- update to 1.8.3

- drop backports of fixes for gss context expiration and error table
    registration/deregistration mismatch
  - drop patch for upstream #6750

.gitignore

@@ -41,3 +41,6 @@ krb5-1.8.1.tar.gz.asc
 krb5-1.8.1-pdf.tar.gz
 krb5-1.8.2.tar.gz.asc
 krb5-1.8.2-pdf.tar.gz
+krb5-1.8.3.tar.gz
+krb5-1.8.3.tar.gz.asc
+krb5-1.8.3-pdf.tar.gz

krb5-1-8-gss-noexp.patch

@@ -1,138 +0,0 @@
-Pending change to not fail wrap/unwrap/seal/unseal after the ticket
-that was used for authentication expires.
-
-Index: src/lib/gssapi/krb5/k5sealiov.c
-===================================================================
---- src/lib/gssapi/krb5/k5sealiov.c	(revision 24129)
-+++ src/lib/gssapi/krb5/k5sealiov.c	(revision 24130)
-@@ -279,7 +279,6 @@
- {
-     krb5_gss_ctx_id_rec *ctx;
-     krb5_error_code code;
--    krb5_timestamp now;
-     krb5_context context;
- 
-     if (qop_req != 0) {
-@@ -298,19 +297,12 @@
-         return GSS_S_NO_CONTEXT;
-     }
- 
--    context = ctx->k5_context;
--    code = krb5_timeofday(context, &now);
--    if (code != 0) {
--        *minor_status = code;
--        save_error_info(*minor_status, context);
--        return GSS_S_FAILURE;
--    }
--
-     if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) {
-         /* may be more sensible to return an error here */
-         conf_req_flag = FALSE;
-     }
- 
-+    context = ctx->k5_context;
-     switch (ctx->proto) {
-     case 0:
-         code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
-@@ -333,7 +325,7 @@
- 
-     *minor_status = 0;
- 
--    return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
-+    return GSS_S_COMPLETE;
- }
- 
- #define INIT_IOV_DATA(_iov)     do { (_iov)->buffer.value = NULL;       \
-Index: src/lib/gssapi/krb5/k5unsealiov.c
-===================================================================
---- src/lib/gssapi/krb5/k5unsealiov.c	(revision 24129)
-+++ src/lib/gssapi/krb5/k5unsealiov.c	(revision 24130)
-@@ -52,7 +52,6 @@
-     int signalg;
-     krb5_checksum cksum;
-     krb5_checksum md5cksum;
--    krb5_timestamp now;
-     size_t cksum_len = 0;
-     size_t conflen = 0;
-     int direction;
-@@ -280,19 +279,6 @@
-     if (qop_state != NULL)
-         *qop_state = GSS_C_QOP_DEFAULT;
- 
--    code = krb5_timeofday(context, &now);
--    if (code != 0) {
--        *minor_status = code;
--        retval = GSS_S_FAILURE;
--        goto cleanup;
--    }
--
--    if (now > ctx->krb_times.endtime) {
--        *minor_status = 0;
--        retval = GSS_S_CONTEXT_EXPIRED;
--        goto cleanup;
--    }
--
-     if ((ctx->initiate && direction != 0xff) ||
-         (!ctx->initiate && direction != 0)) {
-         *minor_status = (OM_uint32)G_BAD_DIRECTION;
-Index: src/lib/gssapi/krb5/k5seal.c
-===================================================================
---- src/lib/gssapi/krb5/k5seal.c	(revision 24129)
-+++ src/lib/gssapi/krb5/k5seal.c	(revision 24130)
-@@ -328,7 +328,6 @@
- {
-     krb5_gss_ctx_id_rec *ctx;
-     krb5_error_code code;
--    krb5_timestamp now;
-     krb5_context context;
- 
-     output_message_buffer->length = 0;
-@@ -359,12 +358,6 @@
-     }
- 
-     context = ctx->k5_context;
--    if ((code = krb5_timeofday(context, &now))) {
--        *minor_status = code;
--        save_error_info(*minor_status, context);
--        return(GSS_S_FAILURE);
--    }
--
-     switch (ctx->proto)
-     {
-     case 0:
-@@ -396,5 +389,5 @@
-         *conf_state = conf_req_flag;
- 
-     *minor_status = 0;
--    return((ctx->krb_times.endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
-+    return(GSS_S_COMPLETE);
- }
-Index: src/lib/gssapi/krb5/k5unseal.c
-===================================================================
---- src/lib/gssapi/krb5/k5unseal.c	(revision 24129)
-+++ src/lib/gssapi/krb5/k5unseal.c	(revision 24130)
-@@ -79,7 +79,6 @@
-     krb5_checksum md5cksum;
-     krb5_data plaind;
-     char *data_ptr;
--    krb5_timestamp now;
-     unsigned char *plain;
-     unsigned int cksum_len = 0;
-     size_t plainlen;
-@@ -441,16 +440,6 @@
-     if (qop_state)
-         *qop_state = GSS_C_QOP_DEFAULT;
- 
--    if ((code = krb5_timeofday(context, &now))) {
--        *minor_status = code;
--        return(GSS_S_FAILURE);
--    }
--
--    if (now > ctx->krb_times.endtime) {
--        *minor_status = 0;
--        return(GSS_S_CONTEXT_EXPIRED);
--    }
--
-     /* do sequencing checks */
- 
-     if ((ctx->initiate && direction != 0xff) ||

krb5-1.7.1-24139.patch

@@ -1,12 +0,0 @@
-diff -up krb5-1.7.1/src/lib/gssapi/krb5/gssapi_krb5.c krb5-1.7.1/src/lib/gssapi/krb5/gssapi_krb5.c
---- krb5-1.7.1/src/lib/gssapi/krb5/gssapi_krb5.c	2010-06-21 11:49:23.000000000 -0400
-+++ krb5-1.7.1/src/lib/gssapi/krb5/gssapi_krb5.c	2010-06-21 11:49:25.000000000 -0400
-@@ -725,7 +725,7 @@ int gss_krb5int_lib_init(void)
-     printf("gss_krb5int_lib_init\n");
- #endif
- 
--    add_error_table(&et_ggss_error_table);
-+    add_error_table(&et_k5g_error_table);
- 
- #ifndef LEAN_CLIENT
-     err = k5_mutex_finish_init(&gssint_krb5_keytab_lock);

krb5-1.8.2-getoptP.patch

@@ -1,13 +0,0 @@
-Don't try to parse the pidfile name as a port number.  RT#6750
-
-diff -up krb5/src/kdc/main.c krb5/src/kdc/main.c
---- krb5/src/kdc/main.c	2010-07-07 14:18:30.000000000 -0400
-+++ krb5/src/kdc/main.c	2010-07-07 14:18:32.000000000 -0400
-@@ -728,6 +728,7 @@ initialize_realms(krb5_context kcontext,
-             break;
-         case 'P':
-             pid_file = optarg;
-+            break;
-         case 'p':
-             if (default_udp_ports)
-                 free(default_udp_ports);

krb5.spec

@@ -4,10 +4,10 @@
 
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.8.2
-Release: 3%{?dist}
+Version: 1.8.3
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.3-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@@ -47,9 +47,6 @@ Patch61: krb5-1.8-manpaths.patch
 Patch63: krb5-1.8-selinux-label.patch
 Patch70: krb5-trunk-kpasswd_tcp2.patch
 Patch71: krb5-1.8-dirsrv-accountlock.patch
-Patch72: krb5-1.7.1-24139.patch
-Patch73: krb5-1-8-gss-noexp.patch
-Patch74: krb5-1.8.2-getoptP.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -187,9 +184,6 @@ ln -s NOTICE LICENSE
 %patch59 -p1 -b .kpasswd_tcp
 #%patch70 -p0 -b .kpasswd_tcp2
 %patch71 -p1 -b .dirsrv-accountlock
-%patch72 -p1 -b .24139
-%patch73 -p0 -b .gss-noexp
-%patch74 -p1 -b .getoptP
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -223,7 +217,7 @@ doc/kadm5     api-server-design
 EOF
 
 # Fix the LDIF file.
-if test %{version} != 1.8.2 ; then
+if test %{version} != 1.8.3 ; then
 	# Hopefully this was fixed later.
 	exit 1
 fi
@@ -641,6 +635,12 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Wed Aug  4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-1
+- update to 1.8.3
+  - drop backports of fixes for gss context expiration and error table
+    registration/deregistration mismatch
+  - drop patch for upstream #6750
+
 * Wed Jul  7 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-3
 - tell krb5kdc and kadmind to create pid files, since they can
 - add logrotate configuration files for krb5kdc and kadmind (#462658)

sources

@@ -1,3 +1,3 @@
-ccba1279ff11200f7cefa903578c2f73  krb5-1.8.2.tar.gz
-3adcca83db07d0ff36def494cb9412df  krb5-1.8.2.tar.gz.asc
-2e22c362076db938d654031ea303aac3  krb5-1.8.2-pdf.tar.gz
+1597a1e762f6e0d6fec6fd78638d0f4b  krb5-1.8.3.tar.gz
+7d67d4314ab44e0cca79bc6815db4873  krb5-1.8.3.tar.gz.asc
+7851dd78723161b85399bdaefc3f3054  krb5-1.8.3-pdf.tar.gz