heimdal: add patch for CVE-2022-45142 (#5092)

* add patch for CVE-2022-45142

* add patch file

SPECS/heimdal/CVE-2022-45142.patch

@@ -0,0 +1,21 @@
+diff --color --color -ruN a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+--- a/lib/gssapi/krb5/arcfour.c	2023-03-15 00:23:03.051530897 +0000
++++ b/lib/gssapi/krb5/arcfour.c	2023-03-15 00:23:46.771143241 +0000
+@@ -365,7 +365,7 @@
+ 	return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+ 	*minor_status = 0;
+ 	return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@
+ 	return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+ 	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+ 	*minor_status = 0;

SPECS/heimdal/heimdal.spec

@@ -12,7 +12,7 @@
 Summary:        A Kerberos 5 implementation without export restrictions
 Name:           heimdal
 Version:        7.7.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -40,6 +40,7 @@ Source31:       %{name}-ipropd-slave-wrapper
 # to know how to interpret the "heimdal-" prefixes.
 Patch1:         heimdal-1.6.0-c25f45a-rename-commands.patch
 Patch2:         heimdal-configure.patch
+Patch3:         CVE-2022-45142.patch
 BuildRequires:  bison
 #libcom_err-devel is in
 #BuildRequires:  libcom_err-devel
@@ -482,6 +483,9 @@ fi
 %{_sysconfdir}/profile.d/%{name}.csh
 
 %changelog
+* Tue Mar 14 2023 Thien Trung Vuong <tvuong@microsoft.com> - 7.7.1-2
+- Add patch for CVE-2022-45142
+
 * Tue Dec 06 2022 Henry Beberman <henry.beberman@microsoft.com> - 7.7.1-1
 - Upgrade to version 7.7.1
 - Remove patches that were backported from upstream