[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 (#9921)

Co-authored-by: Adit Jha <aditjha@microsoft.com>

Author: CBL-Mariner-Bot

SPECS/krb5/CVE-2023-36054.patch

@@ -1,6 +1,6 @@
 {
   "Signatures": {
     "krb5.conf": "54ce761ea22e55923f4b10b5a8ed306f98c579217b4253163437c33eec243720",
-    "krb5-1.19.4.tar.gz": "41f5981c5a4de0a26b3937e679a116cd5b3739641fd253124aac91f7179b54eb"
+    "krb5-1.21.3.tar.gz": "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35"
   }
-}
+}

SPECS/krb5/krb5.signatures.json

@@ -3,16 +3,15 @@
 
 Summary:        The Kerberos newtork authentication system
 Name:           krb5
-Version:        1.19.4
-Release:        2%{?dist}
+Version:        1.21.3
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Security
 URL:            https://web.mit.edu/kerberos/
 Source0:        https://kerberos.org/dist/%{name}/%{maj_version}/%{name}-%{version}.tar.gz
 Source1:        krb5.conf
-Patch0:         CVE-2023-36054.patch
 BuildRequires:  e2fsprogs-devel
 BuildRequires:  openssl-devel
 Requires:       e2fsprogs-libs
@@ -45,7 +44,6 @@ These are the additional language files of krb5.
 
 %build
 cd src
-sed -e 's@\^u}@^u cols 300}@' -i tests/dejagnu/config/default.exp
 CPPFLAGS="-D_GNU_SOURCE %{getenv:CPPFLAGS}" \
 autoconf &&
 ./configure \
@@ -127,6 +125,9 @@ make check
 %{_datarootdir}/locale/*
 
 %changelog
+* Wed Jul 24 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.21.3-1
+- Auto-upgrade to 1.21.3 - CVE-2024-37371, CVE-2024-37370
+
 * Mon Aug 21 2023 Tobias Brick <tobiasb@microsoft.com> - 1.19.4-2
 - Add patch for CVE-2023-36054
 

SPECS/krb5/krb5.spec

@@ -8351,8 +8351,8 @@
         "type": "other",
         "other": {
           "name": "krb5",
-          "version": "1.19.4",
-          "downloadUrl": "https://kerberos.org/dist/krb5/1.19/krb5-1.19.4.tar.gz"
+          "version": "1.21.3",
+          "downloadUrl": "https://kerberos.org/dist/krb5/1.21/krb5-1.21.3.tar.gz"
         }
       }
     },

cgmanifest.json

@@ -188,7 +188,7 @@ libsolv-0.7.24-1.cm2.aarch64.rpm
 libsolv-devel-0.7.24-1.cm2.aarch64.rpm
 libssh2-1.9.0-4.cm2.aarch64.rpm
 libssh2-devel-1.9.0-4.cm2.aarch64.rpm
-krb5-1.19.4-2.cm2.aarch64.rpm
+krb5-1.21.3-1.cm2.aarch64.rpm
 nghttp2-1.57.0-1.cm2.aarch64.rpm
 curl-8.5.0-2.cm2.aarch64.rpm
 curl-devel-8.5.0-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -188,7 +188,7 @@ libsolv-0.7.24-1.cm2.x86_64.rpm
 libsolv-devel-0.7.24-1.cm2.x86_64.rpm
 libssh2-1.9.0-4.cm2.x86_64.rpm
 libssh2-devel-1.9.0-4.cm2.x86_64.rpm
-krb5-1.19.4-2.cm2.x86_64.rpm
+krb5-1.21.3-1.cm2.x86_64.rpm
 nghttp2-1.57.0-1.cm2.x86_64.rpm
 curl-8.5.0-2.cm2.x86_64.rpm
 curl-devel-8.5.0-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -140,10 +140,10 @@ kernel-headers-5.15.162.2-1.cm2.noarch.rpm
 kmod-29-2.cm2.aarch64.rpm
 kmod-debuginfo-29-2.cm2.aarch64.rpm
 kmod-devel-29-2.cm2.aarch64.rpm
-krb5-1.19.4-2.cm2.aarch64.rpm
-krb5-debuginfo-1.19.4-2.cm2.aarch64.rpm
-krb5-devel-1.19.4-2.cm2.aarch64.rpm
-krb5-lang-1.19.4-2.cm2.aarch64.rpm
+krb5-1.21.3-1.cm2.aarch64.rpm
+krb5-debuginfo-1.21.3-1.cm2.aarch64.rpm
+krb5-devel-1.21.3-1.cm2.aarch64.rpm
+krb5-lang-1.21.3-1.cm2.aarch64.rpm
 libarchive-3.6.1-3.cm2.aarch64.rpm
 libarchive-debuginfo-3.6.1-3.cm2.aarch64.rpm
 libarchive-devel-3.6.1-3.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -146,10 +146,10 @@ kernel-headers-5.15.162.2-1.cm2.noarch.rpm
 kmod-29-2.cm2.x86_64.rpm
 kmod-debuginfo-29-2.cm2.x86_64.rpm
 kmod-devel-29-2.cm2.x86_64.rpm
-krb5-1.19.4-2.cm2.x86_64.rpm
-krb5-debuginfo-1.19.4-2.cm2.x86_64.rpm
-krb5-devel-1.19.4-2.cm2.x86_64.rpm
-krb5-lang-1.19.4-2.cm2.x86_64.rpm
+krb5-1.21.3-1.cm2.x86_64.rpm
+krb5-debuginfo-1.21.3-1.cm2.x86_64.rpm
+krb5-devel-1.21.3-1.cm2.x86_64.rpm
+krb5-lang-1.21.3-1.cm2.x86_64.rpm
 libarchive-3.6.1-3.cm2.x86_64.rpm
 libarchive-debuginfo-3.6.1-3.cm2.x86_64.rpm
 libarchive-devel-3.6.1-3.cm2.x86_64.rpm