diff --git a/.gitignore b/.gitignore index c686550..591c859 100644 --- a/.gitignore +++ b/.gitignore @@ -193,3 +193,5 @@ krb5-1.8.3-pdf.tar.gz /krb5-1.19-beta1.tar.gz.asc /krb5-1.19-beta2.tar.gz /krb5-1.19-beta2.tar.gz.asc +/krb5-1.19.tar.gz +/krb5-1.19.tar.gz.asc diff --git a/Add-APIs-for-marshalling-credentials.patch b/Add-APIs-for-marshalling-credentials.patch index 39b3455..4c963d3 100644 --- a/Add-APIs-for-marshalling-credentials.patch +++ b/Add-APIs-for-marshalling-credentials.patch @@ -1,4 +1,4 @@ -From fd3ffdf173173e08abfe9ba78922f63723541c54 Mon Sep 17 00:00:00 2001 +From 057b45609fa457f2247df93b163f31723fd18077 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 14 Jan 2021 18:13:09 -0500 Subject: [PATCH] Add APIs for marshalling credentials diff --git a/Add-hostname-canonicalization-helper-to-k5test.py.patch b/Add-hostname-canonicalization-helper-to-k5test.py.patch index 93d3963..83697cd 100644 --- a/Add-hostname-canonicalization-helper-to-k5test.py.patch +++ b/Add-hostname-canonicalization-helper-to-k5test.py.patch @@ -1,4 +1,4 @@ -From 3204462c480484845513f2d7f323e367efde62cd Mon Sep 17 00:00:00 2001 +From 1d7b365e670f19beae319fde2abf1de0601a2a34 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 14:43:34 -0500 Subject: [PATCH] Add hostname canonicalization helper to k5test.py diff --git a/Support-host-based-GSS-initiator-names.patch b/Support-host-based-GSS-initiator-names.patch index f04609f..a9ca98d 100644 --- a/Support-host-based-GSS-initiator-names.patch +++ b/Support-host-based-GSS-initiator-names.patch @@ -1,4 +1,4 @@ -From 067e3a509442d81d1a31dd4bcbcc190f55369cc9 Mon Sep 17 00:00:00 2001 +From c1df10d60512e1697ef18b343c237c6a96baf62c Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jan 2021 13:51:34 -0500 Subject: [PATCH] Support host-based GSS initiator names diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index 8ca2534..ed61cf0 100644 --- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,4 +1,4 @@ -From 836fdca1ac4bb58498551e1afe8ca6e55d41902d Mon Sep 17 00:00:00 2001 +From b57c3a8fbeb0e83c9faa63ac49c5ed58971aa934 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index 046a1be..efb79d0 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -1,4 +1,4 @@ -From 329c97793a3e96e79f618bc54914ec89a9e99828 Mon Sep 17 00:00:00 2001 +From 5ff60c965583977ee4a4f98555973f9920fc79cd Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support diff --git a/downstream-SELinux-integration.patch b/downstream-SELinux-integration.patch index 7c134eb..d68bd92 100644 --- a/downstream-SELinux-integration.patch +++ b/downstream-SELinux-integration.patch @@ -1,4 +1,4 @@ -From 1de6ec4cb5b2a1b7b88680ae0f72551a3b5178e6 Mon Sep 17 00:00:00 2001 +From 99e57d4cbf0eb060162b7038d6e7b202d2716784 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:30:53 -0400 Subject: [PATCH] [downstream] SELinux integration diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch index cb35de1..9ba0821 100644 --- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch +++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch @@ -1,4 +1,4 @@ -From 120e84b63c322c227fb8c6ee8a2f56f47d3e57f5 Mon Sep 17 00:00:00 2001 +From 387ae61e2b6384eba692e777cc1bcc3d34bfa8c6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch index 96c21ac..d40aef7 100644 --- a/downstream-fix-debuginfo-with-y.tab.c.patch +++ b/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,4 +1,4 @@ -From db57bb9939da544af242c054d10e69a022558b4e Mon Sep 17 00:00:00 2001 +From 83899829c5e26b98f0c9d124d1e56e7b84c75c02 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 Subject: [PATCH] [downstream] fix debuginfo with y.tab.c diff --git a/downstream-ksu-pam-integration.patch b/downstream-ksu-pam-integration.patch index 15b9b35..7da5ccf 100644 --- a/downstream-ksu-pam-integration.patch +++ b/downstream-ksu-pam-integration.patch @@ -1,4 +1,4 @@ -From 25f948637140fb6aade80f99d9e7e096250135cd Mon Sep 17 00:00:00 2001 +From 07d19a2c4f369a7a524c919c5a453e702967b530 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:29:58 -0400 Subject: [PATCH] [downstream] ksu pam integration diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch index 4141da9..7b17912 100644 --- a/downstream-netlib-and-dns.patch +++ b/downstream-netlib-and-dns.patch @@ -1,4 +1,4 @@ -From 26a01204b4cb424e6f9cf4190f7290b0665f6f74 Mon Sep 17 00:00:00 2001 +From ea8156d348a533cc4418903ee351121366872c17 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] [downstream] netlib and dns diff --git a/krb5.spec b/krb5.spec index 8994c9c..f61e44a 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,3 +1,27 @@ +%bcond_without check +%if %{without check} +%global skipcheck 1 +%endif + +# COPR doesn't work right with the tests. I suspect keyring issues, +# but can't actually debug, so... +%if 0%{?copr_username:1} +%global skipcheck 1 +%endif + +# There are 0 test machines for this architecture, very few builders, and +# they're not very well provisioned / maintained. I can't support it. +# Patches welcome, but there's nothing I can do - it fails more than half the +# for "infrastructure issues" that I can't hope to debug. +%ifarch s390x +%global skipcheck 1 +%endif + +# RHEL runs upstream's test suite in a separate pass after build. +%if 0%{?rhel} +%global skipcheck 1 +%endif + # Set this so that find-lang.sh will recognize the .po files. %global gettext_domain mit-krb5 # Guess where the -libs subpackage's docs are going to go. @@ -6,8 +30,7 @@ %global configure_default_ccache_name 1 %global configured_default_ccache_name KEYRING:persistent:%%{uid} -# either beta1 or % { nil } -%global prerelease beta2 +# for prereleases, % global prerelease beta1 %if %{defined prerelease} %global dashpre -%{prerelease} %global zdpd 0.%{prerelease}. @@ -19,7 +42,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.19 -Release: %{?zdpd}5%{?dist} +Release: %{?zdpd}2%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz @@ -185,7 +208,7 @@ contains only the libkadm5clnt and libkadm5serv shared objects. This interface is not considered stable. %prep -%autosetup -S git -n %{name}-%{version}%{?dashpre} +%autosetup -S git_am -n %{name}-%{version}%{?dashpre} ln NOTICE LICENSE # Generate an FDS-compatible LDIF file. @@ -228,6 +251,9 @@ sed -i -e s,7778,`expr "$PORT" + 1`,g $cfg source %{_libdir}/tclConfig.sh pushd src +# This should be safe to remove once we have autoconf >= 2.70 +export runstatedir=/run + # Work out the CFLAGS and CPPFLAGS which we intend to use. INCLUDES=-I%{_includedir}/et CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC -fno-strict-aliasing -fstack-protector-all`" @@ -258,8 +284,8 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`" --with-prng-alg=os \ --with-lmdb \ || (cat config.log; exit 1) -# Now build it. -make +# Build fast, but get better errors if we fail +make %{?_smp_mflags} || make -j1 popd # Sanity check the KDC_RUN_DIR. @@ -278,26 +304,14 @@ sphinx-build -a -b man -t pathsubs doc build-man sphinx-build -a -b html -t pathsubs doc build-html rm -fr build-html/_sources -%check - -# There are 0 test machines for this architecture, very few builders, and -# they're not very well provisioned / maintained. I can't support it. -# Patches welcome, but there's nothing I can do - it fails more than half the -# time for no discernable reason. -%ifnarch s390x -pushd src - -# ugh. COPR doesn't work right with the tests. I suspect keyring issues, but -# can't actually debug, so... -%if 0%{?copr_username:1} -%global keyctl : +%if 0%{?skipcheck} %else -%global keyctl keyctl -%endif +%check +pushd src # The build system may give us a revoked session keyring, so run affected # tests with a new one. -%{keyctl} session - make check OFFLINE=yes TMPDIR=%{_tmppath} +keyctl session - make check OFFLINE=yes TMPDIR=%{_tmppath} popd %endif @@ -613,7 +627,13 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog -* Thu Jan 28 2021 Robbie Harwood - 1.19-5 +* Fri Feb 05 2021 Robbie Harwood - 1.19-2 +- No code change; just coping with reverted autoconf + +* Tue Feb 02 2021 Robbie Harwood - 1.19-1 +- New upstream version (1.19) + +* Thu Jan 28 2021 Robbie Harwood - 1.19-0.beta2.5 - Support host-based GSS initiator names * Thu Jan 28 2021 Robbie Harwood - 1.19-0.beta2.4 diff --git a/sources b/sources index 5daa433..dec9e28 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (krb5-1.19-beta2.tar.gz) = 2864a40c44575a9482d33165bc39e76f6bb476bdcc5bc87c9864f562925638118a236a788da870567d0f83df9aacb5f79145993f38f95cec1fa5b080f2561169 -SHA512 (krb5-1.19-beta2.tar.gz.asc) = fd17198c934907811abebd47b70f6c30e68aa5800f6dde90568241db1413da34557c689af66757e47d94e08d261573f0b1ee56929947f6dcc9fcbb9dcdd2e903 +SHA512 (krb5-1.19.tar.gz) = 99d4e75ff69bffc85698177b48ca430a7a9f077c3b6c4a422ed410b264f9a762a97db5d7e0764812e2530975f1c6c12031a5dabea1154bc01a26470e3ea960a9 +SHA512 (krb5-1.19.tar.gz.asc) = b5ee91d91f4fd727cdc61502753d679e9a87361b4c6f5db377ddf9fa1ae42447b8f46fc1c271e2253e88fb96a84fda88393003195076c16eb90506c1d7df731e