diff --git a/SPECS/heimdal/CVE-2022-45142.patch b/SPECS/heimdal/CVE-2022-45142.patch new file mode 100644 index 0000000000..7c5048438e --- /dev/null +++ b/SPECS/heimdal/CVE-2022-45142.patch @@ -0,0 +1,21 @@ +diff --color --color -ruN a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c +--- a/lib/gssapi/krb5/arcfour.c 2023-03-15 00:23:03.051530897 +0000 ++++ b/lib/gssapi/krb5/arcfour.c 2023-03-15 00:23:46.771143241 +0000 +@@ -365,7 +365,7 @@ + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0); ++ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; +@@ -730,7 +730,7 @@ + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */ ++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */ + if (cmp) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; diff --git a/SPECS/heimdal/heimdal.spec b/SPECS/heimdal/heimdal.spec index da1dde8031..5919e3f2d2 100644 --- a/SPECS/heimdal/heimdal.spec +++ b/SPECS/heimdal/heimdal.spec @@ -12,7 +12,7 @@ Summary: A Kerberos 5 implementation without export restrictions Name: heimdal Version: 7.7.1 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -40,6 +40,7 @@ Source31: %{name}-ipropd-slave-wrapper # to know how to interpret the "heimdal-" prefixes. Patch1: heimdal-1.6.0-c25f45a-rename-commands.patch Patch2: heimdal-configure.patch +Patch3: CVE-2022-45142.patch BuildRequires: bison #libcom_err-devel is in #BuildRequires: libcom_err-devel @@ -482,6 +483,9 @@ fi %{_sysconfdir}/profile.d/%{name}.csh %changelog +* Tue Mar 14 2023 Thien Trung Vuong - 7.7.1-2 +- Add patch for CVE-2022-45142 + * Tue Dec 06 2022 Henry Beberman - 7.7.1-1 - Upgrade to version 7.7.1 - Remove patches that were backported from upstream