Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2025-07-17 17:17:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.8875 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Thu Jul 17 17:17:37 2025 rev:177 rq:1293371 version:1.21.3 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2025-04-23 15:18:13.555325858 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5-mini.changes 2025-07-17 17:18:13.890419792 +0200 @@ -1,0 +2,7 @@ +Wed Jul 2 14:07:48 UTC 2025 - Stefan Schubert <sch...@suse.com> + +- Moved /etc/krb5.conf to /usr/etc/krb5.conf + This patch (0011_usr_etc.patch) is upstream: + https://github.com/krb5/krb5/pull/1437/ + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2025-04-23 15:18:13.619328535 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5.changes 2025-07-17 17:18:13.902420291 +0200 @@ -1,0 +2,7 @@ +Wed Jul 2 14:05:30 UTC 2025 - Stefan Schubert <sch...@suse.com> + +- Moved /etc/krb5.conf to /usr/etc/krb5.conf + This patch (0011_usr_etc.patch) is upstream: + https://github.com/krb5/krb5/pull/1437/ + +------------------------------------------------------------------- New: ---- 0011_usr_etc.patch ----------(New B)---------- New:/work/SRC/openSUSE:Factory/.krb5.new.8875/krb5-mini.changes-- Moved /etc/krb5.conf to /usr/etc/krb5.conf /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5-mini.changes: This patch (0011_usr_etc.patch) is upstream: /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5-mini.changes- https://github.com/krb5/krb5/pull/1437/ -- /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5.changes-- Moved /etc/krb5.conf to /usr/etc/krb5.conf /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5.changes: This patch (0011_usr_etc.patch) is upstream: /work/SRC/openSUSE:Factory/.krb5.new.8875/krb5.changes- https://github.com/krb5/krb5/pull/1437/ ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.c8ihnV/_old 2025-07-17 17:18:14.986465373 +0200 +++ /var/tmp/diff_new_pack.c8ihnV/_new 2025-07-17 17:18:14.990465540 +0200 @@ -46,6 +46,7 @@ Patch8: 0008-krb5-1.9-debuginfo.patch Patch9: 0009-Fix-three-memory-leaks.patch Patch10: 0010-CVE-2025-24528.patch +Patch11: 0011_usr_etc.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: pkgconfig @@ -108,6 +109,9 @@ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ --sysconfdir=%{_sysconfdir} \ +%if 0%{?suse_version} > 1500 + --with-vendordir=%{_distconfdir} \ +%endif --mandir=%{_mandir} \ --infodir=%{_infodir} \ --libdir=%{_libdir} \ @@ -151,7 +155,12 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_distconfdir} +install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_distconfdir} +%else install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} +%endif # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist @@ -236,7 +245,18 @@ %pre %service_add_pre krb5kdc.service kadmind.service kpropd.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in krb5.conf ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in krb5.conf; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif ######################################################## # files sections ######################################################## @@ -278,7 +298,11 @@ %dir %{_libdir}/krb5/plugins/tls %attr(0700,root,root) %dir %{_localstatedir}/log/krb5 %doc %{krb5docdir}/README +%if 0%{?suse_version} > 1500 +%attr(0644,root,root) %{_distconfdir}/krb5.conf +%else %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf +%endif %dir %{_sysconfdir}/krb5.conf.d %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 %config(noreplace,missingok) %{_sysconfdir}/krb5.conf.d/crypto-policies ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.c8ihnV/_old 2025-07-17 17:18:15.018466704 +0200 +++ /var/tmp/diff_new_pack.c8ihnV/_new 2025-07-17 17:18:15.018466704 +0200 @@ -44,6 +44,7 @@ Patch8: 0008-krb5-1.9-debuginfo.patch Patch9: 0009-Fix-three-memory-leaks.patch Patch10: 0010-CVE-2025-24528.patch +Patch11: 0011_usr_etc.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: cyrus-sasl-devel @@ -174,6 +175,9 @@ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ --sysconfdir=%{_sysconfdir} \ +%if 0%{?suse_version} > 1500 + --with-vendordir=%{_distconfdir} \ +%endif --mandir=%{_mandir} \ --infodir=%{_infodir} \ --libdir=%{_libdir} \ @@ -220,7 +224,12 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_distconfdir} +install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_distconfdir} +%else install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} +%endif # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist @@ -301,6 +310,20 @@ %find_lang mit-krb5 +%if 0%{?suse_version} > 1500 +%pre +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in krb5.conf ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in krb5.conf; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -375,7 +398,11 @@ # add log directory %attr(0700,root,root) %dir %{_localstatedir}/log/krb5 %doc %{krb5docdir}/README +%if 0%{?suse_version} > 1500 +%attr(0644,root,root) %{_distconfdir}/krb5.conf +%else %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf +%endif %dir %{_sysconfdir}/krb5.conf.d %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 %config(noreplace,missingok) %{_sysconfdir}/krb5.conf.d/crypto-policies ++++++ 0011_usr_etc.patch ++++++ diff -ur a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst --- a/doc/admin/conf_files/krb5_conf.rst 2025-07-01 17:17:19.392659240 +0200 +++ b/doc/admin/conf_files/krb5_conf.rst 2025-07-02 10:07:14.375303312 +0200 @@ -7,8 +7,14 @@ including the locations of KDCs and admin servers for the Kerberos realms of interest, defaults for the current realm and for Kerberos applications, and mappings of hostnames onto Kerberos realms. -Normally, you should install your krb5.conf file in the directory -``/etc``. You can override the default location by setting the +Normally, you should install your indivual krb5.conf file in the directory +``/etc``. + +.. only:: use_vendordir + If there is no individual one the dafault one |vendorkrb5conf| will + be taken. + +You can override the default location by setting the environment variable **KRB5_CONFIG**. Multiple colon-separated filenames may be specified in **KRB5_CONFIG**; all files which are present will be read. Starting in release 1.14, directory names can @@ -1244,6 +1250,10 @@ |krb5conf| +.. only:: use_vendordir + + |vendorkrb5conf| if |krb5conf| is not there. + SEE ALSO -------- Nur in b/doc/admin/conf_files: krb5_conf.rst~. diff -ur a/doc/conf.py b/doc/conf.py --- a/doc/conf.py 2025-07-01 17:17:19.384659240 +0200 +++ b/doc/conf.py 2025-07-01 17:24:48.687885776 +0200 @@ -239,6 +239,7 @@ localstatedir = '``@LOCALSTATEDIR@``' runstatedir = '``@RUNSTATEDIR@``' sysconfdir = '``@SYSCONFDIR@``' + vendordir = '``@VENDORDIR@``' ccache = '``@CCNAME@``' keytab = '``@KTNAME@``' ckeytab = '``@CKTNAME@``' @@ -253,6 +254,7 @@ localstatedir = ':ref:`LOCALSTATEDIR <paths>`' runstatedir = ':ref:`RUNSTATEDIR <paths>`' sysconfdir = ':ref:`SYSCONFDIR <paths>`' + vendordir = ':ref:`VENDORDIR <paths>`' ccache = ':ref:`DEFCCNAME <paths>`' keytab = ':ref:`DEFKTNAME <paths>`' ckeytab = ':ref:`DEFCKTNAME <paths>`' @@ -278,8 +280,9 @@ rst_epilog += '.. |keytab| replace:: %s\n' % keytab rst_epilog += '.. |ckeytab| replace:: %s\n' % ckeytab rst_epilog += '.. |pkcs11_modname| replace:: %s\n' % pkcs11_modname + rst_epilog += '.. |vendorkrb5conf| replace:: %s/krb5.conf\n' % vendordir + rst_epilog += '.. |krb5conf| replace:: %s/krb5.conf\n' % sysconfdir rst_epilog += ''' -.. |krb5conf| replace:: ``/etc/krb5.conf`` .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` .. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` .. |defmkey| replace:: ``aes256-cts-hmac-sha1-96`` Nur in b/doc: conf.py~. diff -ur a/src/configure.ac b/src/configure.ac --- a/src/configure.ac 2025-07-01 17:17:19.456659239 +0200 +++ b/src/configure.ac 2025-07-01 18:20:01.582633776 +0200 @@ -1443,6 +1443,34 @@ AC_SUBST(OSX) AC_SUBST(MACOS_FRAMEWORK) +# Vendordir +AC_ARG_WITH([vendordir], + AS_HELP_STRING([--with-vendordir=DIR], [Directory for distribution provided configuration files]), + [ if test ! -z "$with_vendordir" ; then + case $with_vendordir in + yes|no) + VENDORDIR="/usr/etc" + ;; + /*) + VENDORDIR="$with_vendordir" + ;; + *) + AC_MSG_ERROR(You must specify an absolute path to --with-vendordir=DIR) + ;; + esac + fi + ], + []) + +AS_IF([test "x$with_vendordir" != x], [ + AC_DEFINE([USE_VENDORDIR], [1], [Define to 1 to use vendordir]) + AC_DEFINE_UNQUOTED(VENDORDIR, "$VENDORDIR", [location of vendor configuration files]) + AC_SUBST(VENDORDIR) + USE_VENDORDIR="1" + AC_SUBST(USE_VENDORDIR) + AC_MSG_NOTICE([Used vendor dir: $with_vendordir]) +]) + # Build-time default ccache, keytab, and client keytab names. These # can be given as variable arguments DEFCCNAME, DEFKTNAME, and # DEFCKTNAME. Otherwise, we try to get the OS defaults from Nur in b/src: configure.ac~. diff -ur a/src/doc/Makefile.in b/src/doc/Makefile.in --- a/src/doc/Makefile.in 2025-07-01 17:17:19.424659240 +0200 +++ b/src/doc/Makefile.in 2025-07-02 09:41:01.906440544 +0200 @@ -11,6 +11,8 @@ DEFKTNAME=@DEFKTNAME@ DEFCKTNAME=@DEFCKTNAME@ PKCS11_MODNAME=@PKCS11_MODNAME@ +VENDORDIR=@VENDORDIR@ +USE_VENDORDIR=@USE_VENDORDIR@ RST_SOURCES= _static \ _templates \ @@ -43,7 +45,11 @@ # make -f Makefile.in SPHINX_ARGS= htmlsrc html: composite rm -rf $(docsrc)/html - $(SPHINX_BUILD) -q rst_composite $(docsrc)/html + if test "$(USE_VENDORDIR)" == "1" ; then \ + $(SPHINX_BUILD) -q rst_composite -t use_vendordir $(docsrc)/html; \ + else \ + $(SPHINX_BUILD) -q rst_composite $(docsrc)/html; \ + fi # Dummy target for use in an unconfigured source tree. htmlsrc: @@ -55,17 +61,25 @@ substhtml: composite paths.py rm -rf html_subst cp paths.py rst_composite - $(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst + if test "$(USE_VENDORDIR)" == "1" ; then \ + $(SPHINX_BUILD) -t pathsubs -q -t use_vendordir rst_composite html_subst; \ + else \ + $(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst; \ + fi # Create an ASCII (okay, UTF-8) version of the NOTICE file notice.txt: $(docsrc)/conf.py $(docsrc)/notice.rst $(docsrc)/version.py - $(SPHINX_BUILD) -b text -t notice -q $(docsrc) . + if test "$(USE_VENDORDIR)" == "1" ; then \ + $(SPHINX_BUILD) -b text -t notice -t use_vendordir -q $(docsrc) .; \ + else \ + $(SPHINX_BUILD) -b text -t notice -q $(docsrc) .; \ + fi NOTICE: notice.txt cp notice.txt $(top_srcdir)/../NOTICE $(PDFDIR): composite - $(SPHINX_BUILD) -b latex -q rst_composite $(PDFDIR) + $(SPHINX_BUILD) -b latex -q -t $(USEVENDORDIR) rst_composite $(PDFDIR) # sphinx-build generates a gmake-specific Makefile that we don't use mv $(PDFDIR)/Makefile $(PDFDIR)/GMakefile @@ -116,6 +130,7 @@ echo 'localstatedir = "``$(localstatedir)``"' >> $@ echo 'runstatedir = "``$(runstatedir)``"' >> $@ echo 'sysconfdir = "``$(sysconfdir)``"' >> $@ + echo 'vendordir = "``$(VENDORDIR)``"' >> $@ echo 'ccache = "``$(DEFCCNAME)``"' >> $@ echo 'keytab = "``$(DEFKTNAME)``"' >> $@ echo 'ckeytab = "``$(DEFCKTNAME)``"' >> $@ Nur in b/src/doc: Makefile.in~. diff -ur a/src/include/osconf.hin b/src/include/osconf.hin --- a/src/include/osconf.hin 2025-07-01 17:17:19.456659239 +0200 +++ b/src/include/osconf.hin 2025-07-01 17:35:25.392460942 +0200 @@ -53,6 +53,7 @@ #define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf@SYSCONFCONF" #define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH #endif +#define SYSCONFDIR "@SYSCONFDIR" #endif /* _WINDOWS */ #ifdef _WIN32 Nur in b/src/include: osconf.hin~. diff -ur a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c --- a/src/lib/krb5/os/init_os_ctx.c 2025-07-01 17:17:19.432659239 +0200 +++ b/src/lib/krb5/os/init_os_ctx.c 2025-07-02 14:54:25.799506632 +0200 @@ -25,12 +25,17 @@ */ #define NEED_WINDOWS +#define KRB5_CONF "krb5.conf" #include "k5-int.h" #include "os-proto.h" #include "../krb/int-proto.h" #include "prof_int.h" /* XXX for profile_copy, not public yet */ +#ifdef USE_VENDORDIR +#include <sys/stat.h> +#endif + #if defined(_WIN32) #include <winsock.h> #include <Shlobj.h> @@ -295,12 +300,34 @@ unsigned int ent_len; const char *s, *t; +#ifdef USE_VENDORDIR + int re = 0; + struct stat stats; + + if (!secure) + filepath = secure_getenv("KRB5_CONFIG"); + + if (!filepath) { + re = asprintf(&filepath, "%s/%s", SYSCONFDIR, KRB5_CONF); + if(re<0) + return ENOMEM; + + if (stat(filepath, &stats) < 0) + { + free(filepath); + re = asprintf(&filepath, "%s/%s", VENDORDIR, KRB5_CONF); + if(re<0) + return ENOMEM; + } + } +#else if (secure) { filepath = DEFAULT_SECURE_PROFILE_PATH; } else { filepath = secure_getenv("KRB5_CONFIG"); if (!filepath) filepath = DEFAULT_PROFILE_PATH; } +#endif /* USE_VENDORDIR */ /* count the distinct filename components */ for(s = filepath, n_entries = 1; *s; s++) { Nur in b/src/lib/krb5/os: init_os_ctx.c~. diff -ur a/src/man/Makefile.in b/src/man/Makefile.in --- a/src/man/Makefile.in 2025-07-01 17:17:19.456659239 +0200 +++ b/src/man/Makefile.in 2025-07-02 10:14:21.558908755 +0200 @@ -9,6 +9,8 @@ DEFKTNAME=@DEFKTNAME@ DEFCKTNAME=@DEFCKTNAME@ PKCS11_MODNAME=@PKCS11_MODNAME@ +vendordir=@VENDORDIR@ +USE_VENDORDIR=@USE_VENDORDIR@ MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadm5.acl.sub kadmin.sub \ kadmind.sub kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub \ @@ -26,7 +28,11 @@ # manpage writer outputs near the end of its output files. man: $(docsrc)/version.py rm -rf rst_man - $(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man + if test "$(USE_VENDORDIR)" == "1" ; then \ + $(SPHINX_BUILD) -q -t mansubs -t use_vendordir -b man $(docsrc) rst_man; \ + else \ + $(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man; \ + fi for f in rst_man/*.[0-9]; do \ name=`echo $$f | sed -e 's|^.*/\(.*\)\.[0-9]$$|\1|'`; \ sed -e '/^\.\\" $$/d' \ @@ -46,6 +52,7 @@ -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \ -e 's|@RUNSTATEDIR@|$(runstatedir)|g' \ -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \ + -e 's|@VENDOR_DIR@|$(vendordir)|g' \ -e 's|@CCNAME@|$(DEFCCNAME)|g' \ -e 's|@KTNAME@|$(DEFKTNAME)|g' \ -e 's|@CKTNAME@|$(DEFCKTNAME)|g' \ Nur in b/src/man: Makefile.in~.
