Message ID | 754f9ad3afb378e4e0100b865ca81b28181e3054.1681186993.git.felix.lechner@lease-up.com |
---|---|
State | New |
Headers | show |
Series | [bug#62760,v2,1/3] gnu: heimdal: Update to 7.8.0. | expand |
Hello, Felix Lechner <felix.lechner@lease-up.com> writes: > Fixes CVE-2022-44640 [1] "Heimdal KDC: invalid free in ASN.1 codec." The > upstream release announcement calls it "a severe vulnerability, possibly a > 10.0 on the Common Vulnerability Scoring System (CVSS) v3." > > The upstream developers further "believe it should be possible to get an RCE > [remote code execution] on a KDC, which means that credentials can be > compromised that can be used to impersonate anyone in a realm or forest of > realms." "While no zero-day exploit is known, such an exploit will likely be > available soon after public disclosure." [2] > > [1] https://nvd.nist.gov/vuln/detail/CVE-2022-44640 > [2] https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0 > > * gnu/packages/kerberos.scm (heimdal): Update to 7.8.0. I've fixed the commit message to use the GNU ChangeLog style; see: info '(standards) Style of Change Logs'. > --- > gnu/packages/kerberos.scm | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm > index 9454a5983e..ae4efcbc23 100644 > --- a/gnu/packages/kerberos.scm > +++ b/gnu/packages/kerberos.scm > @@ -35,6 +35,7 @@ (define-module (gnu packages kerberos) > #:use-module (gnu packages bison) > #:use-module (gnu packages dbm) > #:use-module (gnu packages perl) > + #:use-module (gnu packages python) > #:use-module (gnu packages gettext) > #:use-module (gnu packages gnupg) > #:use-module (gnu packages libidn) > @@ -166,7 +167,7 @@ (define-public shishi > (define-public heimdal > (package > (name "heimdal") > - (version "7.7.0") > + (version "7.8.0") > (source (origin > (method url-fetch) > (uri (string-append > @@ -174,14 +175,14 @@ (define-public heimdal > "heimdal-" version "/" "heimdal-" version ".tar.gz")) > (sha256 > (base32 > - "06vx3cb01s4lv3lpv0qzbbj97cln1np1wjphkkmmbk1lsqa36bgh")) > + "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx")) > (modules '((guix build utils))) > (snippet > '(begin > (substitute* "configure" > (("User=.*$") "User=Guix\n") > (("Host=.*$") "Host=GNU") > - (("Date=.*$") "Date=2019\n")))))) > + (("Date=.*$") "Date=2022\n")))))) > (build-system gnu-build-system) > (arguments > `(#:configure-flags > @@ -249,7 +250,8 @@ (define-public heimdal > (native-inputs (list e2fsprogs ;for 'compile_et' > texinfo > unzip ;for tests > - perl)) > + perl > + python)) Thanks! I've dropped perl, which appears unnecessary to build/run the test suite.
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 9454a5983e..ae4efcbc23 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -35,6 +35,7 @@ (define-module (gnu packages kerberos) #:use-module (gnu packages bison) #:use-module (gnu packages dbm) #:use-module (gnu packages perl) + #:use-module (gnu packages python) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) #:use-module (gnu packages libidn) @@ -166,7 +167,7 @@ (define-public shishi (define-public heimdal (package (name "heimdal") - (version "7.7.0") + (version "7.8.0") (source (origin (method url-fetch) (uri (string-append @@ -174,14 +175,14 @@ (define-public heimdal "heimdal-" version "/" "heimdal-" version ".tar.gz")) (sha256 (base32 - "06vx3cb01s4lv3lpv0qzbbj97cln1np1wjphkkmmbk1lsqa36bgh")) + "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx")) (modules '((guix build utils))) (snippet '(begin (substitute* "configure" (("User=.*$") "User=Guix\n") (("Host=.*$") "Host=GNU") - (("Date=.*$") "Date=2019\n")))))) + (("Date=.*$") "Date=2022\n")))))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -249,7 +250,8 @@ (define-public heimdal (native-inputs (list e2fsprogs ;for 'compile_et' texinfo unzip ;for tests - perl)) + perl + python)) (inputs (list readline bash-minimal bdb