MFH: r555585 r557829

security/sssd: update to 1.16.5

This fixes several security vulnerabilities and unexpires
the port because it moves to Python 3.

PR:		241347
Submitted by:	lukas.slebodnik@intrak.sk (initial patch)
Security:	CVE-2018-16838
Security:	CVE-2019-3811

security/sssd: fix SMB option

- use Samba 4.12 instead of the removed Samba 4.10
- use ldb 2.1 instead of ldb 2.0

While here, recognize Kerberos 1.18

PR:		250864
Submitted by:	joerg (patch by Richard Frewin)
Approved by:	maintainer timeout (14 days)

1 files changed, 22 insertions, 0 deletions

diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_child.c b/security/sssd/files/patch-src__providers__ldap__ldap_child.c
new file mode 100644
index 000000000000..745687d00267
--- /dev/null
+++ b/security/sssd/files/patch-src__providers__ldap__ldap_child.c
@@ -0,0 +1,22 @@
+diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c
+index 368bb91e1..1bc86ecb5 100644
+--- src/providers/ldap/ldap_child.c
++++ src/providers/ldap/ldap_child.c
+@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
+             full_princ = talloc_strdup(tmp_ctx, princ_str);
+         }
+     } else {
+-        char hostname[HOST_NAME_MAX + 1];
++        char hostname[_POSIX_HOST_NAME_MAX + 1];
+ 
+-        ret = gethostname(hostname, sizeof(hostname));
++        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
+         if (ret == -1) {
+             krberr = KRB5KRB_ERR_GENERIC;
+             goto done;
+         }
+-        hostname[HOST_NAME_MAX] = '\0';
++        hostname[_POSIX_HOST_NAME_MAX] = '\0';
+ 
+         DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
+