From: Felix Lechner via Guix-patches via <guix-patches@gnu.org>
To: 62760@debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@lease-up.com>,
Leo Famulari <leo@famulari.name>
Subject: [bug#62760] [PATCH v2 1/3] gnu: heimdal: Update to 7.8.0.
Date: Mon, 10 Apr 2023 21:23:11 -0700 [thread overview]
Message-ID: <754f9ad3afb378e4e0100b865ca81b28181e3054.1681186993.git.felix.lechner@lease-up.com> (raw)
In-Reply-To: <cover.1681155077.git.felix.lechner@lease-up.com>
Fixes CVE-2022-44640 [1] "Heimdal KDC: invalid free in ASN.1 codec." The
upstream release announcement calls it "a severe vulnerability, possibly a
10.0 on the Common Vulnerability Scoring System (CVSS) v3."
The upstream developers further "believe it should be possible to get an RCE
[remote code execution] on a KDC, which means that credentials can be
compromised that can be used to impersonate anyone in a realm or forest of
realms." "While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure." [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-44640
[2] https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0
* gnu/packages/kerberos.scm (heimdal): Update to 7.8.0.
---
gnu/packages/kerberos.scm | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 9454a5983e..ae4efcbc23 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -35,6 +35,7 @@ (define-module (gnu packages kerberos)
#:use-module (gnu packages bison)
#:use-module (gnu packages dbm)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages python)
#:use-module (gnu packages gettext)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages libidn)
@@ -166,7 +167,7 @@ (define-public shishi
(define-public heimdal
(package
(name "heimdal")
- (version "7.7.0")
+ (version "7.8.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -174,14 +175,14 @@ (define-public heimdal
"heimdal-" version "/" "heimdal-" version ".tar.gz"))
(sha256
(base32
- "06vx3cb01s4lv3lpv0qzbbj97cln1np1wjphkkmmbk1lsqa36bgh"))
+ "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
(modules '((guix build utils)))
(snippet
'(begin
(substitute* "configure"
(("User=.*$") "User=Guix\n")
(("Host=.*$") "Host=GNU")
- (("Date=.*$") "Date=2019\n"))))))
+ (("Date=.*$") "Date=2022\n"))))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -249,7 +250,8 @@ (define-public heimdal
(native-inputs (list e2fsprogs ;for 'compile_et'
texinfo
unzip ;for tests
- perl))
+ perl
+ python))
(inputs (list readline
bash-minimal
bdb
base-commit: b08cdfc6d363e9ca63118303b4628542c54a612d
--
2.39.2
next prev parent reply other threads:[~2023-04-11 4:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-10 19:50 [bug#62760] [PATCH 0/3] Two serious vulnerabilities in Heimdal Kerberos Felix Lechner via Development of GNU Guix and the GNU System distribution.
2023-04-10 19:52 ` [bug#62760] [PATCH 1/3] gnu: heimdal: Update to 7.8.0 Felix Lechner via Guix-patches via
2023-04-10 23:05 ` Leo Famulari
2023-04-11 4:15 ` Felix Lechner via Guix-patches via
2023-04-10 19:52 ` [bug#62760] [PATCH 2/3] gnu: heimdal: Patch for CVE-2022-45142 Felix Lechner via Guix-patches via
2023-04-10 23:07 ` Leo Famulari
2023-04-10 19:52 ` [bug#62760] [PATCH 3/3] gnu: heimdal: Enable OpenLDAP support; converge inputs toward Debian packaging Felix Lechner via Guix-patches via
2023-04-11 4:23 ` Felix Lechner via Guix-patches via [this message]
2023-04-11 4:23 ` [bug#62760] [PATCH v2 2/3] gnu: heimdal: Patch for CVE-2022-45142 Felix Lechner via Guix-patches via
2023-04-11 15:34 ` [bug#62760] [PATCH 0/3] Two serious vulnerabilities in Heimdal Kerberos Maxim Cournoyer
2023-04-11 4:23 ` [bug#62760] [PATCH v2 3/3] gnu: heimdal: Enable OpenLDAP support; converge inputs toward Debian packaging Felix Lechner via Guix-patches via
2023-04-11 15:37 ` bug#62760: [PATCH 0/3] Two serious vulnerabilities in Heimdal Kerberos Maxim Cournoyer
2023-04-11 15:32 ` [bug#62760] " Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=754f9ad3afb378e4e0100b865ca81b28181e3054.1681186993.git.felix.lechner@lease-up.com \
--to=guix-patches@gnu.org \
--cc=62760@debbugs.gnu.org \
--cc=felix.lechner@lease-up.com \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.