libheimdal: 7.4.0 -> 7.5.0

In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. Security: CVE-2017-17439
2018-03-21 21:12:39 +01:00
parent d32ce054a2
commit 5566bf97e5
2 changed files with 18 additions and 2 deletions
--- a/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
+++ b/pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
@@ -0,0 +1,10 @@
+--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
+@@ -9,6 +9,8 @@
+	sel-gram.h			\
+	$(gen_files_ocsp:.x=.c)		\
+	$(gen_files_pkcs10:.x=.c)	\
+	ocsp_asn1.h			\
+	pkcs10_asn1.h			\
+	hx509_err.c			\
+	hx509_err.h