Skip to content

[v25.3.x] build/deps: upgrade krb5 to 1.22.2#30716

Closed
vbotbuildovich wants to merge 3 commits into
redpanda-data:v25.3.xfrom
vbotbuildovich:ai-backport-pr-30628-v25.3.x-1780530761
Closed

[v25.3.x] build/deps: upgrade krb5 to 1.22.2#30716
vbotbuildovich wants to merge 3 commits into
redpanda-data:v25.3.xfrom
vbotbuildovich:ai-backport-pr-30628-v25.3.x-1780530761

Conversation

@vbotbuildovich

@vbotbuildovich vbotbuildovich commented Jun 3, 2026

Copy link
Copy Markdown
Collaborator

Backport of PR #30628

  • Command: git cherry-pick -x 5fffb24 5acac50 ba231dd de492c9
  • Commits backported: 4
  • Conflicts resolved: 1
  • Commits skipped (already on target): 1
  • Backport branch: ai-backport-pr-30628-v25.3.x-1780530761

Conflict details

  • 5acac50 (MODULE.bazel.lock): generated lockfile conflicted; accepted the incoming version from the PR (git checkout --theirs). Needs regeneration on the target branch (see below).
  • de492c9 (merge commit "Merge branch 'dev' into fix/upgrade-kerberos-1.22"): skipped. This is a sync merge of dev into the feature branch (first parent ba231dd was already applied, second parent is the dev tip). It carries no PR-specific delta, so cherry-picking it would pull unrelated dev changes onto the release branch.

⚠️ Generated files

The following files were cherry-picked and may need regeneration:

  • MODULE.bazel.lock

These files were accepted as-is from the source branch. Before merging,
regenerate them on the target branch to ensure they're correct. For example:

  • MODULE.bazel.lock: run bazel mod deps --lockfile_mode=update

tyson-redpanda and others added 3 commits June 3, 2026 23:52
@tyson-redpanda @claude @vbotbuildovich
build/deps: upgrade krb5 to 1.22.2
03c34de 
Replace krb5 1.21.3 with 1.22.2. The memory leak fixes previously
applied via patch are included in 1.22 upstream. The NegoEx CVE fixes
(CVE-2026-40355, CVE-2026-40356) patch still applies cleanly and is
retained until they land upstream.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 5fffb24)
@tyson-redpanda @claude @vbotbuildovich
build: update MODULE.bazel.lock for krb5 1.22.2
c03ddd3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 5acac50)
@tyson-redpanda @claude @vbotbuildovich
build/deps: fix krb5 1.22.2 build in sandboxed environments
1561ee6 
krb5 1.22.2 has a bug where struct kdclist and kdclist_entry are defined
inside a KRB5_DNS_LOOKUP conditional, but the functions using them are
outside it. When configure doesn't define KRB5_DNS_LOOKUP (as in the
Bazel sandbox), the structs are incomplete at compile time.

Cherry-pick the upstream fix from master (3c672ca).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit ba231dd)
@vbotbuildovich vbotbuildovich added this to the v25.3.x-next milestone Jun 3, 2026
@vbotbuildovich vbotbuildovich added the kind/backport PRs targeting a stable branch label Jun 3, 2026
@tyson-redpanda

tyson-redpanda commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Superseded by #30875 — rebased onto current v25.3.x tip with conflicts in bazel/repositories.bzl resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tyson-redpanda tyson-redpanda Awaiting requested review from tyson-redpanda

Assignees

No one assigned

Labels

area/build kind/backport PRs targeting a stable branch

Projects

None yet

Milestone

v25.3.x-next

Development

Successfully merging this pull request may close these issues.

2 participants

@vbotbuildovich @tyson-redpanda