gnu: heimdal: Apply patch to fix CVE-2022-45142.

Several recent Heimdal releases are affected by the serious vulnerability CVE-2022-45142, which NIST scored as "7.5 HIGH". [1] At the time of writing, the upstream developers had not yet cut any releases post-7.8.0, which is why the patch is being applied here. The patch was extracted from Helmut Grohne's public vulnerability disclosure. [2] [1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142 [2] https://www.openwall.com/lists/oss-security/2023/02/08/1 * gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/kerberos.scm (heimdal)[source]: Apply it. Signed-off-by: Maxim Cournoyer <[email protected]>
author: Felix Lechner <[email protected]> 2023-04-10 21:23:12 -0700
committer: Maxim Cournoyer <[email protected]> 2023-04-14 15:12:15 -0400
commit: 770112f2359eda621fcc32b47bfdd4f985d9c1c1 (patch)
tree: 9e92e1b11184d4621e13dada6ec62fc2d13951ff
parent: f508bc1491673142473970a3df1b251eb2a33e4e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 3380131218..30fa3ca63c 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -179,6 +179,8 @@ After installation, the system administrator should generate keys using
               (sha256
                (base32
                 "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
+              (patches
+               (search-patches "heimdal-CVE-2022-45142.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
author	Felix Lechner <[email protected]>	2023-04-10 21:23:12 -0700
committer	Maxim Cournoyer <[email protected]>	2023-04-14 15:12:15 -0400
commit	770112f2359eda621fcc32b47bfdd4f985d9c1c1 (patch)
tree	9e92e1b11184d4621e13dada6ec62fc2d13951ff
parent	f508bc1491673142473970a3df1b251eb2a33e4e (diff)