New upstream version (1.19.1)

Add-APIs-for-marshalling-credentials.patch

@@ -1,4 +1,4 @@
-From 057b45609fa457f2247df93b163f31723fd18077 Mon Sep 17 00:00:00 2001
+From 4505316756e42db02b6dabe0a6b075fe52852371 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 14 Jan 2021 18:13:09 -0500
 Subject: [PATCH] Add APIs for marshalling credentials
@@ -187,7 +187,7 @@ index bd0284afa..96e0931a2 100644
          t = &tests[version - 1];
  
 diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
-index 72652f2ce..9de0fcdb3 100644
+index 2d9d56530..adbfa332b 100644
 --- a/src/lib/krb5/libkrb5.exports
 +++ b/src/lib/krb5/libkrb5.exports
 @@ -489,6 +489,7 @@ krb5_lock_file
@@ -198,7 +198,7 @@ index 72652f2ce..9de0fcdb3 100644
  krb5_mcc_ops
  krb5_merge_authdata
  krb5_mk_1cred
-@@ -591,6 +592,7 @@ krb5_timeofday
+@@ -592,6 +593,7 @@ krb5_timeofday
  krb5_timestamp_to_sfstring
  krb5_timestamp_to_string
  krb5_unlock_file

Add-hostname-canonicalization-helper-to-k5test.py.patch

@@ -1,4 +1,4 @@
-From 1d7b365e670f19beae319fde2abf1de0601a2a34 Mon Sep 17 00:00:00 2001
+From d898d94cef8e1a8772a91cd3a62255c33f109636 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 15 Jan 2021 14:43:34 -0500
 Subject: [PATCH] Add hostname canonicalization helper to k5test.py

Restore-krb5_set_default_tgs_ktypes.patch

@@ -1,54 +0,0 @@
-From faa975dd74df535960bf8f82990f352d022a12a5 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 12 Feb 2021 15:11:25 -0500
-Subject: [PATCH] Restore krb5_set_default_tgs_ktypes()
-
-Samba only uses the correct name (krb5_set_default_tgs_enctypes) if it
-cannot find the old one in the library, so removing the name causes a
-linker error for existing builds.
-
-(cherry picked from commit 17ee97788611f8f8f4a6bd69968a9499f4db2215)
-
-ticket: 8985
-version_fixed: 1.19.1
-
-(cherry picked from commit 3e36b25712d940a8e325abc407143634365b51d0)
----
- src/lib/krb5/krb/init_ctx.c  | 11 +++++++++++
- src/lib/krb5/libkrb5.exports |  1 +
- 2 files changed, 12 insertions(+)
-
-diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
-index d2b70acad..bfa99d9eb 100644
---- a/src/lib/krb5/krb/init_ctx.c
-+++ b/src/lib/krb5/krb/init_ctx.c
-@@ -375,6 +375,17 @@ krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype *etypes)
-     return 0;
- }
- 
-+/* Old name for above function.  This is not a public API, but Samba (as of
-+ * 2021-02-12) uses this name if it finds it in the library. */
-+krb5_error_code
-+krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes);
-+
-+krb5_error_code
-+krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes)
-+{
-+    return krb5_set_default_tgs_enctypes(context, etypes);
-+}
-+
- /*
-  * Add etype to, or remove etype from, the zero-terminated list *list_ptr,
-  * reallocating if the list size changes.  Filter out weak enctypes if
-diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
-index 25141dfc5..df6e2ffbe 100644
---- a/src/lib/krb5/libkrb5.exports
-+++ b/src/lib/krb5/libkrb5.exports
-@@ -567,6 +567,7 @@ krb5_set_config_files
- krb5_set_debugging_time
- krb5_set_default_realm
- krb5_set_default_tgs_enctypes
-+krb5_set_default_tgs_ktypes
- krb5_set_error_message
- krb5_set_password
- krb5_set_password_using_ccache

Support-host-based-GSS-initiator-names.patch

@@ -1,4 +1,4 @@
-From c1df10d60512e1697ef18b343c237c6a96baf62c Mon Sep 17 00:00:00 2001
+From 8c57937f3ca793fe3f8fdd636be0bc11c24069bc Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 15 Jan 2021 13:51:34 -0500
 Subject: [PATCH] Support host-based GSS initiator names
@@ -418,7 +418,7 @@ index 8f5872116..760216d05 100644
  
  /* Store the error state for code from context into errsave, but only if code
 diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
-index 9de0fcdb3..25141dfc5 100644
+index adbfa332b..df6e2ffbe 100644
 --- a/src/lib/krb5/libkrb5.exports
 +++ b/src/lib/krb5/libkrb5.exports
 @@ -181,6 +181,7 @@ k5_size_authdata_context

downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch

@@ -1,4 +1,4 @@
-From b57c3a8fbeb0e83c9faa63ac49c5ed58971aa934 Mon Sep 17 00:00:00 2001
+From 4a62aeae7b747cd289548949f940525365fe0947 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 9 Nov 2018 15:12:21 -0500
 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
@@ -39,7 +39,7 @@ Last-updated: krb5-1.17
  15 files changed, 151 insertions(+), 33 deletions(-)
 
 diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
-index cb17a8485..29ddca3a4 100644
+index 675175955..adba8238d 100644
 --- a/doc/admin/conf_files/krb5_conf.rst
 +++ b/doc/admin/conf_files/krb5_conf.rst
 @@ -330,6 +330,12 @@ The libdefaults section may contain any of the following relations:

downstream-Remove-3des-support.patch

@@ -1,4 +1,4 @@
-From 5ff60c965583977ee4a4f98555973f9920fc79cd Mon Sep 17 00:00:00 2001
+From fef4e551d3d2dcb55e58cc182304254c36aa8949 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 26 Mar 2019 18:51:10 -0400
 Subject: [PATCH] [downstream] Remove 3des support
@@ -5625,7 +5625,7 @@ index 2925c1c43..2f76c8b43 100644
      if { ! [cmd {kadm5_destroy $server_handle}]} {
  	perror "$test: unexpected failure in destroy"
 diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
-index be31eb31e..d2b70acad 100644
+index aa35baa3c..bfa99d9eb 100644
 --- a/src/lib/krb5/krb/init_ctx.c
 +++ b/src/lib/krb5/krb/init_ctx.c
 @@ -59,7 +59,6 @@
@@ -5636,7 +5636,7 @@ index be31eb31e..d2b70acad 100644
      ENCTYPE_ARCFOUR_HMAC,
      ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC,
      0
-@@ -456,8 +455,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey,
+@@ -467,8 +466,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey,
              /* Set all enctypes in the default list. */
              for (i = 0; default_list[i]; i++)
                  mod_list(default_list[i], sel, weak, &list);
@@ -5818,10 +5818,10 @@ index 77d5c61fe..1f9868351 100644
   * this functions takes in crypto specific representation of
   * trustedCertifiers and creates a list of
 diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-index d7d1593f4..0a67c44ef 100644
+index e5940a513..e1153344e 100644
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -5488,44 +5488,6 @@ cleanup:
+@@ -5486,44 +5486,6 @@ cleanup:
      return retval;
  }
  

downstream-SELinux-integration.patch

@@ -1,4 +1,4 @@
-From 99e57d4cbf0eb060162b7038d6e7b202d2716784 Mon Sep 17 00:00:00 2001
+From e787771b618a344d45ac515927e914602f48946f Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:30:53 -0400
 Subject: [PATCH] [downstream] SELinux integration
@@ -131,7 +131,7 @@ index ca9fcf664..5afb96e58 100644
 +AC_SUBST(SELINUX_LIBS)
 +])dnl
 diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
-index 9f96a8719..120922ac3 100755
+index dead0dddc..fef3e054f 100755
 --- a/src/build-tools/krb5-config.in
 +++ b/src/build-tools/krb5-config.in
 @@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
@@ -142,7 +142,7 @@ index 9f96a8719..120922ac3 100755
  
  LIBS='@LIBS@'
  GEN_LIB=@GEN_LIB@
-@@ -255,7 +256,7 @@ if test -n "$do_libs"; then
+@@ -254,7 +255,7 @@ if test -n "$do_libs"; then
      fi
  
      # If we ever support a flag to generate output suitable for static
@@ -253,7 +253,7 @@ index 045334a08..db80063eb 100644
  
  #include <stdlib.h>
 diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
-index ff2f25050..e3457622a 100644
+index 634ba4a8b..cea7939f4 100644
 --- a/src/kadmin/dbutil/dump.c
 +++ b/src/kadmin/dbutil/dump.c
 @@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname)
@@ -288,7 +288,7 @@ index ff2f25050..e3457622a 100644
          com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
          goto cleanup;
 diff --git a/src/kdc/main.c b/src/kdc/main.c
-index 27aa10da0..b5916b147 100644
+index 3be6dcb07..24d441e16 100644
 --- a/src/kdc/main.c
 +++ b/src/kdc/main.c
 @@ -872,7 +872,7 @@ write_pid_file(const char *path)
@@ -301,7 +301,7 @@ index 27aa10da0..b5916b147 100644
          return errno;
      pid = (unsigned long) getpid();
 diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c
-index 874ba1305..9d6378cc0 100644
+index 498ca599a..c6b8efc28 100644
 --- a/src/kprop/kpropd.c
 +++ b/src/kprop/kpropd.c
 @@ -487,6 +487,9 @@ doit(int fd)

downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch

@@ -1,4 +1,4 @@
-From 387ae61e2b6384eba692e777cc1bcc3d34bfa8c6 Mon Sep 17 00:00:00 2001
+From 687bb26cb0877fa5497e90f7d325de42b456da2a Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 15 Nov 2019 20:05:16 +0000
 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF
@@ -441,7 +441,7 @@ index 6707a7308..915a173dd 100644
          return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant,
                                           &empty);
 diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-index 0a67c44ef..dbb054378 100644
+index e1153344e..911e74fd9 100644
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 @@ -38,6 +38,13 @@

downstream-fix-debuginfo-with-y.tab.c.patch

@@ -1,4 +1,4 @@
-From 83899829c5e26b98f0c9d124d1e56e7b84c75c02 Mon Sep 17 00:00:00 2001
+From d5ea86ef491feb38f12e6aa53b7579ac02675df6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:49:25 -0400
 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c

downstream-ksu-pam-integration.patch

@@ -1,4 +1,4 @@
-From 07d19a2c4f369a7a524c919c5a453e702967b530 Mon Sep 17 00:00:00 2001
+From 90ba715be48c2e1b6c7ca53cb1d75f3af2c388d6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:29:58 -0400
 Subject: [PATCH] [downstream] ksu pam integration

downstream-netlib-and-dns.patch

@@ -1,4 +1,4 @@
-From ea8156d348a533cc4418903ee351121366872c17 Mon Sep 17 00:00:00 2001
+From ad123366e5fb2694cf6d9f4f292a001a761b78fa Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:46:21 -0400
 Subject: [PATCH] [downstream] netlib and dns

krb5.spec

@@ -41,8 +41,8 @@
 
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.19
-Release: %{?zdpd}3%{?dist}
+Version: 1.19.1
+Release: %{?zdpd}1%{?dist}
 
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@@ -73,7 +73,6 @@ Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
 Patch8: Add-APIs-for-marshalling-credentials.patch
 Patch9: Add-hostname-canonicalization-helper-to-k5test.py.patch
 Patch10: Support-host-based-GSS-initiator-names.patch
-Patch11: Restore-krb5_set_default_tgs_ktypes.patch
 
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@@ -632,6 +631,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Thu Feb 18 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-1
+- New upstream version (1.19.1)
+
 * Wed Feb 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19-3
 - Restore krb5_set_default_tgs_ktypes()