From 9fb5239517e1095421fd19cb964949a1f5594988 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 12 Jan 2021 12:44:13 -0500 Subject: [PATCH] New upstream version (1.19-beta2) --- .gitignore | 2 + Document-k-option-in-kvno-1-synopsis.patch | 38 ------------------- ...am-FIPS-with-PRNG-and-RADIUS-and-MD4.patch | 4 +- downstream-Remove-3des-support.patch | 22 +++++------ downstream-SELinux-integration.patch | 10 ++--- ...ackported-version-of-OpenSSL-3-KDF-i.patch | 4 +- downstream-fix-debuginfo-with-y.tab.c.patch | 2 +- downstream-ksu-pam-integration.patch | 4 +- downstream-netlib-and-dns.patch | 2 +- krb5.spec | 8 ++-- sources | 4 +- 11 files changed, 33 insertions(+), 67 deletions(-) delete mode 100644 Document-k-option-in-kvno-1-synopsis.patch diff --git a/.gitignore b/.gitignore index 258cd98..c686550 100644 --- a/.gitignore +++ b/.gitignore @@ -191,3 +191,5 @@ krb5-1.8.3-pdf.tar.gz /krb5-1.18.3.tar.gz.asc /krb5-1.19-beta1.tar.gz /krb5-1.19-beta1.tar.gz.asc +/krb5-1.19-beta2.tar.gz +/krb5-1.19-beta2.tar.gz.asc diff --git a/Document-k-option-in-kvno-1-synopsis.patch b/Document-k-option-in-kvno-1-synopsis.patch deleted file mode 100644 index 28323f4..0000000 --- a/Document-k-option-in-kvno-1-synopsis.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b401a1127f27f8cd564e32411f799648a8fd5481 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 24 Nov 2020 12:52:02 -0500 -Subject: [PATCH] Document -k option in kvno(1) synopsis - -becd1ad6830b526d08ddaf5b2b6f213154c6446c attempted to unify the -synopsis, option descriptions, and xusage(), but missed one option. - -(cherry picked from commit d81e76d9ddab9e880bcf54eabf07119af91d28c7) ---- - doc/user/user_commands/kvno.rst | 1 + - src/man/kvno.man | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst -index 65c44e1c0..93a5132b2 100644 ---- a/doc/user/user_commands/kvno.rst -+++ b/doc/user/user_commands/kvno.rst -@@ -9,6 +9,7 @@ SYNOPSIS - **kvno** - [**-c** *ccache*] - [**-e** *etype*] -+[**-k** *keytab*] - [**-q**] - [**-u** | **-S** *sname*] - [**-P**] -diff --git a/src/man/kvno.man b/src/man/kvno.man -index 953d168e6..ebdd6e8ca 100644 ---- a/src/man/kvno.man -+++ b/src/man/kvno.man -@@ -35,6 +35,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \fBkvno\fP - [\fB\-c\fP \fIccache\fP] - [\fB\-e\fP \fIetype\fP] -+[\fB\-k\fP \fIkeytab\fP] - [\fB\-q\fP] - [\fB\-u\fP | \fB\-S\fP \fIsname\fP] - [\fB\-P\fP] diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index 6d74df5..8ca2534 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From 146967416993f66c3ba32cbf3881e43e7bc1ed1c Mon Sep 17 00:00:00 2001 +From 836fdca1ac4bb58498551e1afe8ca6e55d41902d Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 @@ -39,7 +39,7 @@ Last-updated: krb5-1.17 15 files changed, 151 insertions(+), 33 deletions(-) diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst -index e4e2443ed..af3df5871 100644 +index cb17a8485..29ddca3a4 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -330,6 +330,12 @@ The libdefaults section may contain any of the following relations: diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index 1bf529e..046a1be 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -1,4 +1,4 @@ -From 3af536f114e1c1b33b1579f9f16bbb3f497d4a1d Mon Sep 17 00:00:00 2001 +From 329c97793a3e96e79f618bc54914ec89a9e99828 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support @@ -255,7 +255,7 @@ index cebb6644c..4d51e795c 100644 CKSUMTYPE_NIST_SHA.rst CKSUMTYPE_RSA_MD4.rst diff --git a/doc/conf.py b/doc/conf.py -index 9226b8e01..19cf38326 100644 +index 543202bf4..4fb6aae14 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -271,7 +271,7 @@ else: @@ -281,7 +281,7 @@ index 4954bb3aa..92ce2a772 100644 Interoperability ---------------- diff --git a/src/Makefile.in b/src/Makefile.in -index f9270aba2..c958da60f 100644 +index 7d2507ef8..c16715ac7 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -130,7 +130,7 @@ WINMAKEFILES=Makefile \ @@ -303,7 +303,7 @@ index f9270aba2..c958da60f 100644 ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\camellia\Makefile: lib\crypto\builtin\camellia\Makefile.in $(MKFDEP) diff --git a/src/configure.ac b/src/configure.ac -index bd151ca26..27c2383d7 100644 +index dd2cad3ee..3e1052db7 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1480,7 +1480,6 @@ V5_AC_OUTPUT_MAKEFILE(. @@ -5195,7 +5195,7 @@ index 1c439c2cd..000000000 - krb5int_default_free_state -}; diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c -index 636ee303f..e2c5e2b59 100644 +index 75f071c3e..fcf2c2152 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1039,7 +1039,6 @@ kg_accept_krb5(minor_status, context_handle, @@ -5625,7 +5625,7 @@ index 2925c1c43..2f76c8b43 100644 if { ! [cmd {kadm5_destroy $server_handle}]} { perror "$test: unexpected failure in destroy" diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c -index 21d5cb1ca..a8ba6fc5b 100644 +index be31eb31e..d2b70acad 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -59,7 +59,6 @@ @@ -5952,7 +5952,7 @@ index 2279202d3..96b0307d7 100644 /* initial key, w, x, y, T, S, K */ "8846F7EAEE8FB117AD06BDD830B7586C", diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp -index 619fcce48..0a2ed723d 100644 +index 85bbf478a..302dee74c 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -15,8 +15,6 @@ set timeout 100 @@ -6031,7 +6031,7 @@ index 619fcce48..0a2ed723d 100644 {allow_weak_crypto(kdc)=false} {allow_weak_crypto(replica)=false} {allow_weak_crypto(client)=false} -@@ -945,7 +910,6 @@ proc setup_kerberos_db { standalone } { +@@ -946,7 +911,6 @@ proc setup_kerberos_db { standalone } { global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY global tmppwd hostname global spawn_id @@ -6039,7 +6039,7 @@ index 619fcce48..0a2ed723d 100644 global multipass_name last_passname_db set failall 0 -@@ -1142,48 +1106,6 @@ proc setup_kerberos_db { standalone } { +@@ -1143,48 +1107,6 @@ proc setup_kerberos_db { standalone } { } } @@ -6410,10 +6410,10 @@ index 65084bbf3..55ca89745 100755 # Test using different salt types in a principal's key list. # Parameters from one key in the list must not leak over to later ones. diff --git a/src/util/k5test.py b/src/util/k5test.py -index 10f6b0a25..d234a5667 100644 +index 6afe4b92c..789b0f4b9 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py -@@ -1277,13 +1277,6 @@ _passes = [ +@@ -1278,13 +1278,6 @@ _passes = [ # No special settings; exercises AES256. ('default', None, None, None), diff --git a/downstream-SELinux-integration.patch b/downstream-SELinux-integration.patch index 96cf861..7c134eb 100644 --- a/downstream-SELinux-integration.patch +++ b/downstream-SELinux-integration.patch @@ -1,4 +1,4 @@ -From 289615de0c73969574e3d48611deda66989c36c0 Mon Sep 17 00:00:00 2001 +From 1de6ec4cb5b2a1b7b88680ae0f72551a3b5178e6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:30:53 -0400 Subject: [PATCH] [downstream] SELinux integration @@ -152,7 +152,7 @@ index 9f96a8719..120922ac3 100755 echo $lib_flags diff --git a/src/config/pre.in b/src/config/pre.in -index 7b3a583cc..0c51e6966 100644 +index 3752174c7..0d2068575 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -177,6 +177,7 @@ LD = $(PURE) @LD@ @@ -163,7 +163,7 @@ index 7b3a583cc..0c51e6966 100644 INSTALL=@INSTALL@ INSTALL_STRIP= -@@ -402,7 +403,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) +@@ -403,7 +404,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) # HESIOD_LIBS is -lhesiod... HESIOD_LIBS = @HESIOD_LIBS@ @@ -173,7 +173,7 @@ index 7b3a583cc..0c51e6966 100644 GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on macOS! diff --git a/src/configure.ac b/src/configure.ac -index fdaba0ce7..bd151ca26 100644 +index 693f76a81..dd2cad3ee 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1391,6 +1391,8 @@ AC_PATH_PROG(GROFF, groff) @@ -186,7 +186,7 @@ index fdaba0ce7..bd151ca26 100644 if test "${localedir+set}" != set; then localedir='$(datadir)/locale' diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index b3e346991..93d3a1f97 100644 +index cf524252f..efb523689 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -128,6 +128,7 @@ typedef unsigned char u_char; diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch index 9ede1d4..cb35de1 100644 --- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch +++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch @@ -1,4 +1,4 @@ -From 7b22d94779ff340db5f9f25cf7b55aeb365091e1 Mon Sep 17 00:00:00 2001 +From 120e84b63c322c227fb8c6ee8a2f56f47d3e57f5 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF @@ -12,7 +12,7 @@ Last-updated: krb5-1.17 3 files changed, 428 insertions(+), 189 deletions(-) diff --git a/src/configure.ac b/src/configure.ac -index 27c2383d7..d3e022274 100644 +index 3e1052db7..ea708491b 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -282,6 +282,10 @@ AC_SUBST(CRYPTO_IMPL) diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch index c31c013..96c21ac 100644 --- a/downstream-fix-debuginfo-with-y.tab.c.patch +++ b/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,4 +1,4 @@ -From 27614a4fd889525fbd1ca5cb45c20c64a4f9568c Mon Sep 17 00:00:00 2001 +From db57bb9939da544af242c054d10e69a022558b4e Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c diff --git a/downstream-ksu-pam-integration.patch b/downstream-ksu-pam-integration.patch index 050f195..15b9b35 100644 --- a/downstream-ksu-pam-integration.patch +++ b/downstream-ksu-pam-integration.patch @@ -1,4 +1,4 @@ -From f7749ad59d75c2da64f4e9defdbfbc0c1e345bfb Mon Sep 17 00:00:00 2001 +From 25f948637140fb6aade80f99d9e7e096250135cd Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:29:58 -0400 Subject: [PATCH] [downstream] ksu pam integration @@ -760,7 +760,7 @@ index 000000000..0ab76569c +void appl_pam_cleanup(void); +#endif diff --git a/src/configure.ac b/src/configure.ac -index 49814922f..fdaba0ce7 100644 +index 4eb080784..693f76a81 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1389,6 +1389,8 @@ AC_SUBST([VERTO_VERSION]) diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch index 17f1c00..4141da9 100644 --- a/downstream-netlib-and-dns.patch +++ b/downstream-netlib-and-dns.patch @@ -1,4 +1,4 @@ -From df80ded9756b0637ab7cca706e1520f3f372c2e2 Mon Sep 17 00:00:00 2001 +From 26a01204b4cb424e6f9cf4190f7290b0665f6f74 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] [downstream] netlib and dns diff --git a/krb5.spec b/krb5.spec index 604f84c..fcf894d 100644 --- a/krb5.spec +++ b/krb5.spec @@ -7,7 +7,7 @@ %global configured_default_ccache_name KEYRING:persistent:%%{uid} # either beta1 or % { nil } -%global prerelease beta1 +%global prerelease beta2 %if %{defined prerelease} %global dashpre -%{prerelease} %global zdpd 0.%{prerelease}. @@ -19,7 +19,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.19 -Release: %{?zdpd}2%{?dist} +Release: %{?zdpd}1%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz @@ -47,7 +47,6 @@ Patch4: downstream-fix-debuginfo-with-y.tab.c.patch Patch5: downstream-Remove-3des-support.patch Patch6: downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch -Patch47: Document-k-option-in-kvno-1-synopsis.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -611,6 +610,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Jan 12 2021 Robbie Harwood - 1.19-1 +- New upstream version (1.19-beta2) + * Wed Dec 16 2020 Robbie Harwood - 1.19-0.beta1.2 - New upstream version (1.19-beta1) diff --git a/sources b/sources index c36c920..5daa433 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (krb5-1.19-beta1.tar.gz) = 3538a13a38c20d6b5fee0fba474bc49a12434b184de409f829e7b6e5c76ad2fc105fc27f2574a93c3cd9fe9ccf3d5d98f6cd3bdd13a089bb3485e0c3974417de -SHA512 (krb5-1.19-beta1.tar.gz.asc) = cfa793f83f0adaba87f2fe242b0796ed8732de898501d51b745d57a55d98966b337e68f29ec0ae233b15613baca70f2c56f742e467d310e157e3b49b59ad9c5f +SHA512 (krb5-1.19-beta2.tar.gz) = 2864a40c44575a9482d33165bc39e76f6bb476bdcc5bc87c9864f562925638118a236a788da870567d0f83df9aacb5f79145993f38f95cec1fa5b080f2561169 +SHA512 (krb5-1.19-beta2.tar.gz.asc) = fd17198c934907811abebd47b70f6c30e68aa5800f6dde90568241db1413da34557c689af66757e47d94e08d261573f0b1ee56929947f6dcc9fcbb9dcdd2e903