From b65220f56677c0df2646a6d56c9b3e28732dc054 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 26 Jul 2021 22:57:27 +0200 Subject: [PATCH] package/libkrb5: security bump to version 1.18.4 - Fix a denial of service attack against the KDC encrypted challenge code [CVE-2021-36222]. - Fix a memory leak when gss_inquire_cred() is called without a credential handle. - Update indentation in hash file (two spaces) - Update hash of NOTICE (update in year: https://github.com/krb5/krb5/commit/9cbfdf65e1718849cb03844d65930e5138e88195) https://web.mit.edu/kerberos/krb5-1.18/krb5-1.18.4.html Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/libkrb5/libkrb5.hash | 4 ++-- package/libkrb5/libkrb5.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libkrb5/libkrb5.hash b/package/libkrb5/libkrb5.hash index e5b24a3f70..860f828793 100644 --- a/package/libkrb5/libkrb5.hash +++ b/package/libkrb5/libkrb5.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -sha256 e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 krb5-1.18.3.tar.gz +sha256 66085e2f594751e77e82e0dbf7bbc344320fb48a9df2a633cfdd8f7d6da99fc8 krb5-1.18.4.tar.gz # Hash for license file: -sha256 b7a5f14a8719bce5e49a761998aa55438fc890fb40f71228d6a49546f6d5690d NOTICE +sha256 7fba8b076bdc2cfef1d0813c5d4067d76d5be60c32d84de22d5d1cf451744feb NOTICE diff --git a/package/libkrb5/libkrb5.mk b/package/libkrb5/libkrb5.mk index 794cedd33c..89f219d913 100644 --- a/package/libkrb5/libkrb5.mk +++ b/package/libkrb5/libkrb5.mk @@ -5,7 +5,7 @@ ################################################################################ LIBKRB5_VERSION_MAJOR = 1.18 -LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).3 +LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).4 LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR) LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz LIBKRB5_SUBDIR = src -- 2.30.2