From 94bc4ee9cb8a7b915cdc86afccd2682bdd7839a2 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Thu, 18 Feb 2021 22:21:10 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/krb5.git#ab3f34f0e757af2367b8c31b9bd42feae03d0e48 --- .gitignore | 2 ++ Add-APIs-for-marshalling-credentials.patch | 6 ++--- ...canonicalization-helper-to-k5test.py.patch | 2 +- Support-host-based-GSS-initiator-names.patch | 4 ++-- ...am-FIPS-with-PRNG-and-RADIUS-and-MD4.patch | 4 ++-- downstream-Remove-3des-support.patch | 10 ++++----- downstream-SELinux-integration.patch | 12 +++++----- ...ackported-version-of-OpenSSL-3-KDF-i.patch | 4 ++-- downstream-fix-debuginfo-with-y.tab.c.patch | 2 +- downstream-ksu-pam-integration.patch | 2 +- downstream-netlib-and-dns.patch | 2 +- krb5.spec | 22 ++++++++++++++----- sources | 4 ++-- 13 files changed, 44 insertions(+), 32 deletions(-) diff --git a/.gitignore b/.gitignore index 591c859..01d1000 100644 --- a/.gitignore +++ b/.gitignore @@ -195,3 +195,5 @@ krb5-1.8.3-pdf.tar.gz /krb5-1.19-beta2.tar.gz.asc /krb5-1.19.tar.gz /krb5-1.19.tar.gz.asc +/krb5-1.19.1.tar.gz +/krb5-1.19.1.tar.gz.asc diff --git a/Add-APIs-for-marshalling-credentials.patch b/Add-APIs-for-marshalling-credentials.patch index 4c963d3..105f358 100644 --- a/Add-APIs-for-marshalling-credentials.patch +++ b/Add-APIs-for-marshalling-credentials.patch @@ -1,4 +1,4 @@ -From 057b45609fa457f2247df93b163f31723fd18077 Mon Sep 17 00:00:00 2001 +From 4505316756e42db02b6dabe0a6b075fe52852371 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 Jan 2021 18:13:09 -0500 Subject: [PATCH] Add APIs for marshalling credentials @@ -187,7 +187,7 @@ index bd0284afa..96e0931a2 100644 t = &tests[version - 1]; diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports -index 72652f2ce..9de0fcdb3 100644 +index 2d9d56530..adbfa332b 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -489,6 +489,7 @@ krb5_lock_file @@ -198,7 +198,7 @@ index 72652f2ce..9de0fcdb3 100644 krb5_mcc_ops krb5_merge_authdata krb5_mk_1cred -@@ -591,6 +592,7 @@ krb5_timeofday +@@ -592,6 +593,7 @@ krb5_timeofday krb5_timestamp_to_sfstring krb5_timestamp_to_string krb5_unlock_file diff --git a/Add-hostname-canonicalization-helper-to-k5test.py.patch b/Add-hostname-canonicalization-helper-to-k5test.py.patch index 83697cd..501984f 100644 --- a/Add-hostname-canonicalization-helper-to-k5test.py.patch +++ b/Add-hostname-canonicalization-helper-to-k5test.py.patch @@ -1,4 +1,4 @@ -From 1d7b365e670f19beae319fde2abf1de0601a2a34 Mon Sep 17 00:00:00 2001 +From d898d94cef8e1a8772a91cd3a62255c33f109636 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 14:43:34 -0500 Subject: [PATCH] Add hostname canonicalization helper to k5test.py diff --git a/Support-host-based-GSS-initiator-names.patch b/Support-host-based-GSS-initiator-names.patch index a9ca98d..ebcae16 100644 --- a/Support-host-based-GSS-initiator-names.patch +++ b/Support-host-based-GSS-initiator-names.patch @@ -1,4 +1,4 @@ -From c1df10d60512e1697ef18b343c237c6a96baf62c Mon Sep 17 00:00:00 2001 +From 8c57937f3ca793fe3f8fdd636be0bc11c24069bc Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 13:51:34 -0500 Subject: [PATCH] Support host-based GSS initiator names @@ -418,7 +418,7 @@ index 8f5872116..760216d05 100644 /* Store the error state for code from context into errsave, but only if code diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports -index 9de0fcdb3..25141dfc5 100644 +index adbfa332b..df6e2ffbe 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -181,6 +181,7 @@ k5_size_authdata_context diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index ed61cf0..047a59e 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From b57c3a8fbeb0e83c9faa63ac49c5ed58971aa934 Mon Sep 17 00:00:00 2001 +From 4a62aeae7b747cd289548949f940525365fe0947 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 @@ -39,7 +39,7 @@ Last-updated: krb5-1.17 15 files changed, 151 insertions(+), 33 deletions(-) diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst -index cb17a8485..29ddca3a4 100644 +index 675175955..adba8238d 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -330,6 +330,12 @@ The libdefaults section may contain any of the following relations: diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index efb79d0..2bc2479 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -1,4 +1,4 @@ -From 5ff60c965583977ee4a4f98555973f9920fc79cd Mon Sep 17 00:00:00 2001 +From fef4e551d3d2dcb55e58cc182304254c36aa8949 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support @@ -5625,7 +5625,7 @@ index 2925c1c43..2f76c8b43 100644 if { ! [cmd {kadm5_destroy $server_handle}]} { perror "$test: unexpected failure in destroy" diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c -index be31eb31e..d2b70acad 100644 +index aa35baa3c..bfa99d9eb 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -59,7 +59,6 @@ @@ -5636,7 +5636,7 @@ index be31eb31e..d2b70acad 100644 ENCTYPE_ARCFOUR_HMAC, ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, 0 -@@ -456,8 +455,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, +@@ -467,8 +466,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, /* Set all enctypes in the default list. */ for (i = 0; default_list[i]; i++) mod_list(default_list[i], sel, weak, &list); @@ -5818,10 +5818,10 @@ index 77d5c61fe..1f9868351 100644 * this functions takes in crypto specific representation of * trustedCertifiers and creates a list of diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index d7d1593f4..0a67c44ef 100644 +index e5940a513..e1153344e 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -@@ -5488,44 +5488,6 @@ cleanup: +@@ -5486,44 +5486,6 @@ cleanup: return retval; } diff --git a/downstream-SELinux-integration.patch b/downstream-SELinux-integration.patch index d68bd92..0ba8b6c 100644 --- a/downstream-SELinux-integration.patch +++ b/downstream-SELinux-integration.patch @@ -1,4 +1,4 @@ -From 99e57d4cbf0eb060162b7038d6e7b202d2716784 Mon Sep 17 00:00:00 2001 +From e787771b618a344d45ac515927e914602f48946f Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:30:53 -0400 Subject: [PATCH] [downstream] SELinux integration @@ -131,7 +131,7 @@ index ca9fcf664..5afb96e58 100644 +AC_SUBST(SELINUX_LIBS) +])dnl diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index 9f96a8719..120922ac3 100755 +index dead0dddc..fef3e054f 100755 --- a/src/build-tools/krb5-config.in +++ b/src/build-tools/krb5-config.in @@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' @@ -142,7 +142,7 @@ index 9f96a8719..120922ac3 100755 LIBS='@LIBS@' GEN_LIB=@GEN_LIB@ -@@ -255,7 +256,7 @@ if test -n "$do_libs"; then +@@ -254,7 +255,7 @@ if test -n "$do_libs"; then fi # If we ever support a flag to generate output suitable for static @@ -253,7 +253,7 @@ index 045334a08..db80063eb 100644 #include diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c -index ff2f25050..e3457622a 100644 +index 634ba4a8b..cea7939f4 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname) @@ -288,7 +288,7 @@ index ff2f25050..e3457622a 100644 com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); goto cleanup; diff --git a/src/kdc/main.c b/src/kdc/main.c -index 27aa10da0..b5916b147 100644 +index 3be6dcb07..24d441e16 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -872,7 +872,7 @@ write_pid_file(const char *path) @@ -301,7 +301,7 @@ index 27aa10da0..b5916b147 100644 return errno; pid = (unsigned long) getpid(); diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c -index 874ba1305..9d6378cc0 100644 +index 498ca599a..c6b8efc28 100644 --- a/src/kprop/kpropd.c +++ b/src/kprop/kpropd.c @@ -487,6 +487,9 @@ doit(int fd) diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch index 9ba0821..84551d1 100644 --- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch +++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch @@ -1,4 +1,4 @@ -From 387ae61e2b6384eba692e777cc1bcc3d34bfa8c6 Mon Sep 17 00:00:00 2001 +From 687bb26cb0877fa5497e90f7d325de42b456da2a Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF @@ -441,7 +441,7 @@ index 6707a7308..915a173dd 100644 return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, &empty); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index 0a67c44ef..dbb054378 100644 +index e1153344e..911e74fd9 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -38,6 +38,13 @@ diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch index d40aef7..172a093 100644 --- a/downstream-fix-debuginfo-with-y.tab.c.patch +++ b/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,4 +1,4 @@ -From 83899829c5e26b98f0c9d124d1e56e7b84c75c02 Mon Sep 17 00:00:00 2001 +From d5ea86ef491feb38f12e6aa53b7579ac02675df6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c diff --git a/downstream-ksu-pam-integration.patch b/downstream-ksu-pam-integration.patch index 7da5ccf..7490bf2 100644 --- a/downstream-ksu-pam-integration.patch +++ b/downstream-ksu-pam-integration.patch @@ -1,4 +1,4 @@ -From 07d19a2c4f369a7a524c919c5a453e702967b530 Mon Sep 17 00:00:00 2001 +From 90ba715be48c2e1b6c7ca53cb1d75f3af2c388d6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:29:58 -0400 Subject: [PATCH] [downstream] ksu pam integration diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch index 7b17912..de4f9bf 100644 --- a/downstream-netlib-and-dns.patch +++ b/downstream-netlib-and-dns.patch @@ -1,4 +1,4 @@ -From ea8156d348a533cc4418903ee351121366872c17 Mon Sep 17 00:00:00 2001 +From ad123366e5fb2694cf6d9f4f292a001a761b78fa Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] [downstream] netlib and dns diff --git a/krb5.spec b/krb5.spec index f61e44a..a3454d6 100644 --- a/krb5.spec +++ b/krb5.spec @@ -41,8 +41,8 @@ Summary: The Kerberos network authentication system Name: krb5 -Version: 1.19 -Release: %{?zdpd}2%{?dist} +Version: 1.19.1 +Release: %{?zdpd}1%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz @@ -284,18 +284,22 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`" --with-prng-alg=os \ --with-lmdb \ || (cat config.log; exit 1) -# Build fast, but get better errors if we fail -make %{?_smp_mflags} || make -j1 -popd # Sanity check the KDC_RUN_DIR. -configured_dir=`grep KDC_RUN_DIR src/include/osconf.h | awk '{print $NF}'` +pushd include +make osconf.h +popd +configured_dir=`grep KDC_RUN_DIR include/osconf.h | awk '{print $NF}'` configured_dir=`eval echo $configured_dir` if test "$configured_dir" != /run/krb5kdc ; then echo Failed to configure KDC_RUN_DIR. exit 1 fi +# Build fast, but get better errors if we fail +make %{?_smp_mflags} || make -j1 +popd + # Build the docs. make -C src/doc paths.py version.py cp src/doc/paths.py doc/ @@ -627,6 +631,12 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Thu Feb 18 2021 Robbie Harwood - 1.19.1-1 +- New upstream version (1.19.1) + +* Wed Feb 17 2021 Robbie Harwood - 1.19-3 +- Restore krb5_set_default_tgs_ktypes() + * Fri Feb 05 2021 Robbie Harwood - 1.19-2 - No code change; just coping with reverted autoconf diff --git a/sources b/sources index dec9e28..e74f7db 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (krb5-1.19.tar.gz) = 99d4e75ff69bffc85698177b48ca430a7a9f077c3b6c4a422ed410b264f9a762a97db5d7e0764812e2530975f1c6c12031a5dabea1154bc01a26470e3ea960a9 -SHA512 (krb5-1.19.tar.gz.asc) = b5ee91d91f4fd727cdc61502753d679e9a87361b4c6f5db377ddf9fa1ae42447b8f46fc1c271e2253e88fb96a84fda88393003195076c16eb90506c1d7df731e +SHA512 (krb5-1.19.1.tar.gz) = 36bf33802119ada4650a8f69f1daca95aaf882dc96bfa7061f0340a5decd588c31fc10108ddadf1042934e0e2c3bbd975deec565b0a7f0fc2baf8b8cc6d97491 +SHA512 (krb5-1.19.1.tar.gz.asc) = 078924730ce441630b4ac553a76ba0ebacb09b67dd057a53e3cf42185dd80bf423e875bddd306e4e91873797a9c013a7b0cae66134976abdea2c9752028e66c7