diff --git a/krb5-1.15-fix_kdb_free_principal_e_data.patch b/krb5-1.15-fix_kdb_free_principal_e_data.patch deleted file mode 100644 index 23843ef..0000000 --- a/krb5-1.15-fix_kdb_free_principal_e_data.patch +++ /dev/null @@ -1,206 +0,0 @@ -From 28ca91cd71ea64c62419e996c38031bdae01f908 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Wed, 18 Jan 2017 11:40:49 -0500 -Subject: [PATCH 1/2] Explicitly copy KDB vtable fields - -In preparation for bumping the kdb_vftabl minor version, use explicit -field assignments when copying the module vtable to the internal copy, -so that we can conditionalize assignments for minor versions greater -than 0. - -ticket: 8538 ---- - src/lib/kdb/kdb5.c | 81 +++++++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 59 insertions(+), 22 deletions(-) - -diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c -index a3139a7dce..ee41272312 100644 ---- a/src/lib/kdb/kdb5.c -+++ b/src/lib/kdb/kdb5.c -@@ -283,24 +283,63 @@ clean_n_exit: - } - - static void --kdb_setup_opt_functions(db_library lib) --{ -- if (lib->vftabl.fetch_master_key == NULL) -- lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; -- if (lib->vftabl.fetch_master_key_list == NULL) -- lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; -- if (lib->vftabl.store_master_key_list == NULL) -- lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; -- if (lib->vftabl.dbe_search_enctype == NULL) -- lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; -- if (lib->vftabl.change_pwd == NULL) -- lib->vftabl.change_pwd = krb5_dbe_def_cpw; -- if (lib->vftabl.decrypt_key_data == NULL) -- lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data; -- if (lib->vftabl.encrypt_key_data == NULL) -- lib->vftabl.encrypt_key_data = krb5_dbe_def_encrypt_key_data; -- if (lib->vftabl.rename_principal == NULL) -- lib->vftabl.rename_principal = krb5_db_def_rename_principal; -+copy_vtable(const kdb_vftabl *in, kdb_vftabl *out) -+{ -+ /* Copy fields for minor version 0. */ -+ out->maj_ver = in->maj_ver; -+ out->min_ver = in->min_ver; -+ out->init_library = in->init_library; -+ out->fini_library = in->fini_library; -+ out->init_module = in->init_module; -+ out->fini_module = in->fini_module; -+ out->create = in->create; -+ out->destroy = in->destroy; -+ out->get_age = in->get_age; -+ out->lock = in->lock; -+ out->unlock = in->unlock; -+ out->get_principal = in->get_principal; -+ out->put_principal = in->put_principal; -+ out->delete_principal = in->delete_principal; -+ out->rename_principal = in->rename_principal; -+ out->iterate = in->iterate; -+ out->create_policy = in->create_policy; -+ out->get_policy = in->get_policy; -+ out->put_policy = in->put_policy; -+ out->iter_policy = in->iter_policy; -+ out->delete_policy = in->delete_policy; -+ out->fetch_master_key = in->fetch_master_key; -+ out->fetch_master_key_list = in->fetch_master_key_list; -+ out->store_master_key_list = in->store_master_key_list; -+ out->dbe_search_enctype = in->dbe_search_enctype; -+ out->change_pwd = in->change_pwd; -+ out->promote_db = in->promote_db; -+ out->decrypt_key_data = in->decrypt_key_data; -+ out->encrypt_key_data = in->encrypt_key_data; -+ out->sign_authdata = in->sign_authdata; -+ out->check_transited_realms = in->check_transited_realms; -+ out->check_policy_as = in->check_policy_as; -+ out->check_policy_tgs = in->check_policy_tgs; -+ out->audit_as_req = in->audit_as_req; -+ out->refresh_config = in->refresh_config; -+ out->check_allowed_to_delegate = in->check_allowed_to_delegate; -+ -+ /* Set defaults for optional fields. */ -+ if (out->fetch_master_key == NULL) -+ out->fetch_master_key = krb5_db_def_fetch_mkey; -+ if (out->fetch_master_key_list == NULL) -+ out->fetch_master_key_list = krb5_def_fetch_mkey_list; -+ if (out->store_master_key_list == NULL) -+ out->store_master_key_list = krb5_def_store_mkey_list; -+ if (out->dbe_search_enctype == NULL) -+ out->dbe_search_enctype = krb5_dbe_def_search_enctype; -+ if (out->change_pwd == NULL) -+ out->change_pwd = krb5_dbe_def_cpw; -+ if (out->decrypt_key_data == NULL) -+ out->decrypt_key_data = krb5_dbe_def_decrypt_key_data; -+ if (out->encrypt_key_data == NULL) -+ out->encrypt_key_data = krb5_dbe_def_encrypt_key_data; -+ if (out->rename_principal == NULL) -+ out->rename_principal = krb5_db_def_rename_principal; - } - - #ifdef STATIC_PLUGINS -@@ -334,8 +373,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) - return ENOMEM; - - strlcpy(lib->name, lib_name, sizeof(lib->name)); -- memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl)); -- kdb_setup_opt_functions(lib); -+ copy_vtable(vftabl_addr, &lib->vftabl); - - status = lib->vftabl.init_library(); - if (status) -@@ -433,8 +471,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib) - goto clean_n_exit; - } - -- memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl)); -- kdb_setup_opt_functions(*lib); -+ copy_vtable(vftabl_addrs[0], &(*lib)->vftabl); - - if ((status = (*lib)->vftabl.init_library())) - goto clean_n_exit; --- -2.11.0 - - -From 82a163b99f1f6228f98b433892444372b18ecdb3 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 18 Jan 2017 11:52:48 +0100 -Subject: [PATCH 2/2] Add free_principal_e_data KDB method - -Add an optional method to kdb_vftabl to free e_data pointer in a -principal entry, in case it was populated by a module using a more -complex structure than a single memory region. - -[ghudson@mit.edu: handled minor version bump; simplified code; rewrote -commit message] - -ticket: 8538 -target_version: 1.15-next -tags: pullup ---- - src/include/kdb.h | 11 +++++++++++ - src/lib/kdb/kdb5.c | 14 +++++++++++++- - 2 files changed, 24 insertions(+), 1 deletion(-) - -diff --git a/src/include/kdb.h b/src/include/kdb.h -index e9d1a84ba1..da04724fce 100644 ---- a/src/include/kdb.h -+++ b/src/include/kdb.h -@@ -1382,6 +1382,17 @@ typedef struct _kdb_vftabl { - krb5_const_principal client, - const krb5_db_entry *server, - krb5_const_principal proxy); -+ -+ /* End of minor version 0. */ -+ -+ /* -+ * Optional: Free the e_data pointer of a database entry. If this method -+ * is not implemented, the e_data pointer in principal entries will be -+ * freed with free() as seen by libkdb5. -+ */ -+ void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data); -+ -+ /* End of minor version 1 for major version 6. */ - } kdb_vftabl; - - #endif /* !defined(_WIN32) */ -diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c -index ee41272312..4adf0fcbb2 100644 ---- a/src/lib/kdb/kdb5.c -+++ b/src/lib/kdb/kdb5.c -@@ -323,6 +323,12 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out) - out->refresh_config = in->refresh_config; - out->check_allowed_to_delegate = in->check_allowed_to_delegate; - -+ /* Copy fields for minor version 1 (major version 6). */ -+ assert(KRB5_KDB_DAL_MAJOR_VERSION == 6); -+ out->free_principal_e_data = NULL; -+ if (in->min_ver >= 1) -+ out->free_principal_e_data = in->free_principal_e_data; -+ - /* Set defaults for optional fields. */ - if (out->fetch_master_key == NULL) - out->fetch_master_key = krb5_db_def_fetch_mkey; -@@ -820,11 +826,17 @@ free_tl_data(krb5_tl_data *list) - void - krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry) - { -+ kdb_vftabl *v; - int i; - - if (entry == NULL) - return; -- free(entry->e_data); -+ if (entry->e_data != NULL) { -+ if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL) -+ v->free_principal_e_data(kcontext, entry->e_data); -+ else -+ free(entry->e_data); -+ } - krb5_free_principal(kcontext, entry->princ); - free_tl_data(entry->tl_data); - for (i = 0; i < entry->n_key_data; i++) --- -2.11.0 - diff --git a/krb5-1.15.1.tar.gz b/krb5-1.15.1.tar.gz new file mode 100644 index 0000000..5e96d8e --- /dev/null +++ b/krb5-1.15.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:437c8831ddd5fde2a993fef425dedb48468109bb3d3261ef838295045a89eb45 +size 9375538 diff --git a/krb5-1.15.1.tar.gz.asc b/krb5-1.15.1.tar.gz.asc new file mode 100644 index 0000000..cd38b20 --- /dev/null +++ b/krb5-1.15.1.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIVAwUAWLmTPQy6CFdfg3LfAQKWgBAAnahZbh9rFKBor8lz8icPdOAPyF7QP9xM +aDlxANUePQxN7BG68MPNL0A4/kIB1QHVl07t9vEnPBMKuF6RfVS1Sl9LYvxAF5Gf +pp5nbOOYf8bs5V/isMYjAu61D4Hyr/anKYZsbOTcR+c5CI4UXAB1uaznGcTUT+vL +MJie3ebWxJOPhv2HhkMU4BMkBxnGs1ONNsmU7yvCnbf6kgxpLaVITDzKGDrjIdQu +ej6HZQpwidUZDRICFks6pY4ASfSBEzUGswnnhdsq3uvUhxm5F6jn097K+3nIydVT +SgbJX4sBn5iJBBNumRZZ3OAovwBN+6XKM54ELWgyeQCY3Pk2P8qTojIWaqNJtyuf +q0FSR16rWKq7ZRxHwgc93YETmzIkdil5WFnTpAtqVR5RFOL/GNGh5Dwn645mC3XY +WOFBaVhX1libl+GApJjwriIzZ3e+gtaqsYa/A473BGJL+mKCp8xOfeTXeZCTCVgo +x32NhUcXTxr6RRCq/WTEH6reu4oU+VkostCv3yknHOHatYbzh2DDni+mUVnUpGw8 +WEh3XNjHrjPQ5Vr1F7/aIhmG80QXVKWfJgrVVTwUXjk8+v0enTWudsKYVanvPZDN +Yo1Jqrgc7tfRJpirVpJKxS0rNt/ES2I4heLkoz8j/DnDNqNmKV718jWVAms6jjuR +Cunhql8OvtU= +=Tvr2 +-----END PGP SIGNATURE----- diff --git a/krb5-1.15.tar.gz b/krb5-1.15.tar.gz deleted file mode 100644 index 5f5ae43..0000000 --- a/krb5-1.15.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd34752774c808ab4f6f864f935c49945f5a56b62240b1ad4ab1af7b4ded127c -size 9327157 diff --git a/krb5-1.15.tar.gz.asc b/krb5-1.15.tar.gz.asc deleted file mode 100644 index c34ccef..0000000 --- a/krb5-1.15.tar.gz.asc +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQGcBAABAgAGBQJYQKmiAAoJEKMvF/0AVcMFfisL/j4xfA/HF0ElUB9X6nSboR8P -60BSDZZe38gCQyONHn1CiZA5nY7xUy45oXmtffED32NZRIq/8R0CHkSoTd+wCtev -EEGAACK0cbFMA8YDvlF5R1Hdt2Vgghr+BYGg8TbuhiZadp4I8VZ13WePR5gToaV0 -+35lOwgqRYV+Jxijp8N92KuZyZnH88tGbAh9gvPLxps2L7xA+MWwU2R71rraTIVj -b+saDBldKubh5Hamf+3Qle+lsvJuC7ErUifnjth+tpOonIlgeiLHs6+VwyHlOiv4 -i+Uf0diN/gzWZd62Y+Fl42JDevTXyschWp+HxKLkbQXley04gS0nujRLpvaDkNlR -L+4Yy873q0yS6o4x7Pmcm3nb/nJQxQyvBJMy8MjLE3pEdynFZK9o0KGBkLtNIYVt -VwlqHrTGEsOtXYQKdhq9bGvpJa4jwrR2MIDaKvR5i1zc2xtZcWkvhlKJ67FGuRRD -eSbZR00NXP2wETo7Bu8BsJR5t9/1j+4US9vA15CUQg== -=iCzw ------END PGP SIGNATURE----- diff --git a/krb5-mini.changes b/krb5-mini.changes index 548ad54..8f01284 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Mar 9 20:58:42 UTC 2017 - michael@stroeder.com + +- use HTTPS project and source URLs + +------------------------------------------------------------------- +Thu Mar 9 16:31:41 UTC 2017 - meissner@suse.com + +- use source urls. +- krb5.keyring: Added Greg Hudson + +------------------------------------------------------------------- +Sat Mar 4 21:29:34 UTC 2017 - michael@stroeder.com + +- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch +- Upgrade to 1.15.1 + * Allow KDB modules to determine how the e_data field of principal + fields is freed + * Fix udp_preference_limit when the KDC location is configured with + SRV records + * Fix KDC and kadmind startup on some IPv4-only systems + * Fix the processing of PKINIT certificate matching rules which have + two components and no explicit relation + * Improve documentation + ------------------------------------------------------------------- Thu Jan 19 16:01:27 UTC 2017 - asn@cryptomilk.org diff --git a/krb5-mini.spec b/krb5-mini.spec index 833f35b..abffc0d 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -16,12 +16,12 @@ # -%define srcRoot krb5-1.15 +%define srcRoot krb5-1.15.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 Name: krb5-mini -Url: http://web.mit.edu/kerberos/www/ +Url: https://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils @@ -29,7 +29,7 @@ BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.15 +Version: 1.15.1 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT @@ -47,9 +47,8 @@ Conflicts: krb5-server Conflicts: krb5-plugin-kdb-ldap Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp -# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar -Source0: krb5-%{version}.tar.gz -Source1: krb5-%{version}.tar.gz.asc +Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz +Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf @@ -63,8 +62,6 @@ Patch8: krb5-1.12-api.patch Patch11: krb5-1.12-ksu-path.patch Patch12: krb5-1.12-selinux-label.patch Patch13: krb5-1.9-debuginfo.patch -# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538 -Patch14: krb5-1.15-fix_kdb_free_principal_e_data.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -108,7 +105,6 @@ Include Files for Development %patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 %build # needs to be re-generated diff --git a/krb5.changes b/krb5.changes index 6e95c90..ac23885 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Mar 9 20:58:42 UTC 2017 - michael@stroeder.com + +- use HTTPS project and source URLs + +------------------------------------------------------------------- +Thu Mar 9 16:31:41 UTC 2017 - meissner@suse.com + +- use source urls. +- krb5.keyring: Added Greg Hudson + +------------------------------------------------------------------- +Sat Mar 4 21:29:34 UTC 2017 - michael@stroeder.com + +- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch +- Upgrade to 1.15.1 + * Allow KDB modules to determine how the e_data field of principal + fields is freed + * Fix udp_preference_limit when the KDC location is configured with + SRV records + * Fix KDC and kadmind startup on some IPv4-only systems + * Fix the processing of PKINIT certificate matching rules which have + two components and no explicit relation + * Improve documentation + ------------------------------------------------------------------- Fri Jan 27 14:50:39 UTC 2017 - bwiedemann@suse.com diff --git a/krb5.keyring b/krb5.keyring index f13592c..bfb9bd6 100644 Binary files a/krb5.keyring and b/krb5.keyring differ diff --git a/krb5.spec b/krb5.spec index a125aa7..2af3c55 100644 --- a/krb5.spec +++ b/krb5.spec @@ -17,7 +17,7 @@ Name: krb5 -Url: http://web.mit.edu/kerberos/www/ +Url: https://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils @@ -25,7 +25,7 @@ BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.15 +Version: 1.15.1 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -46,9 +46,8 @@ BuildRequires: pkgconfig(systemd) Obsoletes: krb5-64bit %endif Conflicts: krb5-mini -# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar -Source0: krb5-%{version}.tar.gz -Source1: krb5-%{version}.tar.gz.asc +Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz +Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf @@ -63,8 +62,6 @@ Patch8: krb5-1.12-api.patch Patch11: krb5-1.12-ksu-path.patch Patch12: krb5-1.12-selinux-label.patch Patch13: krb5-1.9-debuginfo.patch -# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538 -Patch14: krb5-1.15-fix_kdb_free_principal_e_data.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -179,7 +176,6 @@ Include Files for Development %patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 %build # needs to be re-generated