New upstream release (1.18.2)

2020-05-22 14:22:05 -04:00 · 2020-05-22 14:22:05 -04:00 · 102adf5edf
commit 102adf5edf
parent d370e2a431
21 changed files with 29 additions and 57 deletions
--- a/.gitignore
+++ b/.gitignore
@ -185,3 +185,5 @@ krb5-1.8.3-pdf.tar.gz
 /krb5-1.18.tar.gz.asc
 /krb5-1.18.1.tar.gz
 /krb5-1.18.1.tar.gz.asc
 /krb5-1.18.2.tar.gz
 /krb5-1.18.2.tar.gz.asc
--- a/Add-finalization-safety-check-to-com_err.patch
+++ b/Add-finalization-safety-check-to-com_err.patch
@ -1,4 +1,4 @@
-From c7a37d3e87132864ebc44710baf1d50a69682b5c Mon Sep 17 00:00:00 2001
+From 9b28e9bbadb775cf790092bc0b0fe9f6c880d215 Mon Sep 17 00:00:00 2001
 From: Jiri Sasek <Jiri.Sasek@Oracle.COM>
 Date: Fri, 13 Mar 2020 19:02:58 +0100
 Subject: [PATCH] Add finalization safety check to com_err
--- a/Allow-certauth-modules-to-set-hw-authent-flag.patch
+++ b/Allow-certauth-modules-to-set-hw-authent-flag.patch
@ -1,4 +1,4 @@
-From d23b2ed4f06fa77cd021814834dd1391ef6f452f Mon Sep 17 00:00:00 2001
+From 5413039348c612716fb5e33347814b7608778646 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 24 Feb 2020 15:58:59 -0500
 Subject: [PATCH] Allow certauth modules to set hw-authent flag
--- a/Correctly-import-service-GSS-host-based-name.patch
+++ b/Correctly-import-service-GSS-host-based-name.patch
@ -1,4 +1,4 @@
-From dd4364d76925ce1fe21c2ab995554d6af3a2ea12 Mon Sep 17 00:00:00 2001
+From e8c6f76079bac021e30e89e12b547cc73f71ec36 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 30 Mar 2020 15:26:02 -0400
 Subject: [PATCH] Correctly import "service@" GSS host-based name
--- a/Do-expiration-warnings-for-all-init_creds-APIs.patch
+++ b/Do-expiration-warnings-for-all-init_creds-APIs.patch
@ -1,4 +1,4 @@
-From c136cfe050d203c910624573a33247fde2889b09 Mon Sep 17 00:00:00 2001
+From 0083381a1dc008c6a1a437393045f82ec06423f8 Mon Sep 17 00:00:00 2001
 From: Sumit Bose <sbose@redhat.com>
 Date: Fri, 28 Feb 2020 10:11:49 +0100
 Subject: [PATCH] Do expiration warnings for all init_creds APIs
--- a/Eliminate-redundant-PKINIT-responder-invocation.patch
+++ b/Eliminate-redundant-PKINIT-responder-invocation.patch
@ -1,4 +1,4 @@
-From 4a05805eb39ba088c07f782fb52a6538ec3f2db6 Mon Sep 17 00:00:00 2001
+From 43d09ed10d495e78c786f5468455f16a63a99532 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 23 Mar 2020 19:10:03 -0400
 Subject: [PATCH] Eliminate redundant PKINIT responder invocation
--- a/Fix-SPNEGO-acceptor-mech-filtering.patch
+++ b/Fix-SPNEGO-acceptor-mech-filtering.patch
@ -1,32 +0,0 @@
 From b8a19522f0169be3b4a2f539e28c89755cd85d6f Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 21 May 2020 14:15:25 -0400
 Subject: [PATCH] Fix SPNEGO acceptor mech filtering
 Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
 accidentally changed the SPNEGO acceptor code to filter mechanisms by
 the obtainability of initiator credentials rather than acceptor
 credentials, when the default acceptor credential is used.
 ticket: 8908 (new)
 tags: pullup
 target_version: 1.18-next
 (cherry picked from commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d)
 ---
 src/lib/gssapi/spnego/spnego_mech.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
 index 8d36a05e8..255db6e30 100644
 --- a/src/lib/gssapi/spnego/spnego_mech.c
 +++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1379,7 +1379,7 @@ acc_ctx_new(OM_uint32 *minor_status,
 		goto cleanup;
 	}
 -	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
 +	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
 	if (ret != GSS_S_COMPLETE) {
 		*return_token = NO_TOKEN_SEND;
 		goto cleanup;
--- a/Fix-typo-in-in-in-the-ksu-man-page.patch
+++ b/Fix-typo-in-in-in-the-ksu-man-page.patch
@ -1,4 +1,4 @@
-From 5eed1579142640363302f27e41abb354461d3030 Mon Sep 17 00:00:00 2001
+From 8de669742ae4190542741f0dc61119a6a0dad666 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 14 May 2020 15:01:18 -0400
 Subject: [PATCH] Fix typo ("in in") in the ksu man page
@ -23,7 +23,7 @@ index 8d6c7ef79..933738229 100644
 diff --git a/src/man/ksu.man b/src/man/ksu.man
-index 6660e0937..9c8cf75ff 100644
+index 81e34815d..8d4c6a359 100644
 --- a/src/man/ksu.man
 +++ b/src/man/ksu.man
@@ -176,7 +176,7 @@ wrong password is typed in, ksu fails.
--- a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
+++ b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
@ -1,4 +1,4 @@
-From 442f1fa5b2e4034954a51048414cc0863b914379 Mon Sep 17 00:00:00 2001
+From 6d132f1019b2f1b6f54bae25ed0ea9122c87a190 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Wed, 6 May 2020 16:03:13 -0400
 Subject: [PATCH] Omit KDC indicator check for S4U2Self requests
--- a/Pass-gss_localname-through-SPNEGO.patch
+++ b/Pass-gss_localname-through-SPNEGO.patch
@ -1,4 +1,4 @@
-From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001
+From dce745bbdf95ddfa733bc306c57afe5fcab74479 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Sun, 26 Apr 2020 19:55:54 -0400
 Subject: [PATCH] Pass gss_localname() through SPNEGO
@ -30,7 +30,7 @@ index a93763314..066ec736f 100644
 (
 	OM_uint32 *minor_status,
 diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index 8e0c3a348..8d36a05e8 100644
+index ec0bae6a4..594fc5894 100644
 --- a/src/lib/gssapi/spnego/spnego_mech.c
 +++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism =
--- a/Refresh-manually-acquired-creds-from-client-keytab.patch
+++ b/Refresh-manually-acquired-creds-from-client-keytab.patch
@ -1,4 +1,4 @@
-From 685aada9eae420cb5156ca7b71c2c7614c0b6e2c Mon Sep 17 00:00:00 2001
+From 13e085a996ac53484fa308f3ef7a2b66c05ccdfa Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 26 Feb 2020 18:27:17 -0500
 Subject: [PATCH] Refresh manually acquired creds from client keytab
--- a/downstream-Adjust-build-configuration.patch
+++ b/downstream-Adjust-build-configuration.patch
@ -1,4 +1,4 @@
-From 92508996ed4c69fa6f5cf855fdf10f34cfa07ec9 Mon Sep 17 00:00:00 2001
+From 30ece66508c8e10f704cd2860dfd421ebee15897 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:45:26 -0400
 Subject: [PATCH] [downstream] Adjust build configuration
--- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
@ -1,4 +1,4 @@
-From a721df13d09b5fdad32de15e6aa973b732727aa9 Mon Sep 17 00:00:00 2001
+From 15056939ae1e52b9c0b4e0f4ac59772b0d942647 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 9 Nov 2018 15:12:21 -0500
 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
--- a/downstream-Remove-3des-support.patch
+++ b/downstream-Remove-3des-support.patch
@ -1,4 +1,4 @@
-From e9cd83237b54e2f6010a063f523217b0a442ecbf Mon Sep 17 00:00:00 2001
+From c920b585b8400ef44684c673c54264657195f3ce Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 26 Mar 2019 18:51:10 -0400
 Subject: [PATCH] [downstream] Remove 3des support
@ -365,7 +365,7 @@ index 8a4b87de1..d7f1d076b 100644
 +		supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal
 	}
 diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
-index e5898ea63..973976fd9 100644
+index ba0ce0b71..e3352f9cc 100644
 --- a/src/kdc/kdc_util.c
 +++ b/src/kdc/kdc_util.c
@@ -1103,8 +1103,6 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
--- a/downstream-SELinux-integration.patch
+++ b/downstream-SELinux-integration.patch
@ -1,4 +1,4 @@
-From 0f8851a23a7b6fa0e195e01d0475e9e55707adf2 Mon Sep 17 00:00:00 2001
+From f8c70f6190a0573e2aca0b40964cf3b1a73ca8bb Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:30:53 -0400
 Subject: [PATCH] [downstream] SELinux integration
--- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
+++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
@ -1,4 +1,4 @@
-From 3f5875cf859271bca62f07aee6f663787972def9 Mon Sep 17 00:00:00 2001
+From 040dd62418b918adc993b9cc3e1e80fc232286c4 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 15 Nov 2019 20:05:16 +0000
 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF
--- a/downstream-fix-debuginfo-with-y.tab.c.patch
+++ b/downstream-fix-debuginfo-with-y.tab.c.patch
@ -1,4 +1,4 @@
-From f4002f246332695d8ea12ec803139fcac18fbba2 Mon Sep 17 00:00:00 2001
+From c6e103db0eb02c31a13b8cbcbae296c473074991 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:49:25 -0400
 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c
--- a/downstream-ksu-pam-integration.patch
+++ b/downstream-ksu-pam-integration.patch
@ -1,4 +1,4 @@
-From a7322a84657752c886c317a6994a9fc7a4a70ca5 Mon Sep 17 00:00:00 2001
+From 9feb7298b90d3e6a34821fce7315757c0bf81c9e Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:29:58 -0400
 Subject: [PATCH] [downstream] ksu pam integration
--- a/downstream-netlib-and-dns.patch
+++ b/downstream-netlib-and-dns.patch
@ -1,4 +1,4 @@
-From 355dd481511af4d517ee540854f95a6fb12116a9 Mon Sep 17 00:00:00 2001
+From 4254bee1b97edeb0848efce635bcf1b56306f968 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:46:21 -0400
 Subject: [PATCH] [downstream] netlib and dns
--- a/krb5.spec
+++ b/krb5.spec
@ -16,9 +16,9 @@
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.18.1
+Version: 1.18.2
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 6%{?dist}
+Release: 1%{?dist}
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz
@ -59,7 +59,6 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
 Patch17: Pass-gss_localname-through-SPNEGO.patch
 Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
 Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
 Patch20: Fix-SPNEGO-acceptor-mech-filtering.patch
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@ -632,6 +631,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 %changelog
 * Fri May 22 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.2-1
 - New upstream release (1.18.2)
 * Fri May 22 2020 Robbie Harwood <rharwood@redhat.com> - 1.18.1-6
 - Fix SPNEGO acceptor mech filtering
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (krb5-1.18.1.tar.gz) = c96c9ed676c8ccb9b65d17bb1d982c266228c75030a2d8fd5d7952ee8cdf362a22d202e93018d1011a5e7bd9a9fabe69aa1578d1d2e4839a78b9916d8b8019ce
+SHA512 (krb5-1.18.2.tar.gz) = 7cbb1b28e677fea3e0794e93951f3caaa2c49bb1175dd187951e72a466cc69d96c3b833d838000fe911c1a437d96a558e550f27c53a8b332fb9dfc7cbb7ec44c
-SHA512 (krb5-1.18.1.tar.gz.asc) = e7db98b9f053de793763af734a7b8de81702156d12dfeb7295032c2416a43406840960fb8d16efb6cad911c1cb047da1f6fe17c88289aad28983b5d531f47908
+SHA512 (krb5-1.18.2.tar.gz.asc) = 70775a06104b4d792d278da2efa92e94ddacb4ea319bfe2b253f5afcfec27f3bc5ddd12560294a265e3cf3d4fc74bcbfc3f5eeff8634d66c00d67e18dc93a74a
`@ -1,2 +1,2 @@`
	`SHA512 (krb5-1.18.1.tar.gz) = c96c9ed676c8ccb9b65d17bb1d982c266228c75030a2d8fd5d7952ee8cdf362a22d202e93018d1011a5e7bd9a9fabe69aa1578d1d2e4839a78b9916d8b8019ce`	`SHA512 (krb5-1.18.2.tar.gz) = 7cbb1b28e677fea3e0794e93951f3caaa2c49bb1175dd187951e72a466cc69d96c3b833d838000fe911c1a437d96a558e550f27c53a8b332fb9dfc7cbb7ec44c`
	`SHA512 (krb5-1.18.1.tar.gz.asc) = e7db98b9f053de793763af734a7b8de81702156d12dfeb7295032c2416a43406840960fb8d16efb6cad911c1cb047da1f6fe17c88289aad28983b5d531f47908`	`SHA512 (krb5-1.18.2.tar.gz.asc) = 70775a06104b4d792d278da2efa92e94ddacb4ea319bfe2b253f5afcfec27f3bc5ddd12560294a265e3cf3d4fc74bcbfc3f5eeff8634d66c00d67e18dc93a74a`