Accepting request 979732 from home:dirkmueller:Factory

- update to 1.20.0:
  * Added a "disable_pac" realm relation to suppress adding PAC authdata
    to tickets, for realms which do not need to support S4U requests.
  * Most credential cache types will use atomic replacement when a cache
    is reinitialized using kinit or refreshed from the client keytab.
  * kprop can now propagate databases with a dump size larger than 4GB,
    if both the client and server are upgraded.
  * kprop can now work over NATs that change the destination IP address,
    if the client is upgraded.
  * Updated the KDB interface.  The sign_authdata() method is replaced
    with the issue_pac() method, allowing KDB modules to add logon info
    and other buffers to the PAC issued by the KDC.
  * Host-based initiator names are better supported in the GSS krb5
    mechanism.
  * Replaced AD-SIGNEDPATH authdata with minimal PACs.
  * To avoid spurious replay errors, password change requests will not
    be attempted over UDP until the attempt over TCP fails.
  * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
  * Updated all code using OpenSSL to be compatible with OpenSSL 3.
  * Reorganized the libk5crypto build system to allow the OpenSSL
    back-end to pull in material from the builtin back-end depending on
    the OpenSSL version.
  * Simplified the PRNG logic to always use the platform PRNG.
  * Converted the remaining Tcl tests to Python.

OBS-URL: https://build.opensuse.org/request/show/979732
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=259

krb5-1.19.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0
-size 8741343

krb5-1.19.3.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmIrr24ACgkQDLoIV1+D
-ct+h+A//W9AfniKl4SAZ5OWmn+B/1ge7U7KWxVdn8yJtUTfKzBujPe6LLCMpsn/F
-+ddq2Powml+lEQHhAJBgGogPJ6Fs+/Y7jmhskz/d2dU1lTWEAoTGxz6fGZnx4kei
-yciPWYnQrvPLdgh2I3rQyt5VDe6pEo5xvFhzEDpQPkXXQGAXVVokcSz5tvoRI8xF
-V/oKIXJ7iSpc/prcrirdC+vKe04E3PmX1Cjd5dAH97gzYGJMsouB3/8/PxzLBb3y
-be4XeLLJA9FwjBeEx68nBal2o3p1Xkq24v3XMI62xqBZDrWtwJ5NkR1GZje2X00H
-SAd1xI6ye+f+6mxje/hen7cqfN53/7l2j3fayoT+35F6OzmiXSf9TKO6P1HElA0t
-qXOm5oMi9GK1mVRwek15pxCcLEFWrUGNGnILFrep4exxIAOPjgyVN1DolK6c3V3t
-yCsRGwhZaN6rNuaHEibVpL4JG+3fEy8Ovb02pqqPP6LXc9/1b+EIAufWTpJtbQSy
-3JvSmzFYHVJjaS+n0vsbMJtDsf+uuYy77liIh0LblId1xpU5pdLd7jy8qZ6jEt/J
-8PX3C5oc4iKq8Z7epd8T3itD3ECPG5g+A7GU8kApAfgpY/GP1rvg1RSaalWRQP+x
-dKY7eMHSHHhBjuC7EdzNIJWo8v311KWogcHkVfzmbx+6HT/iAgM=
-=D86e
------END PGP SIGNATURE-----

krb5-1.20.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7e022bdd3c851830173f9faaa006a230a0e0fdad4c953e85bff4bf0da036e12f
+size 8660756

krb5-1.20.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmKO3iYACgkQDLoIV1+D
+ct/OCxAAvGE7Qi/GMlft3t56wK4FwIwENHJ7cnDJw1tkah94zO3hytphYqvCMSu/
+9OnLOynuI/XEU518avHdk5eqWI0oe2XRLbAfXuXH0Uccyun2kP/H5Smvw2JVxiOO
+O5DhhMXvjB/ifpfK3u12RFSBHEZsxV79eeVAgQV3LPyokceHH3uOeAlMPYAgzmnp
+0drDTYIErmlxhUxGUWvVvckz5wOR8TXt4nKJ2+zixBeOYQu1WZ+WJLlc4nVG4e/I
+3otns5aYPPbPMSDq3BZeaUCYqjxMJ0LgqFRZMJGAAeE9HR3tmxhfUMpAQnQgc/MZ
+6Nf3rrCj5AETZ2CtiTcKoICEa6MDG4CYhGMIW9R+5eQke1Oq+V9NVu3RdaD0R4rq
+snMYk69zF/QhiSOK3ulRm+t8RHAquDimpFlpMinl0DbK5h+A/kgfC7fyfxEHe1dj
+H2vCj946LNS2OgqJ5WbV867Fk7+unP0AZ1cy3+hedODRjqNfcu1MuLhxs/e0eLy5
+MmBDSZtJc27IVEs1IUntBy14WuJt3csjGb0jzMnWrbDcjvWAGC5yV4b5HfvZvOt8
+E2HCVWMycTuNFZHgtITqvmb2tYOc9bSOYUCRp7clCn9vvFtAKKzZiGzUsnyshLqq
+N6a1sTudU9otnIR52+K5v1rLlChS2UlIek0Nj6ejlTcTk9Go6aw=
+=z5Ek
+-----END PGP SIGNATURE-----

krb5-mini.spec

@@ -24,13 +24,13 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           krb5-mini
-Version:        1.19.3
+Version:        1.20
 Release:        0
 Summary:        MIT Kerberos5 implementation and libraries with minimal dependencies
 License:        MIT
 URL:            https://kerberos.org/dist/
-Source0:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz
+Source0:        https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz
-Source1:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc
+Source1:        https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc
 Source2:        krb5.keyring
 Source3:        vendor-files.tar.bz2
 Source4:        baselibs.conf

krb5.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Sun May 29 19:14:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.20.0:
+  * Added a "disable_pac" realm relation to suppress adding PAC authdata
+    to tickets, for realms which do not need to support S4U requests.
+  * Most credential cache types will use atomic replacement when a cache
+    is reinitialized using kinit or refreshed from the client keytab.
+  * kprop can now propagate databases with a dump size larger than 4GB,
+    if both the client and server are upgraded.
+  * kprop can now work over NATs that change the destination IP address,
+    if the client is upgraded.
+  * Updated the KDB interface.  The sign_authdata() method is replaced
+    with the issue_pac() method, allowing KDB modules to add logon info
+    and other buffers to the PAC issued by the KDC.
+  * Host-based initiator names are better supported in the GSS krb5
+    mechanism.
+  * Replaced AD-SIGNEDPATH authdata with minimal PACs.
+  * To avoid spurious replay errors, password change requests will not
+    be attempted over UDP until the attempt over TCP fails.
+  * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
+  * Updated all code using OpenSSL to be compatible with OpenSSL 3.
+  * Reorganized the libk5crypto build system to allow the OpenSSL
+    back-end to pull in material from the builtin back-end depending on
+    the OpenSSL version.
+  * Simplified the PRNG logic to always use the platform PRNG.
+  * Converted the remaining Tcl tests to Python. 
+
 -------------------------------------------------------------------
 Sat Apr  9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
 

krb5.spec

@@ -21,13 +21,13 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           krb5
-Version:        1.19.3
+Version:        1.20
 Release:        0
 Summary:        MIT Kerberos5 implementation
 License:        MIT
 URL:            https://kerberos.org/dist/
-Source0:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz
+Source0:        https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz
-Source1:        https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc
+Source1:        https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc
 Source2:        krb5.keyring
 Source3:        vendor-files.tar.bz2
 Source4:        baselibs.conf