apteryx pushed a commit to branch master
in repository guix.
commit 770112f2359eda621fcc32b47bfdd4f985d9c1c1
Author: Felix Lechner <[email protected]>
AuthorDate: Mon Apr 10 21:23:12 2023 -0700
gnu: heimdal: Apply patch to fix CVE-2022-45142.
Several recent Heimdal releases are affected by the serious vulnerability
CVE-2022-45142, which NIST scored as "7.5 HIGH". [1]
At the time of writing, the upstream developers had not yet cut any releases
post-7.8.0, which is why the patch is being applied here.
The patch was extracted from Helmut Grohne's public vulnerability
disclosure. [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142
[2] https://www.openwall.com/lists/oss-security/2023/02/08/1
* gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/kerberos.scm (heimdal)[source]: Apply it.
Signed-off-by: Maxim Cournoyer <[email protected]>
---
gnu/packages/kerberos.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 3380131218..30fa3ca63c 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -179,6 +179,8 @@ After installation, the system administrator should
generate keys using
(sha256
(base32
"0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
+ (patches
+ (search-patches "heimdal-CVE-2022-45142.patch"))
(modules '((guix build utils)))
(snippet
'(begin
