Commit 3f540372 authored by Sam Hartman's avatar Sam Hartman
Browse files

Import Debian changes 1.17-3

krb5 (1.17-3) unstable; urgency=medium

  * Fix memory leak in replay cache type none
  * Merge in two upstream documentation changes

krb5 (1.17-2) unstable; urgency=medium

  * Finish removing the run kadmind debconf template which was obsoleted
    when the systemd units were installed, LP: #1817376
parent 65af8b38
# see git-dpm(1) from git-dpm package
d2a401455564fa2a51c78a0856492dfe3329a68f
d2a401455564fa2a51c78a0856492dfe3329a68f
a243df875ff905d1c676bd726b19bafea07b628c
a243df875ff905d1c676bd726b19bafea07b628c
a75eb54fd955cbf7a8ac44e527fd0e400e87844a
a75eb54fd955cbf7a8ac44e527fd0e400e87844a
krb5_1.17.orig.tar.gz
......
krb5 (1.17-3) unstable; urgency=medium
* Fix memory leak in replay cache type none
* Merge in two upstream documentation changes
-- Sam Hartman <hartmans@debian.org> Tue, 18 Jun 2019 08:00:29 -0400
krb5 (1.17-2) unstable; urgency=medium
* Finish removing the run kadmind debconf template which was obsoleted
when the systemd units were installed, LP: #1817376
-- Sam Hartman <hartmans@debian.org> Mon, 25 Feb 2019 13:55:57 -0500
krb5 (1.17-1) unstable; urgency=low
* New Upstream release
......
......@@ -8,14 +8,3 @@ db_version 2.0
db_input high krb5-admin-server/newrealm || true
db_go
db_get krb5-kdc/debconf
if [ x"$RET" = xtrue ] ; then
if [ -f "/etc/default/krb5-admin-server" ] ; then
. /etc/default/krb5-admin-server
if [ -n "$RUN_KADMIND" ] ; then
db_set krb5-admin-server/kadmind "$RUN_KADMIND"
fi
fi
db_input low krb5-admin-server/kadmind || true
db_go
fi
#! /bin/sh
set -e
# This script is really only needed to display the newrealm note.
if [ "configure" = "$1" ] || [ "reconfigure" = "$1" ] ; then
. /usr/share/debconf/confmodule
db_version 2.0
db_get krb5-kdc/debconf
DEBCONF="$RET"
if [ $DEBCONF = "true" ] ; then
if [ -f "/etc/default/krb5-admin-server" ] ; then
. /etc/default/krb5-admin-server
fi
cat <<'EOF' > /etc/default/krb5-admin-server
# Automatically generated. If you change anything in this file other than the
# values of DAEMON_ARGS, first run dpkg-reconfigure
# krb5-admin-server and disable managing the kadmin configuration with
# debconf. Otherwise, changes will be overwritten.
EOF
db_get krb5-admin-server/kadmind ||true
RUN_KADMIND="$RET"
if dpkg --compare-versions "$2" le-nl 1.12.1+dfsg-11; then
if [ "x$RUN_KADMIND" = "xfalse" ]; then
update-rc.d krb5-admin-server disable
fi
fi
if [ -n "$DAEMON_ARGS" ] ; then
echo "DAEMON_ARGS=\"$DAEMON_ARGS\"" \
>> /etc/default/krb5-admin-server
fi
fi
db_stop
fi
......
......@@ -6,3 +6,6 @@ debian-local/0005-gssapi-never-unload-mechanisms.patch
debian-local/0006-Add-substpdf-target.patch
debian-local/0007-Fix-pkg-config-library-include-paths.patch
debian-local/0008-Use-isystem-for-include-paths.patch
upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
From d7c778325a6f690dc16213e797dbdc3a84458ae8 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 7 Jan 2019 21:09:34 +0200
Subject: Remove erroneous text from kinit man page
Commit 4c4859fa83295db5c26f47b96c719060cfd9e2b1 changed the kinit man
page to state that kinit -E (enterprise) implies -C (canonicalize).
The client does not automatically set the canonicalize option when
getting tickets for an enterprise principal, and Windows KDCs can
issue tickets for enterprise principals without canonicalizing the
principal (contrary to the implication of RFC 6806 section 5). Remove
the misleading text.
[ghudson@mit.edu: updated RST man page and regenerated nroff file;
rewrote commit message]
(cherry picked from commit 8e31335a7722a2f7f1722506befe4fd26d3e3f3f)
ticket: 8779
version_fixed: 1.17.1
Patch-Category: upstream
---
doc/user/user_commands/kinit.rst | 3 +--
src/man/kinit.man | 5 ++---
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst
index d692e2791a..e12e88a372 100644
--- a/doc/user/user_commands/kinit.rst
+++ b/doc/user/user_commands/kinit.rst
@@ -92,8 +92,7 @@ OPTIONS
requested.
**-E**
- treats the principal name as an enterprise name (implies the
- **-C** option).
+ treats the principal name as an enterprise name.
**-v**
requests that the ticket-granting ticket in the cache (with the
diff --git a/src/man/kinit.man b/src/man/kinit.man
index d121cff749..a3dcfe26cc 100644
--- a/src/man/kinit.man
+++ b/src/man/kinit.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.18" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
@@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one
requested.
.TP
\fB\-E\fP
-treats the principal name as an enterprise name (implies the
-\fB\-C\fP option).
+treats the principal name as an enterprise name.
.TP
\fB\-v\fP
requests that the ticket\-granting ticket in the cache (with the
From c736896c4a0e6402e4876163647e320b1fc62d21 Mon Sep 17 00:00:00 2001
From: Corene Casper <C.Casper@Dell.com>
Date: Sat, 16 Feb 2019 00:49:26 -0500
Subject: Fix memory leak in 'none' replay cache type
Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory
leak in the 'none' replay cache type by freeing the outer container,
but we also need to free the mutex.
[ghudson@mit.edu: wrote commit message]
(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17)
ticket: 8783
version_fixed: 1.17.1
Patch-Category: upstream
---
src/lib/krb5/rcache/rc_none.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
index e30aed09f1..0b2274df7f 100644
--- a/src/lib/krb5/rcache/rc_none.c
+++ b/src/lib/krb5/rcache/rc_none.c
@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
static krb5_error_code KRB5_CALLCONV
krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
{
+ k5_mutex_destroy(&rc->lock);
free (rc);
return 0;
}
From a243df875ff905d1c676bd726b19bafea07b628c Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 6 Mar 2019 18:01:50 -0500
Subject: Document the double-colon behavior of DIR ccaches
(cherry picked from commit 5ba6e02a7b96ddd15dde01db0f9aff3d65773a8e)
ticket: 8789
version_fixed: 1.17.1
Patch-Category: upstream
---
doc/basic/ccache_def.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst
index d147f0d7aa..53542adde9 100644
--- a/doc/basic/ccache_def.rst
+++ b/doc/basic/ccache_def.rst
@@ -51,6 +51,13 @@ library.
requirement is for parent directory to exist and the current
process must have permissions to create the directory if it does
not exist. See :ref:`col_ccache` for details. New in release 1.10.
+ The following residual forms are supported:
+
+ * DIR:dirname
+ * DIR::dirpath/filename - a single cache within the directory
+
+ Switching to a ccache of the latter type causes it to become the
+ primary for the directory.
#. **FILE** caches are the simplest and most portable. A simple flat
file format is used to store one credential after another. This is
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment