From patchwork Mon Dec  7 14:23:05 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Erik Kapfer <erik.kapfer@ipfire.org>
X-Patchwork-Id: 3711
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CqQX13FHqz3wfs
	for <patchwork@web04.haj.ipfire.org>; Mon,  7 Dec 2020 14:23:13 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4CqQWz51GpzD0;
	Mon,  7 Dec 2020 14:23:11 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CqQWz3g2pz2y66;
	Mon,  7 Dec 2020 14:23:11 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CqQWx6t2Nz2xVW
 for <development@lists.ipfire.org>; Mon,  7 Dec 2020 14:23:09 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4CqQWx0kJ1zD0;
 Mon,  7 Dec 2020 14:23:09 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1607350989;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=S1pzopFSVJKbh2uWmkSn+NUkIiehoLAjuE6gvJrtGRY=;
 b=z8TQxzT835smCwYH5emnoQ/ZfecjwzphocrOI7fHT/St0oIB1yJqOL0UNiP/mXy5GaUdjj
 8EUQfeO+wxK6swCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1607350989;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=S1pzopFSVJKbh2uWmkSn+NUkIiehoLAjuE6gvJrtGRY=;
 b=jVL+zgPQXKTw5uD+WSmHFrwA98wcjq0l3VsXZ6HMWQAt2XddhvMjA7NGZbAEz78t+n4hVb
 +hyGuoR5S3dLeLM6i5Of0g3gSOwQKvPnJqD9IGGuxf1yfGgDC3gLku26AAqSEi7byKx2Wh
 nv1z7VTHXLexueFfHSWymcSx8GLUvWzkfG6GnR6IucNOA7vOc/G4AGp1u2qp2UFMHZU0md
 PR0tvYapBoq/z+Jb7zzccw7d/kiCZEcGtW7b11DliZE9DawpCdaxVWsIDBh4NshyJghdCI
 4xa1tu3PnSMiywLN+2KWEQwbl0HelFGMxEg8LsaK6aMeY/AXDpb5OZmTQCNTqg==
From: ummeegge <erik.kapfer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] kerberos: Update to version 1.18.3
Date: Mon,  7 Dec 2020 14:23:05 +0000
Message-Id: <20201207142305.29052-1-erik.kapfer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Since version 1.15.2 several fixes and enhancements has been introduced.
For a full overview the release notes can be found in the next lines.

https://web.mit.edu/kerberos/krb5-1.16/
https://web.mit.edu/kerberos/krb5-1.17/
https://web.mit.edu/kerberos/krb5-1.18/

Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
---
 config/rootfiles/packages/krb5                | 30 +++++++++++--------
 lfs/krb5                                      | 14 ++++-----
 .../krb5-1.18.3_prevent_spurious_text.patch   | 18 +++++++++++
 ...krb5-1.18.3_remove_known_failed_test.patch | 18 +++++++++++
 4 files changed, 60 insertions(+), 20 deletions(-)
 create mode 100644 src/patches/krb5-1.18.3_prevent_spurious_text.patch
 create mode 100644 src/patches/krb5-1.18.3_remove_known_failed_test.patch

diff --git a/config/rootfiles/packages/krb5 b/config/rootfiles/packages/krb5
index 0db708f4e..9a68f1b87 100644
--- a/config/rootfiles/packages/krb5
+++ b/config/rootfiles/packages/krb5
@@ -16,6 +16,7 @@ usr/bin/kpasswd
 #usr/include/gssapi
 #usr/include/gssapi.h
 #usr/include/gssapi/gssapi.h
+#usr/include/gssapi/gssapi_alloc.h
 #usr/include/gssapi/gssapi_ext.h
 #usr/include/gssapi/gssapi_generic.h
 #usr/include/gssapi/gssapi_krb5.h
@@ -46,9 +47,12 @@ usr/bin/kpasswd
 #usr/include/krb5
 #usr/include/krb5.h
 #usr/include/krb5/ccselect_plugin.h
+#usr/include/krb5/certauth_plugin.h
 #usr/include/krb5/clpreauth_plugin.h
 #usr/include/krb5/hostrealm_plugin.h
+#usr/include/krb5/kadm5_auth_plugin.h
 #usr/include/krb5/kadm5_hook_plugin.h
+#usr/include/krb5/kdcpolicy_plugin.h
 #usr/include/krb5/kdcpreauth_plugin.h
 #usr/include/krb5/krb5.h
 #usr/include/krb5/localauth_plugin.h
@@ -59,17 +63,18 @@ usr/bin/kpasswd
 #usr/include/profile.h
 #usr/include/verto-module.h
 #usr/include/verto.h
-usr/lib/krb5
-usr/lib/krb5/plugins
+#usr/lib/krb5
+#usr/lib/krb5/plugins
 usr/lib/krb5/plugins/authdata
 usr/lib/krb5/plugins/kdb
 usr/lib/krb5/plugins/kdb/db2.so
 usr/lib/krb5/plugins/libkrb5
-usr/lib/krb5/plugins/preauth
+#usr/lib/krb5/plugins/preauth
 usr/lib/krb5/plugins/preauth/otp.so
 usr/lib/krb5/plugins/preauth/pkinit.so
+usr/lib/krb5/plugins/preauth/spake.so
 usr/lib/krb5/plugins/preauth/test.so
-usr/lib/krb5/plugins/tls
+#usr/lib/krb5/plugins/tls
 usr/lib/krb5/plugins/tls/k5tls.so
 #usr/lib/libgssapi_krb5.so
 usr/lib/libgssapi_krb5.so.2
@@ -82,15 +87,15 @@ usr/lib/libk5crypto.so.3
 usr/lib/libk5crypto.so.3.1
 #usr/lib/libkadm5clnt.so
 #usr/lib/libkadm5clnt_mit.so
-usr/lib/libkadm5clnt_mit.so.11
-usr/lib/libkadm5clnt_mit.so.11.0
+usr/lib/libkadm5clnt_mit.so.12
+usr/lib/libkadm5clnt_mit.so.12.0
 #usr/lib/libkadm5srv.so
 #usr/lib/libkadm5srv_mit.so
-usr/lib/libkadm5srv_mit.so.11
-usr/lib/libkadm5srv_mit.so.11.0
+usr/lib/libkadm5srv_mit.so.12
+usr/lib/libkadm5srv_mit.so.12.0
 #usr/lib/libkdb5.so
-usr/lib/libkdb5.so.8
-usr/lib/libkdb5.so.8.0
+usr/lib/libkdb5.so.10
+usr/lib/libkdb5.so.10.0
 #usr/lib/libkrad.so
 usr/lib/libkrad.so.0
 usr/lib/libkrad.so.0.0
@@ -128,11 +133,13 @@ usr/lib/libverto.so.0.0
 #usr/share/examples/krb5/kdc.conf
 #usr/share/examples/krb5/krb5.conf
 #usr/share/examples/krb5/services.append
+#usr/share/locale/de/LC_MESSAGES/mit-krb5.mo
 #usr/share/locale/en_US
 #usr/share/locale/en_US/LC_MESSAGES
 #usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo
 #usr/share/man/cat1
 #usr/share/man/cat5
+#usr/share/man/cat7
 #usr/share/man/cat8
 #usr/share/man/man1/k5srvutil.1
 #usr/share/man/man1/kadmin.1
@@ -153,6 +160,7 @@ usr/lib/libverto.so.0.0
 #usr/share/man/man5/kadm5.acl.5
 #usr/share/man/man5/kdc.conf.5
 #usr/share/man/man5/krb5.conf.5
+#usr/share/man/man7/kerberos.7
 #usr/share/man/man8/kadmin.local.8
 #usr/share/man/man8/kadmind.8
 #usr/share/man/man8/kdb5_ldap_util.8
@@ -163,5 +171,3 @@ usr/lib/libverto.so.0.0
 #usr/share/man/man8/krb5kdc.8
 #usr/share/man/man8/sserver.8
 var/lib/krb5kdc
-var/lib/run
-var/lib/run/krb5kdc
diff --git a/lfs/krb5 b/lfs/krb5
index 4ab342c01..766dc8d05 100644
--- a/lfs/krb5
+++ b/lfs/krb5
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.15.2
+VER        = 1.18.3
 
 THISAPP    = krb5-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)/src
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = krb5
-PAK_VER    = 3
+PAK_VER    = 4
 
 DEPS       =
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = b160f72161c730897dc7689f876b6e2a
+$(DL_FILE)_MD5 = a64e8018a7572e0b4bd477c745129ffc
 
 install : $(TARGET)
 
@@ -78,10 +78,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_SRC)/$(THISAPP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 
-	cd $(DIR_APP) && sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
-		-e "s@-lpython2.5]@&,\n  AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
-		-i configure.in
-	cd $(DIR_APP) && autoconf
+	cd $(DIR_APP) && patch -Np2 -i $(DIR_SRC)/src/patches/krb5-1.18.3_prevent_spurious_text.patch
+	cd $(DIR_APP) && patch -Np2 -i $(DIR_SRC)/src/patches/krb5-1.18.3_remove_known_failed_test.patch
 
 	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
diff --git a/src/patches/krb5-1.18.3_prevent_spurious_text.patch b/src/patches/krb5-1.18.3_prevent_spurious_text.patch
new file mode 100644
index 000000000..0e3015379
--- /dev/null
+++ b/src/patches/krb5-1.18.3_prevent_spurious_text.patch
@@ -0,0 +1,18 @@
+Submitted By: linuxfromscratch DOT org
+Date: 2020-11-19 
+Initial Package Version: 1.18.3
+Origin: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/mitkrb.html
+Description: Patch increases the width of the virtual terminal used for some tests to prevent some spurious text in the output which is taken as a failure.
+
+diff --color -Nur krb5-1.18.3.orig/src/tests/dejagnu/config/default.exp krb5-1.18.3/src/tests/dejagnu/config/default.exp
+--- krb5-1.18.3.orig/src/tests/dejagnu/config/default.exp	2020-12-07 04:51:12.997708618 +0100
++++ krb5-1.18.3/src/tests/dejagnu/config/default.exp	2020-12-07 04:56:29.805839425 +0100
+@@ -12,7 +12,7 @@
+ # realm name, defaulting to KRBTEST.COM.
+ 
+ set timeout 100
+-set stty_init {erase \^h kill \^u}
++set stty_init {erase \^h kill \^u cols 300}
+ set env(TERM) dumb
+ 
+ set des3_krbtgt 0
diff --git a/src/patches/krb5-1.18.3_remove_known_failed_test.patch b/src/patches/krb5-1.18.3_remove_known_failed_test.patch
new file mode 100644
index 000000000..b148d4248
--- /dev/null
+++ b/src/patches/krb5-1.18.3_remove_known_failed_test.patch
@@ -0,0 +1,18 @@
+Submitted By: linuxfromscratch DOT org
+Date: 2020-11-19 
+Initial Package Version: 1.18.3
+Origin: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/mitkrb.html
+Description: Patch removes a test that is known to fail.
+
+diff --color -Nur krb5-1.18.3.orig/src/plugins/kdb/db2/libdb2/test/run.test krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/run.test
+--- krb5-1.18.3.orig/src/plugins/kdb/db2/libdb2/test/run.test	2020-12-07 04:58:27.210999666 +0100
++++ krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/run.test	2020-12-07 04:58:48.579210832 +0100
+@@ -38,7 +38,7 @@
+ 	find $bindir -type f -exec test -r {} \; -print | head -100 > $BINFILES
+ 
+ 	if [ $# -eq 0 ]; then
+-		for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20 40 41 50 60 61 62 63; do
++		for t in 1 2 3 4 5 6 7 8 9 10 11 13 20 40 41 50 60 61 62 63; do
+ 			test$t
+ 		done
+ 	else