc.in ++++ b/src/build-tools/mit-krb5-gssapi.pc.in +@@ -1,7 +1,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ ++libdir=@libdir@/mit-krb5 ++includedir=@includedir@/mit-krb5 + + Name: mit-krb5-gssapi + Description: Kerberos implementation of the GSSAPI +diff --git a/src/build-tools/mit-krb5.pc.in b/src/build-tools/mit-krb5.pc.in +index 030881512f..058e75f24d 100644 +--- a/src/build-tools/mit-krb5.pc.in ++++ b/src/build-tools/mit-krb5.pc.in +@@ -1,7 +1,7 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ ++libdir=@libdir@/mit-krb5 ++includedir=@includedir@/mit-krb5 + + defccname=@DEFCCNAME@ + defktname=@DEFKTNAME@ diff --git a/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch b/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch new file mode 100644 index 000000000..6465bb039 --- /dev/null +++ b/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch @@ -0,0 +1,109 @@ +From d2a401455564fa2a51c78a0856492dfe3329a68f Mon Sep 17 00:00:00 2001 +From: Jelmer Vernooij <jelmer@debian.org> +Date: Wed, 3 Sep 2014 22:41:55 -0400 +Subject: Use -isystem for include paths + + This is necessary so Kerberos headers files are classified as "system headers" + by the compiler, and thus not subject to the same strict warnings as + other headers (which breaks compilation if -Werror is specified). + . + This fixes the build of folks using -Werror and including Kerberos headers + when the latter are installed in a non-standard location (e.g. + /usr/include/tuple/mit-krb5, as Debian is doing). +(cherry picked from commit d8520c1d1c218e3c766009abc728b207c0421232) + +Author: Jelmer Vernooij <jelmer@debian.org> +Bug-Debian: http://bugs.debian.org/751760 +Patch-Category: debian-local +--- + src/build-tools/gssrpc.pc.in | 2 +- + src/build-tools/kadm-client.pc.in | 2 +- + src/build-tools/kadm-server.pc.in | 2 +- + src/build-tools/kdb.pc.in | 2 +- + src/build-tools/krb5-config.in | 2 +- + src/build-tools/mit-krb5-gssapi.pc.in | 2 +- + src/build-tools/mit-krb5.pc.in | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/build-tools/gssrpc.pc.in b/src/build-tools/gssrpc.pc.in +index e08c2e840a..fb4f489f87 100644 +--- a/src/build-tools/gssrpc.pc.in ++++ b/src/build-tools/gssrpc.pc.in +@@ -7,6 +7,6 @@ vendor=MIT + Name: gssrpc + Description: GSSAPI RPC implementation + Version: @KRB5_VERSION@ +-Cflags: -I${includedir} ++Cflags: -isystem ${includedir} + Libs: -L${libdir} -lgssrpc + Requires.private: mit-krb5-gssapi +diff --git a/src/build-tools/kadm-client.pc.in b/src/build-tools/kadm-client.pc.in +index de56a75213..47541ac2af 100644 +--- a/src/build-tools/kadm-client.pc.in ++++ b/src/build-tools/kadm-client.pc.in +@@ -7,5 +7,5 @@ Name: kadm-client + Description: Kerberos administration client library + Version: @KRB5_VERSION@ + Requires.private: mit-krb5-gssapi gssrpc +-Cflags: -I${includedir} ++Cflags: -isystem ${includedir} + Libs: -L${libdir} -lkadm5clnt_mit +diff --git a/src/build-tools/kadm-server.pc.in b/src/build-tools/kadm-server.pc.in +index a73ff86cfe..5ce4b733c4 100644 +--- a/src/build-tools/kadm-server.pc.in ++++ b/src/build-tools/kadm-server.pc.in +@@ -7,5 +7,5 @@ Name: kadm-server + Description: Kerberos administration server library + Version: @KRB5_VERSION@ + Requires.private: kdb mit-krb5-gssapi +-Cflags: -I${includedir} ++Cflags: -isystem ${includedir} + Libs: -L${libdir} -lkadm5srv_mit +diff --git a/src/build-tools/kdb.pc.in b/src/build-tools/kdb.pc.in +index 356501d38c..d39eeef889 100644 +--- a/src/build-tools/kdb.pc.in ++++ b/src/build-tools/kdb.pc.in +@@ -9,6 +9,6 @@ Name: kdb + Description: Kerberos database access libraries + Version: @KRB5_VERSION@ + Requires.private: mit-krb5-gssapi mit-krb5 gssrpc +-Cflags: -I${includedir} ++Cflags: -isystem ${includedir} + Libs: -L${libdir} -lkdb5 + Libs.private: ${KDB5_DB_LIB} +diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in +index ac2f5827d3..010457e153 100755 +--- a/src/build-tools/krb5-config.in ++++ b/src/build-tools/krb5-config.in +@@ -208,7 +208,7 @@ fi + + if test -n "$do_cflags"; then + if test x"$includedir" != x"/usr/include" ; then +- echo "-I${includedir}" ++ echo "-isystem ${includedir}" + else + echo '' + fi +diff --git a/src/build-tools/mit-krb5-gssapi.pc.in b/src/build-tools/mit-krb5-gssapi.pc.in +index b2b243630c..f919222699 100644 +--- a/src/build-tools/mit-krb5-gssapi.pc.in ++++ b/src/build-tools/mit-krb5-gssapi.pc.in +@@ -7,5 +7,5 @@ Name: mit-krb5-gssapi + Description: Kerberos implementation of the GSSAPI + Version: @KRB5_VERSION@ + Requires.private: mit-krb5 +-Cflags: -I${includedir} ++Cflags: -isystem ${includedir} + Libs: -L${libdir} -lgssapi_krb5 +diff --git a/src/build-tools/mit-krb5.pc.in b/src/build-tools/mit-krb5.pc.in +index 058e75f24d..455427a42e 100644 +--- a/src/build-tools/mit-krb5.pc.in ++++ b/src/build-tools/mit-krb5.pc.in +@@ -10,6 +10,6 @@ defcktname=@DEFCKTNAME@ + Name: mit-krb5 + Description: An implementation of Kerberos network authentication + Version: @KRB5_VERSION@ +-Cflags: -I${includedir} ++Cflags: -isystem ${includedir} + Libs: -L${libdir} -lkrb5 -lk5crypto -lcom_err + Libs.private: -lkrb5support diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..af6dbebb6 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,11 @@ +debian-local/0001-Debian-HURD-compatibility.patch +debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch +debian-local/0003-debian-osconf.hin-path-changes.patch +debian-local/0004-debian-install-ldap-library-in-subdirectory.patch +debian-local/0005-gssapi-never-unload-mechanisms.patch +debian-local/0006-Add-substpdf-target.patch +debian-local/0007-Fix-pkg-config-library-include-paths.patch +debian-local/0008-Use-isystem-for-include-paths.patch +upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch +upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch +upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch diff --git a/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch b/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch new file mode 100644 index 000000000..9f2b9a013 --- /dev/null +++ b/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch @@ -0,0 +1,63 @@ +From d7c778325a6f690dc16213e797dbdc3a84458ae8 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris <iboukris@gmail.com> +Date: Mon, 7 Jan 2019 21:09:34 +0200 +Subject: Remove erroneous text from kinit man page + +Commit 4c4859fa83295db5c26f47b96c719060cfd9e2b1 changed the kinit man +page to state that kinit -E (enterprise) implies -C (canonicalize). +The client does not automatically set the canonicalize option when +getting tickets for an enterprise principal, and Windows KDCs can +issue tickets for enterprise principals without canonicalizing the +principal (contrary to the implication of RFC 6806 section 5). Remove +the misleading text. + +[ghudson@mit.edu: updated RST man page and regenerated nroff file; +rewrote commit message] + +(cherry picked from commit 8e31335a7722a2f7f1722506befe4fd26d3e3f3f) + +ticket: 8779 +version_fixed: 1.17.1 + +Patch-Category: upstream +--- + doc/user/user_commands/kinit.rst | 3 +-- + src/man/kinit.man | 5 ++--- + 2 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst +index d692e2791a..e12e88a372 100644 +--- a/doc/user/user_commands/kinit.rst ++++ b/doc/user/user_commands/kinit.rst +@@ -92,8 +92,7 @@ OPTIONS + requested. + + **-E** +- treats the principal name as an enterprise name (implies the +- **-C** option). ++ treats the principal name as an enterprise name. + + **-v** + requests that the ticket-granting ticket in the cache (with the +diff --git a/src/man/kinit.man b/src/man/kinit.man +index d121cff749..a3dcfe26cc 100644 +--- a/src/man/kinit.man ++++ b/src/man/kinit.man +@@ -1,6 +1,6 @@ + .\" Man page generated from reStructuredText. + . +-.TH "KINIT" "1" " " "1.17" "MIT Kerberos" ++.TH "KINIT" "1" " " "1.18" "MIT Kerberos" + .SH NAME + kinit \- obtain and cache Kerberos ticket-granting ticket + . +@@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one + requested. + .TP + \fB\-E\fP +-treats the principal name as an enterprise name (implies the +-\fB\-C\fP option). ++treats the principal name as an enterprise name. + .TP + \fB\-v\fP + requests that the ticket\-granting ticket in the cache (with the diff --git a/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch b/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch new file mode 100644 index 000000000..0dde59dc9 --- /dev/null +++ b/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch @@ -0,0 +1,33 @@ +From c736896c4a0e6402e4876163647e320b1fc62d21 Mon Sep 17 00:00:00 2001 +From: Corene Casper <C.Casper@Dell.com> +Date: Sat, 16 Feb 2019 00:49:26 -0500 +Subject: Fix memory leak in 'none' replay cache type + +Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory +leak in the 'none' replay cache type by freeing the outer container, +but we also need to free the mutex. + +[ghudson@mit.edu: wrote commit message] + +(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17) + +ticket: 8783 +version_fixed: 1.17.1 + +Patch-Category: upstream +--- + src/lib/krb5/rcache/rc_none.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c +index e30aed09f1..0b2274df7f 100644 +--- a/src/lib/krb5/rcache/rc_none.c ++++ b/src/lib/krb5/rcache/rc_none.c +@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc) + static krb5_error_code KRB5_CALLCONV + krb5_rc_none_close(krb5_context ctx, krb5_rcache rc) + { ++ k5_mutex_destroy(&rc->lock); + free (rc); + return 0; + } diff --git a/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch b/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch new file mode 100644 index 000000000..5f2411c98 --- /dev/null +++ b/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch @@ -0,0 +1,33 @@ +From a243df875ff905d1c676bd726b19bafea07b628c Mon Sep 17 00:00:00 2001 +From: Robbie Harwood <rharwood@redhat.com> +Date: Wed, 6 Mar 2019 18:01:50 -0500 +Subject: Document the double-colon behavior of DIR ccaches + +(cherry picked from commit 5ba6e02a7b96ddd15dde01db0f9aff3d65773a8e) + +ticket: 8789 +version_fixed: 1.17.1 + +Patch-Category: upstream +--- + doc/basic/ccache_def.rst | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst +index d147f0d7aa..53542adde9 100644 +--- a/doc/basic/ccache_def.rst ++++ b/doc/basic/ccache_def.rst +@@ -51,6 +51,13 @@ library. + requirement is for parent directory to exist and the current + process must have permissions to create the directory if it does + not exist. See :ref:`col_ccache` for details. New in release 1.10. ++ The following residual forms are supported: ++ ++ * DIR:dirname ++ * DIR::dirpath/filename - a single cache within the directory ++ ++ Switching to a ccache of the latter type causes it to become the ++ primary for the directory. + + #. **FILE** caches are the simplest and most portable. A simple flat + file format is used to store one credential after another. This is |