gnu: mit-krb5: Update to 1.13.3; add fixes for CVE-2015-{8629,8630,8631}.

* gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2696.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2697.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch: Delete files.
* gnu/packages/patches/mit-krb5-CVE-2015-8629.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-8630.patch,
  gnu/packages/patches/mit-krb5-CVE-2015-8631.patch,
  gnu/packages/patches/mit-krb5-init-context-null-spnego.patch: New files.
* gnu-system.am (dist_patch_DATA): Adjust accordingly.
* gnu/packages/mit-krb5.scm (mit-krb5): Update to 1.13.3.
  [source]: Update URI to download conventional .tar.gz file.  Add patches.
  [native-inputs]: Remove old patches-as-inputs.
  [arguments]: Remove hacks needed to cope with the older unconventional
  tarball that contained an inner source tarball and signature: Remove
  #:modules argument, and the custom 'unpack' and 'apply-patches' phases.

1 files changed, 0 insertions, 65 deletions

diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch b/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
deleted file mode 100644
index aa9fcfa0dd..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Copied from Debian.
-
-From 18c512ebdcc5cacc777e9dbcc6817f83c301ad93 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Wed, 4 Nov 2015 21:29:10 -0500
-Subject: Fix SPNEGO context import
-
-The patches for CVE-2015-2695 did not implement a SPNEGO
-gss_import_sec_context() function, under the erroneous belief than an
-exported SPNEGO context would be tagged with the underlying context
-mechanism.  Implement it now to allow SPNEGO contexts to be
-successfully exported and imported after establishment.
-
-ticket: 8273
-(cherry picked from commit fbb565f913c52eba9bea82f1694aba7a8c90e93d)
-
-Patch-Category: upstream
----
- src/lib/gssapi/spnego/spnego_mech.c | 33 +++++++++++++++++++++++++++------
- 1 file changed, 27 insertions(+), 6 deletions(-)
-
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index a1072b0..02284a1 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -2256,12 +2256,33 @@ spnego_gss_import_sec_context(
- 	const gss_buffer_t	interprocess_token,
- 	gss_ctx_id_t		*context_handle)
- {
--	/*
--	 * Until we implement partial context exports, there are no SPNEGO
--	 * exported context tokens, only tokens for underlying mechs.  So just
--	 * return an error for now.
--	 */
--	return GSS_S_UNAVAILABLE;
-+	OM_uint32 ret, tmpmin;
-+	gss_ctx_id_t mctx;
-+	spnego_gss_ctx_id_t sc;
-+	int initiate, opened;
-+
-+	ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
-+	if (ret != GSS_S_COMPLETE)
-+		return ret;
-+
-+	ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
-+				  &initiate, &opened);
-+	if (ret != GSS_S_COMPLETE || !opened) {
-+		/* We don't currently support importing partially established
-+		 * contexts. */
-+		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
-+		return GSS_S_FAILURE;
-+	}
-+
-+	sc = create_spnego_ctx(initiate);
-+	if (sc == NULL) {
-+		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
-+		return GSS_S_FAILURE;
-+	}
-+	sc->ctx_handle = mctx;
-+	sc->opened = 1;
-+	*context_handle = (gss_ctx_id_t)sc;
-+	return GSS_S_COMPLETE;
- }
- #endif /* LEAN_CLIENT */
-