summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/krb5
Commit message (Collapse)AuthorAgeFilesLines
* krb5: CVE-2017-11462Catalin Enache2017-09-182-0/+420
| | | | | | | | | | | | | | | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-11462 Upstream patch: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2017-11368Kai Kang2017-09-072-0/+117
| | | | | | | Backport patch to fix CVE-2017-11368 for krb5. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5_1.15.1.bb: set CVE_PRODUCT to kerberosMikko Rapeli2017-07-241-0/+2
| | | | | | | | | It is used in NVD database for CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2016-3120 Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: 1.13.6 -> 1.15.1Huang Qiyu2017-04-261-4/+4
| | | | | | | | | | | 1) Upgrade krb5 from 1.13.6 to 1.15.1. 2) License checksum changed,since the copyright years were updated. 3) Fix error in the step of do_configure. | ERROR: krb5-1.15.1-r0 do_package: QA Issue: krb5: Files/directories were installed but not shipped in any package: | /usr/lib/krb5/plugins/preauth/test.so Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: create Debian-like package structureAndreas Oberritter2016-12-091-12/+89
| | | | | | | | | | Split libraries and plugins into their own packages. Create packages for admin-server, kdc, user and examples. Remove some unneeded binaries. Enable daemons on boot. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Add -fPIC to compile flagsKhem Raj2016-11-231-2/+2
| | | | | | | | Fixes errors on x86_64 e.g. errors.so: relocation R_X86_64_PC32 against symbol `k5_vset_error' can not be used when making a shared object; recompile with -fPIC Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: upgrade to 1.13.6Wenzong Fan2016-09-158-1660/+4
| | | | | | | | | | | | | | | | | | | | | | | * fix CVEs: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 * update LIC_FILES_CHKSUM, only Copyright changed in NOTICE file: -Copyright (C) 1985-2015 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2016 by the Massachusetts Institute of Technology. * remove useless functions: krb5_do_unpack(), do_unpack() * remove patches that included by new release: - 0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch - Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch - Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch - Fix-build_principal-memory-bug-CVE-2015-2697.patch - Fix-IAKERB-context-export-import-CVE-2015-2698.patch - krb5-CVE-2016-3119.patch - krb5-CVE-2016-3120.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Fix S4U2Self KDC crash when anon is restrictedAlexandru Moise2016-09-052-0/+64
| | | | | | | | | | | | | | This is CVE-2016-3120 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-oe: Standardize use of "_append" versus use of "+="Robert P. J. Day2016-08-221-2/+2
| | | | | | | Remove superfluous "+=", then manually add necessary leading space. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: add systemd supportWenzong Fan2016-06-233-9/+47
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix uninitialized variable warningDaniel McGregor2016-05-192-0/+38
| | | | | | | | On some targets clang erroniously detects an uninitialized variable. Backport the fix from upstream. Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5-CVE-2016-3119.patchZhixiong Chi2016-04-282-0/+37
| | | | | | | | | | | Backport <commit 08c642c09c38a9c6454ab43a9b53b2a89b9eef99> from krb5 upstream <https://github.com/krb5/krb5> to fix CVE-2016-3119 avoid remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-oe: use bb.utils.contains() instead of base_contains()Ross Burton2016-04-281-1/+1
| | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: add native and nativesdk extendRoy Li2016-04-211-6/+8
| | | | | | | | add native and nativesdk extend, curl-native/nativesdk need them. replace the hardcode /etc with ${sysconfdir}, /var with ${localstatedir} Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Fix build warningArmin Kuster2016-02-251-1/+1
| | | | | | | | | WARNING: /tmp/work/armv5e-poky-linux-gnueabi/krb5/1.12.2-r0/krb5-1.12.2/src/ ('S') doesn't exist, please set 'S' to a proper value remove extra "/" Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2698Wenzong Fan2015-12-182-0/+135
| | | | | | | | | | | | | | | | The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2697Wenzong Fan2015-12-182-0/+59
| | | | | | | | | | | | | The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2696Wenzong Fan2015-12-182-0/+740
| | | | | | | | | | | | | | lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2695Wenzong Fan2015-12-182-0/+573
| | | | | | | | | | | | | | lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: upgrade to 1.13.2Roy Li2015-05-172-96/+24
| | | | | | | | | Upgrade to include the CVE fixes: [CVE-2014-5354] [CVE-2014-5353]... Remove the 0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch Regenerate the /var/run/krb5kdc dir Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2014-5351Wenzong Fan2014-11-242-0/+93
| | | | | | | | | | | | The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authentic- ated users to forge tickets by leveraging administrative access. This back-ported patch fixes CVE-2014-5351. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: add initscripts-functions to RDEPENDSChen Qi2014-11-071-0/+3
| | | | | | | | | | As this recipe doesn't inherit update-rc.d, we need to add to its runtime dependency initscripts-functions ourselves. Otherwise, we would spot errors in systemd systems when we execute commands like `systemctl start krb5-kdc'. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: use BP for the tarballRobert Yang2014-10-101-2/+2
| | | | | | | | | | | | | | Otherwise do_unpack failed when multilib: tar (child): /path/to/lib32-krb5-1.12.2.tar.gz: Cannot open: No such file or directory And do_patch error: ERROR: Command Error: exit status: 1 Output: Applying patch 0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch can't find file to patch at input line 15 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: update to version 1.12.2Jackie Huang2014-10-048-52/+437
| | | | | | | | | | | | | Changed: * Add init scripts and default configs based on debian * Add a patch for crosscompile nm * Add a patch to suppress /usr/lib in krb5-config * Add DESCRIPTION * Remove blacklist and inherit autotools-brokensep * Add PACKAGECONFIG for ldap and readline Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-oe: use BPN in SRC_URIRobert Yang2014-07-151-1/+1
| | | | | | | | | | | | Fixed SRC_URI: * ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV} * ${P} -> ${BP} Otherwise we would meet do_fetch errors when we do the multilib, native or nativesdk build. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Blacklist because of broken with B!=SMartin Jansa2014-06-211-0/+2
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: convert remaining SUMMARY/DESCRIPTION cosmetic issuesMatthieu CRAPET2014-02-231-1/+1
| | | | | | | | | | | | | Changes: - rename SUMMARY with length > 80 to DESCRIPTION - rename DESCRIPTION with length < 80 to (non present tag) SUMMARY - drop final point character at the end of SUMMARY string - remove trailing whitespace of SUMMARY line Note: don't bump PR Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Add PACKAGECONFIG and new configure param to disable keyutils detectionMartin Jansa2013-10-052-1/+38
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Upgrade to 1.11.3Martin Jansa2013-10-051-6/+5
| | | | | | | | | | | | | | | | * 1.11 is often failing with: | common.o: file not recognized: File truncated | collect2: ld returned 1 exit status | make[2]: *** [t_export_name] Error 1 when higher parallelism is used 1.11.2 and newer have fix for that: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7587 * LIC_FILES_CHKSUM is only from year update < Copyright (C) 1985-2012 by the Massachusetts Institute of Technology. --- > Copyright (C) 1985-2013 by the Massachusetts Institute of Technology. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: add PACKAGECONFIG for openssl and libeditMartin Jansa2013-07-301-0/+4
| | | | | | | * it's autodetected from sysroot * add PACKAGECONFIG to make it deterministic Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: Fix .debug packaging warning after debug striping was fixedMartin Jansa2013-03-131-1/+2
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: add e2fsprogs dependencyIan Reinhart Geiser2013-02-011-1/+3
| | | | | | | | | | | | Krb5 needs libcom_err from e2fsprogs to be built. It looks like in some cases if e2fsprogs was built before krb5 this would silently pass. * add that e2fsprogs dependency explicitly. * added back the PR and updated its value to r1. Signed-off-by: Ian Reinhart Geiser <igeiser@devonit.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: reconfigure for aarch64Riku Voipio2013-01-031-1/+2
| | | | | | | krb5 needs reconfigure, since the current config.sub included doesn't include aarch64. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix path to recipe and upgrade to 1.11Martin Jansa2012-12-181-0/+39
* drop PR * fix FILES_${PN}-doc * fix QA warnings: WARNING: QA Issue: krb5: Files/directories were installed but not shipped /usr/share/gnats /usr/share/gnats/mit and RPATH entries Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>