diff --git a/Remove-3des-support.patch b/Remove-3des-support.patch index 4ec3a0ff32138222d89205acab1a5ba332d44d1c..32ef7ffa709f492a0831a26e58a5bcd4f996cf0c 100644 --- a/Remove-3des-support.patch +++ b/Remove-3des-support.patch @@ -32,7 +32,7 @@ Last-updated: 1.20-final src/include/krb5/krb5.hin | 10 +- src/kdc/kdc_util.c | 4 - src/lib/crypto/Makefile.in | 8 +- - src/lib/crypto/builtin/Makefile.in | 6 +- + src/lib/crypto/builtin/Makefile.in | 4 +- src/lib/crypto/builtin/des/ISSUES | 13 - src/lib/crypto/builtin/des/Makefile.in | 82 ---- src/lib/crypto/builtin/des/d3_aead.c | 137 ------ @@ -74,7 +74,7 @@ Last-updated: 1.20-final src/lib/crypto/krb/prf_des.c | 47 --- src/lib/crypto/krb/random_to_key.c | 28 -- src/lib/crypto/libk5crypto.exports | 1 - - src/lib/crypto/openssl/Makefile.in | 8 +- + src/lib/crypto/openssl/Makefile.in | 6 +- src/lib/crypto/openssl/des/Makefile.in | 20 - src/lib/crypto/openssl/des/deps | 14 - src/lib/crypto/openssl/des/des_keys.c | 39 -- @@ -98,7 +98,7 @@ Last-updated: 1.20-final src/plugins/preauth/pkinit/pkinit_crypto.h | 10 +- src/plugins/preauth/pkinit/pkinit_kdf_test.c | 30 -- src/plugins/preauth/spake/t_vectors.c | 25 -- - src/tests/gssapi/t_enctypes.py | 33 +- + src/tests/gssapi/t_enctypes.py | 35 +- src/tests/gssapi/t_invalid.c | 12 - src/tests/gssapi/t_pcontok.c | 16 +- src/tests/gssapi/t_prf.c | 7 - @@ -429,15 +429,6 @@ index daf19da195..c9e967c807 100644 $(srcdir)/kdf.c \ $(srcdir)/pbkdf2.c --STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ -+STOBJLISTS= md4/OBJS.ST \ - md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ - enc_provider/OBJS.ST \ - hash_provider/OBJS.ST \ -@@ -33,7 +33,7 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ - camellia/OBJS.ST \ - OBJS.ST - -SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ +SUBDIROBJLISTS= md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ @@ -4873,24 +4864,16 @@ index 08de047d0a..88f7fd0a09 100644 LOCALINCLUDES=-I$(srcdir)/../krb $(CRYPTO_IMPL_CFLAGS) STLIBOBJS=\ -@@ -24,14 +24,14 @@ SRCS=\ +@@ -24,7 +24,7 @@ SRCS=\ $(srcdir)/pbkdf2.c \ $(srcdir)/sha256.c --STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ -+STOBJLISTS= md4/OBJS.ST \ - md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ - enc_provider/OBJS.ST \ - hash_provider/OBJS.ST \ - aes/OBJS.ST \ - OBJS.ST - -SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ +SUBDIROBJLISTS= md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ -@@ -42,7 +42,7 @@ includes: depend +@@ -37,7 +37,7 @@ includes: depend depend: $(SRCS) @@ -5327,14 +5310,14 @@ index d1cdce486f..7f7146a0a2 100644 - */ - if (md5cksum.length != cksum_size) - abort (); -- memcpy (ptr+14, md5cksum.contents, md5cksum.length); +- memcpy(checksum, md5cksum.contents, md5cksum.length); - break; - case SGN_ALG_HMAC_MD5: -- memcpy (ptr+14, md5cksum.contents, cksum_size); +- memcpy(checksum, md5cksum.contents, cksum_size); - break; - } + -+ memcpy (ptr+14, md5cksum.contents, cksum_size); ++ memcpy(checksum, md5cksum.contents, cksum_size); krb5_free_checksum_contents(context, &md5cksum); @@ -5373,13 +5356,13 @@ index 9bb2ee1099..9147bb2c78 100644 - switch (ctx->signalg) { - case SGN_ALG_HMAC_SHA1_DES3_KD: - assert(md5cksum.length == ctx->cksum_size); -- memcpy(ptr + 14, md5cksum.contents, md5cksum.length); +- memcpy(checksum, md5cksum.contents, md5cksum.length); - break; - case SGN_ALG_HMAC_MD5: -- memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); +- memcpy(checksum, md5cksum.contents, ctx->cksum_size); - break; - } -+ memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); ++ memcpy(checksum, md5cksum.contents, ctx->cksum_size); /* create the seq_num */ code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF, @@ -5877,7 +5860,7 @@ diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py index 7494d7fcdb..2f95d89967 100755 --- a/src/tests/gssapi/t_enctypes.py +++ b/src/tests/gssapi/t_enctypes.py -@@ -1,24 +1,17 @@ +@@ -1,25 +1,18 @@ from k5test import * -# Define some convenience abbreviations for enctypes we will see in @@ -5901,9 +5884,11 @@ index 7494d7fcdb..2f95d89967 100755 # These tests make assumptions about the default enctype lists, so set # them explicitly rather than relying on the library defaults. -supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal' --conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'}, +-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4', +- 'allow_des3': 'true', 'allow_rc4': 'true'}, +supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal' -+conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'}, ++conf = {'libdefaults': {'permitted_enctypes': 'aes rc4', ++ 'allow_rc4': 'true'}, 'realms': {'$realm': {'supported_enctypes': supp}}} realm = K5Realm(krb5_conf=conf) shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save')) @@ -6035,14 +6020,16 @@ diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py index c982508d8b..96e90a69d2 100644 --- a/src/tests/t_etype_info.py +++ b/src/tests/t_etype_info.py -@@ -1,6 +1,6 @@ +@@ -1,7 +1,7 @@ from k5test import * -supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac' +-conf = {'libdefaults': {'allow_des3': 'true', 'allow_rc4': 'true'}, +supported_enctypes = 'aes128-cts rc4-hmac' - conf = {'libdefaults': {'allow_weak_crypto': 'true'}, ++conf = {'libdefaults': {'allow_rc4': 'true'}, 'realms': {'$realm': {'supported_enctypes': supported_enctypes}}} realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) + @@ -26,9 +26,9 @@ def test_etinfo(princ, enctypes, expected_lines): # With no newer enctypes in the request, PA-ETYPE-INFO2, # PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one @@ -6191,14 +6178,14 @@ index 619f1995f8..771f82e3cc 100644 - # Exercise the DES3 enctype. - ('des3', None, -- {'libdefaults': {'permitted_enctypes': 'des3'}}, +- {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}}, - {'realms': {'$realm': { - 'supported_enctypes': 'des3-cbc-sha1:normal', - 'master_key_type': 'des3-cbc-sha1'}}}), - # Exercise the arcfour enctype. ('arcfour', None, - {'libdefaults': {'permitted_enctypes': 'rc4'}}, + {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}}, diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm index 1aebdd0b4a..c38eefd2bd 100644 --- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm diff --git a/krb5-1.20.1.tar.gz.asc b/krb5-1.20.1.tar.gz.asc deleted file mode 100644 index b928cb8d13e97e693d1e41ec7e70c1c52d9bbe76..0000000000000000000000000000000000000000 --- a/krb5-1.20.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNvED8ACgkQDLoIV1+D -ct9uKw/8C5GS8mdh335lB+bkfjYYCZLD+oQToDAAbdCddrIcuLftvnTfXJ8cMtMc -UT2hsp8u7ZupjJRevdhaH7fFwomc0V8iSES5J2cQHTNd9aK93j/W6NaMoqWLrQWg -jx99oqLn7orvp8N5RufEQcNMNWhFIX4XSfrA3vPfHbbffA2vkjJzOGno4UHi8zUn -6nye7jbrBpiQIeFIJSS3VPsvGrKdRgb9BqGTUsqPIuFvr3Qvo42lKr5X8CWYSXjK -0aKlOpfbWdkteEe2o84/wyMpuGvmYkmOgaMB5xQ3jfEuvPNAWX2CWHNDamiqwBT/ -YxwhZimNa1B9r3P1yDHvpUu8cJaRzw2UDRi2f3Kztrmn2jlqzmoZ31WBALJA7lmL -SrVFdXi7AcWwppMp1kbe9SvurCXID8/Q4n+qAdzSvqrXbeWerVUkdYFvtxQ1bMJR -jnqN11iZFYaoCaaR2lFEhjoMdR80jUa2m6vdF7a7xhH1UvuPHDnzLT9X/TiPvx0R -Itrp5MMIrUQHcZUL9hM5hrg3nxEsGsSCnjB0zWDmgXdLGwd4CvcOF4HPQR3BBlEH -CLtAa27bBXMJTYVvmmKt06hw+U3ALDfUlFrV6ZNLr9ug69l29n7JoChAbZ97Hx1m -twPwJpKd8AiUz+j3KCfgGU21qMbHNP3jEn3q9tkq0qcs/z7RCmU= -=1WIq ------END PGP SIGNATURE----- diff --git a/krb5-1.20.1.tar.gz b/krb5-1.21.1.tar.gz similarity index 52% rename from krb5-1.20.1.tar.gz rename to krb5-1.21.1.tar.gz index 091717f8fc85d5b109fcdfb0113c9df32ea43e7d..8620787b8e42879a3544b642bd83bab38448b117 100644 Binary files a/krb5-1.20.1.tar.gz and b/krb5-1.21.1.tar.gz differ diff --git a/krb5-1.21.1.tar.gz.asc b/krb5-1.21.1.tar.gz.asc new file mode 100644 index 0000000000000000000000000000000000000000..e137e353eea77b9e97651379454c62c75fd40a68 --- /dev/null +++ b/krb5-1.21.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmSsc/kACgkQDLoIV1+D +ct+wPxAArlkJs5WpFIm2JDJXGF82BNw/FEhg+OkWcPHeLMWJF8qO0AxVp8Yq4g1g +qFpTABwY8V2tfr84XQJ6rw7Qq93NjRjFHr1z1tDmCceLisXof6Tu7/RKjHwNmJt8 +M3srmsXPlmx/7cXuaYIljJfftun3D/iuEaydWluGb1DZicaU/OsofGhKE8/YEZrN +H0XdIC45raG4O9t6CGjQRcAIv5Z4afCtXH4aaEmLg6E2+aTUyx+czu7nBASCaTyv +s4df8fhbVpdBi6iA6BQJC296Rc1gyDnuxnjyCH8Rj2gTuiI4Oa2dxRPGT3mjksz3 +OheYcXK9XGCtUbG22zrxqUuHDA3jF6KKmsVSXnbygB6XSS/c0bqmeDRTQGPksWH6 +RJbmlKG9PQ0BavlXRa7Nupaa7f0jblFiduScYujRsyWxi/8YkckedugYyuww59gV +piUwGGRDWldy+JIAYtvzirsfe6Oum0/SKY5wYXyKv0flM95pbfBEw+TzRxmlCQ5J ++i8L9Frr4gTmT576GHB6WzBlOEPf6mRc8jg0DyyUOoDHXyj4MCyJGEJxvcyVV1WX +tJlu0uH1f8pMZx4IQ279PsNFimO/NsdSTefqiVGXA7FWK1EPLc+l9ZBcrLi9KEmJ +7TfVq9cAg6+m2tql+gjAQrfXHUU1mNdPLFMnShYlqHjTle4cQKE= +=AIvQ +-----END PGP SIGNATURE----- diff --git a/krb5.spec b/krb5.spec index 538e5a8e932bf0dd4005466e16703a2638a20571..c844142485030a165609083f5f132cda72ee549b 100644 --- a/krb5.spec +++ b/krb5.spec @@ -2,13 +2,13 @@ %global WITH_DIRSRV 1 Name: krb5 -Version: 1.20.1 -Release: 2 +Version: 1.21.1 +Release: 1 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ -Source0: https://web.mit.edu/kerberos/dist/krb5/1.20/%{name}-%{version}.tar.gz -Source1: https://web.mit.edu/kerberos/dist/krb5/1.20/%{name}-%{version}.tar.gz.asc +Source0: https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz +Source1: https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz.asc Source2: kprop.service Source3: kadmin.service Source4: krb5kdc.service @@ -19,6 +19,7 @@ Source11: ksu.pamd Source12: krb5kdc.logrotate Source13: kadmind.logrotate Source100: noport.c + Patch0: ksu-pam-integration.patch Patch1: SELinux-integration.patch Patch2: Adjust-build-configuration.patch @@ -323,6 +324,9 @@ make -C src check || : %{_mandir}/man8/* %changelog +* Sat Jul 22 2023 wangyunjia - 1.21.1-1 +- Update to 1.21.1 + * Thu Jun 15 2023 yixiangzhike - 1.20.1-2 - Add kerberos.schema and kerberos.ldif for plugin ldap