diff --git a/.gitignore b/.gitignore index 591c859..01d1000 100644 --- a/.gitignore +++ b/.gitignore @@ -195,3 +195,5 @@ krb5-1.8.3-pdf.tar.gz /krb5-1.19-beta2.tar.gz.asc /krb5-1.19.tar.gz /krb5-1.19.tar.gz.asc +/krb5-1.19.1.tar.gz +/krb5-1.19.1.tar.gz.asc diff --git a/Add-APIs-for-marshalling-credentials.patch b/Add-APIs-for-marshalling-credentials.patch index 4c963d3..105f358 100644 --- a/Add-APIs-for-marshalling-credentials.patch +++ b/Add-APIs-for-marshalling-credentials.patch @@ -1,4 +1,4 @@ -From 057b45609fa457f2247df93b163f31723fd18077 Mon Sep 17 00:00:00 2001 +From 4505316756e42db02b6dabe0a6b075fe52852371 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 Jan 2021 18:13:09 -0500 Subject: [PATCH] Add APIs for marshalling credentials @@ -187,7 +187,7 @@ index bd0284afa..96e0931a2 100644 t = &tests[version - 1]; diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports -index 72652f2ce..9de0fcdb3 100644 +index 2d9d56530..adbfa332b 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -489,6 +489,7 @@ krb5_lock_file @@ -198,7 +198,7 @@ index 72652f2ce..9de0fcdb3 100644 krb5_mcc_ops krb5_merge_authdata krb5_mk_1cred -@@ -591,6 +592,7 @@ krb5_timeofday +@@ -592,6 +593,7 @@ krb5_timeofday krb5_timestamp_to_sfstring krb5_timestamp_to_string krb5_unlock_file diff --git a/Add-hostname-canonicalization-helper-to-k5test.py.patch b/Add-hostname-canonicalization-helper-to-k5test.py.patch index 83697cd..501984f 100644 --- a/Add-hostname-canonicalization-helper-to-k5test.py.patch +++ b/Add-hostname-canonicalization-helper-to-k5test.py.patch @@ -1,4 +1,4 @@ -From 1d7b365e670f19beae319fde2abf1de0601a2a34 Mon Sep 17 00:00:00 2001 +From d898d94cef8e1a8772a91cd3a62255c33f109636 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 14:43:34 -0500 Subject: [PATCH] Add hostname canonicalization helper to k5test.py diff --git a/Support-host-based-GSS-initiator-names.patch b/Support-host-based-GSS-initiator-names.patch index a9ca98d..ebcae16 100644 --- a/Support-host-based-GSS-initiator-names.patch +++ b/Support-host-based-GSS-initiator-names.patch @@ -1,4 +1,4 @@ -From c1df10d60512e1697ef18b343c237c6a96baf62c Mon Sep 17 00:00:00 2001 +From 8c57937f3ca793fe3f8fdd636be0bc11c24069bc Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 13:51:34 -0500 Subject: [PATCH] Support host-based GSS initiator names @@ -418,7 +418,7 @@ index 8f5872116..760216d05 100644 /* Store the error state for code from context into errsave, but only if code diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports -index 9de0fcdb3..25141dfc5 100644 +index adbfa332b..df6e2ffbe 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -181,6 +181,7 @@ k5_size_authdata_context diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index ed61cf0..047a59e 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From b57c3a8fbeb0e83c9faa63ac49c5ed58971aa934 Mon Sep 17 00:00:00 2001 +From 4a62aeae7b747cd289548949f940525365fe0947 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 @@ -39,7 +39,7 @@ Last-updated: krb5-1.17 15 files changed, 151 insertions(+), 33 deletions(-) diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst -index cb17a8485..29ddca3a4 100644 +index 675175955..adba8238d 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -330,6 +330,12 @@ The libdefaults section may contain any of the following relations: diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index efb79d0..2bc2479 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -1,4 +1,4 @@ -From 5ff60c965583977ee4a4f98555973f9920fc79cd Mon Sep 17 00:00:00 2001 +From fef4e551d3d2dcb55e58cc182304254c36aa8949 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support @@ -5625,7 +5625,7 @@ index 2925c1c43..2f76c8b43 100644 if { ! [cmd {kadm5_destroy $server_handle}]} { perror "$test: unexpected failure in destroy" diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c -index be31eb31e..d2b70acad 100644 +index aa35baa3c..bfa99d9eb 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -59,7 +59,6 @@ @@ -5636,7 +5636,7 @@ index be31eb31e..d2b70acad 100644 ENCTYPE_ARCFOUR_HMAC, ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, 0 -@@ -456,8 +455,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, +@@ -467,8 +466,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, /* Set all enctypes in the default list. */ for (i = 0; default_list[i]; i++) mod_list(default_list[i], sel, weak, &list); @@ -5818,10 +5818,10 @@ index 77d5c61fe..1f9868351 100644 * this functions takes in crypto specific representation of * trustedCertifiers and creates a list of diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index d7d1593f4..0a67c44ef 100644 +index e5940a513..e1153344e 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -@@ -5488,44 +5488,6 @@ cleanup: +@@ -5486,44 +5486,6 @@ cleanup: return retval; } diff --git a/downstream-SELinux-integration.patch b/downstream-SELinux-integration.patch index d68bd92..0ba8b6c 100644 --- a/downstream-SELinux-integration.patch +++ b/downstream-SELinux-integration.patch @@ -1,4 +1,4 @@ -From 99e57d4cbf0eb060162b7038d6e7b202d2716784 Mon Sep 17 00:00:00 2001 +From e787771b618a344d45ac515927e914602f48946f Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:30:53 -0400 Subject: [PATCH] [downstream] SELinux integration @@ -131,7 +131,7 @@ index ca9fcf664..5afb96e58 100644 +AC_SUBST(SELINUX_LIBS) +])dnl diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index 9f96a8719..120922ac3 100755 +index dead0dddc..fef3e054f 100755 --- a/src/build-tools/krb5-config.in +++ b/src/build-tools/krb5-config.in @@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' @@ -142,7 +142,7 @@ index 9f96a8719..120922ac3 100755 LIBS='@LIBS@' GEN_LIB=@GEN_LIB@ -@@ -255,7 +256,7 @@ if test -n "$do_libs"; then +@@ -254,7 +255,7 @@ if test -n "$do_libs"; then fi # If we ever support a flag to generate output suitable for static @@ -253,7 +253,7 @@ index 045334a08..db80063eb 100644 #include diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c -index ff2f25050..e3457622a 100644 +index 634ba4a8b..cea7939f4 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname) @@ -288,7 +288,7 @@ index ff2f25050..e3457622a 100644 com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); goto cleanup; diff --git a/src/kdc/main.c b/src/kdc/main.c -index 27aa10da0..b5916b147 100644 +index 3be6dcb07..24d441e16 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -872,7 +872,7 @@ write_pid_file(const char *path) @@ -301,7 +301,7 @@ index 27aa10da0..b5916b147 100644 return errno; pid = (unsigned long) getpid(); diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c -index 874ba1305..9d6378cc0 100644 +index 498ca599a..c6b8efc28 100644 --- a/src/kprop/kpropd.c +++ b/src/kprop/kpropd.c @@ -487,6 +487,9 @@ doit(int fd) diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch index 9ba0821..84551d1 100644 --- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch +++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch @@ -1,4 +1,4 @@ -From 387ae61e2b6384eba692e777cc1bcc3d34bfa8c6 Mon Sep 17 00:00:00 2001 +From 687bb26cb0877fa5497e90f7d325de42b456da2a Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF @@ -441,7 +441,7 @@ index 6707a7308..915a173dd 100644 return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, &empty); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index 0a67c44ef..dbb054378 100644 +index e1153344e..911e74fd9 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -38,6 +38,13 @@ diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch index d40aef7..172a093 100644 --- a/downstream-fix-debuginfo-with-y.tab.c.patch +++ b/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,4 +1,4 @@ -From 83899829c5e26b98f0c9d124d1e56e7b84c75c02 Mon Sep 17 00:00:00 2001 +From d5ea86ef491feb38f12e6aa53b7579ac02675df6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c diff --git a/downstream-ksu-pam-integration.patch b/downstream-ksu-pam-integration.patch index 7da5ccf..7490bf2 100644 --- a/downstream-ksu-pam-integration.patch +++ b/downstream-ksu-pam-integration.patch @@ -1,4 +1,4 @@ -From 07d19a2c4f369a7a524c919c5a453e702967b530 Mon Sep 17 00:00:00 2001 +From 90ba715be48c2e1b6c7ca53cb1d75f3af2c388d6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:29:58 -0400 Subject: [PATCH] [downstream] ksu pam integration diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch index 7b17912..de4f9bf 100644 --- a/downstream-netlib-and-dns.patch +++ b/downstream-netlib-and-dns.patch @@ -1,4 +1,4 @@ -From ea8156d348a533cc4418903ee351121366872c17 Mon Sep 17 00:00:00 2001 +From ad123366e5fb2694cf6d9f4f292a001a761b78fa Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] [downstream] netlib and dns diff --git a/krb5.spec b/krb5.spec index f61e44a..a3454d6 100644 --- a/krb5.spec +++ b/krb5.spec @@ -41,8 +41,8 @@ Summary: The Kerberos network authentication system Name: krb5 -Version: 1.19 -Release: %{?zdpd}2%{?dist} +Version: 1.19.1 +Release: %{?zdpd}1%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz @@ -284,18 +284,22 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`" --with-prng-alg=os \ --with-lmdb \ || (cat config.log; exit 1) -# Build fast, but get better errors if we fail -make %{?_smp_mflags} || make -j1 -popd # Sanity check the KDC_RUN_DIR. -configured_dir=`grep KDC_RUN_DIR src/include/osconf.h | awk '{print $NF}'` +pushd include +make osconf.h +popd +configured_dir=`grep KDC_RUN_DIR include/osconf.h | awk '{print $NF}'` configured_dir=`eval echo $configured_dir` if test "$configured_dir" != /run/krb5kdc ; then echo Failed to configure KDC_RUN_DIR. exit 1 fi +# Build fast, but get better errors if we fail +make %{?_smp_mflags} || make -j1 +popd + # Build the docs. make -C src/doc paths.py version.py cp src/doc/paths.py doc/ @@ -627,6 +631,12 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Thu Feb 18 2021 Robbie Harwood - 1.19.1-1 +- New upstream version (1.19.1) + +* Wed Feb 17 2021 Robbie Harwood - 1.19-3 +- Restore krb5_set_default_tgs_ktypes() + * Fri Feb 05 2021 Robbie Harwood - 1.19-2 - No code change; just coping with reverted autoconf diff --git a/sources b/sources index dec9e28..e74f7db 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (krb5-1.19.tar.gz) = 99d4e75ff69bffc85698177b48ca430a7a9f077c3b6c4a422ed410b264f9a762a97db5d7e0764812e2530975f1c6c12031a5dabea1154bc01a26470e3ea960a9 -SHA512 (krb5-1.19.tar.gz.asc) = b5ee91d91f4fd727cdc61502753d679e9a87361b4c6f5db377ddf9fa1ae42447b8f46fc1c271e2253e88fb96a84fda88393003195076c16eb90506c1d7df731e +SHA512 (krb5-1.19.1.tar.gz) = 36bf33802119ada4650a8f69f1daca95aaf882dc96bfa7061f0340a5decd588c31fc10108ddadf1042934e0e2c3bbd975deec565b0a7f0fc2baf8b8cc6d97491 +SHA512 (krb5-1.19.1.tar.gz.asc) = 078924730ce441630b4ac553a76ba0ebacb09b67dd057a53e3cf42185dd80bf423e875bddd306e4e91873797a9c013a7b0cae66134976abdea2c9752028e66c7