Debian Patches

Status for krb5/1.21.3-3

Patch Description Author Forwarded Bugs Origin Last update
debian-local/0001-Debian-HURD-compatibility.patch Debian: HURD compatibility
HURD has no MAXPATHLEN or MAXHOSTNAMELEN.

Thanks Pino Toscano for making the patch more robust.
Sam Hartman <hartmans@debian.org> no 2011-12-26
debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch debian: Handle multi-arch paths in krb5-config
We cannot use @libdir@ because that will include the
multi-arch prefix in the built krb5-config, but we want krb5-config to
be identical on all arches so that krb5-multidev can be multi-arch:
same. So, instead, figure out our multi-arch tripple by calling CC
directly.

Based on an approach suggested by Hugh McMaster.

Also include --deps in the usage output, since it is a valid argument.
Sam Hartman <hartmans@debian.org> no 2011-12-26
debian-local/0003-debian-osconf.hin-path-changes.patch debian: osconf.hin path changes Sam Hartman <hartmans@debian.org> no 2011-12-26
debian-local/0004-debian-install-ldap-library-in-subdirectory.patch debian: install ldap library in subdirectory
Debian received a request to install the internal ldap library not in
the main lib directory.

We are changing SHLIB_DIRS from the default that upstream sets in the
makefile includes; assign unconditionally the full value.
Sam Hartman <hartmans@debian.org> no 2011-12-26
debian-local/0005-gssapi-never-unload-mechanisms.patch gssapi: never unload mechanisms
It turns out that many GSSAPI mechanisms link to the main gss-api
library creating a circular reference. Depending on how the linker
breaks the cycle at process exit time, the linker may unload the GSS
library after unloading the mechanisms. The explicit dlclose from the
GSS library tends to cause a libdl assertion failure at that
point. So, never unload plugins. They are refcounted, so dlopen
handles will not leak, although obviously the memory from the plugin
is never reclaimed.
Benjamin Kaduk <kaduk@mit.edu> no 2013-03-29
debian-local/0006-Add-substpdf-target.patch Add substpdf target
Akin to substhtml, so that we can build PDF documents without
overwriting the upstream-provided versions and causing debian/rules clean
to not return to the original state.
Ben Kaduk <kaduk@mit.edu> no 2013-03-29
debian-local/0007-Fix-pkg-config-library-include-paths.patch Fix pkg-config library/include paths
Include library and include flags in pkg-config files, so they work when the
symlinks provided by libkrb5-dev are not installed.
Jelmer Vernooij <jelmer@debian.org> no 2014-08-27
debian-local/0008-Use-isystem-for-include-paths.patch Use -isystem for include paths
This is necessary so Kerberos headers files are classified as "system headers"
by the compiler, and thus not subject to the same strict warnings as
other headers (which breaks compilation if -Werror is specified).
.
This fixes the build of folks using -Werror and including Kerberos headers
when the latter are installed in a non-standard location (e.g.
/usr/include/tuple/mit-krb5, as Debian is doing).
(cherry picked from commit d8520c1d1c218e3c766009abc728b207c0421232)
Jelmer Vernooij <jelmer@debian.org> no debian 2014-09-03
0009-Add-.gitignore.patch Add .gitignore Sam Hartman <hartmans@debian.org> no 2019-07-08
0011-Allow-kpropd-to-bind-even-if-only-loopback-is-config.patch Allow kpropd to bind even if only loopback is configured
In src/kprop/kpropd.c get_wildcard_address, call getaddrinfo without
AI_ADDRCONFIG if both the v6 and v4 calls to getaddrinfo fail with
AI_ADDRCONFIG. This generally means that only the loopback interface
is configured. This change allows the testsuite to succeed ina
container isolated to prohibit network connectivity.
Sam Hartman <hartmans@debian.org> no 2024-06-14
0012-Skip-keyring-tests-if-keyring-blocked-by-seccomp.patch Skip keyring tests if keyring blocked by seccomp
Skip keyring tests if we cannot successfully add a key because add_key
returns ENOSYS, presumably because it is blocked by seccomp policy in
a container environment.

* Move keyring support detection code duplicated between t_cccol.py
and t_ccache.py to k5test.py

* Expand that code to call keyctl and confirm it works to add a key.
Sam Hartman <hartmans@debian.org> no 2024-06-14
0012-Replace-ssl.wrap_socket-for-tests.patch Replace ssl.wrap_socket() for tests
The ssl.wrap_socket() function was deprecated in Python 3.7 and is
removed in Python 3.12. The ssl.SSLContext.wrap_socket() method
replaces it.

Bump the required Python version for tests to 3.4 for
ssl.create_default_context().

[ghudson@mit.edu: changed minimum Python version]

(cherry picked from commit 0ceab6c363e65fb21d3312a663f2b9b569ecc415)
Julien Rische <jrische@redhat.com> no 2023-07-19

All known versions for source package 'krb5'

Links