Skip to content

[v26.1.x] build/deps: upgrade krb5 to 1.22.2#30715

Open
vbotbuildovich wants to merge 3 commits into
redpanda-data:v26.1.xfrom
vbotbuildovich:ai-backport-pr-30628-v26.1.x-1780530732
Open

[v26.1.x] build/deps: upgrade krb5 to 1.22.2#30715
vbotbuildovich wants to merge 3 commits into
redpanda-data:v26.1.xfrom
vbotbuildovich:ai-backport-pr-30628-v26.1.x-1780530732

Conversation

@vbotbuildovich

@vbotbuildovich vbotbuildovich commented Jun 3, 2026

Copy link
Copy Markdown
Collaborator

Backport of PR #30628

  • Command: git cherry-pick -x 5fffb24 5acac50 ba231dd de492c9
  • Commits backported: 3 of 4 (one merge commit skipped)
  • Conflicts resolved: 1
  • Commits skipped (already on target / not applicable): 1
  • Backport branch: ai-backport-pr-30628-v26.1.x-1780530732

Conflict details

  • 5acac50 (MODULE.bazel.lock): generated lockfile conflicted; accepted the incoming version from the PR commit. This file must be regenerated on the target branch (see warning below).
  • de492c9 (merge commit "Merge branch 'dev' into fix/upgrade-kerberos-1.22"): skipped. This is a base-branch integration merge whose first parent is the PR work already applied; its only deltas over the PR tip were unrelated dev changes (MODULE.bazel, bazel/thirdparty/gradle.BUILD), with no PR-unique krb5 content. Dropping base-branch merges is standard backport practice.

⚠️ Generated files

The following files were cherry-picked and may need regeneration:

  • MODULE.bazel.lock

These files were accepted as-is from the source branch. Before merging,
regenerate them on the target branch to ensure they're correct. For example:

  • MODULE.bazel.lock: run bazel mod deps --lockfile_mode=update

tyson-redpanda and others added 3 commits June 3, 2026 23:52
@tyson-redpanda @claude @vbotbuildovich
build/deps: upgrade krb5 to 1.22.2
174a269 
Replace krb5 1.21.3 with 1.22.2. The memory leak fixes previously
applied via patch are included in 1.22 upstream. The NegoEx CVE fixes
(CVE-2026-40355, CVE-2026-40356) patch still applies cleanly and is
retained until they land upstream.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 5fffb24)
@tyson-redpanda @claude @vbotbuildovich
build: update MODULE.bazel.lock for krb5 1.22.2
ce338ed 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 5acac50)
@tyson-redpanda @claude @vbotbuildovich
build/deps: fix krb5 1.22.2 build in sandboxed environments
671bc28 
krb5 1.22.2 has a bug where struct kdclist and kdclist_entry are defined
inside a KRB5_DNS_LOOKUP conditional, but the functions using them are
outside it. When configure doesn't define KRB5_DNS_LOOKUP (as in the
Bazel sandbox), the structs are incomplete at compile time.

Cherry-pick the upstream fix from master (3c672ca).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit ba231dd)
@vbotbuildovich vbotbuildovich added this to the v26.1.x-next milestone Jun 3, 2026
@vbotbuildovich vbotbuildovich added the kind/backport PRs targeting a stable branch label Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tyson-redpanda tyson-redpanda Awaiting requested review from tyson-redpanda

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/build kind/backport PRs targeting a stable branch

Projects

None yet

Milestone

v26.1.x-next

Development

Successfully merging this pull request may close these issues.

2 participants

@vbotbuildovich @tyson-redpanda