From patchwork Mon May 25 12:24:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9882 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4gPFTD4btYz3wql for ; Mon, 25 May 2026 12:25:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4gPFTD2vS9z7C4 for ; Mon, 25 May 2026 12:25:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4gPFT92pfpz34T4 for ; Mon, 25 May 2026 12:25:17 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4gPFT23RMwz2yT1 for ; Mon, 25 May 2026 12:25:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4gPFT13m8Bz6jJ; Mon, 25 May 2026 12:25:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1779711909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MTWIbwTX/HY+WiVTi2gXKn8VWWrNNGceQSb8YwvOAbM=; b=HtBp7Rv8b9jaBO4xiKkSZX7sGJhzk12zhQBMUt+pzjwL5bQwXTniiPLZdQi00Cil9ljUUS G7d5uWNb6fsc1KAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1779711909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MTWIbwTX/HY+WiVTi2gXKn8VWWrNNGceQSb8YwvOAbM=; b=QfYvAQJCHPRtDZwr1TyXcoqV+HYLVI/KoFwIPGqGBjl+Wa487NeO7RrHjbhiWWUasvYcn3 gSrTypnBolgVX7dck4QvP+vx8Y+jQE28axNj4X1bCspUQR0VZw8ijpMCbrVvG4DGnuVVTA 9WemiwlT0E0exdSWk2oQI24M4rDfvsjabtb3HJ3fE2yLql12jzOzOxgEoDPAMUoaNEQTmp QcTIoA8uWQoLV7P0/TCJzHQE7rklNmJ6pvMrAZqc0rb2Uv/RdjdbB7xH8hCeCI+qUCJBjA p5mTFsvf2DUKm6ac5cED340lNNF6x4wKQvy2KFZ1Ze1ASVk+Ehf6bgEzYUK8kg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] krb5: Update to version 1.22.2 Date: Mon, 25 May 2026 14:24:58 +0200 Message-ID: <20260525122505.3658371-8-adolf.belka@ipfire.org> In-Reply-To: <20260525122505.3658371-1-adolf.belka@ipfire.org> References: <20260525122505.3658371-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 1.22.1 to 1.22.2 - No change to rootfile - 1 CVE fix - Changelog 1.22.2 Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. Fix read overruns in SPNEGO parsing. Compatibility fix for autoconf 2.72. Signed-off-by: Adolf Belka --- lfs/krb5 | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/lfs/krb5 b/lfs/krb5 index cdf2d80d6..1c3f5e2b2 100644 --- a/lfs/krb5 +++ b/lfs/krb5 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Kerberos -VER = 1.22.1 +VER = 1.22.2 THISAPP = krb5-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = aed6a7f511ae7085a81fa6dc553881ea478bb8bb8aa43ab13e1312ead392fb93173998bfdfc730dca4d715b2ed52da6a12f2417f95525d9ff5c4629e8ca5fedc +$(DL_FILE)_BLAKE2 = c0fee5d954fee1c10dcd16f37243fbf586b23f1136e58c21202cd38f195586592cf6d5fa1b9eba27c8b5210db4dcc72ea47a20011295980d5eda671861571a7e install : $(TARGET) @@ -78,14 +78,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np2 -i $(DIR_SRC)/src/patches/krb5-1.18.3_remove_known_failed_test.patch cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/krb5-1.12.3-FTBFS.patch cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var/lib \ - --with-system-et \ - --with-system-ss \ - --enable-dns-for-realm \ - CPPFLAGS="-I/usr/include/et" - + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + CPPFLAGS="-I/usr/include/et" cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install