[Pkg-samba-maint] [Git][samba-team/samba][experimental] 5 commits: fix-non-64bit-time_t-usage.diff: time_t is 32bit on i386
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Tue Jan 20 23:04:44 GMT 2026
Michael Tokarev pushed to branch experimental at Debian Samba Team / samba
Commits:
e61e10d2 by Michael Tokarev at 2026-01-21T01:07:29+03:00
fix-non-64bit-time_t-usage.diff: time_t is 32bit on i386
- - - - -
5f15d2d5 by Michael Tokarev at 2026-01-21T01:15:25+03:00
heimdal-kdc-fix-memset_s-calls-1296.patch
- - - - -
a6665b74 by Michael Tokarev at 2026-01-21T02:01:42+03:00
use-explicit_bzero-to-zero-memory-in-heimdal.diff
- - - - -
38c0d161 by Michael Tokarev at 2026-01-21T02:03:23+03:00
use-explicit_bzero-in-ngtcp2.diff
- - - - -
0e5d0a8c by Michael Tokarev at 2026-01-21T02:03:51+03:00
update changelog; upload version 4.24.0~rc1+dfsg-2 to experimental
- - - - -
6 changed files:
- debian/changelog
- + debian/patches/fix-non-64bit-time_t-usage.diff
- + debian/patches/heimdal-kdc-fix-memset_s-calls-1296.patch
- debian/patches/series
- + debian/patches/use-explicit_bzero-in-ngtcp2.diff
- + debian/patches/use-explicit_bzero-to-zero-memory-in-heimdal.diff
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+samba (2:4.24.0~rc1+dfsg-2) experimental; urgency=medium
+
+ * fix-non-64bit-time_t-usage.diff: time_t is 32bit on i386
+ * heimdal-kdc-fix-memset_s-calls-1296.patch
+ * use-explicit_bzero-to-zero-memory-in-heimdal.diff
+ * use-explicit_bzero-in-ngtcp2.diff
+
+ -- Michael Tokarev <mjt at tls.msk.ru> Wed, 21 Jan 2026 02:03:47 +0300
+
samba (2:4.24.0~rc1+dfsg-1) experimental; urgency=medium
* new upstream (release candidate 1)
=====================================
debian/patches/fix-non-64bit-time_t-usage.diff
=====================================
@@ -0,0 +1,26 @@
+diff --git a/source3/printing/printing.c b/source3/printing/printing.c
+index a9e8422efab..afabf82c9bc 100644
+--- a/source3/printing/printing.c
++++ b/source3/printing/printing.c
+@@ -59,6 +59,7 @@ static int fetch_share_cache_time(const char *key_name,
+ time_t *curr_time)
+ {
+ char *key = NULL;
++ int64_t curr_time64;
+
+ key = talloc_asprintf(NULL, "%s/%s", key_name, sharename);
+ if (key == NULL) {
+@@ -66,11 +67,12 @@ static int fetch_share_cache_time(const char *key_name,
+ return -1;
+ }
+
+- if (tdb_fetch_int64(tdb, key, curr_time) != 0) {
++ if (tdb_fetch_int64(tdb, key, &curr_time64) != 0) {
+ DBG_ERR("No timing record found for[%s]!\n", sharename);
+ TALLOC_FREE(key);
+ return -1;
+ }
++ *curr_time = curr_time64;
+
+ TALLOC_FREE(key);
+ return 0;
=====================================
debian/patches/heimdal-kdc-fix-memset_s-calls-1296.patch
=====================================
@@ -0,0 +1,37 @@
+From: Nicolas Williams <nico at twosigma.com>
+Date: Tue, 20 Jan 2026 16:05:31 -0600
+Subject: kdc: Fix memset_s() calls (fix #1296)
+Origin: upstream, https://github.com/heimdal/heimdal/commit/112a82dd2596e228388c50b4c71b3aa816b86add
+Forwarded: not-needed
+
+---
+ third_party/heimdal/kdc/fast.c | 4 ++--
+ third_party/heimdal/kdc/krb5tgs.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/third_party/heimdal/kdc/fast.c b/third_party/heimdal/kdc/fast.c
+--- a/third_party/heimdal/kdc/fast.c
++++ b/third_party/heimdal/kdc/fast.c
+@@ -844,8 +844,8 @@ _kdc_free_fast_state(KDCFastState *state)
+ PA_DATA *pa = &state->fast_state.val[i];
+
+ if (pa->padata_value.data)
+- memset_s(pa->padata_value.data, 0,
+- pa->padata_value.length, pa->padata_value.length);
++ memset_s(pa->padata_value.data, pa->padata_value.length,
++ 0, pa->padata_value.length);
+ }
+ free_KDCFastState(state);
+ }
+diff --git a/third_party/heimdal/kdc/krb5tgs.c b/third_party/heimdal/kdc/krb5tgs.c
+--- a/third_party/heimdal/kdc/krb5tgs.c
++++ b/third_party/heimdal/kdc/krb5tgs.c
+@@ -2210,7 +2210,7 @@ _kdc_tgs_rep(astgs_request_t r)
+ }
+ free_LastReq(&r->ek.last_req);
+ if (r->et.key.keyvalue.data) {
+- memset_s(r->et.key.keyvalue.data, 0, r->et.key.keyvalue.length,
++ memset_s(r->et.key.keyvalue.data, r->et.key.keyvalue.length, 0,
+ r->et.key.keyvalue.length);
+ }
+ free_EncryptionKey(&r->et.key);
=====================================
debian/patches/series
=====================================
@@ -12,6 +12,8 @@ ldb-no-replace.diff
fix-nfs-service-name-to-nfs-kernel-server.patch
ctdb-config-enable-syslog-by-default.patch
use-explicit_bzero-to-zero-memory.diff
+use-explicit_bzero-to-zero-memory-in-heimdal.diff
+use-explicit_bzero-in-ngtcp2.diff
ctdb_etcd_lock-path.patch
ctdb-create-piddir.patch
silence-waf-uselib_local.diff
@@ -24,3 +26,5 @@ replace-xpg-strerror.patch
libmscat-deps.patch
inline-getprogname.diff
inline-openat2.diff
+fix-non-64bit-time_t-usage.diff
+heimdal-kdc-fix-memset_s-calls-1296.patch
=====================================
debian/patches/use-explicit_bzero-in-ngtcp2.diff
=====================================
@@ -0,0 +1,24 @@
+Subject: use explicit_bzero() to zero memory in ngtcp2
+From: Michael Tokarev <mjt at tls.msk.ru>
+
+third_party/ngtcp2 embedded copy does not call any function to clear
+sensitive piece of memory since there's not enough HAVE_* symbols
+defined by samba-provided wscript_build. Use explicit_bzero() there,
+since it is always provided by glibc.
+
+This embedded copy is not used in debian directly, only when building
+with pkg.samba.builtin-ngtcp2 build profile.
+
+diff --git a/third_party/ngtcp2/lib/ngtcp2_crypto.c b/third_party/ngtcp2/lib/ngtcp2_crypto.c
+--- a/third_party/ngtcp2/lib/ngtcp2_crypto.c
++++ b/third_party/ngtcp2/lib/ngtcp2_crypto.c
+@@ -88,7 +88,5 @@ void ngtcp2_crypto_km_del(ngtcp2_crypto_km *ckm, const ngtcp2_mem *mem) {
+ SecureZeroMemory(ckm->secret.base, ckm->secret.len);
+-#elif defined(HAVE_EXPLICIT_BZERO)
++#else
+ explicit_bzero(ckm->secret.base, ckm->secret.len);
+-#elif defined(HAVE_MEMSET_S)
+- memset_s(ckm->secret.base, ckm->secret.len, 0, ckm->secret.len);
+-#endif /* defined(HAVE_MEMSET_S) */
++#endif
+ }
=====================================
debian/patches/use-explicit_bzero-to-zero-memory-in-heimdal.diff
=====================================
@@ -0,0 +1,35 @@
+Subject: use explicit_bzero to zero memory in heimdal too
+From: Michael Tokarev <mjt at tls.msk.ru>
+
+Samba switched to memset_explicit(), heimdal is still using
+memset_s() - redirect it to explicit_bzero() too, instead of
+providing local redefinition.
+
+diff --git a/third_party/heimdal/lib/roken/roken.h.in b/third_party/heimdal/lib/roken/roken.h.in
+--- a/third_party/heimdal/lib/roken/roken.h.in
++++ b/third_party/heimdal/lib/roken/roken.h.in
+@@ -1320,7 +1320,8 @@ mergesort_r(void *base, size_t nel, size_t width,
+
+ #ifndef HAVE_MEMSET_S
+-#define memset_s rk_memset_s
+-ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL memset_s(void *s, size_t smax,
+- int c, size_t n);
++#include <assert.h>
++#define memset_s(ptr, size, ch, len) \
++ do { static_assert((ch)==0, "memset_s is called with ch!=0"); \
++ explicit_bzero((ptr), (len)); } while (0)
+ #endif
+
+diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build
+--- a/third_party/heimdal_build/wscript_build
++++ b/third_party/heimdal_build/wscript_build
+@@ -376,9 +376,4 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
+ '''
+
+- if not bld.CONFIG_SET('HAVE_MEMSET_S'):
+- ROKEN_SOURCE += '''
+- lib/roken/memset_s.c
+- '''
+-
+ HEIMDAL_LIBRARY('roken',
+ ROKEN_SOURCE,
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/b92200d0dfbc92c43d6e1d1df48afcba69889fe7...0e5d0a8c425e1288a1fb58fdc2cfd955735e4ef4
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/b92200d0dfbc92c43d6e1d1df48afcba69889fe7...0e5d0a8c425e1288a1fb58fdc2cfd955735e4ef4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20260120/4ce0ccf1/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list