heimdal: Fix CVE-2021-3671

Patch from samba

Bump PKGREVISION.

security/heimdal/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.150 2021/10/22 07:31:54 wiz Exp $
+# $NetBSD: Makefile,v 1.151 2021/11/17 08:46:02 wiz Exp $
 
 DISTNAME=	heimdal-7.7.0
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=heimdal/}
 GITHUB_RELEASE=	${DISTNAME}

security/heimdal/distinfo

@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.52 2021/11/05 09:14:28 wiz Exp $
+$NetBSD: distinfo,v 1.53 2021/11/17 08:46:02 wiz Exp $
 
 BLAKE2s (heimdal-7.7.0.tar.gz) = c56e08d20b8c4f7ce749e5dfbf643b2b8c0f1ca057719e95cc9eb69c48e49df6
 SHA512 (heimdal-7.7.0.tar.gz) = 6660939b5a36ce36310721a08a089fb671d1e3d2e8ac74ea4775bfa5f8f772d32de805551456200fe96cc486c092c44beb84f5dd877008bc305490ee971bbf99
 Size (heimdal-7.7.0.tar.gz) = 10189293 bytes
+SHA1 (patch-kdc_krb5tgs.c) = 76a5cd9031a44a51e5e11c1e1226ff1ae52b9628
 SHA1 (patch-lib_hdb_hdb-mitdb.c) = 37fd0cc328986e68212c4eaea106c422dea87192
 SHA1 (patch-lib_hx509_Makefile.in) = 1b691f89c71ace03898cbb6f167dcd1339ae46d3

security/heimdal/patches/patch-kdc_krb5tgs.c

@@ -0,0 +1,21 @@
+$NetBSD: patch-kdc_krb5tgs.c,v 1.1 2021/11/17 08:46:02 wiz Exp $
+
+Fix CVE-2021-3671
+Patch from samba
+https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5
+via https://github.com/heimdal/heimdal/issues/849
+
+--- kdc/krb5tgs.c.orig	2019-06-07 06:21:39.000000000 +0000
++++ kdc/krb5tgs.c
+@@ -1660,6 +1660,11 @@ tgs_build_reply(krb5_context context,
+ 
+ 	s = &adtkt.cname;
+ 	r = adtkt.crealm;
++    } else if (s == NULL) {
++	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
++	krb5_set_error_message(context, ret, "No server in request");
++	goto out;
++
+     }
+ 
+     _krb5_principalname2krb5_principal(context, &sp, *s, r);