From 691f17a8cc6ba1c353ee65b41567e607ed3fcfae Mon Sep 17 00:00:00 2001
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Mon, 10 Apr 2023 21:23:12 -0700
Subject: gnu: heimdal: Apply patch to fix CVE-2022-45142.

Several recent Heimdal releases are affected by the serious vulnerability
CVE-2022-45142, which NIST scored as "7.5 HIGH". [1]

At the time of writing, the upstream developers had not yet cut any releases
post-7.8.0, which is why the patch is being applied here.

The patch was extracted from Helmut Grohne's public vulnerability
disclosure. [2]

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-45142
[2] https://www.openwall.com/lists/oss-security/2023/02/08/1

* gnu/packages/patches/heimdal-CVE-2022-45142.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/kerberos.scm (heimdal)[source]: Apply it.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/local.mk | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index f0a228f19f..8088e8170b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1328,6 +1328,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/hdf-eos5-remove-gctp.patch		\
   %D%/packages/patches/hdf-eos5-fix-szip.patch			\
   %D%/packages/patches/hdf-eos5-fortrantests.patch		\
+  %D%/packages/patches/heimdal-CVE-2022-45142.patch		\
   %D%/packages/patches/helm-fix-gcc-9-build.patch		\
   %D%/packages/patches/http-parser-CVE-2020-8287.patch		\
   %D%/packages/patches/htslib-for-stringtie.patch		\
-- 
cgit v1.2.3