[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#930686: marked as done (unblock: krb5/1.17-3)

Your message dated Thu, 20 Jun 2019 09:53:45 +0200
with message-id <c996ac7d-0fa8-411a-a9ce-999693fe213a@debian.org>
and subject line Re: Bug#930686: unblock: krb5/1.17-3
has caused the Debian Bug report #930686,
regarding unblock: krb5/1.17-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
930686: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930686
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package krb5

Hi. I was looking at upstream patches and found one memory leak and
two documentation fixes I'd like to get into buster.

The memory leak does not currently have a Debian bug, but according to
the most recent freeze update memory leaks are permitted.  The fix is
simple and targeted and low-risk.
The documentation updates are (by being documentation updates) low risk.


diff --git a/debian/.git-dpm b/debian/.git-dpm
index ec64f2d8ba..6e32aafc28 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-d2a401455564fa2a51c78a0856492dfe3329a68f
-d2a401455564fa2a51c78a0856492dfe3329a68f
+a243df875ff905d1c676bd726b19bafea07b628c
+a243df875ff905d1c676bd726b19bafea07b628c
 a75eb54fd955cbf7a8ac44e527fd0e400e87844a
 a75eb54fd955cbf7a8ac44e527fd0e400e87844a
 krb5_1.17.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index c50efd5470..44681a5d68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+krb5 (1.17-3) unstable; urgency=medium
+
+  * Fix memory leak in replay cache type none
+  * Merge in two upstream documentation changes
+
+ -- Sam Hartman <hartmans@debian.org>  Tue, 18 Jun 2019 08:00:29 -0400
+
 krb5 (1.17-2) unstable; urgency=medium
 
   * Finish removing the run kadmind debconf template which was obsoleted
diff --git a/debian/patches/series b/debian/patches/series
index e632445230..af6dbebb6f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,6 @@ debian-local/0005-gssapi-never-unload-mechanisms.patch
 debian-local/0006-Add-substpdf-target.patch
 debian-local/0007-Fix-pkg-config-library-include-paths.patch
 debian-local/0008-Use-isystem-for-include-paths.patch
+upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
+upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
+upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
diff --git a/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch b/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
new file mode 100644
index 0000000000..9f2b9a0130
--- /dev/null
+++ b/debian/patches/upstream/0009-Remove-erroneous-text-from-kinit-man-page.patch
@@ -0,0 +1,63 @@
+From d7c778325a6f690dc16213e797dbdc3a84458ae8 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Mon, 7 Jan 2019 21:09:34 +0200
+Subject: Remove erroneous text from kinit man page
+
+Commit 4c4859fa83295db5c26f47b96c719060cfd9e2b1 changed the kinit man
+page to state that kinit -E (enterprise) implies -C (canonicalize).
+The client does not automatically set the canonicalize option when
+getting tickets for an enterprise principal, and Windows KDCs can
+issue tickets for enterprise principals without canonicalizing the
+principal (contrary to the implication of RFC 6806 section 5).  Remove
+the misleading text.
+
+[ghudson@mit.edu: updated RST man page and regenerated nroff file;
+rewrote commit message]
+
+(cherry picked from commit 8e31335a7722a2f7f1722506befe4fd26d3e3f3f)
+
+ticket: 8779
+version_fixed: 1.17.1
+
+Patch-Category: upstream
+---
+ doc/user/user_commands/kinit.rst | 3 +--
+ src/man/kinit.man                | 5 ++---
+ 2 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst
+index d692e2791a..e12e88a372 100644
+--- a/doc/user/user_commands/kinit.rst
++++ b/doc/user/user_commands/kinit.rst
+@@ -92,8 +92,7 @@ OPTIONS
+     requested.
+ 
+ **-E**
+-    treats the principal name as an enterprise name (implies the
+-    **-C** option).
++    treats the principal name as an enterprise name.
+ 
+ **-v**
+     requests that the ticket-granting ticket in the cache (with the
+diff --git a/src/man/kinit.man b/src/man/kinit.man
+index d121cff749..a3dcfe26cc 100644
+--- a/src/man/kinit.man
++++ b/src/man/kinit.man
+@@ -1,6 +1,6 @@
+ .\" Man page generated from reStructuredText.
+ .
+-.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
++.TH "KINIT" "1" " " "1.18" "MIT Kerberos"
+ .SH NAME
+ kinit \- obtain and cache Kerberos ticket-granting ticket
+ .
+@@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one
+ requested.
+ .TP
+ \fB\-E\fP
+-treats the principal name as an enterprise name (implies the
+-\fB\-C\fP option).
++treats the principal name as an enterprise name.
+ .TP
+ \fB\-v\fP
+ requests that the ticket\-granting ticket in the cache (with the
diff --git a/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch b/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
new file mode 100644
index 0000000000..0dde59dc9e
--- /dev/null
+++ b/debian/patches/upstream/0010-Fix-memory-leak-in-none-replay-cache-type.patch
@@ -0,0 +1,33 @@
+From c736896c4a0e6402e4876163647e320b1fc62d21 Mon Sep 17 00:00:00 2001
+From: Corene Casper <C.Casper@Dell.com>
+Date: Sat, 16 Feb 2019 00:49:26 -0500
+Subject: Fix memory leak in 'none' replay cache type
+
+Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory
+leak in the 'none' replay cache type by freeing the outer container,
+but we also need to free the mutex.
+
+[ghudson@mit.edu: wrote commit message]
+
+(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17)
+
+ticket: 8783
+version_fixed: 1.17.1
+
+Patch-Category: upstream
+---
+ src/lib/krb5/rcache/rc_none.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
+index e30aed09f1..0b2274df7f 100644
+--- a/src/lib/krb5/rcache/rc_none.c
++++ b/src/lib/krb5/rcache/rc_none.c
+@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
+ static krb5_error_code KRB5_CALLCONV
+ krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
+ {
++    k5_mutex_destroy(&rc->lock);
+     free (rc);
+     return 0;
+ }
diff --git a/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch b/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
new file mode 100644
index 0000000000..5f2411c98b
--- /dev/null
+++ b/debian/patches/upstream/0011-Document-the-double-colon-behavior-of-DIR-ccaches.patch
@@ -0,0 +1,33 @@
+From a243df875ff905d1c676bd726b19bafea07b628c Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 6 Mar 2019 18:01:50 -0500
+Subject: Document the double-colon behavior of DIR ccaches
+
+(cherry picked from commit 5ba6e02a7b96ddd15dde01db0f9aff3d65773a8e)
+
+ticket: 8789
+version_fixed: 1.17.1
+
+Patch-Category: upstream
+---
+ doc/basic/ccache_def.rst | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst
+index d147f0d7aa..53542adde9 100644
+--- a/doc/basic/ccache_def.rst
++++ b/doc/basic/ccache_def.rst
+@@ -51,6 +51,13 @@ library.
+    requirement is for parent directory to exist and the current
+    process must have permissions to create the directory if it does
+    not exist. See :ref:`col_ccache` for details.  New in release 1.10.
++   The following residual forms are supported:
++
++   * DIR:dirname
++   * DIR::dirpath/filename - a single cache within the directory
++
++   Switching to a ccache of the latter type causes it to become the
++   primary for the directory.
+ 
+ #. **FILE** caches are the simplest and most portable. A simple flat
+    file format is used to store one credential after another.  This is
diff --git a/doc/basic/ccache_def.rst b/doc/basic/ccache_def.rst
index d147f0d7aa..53542adde9 100644
--- a/doc/basic/ccache_def.rst
+++ b/doc/basic/ccache_def.rst
@@ -51,6 +51,13 @@ library.
    requirement is for parent directory to exist and the current
    process must have permissions to create the directory if it does
    not exist. See :ref:`col_ccache` for details.  New in release 1.10.
+   The following residual forms are supported:
+
+   * DIR:dirname
+   * DIR::dirpath/filename - a single cache within the directory
+
+   Switching to a ccache of the latter type causes it to become the
+   primary for the directory.
 
 #. **FILE** caches are the simplest and most portable. A simple flat
    file format is used to store one credential after another.  This is
diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst
index d692e2791a..e12e88a372 100644
--- a/doc/user/user_commands/kinit.rst
+++ b/doc/user/user_commands/kinit.rst
@@ -92,8 +92,7 @@ OPTIONS
     requested.
 
 **-E**
-    treats the principal name as an enterprise name (implies the
-    **-C** option).
+    treats the principal name as an enterprise name.
 
 **-v**
     requests that the ticket-granting ticket in the cache (with the
diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
index e30aed09f1..0b2274df7f 100644
--- a/src/lib/krb5/rcache/rc_none.c
+++ b/src/lib/krb5/rcache/rc_none.c
@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc)
 static krb5_error_code KRB5_CALLCONV
 krb5_rc_none_close(krb5_context ctx, krb5_rcache rc)
 {
+    k5_mutex_destroy(&rc->lock);
     free (rc);
     return 0;
 }
diff --git a/src/man/kinit.man b/src/man/kinit.man
index d121cff749..a3dcfe26cc 100644
--- a/src/man/kinit.man
+++ b/src/man/kinit.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KINIT" "1" " " "1.17" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.18" "MIT Kerberos"
 .SH NAME
 kinit \- obtain and cache Kerberos ticket-granting ticket
 .
@@ -113,8 +113,7 @@ KDC to reply with a different client principal from the one
 requested.
 .TP
 \fB\-E\fP
-treats the principal name as an enterprise name (implies the
-\fB\-C\fP option).
+treats the principal name as an enterprise name.
 .TP
 \fB\-v\fP
 requests that the ticket\-granting ticket in the cache (with the

unblock krb5/1.17-3

--- End Message ---
--- Begin Message --- 
Hi Sam,

On 18-06-2019 17:33, Sam Hartman wrote:
> unblock krb5/1.17-3

Unblocked, thanks.

Paul

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
Reply to: