Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d32ce054a266
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5566bf97e56e
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Mar 21, 2018

  1. libheimdal: 7.4.0 -> 7.5.0 

    In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet containing empty data
fields for client name or realm.

Security: CVE-2017-17439
    @edwtjo
    edwtjo committed Mar 21, 2018
    1
    Copy the full SHA
    5566bf9 View commit details
Showing with 18 additions and 2 deletions.
  1. +10 −0 pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
  2. +8 −2 pkgs/development/libraries/kerberos/heimdal.nix
10 changes: 10 additions & 0 deletions pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
+++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
@@ -9,6 +9,8 @@
sel-gram.h \
$(gen_files_ocsp:.x=.c) \
$(gen_files_pkcs10:.x=.c) \
+ ocsp_asn1.h \
+ pkcs10_asn1.h \
hx509_err.c \
hx509_err.h
10 changes: 8 additions & 2 deletions pkgs/development/libraries/kerberos/heimdal.nix
View file
Original file line number Diff line number Diff line change
@@ -12,15 +12,17 @@ in
with stdenv.lib;
stdenv.mkDerivation rec {
name = "${type}heimdal-${version}";
version = "7.4.0";
version = "7.5.0";

src = fetchFromGitHub {
owner = "heimdal";
repo = "heimdal";
rev = "heimdal-${version}";
sha256 = "01ch6kqjrxi9fki54yjj2fhxhdkxijz161w2inh5k8mcixlf67vp";
sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d";
};

patches = [ ./heimdal-make-missing-headers.patch ];

nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ]
++ (with perlPackages; [ JSON ])
++ optional (!libOnly) texinfo;
@@ -44,6 +46,10 @@ stdenv.mkDerivation rec {
"--with-capng"
];

postUnpack = ''
sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
'';

buildPhase = optionalString libOnly ''
(cd include; make -j $NIX_BUILD_CORES)
(cd lib; make -j $NIX_BUILD_CORES)