Your message dated Thu, 20 Jun 2019 09:53:45 +0200
with message-id <[email protected]>
and subject line Re: Bug#930686: unblock: krb5/1.17-3
has caused the Debian Bug report #930686,
regarding unblock: krb5/1.17-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
930686: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930686
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package krb5
Hi. I was looking at upstream patches and found one memory leak and
two documentation fixes I'd like to get into buster.
The memory leak does not currently have a Debian bug, but according to
the most recent freeze update memory leaks are permitted. The fix is
simple and targeted and low-risk.
The documentation updates are (by being documentation updates) low risk.
diff --git a/debian/.git-dpm b/debian/.git-dpm
index ec64f2d8ba..6e32aafc28 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-d2a401455564fa2a51c78a0856492dfe3329a68f
-d2a401455564fa2a51c78a0856492dfe3329a68f
+a243df875ff905d1c676bd726b19bafea07b628c
+a243df875ff905d1c676bd726b19bafea07b628c
a75eb54fd955cbf7a8ac44e527fd0e400e87844a
a75eb54fd955cbf7a8ac44e527fd0e400e87844a
krb5_1.17.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index c50efd5470..44681a5d68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+krb5 (1.17-3) unstable; urgency=medium
+
+ * Fix memory leak in replay cache type none
+ * Merge in two upstream documentation changes
+
+ -- Sam Hartman <[email protected]> Tue, 18 Jun 2019 08:00:29 -0400
+
krb5 (1.17-2) unstable; urgency=medium
* Finish removing the run kadmind debconf template which was obsoleted
diff --git a/debian/patches/series b/debian/patches/series
index e632445230..af6dbebb6f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,6 @@ debian-local/0005-gssapi-never-unload-mechanisms.patch
debian-local/0006-Add-substpdf-target.patch
debian-local/0007-Fix-pkg-config-library-include-paths.patch
debian-local/0008-Use-isystem-for-include-paths.patch
+upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
+upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
+upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
diff --git
a/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
b/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
new file mode 100644
index 0000000000..9f2b9a0130
--- /dev/null
+++
b/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
@@ -0,0 +1,63 @@
+From d7c778325a6f690dc16213e797dbdc3a84458ae8 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <[email protected]>
+Date: Mon, 7 Jan 2019 21:09:34 +0200
+Subject: Remove erroneous text from kinit man page
+
+Commit 4c4859fa83295db5c26f47b96c719060cfd9e2b1 changed the kinit man
+page to state that kinit -E (enterprise) implies -C (canonicalize).
+The client does not automatically set the canonicalize option when
+getting tickets for an enterprise principal, and Windows KDCs can
+issue tickets for enterprise principals without canonicalizing the
+principal (contrary to the implication of RFC 6806 section 5). Remove
+the misleading text.
+
+[[email protected]: updated RST man page and regenerated nroff file;
+rewrote commit message]
+
+(cherry picked from commit 8e31335a7722a2f7f1722506befe4fd26d3e3f3f)
+
+ticket: 8779
+version_fixed: 1.17.1
+
+Patch-Category: upstream
+---
+ doc/user/user_commands/kinit.rst | 3 +--
+ src/man/kinit.man | 5 ++---
+ 2 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/doc/user/user_commands/kinit.rst
b/doc/user/user_commands/kinit.rst
+index d692e2791a..e12e88a372 100644
+--- a/doc/user/user_commands/kinit.rst
++++ b/doc/user/user_commands/kinit.rst
+@@ -92,8 +92,7 @@ OPTIONS
+ requested.
+
+ **-E**
+- treats the principal name as an enterprise name (implies the
+- **-C** option).
++ treats the principal name as an enterprise name.
+
+ **-v**
+ requests that the ticket-granting ticket in the cache (with the
+diff --git a/src/man/kinit.man b/src/man/kinit.man
+index d121cff749..a3dcfe26cc 100644
+--- a/src/man/kinit.man
++++ b/src/man/kinit.man
+@@ -1,6 +1,6 @@
+ .\" Man page generated from reStructuredText.
+ .
+-.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
++.TH "KINIT" "1" " " "1.18" "MIT Kerberos"
+ .SH NAME
+ kinit \- obtain and cache Kerberos ticket-granting ticket
+ .
+@@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one
+ requested.
+ .TP
+ \fB\-E\fP
+-treats the principal name as an enterprise name (implies the
+-\fB\-C\fP option).
++treats the principal name as an enterprise name.
+ .TP
+ \fB\-v\fP
+ requests that the ticket\-granting ticket in the cache (with the
diff --git
a/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
b/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
new file mode 100644
index 0000000000..0dde59dc9e
--- /dev/null
+++
b/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
@@ -0,0 +1,33 @@
+From c736896c4a0e6402e4876163647e320b1fc62d21 Mon Sep 17 00:00:00 2001
+From: Corene Casper <[email protected]>
+Date: Sat, 16 Feb 2019 00:49:26 -0500
+Subject: Fix memory leak in 'none' replay cache type
+
+Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory
+leak in the 'none' replay cache type by freeing the outer container,
+but we also need to free the mutex.
+
+[[email protected]: wrote commit message]
+
+(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17)
+
+ticket: 8783
+version_fixed: 1.17.1
+
+Patch-Category: upstream
+---
+ src/lib/krb5/rcache/rc_none.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
+index e30aed09f1..0b2274df7f 100644
+--- a/src/lib/krb5/rcache/rc_none.c
++++ b/src/lib/krb5/rcache/rc_none.c
+@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
+ static krb5_error_code KRB5_CALLCONV
+ krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
+ {
++ k5_mutex_destroy(&rc->lock);
+ free (rc);
+ return 0;
+ }
diff --git
a/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
b/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
new file mode 100644
index 0000000000..5f2411c98b
--- /dev/null
+++
b/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
@@ -0,0 +1,33 @@
+From a243df875ff905d1c676bd726b19bafea07b628c Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <[email protected]>
+Date: Wed, 6 Mar 2019 18:01:50 -0500
+Subject: Document the double-colon behavior of DIR ccaches
+
+(cherry picked from commit 5ba6e02a7b96ddd15dde01db0f9aff3d65773a8e)
+
+ticket: 8789
+version_fixed: 1.17.1
+
+Patch-Category: upstream
+---
+ doc/basic/ccache_def.rst | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst
+index d147f0d7aa..53542adde9 100644
+--- a/doc/basic/ccache_def.rst
++++ b/doc/basic/ccache_def.rst
+@@ -51,6 +51,13 @@ library.
+ requirement is for parent directory to exist and the current
+ process must have permissions to create the directory if it does
+ not exist. See :ref:`col_ccache` for details. New in release 1.10.
++ The following residual forms are supported:
++
++ * DIR:dirname
++ * DIR::dirpath/filename - a single cache within the directory
++
++ Switching to a ccache of the latter type causes it to become the
++ primary for the directory.
+
+ #. **FILE** caches are the simplest and most portable. A simple flat
+ file format is used to store one credential after another. This is
diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst
index d147f0d7aa..53542adde9 100644
--- a/doc/basic/ccache_def.rst
+++ b/doc/basic/ccache_def.rst
@@ -51,6 +51,13 @@ library.
requirement is for parent directory to exist and the current
process must have permissions to create the directory if it does
not exist. See :ref:`col_ccache` for details. New in release 1.10.
+ The following residual forms are supported:
+
+ * DIR:dirname
+ * DIR::dirpath/filename - a single cache within the directory
+
+ Switching to a ccache of the latter type causes it to become the
+ primary for the directory.
#. **FILE** caches are the simplest and most portable. A simple flat
file format is used to store one credential after another. This is
diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst
index d692e2791a..e12e88a372 100644
--- a/doc/user/user_commands/kinit.rst
+++ b/doc/user/user_commands/kinit.rst
@@ -92,8 +92,7 @@ OPTIONS
requested.
**-E**
- treats the principal name as an enterprise name (implies the
- **-C** option).
+ treats the principal name as an enterprise name.
**-v**
requests that the ticket-granting ticket in the cache (with the
diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
index e30aed09f1..0b2274df7f 100644
--- a/src/lib/krb5/rcache/rc_none.c
+++ b/src/lib/krb5/rcache/rc_none.c
@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
static krb5_error_code KRB5_CALLCONV
krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
{
+ k5_mutex_destroy(&rc->lock);
free (rc);
return 0;
}
diff --git a/src/man/kinit.man b/src/man/kinit.man
index d121cff749..a3dcfe26cc 100644
--- a/src/man/kinit.man
+++ b/src/man/kinit.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.18" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
@@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one
requested.
.TP
\fB\-E\fP
-treats the principal name as an enterprise name (implies the
-\fB\-C\fP option).
+treats the principal name as an enterprise name.
.TP
\fB\-v\fP
requests that the ticket\-granting ticket in the cache (with the
unblock krb5/1.17-3
--- End Message ---
--- Begin Message ---
Hi Sam,
On 18-06-2019 17:33, Sam Hartman wrote:
> unblock krb5/1.17-3
Unblocked, thanks.
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
