aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
AgeCommit message (Collapse)Author
2023-01-01krb5: upgrade 1.17.2 -> 1.20.1Yi Zhao
Release Notes: https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html License-Update: Update AES algorithm copyright [1] Update copyright years [2] [1] https://github.com/krb5/krb5/commit/cb5f190056ef4d123c5fe5d4923982b830288438 [2] https://github.com/krb5/krb5/commit/f1535bf6b47e8dc03d69fcfb98e798546ff7c272 * Update PACKAGECONFIG[keyutils] and drop the local patch. * Drop backport CVE patches. * Inherit pkgconfig bbclass to find com_err library correctly. * Drop --without-tcl option as it has been removed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-10krb5: fix CVE-2021-37750Yi Zhao
CVE-2021-37750: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. References: https://nvd.nist.gov/vuln/detail/CVE-2021-37750 Patches from: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-09-07krb5: fix CVE-2021-36222Yi Zhao
CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-26krb5: filtering out -f*-prefix-map from krb5-configYi Zhao
Remove -f*-prefix-map from LDFLAGS in krb5-config to fix reproducibility issue. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-08-03Convert to new override syntaxMartin Jansa
This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2020-11-23krb5: upgrade 1.17.1 -> 1.17.2Yi Zhao
License-Update: Update copyright year to 2020. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-14 00:50:16 +0000