From e9fb111a119250ea761f3f3a3059cca72bd71d76 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 4 May 2021 15:02:53 -0400 Subject: [PATCH] Suppress static analyzer warning in FIPS override --- Add-APIs-for-marshalling-credentials.patch | 2 +- ...hostname-canonicalization-helper-to-k5test.py.patch | 2 +- Support-host-based-GSS-initiator-names.patch | 2 +- downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch | 10 ++++++---- krb5.spec | 5 ++++- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Add-APIs-for-marshalling-credentials.patch b/Add-APIs-for-marshalling-credentials.patch index 105f358..da613e9 100644 --- a/Add-APIs-for-marshalling-credentials.patch +++ b/Add-APIs-for-marshalling-credentials.patch @@ -1,4 +1,4 @@ -From 4505316756e42db02b6dabe0a6b075fe52852371 Mon Sep 17 00:00:00 2001 +From c1fe1c8fa3df7f50c7e28d52263d0d24afb4b3a1 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 Jan 2021 18:13:09 -0500 Subject: [PATCH] Add APIs for marshalling credentials diff --git a/Add-hostname-canonicalization-helper-to-k5test.py.patch b/Add-hostname-canonicalization-helper-to-k5test.py.patch index 501984f..75c3e87 100644 --- a/Add-hostname-canonicalization-helper-to-k5test.py.patch +++ b/Add-hostname-canonicalization-helper-to-k5test.py.patch @@ -1,4 +1,4 @@ -From d898d94cef8e1a8772a91cd3a62255c33f109636 Mon Sep 17 00:00:00 2001 +From 3e78bc5d48513fe38f3bc4228b12abcdc0733ee2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 14:43:34 -0500 Subject: [PATCH] Add hostname canonicalization helper to k5test.py diff --git a/Support-host-based-GSS-initiator-names.patch b/Support-host-based-GSS-initiator-names.patch index ebcae16..25b074f 100644 --- a/Support-host-based-GSS-initiator-names.patch +++ b/Support-host-based-GSS-initiator-names.patch @@ -1,4 +1,4 @@ -From 8c57937f3ca793fe3f8fdd636be0bc11c24069bc Mon Sep 17 00:00:00 2001 +From 3133e5e24e94bf060e23a4d97cbdf74e934d010f Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 13:51:34 -0500 Subject: [PATCH] Support host-based GSS initiator names diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index 047a59e..d48b1cd 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From 4a62aeae7b747cd289548949f940525365fe0947 Mon Sep 17 00:00:00 2001 +From 852e9efad17e3ef6ea54f91044a279bb34020ecf Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 @@ -19,6 +19,8 @@ post6 restores MD4 (and therefore keygen-only RC4). post7 restores MD5 and adds radius_md5_fips_override. +post8 silences a static analyzer warning. + Last-updated: krb5-1.17 --- doc/admin/conf_files/krb5_conf.rst | 6 +++ @@ -349,7 +351,7 @@ index 03c613716..d89982a13 100644 return retval; diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h -index 0143d155a..223ffd730 100644 +index 0143d155a..57672982f 100644 --- a/src/lib/krad/internal.h +++ b/src/lib/krad/internal.h @@ -39,6 +39,8 @@ @@ -407,8 +409,8 @@ index 0143d155a..223ffd730 100644 + if (!FIPS_mode()) + return 0; + -+ profile_get_boolean(ctx->profile, "libdefaults", -+ "radius_md5_fips_override", NULL, 0, &val); ++ (void)profile_get_boolean(ctx->profile, "libdefaults", ++ "radius_md5_fips_override", NULL, 0, &val); + return !val; +} + diff --git a/krb5.spec b/krb5.spec index e21080b..c4a407e 100644 --- a/krb5.spec +++ b/krb5.spec @@ -42,7 +42,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.19.1 -Release: %{?zdpd}4%{?dist} +Release: %{?zdpd}5%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz @@ -635,6 +635,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue May 04 2021 Robbie Harwood - 1.19.1-5 +- Suppress static analyzer warning in FIPS override + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 1.19.1-3.1 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583.