* [PR PATCH] mit-krb5: update to 1.21.3, adopt
@ 2024-06-27 13:21 klarasm
0 siblings, 0 replies; only message in thread
From: klarasm @ 2024-06-27 13:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1420 bytes --]
There is a new pull request by klarasm against master on the void-packages repository
https://github.com/klarasm/void-packages mit-krb5/1.21.3
https://github.com/void-linux/void-packages/pull/51025
mit-krb5: update to 1.21.3, adopt
I use this package together with openldap which I adopted recently.
One thing I would like to do with this package when I have the time is to convert the build options to separate subpackages instead which would make them easier to use without rebuilding locally.
Another thing to look at is that currently the package uses the Berkely DB library from the distro, which in the build instructions at https://web.mit.edu/kerberos/krb5-latest/doc/build/options2configure.html is marked as unsupported. This could perhaps also be resolved by recommending to use the LMDB backend instead which I believe does not have this problem.
Relevant changes:
- Fix vulnerabilities in GSS message token handling [CVE-2024-37370, CVE-2024-37371].
- Fix a potential bad pointer free in krb5_cccol_have_contents()
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64, x86_64-musl)
- I built this PR locally for these architectures:
- aarch64-musl
- armv7l
- armv6l-musl
- i686
A patch file from https://github.com/void-linux/void-packages/pull/51025.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-mit-krb5/1.21.3-51025.patch --]
[-- Type: text/x-diff, Size: 1669 bytes --]
From e4802ad525380bd88a2a2eb9e6ec20278903096c Mon Sep 17 00:00:00 2001
From: Klara Modin <klarasmodin@gmail.com>
Date: Thu, 27 Jun 2024 14:54:01 +0200
Subject: [PATCH] mit-krb5: update to 1.21.3, adopt
Relevant changes:
- Fix vulnerabilities in GSS message token handling [CVE-2024-37370,
CVE-2024-37371].
- Fix a potential bad pointer free in krb5_cccol_have_contents()
---
srcpkgs/mit-krb5/template | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/srcpkgs/mit-krb5/template b/srcpkgs/mit-krb5/template
index 1d7f004a539868..065c8317c0a1a3 100644
--- a/srcpkgs/mit-krb5/template
+++ b/srcpkgs/mit-krb5/template
@@ -2,8 +2,8 @@
# if there is a bump in .so version,
# also update srcpkgs/libgssglue/files/gssapi_mech.conf
pkgname=mit-krb5
-version=1.21.2
-revision=3
+version=1.21.3
+revision=1
_distver=$(echo $version | cut -d. -f-2)
build_style=gnu-configure
configure_args="--sbindir=/usr/bin --disable-rpath --with-system-et
@@ -13,11 +13,11 @@ hostmakedepends="e2fsprogs-devel flex perl pkg-config"
makedepends="e2fsprogs-devel db-devel $(vopt_if ldap libldap-devel)
$(vopt_if lmdb lmdb-devel)"
short_desc="MIT Kerberos 5 implementation"
-maintainer="Orphaned <orphan@voidlinux.org>"
+maintainer="Klara Modin <klarasmodin@gmail.com>"
license="MIT"
homepage="http://web.mit.edu/kerberos"
distfiles="http://kerberos.org/dist/krb5/${_distver}/krb5-${version}.tar.gz"
-checksum=9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491
+checksum=b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35
build_options="ldap lmdb"
build_options_default="ldap"
desc_option_lmdb="Enable LMDB database backend"
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-06-27 13:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-27 13:21 [PR PATCH] mit-krb5: update to 1.21.3, adopt klarasm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).