Remove Kerberos v4 support vestiges (including ktany support)

Add-function-and-enctype-flag-for-deprecations.patch

@@ -1,4 +1,4 @@
-From 15d1cbd15d4ea8113fc5dd7bc446ca2b99ab4085 Mon Sep 17 00:00:00 2001
+From 461e3a4d81c73db832401592d417489dc0151a2c Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 15 Jan 2019 16:16:57 -0500
 Subject: [PATCH] Add function and enctype flag for deprecations

Add-tests-for-KCM-ccache-type.patch

@@ -1,4 +1,4 @@
-From e863c1e068775d066241edacff2bdb50cf1be27c Mon Sep 17 00:00:00 2001
+From 306c0260dca7809c90dfa9e8889a6bd2401cee84 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 22 Nov 2018 00:27:35 -0500
 Subject: [PATCH] Add tests for KCM ccache type

Address-some-optimized-out-memset-calls.patch

@@ -1,4 +1,4 @@
-From d3690641a5eecf8ee031053bdedbaa4e249cc771 Mon Sep 17 00:00:00 2001
+From 3dd99db324de1492444aab3e5468aea5f1767c6d Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sun, 30 Dec 2018 16:40:28 -0500
 Subject: [PATCH] Address some optimized-out memset() calls

Avoid-allocating-a-register-in-zap-assembly.patch

@@ -1,4 +1,4 @@
-From d8cba3893687a3976569fef97c1614b9b51ad573 Mon Sep 17 00:00:00 2001
+From 26dc343d4e59ef0f80e1ecca09b40f120b79d809 Mon Sep 17 00:00:00 2001
 From: Andreas Schneider <asn@samba.org>
 Date: Thu, 3 Jan 2019 17:19:32 +0100
 Subject: [PATCH] Avoid allocating a register in zap() assembly

Clarify-header-comment-for-krb5_cc_start_seq_get.patch

@@ -1,4 +1,4 @@
-From 7f4af607c9362acc596bc63ca4c46699327d0cae Mon Sep 17 00:00:00 2001
+From 18dd4d5c622238d1607671198cf2b2ddec9abda5 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 2 Apr 2019 14:18:57 -0400
 Subject: [PATCH] Clarify header comment for krb5_cc_start_seq_get()

Fix-memory-leak-in-none-replay-cache-type.patch

@@ -1,4 +1,4 @@
-From 472131596213337ae01b792aef2fb2580738a1df Mon Sep 17 00:00:00 2001
+From 050acb871c242931b3fb51c59461f22555046d19 Mon Sep 17 00:00:00 2001
 From: Corene Casper <C.Casper@Dell.com>
 Date: Sat, 16 Feb 2019 00:49:26 -0500
 Subject: [PATCH] Fix memory leak in 'none' replay cache type

Implement-krb5_cc_remove_cred-for-remaining-types.patch

@@ -1,4 +1,4 @@
-From f1449621399def78384c34216454bd1dfceefb8f Mon Sep 17 00:00:00 2001
+From 57ce492d6700ca6417cc43f3e97e0186b2cdfa90 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Mon, 1 Apr 2019 14:28:48 -0400
 Subject: [PATCH] Implement krb5_cc_remove_cred for remaining types

In-kpropd-debug-log-proper-ticket-enctype-names.patch

@@ -1,4 +1,4 @@
-From 220762a0bdc5151a0d4a25bc7e56251ef351b560 Mon Sep 17 00:00:00 2001
+From c06d20bf241059059cc3ffd810a44e310ff9970d Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 15 Jan 2019 13:41:16 -0500
 Subject: [PATCH] In kpropd, debug-log proper ticket enctype names

In-rd_req_dec-always-log-non-permitted-enctypes.patch

@@ -1,4 +1,4 @@
-From 28528d8169d9af3830b3a162c525a8e1a71f05f4 Mon Sep 17 00:00:00 2001
+From 6a316b681a2e0b6917285b9a0cdde605d463288b Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Mon, 14 Jan 2019 17:14:42 -0500
 Subject: [PATCH] In rd_req_dec, always log non-permitted enctypes

Make-etype-names-in-KDC-logs-human-readable.patch

@@ -1,4 +1,4 @@
-From d32d0cfbbe1386b2cf9b31682df4c35ccc029bda Mon Sep 17 00:00:00 2001
+From 2a8005296c3da39f6d0c6ecd48b950447897af91 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 8 Jan 2019 17:42:35 -0500
 Subject: [PATCH] Make etype names in KDC logs human-readable

Mark-deprecated-enctypes-when-used.patch

@@ -1,4 +1,4 @@
-From 0f4d9265c808a1e78fb90b54d39e58f3f89e672f Mon Sep 17 00:00:00 2001
+From 6d265afd53ead9290948b5ba07438b6a91939bfd Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 10 Jan 2019 16:34:54 -0500
 Subject: [PATCH] Mark deprecated enctypes when used

Properly-size-ifdef-in-k5_cccol_lock.patch

@@ -1,4 +1,4 @@
-From 8bdcbe143adc71918bd6e5f2e075df6b8e31267a Mon Sep 17 00:00:00 2001
+From ec9e4597188234e402cd318aebe0fa0a3587a993 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 14 Feb 2019 11:50:35 -0500
 Subject: [PATCH] Properly size #ifdef in k5_cccol_lock()

Remove-ccapi-related-comments-in-configure.ac.patch

@@ -0,0 +1,34 @@
+From 1f214b1265bde1d8f6c9b99af0755ca8f5463385 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 3 Apr 2019 16:01:22 -0400
+Subject: [PATCH] Remove ccapi-related comments in configure.ac
+
+These suggested ccapi is buildable on non-Windows, and empirically it
+is not.
+
+(cherry picked from commit eb48b176bccf3634b9c82f588dce85125a5c4bd8)
+---
+ src/configure.in | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/configure.in b/src/configure.in
+index 7c309a26b..8d781a7c8 100644
+--- a/src/configure.in
++++ b/src/configure.in
+@@ -1450,7 +1450,6 @@ V5_AC_OUTPUT_MAKEFILE(.
+ 	lib/crypto/crypto_tests
+ 
+ 	lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
+-dnl	lib/krb5/ccache/ccapi
+ 	lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os
+ 	lib/krb5/unicode
+ 
+@@ -1463,8 +1462,6 @@ dnl	lib/krb5/ccache/ccapi
+ 	lib/krad
+ 	lib/apputils
+ 
+-dnl	ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test
+-
+ 	kdc kprop config-files build-tools man doc include
+ 
+ 	plugins/certauth/test

Remove-kadmin-RPC-support-for-setting-v4-key.patch

@@ -0,0 +1,466 @@
+From a2fc99321c797c1534f6314d17560c622ec93418 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 4 Apr 2019 16:14:46 -0400
+Subject: [PATCH] Remove kadmin RPC support for setting v4 key
+
+ticket: 8794 (new)
+(cherry picked from commit 752187a441ed0f301f1a8adb1fea843080ac8c97)
+---
+ src/kadmin/server/kadm_rpc_svc.c            |   7 --
+ src/kadmin/server/ovsec_kadmd.c             |   2 +-
+ src/kadmin/server/server_stubs.c            |  50 ---------
+ src/lib/kadm5/admin.h                       |   3 -
+ src/lib/kadm5/admin_xdr.h                   |   1 -
+ src/lib/kadm5/clnt/Makefile.in              |   2 +-
+ src/lib/kadm5/clnt/client_principal.c       |  22 ----
+ src/lib/kadm5/clnt/client_rpc.c             |   8 --
+ src/lib/kadm5/clnt/libkadm5clnt_mit.exports |   2 -
+ src/lib/kadm5/kadm_rpc.h                    |  16 +--
+ src/lib/kadm5/kadm_rpc_xdr.c                |  19 ----
+ src/lib/kadm5/srv/Makefile.in               |   2 +-
+ src/lib/kadm5/srv/libkadm5srv_mit.exports   |   2 -
+ src/lib/kadm5/srv/svr_principal.c           | 118 --------------------
+ 14 files changed, 6 insertions(+), 248 deletions(-)
+
+diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c
+index 41fc88ac8..d343e2c25 100644
+--- a/src/kadmin/server/kadm_rpc_svc.c
++++ b/src/kadmin/server/kadm_rpc_svc.c
+@@ -53,7 +53,6 @@ void kadm_1(rqstp, transp)
+ 	  mpol_arg modify_policy_2_arg;
+ 	  gpol_arg get_policy_2_arg;
+ 	  setkey_arg setkey_principal_2_arg;
+-	  setv4key_arg setv4key_principal_2_arg;
+ 	  cprinc3_arg create_principal3_2_arg;
+ 	  chpass3_arg chpass_principal3_2_arg;
+ 	  chrand3_arg chrand_principal3_2_arg;
+@@ -134,12 +133,6 @@ void kadm_1(rqstp, transp)
+ 	  local = (bool_t (*)()) chpass_principal_2_svc;
+ 	  break;
+ 
+-     case SETV4KEY_PRINCIPAL:
+-	  xdr_argument = xdr_setv4key_arg;
+-	  xdr_result = xdr_generic_ret;
+-	  local = (bool_t (*)()) setv4key_principal_2_svc;
+-	  break;
+-
+      case SETKEY_PRINCIPAL:
+ 	  xdr_argument = xdr_setkey_arg;
+ 	  xdr_result = xdr_generic_ret;
+diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
+index 6a6b21401..3737791b6 100644
+--- a/src/kadmin/server/ovsec_kadmd.c
++++ b/src/kadmin/server/ovsec_kadmd.c
+@@ -227,7 +227,7 @@ log_badverf(gss_name_t client_name, gss_name_t server_name,
+         {14, "GET_PRINCS"},
+         {15, "GET_POLS"},
+         {16, "SETKEY_PRINCIPAL"},
+-        {17, "SETV4KEY_PRINCIPAL"},
++        /* 17 was "SETV4KEY_PRINCIPAL" */
+         {18, "CREATE_PRINCIPAL3"},
+         {19, "CHPASS_PRINCIPAL3"},
+         {20, "CHRAND_PRINCIPAL3"},
+diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
+index cfef97fec..d5a25e502 100644
+--- a/src/kadmin/server/server_stubs.c
++++ b/src/kadmin/server/server_stubs.c
+@@ -893,56 +893,6 @@ exit_func:
+     return TRUE;
+ }
+ 
+-bool_t
+-setv4key_principal_2_svc(setv4key_arg *arg, generic_ret *ret,
+-                         struct svc_req *rqstp)
+-{
+-    char                            *prime_arg = NULL;
+-    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+-    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+-    kadm5_server_handle_t           handle;
+-    const char                      *errmsg = NULL;
+-
+-    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+-                           &ret->api_version, &client_name, &service_name,
+-                           &prime_arg);
+-    if (ret->code)
+-        goto exit_func;
+-
+-    ret->code = check_lockdown_keys(handle, arg->princ);
+-    if (ret->code != KADM5_OK) {
+-        if (ret->code == KADM5_PROTECT_KEYS) {
+-            log_unauth("kadm5_setv4key_principal", prime_arg, &client_name,
+-                       &service_name, rqstp);
+-            ret->code = KADM5_AUTH_SETKEY;
+-        }
+-    } else if (!(CHANGEPW_SERVICE(rqstp)) &&
+-               stub_auth(handle, OP_SETKEY, arg->princ, NULL, NULL, NULL)) {
+-        ret->code = kadm5_setv4key_principal(handle, arg->princ,
+-                                             arg->keyblock);
+-    } else {
+-        log_unauth("kadm5_setv4key_principal", prime_arg,
+-                   &client_name, &service_name, rqstp);
+-        ret->code = KADM5_AUTH_SETKEY;
+-    }
+-
+-    if (ret->code != KADM5_AUTH_SETKEY) {
+-        if (ret->code != 0)
+-            errmsg = krb5_get_error_message(handle->context, ret->code);
+-
+-        log_done("kadm5_setv4key_principal", prime_arg, errmsg,
+-                 &client_name, &service_name, rqstp);
+-
+-        if (errmsg != NULL)
+-            krb5_free_error_message(handle->context, errmsg);
+-    }
+-
+-exit_func:
+-    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+-    return TRUE;
+-}
+-
+-
+ bool_t
+ setkey_principal_2_svc(setkey_arg *arg, generic_ret *ret,
+                        struct svc_req *rqstp)
+diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
+index b765148b3..7268be44e 100644
+--- a/src/lib/kadm5/admin.h
++++ b/src/lib/kadm5/admin.h
+@@ -394,9 +394,6 @@ kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
+                                          krb5_key_salt_tuple *ks_tuple,
+                                          krb5_keyblock **keyblocks,
+                                          int *n_keys);
+-kadm5_ret_t    kadm5_setv4key_principal(void *server_handle,
+-                                        krb5_principal principal,
+-                                        krb5_keyblock *keyblock);
+ 
+ kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
+                                       krb5_principal principal,
+diff --git a/src/lib/kadm5/admin_xdr.h b/src/lib/kadm5/admin_xdr.h
+index 2d22611e7..9da98451e 100644
+--- a/src/lib/kadm5/admin_xdr.h
++++ b/src/lib/kadm5/admin_xdr.h
+@@ -37,7 +37,6 @@ bool_t	    xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp);
+ bool_t	    xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp);
+ bool_t	    xdr_chpass_arg(XDR *xdrs, chpass_arg *objp);
+ bool_t      xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp);
+-bool_t      xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp);
+ bool_t      xdr_setkey_arg(XDR *xdrs, setkey_arg *objp);
+ bool_t      xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp);
+ bool_t      xdr_setkey4_arg(XDR *xdrs, setkey4_arg *objp);
+diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in
+index a180e85cd..2bc385afe 100644
+--- a/src/lib/kadm5/clnt/Makefile.in
++++ b/src/lib/kadm5/clnt/Makefile.in
+@@ -3,7 +3,7 @@ BUILDTOP=$(REL)..$(S)..$(S)..
+ LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
+ 
+ LIBBASE=kadm5clnt_mit
+-LIBMAJOR=11
++LIBMAJOR=12
+ LIBMINOR=0
+ STOBJLISTS=../OBJS.ST OBJS.ST
+ SHLIB_EXPDEPS=\
+diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c
+index 18714bf37..96d9d1932 100644
+--- a/src/lib/kadm5/clnt/client_principal.c
++++ b/src/lib/kadm5/clnt/client_principal.c
+@@ -273,28 +273,6 @@ kadm5_chpass_principal_3(void *server_handle,
+     return r.code;
+ }
+ 
+-kadm5_ret_t
+-kadm5_setv4key_principal(void *server_handle,
+-                         krb5_principal princ,
+-                         krb5_keyblock *keyblock)
+-{
+-    setv4key_arg        arg;
+-    generic_ret         r = { 0, 0 };
+-    kadm5_server_handle_t handle = server_handle;
+-
+-    CHECK_HANDLE(server_handle);
+-
+-    arg.princ = princ;
+-    arg.keyblock = keyblock;
+-    arg.api_version = handle->api_version;
+-
+-    if(princ == NULL || keyblock == NULL)
+-        return EINVAL;
+-    if (setv4key_principal_2(&arg, &r, handle->clnt))
+-        eret();
+-    return r.code;
+-}
+-
+ kadm5_ret_t
+ kadm5_setkey_principal(void *server_handle,
+                        krb5_principal princ,
+diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c
+index df5455fd8..d84d158b4 100644
+--- a/src/lib/kadm5/clnt/client_rpc.c
++++ b/src/lib/kadm5/clnt/client_rpc.c
+@@ -84,14 +84,6 @@ chpass_principal3_2(chpass3_arg *argp, generic_ret *res, CLIENT *clnt)
+ 			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+ }
+ 
+-enum clnt_stat
+-setv4key_principal_2(setv4key_arg *argp, generic_ret *res, CLIENT *clnt)
+-{
+-	return clnt_call(clnt, SETV4KEY_PRINCIPAL,
+-			 (xdrproc_t)xdr_setv4key_arg, (caddr_t)argp,
+-			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+-}
+-
+ enum clnt_stat
+ setkey_principal_2(setkey_arg *argp, generic_ret *res, CLIENT *clnt)
+ {
+diff --git a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
+index f122b31ab..e41c8e4f7 100644
+--- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
++++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
+@@ -44,7 +44,6 @@ kadm5_set_string
+ kadm5_setkey_principal
+ kadm5_setkey_principal_3
+ kadm5_setkey_principal_4
+-kadm5_setv4key_principal
+ kadm5_unlock
+ krb5_aprof_finish
+ krb5_aprof_get_boolean
+@@ -114,6 +113,5 @@ xdr_rprinc_arg
+ xdr_setkey3_arg
+ xdr_setkey4_arg
+ xdr_setkey_arg
+-xdr_setv4key_arg
+ xdr_ui_4
+ kadm5_init_iprop
+diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h
+index 8d7cf3b36..5099c6c14 100644
+--- a/src/lib/kadm5/kadm_rpc.h
++++ b/src/lib/kadm5/kadm_rpc.h
+@@ -82,13 +82,6 @@ struct chpass3_arg {
+ };
+ typedef struct chpass3_arg chpass3_arg;
+ 
+-struct setv4key_arg {
+-	krb5_ui_4 api_version;
+-	krb5_principal princ;
+-	krb5_keyblock *keyblock;
+-};
+-typedef struct setv4key_arg setv4key_arg;
+-
+ struct setkey_arg {
+ 	krb5_ui_4 api_version;
+ 	krb5_principal princ;
+@@ -322,11 +315,9 @@ extern  enum clnt_stat setkey_principal_2(setkey_arg *, generic_ret *,
+ 					  CLIENT *);
+ extern  bool_t setkey_principal_2_svc(setkey_arg *, generic_ret *,
+ 				      struct svc_req *);
+-#define SETV4KEY_PRINCIPAL 17
+-extern  enum clnt_stat setv4key_principal_2(setv4key_arg *, generic_ret *,
+-					    CLIENT *);
+-extern  bool_t setv4key_principal_2_svc(setv4key_arg *, generic_ret *,
+-					struct svc_req *);
++
++/* 17 was SETV4KEY_PRINCIPAL (removed in 1.18). */
++
+ #define CREATE_PRINCIPAL3 18
+ extern  enum clnt_stat create_principal3_2(cprinc3_arg *, generic_ret *,
+ 					   CLIENT *);
+@@ -380,7 +371,6 @@ extern bool_t xdr_gprincs_arg ();
+ extern bool_t xdr_gprincs_ret ();
+ extern bool_t xdr_chpass_arg ();
+ extern bool_t xdr_chpass3_arg ();
+-extern bool_t xdr_setv4key_arg ();
+ extern bool_t xdr_setkey_arg ();
+ extern bool_t xdr_setkey3_arg ();
+ extern bool_t xdr_setkey4_arg ();
+diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
+index 2892d4147..745ee857e 100644
+--- a/src/lib/kadm5/kadm_rpc_xdr.c
++++ b/src/lib/kadm5/kadm_rpc_xdr.c
+@@ -710,25 +710,6 @@ xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp)
+ 	return (TRUE);
+ }
+ 
+-bool_t
+-xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp)
+-{
+-	unsigned int n_keys = 1;
+-
+-	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+-		return (FALSE);
+-	}
+-	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+-		return (FALSE);
+-	}
+-	if (!xdr_array(xdrs, (caddr_t *) &objp->keyblock,
+-		       &n_keys, ~0,
+-		       sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
+-		return (FALSE);
+-	}
+-	return (TRUE);
+-}
+-
+ bool_t
+ xdr_setkey_arg(XDR *xdrs, setkey_arg *objp)
+ {
+diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
+index 617d65666..89e6097cf 100644
+--- a/src/lib/kadm5/srv/Makefile.in
++++ b/src/lib/kadm5/srv/Makefile.in
+@@ -9,7 +9,7 @@ DEFINES = @HESIOD_DEFS@
+ ##DOSLIBNAME = libkadm5srv.lib
+ 
+ LIBBASE=kadm5srv_mit
+-LIBMAJOR=11
++LIBMAJOR=12
+ LIBMINOR=0
+ STOBJLISTS=../OBJS.ST OBJS.ST
+ 
+diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports
+index 64ad5dd69..e3c04e690 100644
+--- a/src/lib/kadm5/srv/libkadm5srv_mit.exports
++++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports
+@@ -45,7 +45,6 @@ kadm5_set_string
+ kadm5_setkey_principal
+ kadm5_setkey_principal_3
+ kadm5_setkey_principal_4
+-kadm5_setv4key_principal
+ kadm5_unlock
+ kdb_delete_entry
+ kdb_free_entry
+@@ -133,7 +132,6 @@ xdr_rprinc_arg
+ xdr_setkey3_arg
+ xdr_setkey4_arg
+ xdr_setkey_arg
+-xdr_setv4key_arg
+ xdr_sstring_arg
+ xdr_ui_4
+ kadm5_init_iprop
+diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
+index 9ab2c5a74..48cac0c11 100644
+--- a/src/lib/kadm5/srv/svr_principal.c
++++ b/src/lib/kadm5/srv/svr_principal.c
+@@ -1645,124 +1645,6 @@ done:
+     return ret;
+ }
+ 
+-/*
+- * kadm5_setv4key_principal:
+- *
+- * Set only ONE key of the principal, removing all others.  This key
+- * must have the DES_CBC_CRC enctype and is entered as having the
+- * krb4 salttype.  This is to enable things like kadmind4 to work.
+- */
+-kadm5_ret_t
+-kadm5_setv4key_principal(void *server_handle,
+-                         krb5_principal principal,
+-                         krb5_keyblock *keyblock)
+-{
+-    krb5_db_entry               *kdb;
+-    osa_princ_ent_rec           adb;
+-    krb5_timestamp              now;
+-    kadm5_policy_ent_rec        pol;
+-    krb5_keysalt                keysalt;
+-    int                         i, kvno, ret;
+-    krb5_boolean                have_pol = FALSE;
+-    kadm5_server_handle_t       handle = server_handle;
+-    krb5_key_data               tmp_key_data;
+-    krb5_keyblock               *act_mkey;
+-
+-    memset( &tmp_key_data, 0, sizeof(tmp_key_data));
+-
+-    CHECK_HANDLE(server_handle);
+-
+-    krb5_clear_error_message(handle->context);
+-
+-    if (principal == NULL || keyblock == NULL)
+-        return EINVAL;
+-    if (hist_princ && /* this will be NULL when initializing the databse */
+-        ((krb5_principal_compare(handle->context,
+-                                 principal, hist_princ)) == TRUE))
+-        return KADM5_PROTECT_PRINCIPAL;
+-
+-    if (keyblock->enctype != ENCTYPE_DES_CBC_CRC)
+-        return KADM5_SETV4KEY_INVAL_ENCTYPE;
+-
+-    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
+-        return(ret);
+-
+-    for (kvno = 0, i=0; i<kdb->n_key_data; i++)
+-        if (kdb->key_data[i].key_data_kvno > kvno)
+-            kvno = kdb->key_data[i].key_data_kvno;
+-
+-    if (kdb->key_data != NULL)
+-        cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
+-
+-    kdb->key_data = calloc(1, sizeof(krb5_key_data));
+-    if (kdb->key_data == NULL)
+-        return ENOMEM;
+-    kdb->n_key_data = 1;
+-    keysalt.type = KRB5_KDB_SALTTYPE_V4;
+-    /* XXX data.magic? */
+-    keysalt.data.length = 0;
+-    keysalt.data.data = NULL;
+-
+-    ret = kdb_get_active_mkey(handle, NULL, &act_mkey);
+-    if (ret)
+-        goto done;
+-
+-    /* use tmp_key_data as temporary location and reallocate later */
+-    ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, keyblock,
+-                                    &keysalt, kvno + 1, kdb->key_data);
+-    if (ret) {
+-        goto done;
+-    }
+-
+-    kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+-
+-    ret = krb5_timeofday(handle->context, &now);
+-    if (ret)
+-        goto done;
+-
+-    if ((adb.aux_attributes & KADM5_POLICY)) {
+-        ret = get_policy(handle, adb.policy, &pol, &have_pol);
+-        if (ret)
+-            goto done;
+-    }
+-    if (have_pol) {
+-        if (pol.pw_max_life)
+-            kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
+-        else
+-            kdb->pw_expiration = 0;
+-    } else {
+-        kdb->pw_expiration = 0;
+-    }
+-
+-    ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
+-    if (ret)
+-        goto done;
+-
+-    /* unlock principal on this KDC */
+-    kdb->fail_auth_count = 0;
+-
+-    /* key data changed, let the database provider know */
+-    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+-
+-    if ((ret = kdb_put_entry(handle, kdb, &adb)))
+-        goto done;
+-
+-    ret = KADM5_OK;
+-done:
+-    for (i = 0; i < tmp_key_data.key_data_ver; i++) {
+-        if (tmp_key_data.key_data_contents[i]) {
+-            memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+-            free (tmp_key_data.key_data_contents[i]);
+-        }
+-    }
+-
+-    kdb_free_entry(handle, kdb, &adb);
+-    if (have_pol)
+-        kadm5_free_policy_ent(handle->lhandle, &pol);
+-
+-    return ret;
+-}
+-
+ kadm5_ret_t
+ kadm5_setkey_principal(void *server_handle,
+                        krb5_principal principal,

krb5-1.11-kpasswdtest.patch

@@ -1,4 +1,4 @@
-From d4035585df4b3132d1897067d6c452cc06aa16dd Mon Sep 17 00:00:00 2001
+From 1da0d2fdbd9cb2ded1913e05664986dce1e1a916 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:52:01 -0400
 Subject: [PATCH] krb5-1.11-kpasswdtest.patch

krb5-1.11-run_user_0.patch

@@ -1,4 +1,4 @@
-From 3d09297c65f27033cce8abbab2e50716abdae48f Mon Sep 17 00:00:00 2001
+From c95d33cc1c66122bc229beb65d36f988fbd05e59 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:49:57 -0400
 Subject: [PATCH] krb5-1.11-run_user_0.patch

krb5-1.12-api.patch

@@ -1,4 +1,4 @@
-From f267d34d0dea6778c700036b89156fc17ca506e9 Mon Sep 17 00:00:00 2001
+From 4ddac573dfc8fea30b5f8750c8c0733c553afcfa Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:47:00 -0400
 Subject: [PATCH] krb5-1.12-api.patch

krb5-1.12-ktany.patch

@@ -1,366 +0,0 @@
-From c93c099e3d3e0a78393e7445fe17d58cf1abc666 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Tue, 23 Aug 2016 16:33:53 -0400
-Subject: [PATCH] krb5-1.12-ktany.patch
-
-Adds an "ANY" keytab type which is a list of other keytab locations to search
-when searching for a specific entry.  When iterated through, it only presents
-the contents of the first keytab.
----
- src/lib/krb5/keytab/Makefile.in |   3 +
- src/lib/krb5/keytab/kt_any.c    | 292 ++++++++++++++++++++++++++++++++
- src/lib/krb5/keytab/ktbase.c    |   7 +-
- 3 files changed, 301 insertions(+), 1 deletion(-)
- create mode 100644 src/lib/krb5/keytab/kt_any.c
-
-diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
-index 2a8fceb00..ffd179fb2 100644
---- a/src/lib/krb5/keytab/Makefile.in
-+++ b/src/lib/krb5/keytab/Makefile.in
-@@ -12,6 +12,7 @@ STLIBOBJS= \
- 	ktfr_entry.o	\
- 	ktremove.o	\
- 	ktfns.o		\
-+	kt_any.o	\
- 	kt_file.o	\
- 	kt_memory.o	\
- 	kt_srvtab.o	\
-@@ -24,6 +25,7 @@ OBJS=	\
- 	$(OUTPRE)ktfr_entry.$(OBJEXT)	\
- 	$(OUTPRE)ktremove.$(OBJEXT)	\
- 	$(OUTPRE)ktfns.$(OBJEXT)	\
-+	$(OUTPRE)kt_any.$(OBJEXT)	\
- 	$(OUTPRE)kt_file.$(OBJEXT)	\
- 	$(OUTPRE)kt_memory.$(OBJEXT)	\
- 	$(OUTPRE)kt_srvtab.$(OBJEXT)	\
-@@ -36,6 +38,7 @@ SRCS=	\
- 	$(srcdir)/ktfr_entry.c	\
- 	$(srcdir)/ktremove.c	\
- 	$(srcdir)/ktfns.c	\
-+	$(srcdir)/kt_any.c	\
- 	$(srcdir)/kt_file.c	\
- 	$(srcdir)/kt_memory.c	\
- 	$(srcdir)/kt_srvtab.c	\
-diff --git a/src/lib/krb5/keytab/kt_any.c b/src/lib/krb5/keytab/kt_any.c
-new file mode 100644
-index 000000000..1b9b7765b
---- /dev/null
-+++ b/src/lib/krb5/keytab/kt_any.c
-@@ -0,0 +1,292 @@
-+/*
-+ * lib/krb5/keytab/kt_any.c
-+ *
-+ * Copyright 1998, 1999 by the Massachusetts Institute of Technology.
-+ * All Rights Reserved.
-+ *
-+ * Export of this software from the United States of America may
-+ *   require a specific license from the United States Government.
-+ *   It is the responsibility of any person or organization contemplating
-+ *   export to obtain such a license before exporting.
-+ * 
-+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-+ * distribute this software and its documentation for any purpose and
-+ * without fee is hereby granted, provided that the above copyright
-+ * notice appear in all copies and that both that copyright notice and
-+ * this permission notice appear in supporting documentation, and that
-+ * the name of M.I.T. not be used in advertising or publicity pertaining
-+ * to distribution of the software without specific, written prior
-+ * permission.  M.I.T. makes no representations about the suitability of
-+ * this software for any purpose.  It is provided "as is" without express
-+ * or implied warranty.
-+ * 
-+ *
-+ * krb5_kta_ops
-+ */
-+
-+#include "k5-int.h"
-+
-+typedef struct _krb5_ktany_data {
-+    char *name;
-+    krb5_keytab *choices;
-+    int nchoices;
-+} krb5_ktany_data;
-+
-+typedef struct _krb5_ktany_cursor_data {
-+    int which;
-+    krb5_kt_cursor cursor;
-+} krb5_ktany_cursor_data;
-+
-+static krb5_error_code krb5_ktany_resolve
-+	          (krb5_context,
-+		   const char *,
-+		   krb5_keytab *);
-+static krb5_error_code krb5_ktany_get_name
-+	          (krb5_context context,
-+		   krb5_keytab id,
-+		   char *name,
-+		   unsigned int len);
-+static krb5_error_code krb5_ktany_close
-+	          (krb5_context context,
-+		   krb5_keytab id);
-+static krb5_error_code krb5_ktany_get_entry
-+	          (krb5_context context,
-+		   krb5_keytab id,
-+		   krb5_const_principal principal,
-+		   krb5_kvno kvno,
-+		   krb5_enctype enctype,
-+		   krb5_keytab_entry *entry);
-+static krb5_error_code krb5_ktany_start_seq_get
-+	          (krb5_context context,
-+		   krb5_keytab id,
-+		   krb5_kt_cursor *cursorp);
-+static krb5_error_code krb5_ktany_next_entry
-+	          (krb5_context context,
-+		   krb5_keytab id,
-+		   krb5_keytab_entry *entry,
-+		   krb5_kt_cursor *cursor);
-+static krb5_error_code krb5_ktany_end_seq_get
-+	          (krb5_context context,
-+		   krb5_keytab id,
-+		   krb5_kt_cursor *cursor);
-+static void cleanup
-+	          (krb5_context context,
-+		   krb5_ktany_data *data,
-+		   int nchoices);
-+
-+struct _krb5_kt_ops krb5_kta_ops = {
-+    0,
-+    "ANY", 	/* Prefix -- this string should not appear anywhere else! */
-+    krb5_ktany_resolve,
-+    krb5_ktany_get_name,
-+    krb5_ktany_close,
-+    krb5_ktany_get_entry,
-+    krb5_ktany_start_seq_get,
-+    krb5_ktany_next_entry,
-+    krb5_ktany_end_seq_get,
-+    NULL,
-+    NULL,
-+    NULL,
-+};
-+
-+static krb5_error_code
-+krb5_ktany_resolve(context, name, id)
-+    krb5_context context;
-+    const char *name;
-+    krb5_keytab *id;
-+{
-+    const char *p, *q;
-+    char *copy;
-+    krb5_error_code kerror;
-+    krb5_ktany_data *data;
-+    int i;
-+
-+    /* Allocate space for our data and remember a copy of the name. */
-+    if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL)
-+	return(ENOMEM);
-+    if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) {
-+	free(data);
-+	return(ENOMEM);
-+    }
-+    strcpy(data->name, name);
-+
-+    /* Count the number of choices and allocate memory for them. */
-+    data->nchoices = 1;
-+    for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1)
-+	data->nchoices++;
-+    if ((data->choices = (krb5_keytab *)
-+	 malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) {
-+	free(data->name);
-+	free(data);
-+	return(ENOMEM);
-+    }
-+
-+    /* Resolve each of the choices. */
-+    i = 0;
-+    for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) {
-+	/* Make a copy of the choice name so we can terminate it. */
-+	if ((copy = (char *)malloc(q - p + 1)) == NULL) {
-+	    cleanup(context, data, i);
-+	    return(ENOMEM);
-+	}
-+	memcpy(copy, p, q - p);
-+	copy[q - p] = 0;
-+
-+	/* Try resolving the choice name. */
-+	kerror = krb5_kt_resolve(context, copy, &data->choices[i]);
-+	free(copy);
-+	if (kerror) {
-+	    cleanup(context, data, i);
-+	    return(kerror);
-+	}
-+	i++;
-+    }
-+    if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) {
-+	cleanup(context, data, i);
-+	return(kerror);
-+    }
-+
-+    /* Allocate and fill in an ID for the caller. */
-+    if ((*id = (krb5_keytab)malloc(sizeof(**id))) == NULL) {
-+	cleanup(context, data, i);
-+	return(ENOMEM);
-+    }
-+    (*id)->ops = &krb5_kta_ops;
-+    (*id)->data = (krb5_pointer)data;
-+    (*id)->magic = KV5M_KEYTAB;
-+
-+    return(0);
-+}
-+
-+static krb5_error_code
-+krb5_ktany_get_name(context, id, name, len)
-+    krb5_context context;
-+    krb5_keytab id;
-+    char *name;
-+    unsigned int len;
-+{
-+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
-+
-+    if (len < strlen(data->name) + 1)
-+	return(KRB5_KT_NAME_TOOLONG);
-+    strcpy(name, data->name);
-+    return(0);
-+}
-+
-+static krb5_error_code
-+krb5_ktany_close(context, id)
-+    krb5_context context;
-+    krb5_keytab id;
-+{
-+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
-+
-+    cleanup(context, data, data->nchoices);
-+    id->ops = 0;
-+    free(id);
-+    return(0);
-+}
-+
-+static krb5_error_code
-+krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry)
-+    krb5_context context;
-+    krb5_keytab id;
-+    krb5_const_principal principal;
-+    krb5_kvno kvno;
-+    krb5_enctype enctype;
-+    krb5_keytab_entry *entry;
-+{
-+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
-+    krb5_error_code kerror = KRB5_KT_NOTFOUND;
-+    int i;
-+
-+    for (i = 0; i < data->nchoices; i++) {
-+	if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal,
-+					kvno, enctype, entry)) != ENOENT)
-+	    return kerror;
-+    }
-+    return kerror;
-+}
-+
-+static krb5_error_code
-+krb5_ktany_start_seq_get(context, id, cursorp)
-+    krb5_context context;
-+    krb5_keytab id;
-+    krb5_kt_cursor *cursorp;
-+{
-+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
-+    krb5_ktany_cursor_data *cdata;
-+    krb5_error_code kerror = ENOENT;
-+    int i;
-+
-+    if ((cdata = (krb5_ktany_cursor_data *)
-+	 malloc(sizeof(krb5_ktany_cursor_data))) == NULL)
-+	return(ENOMEM);
-+
-+    /* Find a choice which can handle the serialization request. */
-+    for (i = 0; i < data->nchoices; i++) {
-+	if ((kerror = krb5_kt_start_seq_get(context, data->choices[i],
-+					    &cdata->cursor)) == 0)
-+	    break;
-+	else if (kerror != ENOENT) {
-+	    free(cdata);
-+	    return(kerror);
-+	}
-+    }
-+
-+    if (i == data->nchoices) {
-+	/* Everyone returned ENOENT, so no go. */
-+	free(cdata);
-+	return(kerror);
-+    }
-+
-+    cdata->which = i;
-+    *cursorp = (krb5_kt_cursor)cdata;
-+    return(0);
-+}
-+
-+static krb5_error_code
-+krb5_ktany_next_entry(context, id, entry, cursor)
-+    krb5_context context;
-+    krb5_keytab id;
-+    krb5_keytab_entry *entry;
-+    krb5_kt_cursor *cursor;
-+{
-+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
-+    krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
-+    krb5_keytab choice_id;
-+
-+    choice_id = data->choices[cdata->which];
-+    return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor));
-+}
-+
-+static krb5_error_code
-+krb5_ktany_end_seq_get(context, id, cursor)
-+    krb5_context context;
-+    krb5_keytab id;
-+    krb5_kt_cursor *cursor;
-+{
-+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
-+    krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
-+    krb5_keytab choice_id;
-+    krb5_error_code kerror;
-+
-+    choice_id = data->choices[cdata->which];
-+    kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor);
-+    free(cdata);
-+    return(kerror);
-+}
-+
-+static void
-+cleanup(context, data, nchoices)
-+    krb5_context context;
-+    krb5_ktany_data *data;
-+    int nchoices;
-+{
-+    int i;
-+
-+    free(data->name);
-+    for (i = 0; i < nchoices; i++)
-+	krb5_kt_close(context, data->choices[i]);
-+    free(data->choices);
-+    free(data);
-+}
-diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
-index 0d39b2940..6534d7c52 100644
---- a/src/lib/krb5/keytab/ktbase.c
-+++ b/src/lib/krb5/keytab/ktbase.c
-@@ -57,14 +57,19 @@ extern const krb5_kt_ops krb5_ktf_ops;
- extern const krb5_kt_ops krb5_ktf_writable_ops;
- extern const krb5_kt_ops krb5_kts_ops;
- extern const krb5_kt_ops krb5_mkt_ops;
-+extern const krb5_kt_ops krb5_kta_ops;
- 
- struct krb5_kt_typelist {
-     const krb5_kt_ops *ops;
-     const struct krb5_kt_typelist *next;
- };
-+static struct krb5_kt_typelist krb5_kt_typelist_any = {
-+    &krb5_kta_ops,
-+    NULL
-+};
- const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
-     &krb5_kts_ops,
--    NULL
-+    &krb5_kt_typelist_any
- };
- const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
-     &krb5_mkt_ops,

krb5-1.13-dirsrv-accountlock.patch

@@ -1,4 +1,4 @@
-From 3da19a991cce8861c092ed1341d9cd7837b2f6f7 Mon Sep 17 00:00:00 2001
+From 10f64f13ee3d44a31bcdc124e9ce721bc17b3e00 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:47:44 -0400
 Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch

krb5-1.15-beta1-buildconf.patch

@@ -1,4 +1,4 @@
-From 7b457b5b4130208745b8c592e53e42c10f356e27 Mon Sep 17 00:00:00 2001
+From fd8c1f7e68fd999c07ca47243ef85ac726f775ce Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:45:26 -0400
 Subject: [PATCH] krb5-1.15-beta1-buildconf.patch

krb5-1.17-Become-FIPS-aware.patch

@@ -1,7 +1,7 @@
-From 9f5fbf191d74cae9b28d318fff4c80d3d3e49c86 Mon Sep 17 00:00:00 2001
+From 15c0aec4315cc5cfae864b179848f043e2b100c6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 9 Nov 2018 15:12:21 -0500
-Subject: [PATCH] Become FIPS-aware (with 3DES)
+Subject: [PATCH] krb5-1.17 Become FIPS-aware
 
 A lot of the FIPS error conditions from OpenSSL are incredibly
 mysterious (at best, things return NULL unexpectedly; at worst,

krb5-1.17-FIPS-aware-SPAKE-group-negotiation.patch

@@ -1,7 +1,7 @@
-From 59269fca96168aa89dc32834d188a54eea8953ac Mon Sep 17 00:00:00 2001
+From e039796a0fbefac03a3fd888aef7d192e7c1437e Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Mon, 1 Apr 2019 13:13:09 -0400
-Subject: [PATCH] FIPS-aware SPAKE group negotiation
+Subject: [PATCH] krb5-1.17 FIPS-aware SPAKE group negotiation
 
 ---
  src/plugins/preauth/spake/groups.c | 8 ++++++++

krb5-1.17-In-FIPS-mode-add-plaintext-fallback-for-RC.patch

@@ -1,7 +1,8 @@
-From 1382f982a18aec4bc14780b175638d44969ac1d2 Mon Sep 17 00:00:00 2001
+From 105bd2c8be23ab94ba6e0601ee8e531f013389d6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 31 Jul 2018 13:47:26 -0400
-Subject: [PATCH] In FIPS mode, add plaintext fallback for RC4 usages and taint
+Subject: [PATCH] krb5-1.17 In FIPS mode, add plaintext fallback for RC4 usages
+ and taint
 
 ---
  src/lib/krad/attr.c      | 45 +++++++++++++++++++++++++++++-----------

krb5-1.17-Use-openssl-s-PRNG-in-FIPS-mode.patch

@@ -1,7 +1,7 @@
-From 9724b7f409410a7c3cc0330089009d7b9aa92ae6 Mon Sep 17 00:00:00 2001
+From e307112cfcc52474d07eac890825303655ef8b6f Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 4 Jan 2019 17:00:15 -0500
-Subject: [PATCH] Use openssl's PRNG in FIPS mode
+Subject: [PATCH] krb5-1.17 Use openssl's PRNG in FIPS mode
 
 ---
  src/lib/crypto/krb/prng.c | 11 ++++++++++-

krb5-1.3.1-dns.patch

@@ -1,4 +1,4 @@
-From 40259729fa4fbec2b22e9ca8043202ac914cca24 Mon Sep 17 00:00:00 2001
+From 64c9cb22ec6d7ecdeafaf60bfc8d26780d2cb4ad Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:46:21 -0400
 Subject: [PATCH] krb5-1.3.1-dns.patch

krb5-1.9-debuginfo.patch

@@ -1,4 +1,4 @@
-From d6758af31afecc3835043a8e599302f372fcef82 Mon Sep 17 00:00:00 2001
+From 8ee5efa6aec5d02e25081b6dc809cef668ce45ea Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:49:25 -0400
 Subject: [PATCH] krb5-1.9-debuginfo.patch

krb5.spec

@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.17
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz
@@ -52,7 +52,6 @@ Source100: noport.c
 Patch26: krb5-1.12.1-pam.patch
 Patch27: krb5-1.17-beta1-selinux-label.patch
 Patch28: krb5-1.12-ksu-path.patch
-Patch29: krb5-1.12-ktany.patch
 Patch30: krb5-1.15-beta1-buildconf.patch
 Patch31: krb5-1.3.1-dns.patch
 Patch32: krb5-1.12-api.patch
@@ -60,10 +59,10 @@ Patch33: krb5-1.13-dirsrv-accountlock.patch
 Patch34: krb5-1.9-debuginfo.patch
 Patch35: krb5-1.11-run_user_0.patch
 Patch36: krb5-1.11-kpasswdtest.patch
-Patch89: In-FIPS-mode-add-plaintext-fallback-for-RC4-usages-a.patch
+Patch37: krb5-1.17-In-FIPS-mode-add-plaintext-fallback-for-RC.patch
 Patch90: Add-tests-for-KCM-ccache-type.patch
 Patch92: Address-some-optimized-out-memset-calls.patch
-Patch93: Use-openssl-s-PRNG-in-FIPS-mode.patch
+Patch93: krb5-1.17-Use-openssl-s-PRNG-in-FIPS-mode.patch
 Patch94: Avoid-allocating-a-register-in-zap-assembly.patch
 Patch95: In-rd_req_dec-always-log-non-permitted-enctypes.patch
 Patch96: In-kpropd-debug-log-proper-ticket-enctype-names.patch
@@ -72,10 +71,15 @@ Patch98: Make-etype-names-in-KDC-logs-human-readable.patch
 Patch99: Mark-deprecated-enctypes-when-used.patch
 Patch100: Properly-size-ifdef-in-k5_cccol_lock.patch
 Patch101: Fix-memory-leak-in-none-replay-cache-type.patch
-Patch102: Become-FIPS-aware-with-3DES.patch
-Patch103: FIPS-aware-SPAKE-group-negotiation.patch
+Patch102: krb5-1.17-Become-FIPS-aware.patch
+Patch103: krb5-1.17-FIPS-aware-SPAKE-group-negotiation.patch
 Patch104: Clarify-header-comment-for-krb5_cc_start_seq_get.patch
 Patch105: Implement-krb5_cc_remove_cred-for-remaining-types.patch
+Patch106: Remove-srvtab-support.patch
+Patch107: Remove-kadmin-RPC-support-for-setting-v4-key.patch
+Patch108: Remove-ccapi-related-comments-in-configure.ac.patch
+Patch109: Remove-doxygen-generated-HTML-output-for-ccapi.patch
+Patch110: Remove-Kerberos-v4-support-vestiges-from-ccapi.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -255,9 +259,6 @@ interface is not considered stable.
 %autosetup -S git -n %{name}-%{version}%{prerelease} -a 3
 ln NOTICE LICENSE
 
-# Take the execute bit off of documentation.
-chmod -x doc/ccapi/*.html
-
 # Generate an FDS-compatible LDIF file.
 inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
 cat > '60kerberos.ldif' << EOF
@@ -715,6 +716,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Thu Apr 11 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-9
+- Remove Kerberos v4 support vestiges (including ktany support)
+
 * Thu Apr 11 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-8
 - Implement krb5_cc_remove_cred for remaining types
 - Resolves: #1693836