CVS commit: [pkgsrc-2023Q1] pkgsrc/security/heimdal

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Jun 20 17:57:33 UTC 2023

Modified Files:
        pkgsrc/security/heimdal [pkgsrc-2023Q1]: Makefile distinfo
Added Files:
        pkgsrc/security/heimdal/patches [pkgsrc-2023Q1]:
            patch-lib_krb5_store-int.c

Log Message:
Pullup ticket #6762 - requested by riastradh
security/heimdal: security fix

Revisions pulled up:
- security/heimdal/Makefile                                     1.160
- security/heimdal/distinfo                                     1.57
- security/heimdal/patches/patch-lib_krb5_store-int.c           1.1

---
   Module Name:    pkgsrc
   Committed By:   riastradh
   Date:           Mon Jun 19 19:13:03 UTC 2023

   Modified Files:
           pkgsrc/security/heimdal: Makefile distinfo
   Added Files:
           pkgsrc/security/heimdal/patches: patch-lib_krb5_store-int.c

   Log Message:
   security/heimdal: Patch CVE-2022-42898 away.


To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.157.2.1 pkgsrc/security/heimdal/Makefile
cvs rdiff -u -r1.56 -r1.56.2.1 pkgsrc/security/heimdal/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/security/heimdal/patches/patch-lib_krb5_store-int.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/heimdal/Makefile
diff -u pkgsrc/security/heimdal/Makefile:1.157 pkgsrc/security/heimdal/Makefile:1.157.2.1
--- pkgsrc/security/heimdal/Makefile:1.157      Wed Feb  8 07:41:25 2023
+++ pkgsrc/security/heimdal/Makefile    Tue Jun 20 17:57:33 2023
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.157 2023/02/08 07:41:25 wiz Exp $
+# $NetBSD: Makefile,v 1.157.2.1 2023/06/20 17:57:33 bsiegert Exp $
 
 DISTNAME=      heimdal-7.8.0
-PKGREVISION=   2
+PKGREVISION=   4
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=heimdal/}
 GITHUB_RELEASE=        ${DISTNAME}

Index: pkgsrc/security/heimdal/distinfo
diff -u pkgsrc/security/heimdal/distinfo:1.56 pkgsrc/security/heimdal/distinfo:1.56.2.1
--- pkgsrc/security/heimdal/distinfo:1.56       Wed Feb  8 07:41:25 2023
+++ pkgsrc/security/heimdal/distinfo    Tue Jun 20 17:57:33 2023
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.56 2023/02/08 07:41:25 wiz Exp $
+$NetBSD: distinfo,v 1.56.2.1 2023/06/20 17:57:33 bsiegert Exp $
 
 BLAKE2s (heimdal-7.8.0.tar.gz) = 3f2654141605a1f54611c887ec8a7f55e45b00696983207d5779ad830e485cb8
 SHA512 (heimdal-7.8.0.tar.gz) = 0167345aca77d65b7a1113874eee5b65ec6e1fec1f196d57e571265409fa35ef95a673a4fd4aafbb0ab5fb5b246b97412353a68d6613a8aff6393a9f1e72999e
 Size (heimdal-7.8.0.tar.gz) = 10024936 bytes
 SHA1 (patch-lib_gssapi_krb5_arcfour.c) = 7d70da6a8dfffd7f71eae70f1a6fa6fc18d0df3c
+SHA1 (patch-lib_krb5_store-int.c) = ba539b1cce3ac5a1e7e436dfcdcf632aa61e41e3

Added files:

Index: pkgsrc/security/heimdal/patches/patch-lib_krb5_store-int.c
diff -u /dev/null pkgsrc/security/heimdal/patches/patch-lib_krb5_store-int.c:1.1.2.2
--- /dev/null   Tue Jun 20 17:57:33 2023
+++ pkgsrc/security/heimdal/patches/patch-lib_krb5_store-int.c  Tue Jun 20 17:57:33 2023
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_krb5_store-int.c,v 1.1.2.2 2023/06/20 17:57:33 bsiegert Exp $
+
+Fix CVE-2022-42898 for 32-bit systems.
+https://github.com/heimdal/heimdal/issues/1161
+
+--- lib/krb5/store-int.c.orig  2022-09-15 22:59:25.000000000 +0000
++++ lib/krb5/store-int.c
+@@ -49,7 +49,7 @@ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_
+ _krb5_get_int64(void *buffer, uint64_t *value, size_t size)
+ {
+     unsigned char *p = buffer;
+-    unsigned long v = 0;
++    uint64_t v = 0;
+     size_t i;
+     for (i = 0; i < size; i++)
+       v = (v << 8) + p[i];