incorporate upstream patch to fix a NULL pointer dereference when the client
supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909)
add patch to avoid dereferencing a NULL pointer in the KDC when handling a
draft9 PKINIT request (#917909, CVE-2012-1016)