Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/krb5.git#ab3f34f0e757af2367b8c31b9bd42feae03d0e48
2021-02-18 22:21:10 +00:00 · 2021-02-18 22:21:10 +00:00 · 94bc4ee9cb
parent f7785327ef
commit 94bc4ee9cb
13 changed files with 44 additions and 32 deletions
--- a/.gitignore
+++ b/.gitignore
@ -195,3 +195,5 @@ krb5-1.8.3-pdf.tar.gz
 /krb5-1.19-beta2.tar.gz.asc
 /krb5-1.19.tar.gz
 /krb5-1.19.tar.gz.asc
+/krb5-1.19.1.tar.gz
+/krb5-1.19.1.tar.gz.asc
--- a/Add-APIs-for-marshalling-credentials.patch
+++ b/Add-APIs-for-marshalling-credentials.patch
@ -1,4 +1,4 @@
-From 057b45609fa457f2247df93b163f31723fd18077 Mon Sep 17 00:00:00 2001
+From 4505316756e42db02b6dabe0a6b075fe52852371 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 14 Jan 2021 18:13:09 -0500
 Subject: [PATCH] Add APIs for marshalling credentials
@ -187,7 +187,7 @@ index bd0284afa..96e0931a2 100644
         t = &tests[version - 1];
 
 diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
-index 72652f2ce..9de0fcdb3 100644
+index 2d9d56530..adbfa332b 100644
 --- a/src/lib/krb5/libkrb5.exports
 +++ b/src/lib/krb5/libkrb5.exports
@@ -489,6 +489,7 @@ krb5_lock_file
@ -198,7 +198,7 @@ index 72652f2ce..9de0fcdb3 100644
 krb5_mcc_ops
 krb5_merge_authdata
 krb5_mk_1cred
-@@ -591,6 +592,7 @@ krb5_timeofday
+@@ -592,6 +593,7 @@ krb5_timeofday
 krb5_timestamp_to_sfstring
 krb5_timestamp_to_string
 krb5_unlock_file
--- a/Add-hostname-canonicalization-helper-to-k5test.py.patch
+++ b/Add-hostname-canonicalization-helper-to-k5test.py.patch
@ -1,4 +1,4 @@
-From 1d7b365e670f19beae319fde2abf1de0601a2a34 Mon Sep 17 00:00:00 2001
+From d898d94cef8e1a8772a91cd3a62255c33f109636 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 15 Jan 2021 14:43:34 -0500
 Subject: [PATCH] Add hostname canonicalization helper to k5test.py
--- a/Support-host-based-GSS-initiator-names.patch
+++ b/Support-host-based-GSS-initiator-names.patch
@ -1,4 +1,4 @@
-From c1df10d60512e1697ef18b343c237c6a96baf62c Mon Sep 17 00:00:00 2001
+From 8c57937f3ca793fe3f8fdd636be0bc11c24069bc Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 15 Jan 2021 13:51:34 -0500
 Subject: [PATCH] Support host-based GSS initiator names
@ -418,7 +418,7 @@ index 8f5872116..760216d05 100644
 
 /* Store the error state for code from context into errsave, but only if code
 diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
-index 9de0fcdb3..25141dfc5 100644
+index adbfa332b..df6e2ffbe 100644
 --- a/src/lib/krb5/libkrb5.exports
 +++ b/src/lib/krb5/libkrb5.exports
@@ -181,6 +181,7 @@ k5_size_authdata_context
--- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
@ -1,4 +1,4 @@
-From b57c3a8fbeb0e83c9faa63ac49c5ed58971aa934 Mon Sep 17 00:00:00 2001
+From 4a62aeae7b747cd289548949f940525365fe0947 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 9 Nov 2018 15:12:21 -0500
 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
@ -39,7 +39,7 @@ Last-updated: krb5-1.17
 15 files changed, 151 insertions(+), 33 deletions(-)

 diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
-index cb17a8485..29ddca3a4 100644
+index 675175955..adba8238d 100644
 --- a/doc/admin/conf_files/krb5_conf.rst
 +++ b/doc/admin/conf_files/krb5_conf.rst
@@ -330,6 +330,12 @@ The libdefaults section may contain any of the following relations:
--- a/downstream-Remove-3des-support.patch
+++ b/downstream-Remove-3des-support.patch
@ -1,4 +1,4 @@
-From 5ff60c965583977ee4a4f98555973f9920fc79cd Mon Sep 17 00:00:00 2001
+From fef4e551d3d2dcb55e58cc182304254c36aa8949 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 26 Mar 2019 18:51:10 -0400
 Subject: [PATCH] [downstream] Remove 3des support
@ -5625,7 +5625,7 @@ index 2925c1c43..2f76c8b43 100644
     if { ! [cmd {kadm5_destroy $server_handle}]} {
 	perror "$test: unexpected failure in destroy"
 diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
-index be31eb31e..d2b70acad 100644
+index aa35baa3c..bfa99d9eb 100644
 --- a/src/lib/krb5/krb/init_ctx.c
 +++ b/src/lib/krb5/krb/init_ctx.c
@@ -59,7 +59,6 @@
@ -5636,7 +5636,7 @@ index be31eb31e..d2b70acad 100644
     ENCTYPE_ARCFOUR_HMAC,
     ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC,
     0
-@@ -456,8 +455,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey,
+@@ -467,8 +466,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey,
             /* Set all enctypes in the default list. */
             for (i = 0; default_list[i]; i++)
                 mod_list(default_list[i], sel, weak, &list);
@ -5818,10 +5818,10 @@ index 77d5c61fe..1f9868351 100644
  * this functions takes in crypto specific representation of
  * trustedCertifiers and creates a list of
 diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-index d7d1593f4..0a67c44ef 100644
+index e5940a513..e1153344e 100644
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-@@ -5488,44 +5488,6 @@ cleanup:
+@@ -5486,44 +5486,6 @@ cleanup:
     return retval;
 }
 
--- a/downstream-SELinux-integration.patch
+++ b/downstream-SELinux-integration.patch
@ -1,4 +1,4 @@
-From 99e57d4cbf0eb060162b7038d6e7b202d2716784 Mon Sep 17 00:00:00 2001
+From e787771b618a344d45ac515927e914602f48946f Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:30:53 -0400
 Subject: [PATCH] [downstream] SELinux integration
@ -131,7 +131,7 @@ index ca9fcf664..5afb96e58 100644
 +AC_SUBST(SELINUX_LIBS)
 +])dnl
 diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
-index 9f96a8719..120922ac3 100755
+index dead0dddc..fef3e054f 100755
 --- a/src/build-tools/krb5-config.in
 +++ b/src/build-tools/krb5-config.in
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
@ -142,7 +142,7 @@ index 9f96a8719..120922ac3 100755
 
 LIBS='@LIBS@'
 GEN_LIB=@GEN_LIB@
-@@ -255,7 +256,7 @@ if test -n "$do_libs"; then
+@@ -254,7 +255,7 @@ if test -n "$do_libs"; then
     fi
 
     # If we ever support a flag to generate output suitable for static
@ -253,7 +253,7 @@ index 045334a08..db80063eb 100644
 
 #include <stdlib.h>
 diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
-index ff2f25050..e3457622a 100644
+index 634ba4a8b..cea7939f4 100644
 --- a/src/kadmin/dbutil/dump.c
 +++ b/src/kadmin/dbutil/dump.c
@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname)
@ -288,7 +288,7 @@ index ff2f25050..e3457622a 100644
         com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
         goto cleanup;
 diff --git a/src/kdc/main.c b/src/kdc/main.c
-index 27aa10da0..b5916b147 100644
+index 3be6dcb07..24d441e16 100644
 --- a/src/kdc/main.c
 +++ b/src/kdc/main.c
@@ -872,7 +872,7 @@ write_pid_file(const char *path)
@ -301,7 +301,7 @@ index 27aa10da0..b5916b147 100644
         return errno;
     pid = (unsigned long) getpid();
 diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c
-index 874ba1305..9d6378cc0 100644
+index 498ca599a..c6b8efc28 100644
 --- a/src/kprop/kpropd.c
 +++ b/src/kprop/kpropd.c
@@ -487,6 +487,9 @@ doit(int fd)
--- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
+++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
@ -1,4 +1,4 @@
-From 387ae61e2b6384eba692e777cc1bcc3d34bfa8c6 Mon Sep 17 00:00:00 2001
+From 687bb26cb0877fa5497e90f7d325de42b456da2a Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 15 Nov 2019 20:05:16 +0000
 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF
@ -441,7 +441,7 @@ index 6707a7308..915a173dd 100644
         return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant,
                                          &empty);
 diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
-index 0a67c44ef..dbb054378 100644
+index e1153344e..911e74fd9 100644
 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
 +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -38,6 +38,13 @@
--- a/downstream-fix-debuginfo-with-y.tab.c.patch
+++ b/downstream-fix-debuginfo-with-y.tab.c.patch
@ -1,4 +1,4 @@
-From 83899829c5e26b98f0c9d124d1e56e7b84c75c02 Mon Sep 17 00:00:00 2001
+From d5ea86ef491feb38f12e6aa53b7579ac02675df6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:49:25 -0400
 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c
--- a/downstream-ksu-pam-integration.patch
+++ b/downstream-ksu-pam-integration.patch
@ -1,4 +1,4 @@
-From 07d19a2c4f369a7a524c919c5a453e702967b530 Mon Sep 17 00:00:00 2001
+From 90ba715be48c2e1b6c7ca53cb1d75f3af2c388d6 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:29:58 -0400
 Subject: [PATCH] [downstream] ksu pam integration
--- a/downstream-netlib-and-dns.patch
+++ b/downstream-netlib-and-dns.patch
@ -1,4 +1,4 @@
-From ea8156d348a533cc4418903ee351121366872c17 Mon Sep 17 00:00:00 2001
+From ad123366e5fb2694cf6d9f4f292a001a761b78fa Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:46:21 -0400
 Subject: [PATCH] [downstream] netlib and dns
--- a/krb5.spec
+++ b/krb5.spec
@ -41,8 +41,8 @@

 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.19
-Release: %{?zdpd}2%{?dist}
+Version: 1.19.1
+Release: %{?zdpd}1%{?dist}

 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@ -284,18 +284,22 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
    --with-prng-alg=os \
    --with-lmdb \
    || (cat config.log; exit 1)
-# Build fast, but get better errors if we fail
-make %{?_smp_mflags} || make -j1
-popd

 # Sanity check the KDC_RUN_DIR.
-configured_dir=`grep KDC_RUN_DIR src/include/osconf.h | awk '{print $NF}'`
+pushd include
+make osconf.h
+popd
+configured_dir=`grep KDC_RUN_DIR include/osconf.h | awk '{print $NF}'`
 configured_dir=`eval echo $configured_dir`
 if test "$configured_dir" != /run/krb5kdc ; then
    echo Failed to configure KDC_RUN_DIR.
    exit 1
 fi

+# Build fast, but get better errors if we fail
+make %{?_smp_mflags} || make -j1
+popd
+
 # Build the docs.
 make -C src/doc paths.py version.py
 cp src/doc/paths.py doc/
@ -627,6 +631,12 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*

 %changelog
+* Thu Feb 18 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-1
+- New upstream version (1.19.1)
+
+* Wed Feb 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19-3
+- Restore krb5_set_default_tgs_ktypes()
+
 * Fri Feb 05 2021 Robbie Harwood <rharwood@redhat.com> - 1.19-2
 - No code change; just coping with reverted autoconf

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (krb5-1.19.tar.gz) = 99d4e75ff69bffc85698177b48ca430a7a9f077c3b6c4a422ed410b264f9a762a97db5d7e0764812e2530975f1c6c12031a5dabea1154bc01a26470e3ea960a9
-SHA512 (krb5-1.19.tar.gz.asc) = b5ee91d91f4fd727cdc61502753d679e9a87361b4c6f5db377ddf9fa1ae42447b8f46fc1c271e2253e88fb96a84fda88393003195076c16eb90506c1d7df731e
+SHA512 (krb5-1.19.1.tar.gz) = 36bf33802119ada4650a8f69f1daca95aaf882dc96bfa7061f0340a5decd588c31fc10108ddadf1042934e0e2c3bbd975deec565b0a7f0fc2baf8b8cc6d97491
+SHA512 (krb5-1.19.1.tar.gz.asc) = 078924730ce441630b4ac553a76ba0ebacb09b67dd057a53e3cf42185dd80bf423e875bddd306e4e91873797a9c013a7b0cae66134976abdea2c9752028e66c7