summary refs log tree commit diff
path: root/pkgs/development/libraries/kerberos
diff options
context:
space:
mode:
authorEdward Tjörnhammar <ed@cflags.cc>2018-03-21 21:12:39 +0100
committerEdward Tjörnhammar <ed@cflags.cc>2018-03-21 21:17:50 +0100
commit5566bf97e56e483e3bb3678c419c2fd37fae3361 (patch)
treea4f042460b9cda62750ff92b0c64b11346032bb2 /pkgs/development/libraries/kerberos
parentd32ce054a2667c69993784e8e23a93b3759dbb76 (diff)
downloadnixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar
nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.gz
nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.bz2
nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.lz
nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.xz
nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.tar.zst
nixpkgs-5566bf97e56e483e3bb3678c419c2fd37fae3361.zip
libheimdal: 7.4.0 -> 7.5.0
In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet containing empty data
fields for client name or realm.

Security: CVE-2017-17439
Diffstat (limited to 'pkgs/development/libraries/kerberos')
-rw-r--r--pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch10
-rw-r--r--pkgs/development/libraries/kerberos/heimdal.nix10
2 files changed, 18 insertions, 2 deletions
diff --git a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
new file mode 100644
index 00000000000..a0fa625538b
--- /dev/null
+++ b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
@@ -0,0 +1,10 @@
+--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
++++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
+@@ -9,6 +9,8 @@
+	sel-gram.h			\
+	$(gen_files_ocsp:.x=.c)		\
+	$(gen_files_pkcs10:.x=.c)	\
++	ocsp_asn1.h			\
++	pkcs10_asn1.h			\
+	hx509_err.c			\
+	hx509_err.h
diff --git a/pkgs/development/libraries/kerberos/heimdal.nix b/pkgs/development/libraries/kerberos/heimdal.nix
index 81f878daaaa..b72a00d242e 100644
--- a/pkgs/development/libraries/kerberos/heimdal.nix
+++ b/pkgs/development/libraries/kerberos/heimdal.nix
@@ -12,15 +12,17 @@ in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "${type}heimdal-${version}";
-  version = "7.4.0";
+  version = "7.5.0";
 
   src = fetchFromGitHub {
     owner = "heimdal";
     repo = "heimdal";
     rev = "heimdal-${version}";
-    sha256 = "01ch6kqjrxi9fki54yjj2fhxhdkxijz161w2inh5k8mcixlf67vp";
+    sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d";
   };
 
+  patches = [ ./heimdal-make-missing-headers.patch ];
+
   nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ]
     ++ (with perlPackages; [ JSON ])
     ++ optional (!libOnly) texinfo;
@@ -44,6 +46,10 @@ stdenv.mkDerivation rec {
     "--with-capng"
   ];
 
+  postUnpack = ''
+    sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
+  '';
+
   buildPhase = optionalString libOnly ''
     (cd include; make -j $NIX_BUILD_CORES)
     (cd lib; make -j $NIX_BUILD_CORES)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-05 07:43:18 +0000