Bug#1030849: heimdal: diff for NMU version 7.8.git20221117.28daf24+dfsg-1.1

[Salvatore Bonaccorso]

Control: tags 1030849 + patch
Control: tags 1030849 + pending


Dear maintainer,

I've prepared an NMU for heimdal (versioned as
7.8.git20221117.28daf24+dfsg-1.1) and uploaded it to DELAYED/2. Please
feel free to tell me if I should delay it longer.

Regards,
Salvatore

diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog	2022-12-10 06:29:20.000000000 +0100
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog	2023-02-12 10:35:50.000000000 +0100
@@ -1,3 +1,11 @@
+heimdal (7.8.git20221117.28daf24+dfsg-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * gsskrb5: fix accidental logic inversions (CVE-2022-45142)
+    (Closes: #1030849)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sun, 12 Feb 2023 10:35:50 +0100
+
 heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/CVE-2022-45142-gsskrb5-fix-accidental-logic-inversio.patch heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/CVE-2022-45142-gsskrb5-fix-accidental-logic-inversio.patch
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/CVE-2022-45142-gsskrb5-fix-accidental-logic-inversio.patch	1970-01-01 01:00:00.000000000 +0100
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/CVE-2022-45142-gsskrb5-fix-accidental-logic-inversio.patch	2023-02-12 10:35:50.000000000 +0100
@@ -0,0 +1,42 @@
+From 5e6830aa2d5287fbccbda929b3b20575afa60940 Mon Sep 17 00:00:00 2001
+From: Helmut Grohne <hel...@subdivi.de>
+Date: Sun, 5 Feb 2023 14:23:48 +0100
+Subject: [PATCH] CVE-2022-45142: gsskrb5: fix accidental logic inversions
+
+The referenced commit attempted to fix miscompilations with gcc-9 and
+gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
+it also inverted the result of the comparison in two occasions. This
+inversion happened during backporting the patch to 7.7.1 and 7.8.0.
+
+Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
+ for arcfour unwrap")
+Signed-off-by: Helmut Grohne <hel...@subdivi.de>
+---
+ lib/gssapi/krb5/arcfour.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index e838d007a4e4..eee6ad72fc07 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+ 	return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+ 	*minor_status = 0;
+ 	return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+ 	return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+ 	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+ 	*minor_status = 0;
+-- 
+2.39.1
+
diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series	2022-12-10 06:13:05.000000000 +0100
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series	2023-02-12 10:35:50.000000000 +0100
@@ -17,3 +17,4 @@
 fix-missing-headers
 0018-Increment-roken-library-version.patch
 0019-Increment-hcrypto-library-version.patch
+CVE-2022-45142-gsskrb5-fix-accidental-logic-inversio.patch