From: Soumya Sambu <soumya.sa...@windriver.com> Release Notes: https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.2.html - Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. - Fix read overruns in SPNEGO parsing. - Compatibility fix for autoconf 2.72.
License-Update: Update copyright years to 2023 [https://github.com/krb5/krb5/commit/a273d4d1987dba088e51001d4119759b32b89190] Removed patch - 0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch as it is fixed in upgraded version. Signed-off-by: Soumya Sambu <soumya.sa...@windriver.com> --- ...al.m4-syntax-error-for-autoconf-2.72.patch | 40 ------------------- .../krb5/{krb5_1.20.1.bb => krb5_1.20.2.bb} | 7 ++-- 2 files changed, 3 insertions(+), 44 deletions(-) delete mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch rename meta-oe/recipes-connectivity/krb5/{krb5_1.20.1.bb => krb5_1.20.2.bb} (96%) diff --git a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch b/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch deleted file mode 100644 index 9d0b066b1..000000000 --- a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0aa127afa52fd265a4f1bbded1623201390ae96a Mon Sep 17 00:00:00 2001 -From: Julien Rische <jris...@redhat.com> -Date: Thu, 17 Nov 2022 15:01:24 +0100 -Subject: [PATCH] Fix aclocal.m4 syntax error for autoconf 2.72 - -An incorrect closure inside KRB5_AC_INET6 is innocuous with autoconf -versions up to 2.71, but will cause an error at configure time with -the forthcoming autoconf 2.72. - -[ghud...@mit.edu: added more context to commit message] - -ticket: 9077 (new) -tags: pullup -target_version: 1.20-next -target_version: 1.19-next - -Upstream-Status: Backport [https://github.com/krb5/krb5/commit/d864d740d019fdf2c640460f2aa2760c7fa4d5e9] -Signed-off-by: Khem Raj <raj.k...@gmail.com> ---- - src/aclocal.m4 | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 9920476..3d66a87 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -409,8 +409,8 @@ else - [[struct sockaddr_in6 in; - AF_INET6; - IN6_IS_ADDR_LINKLOCAL(&in.sin6_addr);]])], -- [krb5_cv_inet6=yes], [krb5_cv_inet6=no])]) --fi -+ [krb5_cv_inet6=yes], [krb5_cv_inet6=no]) -+fi]) - AC_MSG_RESULT($krb5_cv_inet6) - if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then - AC_MSG_CHECKING(for IPv6 compile-time support with -DINET6) --- -2.40.0 - diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb similarity index 96% rename from meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb rename to meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb index 10fff11c2..54e6b778b 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb @@ -14,7 +14,7 @@ DESCRIPTION = "Kerberos is a system for authenticating users and services on a n HOMEPAGE = "http://web.mit.edu/Kerberos/" SECTION = "console/network" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=1d31018dba5a0ef195eb426a1e61f02e" +LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=3c7414a99de5452b8f809ae2753b0855" inherit autotools-brokensep binconfig perlnative systemd update-rc.d pkgconfig @@ -22,7 +22,6 @@ SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \ file://crosscompile_nm.patch \ - file://0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch;striplevel=2 \ file://etc/init.d/krb5-kdc \ file://etc/init.d/krb5-admin-server \ file://etc/default/krb5-kdc \ @@ -30,8 +29,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://krb5-kdc.service \ file://krb5-admin-server.service \ " -SRC_URI[md5sum] = "73f5780e7b587ccd8b8cfc10c965a686" -SRC_URI[sha256sum] = "704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851" +SRC_URI[md5sum] = "7ac456e97c4959ebe5c836dc2f5aab2c" +SRC_URI[sha256sum] = "7d8d687d42aed350c2525cb69a4fc3aa791694da6761dccc1c42c2ee7796b5dd" CVE_PRODUCT = "kerberos" CVE_VERSION = "5-${PV}" -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104694): https://lists.openembedded.org/g/openembedded-devel/message/104694 Mute This Topic: https://lists.openembedded.org/mt/101099669/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-