Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Jul 2021 19:56:24 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 2598c4eafcf5 - main - security/krb5-118: Update to 1.18.4
Message-ID:  <202107261956.16QJuO4W000570@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2598c4eafcf510829224f277192590b699c909f6

commit 2598c4eafcf510829224f277192590b699c909f6
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-07-26 19:45:54 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-07-26 19:55:38 +0000

    security/krb5-118: Update to 1.18.4
    
    The announcement as follows:
    
    The MIT Kerberos Team announces the availability of MIT Kerberos 5
    Releases 1.19.2 and 1.18.4.  Please see below for a list of some major
    changes included, or consult the README file in the source tree for a
    more detailed list of significant changes.
    
    Retrieving krb5-1.19.2 and krb5-1.18.4
    ======================================
    
    You may retrieve the krb5-1.19.2 and krb5-1.18.4 sources from the
    following URL:
    
            https://kerberos.org/dist/
    
    The homepage for the krb5-1.19.2 and krb5-1.18.4 releases are:
    
            https://web.mit.edu/kerberos/krb5-1.19/
            https://web.mit.edu/kerberos/krb5-1.18/
    
    Further information about Kerberos 5 may be found at the following
    URL:
    
            https://web.mit.edu/kerberos/
    
    Triple-DES transition
    =====================
    
    Beginning with the krb5-1.19 release, a warning will be issued if
    initial credentials are acquired using the des3-cbc-sha1 encryption
    type.  In future releases, this encryption type will be disabled by
    default and eventually removed.
    
    Beginning with the krb5-1.18 release, single-DES encryption types have
    been removed.
    
    Major changes in 1.19.2 and 1.18.4 (2021-07-22)
    ===============================================
    
    These are bug fix releases.
    
    * Fix a denial of service attack against the KDC encrypted challenge
      code [CVE-2021-36222].
    
    * Fix a memory leak when gss_inquire_cred() is called without a
      credential handle.
    
    MFH:            2021Q3
    Security:       CVE-2021-36222
---
 security/krb5-118/Makefile | 2 +-
 security/krb5-118/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/krb5-118/Makefile b/security/krb5-118/Makefile
index c8c4262785db..569b6df1c29d 100644
--- a/security/krb5-118/Makefile
+++ b/security/krb5-118/Makefile
@@ -1,7 +1,7 @@
 # Created by: nectar@FreeBSD.org
 
 PORTNAME=		krb5
-PORTVERSION=		1.18.3
+PORTVERSION=		1.18.4
 CATEGORIES=		security
 MASTER_SITES=		http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
 .if !defined(MASTERDIR)
diff --git a/security/krb5-118/distinfo b/security/krb5-118/distinfo
index 8961bc83ccf8..6edc8a9255ec 100644
--- a/security/krb5-118/distinfo
+++ b/security/krb5-118/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1605671127
-SHA256 (krb5-1.18.3.tar.gz) = e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719
-SIZE (krb5-1.18.3.tar.gz) = 8715312
+TIMESTAMP = 1627327768
+SHA256 (krb5-1.18.4.tar.gz) = 66085e2f594751e77e82e0dbf7bbc344320fb48a9df2a633cfdd8f7d6da99fc8
+SIZE (krb5-1.18.4.tar.gz) = 8716664



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107261956.16QJuO4W000570>