heimdal: Fix CVE-2021-3671

Patch from samba

Bump PKGREVISION.
This commit is contained in:
wiz 2021-11-17 08:46:02 +00:00
parent f87a0bacc9
commit f69953412a
3 changed files with 25 additions and 3 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.150 2021/10/22 07:31:54 wiz Exp $ # $NetBSD: Makefile,v 1.151 2021/11/17 08:46:02 wiz Exp $
DISTNAME= heimdal-7.7.0 DISTNAME= heimdal-7.7.0
PKGREVISION= 1 PKGREVISION= 2
CATEGORIES= security CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=heimdal/} MASTER_SITES= ${MASTER_SITE_GITHUB:=heimdal/}
GITHUB_RELEASE= ${DISTNAME} GITHUB_RELEASE= ${DISTNAME}

View file

@ -1,7 +1,8 @@
$NetBSD: distinfo,v 1.52 2021/11/05 09:14:28 wiz Exp $ $NetBSD: distinfo,v 1.53 2021/11/17 08:46:02 wiz Exp $
BLAKE2s (heimdal-7.7.0.tar.gz) = c56e08d20b8c4f7ce749e5dfbf643b2b8c0f1ca057719e95cc9eb69c48e49df6 BLAKE2s (heimdal-7.7.0.tar.gz) = c56e08d20b8c4f7ce749e5dfbf643b2b8c0f1ca057719e95cc9eb69c48e49df6
SHA512 (heimdal-7.7.0.tar.gz) = 6660939b5a36ce36310721a08a089fb671d1e3d2e8ac74ea4775bfa5f8f772d32de805551456200fe96cc486c092c44beb84f5dd877008bc305490ee971bbf99 SHA512 (heimdal-7.7.0.tar.gz) = 6660939b5a36ce36310721a08a089fb671d1e3d2e8ac74ea4775bfa5f8f772d32de805551456200fe96cc486c092c44beb84f5dd877008bc305490ee971bbf99
Size (heimdal-7.7.0.tar.gz) = 10189293 bytes Size (heimdal-7.7.0.tar.gz) = 10189293 bytes
SHA1 (patch-kdc_krb5tgs.c) = 76a5cd9031a44a51e5e11c1e1226ff1ae52b9628
SHA1 (patch-lib_hdb_hdb-mitdb.c) = 37fd0cc328986e68212c4eaea106c422dea87192 SHA1 (patch-lib_hdb_hdb-mitdb.c) = 37fd0cc328986e68212c4eaea106c422dea87192
SHA1 (patch-lib_hx509_Makefile.in) = 1b691f89c71ace03898cbb6f167dcd1339ae46d3 SHA1 (patch-lib_hx509_Makefile.in) = 1b691f89c71ace03898cbb6f167dcd1339ae46d3

View file

@ -0,0 +1,21 @@
$NetBSD: patch-kdc_krb5tgs.c,v 1.1 2021/11/17 08:46:02 wiz Exp $
Fix CVE-2021-3671
Patch from samba
https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5
via https://github.com/heimdal/heimdal/issues/849
--- kdc/krb5tgs.c.orig 2019-06-07 06:21:39.000000000 +0000
+++ kdc/krb5tgs.c
@@ -1660,6 +1660,11 @@ tgs_build_reply(krb5_context context,
s = &adtkt.cname;
r = adtkt.crealm;
+ } else if (s == NULL) {
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ krb5_set_error_message(context, ret, "No server in request");
+ goto out;
+
}
_krb5_principalname2krb5_principal(context, &sp, *s, r);