Releases: royalapplications/mit-kerberos
Releases · royalapplications/mit-kerberos
1.21.3_openssl-3.3.2
Upgrade to OpenSSL 3.3.2
OpenSSL 3.3.2 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
- Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])
1.21.3_openssl-3.3.1
Merge pull request #1 from royalapplications/versions-include-openssl
1.21.3
- Update MIT Kerberos to V1.21.3
- Update OpenSSL to V3.3.1
- Apply patch to force no URI lookup
The patch to force no URI lookup fixes an issue that occurs when using the .local TLD which clashes with Bonjour/mDNS. If URI lookup is enabled, DNS URI resolve requests will be done via mDNS which takes a long time and eventually fails. Afterwards, the SRV record is queried as a fallback which works fine. Since Windows DNS server does not even support URI records at the moment it should be ok to disable it by default at compile time. Users can still re-enable it in their krb5.conf if desired.
