Message ID | 754f9ad3afb378e4e0100b865ca81b28181e3054.1681155077.git.felix.lechner@lease-up.com |
---|---|
State | New |
Headers | show |
Series | Two serious vulnerabilities in Heimdal Kerberos | expand |
On Mon, Apr 10, 2023 at 12:52:24PM -0700, Felix Lechner via Guix-patches via wrote: > Fixes CVE-2022-44640 [1] "Heimdal KDC: invalid free in ASN.1 codec." The > upstream release announcement calls it "a severe vulnerability, possibly a > 10.0 on the Common Vulnerability Scoring System (CVSS) v3." > > The upstream developers further "believe it should be possible to get an RCE > [remote code execution] on a KDC, which means that credentials can be > compromised that can be used to impersonate anyone in a realm or forest of > realms." "While no zero-day exploit is known, such an exploit will likely be > available soon after public disclosure." [2] > > [1] https://nvd.nist.gov/vuln/detail/CVE-2022-44640 > [2] https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0 > > * gnu/packages/kerberos.scm (heimdal): Update to 7.8.0. Thanks for this! > @@ -249,7 +250,8 @@ (define-public heimdal > (native-inputs (list e2fsprogs ;for 'compile_et' > texinfo > unzip ;for tests > - perl)) > + perl > + python)) Is this part intentional? It wasn't mentioned in the commit message.
Hi Leo, On Mon, Apr 10, 2023 at 4:05 PM Leo Famulari <leo@famulari.name> wrote: > > > + python)) > > Is this part intentional? Yes, the sources for 7.8.0 failed to build without Python. I believe it was due to that commit https://github.com/heimdal/heimdal/commit/6415a2032ec4b2ecc5917dae85b8f9e6f9e221d2 which fixed that issue: https://github.com/heimdal/heimdal/issues/696 Kind regards, Felix Lechner
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 9454a5983e..ae4efcbc23 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -35,6 +35,7 @@ (define-module (gnu packages kerberos) #:use-module (gnu packages bison) #:use-module (gnu packages dbm) #:use-module (gnu packages perl) + #:use-module (gnu packages python) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) #:use-module (gnu packages libidn) @@ -166,7 +167,7 @@ (define-public shishi (define-public heimdal (package (name "heimdal") - (version "7.7.0") + (version "7.8.0") (source (origin (method url-fetch) (uri (string-append @@ -174,14 +175,14 @@ (define-public heimdal "heimdal-" version "/" "heimdal-" version ".tar.gz")) (sha256 (base32 - "06vx3cb01s4lv3lpv0qzbbj97cln1np1wjphkkmmbk1lsqa36bgh")) + "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx")) (modules '((guix build utils))) (snippet '(begin (substitute* "configure" (("User=.*$") "User=Guix\n") (("Host=.*$") "Host=GNU") - (("Date=.*$") "Date=2019\n")))))) + (("Date=.*$") "Date=2022\n")))))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -249,7 +250,8 @@ (define-public heimdal (native-inputs (list e2fsprogs ;for 'compile_et' texinfo unzip ;for tests - perl)) + perl + python)) (inputs (list readline bash-minimal bdb