Architecture specific change in rpms/netcdf.git
by githook-noreply@fedoraproject.org
The package rpms/netcdf.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/netcdf.git/commit/?id=8bcf8002fd3....
Change:
+%ifnarch s390x
Thanks.
Full change:
============
commit 8bcf8002fd30aad28e9957d9c5079ae141bfd71b
Author: Orion Poplawski <orion(a)nwra.com>
Date: Thu Jun 25 17:50:46 2020 -0600
Disable mpi tests on s390x for now
diff --git a/netcdf.spec b/netcdf.spec
index cedf1ef..06f7c09 100644
--- a/netcdf.spec
+++ b/netcdf.spec
@@ -233,12 +233,15 @@ fail=1
make -C build check || ( cat build/*/test-suite.log && exit $fail )
# Allow openmpi to run with more processes than cores
export OMPI_MCA_rmaps_base_oversubscribe=1
+# mpich test hanging on s390x
+%ifnarch s390x
for mpi in %{mpi_list}
do
module load mpi/$mpi-%{_arch}
make -C $mpi check || ( cat $mpi/*/test-suite.log && exit $fail )
module purge
done
+%endif
%ldconfig_scriptlets
3 years, 10 months
Architecture specific change in rpms/krb5.git
by githook-noreply@fedoraproject.org
The package rpms/krb5.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/krb5.git/commit/?id=19d5d2e504fee....
Change:
-%ifarch %{ix86} x86_64
Thanks.
Full change:
============
commit 80e06352b841fd4e06cd36118154566561fdfb77
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon Jun 15 17:27:59 2020 -0400
Use two queues for concurrent t_otp.py daemons
diff --git a/Use-two-queues-for-concurrent-t_otp.py-daemons.patch b/Use-two-queues-for-concurrent-t_otp.py-daemons.patch
new file mode 100644
index 0000000..33da6f5
--- /dev/null
+++ b/Use-two-queues-for-concurrent-t_otp.py-daemons.patch
@@ -0,0 +1,41 @@
+From 8e08f01d73ddca1b828788710ec6bb3e0354727a Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Wed, 4 Mar 2020 17:18:51 -0500
+Subject: [PATCH] Use two queues for concurrent t_otp.py daemons
+
+t_otp.py occasionally fails during the #8708 regression test, reading
+a true answer instead of the expected false answer during the first
+verify() call. Most likely the daemons are writing their answers to
+the shared queue out of order. Use a separate queue for the second
+daemon to ensure correct correlation of results.
+
+(cherry picked from commit c03f67eefec05db19e84e889fab7c25904929633)
+---
+ src/tests/t_otp.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/tests/t_otp.py b/src/tests/t_otp.py
+index cba871a0f..c3b820a41 100755
+--- a/src/tests/t_otp.py
++++ b/src/tests/t_otp.py
+@@ -256,16 +256,17 @@ verify(daemon, queue, True, realm.user_princ, 'accept')
+ ## tokens configured, with the first rejecting and the second
+ ## accepting. With the bug, the KDC incorrectly rejects the request
+ ## and then performs invalid memory accesses, most likely crashing.
++queue2 = Queue()
+ daemon1 = UDPRadiusDaemon(args=(server_addr, secret_file, 'accept1', queue))
+-daemon2 = UnixRadiusDaemon(args=(socket_file, None, 'accept2', queue))
++daemon2 = UnixRadiusDaemon(args=(socket_file, None, 'accept2', queue2))
+ daemon1.start()
+ queue.get()
+ daemon2.start()
+-queue.get()
++queue2.get()
+ oconf = '[' + otpconfig_1('udp') + ', ' + otpconfig_1('unix') + ']'
+ realm.run([kadminl, 'setstr', realm.user_princ, 'otp', oconf])
+ realm.kinit(realm.user_princ, 'accept2', flags=flags)
+ verify(daemon1, queue, False, realm.user_princ.split('@')[0], 'accept2')
+-verify(daemon2, queue, True, realm.user_princ, 'accept2')
++verify(daemon2, queue2, True, realm.user_princ, 'accept2')
+
+ success('OTP tests')
diff --git a/krb5.spec b/krb5.spec
index 5d1ebda..b3e9dfa 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 8%{?dist}
+Release: 9%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -67,6 +67,7 @@ Patch28: Implement-KERB_AP_OPTIONS_CBT-server-side.patch
Patch29: Add-client_aware_channel_bindings-option.patch
Patch30: Pass-channel-bindings-through-SPNEGO.patch
Patch31: Add-channel-bindings-tests.patch
+Patch32: Use-two-queues-for-concurrent-t_otp.py-daemons.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -621,6 +622,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Mon Jun 15 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-9
+- Use two queues for concurrent t_otp.py daemons
+
* Mon Jun 15 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-8
- Match Heimdal behavior for channel bindings
commit e326a52474f26ee9445725271425cc06563e7ff3
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon Jun 15 16:57:30 2020 -0400
Match Heimdal behavior for channel bindings
diff --git a/Add-channel-bindings-tests.patch b/Add-channel-bindings-tests.patch
new file mode 100644
index 0000000..b758c79
--- /dev/null
+++ b/Add-channel-bindings-tests.patch
@@ -0,0 +1,419 @@
+From 3e92520c1417f22447751cd9172d5ab30c2e0ad8 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris(a)gmail.com>
+Date: Fri, 20 Mar 2020 00:17:28 +0100
+Subject: [PATCH] Add channel bindings tests
+
+[ghudson(a)mit.edu: adjusted test program to output channel-bound state
+instead of optionally enforcing it; adjusted tests to check program
+output; split out tests into separate Python script; made cosmetic
+changes]
+
+ticket: 8900
+(cherry picked from commit b0b21b6d25b06f3e2b365dfe9dd4c99b3d43bf57)
+[rharwood(a)redhat.com: .gitignore]
+---
+ src/plugins/gssapi/negoextest/main.c | 18 +++++
+ src/tests/gssapi/Makefile.in | 49 ++++++------
+ src/tests/gssapi/common.c | 25 ++++--
+ src/tests/gssapi/common.h | 9 +++
+ src/tests/gssapi/deps | 4 +
+ src/tests/gssapi/t_bindings.c | 111 +++++++++++++++++++++++++++
+ src/tests/gssapi/t_bindings.py | 43 +++++++++++
+ src/tests/gssapi/t_negoex.py | 7 ++
+ 8 files changed, 237 insertions(+), 29 deletions(-)
+ create mode 100644 src/tests/gssapi/t_bindings.c
+ create mode 100644 src/tests/gssapi/t_bindings.py
+
+diff --git a/src/plugins/gssapi/negoextest/main.c b/src/plugins/gssapi/negoextest/main.c
+index 6c340f41b..72fc5273a 100644
+--- a/src/plugins/gssapi/negoextest/main.c
++++ b/src/plugins/gssapi/negoextest/main.c
+@@ -57,6 +57,15 @@ gss_init_sec_context(OM_uint32 *minor_status,
+ const char *envstr;
+ uint8_t hops, mech_last_octet;
+
++ envstr = getenv("GSS_INIT_BINDING");
++ if (envstr != NULL) {
++ assert(strlen(envstr) > 0);
++ assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS);
++ assert(strlen(envstr) == input_chan_bindings->application_data.length);
++ assert(strcmp((char *)input_chan_bindings->application_data.value,
++ envstr) == 0);
++ }
++
+ if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+ envstr = getenv("HOPS");
+ hops = (envstr != NULL) ? atoi(envstr) : 1;
+@@ -112,6 +121,15 @@ gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle,
+ uint8_t hops, mech_last_octet;
+ const char *envstr;
+
++ envstr = getenv("GSS_ACCEPT_BINDING");
++ if (envstr != NULL) {
++ assert(strlen(envstr) > 0);
++ assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS);
++ assert(strlen(envstr) == input_chan_bindings->application_data.length);
++ assert(strcmp((char *)input_chan_bindings->application_data.value,
++ envstr) == 0);
++ }
++
+ /*
+ * The unwrapped token sits at the end and is just one byte giving the
+ * remaining number of hops. The final octet of the mech encoding should
+diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in
+index 5cc1e0f58..68c132b79 100644
+--- a/src/tests/gssapi/Makefile.in
++++ b/src/tests/gssapi/Makefile.in
+@@ -9,33 +9,33 @@ LOCALINCLUDES = -I$(srcdir)/../../lib/gssapi/mechglue \
+ -I../../lib/gssapi/generic
+
+ SRCS= $(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \
+- $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_ccselect.c \
+- $(srcdir)/t_ciflags.c $(srcdir)/t_context.c $(srcdir)/t_credstore.c \
+- $(srcdir)/t_enctypes.c $(srcdir)/t_err.c $(srcdir)/t_export_cred.c \
+- $(srcdir)/t_export_name.c $(srcdir)/t_gssexts.c \
+- $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c $(srcdir)/t_invalid.c \
+- $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \
++ $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_bindings.c \
++ $(srcdir)/t_ccselect.c $(srcdir)/t_ciflags.c $(srcdir)/t_context.c \
++ $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c $(srcdir)/t_err.c \
++ $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \
++ $(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \
++ $(srcdir)/t_invalid.c $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \
+ $(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \
+ $(srcdir)/t_lifetime.c $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c \
+ $(srcdir)/t_pcontok.c $(srcdir)/t_prf.c $(srcdir)/t_s4u.c \
+ $(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \
+ $(srcdir)/t_spnego.c $(srcdir)/t_srcattrs.c
+
+-OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_ccselect.o \
+- t_ciflags.o t_context.o t_credstore.o t_enctypes.o t_err.o \
+- t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o \
+- t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o t_iov.o \
+- t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o t_s4u.o \
+- t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o
++OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_bindings.o \
++ t_ccselect.o t_ciflags.o t_context.o t_credstore.o t_enctypes.o \
++ t_err.o t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o \
++ t_imp_name.o t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o \
++ t_iov.o t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o \
++ t_s4u.o t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o
+
+ COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+
+-all: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags t_context \
+- t_credstore t_enctypes t_err t_export_cred t_export_name t_gssexts \
+- t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name \
+- t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf t_s4u \
+- t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs
++all: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect t_ciflags \
++ t_context t_credstore t_enctypes t_err t_export_cred t_export_name \
++ t_gssexts t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx \
++ t_inq_mechs_name t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf \
++ t_s4u t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs
+
+ check-unix: t_oid
+ $(RUN_TEST) ./t_invalid
+@@ -43,11 +43,12 @@ check-unix: t_oid
+ $(RUN_TEST) ./t_prf
+ $(RUN_TEST) ./t_imp_name
+
+-check-pytests: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags \
+- t_context t_credstore t_enctypes t_err t_export_cred t_export_name \
+- t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime \
+- t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs
++check-pytests: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect \
++ t_ciflags t_context t_credstore t_enctypes t_err t_export_cred \
++ t_export_name t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov \
++ t_lifetime t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs
+ $(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS)
++ $(RUNPYTEST) $(srcdir)/t_bindings.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_enctypes.py $(PYTESTFLAGS)
+@@ -64,6 +65,8 @@ t_accname: t_accname.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS)
+ t_add_cred: t_add_cred.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_add_cred.o $(COMMON_LIBS)
++t_bindings: t_bindings.o $(COMMON_DEPS)
++ $(CC_LINK) -o $@ t_bindings.o $(COMMON_LIBS)
+ t_ccselect: t_ccselect.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS)
+ t_ciflags: t_ciflags.o $(COMMON_DEPS)
+@@ -118,8 +121,8 @@ t_srcattrs: t_srcattrs.o $(COMMON_DEPS)
+ $(CC_LINK) -o $@ t_srcattrs.o $(COMMON_LIBS)
+
+ clean:
+- $(RM) ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags
+- $(RM) t_context t_credstore t_enctypes t_err t_export_cred
++ $(RM) ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect
++ $(RM) t_ciflags t_context t_credstore t_enctypes t_err t_export_cred
+ $(RM) t_export_name t_gssexts t_imp_cred t_imp_name t_invalid
+ $(RM) t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime
+ $(RM) t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5
+diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
+index 83e9d9bb8..7ba72f7b2 100644
+--- a/src/tests/gssapi/common.c
++++ b/src/tests/gssapi/common.c
+@@ -115,6 +115,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+ gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
+ gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech,
+ gss_cred_id_t *deleg_cred)
++{
++ return establish_contexts_ex(imech, icred, acred, tname, flags, ictx, actx,
++ GSS_C_NO_CHANNEL_BINDINGS,
++ GSS_C_NO_CHANNEL_BINDINGS, NULL, src_name,
++ amech, deleg_cred);
++}
++
++void
++establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
++ gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
++ gss_ctx_id_t *actx, gss_channel_bindings_t icb,
++ gss_channel_bindings_t acb, OM_uint32 *aret_flags,
++ gss_name_t *src_name, gss_OID *amech,
++ gss_cred_id_t *deleg_cred)
+ {
+ OM_uint32 minor, imaj, amaj;
+ gss_buffer_desc itok, atok;
+@@ -126,17 +140,16 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+ for (;;) {
+ (void)gss_release_buffer(&minor, &itok);
+ imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags,
+- GSS_C_INDEFINITE,
+- GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL,
+- &itok, NULL, NULL);
++ GSS_C_INDEFINITE, icb, &atok, NULL, &itok,
++ NULL, NULL);
+ check_gsserr("gss_init_sec_context", imaj, minor);
+ if (amaj == GSS_S_COMPLETE)
+ break;
+
+ (void)gss_release_buffer(&minor, &atok);
+- amaj = gss_accept_sec_context(&minor, actx, acred, &itok,
+- GSS_C_NO_CHANNEL_BINDINGS, src_name,
+- amech, &atok, NULL, NULL, deleg_cred);
++ amaj = gss_accept_sec_context(&minor, actx, acred, &itok, acb,
++ src_name, amech, &atok, aret_flags, NULL,
++ deleg_cred);
+ check_gsserr("gss_accept_sec_context", amaj, minor);
+ (void)gss_release_buffer(&minor, &itok);
+ if (imaj == GSS_S_COMPLETE)
+diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h
+index ae11b51d4..a5c8f87e6 100644
+--- a/src/tests/gssapi/common.h
++++ b/src/tests/gssapi/common.h
+@@ -62,6 +62,15 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred,
+ gss_name_t *src_name, gss_OID *amech,
+ gss_cred_id_t *deleg_cred);
+
++/* Establish contexts with channel bindings. */
++void establish_contexts_ex(gss_OID imech, gss_cred_id_t icred,
++ gss_cred_id_t acred, gss_name_t tname,
++ OM_uint32 flags, gss_ctx_id_t *ictx,
++ gss_ctx_id_t *actx, gss_channel_bindings_t icb,
++ gss_channel_bindings_t acb, OM_uint32 *aret_flags,
++ gss_name_t *src_name, gss_OID *amech,
++ gss_cred_id_t *deleg_cred);
++
+ /* Export *cred to a token, then release *cred and replace it by re-importing
+ * the token. */
+ void export_import_cred(gss_cred_id_t *cred);
+diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps
+index acd0e96f8..73e4d9a74 100644
+--- a/src/tests/gssapi/deps
++++ b/src/tests/gssapi/deps
+@@ -33,6 +33,10 @@ $(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+ common.h t_add_cred.c
++$(OUTPRE)t_bindings.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
++ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
++ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
++ common.h t_bindings.c
+ $(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+diff --git a/src/tests/gssapi/t_bindings.c b/src/tests/gssapi/t_bindings.c
+new file mode 100644
+index 000000000..e8906715b
+--- /dev/null
++++ b/src/tests/gssapi/t_bindings.c
+@@ -0,0 +1,111 @@
++/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
++/*
++ * Copyright (C) 2020 by Red Hat, Inc.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * * Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * * Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include <assert.h>
++
++#include "common.h"
++
++/*
++ * Establish contexts (without and with GSS_C_DCE_STYLE) with the default
++ * initiator name, a specified principal name as target name, initiator
++ * bindings, and acceptor bindings. If any call is unsuccessful, display an
++ * error message. Output "yes" or "no" to indicate whether the contexts were
++ * reported as channel-bound on the acceptor. Exit with status 0 if all
++ * operations are successful, or 1 if not.
++ *
++ * Usage: ./t_bindings [-s] targetname icb acb
++ *
++ * An icb or abc value of "-" will not specify channel bindings.
++ */
++
++int
++main(int argc, char *argv[])
++{
++ OM_uint32 minor, flags1, flags2;
++ gss_name_t target_name;
++ gss_ctx_id_t ictx, actx;
++ struct gss_channel_bindings_struct icb_data = {0}, acb_data = {0};
++ gss_channel_bindings_t icb = GSS_C_NO_CHANNEL_BINDINGS;
++ gss_channel_bindings_t acb = GSS_C_NO_CHANNEL_BINDINGS;
++ gss_OID_desc *mech;
++
++ argv++;
++ argc--;
++ if (*argv != NULL && strcmp(*argv, "-s") == 0) {
++ mech = &mech_spnego;
++ argv++;
++ argc--;
++ } else {
++ mech = &mech_krb5;
++ }
++
++ if (argc != 3) {
++ fprintf(stderr, "Usage: t_bindings [-s] targetname icb acb\n");
++ return 1;
++ }
++
++ target_name = import_name(argv[0]);
++
++ if (strcmp(argv[1], "-") != 0) {
++ icb_data.application_data.length = strlen(argv[1]);
++ icb_data.application_data.value = argv[1];
++ icb = &icb_data;
++ }
++
++ if (strcmp(argv[2], "-") != 0) {
++ acb_data.application_data.length = strlen(argv[2]);
++ acb_data.application_data.value = argv[2];
++ acb = &acb_data;
++ }
++
++ establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
++ target_name, 0, &ictx, &actx, icb, acb, &flags1,
++ NULL, NULL, NULL);
++
++ /* Try again with GSS_C_DCE_STYLE */
++ (void)gss_delete_sec_context(&minor, &ictx, NULL);
++ (void)gss_delete_sec_context(&minor, &actx, NULL);
++
++ establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
++ target_name, GSS_C_DCE_STYLE, &ictx, &actx, icb, acb,
++ &flags2, NULL, NULL, NULL);
++ assert((flags1 & GSS_C_CHANNEL_BOUND_FLAG) ==
++ (flags2 & GSS_C_CHANNEL_BOUND_FLAG));
++ printf("%s\n", (flags1 & GSS_C_CHANNEL_BOUND_FLAG) ? "yes" : "no");
++
++ (void)gss_delete_sec_context(&minor, &ictx, NULL);
++ (void)gss_delete_sec_context(&minor, &actx, NULL);
++ (void)gss_release_name(&minor, &target_name);
++
++ return 0;
++}
+diff --git a/src/tests/gssapi/t_bindings.py b/src/tests/gssapi/t_bindings.py
+new file mode 100644
+index 000000000..f377977b6
+--- /dev/null
++++ b/src/tests/gssapi/t_bindings.py
+@@ -0,0 +1,43 @@
++from k5test import *
++
++realm = K5Realm()
++server = 'p:' + realm.host_princ
++
++mark('krb5 channel bindings')
++realm.run(['./t_bindings', server, '-', '-'], expected_msg='no')
++realm.run(['./t_bindings', server, 'a', '-'], expected_msg='no')
++realm.run(['./t_bindings', server, 'a', 'a'], expected_msg='yes')
++realm.run(['./t_bindings', server, '-', 'a'], expected_msg='no')
++realm.run(['./t_bindings', server, 'a', 'x'],
++ expected_code=1, expected_msg='Incorrect channel bindings')
++
++mark('SPNEGO channel bindings')
++realm.run(['./t_bindings', '-s', server, '-', '-'], expected_msg='no')
++realm.run(['./t_bindings', '-s', server, 'a', '-'], expected_msg='no')
++realm.run(['./t_bindings', '-s', server, 'a', 'a'], expected_msg='yes')
++realm.run(['./t_bindings', '-s', server, '-', 'a'], expected_msg='no')
++realm.run(['./t_bindings', '-s', server, 'a', 'x'],
++ expected_code=1, expected_msg='Incorrect channel bindings')
++
++client_aware_conf = {'libdefaults': {'client_aware_channel_bindings': 'true'}}
++e = realm.special_env('cb_aware', False, krb5_conf=client_aware_conf)
++
++mark('krb5 client_aware_channel_bindings')
++realm.run(['./t_bindings', server, '-', '-'], env=e, expected_msg='no')
++realm.run(['./t_bindings', server, 'a', '-'], env=e, expected_msg='no')
++realm.run(['./t_bindings', server, 'a', 'a'], env=e, expected_msg='yes')
++realm.run(['./t_bindings', server, '-', 'a'], env=e,
++ expected_code=1, expected_msg='Incorrect channel bindings')
++realm.run(['./t_bindings', server, 'a', 'x'], env=e,
++ expected_code=1, expected_msg='Incorrect channel bindings')
++
++mark('SPNEGO client_aware_channel_bindings')
++realm.run(['./t_bindings', '-s', server, '-', '-'], env=e, expected_msg='no')
++realm.run(['./t_bindings', '-s', server, 'a', '-'], env=e, expected_msg='no')
++realm.run(['./t_bindings', '-s', server, 'a', 'a'], env=e, expected_msg='yes')
++realm.run(['./t_bindings', '-s', server, '-', 'a'], env=e,
++ expected_code=1, expected_msg='Incorrect channel bindings')
++realm.run(['./t_bindings', '-s', server, 'a', 'x'], env=e,
++ expected_code=1, expected_msg='Incorrect channel bindings')
++
++success('channel bindings tests')
+diff --git a/src/tests/gssapi/t_negoex.py b/src/tests/gssapi/t_negoex.py
+index 88470d2fa..a218899c4 100644
+--- a/src/tests/gssapi/t_negoex.py
++++ b/src/tests/gssapi/t_negoex.py
+@@ -139,4 +139,11 @@ msgs = ('sending [3]AP_REQUEST', 'sending [7]CHALLENGE', 'sending [8]VERIFY',
+ 'sending [11]CHALLENGE', 'sending [12]VERIFY', 'sending [13]VERIFY')
+ test({'HOPS': '4', 'KEY': 'accept-always'}, expected_trace=())
+
++mark('channel bindings')
++e = realm.env.copy()
++e.update({'HOPS': '1', 'GSS_INIT_BINDING': 'a', 'GSS_ACCEPT_BINDING': 'b'})
++# The test mech will verify that the bindings are communicated to the
++# mech, but does not set the channel-bound flag.
++realm.run(['./t_bindings', '-s', 'h:host', 'a', 'b'], env=e, expected_msg='no')
++
+ success('NegoEx tests')
diff --git a/Add-client_aware_channel_bindings-option.patch b/Add-client_aware_channel_bindings-option.patch
new file mode 100644
index 0000000..012ce8d
--- /dev/null
+++ b/Add-client_aware_channel_bindings-option.patch
@@ -0,0 +1,264 @@
+From 2a08fe3d2d1972df4ffe37d4bb64b161889ff988 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris(a)gmail.com>
+Date: Tue, 10 Mar 2020 13:13:17 +0100
+Subject: [PATCH] Add client_aware_channel_bindings option
+
+Add client support for KERB_AP_OPTIONS_CBT in the form of a profile
+option "client_aware_gss_bindings". Adjust the make_etype_list()
+helper so that enctype negotiation and AP_OPTIONS can be included in
+the same IF-RELEVANT wrapper.
+
+[ghudson(a)mit.edu: refactored; edited documentation; wrote commit
+message]
+
+ticket: 8900
+(cherry picked from commit 225e6ef7f021cd1a8ef2a054af0ca58b7288fd81)
+---
+ doc/admin/conf_files/krb5_conf.rst | 6 +
+ src/include/k5-int.h | 1 +
+ src/lib/krb5/krb/mk_req_ext.c | 177 +++++++++++++++--------------
+ 3 files changed, 98 insertions(+), 86 deletions(-)
+
+diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
+index a7e7a29d1..7f2879640 100644
+--- a/doc/admin/conf_files/krb5_conf.rst
++++ b/doc/admin/conf_files/krb5_conf.rst
+@@ -382,6 +382,12 @@ The libdefaults section may contain any of the following relations:
+ credentials will fail if the client machine does not have a
+ keytab. The default value is false.
+
++**client_aware_channel_bindings**
++ If this flag is true, then all application protocol authentication
++ requests will be flagged to indicate that the application supports
++ channel bindings when operating over a secure channel. The
++ default value is false.
++
+ .. _realms:
+
+ [realms]
+diff --git a/src/include/k5-int.h b/src/include/k5-int.h
+index 0d9af3d95..eb18a4cd6 100644
+--- a/src/include/k5-int.h
++++ b/src/include/k5-int.h
+@@ -299,6 +299,7 @@ typedef unsigned char u_char;
+ #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert"
+ #define KRB5_CONF_V4_REALM "v4_realm"
+ #define KRB5_CONF_VERIFY_AP_REQ_NOFAIL "verify_ap_req_nofail"
++#define KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS "client_aware_channel_bindings"
+
+ /* Cache configuration variables */
+ #define KRB5_CC_CONF_FAST_AVAIL "fast_avail"
+diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
+index 9fc6a0e52..08504860c 100644
+--- a/src/lib/krb5/krb/mk_req_ext.c
++++ b/src/lib/krb5/krb/mk_req_ext.c
+@@ -68,10 +68,9 @@
+ */
+
+ static krb5_error_code
+-make_etype_list(krb5_context context,
+- krb5_enctype *desired_etypes,
+- krb5_enctype tkt_enctype,
+- krb5_authdata ***authdata);
++make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes,
++ krb5_enctype tkt_enctype, krb5_boolean client_aware_cb,
++ krb5_authdata ***authdata_out);
+
+ static krb5_error_code
+ generate_authenticator(krb5_context,
+@@ -263,7 +262,8 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent,
+ krb5_enctype tkt_enctype)
+ {
+ krb5_error_code retval;
+- krb5_authdata **ext_authdata = NULL;
++ krb5_authdata **ext_authdata = NULL, **ap_authdata, **combined;
++ int client_aware_cb;
+
+ authent->client = client;
+ authent->checksum = cksum;
+@@ -297,99 +297,104 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent,
+ krb5_free_authdata(context, ext_authdata);
+ }
+
+- /* Only send EtypeList if we prefer another enctype to tkt_enctype */
+- if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) {
+- TRACE_MK_REQ_ETYPES(context, desired_etypes);
+- retval = make_etype_list(context, desired_etypes, tkt_enctype,
+- &authent->authorization_data);
++ retval = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
++ KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS, NULL,
++ FALSE, &client_aware_cb);
++ if (retval)
++ return retval;
++
++ /* Add etype negotiation or channel-binding awareness authdata to the
++ * front, if appropriate. */
++ retval = make_ap_authdata(context, desired_etypes, tkt_enctype,
++ client_aware_cb, &ap_authdata);
++ if (retval)
++ return retval;
++ if (ap_authdata != NULL) {
++ retval = krb5_merge_authdata(context, ap_authdata,
++ authent->authorization_data, &combined);
++ krb5_free_authdata(context, ap_authdata);
+ if (retval)
+ return retval;
++ krb5_free_authdata(context, authent->authorization_data);
++ authent->authorization_data = combined;
+ }
+
+ return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec));
+ }
+
+-/* RFC 4537 */
++/* Set *out to a DER-encoded RFC 4537 etype list, or to NULL if no etype list
++ * should be sent. */
+ static krb5_error_code
+-make_etype_list(krb5_context context,
+- krb5_enctype *desired_etypes,
+- krb5_enctype tkt_enctype,
+- krb5_authdata ***authdata)
++make_etype_list(krb5_context context, krb5_enctype *desired_enctypes,
++ krb5_enctype tkt_enctype, krb5_data **out)
+ {
+- krb5_error_code code;
+- krb5_etype_list etypes;
+- krb5_data *enc_etype_list;
+- krb5_data *ad_if_relevant;
+- krb5_authdata *etype_adata[2], etype_adatum, **adata;
+- int i;
++ krb5_etype_list etlist;
++ int count;
+
+- etypes.etypes = desired_etypes;
++ *out = NULL;
+
+- for (etypes.length = 0;
+- etypes.etypes[etypes.length] != ENCTYPE_NULL;
+- etypes.length++)
+- {
+- /*
+- * RFC 4537:
+- *
+- * If the enctype of the ticket session key is included in the enctype
+- * list sent by the client, it SHOULD be the last on the list;
+- */
+- if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype)
++ /* Only send a list if we prefer another enctype to tkt_enctype. */
++ if (desired_enctypes == NULL || desired_enctypes[0] == tkt_enctype)
++ return 0;
++
++ /* Count elements of desired_etypes, stopping at tkt_enctypes if present.
++ * (Per RFC 4537, it must be the last option if it is included.) */
++ for (count = 0; desired_enctypes[count] != ENCTYPE_NULL; count++) {
++ if (count > 0 && desired_enctypes[count - 1] == tkt_enctype)
+ break;
+ }
+
+- code = encode_krb5_etype_list(&etypes, &enc_etype_list);
+- if (code) {
+- return code;
+- }
+-
+- etype_adatum.magic = KV5M_AUTHDATA;
+- etype_adatum.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION;
+- etype_adatum.length = enc_etype_list->length;
+- etype_adatum.contents = (krb5_octet *)enc_etype_list->data;
+-
+- etype_adata[0] = &etype_adatum;
+- etype_adata[1] = NULL;
+-
+- /* Wrap in AD-IF-RELEVANT container */
+- code = encode_krb5_authdata(etype_adata, &ad_if_relevant);
+- if (code) {
+- krb5_free_data(context, enc_etype_list);
+- return code;
+- }
+-
+- krb5_free_data(context, enc_etype_list);
+-
+- adata = *authdata;
+- if (adata == NULL) {
+- adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *));
+- i = 0;
+- } else {
+- for (i = 0; adata[i] != NULL; i++)
+- ;
+-
+- adata = (krb5_authdata **)realloc(*authdata,
+- (i + 2) * sizeof(krb5_authdata *));
+- }
+- if (adata == NULL) {
+- krb5_free_data(context, ad_if_relevant);
+- return ENOMEM;
+- }
+- *authdata = adata;
+-
+- adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata));
+- if (adata[i] == NULL) {
+- krb5_free_data(context, ad_if_relevant);
+- return ENOMEM;
+- }
+- adata[i]->magic = KV5M_AUTHDATA;
+- adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+- adata[i]->length = ad_if_relevant->length;
+- adata[i]->contents = (krb5_octet *)ad_if_relevant->data;
+- free(ad_if_relevant); /* contents owned by adata[i] */
+-
+- adata[i + 1] = NULL;
+-
+- return 0;
++ etlist.etypes = desired_enctypes;
++ etlist.length = count;
++ return encode_krb5_etype_list(&etlist, out);
++}
++
++/* Set *authdata_out to appropriate authenticator authdata for the request,
++ * encoded in a single AD_IF_RELEVANT element. */
++static krb5_error_code
++make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes,
++ krb5_enctype tkt_enctype, krb5_boolean client_aware_cb,
++ krb5_authdata ***authdata_out)
++{
++ krb5_error_code ret;
++ krb5_authdata etypes_ad, flags_ad, *list[3];
++ krb5_data *der_etypes = NULL;
++ size_t count = 0;
++ uint8_t flagbuf[4];
++ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000;
++
++ *authdata_out = NULL;
++
++ /* Include an ETYPE_NEGOTIATION element if appropriate. */
++ ret = make_etype_list(context, desired_enctypes, tkt_enctype, &der_etypes);
++ if (ret)
++ goto cleanup;
++ if (der_etypes != NULL) {
++ etypes_ad.magic = KV5M_AUTHDATA;
++ etypes_ad.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION;
++ etypes_ad.length = der_etypes->length;
++ etypes_ad.contents = (uint8_t *)der_etypes->data;
++ list[count++] = &etypes_ad;
++ }
++
++ /* Include an AP_OPTIONS element if the CBT flag is configured. */
++ if (client_aware_cb != 0) {
++ store_32_le(KERB_AP_OPTIONS_CBT, flagbuf);
++ flags_ad.magic = KV5M_AUTHDATA;
++ flags_ad.ad_type = KRB5_AUTHDATA_AP_OPTIONS;
++ flags_ad.length = 4;
++ flags_ad.contents = flagbuf;
++ list[count++] = &flags_ad;
++ }
++
++ if (count > 0) {
++ list[count] = NULL;
++ ret = krb5_encode_authdata_container(context,
++ KRB5_AUTHDATA_IF_RELEVANT,
++ list, authdata_out);
++ }
++
++cleanup:
++ krb5_free_data(context, der_etypes);
++ return ret;
+ }
diff --git a/Default-dns_canonicalize_hostname-to-fallback.patch b/Default-dns_canonicalize_hostname-to-fallback.patch
index b252354..ef80329 100644
--- a/Default-dns_canonicalize_hostname-to-fallback.patch
+++ b/Default-dns_canonicalize_hostname-to-fallback.patch
@@ -1,4 +1,4 @@
-From d003b4aa8dce14967725d6607c54ceb884b3647c Mon Sep 17 00:00:00 2001
+From 07179e38e5ee72e82ebc77a1c8d73e34905268b7 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Wed, 27 May 2020 18:48:35 -0400
Subject: [PATCH] Default dns_canonicalize_hostname to "fallback"
diff --git a/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
new file mode 100644
index 0000000..649caa4
--- /dev/null
+++ b/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
@@ -0,0 +1,91 @@
+From 3ea1d6296ced3a998e79356f9be212e4c5e6a5d5 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel(a)redhat.com>
+Date: Wed, 5 Jul 2017 11:38:30 -0400
+Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG
+
+Define a new channel-bound GSS return flag, and set it in the krb5
+mech if the initiator sent channel bindings matching the acceptor's.
+Do not error out if the acceptor specifies channel bindings and the
+initiator does not send them.
+
+[ghudson(a)mit.edu: simplified code changes; fleshed out commit message]
+
+[iboukris: cherry-picked from another PR and reduced in scope]
+
+ticket: 8899 (new)
+(cherry picked from commit 429a31146083fac21958631c2af572b08ec91022)
+---
+ src/lib/gssapi/generic/gssapi_ext.h | 2 ++
+ src/lib/gssapi/krb5/accept_sec_context.c | 18 +++++++++++++-----
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h
+index 218456e44..c675e8ebb 100644
+--- a/src/lib/gssapi/generic/gssapi_ext.h
++++ b/src/lib/gssapi/generic/gssapi_ext.h
+@@ -595,6 +595,8 @@ gss_store_cred_into(
+ * attribute (along with any applicable RFC 5587 attributes).
+ */
+
++#define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */
++
+ OM_uint32 KRB5_CALLCONV
+ gssspi_query_meta_data(
+ OM_uint32 *minor_status,
+diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
+index 70dd7fc0c..9d3e2f4fe 100644
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -427,6 +427,9 @@ kg_process_extension(krb5_context context,
+ GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \
+ GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG)
+
++/* A zero-value channel binding, for comparison */
++static const uint8_t null_cb[CB_MD5_LEN];
++
+ /*
+ * The krb5 GSS mech appropriates the authenticator checksum field from RFC
+ * 4120 to store structured data instead of a checksum, indicated with checksum
+@@ -435,9 +438,10 @@ kg_process_extension(krb5_context context,
+ *
+ * Interpret the checksum. Read delegated creds into *deleg_out if it is not
+ * NULL. Set *flags_out to the allowed subset of token flags, plus
+- * GSS_C_DELEG_FLAG if a delegated credential was present. Process any
+- * extensions found using exts. On error, set *code_out to a krb5_error code
+- * for use as a minor status value.
++ * GSS_C_DELEG_FLAG if a delegated credential was present and
++ * GSS_C_CHANNEL_BOUND_FLAG if matching channel bindings are present. Process
++ * any extensions found using exts. On error, set *code_out to a krb5_error
++ * code for use as a minor status value.
+ */
+ static OM_uint32
+ process_checksum(OM_uint32 *minor_status, krb5_context context,
+@@ -450,7 +454,7 @@ process_checksum(OM_uint32 *minor_status, krb5_context context,
+ krb5_error_code code = 0;
+ OM_uint32 status, option_id, token_flags;
+ size_t cb_len, option_len;
+- krb5_boolean valid;
++ krb5_boolean valid, token_cb_present = FALSE, cb_match = FALSE;
+ krb5_key subkey;
+ krb5_data option, empty = empty_data();
+ krb5_checksum cb_cksum;
+@@ -516,7 +520,9 @@ process_checksum(OM_uint32 *minor_status, krb5_context context,
+ goto fail;
+ }
+ assert(cb_cksum.length == cb_len);
+- if (k5_bcmp(token_cb, cb_cksum.contents, cb_len) != 0) {
++ token_cb_present = (k5_bcmp(token_cb, null_cb, cb_len) != 0);
++ cb_match = (k5_bcmp(token_cb, cb_cksum.contents, cb_len) == 0);
++ if (token_cb_present && !cb_match) {
+ status = GSS_S_BAD_BINDINGS;
+ goto fail;
+ }
+@@ -525,6 +531,8 @@ process_checksum(OM_uint32 *minor_status, krb5_context context,
+ /* Read the token flags and accept some of them as context flags. */
+ token_flags = k5_input_get_uint32_le(&in);
+ *flags_out = token_flags & INITIATOR_FLAGS;
++ if (cb_match)
++ *flags_out |= GSS_C_CHANNEL_BOUND_FLAG;
+
+ /* Read the delegated credential if present. */
+ if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) {
diff --git a/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
new file mode 100644
index 0000000..41cf5f0
--- /dev/null
+++ b/Implement-KERB_AP_OPTIONS_CBT-server-side.patch
@@ -0,0 +1,102 @@
+From 6407bf087fe53088d91efd09df736e979cd4e8db Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris(a)gmail.com>
+Date: Mon, 9 Mar 2020 16:04:21 +0100
+Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side)
+
+Add server support for Microsoft's KERB_AP_OPTIONS_CBT as described in
+MS-KILE. If the client includes the AP option in the authenticator
+authdata and the server passed channel bindings, require the bindings
+to match.
+
+[ghudson(a)mit.edu: refactored to put more logic in the helper function;
+added a comment; clarified commit message]
+
+ticket: 8900 (new)
+(cherry picked from commit 4f7c77b64a048ca5e3199b26b31493698c777a9c)
+---
+ src/include/krb5/krb5.hin | 1 +
+ src/lib/gssapi/krb5/accept_sec_context.c | 45 +++++++++++++++++++++++-
+ 2 files changed, 45 insertions(+), 1 deletion(-)
+
+diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
+index f8269fb17..9264bede1 100644
+--- a/src/include/krb5/krb5.hin
++++ b/src/include/krb5/krb5.hin
+@@ -1915,6 +1915,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
+ #define KRB5_AUTHDATA_SIGNTICKET 512 /**< formerly 142 in krb5 1.8 */
+ #define KRB5_AUTHDATA_FX_ARMOR 71
+ #define KRB5_AUTHDATA_AUTH_INDICATOR 97
++#define KRB5_AUTHDATA_AP_OPTIONS 143
+ /** @} */ /* end of KRB5_AUTHDATA group */
+
+ /* password change constants */
+diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
+index 9d3e2f4fe..175a24c4e 100644
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -430,6 +430,32 @@ kg_process_extension(krb5_context context,
+ /* A zero-value channel binding, for comparison */
+ static const uint8_t null_cb[CB_MD5_LEN];
+
++/* Look for AP_OPTIONS in authdata. If present and the options include
++ * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */
++static krb5_error_code
++check_cbt(krb5_context context, krb5_authdata **authdata,
++ krb5_boolean *cbt_out)
++{
++ krb5_error_code code;
++ uint32_t ad_ap_options;
++ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000;
++
++ *cbt_out = FALSE;
++
++ code = krb5_find_authdata(context, NULL, authdata,
++ KRB5_AUTHDATA_AP_OPTIONS, &authdata);
++ if (code || authdata == NULL)
++ return code;
++ if (authdata[1] != NULL || authdata[0]->length != 4)
++ return KRB5KRB_AP_ERR_MSG_TYPE;
++
++ ad_ap_options = load_32_le(authdata[0]->contents);
++ if (ad_ap_options & KERB_AP_OPTIONS_CBT)
++ *cbt_out = TRUE;
++
++ return 0;
++}
++
+ /*
+ * The krb5 GSS mech appropriates the authenticator checksum field from RFC
+ * 4120 to store structured data instead of a checksum, indicated with checksum
+@@ -454,7 +480,7 @@ process_checksum(OM_uint32 *minor_status, krb5_context context,
+ krb5_error_code code = 0;
+ OM_uint32 status, option_id, token_flags;
+ size_t cb_len, option_len;
+- krb5_boolean valid, token_cb_present = FALSE, cb_match = FALSE;
++ krb5_boolean valid, client_cbt, token_cb_present = FALSE, cb_match = FALSE;
+ krb5_key subkey;
+ krb5_data option, empty = empty_data();
+ krb5_checksum cb_cksum;
+@@ -582,6 +608,23 @@ process_checksum(OM_uint32 *minor_status, krb5_context context,
+ }
+ }
+
++ /*
++ * If the client asserts the KERB_AP_OPTIONS_CBT flag (from MS-KILE) in the
++ * authenticator authdata, and the acceptor passed channel bindings,
++ * require matching channel bindings from the client. The intent is to
++ * prevent an authenticator generated for use outside of a TLS channel from
++ * being used inside of one.
++ */
++ code = check_cbt(context, authenticator->authorization_data, &client_cbt);
++ if (code) {
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++ if (client_cbt && acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS && !cb_match) {
++ status = GSS_S_BAD_BINDINGS;
++ goto fail;
++ }
++
+ status = GSS_S_COMPLETE;
+
+ fail:
diff --git a/Improve-negoex_parse_token-code-hygiene.patch b/Improve-negoex_parse_token-code-hygiene.patch
new file mode 100644
index 0000000..f6b42a6
--- /dev/null
+++ b/Improve-negoex_parse_token-code-hygiene.patch
@@ -0,0 +1,30 @@
+From c726a72c68244129eb08b840b92144acfa776573 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood(a)redhat.com>
+Date: Tue, 9 Jun 2020 16:23:37 -0400
+Subject: [PATCH] Improve negoex_parse_token() code hygiene
+
+If the while loop in negoex_parse_token() runs for zero iterations,
+major will be used initialized. Currently this cannot happen, but
+only because both of the call sites check for zero-length tokens.
+Initialize major for safety.
+
+[ghudson(a)mit.edu: rewrote commit message]
+
+(cherry picked from commit 4f91b6f8fa6fe1de662b3fdac0d59b7758ec642a)
+---
+ src/lib/gssapi/spnego/negoex_util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/gssapi/spnego/negoex_util.c b/src/lib/gssapi/spnego/negoex_util.c
+index 700368456..99580fd79 100644
+--- a/src/lib/gssapi/spnego/negoex_util.c
++++ b/src/lib/gssapi/spnego/negoex_util.c
+@@ -454,7 +454,7 @@ negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+ gss_const_buffer_t token,
+ struct negoex_message **messages_out, size_t *count_out)
+ {
+- OM_uint32 major;
++ OM_uint32 major = GSS_S_COMPLETE;
+ size_t count = 0;
+ struct k5input in;
+ struct negoex_message *messages = NULL, *newptr;
diff --git a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
index 0d6b9e9..d0db74b 100644
--- a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
+++ b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
@@ -1,4 +1,4 @@
-From 086de78292b8ae89aba8a72926831124da44205d Mon Sep 17 00:00:00 2001
+From c36e826c70cb5b3bff8bd4371d47884cea30b3f4 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris(a)gmail.com>
Date: Sat, 6 Jun 2020 11:03:37 +0200
Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum
diff --git a/Pass-channel-bindings-through-SPNEGO.patch b/Pass-channel-bindings-through-SPNEGO.patch
index 0137f0c..5ab5c07 100644
--- a/Pass-channel-bindings-through-SPNEGO.patch
+++ b/Pass-channel-bindings-through-SPNEGO.patch
@@ -1,4 +1,4 @@
-From dd82ae2d390c4de1b8a7737a918d80d6829366dd Mon Sep 17 00:00:00 2001
+From ee79bd43005245d3e5a2d3ec6d61146945e77717 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris(a)gmail.com>
Date: Tue, 28 Apr 2020 18:15:55 +0200
Subject: [PATCH] Pass channel bindings through SPNEGO
diff --git a/Refactor-krb5-GSS-checksum-handling.patch b/Refactor-krb5-GSS-checksum-handling.patch
new file mode 100644
index 0000000..392d929
--- /dev/null
+++ b/Refactor-krb5-GSS-checksum-handling.patch
@@ -0,0 +1,479 @@
+From a34b7c50e62c19f80d39ece6a72017dac781df64 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel(a)redhat.com>
+Date: Fri, 30 Jun 2017 16:03:01 -0400
+Subject: [PATCH] Refactor krb5 GSS checksum handling
+
+Separate out checksum handling from kg_accept_krb5() into a new helper
+process_checksum().
+
+[ghudson(a)mit.edu: simplified checksum processing and made it use
+k5-input.h instead of TREAD_ macros; moved more flag handling into
+helper]
+
+[iboukris: adjusted helper function arguments, allowing access to the
+full authenticator for subsequent changes]
+
+(cherry picked from commit 64d56233f9816a2a93f6e8d3030c8ed6ce397735)
+[rharwood(a)redhat.com: problem with typo fix commit, I think]
+---
+ src/lib/gssapi/krb5/accept_sec_context.c | 383 +++++++++++------------
+ 1 file changed, 179 insertions(+), 204 deletions(-)
+
+diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
+index c5bddb1e8..70dd7fc0c 100644
+--- a/src/lib/gssapi/krb5/accept_sec_context.c
++++ b/src/lib/gssapi/krb5/accept_sec_context.c
+@@ -98,6 +98,7 @@
+ */
+
+ #include "k5-int.h"
++#include "k5-input.h"
+ #include "gssapiP_krb5.h"
+ #ifdef HAVE_MEMORY_H
+ #include <memory.h>
+@@ -413,6 +414,174 @@ kg_process_extension(krb5_context context,
+ return code;
+ }
+
++/* The length of the MD5 channel bindings in an 0x8003 checksum */
++#define CB_MD5_LEN 16
++
++/* The minimum length of an 0x8003 checksum value (4-byte channel bindings
++ * length, 16-byte channel bindings, 4-byte flags) */
++#define MIN_8003_LEN (4 + CB_MD5_LEN + 4)
++
++/* The flags we accept from the initiator's authenticator checksum. */
++#define INITIATOR_FLAGS (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \
++ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \
++ GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \
++ GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG)
++
++/*
++ * The krb5 GSS mech appropriates the authenticator checksum field from RFC
++ * 4120 to store structured data instead of a checksum, indicated with checksum
++ * type 0x8003 (see RFC 4121 section 4.1.1). Some implementations instead send
++ * no checksum, or a regular checksum over empty data.
++ *
++ * Interpret the checksum. Read delegated creds into *deleg_out if it is not
++ * NULL. Set *flags_out to the allowed subset of token flags, plus
++ * GSS_C_DELEG_FLAG if a delegated credential was present. Process any
++ * extensions found using exts. On error, set *code_out to a krb5_error code
++ * for use as a minor status value.
++ */
++static OM_uint32
++process_checksum(OM_uint32 *minor_status, krb5_context context,
++ gss_channel_bindings_t acceptor_cb,
++ krb5_auth_context auth_context, krb5_flags ap_req_options,
++ krb5_authenticator *authenticator, krb5_gss_ctx_ext_t exts,
++ krb5_gss_cred_id_t *deleg_out, krb5_ui_4 *flags_out,
++ krb5_error_code *code_out)
++{
++ krb5_error_code code = 0;
++ OM_uint32 status, option_id, token_flags;
++ size_t cb_len, option_len;
++ krb5_boolean valid;
++ krb5_key subkey;
++ krb5_data option, empty = empty_data();
++ krb5_checksum cb_cksum;
++ const uint8_t *token_cb, *option_bytes;
++ struct k5input in;
++ const krb5_checksum *cksum = authenticator->checksum;
++
++ cb_cksum.contents = NULL;
++
++ if (cksum == NULL) {
++ /*
++ * Some SMB client implementations use handcrafted GSSAPI code that
++ * does not provide a checksum. MS-KILE documents that the Microsoft
++ * implementation considers a missing checksum acceptable; the server
++ * assumes all flags are unset in this case, and does not check channel
++ * bindings.
++ */
++ *flags_out = 0;
++ } else if (cksum->checksum_type != CKSUMTYPE_KG_CB) {
++ /* Samba sends a regular checksum. */
++ code = krb5_auth_con_getkey_k(context, auth_context, &subkey);
++ if (code) {
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++
++ /* Verifying the checksum ensures that this authenticator wasn't
++ * replayed from one with a checksum over actual data. */
++ code = krb5_k_verify_checksum(context, subkey,
++ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, &empty,
++ cksum, &valid);
++ krb5_k_free_key(context, subkey);
++ if (code || !valid) {
++ status = GSS_S_BAD_SIG;
++ goto fail;
++ }
++
++ /* Use ap_options from the request to guess the mutual flag. */
++ *flags_out = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
++ if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED)
++ *flags_out |= GSS_C_MUTUAL_FLAG;
++ } else {
++ /* The checksum must contain at least a fixed 24-byte part. */
++ if (cksum->length < MIN_8003_LEN) {
++ status = GSS_S_BAD_BINDINGS;
++ goto fail;
++ }
++
++ k5_input_init(&in, cksum->contents, cksum->length);
++ cb_len = k5_input_get_uint32_le(&in);
++ if (cb_len != CB_MD5_LEN) {
++ code = KG_BAD_LENGTH;
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++
++ token_cb = k5_input_get_bytes(&in, cb_len);
++ if (acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS) {
++ code = kg_checksum_channel_bindings(context, acceptor_cb,
++ &cb_cksum);
++ if (code) {
++ status = GSS_S_BAD_BINDINGS;
++ goto fail;
++ }
++ assert(cb_cksum.length == cb_len);
++ if (k5_bcmp(token_cb, cb_cksum.contents, cb_len) != 0) {
++ status = GSS_S_BAD_BINDINGS;
++ goto fail;
++ }
++ }
++
++ /* Read the token flags and accept some of them as context flags. */
++ token_flags = k5_input_get_uint32_le(&in);
++ *flags_out = token_flags & INITIATOR_FLAGS;
++
++ /* Read the delegated credential if present. */
++ if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) {
++ option_id = k5_input_get_uint16_le(&in);
++ option_len = k5_input_get_uint16_le(&in);
++ option_bytes = k5_input_get_bytes(&in, option_len);
++ option = make_data((uint8_t *)option_bytes, option_len);
++ if (in.status) {
++ code = KG_BAD_LENGTH;
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++ if (option_id != KRB5_GSS_FOR_CREDS_OPTION) {
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++
++ /* Store the delegated credential. */
++ code = rd_and_store_for_creds(context, auth_context, &option,
++ deleg_out);
++ if (code) {
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++ *flags_out |= GSS_C_DELEG_FLAG;
++ }
++
++ /* Process any extensions at the end of the checksum. Extensions use
++ * 4-byte big-endian tag and length instead of 2-byte little-endian. */
++ while (in.len > 0) {
++ option_id = k5_input_get_uint32_be(&in);
++ option_len = k5_input_get_uint32_be(&in);
++ option_bytes = k5_input_get_bytes(&in, option_len);
++ option = make_data((uint8_t *)option_bytes, option_len);
++ if (in.status) {
++ code = KG_BAD_LENGTH;
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++
++ code = kg_process_extension(context, auth_context, option_id,
++ &option, exts);
++ if (code) {
++ status = GSS_S_FAILURE;
++ goto fail;
++ }
++ }
++ }
++
++ status = GSS_S_COMPLETE;
++
++fail:
++ free(cb_cksum.contents);
++ *code_out = code;
++ return status;
++}
++
+ static OM_uint32
+ kg_accept_krb5(minor_status, context_handle,
+ verifier_cred_handle, input_token,
+@@ -433,17 +602,13 @@ kg_accept_krb5(minor_status, context_handle,
+ krb5_gss_ctx_ext_t exts;
+ {
+ krb5_context context;
+- unsigned char *ptr, *ptr2;
++ unsigned char *ptr;
+ char *sptr;
+- OM_uint32 tmp;
+- size_t md5len;
+ krb5_gss_cred_id_t cred = 0;
+ krb5_data ap_rep, ap_req;
+- unsigned int i;
+ krb5_error_code code;
+ krb5_address addr, *paddr;
+ krb5_authenticator *authdat = 0;
+- krb5_checksum reqcksum;
+ krb5_gss_name_t name = NULL;
+ krb5_ui_4 gss_flags = 0;
+ krb5_gss_ctx_id_rec *ctx = NULL;
+@@ -451,8 +616,6 @@ kg_accept_krb5(minor_status, context_handle,
+ gss_buffer_desc token;
+ krb5_auth_context auth_context = NULL;
+ krb5_ticket * ticket = NULL;
+- int option_id;
+- krb5_data option;
+ const gss_OID_desc *mech_used = NULL;
+ OM_uint32 major_status = GSS_S_FAILURE;
+ OM_uint32 tmp_minor_status;
+@@ -463,7 +626,6 @@ kg_accept_krb5(minor_status, context_handle,
+ krb5int_access kaccess;
+ int cred_rcache = 0;
+ int no_encap = 0;
+- int token_deleg_flag = 0;
+ krb5_flags ap_req_options = 0;
+ krb5_enctype negotiated_etype;
+ krb5_authdata_context ad_context = NULL;
+@@ -489,7 +651,6 @@ kg_accept_krb5(minor_status, context_handle,
+ output_token->length = 0;
+ output_token->value = NULL;
+ token.value = 0;
+- reqcksum.contents = 0;
+ ap_req.data = 0;
+ ap_rep.data = 0;
+
+@@ -654,195 +815,16 @@ kg_accept_krb5(minor_status, context_handle,
+
+ krb5_auth_con_getauthenticator(context, auth_context, &authdat);
+
+- if (authdat->checksum == NULL) {
+- /*
+- * Some SMB client implementations use handcrafted GSSAPI code that
+- * does not provide a checksum. MS-KILE documents that the Microsoft
+- * implementation considers a missing checksum acceptable; the server
+- * assumes all flags are unset in this case, and does not check channel
+- * bindings.
+- */
+- gss_flags = 0;
+- } else if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
+- /* Samba does not send 0x8003 GSS-API checksums */
+- krb5_boolean valid;
+- krb5_key subkey;
+- krb5_data zero;
++ major_status = process_checksum(minor_status, context, input_chan_bindings,
++ auth_context, ap_req_options,
++ authdat, exts,
++ delegated_cred_handle ? &deleg_cred : NULL,
++ &gss_flags, &code);
+
+- code = krb5_auth_con_getkey_k(context, auth_context, &subkey);
+- if (code) {
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
++ if (major_status != GSS_S_COMPLETE)
++ goto fail;
+
+- zero.length = 0;
+- zero.data = "";
+-
+- code = krb5_k_verify_checksum(context,
+- subkey,
+- KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+- &zero,
+- authdat->checksum,
+- &valid);
+- krb5_k_free_key(context, subkey);
+- if (code || !valid) {
+- major_status = GSS_S_BAD_SIG;
+- goto fail;
+- }
+-
+- /* Use ap_options from the request to guess the mutual flag. */
+- gss_flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+- if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED)
+- gss_flags |= GSS_C_MUTUAL_FLAG;
+- } else {
+- /* gss krb5 v1 */
+-
+- /* stash this now, for later. */
+- code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len);
+- if (code) {
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+-
+- /* verify that the checksum is correct */
+-
+- /*
+- The checksum may be either exactly 24 bytes, in which case
+- no options are specified, or greater than 24 bytes, in which case
+- one or more options are specified. Currently, the only valid
+- option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ).
+- */
+-
+- if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) ||
+- (authdat->checksum->length < 24)) {
+- code = 0;
+- major_status = GSS_S_BAD_BINDINGS;
+- goto fail;
+- }
+-
+- ptr = (unsigned char *) authdat->checksum->contents;
+-
+- TREAD_INT(ptr, tmp, 0);
+-
+- if (tmp != md5len) {
+- code = KG_BAD_LENGTH;
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+-
+- /*
+- The following section of code attempts to implement the
+- optional channel binding facility as described in RFC2743.
+-
+- Since this facility is optional channel binding may or may
+- not have been provided by either the client or the server.
+-
+- If the server has specified input_chan_bindings equal to
+- GSS_C_NO_CHANNEL_BINDINGS then we skip the check. If
+- the server does provide channel bindings then we compute
+- a checksum and compare against those provided by the
+- client. */
+-
+- if ((code = kg_checksum_channel_bindings(context,
+- input_chan_bindings,
+- &reqcksum))) {
+- major_status = GSS_S_BAD_BINDINGS;
+- goto fail;
+- }
+-
+- /* Always read the clients bindings - eventhough we might ignore them */
+- TREAD_STR(ptr, ptr2, reqcksum.length);
+-
+- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) {
+- if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) {
+- xfree(reqcksum.contents);
+- reqcksum.contents = 0;
+- code = 0;
+- major_status = GSS_S_BAD_BINDINGS;
+- goto fail;
+- }
+-
+- }
+-
+- xfree(reqcksum.contents);
+- reqcksum.contents = 0;
+-
+- /* Read the token flags. Remember if GSS_C_DELEG_FLAG was set, but
+- * mask it out until we actually read a delegated credential. */
+- TREAD_INT(ptr, gss_flags, 0);
+- token_deleg_flag = (gss_flags & GSS_C_DELEG_FLAG);
+- gss_flags &= ~GSS_C_DELEG_FLAG;
+-
+- /* if the checksum length > 24, there are options to process */
+-
+- i = authdat->checksum->length - 24;
+- if (i && token_deleg_flag) {
+- if (i >= 4) {
+- TREAD_INT16(ptr, option_id, 0);
+- TREAD_INT16(ptr, option.length, 0);
+- i -= 4;
+-
+- if (i < option.length) {
+- code = KG_BAD_LENGTH;
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+-
+- /* have to use ptr2, since option.data is wrong type and
+- macro uses ptr as both lvalue and rvalue */
+-
+- TREAD_STR(ptr, ptr2, option.length);
+- option.data = (char *) ptr2;
+-
+- i -= option.length;
+-
+- if (option_id != KRB5_GSS_FOR_CREDS_OPTION) {
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+-
+- /* store the delegated credential */
+-
+- code = rd_and_store_for_creds(context, auth_context, &option,
+- (delegated_cred_handle) ?
+- &deleg_cred : NULL);
+- if (code) {
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+-
+- gss_flags |= GSS_C_DELEG_FLAG;
+- } /* if i >= 4 */
+- /* ignore any additional trailing data, for now */
+- }
+- while (i > 0) {
+- /* Process Type-Length-Data options */
+- if (i < 8) {
+- code = KG_BAD_LENGTH;
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+- TREAD_INT(ptr, option_id, 1);
+- TREAD_INT(ptr, option.length, 1);
+- i -= 8;
+- if (i < option.length) {
+- code = KG_BAD_LENGTH;
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+- TREAD_STR(ptr, ptr2, option.length);
+- option.data = (char *)ptr2;
+-
+- i -= option.length;
+-
+- code = kg_process_extension(context, auth_context,
+- option_id, &option, exts);
+- if (code != 0) {
+- major_status = GSS_S_FAILURE;
+- goto fail;
+- }
+- }
+- }
++ major_status = GSS_S_FAILURE;
+
+ if (exts->iakerb.conv && !exts->iakerb.verified) {
+ major_status = GSS_S_BAD_SIG;
+@@ -869,12 +851,7 @@ kg_accept_krb5(minor_status, context_handle,
+ ctx->mech_used = (gss_OID) mech_used;
+ ctx->auth_context = auth_context;
+ ctx->initiate = 0;
+- ctx->gss_flags = (GSS_C_TRANS_FLAG |
+- ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
+- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+- GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG |
+- GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
+- GSS_C_EXTENDED_ERROR_FLAG)));
++ ctx->gss_flags = gss_flags | GSS_C_TRANS_FLAG;
+ ctx->seed_init = 0;
+ ctx->cred_rcache = cred_rcache;
+
+@@ -1161,8 +1138,6 @@ fail:
+
+ krb5_auth_con_free(context, auth_context);
+ }
+- if (reqcksum.contents)
+- xfree(reqcksum.contents);
+ if (ap_rep.data)
+ krb5_free_data_contents(context, &ap_rep);
+ if (major_status == GSS_S_COMPLETE ||
diff --git a/Remove-resolver-test-utility.patch b/Remove-resolver-test-utility.patch
index 95055df..6602185 100644
--- a/Remove-resolver-test-utility.patch
+++ b/Remove-resolver-test-utility.patch
@@ -1,4 +1,4 @@
-From c21bb26abc4799298726124d73f0c968430a87bd Mon Sep 17 00:00:00 2001
+From 85bb5fe5a11708b78e9f0bd3a3b34999b6c888a7 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Thu, 28 May 2020 18:41:02 -0400
Subject: [PATCH] Remove resolver test utility
diff --git a/Replace-gssrpc-tests-with-a-Python-script.patch b/Replace-gssrpc-tests-with-a-Python-script.patch
index 5632455..17fee61 100644
--- a/Replace-gssrpc-tests-with-a-Python-script.patch
+++ b/Replace-gssrpc-tests-with-a-Python-script.patch
@@ -1,4 +1,4 @@
-From 5af211200d6c2ac82872435556f5b39edcaba541 Mon Sep 17 00:00:00 2001
+From a12fc355a034e5b1d23bdb23db9735d4eaa396d8 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Sat, 15 Feb 2020 20:34:23 -0500
Subject: [PATCH] Replace gssrpc tests with a Python script
diff --git a/krb5.spec b/krb5.spec
index 0bd0d21..5d1ebda 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 7%{?dist}
+Release: 8%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -56,11 +56,17 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
-Patch20: Pass-channel-bindings-through-SPNEGO.patch
Patch21: Replace-gssrpc-tests-with-a-Python-script.patch
Patch22: Default-dns_canonicalize_hostname-to-fallback.patch
Patch23: Remove-resolver-test-utility.patch
Patch24: Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
+Patch25: Improve-negoex_parse_token-code-hygiene.patch
+Patch26: Refactor-krb5-GSS-checksum-handling.patch
+Patch27: Implement-GSS_C_CHANNEL_BOUND_FLAG.patch
+Patch28: Implement-KERB_AP_OPTIONS_CBT-server-side.patch
+Patch29: Add-client_aware_channel_bindings-option.patch
+Patch30: Pass-channel-bindings-through-SPNEGO.patch
+Patch31: Add-channel-bindings-tests.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -615,6 +621,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Mon Jun 15 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-8
+- Match Heimdal behavior for channel bindings
+
* Mon Jun 08 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-7
- Fix test suite by removing wrapper workarounds
commit feaafc07b2c53c9d7306e1d7987cfae76b843776
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon Jun 8 22:00:22 2020 +0000
Fix test suite by removing wrapper workarounds
diff --git a/krb5.spec b/krb5.spec
index f485b6b..0bd0d21 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 6%{?dist}
+Release: 7%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -39,9 +39,6 @@ Source33: krb5kdc.logrotate
Source34: kadmind.logrotate
Source39: krb5-krb5kdc.conf
-# Carry this locally until it's available in a packaged form.
-Source100: noport.c
-
Patch0: downstream-ksu-pam-integration.patch
Patch1: downstream-SELinux-integration.patch
Patch2: downstream-Adjust-build-configuration.patch
@@ -68,7 +65,7 @@ Patch24: Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
BuildRequires: autoconf, bison, cmake, flex, gawk, gettext, pkgconfig, sed
-BuildRequires: gcc
+BuildRequires: gcc, gcc-c++
BuildRequires: libcom_err-devel, libedit-devel, libss-devel
BuildRequires: gzip, ncurses-devel
BuildRequires: python3-sphinx
@@ -88,8 +85,7 @@ BuildRequires: iproute
BuildRequires: libverto-devel
BuildRequires: openldap-devel
BuildRequires: lmdb-devel
-BuildRequires: nss_wrapper
-BuildRequires: socket_wrapper
+BuildRequires: python3-pyrad
# Need KDFs. This is the backported version
BuildRequires: openssl-devel >= 1:1.1.1d-4
@@ -295,34 +291,17 @@ sphinx-build -a -b man -t pathsubs doc build-man
sphinx-build -a -b html -t pathsubs doc build-html
rm -fr build-html/_sources
-# We need to cut off any access to locally-running nameservers, too.
-%{__cc} -fPIC -shared -o noport.so -Wall -Wextra %{SOURCE100}
-
%check
-mkdir nss_wrapper
-
-# Set things up to use the test wrappers.
-export NSS_WRAPPER_HOSTNAME=test.example.com
-export NSS_WRAPPER_HOSTS="$PWD/nss_wrapper/fakehosts"
-echo "127.0.0.1 $NSS_WRAPPER_HOSTNAME localhost" > $NSS_WRAPPER_HOSTS
-export NOPORT='53,111'
-export SOCKET_WRAPPER_DIR="$PWD/sockets" ; mkdir -p $SOCKET_WRAPPER_DIR
-export LD_PRELOAD="$PWD/noport.so:libnss_wrapper.so:libsocket_wrapper.so"
+pushd src
# ugh. COPR doesn't expose the keyring, so try to cope.
KEYCTL=keyctl
keyctl list @u &>/dev/null || KEYCTL=:
-# Run the test suite. We can't actually run the whole thing in the build
-# system, but we can at least run more than we used to. The build system may
-# give us a revoked session keyring, so run affected tests with a new one.
-make -C src runenv.py
-: make -C src check TMPDIR=%{_tmppath}
-$KEYCTL session - make -C src/lib check TMPDIR=%{_tmppath} OFFLINE=yes
-make -C src/kdc check TMPDIR=%{_tmppath}
-$KEYCTL session - make -C src/appl check TMPDIR=%{_tmppath}
-make -C src/clients check TMPDIR=%{_tmppath}
-$KEYCTL session - make -C src/util check TMPDIR=%{_tmppath}
+# The build system may give us a revoked session keyring, so run affected
+# tests with a new one.
+$KEYCTL session - make check OFFLINE=yes TMPDIR=%{_tmppath}
+popd
%install
[ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT"
@@ -636,6 +615,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Mon Jun 08 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-7
+- Fix test suite by removing wrapper workarounds
+
* Mon Jun 08 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-6
- Omit PA_FOR_USER if we can't compute its checksum
diff --git a/noport.c b/noport.c
deleted file mode 100644
index 22088eb..0000000
--- a/noport.c
+++ /dev/null
@@ -1,111 +0,0 @@
-#define _GNU_SOURCE
-#include <sys/socket.h>
-#include <dlfcn.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h>
-
-static int
-port_is_okay(unsigned short port)
-{
- char *p, *q;
- long l;
-
- p = getenv("NOPORT");
- while ((p != NULL) && (*p != '\0')) {
- l = strtol(p, &q, 10);
- if ((q == NULL) || (q == p)) {
- break;
- }
- if ((*q == '\0') || (*q == ',')) {
- if (port == l) {
- errno = ECONNREFUSED;
- return -1;
- }
- }
- p = q;
- p += strspn(p, ",");
- }
- return 0;
-}
-
-int
-connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
-{
- unsigned short port;
- static int (*next_connect)(int, const struct sockaddr *, socklen_t);
-
- if (next_connect == NULL) {
- next_connect = dlsym(RTLD_NEXT, "connect");
- if (next_connect == NULL) {
- errno = ENOSYS;
- return -1;
- }
- }
-
- if (getenv("NOPORT") == NULL) {
- return next_connect(sockfd, addr, addrlen);
- }
-
- switch (addr->sa_family) {
- case AF_INET:
- port = ntohs(((struct sockaddr_in *)addr)->sin_port);
- if (port_is_okay(port) != 0) {
- return -1;
- }
- break;
- case AF_INET6:
- port = ntohs(((struct sockaddr_in6 *)addr)->sin6_port);
- if (port_is_okay(port) != 0) {
- return -1;
- }
- break;
- default:
- break;
- }
- return next_connect(sockfd, addr, addrlen);
-}
-
-ssize_t
-sendto(int sockfd, const void *buf, size_t len, int flags,
- const struct sockaddr *dest_addr, socklen_t addrlen)
-{
- unsigned short port;
- static int (*next_sendto)(int, const void *, size_t, int,
- const struct sockaddr *, socklen_t);
-
- if (next_sendto == NULL) {
- next_sendto = dlsym(RTLD_NEXT, "sendto");
- if (next_sendto == NULL) {
- errno = ENOSYS;
- return -1;
- }
- }
-
- if (getenv("NOPORT") == NULL) {
- return next_sendto(sockfd, buf, len, flags, dest_addr, addrlen);
- }
-
- if (dest_addr != NULL) {
- switch (dest_addr->sa_family) {
- case AF_INET:
- port = ((struct sockaddr_in *)dest_addr)->sin_port;
- port = ntohs(port);
- if (port_is_okay(port) != 0) {
- return -1;
- }
- break;
- case AF_INET6:
- port = ((struct sockaddr_in6 *)dest_addr)->sin6_port;
- port = ntohs(port);
- if (port_is_okay(port) != 0) {
- return -1;
- }
- break;
- default:
- break;
- }
- }
- return next_sendto(sockfd, buf, len, flags, dest_addr, addrlen);
-}
commit 3c4e18f2f31ae7d1bfd5a7721a067c3d21bea99c
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon Jun 8 16:01:55 2020 -0400
Omit PA_FOR_USER if we can't compute its checksum
diff --git a/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
new file mode 100644
index 0000000..0d6b9e9
--- /dev/null
+++ b/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
@@ -0,0 +1,34 @@
+From 086de78292b8ae89aba8a72926831124da44205d Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris(a)gmail.com>
+Date: Sat, 6 Jun 2020 11:03:37 +0200
+Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum
+
+OpenSSL in FIPS mode will refuse to perform hmac-md5. Omit the legacy
+PA_FOR_USER element in this case rather than failing out.
+
+[ghudson(a)mit.edu: minor code and comment edits; wrote commit message]
+
+ticket: 8912 (new)
+(cherry picked from commit 03f122bdb22cfa53c7d855ed929c9541e56365e0)
+---
+ src/lib/krb5/krb/s4u_creds.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
+index fc5c886d6..d8f486dc6 100644
+--- a/src/lib/krb5/krb/s4u_creds.c
++++ b/src/lib/krb5/krb/s4u_creds.c
+@@ -534,6 +534,13 @@ krb5_get_self_cred_from_kdc(krb5_context context,
+ if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) {
+ code = build_pa_for_user(context, tgtptr, &s4u_user.user_id,
+ &in_padata[1]);
++ /*
++ * If we couldn't compute the hmac-md5 checksum, send only the
++ * KRB5_PADATA_S4U_X509_USER; this will still work against modern
++ * Windows and MIT KDCs.
++ */
++ if (code == KRB5_CRYPTO_INTERNAL)
++ code = 0;
+ if (code != 0) {
+ krb5_free_pa_data(context, in_padata);
+ goto cleanup;
diff --git a/krb5.spec b/krb5.spec
index 3c2201e..f485b6b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 5%{?dist}
+Release: 6%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -63,6 +63,7 @@ Patch20: Pass-channel-bindings-through-SPNEGO.patch
Patch21: Replace-gssrpc-tests-with-a-Python-script.patch
Patch22: Default-dns_canonicalize_hostname-to-fallback.patch
Patch23: Remove-resolver-test-utility.patch
+Patch24: Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -635,6 +636,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Mon Jun 08 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-6
+- Omit PA_FOR_USER if we can't compute its checksum
+
* Sat May 30 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-5
- Replace gssrpc tests with a Python script
commit 49849de3293936c6c1869f459ca3456c8804a06f
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Sat May 30 12:38:04 2020 -0400
Replace gssrpc tests with a Python script
diff --git a/Default-dns_canonicalize_hostname-to-fallback.patch b/Default-dns_canonicalize_hostname-to-fallback.patch
index 2e34e13..b252354 100644
--- a/Default-dns_canonicalize_hostname-to-fallback.patch
+++ b/Default-dns_canonicalize_hostname-to-fallback.patch
@@ -1,4 +1,4 @@
-From 1e72ba5c1b74d5b78f84c5884d06e979830aeb53 Mon Sep 17 00:00:00 2001
+From d003b4aa8dce14967725d6607c54ceb884b3647c Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Wed, 27 May 2020 18:48:35 -0400
Subject: [PATCH] Default dns_canonicalize_hostname to "fallback"
diff --git a/Remove-resolver-test-utility.patch b/Remove-resolver-test-utility.patch
index 444f99a..95055df 100644
--- a/Remove-resolver-test-utility.patch
+++ b/Remove-resolver-test-utility.patch
@@ -1,4 +1,4 @@
-From 621cf6c98d74b025a0ca190cd279756596709ef9 Mon Sep 17 00:00:00 2001
+From c21bb26abc4799298726124d73f0c968430a87bd Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Thu, 28 May 2020 18:41:02 -0400
Subject: [PATCH] Remove resolver test utility
@@ -22,10 +22,10 @@ tests/resolve is no longer used after the previous commit.
delete mode 100644 src/tests/resolve/resolve.c
diff --git a/src/configure.ac b/src/configure.ac
-index 29be532cb..2a756d6b5 100644
+index aafc462f9..00b5ea4c5 100644
--- a/src/configure.ac
+++ b/src/configure.ac
-@@ -1542,7 +1542,6 @@ V5_AC_OUTPUT_MAKEFILE(.
+@@ -1540,7 +1540,6 @@ V5_AC_OUTPUT_MAKEFILE(.
appl/simple appl/simple/client appl/simple/server
appl/gss-sample appl/user_user
diff --git a/Replace-gssrpc-tests-with-a-Python-script.patch b/Replace-gssrpc-tests-with-a-Python-script.patch
new file mode 100644
index 0000000..5632455
--- /dev/null
+++ b/Replace-gssrpc-tests-with-a-Python-script.patch
@@ -0,0 +1,861 @@
+From 5af211200d6c2ac82872435556f5b39edcaba541 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Sat, 15 Feb 2020 20:34:23 -0500
+Subject: [PATCH] Replace gssrpc tests with a Python script
+
+Replace the dejagnu RPC test framework with a short Python script to
+do the same tests as fullrun.exp and gsserr.exp. Modify the server
+test program to facilitate use by k5test.py.
+
+expire.exp, together with a comment in the client test program, was
+designed to test a libdb2 btree bug via the gssrpc server-side
+authentication code. That code was subsequently changed not to use
+libdb2, before it was merged into the main krb5 tree (in revision 1.23
+of svc_auth_gssapi.c, according to the changelog removed in commit
+2a43d772be1e45faa8e488d436b6e867371563fb). Remove the comment and do
+not replace that test sequence.
+
+[rharwood(a)redhat.com: .gitignore]
+---
+ src/configure.ac | 2 -
+ src/lib/rpc/unit-test/Makefile.in | 36 +--
+ src/lib/rpc/unit-test/client.c | 26 ---
+ src/lib/rpc/unit-test/config/unix.exp | 176 --------------
+ src/lib/rpc/unit-test/lib/helpers.exp | 234 -------------------
+ src/lib/rpc/unit-test/rpc_test.0/expire.exp | 49 ----
+ src/lib/rpc/unit-test/rpc_test.0/fullrun.exp | 91 --------
+ src/lib/rpc/unit-test/rpc_test.0/gsserr.exp | 30 ---
+ src/lib/rpc/unit-test/server.c | 13 +-
+ src/lib/rpc/unit-test/t_rpc.py | 29 +++
+ 10 files changed, 41 insertions(+), 645 deletions(-)
+ delete mode 100644 src/lib/rpc/unit-test/config/unix.exp
+ delete mode 100644 src/lib/rpc/unit-test/lib/helpers.exp
+ delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/expire.exp
+ delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
+ delete mode 100644 src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
+ create mode 100644 src/lib/rpc/unit-test/t_rpc.py
+
+diff --git a/src/configure.ac b/src/configure.ac
+index 29be532cb..aafc462f9 100644
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -1102,8 +1102,6 @@ extern void endrpcent();],
+ AC_MSG_RESULT($k5_cv_type_endrpcent)
+ AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
+ K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin)
+-PASS=tcp
+-AC_SUBST(PASS)
+
+ # for pkinit
+ AC_ARG_ENABLE([pkinit],
+diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in
+index 0b6e5203d..309ae2b21 100644
+--- a/src/lib/rpc/unit-test/Makefile.in
++++ b/src/lib/rpc/unit-test/Makefile.in
+@@ -16,10 +16,6 @@ server: server.o rpc_test_svc.o $(GSSRPC_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+
+ client.o server.o: rpc_test.h
+
+-runenv.exp: Makefile
+- $(RUN_SETUP); for i in $(RUN_VARS); do \
+- eval echo "set env\($$i\) \$$$$i"; done > runenv.exp
+-
+ # If rpc_test.h and rpc_test_*.c do not work on your system, you can
+ # try using rpcgen by uncommenting these lines (be sure to uncomment
+ # then in the generated not Makefile.in).
+@@ -34,37 +30,9 @@ runenv.exp: Makefile
+ # rm -f rpc_test.h rpc_test_clnt.c rpc_test_svc.c
+ #
+
+-check unit-test: unit-test-@DO_TEST@
+-
+-unit-test-:
+- @echo "+++"
+- @echo "+++ WARNING: lib/rpc unit tests not run."
+- @echo "+++ Either tcl, runtest, or Perl is unavailable."
+- @echo "+++"
+- @echo 'Skipped rpc tests: runtest or Perl not found' >> $(SKIPTESTS)
+-
+-unit-test-ok: unit-test-body
+-
+-PASS=@PASS@
+-unit-test-body: runenv.sh runenv.exp
+- $(RM) krb5cc_rpc_test_*
+- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
+- RPC_TEST_KEYTAB=/tmp/rpc_test_keytab.$$$$ ; export RPC_TEST_KEYTAB ; \
+- trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_KEYTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \
+- if $(ENV_SETUP) \
+- $(RUNTEST) SERVER=./server CLIENT=./client \
+- KINIT=$(BUILDTOP)/clients/kinit/kinit \
+- KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
+- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \
+- PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \
+- then \
+- echo Cleaning up... ; \
+- rm -f $$RPC_TEST_KEYTAB krb5cc_rpc_test_* ; \
+- $(ENV_SETUP) $(STOP_SERVERS) ; \
+- trap 0 ; exit 0 ; \
+- else exit 1 ; fi
++check-pytests:
++ $(RUNPYTEST) $(srcdir)/t_rpc.py $(PYTESTFLAGS)
+
+ clean:
+ $(RM) server client
+- $(RM) dbg.log rpc_test.log rpc_test.sum runenv.exp
+
+diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
+index 5edde49df..c9a812bc5 100644
+--- a/src/lib/rpc/unit-test/client.c
++++ b/src/lib/rpc/unit-test/client.c
+@@ -231,32 +231,6 @@ main(argc, argv)
+ else
+ gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+
+- /*
+- * Test fix for secure-rpc/586, part 1: btree keys must be
+- * unique. Create another context from the same credentials; it
+- * should have the same expiration time and will cause the server
+- * to abort if the clients are not differentiated.
+- *
+- * Test fix for secure-rpc/586, part 2: btree keys cannot be
+- * mutated in place. To test this: a second client, *with a
+- * later expiration time*, must be run. The second client should
+- * destroy itself *after* the first one; if the key-mutating bug
+- * is not fixed, the second client_data will be in the btree
+- * before the first, but its key will be larger; thus, when the
+- * first client calls AUTH_DESTROY, the server won't find it in
+- * the btree and call abort.
+- *
+- * For unknown reasons, running just a second client didn't
+- * tickle the bug; the btree code seemed to guess which node to
+- * look at first. Running a total of three clients does ticket
+- * the bug. Thus, the full test sequence looks like this:
+- *
+- * kinit -l 20m user && client server test@ddn 200
+- * sleep 1
+- * kini -l 30m user && client server test@ddn 300
+- * sleep 1
+- * kinit -l 40m user && client server test@ddn 400
+- */
+ if (! auth_once) {
+ tmp_auth = clnt->cl_auth;
+ clnt->cl_auth = auth_gssapi_create_default(clnt, target);
+diff --git a/src/lib/rpc/unit-test/config/unix.exp b/src/lib/rpc/unit-test/config/unix.exp
+deleted file mode 100644
+index 18da62be4..000000000
+--- a/src/lib/rpc/unit-test/config/unix.exp
++++ /dev/null
+@@ -1,176 +0,0 @@
+-#
+-# $Id$
+-#
+-
+-source runenv.exp
+-
+-set kill /bin/kill
+-set sleep /bin/sleep
+-set kinit $KINIT
+-set kdestroy $KDESTROY
+-
+-set hostname [exec hostname]
+-
+-# Hack around Solaris 9 kernel race condition that causes last output
+-# from a pty to get dropped.
+-if { $PRIOCNTL_HACK } {
+- catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
+- rename spawn oldspawn
+- proc spawn { args } {
+- upvar 1 spawn_id spawn_id
+- set newargs {}
+- set inflags 1
+- set eatnext 0
+- foreach arg $args {
+- if { $arg == "-ignore" \
+- || $arg == "-open" \
+- || $arg == "-leaveopen" } {
+- lappend newargs $arg
+- set eatnext 1
+- continue
+- }
+- if [string match "-*" $arg] {
+- lappend newargs $arg
+- continue
+- }
+- if { $eatnext } {
+- set eatnext 0
+- lappend newargs $arg
+- continue
+- }
+- if { $inflags } {
+- set inflags 0
+- set newargs [concat $newargs {priocntl -e -c FX -p 0}]
+- }
+- lappend newargs $arg
+- }
+- set pid [eval oldspawn $newargs]
+- return $pid
+- }
+-}
+-
+-if { [string length $VALGRIND] } {
+- rename spawn valgrind_aux_spawn
+- proc spawn { args } {
+- global VALGRIND
+- upvar 1 spawn_id spawn_id
+- set newargs {}
+- set inflags 1
+- set eatnext 0
+- foreach arg $args {
+- if { $arg == "-ignore" \
+- || $arg == "-open" \
+- || $arg == "-leaveopen" } {
+- lappend newargs $arg
+- set eatnext 1
+- continue
+- }
+- if [string match "-*" $arg] {
+- lappend newargs $arg
+- continue
+- }
+- if { $eatnext } {
+- set eatnext 0
+- lappend newargs $arg
+- continue
+- }
+- if { $inflags } {
+- set inflags 0
+- # Only run valgrind for local programs, not
+- # system ones.
+-#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
+- if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
+- set newargs [concat $newargs $VALGRIND]
+- } elseif [string match "." [string index $arg 0]] {
+- set newargs [concat $newargs $VALGRIND]
+- }
+- }
+- lappend newargs $arg
+- }
+- set pid [eval valgrind_aux_spawn $newargs]
+- return $pid
+- }
+-}
+-
+-# this will initialize the database and keytab
+-load_lib "helpers.exp"
+-
+-proc rpc_test_version {} {
+- global CLIENT
+- global SERVER
+-
+- clone_output "$CLIENT version <unknown>"
+- clone_output "$SERVER version <unknown>"
+-}
+-
+-proc rpc_test_load {} {
+- #
+-}
+-
+-# rpc_test_exit -- clean up and exit
+-proc rpc_test_exit {} {
+- global server_id
+- global server_pid
+- global server_started
+- global kill
+-
+- if {[catch {
+- expect {
+- -i $server_id
+- eof {
+- fail "server exited!"
+- verbose $expect_out(buffer) 1
+- }
+- timeout { pass "server survived" }
+- }
+- } tmp]} {
+- fail "server exited! (expect failed)"
+- }
+-}
+-
+-#
+-# rpc_test_start -- start the rpc_test server running
+-#
+-proc rpc_test_start { } {
+- global SERVER PROT
+- global server_id
+- global server_pid
+- global server_started
+- global server_port
+- global env
+-
+- if [info exists server_pid] { rpc_test_exit }
+-
+- set env(KRB5_KTNAME) FILE:$env(RPC_TEST_KEYTAB)
+-
+- verbose "% $SERVER" 1
+- set server_pid [spawn $SERVER $PROT]
+- set server_id $spawn_id
+- set server_started 1
+- set server_port -1
+-
+- unset env(KRB5_KTNAME)
+-
+- set timeout 30
+-
+- expect {
+- -re "port: (\[0-9\]*)\r\n" {
+- set server_port $expect_out(1,string)
+- }
+- "running" { }
+- eof {
+- send_error "server exited!"
+- verbose $expect_out(buffer) 1
+- }
+- timeout {
+- send_error "server didn't start in $timeout seconds"
+- verbose $expect_out(buffer) 1
+- }
+- }
+-
+-}
+-
+-set MULTIPASS {
+- {tcp PROT=-t dummy=[rpc_test_start]}
+- {udp PROT=-u dummy=[rpc_test_start]}
+-}
+diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp
+deleted file mode 100644
+index eb2797c53..000000000
+--- a/src/lib/rpc/unit-test/lib/helpers.exp
++++ /dev/null
+@@ -1,234 +0,0 @@
+-if {[info commands exp_version] != {}} {
+- set exp_version_4 [regexp {^4} [exp_version]]
+-} else {
+- set exp_version_4 [regexp {^4} [expect_version]]
+-}
+-
+-# Backward compatibility until we're using expect 5 everywhere
+-if {$exp_version_4} {
+- global wait_error_index wait_errno_index wait_status_index
+- set wait_error_index 0
+- set wait_errno_index 1
+- set wait_status_index 1
+-} else {
+- set wait_error_index 2
+- set wait_errno_index 3
+- set wait_status_index 3
+-}
+-
+-proc set_from_env {varname default_value} {
+- global env
+- upvar $varname v
+-
+- if [info exists env($varname)] {
+- set v $env($varname)
+- } else {
+- set v $default_value
+- }
+-}
+-proc expect_tcl_prompt {} {
+- global kadmin_tcl_spawn_id
+- expect {
+- -i $kadmin_tcl_spawn_id
+- -re "^% $" { }
+- -re . { perror "unexpected output {$expect_out(buffer)} from subprocess, expecting tcl prompt" }
+- timeout { perror "timeout waiting for tcl prompt" }
+- eof { perror "eof from subprocess when expecting tcl prompt" }
+- }
+-}
+-proc send_tcl_cmd_await_echo {cmd} {
+- global kadmin_tcl_spawn_id
+- send -i $kadmin_tcl_spawn_id "$cmd\n"
+- expect {
+- -i $kadmin_tcl_spawn_id
+- -ex "$cmd\r\n" { }
+- timeout { perror "timeout waiting for tcl subprocess to echo input" }
+- eof { perror "eof waiting for tcl subprocess to echo input" }
+- }
+-}
+-proc expect_kadm_ok {} {
+- global kadmin_tcl_spawn_id
+- expect {
+- -i $kadmin_tcl_spawn_id
+- -re "^OK KADM5_OK \[^\n\]*\n" {}
+- -re "^ERROR \[^\n\]*\n" { perror "kadmin tcl subprocess reported unexpected error" }
+- -re "^marshall_new_creds: \[^\n\]*\n" { exp_continue }
+- -re "^gssapi_\[^\n\]*\n" { exp_continue }
+- -re "^\r?\n" { exp_continue }
+- eof { perror "kadmin tcl subprocess died" }
+- default { perror "didn't get ok back" }
+- }
+-}
+-proc setup_database {} {
+- global env spawn_id kadmin_tcl_spawn_id TESTDIR CANON_HOST
+-
+- # XXXXX
+- set_from_env TOP {/x/x/x/x/x}
+- send_user "TOP=$TOP\n"
+-
+- set_from_env TESTDIR $env(TOP)/testing
+- set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
+- set_from_env TCLUTIL $TESTDIR/tcl/util.t
+- set env(TCLUTIL) $TCLUTIL
+- set env(PATH) "$TOP/install/admin:$env(PATH)"
+-
+- # $VERBOSE ?
+-
+- if [info exists spawn_id] { set x $spawn_id }
+- spawn $CLNTTCL
+- set kadmin_tcl_spawn_id $spawn_id
+- if [info exists x] { set spawn_id $x }
+-
+- expect_tcl_prompt
+- # tcl 8.4 for some reason screws up autodetection of output EOL
+- # translation. Work around it for now.
+- send_tcl_cmd_await_echo "if { \[info commands fconfigure\] != \"\" } { fconfigure stdout -translation lf }"
+- expect_tcl_prompt
+- send_tcl_cmd_await_echo "source {$TCLUTIL}"
+- expect_tcl_prompt
+- send_tcl_cmd_await_echo "set h {$CANON_HOST}"
+- expect {
+- -ex "$CANON_HOST\r\n" { }
+- timeout { perror "timeout waiting for subprocess" }
+- eof { perror "eof from subprocess" }
+- }
+- expect_tcl_prompt
+-
+- send_tcl_cmd_await_echo {kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle}
+- expect_kadm_ok
+- expect "^% "
+- send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin}
+- expect_kadm_ok
+- expect "^% "
+- send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle server/$h key null}
+- expect_kadm_ok
+- expect "^% "
+- send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin}
+- expect_kadm_ok
+- expect "^% "
+- send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle notserver/$h key null}
+- expect_kadm_ok
+- expect "^% "
+- send_tcl_cmd_await_echo {kadm5_destroy $server_handle}
+- expect_kadm_ok
+- expect "^% "
+- wait -nowait -i $spawn_id
+- close -i $spawn_id
+-}
+-
+-if ![info exists CANON_HOST] {
+- set CANON_HOST $env(QUALNAME)
+- setup_database
+- file delete $env(RPC_TEST_KEYTAB)
+- exec $env(TOP)/cli/kadmin -p admin -w admin ktadd -k $env(RPC_TEST_KEYTAB) server/$CANON_HOST
+-}
+-
+-
+-proc kinit {princ pass lifetime} {
+- global kinit
+- global wait_error_index wait_errno_index wait_status_index
+-
+- spawn -noecho $kinit -5 -l $lifetime $princ
+- expect {
+- -re "Password for $princ.*: " { send "$pass\n"; expect eof }
+- timeout { perror "Timeout waiting for kinit"; close }
+- eof
+- }
+-
+- set ret [wait]
+- if {[lindex $ret $wait_error_index] == -1} {
+- perror \
+- "wait(kinit $princ) returned error [lindex $ret $wait_errno_index]"
+- } else {
+- if {[lindex $ret $wait_status_index] != 0} {
+- perror \
+- "kinit $princ failed with [lindex $ret $wait_status_index]"
+- }
+- }
+-}
+-
+-proc flush_server {} {
+- global server_id
+- global expect_out
+-
+- verbose "flushing server output" 1
+-
+- while {1} {
+- set timeout 5
+-
+- expect {
+- -i $server_id
+- -re "^.+$" {
+- verbose "server output: $expect_out(buffer)"
+- }
+- timeout { break }
+- }
+- }
+-}
+-
+-proc start_client {testname ccname user password lifetime count
+- {target ""}} {
+- global env CLIENT PROT hostname server_port spawn_id verbose
+-
+- if {$target == ""} {
+- set target "server@$hostname"
+- }
+-
+- set env(KRB5CCNAME) FILE:[pwd]/krb5cc_rpc_test_$ccname
+- kinit $user $password $lifetime
+-
+- if {$verbose > 0} {
+- spawn $CLIENT -a 1 -s 1 -m 1 $PROT $hostname $server_port $target $count
+- } else {
+- spawn $CLIENT $PROT $hostname $server_port $target $count
+- }
+-
+- verbose "$testname: client $ccname started"
+-
+- unset env(KRB5CCNAME)
+-}
+-
+-proc eof_client {testname ccname id status} {
+- verbose "$testname: eof'ing for client $ccname" 1
+-
+- expect {
+- -i $id
+- -re "^marshall_new_creds\[^\n\]*\n" { exp_continue }
+- -re "^gssapi_\[^\n\]*\n" { exp_continue }
+- -re "^\r?\n" { exp_continue }
+- eof { verbose $expect_out(buffer) 1 }
+- timeout {
+- fail "$testname: timeout waiting for client $ccname to exit"
+- }
+- }
+- wait_client $testname $ccname $id $status
+-}
+-
+-
+-proc wait_client {testname ccname id status} {
+- global env
+- global kill
+- global kdestroy
+- global wait_error_index wait_errno_index wait_status_index
+-
+- verbose "$testname: waiting for client $ccname" 1
+-
+- set ret [wait -i $id]
+- if {[lindex $ret $wait_error_index] == -1} {
+- fail \
+- "$testname: wait $ccname returned error [lindex $ret $wait_errno_index]"
+- } else {
+- if {[lindex $ret $wait_status_index] == $status} {
+- pass "$testname: client $ccname"
+- } else {
+- fail "$testname: client $ccname: unexpected return status [lindex $ret $wait_status_index], should be $status."
+- }
+- }
+-
+- set env(KRB5CCNAME) FILE:[pwd]/krb5cc_rpc_test_$ccname
+- if {[catch "exec $kdestroy -5"] != 0} {
+- perror "$testname: cannot destroy client $ccname ccache"
+- }
+-
+- unset env(KRB5CCNAME)
+-}
+diff --git a/src/lib/rpc/unit-test/rpc_test.0/expire.exp b/src/lib/rpc/unit-test/rpc_test.0/expire.exp
+deleted file mode 100644
+index e19cca0ef..000000000
+--- a/src/lib/rpc/unit-test/rpc_test.0/expire.exp
++++ /dev/null
+@@ -1,49 +0,0 @@
+-set timeout 40
+-
+-load_lib "helpers.exp"
+-
+-global server_started
+-
+-proc expired {} {
+- global spawn_id server_id
+-
+- start_client expired expired testuser notathena -1m 100
+- eof_client expired expired $spawn_id 2
+-
+- expect {
+- -i $server_id
+- -re "rpc_test server: Authen.*failed:.*credential.*expired" { pass "expired" }
+- timeout { fail "expired: timeout waiting for expired creds error" }
+- }
+-
+- flush_server
+-}
+-
+-# This test doesn't work after #6948, because the client won't try to
+-# authenticate using an expired TGT.
+-#if { $server_started } {expired }
+-
+-proc overlap {} {
+- global spawn_id
+-
+- start_client expire 1 testuser notathena 20m 100
+- set client1_id $spawn_id
+- flush_server
+-
+- start_client expire 2 testuser notathena 40m 300
+- set client2_id $spawn_id
+- flush_server
+-
+- start_client expire 3 testuser notathena 60m 500
+- set client3_id $spawn_id
+- flush_server
+-
+- eof_client expire 1 $client1_id 0
+- eof_client expire 2 $client2_id 0
+- eof_client expire 3 $client3_id 0
+-
+- flush_server
+-}
+-if { $server_started } {overlap}
+-
+-
+diff --git a/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp b/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
+deleted file mode 100644
+index 73083de1f..000000000
+--- a/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
++++ /dev/null
+@@ -1,91 +0,0 @@
+-set timeout 120
+-
+-load_lib "helpers.exp"
+-
+-global spawn_id
+-global server_id
+-global server_started
+-
+-if { !$server_started } {return}
+-
+-# Start the client and do a full run
+-start_client "full run" fullrun testuser notathena 8h 1026
+-set client_id $spawn_id
+-
+-#
+-# test: did we get 11 dots?
+-#
+-verbose "Starting RPC echo test. This will take about 50 seconds.\n"
+-
+-set ver_line "rpc_test server: bad verifier\[^\r\n\]*\[\r\n]+"
+-
+-set dots 0
+-set server_lines 0
+-while {1} {
+- expect {
+- -i $server_id
+- -re $ver_line {
+- verbose "Got line from server."
+- incr server_lines
+- }
+- default {
+- exp_continue
+- }
+-
+- -i $client_id
+- . {
+- incr dots
+- verbose "$expect_out(buffer)" 1
+- if ($dots==11) { break }
+- }
+- eof {
+- #
+- # test: was the exit status right?
+- #
+- wait_client "full run" fullrun $client_id 0
+- break
+- }
+-
+- timeout {
+- verbose "Timeout waiting for dot\n" 1
+- fail "full run: timeout waiting for dot"
+- break
+- }
+- }
+-}
+-if {$dots==11} {
+- pass "fullrun: echo test"
+-} else {
+- fail "fullrun: echo test: expected 11 dots, got $dots"
+-}
+-
+-#
+-# test: server logged four bad verifiers?
+-#
+-verbose "full run: checking server output"
+-
+-# Small timeout, since the server should have already printed everything
+-set timeout 5
+-
+-while {$server_lines < 4} {
+- expect {
+- -i $server_id
+- -re $ver_line {
+- incr server_lines
+- }
+- -re ".+\r\n" {
+- verbose "Unexpected server output: $expect_out(buffer)"
+- }
+- default {
+- break
+- }
+- }
+-}
+-
+-if {$server_lines == 4} {
+- pass "fullrun: bad verifiers"
+-} else {
+- fail "fullrun: expected four bad verifiers, got $server_lines"
+-}
+-
+-flush_server
+diff --git a/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp b/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
+deleted file mode 100644
+index 005971989..000000000
+--- a/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
++++ /dev/null
+@@ -1,30 +0,0 @@
+-set timeout 30
+-
+-load_lib "helpers.exp"
+-
+-global spawn_id
+-global server_id
+-global server_started
+-global hostname
+-
+-if { !$server_started } {return}
+-
+-start_client "gss err" gsserr testuser notathena 8h 1026 notserver@$hostname
+-
+-eof_client "gss err" gsserr $spawn_id 2
+-
+-#
+-# test: server logged an authentication attempted failed?
+-#
+-verbose "gss err: checking server output"
+-
+-expect {
+- -i $server_id
+- -re "rpc_test server: Authent.*failed: .* not found in keytab" {
+- pass "gss err: server logged auth error"
+- }
+- eof { fail "gss err: server exited" }
+- timeout { fail "gss err: timeout waiting for server output" }
+-}
+-
+-flush_server
+diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c
+index 13e99bb06..c3bbcbf8c 100644
+--- a/src/lib/rpc/unit-test/server.c
++++ b/src/lib/rpc/unit-test/server.c
+@@ -37,7 +37,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server,
+ caddr_t data);
+
+ #ifndef SERVICE_NAME
+-#define SERVICE_NAME "server"
++#define SERVICE_NAME "host"
+ #endif
+
+ static void usage()
+@@ -120,7 +120,6 @@ main(int argc, char **argv)
+ prot == IPPROTO_TCP ? "tcp" : "udp");
+ exit(1);
+ }
+- printf("port: %d\n", (int)transp->xp_port);
+
+ if (svcauth_gssapi_set_names(names, 0) == FALSE) {
+ fprintf(stderr, "unable to set gssapi names\n");
+@@ -144,6 +143,8 @@ main(int argc, char **argv)
+ signal(SIGTERM, handlesig);
+ #endif
+ printf("running\n");
++ printf("port: %d\n", (int)transp->xp_port);
++ fflush(stdout);
+
+ svc_run();
+ fprintf(stderr, "svc_run returned");
+@@ -177,6 +178,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server,
+ inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr),
+ ntohs(rqst->rq_xprt->xp_raddr.sin_port),
+ (int) server_name.length, (char *) server_name.value);
++ fflush(stdout);
+
+ (void) gss_release_buffer(&minor_stat, &client_name);
+ (void) gss_release_buffer(&minor_stat, &server_name);
+@@ -211,6 +213,7 @@ void rpc_test_badauth(OM_uint32 major, OM_uint32 minor,
+ printf("rpc_test server: Authentication attempt failed: %s", a);
+ log_badauth_display_status(major, minor);
+ printf("\n");
++ fflush(stdout);
+ }
+
+ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
+@@ -220,6 +223,7 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
+
+ a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
+ printf("Miscellaneous RPC error: %s, %s\n", a, error);
++ fflush(stdout);
+ }
+
+ void log_badauth_display_status(OM_uint32 major, OM_uint32 minor)
+@@ -243,10 +247,12 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec)
+ log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1);
+ log_badauth_display_status_1(minor_stat,
+ GSS_C_MECH_CODE, 1);
+- } else
++ } else {
+ printf("GSS-API authentication error %.*s: "
+ "recursive failure!\n", (int) msg.length,
+ (char *)msg.value);
++ }
++ fflush(stdout);
+ return;
+ }
+
+@@ -256,4 +262,5 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec)
+ if (!msg_ctx)
+ break;
+ }
++ fflush(stdout);
+ }
+diff --git a/src/lib/rpc/unit-test/t_rpc.py b/src/lib/rpc/unit-test/t_rpc.py
+new file mode 100644
+index 000000000..4e565d25c
+--- /dev/null
++++ b/src/lib/rpc/unit-test/t_rpc.py
+@@ -0,0 +1,29 @@
++import re
++
++from k5test import *
++
++realm = K5Realm()
++
++server = realm.start_server(['./server', '-t'], 'running')
++line = server.stdout.readline()
++portstr = re.match(r'^port: (\d+)$', line).group(1)
++
++realm.run(['./client', '-t', hostname, portstr, 'host@' + hostname, '1026'],
++ expected_msg='...........')
++
++for i in range(4):
++ line = server.stdout.readline()
++ if 'rpc_test server: bad verifier from user(a)KRBTEST.COM at ' not in line:
++ fail('unexpected server message: ' + line)
++ output(line)
++
++realm.addprinc('nokey/' + hostname)
++
++realm.run(['./client', '-t', hostname, portstr, 'nokey@' + hostname, '1026'],
++ expected_code=2)
++
++line = server.stdout.readline()
++if 'rpc_test server: Authentication attempt failed: ' not in line:
++ fail('unexpected server message: ' + line)
++
++success('gssrpc auth_gssapi tests')
diff --git a/krb5.spec b/krb5.spec
index 264ff0f..3c2201e 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 4%{?dist}
+Release: 5%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -60,8 +60,9 @@ Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
Patch20: Pass-channel-bindings-through-SPNEGO.patch
-Patch21: Default-dns_canonicalize_hostname-to-fallback.patch
-Patch22: Remove-resolver-test-utility.patch
+Patch21: Replace-gssrpc-tests-with-a-Python-script.patch
+Patch22: Default-dns_canonicalize_hostname-to-fallback.patch
+Patch23: Remove-resolver-test-utility.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -634,6 +635,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Sat May 30 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-5
+- Replace gssrpc tests with a Python script
+
* Sat May 30 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-4
- Default dns_canonicalize_hostname to "fallback"
commit 883355750aaa600491502d2d3659303ed7cbb3ac
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Sat May 30 12:01:58 2020 -0400
Default dns_canonicalize_hostname to "fallback"
diff --git a/Default-dns_canonicalize_hostname-to-fallback.patch b/Default-dns_canonicalize_hostname-to-fallback.patch
new file mode 100644
index 0000000..2e34e13
--- /dev/null
+++ b/Default-dns_canonicalize_hostname-to-fallback.patch
@@ -0,0 +1,371 @@
+From 1e72ba5c1b74d5b78f84c5884d06e979830aeb53 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Wed, 27 May 2020 18:48:35 -0400
+Subject: [PATCH] Default dns_canonicalize_hostname to "fallback"
+
+This change should mitigate some of the pain caused by the rdns=true
+default (generally associated with unwanted PTR records that cannot
+easily be changed), with a minimum of fallout.
+
+Update the documentation and tests accordingly. In test environments,
+disable qualify_shortname and use the uncanonicalized system hostname
+(lowercased) to match the initial sn2princ result.
+
+ticket: 8911 (new)
+---
+ doc/admin/appl_servers.rst | 14 +++---
+ doc/admin/conf_files/krb5_conf.rst | 9 ++--
+ doc/admin/princ_dns.rst | 44 +++++++++++--------
+ src/kadmin/testing/proto/krb5.conf.proto | 8 ++--
+ src/kadmin/testing/scripts/env-setup.shin | 4 +-
+ src/kadmin/testing/scripts/init_db | 3 +-
+ src/kadmin/testing/scripts/start_servers | 3 +-
+ .../testing/scripts/start_servers_local | 2 +-
+ .../kadm5/unit-test/api.current/init-v2.exp | 6 +--
+ src/lib/krb5/krb/init_ctx.c | 2 +-
+ src/tests/dejagnu/config/default.exp | 5 +--
+ src/tests/t_sn2princ.py | 5 ++-
+ src/util/k5test.py | 25 +++--------
+ 13 files changed, 58 insertions(+), 72 deletions(-)
+
+diff --git a/doc/admin/appl_servers.rst b/doc/admin/appl_servers.rst
+index 5232db9af..afdf30297 100644
+--- a/doc/admin/appl_servers.rst
++++ b/doc/admin/appl_servers.rst
+@@ -115,14 +115,12 @@ Getting DNS information correct
+ -------------------------------
+
+ Several aspects of Kerberos rely on name service. When a hostname is
+-used to name a service, the Kerberos library canonicalizes the
+-hostname using forward and reverse name resolution. (The reverse name
+-resolution step can be turned off using the **rdns** variable in
+-:ref:`libdefaults`.) The result of this canonicalization must match
+-the principal entry in the host's keytab, or authentication will fail.
+-
+-Each host's canonical name must be the fully-qualified host name
+-(including the domain), and each host's IP address must
++used to name a service, clients may canonicalize the hostname using
++forward and possibly reverse name resolution. The result of this
++canonicalization must match the principal entry in the host's keytab,
++or authentication will fail. To work with all client canonicalization
++configurations, each host's canonical name must be the fully-qualified
++host name (including the domain), and each host's IP address must
+ reverse-resolve to the canonical name.
+
+ Configuration of hostnames varies by operating system. On the
+diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
+index 1d2aa7f68..a7e7a29d1 100644
+--- a/doc/admin/conf_files/krb5_conf.rst
++++ b/doc/admin/conf_files/krb5_conf.rst
+@@ -188,11 +188,10 @@ The libdefaults section may contain any of the following relations:
+ hostnames for use in service principal names. Setting this flag
+ to false can improve security by reducing reliance on DNS, but
+ means that short hostnames will not be canonicalized to
+- fully-qualified hostnames. The default value is true.
+-
+- If this option is set to ``fallback`` (new in release 1.18), DNS
+- canonicalization will only be performed the server hostname is not
+- found with the original name when requesting credentials.
++ fully-qualified hostnames. If this option is set to ``fallback`` (new
++ in release 1.18), DNS canonicalization will only be performed the
++ server hostname is not found with the original name when
++ requesting credentials. The default value is ``fallback``.
+
+ **dns_lookup_kdc**
+ Indicate whether DNS SRV records should be used to locate the KDCs
+diff --git a/doc/admin/princ_dns.rst b/doc/admin/princ_dns.rst
+index e1d823f27..32a269afc 100644
+--- a/doc/admin/princ_dns.rst
++++ b/doc/admin/princ_dns.rst
+@@ -31,27 +31,35 @@ based on rotating ``CNAME`` records in DNS.
+ Service principal canonicalization
+ ----------------------------------
+
+-MIT Kerberos clients currently always do forward resolution (looking
+-up the IPv4 and possibly IPv6 addresses using ``getaddrinfo()``) of
+-the hostname part of a host-based service principal to canonicalize
+-the hostname. They obtain the "canonical" name of the host when doing
+-so. By default, MIT Kerberos clients will also then do reverse DNS
+-resolution (looking up the hostname associated with the IPv4 or IPv6
+-address using ``getnameinfo()``) of the hostname. Using the
+-:ref:`krb5.conf(5)` setting::
++In the MIT krb5 client library, canonicalization of host-based service
++principals is controlled by the **dns_canonicalize_hostname**,
++**rnds**, and **qualify_shortname** variables in :ref:`libdefaults`.
+
+- [libdefaults]
+- rdns = false
++If **dns_canonicalize_hostname** is set to ``true`` (the default value
++before release 1.19), the client performs forward resolution by
++looking up the IPv4 and/or IPv6 addresses of the hostname using
++``getaddrinfo()``. This process will typically add a domain suffix to
++the hostname if needed, and follow CNAME records in the DNS. If
++**rdns** is also set to ``true`` (the default), the client will then
++perform a reverse lookup of the first returned Internet address using
++``getnameinfo()``, finding the name associated with the PTR record.
+
+-will disable reverse DNS lookup on clients. The default setting is
+-"true".
++If **dns_canonicalize_hostname** is set to ``false``, the hostname is
++not canonicalized using DNS. If the hostname has only one component
++(i.e. it contains no "." characters), the host's primary DNS search
++domain will be appended, if there is one. The **qualify_shortname**
++variable can be used to override or disable this suffix.
++
++If **dns_canonicalize_hostname** is set to ``fallback`` (the default
++value in release 1.19 and later), the hostname is initially treated
++according to the rules for ``dns_canonicalize_hostname=false``. If a
++ticket request fails because the service principal is unknown, it the
++hostname will be canonicalized according to the rules for
++``dns_canonicalize_hostname=true`` and the request will be retried.
++
++In all cases, the hostname is converted to lowercase, and any trailing
++dot is removed.
+
+-Operating system bugs may prevent a setting of ``rdns = false`` from
+-disabling reverse DNS lookup. Some versions of GNU libc have a bug in
+-``getaddrinfo()`` that cause them to look up ``PTR`` records even when
+-not required. MIT Kerberos releases krb5-1.10.2 and newer have a
+-workaround for this problem, as does the krb5-1.9.x series as of
+-release krb5-1.9.4.
+
+
+ Reverse DNS mismatches
+diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
+index e710852d4..c0af716a5 100644
+--- a/src/kadmin/testing/proto/krb5.conf.proto
++++ b/src/kadmin/testing/proto/krb5.conf.proto
+@@ -2,19 +2,19 @@
+ default_realm = __REALM__
+ default_keytab_name = FILE:__K5ROOT__/keytab
+ dns_fallback = no
++ qualify_shortname = ""
+ plugin_base_dir = __PLUGIN_DIR__
+ allow_weak_crypto = true
+
+ [realms]
+ __REALM__ = {
+- kdc = __KDCHOST__:1750
+- admin_server = __KDCHOST__:1751
++ kdc = __HOSTNAME__:1750
++ admin_server = __HOSTNAME__:1751
+ database_module = foobar_db2_module_blah
+ }
+
+ [domain_realm]
+- __LOCALHOST__ = __REALM__
+- __KDCHOST__ = __REALM__
++ __HOSTNAME__ = __REALM__
+
+ [logging]
+ admin_server = FILE:__K5ROOT__/syslog
+diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin
+index 969c5340c..88f8ad1aa 100755
+--- a/src/kadmin/testing/scripts/env-setup.shin
++++ b/src/kadmin/testing/scripts/env-setup.shin
+@@ -71,8 +71,8 @@ BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
+ CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL
+ SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
+
+-QUALNAME=`$BUILDTOP/tests/resolve/resolve -q | tr '[A-Z]' '[a-z]'`
+-export QUALNAME
++HOSTNAME=`hostname | tr '[A-Z]' '[a-z]'`
++export HOSTNAME
+
+ KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
+ KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
+diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db
+index e65826c96..216f62793 100755
+--- a/src/kadmin/testing/scripts/init_db
++++ b/src/kadmin/testing/scripts/init_db
+@@ -79,8 +79,7 @@ fi
+ # done
+
+ sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
+- -e "s/__KDCHOST__/$QUALNAME/g" \
+- -e "s/__LOCALHOST__/$QUALNAME/g" \
++ -e "s/__HOSTNAME__/$HOSTNAME/g" \
+ -e "s#__MODDIR__#$MODDIR#g" \
+ < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
+ sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
+diff --git a/src/kadmin/testing/scripts/start_servers b/src/kadmin/testing/scripts/start_servers
+index f23df0682..05519e4ee 100755
+--- a/src/kadmin/testing/scripts/start_servers
++++ b/src/kadmin/testing/scripts/start_servers
+@@ -36,8 +36,7 @@ if [ $local = 0 ]; then
+
+ # Fix up the local krb5.conf to point to the remote
+ sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
+- -e "s/__KDCHOST__/$hostname/g" \
+- -e "s/__LOCALHOST__/$QUALNAME/g" \
++ -e "s/__HOSTNAME__/$HOSTNAME/g" \
+ -e "s#__MODDIR__#$TOP/../plugins/kdb#g"\
+ -e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\
+ < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
+diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local
+index 998ef9164..858e88031 100755
+--- a/src/kadmin/testing/scripts/start_servers_local
++++ b/src/kadmin/testing/scripts/start_servers_local
+@@ -79,7 +79,7 @@ cat - > /tmp/start_servers_local$$ <<\EOF
+ if { [catch {
+ source $env(STOP)/testing/tcl/util.t
+ set r $env(REALM)
+- set q $env(QUALNAME)
++ set q $env(HOSTNAME)
+ puts stdout [kadm5_init $env(SRVTCL) mrroot null \
+ [config_params {KADM5_CONFIG_REALM} $r] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle]
+diff --git a/src/lib/kadm5/unit-test/api.current/init-v2.exp b/src/lib/kadm5/unit-test/api.current/init-v2.exp
+index 7a353d4e9..47764c212 100644
+--- a/src/lib/kadm5/unit-test/api.current/init-v2.exp
++++ b/src/lib/kadm5/unit-test/api.current/init-v2.exp
+@@ -3,18 +3,14 @@ load_lib lib.t
+ api_exit
+ api_start
+
+-if ![info exists RESOLVE] {
+- set RESOLVE [findfile $objdir/../../../tests/resolve/resolve]
+-}
+ proc get_hostname { } {
+- global RESOLVE
+ global hostname
+
+ if {[info exists hostname]} {
+ return 1
+ }
+
+- catch "exec $RESOLVE -q >myname" exec_output
++ catch "exec hostname >myname" exec_output
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose $exec_output
+diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
+index 9a4741fa6..0b8ae6714 100644
+--- a/src/lib/krb5/krb/init_ctx.c
++++ b/src/lib/krb5/krb/init_ctx.c
+@@ -237,7 +237,7 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags,
+ ctx->enforce_ok_as_delegate = tmp;
+
+ retval = get_tristate(ctx, KRB5_CONF_DNS_CANONICALIZE_HOSTNAME, "fallback",
+- CANONHOST_FALLBACK, 1, &tmp);
++ CANONHOST_FALLBACK, CANONHOST_FALLBACK, &tmp);
+ if (retval)
+ goto cleanup;
+ ctx->dns_canonicalize_hostname = tmp;
+diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
+index 4d8c917cd..1e7777f1e 100644
+--- a/src/tests/dejagnu/config/default.exp
++++ b/src/tests/dejagnu/config/default.exp
+@@ -268,7 +268,6 @@ foreach i {
+ {KTUTIL $objdir/../../kadmin/ktutil/ktutil}
+ {KLIST $objdir/../../clients/klist/klist}
+ {KDESTROY $objdir/../../clients/kdestroy/kdestroy}
+- {RESOLVE $objdir/../resolve/resolve}
+ {T_INETD $objdir/t_inetd}
+ {KPROPLOG $objdir/../../kprop/kproplog}
+ {KPASSWD $objdir/../../clients/kpasswd/kpasswd}
+@@ -462,7 +461,6 @@ proc setup_runtime_env { } {
+ # 0 on failure.
+
+ proc get_hostname { } {
+- global RESOLVE
+ global hostname
+ global tmppwd
+
+@@ -472,7 +470,7 @@ proc get_hostname { } {
+
+ envstack_push
+ setup_runtime_env
+- catch "exec $RESOLVE -q >$tmppwd/hostname" exec_output
++ catch "exec hostname >$tmppwd/hostname" exec_output
+ envstack_pop
+ if ![string match "" $exec_output] {
+ verbose -log $exec_output
+@@ -710,6 +708,7 @@ proc setup_krb5_conf { {type client} } {
+ puts $conffile "\[libdefaults\]"
+ puts $conffile " default_realm = $REALMNAME"
+ puts $conffile " dns_lookup_kdc = false"
++ puts $conffile " qualify_shortname = \"\""
+ if [info exists allow_weak_crypto($type)] {
+ puts $conffile " allow_weak_crypto = $allow_weak_crypto($type)"
+ } else {
+diff --git a/src/tests/t_sn2princ.py b/src/tests/t_sn2princ.py
+index 26dcb91c2..f3e187286 100755
+--- a/src/tests/t_sn2princ.py
++++ b/src/tests/t_sn2princ.py
+@@ -2,7 +2,8 @@ from k5test import *
+
+ offline = (len(args) > 0 and args[0] != "no")
+
+-conf = {'domain_realm': {'kerberos.org': 'R1',
++conf = {'libdefaults': {'dns_canonicalize_hostname': 'true'},
++ 'domain_realm': {'kerberos.org': 'R1',
+ 'example.com': 'R2',
+ 'mit.edu': 'R3'}}
+ no_rdns_conf = {'libdefaults': {'rdns': 'false'}}
+@@ -28,7 +29,7 @@ def testbase(host, nametype, princhost, princrealm, env=None):
+ fail('Expected %s, got %s' % (expected, out))
+
+ def test(host, princhost, princrealm):
+- # Test with the host-based name type in the default environment.
++ # Test with the host-based name type with canonicalization enabled.
+ testbase(host, 'srv-hst', princhost, princrealm)
+
+ def testnc(host, princhost, princrealm):
+diff --git a/src/util/k5test.py b/src/util/k5test.py
+index eea92275d..5196cfa43 100644
+--- a/src/util/k5test.py
++++ b/src/util/k5test.py
+@@ -193,7 +193,10 @@ Scripts may use the following functions and variables:
+
+ * plugins: The plugin directory in the build tree (absolute path).
+
+-* hostname: This machine's fully-qualified domain name.
++* hostname: The local hostname as it will initially appear in
++ krb5_sname_to_principal() results. (Shortname qualification is
++ turned off in the test environment to make this value easy to
++ discover from Python.)
+
+ * null_input: A file opened to read /dev/null.
+
+@@ -525,23 +528,6 @@ def _find_srctop():
+ return os.path.abspath(root)
+
+
+-# Return the local hostname as it will be canonicalized by
+-# krb5_sname_to_principal. We can't simply use socket.getfqdn()
+-# because it explicitly prefers results containing periods and
+-# krb5_sname_to_principal doesn't care.
+-def _get_hostname():
+- hostname = socket.gethostname()
+- try:
+- ai = socket.getaddrinfo(hostname, None, 0, 0, 0, socket.AI_CANONNAME)
+- except socket.gaierror as e:
+- fail('Local hostname "%s" does not resolve: %s.' % (hostname, e[1]))
+- (family, socktype, proto, canonname, sockaddr) = ai[0]
+- try:
+- name = socket.getnameinfo(sockaddr, socket.NI_NAMEREQD)
+- except socket.gaierror:
+- return canonname.lower()
+- return name[0].lower()
+-
+ # Parse command line arguments, setting global option variables. Also
+ # sets the global variable args to the positional arguments, which may
+ # be used by the test script.
+@@ -1263,6 +1249,7 @@ _default_krb5_conf = {
+ 'libdefaults': {
+ 'default_realm': '$realm',
+ 'dns_lookup_kdc': 'false',
++ 'qualify_shortname': '',
+ 'plugin_base_dir': '$plugins'},
+ 'realms': {'$realm': {
+ 'kdc': '$hostname:$port0',
+@@ -1356,7 +1343,7 @@ buildtop = _find_buildtop()
+ srctop = _find_srctop()
+ plugins = os.path.join(buildtop, 'plugins')
+ runenv = _import_runenv()
+-hostname = _get_hostname()
++hostname = socket.gethostname().lower()
+ null_input = open(os.devnull, 'r')
+
+ # A DB pass is a tuple of: name, kdc_conf.
diff --git a/Remove-resolver-test-utility.patch b/Remove-resolver-test-utility.patch
new file mode 100644
index 0000000..444f99a
--- /dev/null
+++ b/Remove-resolver-test-utility.patch
@@ -0,0 +1,547 @@
+From 621cf6c98d74b025a0ca190cd279756596709ef9 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Thu, 28 May 2020 18:41:02 -0400
+Subject: [PATCH] Remove resolver test utility
+
+tests/resolve is no longer used after the previous commit.
+
+[rharwood(a)redhat.com: .gitignore]
+---
+ src/configure.ac | 5 +-
+ src/tests/Makefile.in | 4 +-
+ src/tests/resolve/Makefile.in | 28 ---
+ src/tests/resolve/addrinfo-test.c | 306 -------------------------
+ src/tests/resolve/deps | 14 --
+ src/tests/resolve/fake-addrinfo-test.c | 3 -
+ src/tests/resolve/resolve.c | 115 ----------
+ 7 files changed, 4 insertions(+), 471 deletions(-)
+ delete mode 100644 src/tests/resolve/Makefile.in
+ delete mode 100644 src/tests/resolve/addrinfo-test.c
+ delete mode 100644 src/tests/resolve/deps
+ delete mode 100644 src/tests/resolve/fake-addrinfo-test.c
+ delete mode 100644 src/tests/resolve/resolve.c
+
+diff --git a/src/configure.ac b/src/configure.ac
+index 29be532cb..2a756d6b5 100644
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -1542,7 +1542,6 @@ V5_AC_OUTPUT_MAKEFILE(.
+ appl/simple appl/simple/client appl/simple/server
+ appl/gss-sample appl/user_user
+
+- tests tests/resolve tests/asn.1 tests/create tests/hammer
+- tests/verify tests/gssapi tests/dejagnu tests/threads tests/shlib
+- tests/gss-threads tests/misc
++ tests tests/asn.1 tests/create tests/hammer tests/verify tests/gssapi
++ tests/dejagnu tests/threads tests/shlib tests/gss-threads tests/misc
+ )
+diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
+index 3f88f1713..6b7749129 100644
+--- a/src/tests/Makefile.in
++++ b/src/tests/Makefile.in
+@@ -1,7 +1,7 @@
+ mydir=tests
+ BUILDTOP=$(REL)..
+-SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
+- gss-threads misc threads softpkcs11
++SUBDIRS = asn.1 create hammer verify gssapi dejagnu shlib gss-threads misc \
++ threads softpkcs11
+
+ RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
+ GSS_MECH_CONFIG=mech.conf LC_ALL=C $(VALGRIND)
+diff --git a/src/tests/resolve/Makefile.in b/src/tests/resolve/Makefile.in
+deleted file mode 100644
+index 1f5954089..000000000
+--- a/src/tests/resolve/Makefile.in
++++ /dev/null
+@@ -1,28 +0,0 @@
+-mydir=tests$(S)resolve
+-BUILDTOP=$(REL)..$(S)..
+-
+-OBJS=resolve.o addrinfo-test.o fake-addrinfo-test.o
+-SRCS=$(srcdir)/resolve.c $(srcdir)/addrinfo-test.c \
+- $(srcdir)/fake-addrinfo-test.c
+-
+-all: resolve addrinfo-test fake-addrinfo-test
+-
+-resolve: resolve.o
+- $(CC_LINK) -o $@ resolve.o $(SUPPORT_LIB) $(LIBS)
+-
+-addrinfo-test: addrinfo-test.o
+- $(CC_LINK) -o $@ addrinfo-test.o $(SUPPORT_LIB) $(LIBS)
+-
+-fake-addrinfo-test: fake-addrinfo-test.o
+- $(CC_LINK) -o $@ fake-addrinfo-test.o $(SUPPORT_LIB) $(LIBS)
+-
+-check: resolve addrinfo-test fake-addrinfo-test
+- $(RUN_TEST) ./resolve
+- $(RUN_TEST) ./addrinfo-test -p telnet
+- $(RUN_TEST) ./fake-addrinfo-test -p telnet
+-
+-install:
+-
+-clean:
+- $(RM) resolve addrinfo-test fake-addrinfo-test
+-
+diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c
+deleted file mode 100644
+index e77640b62..000000000
+--- a/src/tests/resolve/addrinfo-test.c
++++ /dev/null
+@@ -1,306 +0,0 @@
+-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+-/* tests/resolve/addrinfo-test.c */
+-/*
+- * Copyright 2004 by the Massachusetts Institute of Technology.
+- * All Rights Reserved.
+- *
+- * Export of this software from the United States of America may
+- * require a specific license from the United States Government.
+- * It is the responsibility of any person or organization contemplating
+- * export to obtain such a license before exporting.
+- *
+- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+- * distribute this software and its documentation for any purpose and
+- * without fee is hereby granted, provided that the above copyright
+- * notice appear in all copies and that both that copyright notice and
+- * this permission notice appear in supporting documentation, and that
+- * the name of M.I.T. not be used in advertising or publicity pertaining
+- * to distribution of the software without specific, written prior
+- * permission. Furthermore if you modify this software you must label
+- * your software as modified software and not distribute it in such a
+- * fashion that it might be confused with the original M.I.T. software.
+- * M.I.T. makes no representations about the suitability of
+- * this software for any purpose. It is provided "as is" without express
+- * or implied warranty.
+- */
+-
+-/*
+- * A simple program to test the functionality of the getaddrinfo function.
+- *
+- * Usage:
+- * addrinfo-test [-t|-u|-R|-I] [-d|-s|-r] [-p port] [-P] [hostname]
+- *
+- * When invoked with no arguments, NULL is used for the node name,
+- * which (at least with a non-null "port") means a socket address
+- * is desired that can be used with connect() or bind() (depending
+- * on whether "-P" is given).
+- */
+-
+-#include <k5-platform.h>
+-#include <sys/types.h>
+-#include <sys/socket.h>
+-#include <netdb.h>
+-#include <netinet/in.h> /* needed for IPPROTO_* on NetBSD */
+-#ifdef USE_FAKE_ADDRINFO
+-#include "fake-addrinfo.h"
+-#endif
+-
+-static const char *protoname (int p) {
+- static char buf[30];
+-
+-#define X(N) if (p == IPPROTO_ ## N) return #N
+-
+- X(TCP);
+- X(UDP);
+- X(ICMP);
+-#ifdef IPPROTO_IPV6
+- X(IPV6);
+-#endif
+-#ifdef IPPROTO_GRE
+- X(GRE);
+-#endif
+-#ifdef IPPROTO_NONE
+- X(NONE);
+-#endif
+- X(RAW);
+-#ifdef IPPROTO_COMP
+- X(COMP);
+-#endif
+-
+- snprintf(buf, sizeof(buf), " %-2d", p);
+- return buf;
+-}
+-
+-static const char *socktypename (int t) {
+- static char buf[30];
+- switch (t) {
+- case SOCK_DGRAM: return "DGRAM";
+- case SOCK_STREAM: return "STREAM";
+- case SOCK_RAW: return "RAW";
+- case SOCK_RDM: return "RDM";
+- case SOCK_SEQPACKET: return "SEQPACKET";
+- }
+- snprintf(buf, sizeof(buf), " %-2d", t);
+- return buf;
+-}
+-
+-static char *whoami;
+-
+-static void usage () {
+- fprintf(stderr,
+- "usage:\n"
+- "\t%s [ options ] [host]\n"
+- "options:\n"
+- "\t-t\tspecify protocol IPPROTO_TCP\n"
+- "\t-u\tspecify protocol IPPROTO_UDP\n"
+- "\t-R\tspecify protocol IPPROTO_RAW\n"
+- "\t-I\tspecify protocol IPPROTO_ICMP\n"
+- "\n"
+- "\t-d\tspecify socket type SOCK_DGRAM\n"
+- "\t-s\tspecify socket type SOCK_STREAM\n"
+- "\t-r\tspecify socket type SOCK_RAW\n"
+- "\n"
+- "\t-4\tspecify address family AF_INET\n"
+-#ifdef AF_INET6
+- "\t-6\tspecify address family AF_INET6\n"
+-#endif
+- "\n"
+- "\t-p P\tspecify port P (service name or port number)\n"
+- "\t-N\thostname is numeric, skip DNS query\n"
+- "\t-n\tservice/port is numeric (sets AI_NUMERICSERV)\n"
+- "\t-P\tset AI_PASSIVE\n"
+- "\n"
+- "default: protocol 0, socket type 0, address family 0, null port\n"
+- ,
+- whoami);
+- /* [ -t | -u | -R | -I ] [ -d | -s | -r ] [ -p port ] */
+- exit (1);
+-}
+-
+-static const char *familyname (int f) {
+- static char buf[30];
+- switch (f) {
+- default:
+- snprintf(buf, sizeof(buf), "AF %d", f);
+- return buf;
+- case AF_INET: return "AF_INET";
+-#ifdef AF_INET6
+- case AF_INET6: return "AF_INET6";
+-#endif
+- }
+-}
+-
+-#define eaistr(X) (X == EAI_SYSTEM ? strerror(errno) : gai_strerror(X))
+-
+-int main (int argc, char *argv[])
+-{
+- struct addrinfo *ap, *ap2;
+- int err, numerichost = 0, numericserv = 0;
+- char *hname, *port = 0, *sep;
+- struct addrinfo hints;
+-
+- whoami = strrchr(argv[0], '/');
+- if (whoami == 0)
+- whoami = argv[0];
+- else
+- whoami = whoami+1;
+-
+- memset(&hints, 0, sizeof(hints));
+- hints.ai_flags = 0;
+- hints.ai_socktype = 0;
+-
+- hname = 0;
+- hints.ai_family = 0;
+-
+- if (argc == 1)
+- usage ();
+-
+- while (++argv, --argc > 0) {
+- char *arg;
+- arg = *argv;
+-
+- if (*arg != '-')
+- hname = arg;
+- else if (arg[1] == 0 || arg[2] != 0)
+- usage ();
+- else
+- switch (arg[1]) {
+- case 'u':
+- hints.ai_protocol = IPPROTO_UDP;
+- break;
+- case 't':
+- hints.ai_protocol = IPPROTO_TCP;
+- break;
+- case 'R':
+- hints.ai_protocol = IPPROTO_RAW;
+- break;
+- case 'I':
+- hints.ai_protocol = IPPROTO_ICMP;
+- break;
+- case 'd':
+- hints.ai_socktype = SOCK_DGRAM;
+- break;
+- case 's':
+- hints.ai_socktype = SOCK_STREAM;
+- break;
+- case 'r':
+- hints.ai_socktype = SOCK_RAW;
+- break;
+- case 'p':
+- if (argv[1] == 0 || argv[1][0] == 0 || argv[1][0] == '-')
+- usage ();
+- port = argv[1];
+- argc--, argv++;
+- break;
+- case '4':
+- hints.ai_family = AF_INET;
+- break;
+-#ifdef AF_INET6
+- case '6':
+- hints.ai_family = AF_INET6;
+- break;
+-#endif
+- case 'N':
+- numerichost = 1;
+- break;
+- case 'n':
+- numericserv = 1;
+- break;
+- case 'P':
+- hints.ai_flags |= AI_PASSIVE;
+- break;
+- default:
+- usage ();
+- }
+- }
+-
+- if (hname && !numerichost)
+- hints.ai_flags |= AI_CANONNAME;
+- if (numerichost) {
+-#ifdef AI_NUMERICHOST
+- hints.ai_flags |= AI_NUMERICHOST;
+-#else
+- fprintf(stderr, "AI_NUMERICHOST not defined on this platform\n");
+- exit(1);
+-#endif
+- }
+- if (numericserv) {
+-#ifdef AI_NUMERICSERV
+- hints.ai_flags |= AI_NUMERICSERV;
+-#else
+- fprintf(stderr, "AI_NUMERICSERV not defined on this platform\n");
+- exit(1);
+-#endif
+- }
+-
+- printf("getaddrinfo(hostname %s, service %s,\n"
+- " hints { ",
+- hname ? hname : "(null)", port ? port : "(null)");
+- sep = "";
+-#define Z(FLAG) if (hints.ai_flags & AI_##FLAG) printf("%s%s", sep, #FLAG), sep = "|"
+- Z(CANONNAME);
+- Z(PASSIVE);
+-#ifdef AI_NUMERICHOST
+- Z(NUMERICHOST);
+-#endif
+-#ifdef AI_NUMERICSERV
+- Z(NUMERICSERV);
+-#endif
+- if (sep[0] == 0)
+- printf ("no-flags");
+- if (hints.ai_family)
+- printf(" %s", familyname(hints.ai_family));
+- if (hints.ai_socktype)
+- printf(" SOCK_%s", socktypename(hints.ai_socktype));
+- if (hints.ai_protocol)
+- printf(" IPPROTO_%s", protoname(hints.ai_protocol));
+- printf(" }):\n");
+-
+- err = getaddrinfo(hname, port, &hints, &ap);
+- if (err) {
+- printf("\terror => %s\n", eaistr(err));
+- return 1;
+- }
+-
+- for (ap2 = ap; ap2; ap2 = ap2->ai_next) {
+- char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+- /* If we don't do this, even AIX's own getnameinfo will reject
+- the sockaddr structures. The sa_len field doesn't get set
+- either, on AIX, but getnameinfo won't complain. */
+- if (ap2->ai_addr->sa_family == 0) {
+- printf("BAD: sa_family zero! fixing...\n");
+- ap2->ai_addr->sa_family = ap2->ai_family;
+- } else if (ap2->ai_addr->sa_family != ap2->ai_family) {
+- printf("BAD: sa_family != ai_family! fixing...\n");
+- ap2->ai_addr->sa_family = ap2->ai_family;
+- }
+- if (getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof(hbuf),
+- pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+- strlcpy(hbuf, "...", sizeof(hbuf));
+- strlcpy(pbuf, "...", sizeof(pbuf));
+- }
+- printf("%p:\n"
+- "\tfamily = %s\tproto = %-4s\tsocktype = %s\n",
+- (void *) ap2, familyname(ap2->ai_family),
+- protoname (ap2->ai_protocol),
+- socktypename (ap2->ai_socktype));
+- if (ap2->ai_canonname) {
+- if (ap2->ai_canonname[0])
+- printf("\tcanonname = %s\n", ap2->ai_canonname);
+- else
+- printf("BAD: ai_canonname is set but empty!\n");
+- } else if (ap2 == ap && (hints.ai_flags & AI_CANONNAME)) {
+- printf("BAD: first ai_canonname is null!\n");
+- }
+- printf("\taddr = %-28s\tport = %s\n", hbuf, pbuf);
+-
+- err = getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof (hbuf),
+- pbuf, sizeof(pbuf), NI_NAMEREQD);
+- if (err)
+- printf("\tgetnameinfo(NI_NAMEREQD): %s\n", eaistr(err));
+- else
+- printf("\tgetnameinfo => %s, %s\n", hbuf, pbuf);
+- }
+- freeaddrinfo(ap);
+- return 0;
+-}
+diff --git a/src/tests/resolve/deps b/src/tests/resolve/deps
+deleted file mode 100644
+index 762d9adab..000000000
+--- a/src/tests/resolve/deps
++++ /dev/null
+@@ -1,14 +0,0 @@
+-#
+-# Generated makefile dependencies follow.
+-#
+-$(OUTPRE)resolve.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+- resolve.c
+-$(OUTPRE)addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+- addrinfo-test.c
+-$(OUTPRE)fake-addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+- $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+- $(top_srcdir)/include/socket-utils.h addrinfo-test.c \
+- fake-addrinfo-test.c
+diff --git a/src/tests/resolve/fake-addrinfo-test.c b/src/tests/resolve/fake-addrinfo-test.c
+deleted file mode 100644
+index 86365a5ba..000000000
+--- a/src/tests/resolve/fake-addrinfo-test.c
++++ /dev/null
+@@ -1,3 +0,0 @@
+-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+-#define USE_FAKE_ADDRINFO
+-#include "addrinfo-test.c"
+diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c
+deleted file mode 100644
+index ea0239113..000000000
+--- a/src/tests/resolve/resolve.c
++++ /dev/null
+@@ -1,115 +0,0 @@
+-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+-/* tests/resolve/resolve.c */
+-/*
+- * Copyright 1995 by the Massachusetts Institute of Technology.
+- * All Rights Reserved.
+- *
+- * Export of this software from the United States of America may
+- * require a specific license from the United States Government.
+- * It is the responsibility of any person or organization contemplating
+- * export to obtain such a license before exporting.
+- *
+- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+- * distribute this software and its documentation for any purpose and
+- * without fee is hereby granted, provided that the above copyright
+- * notice appear in all copies and that both that copyright notice and
+- * this permission notice appear in supporting documentation, and that
+- * the name of M.I.T. not be used in advertising or publicity pertaining
+- * to distribution of the software without specific, written prior
+- * permission. Furthermore if you modify this software you must label
+- * your software as modified software and not distribute it in such a
+- * fashion that it might be confused with the original M.I.T. software.
+- * M.I.T. makes no representations about the suitability of
+- * this software for any purpose. It is provided "as is" without express
+- * or implied warranty.
+- */
+-
+-/*
+- * A simple program to test the functionality of the resolver library.
+- * It simply will try to get the IP address of the host, and then look
+- * up the name from the address. If the resulting name does not contain the
+- * domain name, then the resolve library is broken.
+- *
+- * Warning: It is possible to fool this program into thinking everything is
+- * alright by a clever use of /etc/hosts - but this is better than nothing.
+- *
+- * Usage:
+- * resolve [hostname]
+- *
+- * When invoked with no arguments, gethostname is used for the local host.
+- *
+- */
+-
+-/* This program tests the resolve library and sees if it is broken... */
+-
+-#include "k5-platform.h"
+-#include <sys/types.h>
+-#include <sys/socket.h>
+-#include <arpa/inet.h>
+-#include <netdb.h>
+-#ifdef HAVE_SYS_PARAM_H
+-#include <sys/param.h>
+-#endif
+-
+-int
+-main(int argc, char **argv)
+-{
+- struct addrinfo *ai = NULL, hint;
+- char myname[MAXHOSTNAMELEN + 1], namebuf[NI_MAXHOST], abuf[256];
+- const char *addrstr;
+- int err, quiet = 0;
+-
+- argc--; argv++;
+- while (argc) {
+- if ((strcmp(*argv, "--quiet") == 0) ||
+- (strcmp(*argv, "-q") == 0)) {
+- quiet++;
+- } else
+- break;
+- argc--; argv++;
+- }
+-
+- if (argc >= 1) {
+- strlcpy(myname, *argv, sizeof(myname));
+- } else {
+- if(gethostname(myname, MAXHOSTNAMELEN)) {
+- perror("gethostname failure");
+- exit(1);
+- }
+- }
+-
+- myname[MAXHOSTNAMELEN] = '\0'; /* for safety */
+-
+- /* Look up the address... */
+- if (!quiet)
+- printf("Hostname: %s\n", myname);
+-
+- memset(&hint, 0, sizeof(hint));
+- hint.ai_flags = AI_CANONNAME;
+- err = getaddrinfo(myname, 0, &hint, &ai);
+- if (err) {
+- fprintf(stderr,
+- "Could not look up address for hostname '%s' - fatal\n",
+- myname);
+- exit(2);
+- }
+-
+- if (!quiet) {
+- addrstr = inet_ntop(ai->ai_family, ai->ai_addr, abuf, sizeof(abuf));
+- if (addrstr != NULL)
+- printf("Host address: %s\n", addrstr);
+- }
+-
+- err = getnameinfo(ai->ai_addr, ai->ai_addrlen, namebuf, sizeof(namebuf),
+- NULL, 0, NI_NAMEREQD);
+- if (err && !quiet)
+- fprintf(stderr, "Error looking up IP address\n");
+-
+- printf("%s%s\n", quiet ? "" : "FQDN: ", err ? ai->ai_canonname : namebuf);
+-
+- if (!quiet)
+- printf("Resolve library appears to have passed the test\n");
+-
+- freeaddrinfo(ai);
+- return 0;
+-}
diff --git a/krb5.spec b/krb5.spec
index ccd17ed..264ff0f 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 3%{?dist}
+Release: 4%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -60,6 +60,8 @@ Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
Patch20: Pass-channel-bindings-through-SPNEGO.patch
+Patch21: Default-dns_canonicalize_hostname-to-fallback.patch
+Patch22: Remove-resolver-test-utility.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -632,6 +634,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Sat May 30 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-4
+- Default dns_canonicalize_hostname to "fallback"
+
* Tue May 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-3
- dns_canonicalize_hostname = fallback
commit 331a9df349e7de9845311387da39592b952aa5e1
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue May 26 21:47:51 2020 +0000
dns_canonicalize_hostname = fallback
diff --git a/krb5.conf b/krb5.conf
index c45f388..4f0d898 100644
--- a/krb5.conf
+++ b/krb5.conf
@@ -15,6 +15,7 @@ includedir /etc/krb5.conf.d/
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
+ dns_canonicalize_hostname = fallback
# default_realm = EXAMPLE.COM
[realms]
diff --git a/krb5.spec b/krb5.spec
index 4aef2f9..ccd17ed 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 2%{?dist}
+Release: 3%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -632,6 +632,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue May 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-3
+- dns_canonicalize_hostname = fallback
+
* Tue May 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-2
- Pass channel bindings through SPNEGO
commit dec02b8411e735e47b6513a84b99f43a5ab5adc4
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue May 26 14:34:53 2020 -0400
Pass channel bindings through SPNEGO
diff --git a/Pass-channel-bindings-through-SPNEGO.patch b/Pass-channel-bindings-through-SPNEGO.patch
new file mode 100644
index 0000000..0137f0c
--- /dev/null
+++ b/Pass-channel-bindings-through-SPNEGO.patch
@@ -0,0 +1,256 @@
+From dd82ae2d390c4de1b8a7737a918d80d6829366dd Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris(a)gmail.com>
+Date: Tue, 28 Apr 2020 18:15:55 +0200
+Subject: [PATCH] Pass channel bindings through SPNEGO
+
+ticket: 8907 (new)
+(cherry picked from commit d16325a24c34ec9a5f6fb4910987f162e0d4d9cd)
+---
+ src/lib/gssapi/spnego/gssapiP_negoex.h | 8 ++---
+ src/lib/gssapi/spnego/negoex_ctx.c | 34 +++++++++++----------
+ src/lib/gssapi/spnego/spnego_mech.c | 41 +++++++++++++-------------
+ 3 files changed, 43 insertions(+), 40 deletions(-)
+
+diff --git a/src/lib/gssapi/spnego/gssapiP_negoex.h b/src/lib/gssapi/spnego/gssapiP_negoex.h
+index 44b08f523..489ab7c42 100644
+--- a/src/lib/gssapi/spnego/gssapiP_negoex.h
++++ b/src/lib/gssapi/spnego/gssapiP_negoex.h
+@@ -201,10 +201,10 @@ negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx,
+ OM_uint32
+ negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req,
+- gss_buffer_t input_token, gss_buffer_t output_token,
+- OM_uint32 *time_rec);
++ gss_buffer_t input_token, gss_channel_bindings_t bindings,
++ gss_buffer_t output_token, OM_uint32 *time_rec);
+
+ OM_uint32
+ negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+- gss_buffer_t input_token, gss_buffer_t output_token,
+- OM_uint32 *time_rec);
++ gss_buffer_t input_token, gss_channel_bindings_t bindings,
++ gss_buffer_t output_token, OM_uint32 *time_rec);
+diff --git a/src/lib/gssapi/spnego/negoex_ctx.c b/src/lib/gssapi/spnego/negoex_ctx.c
+index 18d9d4147..8848ee4db 100644
+--- a/src/lib/gssapi/spnego/negoex_ctx.c
++++ b/src/lib/gssapi/spnego/negoex_ctx.c
+@@ -276,7 +276,8 @@ static OM_uint32
+ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ gss_name_t target, OM_uint32 req_flags, OM_uint32 time_req,
+ struct negoex_message *messages, size_t nmessages,
+- gss_buffer_t output_token, OM_uint32 *time_rec)
++ gss_channel_bindings_t bindings, gss_buffer_t output_token,
++ OM_uint32 *time_rec)
+ {
+ OM_uint32 major, first_major = 0, first_minor = 0;
+ struct negoex_auth_mech *mech = NULL;
+@@ -316,10 +317,9 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+
+ major = gss_init_sec_context(minor, cred, &mech->mech_context, target,
+- mech->oid, req_flags, time_req,
+- GSS_C_NO_CHANNEL_BINDINGS, input_token,
+- &ctx->actual_mech, output_token,
+- &ctx->ctx_flags, time_rec);
++ mech->oid, req_flags, time_req, bindings,
++ input_token, &ctx->actual_mech,
++ output_token, &ctx->ctx_flags, time_rec);
+
+ if (major == GSS_S_COMPLETE)
+ mech->complete = 1;
+@@ -351,7 +351,8 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ static OM_uint32
+ mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+ gss_cred_id_t cred, struct negoex_message *messages,
+- size_t nmessages, gss_buffer_t output_token, OM_uint32 *time_rec)
++ size_t nmessages, gss_channel_bindings_t bindings,
++ gss_buffer_t output_token, OM_uint32 *time_rec)
+ {
+ OM_uint32 major, tmpmin;
+ struct negoex_auth_mech *mech;
+@@ -395,10 +396,10 @@ mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+ gss_release_cred(&tmpmin, &ctx->deleg_cred);
+
+ major = gss_accept_sec_context(minor, &mech->mech_context, cred,
+- &msg->token, GSS_C_NO_CHANNEL_BINDINGS,
+- &ctx->internal_name, &ctx->actual_mech,
+- output_token, &ctx->ctx_flags,
+- time_rec, &ctx->deleg_cred);
++ &msg->token, bindings, &ctx->internal_name,
++ &ctx->actual_mech, output_token,
++ &ctx->ctx_flags, time_rec,
++ &ctx->deleg_cred);
+
+ if (major == GSS_S_COMPLETE)
+ mech->complete = 1;
+@@ -609,8 +610,8 @@ make_output_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+ OM_uint32
+ negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req,
+- gss_buffer_t input_token, gss_buffer_t output_token,
+- OM_uint32 *time_rec)
++ gss_buffer_t input_token, gss_channel_bindings_t bindings,
++ gss_buffer_t output_token, OM_uint32 *time_rec)
+ {
+ OM_uint32 major, tmpmin;
+ gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER;
+@@ -663,7 +664,8 @@ negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ /* Process the input token and/or produce an output token. This may prune
+ * the mech list, but on success there will be at least one mech entry. */
+ major = mech_init(minor, ctx, cred, target_name, req_flags, time_req,
+- messages, nmessages, &mech_output_token, time_rec);
++ messages, nmessages, bindings, &mech_output_token,
++ time_rec);
+ if (major != GSS_S_COMPLETE)
+ goto cleanup;
+ assert(!K5_TAILQ_EMPTY(&ctx->negoex_mechs));
+@@ -701,8 +703,8 @@ cleanup:
+
+ OM_uint32
+ negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+- gss_buffer_t input_token, gss_buffer_t output_token,
+- OM_uint32 *time_rec)
++ gss_buffer_t input_token, gss_channel_bindings_t bindings,
++ gss_buffer_t output_token, OM_uint32 *time_rec)
+ {
+ OM_uint32 major, tmpmin;
+ gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER;
+@@ -754,7 +756,7 @@ negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+ * prune the list to a single mech. Continue on error if an output token
+ * is generated, so that we send the token to the initiator.
+ */
+- major = mech_accept(minor, ctx, cred, messages, nmessages,
++ major = mech_accept(minor, ctx, cred, messages, nmessages, bindings,
+ &mech_output_token, time_rec);
+ if (major != GSS_S_COMPLETE && mech_output_token.length == 0)
+ goto cleanup;
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index 594fc5894..4cf011143 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -130,6 +130,7 @@ init_ctx_reselect(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32,
+ static OM_uint32
+ init_ctx_call_init(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t,
+ OM_uint32, gss_name_t, OM_uint32, OM_uint32, gss_buffer_t,
++ gss_channel_bindings_t,
+ gss_buffer_t, OM_uint32 *, send_token_flag *);
+
+ static OM_uint32
+@@ -144,8 +145,8 @@ acc_ctx_vfy_oid(OM_uint32 *, spnego_gss_ctx_id_t, gss_OID,
+ OM_uint32 *, send_token_flag *);
+ static OM_uint32
+ acc_ctx_call_acc(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t,
+- gss_buffer_t, gss_buffer_t, OM_uint32 *, OM_uint32 *,
+- send_token_flag *);
++ gss_buffer_t, gss_channel_bindings_t, gss_buffer_t,
++ OM_uint32 *, OM_uint32 *, send_token_flag *);
+
+ static gss_OID
+ negotiate_mech(spnego_gss_ctx_id_t, gss_OID_set, OM_uint32 *);
+@@ -905,6 +906,7 @@ init_ctx_call_init(OM_uint32 *minor_status,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ gss_buffer_t mechtok_in,
++ gss_channel_bindings_t bindings,
+ gss_buffer_t mechtok_out,
+ OM_uint32 *time_rec,
+ send_token_flag *send_token)
+@@ -921,15 +923,14 @@ init_ctx_call_init(OM_uint32 *minor_status,
+ if (gss_oid_equal(sc->internal_mech, &negoex_mech)) {
+ ret = negoex_init(minor_status, sc, mcred, target_name,
+ mech_req_flags, time_req, mechtok_in,
+- mechtok_out, time_rec);
++ bindings, mechtok_out, time_rec);
+ } else {
+ ret = gss_init_sec_context(minor_status, mcred,
+ &sc->ctx_handle, target_name,
+ sc->internal_mech, mech_req_flags,
+- time_req, GSS_C_NO_CHANNEL_BINDINGS,
+- mechtok_in, &sc->actual_mech,
+- mechtok_out, &sc->ctx_flags,
+- time_rec);
++ time_req, bindings, mechtok_in,
++ &sc->actual_mech, mechtok_out,
++ &sc->ctx_flags, time_rec);
+ }
+
+ /* Bail out if the acceptor gave us an error token but the mech didn't
+@@ -981,8 +982,8 @@ init_ctx_call_init(OM_uint32 *minor_status,
+ gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER);
+ tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState,
+ target_name, req_flags, time_req,
+- mechtok_in, mechtok_out, time_rec,
+- send_token);
++ mechtok_in, bindings, mechtok_out,
++ time_rec, send_token);
+ if (HARD_ERROR(tmpret))
+ goto fail;
+ *minor_status = tmpmin;
+@@ -1004,7 +1005,7 @@ spnego_gss_init_sec_context(
+ gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+- gss_channel_bindings_t input_chan_bindings,
++ gss_channel_bindings_t bindings,
+ gss_buffer_t input_token,
+ gss_OID *actual_mech,
+ gss_buffer_t output_token,
+@@ -1084,8 +1085,8 @@ spnego_gss_init_sec_context(
+ if (!spnego_ctx->mech_complete) {
+ ret = init_ctx_call_init(minor_status, spnego_ctx, spcred,
+ acc_negState, target_name, req_flags,
+- time_req, mechtok_in, &mechtok_out,
+- time_rec, &send_token);
++ time_req, mechtok_in, bindings,
++ &mechtok_out, time_rec, &send_token);
+ if (ret != GSS_S_COMPLETE)
+ goto cleanup;
+
+@@ -1542,8 +1543,9 @@ cleanup:
+ static OM_uint32
+ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+ spnego_gss_cred_id_t spcred, gss_buffer_t mechtok_in,
+- gss_buffer_t mechtok_out, OM_uint32 *time_rec,
+- OM_uint32 *negState, send_token_flag *tokflag)
++ gss_channel_bindings_t bindings, gss_buffer_t mechtok_out,
++ OM_uint32 *time_rec, OM_uint32 *negState,
++ send_token_flag *tokflag)
+ {
+ OM_uint32 ret, tmpmin;
+ gss_OID_desc mechoid;
+@@ -1568,13 +1570,12 @@ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+ mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
+ if (negoex) {
+ ret = negoex_accept(minor_status, sc, mcred, mechtok_in,
+- mechtok_out, time_rec);
++ bindings, mechtok_out, time_rec);
+ } else {
+ (void) gss_release_name(&tmpmin, &sc->internal_name);
+ (void) gss_release_cred(&tmpmin, &sc->deleg_cred);
+ ret = gss_accept_sec_context(minor_status, &sc->ctx_handle,
+- mcred, mechtok_in,
+- GSS_C_NO_CHANNEL_BINDINGS,
++ mcred, mechtok_in, bindings,
+ &sc->internal_name,
+ &sc->actual_mech, mechtok_out,
+ &sc->ctx_flags, time_rec,
+@@ -1620,7 +1621,7 @@ spnego_gss_accept_sec_context(
+ gss_ctx_id_t *context_handle,
+ gss_cred_id_t verifier_cred_handle,
+ gss_buffer_t input_token,
+- gss_channel_bindings_t input_chan_bindings,
++ gss_channel_bindings_t bindings,
+ gss_name_t *src_name,
+ gss_OID *mech_type,
+ gss_buffer_t output_token,
+@@ -1734,8 +1735,8 @@ spnego_gss_accept_sec_context(
+ */
+ if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) {
+ ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in,
+- &mechtok_out, time_rec, &negState,
+- &return_token);
++ bindings, &mechtok_out, time_rec,
++ &negState, &return_token);
+ }
+
+ /* Step 3: process or generate the MIC, if the negotiated mech is
diff --git a/krb5.spec b/krb5.spec
index eb99d26..4aef2f9 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 1%{?dist}
+Release: 2%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -59,6 +59,7 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
+Patch20: Pass-channel-bindings-through-SPNEGO.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -631,6 +632,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue May 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-2
+- Pass channel bindings through SPNEGO
+
* Fri May 22 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-1
- New upstream release (1.18.2)
commit 102adf5edf477b0cd64bd208064b1c9680343750
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri May 22 14:22:05 2020 -0400
New upstream release (1.18.2)
diff --git a/.gitignore b/.gitignore
index 5de4b79..ecff9ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -185,3 +185,5 @@ krb5-1.8.3-pdf.tar.gz
/krb5-1.18.tar.gz.asc
/krb5-1.18.1.tar.gz
/krb5-1.18.1.tar.gz.asc
+/krb5-1.18.2.tar.gz
+/krb5-1.18.2.tar.gz.asc
diff --git a/Add-finalization-safety-check-to-com_err.patch b/Add-finalization-safety-check-to-com_err.patch
index 0dc7663..531bbf5 100644
--- a/Add-finalization-safety-check-to-com_err.patch
+++ b/Add-finalization-safety-check-to-com_err.patch
@@ -1,4 +1,4 @@
-From c7a37d3e87132864ebc44710baf1d50a69682b5c Mon Sep 17 00:00:00 2001
+From 9b28e9bbadb775cf790092bc0b0fe9f6c880d215 Mon Sep 17 00:00:00 2001
From: Jiri Sasek <Jiri.Sasek(a)Oracle.COM>
Date: Fri, 13 Mar 2020 19:02:58 +0100
Subject: [PATCH] Add finalization safety check to com_err
diff --git a/Allow-certauth-modules-to-set-hw-authent-flag.patch b/Allow-certauth-modules-to-set-hw-authent-flag.patch
index 6fdb430..ebadb9b 100644
--- a/Allow-certauth-modules-to-set-hw-authent-flag.patch
+++ b/Allow-certauth-modules-to-set-hw-authent-flag.patch
@@ -1,4 +1,4 @@
-From d23b2ed4f06fa77cd021814834dd1391ef6f452f Mon Sep 17 00:00:00 2001
+From 5413039348c612716fb5e33347814b7608778646 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Mon, 24 Feb 2020 15:58:59 -0500
Subject: [PATCH] Allow certauth modules to set hw-authent flag
diff --git a/Correctly-import-service-GSS-host-based-name.patch b/Correctly-import-service-GSS-host-based-name.patch
index 523ebaf..754bc89 100644
--- a/Correctly-import-service-GSS-host-based-name.patch
+++ b/Correctly-import-service-GSS-host-based-name.patch
@@ -1,4 +1,4 @@
-From dd4364d76925ce1fe21c2ab995554d6af3a2ea12 Mon Sep 17 00:00:00 2001
+From e8c6f76079bac021e30e89e12b547cc73f71ec36 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Mon, 30 Mar 2020 15:26:02 -0400
Subject: [PATCH] Correctly import "service@" GSS host-based name
diff --git a/Do-expiration-warnings-for-all-init_creds-APIs.patch b/Do-expiration-warnings-for-all-init_creds-APIs.patch
index 3dbe1f5..24062a0 100644
--- a/Do-expiration-warnings-for-all-init_creds-APIs.patch
+++ b/Do-expiration-warnings-for-all-init_creds-APIs.patch
@@ -1,4 +1,4 @@
-From c136cfe050d203c910624573a33247fde2889b09 Mon Sep 17 00:00:00 2001
+From 0083381a1dc008c6a1a437393045f82ec06423f8 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose(a)redhat.com>
Date: Fri, 28 Feb 2020 10:11:49 +0100
Subject: [PATCH] Do expiration warnings for all init_creds APIs
diff --git a/Eliminate-redundant-PKINIT-responder-invocation.patch b/Eliminate-redundant-PKINIT-responder-invocation.patch
index 92bc1ab..4234ffd 100644
--- a/Eliminate-redundant-PKINIT-responder-invocation.patch
+++ b/Eliminate-redundant-PKINIT-responder-invocation.patch
@@ -1,4 +1,4 @@
-From 4a05805eb39ba088c07f782fb52a6538ec3f2db6 Mon Sep 17 00:00:00 2001
+From 43d09ed10d495e78c786f5468455f16a63a99532 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Mon, 23 Mar 2020 19:10:03 -0400
Subject: [PATCH] Eliminate redundant PKINIT responder invocation
diff --git a/Fix-SPNEGO-acceptor-mech-filtering.patch b/Fix-SPNEGO-acceptor-mech-filtering.patch
deleted file mode 100644
index 3f07637..0000000
--- a/Fix-SPNEGO-acceptor-mech-filtering.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From b8a19522f0169be3b4a2f539e28c89755cd85d6f Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Thu, 21 May 2020 14:15:25 -0400
-Subject: [PATCH] Fix SPNEGO acceptor mech filtering
-
-Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
-accidentally changed the SPNEGO acceptor code to filter mechanisms by
-the obtainability of initiator credentials rather than acceptor
-credentials, when the default acceptor credential is used.
-
-ticket: 8908 (new)
-tags: pullup
-target_version: 1.18-next
-
-(cherry picked from commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d)
----
- src/lib/gssapi/spnego/spnego_mech.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index 8d36a05e8..255db6e30 100644
---- a/src/lib/gssapi/spnego/spnego_mech.c
-+++ b/src/lib/gssapi/spnego/spnego_mech.c
-@@ -1379,7 +1379,7 @@ acc_ctx_new(OM_uint32 *minor_status,
- goto cleanup;
- }
-
-- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
-+ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
- if (ret != GSS_S_COMPLETE) {
- *return_token = NO_TOKEN_SEND;
- goto cleanup;
diff --git a/Fix-typo-in-in-in-the-ksu-man-page.patch b/Fix-typo-in-in-in-the-ksu-man-page.patch
index 2a93038..5196a90 100644
--- a/Fix-typo-in-in-in-the-ksu-man-page.patch
+++ b/Fix-typo-in-in-in-the-ksu-man-page.patch
@@ -1,4 +1,4 @@
-From 5eed1579142640363302f27e41abb354461d3030 Mon Sep 17 00:00:00 2001
+From 8de669742ae4190542741f0dc61119a6a0dad666 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Thu, 14 May 2020 15:01:18 -0400
Subject: [PATCH] Fix typo ("in in") in the ksu man page
@@ -23,7 +23,7 @@ index 8d6c7ef79..933738229 100644
diff --git a/src/man/ksu.man b/src/man/ksu.man
-index 6660e0937..9c8cf75ff 100644
+index 81e34815d..8d4c6a359 100644
--- a/src/man/ksu.man
+++ b/src/man/ksu.man
@@ -176,7 +176,7 @@ wrong password is typed in, ksu fails.
diff --git a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
index b1b1908..6ca7931 100644
--- a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
+++ b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
@@ -1,4 +1,4 @@
-From 442f1fa5b2e4034954a51048414cc0863b914379 Mon Sep 17 00:00:00 2001
+From 6d132f1019b2f1b6f54bae25ed0ea9122c87a190 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Wed, 6 May 2020 16:03:13 -0400
Subject: [PATCH] Omit KDC indicator check for S4U2Self requests
diff --git a/Pass-gss_localname-through-SPNEGO.patch b/Pass-gss_localname-through-SPNEGO.patch
index 37aef38..eff3733 100644
--- a/Pass-gss_localname-through-SPNEGO.patch
+++ b/Pass-gss_localname-through-SPNEGO.patch
@@ -1,4 +1,4 @@
-From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001
+From dce745bbdf95ddfa733bc306c57afe5fcab74479 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Sun, 26 Apr 2020 19:55:54 -0400
Subject: [PATCH] Pass gss_localname() through SPNEGO
@@ -30,7 +30,7 @@ index a93763314..066ec736f 100644
(
OM_uint32 *minor_status,
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
-index 8e0c3a348..8d36a05e8 100644
+index ec0bae6a4..594fc5894 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism =
diff --git a/Refresh-manually-acquired-creds-from-client-keytab.patch b/Refresh-manually-acquired-creds-from-client-keytab.patch
index cb20c44..d67d9b4 100644
--- a/Refresh-manually-acquired-creds-from-client-keytab.patch
+++ b/Refresh-manually-acquired-creds-from-client-keytab.patch
@@ -1,4 +1,4 @@
-From 685aada9eae420cb5156ca7b71c2c7614c0b6e2c Mon Sep 17 00:00:00 2001
+From 13e085a996ac53484fa308f3ef7a2b66c05ccdfa Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Wed, 26 Feb 2020 18:27:17 -0500
Subject: [PATCH] Refresh manually acquired creds from client keytab
diff --git a/downstream-Adjust-build-configuration.patch b/downstream-Adjust-build-configuration.patch
index f15a4a2..47f6c31 100644
--- a/downstream-Adjust-build-configuration.patch
+++ b/downstream-Adjust-build-configuration.patch
@@ -1,4 +1,4 @@
-From 92508996ed4c69fa6f5cf855fdf10f34cfa07ec9 Mon Sep 17 00:00:00 2001
+From 30ece66508c8e10f704cd2860dfd421ebee15897 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:45:26 -0400
Subject: [PATCH] [downstream] Adjust build configuration
diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
index e6a0a64..b304c47 100644
--- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
@@ -1,4 +1,4 @@
-From a721df13d09b5fdad32de15e6aa973b732727aa9 Mon Sep 17 00:00:00 2001
+From 15056939ae1e52b9c0b4e0f4ac59772b0d942647 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri, 9 Nov 2018 15:12:21 -0500
Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch
index 01d9338..570762d 100644
--- a/downstream-Remove-3des-support.patch
+++ b/downstream-Remove-3des-support.patch
@@ -1,4 +1,4 @@
-From e9cd83237b54e2f6010a063f523217b0a442ecbf Mon Sep 17 00:00:00 2001
+From c920b585b8400ef44684c673c54264657195f3ce Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 26 Mar 2019 18:51:10 -0400
Subject: [PATCH] [downstream] Remove 3des support
@@ -365,7 +365,7 @@ index 8a4b87de1..d7f1d076b 100644
+ supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal
}
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
-index e5898ea63..973976fd9 100644
+index ba0ce0b71..e3352f9cc 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1103,8 +1103,6 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
diff --git a/downstream-SELinux-integration.patch b/downstream-SELinux-integration.patch
index 3d3bd08..e5322af 100644
--- a/downstream-SELinux-integration.patch
+++ b/downstream-SELinux-integration.patch
@@ -1,4 +1,4 @@
-From 0f8851a23a7b6fa0e195e01d0475e9e55707adf2 Mon Sep 17 00:00:00 2001
+From f8c70f6190a0573e2aca0b40964cf3b1a73ca8bb Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:30:53 -0400
Subject: [PATCH] [downstream] SELinux integration
diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
index 478fd82..56565b1 100644
--- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
+++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
@@ -1,4 +1,4 @@
-From 3f5875cf859271bca62f07aee6f663787972def9 Mon Sep 17 00:00:00 2001
+From 040dd62418b918adc993b9cc3e1e80fc232286c4 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri, 15 Nov 2019 20:05:16 +0000
Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF
diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch
index 167fcaf..33f61c5 100644
--- a/downstream-fix-debuginfo-with-y.tab.c.patch
+++ b/downstream-fix-debuginfo-with-y.tab.c.patch
@@ -1,4 +1,4 @@
-From f4002f246332695d8ea12ec803139fcac18fbba2 Mon Sep 17 00:00:00 2001
+From c6e103db0eb02c31a13b8cbcbae296c473074991 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:49:25 -0400
Subject: [PATCH] [downstream] fix debuginfo with y.tab.c
diff --git a/downstream-ksu-pam-integration.patch b/downstream-ksu-pam-integration.patch
index 220363b..e81f2c1 100644
--- a/downstream-ksu-pam-integration.patch
+++ b/downstream-ksu-pam-integration.patch
@@ -1,4 +1,4 @@
-From a7322a84657752c886c317a6994a9fc7a4a70ca5 Mon Sep 17 00:00:00 2001
+From 9feb7298b90d3e6a34821fce7315757c0bf81c9e Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:29:58 -0400
Subject: [PATCH] [downstream] ksu pam integration
diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch
index d7ceab1..05bddc4 100644
--- a/downstream-netlib-and-dns.patch
+++ b/downstream-netlib-and-dns.patch
@@ -1,4 +1,4 @@
-From 355dd481511af4d517ee540854f95a6fb12116a9 Mon Sep 17 00:00:00 2001
+From 4254bee1b97edeb0848efce635bcf1b56306f968 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:46:21 -0400
Subject: [PATCH] [downstream] netlib and dns
diff --git a/krb5.spec b/krb5.spec
index fe42e76..eb99d26 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -16,9 +16,9 @@
Summary: The Kerberos network authentication system
Name: krb5
-Version: 1.18.1
+Version: 1.18.2
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 6%{?dist}
+Release: 1%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -59,7 +59,6 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
-Patch20: Fix-SPNEGO-acceptor-mech-filtering.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -632,6 +631,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri May 22 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.2-1
+- New upstream release (1.18.2)
+
* Fri May 22 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-6
- Fix SPNEGO acceptor mech filtering
diff --git a/sources b/sources
index a2aa017..c61d805 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (krb5-1.18.1.tar.gz) = c96c9ed676c8ccb9b65d17bb1d982c266228c75030a2d8fd5d7952ee8cdf362a22d202e93018d1011a5e7bd9a9fabe69aa1578d1d2e4839a78b9916d8b8019ce
-SHA512 (krb5-1.18.1.tar.gz.asc) = e7db98b9f053de793763af734a7b8de81702156d12dfeb7295032c2416a43406840960fb8d16efb6cad911c1cb047da1f6fe17c88289aad28983b5d531f47908
+SHA512 (krb5-1.18.2.tar.gz) = 7cbb1b28e677fea3e0794e93951f3caaa2c49bb1175dd187951e72a466cc69d96c3b833d838000fe911c1a437d96a558e550f27c53a8b332fb9dfc7cbb7ec44c
+SHA512 (krb5-1.18.2.tar.gz.asc) = 70775a06104b4d792d278da2efa92e94ddacb4ea319bfe2b253f5afcfec27f3bc5ddd12560294a265e3cf3d4fc74bcbfc3f5eeff8634d66c00d67e18dc93a74a
commit d370e2a431a42b1fa46c89275def24e844697326
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri May 22 13:28:09 2020 -0400
Fix SPNEGO acceptor mech filtering
diff --git a/Fix-SPNEGO-acceptor-mech-filtering.patch b/Fix-SPNEGO-acceptor-mech-filtering.patch
new file mode 100644
index 0000000..3f07637
--- /dev/null
+++ b/Fix-SPNEGO-acceptor-mech-filtering.patch
@@ -0,0 +1,32 @@
+From b8a19522f0169be3b4a2f539e28c89755cd85d6f Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Thu, 21 May 2020 14:15:25 -0400
+Subject: [PATCH] Fix SPNEGO acceptor mech filtering
+
+Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
+accidentally changed the SPNEGO acceptor code to filter mechanisms by
+the obtainability of initiator credentials rather than acceptor
+credentials, when the default acceptor credential is used.
+
+ticket: 8908 (new)
+tags: pullup
+target_version: 1.18-next
+
+(cherry picked from commit e25918cb9efd7361aa78d2d96cd097dd34fdf35d)
+---
+ src/lib/gssapi/spnego/spnego_mech.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index 8d36a05e8..255db6e30 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -1379,7 +1379,7 @@ acc_ctx_new(OM_uint32 *minor_status,
+ goto cleanup;
+ }
+
+- ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
++ ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
+ if (ret != GSS_S_COMPLETE) {
+ *return_token = NO_TOKEN_SEND;
+ goto cleanup;
diff --git a/krb5.spec b/krb5.spec
index 9622f8f..fe42e76 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 5%{?dist}
+Release: 6%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -59,6 +59,7 @@ Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
+Patch20: Fix-SPNEGO-acceptor-mech-filtering.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -631,6 +632,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri May 22 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-6
+- Fix SPNEGO acceptor mech filtering
+
* Mon May 18 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-5
- Fix typo ("in in") in the ksu man page
commit 0963a62bc3cce5c44f51352e905aecf069ecac45
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon May 18 14:02:44 2020 -0400
Fix typo ("in in") in the ksu man page
diff --git a/Fix-typo-in-in-in-the-ksu-man-page.patch b/Fix-typo-in-in-in-the-ksu-man-page.patch
new file mode 100644
index 0000000..2a93038
--- /dev/null
+++ b/Fix-typo-in-in-in-the-ksu-man-page.patch
@@ -0,0 +1,37 @@
+From 5eed1579142640363302f27e41abb354461d3030 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood(a)redhat.com>
+Date: Thu, 14 May 2020 15:01:18 -0400
+Subject: [PATCH] Fix typo ("in in") in the ksu man page
+
+(cherry picked from commit 1011841acdc1020f308ef4f569c6622f279d8c3f)
+---
+ doc/user/user_commands/ksu.rst | 2 +-
+ src/man/ksu.man | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/doc/user/user_commands/ksu.rst b/doc/user/user_commands/ksu.rst
+index 8d6c7ef79..933738229 100644
+--- a/doc/user/user_commands/ksu.rst
++++ b/doc/user/user_commands/ksu.rst
+@@ -155,7 +155,7 @@ wrong password is typed in, ksu fails.
+ .. note::
+
+ During authentication, only the tickets that could be
+- obtained without providing a password are cached in in the
++ obtained without providing a password are cached in the
+ source cache.
+
+
+diff --git a/src/man/ksu.man b/src/man/ksu.man
+index 6660e0937..9c8cf75ff 100644
+--- a/src/man/ksu.man
++++ b/src/man/ksu.man
+@@ -176,7 +176,7 @@ wrong password is typed in, ksu fails.
+ .INDENT 0.0
+ .INDENT 3.5
+ During authentication, only the tickets that could be
+-obtained without providing a password are cached in in the
++obtained without providing a password are cached in the
+ source cache.
+ .UNINDENT
+ .UNINDENT
diff --git a/krb5.spec b/krb5.spec
index 23dcee4..9622f8f 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 4%{?dist}
+Release: 5%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -58,6 +58,7 @@ Patch15: Correctly-import-service-GSS-host-based-name.patch
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
+Patch19: Fix-typo-in-in-in-the-ksu-man-page.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -630,6 +631,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Mon May 18 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-5
+- Fix typo ("in in") in the ksu man page
+
* Fri May 08 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-4
- Omit KDC indicator check for S4U2Self requests
commit a9ccd6fd5703d21eecd044c5b984daa5a2441770
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri May 8 14:14:22 2020 -0400
Omit KDC indicator check for S4U2Self requests
diff --git a/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
new file mode 100644
index 0000000..b1b1908
--- /dev/null
+++ b/Omit-KDC-indicator-check-for-S4U2Self-requests.patch
@@ -0,0 +1,48 @@
+From 442f1fa5b2e4034954a51048414cc0863b914379 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Wed, 6 May 2020 16:03:13 -0400
+Subject: [PATCH] Omit KDC indicator check for S4U2Self requests
+
+As there was no initial ticket exchange from the client for an
+S4U2Self request, the auth indicator check is inapplicable (and would
+always fail if any auth indicators are required).
+
+ticket: 8902 (new)
+(cherry picked from commit 183631fbf72351c2d5fc7d60b2d9fc4d09fe7465)
+---
+ src/kdc/do_tgs_req.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
+index 241f34e2a..463a9c0dd 100644
+--- a/src/kdc/do_tgs_req.c
++++ b/src/kdc/do_tgs_req.c
+@@ -392,8 +392,8 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt,
+ }
+ authtime = subject_tkt->times.authtime;
+
+- /* Extract auth indicators from the subject ticket, except for S4U2Self
+- * requests (where the client didn't authenticate). */
++ /* Extract and check auth indicators from the subject ticket, except for
++ * S4U2Self requests (where the client didn't authenticate). */
+ if (s4u_x509_user == NULL) {
+ errcode = get_auth_indicators(kdc_context, subject_tkt, local_tgt,
+ &local_tgt_key, &auth_indicators);
+@@ -401,12 +401,12 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt,
+ status = "GET_AUTH_INDICATORS";
+ goto cleanup;
+ }
+- }
+
+- errcode = check_indicators(kdc_context, server, auth_indicators);
+- if (errcode) {
+- status = "HIGHER_AUTHENTICATION_REQUIRED";
+- goto cleanup;
++ errcode = check_indicators(kdc_context, server, auth_indicators);
++ if (errcode) {
++ status = "HIGHER_AUTHENTICATION_REQUIRED";
++ goto cleanup;
++ }
+ }
+
+ if (is_referral)
diff --git a/krb5.spec b/krb5.spec
index 03bfa71..23dcee4 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 3%{?dist}
+Release: 4%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -57,6 +57,7 @@ Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
Patch15: Correctly-import-service-GSS-host-based-name.patch
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
Patch17: Pass-gss_localname-through-SPNEGO.patch
+Patch18: Omit-KDC-indicator-check-for-S4U2Self-requests.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -629,6 +630,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri May 08 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-4
+- Omit KDC indicator check for S4U2Self requests
+
* Tue Apr 28 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-3
- Pass gss_localname() through SPNEGO
commit 19d5d2e504feee8022564d27832956218146d392
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Apr 28 13:12:21 2020 -0400
Pass gss_localname() through SPNEGO
diff --git a/Pass-gss_localname-through-SPNEGO.patch b/Pass-gss_localname-through-SPNEGO.patch
new file mode 100644
index 0000000..37aef38
--- /dev/null
+++ b/Pass-gss_localname-through-SPNEGO.patch
@@ -0,0 +1,58 @@
+From 646212314a580a8cdffdacda9cb3c8f806471b08 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Sun, 26 Apr 2020 19:55:54 -0400
+Subject: [PATCH] Pass gss_localname() through SPNEGO
+
+ticket: 8897 (new)
+(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285)
+---
+ src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++
+ src/lib/gssapi/spnego/spnego_mech.c | 9 ++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
+index a93763314..066ec736f 100644
+--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
++++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
+@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
+ OM_uint32 *max_input_size
+ );
+
++OM_uint32 KRB5_CALLCONV spnego_gss_localname
++(
++ OM_uint32 *minor_status,
++ const gss_name_t pname,
++ const gss_const_OID mech_type,
++ gss_buffer_t localname
++);
++
+ OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
+ (
+ OM_uint32 *minor_status,
+diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
+index 8e0c3a348..8d36a05e8 100644
+--- a/src/lib/gssapi/spnego/spnego_mech.c
++++ b/src/lib/gssapi/spnego/spnego_mech.c
+@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism =
+ spnego_gss_inquire_context, /* gss_inquire_context */
+ NULL, /* gss_internal_release_oid */
+ spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */
+- NULL, /* gssd_pname_to_uid */
++ spnego_gss_localname,
+ NULL, /* gss_userok */
+ NULL, /* gss_export_name */
+ spnego_gss_duplicate_name, /* gss_duplicate_name */
+@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit(
+ return (ret);
+ }
+
++OM_uint32 KRB5_CALLCONV
++spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname,
++ const gss_const_OID mech_type, gss_buffer_t localname)
++{
++ return gss_localname(minor_status, pname, GSS_C_NO_OID, localname);
++}
++
+ OM_uint32 KRB5_CALLCONV
+ spnego_gss_get_mic(
+ OM_uint32 *minor_status,
diff --git a/krb5.spec b/krb5.spec
index 37089cc..03bfa71 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 1%{?dist}
+Release: 3%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -56,6 +56,7 @@ Patch13: Add-finalization-safety-check-to-com_err.patch
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
Patch15: Correctly-import-service-GSS-host-based-name.patch
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
+Patch17: Pass-gss_localname-through-SPNEGO.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -80,18 +81,13 @@ BuildRequires: iproute
BuildRequires: libverto-devel
BuildRequires: openldap-devel
BuildRequires: lmdb-devel
+BuildRequires: nss_wrapper
+BuildRequires: socket_wrapper
# Need KDFs. This is the backported version
BuildRequires: openssl-devel >= 1:1.1.1d-4
BuildRequires: openssl-devel < 1:3.0.0
-%ifarch %{ix86} x86_64
-BuildRequires: yasm
-%endif
-
-BuildRequires: nss_wrapper
-BuildRequires: socket_wrapper
-
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
@@ -633,6 +629,12 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue Apr 28 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-3
+- Pass gss_localname() through SPNEGO
+
+* Tue Apr 14 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-1.1
+- Drop yasm requirement since we don't use builtin crypto
+
* Tue Apr 14 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-1
- New upstream version (1.18.1)
commit 46d8c677aef7d66f4270be9084f89b71fe0ae565
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Apr 14 15:50:03 2020 -0400
It usually helps if I commit the sources file
diff --git a/.gitignore b/.gitignore
index 88fde60..5de4b79 100644
--- a/.gitignore
+++ b/.gitignore
@@ -183,3 +183,5 @@ krb5-1.8.3-pdf.tar.gz
/krb5-1.18-beta2.tar.gz.asc
/krb5-1.18.tar.gz
/krb5-1.18.tar.gz.asc
+/krb5-1.18.1.tar.gz
+/krb5-1.18.1.tar.gz.asc
diff --git a/sources b/sources
index d851b71..a2aa017 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (krb5-1.18.tar.gz) = 36a01ea310b4b3d0a3d209b641739575239e1ca5e93b3de99cb1fec83e82f9a70ad0761dd6eb77cda5c18c53044ab80168b00725642a0c2dfde0e492c42af6a9
-SHA512 (krb5-1.18.tar.gz.asc) = a9399a0e98a810b0c1c9e47c280edec329018714d60b3be228d125ea6e9d1548030940ca29ffd92a424675b02922a8509ed6ffec30d42da6c0d505d84c5aba63
+SHA512 (krb5-1.18.1.tar.gz) = c96c9ed676c8ccb9b65d17bb1d982c266228c75030a2d8fd5d7952ee8cdf362a22d202e93018d1011a5e7bd9a9fabe69aa1578d1d2e4839a78b9916d8b8019ce
+SHA512 (krb5-1.18.1.tar.gz.asc) = e7db98b9f053de793763af734a7b8de81702156d12dfeb7295032c2416a43406840960fb8d16efb6cad911c1cb047da1f6fe17c88289aad28983b5d531f47908
commit 7fca7fd076a59b106c637913678a7752808bf89f
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Apr 14 15:45:43 2020 -0400
New upstream version (1.18.1)
diff --git a/Add-finalization-safety-check-to-com_err.patch b/Add-finalization-safety-check-to-com_err.patch
index 0fcb8cc..0dc7663 100644
--- a/Add-finalization-safety-check-to-com_err.patch
+++ b/Add-finalization-safety-check-to-com_err.patch
@@ -1,4 +1,4 @@
-From 7d375a59fb36cc5ef8dd87895b83e9dfccc57058 Mon Sep 17 00:00:00 2001
+From c7a37d3e87132864ebc44710baf1d50a69682b5c Mon Sep 17 00:00:00 2001
From: Jiri Sasek <Jiri.Sasek(a)Oracle.COM>
Date: Fri, 13 Mar 2020 19:02:58 +0100
Subject: [PATCH] Add finalization safety check to com_err
diff --git a/Allow-certauth-modules-to-set-hw-authent-flag.patch b/Allow-certauth-modules-to-set-hw-authent-flag.patch
index c1266c9..6fdb430 100644
--- a/Allow-certauth-modules-to-set-hw-authent-flag.patch
+++ b/Allow-certauth-modules-to-set-hw-authent-flag.patch
@@ -1,4 +1,4 @@
-From 745aa16c41305da1a3f288bf06e551f56cb04594 Mon Sep 17 00:00:00 2001
+From d23b2ed4f06fa77cd021814834dd1391ef6f452f Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Mon, 24 Feb 2020 15:58:59 -0500
Subject: [PATCH] Allow certauth modules to set hw-authent flag
diff --git a/Allow-deletion-of-require_auth-with-LDAP-KDB.patch b/Allow-deletion-of-require_auth-with-LDAP-KDB.patch
deleted file mode 100644
index 58ef195..0000000
--- a/Allow-deletion-of-require_auth-with-LDAP-KDB.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-From 59eea8a1977c6039069b3826e5e651582a33fc25 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Tue, 25 Feb 2020 11:32:09 -0500
-Subject: [PATCH] Allow deletion of require_auth with LDAP KDB
-
-In update_ldap_mod_auth_ind(), if there is no string attribute value
-for require_auth, check for krbPrincipalAuthInd attributes that might
-need to be removed. (This will only work if the entry is loaded and
-then modified, but that is the normal case for an existing entry.)
-
-Move the update_ldap_mod_auth_ind() call inside the tl-data
-conditional (which should perhaps be a check for KADM5_TL_DATA in the
-mask instead). A modification which did not intend to update tl-data
-should not remove the krbPrincipalAuthInd attributes.
-
-Change get_int_from_tl_data() to to zero its output so that it can't
-leave a garbage value behind if it returns 0 (as it does if no
-KDB_TL_USER_INFO tl-data is present).
-
-Based on a patch by Glenn Machin.
-
-ticket: 8877
-tags: pullup
-target_version: 1.18-next
-target_version: 1.17-next
-
-(cherry picked from commit 6d9da7bb216f96cbdd731aa894714bd84213a9d0)
----
- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 2 ++
- .../kdb/ldap/libkdb_ldap/ldap_principal2.c | 31 ++++++++++++-------
- src/tests/t_kdb.py | 26 +++++++++++++++-
- 3 files changed, 47 insertions(+), 12 deletions(-)
-
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-index ec7f32511..6bc20593f 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
-@@ -721,6 +721,8 @@ get_int_from_tl_data(krb5_context context, krb5_db_entry *entry, int type,
- void *ptr;
- int *intptr;
-
-+ *intval = 0;
-+
- tl_data.tl_data_type = KDB_TL_USER_INFO;
- ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
- if (ret || tl_data.tl_data_length == 0)
-diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-index 1d0726707..8d97a29b6 100644
---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
-@@ -627,12 +627,22 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
- char *auth_ind = NULL;
- char *strval[10] = { 0 };
- char *ai, *ai_save = NULL;
-- int sv_num = sizeof(strval) / sizeof(*strval);
-+ int mask, sv_num = sizeof(strval) / sizeof(*strval);
-
- ret = krb5_dbe_get_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
- &auth_ind);
-- if (ret || auth_ind == NULL)
-- goto cleanup;
-+ if (ret)
-+ return ret;
-+ if (auth_ind == NULL) {
-+ /* If we know krbPrincipalAuthInd attributes are present from loading
-+ * the entry, delete them. */
-+ ret = krb5_get_attributes_mask(context, entry, &mask);
-+ if (!ret && (mask & KDB_AUTH_IND_ATTR)) {
-+ return krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
-+ LDAP_MOD_DELETE, NULL);
-+ }
-+ return 0;
-+ }
-
- ai = strtok_r(auth_ind, " ", &ai_save);
- while (ai != NULL && i < sv_num) {
-@@ -642,8 +652,6 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
-
- ret = krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
- LDAP_MOD_REPLACE, strval);
--
--cleanup:
- krb5_dbe_free_string(context, auth_ind);
- return ret;
- }
-@@ -1251,18 +1259,19 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
-
- } /* Modify Key data ends here */
-
-- /* Auth indicators will also be stored in krbExtraData when processing
-- * tl_data. */
-- st = update_ldap_mod_auth_ind(context, entry, &mods);
-- if (st != 0)
-- goto cleanup;
--
- /* Set tl_data */
- if (entry->tl_data != NULL) {
- int count = 0;
- struct berval **ber_tl_data = NULL;
- krb5_tl_data *ptr;
- krb5_timestamp unlock_time;
-+
-+ /* Normalize required auth indicators, but also store them as string
-+ * attributes within krbExtraData. */
-+ st = update_ldap_mod_auth_ind(context, entry, &mods);
-+ if (st != 0)
-+ goto cleanup;
-+
- for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
- if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
- #ifdef SECURID
-diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
-index 03ee70f47..caa7e9d8f 100755
---- a/src/tests/t_kdb.py
-+++ b/src/tests/t_kdb.py
-@@ -319,19 +319,43 @@ realm.klist(realm.user_princ, realm.host_princ)
-
- mark('LDAP auth indicator')
-
--# Test auth indicator support
-+# Test require_auth normalization.
- realm.addprinc('authind', password('authind'))
- realm.run([kadminl, 'setstr', 'authind', 'require_auth', 'otp radius'])
-
-+# Check that krbPrincipalAuthInd attributes are set when the string
-+# attribute it set.
- out = ldap_search('(krbPrincipalName=authind*)')
- if 'krbPrincipalAuthInd: otp' not in out:
- fail('Expected krbPrincipalAuthInd value not in output')
- if 'krbPrincipalAuthInd: radius' not in out:
- fail('Expected krbPrincipalAuthInd value not in output')
-
-+# Check that the string attribute still appears when the principal is
-+# loaded.
- realm.run([kadminl, 'getstrs', 'authind'],
- expected_msg='require_auth: otp radius')
-
-+# Modify the LDAP attributes and check that the change is reflected in
-+# the string attribute.
-+ldap_modify('dn: krbPrincipalName=authind(a)KRBTEST.COM,cn=t1,cn=krb5\n'
-+ 'changetype: modify\n'
-+ 'replace: krbPrincipalAuthInd\n'
-+ 'krbPrincipalAuthInd: radius\n'
-+ 'krbPrincipalAuthInd: pkinit\n')
-+realm.run([kadminl, 'getstrs', 'authind'],
-+ expected_msg='require_auth: radius pkinit')
-+
-+# Regression test for #8877: remove the string attribute and check
-+# that it is reflected in the LDAP attributes and by getstrs.
-+realm.run([kadminl, 'delstr', 'authind', 'require_auth'])
-+out = ldap_search('(krbPrincipalName=authind*)')
-+if 'krbPrincipalAuthInd' in out:
-+ fail('krbPrincipalAuthInd attribute still present after delstr')
-+out = realm.run([kadminl, 'getstrs', 'authind'])
-+if 'require_auth' in out:
-+ fail('require_auth string attribute still visible after delstr')
-+
- mark('LDAP service principal aliases')
-
- # Test service principal aliases.
diff --git a/Correctly-import-service-GSS-host-based-name.patch b/Correctly-import-service-GSS-host-based-name.patch
index 683b2d9..523ebaf 100644
--- a/Correctly-import-service-GSS-host-based-name.patch
+++ b/Correctly-import-service-GSS-host-based-name.patch
@@ -1,4 +1,4 @@
-From 53b7be87de77b09f44b4ced1d4e85f520c9ce71a Mon Sep 17 00:00:00 2001
+From dd4364d76925ce1fe21c2ab995554d6af3a2ea12 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Mon, 30 Mar 2020 15:26:02 -0400
Subject: [PATCH] Correctly import "service@" GSS host-based name
diff --git a/Do-expiration-warnings-for-all-init_creds-APIs.patch b/Do-expiration-warnings-for-all-init_creds-APIs.patch
index d94f11d..3dbe1f5 100644
--- a/Do-expiration-warnings-for-all-init_creds-APIs.patch
+++ b/Do-expiration-warnings-for-all-init_creds-APIs.patch
@@ -1,4 +1,4 @@
-From 9d452dc135ba0fad9470f096938a5dbfbacdbbe1 Mon Sep 17 00:00:00 2001
+From c136cfe050d203c910624573a33247fde2889b09 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose(a)redhat.com>
Date: Fri, 28 Feb 2020 10:11:49 +0100
Subject: [PATCH] Do expiration warnings for all init_creds APIs
@@ -21,7 +21,7 @@ ticket: 8893 (new)
5 files changed, 165 insertions(+), 135 deletions(-)
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
-index 26a3b6ec8..36300ea53 100644
+index 6355e6540..f8269fb17 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -7174,11 +7174,10 @@ typedef void
diff --git a/Document-client-keytab-usage.patch b/Document-client-keytab-usage.patch
deleted file mode 100644
index 800522f..0000000
--- a/Document-client-keytab-usage.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 90a4102f334ce0c655492de9248c3c60ffbd0449 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Mon, 16 Mar 2020 18:14:30 -0400
-Subject: [PATCH] Document client keytab usage
-
-ticket: 8886 (new)
-tags: pullup
-target_version: 1.18-next
-
-(cherry picked from commit 366c64897d55c86cdc616d2d1cf4617ff8a07a99)
----
- doc/admin/appl_servers.rst | 37 +++++++++++++++++++++++++++++++++++++
- 1 file changed, 37 insertions(+)
-
-diff --git a/doc/admin/appl_servers.rst b/doc/admin/appl_servers.rst
-index fee49f027..5232db9af 100644
---- a/doc/admin/appl_servers.rst
-+++ b/doc/admin/appl_servers.rst
-@@ -60,6 +60,43 @@ To remove a principal from an existing keytab, use the kadmin
- :end-before: _ktremove_end:
-
-
-+Using a keytab to acquire client credentials
-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-+
-+While keytabs are ordinarily used to accept credentials from clients,
-+they can also be used to acquire initial credentials, allowing one
-+service to authenticate to another.
-+
-+To manually obtain credentials using a keytab, use the :ref:`kinit(1)`
-+**-k** option, together with the **-t** option if the keytab is not in
-+the default location.
-+
-+Beginning with release 1.11, GSSAPI applications can be configured to
-+automatically obtain initial credentials from a keytab as needed. The
-+recommended configuration is as follows:
-+
-+#. Create a keytab containing a single entry for the desired client
-+ identity.
-+
-+#. Place the keytab in a location readable by the service, and set the
-+ **KRB5_CLIENT_KTNAME** environment variable to its filename.
-+ Alternatively, use the **default_client_keytab_name** profile
-+ variable in :ref:`libdefaults`, or use the default location of
-+ |ckeytab|.
-+
-+#. Set **KRB5CCNAME** to a filename writable by the service, which
-+ will not be used for any other purpose. Do not manually obtain
-+ credentials at this location. (Another credential cache type
-+ besides **FILE** can be used if desired, as long the cache will not
-+ conflict with another use. A **MEMORY** cache can be used if the
-+ service runs as a long-lived process. See :ref:`ccache_definition`
-+ for details.)
-+
-+#. Start the service. When it authenticates using GSSAPI, it will
-+ automatically obtain credentials from the client keytab into the
-+ specified credential cache, and refresh them before they expire.
-+
-+
- Clock Skew
- ----------
-
diff --git a/Eliminate-redundant-PKINIT-responder-invocation.patch b/Eliminate-redundant-PKINIT-responder-invocation.patch
index ea973b7..92bc1ab 100644
--- a/Eliminate-redundant-PKINIT-responder-invocation.patch
+++ b/Eliminate-redundant-PKINIT-responder-invocation.patch
@@ -1,4 +1,4 @@
-From b5793f8024320aaa7a85ca39cdc03bf99773bf11 Mon Sep 17 00:00:00 2001
+From 4a05805eb39ba088c07f782fb52a6538ec3f2db6 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson(a)mit.edu>
Date: Mon, 23 Mar 2020 19:10:03 -0400
Subject: [PATCH] Eliminate redundant PKINIT responder invocation
diff --git a/Fix-AS-REQ-checking-of-KDB-modified-indicators.patch b/Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
deleted file mode 100644
index 1655c38..0000000
--- a/Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-From 744154b19c8000965e5a5de51d5dbef0794958be Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Wed, 19 Feb 2020 15:36:38 -0500
-Subject: [PATCH] Fix AS-REQ checking of KDB-modified indicators
-
-Commit 7196c03f18f14695abeb5ae4923004469b172f0f (ticket 8823) gave the
-KDB the ability to modify auth indicators, but it happens after the
-asserted indicators are checked against the server principal
-requirements. In finish_process_as_req(), move the call to
-check_indicators() after the call to handle_authdata() so that the
-final indicator list is checked.
-
-For the test case, add string attribute functionality to the test KDB
-module, and fix a bug where test_get_principal() would return failure
-if a principal has no keys. Also add a test case for AS-REQ
-enforcement of normally asserted auth indicators.
-
-ticket: 8876 (new)
-tags: pullup
-target_version: 1.18-next
-
-(cherry picked from commit 109e30ce22c20f18b8233119f274935bdf573886)
----
- src/kdc/do_as_req.c | 14 +++++------
- src/plugins/kdb/test/kdb_test.c | 42 +++++++++++++++++++++++++++++++--
- src/tests/t_authdata.py | 11 +++++++++
- 3 files changed, 58 insertions(+), 9 deletions(-)
-
-diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
-index 87dd7e993..9ae7b0a5e 100644
---- a/src/kdc/do_as_req.c
-+++ b/src/kdc/do_as_req.c
-@@ -211,13 +211,6 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
-
- au_state->stage = ENCR_REP;
-
-- errcode = check_indicators(kdc_context, state->server,
-- state->auth_indicators);
-- if (errcode) {
-- state->status = "HIGHER_AUTHENTICATION_REQUIRED";
-- goto egress;
-- }
--
- state->ticket_reply.enc_part2 = &state->enc_tkt_reply;
-
- errcode = check_kdcpolicy_as(kdc_context, state->request, state->client,
-@@ -301,6 +294,13 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
- goto egress;
- }
-
-+ errcode = check_indicators(kdc_context, state->server,
-+ state->auth_indicators);
-+ if (errcode) {
-+ state->status = "HIGHER_AUTHENTICATION_REQUIRED";
-+ goto egress;
-+ }
-+
- errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock,
- &state->ticket_reply);
- if (errcode)
-diff --git a/src/plugins/kdb/test/kdb_test.c b/src/plugins/kdb/test/kdb_test.c
-index 1936cb0e4..95a6062e2 100644
---- a/src/plugins/kdb/test/kdb_test.c
-+++ b/src/plugins/kdb/test/kdb_test.c
-@@ -54,6 +54,8 @@
- * # Initial number is kvno; defaults to 1.
- * keys = 3 aes256-cts aes128-cts:normal
- * keys = 2 rc4-hmac
-+ * strings = key1:value1
-+ * strings = key2:value2
- * }
- * }
- * delegation = {
-@@ -282,6 +284,33 @@ make_keys(char **strings, const char *princstr, const krb5_data *realm,
- ent->n_key_data = nkeys;
- }
-
-+static void
-+make_strings(char **stringattrs, krb5_db_entry *ent)
-+{
-+ struct k5buf buf;
-+ char **p;
-+ const char *str, *sep;
-+ krb5_tl_data *tl;
-+
-+ k5_buf_init_dynamic(&buf);
-+ for (p = stringattrs; *p != NULL; p++) {
-+ str = *p;
-+ sep = strchr(str, ':');
-+ assert(sep != NULL);
-+ k5_buf_add_len(&buf, str, sep - str);
-+ k5_buf_add_len(&buf, "\0", 1);
-+ k5_buf_add_len(&buf, sep + 1, strlen(sep + 1) + 1);
-+ }
-+ assert(buf.data != NULL);
-+
-+ tl = ealloc(sizeof(*ent->tl_data));
-+ tl->tl_data_next = NULL;
-+ tl->tl_data_type = KRB5_TL_STRING_ATTRS;
-+ tl->tl_data_length = buf.len;
-+ tl->tl_data_contents = buf.data;
-+ ent->tl_data = tl;
-+}
-+
- static krb5_error_code
- test_init()
- {
-@@ -339,7 +368,8 @@ test_get_principal(krb5_context context, krb5_const_principal search_for,
- krb5_principal princ = NULL, tgtprinc;
- krb5_principal_data empty_princ = { KV5M_PRINCIPAL };
- testhandle h = context->dal_handle->db_context;
-- char *search_name = NULL, *canon = NULL, *flagstr, **names, **key_strings;
-+ char *search_name = NULL, *canon = NULL, *flagstr;
-+ char **names, **key_strings, **stringattrs;
- const char *ename;
- krb5_db_entry *ent;
-
-@@ -415,7 +445,7 @@ test_get_principal(krb5_context context, krb5_const_principal search_for,
- ent->pw_expiration = get_time(h, "princs", ename, "pwexpiration");
-
- /* Leave last_success, last_failed, fail_auth_count zeroed. */
-- /* Leave tl_data and e_data empty. */
-+ /* Leave e_data empty. */
-
- set_names(h, "princs", ename, "keys");
- ret = profile_get_values(h->profile, h->names, &key_strings);
-@@ -424,11 +454,19 @@ test_get_principal(krb5_context context, krb5_const_principal search_for,
- profile_free_list(key_strings);
- }
-
-+ set_names(h, "princs", ename, "strings");
-+ ret = profile_get_values(h->profile, h->names, &stringattrs);
-+ if (ret != PROF_NO_RELATION) {
-+ make_strings(stringattrs, ent);
-+ profile_free_list(stringattrs);
-+ }
-+
- /* We must include mod-princ data or kadm5_get_principal() won't work and
- * we can't extract keys with kadmin.local. */
- check(krb5_dbe_update_mod_princ_data(context, ent, 0, &empty_princ));
-
- *entry = ent;
-+ ret = 0;
-
- cleanup:
- krb5_free_unparsed_name(context, search_name);
-diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py
-index 3153ebca3..4fbdbec05 100644
---- a/src/tests/t_authdata.py
-+++ b/src/tests/t_authdata.py
-@@ -158,6 +158,8 @@ realm.run(['./adata', realm.host_princ], expected_msg='+97: [indcl]')
- mark('auth indicator enforcement')
- realm.addprinc('restricted')
- realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'superstrong'])
-+realm.kinit(realm.user_princ, password('user'), ['-S', 'restricted'],
-+ expected_code=1, expected_msg='KDC policy rejects request')
- realm.run([kvno, 'restricted'], expected_code=1,
- expected_msg='KDC policy rejects request')
- realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'indcl'])
-@@ -194,6 +196,8 @@ testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
- 'krbtgt/FOREIGN': {'keys': 'aes128-cts'},
- 'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
- 'user2': {'keys': 'aes128-cts', 'flags': '+preauth'},
-+ 'rservice': {'keys': 'aes128-cts',
-+ 'strings': 'require_auth:strong'},
- 'service/1': {'keys': 'aes128-cts',
- 'flags': '+ok_to_auth_as_delegate'},
- 'service/2': {'keys': 'aes128-cts'},
-@@ -208,6 +212,7 @@ usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache')
- realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
- realm.extract_keytab('krbtgt/FOREIGN', realm.keytab)
- realm.extract_keytab(realm.user_princ, realm.keytab)
-+realm.extract_keytab('ruser', realm.keytab)
- realm.extract_keytab('service/1', realm.keytab)
- realm.extract_keytab('service/2', realm.keytab)
- realm.extract_keytab('noauthdata', realm.keytab)
-@@ -252,6 +257,12 @@ if ' -2: self_ad' not in out or ' -2: proxy_ad' not in out:
- realm.kinit(realm.user_princ, None, ['-k', '-X', 'indicators=dummy dbincr1'])
- realm.run(['./adata', realm.krbtgt_princ], expected_msg='+97: [dbincr2]')
- realm.run(['./adata', 'service/1'], expected_msg='+97: [dbincr3]')
-+realm.kinit(realm.user_princ, None,
-+ ['-k', '-X', 'indicators=strong', '-S', 'rservice'])
-+# Test enforcement of altered indicators during AS request.
-+realm.kinit(realm.user_princ, None,
-+ ['-k', '-X', 'indicators=strong dbincr1', '-S', 'rservice'],
-+ expected_code=1)
-
- # Test that KDB module authdata is included in an AS request, by
- # default or with an explicit PAC request.
diff --git a/Make-ksu-honor-KRB5CCNAME-again.patch b/Make-ksu-honor-KRB5CCNAME-again.patch
deleted file mode 100644
index 19f05ae..0000000
--- a/Make-ksu-honor-KRB5CCNAME-again.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 59f2a9dd6a83a3721cdffe852343d96ffaa5c18a Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson(a)mit.edu>
-Date: Mon, 6 Apr 2020 20:45:10 -0400
-Subject: [PATCH] Make ksu honor KRB5CCNAME again
-
-Commit d439e370b70f7af4ed2da9c692a3be7dcf7b4ac6 (ticket 8800) caused
-ksu to ignore KRB5CCNAME from the environment. ksu uses euid
-switching to access the source cache, and should honor KRB5CCNAME to
-find the ccache to potentially authorize the su operation.
-
-Add a helper function init_ksu_context() to create the ksu context,
-with explicit code to honor KRB5CCNAME using
-krb5_cc_set_default_name().
-
-ticket: 8895
-tags: pullup
-target_version: 1.18-next
-
-(cherry picked from commit f040a3ac73947312e1b08c76f75f3389ffb4ba75)
----
- src/clients/ksu/main.c | 31 ++++++++++++++++++++++++++++++-
- 1 file changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
-index 21a4d02bb..508242e0e 100644
---- a/src/clients/ksu/main.c
-+++ b/src/clients/ksu/main.c
-@@ -54,6 +54,7 @@ int force_fork = 0;
- static int set_env_var (char *, char *);
- static void sweep_up (krb5_context, krb5_ccache);
- static char * ontty (void);
-+static krb5_error_code init_ksu_context(krb5_context *);
- static krb5_error_code set_ccname_env(krb5_context, krb5_ccache);
- static void print_status( const char *fmt, ...)
- #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
-@@ -135,7 +136,7 @@ main (argc, argv)
-
- unsetenv ("KRB5_CONFIG");
-
-- retval = krb5_init_secure_context(&ksu_context);
-+ retval = init_ksu_context(&ksu_context);
- if (retval) {
- com_err(argv[0], retval, _("while initializing krb5"));
- exit(1);
-@@ -878,6 +879,34 @@ main (argc, argv)
- }
- }
-
-+static krb5_error_code
-+init_ksu_context(krb5_context *context_out)
-+{
-+ krb5_error_code retval;
-+ const char *env_ccname;
-+ krb5_context context;
-+
-+ *context_out = NULL;
-+
-+ retval = krb5_init_secure_context(&context);
-+ if (retval)
-+ return retval;
-+
-+ /* We want to obey KRB5CCNAME in this context even though this is a setuid
-+ * program. (It will only be used when operating as the real uid.) */
-+ env_ccname = getenv(KRB5_ENV_CCNAME);
-+ if (env_ccname != NULL) {
-+ retval = krb5_cc_set_default_name(context, env_ccname);
-+ if (retval) {
-+ krb5_free_context(context);
-+ return retval;
-+ }
-+ }
-+
-+ *context_out = context;
-+ return 0;
-+}
-+
- /* Set KRB5CCNAME in the environment to point to ccache. Print an error
- * message on failure. */
- static krb5_error_code
diff --git a/Refresh-manually-acquired-creds-from-client-keytab.patch b/Refresh-manually-acquired-creds-from-client-keytab.patch
index fe2588f..cb20c44 100644
--- a/Refresh-manually-acquired-creds-from-client-keytab.patch
+++ b/Refresh-manually-acquired-creds-from-client-keytab.patch
@@ -1,4 +1,4 @@
-From e67aca9a77d78efa798237b43e177caf9e79f64a Mon Sep 17 00:00:00 2001
+From 685aada9eae420cb5156ca7b71c2c7614c0b6e2c Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Wed, 26 Feb 2020 18:27:17 -0500
Subject: [PATCH] Refresh manually acquired creds from client keytab
diff --git a/downstream-Adjust-build-configuration.patch b/downstream-Adjust-build-configuration.patch
index 68ecf50..f15a4a2 100644
--- a/downstream-Adjust-build-configuration.patch
+++ b/downstream-Adjust-build-configuration.patch
@@ -1,4 +1,4 @@
-From cbfe13d5f0de6e2a3deab2ba0dacda8c952476ab Mon Sep 17 00:00:00 2001
+From 92508996ed4c69fa6f5cf855fdf10f34cfa07ec9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:45:26 -0400
Subject: [PATCH] [downstream] Adjust build configuration
diff --git a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
index 573d222..e6a0a64 100644
--- a/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+++ b/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
@@ -1,4 +1,4 @@
-From 5978878bcee5ec39e4357f408470d39e9540d2bf Mon Sep 17 00:00:00 2001
+From a721df13d09b5fdad32de15e6aa973b732727aa9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri, 9 Nov 2018 15:12:21 -0500
Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4
diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch
index 4f14733..01d9338 100644
--- a/downstream-Remove-3des-support.patch
+++ b/downstream-Remove-3des-support.patch
@@ -1,4 +1,4 @@
-From 7dda569170c3f6ab08a9373572b4bc90481eeaf7 Mon Sep 17 00:00:00 2001
+From e9cd83237b54e2f6010a063f523217b0a442ecbf Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 26 Mar 2019 18:51:10 -0400
Subject: [PATCH] [downstream] Remove 3des support
@@ -256,7 +256,7 @@ index 68debe714..788d094bf 100644
CKSUMTYPE_NIST_SHA.rst
CKSUMTYPE_RSA_MD4.rst
diff --git a/doc/conf.py b/doc/conf.py
-index fc5662767..37eda67fa 100644
+index c32b2882a..5eeafc30f 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -272,7 +272,7 @@ else:
@@ -269,7 +269,7 @@ index fc5662767..37eda67fa 100644
.. |copy| unicode:: U+000A9
'''
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
-index 513ecfd1b..05243f47b 100644
+index 5d286b6ee..f4594ed13 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -37,7 +37,7 @@ Database backends: LDAP, DB2, LMDB
@@ -316,7 +316,7 @@ index 440a22bd9..d4e4da525 100644
lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2
lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
-index d1f5661bf..26a3b6ec8 100644
+index e9435c693..6355e6540 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -426,8 +426,8 @@ typedef struct _krb5_crypto_iov {
@@ -365,7 +365,7 @@ index 8a4b87de1..d7f1d076b 100644
+ supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal
}
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
-index 221bde1dd..b8d292021 100644
+index e5898ea63..973976fd9 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1103,8 +1103,6 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
@@ -377,7 +377,7 @@ index 221bde1dd..b8d292021 100644
else
return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
-@@ -1841,8 +1839,6 @@ krb5_boolean
+@@ -1826,8 +1824,6 @@ krb5_boolean
enctype_requires_etype_info_2(krb5_enctype enctype)
{
switch(enctype) {
@@ -6258,10 +6258,10 @@ index f71774cdc..d1857c433 100644
"3BB3AE288C12B3B9D06B208A4151B3B6",
"9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28"
diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py
-index 378174a2e..3153ebca3 100644
+index c589adf2a..4fbdbec05 100644
--- a/src/tests/t_authdata.py
+++ b/src/tests/t_authdata.py
-@@ -172,7 +172,7 @@ realm.run([kvno, 'restricted'])
+@@ -174,7 +174,7 @@ realm.run([kvno, 'restricted'])
# preferred krbtgt enctype changes.
mark('#8139 regression test')
realm.kinit(realm.user_princ, password('user'), ['-f'])
diff --git a/downstream-SELinux-integration.patch b/downstream-SELinux-integration.patch
index e40bd1a..3d3bd08 100644
--- a/downstream-SELinux-integration.patch
+++ b/downstream-SELinux-integration.patch
@@ -1,4 +1,4 @@
-From 4a215a206d1d5af69ea9fbf1e78001971ab18be2 Mon Sep 17 00:00:00 2001
+From 0f8851a23a7b6fa0e195e01d0475e9e55707adf2 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:30:53 -0400
Subject: [PATCH] [downstream] SELinux integration
@@ -236,7 +236,7 @@ index 000000000..dfaaa847c
+#endif
+#endif
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
-index d48685357..d1f5661bf 100644
+index 79761f6d2..e9435c693 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -87,6 +87,12 @@
@@ -437,7 +437,7 @@ index 021c94398..aaf573439 100644
goto report_errno;
writevno = 1;
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
-index 2a03ae980..85dbfeb47 100644
+index 7073459f0..e9b99f4ca 100644
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -458,7 +458,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename)
diff --git a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
index b796692..478fd82 100644
--- a/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
+++ b/downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
@@ -1,4 +1,4 @@
-From 0a53577ebb24f0f9b05d769b34bdd4ef2ee2a629 Mon Sep 17 00:00:00 2001
+From 3f5875cf859271bca62f07aee6f663787972def9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri, 15 Nov 2019 20:05:16 +0000
Subject: [PATCH] [downstream] Use backported version of OpenSSL-3 KDF
diff --git a/downstream-fix-debuginfo-with-y.tab.c.patch b/downstream-fix-debuginfo-with-y.tab.c.patch
index e8e1870..167fcaf 100644
--- a/downstream-fix-debuginfo-with-y.tab.c.patch
+++ b/downstream-fix-debuginfo-with-y.tab.c.patch
@@ -1,4 +1,4 @@
-From ed161c3f3cb642d025f0fee6d4af6f56bba711e9 Mon Sep 17 00:00:00 2001
+From f4002f246332695d8ea12ec803139fcac18fbba2 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:49:25 -0400
Subject: [PATCH] [downstream] fix debuginfo with y.tab.c
diff --git a/downstream-ksu-pam-integration.patch b/downstream-ksu-pam-integration.patch
index 4532601..220363b 100644
--- a/downstream-ksu-pam-integration.patch
+++ b/downstream-ksu-pam-integration.patch
@@ -1,4 +1,4 @@
-From 9a082e1e02ae4efd2404d0672d38b3d4eb2d6660 Mon Sep 17 00:00:00 2001
+From a7322a84657752c886c317a6994a9fc7a4a70ca5 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:29:58 -0400
Subject: [PATCH] [downstream] ksu pam integration
@@ -145,7 +145,7 @@ index 8b4edce4d..9d58f29b5 100644
clean:
$(RM) ksu
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
-index 4f03dd8ed..21a4d02bb 100644
+index 57c349200..508242e0e 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -26,6 +26,7 @@
@@ -175,7 +175,7 @@ index 4f03dd8ed..21a4d02bb 100644
/***********/
#define KS_TEMPORARY_CACHE "MEMORY:_ksu"
-@@ -535,6 +541,23 @@ main (argc, argv)
+@@ -536,6 +542,23 @@ main (argc, argv)
prog_name,target_user,client_name,
source_user,ontty());
@@ -199,7 +199,7 @@ index 4f03dd8ed..21a4d02bb 100644
/* Run authorization as target.*/
if (krb5_seteuid(target_uid)) {
com_err(prog_name, errno, _("while switching to target for "
-@@ -595,6 +618,24 @@ main (argc, argv)
+@@ -596,6 +619,24 @@ main (argc, argv)
exit(1);
}
@@ -224,7 +224,7 @@ index 4f03dd8ed..21a4d02bb 100644
}
if( some_rest_copy){
-@@ -652,6 +693,30 @@ main (argc, argv)
+@@ -653,6 +694,30 @@ main (argc, argv)
exit(1);
}
@@ -255,7 +255,7 @@ index 4f03dd8ed..21a4d02bb 100644
/* set permissions */
if (setgid(target_pwd->pw_gid) < 0) {
perror("ksu: setgid");
-@@ -749,7 +814,7 @@ main (argc, argv)
+@@ -750,7 +815,7 @@ main (argc, argv)
fprintf(stderr, "program to be execed %s\n",params[0]);
}
@@ -264,7 +264,7 @@ index 4f03dd8ed..21a4d02bb 100644
execv(params[0], params);
com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
sweep_up(ksu_context, cc_target);
-@@ -779,16 +844,35 @@ main (argc, argv)
+@@ -780,16 +845,35 @@ main (argc, argv)
if (ret_pid == -1) {
com_err(prog_name, errno, _("while calling waitpid"));
}
diff --git a/downstream-netlib-and-dns.patch b/downstream-netlib-and-dns.patch
index ba04deb..d7ceab1 100644
--- a/downstream-netlib-and-dns.patch
+++ b/downstream-netlib-and-dns.patch
@@ -1,4 +1,4 @@
-From 40553473b674dfbb6328389b6b39ebe3218ed597 Mon Sep 17 00:00:00 2001
+From 355dd481511af4d517ee540854f95a6fb12116a9 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue, 23 Aug 2016 16:46:21 -0400
Subject: [PATCH] [downstream] netlib and dns
diff --git a/krb5.spec b/krb5.spec
index 6913a3b..37089cc 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -16,9 +16,9 @@
Summary: The Kerberos network authentication system
Name: krb5
-Version: 1.18
+Version: 1.18.1
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 12%{?dist}
+Release: 1%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -50,16 +50,12 @@ Patch4: downstream-fix-debuginfo-with-y.tab.c.patch
Patch5: downstream-Remove-3des-support.patch
Patch6: downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
-Patch8: Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch
-Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch
Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch
-Patch12: Document-client-keytab-usage.patch
Patch13: Add-finalization-safety-check-to-com_err.patch
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
Patch15: Correctly-import-service-GSS-host-based-name.patch
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
-Patch17: Make-ksu-honor-KRB5CCNAME-again.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -637,6 +633,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue Apr 14 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18.1-1
+- New upstream version (1.18.1)
+
* Tue Apr 07 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-12
- Make ksu honor KRB5CCNAME again
commit 66ec722479d8af429db1ae3ca974f578be799b19
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Apr 7 15:51:54 2020 -0400
Make ksu honor KRB5CCNAME again
diff --git a/Make-ksu-honor-KRB5CCNAME-again.patch b/Make-ksu-honor-KRB5CCNAME-again.patch
new file mode 100644
index 0000000..19f05ae
--- /dev/null
+++ b/Make-ksu-honor-KRB5CCNAME-again.patch
@@ -0,0 +1,79 @@
+From 59f2a9dd6a83a3721cdffe852343d96ffaa5c18a Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Mon, 6 Apr 2020 20:45:10 -0400
+Subject: [PATCH] Make ksu honor KRB5CCNAME again
+
+Commit d439e370b70f7af4ed2da9c692a3be7dcf7b4ac6 (ticket 8800) caused
+ksu to ignore KRB5CCNAME from the environment. ksu uses euid
+switching to access the source cache, and should honor KRB5CCNAME to
+find the ccache to potentially authorize the su operation.
+
+Add a helper function init_ksu_context() to create the ksu context,
+with explicit code to honor KRB5CCNAME using
+krb5_cc_set_default_name().
+
+ticket: 8895
+tags: pullup
+target_version: 1.18-next
+
+(cherry picked from commit f040a3ac73947312e1b08c76f75f3389ffb4ba75)
+---
+ src/clients/ksu/main.c | 31 ++++++++++++++++++++++++++++++-
+ 1 file changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
+index 21a4d02bb..508242e0e 100644
+--- a/src/clients/ksu/main.c
++++ b/src/clients/ksu/main.c
+@@ -54,6 +54,7 @@ int force_fork = 0;
+ static int set_env_var (char *, char *);
+ static void sweep_up (krb5_context, krb5_ccache);
+ static char * ontty (void);
++static krb5_error_code init_ksu_context(krb5_context *);
+ static krb5_error_code set_ccname_env(krb5_context, krb5_ccache);
+ static void print_status( const char *fmt, ...)
+ #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+@@ -135,7 +136,7 @@ main (argc, argv)
+
+ unsetenv ("KRB5_CONFIG");
+
+- retval = krb5_init_secure_context(&ksu_context);
++ retval = init_ksu_context(&ksu_context);
+ if (retval) {
+ com_err(argv[0], retval, _("while initializing krb5"));
+ exit(1);
+@@ -878,6 +879,34 @@ main (argc, argv)
+ }
+ }
+
++static krb5_error_code
++init_ksu_context(krb5_context *context_out)
++{
++ krb5_error_code retval;
++ const char *env_ccname;
++ krb5_context context;
++
++ *context_out = NULL;
++
++ retval = krb5_init_secure_context(&context);
++ if (retval)
++ return retval;
++
++ /* We want to obey KRB5CCNAME in this context even though this is a setuid
++ * program. (It will only be used when operating as the real uid.) */
++ env_ccname = getenv(KRB5_ENV_CCNAME);
++ if (env_ccname != NULL) {
++ retval = krb5_cc_set_default_name(context, env_ccname);
++ if (retval) {
++ krb5_free_context(context);
++ return retval;
++ }
++ }
++
++ *context_out = context;
++ return 0;
++}
++
+ /* Set KRB5CCNAME in the environment to point to ccache. Print an error
+ * message on failure. */
+ static krb5_error_code
diff --git a/krb5.spec b/krb5.spec
index 9c9022c..6913a3b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 11%{?dist}
+Release: 12%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -59,6 +59,7 @@ Patch13: Add-finalization-safety-check-to-com_err.patch
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
Patch15: Correctly-import-service-GSS-host-based-name.patch
Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
+Patch17: Make-ksu-honor-KRB5CCNAME-again.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -636,6 +637,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue Apr 07 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-12
+- Make ksu honor KRB5CCNAME again
+
* Thu Apr 02 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-11
- Do expiration warnings for all init_creds APIs
commit 9f3201c4bcbfcc39f47176ae489d361765774fb3
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Thu Apr 2 14:03:07 2020 -0400
Do expiration warnings for all init_creds APIs
diff --git a/Do-expiration-warnings-for-all-init_creds-APIs.patch b/Do-expiration-warnings-for-all-init_creds-APIs.patch
new file mode 100644
index 0000000..d94f11d
--- /dev/null
+++ b/Do-expiration-warnings-for-all-init_creds-APIs.patch
@@ -0,0 +1,425 @@
+From 9d452dc135ba0fad9470f096938a5dbfbacdbbe1 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose(a)redhat.com>
+Date: Fri, 28 Feb 2020 10:11:49 +0100
+Subject: [PATCH] Do expiration warnings for all init_creds APIs
+
+Move the password expiration warning code from gic_pwd.c to
+get_in_tkt.c. Call it from init_creds_step_reply() on successful
+completion.
+
+[ghudson(a)mit.edu: added test case; simplified doc comment; moved call
+site to init_creds_step_reply(); rewrote commit message]
+
+ticket: 8893 (new)
+(cherry picked from commit e1efb890f7ac31b32c68ab816ef118dbfb5a8c7e)
+---
+ src/include/krb5/krb5.hin | 9 ++-
+ src/lib/krb5/krb/get_in_tkt.c | 112 ++++++++++++++++++++++++++++++
+ src/lib/krb5/krb/gic_pwd.c | 110 -----------------------------
+ src/lib/krb5/krb/t_expire_warn.c | 47 +++++++++----
+ src/lib/krb5/krb/t_expire_warn.py | 22 ++++--
+ 5 files changed, 165 insertions(+), 135 deletions(-)
+
+diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
+index 26a3b6ec8..36300ea53 100644
+--- a/src/include/krb5/krb5.hin
++++ b/src/include/krb5/krb5.hin
+@@ -7174,11 +7174,10 @@ typedef void
+ *
+ * Set a callback to receive password and account expiration times.
+ *
+- * This option only applies to krb5_get_init_creds_password(). @a cb will be
+- * invoked if and only if credentials are successfully acquired. The callback
+- * will receive the @a context from the krb5_get_init_creds_password() call and
+- * the @a data argument supplied with this API. The remaining arguments should
+- * be interpreted as follows:
++ * @a cb will be invoked if and only if credentials are successfully acquired.
++ * The callback will receive the @a context from the calling function and the
++ * @a data argument supplied with this API. The remaining arguments should be
++ * interpreted as follows:
+ *
+ * If @a is_last_req is true, then the KDC reply contained last-req entries
+ * which unambiguously indicated the password expiration, account expiration,
+diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
+index 870df62a1..cc0f70e83 100644
+--- a/src/lib/krb5/krb/get_in_tkt.c
++++ b/src/lib/krb5/krb/get_in_tkt.c
+@@ -1482,6 +1482,116 @@ accept_method_data(krb5_context context, krb5_init_creds_context ctx)
+ ctx->method_padata);
+ }
+
++/* Return the password expiry time indicated by enc_part2. Set *is_last_req
++ * if the information came from a last_req value. */
++static void
++get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp,
++ krb5_timestamp *acct_exp, krb5_boolean *is_last_req)
++{
++ krb5_last_req_entry **last_req;
++ krb5_int32 lr_type;
++
++ *pw_exp = 0;
++ *acct_exp = 0;
++ *is_last_req = FALSE;
++
++ /* Look for last-req entries for password or account expiration. */
++ if (enc_part2->last_req) {
++ for (last_req = enc_part2->last_req; *last_req; last_req++) {
++ lr_type = (*last_req)->lr_type;
++ if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME ||
++ lr_type == KRB5_LRQ_ONE_PW_EXPTIME) {
++ *is_last_req = TRUE;
++ *pw_exp = (*last_req)->value;
++ } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME ||
++ lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) {
++ *is_last_req = TRUE;
++ *acct_exp = (*last_req)->value;
++ }
++ }
++ }
++
++ /* If we didn't find any, use the ambiguous key_exp field. */
++ if (*is_last_req == FALSE)
++ *pw_exp = enc_part2->key_exp;
++}
++
++/*
++ * Send an appropriate warning prompter if as_reply indicates that the password
++ * is going to expire soon. If an expire callback was provided, use that
++ * instead.
++ */
++static void
++warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options,
++ krb5_prompter_fct prompter, void *data,
++ const char *in_tkt_service, krb5_kdc_rep *as_reply)
++{
++ krb5_error_code ret;
++ krb5_expire_callback_func expire_cb;
++ void *expire_data;
++ krb5_timestamp pw_exp, acct_exp, now;
++ krb5_boolean is_last_req;
++ krb5_deltat delta;
++ char ts[256], banner[1024];
++
++ if (as_reply == NULL || as_reply->enc_part2 == NULL)
++ return;
++
++ get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req);
++
++ k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data);
++ if (expire_cb != NULL) {
++ /* Invoke the expire callback and don't send prompter warnings. */
++ (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req);
++ return;
++ }
++
++ /* Don't warn if no password expiry value was sent. */
++ if (pw_exp == 0)
++ return;
++
++ /* Don't warn if the password is being changed. */
++ if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0)
++ return;
++
++ /*
++ * If the expiry time came from a last_req field, assume the KDC wants us
++ * to warn. Otherwise, warn only if the expiry time is less than a week
++ * from now.
++ */
++ ret = krb5_timeofday(context, &now);
++ if (ret != 0)
++ return;
++ if (!is_last_req &&
++ (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60))
++ return;
++
++ if (!prompter)
++ return;
++
++ ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts));
++ if (ret != 0)
++ return;
++
++ delta = ts_delta(pw_exp, now);
++ if (delta < 3600) {
++ snprintf(banner, sizeof(banner),
++ _("Warning: Your password will expire in less than one hour "
++ "on %s"), ts);
++ } else if (delta < 86400 * 2) {
++ snprintf(banner, sizeof(banner),
++ _("Warning: Your password will expire in %d hour%s on %s"),
++ delta / 3600, delta < 7200 ? "" : "s", ts);
++ } else {
++ snprintf(banner, sizeof(banner),
++ _("Warning: Your password will expire in %d days on %s"),
++ delta / 86400, ts);
++ }
++
++ /* PROMPTER_INVOCATION */
++ (*prompter)(context, data, 0, banner, 0, 0);
++}
++
+ static krb5_error_code
+ init_creds_step_reply(krb5_context context,
+ krb5_init_creds_context ctx,
+@@ -1693,6 +1803,8 @@ init_creds_step_reply(krb5_context context,
+
+ /* success */
+ ctx->complete = TRUE;
++ warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data,
++ ctx->in_tkt_service, ctx->reply);
+
+ cleanup:
+ krb5_free_pa_data(context, kdc_padata);
+diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
+index 14ce23ba4..54e0a8ebe 100644
+--- a/src/lib/krb5/krb/gic_pwd.c
++++ b/src/lib/krb5/krb/gic_pwd.c
+@@ -133,113 +133,6 @@ krb5_init_creds_set_password(krb5_context context,
+ return 0;
+ }
+
+-/* Return the password expiry time indicated by enc_part2. Set *is_last_req
+- * if the information came from a last_req value. */
+-static void
+-get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp,
+- krb5_timestamp *acct_exp, krb5_boolean *is_last_req)
+-{
+- krb5_last_req_entry **last_req;
+- krb5_int32 lr_type;
+-
+- *pw_exp = 0;
+- *acct_exp = 0;
+- *is_last_req = FALSE;
+-
+- /* Look for last-req entries for password or account expiration. */
+- if (enc_part2->last_req) {
+- for (last_req = enc_part2->last_req; *last_req; last_req++) {
+- lr_type = (*last_req)->lr_type;
+- if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME ||
+- lr_type == KRB5_LRQ_ONE_PW_EXPTIME) {
+- *is_last_req = TRUE;
+- *pw_exp = (*last_req)->value;
+- } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME ||
+- lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) {
+- *is_last_req = TRUE;
+- *acct_exp = (*last_req)->value;
+- }
+- }
+- }
+-
+- /* If we didn't find any, use the ambiguous key_exp field. */
+- if (*is_last_req == FALSE)
+- *pw_exp = enc_part2->key_exp;
+-}
+-
+-/*
+- * Send an appropriate warning prompter if as_reply indicates that the password
+- * is going to expire soon. If an expire callback was provided, use that
+- * instead.
+- */
+-static void
+-warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options,
+- krb5_prompter_fct prompter, void *data,
+- const char *in_tkt_service, krb5_kdc_rep *as_reply)
+-{
+- krb5_error_code ret;
+- krb5_expire_callback_func expire_cb;
+- void *expire_data;
+- krb5_timestamp pw_exp, acct_exp, now;
+- krb5_boolean is_last_req;
+- krb5_deltat delta;
+- char ts[256], banner[1024];
+-
+- get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req);
+-
+- k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data);
+- if (expire_cb != NULL) {
+- /* Invoke the expire callback and don't send prompter warnings. */
+- (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req);
+- return;
+- }
+-
+- /* Don't warn if no password expiry value was sent. */
+- if (pw_exp == 0)
+- return;
+-
+- /* Don't warn if the password is being changed. */
+- if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0)
+- return;
+-
+- /*
+- * If the expiry time came from a last_req field, assume the KDC wants us
+- * to warn. Otherwise, warn only if the expiry time is less than a week
+- * from now.
+- */
+- ret = krb5_timeofday(context, &now);
+- if (ret != 0)
+- return;
+- if (!is_last_req &&
+- (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60))
+- return;
+-
+- if (!prompter)
+- return;
+-
+- ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts));
+- if (ret != 0)
+- return;
+-
+- delta = ts_delta(pw_exp, now);
+- if (delta < 3600) {
+- snprintf(banner, sizeof(banner),
+- _("Warning: Your password will expire in less than one hour "
+- "on %s"), ts);
+- } else if (delta < 86400*2) {
+- snprintf(banner, sizeof(banner),
+- _("Warning: Your password will expire in %d hour%s on %s"),
+- delta / 3600, delta < 7200 ? "" : "s", ts);
+- } else {
+- snprintf(banner, sizeof(banner),
+- _("Warning: Your password will expire in %d days on %s"),
+- delta / 86400, ts);
+- }
+-
+- /* PROMPTER_INVOCATION */
+- (*prompter)(context, data, 0, banner, 0, 0);
+-}
+-
+ /*
+ * Create a temporary options structure for getting a kadmin/changepw ticket,
+ * based on the appplication-specified options. Propagate all application
+@@ -496,9 +389,6 @@ krb5_get_init_creds_password(krb5_context context,
+ goto cleanup;
+
+ cleanup:
+- if (ret == 0)
+- warn_pw_expiry(context, options, prompter, data, in_tkt_service,
+- as_reply);
+ free(chpw_opts);
+ zapfree(gakpw.storage.data, gakpw.storage.length);
+ memset(pw0array, 0, sizeof(pw0array));
+diff --git a/src/lib/krb5/krb/t_expire_warn.c b/src/lib/krb5/krb/t_expire_warn.c
+index 1e59acba1..dc8dc8fb3 100644
+--- a/src/lib/krb5/krb/t_expire_warn.c
++++ b/src/lib/krb5/krb/t_expire_warn.c
+@@ -28,6 +28,13 @@
+
+ static int exp_dummy, prompt_dummy;
+
++static void
++check(krb5_error_code code)
++{
++ if (code != 0)
++ abort();
++}
++
+ static krb5_error_code
+ prompter_cb(krb5_context ctx, void *data, const char *name,
+ const char *banner, int num_prompts, krb5_prompt prompts[])
+@@ -52,36 +59,48 @@ int
+ main(int argc, char **argv)
+ {
+ krb5_context ctx;
++ krb5_init_creds_context icctx;
+ krb5_get_init_creds_opt *opt;
+ char *user, *password, *service = NULL;
+- krb5_boolean use_cb;
++ krb5_boolean use_cb, stepwise;
+ krb5_principal client;
+ krb5_creds creds;
+
+- if (argc < 4) {
+- fprintf(stderr, "Usage: %s username password {1|0} [service]\n",
++ if (argc < 5) {
++ fprintf(stderr, "Usage: %s username password {1|0} {1|0} [service]\n",
+ argv[0]);
+ return 1;
+ }
+ user = argv[1];
+ password = argv[2];
+ use_cb = atoi(argv[3]);
+- if (argc >= 5)
+- service = argv[4];
++ stepwise = atoi(argv[4]);
++ if (argc >= 6)
++ service = argv[5];
+
+- assert(krb5_init_context(&ctx) == 0);
+- assert(krb5_get_init_creds_opt_alloc(ctx, &opt) == 0);
++ check(krb5_init_context(&ctx));
++ check(krb5_get_init_creds_opt_alloc(ctx, &opt));
+ if (use_cb) {
+- assert(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb,
+- &exp_dummy) == 0);
++ check(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb,
++ &exp_dummy));
++ }
++ check(krb5_parse_name(ctx, user, &client));
++ if (stepwise) {
++ check(krb5_init_creds_init(ctx, client, prompter_cb, &prompt_dummy, 0,
++ opt, &icctx));
++ krb5_init_creds_set_password(ctx, icctx, password);
++ if (service != NULL)
++ check(krb5_init_creds_set_service(ctx, icctx, service));
++ check(krb5_init_creds_get(ctx, icctx));
++ krb5_init_creds_free(ctx, icctx);
++ } else {
++ check(krb5_get_init_creds_password(ctx, &creds, client, password,
++ prompter_cb, &prompt_dummy, 0,
++ service, opt));
++ krb5_free_cred_contents(ctx, &creds);
+ }
+- assert(krb5_parse_name(ctx, user, &client) == 0);
+- assert(krb5_get_init_creds_password(ctx, &creds, client, password,
+- prompter_cb, &prompt_dummy, 0, service,
+- opt) == 0);
+ krb5_get_init_creds_opt_free(ctx, opt);
+ krb5_free_principal(ctx, client);
+- krb5_free_cred_contents(ctx, &creds);
+ krb5_free_context(ctx);
+ return 0;
+ }
+diff --git a/src/lib/krb5/krb/t_expire_warn.py b/src/lib/krb5/krb/t_expire_warn.py
+index 781f2728a..e163cc7e4 100755
+--- a/src/lib/krb5/krb/t_expire_warn.py
++++ b/src/lib/krb5/krb/t_expire_warn.py
+@@ -34,23 +34,33 @@ realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '12 hours',
+ realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '3 days', 'days'])
+
+ # Check for expected prompter warnings when no expire callback is used.
+-output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0'])
++output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0', '0'])
+ if output:
+ fail('Unexpected output for noexpire')
+-realm.run(['./t_expire_warn', 'minutes', 'pass', '0'],
++realm.run(['./t_expire_warn', 'minutes', 'pass', '0', '0'],
+ expected_msg=' less than one hour on ')
+-realm.run(['./t_expire_warn', 'hours', 'pass', '0'], expected_msg=' hours on ')
+-realm.run(['./t_expire_warn', 'days', 'pass', '0'], expected_msg=' days on ')
++realm.run(['./t_expire_warn', 'hours', 'pass', '0', '0'],
++ expected_msg=' hours on ')
++realm.run(['./t_expire_warn', 'days', 'pass', '0', '0'],
++ expected_msg=' days on ')
++# Try one case with the stepwise interface.
++realm.run(['./t_expire_warn', 'days', 'pass', '0', '1'],
++ expected_msg=' days on ')
+
+ # Check for expected expire callback behavior. These tests are
+ # carefully agnostic about whether the KDC supports last_req fields,
+ # and could be made more specific if last_req support is added.
+-output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1'])
++output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1', '0'])
+ if 'password_expiration = 0\n' not in output or \
+ 'account_expiration = 0\n' not in output or \
+ 'is_last_req = ' not in output:
+ fail('Expected callback output not seen for noexpire')
+-output = realm.run(['./t_expire_warn', 'days', 'pass', '1'])
++output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '0'])
++if 'password_expiration = ' not in output or \
++ 'password_expiration = 0\n' in output:
++ fail('Expected non-zero password expiration not seen for days')
++# Try one case with the stepwise interface.
++output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '1'])
+ if 'password_expiration = ' not in output or \
+ 'password_expiration = 0\n' in output:
+ fail('Expected non-zero password expiration not seen for days')
diff --git a/krb5.spec b/krb5.spec
index 37bd530..9c9022c 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 10%{?dist}
+Release: 11%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -58,6 +58,7 @@ Patch12: Document-client-keytab-usage.patch
Patch13: Add-finalization-safety-check-to-com_err.patch
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
Patch15: Correctly-import-service-GSS-host-based-name.patch
+Patch16: Do-expiration-warnings-for-all-init_creds-APIs.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -635,6 +636,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Thu Apr 02 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-11
+- Do expiration warnings for all init_creds APIs
+
* Wed Apr 01 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-10
- Correctly import "service@" GSS host-based name
commit c262ec69f6436125b0421ab6fd6ebed6215ce92c
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Wed Apr 1 14:24:49 2020 -0400
Correctly import "service@" GSS host-based name
diff --git a/Correctly-import-service-GSS-host-based-name.patch b/Correctly-import-service-GSS-host-based-name.patch
new file mode 100644
index 0000000..683b2d9
--- /dev/null
+++ b/Correctly-import-service-GSS-host-based-name.patch
@@ -0,0 +1,52 @@
+From 53b7be87de77b09f44b4ced1d4e85f520c9ce71a Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Mon, 30 Mar 2020 15:26:02 -0400
+Subject: [PATCH] Correctly import "service@" GSS host-based name
+
+The intended way to specify only a service in a GSS host-based name is
+to omit the "@" separator. Some applications include the separator
+but no hostname, and this happened to yield wildcard hostname behavior
+prior to commit 996353767fe8afa7f67a3b5b465e4d70e18bad7c when
+shortname qualification was added. To restore this behavior, check in
+parse_hostbased() that at least one character is present after the "@"
+separator before copying the hostname. Add a test case to t_gssapi.py.
+
+ticket: 8892
+tags: pullup
+target_version: 1.18-next
+
+(cherry picked from commit a2f047af0400ba8080dc26033fae2b17534501e2)
+---
+ src/lib/gssapi/krb5/import_name.c | 4 ++--
+ src/tests/gssapi/t_gssapi.py | 3 +++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
+index da2ab1423..21023dd76 100644
+--- a/src/lib/gssapi/krb5/import_name.c
++++ b/src/lib/gssapi/krb5/import_name.c
+@@ -102,8 +102,8 @@ parse_hostbased(const char *str, size_t len,
+ memcpy(service, str, servicelen);
+ service[servicelen] = '\0';
+
+- /* If present, copy the hostname. */
+- if (at != NULL) {
++ /* Copy the hostname if present (at least one character after '@'). */
++ if (len - servicelen > 1) {
+ hostlen = len - servicelen - 1;
+ host = malloc(hostlen + 1);
+ if (host == NULL) {
+diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
+index 54d5cf549..ecf982604 100755
+--- a/src/tests/gssapi/t_gssapi.py
++++ b/src/tests/gssapi/t_gssapi.py
+@@ -47,6 +47,9 @@ realm.run(['./t_accname', 'p:service2/calvin', 'h:service2'],
+ expected_msg='service2/calvin')
+ realm.run(['./t_accname', 'p:service2/calvin', 'h:service1'], expected_code=1,
+ expected_msg=' found in keytab but does not match server principal')
++# Regression test for #8892 (trailing @ in name).
++realm.run(['./t_accname', 'p:service1/andrew', 'h:service1@'],
++ expected_msg='service1/abraham')
+
+ # Test with acceptor name containing service and host. Use the
+ # client's un-canonicalized hostname as acceptor input to mirror what
diff --git a/krb5.spec b/krb5.spec
index a87f08c..37bd530 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 9%{?dist}
+Release: 10%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -57,6 +57,7 @@ Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch
Patch12: Document-client-keytab-usage.patch
Patch13: Add-finalization-safety-check-to-com_err.patch
Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
+Patch15: Correctly-import-service-GSS-host-based-name.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -634,6 +635,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Wed Apr 01 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-10
+- Correctly import "service@" GSS host-based name
+
* Thu Mar 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-9
- Eliminate redundant PKINIT responder invocation
commit 4e7e5fe69b3cad7cf7d4ec4ef1af77dd73fb3f6f
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Thu Mar 26 16:01:18 2020 -0400
Eliminate redundant PKINIT responder invocation
diff --git a/Eliminate-redundant-PKINIT-responder-invocation.patch b/Eliminate-redundant-PKINIT-responder-invocation.patch
new file mode 100644
index 0000000..ea973b7
--- /dev/null
+++ b/Eliminate-redundant-PKINIT-responder-invocation.patch
@@ -0,0 +1,93 @@
+From b5793f8024320aaa7a85ca39cdc03bf99773bf11 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Mon, 23 Mar 2020 19:10:03 -0400
+Subject: [PATCH] Eliminate redundant PKINIT responder invocation
+
+In pkinit_client_prep_questions(), only act if the input padata type
+is KRB5_PADATA_PK_AS_REQ. Otherwise we will ask questions again when
+the KDC issues a ticket.
+
+Commit 7621d2f9a87214327ca3b2594e34dc7cea84596b (ticket 8242)
+unintentionally changed the behavior of pkinit_load_fs_cert_and_key(),
+causing pkinit_client_prep_questions() to do nothing on its first
+call. Restore the original behavior of returning 0 when prompting is
+deferred.
+
+Modify the existing "FILE identity, password on key (responder)"
+PKINIT test to check that the responder is only invoked once.
+
+ticket: 8885
+(cherry picked from commit f1286842ce7b9e507a4ce0a47f44ab361a98be63)
+---
+ src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++
+ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 13 +++++++------
+ src/tests/t_pkinit.py | 11 +++++++----
+ 3 files changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
+index 2f0431991..9b991ffe0 100644
+--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
+@@ -897,6 +897,11 @@ pkinit_client_prep_questions(krb5_context context,
+ k5_json_object jval = NULL;
+ k5_json_number jflag = NULL;
+
++ /* Don't ask questions for the informational padata items or when the
++ * ticket is issued. */
++ if (pa_data->pa_type != KRB5_PADATA_PK_AS_REQ)
++ return 0;
++
+ if (!reqctx->identity_initialized) {
+ pkinit_client_profile(context, plgctx, reqctx, cb, rock,
+ &request->server->realm);
+diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+index dd718c2be..dbb054378 100644
+--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -4362,17 +4362,18 @@ pkinit_load_fs_cert_and_key(krb5_context context,
+
+ /* Load the certificate. */
+ retval = get_cert(certname, &x);
+- if (retval != 0 || x == NULL) {
+- retval = oerr(context, 0, _("Cannot read certificate file '%s'"),
++ if (retval) {
++ retval = oerr(context, retval, _("Cannot read certificate file '%s'"),
+ certname);
+- goto cleanup;
+ }
++ if (retval || x == NULL)
++ goto cleanup;
+ /* Load the key. */
+ retval = get_key(context, id_cryptoctx, keyname, fsname, &y, password);
+- if (retval != 0 || y == NULL) {
+- retval = oerr(context, 0, _("Cannot read key file '%s'"), fsname);
++ if (retval)
++ retval = oerr(context, retval, _("Cannot read key file '%s'"), fsname);
++ if (retval || y == NULL)
+ goto cleanup;
+- }
+
+ id_cryptoctx->creds[cindex] = malloc(sizeof(struct _pkinit_cred_info));
+ if (id_cryptoctx->creds[cindex] == NULL) {
+diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py
+index 69daf4987..ecd450e8a 100755
+--- a/src/tests/t_pkinit.py
++++ b/src/tests/t_pkinit.py
+@@ -248,10 +248,13 @@ realm.run(['./adata', realm.host_princ],
+ # supplied by the responder.
+ # Supply the response in raw form.
+ mark('FILE identity, password on key (responder)')
+-realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity,
+- '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity,
+- '-X', 'X509_user_identity=%s' % file_enc_identity,
+- realm.user_princ])
++out = realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity,
++ '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity,
++ '-X', 'X509_user_identity=%s' % file_enc_identity,
++ realm.user_princ])
++# Regression test for #8885 (password question asked twice).
++if out.count('OK: ') != 1:
++ fail('Wrong number of responder calls')
+ # Supply the response through the convenience API.
+ realm.run(['./responder', '-X', 'X509_user_identity=%s' % file_enc_identity,
+ '-p', '%s=%s' % (file_enc_identity, 'encrypted'), realm.user_princ])
diff --git a/krb5.spec b/krb5.spec
index 6e2698b..a87f08c 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 8%{?dist}
+Release: 9%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -56,6 +56,7 @@ Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch
Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch
Patch12: Document-client-keytab-usage.patch
Patch13: Add-finalization-safety-check-to-com_err.patch
+Patch14: Eliminate-redundant-PKINIT-responder-invocation.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -633,6 +634,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Thu Mar 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-9
+- Eliminate redundant PKINIT responder invocation
+
* Thu Mar 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-8
- Add finalization safety check to com_err
commit dd7e9481aa7c23d20b14ba3f788376f19c11bb02
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Thu Mar 26 10:20:02 2020 -0400
Add finalization safety check to com_err
diff --git a/Add-finalization-safety-check-to-com_err.patch b/Add-finalization-safety-check-to-com_err.patch
new file mode 100644
index 0000000..0fcb8cc
--- /dev/null
+++ b/Add-finalization-safety-check-to-com_err.patch
@@ -0,0 +1,53 @@
+From 7d375a59fb36cc5ef8dd87895b83e9dfccc57058 Mon Sep 17 00:00:00 2001
+From: Jiri Sasek <Jiri.Sasek(a)Oracle.COM>
+Date: Fri, 13 Mar 2020 19:02:58 +0100
+Subject: [PATCH] Add finalization safety check to com_err
+
+If the linker erroneously runs the libkrb5 finalizer after the
+libcom_err finalizer, the consequent remove_error_table() calls could
+crash due to accessing a destroyed mutex or an invalid et_list
+pointer. Add an unsynchronized check on finalized in
+remove_error_table(), and set et_list to null in com_err_terminate()
+after destroying the list.
+
+[ghudson(a)mit.edu: minimized code hanges; rewrote comment and commit
+message]
+
+ticket: 8890 (new)
+(cherry picked from commit 9d654aa05e26bbf22f140abde3436afeff2fdf8d)
+---
+ src/util/et/error_message.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
+index d7069a9df..7dc02a34e 100644
+--- a/src/util/et/error_message.c
++++ b/src/util/et/error_message.c
+@@ -26,7 +26,7 @@
+
+ static struct et_list *et_list;
+ static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+-static int terminated = 0; /* for debugging shlib fini sequence errors */
++static int terminated = 0; /* for safety and finalization debugging */
+
+ MAKE_INIT_FUNCTION(com_err_initialize);
+ MAKE_FINI_FUNCTION(com_err_terminate);
+@@ -69,6 +69,7 @@ void com_err_terminate(void)
+ enext = e->next;
+ free(e);
+ }
++ et_list = NULL;
+ k5_mutex_unlock(&et_list_lock);
+ k5_mutex_destroy(&et_list_lock);
+ terminated = 1;
+@@ -280,6 +281,10 @@ remove_error_table(const struct error_table *et)
+ {
+ struct et_list **ep, *e;
+
++ /* Safety check in case libraries are finalized in the wrong order. */
++ if (terminated)
++ return ENOENT;
++
+ if (CALL_INIT_FUNCTION(com_err_initialize))
+ return 0;
+ k5_mutex_lock(&et_list_lock);
diff --git a/krb5.spec b/krb5.spec
index 51ef2ae..6e2698b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 7%{?dist}
+Release: 8%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -55,6 +55,7 @@ Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch
Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch
Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch
Patch12: Document-client-keytab-usage.patch
+Patch13: Add-finalization-safety-check-to-com_err.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -632,6 +633,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Thu Mar 26 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-8
+- Add finalization safety check to com_err
+
* Fri Mar 20 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-7
- Add maximum openssl version in preparation for openssl 3
commit 5c9732a54546bf8c9551e31dec78fb83d75ba9d6
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri Mar 20 16:16:55 2020 +0000
Add maximum openssl version in preparation for openssl 3
diff --git a/krb5.spec b/krb5.spec
index 29f33ed..51ef2ae 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 6%{?dist}
+Release: 7%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -78,9 +78,12 @@ BuildRequires: hostname
BuildRequires: iproute
BuildRequires: libverto-devel
BuildRequires: openldap-devel
-BuildRequires: openssl-devel >= 1:1.1.1d-4
BuildRequires: lmdb-devel
+# Need KDFs. This is the backported version
+BuildRequires: openssl-devel >= 1:1.1.1d-4
+BuildRequires: openssl-devel < 1:3.0.0
+
%ifarch %{ix86} x86_64
BuildRequires: yasm
%endif
@@ -113,6 +116,7 @@ to install this package.
%package libs
Summary: The non-admin shared libraries used by Kerberos 5
Requires: openssl-libs >= 1:1.1.1d-4
+Requires: openssl-libs < 1:3.0.0
Requires: coreutils, gawk, grep, sed
Requires: keyutils-libs >= 1.5.8
Requires: /etc/crypto-policies/back-ends/krb5.config
@@ -628,6 +632,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri Mar 20 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-7
+- Add maximum openssl version in preparation for openssl 3
+
* Tue Mar 17 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-6
- Document client keytab usage
commit bea8330f52b6e342ae1bab996bb8fd1f10ecce23
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Mar 17 15:26:56 2020 -0400
Document client keytab usage
diff --git a/Document-client-keytab-usage.patch b/Document-client-keytab-usage.patch
new file mode 100644
index 0000000..800522f
--- /dev/null
+++ b/Document-client-keytab-usage.patch
@@ -0,0 +1,62 @@
+From 90a4102f334ce0c655492de9248c3c60ffbd0449 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Mon, 16 Mar 2020 18:14:30 -0400
+Subject: [PATCH] Document client keytab usage
+
+ticket: 8886 (new)
+tags: pullup
+target_version: 1.18-next
+
+(cherry picked from commit 366c64897d55c86cdc616d2d1cf4617ff8a07a99)
+---
+ doc/admin/appl_servers.rst | 37 +++++++++++++++++++++++++++++++++++++
+ 1 file changed, 37 insertions(+)
+
+diff --git a/doc/admin/appl_servers.rst b/doc/admin/appl_servers.rst
+index fee49f027..5232db9af 100644
+--- a/doc/admin/appl_servers.rst
++++ b/doc/admin/appl_servers.rst
+@@ -60,6 +60,43 @@ To remove a principal from an existing keytab, use the kadmin
+ :end-before: _ktremove_end:
+
+
++Using a keytab to acquire client credentials
++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++
++While keytabs are ordinarily used to accept credentials from clients,
++they can also be used to acquire initial credentials, allowing one
++service to authenticate to another.
++
++To manually obtain credentials using a keytab, use the :ref:`kinit(1)`
++**-k** option, together with the **-t** option if the keytab is not in
++the default location.
++
++Beginning with release 1.11, GSSAPI applications can be configured to
++automatically obtain initial credentials from a keytab as needed. The
++recommended configuration is as follows:
++
++#. Create a keytab containing a single entry for the desired client
++ identity.
++
++#. Place the keytab in a location readable by the service, and set the
++ **KRB5_CLIENT_KTNAME** environment variable to its filename.
++ Alternatively, use the **default_client_keytab_name** profile
++ variable in :ref:`libdefaults`, or use the default location of
++ |ckeytab|.
++
++#. Set **KRB5CCNAME** to a filename writable by the service, which
++ will not be used for any other purpose. Do not manually obtain
++ credentials at this location. (Another credential cache type
++ besides **FILE** can be used if desired, as long the cache will not
++ conflict with another use. A **MEMORY** cache can be used if the
++ service runs as a long-lived process. See :ref:`ccache_definition`
++ for details.)
++
++#. Start the service. When it authenticates using GSSAPI, it will
++ automatically obtain credentials from the client keytab into the
++ specified credential cache, and refresh them before they expire.
++
++
+ Clock Skew
+ ----------
+
diff --git a/krb5.spec b/krb5.spec
index 55a9f87..29f33ed 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 5%{?dist}
+Release: 6%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -54,6 +54,7 @@ Patch8: Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch
Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch
Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch
+Patch12: Document-client-keytab-usage.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -627,6 +628,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue Mar 17 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-6
+- Document client keytab usage
+
* Tue Mar 03 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-5
- Refresh manually acquired creds from client keytab
commit bef2ba57a2f0a3afde0e5dee73355570e472cbd1
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Mon Mar 9 15:26:46 2020 -0400
Update for new rpmlint shenanigans
diff --git a/krb5.rpmlintrc b/krb5.rpmlintrc
index ad8e989..e1d2f0b 100644
--- a/krb5.rpmlintrc
+++ b/krb5.rpmlintrc
@@ -1,5 +1,4 @@
addFilter(r'spelling-error .* en_US (unencrypted)')
-addFilter(r'Source3: krb5-1.17-pdfs.tar')
addFilter(r'hidden-file-or-dir /usr/share/man/man5/.k5identity.5.gz')
addFilter(r'non-standard-dir-in-var kerberos')
addFilter(r'explicit-lib-dependency libverto-module-base')
@@ -12,3 +11,4 @@ addFilter(r'/usr/bin/ksu')
addFilter(r'no-documentation')
addFilter(r'invalid-directory-reference .*pkgconfig')
addFilter(r'incoherent-logrotate-file /etc/logrotate.d/k')
+addFilter(r'library-not-linked-against-libc')
commit f6c62d5e63b5177fa453fe83e6e46f0485eab1b2
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Mar 3 12:34:50 2020 -0500
Refresh manually acquired creds from client keytab
diff --git a/Refresh-manually-acquired-creds-from-client-keytab.patch b/Refresh-manually-acquired-creds-from-client-keytab.patch
new file mode 100644
index 0000000..fe2588f
--- /dev/null
+++ b/Refresh-manually-acquired-creds-from-client-keytab.patch
@@ -0,0 +1,78 @@
+From e67aca9a77d78efa798237b43e177caf9e79f64a Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood(a)redhat.com>
+Date: Wed, 26 Feb 2020 18:27:17 -0500
+Subject: [PATCH] Refresh manually acquired creds from client keytab
+
+If a client keytab is present but credentials are acquired manually,
+the credentials would not be refreshed because no refresh_time config
+var is set in the cache. Change kg_cred_time_to_refresh() to attempt
+a refresh from the client keytab on any credentials which will expire
+in the next 30 seconds.
+
+[ghudson(a)mit.edu: adjused code and added test case]
+
+ticket: 7976
+(cherry picked from commit 729896467e3c77904666019d6cbbda583ae49b95)
+---
+ src/lib/gssapi/krb5/acquire_cred.c | 14 +++++++++++---
+ src/tests/gssapi/t_client_keytab.py | 18 ++++++++++++++++++
+ 2 files changed, 29 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
+index acc1868f8..4062f4741 100644
+--- a/src/lib/gssapi/krb5/acquire_cred.c
++++ b/src/lib/gssapi/krb5/acquire_cred.c
+@@ -557,15 +557,23 @@ set_refresh_time(krb5_context context, krb5_ccache ccache,
+ krb5_boolean
+ kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred)
+ {
+- krb5_timestamp now;
++ krb5_timestamp now, soon;
+
+ if (krb5_timeofday(context, &now))
+ return FALSE;
++ soon = ts_incr(now, 30);
+ if (cred->refresh_time != 0 && !ts_after(cred->refresh_time, now)) {
+- set_refresh_time(context, cred->ccache,
+- ts_incr(cred->refresh_time, 30));
++ set_refresh_time(context, cred->ccache, soon);
+ return TRUE;
+ }
++
++ /* If the creds will expire soon, try to refresh even if they weren't
++ * acquired with a client keytab. */
++ if (ts_after(soon, cred->expire)) {
++ set_refresh_time(context, cred->ccache, soon);
++ return TRUE;
++ }
++
+ return FALSE;
+ }
+
+diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py
+index e474a27c7..7847b3ecd 100755
+--- a/src/tests/gssapi/t_client_keytab.py
++++ b/src/tests/gssapi/t_client_keytab.py
+@@ -124,4 +124,22 @@ realm.kinit(realm.user_princ, password('user'))
+ realm.run(['./t_ccselect', phost], env=bad_cktname,
+ expected_msg=realm.user_princ)
+
++mark('refresh of manually acquired creds')
++
++# Test 17: no name/ccache specified, manually acquired creds which
++# will expire soon. Verify that creds are refreshed using the current
++# client name, with refresh_time set in the refreshed ccache.
++realm.kinit('bob', password('bob'), ['-l', '15s'])
++realm.run(['./t_ccselect', phost], expected_msg='bob')
++realm.run([klist, '-C'], expected_msg='refresh_time = ')
++
++# Test 18: no name/ccache specified, manually acquired creds with a
++# client principal not present in the client keytab. A refresh is
++# attempted but fails, and an expired ticket error results.
++realm.kinit(realm.admin_princ, password('admin'), ['-l', '-1s'])
++msgs = ('Getting initial credentials for user/admin(a)KRBTEST.COM',
++ '/Matching credential not found')
++realm.run(['./t_ccselect', phost], expected_code=1,
++ expected_msg='Ticket expired', expected_trace=msgs)
++
+ success('Client keytab tests')
diff --git a/krb5.spec b/krb5.spec
index 1114076..55a9f87 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 4%{?dist}
+Release: 5%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -53,6 +53,7 @@ Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
Patch8: Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch
Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch
+Patch11: Refresh-manually-acquired-creds-from-client-keytab.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -626,6 +627,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Tue Mar 03 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-5
+- Refresh manually acquired creds from client keytab
+
* Fri Feb 28 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-4
- Allow deletion of require_auth with LDAP KDB
commit 812c07a94f1ff6f28272a5080110b7d4e4562830
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri Feb 28 13:35:47 2020 -0500
Allow deletion of require_auth with LDAP KDB
diff --git a/Allow-deletion-of-require_auth-with-LDAP-KDB.patch b/Allow-deletion-of-require_auth-with-LDAP-KDB.patch
new file mode 100644
index 0000000..58ef195
--- /dev/null
+++ b/Allow-deletion-of-require_auth-with-LDAP-KDB.patch
@@ -0,0 +1,160 @@
+From 59eea8a1977c6039069b3826e5e651582a33fc25 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Tue, 25 Feb 2020 11:32:09 -0500
+Subject: [PATCH] Allow deletion of require_auth with LDAP KDB
+
+In update_ldap_mod_auth_ind(), if there is no string attribute value
+for require_auth, check for krbPrincipalAuthInd attributes that might
+need to be removed. (This will only work if the entry is loaded and
+then modified, but that is the normal case for an existing entry.)
+
+Move the update_ldap_mod_auth_ind() call inside the tl-data
+conditional (which should perhaps be a check for KADM5_TL_DATA in the
+mask instead). A modification which did not intend to update tl-data
+should not remove the krbPrincipalAuthInd attributes.
+
+Change get_int_from_tl_data() to to zero its output so that it can't
+leave a garbage value behind if it returns 0 (as it does if no
+KDB_TL_USER_INFO tl-data is present).
+
+Based on a patch by Glenn Machin.
+
+ticket: 8877
+tags: pullup
+target_version: 1.18-next
+target_version: 1.17-next
+
+(cherry picked from commit 6d9da7bb216f96cbdd731aa894714bd84213a9d0)
+---
+ src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 2 ++
+ .../kdb/ldap/libkdb_ldap/ldap_principal2.c | 31 ++++++++++++-------
+ src/tests/t_kdb.py | 26 +++++++++++++++-
+ 3 files changed, 47 insertions(+), 12 deletions(-)
+
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+index ec7f32511..6bc20593f 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+@@ -721,6 +721,8 @@ get_int_from_tl_data(krb5_context context, krb5_db_entry *entry, int type,
+ void *ptr;
+ int *intptr;
+
++ *intval = 0;
++
+ tl_data.tl_data_type = KDB_TL_USER_INFO;
+ ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+ if (ret || tl_data.tl_data_length == 0)
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index 1d0726707..8d97a29b6 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -627,12 +627,22 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
+ char *auth_ind = NULL;
+ char *strval[10] = { 0 };
+ char *ai, *ai_save = NULL;
+- int sv_num = sizeof(strval) / sizeof(*strval);
++ int mask, sv_num = sizeof(strval) / sizeof(*strval);
+
+ ret = krb5_dbe_get_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
+ &auth_ind);
+- if (ret || auth_ind == NULL)
+- goto cleanup;
++ if (ret)
++ return ret;
++ if (auth_ind == NULL) {
++ /* If we know krbPrincipalAuthInd attributes are present from loading
++ * the entry, delete them. */
++ ret = krb5_get_attributes_mask(context, entry, &mask);
++ if (!ret && (mask & KDB_AUTH_IND_ATTR)) {
++ return krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
++ LDAP_MOD_DELETE, NULL);
++ }
++ return 0;
++ }
+
+ ai = strtok_r(auth_ind, " ", &ai_save);
+ while (ai != NULL && i < sv_num) {
+@@ -642,8 +652,6 @@ update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
+
+ ret = krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
+ LDAP_MOD_REPLACE, strval);
+-
+-cleanup:
+ krb5_dbe_free_string(context, auth_ind);
+ return ret;
+ }
+@@ -1251,18 +1259,19 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
+
+ } /* Modify Key data ends here */
+
+- /* Auth indicators will also be stored in krbExtraData when processing
+- * tl_data. */
+- st = update_ldap_mod_auth_ind(context, entry, &mods);
+- if (st != 0)
+- goto cleanup;
+-
+ /* Set tl_data */
+ if (entry->tl_data != NULL) {
+ int count = 0;
+ struct berval **ber_tl_data = NULL;
+ krb5_tl_data *ptr;
+ krb5_timestamp unlock_time;
++
++ /* Normalize required auth indicators, but also store them as string
++ * attributes within krbExtraData. */
++ st = update_ldap_mod_auth_ind(context, entry, &mods);
++ if (st != 0)
++ goto cleanup;
++
+ for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+ if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+ #ifdef SECURID
+diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
+index 03ee70f47..caa7e9d8f 100755
+--- a/src/tests/t_kdb.py
++++ b/src/tests/t_kdb.py
+@@ -319,19 +319,43 @@ realm.klist(realm.user_princ, realm.host_princ)
+
+ mark('LDAP auth indicator')
+
+-# Test auth indicator support
++# Test require_auth normalization.
+ realm.addprinc('authind', password('authind'))
+ realm.run([kadminl, 'setstr', 'authind', 'require_auth', 'otp radius'])
+
++# Check that krbPrincipalAuthInd attributes are set when the string
++# attribute it set.
+ out = ldap_search('(krbPrincipalName=authind*)')
+ if 'krbPrincipalAuthInd: otp' not in out:
+ fail('Expected krbPrincipalAuthInd value not in output')
+ if 'krbPrincipalAuthInd: radius' not in out:
+ fail('Expected krbPrincipalAuthInd value not in output')
+
++# Check that the string attribute still appears when the principal is
++# loaded.
+ realm.run([kadminl, 'getstrs', 'authind'],
+ expected_msg='require_auth: otp radius')
+
++# Modify the LDAP attributes and check that the change is reflected in
++# the string attribute.
++ldap_modify('dn: krbPrincipalName=authind(a)KRBTEST.COM,cn=t1,cn=krb5\n'
++ 'changetype: modify\n'
++ 'replace: krbPrincipalAuthInd\n'
++ 'krbPrincipalAuthInd: radius\n'
++ 'krbPrincipalAuthInd: pkinit\n')
++realm.run([kadminl, 'getstrs', 'authind'],
++ expected_msg='require_auth: radius pkinit')
++
++# Regression test for #8877: remove the string attribute and check
++# that it is reflected in the LDAP attributes and by getstrs.
++realm.run([kadminl, 'delstr', 'authind', 'require_auth'])
++out = ldap_search('(krbPrincipalName=authind*)')
++if 'krbPrincipalAuthInd' in out:
++ fail('krbPrincipalAuthInd attribute still present after delstr')
++out = realm.run([kadminl, 'getstrs', 'authind'])
++if 'require_auth' in out:
++ fail('require_auth string attribute still visible after delstr')
++
+ mark('LDAP service principal aliases')
+
+ # Test service principal aliases.
diff --git a/krb5.spec b/krb5.spec
index 45feb1a..1114076 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 3%{?dist}
+Release: 4%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -52,6 +52,7 @@ Patch6: downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
Patch8: Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch
+Patch10: Allow-deletion-of-require_auth-with-LDAP-KDB.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -625,6 +626,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri Feb 28 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-4
+- Allow deletion of require_auth with LDAP KDB
+
* Thu Feb 27 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-3
- Allow certauth modules to set hw-authent flag
commit 0ecf7a0e65459c3f4a0171739eb4e072f11448e2
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Thu Feb 27 16:13:51 2020 -0500
Allow certauth modules to set hw-authent flag
diff --git a/Allow-certauth-modules-to-set-hw-authent-flag.patch b/Allow-certauth-modules-to-set-hw-authent-flag.patch
new file mode 100644
index 0000000..c1266c9
--- /dev/null
+++ b/Allow-certauth-modules-to-set-hw-authent-flag.patch
@@ -0,0 +1,241 @@
+From 745aa16c41305da1a3f288bf06e551f56cb04594 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Mon, 24 Feb 2020 15:58:59 -0500
+Subject: [PATCH] Allow certauth modules to set hw-authent flag
+
+In PKINIT, if a certauth module returns KRB5_CERTAUTH_HWAUTH from its
+authorize method, set the hw-authent flag in the ticket.
+
+ticket: 8879 (new)
+(cherry picked from commit 50fb43b4a2d97ce2cd53e1ced30e8e8224fede70)
+---
+ doc/plugindev/certauth.rst | 7 +++++--
+ src/include/krb5/certauth_plugin.h | 9 ++++++---
+ src/lib/krb5/error_tables/k5e1_err.et | 1 +
+ src/plugins/certauth/test/Makefile.in | 4 ++--
+ src/plugins/certauth/test/main.c | 11 +++++++++--
+ src/plugins/preauth/pkinit/pkinit_srv.c | 24 ++++++++++++++++--------
+ src/tests/t_certauth.py | 13 +++++++++++++
+ 7 files changed, 52 insertions(+), 17 deletions(-)
+
+diff --git a/doc/plugindev/certauth.rst b/doc/plugindev/certauth.rst
+index 8a7f7c5eb..3b715f738 100644
+--- a/doc/plugindev/certauth.rst
++++ b/doc/plugindev/certauth.rst
+@@ -15,8 +15,11 @@ principal. **authorize** receives the DER-encoded certificate, the
+ requested client principal, and a pointer to the client's
+ krb5_db_entry (for modules that link against libkdb5). It returns the
+ authorization status and optionally outputs a list of authentication
+-indicator strings to be added to the ticket. A module must use its
+-own internal or library-provided ASN.1 certificate decoder.
++indicator strings to be added to the ticket. Beginning in release
++1.19, the authorize method can request that the hardware
++authentication bit be set in the ticket by returning
++**KRB5_CERTAUTH_HWAUTH**. A module must use its own internal or
++library-provided ASN.1 certificate decoder.
+
+ A module can optionally create and destroy module data with the
+ **init** and **fini** methods. Module data objects last for the
+diff --git a/src/include/krb5/certauth_plugin.h b/src/include/krb5/certauth_plugin.h
+index 3074790f8..3466cf345 100644
+--- a/src/include/krb5/certauth_plugin.h
++++ b/src/include/krb5/certauth_plugin.h
+@@ -85,14 +85,17 @@ typedef void
+ (*krb5_certauth_fini_fn)(krb5_context context, krb5_certauth_moddata moddata);
+
+ /*
+- * Mandatory:
+- * Return 0 if the DER-encoded cert is authorized for PKINIT authentication by
+- * princ; otherwise return one of the following error codes:
++ * Mandatory: return 0 or KRB5_CERTAUTH_HWAUTH if the DER-encoded cert is
++ * authorized for PKINIT authentication by princ; otherwise return one of the
++ * following error codes:
+ * - KRB5KDC_ERR_CLIENT_NAME_MISMATCH - incorrect SAN value
+ * - KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE - incorrect EKU
+ * - KRB5KDC_ERR_CERTIFICATE_MISMATCH - other extension error
+ * - KRB5_PLUGIN_NO_HANDLE - the module has no opinion about cert
+ *
++ * Returning KRB5_CERTAUTH_HWAUTH will cause the hw-authent flag to be set in
++ * the issued ticket (new in release 1.19).
++ *
+ * - opts is used by built-in modules to receive internal data, and must be
+ * ignored by other modules.
+ * - db_entry receives the client principal database entry, and can be ignored
+diff --git a/src/lib/krb5/error_tables/k5e1_err.et b/src/lib/krb5/error_tables/k5e1_err.et
+index ade5caecf..abd9f3bfe 100644
+--- a/src/lib/krb5/error_tables/k5e1_err.et
++++ b/src/lib/krb5/error_tables/k5e1_err.et
+@@ -42,4 +42,5 @@ error_code KRB5_KCM_MALFORMED_REPLY, "Malformed reply from KCM daemon"
+ error_code KRB5_KCM_RPC_ERROR, "Mach RPC error communicating with KCM daemon"
+ error_code KRB5_KCM_REPLY_TOO_BIG, "KCM daemon reply too big"
+ error_code KRB5_KCM_NO_SERVER, "No KCM server found"
++error_code KRB5_CERTAUTH_HWAUTH, "Authorize and set hw-authent ticket flag"
+ end
+diff --git a/src/plugins/certauth/test/Makefile.in b/src/plugins/certauth/test/Makefile.in
+index d3524084c..e94c13845 100644
+--- a/src/plugins/certauth/test/Makefile.in
++++ b/src/plugins/certauth/test/Makefile.in
+@@ -5,8 +5,8 @@ LIBBASE=certauth_test
+ LIBMAJOR=0
+ LIBMINOR=0
+ RELDIR=../plugins/certauth/test
+-SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS)
+-SHLIB_EXPLIBS=$(KRB5_BASE_LIBS)
++SHLIB_EXPDEPS=$(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
++SHLIB_EXPLIBS=$(KDB5_LIBS) $(KRB5_BASE_LIBS)
+
+ STLIBOBJS=main.o
+
+diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c
+index 77641230c..d4633b8cd 100644
+--- a/src/plugins/certauth/test/main.c
++++ b/src/plugins/certauth/test/main.c
+@@ -31,6 +31,7 @@
+ */
+
+ #include <k5-int.h>
++#include <kdb.h>
+ #include "krb5/certauth_plugin.h"
+
+ struct krb5_certauth_moddata_st {
+@@ -131,7 +132,8 @@ has_cn(krb5_context context, const uint8_t *cert, size_t cert_len,
+
+ /*
+ * Test module 2 returns OK if princ matches the CN part of the subject name,
+- * and returns indicators of the module name and princ.
++ * and returns indicators of the module name and princ. If the "hwauth" string
++ * attribute is set on db_entry, it returns KRB5_CERTAUTH_HWAUTH.
+ */
+ static krb5_error_code
+ test2_authorize(krb5_context context, krb5_certauth_moddata moddata,
+@@ -141,7 +143,7 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata,
+ char ***authinds_out)
+ {
+ krb5_error_code ret;
+- char *name = NULL, **ais = NULL;
++ char *name = NULL, *strval = NULL, **ais = NULL;
+
+ *authinds_out = NULL;
+
+@@ -167,6 +169,11 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata,
+
+ ais = NULL;
+
++ ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth",
++ &strval);
++ ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0;
++ krb5_dbe_free_string(context, strval);
++
+ cleanup:
+ krb5_free_unparsed_name(context, name);
+ return ret;
+diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
+index feca11806..3ae56c064 100644
+--- a/src/plugins/preauth/pkinit/pkinit_srv.c
++++ b/src/plugins/preauth/pkinit/pkinit_srv.c
+@@ -320,12 +320,12 @@ static krb5_error_code
+ authorize_cert(krb5_context context, certauth_handle *certauth_modules,
+ pkinit_kdc_context plgctx, pkinit_kdc_req_context reqctx,
+ krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+- krb5_principal client)
++ krb5_principal client, krb5_boolean *hwauth_out)
+ {
+ krb5_error_code ret;
+ certauth_handle h;
+ struct certauth_req_opts opts;
+- krb5_boolean accepted = FALSE;
++ krb5_boolean accepted = FALSE, hwauth = FALSE;
+ uint8_t *cert;
+ size_t i, cert_len;
+ void *db_ent = NULL;
+@@ -347,9 +347,10 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules,
+
+ /*
+ * Check the certificate against each certauth module. For the certificate
+- * to be authorized at least one module must return 0, and no module can an
+- * error code other than KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from
+- * modules that return 0 or pass.
++ * to be authorized at least one module must return 0 or
++ * KRB5_CERTAUTH_HWAUTH, and no module can return an error code other than
++ * KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from modules that return 0
++ * or pass.
+ */
+ ret = KRB5_PLUGIN_NO_HANDLE;
+ for (i = 0; certauth_modules != NULL && certauth_modules[i] != NULL; i++) {
+@@ -359,6 +360,8 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules,
+ &opts, db_ent, &ais);
+ if (ret == 0)
+ accepted = TRUE;
++ else if (ret == KRB5_CERTAUTH_HWAUTH)
++ accepted = hwauth = TRUE;
+ else if (ret != KRB5_PLUGIN_NO_HANDLE)
+ goto cleanup;
+
+@@ -374,6 +377,7 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules,
+ }
+ }
+
++ *hwauth_out = hwauth;
+ ret = accepted ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+
+ cleanup:
+@@ -430,7 +434,7 @@ pkinit_server_verify_padata(krb5_context context,
+ int is_signed = 1;
+ krb5_pa_data **e_data = NULL;
+ krb5_kdcpreauth_modreq modreq = NULL;
+- krb5_boolean valid_freshness_token = FALSE;
++ krb5_boolean valid_freshness_token = FALSE, hwauth = FALSE;
+ char **sp;
+
+ pkiDebug("pkinit_verify_padata: entered!\n");
+@@ -494,7 +498,7 @@ pkinit_server_verify_padata(krb5_context context,
+ }
+ if (is_signed) {
+ retval = authorize_cert(context, moddata->certauth_modules, plgctx,
+- reqctx, cb, rock, request->client);
++ reqctx, cb, rock, request->client, &hwauth);
+ if (retval)
+ goto cleanup;
+
+@@ -613,6 +617,8 @@ pkinit_server_verify_padata(krb5_context context,
+
+ /* remember to set the PREAUTH flag in the reply */
+ enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
++ if (hwauth)
++ enc_tkt_reply->flags |= TKT_FLG_HW_AUTH;
+ modreq = (krb5_kdcpreauth_modreq)reqctx;
+ reqctx = NULL;
+
+@@ -1044,7 +1050,9 @@ pkinit_server_get_flags(krb5_context kcontext, krb5_preauthtype patype)
+ {
+ if (patype == KRB5_PADATA_PKINIT_KX)
+ return PA_INFO;
+- return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA;
++ /* PKINIT does not normally set the hw-authent ticket flag, but a
++ * certauth module can cause it to do so. */
++ return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA | PA_HARDWARE;
+ }
+
+ static krb5_preauthtype supported_server_pa_types[] = {
+diff --git a/src/tests/t_certauth.py b/src/tests/t_certauth.py
+index 9c7094525..0fe0fdb4a 100644
+--- a/src/tests/t_certauth.py
++++ b/src/tests/t_certauth.py
+@@ -43,4 +43,17 @@ out = realm.kinit("user2(a)KRBTEST.COM",
+ expected_code=1,
+ expected_msg='kinit: Certificate mismatch')
+
++# Test the KRB5_CERTAUTH_HWAUTH return code.
++mark('hw-authent flag tests')
++# First test +requires_hwauth without causing the hw-authent ticket
++# flag to be set. This currently results in a preauth loop.
++realm.run([kadminl, 'modprinc', '+requires_hwauth', realm.user_princ])
++realm.kinit(realm.user_princ,
++ flags=['-X', 'X509_user_identity=%s' % file_identity],
++ expected_code=1, expected_msg='Looping detected')
++# Cause the test2 module to return KRB5_CERTAUTH_HWAUTH and try again.
++realm.run([kadminl, 'setstr', realm.user_princ, 'hwauth', 'x'])
++realm.kinit(realm.user_princ,
++ flags=['-X', 'X509_user_identity=%s' % file_identity])
++
+ success("certauth tests")
diff --git a/krb5.spec b/krb5.spec
index 1eb325d..45feb1a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 2%{?dist}
+Release: 3%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -51,6 +51,7 @@ Patch5: downstream-Remove-3des-support.patch
Patch6: downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
Patch8: Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
+Patch9: Allow-certauth-modules-to-set-hw-authent-flag.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -624,6 +625,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Thu Feb 27 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-3
+- Allow certauth modules to set hw-authent flag
+
* Fri Feb 21 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-2
- Fix AS-REQ checking of KDB-modified indicators
commit 3b6955d99e3c9ab351147b8c0d14a904a7bcffb8
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Fri Feb 21 13:16:49 2020 -0500
Fix AS-REQ checking of KDB-modified indicators
diff --git a/Fix-AS-REQ-checking-of-KDB-modified-indicators.patch b/Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
new file mode 100644
index 0000000..1655c38
--- /dev/null
+++ b/Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
@@ -0,0 +1,189 @@
+From 744154b19c8000965e5a5de51d5dbef0794958be Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson(a)mit.edu>
+Date: Wed, 19 Feb 2020 15:36:38 -0500
+Subject: [PATCH] Fix AS-REQ checking of KDB-modified indicators
+
+Commit 7196c03f18f14695abeb5ae4923004469b172f0f (ticket 8823) gave the
+KDB the ability to modify auth indicators, but it happens after the
+asserted indicators are checked against the server principal
+requirements. In finish_process_as_req(), move the call to
+check_indicators() after the call to handle_authdata() so that the
+final indicator list is checked.
+
+For the test case, add string attribute functionality to the test KDB
+module, and fix a bug where test_get_principal() would return failure
+if a principal has no keys. Also add a test case for AS-REQ
+enforcement of normally asserted auth indicators.
+
+ticket: 8876 (new)
+tags: pullup
+target_version: 1.18-next
+
+(cherry picked from commit 109e30ce22c20f18b8233119f274935bdf573886)
+---
+ src/kdc/do_as_req.c | 14 +++++------
+ src/plugins/kdb/test/kdb_test.c | 42 +++++++++++++++++++++++++++++++--
+ src/tests/t_authdata.py | 11 +++++++++
+ 3 files changed, 58 insertions(+), 9 deletions(-)
+
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 87dd7e993..9ae7b0a5e 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -211,13 +211,6 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
+
+ au_state->stage = ENCR_REP;
+
+- errcode = check_indicators(kdc_context, state->server,
+- state->auth_indicators);
+- if (errcode) {
+- state->status = "HIGHER_AUTHENTICATION_REQUIRED";
+- goto egress;
+- }
+-
+ state->ticket_reply.enc_part2 = &state->enc_tkt_reply;
+
+ errcode = check_kdcpolicy_as(kdc_context, state->request, state->client,
+@@ -301,6 +294,13 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
+ goto egress;
+ }
+
++ errcode = check_indicators(kdc_context, state->server,
++ state->auth_indicators);
++ if (errcode) {
++ state->status = "HIGHER_AUTHENTICATION_REQUIRED";
++ goto egress;
++ }
++
+ errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock,
+ &state->ticket_reply);
+ if (errcode)
+diff --git a/src/plugins/kdb/test/kdb_test.c b/src/plugins/kdb/test/kdb_test.c
+index 1936cb0e4..95a6062e2 100644
+--- a/src/plugins/kdb/test/kdb_test.c
++++ b/src/plugins/kdb/test/kdb_test.c
+@@ -54,6 +54,8 @@
+ * # Initial number is kvno; defaults to 1.
+ * keys = 3 aes256-cts aes128-cts:normal
+ * keys = 2 rc4-hmac
++ * strings = key1:value1
++ * strings = key2:value2
+ * }
+ * }
+ * delegation = {
+@@ -282,6 +284,33 @@ make_keys(char **strings, const char *princstr, const krb5_data *realm,
+ ent->n_key_data = nkeys;
+ }
+
++static void
++make_strings(char **stringattrs, krb5_db_entry *ent)
++{
++ struct k5buf buf;
++ char **p;
++ const char *str, *sep;
++ krb5_tl_data *tl;
++
++ k5_buf_init_dynamic(&buf);
++ for (p = stringattrs; *p != NULL; p++) {
++ str = *p;
++ sep = strchr(str, ':');
++ assert(sep != NULL);
++ k5_buf_add_len(&buf, str, sep - str);
++ k5_buf_add_len(&buf, "\0", 1);
++ k5_buf_add_len(&buf, sep + 1, strlen(sep + 1) + 1);
++ }
++ assert(buf.data != NULL);
++
++ tl = ealloc(sizeof(*ent->tl_data));
++ tl->tl_data_next = NULL;
++ tl->tl_data_type = KRB5_TL_STRING_ATTRS;
++ tl->tl_data_length = buf.len;
++ tl->tl_data_contents = buf.data;
++ ent->tl_data = tl;
++}
++
+ static krb5_error_code
+ test_init()
+ {
+@@ -339,7 +368,8 @@ test_get_principal(krb5_context context, krb5_const_principal search_for,
+ krb5_principal princ = NULL, tgtprinc;
+ krb5_principal_data empty_princ = { KV5M_PRINCIPAL };
+ testhandle h = context->dal_handle->db_context;
+- char *search_name = NULL, *canon = NULL, *flagstr, **names, **key_strings;
++ char *search_name = NULL, *canon = NULL, *flagstr;
++ char **names, **key_strings, **stringattrs;
+ const char *ename;
+ krb5_db_entry *ent;
+
+@@ -415,7 +445,7 @@ test_get_principal(krb5_context context, krb5_const_principal search_for,
+ ent->pw_expiration = get_time(h, "princs", ename, "pwexpiration");
+
+ /* Leave last_success, last_failed, fail_auth_count zeroed. */
+- /* Leave tl_data and e_data empty. */
++ /* Leave e_data empty. */
+
+ set_names(h, "princs", ename, "keys");
+ ret = profile_get_values(h->profile, h->names, &key_strings);
+@@ -424,11 +454,19 @@ test_get_principal(krb5_context context, krb5_const_principal search_for,
+ profile_free_list(key_strings);
+ }
+
++ set_names(h, "princs", ename, "strings");
++ ret = profile_get_values(h->profile, h->names, &stringattrs);
++ if (ret != PROF_NO_RELATION) {
++ make_strings(stringattrs, ent);
++ profile_free_list(stringattrs);
++ }
++
+ /* We must include mod-princ data or kadm5_get_principal() won't work and
+ * we can't extract keys with kadmin.local. */
+ check(krb5_dbe_update_mod_princ_data(context, ent, 0, &empty_princ));
+
+ *entry = ent;
++ ret = 0;
+
+ cleanup:
+ krb5_free_unparsed_name(context, search_name);
+diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py
+index 3153ebca3..4fbdbec05 100644
+--- a/src/tests/t_authdata.py
++++ b/src/tests/t_authdata.py
+@@ -158,6 +158,8 @@ realm.run(['./adata', realm.host_princ], expected_msg='+97: [indcl]')
+ mark('auth indicator enforcement')
+ realm.addprinc('restricted')
+ realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'superstrong'])
++realm.kinit(realm.user_princ, password('user'), ['-S', 'restricted'],
++ expected_code=1, expected_msg='KDC policy rejects request')
+ realm.run([kvno, 'restricted'], expected_code=1,
+ expected_msg='KDC policy rejects request')
+ realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'indcl'])
+@@ -194,6 +196,8 @@ testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
+ 'krbtgt/FOREIGN': {'keys': 'aes128-cts'},
+ 'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+ 'user2': {'keys': 'aes128-cts', 'flags': '+preauth'},
++ 'rservice': {'keys': 'aes128-cts',
++ 'strings': 'require_auth:strong'},
+ 'service/1': {'keys': 'aes128-cts',
+ 'flags': '+ok_to_auth_as_delegate'},
+ 'service/2': {'keys': 'aes128-cts'},
+@@ -208,6 +212,7 @@ usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache')
+ realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
+ realm.extract_keytab('krbtgt/FOREIGN', realm.keytab)
+ realm.extract_keytab(realm.user_princ, realm.keytab)
++realm.extract_keytab('ruser', realm.keytab)
+ realm.extract_keytab('service/1', realm.keytab)
+ realm.extract_keytab('service/2', realm.keytab)
+ realm.extract_keytab('noauthdata', realm.keytab)
+@@ -252,6 +257,12 @@ if ' -2: self_ad' not in out or ' -2: proxy_ad' not in out:
+ realm.kinit(realm.user_princ, None, ['-k', '-X', 'indicators=dummy dbincr1'])
+ realm.run(['./adata', realm.krbtgt_princ], expected_msg='+97: [dbincr2]')
+ realm.run(['./adata', 'service/1'], expected_msg='+97: [dbincr3]')
++realm.kinit(realm.user_princ, None,
++ ['-k', '-X', 'indicators=strong', '-S', 'rservice'])
++# Test enforcement of altered indicators during AS request.
++realm.kinit(realm.user_princ, None,
++ ['-k', '-X', 'indicators=strong dbincr1', '-S', 'rservice'],
++ expected_code=1)
+
+ # Test that KDB module authdata is included in an AS request, by
+ # default or with an explicit PAC request.
diff --git a/krb5.spec b/krb5.spec
index 43bb589..1eb325d 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.18
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 1%{?dist}
+Release: 2%{?dist}
# rharwood has trust path to signing key and verifies on check-in
Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}....
@@ -50,6 +50,7 @@ Patch4: downstream-fix-debuginfo-with-y.tab.c.patch
Patch5: downstream-Remove-3des-support.patch
Patch6: downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch
Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch
+Patch8: Fix-AS-REQ-checking-of-KDB-modified-indicators.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@@ -623,6 +624,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
+* Fri Feb 21 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-2
+- Fix AS-REQ checking of KDB-modified indicators
+
* Wed Feb 12 2020 Robbie Harwood <rharwood(a)redhat.com> - 1.18-1
- New upstream version (1.18)
3 years, 10 months
[Report] Packages Restricting Arches
by root
New package excluding arches (5)
============================
- nodejs-pg-protocol
ExclusiveArch: %{nodejs_arches} noarch
- rust-block-buffer0.7
ExclusiveArch: %{rust_arches}
- rust-digest0.8
ExclusiveArch: %{rust_arches}
- rust-generic-array0.12
ExclusiveArch: %{rust_arches}
- rust-ssh-key-dir
ExclusiveArch: %{rust_arches}
Package that edited their arches constraints (1)
=============================================
- rust-ostree
was ExclusiveArch: %{rust_arches}
is ExclusiveArch: i686 x86_64
Package no longer excluding arches (128)
==================================
- jasmine-node
- nodejs-abbrev
- nodejs-ain2
- nodejs-ansi
- nodejs-archy
- nodejs-aws-sign
- nodejs-basic-auth-connect
- nodejs-batch
- nodejs-bindings
- nodejs-buffer-crc32
- nodejs-bytes
- nodejs-child-process-close
- nodejs-chmodr
- nodejs-chownr
- nodejs-cmd-shim
- nodejs-component-emitter
- nodejs-config-chain
- nodejs-connect-timeout
- nodejs-console-dot-log
- nodejs-cookie
- nodejs-cookie-jar
- nodejs-cookie-parser
- nodejs-cookie-signature
- nodejs-cookiejar
- nodejs-couch-login
- nodejs-cssom
- nodejs-csurf
- nodejs-defined
- nodejs-detective
- nodejs-dryice
- nodejs-editor
- nodejs-escodegen
- nodejs-estraverse
- nodejs-esutils
- nodejs-eventemitter2
- nodejs-exit
- nodejs-expect-dot-js
- nodejs-express-session
- nodejs-faye-websocket
- nodejs-fileset
- nodejs-findup-sync
- nodejs-formidable
- nodejs-fresh
- nodejs-fstream-ignore
- nodejs-fstream-npm
- nodejs-generic-pool
- nodejs-getobject
- nodejs-github-url-from-git
- nodejs-grip
- nodejs-grunt-compare-size
- nodejs-grunt-contrib-concat
- nodejs-grunt-contrib-internal
- nodejs-grunt-contrib-uglify
- nodejs-grunt-contrib-watch
- nodejs-grunt-git-authors
- nodejs-gzip-size
- nodejs-hooker
- nodejs-inherits1
- nodejs-ini
- nodejs-iso8601
- nodejs-jasmine-reporters
- nodejs-joose
- nodejs-joosex-namespace-depended
- nodejs-joosex-simplerequest
- nodejs-js-yaml
- nodejs-jscoverage
- nodejs-jwt-simple
- nodejs-keypress
- nodejs-lazystream
- nodejs-lockfile
- nodejs-maxmin
- nodejs-methods
- nodejs-mime
- nodejs-mimeparse
- nodejs-morgan
- nodejs-muffin
- nodejs-multiparty
- nodejs-mute-stream
- nodejs-nan0
- nodejs-ncp
- nodejs-node-int64
- nodejs-noptify
- nodejs-npm-user-validate
- nodejs-npmlog
- nodejs-opener
- nodejs-opts
- nodejs-osenv
- nodejs-package
- nodejs-paperboy
- nodejs-parseurl
- nodejs-pause
- nodejs-pretty-bytes
- nodejs-promzard
- nodejs-proto-list
- nodejs-pubcontrol
- nodejs-range-parser
- nodejs-read
- nodejs-read-package-json
- nodejs-reduce-component
- nodejs-repl
- nodejs-require-cs
- nodejs-requirejs
- nodejs-resolve
- nodejs-response-time
- nodejs-retry
- nodejs-sax
- nodejs-serve-index
- nodejs-setimmediate
- nodejs-showdown
- nodejs-sigmund
- nodejs-static-favicon
- nodejs-stream-counter
- nodejs-superagent
- nodejs-supertest
- nodejs-temp
- nodejs-temporary
- nodejs-testswarm
- nodejs-through
- nodejs-tiny-lr-fork
- nodejs-uglify-to-browserify
- nodejs-uid-number
- nodejs-vhost
- nodejs-walkdir
- nodejs-weak-map
- nodejs-websocket-driver
- nodejs-which
- nodejs-zlib-browserify
- ycssmin
List of packages currently excluding arches (2651)
===========================================
- 0ad
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- 90-Second-Portraits
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- GoldenCheetah
ExclusiveArch: %{qt5_qtwebengine_arches}
- GtkAda
ExclusiveArch: %{GPRbuild_arches}
- GtkAda3
ExclusiveArch: %{GPRbuild_arches}
- OpenImageIO
ExclusiveArch: x86_64 ppc64le
- PragmARC
ExclusiveArch: %{GPRbuild_arches}
- R-V8
ExclusiveArch: %{nodejs_arches}
- RdRand
ExclusiveArch: %{ix86} x86_64
- SLOF
ExclusiveArch: ppc64le
- YafaRay
ExclusiveArch: %{ix86} x86_64
- aboot
ExclusiveArch: alpha
- acpid
ExclusiveArch: ia64 x86_64 %{ix86} %{arm} aarch64
- ahven
ExclusiveArch: %{GPRbuild_arches}
- algobox
ExclusiveArch: %{qt5_qtwebengine_arches}
- alleyoop
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x %{arm} aarch64
- american-fuzzy-lop
ExclusiveArch: %{ix86} x86_64
- anet
ExclusiveArch: %{GPRbuild_arches}
- apmd
ExclusiveArch: %{ix86}
- appstream-generator
ExclusiveArch: x86_64 %{ix86} %{arm}
- arduino
ExclusiveArch: %{go_arches}
- arduino-builder
ExclusiveArch: %{go_arches}
- arm-trusted-firmware
ExclusiveArch: aarch64
- aunit
ExclusiveArch: %GPRbuild_arches
- avgtime
ExclusiveArch: %{ldc_arches}
- aws
ExclusiveArch: %GPRbuild_arches
- banshee
ExclusiveArch: %{mono_arches}
- banshee-community-extensions
ExclusiveArch: %ix86 x86_64 ppc ppc64 ia64 %{arm} sparcv9 alpha s390x
- bareftp
ExclusiveArch: %{mono_arches}
- bcal
ExclusiveArch: x86_64 aarch64 ia64 ppc64 ppc64le s390x
- bcc
ExclusiveArch: x86_64 %{power64} aarch64 s390x
- bcm283x-firmware
ExclusiveArch: %{arm} aarch64
- berusky2
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{mips}
- biosdevname
ExclusiveArch: %{ix86} x86_64
- bless
ExclusiveArch: %mono_arches
- boo
ExclusiveArch: %{mono_arches}
- bpftrace
ExclusiveArch: x86_64 %{power64} aarch64
- calamares
ExclusiveArch: %{ix86} x86_64
- calibre
ExclusiveArch: %{qt5_qtwebengine_arches}
- carto
ExclusiveArch: %{nodejs_arches} noarch
- ccdciel
ExclusiveArch: %{fpc_arches}
- cdcollect
ExclusiveArch: %{mono_arches}
- ceph
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- chromium
ExclusiveArch: x86_64 i686
ExclusiveArch: x86_64 i686 aarch64
- cjdns
ExclusiveArch: %{nodejs_arches}
- cmospwd
ExclusiveArch: %{ix86} x86_64
- cmrt
ExclusiveArch: %{ix86} x86_64 ia64
- coffee-script
ExclusiveArch: %{nodejs_arches} noarch
- colorful
ExclusiveArch: %{fpc_arches}
- cpu-x
ExclusiveArch: i686 x86_64
- cpuid
ExclusiveArch: %{ix86} x86_64
- cqrlog
ExclusiveArch: %{fpc_arches}
- crash
ExclusiveArch: %{ix86} ia64 x86_64 ppc ppc64 s390 s390x %{arm} aarch64 ppc64le
- cri-tools
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- criu
ExclusiveArch: x86_64 %{arm} ppc64le aarch64 s390x
- cryptlib
ExclusiveArch: x86_64 %{ix86} aarch64 ppc64 ppc64le
- cryptobone
ExclusiveArch: x86_64 %{ix86} ppc64 ppc64le aarch64
- daq
ExclusiveArch: x86_64 aarch64
- darktable
ExclusiveArch: x86_64 aarch64 ppc64le
ExclusiveArch: x86_64 ppc64le
- dbus-sharp
ExclusiveArch: %mono_arches
- dbus-sharp-glib
ExclusiveArch: %mono_arches
- dbxtool
ExclusiveArch: i386 x86_64 aarch64
- deepin-daemon
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- discord-irc
ExclusiveArch: %{nodejs_arches} noarch
- dlm
ExclusiveArch: i686 x86_64
- dmidecode
ExclusiveArch: %{ix86} x86_64 ia64 aarch64
- docker-distribution
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- dolphin-emu
ExclusiveArch: x86_64 aarch64
- dotnet-build-reference-packages
ExclusiveArch: x86_64 aarch64
- dotnet3.1
ExclusiveArch: aarch64 x86_64
- doublecmd
ExclusiveArch: %{ix86} x86_64
- dpdk
ExclusiveArch: x86_64 i686 aarch64 ppc64le
- dssi-vst
ExclusiveArch: %{ix86} x86_64
- dyninst
ExclusiveArch: %{ix86} x86_64 ppc64le aarch64
- e3
ExclusiveArch: %{ix86} x86_64
- edac-utils
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{power64}
- edb
ExclusiveArch: %{ix86} x86_64
- edk2
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
ExclusiveArch: x86_64 aarch64
- efibootmgr
ExclusiveArch: %{efi}
- efivar
ExclusiveArch: %{efi}
- elasticdump
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
ExclusiveArch: %{nodejs_arches} noarch
- elk
ExclusiveArch: x86_64 %{ix86}
ExclusiveArch: x86_64 %{ix86} aarch64 %{arm} %{power64}
- embree
ExclusiveArch: x86_64
- enki
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- envytools
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- eric
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- extlinux-bootloader
ExclusiveArch: %{arm} aarch64
- fcitx-libpinyin
ExclusiveArch: %{qt5_qtwebengine_arches}
- fedora-dockerfiles
ExclusiveArch: %{go_arches}
- fes
ExclusiveArch: %{ix86} x86_64
- flannel
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- florist
ExclusiveArch: %{GPRbuild_arches}
- fpc
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64 ppc64le
- frescobaldi
ExclusiveArch: %{qt5_qtwebengine_arches}
- frysk
ExclusiveArch: %{ix86} x86_64 ppc64
- fst
ExclusiveArch: i686
- fwts
ExclusiveArch: x86_64 %{arm} aarch64 s390x %{power64}
- ga
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- gbrainy
ExclusiveArch: %mono_arches
- gdata-sharp
ExclusiveArch: %mono_arches
- gdb-exploitable
ExclusiveArch: x86_64 i386
ExclusiveArch: x86_64 noarch
- gearhead1
ExclusiveArch: %{fpc_arches}
- gela-asis
ExclusiveArch: %GPRbuild_arches
- ghdl
ExclusiveArch: %{GNAT_arches}
- ghostwriter
ExclusiveArch: %{qt5_qtwebengine_arches}
- gio-sharp
ExclusiveArch: %mono_arches
- gir-to-d
ExclusiveArch: %{ldc_arches}
- git-octopus
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- giver
ExclusiveArch: %{mono_arches}
- gkeyfile-sharp
ExclusiveArch: %mono_arches
- glibc32
ExclusiveArch: x86_64
- glibd
ExclusiveArch: %{ldc_arches}
- gmqcc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- gnatcoll
ExclusiveArch: %{GPRbuild_arches}
- gnatcoll-bindings
ExclusiveArch: %{GPRbuild_arches}
- gnatcoll-db
ExclusiveArch: %{GPRbuild_arches}
- gnome-boxes
ExclusiveArch: x86_64
- gnome-desktop-sharp
ExclusiveArch: %mono_arches
- gnome-do
ExclusiveArch: %mono_arches
- gnome-guitar
ExclusiveArch: %{mono_arches}
- gnome-keyring-sharp
ExclusiveArch: %mono_arches
- gnome-rdp
ExclusiveArch: %{mono_arches}
- gnome-sharp
ExclusiveArch: %mono_arches
- gnome-subtitles
ExclusiveArch: %mono_arches
- gnu-efi
ExclusiveArch: %{efi}
- go-bindata
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- go-compilers
ExclusiveArch: %{go_arches}
- go-rpm-macros
ExclusiveArch: %{golang_arches} %{gccgo_arches}
- godep
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- golang
ExclusiveArch: %{golang_arches}
- gomtree
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- gotun
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
ExclusiveArch: x86_64
- goverlay
ExclusiveArch: %{fpc_arches}
- gprbuild
ExclusiveArch: %{GPRbuild_arches} %{bootstrap_arch}
- gprolog
ExclusiveArch: x86_64 %{ix86} ppc alpha
- grafana
ExclusiveArch: %{grafana_arches}
- grafana-pcp
ExclusiveArch: %{nodejs_arches}
- gtk-sharp-beans
ExclusiveArch: %mono_arches
- gtk-sharp2
ExclusiveArch: %mono_arches
- gtk-sharp3
ExclusiveArch: %{mono_arches}
- gtkd
ExclusiveArch: %{ldc_arches}
- gudev-sharp
ExclusiveArch: %mono_arches
- hedgewars
ExclusiveArch: %{fpc_arches}
- hip
ExclusiveArch: x86_64
- hsakmt
ExclusiveArch: x86_64 aarch64
- hyena
ExclusiveArch: %{mono_arches}
- hyperscan
ExclusiveArch: x86_64
- hyperv-daemons
ExclusiveArch: i686 x86_64
- i3status-rs
ExclusiveArch: %{rust_arches}
- icaro
ExclusiveArch: %{ix86} x86_64 noarch
- imvirt
ExclusiveArch: %{ix86} x86_64 ia64
- indistarter
ExclusiveArch: %{fpc_arches}
- infinipath-psm
ExclusiveArch: x86_64
- intel-cmt-cat
ExclusiveArch: x86_64 i686 i586
ExclusiveArch: x86_64 i686 i586
- intel-gmmlib
ExclusiveArch: x86_64 i686
- intel-mediasdk
ExclusiveArch: x86_64
- intel-undervolt
ExclusiveArch: i386 x86_64
- ioport
ExclusiveArch: %{ix86} x86_64
- ipmctl
ExclusiveArch: x86_64
- ipw2100-firmware
ExclusiveArch: noarch i386 x86_64
- ipw2200-firmware
ExclusiveArch: noarch i386 x86_64
- iucode-tool
ExclusiveArch: %{ix86} x86_64
- iyfct
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- jake
ExclusiveArch: %{nodejs_arches} noarch
- java-1.8.0-openjdk-aarch32
ExclusiveArch: %{arm}
- keepass
ExclusiveArch: %{mono_arches}
- kernel
ExclusiveArch: x86_64 s390x %{arm} aarch64 ppc64le
ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le
- kf5-akonadi-search
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-audiocd-kio
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kalarmcal
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kblog
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kcalendarcore
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kcalendarutils
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kitinerary
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kmailtransport
ExclusiveArch: x86_64 %{arm}
- kf5-ktnef
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-libkdcraw
ExclusiveArch: x86_64 ppc64le %{arm}
- kicad
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- kiwix-desktop
ExclusiveArch: %{qt5_qtwebengine_arches}
- knot-resolver
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- knotes
ExclusiveArch: x86_64 %{arm}
- kompose
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 s390x
- kosmtik
ExclusiveArch: %{nodejs_arches} noarch
- kubernetes
ExclusiveArch: x86_64 aarch64 ppc64le s390x %{arm}
- lazarus
ExclusiveArch: %{fpc_arches}
- ldc
ExclusiveArch: %{ldc_arches}
- libbsr
ExclusiveArch: %{power64}
- libclc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{power64} s390x
- libcxl
ExclusiveArch: %{power64}
- libdfp
ExclusiveArch: ppc ppc64 ppc64le s390 s390x
- libica
ExclusiveArch: s390 s390x
- libipt
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{ix86} x86_64
- libocxl
ExclusiveArch: ppc64le
- libpmemobj-cpp
ExclusiveArch: x86_64
- libpsm2
ExclusiveArch: x86_64
- libquentier
ExclusiveArch: %{qt5_qtwebengine_arches}
- libretro-desmume2015
ExclusiveArch: i686 x86_64
- librtas
ExclusiveArch: %{power64}
- libservicelog
ExclusiveArch: ppc %{power64}
- libsmbios
ExclusiveArch: x86_64 %{ix86}
- libunwind
ExclusiveArch: %{arm} aarch64 hppa ia64 mips ppc %{power64} s390x %{ix86} x86_64
- libva-intel-hybrid-driver
ExclusiveArch: %{ix86} x86_64 ia64
- libvmi
ExclusiveArch: x86_64
- libvpd
ExclusiveArch: %{power64}
- libxsmm
ExclusiveArch: x86_64
- libzfcphbaapi
ExclusiveArch: s390 s390x
- lightdm
ExclusiveArch: x86_64 ppc64le
- lodash
ExclusiveArch: %{nodejs_arches} noarch
- log4net
ExclusiveArch: %mono_arches
- lrmi
ExclusiveArch: %{ix86}
- lsvpd
ExclusiveArch: %{power64}
- luajit
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64 s390x ppc64le
- luxcorerender
ExclusiveArch: x86_64
- mactel-boot
ExclusiveArch: x86_64
- manifest-tool
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- mantle
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- marked
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- matreshka
ExclusiveArch: %GPRbuild_arches
- maxima
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc sparcv9
ExclusiveArch: %{ix86} x86_64 ppc sparcv9
- mbpfan
ExclusiveArch: x86_64
- mcelog
ExclusiveArch: i686 x86_64
- mediaconch
ExclusiveArch: %{qt5_qtwebengine_arches}
- mellowplayer
ExclusiveArch: %{qt5_qtwebengine_arches}
- memkind
ExclusiveArch: x86_64
- memtest86+
ExclusiveArch: %{ix86} x86_64
- mesos
ExclusiveArch: x86_64
- microcode_ctl
ExclusiveArch: %{ix86} x86_64
- micropython
ExclusiveArch: %{arm} %{ix86} x86_64
- mine_detector
ExclusiveArch: %{GPRbuild_arches}
- minetest
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- mingw-wine-gecko
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- mirrorlist-server
ExclusiveArch: %{rust_arches}
- mkbootdisk
ExclusiveArch: %{ix86} sparc sparc64 x86_64
- mnemosyne
ExclusiveArch: noarch %{qt5_qtwebengine_arches}
- mocha
ExclusiveArch: %{nodejs_arches} noarch
- mod_mono
ExclusiveArch: %mono_arches
- module-build-service
ExclusiveArch: %{ix86} x86_64 noarch
- mokutil
ExclusiveArch: %{ix86} x86_64 aarch64
- mono
ExclusiveArch: %mono_arches
- mono-addins
ExclusiveArch: %mono_arches
- mono-basic
ExclusiveArch: %{mono_arches}
- mono-bouncycastle
ExclusiveArch: %mono_arches
- mono-cecil
ExclusiveArch: %mono_arches
- mono-cecil-flowanalysis
ExclusiveArch: %mono_arches
- mono-reflection
ExclusiveArch: %mono_arches
- mono-tools
ExclusiveArch: %mono_arches
- mono-zeroconf
ExclusiveArch: %mono_arches
- monobristol
ExclusiveArch: %{mono_arches}
- monodevelop
ExclusiveArch: %mono_arches
- monodevelop-debugger-gdb
ExclusiveArch: %{mono_arches}
- monosim
ExclusiveArch: %mono_arches
- mozilla-iot-gateway
ExclusiveArch: %{nodejs_arches} noarch
- mozilla-iot-gateway-addon-node
ExclusiveArch: %{nodejs_arches} noarch
- mrrescue
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- msr-tools
ExclusiveArch: %{ix86} x86_64
- mustache-d
ExclusiveArch: %{ldc_arches}
- mysql-connector-net
ExclusiveArch: %{mono_arches}
- nant
ExclusiveArch: %mono_arches
- nbc
ExclusiveArch: %{fpc_arches}
- nbdkit
ExclusiveArch: x86_64
- ndesk-dbus
ExclusiveArch: %{mono_arches}
- ndesk-dbus-glib
ExclusiveArch: %{mono_arches}
- newsflash
ExclusiveArch: %{rust_arches}
- newtonsoft-json
ExclusiveArch: %{mono_arches}
- nim
ExclusiveArch: %{nim_arches}
- node-gyp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs
ExclusiveArch: %{nodejs_arches}
- nodejs-Base64
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-acorn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-acorn-dynamic-import
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-acorn-jsx
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-acorn-object-spread
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-agentkeepalive
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-align-text
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgblack
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgblue
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgcyan
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bggreen
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgmagenta
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgred
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgwhite
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bgyellow
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-black
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-blue
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-bold
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-colors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-cyan
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansi-dim
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-escapes
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-gray
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-green
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansi-grey
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-hidden
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-inverse
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-italic
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-magenta
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansi-red
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-regex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-reset
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-strikethrough
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-styles
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansi-underline
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-white
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ansi-wrap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansi-yellow
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansicolors
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ansistyles
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-any-path
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-any-promise
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ap
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-append-field
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-append-transform
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-are-we-there-yet
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-argparse
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-argsparser
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-arr-diff
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-arr-exclude
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-arr-flatten
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-arr-union
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-buffer-from-string
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-array-differ
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-array-events
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-array-filter
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-find
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-array-find-index
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-flatten
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-foreach
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-ify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-array-index
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-map
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-reduce
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-array-union
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-array-unique
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-arraybuffer-dot-slice
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-arraybuffer-equal
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-arrify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-asap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ascii-tree
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ascli
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-asn1
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-assert-plus
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-assertion-error
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-assume
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-async
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-async-array-reduce
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-async-arrays
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-async-limiter
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-async-queue
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-async-some
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-asynckit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-atob
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-auto-bind
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-autoresolve
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-aws-sign2
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-aws4
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-babel-code-frame
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-babel-plugin-syntax-async-functions
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-babel-plugin-syntax-async-generators
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-babel-runtime
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-babylon
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-backbone
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-backoff
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-balanced-match
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-base
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-base-plugins
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-base32-encode
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-base64-url
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-base64id
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bash-match
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-basic-auth
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bcrypt
ExclusiveArch: %{nodejs_arches}
- nodejs-beeper
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-benchmark
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-better-assert
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-better-than-before
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bignumber-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bind-obj-methods
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bit-mask
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bl
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-blob
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-block-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bluebird
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-body-parser
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-boolbase
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-boom
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-brace-expansion
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-braces
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-browser-stdout
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bson
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-buble
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-buf-compare
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-buffer-equal
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-buffer-writer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bufferutil
ExclusiveArch: %{nodejs_arches}
- nodejs-builtin-modules
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-builtins
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bundle-dependencies
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-bunker
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-burrito
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-busboy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-byline
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-cache-base
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-caching-transform
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-call-delayed
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-call-matcher
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-call-me-maybe
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-call-signature
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-callback-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-caller-callsite
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-caller-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-callsite
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-callsites
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-camelcase
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-camelcase-keys
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-carrier
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-caseless
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-center-align
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai-as-promised
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai-connect-middleware
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai-json-schema
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai-oauth2orize-grant
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai-passport-strategy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chai-spies-next
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chainer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chalk
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-char-spinner
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-character-parser
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-chardet
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-charenc
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-charm
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-check-env
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-check-error
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chroma-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-chrono
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ci-info
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-circular-json
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-clap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-class-utils
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-clean-css
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-clean-yaml-object
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-clear-require
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-cli
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cli-color
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cli-spinner
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cli-table
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-cliui
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-clone
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-clone-deep
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-clone-stats
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-closure-compiler
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-co
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-co-mocha
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-co-with-promise
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-coa
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-code-point-at
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-codemirror
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-coffee-coverage
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-collection-visit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-color-support
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-colors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-colour
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-columnify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-combined-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-commander
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-common-path-prefix
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-commondir
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-compare-func
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-compare-versions
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-component-indexof
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-component-inherit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-concat-map
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-concat-stream
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-connect-livereload
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-console-group
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-consolemd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-constantinople
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-content-disposition
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-content-type
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-angular
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-atom
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-codemirror
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-ember
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-eslint
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-express
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-jquery
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-jscs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-jshint
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-preset-loader
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-changelog-writer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-commits-filter
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-conventional-commits-parser
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-convert-hex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-cookies
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-copy-descriptor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-core-assert
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-core-js
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-core-util-is
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-coveralls
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-crc
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cross-spawn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cross-spawn-async
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-crypt
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cryptiles
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-csrf
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-css
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-css-parse
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-css-stringify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-css-tree
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-css-what
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-csso
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-csv
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-csv-generate
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-csv-parse
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-csv-spectrum
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-csv-stringify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ctype
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-currently-unhandled
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cycle
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-cyclist
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-d
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-dargs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-data-uri-to-buffer
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-dateformat
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-death
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-debug
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-debug-fabulous
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-debug-log
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-debuglog
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-decamelize
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-decamelize-keys
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-decimal-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-dedent
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-deep-eql
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-deep-equal
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-deep-extend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-deep-is
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-deeper
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-default-require-extensions
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-defaults
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-defence-cli
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-define-properties
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-define-property
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-delayed-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-delegates
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-dep-graph
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-depd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-deprecated
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-destroy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-detect-file
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-detect-indent
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-detect-newline
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-detect-node
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-dezalgo
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-dicer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-diff
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-difflet
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-difflib
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-dirty-chai
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-discord-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-docopt
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-doctrine
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-dot-prop
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-dotfile-regex
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-duplexer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-duplexer2
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-duplexify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-duration
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-each
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ebnf-parser
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-echomd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ee-first
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ejs
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-emojione
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-empty-dir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-end-of-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-error-ex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-error-symbol
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-es-abstract
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-es-to-primitive
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-es5-ext
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-es5-shim
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-es6-iterator
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-es6-promise
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-es6-promisify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-es6-shim
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-es6-symbol
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-es6-weak-map
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-escallmatch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-escape-html
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-escape-regexp-component
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-escape-string-regexp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-escope
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-espower-location-detector
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-espurify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-esrecurse
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-estraverse-fb
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-estree-walker
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-event-emitter
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-events
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-events-to-array
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-everything-dot-js
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-expand-brackets
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-expand-range
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-expand-tilde
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-express
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-extend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-extend-shallow
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-extended-emitter
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-extglob
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-eyes
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fancy-log
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-fast-levenshtein
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-fastfall
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-faucet
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-figures
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-file-entry-cache
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-file-sync-cmp
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-filelist
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-filename-regex
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-fill-keys
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fill-range
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-first-chunk-stream
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-flagged-respawn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-flush-write-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fmix
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fn-dot-name
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-for-each
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-for-in
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-for-own
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-foreach
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-foreground-child
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-forever-agent
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-form-data
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-formatio
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-forwarded
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-fragment-cache
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-freetree
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-from
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fs-dot-notify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fs-exists-cached
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fs-exists-sync
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-fs-ext
ExclusiveArch: %{nodejs_arches}
- nodejs-fs-temp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fs-vacuum
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fs-write-stream-atomic
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-fstream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-function-bind
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-function-loop
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-gauge
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-gaze
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-gdal
ExclusiveArch: %{nodejs_arches}
- nodejs-generate-function
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-generate-object-property
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-get-port
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-get-value
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-git-tails
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-github-url-from-username-repo
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-glob
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-glob-base
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-glob-expand
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-glob-parent
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-glob-to-regexp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-global-modules
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-global-prefix
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-globals
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-globby
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-globule
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-glogg
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-gonzales-pe
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-graceful-fs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-graceful-readlink
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-growl
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-grunt
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-banner
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-grunt-cli
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-contrib-nodeunit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-known-options
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-legacy-log
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-legacy-log-utils
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-legacy-util
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-sed
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-grunt-simple-mocha
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-gulplog
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-handlebars
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-har-validator
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-ansi
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-binary
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-binary2
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-color
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-has-cors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-flag
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-glob
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-has-gulplog
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-has-symbols
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-unicode
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-value
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-values
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-has-yarn
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-hash_file
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-hawk
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-heap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-hex-to-array-buffer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-hoek
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-homedir-polyfill
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-hook-std
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-hosted-git-info
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-hsluv
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-http-deceiver
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-http-errors
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-http-signature
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-http2
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-humanize-ms
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-i18n-transform
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-i2c
ExclusiveArch: %{nodejs_arches}
- nodejs-iconv
ExclusiveArch: %{nodejs_arches}
- nodejs-iconv-lite
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-iferr
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ignore
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-image-size
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-immutable
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-import-local
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-imul
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-imurmurhash
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-indent-string
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-indexof
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-inflight
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-info-symbol
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-inherit
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-inherits
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-int64-buffer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-intercept-require
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-interpret
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-invert-kv
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ip
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ipaddr-dot-js
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-irc-colors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-irc-formatting
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-irc-upd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-irregular-plurals
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-accessor-descriptor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-arrayish
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-boolean-object
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-buffer
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-builtin-module
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-callable
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-data-descriptor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-date-object
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-descriptor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-dir
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-dotfile
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-equal-shallow
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-extendable
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-extglob
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-finite
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-fullwidth-code-point
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-function
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-generator
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-generator-fn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-generator-function
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-glob
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-module
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-my-json-valid
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-negated-glob
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-node
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-number
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-number-object
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-obj
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-object
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-observable
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-odd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-path-cwd
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-path-in-cwd
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-path-inside
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-plain-obj
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-plain-object
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-primitive
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-promise
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-property
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-regex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-regexp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-registered
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-relative
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-string
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-subset
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-symbol
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-text-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-typedarray
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-unc-path
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-url
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-utf8
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-valid-glob
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-is-valid-instance
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-is-windows
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-isarray
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-isexe
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-isobject
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-isodate
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-isstream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-istanbul-lib-coverage
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-istanbul-lib-hook
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-istanbul-lib-report
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-istanbul-lib-source-maps
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-istanbul-reports
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jade
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-jest-mock
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jison-lex
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-js-base64
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-js-string-escape
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-js-tokens
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-jschardet
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-json-diff
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-json-localizer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-json-stable-stringify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-json-stringify-safe
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-json3
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jsonfile
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-jsonify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-jsonm
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jsonparse
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jsonpointer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jsonpointer-dot-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-jsonselect
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-keep-alive-agent
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-keygrip
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-kind-of
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-klaw
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-kuler2gpl
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-lazy-cache
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-lcid
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-leaflet
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-leaflet-formbuilder
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-leaflet-hash
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-leche
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-left-pad
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-less
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-less-plugin-clean-css
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-levn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-libpq
ExclusiveArch: %{nodejs_arches}
- nodejs-libxmljs
ExclusiveArch: %{nodejs_arches}
- nodejs-line-numbers
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-line-reader
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-linefix
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-linkify-it
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-locate-character
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-log-driver
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-log-ok
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-log-utils
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-lolex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-long
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-longest
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-loud-rejection
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-lru-cache
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-lru-queue
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-magic-string
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-make-arrow-function
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-make-error
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-make-generator-function
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-make-node
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-makedir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-makeerror
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-map-cache
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-map-obj
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-map-visit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mapnik
ExclusiveArch: %{nodejs_arches}
- nodejs-mapnik-pool
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mapnik-vector-tile
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-markdown
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-markdown-it-testgen
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-matched
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-max-timeout
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-mbtiles
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-md5
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-md5-hex
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-md5-o-matic
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-mdn-data
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mdurl
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-media-typer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-memoize-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-memoizee
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-merge-descriptors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-metascript
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-micromatch
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-millstone
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mime-db
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mime-types
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-minimalistic-assert
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-minimatch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-minimist
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-minipass
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mixin-deep
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mixin-object
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mkdirp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mock-fs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-modify-values
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-module-not-found-error
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mongodb
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mongodb-core
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-monocle
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ms
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-multimatch
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-multipipe
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-murmur-32
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mustache
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mutate-fs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mv
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-mysql
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-mz
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-nan
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nan1
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nanomatch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nanomsg
ExclusiveArch: %{nodejs_arches}
- nodejs-nanoseconds
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-needle
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-negative-zero
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-net-browserify-alt
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-next-tick
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-node-dot-extend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-node-expat
ExclusiveArch: %{nodejs_arches}
ExclusiveArch: %{ix86} x86_64 %{arm}
- nodejs-node-markdown
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-node-static
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-node-stringprep
ExclusiveArch: %{nodejs_arches}
- nodejs-node-uuid
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-nodemon
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nomnom
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-noncharacters
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nopt
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nopt-usage
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-normalize-git-url
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-normalize-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-npm-cache-filename
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-npm-install-checks
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-npm-license
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-npm-package-arg
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-npm-run-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-nth-check
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-number-is-nan
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-numeral
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-oauth
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-oauth-sign
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-oauth2orize
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-assign
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-copy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-dot-assign
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-dot-omit
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-object-inspect
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-is
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-keys
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-object-visit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-observable-to-promise
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-obuf
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-okay
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-on-finished
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-on-headers
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-once
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-open
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-option-cache
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-option-chain
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-optionator
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-options
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-optjs
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-orchestrator
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ordered-read-streams
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-os-homedir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-os-locale
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-os-shim
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-os-tmpdir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-output-file-sync
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-own-or
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-own-or-env
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-p-finally
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-p-limit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-p-locate
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-p-try
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-package-license
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-packaging
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-packet-reader
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pad
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-pad-left
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-parallel-transform
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-parse-github-repo-url
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-parse-glob
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-parse-ms
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-parse-passwd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-parsejson
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-parseqs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-parseuri
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pascalcase
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-passport-http-bearer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-passport-oauth
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-passport-oauth1
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-passport-oauth2
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-passport-strategy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-array
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-path-dirname
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-exists
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-extra
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-is-absolute
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-is-inside
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-key
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-parse
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path-to-regexp
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-path-type
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-path2
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-pathval
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pbkdf2-password
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pedding
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pff
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-connection-string
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-cursor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-escape
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-int8
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-native
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-numeric
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-packet-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-pool
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-protocol
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pg-types
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pgpass
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pinkie
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pinkie-promise
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pkginfo
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-platform
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-plur
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-posix-character-classes
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-postgres-array
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-postgres-bytea
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-postgres-date
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-postgres-interval
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-precond
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-prelude-ls
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-preserve
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-pretty-hrtime
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-pretty-ms
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pretty-time
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-prism-media
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-process-nextick-args
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-proclaim
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-progress
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-progress-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-promise
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-promises-aplus-tests
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-prompt
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-propagate
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-propget
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-proxy-addr
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-proxyquire
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pruddy-error
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pseudomap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-pump
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-pumpify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-qs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-qtdatastream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-queue-async
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-quick-lru
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rainbowsocks
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-random-bytes
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-random-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-randomatic
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-raw-body
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-re-emitter
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-read-all-stream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-read-cmd-shim
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-read-file
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-read-pkg
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-readable-stream
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-readdir-enhanced
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-readdir-scoped-modules
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-readdirp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-realize-package-specifier
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rechoir
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-regex-cache
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-regex-not
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-remove-trailing-separator
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-repeat-element
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-repeat-string
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-repeating
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-replace
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-replace-require-self
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-request
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-require-directory
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-require-inject
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-require-main-filename
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-require-relative
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-require-uncached
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-require-yaml
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-resolve-cwd
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-resolve-dir
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-resolve-from
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-resolve-pkg
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-resolve-url
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-resumer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-reusify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rewire
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rfile
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rhea
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-right-align
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rimraf
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rndm
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-rollup
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-rollup-plugin-buble
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rollup-plugin-commonjs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rollup-plugin-json
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rollup-plugin-node-resolve
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rollup-plugin-typescript
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-rollup-pluginutils
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ronn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-runforcover
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-safe-buffer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-safe-json-stringify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-safe-regex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-safecb
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-samsam
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-secure-random
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-seedrandom
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-semver
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sentiment
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sequencify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-serialize-error
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-server-destroy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-set-blocking
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-set-getter
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-set-immediate
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-set-immediate-shim
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-set-value
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-setprototypeof
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sha
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-shallow-clone
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-shebang-command
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-shebang-regex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-shelljs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-shelljs-nodecli
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-should
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-should-equal
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-should-format
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-should-http
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-should-type
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sift
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-signal-exit
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-simple-assert
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-simple-asyncify
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-simple-fmt
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-simple-is
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-simple-markdown
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-single-line-log
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sinon
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sinon-chai
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-sinon-restore
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-slash
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-sliced
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-slide
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-snapdragon
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-snapdragon-capture
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-snapdragon-capture-set
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-snapdragon-node
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-snapdragon-util
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-snekfetch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sntp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-socket-dot-io-parser
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sorted-object
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-source-map
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-source-map-fixtures
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-source-map-resolve
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-source-map-url
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sparkles
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-spawn-sync
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-spawn-wrap
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-spdx-exceptions
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-spdx-license-ids
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-spec
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-spec-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-speedometer
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-split
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-split-string
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-split2
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sprintf
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sprintf-js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-sqlite3
ExclusiveArch: %{nodejs_arches}
- nodejs-srs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ssri
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stable
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stack-trace
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stack-utils
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-static-extend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-statuses
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stream-combiner
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stream-consume
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stream-each
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stream-pair
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stream-replace
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stream-shift
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stream-spigot
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-stream-transform
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-streamsearch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-streamtest
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-string
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-string-dot-prototype-dot-repeat
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-string-dot-prototype-dot-trim
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-string-width
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-string_decoder
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stringmap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stringscanner
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stringset
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-stringstream
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-strip-ansi
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-strip-bom
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-strip-bom-stream
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-strip-bom-string
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-strip-color
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-strip-eof
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-strip-json-comments
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-strip-path
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-success-symbol
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-supervisor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-supports-color
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-suspend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-svgo
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-symbol-observable
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tap
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tap-mocha-reporter
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tap-out
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tap-parser
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tap-spec
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tape
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tapes
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tar
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tar-pack
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-temp-dir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-temp-write
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tempfile
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tern-liferay
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-terst
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-testdata-w3c-json-form
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-testutil
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-text-extensions
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-text-table
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-thenify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-thenify-all
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-thread-sleep
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-through2
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-through2-filter
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-thunkify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tildify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tilelive-mapnik
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tiletype
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-time-diff
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-time-stamp
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-timekeeper
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-timers-ext
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tippex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tlds
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tmatch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tmp
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tmpl
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-to-array
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-to-object-path
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-to-regex
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-to-regex-range
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-toidentifier
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-touch
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tough-cookie
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tracejs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-transformers
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-traverse
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-treeify
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tressa
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-trim
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-trim-newlines
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-trim-off-newlines
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-trivial-deferred
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-try-open
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-try-thread-sleep
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tryor
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tsame
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tslib
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tsscmp
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-tunnel-agent
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tv4
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tweetnacl
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tweetnacl-util
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-type-check
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-type-detect
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-type-is
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-type-name
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-typescript
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-uc-dot-micro
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-uid-safe
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-uid2
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-ultron
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-umask
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-unc-path-regex
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-underscore
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-unicode-length
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-union-value
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-unique-filename
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-unique-slug
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-unique-stream
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-unique-temp-dir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-unpipe
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-unset-value
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-uri-path
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-urix
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-use
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-user-home
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-utf8
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-util
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-util-deprecate
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-util-extend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-util-inspect
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-utilities
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-utils-merge
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-uuid
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-vali-date
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-validate-npm-package-name
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-vlq
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-vow
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-vow-fs
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-vow-queue
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-vows
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-walker
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ware
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-warning-symbol
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-watershed
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-wbuf
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-wcwidth
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-when
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-whet-dot-extend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-win-spawn
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-window-size
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-winston
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-with
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-wolfy87-eventemitter
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-woothee
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-wordwrap
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-wrap-ansi
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-wrap-fn
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-wrappy
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-write-file-atomic
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-ws
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-xdg-basedir
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-xml2js
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-xmlbuilder
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-xmlhttprequest
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-xtend
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-y18n
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-yallist
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-yapool
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-yargs
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-yargs-parser
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-yeast
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-yn
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-zap
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-zeropad
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-zipfile
ExclusiveArch: %{nodejs_arches}
- nodejs-zlibjs
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodeunit
ExclusiveArch: %{nodejs_arches} noarch
- notify-sharp
ExclusiveArch: %{mono_arches}
- notify-sharp3
ExclusiveArch: %{mono_arches}
- nuget
ExclusiveArch: %{mono_arches}
- numatop
ExclusiveArch: x86_64 ppc64le
- nunit
ExclusiveArch: %{mono_arches}
- nunit2
ExclusiveArch: %{mono_arches}
- nvml
ExclusiveArch: x86_64 ppc64le
- nwchem
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- obs-service-rust2rpm
ExclusiveArch: %{rust_arches} noarch
- oci-kvm-hook
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- oci-seccomp-bpf-hook
ExclusiveArch: x86_64 %{power64} aarch64 s390x
- oci-umount
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x %{mips}
- oidn
ExclusiveArch: x86_64
- olpc-kbdshim
ExclusiveArch: %{ix86} %{arm}
- olpc-netutils
ExclusiveArch: %{ix86} %{arm}
- olpc-utils
ExclusiveArch: %{ix86} %{arm}
- onedrive
ExclusiveArch: %{ldc_arches}
- opae
ExclusiveArch: x86_64
- opal-prd
ExclusiveArch: ppc64le
- open-vm-tools
ExclusiveArch: x86_64
ExclusiveArch: %{ix86} x86_64
- openblas
ExclusiveArch: %{openblas_arches}
- openjfx
ExclusiveArch: x86_64
- openjfx8
ExclusiveArch: x86_64
- openlibm
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 %{power64}
- openni
ExclusiveArch: %{ix86} x86_64 %{arm}
- openni-primesense
ExclusiveArch: %{ix86} x86_64 %{arm}
- openssl-ibmca
ExclusiveArch: s390 s390x
- origin
ExclusiveArch: %{go_arches}
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- orion
ExclusiveArch: %{qt5_qtwebengine_arches}
- orthorobot
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- paflib
ExclusiveArch: ppc %{power64}
- pcc
ExclusiveArch: %{ix86} x86_64
- pcmciautils
ExclusiveArch: %{ix86} x86_64 ia64 ppc ppc64 %{arm}
- pdfmod
ExclusiveArch: %mono_arches
- peripety
ExclusiveArch: %{rust_arches}
- perl-Dumbbench
ExclusiveArch: %{ix86} x86_64 noarch
- perl-Parse-DMIDecode
ExclusiveArch: %{ix86} x86_64 ia64 aarch64
- pesign
ExclusiveArch: %{ix86} x86_64 ia64 aarch64 %{arm}
- pesign-test-app
ExclusiveArch: i686 x86_64 ia64 aarch64
- pinta
ExclusiveArch: %mono_arches
- pioneer
ExclusiveArch: %{ix86} x86_64
- pmdk-convert
ExclusiveArch: x86_64
- pmemkv
ExclusiveArch: x86_64
- pocl
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- poppler-sharp
ExclusiveArch: %mono_arches
- popub
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- powerpc-utils
ExclusiveArch: ppc %{power64}
- ppc64-diag
ExclusiveArch: ppc %{power64}
- pveclib
ExclusiveArch: ppc %{power64}
- pvs-sbcl
ExclusiveArch: %{ix86} x86_64 ppc sparcv9
- pyqtwebengine
ExclusiveArch: %{qt5_qtwebengine_arches}
- python-etcd
ExclusiveArch: noarch %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- python-healpy
ExclusiveArch: aarch64 ppc64 ppc64le x86_64 s390x
- python-javabridge
ExclusiveArch: i686 x86_64
- python-openoffice
ExclusiveArch: noarch x86_64
- python-pymoc
ExclusiveArch: aarch64 ppc64 ppc64le x86_64 s390x
- python-rpi-gpio
ExclusiveArch: %{arm} aarch64
- q4wine
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- qcint
ExclusiveArch: x86_64
- qclib
ExclusiveArch: s390 s390x
- qevercloud
ExclusiveArch: %{qt5_qtwebengine_arches}
- qmapshack
ExclusiveArch: %{qt5_qtwebengine_arches}
- qt4pas
ExclusiveArch: %{fpc_arches}
- qt5-qtwebengine
ExclusiveArch: %{qt5_qtwebengine_arches}
- quantum-espresso
ExclusiveArch: x86_64 %{ix86}
ExclusiveArch: x86_64 %{ix86}
- quentier
ExclusiveArch: %{qt5_qtwebengine_arches}
- rear
ExclusiveArch: %ix86 x86_64 ppc ppc64 ppc64le ia64
- redhat-lsb
ExclusiveArch: %{ix86} ia64 x86_64 ppc ppc64 s390 s390x %{arm} aarch64 ppc64le
- reg
ExclusiveArch: x86_64
- renderdoc
ExclusiveArch: %{ix86} x86_64
- reptyr
ExclusiveArch: %{ix86} x86_64 %{arm}
- rescene
ExclusiveArch: %{mono_arches}
- restsharp
ExclusiveArch: %{mono_arches}
- rhythmbox-alternative-toolbar
ExclusiveArch: %{ix86} %{arm} x86_64 ppc64 ppc64le
- rmd
ExclusiveArch: %{ix86} x86_64
- rocm-runtime
ExclusiveArch: x86_64 aarch64
- rocminfo
ExclusiveArch: x86_64 aarch64
- rpm-ostree
ExclusiveArch: %{rust_arches}
- rr
ExclusiveArch: %{ix86} x86_64
- rssguard
ExclusiveArch: %{qt5_qtwebengine_arches}
- rubygem-childprocess
ExclusiveArch: %{ix86} x86_64 noarch
- runc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le %{mips} s390x
- rust
ExclusiveArch: %{rust_arches}
- rust-abomonation
ExclusiveArch: %{rust_arches}
- rust-actix
ExclusiveArch: %{rust_arches}
- rust-actix-codec
ExclusiveArch: %{rust_arches}
- rust-actix-connect
ExclusiveArch: %{rust_arches}
- rust-actix-files
ExclusiveArch: %{rust_arches}
- rust-actix-http
ExclusiveArch: %{rust_arches}
- rust-actix-macros
ExclusiveArch: %{rust_arches}
- rust-actix-router
ExclusiveArch: %{rust_arches}
- rust-actix-rt
ExclusiveArch: %{rust_arches}
- rust-actix-server
ExclusiveArch: %{rust_arches}
- rust-actix-server-config
ExclusiveArch: %{rust_arches}
- rust-actix-service
ExclusiveArch: %{rust_arches}
- rust-actix-testing
ExclusiveArch: %{rust_arches}
- rust-actix-threadpool
ExclusiveArch: %{rust_arches}
- rust-actix-tls
ExclusiveArch: %{rust_arches}
- rust-actix-utils
ExclusiveArch: %{rust_arches}
- rust-actix-web
ExclusiveArch: %{rust_arches}
- rust-actix-web-codegen
ExclusiveArch: %{rust_arches}
- rust-actix_derive
ExclusiveArch: %{rust_arches}
- rust-addr2line
ExclusiveArch: %{rust_arches}
- rust-adler32
ExclusiveArch: %{rust_arches}
- rust-aes
ExclusiveArch: %{rust_arches}
- rust-aes-soft
ExclusiveArch: %{rust_arches}
- rust-afterburn
ExclusiveArch: %{rust_arches}
- rust-ahash
ExclusiveArch: %{rust_arches}
- rust-aho-corasick
ExclusiveArch: %{rust_arches}
- rust-alga
ExclusiveArch: %{rust_arches}
- rust-alga_derive
ExclusiveArch: %{rust_arches}
- rust-alloc-no-stdlib
ExclusiveArch: %{rust_arches}
- rust-alloc-stdlib
ExclusiveArch: %{rust_arches}
- rust-alphanumeric-sort
ExclusiveArch: %{rust_arches}
- rust-ammonia
ExclusiveArch: %{rust_arches}
- rust-ansi_colours
ExclusiveArch: %{rust_arches}
- rust-ansi_term
ExclusiveArch: %{rust_arches}
- rust-ansi_term0.11
ExclusiveArch: %{rust_arches}
- rust-antidote
ExclusiveArch: %{rust_arches}
- rust-anyhow
ExclusiveArch: %{rust_arches}
- rust-anymap
ExclusiveArch: %{rust_arches}
- rust-aom-sys
ExclusiveArch: %{rust_arches}
- rust-app_dirs
ExclusiveArch: %{rust_arches}
- rust-approx
ExclusiveArch: %{rust_arches}
- rust-arbitrary
ExclusiveArch: %{rust_arches}
- rust-arc-swap
ExclusiveArch: %{rust_arches}
- rust-arg_enum_proc_macro
ExclusiveArch: %{rust_arches}
- rust-argparse
ExclusiveArch: %{rust_arches}
- rust-array-init
ExclusiveArch: %{rust_arches}
- rust-arraydeque
ExclusiveArch: %{rust_arches}
- rust-arrayref
ExclusiveArch: %{rust_arches}
- rust-arrayvec
ExclusiveArch: %{rust_arches}
- rust-article_scraper
ExclusiveArch: %{rust_arches}
- rust-ascii
ExclusiveArch: %{rust_arches}
- rust-askalono
ExclusiveArch: %{rust_arches}
- rust-askalono-cli
ExclusiveArch: %{rust_arches}
- rust-assert-json-diff
ExclusiveArch: %{rust_arches}
- rust-assert_cmd
ExclusiveArch: %{rust_arches}
- rust-assert_fs
ExclusiveArch: %{rust_arches}
- rust-assert_matches
ExclusiveArch: %{rust_arches}
- rust-async-attributes
ExclusiveArch: %{rust_arches}
- rust-async-compression
ExclusiveArch: %{rust_arches}
- rust-async-task
ExclusiveArch: %{rust_arches}
- rust-async-trait
ExclusiveArch: %{rust_arches}
- rust-asyncgit
ExclusiveArch: %{rust_arches}
- rust-atk
ExclusiveArch: %{rust_arches}
- rust-atk-sys
ExclusiveArch: %{rust_arches}
- rust-atom
ExclusiveArch: %{rust_arches}
- rust-atomicwrites
ExclusiveArch: %{rust_arches}
- rust-attohttpc
ExclusiveArch: %{rust_arches}
- rust-atty
ExclusiveArch: %{rust_arches}
- rust-autocfg
ExclusiveArch: %{rust_arches}
- rust-average
ExclusiveArch: %{rust_arches}
- rust-awc
ExclusiveArch: %{rust_arches}
- rust-backtrace
ExclusiveArch: %{rust_arches}
- rust-backtrace-sys
ExclusiveArch: %{rust_arches}
- rust-base100
ExclusiveArch: %{rust_arches}
- rust-base64
ExclusiveArch: %{rust_arches}
- rust-base64-0.10
ExclusiveArch: %{rust_arches}
- rust-base64-0.11
ExclusiveArch: %{rust_arches}
- rust-bat
ExclusiveArch: %{rust_arches}
- rust-battery
ExclusiveArch: %{rust_arches}
- rust-bencher
ExclusiveArch: %{rust_arches}
- rust-better-panic
ExclusiveArch: %{rust_arches}
- rust-bincode
ExclusiveArch: %{rust_arches}
- rust-bincode0.8
ExclusiveArch: %{rust_arches}
- rust-bindgen
ExclusiveArch: %{rust_arches}
- rust-bit-set
ExclusiveArch: %{rust_arches}
- rust-bit-vec
ExclusiveArch: %{rust_arches}
- rust-bitflags
ExclusiveArch: %{rust_arches}
- rust-bitmaps
ExclusiveArch: %{rust_arches}
- rust-bitstream-io
ExclusiveArch: %{rust_arches}
- rust-blake2
ExclusiveArch: %{rust_arches}
- rust-blobby
ExclusiveArch: %{rust_arches}
- rust-block-buffer
ExclusiveArch: %{rust_arches}
- rust-block-buffer0.7
ExclusiveArch: %{rust_arches}
- rust-block-cipher
ExclusiveArch: %{rust_arches}
- rust-block-cipher-trait
ExclusiveArch: %{rust_arches}
- rust-block-modes
ExclusiveArch: %{rust_arches}
- rust-block-padding
ExclusiveArch: %{rust_arches}
- rust-bodhi
ExclusiveArch: %{rust_arches}
- rust-bodhi-cli
ExclusiveArch: %{rust_arches}
- rust-box_drawing
ExclusiveArch: %{rust_arches}
- rust-brev
ExclusiveArch: %{rust_arches}
- rust-brotli
ExclusiveArch: %{rust_arches}
- rust-brotli-decompressor
ExclusiveArch: %{rust_arches}
- rust-brotli-sys
ExclusiveArch: %{rust_arches}
- rust-brotli2
ExclusiveArch: %{rust_arches}
- rust-bstr
ExclusiveArch: %{rust_arches}
- rust-buf_redux
ExclusiveArch: %{rust_arches}
- rust-bufstream
ExclusiveArch: %{rust_arches}
- rust-build_const
ExclusiveArch: %{rust_arches}
- rust-byte-tools
ExclusiveArch: %{rust_arches}
- rust-byte-unit
ExclusiveArch: %{rust_arches}
- rust-bytecount
ExclusiveArch: %{rust_arches}
- rust-bytemuck
ExclusiveArch: %{rust_arches}
- rust-byteorder
ExclusiveArch: %{rust_arches}
- rust-bytes
ExclusiveArch: %{rust_arches}
- rust-bytes0.3
ExclusiveArch: %{rust_arches}
- rust-bytes0.4
ExclusiveArch: %{rust_arches}
- rust-bytesize
ExclusiveArch: %{rust_arches}
- rust-bytestring
ExclusiveArch: %{rust_arches}
- rust-c2-chacha
ExclusiveArch: %{rust_arches}
- rust-c_vec
ExclusiveArch: %{rust_arches}
- rust-cairo-rs
ExclusiveArch: %{rust_arches}
- rust-cairo-sys-rs
ExclusiveArch: %{rust_arches}
- rust-calloop
ExclusiveArch: %{rust_arches}
- rust-caps
ExclusiveArch: %{rust_arches}
- rust-cargo
ExclusiveArch: %{rust_arches}
- rust-cargo-bloat
ExclusiveArch: %{rust_arches}
- rust-cargo-c
ExclusiveArch: %{rust_arches}
- rust-cargo-husky
ExclusiveArch: %{rust_arches}
- rust-cargo-insta
ExclusiveArch: %{rust_arches}
- rust-cargo-platform
ExclusiveArch: %{rust_arches}
- rust-cargo_metadata
ExclusiveArch: %{rust_arches}
- rust-cassowary
ExclusiveArch: %{rust_arches}
- rust-cast
ExclusiveArch: %{rust_arches}
- rust-cbindgen
ExclusiveArch: %{rust_arches}
- rust-cc
ExclusiveArch: %{rust_arches}
- rust-cexpr
ExclusiveArch: %{rust_arches}
- rust-cfg-if
ExclusiveArch: %{rust_arches}
- rust-chainerror
ExclusiveArch: %{rust_arches}
- rust-charset
ExclusiveArch: %{rust_arches}
- rust-chbs
ExclusiveArch: %{rust_arches}
- rust-checked_int_cast
ExclusiveArch: %{rust_arches}
- rust-choosier
ExclusiveArch: %{rust_arches}
- rust-chrono
ExclusiveArch: %{rust_arches}
- rust-chrono-humanize
ExclusiveArch: %{rust_arches}
- rust-chrono-tz
ExclusiveArch: %{rust_arches}
- rust-chunked_transfer
ExclusiveArch: %{rust_arches}
- rust-clang-sys
ExclusiveArch: %{rust_arches}
- rust-clap
ExclusiveArch: %{rust_arches}
- rust-clicolors-control
ExclusiveArch: %{rust_arches}
- rust-cmake
ExclusiveArch: %{rust_arches}
- rust-color-backtrace
ExclusiveArch: %{rust_arches}
- rust-color_quant
ExclusiveArch: %{rust_arches}
- rust-colored
ExclusiveArch: %{rust_arches}
- rust-colored_json
ExclusiveArch: %{rust_arches}
- rust-compiletest_rs
ExclusiveArch: %{rust_arches}
- rust-comrak
ExclusiveArch: %{rust_arches}
- rust-config
ExclusiveArch: %{rust_arches}
- rust-console
ExclusiveArch: %{rust_arches}
- rust-console0.9
ExclusiveArch: %{rust_arches}
- rust-const-random
ExclusiveArch: %{rust_arches}
- rust-const-random-macro
ExclusiveArch: %{rust_arches}
- rust-content_inspector
ExclusiveArch: %{rust_arches}
- rust-conv
ExclusiveArch: %{rust_arches}
- rust-cookie
ExclusiveArch: %{rust_arches}
- rust-cookie_store
ExclusiveArch: %{rust_arches}
- rust-copyless
ExclusiveArch: %{rust_arches}
- rust-coreos-installer
ExclusiveArch: %{rust_arches}
- rust-cpio
ExclusiveArch: %{rust_arches}
- rust-cpp_demangle
ExclusiveArch: %{rust_arches}
- rust-crates-io
ExclusiveArch: %{rust_arches}
- rust-crc
ExclusiveArch: %{rust_arches}
- rust-crc-any
ExclusiveArch: %{rust_arches}
- rust-crc-core
ExclusiveArch: %{rust_arches}
- rust-crc32fast
ExclusiveArch: %{rust_arches}
- rust-criterion
ExclusiveArch: %{rust_arches}
- rust-criterion-plot
ExclusiveArch: %{rust_arches}
- rust-crossbeam
ExclusiveArch: %{rust_arches}
- rust-crossbeam-channel
ExclusiveArch: %{rust_arches}
- rust-crossbeam-deque
ExclusiveArch: %{rust_arches}
- rust-crossbeam-epoch
ExclusiveArch: %{rust_arches}
- rust-crossbeam-queue
ExclusiveArch: %{rust_arches}
- rust-crossbeam-utils
ExclusiveArch: %{rust_arches}
- rust-crossterm
ExclusiveArch: %{rust_arches}
- rust-crypto-hash
ExclusiveArch: %{rust_arches}
- rust-crypto-mac
ExclusiveArch: %{rust_arches}
- rust-cryptovec
ExclusiveArch: %{rust_arches}
- rust-cssparser
ExclusiveArch: %{rust_arches}
- rust-cssparser-macros
ExclusiveArch: %{rust_arches}
- rust-csv
ExclusiveArch: %{rust_arches}
- rust-csv-core
ExclusiveArch: %{rust_arches}
- rust-ctrlc
ExclusiveArch: %{rust_arches}
- rust-curl
ExclusiveArch: %{rust_arches}
- rust-curl-sys
ExclusiveArch: %{rust_arches}
- rust-custom_derive
ExclusiveArch: %{rust_arches}
- rust-darling
ExclusiveArch: %{rust_arches}
- rust-darling_core
ExclusiveArch: %{rust_arches}
- rust-darling_macro
ExclusiveArch: %{rust_arches}
- rust-dashmap
ExclusiveArch: %{rust_arches}
- rust-data-encoding
ExclusiveArch: %{rust_arches}
- rust-data-url
ExclusiveArch: %{rust_arches}
- rust-datetime
ExclusiveArch: %{rust_arches}
- rust-dav1d-sys
ExclusiveArch: %{rust_arches}
- rust-dbus
ExclusiveArch: %{rust_arches}
- rust-dbus0.2
ExclusiveArch: %{rust_arches}
- rust-dbus0.6
ExclusiveArch: %{rust_arches}
- rust-debug-helper
ExclusiveArch: %{rust_arches}
- rust-decimal
ExclusiveArch: %{rust_arches}
- rust-deflate
ExclusiveArch: %{rust_arches}
- rust-defmac
ExclusiveArch: %{rust_arches}
- rust-delta_e
ExclusiveArch: %{rust_arches}
- rust-derive_builder
ExclusiveArch: %{rust_arches}
- rust-derive_builder_core
ExclusiveArch: %{rust_arches}
- rust-derive_more
ExclusiveArch: %{rust_arches}
- rust-des
ExclusiveArch: %{rust_arches}
- rust-desed
ExclusiveArch: %{rust_arches}
- rust-deunicode
ExclusiveArch: %{rust_arches}
- rust-devicemapper
ExclusiveArch: %{rust_arches}
- rust-diesel
ExclusiveArch: %{rust_arches}
- rust-diesel_derives
ExclusiveArch: %{rust_arches}
- rust-diesel_migrations
ExclusiveArch: %{rust_arches}
- rust-diff
ExclusiveArch: %{rust_arches}
- rust-difference
ExclusiveArch: %{rust_arches}
- rust-digest
ExclusiveArch: %{rust_arches}
- rust-digest0.8
ExclusiveArch: %{rust_arches}
- rust-directories
ExclusiveArch: %{rust_arches}
- rust-dirs
ExclusiveArch: %{rust_arches}
- rust-dirs-sys
ExclusiveArch: %{rust_arches}
- rust-diskonaut
ExclusiveArch: %{rust_arches}
- rust-dissimilar
ExclusiveArch: %{rust_arches}
- rust-dlib
ExclusiveArch: %{rust_arches}
- rust-dns-lookup
ExclusiveArch: %{rust_arches}
- rust-dns-parser
ExclusiveArch: %{rust_arches}
- rust-doc-comment
ExclusiveArch: %{rust_arches}
- rust-docmatic
ExclusiveArch: %{rust_arches}
- rust-docopt
ExclusiveArch: %{rust_arches}
- rust-dotenv
ExclusiveArch: %{rust_arches}
- rust-downcast-rs
ExclusiveArch: %{rust_arches}
- rust-dtoa
ExclusiveArch: %{rust_arches}
- rust-dtoa-short
ExclusiveArch: %{rust_arches}
- rust-dua-cli
ExclusiveArch: %{rust_arches}
- rust-duct
ExclusiveArch: %{rust_arches}
- rust-dunce
ExclusiveArch: %{rust_arches}
- rust-dutree
ExclusiveArch: %{rust_arches}
- rust-edit-distance
ExclusiveArch: %{rust_arches}
- rust-either
ExclusiveArch: %{rust_arches}
- rust-elasticlunr-rs
ExclusiveArch: %{rust_arches}
- rust-encode_unicode
ExclusiveArch: %{rust_arches}
- rust-encoding
ExclusiveArch: %{rust_arches}
- rust-encoding-index-japanese
ExclusiveArch: %{rust_arches}
- rust-encoding-index-korean
ExclusiveArch: %{rust_arches}
- rust-encoding-index-simpchinese
ExclusiveArch: %{rust_arches}
- rust-encoding-index-singlebyte
ExclusiveArch: %{rust_arches}
- rust-encoding-index-tradchinese
ExclusiveArch: %{rust_arches}
- rust-encoding_index_tests
ExclusiveArch: %{rust_arches}
- rust-encoding_rs
ExclusiveArch: %{rust_arches}
- rust-encoding_rs_io
ExclusiveArch: %{rust_arches}
- rust-entities
ExclusiveArch: %{rust_arches}
- rust-enum-as-inner
ExclusiveArch: %{rust_arches}
- rust-enum_primitive
ExclusiveArch: %{rust_arches}
- rust-env_logger
ExclusiveArch: %{rust_arches}
- rust-env_logger0.4
ExclusiveArch: %{rust_arches}
- rust-env_logger0.5
ExclusiveArch: %{rust_arches}
- rust-env_logger0.6
ExclusiveArch: %{rust_arches}
- rust-envsubst
ExclusiveArch: %{rust_arches}
- rust-erased-serde
ExclusiveArch: %{rust_arches}
- rust-err-derive
ExclusiveArch: %{rust_arches}
- rust-errln
ExclusiveArch: %{rust_arches}
- rust-errno
ExclusiveArch: %{rust_arches}
- rust-error-chain
ExclusiveArch: %{rust_arches}
- rust-escaper
ExclusiveArch: %{rust_arches}
- rust-escargot
ExclusiveArch: %{rust_arches}
- rust-euclid
ExclusiveArch: %{rust_arches}
- rust-exa
ExclusiveArch: %{rust_arches}
- rust-expat-sys
ExclusiveArch: %{rust_arches}
- rust-extend
ExclusiveArch: %{rust_arches}
- rust-extprim
ExclusiveArch: %{rust_arches}
- rust-extprim_literals_macros
ExclusiveArch: %{rust_arches}
- rust-fail
ExclusiveArch: %{rust_arches}
- rust-failure
ExclusiveArch: %{rust_arches}
- rust-failure-tools
ExclusiveArch: %{rust_arches}
- rust-failure_derive
ExclusiveArch: %{rust_arches}
- rust-fake
ExclusiveArch: %{rust_arches}
- rust-fake-simd
ExclusiveArch: %{rust_arches}
- rust-fake_clock
ExclusiveArch: %{rust_arches}
- rust-fallible-iterator
ExclusiveArch: %{rust_arches}
- rust-fd-find
ExclusiveArch: %{rust_arches}
- rust-fedora
ExclusiveArch: %{rust_arches}
- rust-fedora-coreos-pinger
ExclusiveArch: %{rust_arches}
- rust-fedora-update-feedback
ExclusiveArch: %{rust_arches}
- rust-feed-rs
ExclusiveArch: %{rust_arches}
- rust-feedbin_api
ExclusiveArch: %{rust_arches}
- rust-feedly_api
ExclusiveArch: %{rust_arches}
- rust-fern
ExclusiveArch: %{rust_arches}
- rust-fever_api
ExclusiveArch: %{rust_arches}
- rust-ffsend
ExclusiveArch: %{rust_arches}
- rust-ffsend-api
ExclusiveArch: %{rust_arches}
- rust-filesize
ExclusiveArch: %{rust_arches}
- rust-filetime
ExclusiveArch: %{rust_arches}
- rust-findshlibs
ExclusiveArch: %{rust_arches}
- rust-fixedbitset
ExclusiveArch: %{rust_arches}
- rust-flame
ExclusiveArch: %{rust_arches}
- rust-flate2
ExclusiveArch: %{rust_arches}
- rust-float-cmp
ExclusiveArch: %{rust_arches}
- rust-float-ord
ExclusiveArch: %{rust_arches}
- rust-flume
ExclusiveArch: %{rust_arches}
- rust-fnv
ExclusiveArch: %{rust_arches}
- rust-foreign-types
ExclusiveArch: %{rust_arches}
- rust-foreign-types-shared
ExclusiveArch: %{rust_arches}
- rust-fragile
ExclusiveArch: %{rust_arches}
- rust-fs2
ExclusiveArch: %{rust_arches}
- rust-fs_extra
ExclusiveArch: %{rust_arches}
- rust-fuse
ExclusiveArch: %{rust_arches}
- rust-futf
ExclusiveArch: %{rust_arches}
- rust-futures
ExclusiveArch: %{rust_arches}
- rust-futures-channel
ExclusiveArch: %{rust_arches}
- rust-futures-core
ExclusiveArch: %{rust_arches}
- rust-futures-cpupool
ExclusiveArch: %{rust_arches}
- rust-futures-executor
ExclusiveArch: %{rust_arches}
- rust-futures-io
ExclusiveArch: %{rust_arches}
- rust-futures-macro
ExclusiveArch: %{rust_arches}
- rust-futures-sink
ExclusiveArch: %{rust_arches}
- rust-futures-task
ExclusiveArch: %{rust_arches}
- rust-futures-timer
ExclusiveArch: %{rust_arches}
- rust-futures-util
ExclusiveArch: %{rust_arches}
- rust-futures0.1
ExclusiveArch: %{rust_arches}
- rust-fuzzy-matcher
ExclusiveArch: %{rust_arches}
- rust-fxhash
ExclusiveArch: %{rust_arches}
- rust-gcsf
ExclusiveArch: %{rust_arches}
- rust-gdk
ExclusiveArch: %{rust_arches}
- rust-gdk-pixbuf
ExclusiveArch: %{rust_arches}
- rust-gdk-pixbuf-sys
ExclusiveArch: %{rust_arches}
- rust-gdk-sys
ExclusiveArch: %{rust_arches}
- rust-generic-array
ExclusiveArch: %{rust_arches}
- rust-generic-array0.12
ExclusiveArch: %{rust_arches}
- rust-getch
ExclusiveArch: %{rust_arches}
- rust-gethostname
ExclusiveArch: %{rust_arches}
- rust-getopts
ExclusiveArch: %{rust_arches}
- rust-getrandom
ExclusiveArch: %{rust_arches}
- rust-gettext-rs
ExclusiveArch: %{rust_arches}
- rust-gettext-sys
ExclusiveArch: %{rust_arches}
- rust-gif
ExclusiveArch: %{rust_arches}
- rust-gimli
ExclusiveArch: %{rust_arches}
- rust-gio
ExclusiveArch: %{rust_arches}
- rust-gio-sys
ExclusiveArch: %{rust_arches}
- rust-gir-format-check
ExclusiveArch: %{rust_arches}
- rust-git-delta
ExclusiveArch: %{rust_arches}
- rust-git2
ExclusiveArch: %{rust_arches}
- rust-git2-curl
ExclusiveArch: %{rust_arches}
- rust-gitui
ExclusiveArch: %{rust_arches}
- rust-glib
ExclusiveArch: %{rust_arches}
- rust-glib-sys
ExclusiveArch: %{rust_arches}
- rust-glob
ExclusiveArch: %{rust_arches}
- rust-globset
ExclusiveArch: %{rust_arches}
- rust-globwalk
ExclusiveArch: %{rust_arches}
- rust-gobject-sys
ExclusiveArch: %{rust_arches}
- rust-goblin
ExclusiveArch: %{rust_arches}
- rust-google-drive3-fork
ExclusiveArch: %{rust_arches}
- rust-grep
ExclusiveArch: %{rust_arches}
- rust-grep-cli
ExclusiveArch: %{rust_arches}
- rust-grep-matcher
ExclusiveArch: %{rust_arches}
- rust-grep-pcre2
ExclusiveArch: %{rust_arches}
- rust-grep-printer
ExclusiveArch: %{rust_arches}
- rust-grep-regex
ExclusiveArch: %{rust_arches}
- rust-grep-searcher
ExclusiveArch: %{rust_arches}
- rust-groupable
ExclusiveArch: %{rust_arches}
- rust-gspell
ExclusiveArch: %{rust_arches}
- rust-gspell-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer
ExclusiveArch: %{rust_arches}
- rust-gstreamer-audio
ExclusiveArch: %{rust_arches}
- rust-gstreamer-audio-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-base
ExclusiveArch: %{rust_arches}
- rust-gstreamer-base-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-editing-services
ExclusiveArch: %{rust_arches}
- rust-gstreamer-editing-services-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-pbutils
ExclusiveArch: %{rust_arches}
- rust-gstreamer-pbutils-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-player
ExclusiveArch: %{rust_arches}
- rust-gstreamer-player-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-video
ExclusiveArch: %{rust_arches}
- rust-gstreamer-video-sys
ExclusiveArch: %{rust_arches}
- rust-gtk
ExclusiveArch: %{rust_arches}
- rust-gtk-macros
ExclusiveArch: %{rust_arches}
- rust-gtk-rs-lgpl-docs
ExclusiveArch: %{rust_arches}
- rust-gtk-source-sys
ExclusiveArch: %{rust_arches}
- rust-gtk-sys
ExclusiveArch: %{rust_arches}
- rust-gzip-header
ExclusiveArch: %{rust_arches}
- rust-h2
ExclusiveArch: %{rust_arches}
- rust-half
ExclusiveArch: %{rust_arches}
- rust-hamcrest
ExclusiveArch: %{rust_arches}
- rust-handlebars
ExclusiveArch: %{rust_arches}
- rust-hashbrown
ExclusiveArch: %{rust_arches}
- rust-headers
ExclusiveArch: %{rust_arches}
- rust-headers-core
ExclusiveArch: %{rust_arches}
- rust-headers-derive
ExclusiveArch: %{rust_arches}
- rust-heapsize
ExclusiveArch: %{rust_arches}
- rust-heck
ExclusiveArch: %{rust_arches}
- rust-hex
ExclusiveArch: %{rust_arches}
- rust-hex-literal
ExclusiveArch: %{rust_arches}
- rust-hex-literal-impl
ExclusiveArch: %{rust_arches}
- rust-hexyl
ExclusiveArch: %{rust_arches}
- rust-hkdf
ExclusiveArch: %{rust_arches}
- rust-hmac
ExclusiveArch: %{rust_arches}
- rust-home
ExclusiveArch: %{rust_arches}
- rust-horrorshow
ExclusiveArch: %{rust_arches}
- rust-hostname
ExclusiveArch: %{rust_arches}
- rust-html2pango
ExclusiveArch: %{rust_arches}
- rust-html5ever
ExclusiveArch: %{rust_arches}
- rust-http
ExclusiveArch: %{rust_arches}
- rust-http-body
ExclusiveArch: %{rust_arches}
- rust-http0.1
ExclusiveArch: %{rust_arches}
- rust-httparse
ExclusiveArch: %{rust_arches}
- rust-humansize
ExclusiveArch: %{rust_arches}
- rust-humantime
ExclusiveArch: %{rust_arches}
- rust-humantime1
ExclusiveArch: %{rust_arches}
- rust-hyper
ExclusiveArch: %{rust_arches}
- rust-hyper-native-tls
ExclusiveArch: %{rust_arches}
- rust-hyper-staticfile
ExclusiveArch: %{rust_arches}
- rust-hyper-tls
ExclusiveArch: %{rust_arches}
- rust-hyper0.10
ExclusiveArch: %{rust_arches}
- rust-hyperfine
ExclusiveArch: %{rust_arches}
- rust-i3ipc
ExclusiveArch: %{rust_arches}
- rust-id_tree
ExclusiveArch: %{rust_arches}
- rust-ident_case
ExclusiveArch: %{rust_arches}
- rust-idna
ExclusiveArch: %{rust_arches}
- rust-idna0.1
ExclusiveArch: %{rust_arches}
- rust-ignore
ExclusiveArch: %{rust_arches}
- rust-im-rc
ExclusiveArch: %{rust_arches}
- rust-image
ExclusiveArch: %{rust_arches}
- rust-imgref
ExclusiveArch: %{rust_arches}
- rust-indexmap
ExclusiveArch: %{rust_arches}
- rust-indicatif
ExclusiveArch: %{rust_arches}
- rust-inflate
ExclusiveArch: %{rust_arches}
- rust-inotify
ExclusiveArch: %{rust_arches}
- rust-inotify-sys
ExclusiveArch: %{rust_arches}
- rust-input_buffer
ExclusiveArch: %{rust_arches}
- rust-insta
ExclusiveArch: %{rust_arches}
- rust-interpolate_name
ExclusiveArch: %{rust_arches}
- rust-intervaltree
ExclusiveArch: %{rust_arches}
- rust-iovec
ExclusiveArch: %{rust_arches}
- rust-ipnet
ExclusiveArch: %{rust_arches}
- rust-ipnetwork
ExclusiveArch: %{rust_arches}
- rust-iron
ExclusiveArch: %{rust_arches}
- rust-isahc
ExclusiveArch: %{rust_arches}
- rust-iso8601
ExclusiveArch: %{rust_arches}
- rust-iter-read
ExclusiveArch: %{rust_arches}
- rust-itertools
ExclusiveArch: %{rust_arches}
- rust-itertools-num
ExclusiveArch: %{rust_arches}
- rust-itertools0.8
ExclusiveArch: %{rust_arches}
- rust-itoa
ExclusiveArch: %{rust_arches}
- rust-ivf
ExclusiveArch: %{rust_arches}
- rust-javascriptcore-rs
ExclusiveArch: %{rust_arches}
- rust-javascriptcore-rs-sys
ExclusiveArch: %{rust_arches}
- rust-jetscii
ExclusiveArch: %{rust_arches}
- rust-jobserver
ExclusiveArch: %{rust_arches}
- rust-jpeg-decoder
ExclusiveArch: %{rust_arches}
- rust-jql
ExclusiveArch: %{rust_arches}
- rust-json
ExclusiveArch: %{rust_arches}
- rust-jwalk
ExclusiveArch: %{rust_arches}
- rust-kstring
ExclusiveArch: %{rust_arches}
- rust-kv-log-macro
ExclusiveArch: %{rust_arches}
- rust-lab
ExclusiveArch: %{rust_arches}
- rust-language-tags
ExclusiveArch: %{rust_arches}
- rust-lazy-init
ExclusiveArch: %{rust_arches}
- rust-lazy_static
ExclusiveArch: %{rust_arches}
- rust-lazycell
ExclusiveArch: %{rust_arches}
- rust-letter-avatar
ExclusiveArch: %{rust_arches}
- rust-lexical-core
ExclusiveArch: %{rust_arches}
- rust-libc
ExclusiveArch: %{rust_arches}
- rust-libdbus-sys
ExclusiveArch: %{rust_arches}
- rust-libflate
ExclusiveArch: %{rust_arches}
- rust-libflate_lz77
ExclusiveArch: %{rust_arches}
- rust-libgit2-sys
ExclusiveArch: %{rust_arches}
- rust-libhandy
ExclusiveArch: %{rust_arches}
- rust-libhandy-sys
ExclusiveArch: %{rust_arches}
- rust-libloading
ExclusiveArch: %{rust_arches}
- rust-libm
ExclusiveArch: %{rust_arches}
- rust-libmount
ExclusiveArch: %{rust_arches}
- rust-liboverdrop
ExclusiveArch: %{rust_arches}
- rust-libpulse-binding
ExclusiveArch: %{rust_arches}
- rust-libpulse-sys
ExclusiveArch: %{rust_arches}
- rust-libslirp
ExclusiveArch: %{rust_arches}
- rust-libslirp-sys
ExclusiveArch: %{rust_arches}
- rust-libsqlite3-sys
ExclusiveArch: %{rust_arches}
- rust-libssh2-sys
ExclusiveArch: %{rust_arches}
- rust-libsystemd
ExclusiveArch: %{rust_arches}
- rust-libudev
ExclusiveArch: %{rust_arches}
- rust-libudev-sys
ExclusiveArch: %{rust_arches}
- rust-libxml
ExclusiveArch: %{rust_arches}
- rust-libz-sys
ExclusiveArch: %{rust_arches}
- rust-line-wrap
ExclusiveArch: %{rust_arches}
- rust-linked-hash-map
ExclusiveArch: %{rust_arches}
- rust-linkify
ExclusiveArch: %{rust_arches}
- rust-lipsum
ExclusiveArch: %{rust_arches}
- rust-liquid
ExclusiveArch: %{rust_arches}
- rust-liquid-core
ExclusiveArch: %{rust_arches}
- rust-liquid-derive
ExclusiveArch: %{rust_arches}
- rust-liquid-lib
ExclusiveArch: %{rust_arches}
- rust-listenfd
ExclusiveArch: %{rust_arches}
- rust-lmdb
ExclusiveArch: %{rust_arches}
- rust-lmdb-sys
ExclusiveArch: %{rust_arches}
- rust-locale
ExclusiveArch: %{rust_arches}
- rust-locale_config
ExclusiveArch: %{rust_arches}
- rust-lock_api
ExclusiveArch: %{rust_arches}
- rust-lockfree
ExclusiveArch: %{rust_arches}
- rust-log
ExclusiveArch: %{rust_arches}
- rust-log-mdc
ExclusiveArch: %{rust_arches}
- rust-log0.3
ExclusiveArch: %{rust_arches}
- rust-log4rs
ExclusiveArch: %{rust_arches}
- rust-loggerv
ExclusiveArch: %{rust_arches}
- rust-loopdev
ExclusiveArch: %{rust_arches}
- rust-lru-cache
ExclusiveArch: %{rust_arches}
- rust-lru_time_cache
ExclusiveArch: %{rust_arches}
- rust-lscolors
ExclusiveArch: %{rust_arches}
- rust-lsd
ExclusiveArch: %{rust_arches}
- rust-lzma-sys
ExclusiveArch: %{rust_arches}
- rust-lzw
ExclusiveArch: %{rust_arches}
- rust-mac
ExclusiveArch: %{rust_arches}
- rust-macro-attr
ExclusiveArch: %{rust_arches}
- rust-magic-crypt
ExclusiveArch: %{rust_arches}
- rust-maildir
ExclusiveArch: %{rust_arches}
- rust-mailparse
ExclusiveArch: %{rust_arches}
- rust-man
ExclusiveArch: %{rust_arches}
- rust-maplit
ExclusiveArch: %{rust_arches}
- rust-markup5ever
ExclusiveArch: %{rust_arches}
- rust-markup5ever_rcdom
ExclusiveArch: %{rust_arches}
- rust-match_cfg
ExclusiveArch: %{rust_arches}
- rust-matches
ExclusiveArch: %{rust_arches}
- rust-matrixmultiply
ExclusiveArch: %{rust_arches}
- rust-maxminddb
ExclusiveArch: %{rust_arches}
- rust-maybe-uninit
ExclusiveArch: %{rust_arches}
- rust-md-5
ExclusiveArch: %{rust_arches}
- rust-md5
ExclusiveArch: %{rust_arches}
- rust-mdl
ExclusiveArch: %{rust_arches}
- rust-memchr
ExclusiveArch: %{rust_arches}
- rust-memmap
ExclusiveArch: %{rust_arches}
- rust-memmap2
ExclusiveArch: %{rust_arches}
- rust-memoffset
ExclusiveArch: %{rust_arches}
- rust-metadeps
ExclusiveArch: %{rust_arches}
- rust-migrations_internals
ExclusiveArch: %{rust_arches}
- rust-migrations_macros
ExclusiveArch: %{rust_arches}
- rust-mime
ExclusiveArch: %{rust_arches}
- rust-mime-sniffer
ExclusiveArch: %{rust_arches}
- rust-mime0.2
ExclusiveArch: %{rust_arches}
- rust-mime_guess
ExclusiveArch: %{rust_arches}
- rust-mime_guess1
ExclusiveArch: %{rust_arches}
- rust-miniflux_api
ExclusiveArch: %{rust_arches}
- rust-miniz-sys
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide_c_api
ExclusiveArch: %{rust_arches}
- rust-mint
ExclusiveArch: %{rust_arches}
- rust-mio
ExclusiveArch: %{rust_arches}
- rust-mio-extras
ExclusiveArch: %{rust_arches}
- rust-mio-uds
ExclusiveArch: %{rust_arches}
- rust-mio0.6
ExclusiveArch: %{rust_arches}
- rust-mktemp
ExclusiveArch: %{rust_arches}
- rust-mnt
ExclusiveArch: %{rust_arches}
- rust-mockito
ExclusiveArch: %{rust_arches}
- rust-modifier
ExclusiveArch: %{rust_arches}
- rust-muldiv
ExclusiveArch: %{rust_arches}
- rust-multimap
ExclusiveArch: %{rust_arches}
- rust-multipart
ExclusiveArch: %{rust_arches}
- rust-mustache
ExclusiveArch: %{rust_arches}
- rust-nalgebra
ExclusiveArch: %{rust_arches}
- rust-nasm-rs
ExclusiveArch: %{rust_arches}
- rust-native-tls
ExclusiveArch: %{rust_arches}
- rust-natord
ExclusiveArch: %{rust_arches}
- rust-net2
ExclusiveArch: %{rust_arches}
- rust-netmap_sys
ExclusiveArch: %{rust_arches}
- rust-new_debug_unreachable
ExclusiveArch: %{rust_arches}
- rust-news-flash
ExclusiveArch: %{rust_arches}
- rust-newtype_derive
ExclusiveArch: %{rust_arches}
- rust-nickel
ExclusiveArch: %{rust_arches}
- rust-nix
ExclusiveArch: %{rust_arches}
- rust-nix0.14
ExclusiveArch: %{rust_arches}
- rust-no-panic
ExclusiveArch: %{rust_arches}
- rust-nodrop
ExclusiveArch: %{rust_arches}
- rust-nom
ExclusiveArch: %{rust_arches}
- rust-nom4
ExclusiveArch: %{rust_arches}
- rust-noop_proc_macro
ExclusiveArch: %{rust_arches}
- rust-normalize-line-endings
ExclusiveArch: %{rust_arches}
- rust-notify
ExclusiveArch: %{rust_arches}
- rust-num
ExclusiveArch: %{rust_arches}
- rust-num-bigint
ExclusiveArch: %{rust_arches}
- rust-num-complex
ExclusiveArch: %{rust_arches}
- rust-num-derive
ExclusiveArch: %{rust_arches}
- rust-num-integer
ExclusiveArch: %{rust_arches}
- rust-num-iter
ExclusiveArch: %{rust_arches}
- rust-num-rational
ExclusiveArch: %{rust_arches}
- rust-num-traits
ExclusiveArch: %{rust_arches}
- rust-num-traits0.1
ExclusiveArch: %{rust_arches}
- rust-num_cpus
ExclusiveArch: %{rust_arches}
- rust-number_prefix
ExclusiveArch: %{rust_arches}
- rust-numtoa
ExclusiveArch: %{rust_arches}
- rust-obfstr
ExclusiveArch: %{rust_arches}
- rust-obfstr-impl
ExclusiveArch: %{rust_arches}
- rust-object
ExclusiveArch: %{rust_arches}
- rust-odds
ExclusiveArch: %{rust_arches}
- rust-once_cell
ExclusiveArch: %{rust_arches}
- rust-onig
ExclusiveArch: %{rust_arches}
- rust-onig_sys
ExclusiveArch: %{rust_arches}
- rust-oorandom
ExclusiveArch: %{rust_arches}
- rust-opaque-debug
ExclusiveArch: %{rust_arches}
- rust-open
ExclusiveArch: %{rust_arches}
- rust-openat
ExclusiveArch: %{rust_arches}
- rust-opener
ExclusiveArch: %{rust_arches}
- rust-openssh-keys
ExclusiveArch: %{rust_arches}
- rust-openssl
ExclusiveArch: %{rust_arches}
- rust-openssl-probe
ExclusiveArch: %{rust_arches}
- rust-openssl-sys
ExclusiveArch: %{rust_arches}
- rust-ord_subset
ExclusiveArch: %{rust_arches}
- rust-ordered-float
ExclusiveArch: %{rust_arches}
- rust-os_info
ExclusiveArch: %{rust_arches}
- rust-os_pipe
ExclusiveArch: %{rust_arches}
- rust-osstrtools
ExclusiveArch: %{rust_arches}
- rust-ostree
ExclusiveArch: i686 x86_64
- rust-ostree-sys
ExclusiveArch: %{rust_arches}
- rust-owned-alloc
ExclusiveArch: %{rust_arches}
- rust-owning_ref
ExclusiveArch: %{rust_arches}
- rust-packaging
ExclusiveArch: %{rust_arches}
- rust-pad
ExclusiveArch: %{rust_arches}
- rust-pager
ExclusiveArch: %{rust_arches}
- rust-pango
ExclusiveArch: %{rust_arches}
- rust-pango-sys
ExclusiveArch: %{rust_arches}
- rust-pangocairo
ExclusiveArch: %{rust_arches}
- rust-pangocairo-sys
ExclusiveArch: %{rust_arches}
- rust-parity-wasm
ExclusiveArch: %{rust_arches}
- rust-parking_lot
ExclusiveArch: %{rust_arches}
- rust-parking_lot_core
ExclusiveArch: %{rust_arches}
- rust-parse-zoneinfo
ExclusiveArch: %{rust_arches}
- rust-partial-io
ExclusiveArch: %{rust_arches}
- rust-paste
ExclusiveArch: %{rust_arches}
- rust-paste-impl
ExclusiveArch: %{rust_arches}
- rust-path-absolutize
ExclusiveArch: %{rust_arches}
- rust-path-dedot
ExclusiveArch: %{rust_arches}
- rust-path-slash
ExclusiveArch: %{rust_arches}
- rust-pathdiff
ExclusiveArch: %{rust_arches}
- rust-pbr
ExclusiveArch: %{rust_arches}
- rust-pcap
ExclusiveArch: %{rust_arches}
- rust-pcre2
ExclusiveArch: %{rust_arches}
- rust-pcre2-sys
ExclusiveArch: %{rust_arches}
- rust-peeking_take_while
ExclusiveArch: %{rust_arches}
- rust-peg
ExclusiveArch: %{rust_arches}
- rust-percent-encoding
ExclusiveArch: %{rust_arches}
- rust-percent-encoding1
ExclusiveArch: %{rust_arches}
- rust-peresil
ExclusiveArch: %{rust_arches}
- rust-permutate
ExclusiveArch: %{rust_arches}
- rust-permutohedron
ExclusiveArch: %{rust_arches}
- rust-pest
ExclusiveArch: %{rust_arches}
- rust-pest_derive
ExclusiveArch: %{rust_arches}
- rust-pest_generator
ExclusiveArch: %{rust_arches}
- rust-pest_meta
ExclusiveArch: %{rust_arches}
- rust-petgraph
ExclusiveArch: %{rust_arches}
- rust-phf
ExclusiveArch: %{rust_arches}
- rust-phf0.7
ExclusiveArch: %{rust_arches}
- rust-phf_codegen
ExclusiveArch: %{rust_arches}
- rust-phf_codegen0.7
ExclusiveArch: %{rust_arches}
- rust-phf_generator
ExclusiveArch: %{rust_arches}
- rust-phf_generator0.7
ExclusiveArch: %{rust_arches}
- rust-phf_macros
ExclusiveArch: %{rust_arches}
- rust-phf_macros0.7
ExclusiveArch: %{rust_arches}
- rust-phf_shared
ExclusiveArch: %{rust_arches}
- rust-phf_shared0.7
ExclusiveArch: %{rust_arches}
- rust-pico-args
ExclusiveArch: %{rust_arches}
- rust-pin-project
ExclusiveArch: %{rust_arches}
- rust-pin-project-internal
ExclusiveArch: %{rust_arches}
- rust-pin-project-lite
ExclusiveArch: %{rust_arches}
- rust-pin-utils
ExclusiveArch: %{rust_arches}
- rust-pipe
ExclusiveArch: %{rust_arches}
- rust-piper
ExclusiveArch: %{rust_arches}
- rust-pkg-config
ExclusiveArch: %{rust_arches}
- rust-plain
ExclusiveArch: %{rust_arches}
- rust-platform-dirs
ExclusiveArch: %{rust_arches}
- rust-platforms
ExclusiveArch: %{rust_arches}
- rust-plist
ExclusiveArch: %{rust_arches}
- rust-plugin
ExclusiveArch: %{rust_arches}
- rust-pnet_base
ExclusiveArch: %{rust_arches}
- rust-pnet_datalink
ExclusiveArch: %{rust_arches}
- rust-pnet_sys
ExclusiveArch: %{rust_arches}
- rust-png
ExclusiveArch: %{rust_arches}
- rust-podio
ExclusiveArch: %{rust_arches}
- rust-pommes
ExclusiveArch: %{rust_arches}
- rust-ppv-lite86
ExclusiveArch: %{rust_arches}
- rust-pq-sys
ExclusiveArch: %{rust_arches}
- rust-precomputed-hash
ExclusiveArch: %{rust_arches}
- rust-predicates
ExclusiveArch: %{rust_arches}
- rust-predicates-core
ExclusiveArch: %{rust_arches}
- rust-predicates-tree
ExclusiveArch: %{rust_arches}
- rust-pretty-git-prompt
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions
ExclusiveArch: %{rust_arches}
- rust-pretty_env_logger
ExclusiveArch: %{rust_arches}
- rust-prettytable-rs
ExclusiveArch: %{rust_arches}
- rust-proc-macro-error
ExclusiveArch: %{rust_arches}
- rust-proc-macro-error-attr
ExclusiveArch: %{rust_arches}
- rust-proc-macro-hack
ExclusiveArch: %{rust_arches}
- rust-proc-macro-nested
ExclusiveArch: %{rust_arches}
- rust-proc-macro2
ExclusiveArch: %{rust_arches}
- rust-proc-macro2-0.4
ExclusiveArch: %{rust_arches}
- rust-proc-quote
ExclusiveArch: %{rust_arches}
- rust-proc-quote-impl
ExclusiveArch: %{rust_arches}
- rust-procedural-masquerade
ExclusiveArch: %{rust_arches}
- rust-process_path
ExclusiveArch: %{rust_arches}
- rust-procfs
ExclusiveArch: %{rust_arches}
- rust-procs
ExclusiveArch: %{rust_arches}
- rust-progress-streams
ExclusiveArch: %{rust_arches}
- rust-prometheus
ExclusiveArch: %{rust_arches}
- rust-proptest
ExclusiveArch: %{rust_arches}
- rust-proptest-derive
ExclusiveArch: %{rust_arches}
- rust-protobuf
ExclusiveArch: %{rust_arches}
- rust-protobuf-codegen
ExclusiveArch: %{rust_arches}
- rust-protobuf-codegen-pure
ExclusiveArch: %{rust_arches}
- rust-protoc
ExclusiveArch: %{rust_arches}
- rust-protoc-rust
ExclusiveArch: %{rust_arches}
- rust-psm
ExclusiveArch: %{rust_arches}
- rust-psutil
ExclusiveArch: %{rust_arches}
- rust-publicsuffix
ExclusiveArch: %{rust_arches}
- rust-pulldown-cmark
ExclusiveArch: %{rust_arches}
- rust-pulse
ExclusiveArch: %{rust_arches}
- rust-qr2term
ExclusiveArch: %{rust_arches}
- rust-qrcode
ExclusiveArch: %{rust_arches}
- rust-quick-error
ExclusiveArch: %{rust_arches}
- rust-quickcheck
ExclusiveArch: %{rust_arches}
- rust-quickcheck0.6
ExclusiveArch: %{rust_arches}
- rust-quickcheck_macros
ExclusiveArch: %{rust_arches}
- rust-quickersort
ExclusiveArch: %{rust_arches}
- rust-quote
ExclusiveArch: %{rust_arches}
- rust-quote0.3
ExclusiveArch: %{rust_arches}
- rust-quote0.6
ExclusiveArch: %{rust_arches}
- rust-quoted_printable
ExclusiveArch: %{rust_arches}
- rust-r2d2
ExclusiveArch: %{rust_arches}
- rust-rand
ExclusiveArch: %{rust_arches}
- rust-rand0.4
ExclusiveArch: %{rust_arches}
- rust-rand0.5
ExclusiveArch: %{rust_arches}
- rust-rand0.6
ExclusiveArch: %{rust_arches}
- rust-rand_chacha
ExclusiveArch: %{rust_arches}
- rust-rand_chacha0.1
ExclusiveArch: %{rust_arches}
- rust-rand_core
ExclusiveArch: %{rust_arches}
- rust-rand_core0.3
ExclusiveArch: %{rust_arches}
- rust-rand_core0.4
ExclusiveArch: %{rust_arches}
- rust-rand_distr
ExclusiveArch: %{rust_arches}
- rust-rand_hc
ExclusiveArch: %{rust_arches}
- rust-rand_hc0.1
ExclusiveArch: %{rust_arches}
- rust-rand_isaac
ExclusiveArch: %{rust_arches}
- rust-rand_isaac0.1
ExclusiveArch: %{rust_arches}
- rust-rand_jitter
ExclusiveArch: %{rust_arches}
- rust-rand_jitter0.1
ExclusiveArch: %{rust_arches}
- rust-rand_os
ExclusiveArch: %{rust_arches}
- rust-rand_os0.1
ExclusiveArch: %{rust_arches}
- rust-rand_pcg
ExclusiveArch: %{rust_arches}
- rust-rand_pcg0.1
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift0.1
ExclusiveArch: %{rust_arches}
- rust-rand_xoshiro
ExclusiveArch: %{rust_arches}
- rust-random-fast-rng
ExclusiveArch: %{rust_arches}
- rust-random-trait
ExclusiveArch: %{rust_arches}
- rust-randomize
ExclusiveArch: %{rust_arches}
- rust-rav1e
ExclusiveArch: %{rust_arches}
- rust-rawpointer
ExclusiveArch: %{rust_arches}
- rust-rawslice
ExclusiveArch: %{rust_arches}
- rust-rayon
ExclusiveArch: %{rust_arches}
- rust-rayon-core
ExclusiveArch: %{rust_arches}
- rust-readwrite
ExclusiveArch: %{rust_arches}
- rust-recycler
ExclusiveArch: %{rust_arches}
- rust-ref-cast
ExclusiveArch: %{rust_arches}
- rust-ref-cast-impl
ExclusiveArch: %{rust_arches}
- rust-regex
ExclusiveArch: %{rust_arches}
- rust-regex-automata
ExclusiveArch: %{rust_arches}
- rust-regex-syntax
ExclusiveArch: %{rust_arches}
- rust-region
ExclusiveArch: %{rust_arches}
- rust-relay
ExclusiveArch: %{rust_arches}
- rust-remove_dir_all
ExclusiveArch: %{rust_arches}
- rust-reqwest
ExclusiveArch: %{rust_arches}
- rust-resize
ExclusiveArch: %{rust_arches}
- rust-resolv-conf
ExclusiveArch: %{rust_arches}
- rust-restson
ExclusiveArch: %{rust_arches}
- rust-retry
ExclusiveArch: %{rust_arches}
- rust-rgb
ExclusiveArch: %{rust_arches}
- rust-ripgrep
ExclusiveArch: %{rust_arches}
- rust-rle-decode-fast
ExclusiveArch: %{rust_arches}
- rust-rmp
ExclusiveArch: %{rust_arches}
- rust-rmp-serde
ExclusiveArch: %{rust_arches}
- rust-roff
ExclusiveArch: %{rust_arches}
- rust-ron
ExclusiveArch: %{rust_arches}
- rust-rpassword
ExclusiveArch: %{rust_arches}
- rust-rpick
ExclusiveArch: %{rust_arches}
- rust-ruma-identifiers
ExclusiveArch: %{rust_arches}
- rust-rust-embed
ExclusiveArch: %{rust_arches}
- rust-rust-embed-impl
ExclusiveArch: %{rust_arches}
- rust-rust-embed-utils
ExclusiveArch: %{rust_arches}
- rust-rust-ini
ExclusiveArch: %{rust_arches}
- rust-rust-stemmers
ExclusiveArch: %{rust_arches}
- rust-rust_decimal
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_normal_macro
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_proc_macro
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_sys
ExclusiveArch: %{rust_arches}
- rust-rustc-demangle
ExclusiveArch: %{rust_arches}
- rust-rustc-hash
ExclusiveArch: %{rust_arches}
- rust-rustc-serialize
ExclusiveArch: %{rust_arches}
- rust-rustc-test
ExclusiveArch: %{rust_arches}
- rust-rustc_tools_util
ExclusiveArch: %{rust_arches}
- rust-rustc_version
ExclusiveArch: %{rust_arches}
- rust-rustdoc-stripper
ExclusiveArch: %{rust_arches}
- rust-rustfilt
ExclusiveArch: %{rust_arches}
- rust-rustfix
ExclusiveArch: %{rust_arches}
- rust-rustio
ExclusiveArch: %{rust_arches}
- rust-rustversion
ExclusiveArch: %{rust_arches}
- rust-rusty-fork
ExclusiveArch: %{rust_arches}
- rust-rustyline
ExclusiveArch: %{rust_arches}
- rust-rustyline-derive
ExclusiveArch: %{rust_arches}
- rust-ryu
ExclusiveArch: %{rust_arches}
- rust-safe-transmute
ExclusiveArch: %{rust_arches}
- rust-safemem
ExclusiveArch: %{rust_arches}
- rust-same-file
ExclusiveArch: %{rust_arches}
- rust-sass-rs
ExclusiveArch: %{rust_arches}
- rust-sass-sys
ExclusiveArch: %{rust_arches}
- rust-scan_fmt
ExclusiveArch: %{rust_arches}
- rust-scheduled-thread-pool
ExclusiveArch: %{rust_arches}
- rust-scoped-tls
ExclusiveArch: %{rust_arches}
- rust-scoped-tls-hkt
ExclusiveArch: %{rust_arches}
- rust-scoped_threadpool
ExclusiveArch: %{rust_arches}
- rust-scopeguard
ExclusiveArch: %{rust_arches}
- rust-scopetime
ExclusiveArch: %{rust_arches}
- rust-scroll
ExclusiveArch: %{rust_arches}
- rust-scroll_derive
ExclusiveArch: %{rust_arches}
- rust-sd
ExclusiveArch: %{rust_arches}
- rust-seahash
ExclusiveArch: %{rust_arches}
- rust-secret-service
ExclusiveArch: %{rust_arches}
- rust-semver
ExclusiveArch: %{rust_arches}
- rust-semver-parser
ExclusiveArch: %{rust_arches}
- rust-semver-parser0.7
ExclusiveArch: %{rust_arches}
- rust-serde
ExclusiveArch: %{rust_arches}
- rust-serde-big-array
ExclusiveArch: %{rust_arches}
- rust-serde-pickle
ExclusiveArch: %{rust_arches}
- rust-serde-value
ExclusiveArch: %{rust_arches}
- rust-serde-xml-rs
ExclusiveArch: %{rust_arches}
- rust-serde_bytes
ExclusiveArch: %{rust_arches}
- rust-serde_cbor
ExclusiveArch: %{rust_arches}
- rust-serde_derive
ExclusiveArch: %{rust_arches}
- rust-serde_ignored
ExclusiveArch: %{rust_arches}
- rust-serde_json
ExclusiveArch: %{rust_arches}
- rust-serde_repr
ExclusiveArch: %{rust_arches}
- rust-serde_stacker
ExclusiveArch: %{rust_arches}
- rust-serde_test
ExclusiveArch: %{rust_arches}
- rust-serde_url_params
ExclusiveArch: %{rust_arches}
- rust-serde_urlencoded
ExclusiveArch: %{rust_arches}
- rust-serde_with_macros
ExclusiveArch: %{rust_arches}
- rust-serde_yaml
ExclusiveArch: %{rust_arches}
- rust-sha-1
ExclusiveArch: %{rust_arches}
- rust-sha1
ExclusiveArch: %{rust_arches}
- rust-sha2
ExclusiveArch: %{rust_arches}
- rust-shared_child
ExclusiveArch: %{rust_arches}
- rust-shell-escape
ExclusiveArch: %{rust_arches}
- rust-shell-words
ExclusiveArch: %{rust_arches}
- rust-shellexpand
ExclusiveArch: %{rust_arches}
- rust-shlex
ExclusiveArch: %{rust_arches}
- rust-signal-hook
ExclusiveArch: %{rust_arches}
- rust-signal-hook-registry
ExclusiveArch: %{rust_arches}
- rust-silver
ExclusiveArch: %{rust_arches}
- rust-simd_helpers
ExclusiveArch: %{rust_arches}
- rust-simple_logger
ExclusiveArch: %{rust_arches}
- rust-simplelog
ExclusiveArch: %{rust_arches}
- rust-siphasher
ExclusiveArch: %{rust_arches}
- rust-size
ExclusiveArch: %{rust_arches}
- rust-sized-chunks
ExclusiveArch: %{rust_arches}
- rust-skeptic
ExclusiveArch: %{rust_arches}
- rust-skim
ExclusiveArch: %{rust_arches}
- rust-slab
ExclusiveArch: %{rust_arches}
- rust-slash-formatter
ExclusiveArch: %{rust_arches}
- rust-slice-deque
ExclusiveArch: %{rust_arches}
- rust-slog
ExclusiveArch: %{rust_arches}
- rust-slog-async
ExclusiveArch: %{rust_arches}
- rust-slog-scope
ExclusiveArch: %{rust_arches}
- rust-slog-term
ExclusiveArch: %{rust_arches}
- rust-slotmap
ExclusiveArch: %{rust_arches}
- rust-slug
ExclusiveArch: %{rust_arches}
- rust-sluice
ExclusiveArch: %{rust_arches}
- rust-smallvec
ExclusiveArch: %{rust_arches}
- rust-smart-default
ExclusiveArch: %{rust_arches}
- rust-snafu
ExclusiveArch: %{rust_arches}
- rust-snafu-derive
ExclusiveArch: %{rust_arches}
- rust-snowflake
ExclusiveArch: %{rust_arches}
- rust-socket2
ExclusiveArch: %{rust_arches}
- rust-soup-sys
ExclusiveArch: %{rust_arches}
- rust-sourceview
ExclusiveArch: %{rust_arches}
- rust-spin
ExclusiveArch: %{rust_arches}
- rust-spmc
ExclusiveArch: %{rust_arches}
- rust-ssh-key-dir
ExclusiveArch: %{rust_arches}
- rust-stable_deref_trait
ExclusiveArch: %{rust_arches}
- rust-stacker
ExclusiveArch: %{rust_arches}
- rust-standback
ExclusiveArch: %{rust_arches}
- rust-starship
ExclusiveArch: %{rust_arches}
- rust-starship_module_config_derive
ExclusiveArch: %{rust_arches}
- rust-static_assertions
ExclusiveArch: %{rust_arches}
- rust-statistical
ExclusiveArch: %{rust_arches}
- rust-stb_truetype
ExclusiveArch: %{rust_arches}
- rust-stream-cipher
ExclusiveArch: %{rust_arches}
- rust-streaming-stats
ExclusiveArch: %{rust_arches}
- rust-string
ExclusiveArch: %{rust_arches}
- rust-string_cache
ExclusiveArch: %{rust_arches}
- rust-string_cache_codegen
ExclusiveArch: %{rust_arches}
- rust-string_cache_shared
ExclusiveArch: %{rust_arches}
- rust-strings
ExclusiveArch: %{rust_arches}
- rust-strip-ansi-escapes
ExclusiveArch: %{rust_arches}
- rust-strsim
ExclusiveArch: %{rust_arches}
- rust-structopt
ExclusiveArch: %{rust_arches}
- rust-structopt-derive
ExclusiveArch: %{rust_arches}
- rust-structopt-derive0.2
ExclusiveArch: %{rust_arches}
- rust-structopt0.2
ExclusiveArch: %{rust_arches}
- rust-strum
ExclusiveArch: %{rust_arches}
- rust-strum_macros
ExclusiveArch: %{rust_arches}
- rust-subtle
ExclusiveArch: %{rust_arches}
- rust-sudo_plugin
ExclusiveArch: %{rust_arches}
- rust-sudo_plugin-sys
ExclusiveArch: %{rust_arches}
- rust-sval
ExclusiveArch: %{rust_arches}
- rust-sval_derive
ExclusiveArch: %{rust_arches}
- rust-sxd-document
ExclusiveArch: %{rust_arches}
- rust-syn
ExclusiveArch: %{rust_arches}
- rust-syn-mid
ExclusiveArch: %{rust_arches}
- rust-syn0.15
ExclusiveArch: %{rust_arches}
- rust-synom
ExclusiveArch: %{rust_arches}
- rust-synstructure
ExclusiveArch: %{rust_arches}
- rust-syntect
ExclusiveArch: %{rust_arches}
- rust-sys-info
ExclusiveArch: %{rust_arches}
- rust-sysinfo
ExclusiveArch: %{rust_arches}
- rust-tabwriter
ExclusiveArch: %{rust_arches}
- rust-take
ExclusiveArch: %{rust_arches}
- rust-take_mut
ExclusiveArch: %{rust_arches}
- rust-tar
ExclusiveArch: %{rust_arches}
- rust-target-lexicon
ExclusiveArch: %{rust_arches}
- rust-tealdeer
ExclusiveArch: %{rust_arches}
- rust-teloxide
ExclusiveArch: %{rust_arches}
- rust-teloxide-macros
ExclusiveArch: %{rust_arches}
- rust-tempdir
ExclusiveArch: %{rust_arches}
- rust-tempfile
ExclusiveArch: %{rust_arches}
- rust-tendril
ExclusiveArch: %{rust_arches}
- rust-tera
ExclusiveArch: %{rust_arches}
- rust-term
ExclusiveArch: %{rust_arches}
- rust-term_grid
ExclusiveArch: %{rust_arches}
- rust-term_size
ExclusiveArch: %{rust_arches}
- rust-termcolor
ExclusiveArch: %{rust_arches}
- rust-terminal_size
ExclusiveArch: %{rust_arches}
- rust-terminfo
ExclusiveArch: %{rust_arches}
- rust-termion
ExclusiveArch: %{rust_arches}
- rust-termios
ExclusiveArch: %{rust_arches}
- rust-test-assembler
ExclusiveArch: %{rust_arches}
- rust-tester
ExclusiveArch: %{rust_arches}
- rust-testing_logger
ExclusiveArch: %{rust_arches}
- rust-textwrap
ExclusiveArch: %{rust_arches}
- rust-thiserror
ExclusiveArch: %{rust_arches}
- rust-thiserror-impl
ExclusiveArch: %{rust_arches}
- rust-thread-id
ExclusiveArch: %{rust_arches}
- rust-thread-scoped
ExclusiveArch: %{rust_arches}
- rust-thread_local
ExclusiveArch: %{rust_arches}
- rust-threadpool
ExclusiveArch: %{rust_arches}
- rust-tiff
ExclusiveArch: %{rust_arches}
- rust-tiger-digest
ExclusiveArch: %{rust_arches}
- rust-time
ExclusiveArch: %{rust_arches}
- rust-time-macros
ExclusiveArch: %{rust_arches}
- rust-time-macros-impl
ExclusiveArch: %{rust_arches}
- rust-time0.1
ExclusiveArch: %{rust_arches}
- rust-timebomb
ExclusiveArch: %{rust_arches}
- rust-timer
ExclusiveArch: %{rust_arches}
- rust-timerfd
ExclusiveArch: %{rust_arches}
- rust-tiny_http
ExclusiveArch: %{rust_arches}
- rust-tinytemplate
ExclusiveArch: %{rust_arches}
- rust-tinyvec
ExclusiveArch: %{rust_arches}
- rust-tokei
ExclusiveArch: %{rust_arches}
- rust-tokio
ExclusiveArch: %{rust_arches}
- rust-tokio-codec
ExclusiveArch: %{rust_arches}
- rust-tokio-core
ExclusiveArch: %{rust_arches}
- rust-tokio-current-thread
ExclusiveArch: %{rust_arches}
- rust-tokio-executor
ExclusiveArch: %{rust_arches}
- rust-tokio-fs
ExclusiveArch: %{rust_arches}
- rust-tokio-io
ExclusiveArch: %{rust_arches}
- rust-tokio-io-pool
ExclusiveArch: %{rust_arches}
- rust-tokio-macros
ExclusiveArch: %{rust_arches}
- rust-tokio-mock-task
ExclusiveArch: %{rust_arches}
- rust-tokio-openssl
ExclusiveArch: %{rust_arches}
- rust-tokio-reactor
ExclusiveArch: %{rust_arches}
- rust-tokio-socks
ExclusiveArch: %{rust_arches}
- rust-tokio-sync
ExclusiveArch: %{rust_arches}
- rust-tokio-tcp
ExclusiveArch: %{rust_arches}
- rust-tokio-test
ExclusiveArch: %{rust_arches}
- rust-tokio-threadpool
ExclusiveArch: %{rust_arches}
- rust-tokio-timer
ExclusiveArch: %{rust_arches}
- rust-tokio-tls
ExclusiveArch: %{rust_arches}
- rust-tokio-tls0.2
ExclusiveArch: %{rust_arches}
- rust-tokio-tungstenite
ExclusiveArch: %{rust_arches}
- rust-tokio-udp
ExclusiveArch: %{rust_arches}
- rust-tokio-uds
ExclusiveArch: %{rust_arches}
- rust-tokio-util
ExclusiveArch: %{rust_arches}
- rust-tokio-util0.2
ExclusiveArch: %{rust_arches}
- rust-tokio0.1
ExclusiveArch: %{rust_arches}
- rust-toml
ExclusiveArch: %{rust_arches}
- rust-toml0.4
ExclusiveArch: %{rust_arches}
- rust-tower-layer
ExclusiveArch: %{rust_arches}
- rust-tower-service
ExclusiveArch: %{rust_arches}
- rust-tower-test
ExclusiveArch: %{rust_arches}
- rust-tower-util
ExclusiveArch: %{rust_arches}
- rust-traitobject
ExclusiveArch: %{rust_arches}
- rust-treebitmap
ExclusiveArch: %{rust_arches}
- rust-treeline
ExclusiveArch: %{rust_arches}
- rust-trust-dns-native-tls
ExclusiveArch: %{rust_arches}
- rust-trust-dns-openssl
ExclusiveArch: %{rust_arches}
- rust-trust-dns-proto
ExclusiveArch: %{rust_arches}
- rust-trust-dns-resolver
ExclusiveArch: %{rust_arches}
- rust-try-lock
ExclusiveArch: %{rust_arches}
- rust-try_from
ExclusiveArch: %{rust_arches}
- rust-try_or
ExclusiveArch: %{rust_arches}
- rust-trybuild
ExclusiveArch: %{rust_arches}
- rust-tui
ExclusiveArch: %{rust_arches}
- rust-tui-react
ExclusiveArch: %{rust_arches}
- rust-tuikit
ExclusiveArch: %{rust_arches}
- rust-tungstenite
ExclusiveArch: %{rust_arches}
- rust-twoway
ExclusiveArch: %{rust_arches}
- rust-typeable
ExclusiveArch: %{rust_arches}
- rust-typed-arena
ExclusiveArch: %{rust_arches}
- rust-typemap
ExclusiveArch: %{rust_arches}
- rust-typenum
ExclusiveArch: %{rust_arches}
- rust-ucd-parse
ExclusiveArch: %{rust_arches}
- rust-ucd-trie
ExclusiveArch: %{rust_arches}
- rust-ucd-util
ExclusiveArch: %{rust_arches}
- rust-unchecked-index
ExclusiveArch: %{rust_arches}
- rust-unescape
ExclusiveArch: %{rust_arches}
- rust-unic-char-property
ExclusiveArch: %{rust_arches}
- rust-unic-char-range
ExclusiveArch: %{rust_arches}
- rust-unic-common
ExclusiveArch: %{rust_arches}
- rust-unic-segment
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-category
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-common
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-segment
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-version
ExclusiveArch: %{rust_arches}
- rust-unicase
ExclusiveArch: %{rust_arches}
- rust-unicase1
ExclusiveArch: %{rust_arches}
- rust-unicode-bidi
ExclusiveArch: %{rust_arches}
- rust-unicode-normalization
ExclusiveArch: %{rust_arches}
- rust-unicode-segmentation
ExclusiveArch: %{rust_arches}
- rust-unicode-width
ExclusiveArch: %{rust_arches}
- rust-unicode-xid
ExclusiveArch: %{rust_arches}
- rust-unicode-xid0.1
ExclusiveArch: %{rust_arches}
- rust-unicode_categories
ExclusiveArch: %{rust_arches}
- rust-unindent
ExclusiveArch: %{rust_arches}
- rust-unix_socket
ExclusiveArch: %{rust_arches}
- rust-unreachable
ExclusiveArch: %{rust_arches}
- rust-unsafe-any
ExclusiveArch: %{rust_arches}
- rust-untrusted
ExclusiveArch: %{rust_arches}
- rust-uom
ExclusiveArch: %{rust_arches}
- rust-url
ExclusiveArch: %{rust_arches}
- rust-url1
ExclusiveArch: %{rust_arches}
- rust-url_serde
ExclusiveArch: %{rust_arches}
- rust-urlencoding
ExclusiveArch: %{rust_arches}
- rust-urlocator
ExclusiveArch: %{rust_arches}
- rust-urlshortener
ExclusiveArch: %{rust_arches}
- rust-users
ExclusiveArch: %{rust_arches}
- rust-utf-8
ExclusiveArch: %{rust_arches}
- rust-utf8-ranges
ExclusiveArch: %{rust_arches}
- rust-utf8parse
ExclusiveArch: %{rust_arches}
- rust-uuid
ExclusiveArch: %{rust_arches}
- rust-uuid0.7
ExclusiveArch: %{rust_arches}
- rust-v_escape
ExclusiveArch: %{rust_arches}
- rust-v_escape_derive
ExclusiveArch: %{rust_arches}
- rust-v_htmlescape
ExclusiveArch: %{rust_arches}
- rust-varlink
ExclusiveArch: %{rust_arches}
- rust-varlink-cli
ExclusiveArch: %{rust_arches}
- rust-varlink_generator
ExclusiveArch: %{rust_arches}
- rust-varlink_parser
ExclusiveArch: %{rust_arches}
- rust-varlink_stdinterfaces
ExclusiveArch: %{rust_arches}
- rust-vec_map
ExclusiveArch: %{rust_arches}
- rust-vergen
ExclusiveArch: %{rust_arches}
- rust-version-compare
ExclusiveArch: %{rust_arches}
- rust-version-sync
ExclusiveArch: %{rust_arches}
- rust-version_check
ExclusiveArch: %{rust_arches}
- rust-vmw_backdoor
ExclusiveArch: %{rust_arches}
- rust-void
ExclusiveArch: %{rust_arches}
- rust-vte
ExclusiveArch: %{rust_arches}
- rust-wait-timeout
ExclusiveArch: %{rust_arches}
- rust-walkdir
ExclusiveArch: %{rust_arches}
- rust-want
ExclusiveArch: %{rust_arches}
- rust-warp
ExclusiveArch: %{rust_arches}
- rust-wayland-scanner
ExclusiveArch: %{rust_arches}
- rust-wayland-sys
ExclusiveArch: %{rust_arches}
- rust-webkit2gtk
ExclusiveArch: %{rust_arches}
- rust-webkit2gtk-sys
ExclusiveArch: %{rust_arches}
- rust-websocket
ExclusiveArch: %{rust_arches}
- rust-websocket-base
ExclusiveArch: %{rust_arches}
- rust-which
ExclusiveArch: %{rust_arches}
- rust-wild
ExclusiveArch: %{rust_arches}
- rust-ws
ExclusiveArch: %{rust_arches}
- rust-x11
ExclusiveArch: %{rust_arches}
- rust-x11-dl
ExclusiveArch: %{rust_arches}
- rust-xattr
ExclusiveArch: %{rust_arches}
- rust-xdg
ExclusiveArch: %{rust_arches}
- rust-xkbcommon
ExclusiveArch: %{rust_arches}
- rust-xml-rs
ExclusiveArch: %{rust_arches}
- rust-xml5ever
ExclusiveArch: %{rust_arches}
- rust-xz2
ExclusiveArch: %{rust_arches}
- rust-y4m
ExclusiveArch: %{rust_arches}
- rust-yaml-rust
ExclusiveArch: %{rust_arches}
- rust-yaml-rust0.3
ExclusiveArch: %{rust_arches}
- rust-ybaas
ExclusiveArch: %{rust_arches}
- rust-ytop
ExclusiveArch: %{rust_arches}
- rust-yubibomb
ExclusiveArch: %{rust_arches}
- rust-yup-oauth2
ExclusiveArch: %{rust_arches}
- rust-zincati
ExclusiveArch: %{rust_arches}
- rust-zoneinfo_compiled
ExclusiveArch: %{rust_arches}
- rust-zoxide
ExclusiveArch: %{rust_arches}
- rust-zram-generator
ExclusiveArch: %{rust_arches}
- rust-zstd
ExclusiveArch: %{rust_arches}
- rust-zstd-safe
ExclusiveArch: %{rust_arches}
- rust-zstd-sys
ExclusiveArch: %{rust_arches}
- s390utils
ExclusiveArch: s390 s390x
- safetyblanket
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- sagemath
ExclusiveArch: aarch64 %{ix86} x86_64 ppc sparcv9
- sbcl
ExclusiveArch: %{arm} %{ix86} x86_64 ppc sparcv9 aarch64
- sbd
ExclusiveArch: i686 x86_64 s390x aarch64 ppc64le
- sbsigntools
ExclusiveArch: x86_64 aarch64 %{arm} %{ix86}
- seabios
ExclusiveArch: x86_64
- seamonkey
ExclusiveArch: x86_64
- servicelog
ExclusiveArch: ppc %{power64}
- sgabios
ExclusiveArch: %{ix86} x86_64
- sharpfont
ExclusiveArch: %mono_arches
- sharpziplib
ExclusiveArch: %{mono_arches}
- shim
ExclusiveArch: %{efi}
- shim-unsigned-aarch64
ExclusiveArch: aarch64
- shim-unsigned-x64
ExclusiveArch: x86_64
- sigul
ExclusiveArch: x86_64
- skychart
ExclusiveArch: %{fpc_arches}
- snapd
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- soup-sharp
ExclusiveArch: %{mono_arches}
- source-to-image
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- sparkleshare
ExclusiveArch: %{mono_arches}
- spicctrl
ExclusiveArch: %{ix86} x86_64
- spice
ExclusiveArch: x86_64
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- springlobby
ExclusiveArch: %{ix86} x86_64
- squeekboard
ExclusiveArch: %{rust_arches}
- startdde
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- statsd
ExclusiveArch: %{nodejs_arches} noarch
- stratis-cli
ExclusiveArch: %{rust_arches} noarch
- stratisd
ExclusiveArch: %{rust_arches}
- stripesnoop
ExclusiveArch: %{ix86} x86_64
- supercollider
ExclusiveArch: %{qt5_qtwebengine_arches}
- supermin
ExclusiveArch: x86_64
- svt-av1
ExclusiveArch: x86_64
- svt-vp9
ExclusiveArch: x86_64
- swift-lang
ExclusiveArch: x86_64 aarch64
- sysbench
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips}
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- syslinux
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{ix86} x86_64
- taglib-sharp
ExclusiveArch: %{mono_arches}
- tarantool
ExclusiveArch: %{ix86} x86_64
- tboot
ExclusiveArch: %{ix86} x86_64
- tdlib
ExclusiveArch: x86_64
- templates_parser
ExclusiveArch: %GPRbuild_arches
- ternimal
ExclusiveArch: %{rust_arches}
- themonospot-base
ExclusiveArch: %mono_arches
- themonospot-console
ExclusiveArch: %mono_arches
- themonospot-gui-gtk
ExclusiveArch: %mono_arches
- themonospot-plugin-avi
ExclusiveArch: %mono_arches
- themonospot-plugin-mkv
ExclusiveArch: %mono_arches
- thermald
ExclusiveArch: %{ix86} x86_64
- tilix
ExclusiveArch: %{ldc_arches}
- tmux-top
ExclusiveArch: %{go_arches}
- tomboy
ExclusiveArch: %{mono_arches}
- toolbox
ExclusiveArch: aarch64 %{arm} ppc64le s390x x86_64
- torbrowser-launcher
ExclusiveArch: %{ix86} x86_64
- tuned-profiles-nfv-host-bin
ExclusiveArch: %{ix86} x86_64
- uClibc
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips}
- ucx
ExclusiveArch: aarch64 ppc64le x86_64
- ugene
ExclusiveArch: %{ix86} x86_64
- uglify-js
ExclusiveArch: %{nodejs_arches} noarch
- uglify-js1
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- unetbootin
ExclusiveArch: %{ix86} x86_64
- ursa-major
ExclusiveArch: noarch aarch64 ppc64le s390x x86_64
- v8-314
ExclusiveArch: %{ix86} x86_64 %{arm} mips mipsel ppc ppc64
- valgrind
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
- vapoursynth
ExclusiveArch: %{ix86} x86_64
- vboot-utils
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- vim-go
ExclusiveArch: %{?golang_arches}%{!?golang_arches:%{ix86} x86_64 %{arm}}
- virt-p2v
ExclusiveArch: x86_64
- virtualbox-guest-additions
ExclusiveArch: i686 x86_64
- virtualplanet
ExclusiveArch: %{fpc_arches}
- vkd3d
ExclusiveArch: %{ix86} x86_64 %{arm}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- vmaf
ExclusiveArch: x86_64
- vmem
ExclusiveArch: x86_64
- vmemcache
ExclusiveArch: x86_64 ppc64 ppc64le s390x aarch64
- vrq
ExclusiveArch: %{ix86} x86_64
- warsow
ExclusiveArch: %{ix86} x86_64 %{arm}
- warsow-data
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
ExclusiveArch: %{ix86} x86_64 %{arm}
- webkit2-sharp
ExclusiveArch: %mono_arches
- wine
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
ExclusiveArch: %{ix86} %{arm}
- wine-dxvk
ExclusiveArch: %{ix86} x86_64
- winetricks
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- wxMaxima
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc sparcv9
- x2goclient
ExclusiveArch: x86_64
- xe-guest-utilities-latest
ExclusiveArch: %{ix86} x86_64
- xen
ExclusiveArch: %{ix86} x86_64 armv7hl aarch64
- xmlada
ExclusiveArch: %{GPRbuild_arches}
- xorg-x11-drv-armsoc
ExclusiveArch: %{arm} aarch64
- xorg-x11-drv-intel
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-openchrome
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-vesa
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-vmware
ExclusiveArch: %{ix86} x86_64 ia64
- xsp
ExclusiveArch: %mono_arches
- yarnpkg
ExclusiveArch: %{nodejs_arches} noarch
- zeromq-ada
ExclusiveArch: %{GPRbuild_arches}
- zlib-ada
ExclusiveArch: %{GPRbuild_arches}
- zola
ExclusiveArch: %{rust_arches}
3 years, 10 months
Architecture specific change in rpms/os-autoinst.git
by githook-noreply@fedoraproject.org
The package rpms/os-autoinst.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/os-autoinst.git/commit/?id=1fb091....
Change:
+%ifarch %{arm} s390x
Thanks.
Full change:
============
commit 1de4c5f040f6a0b615780ddd7ec5d68556852d23
Author: Adam Williamson <awilliam(a)redhat.com>
Date: Wed Jun 24 17:43:03 2020 -0700
Bump to latest git, resync spec again
diff --git a/.gitignore b/.gitignore
index c17cf93..61e6f62 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@
/os-autoinst-85fa4f12c1fb5bed7295791801085d32a69d4586.tar.gz
/os-autoinst-bcbc6c412cbd69ab461d5448f8bf08b5371a0adb.tar.gz
/os-autoinst-f38e8b174dc1a0cace4d624a197a297f9efdc2bb.tar.gz
+/os-autoinst-5038d8c2e04d923a8e7d616ea4b88a9ba3af6fb4.tar.gz
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 41b4d87..37d730c 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -31,14 +31,14 @@
%global github_owner os-autoinst
%global github_name os-autoinst
%global github_version 4.6
-%global github_commit f38e8b174dc1a0cace4d624a197a297f9efdc2bb
+%global github_commit 5038d8c2e04d923a8e7d616ea4b88a9ba3af6fb4
# if set, will be a post-release snapshot build, otherwise a 'normal' build
-%global github_date 20200610
+%global github_date 20200623
%global shortcommit %(c=%{github_commit}; echo ${c:0:7})
Name: os-autoinst
Version: %{github_version}
-Release: 17%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
+Release: 18%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
Summary: OS-level test automation
License: GPLv2+
URL: https://os-autoinst.github.io/openQA/
@@ -61,10 +61,8 @@ Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{gith
%define main_requires %main_requires_additional git-core perl(B::Deparse) perl(Carp) perl(Carp::Always) perl(Class::Accessor::Fast) perl(Config) perl(Cpanel::JSON::XS) perl(Crypt::DES) perl(Cwd) perl(Data::Dumper) perl(Digest::MD5) perl(DynaLoader) perl(English) perl(Errno) perl(Exception::Class) perl(Exporter) perl(ExtUtils::testlib) perl(Fcntl) perl(File::Basename) perl(File::Find) perl(File::Path) perl(File::Spec) perl(File::Temp) perl(File::Touch) perl(File::Which) perl(IO::Handle) perl(IO::Scalar) perl(IO::Select) perl(IO::Socket) perl(IO::Socket::INET) perl(IO::Socket::UNIX) perl(IPC::Open3) perl(IPC::Run::Debug) perl(IPC::System::Simple) perl(List::MoreUtils) perl(List::Util) perl(Mojo::IOLoop::ReadWriteProcess) >= 0.23 perl(Mojo::JSON) perl(Mojo::Log) perl(Mojo::URL) perl(Mojo::UserAgent) perl(Mojolicious) >= 8.42 perl(Mojolicious::Lite) perl(Net::DBus) perl(Net::IP) perl(Net::SNMP) perl(Net::SSH2) perl(POSIX) perl(Scalar::Util) perl(Socket) perl(Socket::MsgHdr) perl(Term::ANSIColor) perl(Thread::Queue) perl(Time::HiRes) perl(Try::Tiny) perl(XML::LibXML) perl(XML::SemanticDiff) perl(autodie) perl(base) perl(constant) perl(integer) perl(strict) perl(warnings)
# all requirements needed by the tests, do not require on this in the package
# itself or any sub-packages
-# diff from SUSE: replaced qemu-tools with qemu-img, replaced qemu-x86
-# with qemu-system-i386, dropped spellcheck requirement stuff as this
-# isn't needed in package builds IMO, dropped critic stuff as we don't
-# run those tests in our build
+# diff from SUSE: replaced qemu with qemu-kvm, qemu-tools with
+# qemu-img, and qemu-x86 with qemu-system-i386
# The following line is generated from dependencies.yaml (upstream)
%define test_requires %build_requires %main_requires perl(Benchmark) perl(Devel::Cover) perl(FindBin) perl(Pod::Coverage) perl(Test::Exception) perl(Test::Fatal) perl(Test::Mock::Time) perl(Test::MockModule) perl(Test::MockObject) perl(Test::Mojo) perl(Test::More) perl(Test::Output) perl(Test::Pod) perl(Test::Strict) perl(Test::Warnings) >= 0.029 perl(YAML::PP) qemu-kvm /usr/bin/qemu-img /usr/bin/qemu-system-i386
# diff from SUSE: dropped perl(Devel::Cover::Report::Codecov) as it's
@@ -229,6 +227,9 @@ make test VERBOSE=1
%files devel
%changelog
+* Wed Jun 24 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-18.20200624git5038d8c2
+- Bump to latest git, resync spec again
+
* Fri Jun 12 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-17.20200610gitf38e8b17
- Drop -devel dep that doesn't exist in Fedora
diff --git a/sources b/sources
index 4a5d9d1..56a9760 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (os-autoinst-f38e8b174dc1a0cace4d624a197a297f9efdc2bb.tar.gz) = 5b6f1f7677b136f8fce66af92d468eb334cfb7d24cdb2622b3fbecc7aae8b069ecb969e5e35c22173f19470bf79d97503a8b82e372518ad0a6031e5f6d70779b
+SHA512 (os-autoinst-5038d8c2e04d923a8e7d616ea4b88a9ba3af6fb4.tar.gz) = 0483646b4d21aae24034d944a9095aaae751883912d620439309198f4ff8ec591d1015a1c478eb142d9e4be0b93d511151af1ed993855505fe4d7557574669f9
commit 5a5527238eee0f31bb229f4a7dc7a9fdc3386ccd
Author: Adam Williamson <awilliam(a)redhat.com>
Date: Fri Jun 12 14:08:36 2020 -0700
Drop -devel dep that doesn't exist in Fedora
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 49a1264..41b4d87 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -38,7 +38,7 @@
Name: os-autoinst
Version: %{github_version}
-Release: 16%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
+Release: 17%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
Summary: OS-level test automation
License: GPLv2+
URL: https://os-autoinst.github.io/openQA/
@@ -67,8 +67,10 @@ Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{gith
# run those tests in our build
# The following line is generated from dependencies.yaml (upstream)
%define test_requires %build_requires %main_requires perl(Benchmark) perl(Devel::Cover) perl(FindBin) perl(Pod::Coverage) perl(Test::Exception) perl(Test::Fatal) perl(Test::Mock::Time) perl(Test::MockModule) perl(Test::MockObject) perl(Test::Mojo) perl(Test::More) perl(Test::Output) perl(Test::Pod) perl(Test::Strict) perl(Test::Warnings) >= 0.029 perl(YAML::PP) qemu-kvm /usr/bin/qemu-img /usr/bin/qemu-system-i386
+# diff from SUSE: dropped perl(Devel::Cover::Report::Codecov) as it's
+# not currently packaged for Fedora
# The following line is generated from dependencies.yaml (upstream)
-%define devel_requires %test_requires perl(Devel::Cover) perl(Devel::Cover::Report::Codecov) perl(Perl::Tidy)
+%define devel_requires %test_requires perl(Devel::Cover) perl(Perl::Tidy)
BuildRequires: perl-devel
BuildRequires: perl-generators
@@ -227,6 +229,9 @@ make test VERBOSE=1
%files devel
%changelog
+* Fri Jun 12 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-17.20200610gitf38e8b17
+- Drop -devel dep that doesn't exist in Fedora
+
* Wed Jun 10 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-16.20200610gitf38e8b17
- Bump to latest git, resync spec again
commit 55b14a1de7105a9af36d14f4138b27bb436feb96
Author: Adam Williamson <awilliam(a)redhat.com>
Date: Wed Jun 10 11:48:35 2020 -0700
Bump to latest git, resync spec again
diff --git a/.gitignore b/.gitignore
index 450b363..c17cf93 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,3 +41,4 @@
/os-autoinst-50464d4e81fcac9dd36785ba88f69b489e4e99e7.tar.gz
/os-autoinst-85fa4f12c1fb5bed7295791801085d32a69d4586.tar.gz
/os-autoinst-bcbc6c412cbd69ab461d5448f8bf08b5371a0adb.tar.gz
+/os-autoinst-f38e8b174dc1a0cace4d624a197a297f9efdc2bb.tar.gz
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 3927ad9..49a1264 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -31,14 +31,14 @@
%global github_owner os-autoinst
%global github_name os-autoinst
%global github_version 4.6
-%global github_commit bcbc6c412cbd69ab461d5448f8bf08b5371a0adb
+%global github_commit f38e8b174dc1a0cace4d624a197a297f9efdc2bb
# if set, will be a post-release snapshot build, otherwise a 'normal' build
-%global github_date 20200608
+%global github_date 20200610
%global shortcommit %(c=%{github_commit}; echo ${c:0:7})
Name: os-autoinst
Version: %{github_version}
-Release: 15%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
+Release: 16%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
Summary: OS-level test automation
License: GPLv2+
URL: https://os-autoinst.github.io/openQA/
@@ -48,45 +48,27 @@ Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{gith
# still use a macro just to keep build_requires similar for ease of
# cross-comparison
%define opencv_require pkgconfig(opencv)
-# this is stuff we added to build_requires, we put it in its own macro
-# to make resyncing with upstream spec changes easier. Upstream put
-# MakeMaker in main_requires for some reason but it is clearly a build
-# requirement:
-# https://github.com/os-autoinst/os-autoinst/pull/1435
-# Pod::Html is needed to run pod2html as part of doc build, it used to
-# be pulled in as a dep of Perl::Tidy but that's not explicitly listed
-# in test_requires any more:
-# https://github.com/os-autoinst/os-autoinst/pull/1437
-%define build_requires_additional perl(ExtUtils::MakeMaker) >= 7.12 perl(Pod::Html)
-# diff from SUSE: added build_requires_additional
# The following line is generated from dependencies.yaml (upstream)
-%define build_requires %build_requires_additional %opencv_require autoconf automake gcc-c++ libtool make perl(ExtUtils::Embed) perl(Module::CPANfile) pkg-config pkgconfig(fftw3) pkgconfig(libpng) pkgconfig(sndfile) pkgconfig(theoraenc)
+%define build_requires %opencv_require autoconf automake gcc-c++ libtool make perl(ExtUtils::Embed) perl(ExtUtils::MakeMaker) >= 7.12 perl(Module::CPANfile) perl(Pod::Html) pkg-config pkgconfig(fftw3) pkgconfig(libpng) pkgconfig(sndfile) pkgconfig(theoraenc)
# this is stuff we added to requires, we put it in its own macro
# to make resyncing with upstream spec changes easier. SUSE has
# perl-base, we have perl(base)
%define main_requires_additional perl(base)
# diff from SUSE: added main_requires_additional, dropped perl-base
# which does not exist in Fedora - we have perl(base) in
-# main_requires_additional and the perl(:MODULE_COMPAT) require below,
-# dropped perl(ExtUtils::MakeMaker) which should be in build_requires
+# main_requires_additional and the perl(:MODULE_COMPAT) require below
# The following line is generated from dependencies.yaml (upstream)
-%define main_requires %main_requires_additional perl(B::Deparse) perl(Carp) perl(Carp::Always) perl(Class::Accessor::Fast) perl(Config) perl(Cpanel::JSON::XS) perl(Crypt::DES) perl(Cwd) perl(Data::Dumper) perl(Digest::MD5) perl(DynaLoader) perl(English) perl(Errno) perl(Exception::Class) perl(Exporter) perl(ExtUtils::testlib) perl(Fcntl) perl(File::Basename) perl(File::Find) perl(File::Path) perl(File::Spec) perl(File::Temp) perl(File::Touch) perl(File::Which) perl(IO::Handle) perl(IO::Scalar) perl(IO::Select) perl(IO::Socket) perl(IO::Socket::INET) perl(IO::Socket::UNIX) perl(IPC::Open3) perl(IPC::Run::Debug) perl(IPC::System::Simple) perl(List::MoreUtils) perl(List::Util) perl(Mojo::IOLoop::ReadWriteProcess) >= 0.23 perl(Mojo::JSON) perl(Mojo::Log) perl(Mojo::URL) perl(Mojo::UserAgent) perl(Mojolicious) >= 8.42 perl(Mojolicious::Lite) perl(Net::DBus) perl(Net::IP) perl(Net::SNMP) perl(Net::SSH2) perl(POSIX) perl(Scalar::Util) perl(Socket) perl(Socket::MsgHdr) perl(Term::ANSIColor) perl(Thread::Queue) perl(Time::HiRes) perl(Try::Tiny) perl(XML::LibXML) perl(XML::SemanticDiff) perl(autodie) perl(base) perl(constant) perl(integer) perl(strict) perl(warnings)
-%define requires_not_needed_in_tests git-core
-# this is stuff we added to test_requires, we put it in its own macro
-# to make resyncing with upstream spec changes easier. Since 7add21687
-# it seems tests fail unless git is installed:
-# https://github.com/os-autoinst/os-autoinst/pull/1436
-%define test_requires_additional git-core
+%define main_requires %main_requires_additional git-core perl(B::Deparse) perl(Carp) perl(Carp::Always) perl(Class::Accessor::Fast) perl(Config) perl(Cpanel::JSON::XS) perl(Crypt::DES) perl(Cwd) perl(Data::Dumper) perl(Digest::MD5) perl(DynaLoader) perl(English) perl(Errno) perl(Exception::Class) perl(Exporter) perl(ExtUtils::testlib) perl(Fcntl) perl(File::Basename) perl(File::Find) perl(File::Path) perl(File::Spec) perl(File::Temp) perl(File::Touch) perl(File::Which) perl(IO::Handle) perl(IO::Scalar) perl(IO::Select) perl(IO::Socket) perl(IO::Socket::INET) perl(IO::Socket::UNIX) perl(IPC::Open3) perl(IPC::Run::Debug) perl(IPC::System::Simple) perl(List::MoreUtils) perl(List::Util) perl(Mojo::IOLoop::ReadWriteProcess) >= 0.23 perl(Mojo::JSON) perl(Mojo::Log) perl(Mojo::URL) perl(Mojo::UserAgent) perl(Mojolicious) >= 8.42 perl(Mojolicious::Lite) perl(Net::DBus) perl(Net::IP) perl(Net::SNMP) perl(Net::SSH2) perl(POSIX) perl(Scalar::Util) perl(Socket) perl(Socket::MsgHdr) perl(Term::ANSIColor) perl(Thread::Queue) perl(Time::HiRes) perl(Try::Tiny) perl(XML::LibXML) perl(XML::SemanticDiff) perl(autodie) perl(base) perl(constant) perl(integer) perl(strict) perl(warnings)
# all requirements needed by the tests, do not require on this in the package
# itself or any sub-packages
-# diff from SUSE: added test_requires_additional, replaced qemu-tools
-# with qemu-img, replaced qemu-x86 with qemu-system-i386, dropped spell
-# check requirement stuff as this isn't needed in package builds IMO,
-# dropped critic stuff as we don't run those tests in our build
-# The following line is generated from dependencies.yaml
-%define test_requires %test_requires_additional %build_requires %main_requires perl(Benchmark) perl(Devel::Cover) perl(FindBin) perl(Pod::Coverage) perl(Test::Exception) perl(Test::Fatal) perl(Test::Mock::Time) perl(Test::MockModule) perl(Test::MockObject) perl(Test::Mojo) perl(Test::More) perl(Test::Output) perl(Test::Pod) perl(Test::Strict) perl(Test::Warnings) >= 0.029 perl(YAML::PP) qemu-kvm /usr/bin/qemu-img /usr/bin/qemu-system-i386
-# The following line is generated from dependencies.yaml
-%define devel_requires %requires_not_needed_in_tests %test_requires perl(Devel::Cover) perl(Devel::Cover::Report::Codecov) perl(Perl::Tidy)
+# diff from SUSE: replaced qemu-tools with qemu-img, replaced qemu-x86
+# with qemu-system-i386, dropped spellcheck requirement stuff as this
+# isn't needed in package builds IMO, dropped critic stuff as we don't
+# run those tests in our build
+# The following line is generated from dependencies.yaml (upstream)
+%define test_requires %build_requires %main_requires perl(Benchmark) perl(Devel::Cover) perl(FindBin) perl(Pod::Coverage) perl(Test::Exception) perl(Test::Fatal) perl(Test::Mock::Time) perl(Test::MockModule) perl(Test::MockObject) perl(Test::Mojo) perl(Test::More) perl(Test::Output) perl(Test::Pod) perl(Test::Strict) perl(Test::Warnings) >= 0.029 perl(YAML::PP) qemu-kvm /usr/bin/qemu-img /usr/bin/qemu-system-i386
+# The following line is generated from dependencies.yaml (upstream)
+%define devel_requires %test_requires perl(Devel::Cover) perl(Devel::Cover::Report::Codecov) perl(Perl::Tidy)
BuildRequires: perl-devel
BuildRequires: perl-generators
@@ -102,7 +84,7 @@ Recommends: qemu >= 2.0.0
Recommends: qemu-kvm
Recommends: /usr/bin/qemu-img
BuildRequires: %test_requires
-Requires: %main_requires %requires_not_needed_in_tests
+Requires: %main_requires
Requires(pre): %{_bindir}/getent
Requires(pre): %{_sbindir}/useradd
@@ -172,8 +154,7 @@ make INSTALLDIRS=vendor %{?_smp_mflags}
%install
%make_install INSTALLDIRS=vendor
# only internal stuff
-rm %{buildroot}%{_libexecdir}/os-autoinst/tools/{tidy,check_coverage,absolutize,docker_run_ci,update-deps}
-rm -r %{buildroot}%{_libexecdir}/os-autoinst/tools/lib/perlcritic
+rm -r %{buildroot}%{_libexecdir}/os-autoinst/tools/
# we don't really need to ship this in the package, usually the web UI
# is much better for needle editing
rm %{buildroot}%{_libexecdir}/os-autoinst/crop.py*
@@ -189,12 +170,15 @@ find %{buildroot} -depth -type d -and -not -name distri -exec rmdir {} \;
export NO_BRP_STALE_LINK_ERROR=yes
%check
-# disable code quality checks - not worth the time for package builds
-sed '/perlcritic/d' -i Makefile
+# we may not pull Perl::Critic in for RPM builds as we don't run code
+# quality checks, so cut it from cpanfile ahead of the next check
sed '/Perl::Critic/d' -i cpanfile
-sed '/tidy/d' -i Makefile
+# should work offline
+for p in $(cpanfile-dump); do rpm -q --whatprovides "perl($p)"; done
+# 00-compile-check-all.t fails if this is present and Perl::Critic is
+# not installed
rm tools/lib/perlcritic/Perl/Critic/Policy/*.pm
-make check test VERBOSE=1 CHECK_DOC=0
+make test VERBOSE=1
%post openvswitch
%systemd_post os-autoinst-openvswitch.service
@@ -230,8 +214,6 @@ make check test VERBOSE=1 CHECK_DOC=0
%{_libexecdir}/os-autoinst/backend
%{_libexecdir}/os-autoinst/OpenQA
%{_libexecdir}/os-autoinst/consoles
-%dir %{_libexecdir}/os-autoinst/tools
-%{_libexecdir}/os-autoinst/tools/preparepool
%{_libexecdir}/os-autoinst/autotest.pm
%{_bindir}/isotovideo
%{_bindir}/debugviewer
@@ -245,6 +227,9 @@ make check test VERBOSE=1 CHECK_DOC=0
%files devel
%changelog
+* Wed Jun 10 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-16.20200610gitf38e8b17
+- Bump to latest git, resync spec again
+
* Mon Jun 08 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-15.20200608gitbcbc6c41
- Bump to latest git, resync spec with upstream
diff --git a/sources b/sources
index 057c478..4a5d9d1 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (os-autoinst-bcbc6c412cbd69ab461d5448f8bf08b5371a0adb.tar.gz) = df061b71621139737a7dae934810cb44354cb2c635e8ef61c0cef1f02e8dfb0b4419f2c2018f4e60d596622ada1d5c63f3a54cf7e65f7be89954f50125cf8a42
+SHA512 (os-autoinst-f38e8b174dc1a0cace4d624a197a297f9efdc2bb.tar.gz) = 5b6f1f7677b136f8fce66af92d468eb334cfb7d24cdb2622b3fbecc7aae8b069ecb969e5e35c22173f19470bf79d97503a8b82e372518ad0a6031e5f6d70779b
commit 011ae283a1a43037091d6c0174fe26c2d0e90cb9
Author: Adam Williamson <awilliam(a)redhat.com>
Date: Mon Jun 8 17:15:52 2020 -0700
Bump to latest git, resync spec with upstream
diff --git a/.gitignore b/.gitignore
index 387d823..450b363 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,3 +40,4 @@
/os-autoinst-63af2f4f91cfad88712bd0773e0a236d6e3853ea.tar.gz
/os-autoinst-50464d4e81fcac9dd36785ba88f69b489e4e99e7.tar.gz
/os-autoinst-85fa4f12c1fb5bed7295791801085d32a69d4586.tar.gz
+/os-autoinst-bcbc6c412cbd69ab461d5448f8bf08b5371a0adb.tar.gz
diff --git a/0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch b/0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch
deleted file mode 100644
index 158d8ff..0000000
--- a/0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 5a2c3ffa7264319c52f0dfd30bcff5f0a86ec01d Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam(a)redhat.com>
-Date: Mon, 25 May 2020 12:08:23 -0700
-Subject: [PATCH] Makefiles: set CXXFLAGS not CFLAGS or CPPFLAGS
-
-CFLAGS is for C compilation. CPPFLAGS is for the preprocessor.
-CXXFLAGS is for C++ compilation, which is what we're actually
-trying to apply the flags to in all three cases. CPPFLAGS happen
-to be applied to the compile stage as well as the preprocessor
-usually, so CPPFLAGS was working, but it wasn't correct. CFLAGS
-is not applied to C++ compiles, so `videoencoder_CFLAGS` was
-not being used at all.
-
-This broke build on Fedora Rawhide, because /usr/include/opencv2
-no longer exists there. There is /usr/include/opencv4/opencv2 and
-this should be fine because we should get -I/usr/include/opencv4
-from OPENCV_CFLAGS, but because of this bug, that wasn't set
-correctly and the build failed. With this change it works.
-
-Thanks to Orion Poplowski for reminding me of the CPPFLAGS vs.
-CXXFLAGS distinction here.
-
-Signed-off-by: Adam Williamson <awilliam(a)redhat.com>
----
- Makefile.am | 2 +-
- debugviewer/Makefile.am | 2 +-
- snd2png/Makefile.am | 3 +--
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 61dbe1d2..a5b4fbf2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -119,7 +119,7 @@ pkglibexec_FOLDERS = \
- pkglibexec_PROGRAMS = videoencoder
-
- videoencoder_SOURCES = videoencoder.cpp
--videoencoder_CFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
-+videoencoder_CXXFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
- videoencoder_LDADD = $(OPENCV_LIBS) $(THEORAENC_LIBS) -lm
-
- EXTRA_DIST = \
-diff --git a/debugviewer/Makefile.am b/debugviewer/Makefile.am
-index 47d1d953..eea1de60 100644
---- a/debugviewer/Makefile.am
-+++ b/debugviewer/Makefile.am
-@@ -2,6 +2,6 @@ bin_PROGRAMS = debugviewer
-
- debugviewer_SOURCES = debugviewer.cpp
-
--AM_CPPFLAGS = $(OPENCV_CFLAGS)
-+AM_CXXFLAGS = $(OPENCV_CFLAGS)
- debugviewer_LDFLAGS = $(OPENCV_LIBS)
-
-diff --git a/snd2png/Makefile.am b/snd2png/Makefile.am
-index 07bd084e..ec6f1840 100644
---- a/snd2png/Makefile.am
-+++ b/snd2png/Makefile.am
-@@ -2,8 +2,7 @@ bin_PROGRAMS = snd2png
-
- snd2png_SOURCES = snd2png.cpp
-
--AM_CXXFLAGS = -g3 -Wall -W
--AM_CPPFLAGS = $(OPENCV_CFLAGS) $(FFTW_CFLAGS) $(SNDFILE_CFLAGS)
-+AM_CXXFLAGS = -g3 -Wall -W $(OPENCV_CFLAGS) $(FFTW_CFLAGS) $(SNDFILE_CFLAGS)
- snd2png_LDFLAGS = $(OPENCV_LIBS) $(FFTW_LIBS) $(SNDFILE_LIBS) -lm
-
- check-local:
---
-2.26.2
-
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 796f724..3927ad9 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -31,58 +31,62 @@
%global github_owner os-autoinst
%global github_name os-autoinst
%global github_version 4.6
-%global github_commit 85fa4f12c1fb5bed7295791801085d32a69d4586
+%global github_commit bcbc6c412cbd69ab461d5448f8bf08b5371a0adb
# if set, will be a post-release snapshot build, otherwise a 'normal' build
-%global github_date 20200430
+%global github_date 20200608
%global shortcommit %(c=%{github_commit}; echo ${c:0:7})
Name: os-autoinst
Version: %{github_version}
-Release: 14%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
+Release: 15%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
Summary: OS-level test automation
License: GPLv2+
URL: https://os-autoinst.github.io/openQA/
Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{github_commit...
-# https://github.com/os-autoinst/os-autoinst/pull/1419
-# https://bugzilla.redhat.com/show_bug.cgi?id=1839616
-# Fixes build when /usr/include/opencv2 compat symlink is removed
-Patch0: 0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch
# on SUSE this is conditional, for us it doesn't have to be but we
# still use a macro just to keep build_requires similar for ease of
# cross-comparison
%define opencv_require pkgconfig(opencv)
# this is stuff we added to build_requires, we put it in its own macro
-# to make resyncing with upstream spec changes easier. TODO: submit
-# these upstream, at least ones that make sense for SUSE too.
-%define build_requires_additional perl(ExtUtils::MakeMaker) perl(ExtUtils::Embed)
+# to make resyncing with upstream spec changes easier. Upstream put
+# MakeMaker in main_requires for some reason but it is clearly a build
+# requirement:
+# https://github.com/os-autoinst/os-autoinst/pull/1435
+# Pod::Html is needed to run pod2html as part of doc build, it used to
+# be pulled in as a dep of Perl::Tidy but that's not explicitly listed
+# in test_requires any more:
+# https://github.com/os-autoinst/os-autoinst/pull/1437
+%define build_requires_additional perl(ExtUtils::MakeMaker) >= 7.12 perl(Pod::Html)
# diff from SUSE: added build_requires_additional
-%define build_requires %build_requires_additional %opencv_require autoconf automake gcc-c++ libtool make perl(Module::CPANfile) pkg-config pkgconfig(fftw3) pkgconfig(libpng) pkgconfig(sndfile) pkgconfig(theoraenc)
+# The following line is generated from dependencies.yaml (upstream)
+%define build_requires %build_requires_additional %opencv_require autoconf automake gcc-c++ libtool make perl(ExtUtils::Embed) perl(Module::CPANfile) pkg-config pkgconfig(fftw3) pkgconfig(libpng) pkgconfig(sndfile) pkgconfig(theoraenc)
# this is stuff we added to requires, we put it in its own macro
-# to make resyncing with upstream spec changes easier. These are all
-# things ppisar added in afeb766c. TODO: submit these upstream, at
-# least ones that make sense for SUSE too.
-%define requires_additional perl(base) perl(Carp) perl(Cwd) perl(English) perl(Errno) perl(Fcntl) perl(File::Temp) perl(integer) perl(Mojo::JSON) perl(Mojo::Log) perl(POSIX) perl(Scalar::Util) perl(Socket) perl(strict) perl(Time::HiRes) perl(warnings)
-# diff from SUSE: added requires_additional, dropped perl-base which
-# does not exist in Fedora - we have perl(base) in requires_additional
-# and the perl(:MODULE_COMPAT) require below
-%define requires %requires_additional perl(B::Deparse) perl(Carp::Always) perl(Class::Accessor::Fast) perl(Cpanel::JSON::XS) perl(Crypt::DES) perl(Data::Dumper) perl(Exception::Class) perl(File::Touch) perl(File::Which) perl(IO::Scalar) perl(IO::Socket::INET) perl(IPC::Run::Debug) perl(IPC::System::Simple) perl(List::MoreUtils) perl(Mojolicious) >= 7.92 perl(Mojo::IOLoop::ReadWriteProcess) >= 0.23 perl(Net::DBus) perl(Net::IP) perl(Net::SNMP) perl(Net::SSH2) perl(Socket::MsgHdr) perl(Try::Tiny) perl(XML::LibXML) perl(XML::SemanticDiff) perl(autodie)
+# to make resyncing with upstream spec changes easier. SUSE has
+# perl-base, we have perl(base)
+%define main_requires_additional perl(base)
+# diff from SUSE: added main_requires_additional, dropped perl-base
+# which does not exist in Fedora - we have perl(base) in
+# main_requires_additional and the perl(:MODULE_COMPAT) require below,
+# dropped perl(ExtUtils::MakeMaker) which should be in build_requires
+# The following line is generated from dependencies.yaml (upstream)
+%define main_requires %main_requires_additional perl(B::Deparse) perl(Carp) perl(Carp::Always) perl(Class::Accessor::Fast) perl(Config) perl(Cpanel::JSON::XS) perl(Crypt::DES) perl(Cwd) perl(Data::Dumper) perl(Digest::MD5) perl(DynaLoader) perl(English) perl(Errno) perl(Exception::Class) perl(Exporter) perl(ExtUtils::testlib) perl(Fcntl) perl(File::Basename) perl(File::Find) perl(File::Path) perl(File::Spec) perl(File::Temp) perl(File::Touch) perl(File::Which) perl(IO::Handle) perl(IO::Scalar) perl(IO::Select) perl(IO::Socket) perl(IO::Socket::INET) perl(IO::Socket::UNIX) perl(IPC::Open3) perl(IPC::Run::Debug) perl(IPC::System::Simple) perl(List::MoreUtils) perl(List::Util) perl(Mojo::IOLoop::ReadWriteProcess) >= 0.23 perl(Mojo::JSON) perl(Mojo::Log) perl(Mojo::URL) perl(Mojo::UserAgent) perl(Mojolicious) >= 8.42 perl(Mojolicious::Lite) perl(Net::DBus) perl(Net::IP) perl(Net::SNMP) perl(Net::SSH2) perl(POSIX) perl(Scalar::Util) perl(Socket) perl(Socket::MsgHdr) perl(Term::ANSIColor) perl(Thread::Queue) perl(Time::HiRes) perl(Try::Tiny) perl(XML::LibXML) perl(XML::SemanticDiff) perl(autodie) perl(base) perl(constant) perl(integer) perl(strict) perl(warnings)
%define requires_not_needed_in_tests git-core
# this is stuff we added to test_requires, we put it in its own macro
-# to make resyncing with upstream spec changes easier. FindBin is one
-# ppisar added in afeb766c, Test::Mojo and Test::More are just things
-# the test suite uses which I added, we add qemu-system-i386 because
-# the fullstack and qemu-options tests use it - we run them in Koji
-# but SUSE disables them as they cannot run in OBS, so they don't have
-# the requirement either. TODO: submit relevant changes upstream
-%define test_requires_additional perl(FindBin) perl(Test::Mojo) perl(Test::More) /usr/bin/qemu-system-i386
+# to make resyncing with upstream spec changes easier. Since 7add21687
+# it seems tests fail unless git is installed:
+# https://github.com/os-autoinst/os-autoinst/pull/1436
+%define test_requires_additional git-core
# all requirements needed by the tests, do not require on this in the package
# itself or any sub-packages
# diff from SUSE: added test_requires_additional, replaced qemu-tools
-# with qemu-img, dropped spell check requirement stuff as this isn't
-# needed in package builds IMO
-%define test_requires %test_requires_additional %build_requires %requires perl(Devel::Cover) perl(Perl::Tidy) perl(Pod::Coverage) perl(Test::Exception) perl(Test::Fatal) perl(Test::MockModule) perl(Test::MockObject) perl(Test::Mock::Time) perl(Test::Output) perl(Test::Pod) perl(Test::Strict) perl(Test::Warnings) /usr/bin/qemu-img
-%define devel_requires %test_requires %requires_not_needed_in_tests
+# with qemu-img, replaced qemu-x86 with qemu-system-i386, dropped spell
+# check requirement stuff as this isn't needed in package builds IMO,
+# dropped critic stuff as we don't run those tests in our build
+# The following line is generated from dependencies.yaml
+%define test_requires %test_requires_additional %build_requires %main_requires perl(Benchmark) perl(Devel::Cover) perl(FindBin) perl(Pod::Coverage) perl(Test::Exception) perl(Test::Fatal) perl(Test::Mock::Time) perl(Test::MockModule) perl(Test::MockObject) perl(Test::Mojo) perl(Test::More) perl(Test::Output) perl(Test::Pod) perl(Test::Strict) perl(Test::Warnings) >= 0.029 perl(YAML::PP) qemu-kvm /usr/bin/qemu-img /usr/bin/qemu-system-i386
+# The following line is generated from dependencies.yaml
+%define devel_requires %requires_not_needed_in_tests %test_requires perl(Devel::Cover) perl(Devel::Cover::Report::Codecov) perl(Perl::Tidy)
BuildRequires: perl-devel
BuildRequires: perl-generators
@@ -98,7 +102,7 @@ Recommends: qemu >= 2.0.0
Recommends: qemu-kvm
Recommends: /usr/bin/qemu-img
BuildRequires: %test_requires
-Requires: %requires %requires_not_needed_in_tests
+Requires: %main_requires %requires_not_needed_in_tests
Requires(pre): %{_bindir}/getent
Requires(pre): %{_sbindir}/useradd
@@ -168,7 +172,7 @@ make INSTALLDIRS=vendor %{?_smp_mflags}
%install
%make_install INSTALLDIRS=vendor
# only internal stuff
-rm %{buildroot}%{_libexecdir}/os-autoinst/tools/{tidy,check_coverage,absolutize}
+rm %{buildroot}%{_libexecdir}/os-autoinst/tools/{tidy,check_coverage,absolutize,docker_run_ci,update-deps}
rm -r %{buildroot}%{_libexecdir}/os-autoinst/tools/lib/perlcritic
# we don't really need to ship this in the package, usually the web UI
# is much better for needle editing
@@ -241,6 +245,9 @@ make check test VERBOSE=1 CHECK_DOC=0
%files devel
%changelog
+* Mon Jun 08 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-15.20200608gitbcbc6c41
+- Bump to latest git, resync spec with upstream
+
* Thu Jun 04 2020 Nicolas Chauvet <kwizart(a)gmail.com> - 4.6-14.20200430git85fa4f1
- Rebuilt for OpenCV 4.3
diff --git a/sources b/sources
index 3ad082c..057c478 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (os-autoinst-85fa4f12c1fb5bed7295791801085d32a69d4586.tar.gz) = d7c6cb7f6f7c3cf923e76a1f9e887abf451a68412bda2dfef05d510cc625ea758669510dd33ab736b30674ca6fb34f9f95be69e0334c3b683627e95ee67d39d9
+SHA512 (os-autoinst-bcbc6c412cbd69ab461d5448f8bf08b5371a0adb.tar.gz) = df061b71621139737a7dae934810cb44354cb2c635e8ef61c0cef1f02e8dfb0b4419f2c2018f4e60d596622ada1d5c63f3a54cf7e65f7be89954f50125cf8a42
commit 1fb091908c5635b0077e35eaa22dd370e8eaf231
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 5 11:26:35 2020 +0200
Also disable for s390x
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 2af7fba..796f724 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -10,7 +10,7 @@
# works on F31, works in a mock root...really not worth debugging more
# 14-isotovideo.t also broken since ~2020/04, os-autoinst apparently
# does not run in first subtest, can't figure out why not
-%ifarch %{arm}
+%ifarch %{arm} s390x
%global no_options 1
%global no_isotovideo 1
%endif
commit 272609be0eb3477197b3763f1c554cf43d95686c
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Jun 4 17:49:05 2020 +0200
Rebuilt
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 6c30346..2af7fba 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -38,7 +38,7 @@
Name: os-autoinst
Version: %{github_version}
-Release: 13%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
+Release: 14%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
Summary: OS-level test automation
License: GPLv2+
URL: https://os-autoinst.github.io/openQA/
@@ -241,6 +241,9 @@ make check test VERBOSE=1 CHECK_DOC=0
%files devel
%changelog
+* Thu Jun 04 2020 Nicolas Chauvet <kwizart(a)gmail.com> - 4.6-14.20200430git85fa4f1
+- Rebuilt for OpenCV 4.3
+
* Mon May 25 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-13.20200430git85fa4f12
- Backport PR #1419 to fix build on Rawhide (opencv4)
commit 981522c8e524ec193e52848f26916a1b510d31ee
Author: Adam Williamson <awilliam(a)redhat.com>
Date: Mon May 25 15:10:04 2020 -0700
Update PR #1419 patch (no need for a rebuild though)
diff --git a/0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch b/0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch
deleted file mode 100644
index 6300c02..0000000
--- a/0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 0626b1a9085f80b4a162964376d1fdadf3e3dcdf Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam(a)redhat.com>
-Date: Mon, 25 May 2020 12:08:23 -0700
-Subject: [PATCH] Makefile.am: set videoencoder_CPPFLAGS not
- videoencoder_CFLAGS
-
-videoencoder is built as C++, not C, we should be setting
-CPPFLAGS here, not CFLAGS. This is what we do for debugviewer and
-snd2png.
-
-This broke build on Fedora Rawhide, because /usr/include/opencv2
-no longer exists there. There is /usr/include/opencv4/opencv2 and
-this should be fine because we should get -I/usr/include/opencv4
-from OPENCV_CFLAGS, but because of this bug, that wasn't set
-correctly and the build failed. With this change it works.
-
-Signed-off-by: Adam Williamson <awilliam(a)redhat.com>
----
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 61dbe1d2..57911b05 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -119,7 +119,7 @@ pkglibexec_FOLDERS = \
- pkglibexec_PROGRAMS = videoencoder
-
- videoencoder_SOURCES = videoencoder.cpp
--videoencoder_CFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
-+videoencoder_CPPFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
- videoencoder_LDADD = $(OPENCV_LIBS) $(THEORAENC_LIBS) -lm
-
- EXTRA_DIST = \
---
-2.26.2
-
diff --git a/0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch b/0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch
new file mode 100644
index 0000000..158d8ff
--- /dev/null
+++ b/0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch
@@ -0,0 +1,71 @@
+From 5a2c3ffa7264319c52f0dfd30bcff5f0a86ec01d Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam(a)redhat.com>
+Date: Mon, 25 May 2020 12:08:23 -0700
+Subject: [PATCH] Makefiles: set CXXFLAGS not CFLAGS or CPPFLAGS
+
+CFLAGS is for C compilation. CPPFLAGS is for the preprocessor.
+CXXFLAGS is for C++ compilation, which is what we're actually
+trying to apply the flags to in all three cases. CPPFLAGS happen
+to be applied to the compile stage as well as the preprocessor
+usually, so CPPFLAGS was working, but it wasn't correct. CFLAGS
+is not applied to C++ compiles, so `videoencoder_CFLAGS` was
+not being used at all.
+
+This broke build on Fedora Rawhide, because /usr/include/opencv2
+no longer exists there. There is /usr/include/opencv4/opencv2 and
+this should be fine because we should get -I/usr/include/opencv4
+from OPENCV_CFLAGS, but because of this bug, that wasn't set
+correctly and the build failed. With this change it works.
+
+Thanks to Orion Poplowski for reminding me of the CPPFLAGS vs.
+CXXFLAGS distinction here.
+
+Signed-off-by: Adam Williamson <awilliam(a)redhat.com>
+---
+ Makefile.am | 2 +-
+ debugviewer/Makefile.am | 2 +-
+ snd2png/Makefile.am | 3 +--
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 61dbe1d2..a5b4fbf2 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -119,7 +119,7 @@ pkglibexec_FOLDERS = \
+ pkglibexec_PROGRAMS = videoencoder
+
+ videoencoder_SOURCES = videoencoder.cpp
+-videoencoder_CFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
++videoencoder_CXXFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
+ videoencoder_LDADD = $(OPENCV_LIBS) $(THEORAENC_LIBS) -lm
+
+ EXTRA_DIST = \
+diff --git a/debugviewer/Makefile.am b/debugviewer/Makefile.am
+index 47d1d953..eea1de60 100644
+--- a/debugviewer/Makefile.am
++++ b/debugviewer/Makefile.am
+@@ -2,6 +2,6 @@ bin_PROGRAMS = debugviewer
+
+ debugviewer_SOURCES = debugviewer.cpp
+
+-AM_CPPFLAGS = $(OPENCV_CFLAGS)
++AM_CXXFLAGS = $(OPENCV_CFLAGS)
+ debugviewer_LDFLAGS = $(OPENCV_LIBS)
+
+diff --git a/snd2png/Makefile.am b/snd2png/Makefile.am
+index 07bd084e..ec6f1840 100644
+--- a/snd2png/Makefile.am
++++ b/snd2png/Makefile.am
+@@ -2,8 +2,7 @@ bin_PROGRAMS = snd2png
+
+ snd2png_SOURCES = snd2png.cpp
+
+-AM_CXXFLAGS = -g3 -Wall -W
+-AM_CPPFLAGS = $(OPENCV_CFLAGS) $(FFTW_CFLAGS) $(SNDFILE_CFLAGS)
++AM_CXXFLAGS = -g3 -Wall -W $(OPENCV_CFLAGS) $(FFTW_CFLAGS) $(SNDFILE_CFLAGS)
+ snd2png_LDFLAGS = $(OPENCV_LIBS) $(FFTW_LIBS) $(SNDFILE_LIBS) -lm
+
+ check-local:
+--
+2.26.2
+
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 7743653..6c30346 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -46,7 +46,7 @@ Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{gith
# https://github.com/os-autoinst/os-autoinst/pull/1419
# https://bugzilla.redhat.com/show_bug.cgi?id=1839616
# Fixes build when /usr/include/opencv2 compat symlink is removed
-Patch0: 0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch
+Patch0: 0001-Makefiles-set-CXXFLAGS-not-CFLAGS-or-CPPFLAGS.patch
# on SUSE this is conditional, for us it doesn't have to be but we
# still use a macro just to keep build_requires similar for ease of
commit 8d39d82a19a76155d5a02e5a5077d81a0b400f58
Author: Adam Williamson <awilliam(a)redhat.com>
Date: Mon May 25 13:30:18 2020 -0700
Backport PR #1419 to fix Rawhide build, drop a test on 32-bit ARM
diff --git a/0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch b/0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch
new file mode 100644
index 0000000..6300c02
--- /dev/null
+++ b/0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch
@@ -0,0 +1,37 @@
+From 0626b1a9085f80b4a162964376d1fdadf3e3dcdf Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam(a)redhat.com>
+Date: Mon, 25 May 2020 12:08:23 -0700
+Subject: [PATCH] Makefile.am: set videoencoder_CPPFLAGS not
+ videoencoder_CFLAGS
+
+videoencoder is built as C++, not C, we should be setting
+CPPFLAGS here, not CFLAGS. This is what we do for debugviewer and
+snd2png.
+
+This broke build on Fedora Rawhide, because /usr/include/opencv2
+no longer exists there. There is /usr/include/opencv4/opencv2 and
+this should be fine because we should get -I/usr/include/opencv4
+from OPENCV_CFLAGS, but because of this bug, that wasn't set
+correctly and the build failed. With this change it works.
+
+Signed-off-by: Adam Williamson <awilliam(a)redhat.com>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 61dbe1d2..57911b05 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -119,7 +119,7 @@ pkglibexec_FOLDERS = \
+ pkglibexec_PROGRAMS = videoencoder
+
+ videoencoder_SOURCES = videoencoder.cpp
+-videoencoder_CFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
++videoencoder_CPPFLAGS = -O2 -Wall -W $(OPENCV_CFLAGS)
+ videoencoder_LDADD = $(OPENCV_LIBS) $(THEORAENC_LIBS) -lm
+
+ EXTRA_DIST = \
+--
+2.26.2
+
diff --git a/os-autoinst.spec b/os-autoinst.spec
index 849f30a..7743653 100644
--- a/os-autoinst.spec
+++ b/os-autoinst.spec
@@ -8,8 +8,11 @@
%endif
# 18-qemu-options.t broken on 32-bit ARM on F30 2019/08
# works on F31, works in a mock root...really not worth debugging more
+# 14-isotovideo.t also broken since ~2020/04, os-autoinst apparently
+# does not run in first subtest, can't figure out why not
%ifarch %{arm}
%global no_options 1
+%global no_isotovideo 1
%endif
# os-autoinst has a bunch of annoyingly-badly-named private modules,
@@ -35,11 +38,16 @@
Name: os-autoinst
Version: %{github_version}
-Release: 12%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
+Release: 13%{?github_date:.%{github_date}git%{shortcommit}}%{?dist}
Summary: OS-level test automation
License: GPLv2+
URL: https://os-autoinst.github.io/openQA/
Source0: https://github.com/%{github_owner}/%{github_name}/archive/%{github_commit...
+# https://github.com/os-autoinst/os-autoinst/pull/1419
+# https://bugzilla.redhat.com/show_bug.cgi?id=1839616
+# Fixes build when /usr/include/opencv2 compat symlink is removed
+Patch0: 0001-Makefile.am-set-videoencoder_CPPFLAGS-not-videoencod.patch
+
# on SUSE this is conditional, for us it doesn't have to be but we
# still use a macro just to keep build_requires similar for ease of
# cross-comparison
@@ -125,21 +133,28 @@ This package contains Open vSwitch support for os-autoinst.
%autosetup -n %{github_name}-%{github_commit} -p1
# Replace version number from git to what's reported by the package
sed -i 's/ my $thisversion = qx{git.*rev-parse HEAD}.*;/ my $thisversion = "%{version}";/' isotovideo
+
%if 0%{?no_fullstack}
rm -f t/99-full-stack.t
sed -i -e '/99-full-stack.t/d' Makefile.am
%endif # no_fullstack
+
%if 0%{?no_options}
rm -f t/18-qemu-options.t
sed -i -e '/18-qemu-options.t/d' Makefile.am
%endif
+
+%if 0%{?no_isotovideo}
+rm -f t/14-isotovideo.t
+sed -i -e '/14-isotovideo.t/d' Makefile.am
+%endif
+
# Tesseract 4.0.0 (in Rawhide as of 2018-11) fails utterly to OCR
# the test needle properly:
# https://github.com/tesseract-ocr/tesseract/issues/2052
-%if 0%{?fedora} > 29
rm -f t/02-test_ocr.t
sed -i -e '/02-test_ocr.t/d' Makefile.am
-%endif # fedora > 29
+
# https://progress.opensuse.org/issues/60755
rm -f t/07-commands.t
sed -i -e '/07-commands.t/d' Makefile.am
@@ -226,6 +241,9 @@ make check test VERBOSE=1 CHECK_DOC=0
%files devel
%changelog
+* Mon May 25 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-13.20200430git85fa4f12
+- Backport PR #1419 to fix build on Rawhide (opencv4)
+
* Thu Apr 30 2020 Adam Williamson <awilliam(a)redhat.com> - 4.6-12.20200430git85fa4f12
- Bump to latest git
- Resync spec with upstream, tweak dependency macro implementation
3 years, 10 months
Architecture specific change in rpms/ycssmin.git
by githook-noreply@fedoraproject.org
The package rpms/ycssmin.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/ycssmin.git/commit/?id=17df575cd6....
Change:
-ExclusiveArch: %{nodejs_arches} noarch
Thanks.
Full change:
============
commit 17df575cd65cd8e94b051bf6e2f4978e955fd28f
Author: Miro Hrončok <miro(a)hroncok.cz>
Date: Wed Jun 24 20:36:14 2020 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 2d7a0e7..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/ycssmin-1.0.1.tgz
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/sources b/sources
deleted file mode 100644
index a9fb44a..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-33db6ccc185a92595099329d1f4cbc2f ycssmin-1.0.1.tgz
diff --git a/ycssmin.spec b/ycssmin.spec
deleted file mode 100644
index 3531abd..0000000
--- a/ycssmin.spec
+++ /dev/null
@@ -1,94 +0,0 @@
-%{?nodejs_find_provides_and_requires}
-
-Name: ycssmin
-Version: 1.0.1
-Release: 15%{?dist}
-Summary: CSS minification tool
-License: BSD
-URL: https://github.com/yui/ycssmin
-Source0: http://registry.npmjs.org/%{name}/-/%{name}-%{version}.tgz
-
-BuildArch: noarch
-BuildRequires: nodejs-devel
-ExclusiveArch: %{nodejs_arches} noarch
-
-%description
-ycssmin is a CSS minification tool.
-
-It was originally based on the css minification tool used inside of YUI
-Compressor, based on code from Stoyan Stefanov and Isaac Schlueter.
-
-%prep
-%setup -q -n package
-
-#drop spurious executable bit
-chmod 0644 package.json cssmin.js
-
-%build
-#nothing to do
-
-%install
-mkdir -p %{buildroot}%{nodejs_sitelib}/%{name}
-cp -pr bin cssmin.js package.json %{buildroot}%{nodejs_sitelib}/%{name}
-
-mkdir -p %{buildroot}%{_bindir}
-ln -sf ../lib/node_modules/%{name}/bin/cssmin %{buildroot}%{_bindir}/cssmin
-
-%nodejs_symlink_deps
-
-# yet another test framework that's not packaged yet :-(
-#%%check
-#istanbul cover --print both -- vows --spec ./tests/*.js
-
-%files
-%{nodejs_sitelib}/%{name}
-%{_bindir}/cssmin
-%doc README.md LICENSE
-
-%changelog
-* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-15
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Fri Feb 09 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Fri Feb 05 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.1-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Jun 19 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.1-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.1-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sun Aug 04 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Tue Jun 18 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.0.1-4
-- Specify build arches
-
-* Mon May 06 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.1-3
-- improve description
-- drop spurious executable permissions
-- drop EL5isms
-
-* Fri Mar 15 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.1-2
-- typo fix
-
-* Thu Mar 14 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.1-1
-- initial package
3 years, 10 months
Architecture specific change in rpms/nodejs-which.git
by githook-noreply@fedoraproject.org
The package rpms/nodejs-which.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/nodejs-which.git/commit/?id=78e41....
Change:
-ExclusiveArch: %{nodejs_arches} noarch
Thanks.
Full change:
============
commit 78e41e3e986d9b9884a4085973344d31e5d84fad
Author: Miro Hrončok <miro(a)hroncok.cz>
Date: Wed Jun 24 20:35:57 2020 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 04e4ca2..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-/which-1.0.5.tgz
-/which-1.2.1.tgz
-/which-1.2.2.tgz
-/which-1.2.4.tgz
-/which-1.2.10.tgz
-/tests-1.2.10.tar.bz2
-/dl-tests.sh
-/which-1.3.0.tgz
-/tests-1.3.0.tar.bz2
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/nodejs-which.spec b/nodejs-which.spec
deleted file mode 100644
index aa0fdab..0000000
--- a/nodejs-which.spec
+++ /dev/null
@@ -1,159 +0,0 @@
-%{?nodejs_find_provides_and_requires}
-
-%global enable_tests 0
-
-Name: nodejs-which
-Version: 1.3.0
-Release: 7%{?dist}
-Summary: A JavaScript implementation of the 'which' command
-License: MIT
-URL: https://github.com/isaacs/node-which
-Source0: https://registry.npmjs.org/which/-/which-%{version}.tgz
-# The test files are not included in the npm tarball.
-# Source1 is generated by running Source10, which pulls from the upstream
-# version control repository.
-Source1: tests-%{version}.tar.bz2
-Source10: dl-tests.sh
-
-BuildArch: noarch
-ExclusiveArch: %{nodejs_arches} noarch
-
-BuildRequires: nodejs-packaging
-
-BuildRequires: npm(isexe)
-
-%if 0%{?enable_tests}
-BuildRequires: npm(tap)
-BuildRequires: npm(mkdirp)
-BuildRequires: npm(rimraf)
-%endif
-
-%description
-%{summary}.
-
-
-%prep
-%setup -q -n package
-# setup the tests
-%setup -q -T -D -a 1 -n package
-
-
-%build
-#nothing to do
-
-
-%install
-mkdir -p %{buildroot}%{nodejs_sitelib}/which
-cp -pr bin which.js package.json %{buildroot}%{nodejs_sitelib}/which
-mkdir -p %{buildroot}%{_bindir}
-ln -sf ../lib/node_modules/which/bin/which %{buildroot}%{_bindir}/which-nodejs
-%nodejs_symlink_deps
-
-
-%check
-%nodejs_symlink_deps --check
-%__nodejs -e "require('./')"
-%if 0%{?enable_tests}
-%tap test/*.js
-%endif
-
-
-%files
-%doc README.md
-%license LICENSE
-%{nodejs_sitelib}/which
-%{_bindir}/which-nodejs
-
-
-%changelog
-* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue May 01 2018 Jared K. Smith <jsmith(a)fedoraproject.org> - 1.3.0-3
-- Fix up bogus dependencies
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Tue Sep 19 2017 Jared Smith <jsmith(a)fedoraproject.org> - 1.3.0-1
-- Update to upstream 1.3.0 release
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.10-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.10-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Wed Jul 13 2016 Jared Smith <jsmith(a)fedoraproject.org> - 1.2.10-1
-- Update to upstream 1.2.10 release
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Thu Jan 28 2016 Tom Hughes <tom(a)compton.nu> - 1.2.4-1
-- Update to 1.2.4 upstream release
-
-* Fri Jan 22 2016 Tom Hughes <tom(a)compton.nu> - 1.2.2-1
-- Update to 1.2.2 upstream release
-
-* Mon Jan 18 2016 Tom Hughes <tom(a)compton.nu> - 1.2.1-2
-- Update npm(is-absolute) dependency
-
-* Mon Jan 18 2016 Tom Hughes <tom(a)compton.nu> - 1.2.1-1
-- Update to 1.2.1 upstream release
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.5-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.5-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.5-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Sat Jun 22 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.5-8
-- restrict to compatible arches
-
-* Fri May 3 2013 Stanislav Ochotnicky <sochotnicky(a)redhat.com> - 1.0.5-7
-- Fix broken symlink in bindir
-
-* Mon Apr 15 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.5-6
-- add macro for EPEL6 dependency generation
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.0.5-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Tue Jan 15 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.5-4
-- fix symlink to executable
-- actually install the executable!
-- rename executable to which-nodejs
-
-* Tue Jan 08 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.5-3
-- add missing build section
-
-* Mon Dec 31 2012 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.5-2
-- Clean up for submission
-
-* Sun Mar 04 2012 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.5-1
-- new upstream release 1.0.5
-
-* Fri Feb 10 2012 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.3-1
-- new upstream release 1.0.3
-
-* Sun Dec 18 2011 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.2-2
-- add Group to make EL5 happy
-
-* Tue Oct 25 2011 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.2-1
-- new upstream release
-
-* Tue Aug 23 2011 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1.0.0-1
-- initial package
diff --git a/sources b/sources
deleted file mode 100644
index 4fda7ef..0000000
--- a/sources
+++ /dev/null
@@ -1,3 +0,0 @@
-SHA512 (which-1.3.0.tgz) = c5c269a2975a993b98e5db82fca9d34cd06b68f2b9e18c297a73f8973c54f07f751ae756a45bf7f2ed022a37251355a2d841f6103cf92d170770a6c2233a86ca
-SHA512 (tests-1.3.0.tar.bz2) = 1b36b936f84d8160b362823df8960a32ccd09905937dd10bcaeec16c1260793dbd1a18ff9ef7394b35ef1a76895e3357ace8eddee152a2d485b2e4f86b4c296f
-SHA512 (dl-tests.sh) = 601e006803a129f6c2447209941e85a51b4da2bd8681a2a187f0e6293497628014fd6f633da4189b032b86c3a7cc99933f0701945add77897803859d3210c46e
3 years, 10 months
Architecture specific change in rpms/nodejs-websocket-driver.git
by githook-noreply@fedoraproject.org
The package rpms/nodejs-websocket-driver.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/nodejs-websocket-driver.git/commi....
Change:
-ExclusiveArch: %{ix86} x86_64 %{arm} noarch
Thanks.
Full change:
============
commit 8d35a51aef52f491d6ae705f7951d119583cef86
Author: Miro Hrončok <miro(a)hroncok.cz>
Date: Wed Jun 24 20:35:41 2020 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 1e235f0..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-/tests-0.3.2.tar.bz2
-/websocket-driver-0.3.2.tgz
-/tests-0.3.3.tar.bz2
-/websocket-driver-0.3.3.tgz
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/dl-tests.sh b/dl-tests.sh
deleted file mode 100644
index b4b9d43..0000000
--- a/dl-tests.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-
-tag=0.3.3
-
-set -e
-
-tmp=$(mktemp -d)
-
-trap cleanup EXIT
-cleanup() {
- set +e
- [ -z "$tmp" -o ! -d "$tmp" ] || rm -rf "$tmp"
-}
-
-unset CDPATH
-pwd=$(pwd)
-
-pushd "$tmp"
-git clone git://github.com/faye/websocket-driver-node.git
-cd websocket-driver-node
-git archive --prefix="spec/" --format=tar tags/${tag}:spec/ \
- | bzip2 > "$pwd"/tests-${tag}.tar.bz2
-popd
diff --git a/nodejs-websocket-driver.spec b/nodejs-websocket-driver.spec
deleted file mode 100644
index d378f1e..0000000
--- a/nodejs-websocket-driver.spec
+++ /dev/null
@@ -1,102 +0,0 @@
-%{?nodejs_find_provides_and_requires}
-
-%global enable_tests 0
-
-Name: nodejs-websocket-driver
-Version: 0.3.3
-Release: 11%{?dist}
-Summary: WebSocket protocol handler with pluggable I/O for Node.js
-License: MIT
-URL: http://github.com/faye/websocket-driver-node
-Source0: http://registry.npmjs.org/websocket-driver/-/websocket-driver-%{version}.tgz
-# The test files are not included in the npm tarball.
-# Source1 is generated by running Source10, which pulls from the upstream
-# version control repository.
-Source1: tests-%{version}.tar.bz2
-Source10: dl-tests.sh
-
-BuildArch: noarch
-%if 0%{?fedora} >= 19
-ExclusiveArch: %{nodejs_arches} noarch
-%else
-ExclusiveArch: %{ix86} x86_64 %{arm} noarch
-%endif
-
-BuildRequires: nodejs-packaging
-
-%if 0%{?enable_tests}
-BuildRequires: npm(jstest)
-%endif
-
-%description
-%{summary}.
-
-
-%prep
-%setup -q -n package
-%setup -q -T -D -a 1 -n package
-
-
-%build
-#nothing to do
-
-
-%install
-mkdir -p %{buildroot}%{nodejs_sitelib}/websocket-driver
-cp -pr package.json lib/ \
- %{buildroot}%{nodejs_sitelib}/websocket-driver
-
-%nodejs_symlink_deps
-
-
-%if 0%{?enable_tests}
-%check
-%nodejs_symlink_deps --check
-/usr/bin/jstest spec/runner.js
-%endif
-
-
-%files
-%doc CHANGELOG.md README.md examples/
-%{nodejs_sitelib}/websocket-driver
-
-
-%changelog
-* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.3.3-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.3.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Fri Apr 25 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.3.3-1
-- update to upstream release 0.3.3
-
-* Sun Mar 30 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.3.2-2
-- include test files as separate source
-
-* Sat Mar 29 2014 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.3.2-1
-- initial package
diff --git a/sources b/sources
deleted file mode 100644
index 82fc7b9..0000000
--- a/sources
+++ /dev/null
@@ -1,2 +0,0 @@
-916ba04705e94670849bdb9bead4272c tests-0.3.3.tar.bz2
-0674946ce867bfd630c44fa53bb111ca websocket-driver-0.3.3.tgz
3 years, 10 months
Architecture specific change in rpms/nodejs-walkdir.git
by githook-noreply@fedoraproject.org
The package rpms/nodejs-walkdir.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/nodejs-walkdir.git/commit/?id=35b....
Change:
-ExclusiveArch: %{ix86} x86_64 %{arm} noarch
Thanks.
Full change:
============
commit 35bd062d38013d49656eeefb19202ca8757d2c82
Author: Miro Hrončok <miro(a)hroncok.cz>
Date: Wed Jun 24 20:35:25 2020 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index f99693d..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/walkdir-0.0.5.tgz
-/walkdir-0.0.7.tgz
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/nodejs-walkdir.spec b/nodejs-walkdir.spec
deleted file mode 100644
index 49fa34f..0000000
--- a/nodejs-walkdir.spec
+++ /dev/null
@@ -1,104 +0,0 @@
-%{?nodejs_find_provides_and_requires}
-
-%global enable_tests 0
-
-Name: nodejs-walkdir
-Version: 0.0.7
-Release: 13%{?dist}
-Summary: Walks a directory tree emitting events based on what it finds
-License: MIT
-URL: https://github.com/soldair/node-walkdir
-Source0: http://registry.npmjs.org/walkdir/-/walkdir-%{version}.tgz
-
-BuildArch: noarch
-%if 0%{?fedora} >= 19
-ExclusiveArch: %{nodejs_arches} noarch
-%else
-ExclusiveArch: %{ix86} x86_64 %{arm} noarch
-%endif
-
-BuildRequires: nodejs-packaging
-
-%if 0%{?enable_tests}
-BuildRequires: npm(findit)
-BuildRequires: npm(fstream)
-BuildRequires: npm(ls-r)
-BuildRequires: npm(tap)
-%endif
-
-%description
-This Node.js module walks a directory tree emitting events based on what it
-finds. It presents a familiar callback/emitter/sync interface and can walk a
-tree of any depth.
-
-
-%prep
-%setup -q -n package
-
-
-%build
-#nothing to do
-
-
-%install
-mkdir -p %{buildroot}%{nodejs_sitelib}/walkdir
-cp -pr package.json walkdir.js \
- %{buildroot}%{nodejs_sitelib}/walkdir
-
-%nodejs_symlink_deps
-
-
-%if 0%{?enable_tests}
-%check
-%nodejs_symlink_deps --check
-%tap test/*.js
-%endif
-
-
-%files
-%doc license readme.md
-%{nodejs_sitelib}/walkdir
-
-
-%changelog
-* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.7-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.7-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.7-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Tue Aug 20 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.0.7-3
-- restrict to compatible arches
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.7-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Sat May 25 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.0.7-1
-- update to upstream release 0.0.7
-
-* Sun Feb 17 2013 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 0.0.5-1
-- initial package
diff --git a/sources b/sources
deleted file mode 100644
index 7e318a4..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-27c5a716d97cd01173280bdbaf5308db walkdir-0.0.7.tgz
3 years, 10 months
Architecture specific change in rpms/nodejs-uid-number.git
by githook-noreply@fedoraproject.org
The package rpms/nodejs-uid-number.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/nodejs-uid-number.git/commit/?id=....
Change:
-ExclusiveArch: %{nodejs_arches} noarch
Thanks.
Full change:
============
commit 070610dc46579ca43bd0686e71d39a53d5cd67e8
Author: Miro Hrončok <miro(a)hroncok.cz>
Date: Wed Jun 24 20:34:51 2020 +0200
Orphaned for 6+ weeks
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 727a700..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/uid-number-0.0.3.tgz
-/uid-number-0.0.6.tgz
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..5204a84
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Orphaned for 6+ weeks
diff --git a/nodejs-uid-number.spec b/nodejs-uid-number.spec
deleted file mode 100644
index 80d8e0b..0000000
--- a/nodejs-uid-number.spec
+++ /dev/null
@@ -1,100 +0,0 @@
-%{?nodejs_find_provides_and_requires}
-
-Name: nodejs-uid-number
-Version: 0.0.6
-Release: 9%{?dist}
-Summary: Convert a username/group name to a UID/GID number
-License: BSD
-URL: https://github.com/isaacs/uid-number
-Source0: http://registry.npmjs.org/uid-number/-/uid-number-%{version}.tgz
-BuildArch: noarch
-ExclusiveArch: %{nodejs_arches} noarch
-
-BuildRequires: nodejs-devel
-
-%description
-%{summary}.
-
-%prep
-%setup -q -n package
-
-%build
-#nothing to do
-
-%install
-rm -rf %{buildroot}
-
-mkdir -p %{buildroot}%{nodejs_sitelib}/uid-number
-cp -pr *.js package.json %{buildroot}%{nodejs_sitelib}/uid-number
-
-chmod 0644 %{buildroot}%{nodejs_sitelib}/uid-number/get-uid-gid.js
-
-%nodejs_symlink_deps
-
-%files
-%{!?_licensedir:%global license %doc}
-%defattr(-,root,root,-)
-%{nodejs_sitelib}/uid-number
-%doc README.md
-%license LICENSE
-
-%changelog
-* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Sun Oct 25 2015 Jared Smith <jsmith(a)fedoraproject.org> - 0.0.6-1
-- Update to upstream 0.0.6 release
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.3-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.3-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.3-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Sat Jun 22 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.0.3-7
-- restrict to compatible arches
-
-* Mon Apr 15 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.0.3-6
-- add macro for EPEL6 dependency generation
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.0.3-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Fri Jan 11 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.0.3-4
-- really use a fresh tarball from upstream
-- fix permissions
-- include LICENCE file
-
-* Tue Jan 08 2013 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.0.3-3
-- add missing build section
-- rebuild with fresh tarball from upstream
-
-* Mon Dec 31 2012 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.0.3-2
-- Clean up for submission
-
-* Wed Mar 28 2012 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.0.3-1
-- initial package
diff --git a/sources b/sources
deleted file mode 100644
index ac00bfd..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-3955e305f9ef392dde248beeb5b7ce60 uid-number-0.0.6.tgz
3 years, 10 months