!78 [sync] PR-74: backport patch

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch

@@ -0,0 +1,174 @@
+From 73ad8716ccecbaf3e7502f53fb8feade2e62a498 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Tue, 4 Apr 2023 17:31:00 -0400
+Subject: [PATCH] Squash unused variable warnings in kdb5_ldap_util
+ 
+Reference:https://github.com/krb5/krb5/commit/73ad8716ccecbaf3e7502f53fb8feade2e62a498
+Conflict:NA
+ 
+---
+ .../kdb/ldap/ldap_util/kdb5_ldap_realm.c      | 40 ++++++++-----------
+ 1 file changed, 16 insertions(+), 24 deletions(-)
+ 
+diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+index bb5bae5ba..bba550ac7 100644
+--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
++++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+@@ -135,20 +135,17 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+     time_t now;
+     int mask = 0;
+     krb5_error_code retval = 0;
+-    krb5_boolean no_msg = FALSE;
+-
+-    krb5_boolean print_usage = FALSE;
+     char *me = progname;
+ 
+     time(&now);
+     if (!strcmp(argv[*i], "-maxtktlife")) {
+         if (++(*i) > argc-1)
+-            goto err_usage;
++            return 0;
+         date = get_date(argv[*i]);
+         if (date == (time_t)(-1)) {
+             retval = EINVAL;
+             com_err(me, retval, _("while providing time specification"));
+-            goto err_nomsg;
++            return 0;
+         }
+         rparams->max_life = date-now;
+         mask |= LDAP_REALM_MAXTICKETLIFE;
+@@ -157,13 +154,13 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+ 
+     else if (!strcmp(argv[*i], "-maxrenewlife")) {
+         if (++(*i) > argc-1)
+-            goto err_usage;
++            return 0;
+ 
+         date = get_date(argv[*i]);
+         if (date == (time_t)(-1)) {
+             retval = EINVAL;
+             com_err(me, retval, _("while providing time specification"));
+-            goto err_nomsg;
++            return 0;
+         }
+         rparams->max_renewable_life = date-now;
+         mask |= LDAP_REALM_MAXRENEWLIFE;
+@@ -173,7 +170,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
+@@ -183,7 +180,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
+@@ -192,7 +189,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
+@@ -201,7 +198,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
+@@ -210,7 +207,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     }
+@@ -221,7 +218,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
+@@ -230,7 +227,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
+@@ -239,7 +236,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
+@@ -248,7 +245,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
+@@ -257,7 +254,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "needchange")) {
+@@ -266,7 +263,7 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |= LDAP_REALM_KRBTICKETFLAGS;
+     } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
+@@ -275,15 +272,10 @@ get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+         else if (*(argv[*i]) == '-')
+             rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+         else
+-            goto err_usage;
++            return 0;
+ 
+         mask |=LDAP_REALM_KRBTICKETFLAGS;
+     }
+-err_usage:
+-    print_usage = TRUE;
+-
+-err_nomsg:
+-    no_msg = TRUE;
+ 
+     return mask;
+ }
+-- 
+2.33.0
+ 

krb5.spec

@@ -3,7 +3,7 @@
 
 Name:     krb5
 Version:  1.19.2
-Release:  6
+Release:  7
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -27,12 +27,14 @@ Patch4: fix-debuginfo-with-y.tab.c.patch
 Patch5: Remove-3des-support.patch
 Patch6: FIPS-with-PRNG-and-RADIUS-and-MD4.patch
 Patch7: backport-CVE-2021-37750.patch
+
 Patch8: Fix-CVE-2022-42898-integer-overflows-in-PAC-parsing.patch
 Patch9: backport-Fix-profile-crash-on-memory-exhaustion.patch
 Patch10: backport-Fix-preauth-crash-on-memory-exhaustion.patch
 Patch11: backport-Fix-gic_keytab-crash-on-memory-exhaustion.patch
 Patch12: backport-Fix-many-unlikely-memory-leaks.patch
 Patch13: backport-Free-verto-context-later-in-KDC-cleanup.patch
+Patch14: backport-Squash-unused-variable-warnings-in-kdb5_ldap_util.patch
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -325,6 +327,9 @@ make -C src check || :
 
 
 %changelog
+* Thu Jun 8 2023 xuraoqing <xuraoqing@huawei.com> - 1.19.2-7
+- backport some patches
+
 * Wed Dec 21 2022 zhouchenchen <zhouchenchen@huawei.com> - 1.19.2-6
 - backport some patches