| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
On some targets clang erroniously detects an uninitialized variable.
Backport the fix from upstream.
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 5da9408672d3929d2f71d0b15a8e06043c5a1109)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport <commit 08c642c09c38a9c6454ab43a9b53b2a89b9eef99> from krb5
upstream <https://github.com/krb5/krb5> to fix CVE-2016-3119
avoid remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via a crafted request to modify a principal.
Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
add native and nativesdk extend, curl-native/nativesdk need them.
replace the hardcode /etc with ${sysconfdir}, /var with ${localstatedir}
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
| |
WARNING: /tmp/work/armv5e-poky-linux-gnueabi/krb5/1.12.2-r0/krb5-1.12.2/src/ ('S') doesn't exist, please set 'S' to a proper value
remove extra "/"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c
in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly
accesses a certain pointer, which allows remote authenticated users
to cause a denial of service (memory corruption) or possibly have
unspecified other impact by interacting with an application that calls
the gss_export_sec_context function. NOTE: this vulnerability exists
because of an incorrect fix for CVE-2015-2696.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT
Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users
to cause a denial of service (out-of-bounds read and KDC crash) via
an initial '\0' character in a long realm field within a TGS request.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14
relies on an inappropriate context handle, which allows remote
attackers to cause a denial of service (incorrect pointer read and
process crash) via a crafted IAKERB packet that is mishandled during
a gss_inquire_context call.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before
1.14 relies on an inappropriate context handle, which allows remote
attackers to cause a denial of service (incorrect pointer read and
process crash) via a crafted SPNEGO packet that is mishandled during
a gss_inquire_context call.
Backport upstream commit to fix it:
https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Upgrade to include the CVE fixes: [CVE-2014-5354] [CVE-2014-5353]...
Remove the 0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch
Regenerate the /var/run/krb5kdc dir
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|