diff --git a/Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch b/Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch index 6e78dcc..7b61fce 100644 --- a/Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch +++ b/Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch @@ -13,6 +13,7 @@ compiled as part of "make test-vectors" and not as part of the regular build. (cherry picked from commit 78a09d95dff6915da4079bc611f4bb95f6a95f70) +Signed-off-by: Robbie Harwood --- src/include/k5-spake.h | 107 +++++++++++++++++++++++++++ src/lib/krb5/asn.1/asn1_k_encode.c | 52 ++++++++++++- diff --git a/Add-PKINIT-KDC-support-for-freshness-token.patch b/Add-PKINIT-KDC-support-for-freshness-token.patch index 70782fb..23af740 100644 --- a/Add-PKINIT-KDC-support-for-freshness-token.patch +++ b/Add-PKINIT-KDC-support-for-freshness-token.patch @@ -24,6 +24,7 @@ the RSA test. ticket: 8648 (cherry picked from commit 4a9050df0bc34bfb08ba24462d6e2514640f4b8e) +Signed-off-by: Robbie Harwood --- doc/admin/conf_files/kdc_conf.rst | 4 + doc/admin/pkinit.rst | 25 +++++ diff --git a/Add-PKINIT-client-support-for-freshness-token.patch b/Add-PKINIT-client-support-for-freshness-token.patch index 1a00819..3e34b68 100644 --- a/Add-PKINIT-client-support-for-freshness-token.patch +++ b/Add-PKINIT-client-support-for-freshness-token.patch @@ -10,6 +10,7 @@ freshnessToken field of pkAuthenticator ticket: 8648 (cherry picked from commit 085785362e01467cb25c79a90dcebfba9ea019d8) +Signed-off-by: Robbie Harwood --- doc/user/user_commands/kinit.rst | 3 +++ src/include/k5-int-pkinit.h | 1 + diff --git a/Add-SPAKE-preauth-support.patch b/Add-SPAKE-preauth-support.patch index ab04539..e9f4bc3 100644 --- a/Add-SPAKE-preauth-support.patch +++ b/Add-SPAKE-preauth-support.patch @@ -47,6 +47,7 @@ registry contents; implemented P-384 and P-521] ticket: 8647 (new) (cherry picked from commit 7447259401569c92b1fb2e31cb02edbbffd67d35) +Signed-off-by: Robbie Harwood --- NOTICE | 51 + doc/admin/conf_files/kdc_conf.rst | 22 +- diff --git a/Add-doc-index-entries-for-SPAKE-constants.patch b/Add-doc-index-entries-for-SPAKE-constants.patch index 7ac2afe..c60e9ba 100644 --- a/Add-doc-index-entries-for-SPAKE-constants.patch +++ b/Add-doc-index-entries-for-SPAKE-constants.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Add doc index entries for SPAKE constants ticket: 8647 (cherry picked from commit c010c9031753f356bb380e8a1324cc34721f8221) +Signed-off-by: Robbie Harwood --- doc/appdev/refs/macros/index.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Add-flag-to-disable-encrypted-timestamp-on-client.patch b/Add-flag-to-disable-encrypted-timestamp-on-client.patch index adc4f41..2c8768c 100644 --- a/Add-flag-to-disable-encrypted-timestamp-on-client.patch +++ b/Add-flag-to-disable-encrypted-timestamp-on-client.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Add flag to disable encrypted timestamp on client ticket: 8655 (cherry picked from commit 4ad376134b8d456392edbac7a7d351e6c7a7f0e7) +Signed-off-by: Robbie Harwood --- doc/admin/conf_files/krb5_conf.rst | 10 ++++++++++ doc/admin/spake.rst | 8 ++++++++ diff --git a/Add-k5_buf_add_vfmt-to-k5buf-interface.patch b/Add-k5_buf_add_vfmt-to-k5buf-interface.patch index 1a333a7..31c81c1 100644 --- a/Add-k5_buf_add_vfmt-to-k5buf-interface.patch +++ b/Add-k5_buf_add_vfmt-to-k5buf-interface.patch @@ -4,6 +4,7 @@ Date: Thu, 4 Jan 2018 14:35:12 -0500 Subject: [PATCH] Add k5_buf_add_vfmt to k5buf interface (cherry picked from commit f05766469efc2a055085c0bcf9d40c4cdf47fe36) +Signed-off-by: Robbie Harwood --- src/include/k5-buf.h | 8 ++++++ src/util/support/k5buf.c | 26 +++++++++++-------- diff --git a/Add-k5_dir_filenames-to-libkrb5support.patch b/Add-k5_dir_filenames-to-libkrb5support.patch index d420f15..953cab1 100644 --- a/Add-k5_dir_filenames-to-libkrb5support.patch +++ b/Add-k5_dir_filenames-to-libkrb5support.patch @@ -7,6 +7,7 @@ Add a support function to get a list of filenames from a directory in sorted order. (cherry picked from commit 27534121eb39089ff4335d8b465027e9ba783682) +Signed-off-by: Robbie Harwood --- src/include/k5-platform.h | 7 + src/util/support/Makefile.in | 3 + diff --git a/Add-k5test-mark-function.patch b/Add-k5test-mark-function.patch index 0b2b9fa..21f5a5f 100644 --- a/Add-k5test-mark-function.patch +++ b/Add-k5test-mark-function.patch @@ -8,6 +8,7 @@ by allowing the script to output marks, and displaying the most recent mark with command failures. (cherry picked from commit 4e813204ac3dace93297f47d64dfc0aaecc370f8) +Signed-off-by: Robbie Harwood --- src/util/k5test.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Add-libkrb5support-hex-functions-and-tests.patch b/Add-libkrb5support-hex-functions-and-tests.patch index d7caab2..6ddba45 100644 --- a/Add-libkrb5support-hex-functions-and-tests.patch +++ b/Add-libkrb5support-hex-functions-and-tests.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Add libkrb5support hex functions and tests (cherry picked from commit 720dea558da0062d3cea4385327161e62cf09a5e) [rharwood@redhat.com Remove .gitignore] +Signed-off-by: Robbie Harwood --- src/include/k5-hex.h | 53 ++++++ src/util/support/Makefile.in | 15 +- diff --git a/Add-vector-support-to-k5_sha256.patch b/Add-vector-support-to-k5_sha256.patch index f9a3233..a77f6a2 100644 --- a/Add-vector-support-to-k5_sha256.patch +++ b/Add-vector-support-to-k5_sha256.patch @@ -8,6 +8,7 @@ to k5_sha256(), for efficient computation of SHA-256 hashes over concatenations of data values. (cherry picked from commit 4f3373e8c55b3e9bdfb5b065e07214c5816c85fa) +Signed-off-by: Robbie Harwood --- src/include/k5-int.h | 4 ++-- src/lib/crypto/builtin/sha2/sha256.c | 6 ++++-- diff --git a/Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch b/Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch index 692f4ad..668b640 100644 --- a/Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch +++ b/Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch @@ -19,6 +19,7 @@ spake_prep_questions() without a prototype. ticket: 8659 (cherry picked from commit f240f1b0d324312be8aa59ead7cfbe0c329ed064) +Signed-off-by: Robbie Harwood --- src/plugins/preauth/spake/spake_client.c | 111 ++++++++++++++--------- 1 file changed, 66 insertions(+), 45 deletions(-) diff --git a/Convert-Python-tests-to-Python-3.patch b/Convert-Python-tests-to-Python-3.patch index 5f5dc23..ebf0f4c 100644 --- a/Convert-Python-tests-to-Python-3.patch +++ b/Convert-Python-tests-to-Python-3.patch @@ -9,6 +9,7 @@ test code to conform to Python 3. ticket: 8710 (new) (cherry picked from commit e23d24beacb73581bbf4351250f3955e6fd44361) [rharwood@redhat.com: Context skew due to not having LMDB in tests] +Signed-off-by: Robbie Harwood --- src/Makefile.in | 1 + src/configure.in | 6 ++-- diff --git a/Eliminate-preprocessor-disabled-dead-code.patch b/Eliminate-preprocessor-disabled-dead-code.patch index 9c55c67..83cd935 100644 --- a/Eliminate-preprocessor-disabled-dead-code.patch +++ b/Eliminate-preprocessor-disabled-dead-code.patch @@ -10,6 +10,7 @@ these dead hunks along with the complexity to support them. (cherry picked from commit 2bc951d3c88b460a16249115cbd51d69c3c57e22) [rharwood@redhat.com: context skew] +Signed-off-by: Robbie Harwood --- src/ccapi/common/win/OldCC/ccutils.c | 6 -- src/ccapi/common/win/OldCC/ccutils.h | 3 - diff --git a/Exit-with-status-0-from-kadmind.patch b/Exit-with-status-0-from-kadmind.patch index 5fbdff8..afc8b69 100644 --- a/Exit-with-status-0-from-kadmind.patch +++ b/Exit-with-status-0-from-kadmind.patch @@ -14,6 +14,7 @@ weird return code has been present since the addition of the kadmin code, which used a similar event model for signals. (cherry picked from commit f970ad412aca36f8a7d3addb1cd4026ed22e5592) +Signed-off-by: Robbie Harwood --- src/kadmin/server/ovsec_kadmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Explicitly-look-for-python2-in-configure.in.patch b/Explicitly-look-for-python2-in-configure.in.patch index cb6620f..19c8d1f 100644 --- a/Explicitly-look-for-python2-in-configure.in.patch +++ b/Explicitly-look-for-python2-in-configure.in.patch @@ -15,6 +15,7 @@ doesn't need a #!/usr/bin/python header. ticket: 8709 (new) (cherry picked from commit 2bd410ecdb366083fe9b4e5f6ac4b741b624230b) +Signed-off-by: Robbie Harwood --- src/appl/gss-sample/t_gss_sample.py | 2 -- src/appl/user_user/t_user2user.py | 1 - diff --git a/Fix-SPAKE-memory-leak.patch b/Fix-SPAKE-memory-leak.patch index e1cacca..de172f6 100644 --- a/Fix-SPAKE-memory-leak.patch +++ b/Fix-SPAKE-memory-leak.patch @@ -10,6 +10,7 @@ data object to avoid a harmless uninitialized memory copy. ticket: 8647 (cherry picked from commit 70b88b8018658e052d6eabf06f8fdad17fbe993c) +Signed-off-by: Robbie Harwood --- src/plugins/preauth/spake/openssl.c | 1 + src/plugins/preauth/spake/spake_kdc.c | 1 + diff --git a/Fix-hex-conversion-of-PKINIT-certid-strings.patch b/Fix-hex-conversion-of-PKINIT-certid-strings.patch index 57d561b..0cf098a 100644 --- a/Fix-hex-conversion-of-PKINIT-certid-strings.patch +++ b/Fix-hex-conversion-of-PKINIT-certid-strings.patch @@ -12,6 +12,7 @@ commit message] ticket: 8636 (cherry picked from commit 63e8b8142fd7b3931a7bf2d6448978ca536bafc0) +Signed-off-by: Robbie Harwood --- .../preauth/pkinit/pkinit_crypto_openssl.c | 55 +++++++++++++++---- 1 file changed, 44 insertions(+), 11 deletions(-) diff --git a/Fix-k5test-prompts-for-Python-3.patch b/Fix-k5test-prompts-for-Python-3.patch new file mode 100644 index 0000000..fe16746 --- /dev/null +++ b/Fix-k5test-prompts-for-Python-3.patch @@ -0,0 +1,36 @@ +From 43cf653d21d931b792b36c7e6e4cfab3a6236bef Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Wed, 25 Jul 2018 11:50:02 -0400 +Subject: [PATCH] Fix k5test prompts for Python 3 + +With Python 3, sys.stdout.write() of a partial line followed by +sys.stdin.readline() does not display the partial line. Add explicit +flushes to make prompts visible in k5test.py. + +ticket: 8710 +(cherry picked from commit 297535b72177dcced036b78107e9d0e37781c7a3) +Signed-off-by: Robbie Harwood +--- + src/util/k5test.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/util/k5test.py b/src/util/k5test.py +index 81fac3063..e4f99b211 100644 +--- a/src/util/k5test.py ++++ b/src/util/k5test.py +@@ -457,6 +457,7 @@ def _onexit(): + if _debug or _stop_before or _stop_after or _shell_before or _shell_after: + # Wait before killing daemons in case one is being debugged. + sys.stdout.write('*** Press return to kill daemons and exit script: ') ++ sys.stdout.flush() + sys.stdin.readline() + for proc in _daemons: + os.kill(proc.pid, signal.SIGTERM) +@@ -658,6 +659,7 @@ def _valgrind(args): + def _stop_or_shell(stop, shell, env, ind): + if (_match_cmdnum(stop, ind)): + sys.stdout.write('*** [%d] Waiting for return: ' % ind) ++ sys.stdout.flush() + sys.stdin.readline() + if (_match_cmdnum(shell, ind)): + output('*** [%d] Spawning shell\n' % ind, True) diff --git a/Fix-read-overflow-in-KDC-sort_pa_data.patch b/Fix-read-overflow-in-KDC-sort_pa_data.patch index 4f46827..d8737c2 100644 --- a/Fix-read-overflow-in-KDC-sort_pa_data.patch +++ b/Fix-read-overflow-in-KDC-sort_pa_data.patch @@ -15,6 +15,7 @@ instead get the count from the prior loop by stopping once we move all of the key-replacing modules to the front. (cherry picked from commit b38e318cea18fd65647189eed64aef83bf1cb772) +Signed-off-by: Robbie Harwood --- src/kdc/kdc_preauth.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Fix-securid_sam2-preauth-for-non-default-salt.patch b/Fix-securid_sam2-preauth-for-non-default-salt.patch index 610bf4e..5f0a1b4 100644 --- a/Fix-securid_sam2-preauth-for-non-default-salt.patch +++ b/Fix-securid_sam2-preauth-for-non-default-salt.patch @@ -8,6 +8,7 @@ just the default salt type. ticket: 8629 (cherry picked from commit a2339099ad13c84de0843fd04d0ba612fc194a1e) +Signed-off-by: Robbie Harwood --- src/plugins/preauth/securid_sam2/grail.c | 3 +-- src/plugins/preauth/securid_sam2/securid2.c | 3 +-- diff --git a/Fix-segfault-in-finish_dispatch.patch b/Fix-segfault-in-finish_dispatch.patch index ff28848..0225ab3 100644 --- a/Fix-segfault-in-finish_dispatch.patch +++ b/Fix-segfault-in-finish_dispatch.patch @@ -12,6 +12,8 @@ dereference state->active_realm. tags: pullup target_version: 1.16-next target_version: 1.15-next + +Signed-off-by: Robbie Harwood --- src/kdc/dispatch.c | 79 ++++++++++++++++++++++++---------------------- 1 file changed, 42 insertions(+), 37 deletions(-) diff --git a/Fix-some-broken-tests-for-Python-3.patch b/Fix-some-broken-tests-for-Python-3.patch index 42825b0..4f17284 100644 --- a/Fix-some-broken-tests-for-Python-3.patch +++ b/Fix-some-broken-tests-for-Python-3.patch @@ -15,6 +15,7 @@ currently not exercised by Travis. ticket: 8710 (cherry picked from commit d1fb3551c0dff5c3e6555b31fcbf04ff04d577fe) [rharwood@redhat.com: .travis.yml] +Signed-off-by: Robbie Harwood --- src/lib/krad/t_daemon.py | 2 +- src/tests/jsonwalker.py | 16 +++++----------- diff --git a/Implement-k5_buf_init_dynamic_zap.patch b/Implement-k5_buf_init_dynamic_zap.patch index 28fd16b..ceadd64 100644 --- a/Implement-k5_buf_init_dynamic_zap.patch +++ b/Implement-k5_buf_init_dynamic_zap.patch @@ -7,6 +7,7 @@ Add a variant of dynamic k5buf objects which zeroes memory when reallocating or freeing the buffer. (cherry picked from commit 8ee8246c14702dc03b02e31b9fb5b7c2bb674bfb) +Signed-off-by: Robbie Harwood --- src/include/k5-buf.h | 6 ++- src/util/support/k5buf.c | 41 +++++++++++++++---- diff --git a/Include-etype-info-in-for-hardware-preauth-hints.patch b/Include-etype-info-in-for-hardware-preauth-hints.patch index 82aba62..788a88a 100644 --- a/Include-etype-info-in-for-hardware-preauth-hints.patch +++ b/Include-etype-info-in-for-hardware-preauth-hints.patch @@ -10,6 +10,7 @@ password. ticket: 8629 (cherry picked from commit ba92da05accc524b8037453b63ced1a6c65fd2a1) +Signed-off-by: Robbie Harwood --- src/kdc/kdc_preauth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Include-preauth-name-in-trace-output-if-possible.patch b/Include-preauth-name-in-trace-output-if-possible.patch index fe88920..59dfc21 100644 --- a/Include-preauth-name-in-trace-output-if-possible.patch +++ b/Include-preauth-name-in-trace-output-if-possible.patch @@ -11,6 +11,7 @@ and use it when formatting {patype} or {patypes}. ticket: 8653 (new) (cherry picked from commit 9c68fe39b018666eabe033b639c1f35d03ba51c7) +Signed-off-by: Robbie Harwood --- src/include/k5-trace.h | 17 +-- src/lib/krb5/os/t_trace.ref | 2 +- diff --git a/Log-when-non-root-ksu-authorization-fails.patch b/Log-when-non-root-ksu-authorization-fails.patch index 704b5a9..b4a6c2e 100644 --- a/Log-when-non-root-ksu-authorization-fails.patch +++ b/Log-when-non-root-ksu-authorization-fails.patch @@ -8,6 +8,7 @@ syslog at LOG_WARNING in keeping with other failure messages. ticket: 8270 (cherry picked from commit 6cfa5c113e981f14f70ccafa20abfa5c46b665ba) +Signed-off-by: Robbie Harwood --- src/clients/ksu/main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Make-docs-build-python3-compatible.patch b/Make-docs-build-python3-compatible.patch index 58a3e86..f6e5fa1 100644 --- a/Make-docs-build-python3-compatible.patch +++ b/Make-docs-build-python3-compatible.patch @@ -8,6 +8,7 @@ paths information in docs. Call exec() directly instead. ticket: 8692 (new) (cherry picked from commit a7c6d98480f1e33454173f88381921472d72f80a) +Signed-off-by: Robbie Harwood --- doc/conf.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Make-krb5kdc-p-affect-TCP-ports.patch b/Make-krb5kdc-p-affect-TCP-ports.patch index ac5bc30..1b4ae04 100644 --- a/Make-krb5kdc-p-affect-TCP-ports.patch +++ b/Make-krb5kdc-p-affect-TCP-ports.patch @@ -9,6 +9,7 @@ ports. ticket: 8715 (new) (cherry picked from commit eb514587acc5c357bf0f554199bf0489b5515f8b) +Signed-off-by: Robbie Harwood --- doc/admin/admin_commands/krb5kdc.rst | 12 ++++++------ src/kdc/main.c | 12 ++++-------- diff --git a/Move-zap-definition-to-k5-platform.h.patch b/Move-zap-definition-to-k5-platform.h.patch index f181701..4e93056 100644 --- a/Move-zap-definition-to-k5-platform.h.patch +++ b/Move-zap-definition-to-k5-platform.h.patch @@ -7,6 +7,7 @@ Make it possible to use zap() in parts of the code which should not include k5-int.h by moving its definition to k5-platform.h. (cherry picked from commit df6bef6f9ea6a5f6f3956a2988cd658c78aae817) +Signed-off-by: Robbie Harwood --- src/include/k5-int.h | 45 ------------------------------------- src/include/k5-platform.h | 47 ++++++++++++++++++++++++++++++++++++++- diff --git a/Process-profile-includedir-in-sorted-order.patch b/Process-profile-includedir-in-sorted-order.patch index 92efffc..044c046 100644 --- a/Process-profile-includedir-in-sorted-order.patch +++ b/Process-profile-includedir-in-sorted-order.patch @@ -9,6 +9,7 @@ within the C locale). ticket: 8686 (cherry picked from commit f574eda48740ad192f51e9a382a205e2ea0e60ad) +Signed-off-by: Robbie Harwood --- doc/admin/conf_files/krb5_conf.rst | 4 ++- src/util/profile/prof_parse.c | 56 +++++------------------------- diff --git a/Refactor-KDC-krb5_pa_data-utility-functions.patch b/Refactor-KDC-krb5_pa_data-utility-functions.patch index 41e7cbe..b7acc49 100644 --- a/Refactor-KDC-krb5_pa_data-utility-functions.patch +++ b/Refactor-KDC-krb5_pa_data-utility-functions.patch @@ -16,6 +16,7 @@ callers accordingly, making small simplifications to memory handling where applicable. (cherry picked from commit 4af478c18b02e1d2444a328bb79e6976ef3d312b) +Signed-off-by: Robbie Harwood --- src/kdc/fast_util.c | 28 +------ src/kdc/kdc_preauth.c | 14 ++-- diff --git a/Remove-nodes-option-from-make-certs-scripts.patch b/Remove-nodes-option-from-make-certs-scripts.patch index 402f5fb..f45b1b0 100644 --- a/Remove-nodes-option-from-make-certs-scripts.patch +++ b/Remove-nodes-option-from-make-certs-scripts.patch @@ -12,6 +12,7 @@ pkcs12 subcommands, but genrsa creates unencrypted keys by default. [ghudson@mit.edu: edited commit message] (cherry picked from commit 928a36aae326d496c9a73f2cd41b4da45eef577c) +Signed-off-by: Robbie Harwood --- src/tests/dejagnu/pkinit-certs/make-certs.sh | 2 +- src/tests/dejagnu/proxy-certs/make-certs.sh | 2 +- diff --git a/Remove-outdated-note-in-krb5kdc-man-page.patch b/Remove-outdated-note-in-krb5kdc-man-page.patch index 6845b89..b2e8c13 100644 --- a/Remove-outdated-note-in-krb5kdc-man-page.patch +++ b/Remove-outdated-note-in-krb5kdc-man-page.patch @@ -13,6 +13,7 @@ tags: pullup target_version: 1.16-next (cherry picked from commit 728b66ab867e31c4c338c6a6309d629d39a4ec3f) +Signed-off-by: Robbie Harwood --- doc/admin/admin_commands/krb5kdc.rst | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Report-extended-errors-in-kinit-k-t-KDB.patch b/Report-extended-errors-in-kinit-k-t-KDB.patch index 6859b55..bc6728d 100644 --- a/Report-extended-errors-in-kinit-k-t-KDB.patch +++ b/Report-extended-errors-in-kinit-k-t-KDB.patch @@ -9,6 +9,7 @@ extended error messages. ticket: 8652 (new) (cherry picked from commit d4d902d317a2acc46ee71094a33a9203b6135275) +Signed-off-by: Robbie Harwood --- src/clients/kinit/kinit.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Restrict-pre-authentication-fallback-cases.patch b/Restrict-pre-authentication-fallback-cases.patch index f519557..d5c9d86 100644 --- a/Restrict-pre-authentication-fallback-cases.patch +++ b/Restrict-pre-authentication-fallback-cases.patch @@ -16,6 +16,7 @@ retried after a failure. ticket: 8654 (cherry picked from commit 7a24a088c16d326127dd2b29084d4ca085c70d10) +Signed-off-by: Robbie Harwood --- src/include/krb5/clpreauth_plugin.h | 14 ++++ src/lib/krb5/krb/get_in_tkt.c | 21 +++--- diff --git a/Simplify-kdc_preauth.c-systems-table.patch b/Simplify-kdc_preauth.c-systems-table.patch index 08853d4..c7ff103 100644 --- a/Simplify-kdc_preauth.c-systems-table.patch +++ b/Simplify-kdc_preauth.c-systems-table.patch @@ -15,6 +15,7 @@ padata types. The KRB5_PADATA_SERVER_REFERRAL entry has been disabled since it was first added. (cherry picked from commit fea1a488924faa3938ef723feaa1ff12d22a91ff) +Signed-off-by: Robbie Harwood --- src/kdc/kdc_preauth.c | 526 +++++++++++++++--------------------------- 1 file changed, 184 insertions(+), 342 deletions(-) diff --git a/Use-SHA-256-instead-of-MD5-for-audit-ticket-IDs.patch b/Use-SHA-256-instead-of-MD5-for-audit-ticket-IDs.patch index 26df25a..061a7fc 100644 --- a/Use-SHA-256-instead-of-MD5-for-audit-ticket-IDs.patch +++ b/Use-SHA-256-instead-of-MD5-for-audit-ticket-IDs.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Use SHA-256 instead of MD5 for audit ticket IDs ticket: 8711 (new) (cherry picked from commit c1e1bfa26bd2f045e88e6013c500fca9428c98f3) +Signed-off-by: Robbie Harwood --- src/kdc/kdc_audit.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/Use-k5_buf_init_dynamic_zap-where-appropriate.patch b/Use-k5_buf_init_dynamic_zap-where-appropriate.patch index 3d3bcd8..8d8e774 100644 --- a/Use-k5_buf_init_dynamic_zap-where-appropriate.patch +++ b/Use-k5_buf_init_dynamic_zap-where-appropriate.patch @@ -4,6 +4,7 @@ Date: Mon, 26 Mar 2018 11:24:49 -0400 Subject: [PATCH] Use k5_buf_init_dynamic_zap where appropriate (cherry picked from commit 9172599008f3a6790d4a9a67acff58049742dcb6) +Signed-off-by: Robbie Harwood --- src/lib/krb5/ccache/cc_file.c | 4 ++-- src/lib/krb5/ccache/cc_keyring.c | 2 +- diff --git a/Use-libkrb5support-hex-functions-where-appropriate.patch b/Use-libkrb5support-hex-functions-where-appropriate.patch index eab05bc..81c8164 100644 --- a/Use-libkrb5support-hex-functions-where-appropriate.patch +++ b/Use-libkrb5support-hex-functions-where-appropriate.patch @@ -4,6 +4,7 @@ Date: Mon, 19 Feb 2018 00:52:35 -0500 Subject: [PATCH] Use libkrb5support hex functions where appropriate (cherry picked from commit b0c700608be7455041a8afc0e4502e8783ee7f30) +Signed-off-by: Robbie Harwood --- src/kadmin/dbutil/deps | 16 ++--- src/kadmin/dbutil/tabdump.c | 19 +++--- diff --git a/Zap-copy-of-secret-in-RC4-string-to-key.patch b/Zap-copy-of-secret-in-RC4-string-to-key.patch index 7502c25..7f3bbf4 100644 --- a/Zap-copy-of-secret-in-RC4-string-to-key.patch +++ b/Zap-copy-of-secret-in-RC4-string-to-key.patch @@ -11,6 +11,7 @@ freed as the input string typically contains a password. [ghudson@mit.edu: rewrote commit message] ticket: 8713 (new) +Signed-off-by: Robbie Harwood --- src/lib/crypto/krb/s2k_rc4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zap-data-when-freeing-krb5_spake_factor.patch b/Zap-data-when-freeing-krb5_spake_factor.patch index 9ce2462..04652af 100644 --- a/Zap-data-when-freeing-krb5_spake_factor.patch +++ b/Zap-data-when-freeing-krb5_spake_factor.patch @@ -8,6 +8,7 @@ second-factor SPAKE is implemented, so should be zapped when freed. ticket: 8647 (cherry picked from commit 9cc94a3f1ce06a4430f684300a747ec079102403) +Signed-off-by: Robbie Harwood --- src/lib/krb5/krb/kfree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/krb5-1.11-kpasswdtest.patch b/krb5-1.11-kpasswdtest.patch index ddd3ec2..144e3bf 100644 --- a/krb5-1.11-kpasswdtest.patch +++ b/krb5-1.11-kpasswdtest.patch @@ -3,6 +3,7 @@ From: Robbie Harwood Date: Tue, 23 Aug 2016 16:52:01 -0400 Subject: [PATCH] krb5-1.11-kpasswdtest.patch +Signed-off-by: Robbie Harwood --- src/kadmin/testing/proto/krb5.conf.proto | 1 + 1 file changed, 1 insertion(+) diff --git a/krb5-1.11-run_user_0.patch b/krb5-1.11-run_user_0.patch index febb3b3..06f2e6e 100644 --- a/krb5-1.11-run_user_0.patch +++ b/krb5-1.11-run_user_0.patch @@ -6,6 +6,8 @@ Subject: [PATCH] krb5-1.11-run_user_0.patch A hack: if we're looking at creating a ccache directory directly below the /run/user/0 directory, and /run/user/0 doesn't exist, try to create it, too. + +Signed-off-by: Robbie Harwood --- src/lib/krb5/ccache/cc_dir.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/krb5-1.12-api.patch b/krb5-1.12-api.patch index 9eba2ff..dbf6183 100644 --- a/krb5-1.12-api.patch +++ b/krb5-1.12-api.patch @@ -6,6 +6,8 @@ Subject: [PATCH] krb5-1.12-api.patch Reference docs don't define what happens if you call krb5_realm_compare() with malformed krb5_principal structures. Define a behavior which keeps it from crashing if applications don't check ahead of time. + +Signed-off-by: Robbie Harwood --- src/lib/krb5/krb/princ_comp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/krb5-1.12-ksu-path.patch b/krb5-1.12-ksu-path.patch index 19b9e73..b7b1c7e 100644 --- a/krb5-1.12-ksu-path.patch +++ b/krb5-1.12-ksu-path.patch @@ -4,6 +4,8 @@ Date: Tue, 23 Aug 2016 16:32:09 -0400 Subject: [PATCH] krb5-1.12-ksu-path.patch Set the default PATH to the one set by login. + +Signed-off-by: Robbie Harwood --- src/clients/ksu/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krb5-1.12-ktany.patch b/krb5-1.12-ktany.patch index de59827..59bb3d6 100644 --- a/krb5-1.12-ktany.patch +++ b/krb5-1.12-ktany.patch @@ -6,6 +6,8 @@ Subject: [PATCH] krb5-1.12-ktany.patch Adds an "ANY" keytab type which is a list of other keytab locations to search when searching for a specific entry. When iterated through, it only presents the contents of the first keytab. + +Signed-off-by: Robbie Harwood --- src/lib/krb5/keytab/Makefile.in | 3 + src/lib/krb5/keytab/kt_any.c | 292 ++++++++++++++++++++++++++++++++ diff --git a/krb5-1.12.1-pam.patch b/krb5-1.12.1-pam.patch index 97c1e8f..6060ce9 100644 --- a/krb5-1.12.1-pam.patch +++ b/krb5-1.12.1-pam.patch @@ -16,6 +16,8 @@ When enabled, ksu gains a dependency on libpam. Originally RT#5939, though it's changed since then to perform the account and session management before dropping privileges, and to apply on top of changes we're proposing for how it handles cache collections. + +Signed-off-by: Robbie Harwood --- src/aclocal.m4 | 67 +++++++ src/clients/ksu/Makefile.in | 8 +- diff --git a/krb5-1.13-dirsrv-accountlock.patch b/krb5-1.13-dirsrv-accountlock.patch index ff5f73e..7e22280 100644 --- a/krb5-1.13-dirsrv-accountlock.patch +++ b/krb5-1.13-dirsrv-accountlock.patch @@ -5,6 +5,8 @@ Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from original version filed as RT#5891. + +Signed-off-by: Robbie Harwood --- src/aclocal.m4 | 9 +++++++++ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 17 +++++++++++++++++ diff --git a/krb5-1.15-beta1-buildconf.patch b/krb5-1.15-beta1-buildconf.patch index a949727..3e301c8 100644 --- a/krb5-1.15-beta1-buildconf.patch +++ b/krb5-1.15-beta1-buildconf.patch @@ -8,6 +8,8 @@ and install shared libraries with the execute bit set on them. Prune out the -L/usr/lib* and PIE flags where they might leak out and affect apps which just want to link with the libraries. FIXME: needs to check and not just assume that the compiler supports using these flags. + +Signed-off-by: Robbie Harwood --- src/build-tools/krb5-config.in | 7 +++++++ src/config/pre.in | 2 +- diff --git a/krb5-1.15.1-selinux-label.patch b/krb5-1.15.1-selinux-label.patch index 728c72e..b2f6cb0 100644 --- a/krb5-1.15.1-selinux-label.patch +++ b/krb5-1.15.1-selinux-label.patch @@ -35,6 +35,8 @@ stomp all over us. The selabel APIs for looking up the context should be thread-safe (per Red Hat #273081), so switching to using them instead of matchpathcon(), which we used earlier, is some improvement. + +Signed-off-by: Robbie Harwood --- src/aclocal.m4 | 49 +++ src/build-tools/krb5-config.in | 3 +- diff --git a/krb5-1.3.1-dns.patch b/krb5-1.3.1-dns.patch index 1af7c12..9fb9df8 100644 --- a/krb5-1.3.1-dns.patch +++ b/krb5-1.3.1-dns.patch @@ -4,6 +4,8 @@ Date: Tue, 23 Aug 2016 16:46:21 -0400 Subject: [PATCH] krb5-1.3.1-dns.patch We want to be able to use --with-netlib and --enable-dns at the same time. + +Signed-off-by: Robbie Harwood --- src/aclocal.m4 | 1 + 1 file changed, 1 insertion(+) diff --git a/krb5-1.9-debuginfo.patch b/krb5-1.9-debuginfo.patch index 5b0f5bc..4378ff7 100644 --- a/krb5-1.9-debuginfo.patch +++ b/krb5-1.9-debuginfo.patch @@ -6,6 +6,8 @@ Subject: [PATCH] krb5-1.9-debuginfo.patch We want to keep these y.tab.c files around because the debuginfo points to them. It would be more elegant at the end to use symbolic links, but that could mess up people working in the tree on other things. + +Signed-off-by: Robbie Harwood --- src/kadmin/cli/Makefile.in | 5 +++++ src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +- diff --git a/krb5.spec b/krb5.spec index f55d227..db9f9b0 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.16.1 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 17%{?dist} +Release: 18%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz @@ -101,6 +101,7 @@ Patch81: Fix-some-broken-tests-for-Python-3.patch Patch82: Eliminate-preprocessor-disabled-dead-code.patch Patch83: Make-krb5kdc-p-affect-TCP-ports.patch Patch84: Remove-outdated-note-in-krb5kdc-man-page.patch +Patch85: Fix-k5test-prompts-for-Python-3.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -747,6 +748,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Thu Jul 26 2018 Robbie Harwood - 1.16.1-18 +- Fix k5test prompts for Python 3 + * Thu Jul 19 2018 Robbie Harwood - 1.16.1-17 - Remove outdated note in krb5kdc man page