From a79add124c4495ebb2ce4c46a87f04593da1d7a7 Mon Sep 17 00:00:00 2001
From: Cameron E Baird <cameronbaird@microsoft.com>
Date: Fri, 27 May 2022 10:32:04 -0700
Subject: [PATCH] Update krb5 to version 1.19.3 to address CVE-2021-37750
 (#3065)

* initial krb5 update

* update sig

* update toolchain manifests
---
 SPECS/krb5/krb5.signatures.json                           | 2 +-
 SPECS/krb5/krb5.spec                                      | 8 ++++++--
 cgmanifest.json                                           | 4 ++--
 .../resources/manifests/package/pkggen_core_aarch64.txt   | 2 +-
 .../resources/manifests/package/pkggen_core_x86_64.txt    | 2 +-
 toolkit/resources/manifests/package/toolchain_aarch64.txt | 8 ++++----
 toolkit/resources/manifests/package/toolchain_x86_64.txt  | 8 ++++----
 7 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/SPECS/krb5/krb5.signatures.json b/SPECS/krb5/krb5.signatures.json
index bed8182207..20311f9223 100644
--- a/SPECS/krb5/krb5.signatures.json
+++ b/SPECS/krb5/krb5.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "krb5-1.19.2.tar.gz": "10453fee4e3a8f8ce6129059e5c050b8a65dab1c257df68b99b3112eaa0cdf6a"
+  "krb5-1.19.3.tar.gz": "56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0"
  }
 }
diff --git a/SPECS/krb5/krb5.spec b/SPECS/krb5/krb5.spec
index 24a89fd6d3..b36ad9208c 100644
--- a/SPECS/krb5/krb5.spec
+++ b/SPECS/krb5/krb5.spec
@@ -1,15 +1,16 @@
 %define __requires_exclude ^/(usr/)?bin/(ba)?sh$
+%define maj_version %(echo %{version} | rev | cut -d'.' -f2- | rev)
 
 Summary:        The Kerberos newtork authentication system
 Name:           krb5
-Version:        1.19.2
+Version:        1.19.3
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Security
 URL:            https://web.mit.edu/kerberos/
-Source0:        https://web.mit.edu/kerberos/dist/%{name}/%{version}/%{name}-%{version}.tar.gz
+Source0:        https://kerberos.org/dist/%{name}/%{maj_version}/%{name}-%{version}.tar.gz
 BuildRequires:  e2fsprogs-devel
 BuildRequires:  openssl-devel
 Requires:       e2fsprogs-libs
@@ -118,6 +119,9 @@ make check
 %{_datarootdir}/locale/*
 
 %changelog
+* Wed May 25 2022 Cameron Baird <cameronbaird@microsoft.com> - 1.19.3-1
+- Update to version 1.19.3 to address CVE-2021-37750
+
 * Mon Mar 07 2022 Andrew Phelps <anphel@microsoft.com> - 1.19.2-1
 - Update to version 1.19.2
 
diff --git a/cgmanifest.json b/cgmanifest.json
index f74fd20783..6d06c0813b 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -7311,8 +7311,8 @@
         "type": "other",
         "other": {
           "name": "krb5",
-          "version": "1.19.2",
-          "downloadUrl": "https://web.mit.edu/kerberos/dist/krb5/1.19.2/krb5-1.19.2.tar.gz"
+          "version": "1.19.3",
+          "downloadUrl": "https://kerberos.org/dist/krb5/1.19/krb5-1.19.3.tar.gz"
         }
       }
     },
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 038d4c9d35..af3424805b 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -189,7 +189,7 @@ libsolv-0.7.20-1.cm2.aarch64.rpm
 libsolv-devel-0.7.20-1.cm2.aarch64.rpm
 libssh2-1.9.0-2.cm2.aarch64.rpm
 libssh2-devel-1.9.0-2.cm2.aarch64.rpm
-krb5-1.19.2-1.cm2.aarch64.rpm
+krb5-1.19.3-1.cm2.aarch64.rpm
 curl-7.83.0-1.cm2.aarch64.rpm
 curl-devel-7.83.0-1.cm2.aarch64.rpm
 curl-libs-7.83.0-1.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 5ca82f34fb..21d57fe4ed 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -189,7 +189,7 @@ libsolv-0.7.20-1.cm2.x86_64.rpm
 libsolv-devel-0.7.20-1.cm2.x86_64.rpm
 libssh2-1.9.0-2.cm2.x86_64.rpm
 libssh2-devel-1.9.0-2.cm2.x86_64.rpm
-krb5-1.19.2-1.cm2.x86_64.rpm
+krb5-1.19.3-1.cm2.x86_64.rpm
 curl-7.83.0-1.cm2.x86_64.rpm
 curl-devel-7.83.0-1.cm2.x86_64.rpm
 curl-libs-7.83.0-1.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 70f3effe9e..5e11649962 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -135,10 +135,10 @@ kernel-headers-5.15.41.1-1.cm2.noarch.rpm
 kmod-29-1.cm2.aarch64.rpm
 kmod-debuginfo-29-1.cm2.aarch64.rpm
 kmod-devel-29-1.cm2.aarch64.rpm
-krb5-1.19.2-1.cm2.aarch64.rpm
-krb5-debuginfo-1.19.2-1.cm2.aarch64.rpm
-krb5-devel-1.19.2-1.cm2.aarch64.rpm
-krb5-lang-1.19.2-1.cm2.aarch64.rpm
+krb5-1.19.3-1.cm2.aarch64.rpm
+krb5-debuginfo-1.19.3-1.cm2.aarch64.rpm
+krb5-devel-1.19.3-1.cm2.aarch64.rpm
+krb5-lang-1.19.3-1.cm2.aarch64.rpm
 libarchive-3.6.0-1.cm2.aarch64.rpm
 libarchive-debuginfo-3.6.0-1.cm2.aarch64.rpm
 libarchive-devel-3.6.0-1.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index afd5b56981..07e84c4290 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -135,10 +135,10 @@ kernel-headers-5.15.41.1-1.cm2.noarch.rpm
 kmod-29-1.cm2.x86_64.rpm
 kmod-debuginfo-29-1.cm2.x86_64.rpm
 kmod-devel-29-1.cm2.x86_64.rpm
-krb5-1.19.2-1.cm2.x86_64.rpm
-krb5-debuginfo-1.19.2-1.cm2.x86_64.rpm
-krb5-devel-1.19.2-1.cm2.x86_64.rpm
-krb5-lang-1.19.2-1.cm2.x86_64.rpm
+krb5-1.19.3-1.cm2.x86_64.rpm
+krb5-debuginfo-1.19.3-1.cm2.x86_64.rpm
+krb5-devel-1.19.3-1.cm2.x86_64.rpm
+krb5-lang-1.19.3-1.cm2.x86_64.rpm
 libarchive-3.6.0-1.cm2.x86_64.rpm
 libarchive-debuginfo-3.6.0-1.cm2.x86_64.rpm
 libarchive-devel-3.6.0-1.cm2.x86_64.rpm