Date: Mon, 26 Jul 2021 19:56:24 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 2598c4eafcf5 - main - security/krb5-118: Update to 1.18.4 Message-ID: <202107261956.16QJuO4W000570@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=2598c4eafcf510829224f277192590b699c909f6 commit 2598c4eafcf510829224f277192590b699c909f6 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-07-26 19:45:54 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-07-26 19:55:38 +0000 security/krb5-118: Update to 1.18.4 The announcement as follows: The MIT Kerberos Team announces the availability of MIT Kerberos 5 Releases 1.19.2 and 1.18.4. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. Retrieving krb5-1.19.2 and krb5-1.18.4 ====================================== You may retrieve the krb5-1.19.2 and krb5-1.18.4 sources from the following URL: https://kerberos.org/dist/ The homepage for the krb5-1.19.2 and krb5-1.18.4 releases are: https://web.mit.edu/kerberos/krb5-1.19/ https://web.mit.edu/kerberos/krb5-1.18/ Further information about Kerberos 5 may be found at the following URL: https://web.mit.edu/kerberos/ Triple-DES transition ===================== Beginning with the krb5-1.19 release, a warning will be issued if initial credentials are acquired using the des3-cbc-sha1 encryption type. In future releases, this encryption type will be disabled by default and eventually removed. Beginning with the krb5-1.18 release, single-DES encryption types have been removed. Major changes in 1.19.2 and 1.18.4 (2021-07-22) =============================================== These are bug fix releases. * Fix a denial of service attack against the KDC encrypted challenge code [CVE-2021-36222]. * Fix a memory leak when gss_inquire_cred() is called without a credential handle. MFH: 2021Q3 Security: CVE-2021-36222 --- security/krb5-118/Makefile | 2 +- security/krb5-118/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security/krb5-118/Makefile b/security/krb5-118/Makefile index c8c4262785db..569b6df1c29d 100644 --- a/security/krb5-118/Makefile +++ b/security/krb5-118/Makefile @@ -1,7 +1,7 @@ # Created by: nectar@FreeBSD.org PORTNAME= krb5 -PORTVERSION= 1.18.3 +PORTVERSION= 1.18.4 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) diff --git a/security/krb5-118/distinfo b/security/krb5-118/distinfo index 8961bc83ccf8..6edc8a9255ec 100644 --- a/security/krb5-118/distinfo +++ b/security/krb5-118/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1605671127 -SHA256 (krb5-1.18.3.tar.gz) = e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 -SIZE (krb5-1.18.3.tar.gz) = 8715312 +TIMESTAMP = 1627327768 +SHA256 (krb5-1.18.4.tar.gz) = 66085e2f594751e77e82e0dbf7bbc344320fb48a9df2a633cfdd8f7d6da99fc8 +SIZE (krb5-1.18.4.tar.gz) = 8716664
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107261956.16QJuO4W000570>