From 4d190f3950be49d325ca1e1c355eb6251c694e57 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 06 2020 06:10:47 +0000 Subject: import krb5-1.18.2-5.2.el8 --- diff --git a/SOURCES/Unify-kvno-option-documentation.patch b/SOURCES/Unify-kvno-option-documentation.patch new file mode 100644 index 0000000..504f576 --- /dev/null +++ b/SOURCES/Unify-kvno-option-documentation.patch @@ -0,0 +1,142 @@ +From 5f485a8d9db27ef266a8c45626a9b9cc3616f581 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 20 Aug 2020 17:49:29 -0400 +Subject: [PATCH] Unify kvno option documentation + +Add missing kvno options to the kvno.rst synopsis and option +descriptions, and to the kvno usage message. Remove mention of '-h' +(help text), from kvno.rst as it is an implicit option. Note that the +three new caching options were added in release 1.19. + +Indicate the two exclusions (-u/-S and --u2u with the S4U2Self options) +and dependency (-P on S4U2Self) where they are missing. + +Switch xusage() to print only a single localized string, rather than +running each line of output through localization separately. + +Leave kvno -C undocumented for now, as the semantics of +KRB5_GC_CANONICALIZE are minimally useful and likely to change. + +[ghudson@mit.edu: edited documentation and commit message] + +ticket: 7476 +tags: pullup +target_version: 1.18-next + +(cherry picked from commit becd1ad6830b526d08ddaf5b2b6f213154c6446c) +(cherry picked from commit 52e3695cc5ef00766e12adfe8ed276c2885e71bb) +[rharwood@redhat.com: backport around added kvno options] +--- + doc/user/user_commands/kvno.rst | 17 +++++++++-------- + src/clients/kvno/kvno.c | 12 ++++++++---- + src/man/kvno.man | 17 +++++++++-------- + 3 files changed, 26 insertions(+), 20 deletions(-) + +diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst +index 3892f0ca5..53e569651 100644 +--- a/doc/user/user_commands/kvno.rst ++++ b/doc/user/user_commands/kvno.rst +@@ -10,13 +10,9 @@ SYNOPSIS + [**-c** *ccache*] + [**-e** *etype*] + [**-q**] +-[**-h**] ++[**-u** | **-S** *sname*] + [**-P**] +-[**-S** *sname*] +-[**-I** *for_user*] +-[**-U** *for_user*] +-[**-F** *cert_file*] +-[**--u2u** *ccache*] ++[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*] + *service1 service2* ... + + +@@ -39,13 +35,18 @@ OPTIONS + of all the services named on the command line. This is useful in + certain backward compatibility situations. + ++**-k** *keytab* ++ Decrypt the acquired tickets using *keytab* to confirm their ++ validity. ++ + **-q** + Suppress printing output when successful. If a service ticket + cannot be obtained, an error message will still be printed and + kvno will exit with nonzero status. + +-**-h** +- Prints a usage statement and exits. ++**-u** ++ Use the unknown name type in requested service principal names. ++ This option Cannot be used with *-S*. + + **-P** + Specifies that the *service1 service2* ... arguments are to be +diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c +index 2472c0cfe..8edd97361 100644 +--- a/src/clients/kvno/kvno.c ++++ b/src/clients/kvno/kvno.c +@@ -38,13 +38,17 @@ + static char *prog; + static int quiet = 0; + ++#define XUSAGE_BREAK "\n\t" ++ + static void + xusage() + { +- fprintf(stderr, _("usage: %s [-C] [-u] [-c ccache] [-e etype]\n"), prog); +- fprintf(stderr, _("\t[-k keytab] [-S sname] [{-I | -U} for_user | " +- "[-F cert_file] [-P]]\n")); +- fprintf(stderr, _("\t[--u2u ccache] service1 service2 ...\n")); ++ fprintf(stderr, _("usage: %s [-c ccache] [-e etype] [-k keytab] [-q] " ++ "[-u | -S sname]" XUSAGE_BREAK ++ "[[{-F cert_file | {-I | -U} for_user} [-P]] | " ++ "--u2u ccache]" XUSAGE_BREAK ++ "service1 service2 ...\n"), ++ prog); + exit(1); + } + +diff --git a/src/man/kvno.man b/src/man/kvno.man +index 005a2ec97..e156df723 100644 +--- a/src/man/kvno.man ++++ b/src/man/kvno.man +@@ -36,13 +36,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] + [\fB\-c\fP \fIccache\fP] + [\fB\-e\fP \fIetype\fP] + [\fB\-q\fP] +-[\fB\-h\fP] ++[\fB\-u\fP | \fB\-S\fP \fIsname\fP] + [\fB\-P\fP] +-[\fB\-S\fP \fIsname\fP] +-[\fB\-I\fP \fIfor_user\fP] +-[\fB\-U\fP \fIfor_user\fP] +-[\fB\-F\fP \fIcert_file\fP] +-[\fB\-\-u2u\fP \fIccache\fP] ++[[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP] + \fIservice1 service2\fP ... + .SH DESCRIPTION + .sp +@@ -60,13 +56,18 @@ Specifies the enctype which will be requested for the session key + of all the services named on the command line. This is useful in + certain backward compatibility situations. + .TP ++\fB\-k\fP \fIkeytab\fP ++Decrypt the acquired tickets using \fIkeytab\fP to confirm their ++validity. ++.TP + \fB\-q\fP + Suppress printing output when successful. If a service ticket + cannot be obtained, an error message will still be printed and + kvno will exit with nonzero status. + .TP +-\fB\-h\fP +-Prints a usage statement and exits. ++\fB\-u\fP ++Use the unknown name type in requested service principal names. ++This option Cannot be used with \fI\-S\fP\&. + .TP + \fB\-P\fP + Specifies that the \fIservice1 service2\fP ... arguments are to be diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index aa6da05..d7a6482 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.2 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 5.1%{?dist} +Release: 5.2%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -73,6 +73,7 @@ Patch127: Pass-channel-bindings-through-SPNEGO.patch Patch128: Add-channel-bindings-tests.patch Patch129: Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch Patch130: Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch +Patch131: Unify-kvno-option-documentation.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -683,6 +684,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Thu Oct 15 2020 Robbie Harwood - 1.18.2-5.2 +- Unify kvno option documentation +- Resolves: #1869055 + * Wed Oct 14 2020 Robbie Harwood - 1.18.2-5.1 - Fix upstream URLs in spec file - Resolves: #1868039