packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 1.21.1

Browse Source 
Signed-off-by: yunjia_w <yunjia.wang@huawei.com>
This commit is contained in:
yunjia_w 2023-07-22 14:59:30 +08:00
parent 07a34d8888
commit 76bb61e17e
5 changed files with 46 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
Remove-3des-support.patch
View File

@ -32,7 +32,7 @@ Last-updated: 1.20-final
src/include/krb5/krb5.hin | 10 +-
src/kdc/kdc_util.c | 4 -
src/lib/crypto/Makefile.in | 8 +-
src/lib/crypto/builtin/Makefile.in | 6 +-
src/lib/crypto/builtin/Makefile.in | 4 +-
src/lib/crypto/builtin/des/ISSUES | 13 -
src/lib/crypto/builtin/des/Makefile.in | 82 ----
src/lib/crypto/builtin/des/d3_aead.c | 137 ------
@ -74,7 +74,7 @@ Last-updated: 1.20-final
src/lib/crypto/krb/prf_des.c | 47 ---
src/lib/crypto/krb/random_to_key.c | 28 --
src/lib/crypto/libk5crypto.exports | 1 -
src/lib/crypto/openssl/Makefile.in | 8 +-
src/lib/crypto/openssl/Makefile.in | 6 +-
src/lib/crypto/openssl/des/Makefile.in | 20 -
src/lib/crypto/openssl/des/deps | 14 -
src/lib/crypto/openssl/des/des_keys.c | 39 --
@ -98,7 +98,7 @@ Last-updated: 1.20-final
src/plugins/preauth/pkinit/pkinit_crypto.h | 10 +-
src/plugins/preauth/pkinit/pkinit_kdf_test.c | 30 --
src/plugins/preauth/spake/t_vectors.c | 25 --
src/tests/gssapi/t_enctypes.py | 33 +-
src/tests/gssapi/t_enctypes.py | 35 +-
src/tests/gssapi/t_invalid.c | 12 -
src/tests/gssapi/t_pcontok.c | 16 +-
src/tests/gssapi/t_prf.c | 7 -
@ -429,15 +429,6 @@ index daf19da195..c9e967c807 100644
$(srcdir)/kdf.c \
$(srcdir)/pbkdf2.c
-STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
+STOBJLISTS= md4/OBJS.ST \
md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
@@ -33,7 +33,7 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
camellia/OBJS.ST \
OBJS.ST
-SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
+SUBDIROBJLISTS= md4/OBJS.ST \
md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
@ -4873,24 +4864,16 @@ index 08de047d0a..88f7fd0a09 100644
LOCALINCLUDES=-I$(srcdir)/../krb $(CRYPTO_IMPL_CFLAGS)
STLIBOBJS=\
@@ -24,14 +24,14 @@ SRCS=\
@@ -24,7 +24,7 @@ SRCS=\
$(srcdir)/pbkdf2.c \
$(srcdir)/sha256.c
-STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
+STOBJLISTS= md4/OBJS.ST \
md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
OBJS.ST
-SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
+SUBDIROBJLISTS= md4/OBJS.ST \
md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
@@ -42,7 +42,7 @@ includes: depend
@@ -37,7 +37,7 @@ includes: depend
depend: $(SRCS)
@ -5327,14 +5310,14 @@ index d1cdce486f..7f7146a0a2 100644
- */
- if (md5cksum.length != cksum_size)
- abort ();
- memcpy (ptr+14, md5cksum.contents, md5cksum.length);
- memcpy(checksum, md5cksum.contents, md5cksum.length);
- break;
- case SGN_ALG_HMAC_MD5:
- memcpy (ptr+14, md5cksum.contents, cksum_size);
- memcpy(checksum, md5cksum.contents, cksum_size);
- break;
- }
+
+ memcpy (ptr+14, md5cksum.contents, cksum_size);
+ memcpy(checksum, md5cksum.contents, cksum_size);
krb5_free_checksum_contents(context, &md5cksum);
@ -5373,13 +5356,13 @@ index 9bb2ee1099..9147bb2c78 100644
- switch (ctx->signalg) {
- case SGN_ALG_HMAC_SHA1_DES3_KD:
- assert(md5cksum.length == ctx->cksum_size);
- memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
- memcpy(checksum, md5cksum.contents, md5cksum.length);
- break;
- case SGN_ALG_HMAC_MD5:
- memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
- memcpy(checksum, md5cksum.contents, ctx->cksum_size);
- break;
- }
+ memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
+ memcpy(checksum, md5cksum.contents, ctx->cksum_size);
/* create the seq_num */
code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF,
@ -5877,7 +5860,7 @@ diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py
index 7494d7fcdb..2f95d89967 100755
--- a/src/tests/gssapi/t_enctypes.py
+++ b/src/tests/gssapi/t_enctypes.py
@@ -1,24 +1,17 @@
@@ -1,25 +1,18 @@
from k5test import *
-# Define some convenience abbreviations for enctypes we will see in
@ -5901,9 +5884,11 @@ index 7494d7fcdb..2f95d89967 100755
# These tests make assumptions about the default enctype lists, so set
# them explicitly rather than relying on the library defaults.
-supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'},
-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4',
- 'allow_des3': 'true', 'allow_rc4': 'true'},
+supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal'
+conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'},
+conf = {'libdefaults': {'permitted_enctypes': 'aes rc4',
+ 'allow_rc4': 'true'},
'realms': {'$realm': {'supported_enctypes': supp}}}
realm = K5Realm(krb5_conf=conf)
shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))
@ -6035,14 +6020,16 @@ diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py
index c982508d8b..96e90a69d2 100644
--- a/src/tests/t_etype_info.py
+++ b/src/tests/t_etype_info.py
@@ -1,6 +1,6 @@
@@ -1,7 +1,7 @@
from k5test import *
-supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac'
-conf = {'libdefaults': {'allow_des3': 'true', 'allow_rc4': 'true'},
+supported_enctypes = 'aes128-cts rc4-hmac'
conf = {'libdefaults': {'allow_weak_crypto': 'true'},
+conf = {'libdefaults': {'allow_rc4': 'true'},
'realms': {'$realm': {'supported_enctypes': supported_enctypes}}}
realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
@@ -26,9 +26,9 @@ def test_etinfo(princ, enctypes, expected_lines):
# With no newer enctypes in the request, PA-ETYPE-INFO2,
# PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one
@ -6191,14 +6178,14 @@ index 619f1995f8..771f82e3cc 100644
- # Exercise the DES3 enctype.
- ('des3', None,
- {'libdefaults': {'permitted_enctypes': 'des3'}},
- {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
- {'realms': {'$realm': {
- 'supported_enctypes': 'des3-cbc-sha1:normal',
- 'master_key_type': 'des3-cbc-sha1'}}}),
-
# Exercise the arcfour enctype.
('arcfour', None,
{'libdefaults': {'permitted_enctypes': 'rc4'}},
{'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm
index 1aebdd0b4a..c38eefd2bd 100644
--- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm

16
krb5-1.20.1.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNvED8ACgkQDLoIV1+D
ct9uKw/8C5GS8mdh335lB+bkfjYYCZLD+oQToDAAbdCddrIcuLftvnTfXJ8cMtMc
UT2hsp8u7ZupjJRevdhaH7fFwomc0V8iSES5J2cQHTNd9aK93j/W6NaMoqWLrQWg
jx99oqLn7orvp8N5RufEQcNMNWhFIX4XSfrA3vPfHbbffA2vkjJzOGno4UHi8zUn
6nye7jbrBpiQIeFIJSS3VPsvGrKdRgb9BqGTUsqPIuFvr3Qvo42lKr5X8CWYSXjK
0aKlOpfbWdkteEe2o84/wyMpuGvmYkmOgaMB5xQ3jfEuvPNAWX2CWHNDamiqwBT/
YxwhZimNa1B9r3P1yDHvpUu8cJaRzw2UDRi2f3Kztrmn2jlqzmoZ31WBALJA7lmL
SrVFdXi7AcWwppMp1kbe9SvurCXID8/Q4n+qAdzSvqrXbeWerVUkdYFvtxQ1bMJR
jnqN11iZFYaoCaaR2lFEhjoMdR80jUa2m6vdF7a7xhH1UvuPHDnzLT9X/TiPvx0R
Itrp5MMIrUQHcZUL9hM5hrg3nxEsGsSCnjB0zWDmgXdLGwd4CvcOF4HPQR3BBlEH
CLtAa27bBXMJTYVvmmKt06hw+U3ALDfUlFrV6ZNLr9ug69l29n7JoChAbZ97Hx1m
twPwJpKd8AiUz+j3KCfgGU21qMbHNP3jEn3q9tkq0qcs/z7RCmU=
=1WIq
-----END PGP SIGNATURE-----

BIN
krb5-1.20.1.tar.gz → krb5-1.21.1.tar.gz
View File

Binary file not shown.

16
krb5-1.21.1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmSsc/kACgkQDLoIV1+D
ct+wPxAArlkJs5WpFIm2JDJXGF82BNw/FEhg+OkWcPHeLMWJF8qO0AxVp8Yq4g1g
qFpTABwY8V2tfr84XQJ6rw7Qq93NjRjFHr1z1tDmCceLisXof6Tu7/RKjHwNmJt8
M3srmsXPlmx/7cXuaYIljJfftun3D/iuEaydWluGb1DZicaU/OsofGhKE8/YEZrN
H0XdIC45raG4O9t6CGjQRcAIv5Z4afCtXH4aaEmLg6E2+aTUyx+czu7nBASCaTyv
s4df8fhbVpdBi6iA6BQJC296Rc1gyDnuxnjyCH8Rj2gTuiI4Oa2dxRPGT3mjksz3
OheYcXK9XGCtUbG22zrxqUuHDA3jF6KKmsVSXnbygB6XSS/c0bqmeDRTQGPksWH6
RJbmlKG9PQ0BavlXRa7Nupaa7f0jblFiduScYujRsyWxi/8YkckedugYyuww59gV
piUwGGRDWldy+JIAYtvzirsfe6Oum0/SKY5wYXyKv0flM95pbfBEw+TzRxmlCQ5J
+i8L9Frr4gTmT576GHB6WzBlOEPf6mRc8jg0DyyUOoDHXyj4MCyJGEJxvcyVV1WX
tJlu0uH1f8pMZx4IQ279PsNFimO/NsdSTefqiVGXA7FWK1EPLc+l9ZBcrLi9KEmJ
7TfVq9cAg6+m2tql+gjAQrfXHUU1mNdPLFMnShYlqHjTle4cQKE=
=AIvQ
-----END PGP SIGNATURE-----

12
krb5.spec
View File

@ -2,13 +2,13 @@
%global WITH_DIRSRV 1
Name: krb5
Version: 1.20.1
Release: 2
Version: 1.21.1
Release: 1
Summary: The Kerberos network authentication protocol
License: MIT
URL: http://web.mit.edu/kerberos/www/
Source0: https://web.mit.edu/kerberos/dist/krb5/1.20/%{name}-%{version}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/1.20/%{name}-%{version}.tar.gz.asc
Source0: https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz.asc
Source2: kprop.service
Source3: kadmin.service
Source4: krb5kdc.service
@ -19,6 +19,7 @@ Source11: ksu.pamd
Source12: krb5kdc.logrotate
Source13: kadmind.logrotate
Source100: noport.c
Patch0: ksu-pam-integration.patch
Patch1: SELinux-integration.patch
Patch2: Adjust-build-configuration.patch
@ -323,6 +324,9 @@ make -C src check || :
%{_mandir}/man8/*
%changelog
* Sat Jul 22 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-1
- Update to 1.21.1
* Thu Jun 15 2023 yixiangzhike <yixiangzhike007@163.com> - 1.20.1-2
- Add kerberos.schema and kerberos.ldif for plugin ldap