Skip to content

[v26.1.x] build/deps: upgrade krb5 to 1.22.2#30715

Open
vbotbuildovich wants to merge 5 commits into
redpanda-data:v26.1.xfrom
vbotbuildovich:ai-backport-pr-30628-v26.1.x-1780530732
Open

[v26.1.x] build/deps: upgrade krb5 to 1.22.2#30715
vbotbuildovich wants to merge 5 commits into
redpanda-data:v26.1.xfrom
vbotbuildovich:ai-backport-pr-30628-v26.1.x-1780530732

Conversation

@vbotbuildovich

@vbotbuildovich vbotbuildovich commented Jun 3, 2026

Copy link
Copy Markdown
Collaborator

Backport of PR #30628

  • Command: git cherry-pick -x 5fffb24 5acac50 ba231dd de492c9
  • Commits backported: 3 of 4 (one merge commit skipped)
  • Conflicts resolved: 1
  • Commits skipped (already on target / not applicable): 1
  • Backport branch: ai-backport-pr-30628-v26.1.x-1780530732

Conflict details

  • 5acac50 (MODULE.bazel.lock): generated lockfile conflicted; accepted the incoming version from the PR commit. This file must be regenerated on the target branch (see warning below).
  • de492c9 (merge commit "Merge branch 'dev' into fix/upgrade-kerberos-1.22"): skipped. This is a base-branch integration merge whose first parent is the PR work already applied; its only deltas over the PR tip were unrelated dev changes (MODULE.bazel, bazel/thirdparty/gradle.BUILD), with no PR-unique krb5 content. Dropping base-branch merges is standard backport practice.

⚠️ Generated files

The following files were cherry-picked and may need regeneration:

  • MODULE.bazel.lock

These files were accepted as-is from the source branch. Before merging,
regenerate them on the target branch to ensure they're correct. For example:

  • MODULE.bazel.lock: run bazel mod deps --lockfile_mode=update

tyson-redpanda and others added 3 commits June 3, 2026 23:52
@tyson-redpanda @claude @vbotbuildovich
build/deps: upgrade krb5 to 1.22.2
174a269 
Replace krb5 1.21.3 with 1.22.2. The memory leak fixes previously
applied via patch are included in 1.22 upstream. The NegoEx CVE fixes
(CVE-2026-40355, CVE-2026-40356) patch still applies cleanly and is
retained until they land upstream.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 5fffb24)
@tyson-redpanda @claude @vbotbuildovich
build: update MODULE.bazel.lock for krb5 1.22.2
ce338ed 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 5acac50)
@tyson-redpanda @claude @vbotbuildovich
build/deps: fix krb5 1.22.2 build in sandboxed environments
671bc28 
krb5 1.22.2 has a bug where struct kdclist and kdclist_entry are defined
inside a KRB5_DNS_LOOKUP conditional, but the functions using them are
outside it. When configure doesn't define KRB5_DNS_LOOKUP (as in the
Bazel sandbox), the structs are incomplete at compile time.

Cherry-pick the upstream fix from master (3c672ca).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit ba231dd)
@vbotbuildovich vbotbuildovich added this to the v26.1.x-next milestone Jun 3, 2026
@vbotbuildovich vbotbuildovich added the kind/backport PRs targeting a stable branch label Jun 3, 2026
@tyson-redpanda @claude
build: regenerate MODULE.bazel.lock for krb5 1.22.2 on v26.1.x
1203975 
The backport bot cherry-picked the dev lockfile (lockFileVersion 26,
Bazel 9.1.0) into this v26.1.x branch, which uses Bazel 8.4.1
(lockFileVersion 18). Bazel 8.4.1 cannot parse the newer format,
causing all builds to fail immediately.

Regenerated with `bazel mod deps --lockfile_mode=update` on the
v26.1.x tree to produce a valid lockFileVersion 18 lockfile with the
correct bzlTransitiveDigest for the krb5 1.22.2 changes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@tyson-redpanda

tyson-redpanda commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

buildkite build this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tyson-redpanda tyson-redpanda Awaiting requested review from tyson-redpanda

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/build kind/backport PRs targeting a stable branch

Projects

None yet

Milestone

v26.1.x-next

Development

Successfully merging this pull request may close these issues.

2 participants

@vbotbuildovich @tyson-redpanda