Accepting request 873782 from network

OBS-URL: https://build.opensuse.org/request/show/873782 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=151
2021-03-02 13:41:25 +00:00 · 2021-03-02 13:41:25 +00:00 · 6b0dfc7fec
commit 6b0dfc7fec
parent 30c9d7c831 eb5c874150
9 changed files with 136 additions and 42 deletions
--- a/0001-ksu-pam-integration.patch
+++ b/0001-ksu-pam-integration.patch
@ -1,4 +1,4 @@
-From ff26447c1edc29bf69672f1a55f8bb1c3f20f582 Mon Sep 17 00:00:00 2001
+From cb49731c07ee57f64bd5a93a182446bc834b9057 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 23 Aug 2016 16:29:58 -0400
 Subject: [PATCH 1/8] ksu pam integration
@ -30,10 +30,10 @@ Last-updated: krb5-1.18-beta1
 create mode 100644 src/clients/ksu/pam.h
 diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 2394f7e33..53f8b6fb7 100644
+index 024d6370c..43eed3b87 100644
 --- a/src/aclocal.m4
 +++ b/src/aclocal.m4
-@@ -1675,3 +1675,71 @@ if test "$with_ldap" = yes; then
+@@ -1677,3 +1677,71 @@ if test "$with_ldap" = yes; then
   OPENLDAP_PLUGIN=yes
 fi
 ])dnl
@ -144,11 +144,11 @@ index 8b4edce4d..9d58f29b5 100644
 clean:
 	$(RM) ksu
 diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
-index 4f03dd8ed..21a4d02bb 100644
+index af1286172..931f05404 100644
 --- a/src/clients/ksu/main.c
 +++ b/src/clients/ksu/main.c
@@ -26,6 +26,7 @@
-  * KSU was writen by:  Ari Medvinsky, ari@isi.edu
+  * KSU was written by:  Ari Medvinsky, ari@isi.edu
  */
 +#include "autoconf.h"
@ -174,7 +174,7 @@ index 4f03dd8ed..21a4d02bb 100644
 /***********/
 #define KS_TEMPORARY_CACHE "MEMORY:_ksu"
-@@ -535,6 +541,23 @@ main (argc, argv)
+@@ -536,6 +542,23 @@ main (argc, argv)
                prog_name,target_user,client_name,
                source_user,ontty());
@ -198,7 +198,7 @@ index 4f03dd8ed..21a4d02bb 100644
         /* Run authorization as target.*/
         if (krb5_seteuid(target_uid)) {
             com_err(prog_name, errno, _("while switching to target for "
-@@ -595,6 +618,24 @@ main (argc, argv)
+@@ -596,6 +619,24 @@ main (argc, argv)
             exit(1);
         }
@ -223,7 +223,7 @@ index 4f03dd8ed..21a4d02bb 100644
     }
     if( some_rest_copy){
-@@ -652,6 +693,30 @@ main (argc, argv)
+@@ -653,6 +694,30 @@ main (argc, argv)
         exit(1);
     }
@ -254,7 +254,7 @@ index 4f03dd8ed..21a4d02bb 100644
     /* set permissions */
     if (setgid(target_pwd->pw_gid) < 0) {
         perror("ksu: setgid");
-@@ -749,7 +814,7 @@ main (argc, argv)
+@@ -750,7 +815,7 @@ main (argc, argv)
         fprintf(stderr, "program to be execed %s\n",params[0]);
     }
@ -263,7 +263,7 @@ index 4f03dd8ed..21a4d02bb 100644
         execv(params[0], params);
         com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
         sweep_up(ksu_context, cc_target);
-@@ -779,16 +844,35 @@ main (argc, argv)
+@@ -780,16 +845,35 @@ main (argc, argv)
             if (ret_pid == -1) {
                 com_err(prog_name, errno, _("while calling waitpid"));
             }
@ -759,10 +759,10 @@ index 000000000..d45b9fd84
 +void appl_pam_cleanup(void);
 +#endif
 diff --git a/src/configure.ac b/src/configure.ac
-index 234f4281c..d1f576124 100644
+index 4eb080784..693f76a81 100644
 --- a/src/configure.ac
 +++ b/src/configure.ac
-@@ -1390,6 +1390,8 @@ AC_SUBST([VERTO_VERSION])
+@@ -1389,6 +1389,8 @@ AC_SUBST([VERTO_VERSION])
 AC_PATH_PROG(GROFF, groff)
@ -772,5 +772,5 @@ index 234f4281c..d1f576124 100644
 if test "${localedir+set}" != set; then
     localedir='$(datadir)/locale'
 -- 
-2.25.0
+2.30.0
--- a/krb5-1.18.3.tar.gz
+++ b/krb5-1.18.3.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719
 size 8715312
--- a/krb5-1.18.3.tar.gz.asc
+++ b/krb5-1.18.3.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAl+0QQcACgkQDLoIV1+D
 ct8i0RAAtxhG66nmOSgL5xQ+kuTd1Gnq4GZjlAaAFKwU7xQX9wGctJNw5wThT+Ot
 X8CtUXAUqZKO1odWsdiDRUV++C3ppTZdHLzo2UUzp0YbjSsMf2e/ZLolEwthJkQt
 4eaqsUWTNHcePKlS9zsXdEUNRrjhzjDWS93Ppp1bLH1zQrUaPOEtLjkxY7r2yBgX
 SsJIe6/W9sv0WlndWhQBfPfCE5wQmIbYDDHxCrWabnLwzsLM4HCJSnEC02oMZIAS
 UiijoubyZS0UJ97EKzJLOgUr7B8h8cUmPru99FUvQfkWsTTLqt1yD5wHji8BiRU4
 Wh1z4y/E75E6GQybf97LY+x5czJbMycszteju6s/C9QHHeUoIgfpkVkoBBy4KufQ
 t4fbzR7o5W1l1mdJ0s6IBwO0O97LTW2qQ7fLhIleB9jF+c1DEowBE4/Naq/NGkn5
 zMagwYcU583mUtk4boR6boLzsym0841+w14DN9hDBJ1fmI8OpKy5DE90aWSg/7qo
 98J0H4gq0IZTd00QymDI8JQ97NF9mmaF+tKg1PCF77EP12nk1OnJ/X9etvNy+V8L
 gWV6IAgJr8q1qLWh3FopCghI9sBDQBbM/cdgv/5jCTVKyH9zUzkw00K+Nvk26mFg
 e3x3fN1soV6rEkZmtVM+e5l0NiIR1/0A2cX/SYJ8f+kB6XgW11Y=
 =bdBU
 -----END PGP SIGNATURE-----
--- a/krb5-1.19.1.tar.gz
+++ b/krb5-1.19.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:fa16f87eb7e3ec3586143c800d7eaff98b5e0dcdf0772af7d98612e49dbeb20b
 size 8738142
--- a/krb5-1.19.1.tar.gz.asc
+++ b/krb5-1.19.1.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmAuntAACgkQDLoIV1+D
 ct8TIhAArFittFBcz4ZfMxqhHVGdK6kOeQXrrV27d3FW6y28BvS7yHJ8CkyK+I3g
 4rsaaf7srkH8jaiCjmjHC2rWJIuceOwkD4GRqXtb2CiqKxXI9eZ+g9ipB7DGKixg
 +1nki7mOhd3oaeUkCRFXgyiOqSE/ird7/itLYzEoAroLpTazNp6Kk4gXmhJIENlq
 dj1God+JxhuwzzWZRdsy2SyvMQPQMOTIilsXRboObZFvPrhZKkJmgNm+RzU/YRSg
 /1Po7takBXq8qhgnwPHTnTPb+BYRdrqQc/a2WcmEdgbzeMpijNmkFsgAFeKDijSz
 1nmFO4SQd/rAfgUovkDd+GMAYZ6DCLFqoI/WeKOgCrRMxJMMRbLlr48bTvMwjuIl
 xE5gy8h2Iju/UP1lxz8KheCm/FyNzNw4pe74zbGgK5fdiEQ8xNlKZOs9LRrtvyfL
 j1G+IX6cK+5yTo/NceYjnHVAatbuW6C6xJmsIQ1GYdMPvto7Wctq/4/BmwxqgFAJ
 HCPuQgAGi875JpPYvi/c3tioRiIPwOz54CXCrcFyKELvgHi6lGN6MRNSzAP4QdA0
 HlXZQ4/4NFOJxjLGu9ZXKUbYPaGizhI+ayzg5/RJLHPIgW7yLvwFqkBIa1xs26bA
 xiP5JKuDC4mqDPwVjwpufkUBH6SoBFnbiIWEYSKVPLJFw+Dbhv0=
 =PP6r
 -----END PGP SIGNATURE-----
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,50 @@
 -------------------------------------------------------------------
 Fri Feb 19 12:10:25 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
 - Update to 1.19.1
  * Fix a linking issue with Samba.
  * Better support multiple pkinit_identities values by checking whether
    certificates can be loaded for each value.
 -------------------------------------------------------------------
 Fri Feb  5 10:36:51 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
 - Update to 1.19
  Administrator experience
    * When a client keytab is present, the GSSAPI krb5 mech will refresh
      credentials even if the current credentials were acquired manually.
    * It is now harder to accidentally delete the K/M entry from a KDB.
  Developer experience
    * gss_acquire_cred_from() now supports the "password" and "verify"
      options, allowing credentials to be acquired via password and
      verified using a keytab key.
    * When an application accepts a GSS security context, the new
      GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
      both provided matching channel bindings.
    * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
      to identify the desired client principal by certificate.
    * PKINIT certauth modules can now cause the hw-authent flag to be set
      in issued tickets.
    * The krb5_init_creds_step() API will now issue the same password
      expiration warnings as krb5_get_init_creds_password().
  Protocol evolution
    * Added client and KDC support for Microsoft's Resource-Based Constrained
      Delegation, which allows cross-realm S4U2Proxy requests. A third-party
      database module is required for KDC support.
    * kadmin/admin is now the preferred server principal name for kadmin
      connections, and the host-based form is no longer created by default.
      The client will still try the host-based form as a fallback.
    * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
      extension, which causes channel bindings to be required for the
      initiator if the acceptor provided them. The client will send this
      option if the client_aware_gss_bindings profile option is set.
  User experience
    * kinit will now issue a warning if the des3-cbc-sha1 encryption type is
      used in the reply. This encryption type will be deprecated and removed
      in future releases.
    * Added kvno flags --out-cache, --no-store, and --cached-only
      (inspired by Heimdal's kgetcred).
 -------------------------------------------------------------------
 Thu Nov 19 09:30:13 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -1,7 +1,7 @@
 #
 # spec file for package krb5-mini
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -24,13 +24,13 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           krb5-mini
-Version:        1.18.3
+Version:        1.19.1
 Release:        0
 Summary:        MIT Kerberos5 implementation and libraries with minimal dependencies
 License:        MIT
-URL:            https://web.mit.edu/kerberos/www/
+URL:            https://kerberos.org/dist/
-Source0:        https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz
+Source0:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz
-Source1:        https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz.asc
+Source1:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc
 Source2:        krb5.keyring
 Source3:        vendor-files.tar.bz2
 Source4:        baselibs.conf
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,50 @@
 -------------------------------------------------------------------
 Fri Feb 19 12:10:25 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
 - Update to 1.19.1
  * Fix a linking issue with Samba.
  * Better support multiple pkinit_identities values by checking whether
    certificates can be loaded for each value.
 -------------------------------------------------------------------
 Fri Feb  5 10:36:51 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
 - Update to 1.19
  Administrator experience
    * When a client keytab is present, the GSSAPI krb5 mech will refresh
      credentials even if the current credentials were acquired manually.
    * It is now harder to accidentally delete the K/M entry from a KDB.
  Developer experience
    * gss_acquire_cred_from() now supports the "password" and "verify"
      options, allowing credentials to be acquired via password and
      verified using a keytab key.
    * When an application accepts a GSS security context, the new
      GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
      both provided matching channel bindings.
    * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
      to identify the desired client principal by certificate.
    * PKINIT certauth modules can now cause the hw-authent flag to be set
      in issued tickets.
    * The krb5_init_creds_step() API will now issue the same password
      expiration warnings as krb5_get_init_creds_password().
  Protocol evolution
    * Added client and KDC support for Microsoft's Resource-Based Constrained
      Delegation, which allows cross-realm S4U2Proxy requests. A third-party
      database module is required for KDC support.
    * kadmin/admin is now the preferred server principal name for kadmin
      connections, and the host-based form is no longer created by default.
      The client will still try the host-based form as a fallback.
    * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
      extension, which causes channel bindings to be required for the
      initiator if the acceptor provided them. The client will send this
      option if the client_aware_gss_bindings profile option is set.
  User experience
    * kinit will now issue a warning if the des3-cbc-sha1 encryption type is
      used in the reply. This encryption type will be deprecated and removed
      in future releases.
    * Added kvno flags --out-cache, --no-store, and --cached-only
      (inspired by Heimdal's kgetcred).
 -------------------------------------------------------------------
 Thu Nov 19 09:30:13 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
--- a/krb5.spec
+++ b/krb5.spec
@ -1,7 +1,7 @@
 #
 # spec file for package krb5
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -21,13 +21,13 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           krb5
-Version:        1.18.3
+Version:        1.19.1
 Release:        0
 Summary:        MIT Kerberos5 implementation
 License:        MIT
-URL:            https://web.mit.edu/kerberos/www/
+URL:            https://kerberos.org/dist/
-Source0:        https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz
+Source0:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz
-Source1:        https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz.asc
+Source1:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc
 Source2:        krb5.keyring
 Source3:        vendor-files.tar.bz2
 Source4:        baselibs.conf