NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76152e95a9
kumquat-buildroot/package/libkrb5/libkrb5.mk
Peter Korsgaard f93c47fad8 package/libkrb5: security bump to version 1.20.1 
Fixes the following security issue:

CVE-2022-42898: In MIT krb5 releases 1.8 and later, an authenticated
attacker may be able to cause a KDC or kadmind process to crash by reading
beyond the bounds of allocated memory, creating a denial of service.  A
privileged attacker may similarly be able to cause a Kerberos or GSS
application service to crash.  On 32-bit platforms, an attacker can also
cause insufficient memory to be allocated for the result, potentially
leading to remote code execution in a KDC, kadmind, or GSS or Kerberos
application server process.  An attacker with the privileges of a
cross-realm KDC may be able to extract secrets from a KDC process's memory
by having them copied into the PAC of a new ticket.

Bugfix tarballs are located in the same directory as the base version, so
introduce LIBKRB5_VERSION_MAJOR.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2022-11-24 15:36:04 +01:00

83 lines
2.2 KiB
Makefile
Raw Blame History

################################################################################
#
# libkrb5
#
################################################################################
LIBKRB5_VERSION_MAJOR = 1.20
LIBKRB5_VERSION = $(LIBKRB5_VERSION_MAJOR).1
LIBKRB5_SITE = https://web.mit.edu/kerberos/dist/krb5/$(LIBKRB5_VERSION_MAJOR)
LIBKRB5_SOURCE = krb5-$(LIBKRB5_VERSION).tar.gz
LIBKRB5_SUBDIR = src
LIBKRB5_LICENSE = MIT, BSD-2-Clause, BSD-3-Clause, BSD-4-Clause, others
LIBKRB5_LICENSE_FILES = NOTICE
LIBKRB5_CPE_ID_VENDOR = mit
LIBKRB5_CPE_ID_PRODUCT = kerberos_5
LIBKRB5_DEPENDENCIES = host-bison $(TARGET_NLS_DEPENDENCIES)
LIBKRB5_INSTALL_STAGING = YES
# The configure script uses AC_TRY_RUN tests to check for those values,
# which doesn't work in a cross-compilation scenario. Therefore,
# we feed the configure script with the correct answer for those tests
LIBKRB5_CONF_ENV = \
ac_cv_printf_positional=yes \
ac_cv_func_regcomp=yes \
krb5_cv_attr_constructor_destructor=yes,yes \
LIBS=$(TARGET_NLS_LIBS)
# Never use the host packages
LIBKRB5_CONF_OPTS = \
--without-system-db \
--without-system-et \
--without-system-ss \
--without-system-verto \
--without-tcl \
--disable-rpath
# Enabling static and shared at the same time is not supported
ifeq ($(BR2_SHARED_STATIC_LIBS),y)
LIBKRB5_CONF_OPTS += --disable-static
endif
ifeq ($(BR2_PACKAGE_OPENLDAP),y)
LIBKRB5_CONF_OPTS += --with-ldap
LIBKRB5_DEPENDENCIES += openldap
else
LIBKRB5_CONF_OPTS += --without-ldap
endif
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
LIBKRB5_CONF_OPTS += \
--enable-pkinit \
--with-crypto-impl=openssl \
--with-spake-openssl \
--with-tls-impl=openssl
LIBKRB5_DEPENDENCIES += openssl
else
LIBKRB5_CONF_OPTS += \
--disable-pkinit \
--with-crypto-impl=builtin \
--without-spake-openssl \
--without-tls-impl
endif
ifeq ($(BR2_PACKAGE_LIBEDIT),y)
LIBKRB5_CONF_OPTS += --with-libedit
LIBKRB5_DEPENDENCIES += host-pkgconf libedit
else
LIBKRB5_CONF_OPTS += --without-libedit
endif
ifeq ($(BR2_PACKAGE_READLINE),y)
LIBKRB5_CONF_OPTS += --with-readline
LIBKRB5_DEPENDENCIES += readline
else
LIBKRB5_CONF_OPTS += --without-readline
endif
ifneq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
LIBKRB5_CONF_OPTS += --disable-thread-support
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink