libheimdal: 7.4.0 -> 7.5.0

In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet containing empty data
fields for client name or realm.

Security: CVE-2017-17439
This commit is contained in:
Edward Tjörnhammar 2018-03-21 21:12:39 +01:00
parent d32ce054a2
commit 5566bf97e5
No known key found for this signature in database
GPG Key ID: 7B82CE4A866B6845
2 changed files with 18 additions and 2 deletions

View File

@ -0,0 +1,10 @@
--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
@@ -9,6 +9,8 @@
sel-gram.h \
$(gen_files_ocsp:.x=.c) \
$(gen_files_pkcs10:.x=.c) \
+ ocsp_asn1.h \
+ pkcs10_asn1.h \
hx509_err.c \
hx509_err.h

View File

@ -12,15 +12,17 @@ in
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${type}heimdal-${version}"; name = "${type}heimdal-${version}";
version = "7.4.0"; version = "7.5.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "heimdal"; owner = "heimdal";
repo = "heimdal"; repo = "heimdal";
rev = "heimdal-${version}"; rev = "heimdal-${version}";
sha256 = "01ch6kqjrxi9fki54yjj2fhxhdkxijz161w2inh5k8mcixlf67vp"; sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d";
}; };
patches = [ ./heimdal-make-missing-headers.patch ];
nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ] nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ]
++ (with perlPackages; [ JSON ]) ++ (with perlPackages; [ JSON ])
++ optional (!libOnly) texinfo; ++ optional (!libOnly) texinfo;
@ -44,6 +46,10 @@ stdenv.mkDerivation rec {
"--with-capng" "--with-capng"
]; ];
postUnpack = ''
sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
'';
buildPhase = optionalString libOnly '' buildPhase = optionalString libOnly ''
(cd include; make -j $NIX_BUILD_CORES) (cd include; make -j $NIX_BUILD_CORES)
(cd lib; make -j $NIX_BUILD_CORES) (cd lib; make -j $NIX_BUILD_CORES)