From da5db561e598567ccc9f7a16831a87ea6a2e2971 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Tue, 24 Nov 2020 18:42:16 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/krb5.git#b783a5421cf5820f19f2e3aeb999ad24de39747e --- Add-channel-bindings-tests.patch | 2 +- ...client_aware_channel_bindings-option.patch | 2 +- ...finalization-safety-check-to-com_err.patch | 2 +- ...e-kvno-options-from-Heimdal-kgetcred.patch | 2 +- ...t-KDC-alias-helper-function-contract.patch | 2 +- ...ases-when-matching-U2U-second-ticket.patch | 2 +- ...tauth-modules-to-set-hw-authent-flag.patch | 2 +- ...d-passing-DB-entry-structures-in-KDC.patch | 2 +- ...y-import-service-GSS-host-based-name.patch | 2 +- ...ns_canonicalize_hostname-to-fallback.patch | 2 +- ...ion-warnings-for-all-init_creds-APIs.patch | 2 +- Document-k-option-in-kvno-1-synopsis.patch | 38 ++++++++++ ...n-KERB_AP_OPTIONS_CBT-server-support.patch | 2 +- Fix-minor-static-analysis-defects.patch | 2 +- Fix-typo-in-in-in-the-ksu-man-page.patch | 2 +- ...-enctypes-in-krb5_string_to_keysalts.patch | 2 +- Implement-GSS_C_CHANNEL_BOUND_FLAG.patch | 2 +- ...ment-KERB_AP_OPTIONS_CBT-server-side.patch | 2 +- ...-KDC-alias-checking-for-S4U-requests.patch | 2 +- Improve-negoex_parse_token-code-hygiene.patch | 2 +- Install-shared-libraries-as-executable.patch | 42 +++++++++++ Minimize-usage-of-tgs_server-in-KDC.patch | 2 +- ...ndicator-check-for-S4U2Self-requests.patch | 2 +- ...SER-if-we-can-t-compute-its-checksum.patch | 2 +- Pass-channel-bindings-through-SPNEGO.patch | 2 +- Pass-gss_localname-through-SPNEGO.patch | 2 +- ...KDC-authdata-list-management-helpers.patch | 2 +- Refactor-krb5-GSS-checksum-handling.patch | 2 +- ...ly-acquired-creds-from-client-keytab.patch | 2 +- Remove-resolver-test-utility.patch | 2 +- ...ce-gssrpc-tests-with-a-Python-script.patch | 2 +- ...eues-for-concurrent-t_otp.py-daemons.patch | 2 +- downstream-Adjust-build-configuration.patch | 72 ------------------- ...am-FIPS-with-PRNG-and-RADIUS-and-MD4.patch | 2 +- downstream-Remove-3des-support.patch | 2 +- ...ackported-version-of-OpenSSL-3-KDF-i.patch | 2 +- downstream-fix-debuginfo-with-y.tab.c.patch | 2 +- downstream-netlib-and-dns.patch | 2 +- krb5.spec | 11 ++- 39 files changed, 124 insertions(+), 109 deletions(-) create mode 100644 Document-k-option-in-kvno-1-synopsis.patch create mode 100644 Install-shared-libraries-as-executable.patch delete mode 100644 downstream-Adjust-build-configuration.patch diff --git a/Add-channel-bindings-tests.patch b/Add-channel-bindings-tests.patch index 99c2da2..caf14f6 100644 --- a/Add-channel-bindings-tests.patch +++ b/Add-channel-bindings-tests.patch @@ -1,4 +1,4 @@ -From 2c8494a1b89d69da9de46ca2cb17f9e8f12eb9b5 Mon Sep 17 00:00:00 2001 +From b9ca222798a52ef3a28185ed44f3dfe19579d8fc Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 20 Mar 2020 00:17:28 +0100 Subject: [PATCH] Add channel bindings tests diff --git a/Add-client_aware_channel_bindings-option.patch b/Add-client_aware_channel_bindings-option.patch index 142e1d9..20ecd30 100644 --- a/Add-client_aware_channel_bindings-option.patch +++ b/Add-client_aware_channel_bindings-option.patch @@ -1,4 +1,4 @@ -From 849bb23d0044b2ff315608784c0f96b81feb472f Mon Sep 17 00:00:00 2001 +From 032c7f496c9b327752dda33bf85e74c66d3a93cf Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 10 Mar 2020 13:13:17 +0100 Subject: [PATCH] Add client_aware_channel_bindings option diff --git a/Add-finalization-safety-check-to-com_err.patch b/Add-finalization-safety-check-to-com_err.patch index 9411b15..d717bcc 100644 --- a/Add-finalization-safety-check-to-com_err.patch +++ b/Add-finalization-safety-check-to-com_err.patch @@ -1,4 +1,4 @@ -From 73f1db69f99462b5109a5dd4e1a9476667bd3715 Mon Sep 17 00:00:00 2001 +From 903fc418db4f5819c507cb0d42c0d4a12217c22f Mon Sep 17 00:00:00 2001 From: Jiri Sasek Date: Fri, 13 Mar 2020 19:02:58 +0100 Subject: [PATCH] Add finalization safety check to com_err diff --git a/Add-three-kvno-options-from-Heimdal-kgetcred.patch b/Add-three-kvno-options-from-Heimdal-kgetcred.patch index 1f6452f..a68394c 100644 --- a/Add-three-kvno-options-from-Heimdal-kgetcred.patch +++ b/Add-three-kvno-options-from-Heimdal-kgetcred.patch @@ -1,4 +1,4 @@ -From 4da87d7fe288f3f7087dca8396d42abfd958b8e4 Mon Sep 17 00:00:00 2001 +From ea2ad3330aa39ef4e62d8856ea7e8eed2843b3f2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 17 Jun 2020 20:48:38 -0400 Subject: [PATCH] Add three kvno options from Heimdal kgetcred diff --git a/Adjust-KDC-alias-helper-function-contract.patch b/Adjust-KDC-alias-helper-function-contract.patch index 13f4cb7..b7ce64e 100644 --- a/Adjust-KDC-alias-helper-function-contract.patch +++ b/Adjust-KDC-alias-helper-function-contract.patch @@ -1,4 +1,4 @@ -From 833dfff1a11da3b1b9cf45a2bb09f17efa49cdba Mon Sep 17 00:00:00 2001 +From d27cef7eb6f099fb1ec4e2d49625aee0d8dc1007 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 22 Sep 2020 01:11:39 +0300 Subject: [PATCH] Adjust KDC alias helper function contract diff --git a/Allow-aliases-when-matching-U2U-second-ticket.patch b/Allow-aliases-when-matching-U2U-second-ticket.patch index 523402f..38ed3cc 100644 --- a/Allow-aliases-when-matching-U2U-second-ticket.patch +++ b/Allow-aliases-when-matching-U2U-second-ticket.patch @@ -1,4 +1,4 @@ -From e976a70ff23e600a76d1c3134f9c2f80753b6679 Mon Sep 17 00:00:00 2001 +From 69e45f51b466219bde15b11c8539ea3841281f2b Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 22 Sep 2020 01:17:11 +0300 Subject: [PATCH] Allow aliases when matching U2U second ticket diff --git a/Allow-certauth-modules-to-set-hw-authent-flag.patch b/Allow-certauth-modules-to-set-hw-authent-flag.patch index 0c155e7..3be71e7 100644 --- a/Allow-certauth-modules-to-set-hw-authent-flag.patch +++ b/Allow-certauth-modules-to-set-hw-authent-flag.patch @@ -1,4 +1,4 @@ -From c18034484eadb0f32cef384197d1185aa50c3adb Mon Sep 17 00:00:00 2001 +From b581e106c65957f48ee088d9243b985d3e9a0be8 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 24 Feb 2020 15:58:59 -0500 Subject: [PATCH] Allow certauth modules to set hw-authent flag diff --git a/Avoid-passing-DB-entry-structures-in-KDC.patch b/Avoid-passing-DB-entry-structures-in-KDC.patch index 23f96e3..0d6a8be 100644 --- a/Avoid-passing-DB-entry-structures-in-KDC.patch +++ b/Avoid-passing-DB-entry-structures-in-KDC.patch @@ -1,4 +1,4 @@ -From e0fc680b2fb51513993c4cdaa2c25b292f57a073 Mon Sep 17 00:00:00 2001 +From aad7ffc2cdc5b1c55a5967612730daa2f493fa6e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 30 Sep 2020 02:12:00 -0400 Subject: [PATCH] Avoid passing DB entry structures in KDC diff --git a/Correctly-import-service-GSS-host-based-name.patch b/Correctly-import-service-GSS-host-based-name.patch index e56648b..0c6d0e7 100644 --- a/Correctly-import-service-GSS-host-based-name.patch +++ b/Correctly-import-service-GSS-host-based-name.patch @@ -1,4 +1,4 @@ -From 24c5e1ad937505a03628547ed7a5c6060a2b0ff2 Mon Sep 17 00:00:00 2001 +From 5a0900dc3f0ce7569db2ed6d14da3f97b47bd120 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 30 Mar 2020 15:26:02 -0400 Subject: [PATCH] Correctly import "service@" GSS host-based name diff --git a/Default-dns_canonicalize_hostname-to-fallback.patch b/Default-dns_canonicalize_hostname-to-fallback.patch index 3669432..99b9bbb 100644 --- a/Default-dns_canonicalize_hostname-to-fallback.patch +++ b/Default-dns_canonicalize_hostname-to-fallback.patch @@ -1,4 +1,4 @@ -From 6bdab27ef3dfcefb8426f2ea4e06bbdbd1141b16 Mon Sep 17 00:00:00 2001 +From bec1b3601b15397df07b3464959da92915eb45b5 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 27 May 2020 18:48:35 -0400 Subject: [PATCH] Default dns_canonicalize_hostname to "fallback" diff --git a/Do-expiration-warnings-for-all-init_creds-APIs.patch b/Do-expiration-warnings-for-all-init_creds-APIs.patch index 374068f..0dc7528 100644 --- a/Do-expiration-warnings-for-all-init_creds-APIs.patch +++ b/Do-expiration-warnings-for-all-init_creds-APIs.patch @@ -1,4 +1,4 @@ -From c7abf942c66b2ba543cf412f12562e9bb8ee260a Mon Sep 17 00:00:00 2001 +From 4369b03968131b005acbafd043465899da50e1dc Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 28 Feb 2020 10:11:49 +0100 Subject: [PATCH] Do expiration warnings for all init_creds APIs diff --git a/Document-k-option-in-kvno-1-synopsis.patch b/Document-k-option-in-kvno-1-synopsis.patch new file mode 100644 index 0000000..21f8100 --- /dev/null +++ b/Document-k-option-in-kvno-1-synopsis.patch @@ -0,0 +1,38 @@ +From 588d964f59356373353dfd31d4fdcba95e508385 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 24 Nov 2020 12:52:02 -0500 +Subject: [PATCH] Document -k option in kvno(1) synopsis + +becd1ad6830b526d08ddaf5b2b6f213154c6446c attempted to unify the +synopsis, option descriptions, and xusage(), but missed one option. + +(cherry picked from commit d81e76d9ddab9e880bcf54eabf07119af91d28c7) +--- + doc/user/user_commands/kvno.rst | 1 + + src/man/kvno.man | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst +index 6fd8577a5..1e273e26e 100644 +--- a/doc/user/user_commands/kvno.rst ++++ b/doc/user/user_commands/kvno.rst +@@ -9,6 +9,7 @@ SYNOPSIS + **kvno** + [**-c** *ccache*] + [**-e** *etype*] ++[**-k** *keytab*] + [**-q**] + [**-u** | **-S** *sname*] + [**-P**] +diff --git a/src/man/kvno.man b/src/man/kvno.man +index 7c9565bdb..dc9847e99 100644 +--- a/src/man/kvno.man ++++ b/src/man/kvno.man +@@ -35,6 +35,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] + \fBkvno\fP + [\fB\-c\fP \fIccache\fP] + [\fB\-e\fP \fIetype\fP] ++[\fB\-k\fP \fIkeytab\fP] + [\fB\-q\fP] + [\fB\-u\fP | \fB\-S\fP \fIsname\fP] + [\fB\-P\fP] diff --git a/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch index 90bbcab..ad0dd7a 100644 --- a/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch +++ b/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch @@ -1,4 +1,4 @@ -From 4b2176eaad00630890abe4b458cbc31f05b2b9c0 Mon Sep 17 00:00:00 2001 +From 5106d0b7ea10d1faa21f6dfb542a46eb74e78d40 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 24 Jul 2020 16:05:24 -0400 Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support diff --git a/Fix-minor-static-analysis-defects.patch b/Fix-minor-static-analysis-defects.patch index b94b48c..c136b7f 100644 --- a/Fix-minor-static-analysis-defects.patch +++ b/Fix-minor-static-analysis-defects.patch @@ -1,4 +1,4 @@ -From 0de060366a1b75df47189f5cc0a7a92685cbe1d7 Mon Sep 17 00:00:00 2001 +From a33dc1cfb0ebecb67cc7f38258303492a552cb73 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 15 Oct 2020 18:15:29 -0400 Subject: [PATCH] Fix minor static analysis defects diff --git a/Fix-typo-in-in-in-the-ksu-man-page.patch b/Fix-typo-in-in-in-the-ksu-man-page.patch index a6c1f5c..922aa29 100644 --- a/Fix-typo-in-in-in-the-ksu-man-page.patch +++ b/Fix-typo-in-in-in-the-ksu-man-page.patch @@ -1,4 +1,4 @@ -From 5399eaea6c5e00c4e96fa5507aa50dd643337194 Mon Sep 17 00:00:00 2001 +From 5952a06a594c4dc0f20f7ba2854b25f76734aa27 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 May 2020 15:01:18 -0400 Subject: [PATCH] Fix typo ("in in") in the ksu man page diff --git a/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch index 01edf16..aaab2d3 100644 --- a/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch +++ b/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch @@ -1,4 +1,4 @@ -From 6931f8ed0fd8c9f634e1e48f1e8926022610fc3f Mon Sep 17 00:00:00 2001 +From cc572c5b6f8a3269c24c0f21f5799e60014635fb Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 15 Jul 2020 15:42:20 -0400 Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts() diff --git a/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch index d93a3f8..b5180b2 100644 --- a/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch +++ b/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch @@ -1,4 +1,4 @@ -From 40093f65c58ab78a050860ce41560595aa8ecf7e Mon Sep 17 00:00:00 2001 +From e0a702b6e5f0665cca88723f7b17ff90ea218e45 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 5 Jul 2017 11:38:30 -0400 Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG diff --git a/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/Implement-KERB_AP_OPTIONS_CBT-server-side.patch index a43ae8b..458901d 100644 --- a/Implement-KERB_AP_OPTIONS_CBT-server-side.patch +++ b/Implement-KERB_AP_OPTIONS_CBT-server-side.patch @@ -1,4 +1,4 @@ -From 2250babfa6fc6590d50fc9c9beb267ba280ff685 Mon Sep 17 00:00:00 2001 +From 323329d9033f32f49266921910124fe4f2a9124c Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Mon, 9 Mar 2020 16:04:21 +0100 Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side) diff --git a/Improve-KDC-alias-checking-for-S4U-requests.patch b/Improve-KDC-alias-checking-for-S4U-requests.patch index 76b0bf9..69745de 100644 --- a/Improve-KDC-alias-checking-for-S4U-requests.patch +++ b/Improve-KDC-alias-checking-for-S4U-requests.patch @@ -1,4 +1,4 @@ -From dc03b33af17f2014baaa29412a1787cbcb140a62 Mon Sep 17 00:00:00 2001 +From d80afa1396c3a6605338e4eaaf5bc44f8ad3eacc Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 4 Sep 2020 14:05:50 +0300 Subject: [PATCH] Improve KDC alias checking for S4U requests diff --git a/Improve-negoex_parse_token-code-hygiene.patch b/Improve-negoex_parse_token-code-hygiene.patch index ef9bf2b..d2b94aa 100644 --- a/Improve-negoex_parse_token-code-hygiene.patch +++ b/Improve-negoex_parse_token-code-hygiene.patch @@ -1,4 +1,4 @@ -From d604359e2f0bce65f08d0d805e0795e29287109c Mon Sep 17 00:00:00 2001 +From 9596a341d99e3af1438ad215ed0fb5496cb59ff0 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 9 Jun 2020 16:23:37 -0400 Subject: [PATCH] Improve negoex_parse_token() code hygiene diff --git a/Install-shared-libraries-as-executable.patch b/Install-shared-libraries-as-executable.patch new file mode 100644 index 0000000..b8adf3d --- /dev/null +++ b/Install-shared-libraries-as-executable.patch @@ -0,0 +1,42 @@ +From b3c6667d7f98cf0347642c7927618fd40cd6f904 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:45:26 -0400 +Subject: [PATCH] Install shared libraries as executable + +RPM expects this behavior, and systems with contrary policies (like +Debian) address permissions at the packaging layer. Most other build +systems appear to install shared libraries as executable. + +[ghudson@mit.edu: edited commit message] + +ticket: 8965 (new) +(cherry picked from commit 1bc5f76d2e7013b8771e3bd9960c82642ba0b467) +--- + src/config/shlib.conf | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/config/shlib.conf b/src/config/shlib.conf +index 3e4af6c02..75b7cc3af 100644 +--- a/src/config/shlib.conf ++++ b/src/config/shlib.conf +@@ -22,8 +22,10 @@ SHLIBVEXT=.so.v-nobuild + SHLIBSEXT=.so.s-nobuild + # Most systems support profiled libraries. + PFLIBEXT=_p.a +-# Most systems install shared libs as mode 644, etc. while hpux wants 755 +-INSTALL_SHLIB='$(INSTALL_DATA)' ++# Install libraries executable. Some systems (e.g., RPM-based ones) require ++# this for package dependency generation, while others are ambivalent or will ++# strip it during packaging. ++INSTALL_SHLIB='$(INSTALL)' + # Most systems use the same objects for shared libraries and dynamically + # loadable objects. + DYNOBJEXT='$(SHLIBEXT)' +@@ -118,7 +120,6 @@ alpha*-dec-osf*) + # -O +dpv should display any routines eliminated as unused, but -b + # apparently turns that off + *-*-hpux*) +- INSTALL_SHLIB='$(INSTALL)' + case $host_cpu in + hppa*) + SHLIBEXT=.sl diff --git a/Minimize-usage-of-tgs_server-in-KDC.patch b/Minimize-usage-of-tgs_server-in-KDC.patch index 5199395..01608e8 100644 --- a/Minimize-usage-of-tgs_server-in-KDC.patch +++ b/Minimize-usage-of-tgs_server-in-KDC.patch @@ -1,4 +1,4 @@ -From ce60c549887a7732a6079d6e7111eb645f279781 Mon Sep 17 00:00:00 2001 +From 6e82fd67034eef7f99b901f417782a3786a02069 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 25 Sep 2020 11:12:34 -0400 Subject: [PATCH] Minimize usage of tgs_server in KDC diff --git a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch index 782974b..9e25d54 100644 --- a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch +++ b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch @@ -1,4 +1,4 @@ -From a9144f5238b91949f32355f5ab88e2ade734eb06 Mon Sep 17 00:00:00 2001 +From cd99c7829a43074cec8afe5c7021778a5a2ebd31 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 6 May 2020 16:03:13 -0400 Subject: [PATCH] Omit KDC indicator check for S4U2Self requests diff --git a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch index bc4ed52..5fd221e 100644 --- a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch +++ b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch @@ -1,4 +1,4 @@ -From 8fc932c8f75e4332aa7dc6c4862cb881308b6813 Mon Sep 17 00:00:00 2001 +From 6b81d2d9913d91a4cc48d04f123fc71cc1022432 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 6 Jun 2020 11:03:37 +0200 Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum diff --git a/Pass-channel-bindings-through-SPNEGO.patch b/Pass-channel-bindings-through-SPNEGO.patch index e376472..1b3c130 100644 --- a/Pass-channel-bindings-through-SPNEGO.patch +++ b/Pass-channel-bindings-through-SPNEGO.patch @@ -1,4 +1,4 @@ -From 19ef4a378a8fe483e82b1b4f979a7ffcb264325e Mon Sep 17 00:00:00 2001 +From a5588aae21d44f5a6eed4bdfeae992a709b92959 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 28 Apr 2020 18:15:55 +0200 Subject: [PATCH] Pass channel bindings through SPNEGO diff --git a/Pass-gss_localname-through-SPNEGO.patch b/Pass-gss_localname-through-SPNEGO.patch index bbf703c..1aad597 100644 --- a/Pass-gss_localname-through-SPNEGO.patch +++ b/Pass-gss_localname-through-SPNEGO.patch @@ -1,4 +1,4 @@ -From fb89e83451519aed051bb129f3cf9cc34cde702f Mon Sep 17 00:00:00 2001 +From 723f4c746293f064a32961ad77b57f901dd54a67 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 26 Apr 2020 19:55:54 -0400 Subject: [PATCH] Pass gss_localname() through SPNEGO diff --git a/Refactor-KDC-authdata-list-management-helpers.patch b/Refactor-KDC-authdata-list-management-helpers.patch index 495dbda..69ef109 100644 --- a/Refactor-KDC-authdata-list-management-helpers.patch +++ b/Refactor-KDC-authdata-list-management-helpers.patch @@ -1,4 +1,4 @@ -From 00245d789edc6cf6263540d7c9d7ee45bbac58ce Mon Sep 17 00:00:00 2001 +From 17093468190706e241d2a6ef2bb5607be7021640 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 5 Feb 2020 18:46:11 -0500 Subject: [PATCH] Refactor KDC authdata list management helpers diff --git a/Refactor-krb5-GSS-checksum-handling.patch b/Refactor-krb5-GSS-checksum-handling.patch index a0bb217..62f36c3 100644 --- a/Refactor-krb5-GSS-checksum-handling.patch +++ b/Refactor-krb5-GSS-checksum-handling.patch @@ -1,4 +1,4 @@ -From 544c37e2928f2585708e36f77a6b0baa52c3c541 Mon Sep 17 00:00:00 2001 +From 8412a1611290da9705730c9e473a5b122c55e9fd Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 30 Jun 2017 16:03:01 -0400 Subject: [PATCH] Refactor krb5 GSS checksum handling diff --git a/Refresh-manually-acquired-creds-from-client-keytab.patch b/Refresh-manually-acquired-creds-from-client-keytab.patch index dc50194..61e1fa4 100644 --- a/Refresh-manually-acquired-creds-from-client-keytab.patch +++ b/Refresh-manually-acquired-creds-from-client-keytab.patch @@ -1,4 +1,4 @@ -From e1762f16fe4d900903c5395cc3268f9b78835100 Mon Sep 17 00:00:00 2001 +From 43fe1f948059ad79d95dbf41f2206de65238d892 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 26 Feb 2020 18:27:17 -0500 Subject: [PATCH] Refresh manually acquired creds from client keytab diff --git a/Remove-resolver-test-utility.patch b/Remove-resolver-test-utility.patch index e765069..77fea7a 100644 --- a/Remove-resolver-test-utility.patch +++ b/Remove-resolver-test-utility.patch @@ -1,4 +1,4 @@ -From 8a2cd84c047ef7500dc8149ed6ace8e9fa631cad Mon Sep 17 00:00:00 2001 +From 6d2dbd0378c92ea13363f2536ab0062bdfda076e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 28 May 2020 18:41:02 -0400 Subject: [PATCH] Remove resolver test utility diff --git a/Replace-gssrpc-tests-with-a-Python-script.patch b/Replace-gssrpc-tests-with-a-Python-script.patch index fc8fe87..3481a87 100644 --- a/Replace-gssrpc-tests-with-a-Python-script.patch +++ b/Replace-gssrpc-tests-with-a-Python-script.patch @@ -1,4 +1,4 @@ -From e2ad633616a3f4db91bbd332d778df93e4bdb652 Mon Sep 17 00:00:00 2001 +From 1de586b414104a447a50ffb6f81c2f57ed3d3a34 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 15 Feb 2020 20:34:23 -0500 Subject: [PATCH] Replace gssrpc tests with a Python script diff --git a/Use-two-queues-for-concurrent-t_otp.py-daemons.patch b/Use-two-queues-for-concurrent-t_otp.py-daemons.patch index 88c2364..80093f3 100644 --- a/Use-two-queues-for-concurrent-t_otp.py-daemons.patch +++ b/Use-two-queues-for-concurrent-t_otp.py-daemons.patch @@ -1,4 +1,4 @@ -From e12c670bceb08413f797ecd643675a4a80dac824 Mon Sep 17 00:00:00 2001 +From 35d041e432ea6d4611b232cc9bb72a36552eda27 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 4 Mar 2020 17:18:51 -0500 Subject: [PATCH] Use two queues for concurrent t_otp.py daemons diff --git a/downstream-Adjust-build-configuration.patch b/downstream-Adjust-build-configuration.patch deleted file mode 100644 index 62000c1..0000000 --- a/downstream-Adjust-build-configuration.patch +++ /dev/null @@ -1,72 +0,0 @@ -From c06693e5a17daf0fd585e608e8bfd1eb3eef447c Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:45:26 -0400 -Subject: [PATCH] [downstream] Adjust build configuration - -Build binaries in this package as RELRO PIEs, libraries as partial RELRO, -and install shared libraries with the execute bit set on them. Prune out -the -L/usr/lib* and PIE flags where they might leak out and affect -apps which just want to link with the libraries. FIXME: needs to check and -not just assume that the compiler supports using these flags. - -Last-updated: krb5-1.15-beta1 ---- - src/build-tools/krb5-config.in | 7 +++++++ - src/config/pre.in | 2 +- - src/config/shlib.conf | 5 +++-- - 3 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index c17cb5eb5..1891dea99 100755 ---- a/src/build-tools/krb5-config.in -+++ b/src/build-tools/krb5-config.in -@@ -226,6 +226,13 @@ if test -n "$do_libs"; then - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ - -e 's#\$(CFLAGS)##'` - -+ if test `dirname $libdir` = /usr ; then -+ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` -+ fi -+ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"` -+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"` -+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"` -+ - if test $library = 'kdb'; then - lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" - library=krb5 -diff --git a/src/config/pre.in b/src/config/pre.in -index 917357df9..a8540ae2a 100644 ---- a/src/config/pre.in -+++ b/src/config/pre.in -@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) - INSTALL_SCRIPT=@INSTALL_PROGRAM@ - INSTALL_DATA=@INSTALL_DATA@ - INSTALL_SHLIB=@INSTALL_SHLIB@ --INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root -+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 - ## This is needed because autoconf will sometimes define @exec_prefix@ to be - ## ${prefix}. - prefix=@prefix@ -diff --git a/src/config/shlib.conf b/src/config/shlib.conf -index 3e4af6c02..2b20c3fda 100644 ---- a/src/config/shlib.conf -+++ b/src/config/shlib.conf -@@ -423,7 +423,7 @@ mips-*-netbsd*) - # Linux ld doesn't default to stuffing the SONAME field... - # Use objdump -x to examine the fields of the library - # UNDEF_CHECK is suppressed by --enable-asan -- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)' -+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro -Wl,--warn-shared-textrel' - UNDEF_CHECK='-Wl,--no-undefined' - # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode. - LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)' -@@ -435,7 +435,8 @@ mips-*-netbsd*) - SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - PROFFLAGS=-pg - PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' -- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' -+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)' -+ INSTALL_SHLIB='${INSTALL} -m755' - CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' - CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index 310e1ac..3d0cd46 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From a983f32cfd2ec3f0571db347426835e8fc7c8464 Mon Sep 17 00:00:00 2001 +From 3a83d2b4c2a3eea5dde8de883ee9b41630a6a487 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index e060f4e..ae4124f 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -1,4 +1,4 @@ -From 603a735ba52b50541520e53b031be47817de2fd5 Mon Sep 17 00:00:00 2001 +From 0ef71d2bef3efcb38b20fc8b3050944286ada726 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch index 2e41026..149bb0a 100644 --- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch +++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch @@ -1,4 +1,4 @@ -From b1eeb9caf1e1fec23d92f163086ec168fbaf74e5 Mon Sep 17 00:00:00 2001 +From a89e833a2ae26197a0edf864bb9274d776003c60 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch index 7600f5d..13072cf 100644 --- a/downstream-fix-debuginfo-with-y.tab.c.patch +++ b/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,4 +1,4 @@ -From 126569bf428c546b938b9fec5b12851f09d61c94 Mon Sep 17 00:00:00 2001 +From 0f98db9b00fa2ce685f841db18fff641f8eaa904 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch index 156870b..682e3df 100644 --- a/downstream-netlib-and-dns.patch +++ b/downstream-netlib-and-dns.patch @@ -1,4 +1,4 @@ -From 23bce0aef64454bf808b9885967b04abafcf7917 Mon Sep 17 00:00:00 2001 +From 29f58a8059cb73ca586514b57458b2b17e091f36 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] [downstream] netlib and dns diff --git a/krb5.spec b/krb5.spec index 8372f70..2248930 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.3 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 2%{?dist} +Release: 4%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -41,7 +41,6 @@ Source39: krb5-krb5kdc.conf Patch0: downstream-ksu-pam-integration.patch Patch1: downstream-SELinux-integration.patch -Patch2: downstream-Adjust-build-configuration.patch Patch3: downstream-netlib-and-dns.patch Patch4: downstream-fix-debuginfo-with-y.tab.c.patch Patch5: downstream-Remove-3des-support.patch @@ -77,6 +76,8 @@ Patch42: Refactor-KDC-authdata-list-management-helpers.patch Patch43: Avoid-passing-DB-entry-structures-in-KDC.patch Patch44: Minimize-usage-of-tgs_server-in-KDC.patch Patch45: Fix-minor-static-analysis-defects.patch +Patch46: Install-shared-libraries-as-executable.patch +Patch47: Document-k-option-in-kvno-1-synopsis.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -627,6 +628,12 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Nov 24 2020 Robbie Harwood - 1.18.3-4 +- Document -k option in kvno(1) synopsis + +* Fri Nov 20 2020 Robbie Harwood - 1.18.3-3 +- Upstream executable shared libraries patch + * Wed Nov 18 2020 Robbie Harwood - 1.18.3-2 - Fix build failure in -1