diff options
| author | wiz <wiz@pkgsrc.org> | 2021-11-17 08:46:02 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2021-11-17 08:46:02 +0000 |
| commit | 9eae763d8fb113c3d94c872c70e9dac5874faaac (patch) | |
| tree | b2b02f5c10cd76cda3da1f779a24185345fa3ce6 | |
| parent | d5a1312b091187305f046d165d14f4fd05527fca (diff) | |
| download | pkgsrc-9eae763d8fb113c3d94c872c70e9dac5874faaac.tar.gz | |
heimdal: Fix CVE-2021-3671
Patch from samba
Bump PKGREVISION.
| -rw-r--r-- | security/heimdal/Makefile | 4 | ||||
| -rw-r--r-- | security/heimdal/distinfo | 3 | ||||
| -rw-r--r-- | security/heimdal/patches/patch-kdc_krb5tgs.c | 21 |
3 files changed, 25 insertions, 3 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile index df72526eee8..89c1adcc20f 100644 --- a/security/heimdal/Makefile +++ b/security/heimdal/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.150 2021/10/22 07:31:54 wiz Exp $ +# $NetBSD: Makefile,v 1.151 2021/11/17 08:46:02 wiz Exp $ DISTNAME= heimdal-7.7.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GITHUB:=heimdal/} GITHUB_RELEASE= ${DISTNAME} diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo index 2400012b979..1bd0b15eefc 100644 --- a/security/heimdal/distinfo +++ b/security/heimdal/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.52 2021/11/05 09:14:28 wiz Exp $ +$NetBSD: distinfo,v 1.53 2021/11/17 08:46:02 wiz Exp $ BLAKE2s (heimdal-7.7.0.tar.gz) = c56e08d20b8c4f7ce749e5dfbf643b2b8c0f1ca057719e95cc9eb69c48e49df6 SHA512 (heimdal-7.7.0.tar.gz) = 6660939b5a36ce36310721a08a089fb671d1e3d2e8ac74ea4775bfa5f8f772d32de805551456200fe96cc486c092c44beb84f5dd877008bc305490ee971bbf99 Size (heimdal-7.7.0.tar.gz) = 10189293 bytes +SHA1 (patch-kdc_krb5tgs.c) = 76a5cd9031a44a51e5e11c1e1226ff1ae52b9628 SHA1 (patch-lib_hdb_hdb-mitdb.c) = 37fd0cc328986e68212c4eaea106c422dea87192 SHA1 (patch-lib_hx509_Makefile.in) = 1b691f89c71ace03898cbb6f167dcd1339ae46d3 diff --git a/security/heimdal/patches/patch-kdc_krb5tgs.c b/security/heimdal/patches/patch-kdc_krb5tgs.c new file mode 100644 index 00000000000..de21bbaa061 --- /dev/null +++ b/security/heimdal/patches/patch-kdc_krb5tgs.c @@ -0,0 +1,21 @@ +$NetBSD: patch-kdc_krb5tgs.c,v 1.1 2021/11/17 08:46:02 wiz Exp $ + +Fix CVE-2021-3671 +Patch from samba +https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5 +via https://github.com/heimdal/heimdal/issues/849 + +--- kdc/krb5tgs.c.orig 2019-06-07 06:21:39.000000000 +0000 ++++ kdc/krb5tgs.c +@@ -1660,6 +1660,11 @@ tgs_build_reply(krb5_context context, + + s = &adtkt.cname; + r = adtkt.crealm; ++ } else if (s == NULL) { ++ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; ++ krb5_set_error_message(context, ret, "No server in request"); ++ goto out; ++ + } + + _krb5_principalname2krb5_principal(context, &sp, *s, r); |