From 7d195950a05278bdb8d692207405f01c0c3d0c54 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 15 Apr 2013 10:12:28 -0400
Subject: [PATCH] included in 1.11.2

---
 krb5-1.11.1-interposers.patch | 105 ----------------------------------
 krb5-lookup_etypes-leak.patch |  42 --------------
 2 files changed, 147 deletions(-)
 delete mode 100644 krb5-1.11.1-interposers.patch
 delete mode 100644 krb5-lookup_etypes-leak.patch

diff --git a/krb5-1.11.1-interposers.patch b/krb5-1.11.1-interposers.patch
deleted file mode 100644
index a74b655..0000000
--- a/krb5-1.11.1-interposers.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-commit 36c76aa3c625afc9291b9e1df071db51ccf37dab
-Author: Simo Sorce <simo@redhat.com>
-Date:   Sat Mar 16 15:23:03 2013 -0400
-
-    Fix import_sec_context with interposers
-    
-    The code was correctly selecting the mechanism to execute, but it was
-    improperly setting the mechanism type of the internal context when the
-    selected mechanism was that of an interposer and vice versa.
-    
-    When an interposer is involved the internal context is that of the
-    interposer, so the mechanism type of the context needs to be the
-    interposer oid.  Conversely, when an interposer re-enters gssapi and
-    presents a token with a special oid, the mechanism called is the real
-    mechanism, and the context returned is a real mechanism context.  In
-    this case the mechanism type of the context needs to be that of the
-    real mechanism.
-    
-    ticket: 7592
-    target_version: 1.11.2
-    tags: pullup
-
-diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
-index 53310dd..a0e2d71 100644
---- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
-+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
-@@ -84,6 +84,7 @@ gss_ctx_id_t *		context_handle;
-     gss_union_ctx_id_t	ctx;
-     gss_ctx_id_t	mctx;
-     gss_buffer_desc	token;
-+    gss_OID_desc	token_mech;
-     gss_OID		selected_mech = GSS_C_NO_OID;
-     gss_OID		public_mech;
-     gss_mechanism	mech;
-@@ -100,12 +101,6 @@ gss_ctx_id_t *		context_handle;
-     if (!ctx)
- 	return (GSS_S_FAILURE);
- 
--    ctx->mech_type = (gss_OID) malloc(sizeof(gss_OID_desc));
--    if (!ctx->mech_type) {
--	free(ctx);
--	return (GSS_S_FAILURE);
--    }
--
-     if (interprocess_token->length >= sizeof (OM_uint32)) {
- 	p = interprocess_token->value;
- 	length = (OM_uint32)*p++;
-@@ -120,12 +115,9 @@ gss_ctx_id_t *		context_handle;
- 	return (GSS_S_CALL_BAD_STRUCTURE | GSS_S_DEFECTIVE_TOKEN);
-     }
- 
--    ctx->mech_type->length = length;
--    ctx->mech_type->elements = malloc(length);
--    if (!ctx->mech_type->elements) {
--	goto error_out;
--    }
--    memcpy(ctx->mech_type->elements, p, length);
-+    token_mech.length = length;
-+    token_mech.elements = p;
-+
-     p += length;
- 
-     token.length = interprocess_token->length - sizeof (OM_uint32) - length;
-@@ -136,7 +128,7 @@ gss_ctx_id_t *		context_handle;
-      * call it.
-      */
- 
--    status = gssint_select_mech_type(minor_status, ctx->mech_type,
-+    status = gssint_select_mech_type(minor_status, &token_mech,
- 				     &selected_mech);
-     if (status != GSS_S_COMPLETE)
- 	goto error_out;
-@@ -152,6 +144,12 @@ gss_ctx_id_t *		context_handle;
- 	goto error_out;
-     }
- 
-+    if (generic_gss_copy_oid(minor_status, selected_mech,
-+			     &ctx->mech_type) != GSS_S_COMPLETE) {
-+	status = GSS_S_FAILURE;
-+	goto error_out;
-+    }
-+
-     if (mech->gssspi_import_sec_context_by_mech) {
- 	public_mech = gssint_get_public_oid(selected_mech);
- 	status = mech->gssspi_import_sec_context_by_mech(minor_status,
-@@ -167,16 +165,11 @@ gss_ctx_id_t *		context_handle;
- 	return (GSS_S_COMPLETE);
-     }
-     map_error(minor_status, mech);
-+    free(ctx->mech_type->elements);
-+    free(ctx->mech_type);
- 
- error_out:
--    if (ctx) {
--	if (ctx->mech_type) {
--	    if (ctx->mech_type->elements)
--		free(ctx->mech_type->elements);
--	    free(ctx->mech_type);
--	}
--	free(ctx);
--    }
-+    free(ctx);
-     return status;
- }
- #endif /* LEAN_CLIENT */
diff --git a/krb5-lookup_etypes-leak.patch b/krb5-lookup_etypes-leak.patch
deleted file mode 100644
index 9c7e082..0000000
--- a/krb5-lookup_etypes-leak.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
-we don't free entries when we're finished examining them.  Ensure that when
-krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
-exit the current loop iteration.  (RT#7586)
-
---- a/src/lib/krb5/krb/gic_keytab.c
-+++ b/src/lib/krb5/krb/gic_keytab.c
-@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
-             goto cleanup;
- 
-         if (!krb5_c_valid_enctype(entry.key.enctype))
--            continue;
-+            goto next_entry;
-         if (!krb5_principal_compare(context, entry.principal, client))
--            continue;
-+            goto next_entry;
-         /* Make sure our list is for the highest kvno found for client. */
-         if (entry.vno > max_kvno) {
-             free(etypes);
-@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
-             count = 0;
-             max_kvno = entry.vno;
-         } else if (entry.vno != max_kvno)
--            continue;
-+            goto next_entry;
- 
-         /* Leave room for the terminator and possibly a second entry. */
-         p = realloc(etypes, (count + 3) * sizeof(*etypes));
-         if (p == NULL) {
-+            krb5_free_keytab_entry_contents(context, &entry);
-             ret = ENOMEM;
-             goto cleanup;
-         }
-@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
-             entry.key.enctype == ENCTYPE_DES_CBC_MD4)
-             etypes[count++] = ENCTYPE_DES_CBC_CRC;
-         etypes[count] = 0;
-+next_entry:
-+        krb5_free_keytab_entry_contents(context, &entry);
-     }
- 
-     ret = 0;