From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43011)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e1ONP-0005eZ-Gp
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:05:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e1ONK-0004RT-IZ
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:05:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:48258)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e1ONK-0004RB-Ek
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:05:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e1ONK-0006qN-3I
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:05:02 -0400
Subject: [bug#28755] [PATCH] gnu: mit-krb5: Replace with 1.15.2 [fixes
	CVE-2017-{11368, 11462}].
Resent-Message-ID: <handler.28755.B.150751825126243@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42792)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1e1OMM-0005Lm-2j
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:04:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1e1OMH-000482-5Z
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:04:02 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:44355)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1e1OMH-00047l-1y
	for guix-patches@gnu.org; Sun, 08 Oct 2017 23:03:57 -0400
Received: from jasmine.lan (c-73-165-108-70.hsd1.pa.comcast.net
	[73.165.108.70])
	by mail.messagingengine.com (Postfix) with ESMTPA id E73FF2418B
	for <guix-patches@gnu.org>; Sun,  8 Oct 2017 23:03:55 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
Date: Sun,  8 Oct 2017 23:03:51 -0400
Message-Id: <becbb1120895d83e0bb913019d71e3d067a24c9a.1507518231.git.leo@famulari.name>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 28755@debbugs.gnu.org

* gnu/packages/kerberos.scm (mit-krb5)[replacement]: New field.
(mit-krb5-1.15.2): New variable.
---
 gnu/packages/kerberos.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 48b220419..501cede3e 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -46,6 +46,7 @@
 (define-public mit-krb5
   (package
     (name "mit-krb5")
+    (replacement mit-krb5-1.15.2)
     (version "1.15.1")
     (source (origin
               (method url-fetch)
@@ -93,6 +94,19 @@ cryptography.")
     (home-page "http://web.mit.edu/kerberos/")
     (properties '((cpe-name . "kerberos")))))
 
+(define mit-krb5-1.15.2 ; CVE-2017-{11368,11462}
+  (package
+    (inherit mit-krb5)
+    (version "1.15.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
+                                  (version-major+minor version)
+                                  "/krb5-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n"))))))
+
 (define-public shishi
   (package
     (name "shishi")
-- 
2.14.2