diff --git a/Add-channel-bindings-tests.patch b/Add-channel-bindings-tests.patch index 99c2da2..caf14f6 100644 --- a/Add-channel-bindings-tests.patch +++ b/Add-channel-bindings-tests.patch @@ -1,4 +1,4 @@ -From 2c8494a1b89d69da9de46ca2cb17f9e8f12eb9b5 Mon Sep 17 00:00:00 2001 +From b9ca222798a52ef3a28185ed44f3dfe19579d8fc Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 20 Mar 2020 00:17:28 +0100 Subject: [PATCH] Add channel bindings tests diff --git a/Add-client_aware_channel_bindings-option.patch b/Add-client_aware_channel_bindings-option.patch index 142e1d9..20ecd30 100644 --- a/Add-client_aware_channel_bindings-option.patch +++ b/Add-client_aware_channel_bindings-option.patch @@ -1,4 +1,4 @@ -From 849bb23d0044b2ff315608784c0f96b81feb472f Mon Sep 17 00:00:00 2001 +From 032c7f496c9b327752dda33bf85e74c66d3a93cf Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 10 Mar 2020 13:13:17 +0100 Subject: [PATCH] Add client_aware_channel_bindings option diff --git a/Add-finalization-safety-check-to-com_err.patch b/Add-finalization-safety-check-to-com_err.patch index 9411b15..d717bcc 100644 --- a/Add-finalization-safety-check-to-com_err.patch +++ b/Add-finalization-safety-check-to-com_err.patch @@ -1,4 +1,4 @@ -From 73f1db69f99462b5109a5dd4e1a9476667bd3715 Mon Sep 17 00:00:00 2001 +From 903fc418db4f5819c507cb0d42c0d4a12217c22f Mon Sep 17 00:00:00 2001 From: Jiri Sasek Date: Fri, 13 Mar 2020 19:02:58 +0100 Subject: [PATCH] Add finalization safety check to com_err diff --git a/Add-three-kvno-options-from-Heimdal-kgetcred.patch b/Add-three-kvno-options-from-Heimdal-kgetcred.patch index 1f6452f..a68394c 100644 --- a/Add-three-kvno-options-from-Heimdal-kgetcred.patch +++ b/Add-three-kvno-options-from-Heimdal-kgetcred.patch @@ -1,4 +1,4 @@ -From 4da87d7fe288f3f7087dca8396d42abfd958b8e4 Mon Sep 17 00:00:00 2001 +From ea2ad3330aa39ef4e62d8856ea7e8eed2843b3f2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 17 Jun 2020 20:48:38 -0400 Subject: [PATCH] Add three kvno options from Heimdal kgetcred diff --git a/Adjust-KDC-alias-helper-function-contract.patch b/Adjust-KDC-alias-helper-function-contract.patch index 13f4cb7..b7ce64e 100644 --- a/Adjust-KDC-alias-helper-function-contract.patch +++ b/Adjust-KDC-alias-helper-function-contract.patch @@ -1,4 +1,4 @@ -From 833dfff1a11da3b1b9cf45a2bb09f17efa49cdba Mon Sep 17 00:00:00 2001 +From d27cef7eb6f099fb1ec4e2d49625aee0d8dc1007 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 22 Sep 2020 01:11:39 +0300 Subject: [PATCH] Adjust KDC alias helper function contract diff --git a/Allow-aliases-when-matching-U2U-second-ticket.patch b/Allow-aliases-when-matching-U2U-second-ticket.patch index 523402f..38ed3cc 100644 --- a/Allow-aliases-when-matching-U2U-second-ticket.patch +++ b/Allow-aliases-when-matching-U2U-second-ticket.patch @@ -1,4 +1,4 @@ -From e976a70ff23e600a76d1c3134f9c2f80753b6679 Mon Sep 17 00:00:00 2001 +From 69e45f51b466219bde15b11c8539ea3841281f2b Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 22 Sep 2020 01:17:11 +0300 Subject: [PATCH] Allow aliases when matching U2U second ticket diff --git a/Allow-certauth-modules-to-set-hw-authent-flag.patch b/Allow-certauth-modules-to-set-hw-authent-flag.patch index 0c155e7..3be71e7 100644 --- a/Allow-certauth-modules-to-set-hw-authent-flag.patch +++ b/Allow-certauth-modules-to-set-hw-authent-flag.patch @@ -1,4 +1,4 @@ -From c18034484eadb0f32cef384197d1185aa50c3adb Mon Sep 17 00:00:00 2001 +From b581e106c65957f48ee088d9243b985d3e9a0be8 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 24 Feb 2020 15:58:59 -0500 Subject: [PATCH] Allow certauth modules to set hw-authent flag diff --git a/Avoid-passing-DB-entry-structures-in-KDC.patch b/Avoid-passing-DB-entry-structures-in-KDC.patch index 23f96e3..0d6a8be 100644 --- a/Avoid-passing-DB-entry-structures-in-KDC.patch +++ b/Avoid-passing-DB-entry-structures-in-KDC.patch @@ -1,4 +1,4 @@ -From e0fc680b2fb51513993c4cdaa2c25b292f57a073 Mon Sep 17 00:00:00 2001 +From aad7ffc2cdc5b1c55a5967612730daa2f493fa6e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 30 Sep 2020 02:12:00 -0400 Subject: [PATCH] Avoid passing DB entry structures in KDC diff --git a/Correctly-import-service-GSS-host-based-name.patch b/Correctly-import-service-GSS-host-based-name.patch index e56648b..0c6d0e7 100644 --- a/Correctly-import-service-GSS-host-based-name.patch +++ b/Correctly-import-service-GSS-host-based-name.patch @@ -1,4 +1,4 @@ -From 24c5e1ad937505a03628547ed7a5c6060a2b0ff2 Mon Sep 17 00:00:00 2001 +From 5a0900dc3f0ce7569db2ed6d14da3f97b47bd120 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 30 Mar 2020 15:26:02 -0400 Subject: [PATCH] Correctly import "service@" GSS host-based name diff --git a/Default-dns_canonicalize_hostname-to-fallback.patch b/Default-dns_canonicalize_hostname-to-fallback.patch index 3669432..99b9bbb 100644 --- a/Default-dns_canonicalize_hostname-to-fallback.patch +++ b/Default-dns_canonicalize_hostname-to-fallback.patch @@ -1,4 +1,4 @@ -From 6bdab27ef3dfcefb8426f2ea4e06bbdbd1141b16 Mon Sep 17 00:00:00 2001 +From bec1b3601b15397df07b3464959da92915eb45b5 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 27 May 2020 18:48:35 -0400 Subject: [PATCH] Default dns_canonicalize_hostname to "fallback" diff --git a/Do-expiration-warnings-for-all-init_creds-APIs.patch b/Do-expiration-warnings-for-all-init_creds-APIs.patch index 374068f..0dc7528 100644 --- a/Do-expiration-warnings-for-all-init_creds-APIs.patch +++ b/Do-expiration-warnings-for-all-init_creds-APIs.patch @@ -1,4 +1,4 @@ -From c7abf942c66b2ba543cf412f12562e9bb8ee260a Mon Sep 17 00:00:00 2001 +From 4369b03968131b005acbafd043465899da50e1dc Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 28 Feb 2020 10:11:49 +0100 Subject: [PATCH] Do expiration warnings for all init_creds APIs diff --git a/Document-k-option-in-kvno-1-synopsis.patch b/Document-k-option-in-kvno-1-synopsis.patch new file mode 100644 index 0000000..21f8100 --- /dev/null +++ b/Document-k-option-in-kvno-1-synopsis.patch @@ -0,0 +1,38 @@ +From 588d964f59356373353dfd31d4fdcba95e508385 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 24 Nov 2020 12:52:02 -0500 +Subject: [PATCH] Document -k option in kvno(1) synopsis + +becd1ad6830b526d08ddaf5b2b6f213154c6446c attempted to unify the +synopsis, option descriptions, and xusage(), but missed one option. + +(cherry picked from commit d81e76d9ddab9e880bcf54eabf07119af91d28c7) +--- + doc/user/user_commands/kvno.rst | 1 + + src/man/kvno.man | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst +index 6fd8577a5..1e273e26e 100644 +--- a/doc/user/user_commands/kvno.rst ++++ b/doc/user/user_commands/kvno.rst +@@ -9,6 +9,7 @@ SYNOPSIS + **kvno** + [**-c** *ccache*] + [**-e** *etype*] ++[**-k** *keytab*] + [**-q**] + [**-u** | **-S** *sname*] + [**-P**] +diff --git a/src/man/kvno.man b/src/man/kvno.man +index 7c9565bdb..dc9847e99 100644 +--- a/src/man/kvno.man ++++ b/src/man/kvno.man +@@ -35,6 +35,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] + \fBkvno\fP + [\fB\-c\fP \fIccache\fP] + [\fB\-e\fP \fIetype\fP] ++[\fB\-k\fP \fIkeytab\fP] + [\fB\-q\fP] + [\fB\-u\fP | \fB\-S\fP \fIsname\fP] + [\fB\-P\fP] diff --git a/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch index 90bbcab..ad0dd7a 100644 --- a/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch +++ b/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch @@ -1,4 +1,4 @@ -From 4b2176eaad00630890abe4b458cbc31f05b2b9c0 Mon Sep 17 00:00:00 2001 +From 5106d0b7ea10d1faa21f6dfb542a46eb74e78d40 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 24 Jul 2020 16:05:24 -0400 Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support diff --git a/Fix-minor-static-analysis-defects.patch b/Fix-minor-static-analysis-defects.patch index b94b48c..c136b7f 100644 --- a/Fix-minor-static-analysis-defects.patch +++ b/Fix-minor-static-analysis-defects.patch @@ -1,4 +1,4 @@ -From 0de060366a1b75df47189f5cc0a7a92685cbe1d7 Mon Sep 17 00:00:00 2001 +From a33dc1cfb0ebecb67cc7f38258303492a552cb73 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 15 Oct 2020 18:15:29 -0400 Subject: [PATCH] Fix minor static analysis defects diff --git a/Fix-typo-in-in-in-the-ksu-man-page.patch b/Fix-typo-in-in-in-the-ksu-man-page.patch index a6c1f5c..922aa29 100644 --- a/Fix-typo-in-in-in-the-ksu-man-page.patch +++ b/Fix-typo-in-in-in-the-ksu-man-page.patch @@ -1,4 +1,4 @@ -From 5399eaea6c5e00c4e96fa5507aa50dd643337194 Mon Sep 17 00:00:00 2001 +From 5952a06a594c4dc0f20f7ba2854b25f76734aa27 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 May 2020 15:01:18 -0400 Subject: [PATCH] Fix typo ("in in") in the ksu man page diff --git a/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch index 01edf16..aaab2d3 100644 --- a/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch +++ b/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch @@ -1,4 +1,4 @@ -From 6931f8ed0fd8c9f634e1e48f1e8926022610fc3f Mon Sep 17 00:00:00 2001 +From cc572c5b6f8a3269c24c0f21f5799e60014635fb Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 15 Jul 2020 15:42:20 -0400 Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts() diff --git a/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch index d93a3f8..b5180b2 100644 --- a/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch +++ b/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch @@ -1,4 +1,4 @@ -From 40093f65c58ab78a050860ce41560595aa8ecf7e Mon Sep 17 00:00:00 2001 +From e0a702b6e5f0665cca88723f7b17ff90ea218e45 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 5 Jul 2017 11:38:30 -0400 Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG diff --git a/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/Implement-KERB_AP_OPTIONS_CBT-server-side.patch index a43ae8b..458901d 100644 --- a/Implement-KERB_AP_OPTIONS_CBT-server-side.patch +++ b/Implement-KERB_AP_OPTIONS_CBT-server-side.patch @@ -1,4 +1,4 @@ -From 2250babfa6fc6590d50fc9c9beb267ba280ff685 Mon Sep 17 00:00:00 2001 +From 323329d9033f32f49266921910124fe4f2a9124c Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Mon, 9 Mar 2020 16:04:21 +0100 Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side) diff --git a/Improve-KDC-alias-checking-for-S4U-requests.patch b/Improve-KDC-alias-checking-for-S4U-requests.patch index 76b0bf9..69745de 100644 --- a/Improve-KDC-alias-checking-for-S4U-requests.patch +++ b/Improve-KDC-alias-checking-for-S4U-requests.patch @@ -1,4 +1,4 @@ -From dc03b33af17f2014baaa29412a1787cbcb140a62 Mon Sep 17 00:00:00 2001 +From d80afa1396c3a6605338e4eaaf5bc44f8ad3eacc Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 4 Sep 2020 14:05:50 +0300 Subject: [PATCH] Improve KDC alias checking for S4U requests diff --git a/Improve-negoex_parse_token-code-hygiene.patch b/Improve-negoex_parse_token-code-hygiene.patch index ef9bf2b..d2b94aa 100644 --- a/Improve-negoex_parse_token-code-hygiene.patch +++ b/Improve-negoex_parse_token-code-hygiene.patch @@ -1,4 +1,4 @@ -From d604359e2f0bce65f08d0d805e0795e29287109c Mon Sep 17 00:00:00 2001 +From 9596a341d99e3af1438ad215ed0fb5496cb59ff0 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 9 Jun 2020 16:23:37 -0400 Subject: [PATCH] Improve negoex_parse_token() code hygiene diff --git a/Install-shared-libraries-as-executable.patch b/Install-shared-libraries-as-executable.patch new file mode 100644 index 0000000..b8adf3d --- /dev/null +++ b/Install-shared-libraries-as-executable.patch @@ -0,0 +1,42 @@ +From b3c6667d7f98cf0347642c7927618fd40cd6f904 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:45:26 -0400 +Subject: [PATCH] Install shared libraries as executable + +RPM expects this behavior, and systems with contrary policies (like +Debian) address permissions at the packaging layer. Most other build +systems appear to install shared libraries as executable. + +[ghudson@mit.edu: edited commit message] + +ticket: 8965 (new) +(cherry picked from commit 1bc5f76d2e7013b8771e3bd9960c82642ba0b467) +--- + src/config/shlib.conf | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/config/shlib.conf b/src/config/shlib.conf +index 3e4af6c02..75b7cc3af 100644 +--- a/src/config/shlib.conf ++++ b/src/config/shlib.conf +@@ -22,8 +22,10 @@ SHLIBVEXT=.so.v-nobuild + SHLIBSEXT=.so.s-nobuild + # Most systems support profiled libraries. + PFLIBEXT=_p.a +-# Most systems install shared libs as mode 644, etc. while hpux wants 755 +-INSTALL_SHLIB='$(INSTALL_DATA)' ++# Install libraries executable. Some systems (e.g., RPM-based ones) require ++# this for package dependency generation, while others are ambivalent or will ++# strip it during packaging. ++INSTALL_SHLIB='$(INSTALL)' + # Most systems use the same objects for shared libraries and dynamically + # loadable objects. + DYNOBJEXT='$(SHLIBEXT)' +@@ -118,7 +120,6 @@ alpha*-dec-osf*) + # -O +dpv should display any routines eliminated as unused, but -b + # apparently turns that off + *-*-hpux*) +- INSTALL_SHLIB='$(INSTALL)' + case $host_cpu in + hppa*) + SHLIBEXT=.sl diff --git a/Minimize-usage-of-tgs_server-in-KDC.patch b/Minimize-usage-of-tgs_server-in-KDC.patch index 5199395..01608e8 100644 --- a/Minimize-usage-of-tgs_server-in-KDC.patch +++ b/Minimize-usage-of-tgs_server-in-KDC.patch @@ -1,4 +1,4 @@ -From ce60c549887a7732a6079d6e7111eb645f279781 Mon Sep 17 00:00:00 2001 +From 6e82fd67034eef7f99b901f417782a3786a02069 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 25 Sep 2020 11:12:34 -0400 Subject: [PATCH] Minimize usage of tgs_server in KDC diff --git a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch index 782974b..9e25d54 100644 --- a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch +++ b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch @@ -1,4 +1,4 @@ -From a9144f5238b91949f32355f5ab88e2ade734eb06 Mon Sep 17 00:00:00 2001 +From cd99c7829a43074cec8afe5c7021778a5a2ebd31 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 6 May 2020 16:03:13 -0400 Subject: [PATCH] Omit KDC indicator check for S4U2Self requests diff --git a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch index bc4ed52..5fd221e 100644 --- a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch +++ b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch @@ -1,4 +1,4 @@ -From 8fc932c8f75e4332aa7dc6c4862cb881308b6813 Mon Sep 17 00:00:00 2001 +From 6b81d2d9913d91a4cc48d04f123fc71cc1022432 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 6 Jun 2020 11:03:37 +0200 Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum diff --git a/Pass-channel-bindings-through-SPNEGO.patch b/Pass-channel-bindings-through-SPNEGO.patch index e376472..1b3c130 100644 --- a/Pass-channel-bindings-through-SPNEGO.patch +++ b/Pass-channel-bindings-through-SPNEGO.patch @@ -1,4 +1,4 @@ -From 19ef4a378a8fe483e82b1b4f979a7ffcb264325e Mon Sep 17 00:00:00 2001 +From a5588aae21d44f5a6eed4bdfeae992a709b92959 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 28 Apr 2020 18:15:55 +0200 Subject: [PATCH] Pass channel bindings through SPNEGO diff --git a/Pass-gss_localname-through-SPNEGO.patch b/Pass-gss_localname-through-SPNEGO.patch index bbf703c..1aad597 100644 --- a/Pass-gss_localname-through-SPNEGO.patch +++ b/Pass-gss_localname-through-SPNEGO.patch @@ -1,4 +1,4 @@ -From fb89e83451519aed051bb129f3cf9cc34cde702f Mon Sep 17 00:00:00 2001 +From 723f4c746293f064a32961ad77b57f901dd54a67 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 26 Apr 2020 19:55:54 -0400 Subject: [PATCH] Pass gss_localname() through SPNEGO diff --git a/Refactor-KDC-authdata-list-management-helpers.patch b/Refactor-KDC-authdata-list-management-helpers.patch index 495dbda..69ef109 100644 --- a/Refactor-KDC-authdata-list-management-helpers.patch +++ b/Refactor-KDC-authdata-list-management-helpers.patch @@ -1,4 +1,4 @@ -From 00245d789edc6cf6263540d7c9d7ee45bbac58ce Mon Sep 17 00:00:00 2001 +From 17093468190706e241d2a6ef2bb5607be7021640 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 5 Feb 2020 18:46:11 -0500 Subject: [PATCH] Refactor KDC authdata list management helpers diff --git a/Refactor-krb5-GSS-checksum-handling.patch b/Refactor-krb5-GSS-checksum-handling.patch index a0bb217..62f36c3 100644 --- a/Refactor-krb5-GSS-checksum-handling.patch +++ b/Refactor-krb5-GSS-checksum-handling.patch @@ -1,4 +1,4 @@ -From 544c37e2928f2585708e36f77a6b0baa52c3c541 Mon Sep 17 00:00:00 2001 +From 8412a1611290da9705730c9e473a5b122c55e9fd Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 30 Jun 2017 16:03:01 -0400 Subject: [PATCH] Refactor krb5 GSS checksum handling diff --git a/Refresh-manually-acquired-creds-from-client-keytab.patch b/Refresh-manually-acquired-creds-from-client-keytab.patch index dc50194..61e1fa4 100644 --- a/Refresh-manually-acquired-creds-from-client-keytab.patch +++ b/Refresh-manually-acquired-creds-from-client-keytab.patch @@ -1,4 +1,4 @@ -From e1762f16fe4d900903c5395cc3268f9b78835100 Mon Sep 17 00:00:00 2001 +From 43fe1f948059ad79d95dbf41f2206de65238d892 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 26 Feb 2020 18:27:17 -0500 Subject: [PATCH] Refresh manually acquired creds from client keytab diff --git a/Remove-resolver-test-utility.patch b/Remove-resolver-test-utility.patch index e765069..77fea7a 100644 --- a/Remove-resolver-test-utility.patch +++ b/Remove-resolver-test-utility.patch @@ -1,4 +1,4 @@ -From 8a2cd84c047ef7500dc8149ed6ace8e9fa631cad Mon Sep 17 00:00:00 2001 +From 6d2dbd0378c92ea13363f2536ab0062bdfda076e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 28 May 2020 18:41:02 -0400 Subject: [PATCH] Remove resolver test utility diff --git a/Replace-gssrpc-tests-with-a-Python-script.patch b/Replace-gssrpc-tests-with-a-Python-script.patch index fc8fe87..3481a87 100644 --- a/Replace-gssrpc-tests-with-a-Python-script.patch +++ b/Replace-gssrpc-tests-with-a-Python-script.patch @@ -1,4 +1,4 @@ -From e2ad633616a3f4db91bbd332d778df93e4bdb652 Mon Sep 17 00:00:00 2001 +From 1de586b414104a447a50ffb6f81c2f57ed3d3a34 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 15 Feb 2020 20:34:23 -0500 Subject: [PATCH] Replace gssrpc tests with a Python script diff --git a/Use-two-queues-for-concurrent-t_otp.py-daemons.patch b/Use-two-queues-for-concurrent-t_otp.py-daemons.patch index 88c2364..80093f3 100644 --- a/Use-two-queues-for-concurrent-t_otp.py-daemons.patch +++ b/Use-two-queues-for-concurrent-t_otp.py-daemons.patch @@ -1,4 +1,4 @@ -From e12c670bceb08413f797ecd643675a4a80dac824 Mon Sep 17 00:00:00 2001 +From 35d041e432ea6d4611b232cc9bb72a36552eda27 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 4 Mar 2020 17:18:51 -0500 Subject: [PATCH] Use two queues for concurrent t_otp.py daemons diff --git a/downstream-Adjust-build-configuration.patch b/downstream-Adjust-build-configuration.patch deleted file mode 100644 index 62000c1..0000000 --- a/downstream-Adjust-build-configuration.patch +++ /dev/null @@ -1,72 +0,0 @@ -From c06693e5a17daf0fd585e608e8bfd1eb3eef447c Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:45:26 -0400 -Subject: [PATCH] [downstream] Adjust build configuration - -Build binaries in this package as RELRO PIEs, libraries as partial RELRO, -and install shared libraries with the execute bit set on them. Prune out -the -L/usr/lib* and PIE flags where they might leak out and affect -apps which just want to link with the libraries. FIXME: needs to check and -not just assume that the compiler supports using these flags. - -Last-updated: krb5-1.15-beta1 ---- - src/build-tools/krb5-config.in | 7 +++++++ - src/config/pre.in | 2 +- - src/config/shlib.conf | 5 +++-- - 3 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index c17cb5eb5..1891dea99 100755 ---- a/src/build-tools/krb5-config.in -+++ b/src/build-tools/krb5-config.in -@@ -226,6 +226,13 @@ if test -n "$do_libs"; then - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ - -e 's#\$(CFLAGS)##'` - -+ if test `dirname $libdir` = /usr ; then -+ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` -+ fi -+ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"` -+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"` -+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"` -+ - if test $library = 'kdb'; then - lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" - library=krb5 -diff --git a/src/config/pre.in b/src/config/pre.in -index 917357df9..a8540ae2a 100644 ---- a/src/config/pre.in -+++ b/src/config/pre.in -@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) - INSTALL_SCRIPT=@INSTALL_PROGRAM@ - INSTALL_DATA=@INSTALL_DATA@ - INSTALL_SHLIB=@INSTALL_SHLIB@ --INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root -+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 - ## This is needed because autoconf will sometimes define @exec_prefix@ to be - ## ${prefix}. - prefix=@prefix@ -diff --git a/src/config/shlib.conf b/src/config/shlib.conf -index 3e4af6c02..2b20c3fda 100644 ---- a/src/config/shlib.conf -+++ b/src/config/shlib.conf -@@ -423,7 +423,7 @@ mips-*-netbsd*) - # Linux ld doesn't default to stuffing the SONAME field... - # Use objdump -x to examine the fields of the library - # UNDEF_CHECK is suppressed by --enable-asan -- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)' -+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro -Wl,--warn-shared-textrel' - UNDEF_CHECK='-Wl,--no-undefined' - # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode. - LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)' -@@ -435,7 +435,8 @@ mips-*-netbsd*) - SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - PROFFLAGS=-pg - PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' -- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' -+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)' -+ INSTALL_SHLIB='${INSTALL} -m755' - CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' - CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index 310e1ac..3d0cd46 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From a983f32cfd2ec3f0571db347426835e8fc7c8464 Mon Sep 17 00:00:00 2001 +From 3a83d2b4c2a3eea5dde8de883ee9b41630a6a487 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index e060f4e..ae4124f 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -1,4 +1,4 @@ -From 603a735ba52b50541520e53b031be47817de2fd5 Mon Sep 17 00:00:00 2001 +From 0ef71d2bef3efcb38b20fc8b3050944286ada726 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch index 2e41026..149bb0a 100644 --- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch +++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch @@ -1,4 +1,4 @@ -From b1eeb9caf1e1fec23d92f163086ec168fbaf74e5 Mon Sep 17 00:00:00 2001 +From a89e833a2ae26197a0edf864bb9274d776003c60 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch index 7600f5d..13072cf 100644 --- a/downstream-fix-debuginfo-with-y.tab.c.patch +++ b/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,4 +1,4 @@ -From 126569bf428c546b938b9fec5b12851f09d61c94 Mon Sep 17 00:00:00 2001 +From 0f98db9b00fa2ce685f841db18fff641f8eaa904 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch index 156870b..682e3df 100644 --- a/downstream-netlib-and-dns.patch +++ b/downstream-netlib-and-dns.patch @@ -1,4 +1,4 @@ -From 23bce0aef64454bf808b9885967b04abafcf7917 Mon Sep 17 00:00:00 2001 +From 29f58a8059cb73ca586514b57458b2b17e091f36 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] [downstream] netlib and dns diff --git a/krb5.spec b/krb5.spec index 8372f70..2248930 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.3 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 2%{?dist} +Release: 4%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -41,7 +41,6 @@ Source39: krb5-krb5kdc.conf Patch0: downstream-ksu-pam-integration.patch Patch1: downstream-SELinux-integration.patch -Patch2: downstream-Adjust-build-configuration.patch Patch3: downstream-netlib-and-dns.patch Patch4: downstream-fix-debuginfo-with-y.tab.c.patch Patch5: downstream-Remove-3des-support.patch @@ -77,6 +76,8 @@ Patch42: Refactor-KDC-authdata-list-management-helpers.patch Patch43: Avoid-passing-DB-entry-structures-in-KDC.patch Patch44: Minimize-usage-of-tgs_server-in-KDC.patch Patch45: Fix-minor-static-analysis-defects.patch +Patch46: Install-shared-libraries-as-executable.patch +Patch47: Document-k-option-in-kvno-1-synopsis.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -627,6 +628,12 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Nov 24 2020 Robbie Harwood - 1.18.3-4 +- Document -k option in kvno(1) synopsis + +* Fri Nov 20 2020 Robbie Harwood - 1.18.3-3 +- Upstream executable shared libraries patch + * Wed Nov 18 2020 Robbie Harwood - 1.18.3-2 - Fix build failure in -1