summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
Commit message (Collapse)AuthorAgeFilesLines
* krb5: fix uninitialized variable warningDaniel McGregor2016-08-161-0/+1
| | | | | | | | | | On some targets clang erroniously detects an uninitialized variable. Backport the fix from upstream. Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> (cherry picked from commit 5da9408672d3929d2f71d0b15a8e06043c5a1109) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5-CVE-2016-3119.patchZhixiong Chi2016-05-021-0/+1
| | | | | | | | | | | | Backport <commit 08c642c09c38a9c6454ab43a9b53b2a89b9eef99> from krb5 upstream <https://github.com/krb5/krb5> to fix CVE-2016-3119 avoid remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-oe: use bb.utils.contains() instead of base_contains()Ross Burton2016-05-021-1/+1
| | | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: add native and nativesdk extendRoy Li2016-05-021-6/+8
| | | | | | | | | add native and nativesdk extend, curl-native/nativesdk need them. replace the hardcode /etc with ${sysconfdir}, /var with ${localstatedir} Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: Fix build warningArmin Kuster2016-02-251-1/+1
| | | | | | | | | WARNING: /tmp/work/armv5e-poky-linux-gnueabi/krb5/1.12.2-r0/krb5-1.12.2/src/ ('S') doesn't exist, please set 'S' to a proper value remove extra "/" Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2698Wenzong Fan2015-12-181-0/+1
| | | | | | | | | | | | | | | | The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2697Wenzong Fan2015-12-181-0/+1
| | | | | | | | | | | | | The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2696Wenzong Fan2015-12-181-0/+1
| | | | | | | | | | | | | | lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: fix CVE-2015-2695Wenzong Fan2015-12-181-0/+1
| | | | | | | | | | | | | | lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* krb5: upgrade to 1.13.2Roy Li2015-05-171-0/+100
Upgrade to include the CVE fixes: [CVE-2014-5354] [CVE-2014-5353]... Remove the 0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch Regenerate the /var/run/krb5kdc dir Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>