krb5: Upgrade 1.20.1 -> 1.20.2

Release Notes: https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.2.html - Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. - Fix read overruns in SPNEGO parsing. - Compatibility fix for autoconf 2.72. License-Update: Update copyright years to 2023 [https://github.com/krb5/krb5/commit/a273d4d1987dba088e51001d4119759b32b89190] Removed patch - 0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch as it is fixed in upgraded version. Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2023-09-01 17:18:32 +0000
committer: Khem Raj <raj.khem@gmail.com> 2023-09-07 08:22:43 -0700
commit: 10e2559081092e8eae6bd0add2a4f90c33d674a3 (patch)
tree: 6c6c06da712382c6b6a33302f659621453214def
parent: d14a600a3af60657f18b51487f9f21a48616fc24 (diff)
download: meta-openembedded-10e2559081092e8eae6bd0add2a4f90c33d674a3.tar.gz
2 files changed, 3 insertions, 44 deletions
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch b/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch
deleted file mode 100644
index 9d0b066b10..0000000000
--- a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0aa127afa52fd265a4f1bbded1623201390ae96a Mon Sep 17 00:00:00 2001
-From: Julien Rische <jrische@redhat.com>
-Date: Thu, 17 Nov 2022 15:01:24 +0100
-Subject: [PATCH] Fix aclocal.m4 syntax error for autoconf 2.72
-An incorrect closure inside KRB5_AC_INET6 is innocuous with autoconf
-versions up to 2.71, but will cause an error at configure time with
-the forthcoming autoconf 2.72.
-[ghudson@mit.edu: added more context to commit message]
-ticket: 9077 (new)
-tags: pullup
-target_version: 1.20-next
-target_version: 1.19-next
-Upstream-Status: Backport [https://github.com/krb5/krb5/commit/d864d740d019fdf2c640460f2aa2760c7fa4d5e9]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- src/aclocal.m4 | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 9920476..3d66a87 100644
--- a/src/aclocal.m4
-+++ b/src/aclocal.m4
-@@ -409,8 +409,8 @@ else
-       [[struct sockaddr_in6 in;
-         AF_INET6;
-         IN6_IS_ADDR_LINKLOCAL(&in.sin6_addr);]])],
-    [krb5_cv_inet6=yes], [krb5_cv_inet6=no])])
-fi
-+    [krb5_cv_inet6=yes], [krb5_cv_inet6=no])
-+fi])
- AC_MSG_RESULT($krb5_cv_inet6)
- if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then
- AC_MSG_CHECKING(for IPv6 compile-time support with -DINET6)
-- 
-2.40.0
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb
index 10fff11c25..54e6b778b0 100644
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb
+++ b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb
@@ -14,7 +14,7 @@ DESCRIPTION = "Kerberos is a system for authenticating users and services on a n
 HOMEPAGE = "http://web.mit.edu/Kerberos/"
 SECTION = "console/network"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=1d31018dba5a0ef195eb426a1e61f02e"
+LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=3c7414a99de5452b8f809ae2753b0855"
 inherit autotools-brokensep binconfig perlnative systemd update-rc.d pkgconfig
@@ -22,7 +22,6 @@ SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
           file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \
           file://crosscompile_nm.patch \
-           file://0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch;striplevel=2 \
           file://etc/init.d/krb5-kdc \
           file://etc/init.d/krb5-admin-server \
           file://etc/default/krb5-kdc \
@@ -30,8 +29,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
           file://krb5-kdc.service \
           file://krb5-admin-server.service \
 "
-SRC_URI[md5sum] = "73f5780e7b587ccd8b8cfc10c965a686"
+SRC_URI[md5sum] = "7ac456e97c4959ebe5c836dc2f5aab2c"
-SRC_URI[sha256sum] = "704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851"
+SRC_URI[sha256sum] = "7d8d687d42aed350c2525cb69a4fc3aa791694da6761dccc1c42c2ee7796b5dd"
 CVE_PRODUCT = "kerberos"
 CVE_VERSION = "5-${PV}"
author	Soumya Sambu <soumya.sambu@windriver.com>	2023-09-01 17:18:32 +0000
committer	Khem Raj <raj.khem@gmail.com>	2023-09-07 08:22:43 -0700
commit	10e2559081092e8eae6bd0add2a4f90c33d674a3 (patch)
tree	6c6c06da712382c6b6a33302f659621453214def
parent	d14a600a3af60657f18b51487f9f21a48616fc24 (diff)
download	meta-openembedded-10e2559081092e8eae6bd0add2a4f90c33d674a3.tar.gz

diff --git a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch b/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch deleted file mode 100644 index 9d0b066b10..0000000000 --- a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch +++ /dev/null
@@ -1,40 +0,0 @@
1	From 0aa127afa52fd265a4f1bbded1623201390ae96a Mon Sep 17 00:00:00 2001
2	From: Julien Rische <jrische@redhat.com>
3	Date: Thu, 17 Nov 2022 15:01:24 +0100
4	Subject: [PATCH] Fix aclocal.m4 syntax error for autoconf 2.72
5
6	An incorrect closure inside KRB5_AC_INET6 is innocuous with autoconf
7	versions up to 2.71, but will cause an error at configure time with
8	the forthcoming autoconf 2.72.
9
10	[ghudson@mit.edu: added more context to commit message]
11
12	ticket: 9077 (new)
13	tags: pullup
14	target_version: 1.20-next
15	target_version: 1.19-next
16
17	Upstream-Status: Backport [https://github.com/krb5/krb5/commit/d864d740d019fdf2c640460f2aa2760c7fa4d5e9]
18	Signed-off-by: Khem Raj <raj.khem@gmail.com>
19	---
20	src/aclocal.m4 \| 4 ++--
21	1 file changed, 2 insertions(+), 2 deletions(-)
22
23	diff --git a/src/aclocal.m4 b/src/aclocal.m4
24	index 9920476..3d66a87 100644
25	--- a/src/aclocal.m4
26	+++ b/src/aclocal.m4
27	@@ -409,8 +409,8 @@ else
28	[[struct sockaddr_in6 in;
29	AF_INET6;
30	IN6_IS_ADDR_LINKLOCAL(&in.sin6_addr);]])],
31	- [krb5_cv_inet6=yes], [krb5_cv_inet6=no])])
32	-fi
33	+ [krb5_cv_inet6=yes], [krb5_cv_inet6=no])
34	+fi])
35	AC_MSG_RESULT($krb5_cv_inet6)
36	if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then
37	AC_MSG_CHECKING(for IPv6 compile-time support with -DINET6)
38	--
39	2.40.0
40


diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb index 10fff11c25..54e6b778b0 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.20.1.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb
@@ -14,7 +14,7 @@ DESCRIPTION = "Kerberos is a system for authenticating users and services on a n
14	HOMEPAGE = "http://web.mit.edu/Kerberos/"	14	HOMEPAGE = "http://web.mit.edu/Kerberos/"
15	SECTION = "console/network"	15	SECTION = "console/network"
16	LICENSE = "MIT"	16	LICENSE = "MIT"
17	LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=1d31018dba5a0ef195eb426a1e61f02e"	17	LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=3c7414a99de5452b8f809ae2753b0855"
18		18
19	inherit autotools-brokensep binconfig perlnative systemd update-rc.d pkgconfig	19	inherit autotools-brokensep binconfig perlnative systemd update-rc.d pkgconfig
20		20
@@ -22,7 +22,6 @@ SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
22	SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \	22	SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
23	file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \	23	file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \
24	file://crosscompile_nm.patch \	24	file://crosscompile_nm.patch \
25	file://0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch;striplevel=2 \
26	file://etc/init.d/krb5-kdc \	25	file://etc/init.d/krb5-kdc \
27	file://etc/init.d/krb5-admin-server \	26	file://etc/init.d/krb5-admin-server \
28	file://etc/default/krb5-kdc \	27	file://etc/default/krb5-kdc \
@@ -30,8 +29,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
30	file://krb5-kdc.service \	29	file://krb5-kdc.service \
31	file://krb5-admin-server.service \	30	file://krb5-admin-server.service \
32	"	31	"
33	SRC_URI[md5sum] = "73f5780e7b587ccd8b8cfc10c965a686"	32	SRC_URI[md5sum] = "7ac456e97c4959ebe5c836dc2f5aab2c"
34	SRC_URI[sha256sum] = "704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851"	33	SRC_URI[sha256sum] = "7d8d687d42aed350c2525cb69a4fc3aa791694da6761dccc1c42c2ee7796b5dd"
35		34
36	CVE_PRODUCT = "kerberos"	35	CVE_PRODUCT = "kerberos"
37	CVE_VERSION = "5-${PV}"	36	CVE_VERSION = "5-${PV}"