[Pkg-samba-maint] Bug#897269: Bug#897269: samba: build against system heimdal instead of outdated embedded code copy

[Mathieu Parent]

Control: tag -1 + upstream

2018-05-01 7:36 GMT+02:00 Paul Wise <pabs at debian.org>:
> Source: samba
> Severity: wishlist
> Usertags: embed
> Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=12976

Hello Paul,

Thanks for your report

> As noted in samba upstream bug #12505, the embedded copy of heimdal in
> samba is outdated, at least in respect to the krb5_storage_free
> function and this seems to cause some crashes in samba at times.
> There are probably other bugs in samba's copy of heimdal that were
> fixed in heimdal upstream.
>
> https://git.samba.org/?p=samba.git;a=blob;f=source4/heimdal/lib/krb5/store.c;hb=HEAD#l270
> https://github.com/heimdal/heimdal/blob/master/lib/krb5/store.c#L289
> https://bugzilla.samba.org/show_bug.cgi?id=11824
> https://bugzilla.samba.org/show_bug.cgi?id=12505
> https://www.spinics.net/lists/samba/msg133243.html
>
> I asked samba upstream last year to either remove or update the
> embedded code copy but there was no response to my bug report.
>
> https://bugzilla.samba.org/show_bug.cgi?id=12976
>
> Until samba upstream reaches a decision on this, I think that Debian
> should patch samba so that our builds use the system version of heimdal
> instead of the outdated embedded code copy.
>
> See also Debian Policy 4.13 and the corresponding wiki page:
>
> https://www.debian.org/doc/debian-policy/#convenience-copies-of-code
> https://wiki.debian.org/EmbeddedCodeCopies


Currently there is no way to build using system Heimdal, the embedded
copy has diverged too much from upstream I believe.

Maybe a fix would be to switch to MIT Kerberos, see #726459. I'm
hesitant to do this given the risk of this big change (and some people
probably use Debian for the features that don't have parity yet).

Andrew, is there any chance to sync Heimdal code with upstream? Or
should we switch to MIT?

Regards

-- 
Mathieu Parent