From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: Felix Lechner <felix.lechner@lease-up.com>
Cc: 62760@debbugs.gnu.org, Leo Famulari <leo@famulari.name>
Subject: [bug#62760] [PATCH 0/3] Two serious vulnerabilities in Heimdal Kerberos
Date: Tue, 11 Apr 2023 11:34:26 -0400 [thread overview]
Message-ID: <87sfd6mnzx.fsf_-_@gmail.com> (raw)
In-Reply-To: <6458bcfc33fec031de1a1574a8e073ac04d1ea3e.1681186993.git.felix.lechner@lease-up.com> (Felix Lechner's message of "Mon, 10 Apr 2023 21:23:12 -0700")
Hi,
Felix Lechner <felix.lechner@lease-up.com> writes:
> Several recent Heimdal releases are affected by the serious vulnerability
> CVE-2022-45142, which NIST scored as "7.5 HIGH". [1]
>
> At the time of writing, the upstream developers had not yet cut any releases
> post-7.8.0, which is why the patch is being applied here.
>
> The patch was extracted from Helmut Grohne's public vulnerability
> disclosure. [2]
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142
> [2] https://www.openwall.com/lists/oss-security/2023/02/08/1
>
> * gnu/packages/kerberos.scm (heimdal)[patches]: Add patch for
> CVE-2022-45142.
I've fixed the change log commit message like so:
--8<---------------cut here---------------start------------->8---
* gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/kerberos.scm (heimdal)[source]: Apply it.
--8<---------------cut here---------------end--------------->8---
> ---
> gnu/local.mk | 1 +
> gnu/packages/kerberos.scm | 2 +
> .../patches/heimdal-CVE-2022-45142.patch | 49 +++++++++++++++++++
> 3 files changed, 52 insertions(+)
> create mode 100644 gnu/packages/patches/heimdal-CVE-2022-45142.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index b7e19b6bc2..f4cd3f448a 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -1327,6 +1327,7 @@ dist_patch_DATA = \
> %D%/packages/patches/hdf-eos5-remove-gctp.patch \
> %D%/packages/patches/hdf-eos5-fix-szip.patch \
> %D%/packages/patches/hdf-eos5-fortrantests.patch \
> + %D%/packages/patches/heimdal-CVE-2022-45142.patch \
> %D%/packages/patches/helm-fix-gcc-9-build.patch \
> %D%/packages/patches/http-parser-CVE-2020-8287.patch \
> %D%/packages/patches/htslib-for-stringtie.patch \
> diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
> index ae4efcbc23..0faf879e35 100644
> --- a/gnu/packages/kerberos.scm
> +++ b/gnu/packages/kerberos.scm
> @@ -176,6 +176,8 @@ (define-public heimdal
> (sha256
> (base32
> "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
> + (patches (search-patches
> + "heimdal-CVE-2022-45142.patch"))
Nitpick; I've used the more conventional indentation for patches:
--8<---------------cut here---------------start------------->8---
(patches
(search-patches "heimdal-CVE-2022-45142.patch"))
--8<---------------cut here---------------end--------------->8---
Thank you!
--
Maxim
next prev parent reply other threads:[~2023-04-11 15:35 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-10 19:50 [bug#62760] [PATCH 0/3] Two serious vulnerabilities in Heimdal Kerberos Felix Lechner via Development of GNU Guix and the GNU System distribution.
2023-04-10 19:52 ` [bug#62760] [PATCH 1/3] gnu: heimdal: Update to 7.8.0 Felix Lechner via Guix-patches via
2023-04-10 23:05 ` Leo Famulari
2023-04-11 4:15 ` Felix Lechner via Guix-patches via
2023-04-10 19:52 ` [bug#62760] [PATCH 2/3] gnu: heimdal: Patch for CVE-2022-45142 Felix Lechner via Guix-patches via
2023-04-10 23:07 ` Leo Famulari
2023-04-10 19:52 ` [bug#62760] [PATCH 3/3] gnu: heimdal: Enable OpenLDAP support; converge inputs toward Debian packaging Felix Lechner via Guix-patches via
2023-04-11 4:23 ` [bug#62760] [PATCH v2 1/3] gnu: heimdal: Update to 7.8.0 Felix Lechner via Guix-patches via
2023-04-11 4:23 ` [bug#62760] [PATCH v2 2/3] gnu: heimdal: Patch for CVE-2022-45142 Felix Lechner via Guix-patches via
2023-04-11 15:34 ` Maxim Cournoyer [this message]
2023-04-11 4:23 ` [bug#62760] [PATCH v2 3/3] gnu: heimdal: Enable OpenLDAP support; converge inputs toward Debian packaging Felix Lechner via Guix-patches via
2023-04-11 15:37 ` bug#62760: [PATCH 0/3] Two serious vulnerabilities in Heimdal Kerberos Maxim Cournoyer
2023-04-11 15:32 ` [bug#62760] " Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sfd6mnzx.fsf_-_@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=62760@debbugs.gnu.org \
--cc=felix.lechner@lease-up.com \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.