[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
395/416: gnu: heimdal: Apply patch to fix CVE-2022-45142.
|
From: |
guix-commits |
|
Subject: |
395/416: gnu: heimdal: Apply patch to fix CVE-2022-45142. |
|
Date: |
Fri, 14 Apr 2023 15:26:33 -0400 (EDT) |
apteryx pushed a commit to branch master
in repository guix.
commit 770112f2359eda621fcc32b47bfdd4f985d9c1c1
Author: Felix Lechner <felix.lechner@lease-up.com>
AuthorDate: Mon Apr 10 21:23:12 2023 -0700
gnu: heimdal: Apply patch to fix CVE-2022-45142.
Several recent Heimdal releases are affected by the serious vulnerability
CVE-2022-45142, which NIST scored as "7.5 HIGH". [1]
At the time of writing, the upstream developers had not yet cut any releases
post-7.8.0, which is why the patch is being applied here.
The patch was extracted from Helmut Grohne's public vulnerability
disclosure. [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142
[2] https://www.openwall.com/lists/oss-security/2023/02/08/1
* gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/kerberos.scm (heimdal)[source]: Apply it.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
gnu/packages/kerberos.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 3380131218..30fa3ca63c 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -179,6 +179,8 @@ After installation, the system administrator should
generate keys using
(sha256
(base32
"0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
+ (patches
+ (search-patches "heimdal-CVE-2022-45142.patch"))
(modules '((guix build utils)))
(snippet
'(begin
- 327/416: gnu: rust-openssl-sys-0.9: Update to 0.9.84., (continued)
- 327/416: gnu: rust-openssl-sys-0.9: Update to 0.9.84., guix-commits, 2023/04/14
- 329/416: gnu: Add rust-portable-atomic-1., guix-commits, 2023/04/14
- 349/416: gnu: rust-openssl-sys-0.9: Propagate openssl., guix-commits, 2023/04/14
- 351/416: gnu: python-pytest-subtests: Update to 0.10.0., guix-commits, 2023/04/14
- 365/416: gnu: gst-libav: Update to 1.22.2., guix-commits, 2023/04/14
- 379/416: gnu: Add r-tarchetypes., guix-commits, 2023/04/14
- 373/416: gnu: Add python-clingraph., guix-commits, 2023/04/14
- 415/416: gnu: ansible: Update to 7.4.0., guix-commits, 2023/04/14
- 401/416: gnu: python-afdko: Update to 3.9.4., guix-commits, 2023/04/14
- 402/416: gnu: python-statmake: Update to 0.6.0., guix-commits, 2023/04/14
- 395/416: gnu: heimdal: Apply patch to fix CVE-2022-45142.,
guix-commits <=
- 345/416: gnu: Add rust-base64-0.21., guix-commits, 2023/04/14
- 344/416: gnu: rust-futures-sink-0.3: Update to 0.3.26., guix-commits, 2023/04/14
- 367/416: gnu: python-gst: Update to 1.22.2., guix-commits, 2023/04/14
- 358/416: gnu: python-trio-typing: Switch to pyproject-build-system., guix-commits, 2023/04/14
- 331/416: gnu: rust-macrotest-1: Update to 1.0.9., guix-commits, 2023/04/14
- 355/416: gnu: python-pyopenssl: Update to 23.1.1., guix-commits, 2023/04/14
- 370/416: gnu: Add mecab-ipadic., guix-commits, 2023/04/14
- 384/416: news: Add 'de' translation., guix-commits, 2023/04/14
- 380/416: gnu: go-1.18: Adjust patch-gcclib phase., guix-commits, 2023/04/14
- 389/416: gnu: gerbil: Update to 0.17.0., guix-commits, 2023/04/14