| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| debian-local/0001-Debian-HURD-compatibility.patch | Debian: HURD compatibility HURD has no MAXPATHLEN or MAXHOSTNAMELEN. Thanks Pino Toscano for making the patch more robust. |
Sam Hartman <hartmans@debian.org> | no | 2011-12-26 | ||
| debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch | debian: Handle multi-arch paths in krb5-config We cannot use @libdir@ because that will include the multi-arch prefix in the built krb5-config, but we want krb5-config to be identical on all arches so that krb5-multidev can be multi-arch: same. So, instead, figure out our multi-arch tripple by calling CC directly. Based on an approach suggested by Hugh McMaster. Also include --deps in the usage output, since it is a valid argument. |
Sam Hartman <hartmans@debian.org> | no | 2011-12-26 | ||
| debian-local/0003-debian-osconf.hin-path-changes.patch | debian: osconf.hin path changes | Sam Hartman <hartmans@debian.org> | no | 2011-12-26 | ||
| debian-local/0004-debian-install-ldap-library-in-subdirectory.patch | debian: install ldap library in subdirectory Debian received a request to install the internal ldap library not in the main lib directory. We are changing SHLIB_DIRS from the default that upstream sets in the makefile includes; assign unconditionally the full value. |
Sam Hartman <hartmans@debian.org> | no | 2011-12-26 | ||
| debian-local/0005-gssapi-never-unload-mechanisms.patch | gssapi: never unload mechanisms It turns out that many GSSAPI mechanisms link to the main gss-api library creating a circular reference. Depending on how the linker breaks the cycle at process exit time, the linker may unload the GSS library after unloading the mechanisms. The explicit dlclose from the GSS library tends to cause a libdl assertion failure at that point. So, never unload plugins. They are refcounted, so dlopen handles will not leak, although obviously the memory from the plugin is never reclaimed. |
Benjamin Kaduk <kaduk@mit.edu> | no | 2013-03-29 | ||
| debian-local/0006-Add-substpdf-target.patch | Add substpdf target Akin to substhtml, so that we can build PDF documents without overwriting the upstream-provided versions and causing debian/rules clean to not return to the original state. |
Ben Kaduk <kaduk@mit.edu> | no | 2013-03-29 | ||
| debian-local/0007-Fix-pkg-config-library-include-paths.patch | Fix pkg-config library/include paths Include library and include flags in pkg-config files, so they work when the symlinks provided by libkrb5-dev are not installed. |
Jelmer Vernooij <jelmer@debian.org> | no | 2014-08-27 | ||
| debian-local/0008-Use-isystem-for-include-paths.patch | Use -isystem for include paths This is necessary so Kerberos headers files are classified as "system headers" by the compiler, and thus not subject to the same strict warnings as other headers (which breaks compilation if -Werror is specified). . This fixes the build of folks using -Werror and including Kerberos headers when the latter are installed in a non-standard location (e.g. /usr/include/tuple/mit-krb5, as Debian is doing). (cherry picked from commit d8520c1d1c218e3c766009abc728b207c0421232) |
Jelmer Vernooij <jelmer@debian.org> | no | debian | 2014-09-03 | |
| 0009-Add-.gitignore.patch | Add .gitignore | Sam Hartman <hartmans@debian.org> | no | 2019-07-08 | ||
| upstream/0010-Ensure-array-count-consistency-in-kadm5-RPC.patch | Ensure array count consistency in kadm5 RPC In _xdr_kadm5_principal_ent_rec(), ensure that n_key_data matches the key_data array count when decoding. Otherwise when the structure is later freed, xdr_array() could iterate over the wrong number of elements, either leaking some memory or freeing uninitialized pointers. Reported by Robert Morris. CVE-2023-36054: An authenticated attacker can cause a kadmind process to crash by freeing uninitialized pointers. Remote code execution is unlikely. An attacker with control of a kadmin server can cause a kadmin client to crash by freeing uninitialized pointers. target_version: 1.21-next target_version: 1.20-next (cherry picked from commit ef08b09c9459551aabbe7924fb176f1583053cdd) |
Greg Hudson <ghudson@mit.edu> | no | 2023-06-21 | ||
| upstream/0011-Work-around-Doxygen-1.9.7-change.patch | Work around Doxygen 1.9.7 change Doxygen 1.9.7 avoids duplicating member definitions in the XML documents for groups and header files (doxygen/doxygen#9797). This change breaks the current Doxygen-REST bridge, which expects to find memberdef elements in krb5_8hin.xml. To work around this problem, remove the @group and @ref declarations in krb5.hin; they were not translated into REST as it was. Also remove a deprecated setting in Doxyfile. target_version: 1.21-next target_version: 1.20-next (cherry picked from commit 18ec1ae0dc59d9423600b3db3548d2b624d4e3db) |
Greg Hudson <ghudson@mit.edu> | no | 2023-09-13 |