diff options
author | Edward Tjörnhammar <ed@cflags.cc> | 2018-03-21 21:12:39 +0100 |
---|---|---|
committer | Edward Tjörnhammar <ed@cflags.cc> | 2018-03-21 21:17:50 +0100 |
commit | 5566bf97e56e483e3bb3678c419c2fd37fae3361 (patch) | |
tree | a4f042460b9cda62750ff92b0c64b11346032bb2 /pkgs/development/libraries/kerberos | |
parent | d32ce054a2667c69993784e8e23a93b3759dbb76 (diff) | |
download | nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.gz nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.bz2 nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.lz nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.xz nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.zst nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.zip |
libheimdal: 7.4.0 -> 7.5.0
In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. Security: CVE-2017-17439
Diffstat (limited to 'pkgs/development/libraries/kerberos')
-rw-r--r-- | pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch | 10 | ||||
-rw-r--r-- | pkgs/development/libraries/kerberos/heimdal.nix | 10 |
2 files changed, 18 insertions, 2 deletions
diff --git a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch new file mode 100644 index 00000000000..a0fa625538b --- /dev/null +++ b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch @@ -0,0 +1,10 @@ +--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100 ++++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100 +@@ -9,6 +9,8 @@ + sel-gram.h \ + $(gen_files_ocsp:.x=.c) \ + $(gen_files_pkcs10:.x=.c) \ ++ ocsp_asn1.h \ ++ pkcs10_asn1.h \ + hx509_err.c \ + hx509_err.h diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix index 81f878daaaa..b72a00d242e 100644 --- a/pkgs/development/libraries/kerberos/heimdal.nix +++ b/pkgs/development/libraries/kerberos/heimdal.nix @@ -12,15 +12,17 @@ in with stdenv.lib; stdenv.mkDerivation rec { name = "${type}heimdal-${version}"; - version = "7.4.0"; + version = "7.5.0"; src = fetchFromGitHub { owner = "heimdal"; repo = "heimdal"; rev = "heimdal-${version}"; - sha256 = "01ch6kqjrxi9fki54yjj2fhxhdkxijz161w2inh5k8mcixlf67vp"; + sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d"; }; + patches = [ ./heimdal-make-missing-headers.patch ]; + nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ] ++ (with perlPackages; [ JSON ]) ++ optional (!libOnly) texinfo; @@ -44,6 +46,10 @@ stdenv.mkDerivation rec { "--with-capng" ]; + postUnpack = '' + sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common + ''; + buildPhase = optionalString libOnly '' (cd include; make -j $NIX_BUILD_CORES) (cd lib; make -j $NIX_BUILD_CORES) |