pyrox.dev
libheimdal: 7.4.0 -> 7.5.0
In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet containing empty data
fields for client name or realm.
Security: CVE-2017-17439
+10
pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
+10
pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
···
1
+
--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
2
+
+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
3
+
@@ -9,6 +9,8 @@
4
+
sel-gram.h \
5
+
$(gen_files_ocsp:.x=.c) \
6
+
$(gen_files_pkcs10:.x=.c) \
7
+
+ ocsp_asn1.h \
8
+
+ pkcs10_asn1.h \
9
+
hx509_err.c \
10
+
hx509_err.h
+8
-2
pkgs/development/libraries/kerberos/heimdal.nix
+8
-2
pkgs/development/libraries/kerberos/heimdal.nix
···
12
12
with stdenv.lib;
13
13
stdenv.mkDerivation rec {
14
14
name = "${type}heimdal-${version}";
15
-
version = "7.4.0";
15
+
version = "7.5.0";
16
16
17
17
src = fetchFromGitHub {
18
18
owner = "heimdal";
19
19
repo = "heimdal";
20
20
rev = "heimdal-${version}";
21
-
sha256 = "01ch6kqjrxi9fki54yjj2fhxhdkxijz161w2inh5k8mcixlf67vp";
21
+
sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d";
22
22
};
23
+
24
+
patches = [ ./heimdal-make-missing-headers.patch ];
23
25
24
26
nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ]
25
27
++ (with perlPackages; [ JSON ])
···
43
45
] ++ optionals (!stdenv.isFreeBSD) [
44
46
"--with-capng"
45
47
];
48
+
49
+
postUnpack = ''
50
+
sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
51
+
'';
46
52
47
53
buildPhase = optionalString libOnly ''
48
54
(cd include; make -j $NIX_BUILD_CORES)