Bug#688006: unblock: krb5-sync/2.2-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package krb5-sync for the fix to RC bug #687346.
Changelog:
* Apply upstream commit to silently ignore password changes with a NULL
password, only new keys. This represents a key randomization, such as
from addprinc -randkey, which is outside the synchronization scope of
this package. Without this change, the plugin would segfault on that
operation. (Closes: #687346)
The debdiff adds a debian patch, the effect of which is to apply the
following patch:
--- a/plugin/mit.c
+++ b/plugin/mit.c
@@ -81,6 +81,15 @@ chpass(krb5_context ctx, kadm5_hook_modinfo *data, int stage,
size_t length;
int status = 0;
+ /*
+ * If password is NULL, we have a new key set but no password (meaning
+ * this is an operation such as addprinc -randkey). We can't do anything
+ * without a password, so ignore these cases.
+ */
+ if (password == NULL)
+ return 0;
+
+ /* Dispatch to the appropriate function. */
length = strlen(password);
if (stage == KADM5_HOOK_STAGE_PRECOMMIT)
status = pwupdate_precommit_password(data, princ, password, length,
unblock krb5-sync/2.2-3
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-3-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: