Bug#985644: libgssapi-krb5-2: properly dispose of /etc/gss/mech.d/README on upgrades

[Andreas Beckmann]

Package: libgssapi-krb5-2
Version: 1.18.3-4
Severity: important
Tags: patch
User: debian...@lists.debian.org
Usertags: piuparts

libgssapi-krb5-2 does not properly clean up the obsolete 'conffile'
/etc/gss/mech.d/README on upgrades. The file was shipped in stretch
but is not removed on upgrades to buster (or later to bullseye).

This breaks piuparts tests of the upgrade path oldstable -> stable ->
testing because libgssapi-krb5-2 is part of the base system in bullseye
and depending on whether libgssapi-krb5-2 was pulled in as dependency
in stretch, piuparts will complain about the state of
/etc/gss/mech.d/README

While I could work around this ... I'd prefer to see this fixed properly
in bullseye, please apply the attached patch.

Andreas

>From ee77e275cdca4542e4b01bcaedbf2e1dfa0c4212 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann <a...@debian.org>
Date: Sun, 21 Mar 2021 00:42:43 +0100
Subject: [PATCH] properly dispose of /etc/gss/mech.d/README

---
 debian/changelog                    | 12 ++++++++----
 debian/libgssapi-krb5-2.maintscript |  1 +
 debian/libgssapi-krb5-2.postrm      |  9 ---------
 3 files changed, 9 insertions(+), 13 deletions(-)
 create mode 100644 debian/libgssapi-krb5-2.maintscript
 delete mode 100644 debian/libgssapi-krb5-2.postrm

diff --git a/debian/changelog b/debian/changelog
index e7224b125..d5e18f7eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,11 @@
-krb5 (1.18.3-4) unstable; urgency=medium
+krb5 (1.18.3-5) UNRELEASED; urgency=medium
+
+  * Use dpkg-maintscript-helper rm_conffile to properly dispose of
+    /etc/gss/mech.d/README.  (Closes: #xxxxxx)
+
+ -- Andreas Beckmann <a...@debian.org>  Sun, 21 Mar 2021 00:39:12 +0100
 
+krb5 (1.18.3-4) unstable; urgency=medium
 
   * Sigh, either use <= with the old version in the
     libapache-mod-auth-kerb constraint or << with the new version.  <=
@@ -40,7 +46,7 @@ krb5 (1.18.2-1) experimental; urgency=medium
     - Fix input length checking in SPNEGO DER decoding
     - Set lockdown attribute when creating LDAP KDB
     - Add recursion limit for ASN.1 indefinite lengths (CVE-2020-28196,
-    Closes: #973880) 
+    Closes: #973880)
   * Release new upstream to experimental
 
  -- Sam Hartman <hartm...@debian.org>  Mon, 09 Nov 2020 16:28:52 -0500
@@ -2699,5 +2705,3 @@ krb5 (1.2.1-1) unstable; urgency=low
   * Initial Release.
 
  -- Sam Hartman <hartm...@permabit.com>  Thu, 19 Oct 2000 16:05:06 -0400
-
-
diff --git a/debian/libgssapi-krb5-2.maintscript 
b/debian/libgssapi-krb5-2.maintscript
new file mode 100644
index 000000000..0044c9b6b
--- /dev/null
+++ b/debian/libgssapi-krb5-2.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/gss/mech.d/README 1.18.3-5~
diff --git a/debian/libgssapi-krb5-2.postrm b/debian/libgssapi-krb5-2.postrm
deleted file mode 100644
index 95b5e7245..000000000
--- a/debian/libgssapi-krb5-2.postrm
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ $1 = "purge" ] ; then
-    rm -f /etc/gss/mech.d/README 2>/dev/null
-fi
-
-#DEBHELPER#
-- 
2.20.1