CVS commit: pkgsrc/security/heimdal

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/heimdal
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Wed, 8 Feb 2023 07:41:25 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed Feb  8 07:41:25 UTC 2023

Modified Files:
        pkgsrc/security/heimdal: Makefile distinfo
Added Files:
        pkgsrc/security/heimdal/patches: patch-lib_gssapi_krb5_arcfour.c

Log Message:
heimdal: add patch against CVE-2022-45142

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 pkgsrc/security/heimdal/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/security/heimdal/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/heimdal/patches/patch-lib_gssapi_krb5_arcfour.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/heimdal/Makefile
diff -u pkgsrc/security/heimdal/Makefile:1.156 pkgsrc/security/heimdal/Makefile:1.157
--- pkgsrc/security/heimdal/Makefile:1.156      Wed Nov 23 16:18:59 2022
+++ pkgsrc/security/heimdal/Makefile    Wed Feb  8 07:41:25 2023
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.156 2022/11/23 16:18:59 adam Exp $
+# $NetBSD: Makefile,v 1.157 2023/02/08 07:41:25 wiz Exp $
 
 DISTNAME=      heimdal-7.8.0
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=heimdal/}
 GITHUB_RELEASE=        ${DISTNAME}

Index: pkgsrc/security/heimdal/distinfo
diff -u pkgsrc/security/heimdal/distinfo:1.55 pkgsrc/security/heimdal/distinfo:1.56
--- pkgsrc/security/heimdal/distinfo:1.55       Tue Nov 22 12:51:00 2022
+++ pkgsrc/security/heimdal/distinfo    Wed Feb  8 07:41:25 2023
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.55 2022/11/22 12:51:00 adam Exp $
+$NetBSD: distinfo,v 1.56 2023/02/08 07:41:25 wiz Exp $
 
 BLAKE2s (heimdal-7.8.0.tar.gz) = 3f2654141605a1f54611c887ec8a7f55e45b00696983207d5779ad830e485cb8
 SHA512 (heimdal-7.8.0.tar.gz) = 0167345aca77d65b7a1113874eee5b65ec6e1fec1f196d57e571265409fa35ef95a673a4fd4aafbb0ab5fb5b246b97412353a68d6613a8aff6393a9f1e72999e
 Size (heimdal-7.8.0.tar.gz) = 10024936 bytes
+SHA1 (patch-lib_gssapi_krb5_arcfour.c) = 7d70da6a8dfffd7f71eae70f1a6fa6fc18d0df3c

Added files:

Index: pkgsrc/security/heimdal/patches/patch-lib_gssapi_krb5_arcfour.c
diff -u /dev/null pkgsrc/security/heimdal/patches/patch-lib_gssapi_krb5_arcfour.c:1.1
--- /dev/null   Wed Feb  8 07:41:25 2023
+++ pkgsrc/security/heimdal/patches/patch-lib_gssapi_krb5_arcfour.c     Wed Feb  8 07:41:25 2023
@@ -0,0 +1,24 @@
+$NetBSD: patch-lib_gssapi_krb5_arcfour.c,v 1.1 2023/02/08 07:41:25 wiz Exp $
+
+Fix for CVE-2022-45142 from Helmut Grohne <helmut%subdivi.de@localhost>
+
+--- lib/gssapi/krb5/arcfour.c.orig     2022-11-15 18:56:58.000000000 +0000
++++ lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * m
+       return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+       *minor_status = 0;
+       return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint
+       return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+       _gsskrb5_release_buffer(minor_status, output_message_buffer);
+       *minor_status = 0;

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index