krb5: Upgrade 1.20.1 -> 1.20.2

Release Notes: https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.2.html - Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. - Fix read overruns in SPNEGO parsing. - Compatibility fix for autoconf 2.72. License-Update: Update copyright years to 2023 [a273d4d198] Removed patch - 0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch as it is fixed in upgraded version. Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-04-02 02:49:12 +00:00 · 2023-09-01 17:18:32 +00:00 · 2023-09-01 17:18:32 +00:00 · 10e2559081
commit 10e2559081
parent d14a600a3a
2 changed files with 3 additions and 44 deletions
--- a/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch
+++ b/meta-oe/recipes-connectivity/krb5/krb5/0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch
@ -1,40 +0,0 @@
-From 0aa127afa52fd265a4f1bbded1623201390ae96a Mon Sep 17 00:00:00 2001
-From: Julien Rische <jrische@redhat.com>
-Date: Thu, 17 Nov 2022 15:01:24 +0100
-Subject: [PATCH] Fix aclocal.m4 syntax error for autoconf 2.72
-
-An incorrect closure inside KRB5_AC_INET6 is innocuous with autoconf
-versions up to 2.71, but will cause an error at configure time with
-the forthcoming autoconf 2.72.
-
-[ghudson@mit.edu: added more context to commit message]
-
-ticket: 9077 (new)
-tags: pullup
-target_version: 1.20-next
-target_version: 1.19-next
-
-Upstream-Status: Backport [https://github.com/krb5/krb5/commit/d864d740d019fdf2c640460f2aa2760c7fa4d5e9]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- src/aclocal.m4 | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 9920476..3d66a87 100644
--- a/src/aclocal.m4
-+++ b/src/aclocal.m4
-@@ -409,8 +409,8 @@ else
-       [[struct sockaddr_in6 in;
-         AF_INET6;
-         IN6_IS_ADDR_LINKLOCAL(&in.sin6_addr);]])],
-    [krb5_cv_inet6=yes], [krb5_cv_inet6=no])])
-fi
-+    [krb5_cv_inet6=yes], [krb5_cv_inet6=no])
-+fi])
- AC_MSG_RESULT($krb5_cv_inet6)
- if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then
- AC_MSG_CHECKING(for IPv6 compile-time support with -DINET6)
-- 
-2.40.0
-
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb
+++ b/meta-oe/recipes-connectivity/krb5/krb5_1.20.2.bb
@ -14,7 +14,7 @@ DESCRIPTION = "Kerberos is a system for authenticating users and services on a n
 HOMEPAGE = "http://web.mit.edu/Kerberos/"
 SECTION = "console/network"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=1d31018dba5a0ef195eb426a1e61f02e"
+LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=3c7414a99de5452b8f809ae2753b0855"

 inherit autotools-brokensep binconfig perlnative systemd update-rc.d pkgconfig

@ -22,7 +22,6 @@ SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
           file://debian-suppress-usr-lib-in-krb5-config.patch;striplevel=2 \
           file://crosscompile_nm.patch \
-           file://0001-Fix-aclocal.m4-syntax-error-for-autoconf-2.72.patch;striplevel=2 \
           file://etc/init.d/krb5-kdc \
           file://etc/init.d/krb5-admin-server \
           file://etc/default/krb5-kdc \
@ -30,8 +29,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
           file://krb5-kdc.service \
           file://krb5-admin-server.service \
 "
-SRC_URI[md5sum] = "73f5780e7b587ccd8b8cfc10c965a686"
-SRC_URI[sha256sum] = "704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851"
+SRC_URI[md5sum] = "7ac456e97c4959ebe5c836dc2f5aab2c"
+SRC_URI[sha256sum] = "7d8d687d42aed350c2525cb69a4fc3aa791694da6761dccc1c42c2ee7796b5dd"

 CVE_PRODUCT = "kerberos"
 CVE_VERSION = "5-${PV}"