!84 update to 1.21.1

From: @yunjia_w Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
2023-07-28 03:36:43 +00:00 · 2023-07-28 03:36:43 +00:00 · 7dc08a6a2a
commit 7dc08a6a2a
parent 07a34d8888 76bb61e17e
5 changed files with 46 additions and 55 deletions
--- a/Remove-3des-support.patch
+++ b/Remove-3des-support.patch
@ -32,7 +32,7 @@ Last-updated: 1.20-final
 src/include/krb5/krb5.hin                     |  10 +-
 src/kdc/kdc_util.c                            |   4 -
 src/lib/crypto/Makefile.in                    |   8 +-
- src/lib/crypto/builtin/Makefile.in            |   6 +-
+ src/lib/crypto/builtin/Makefile.in            |   4 +-
 src/lib/crypto/builtin/des/ISSUES             |  13 -
 src/lib/crypto/builtin/des/Makefile.in        |  82 ----
 src/lib/crypto/builtin/des/d3_aead.c          | 137 ------
@ -74,7 +74,7 @@ Last-updated: 1.20-final
 src/lib/crypto/krb/prf_des.c                  |  47 ---
 src/lib/crypto/krb/random_to_key.c            |  28 --
 src/lib/crypto/libk5crypto.exports            |   1 -
- src/lib/crypto/openssl/Makefile.in            |   8 +-
+ src/lib/crypto/openssl/Makefile.in            |   6 +-
 src/lib/crypto/openssl/des/Makefile.in        |  20 -
 src/lib/crypto/openssl/des/deps               |  14 -
 src/lib/crypto/openssl/des/des_keys.c         |  39 --
@ -98,7 +98,7 @@ Last-updated: 1.20-final
 src/plugins/preauth/pkinit/pkinit_crypto.h    |  10 +-
 src/plugins/preauth/pkinit/pkinit_kdf_test.c  |  30 --
 src/plugins/preauth/spake/t_vectors.c         |  25 --
- src/tests/gssapi/t_enctypes.py                |  33 +-
+ src/tests/gssapi/t_enctypes.py                |  35 +-
 src/tests/gssapi/t_invalid.c                  |  12 -
 src/tests/gssapi/t_pcontok.c                  |  16 +-
 src/tests/gssapi/t_prf.c                      |   7 -
@ -429,15 +429,6 @@ index daf19da195..c9e967c807 100644
 	$(srcdir)/kdf.c		\
 	$(srcdir)/pbkdf2.c	
 -STOBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 +STOBJLISTS= md4/OBJS.ST 		\
 	md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST	\
 	enc_provider/OBJS.ST 		\
 	hash_provider/OBJS.ST 		\
@@ -33,7 +33,7 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 	camellia/OBJS.ST 		\
 	OBJS.ST
 -SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 +SUBDIROBJLISTS= md4/OBJS.ST	 	\
 		md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST 	\
@ -4873,24 +4864,16 @@ index 08de047d0a..88f7fd0a09 100644
 LOCALINCLUDES=-I$(srcdir)/../krb $(CRYPTO_IMPL_CFLAGS)
 STLIBOBJS=\
-@@ -24,14 +24,14 @@ SRCS=\
+@@ -24,7 +24,7 @@ SRCS=\
 	$(srcdir)/pbkdf2.c	\
 	$(srcdir)/sha256.c
 -STOBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 +STOBJLISTS= md4/OBJS.ST 		\
 	md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST 	\
 	enc_provider/OBJS.ST 		\
 	hash_provider/OBJS.ST 		\
 	aes/OBJS.ST 			\
 	OBJS.ST
 -SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 +SUBDIROBJLISTS= md4/OBJS.ST 		\
 		md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST 	\
 		enc_provider/OBJS.ST 		\
 		hash_provider/OBJS.ST 		\
-@@ -42,7 +42,7 @@ includes: depend
+@@ -37,7 +37,7 @@ includes: depend
 depend: $(SRCS)
@ -5327,14 +5310,14 @@ index d1cdce486f..7f7146a0a2 100644
 -         */
 -        if (md5cksum.length != cksum_size)
 -            abort ();
-        memcpy (ptr+14, md5cksum.contents, md5cksum.length);
+-        memcpy(checksum, md5cksum.contents, md5cksum.length);
 -        break;
 -    case SGN_ALG_HMAC_MD5:
-        memcpy (ptr+14, md5cksum.contents, cksum_size);
+-        memcpy(checksum, md5cksum.contents, cksum_size);
 -        break;
 -    }
 +
-+    memcpy (ptr+14, md5cksum.contents, cksum_size);
+    memcpy(checksum, md5cksum.contents, cksum_size);
     krb5_free_checksum_contents(context, &md5cksum);
@ -5373,13 +5356,13 @@ index 9bb2ee1099..9147bb2c78 100644
 -    switch (ctx->signalg) {
 -    case SGN_ALG_HMAC_SHA1_DES3_KD:
 -        assert(md5cksum.length == ctx->cksum_size);
-        memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
+-        memcpy(checksum, md5cksum.contents, md5cksum.length);
 -        break;
 -    case SGN_ALG_HMAC_MD5:
-        memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
+-        memcpy(checksum, md5cksum.contents, ctx->cksum_size);
 -        break;
 -    }
-+    memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
+    memcpy(checksum, md5cksum.contents, ctx->cksum_size);
     /* create the seq_num */
     code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF,
@ -5877,7 +5860,7 @@ diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py
 index 7494d7fcdb..2f95d89967 100755
 --- a/src/tests/gssapi/t_enctypes.py
 +++ b/src/tests/gssapi/t_enctypes.py
-@@ -1,24 +1,17 @@
+@@ -1,25 +1,18 @@
 from k5test import *
 -# Define some convenience abbreviations for enctypes we will see in
@ -5901,9 +5884,11 @@ index 7494d7fcdb..2f95d89967 100755
 # These tests make assumptions about the default enctype lists, so set
 # them explicitly rather than relying on the library defaults.
 -supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'},
+-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4',
 -                        'allow_des3': 'true', 'allow_rc4': 'true'},
 +supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal'
-+conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'},
+conf = {'libdefaults': {'permitted_enctypes': 'aes rc4',
 +                        'allow_rc4': 'true'},
         'realms': {'$realm': {'supported_enctypes': supp}}}
 realm = K5Realm(krb5_conf=conf)
 shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))
@ -6035,14 +6020,16 @@ diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py
 index c982508d8b..96e90a69d2 100644
 --- a/src/tests/t_etype_info.py
 +++ b/src/tests/t_etype_info.py
-@@ -1,6 +1,6 @@
+@@ -1,7 +1,7 @@
 from k5test import *
 -supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac'
 -conf = {'libdefaults': {'allow_des3': 'true', 'allow_rc4': 'true'},
 +supported_enctypes = 'aes128-cts rc4-hmac'
- conf = {'libdefaults': {'allow_weak_crypto': 'true'},
+conf = {'libdefaults': {'allow_rc4': 'true'},
         'realms': {'$realm': {'supported_enctypes': supported_enctypes}}}
 realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
@@ -26,9 +26,9 @@ def test_etinfo(princ, enctypes, expected_lines):
 # With no newer enctypes in the request, PA-ETYPE-INFO2,
 # PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one
@ -6191,14 +6178,14 @@ index 619f1995f8..771f82e3cc 100644
 -    # Exercise the DES3 enctype.
 -    ('des3', None,
-     {'libdefaults': {'permitted_enctypes': 'des3'}},
+-     {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
 -     {'realms': {'$realm': {
 -                    'supported_enctypes': 'des3-cbc-sha1:normal',
 -                    'master_key_type': 'des3-cbc-sha1'}}}),
 -
     # Exercise the arcfour enctype.
     ('arcfour', None,
-      {'libdefaults': {'permitted_enctypes': 'rc4'}},
+      {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
 diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm
 index 1aebdd0b4a..c38eefd2bd 100644
 --- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm
--- a/krb5-1.20.1.tar.gz.asc
+++ b/krb5-1.20.1.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNvED8ACgkQDLoIV1+D
 ct9uKw/8C5GS8mdh335lB+bkfjYYCZLD+oQToDAAbdCddrIcuLftvnTfXJ8cMtMc
 UT2hsp8u7ZupjJRevdhaH7fFwomc0V8iSES5J2cQHTNd9aK93j/W6NaMoqWLrQWg
 jx99oqLn7orvp8N5RufEQcNMNWhFIX4XSfrA3vPfHbbffA2vkjJzOGno4UHi8zUn
 6nye7jbrBpiQIeFIJSS3VPsvGrKdRgb9BqGTUsqPIuFvr3Qvo42lKr5X8CWYSXjK
 0aKlOpfbWdkteEe2o84/wyMpuGvmYkmOgaMB5xQ3jfEuvPNAWX2CWHNDamiqwBT/
 YxwhZimNa1B9r3P1yDHvpUu8cJaRzw2UDRi2f3Kztrmn2jlqzmoZ31WBALJA7lmL
 SrVFdXi7AcWwppMp1kbe9SvurCXID8/Q4n+qAdzSvqrXbeWerVUkdYFvtxQ1bMJR
 jnqN11iZFYaoCaaR2lFEhjoMdR80jUa2m6vdF7a7xhH1UvuPHDnzLT9X/TiPvx0R
 Itrp5MMIrUQHcZUL9hM5hrg3nxEsGsSCnjB0zWDmgXdLGwd4CvcOF4HPQR3BBlEH
 CLtAa27bBXMJTYVvmmKt06hw+U3ALDfUlFrV6ZNLr9ug69l29n7JoChAbZ97Hx1m
 twPwJpKd8AiUz+j3KCfgGU21qMbHNP3jEn3q9tkq0qcs/z7RCmU=
 =1WIq
 -----END PGP SIGNATURE-----
--- a/krb5-1.21.1.tar.gz
+++ b/krb5-1.21.1.tar.gz
--- a/krb5-1.21.1.tar.gz.asc
+++ b/krb5-1.21.1.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmSsc/kACgkQDLoIV1+D
 ct+wPxAArlkJs5WpFIm2JDJXGF82BNw/FEhg+OkWcPHeLMWJF8qO0AxVp8Yq4g1g
 qFpTABwY8V2tfr84XQJ6rw7Qq93NjRjFHr1z1tDmCceLisXof6Tu7/RKjHwNmJt8
 M3srmsXPlmx/7cXuaYIljJfftun3D/iuEaydWluGb1DZicaU/OsofGhKE8/YEZrN
 H0XdIC45raG4O9t6CGjQRcAIv5Z4afCtXH4aaEmLg6E2+aTUyx+czu7nBASCaTyv
 s4df8fhbVpdBi6iA6BQJC296Rc1gyDnuxnjyCH8Rj2gTuiI4Oa2dxRPGT3mjksz3
 OheYcXK9XGCtUbG22zrxqUuHDA3jF6KKmsVSXnbygB6XSS/c0bqmeDRTQGPksWH6
 RJbmlKG9PQ0BavlXRa7Nupaa7f0jblFiduScYujRsyWxi/8YkckedugYyuww59gV
 piUwGGRDWldy+JIAYtvzirsfe6Oum0/SKY5wYXyKv0flM95pbfBEw+TzRxmlCQ5J
 +i8L9Frr4gTmT576GHB6WzBlOEPf6mRc8jg0DyyUOoDHXyj4MCyJGEJxvcyVV1WX
 tJlu0uH1f8pMZx4IQ279PsNFimO/NsdSTefqiVGXA7FWK1EPLc+l9ZBcrLi9KEmJ
 7TfVq9cAg6+m2tql+gjAQrfXHUU1mNdPLFMnShYlqHjTle4cQKE=
 =AIvQ
 -----END PGP SIGNATURE-----
--- a/krb5.spec
+++ b/krb5.spec
@ -2,13 +2,13 @@
 %global WITH_DIRSRV 1
 Name:     krb5
-Version:  1.20.1
+Version:  1.21.1
-Release:  2
+Release:  1
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
-Source0:  https://web.mit.edu/kerberos/dist/krb5/1.20/%{name}-%{version}.tar.gz
+Source0:  https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz
-Source1:  https://web.mit.edu/kerberos/dist/krb5/1.20/%{name}-%{version}.tar.gz.asc
+Source1:  https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz.asc
 Source2:  kprop.service
 Source3:  kadmin.service
 Source4:  krb5kdc.service
@ -19,6 +19,7 @@ Source11: ksu.pamd
 Source12: krb5kdc.logrotate
 Source13: kadmind.logrotate
 Source100: noport.c 
 Patch0: ksu-pam-integration.patch
 Patch1: SELinux-integration.patch
 Patch2: Adjust-build-configuration.patch
@ -323,6 +324,9 @@ make -C src check || :
 %{_mandir}/man8/*
 %changelog
 * Sat Jul 22 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-1
 - Update to 1.21.1
 * Thu Jun 15 2023 yixiangzhike <yixiangzhike007@163.com> - 1.20.1-2
 - Add kerberos.schema and kerberos.ldif for plugin ldap