aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/heimdal/APKBUILD7
-rw-r--r--main/heimdal/return-invalid-enctype-for-weak-crypto.patch48
2 files changed, 53 insertions, 2 deletions
diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD
index 139539e195..e98d9cf016 100644
--- a/main/heimdal/APKBUILD
+++ b/main/heimdal/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
pkgname=heimdal
pkgver=1.3.1
-pkgrel=3
+pkgrel=4
pkgdesc="An implementation of Kerberos 5"
url="http://www.h5l.org/"
license="BSD"
@@ -22,6 +22,7 @@ source="http://www.h5l.org/dist/src/$pkgname-$pkgver.tar.gz
100-check-com_err-pthread.patch
heimdal-c++-safe-krb5_cccol_cursor.patch
heimdal-locate_plugin-header.patch
+return-invalid-enctype-for-weak-crypto.patch
"
# krb5.h needs com_err.h
@@ -41,6 +42,7 @@ prepare() {
patch -Np1 -i ../100-check-com_err-pthread.patch || return 1
patch -Np1 -i ../heimdal-c++-safe-krb5_cccol_cursor.patch || return 1
patch -Np1 -i ../heimdal-locate_plugin-header.patch || return 1
+ patch -Np1 -i ../return-invalid-enctype-for-weak-crypto.patch || return 1
# name clash with ruserpass in netdb.h
sed -i -e 's/ruserpass/ruserpw/g' appl/ftp/ftp/*.[ch] || return 1
@@ -176,4 +178,5 @@ md5sums="4ce17deae040a3519e542f48fd901f21 heimdal-1.3.1.tar.gz
8208ae8c0b6ff5ab4f64af1693e9e396 014_all_heimdal-path.patch
e73205200f9641b5d969427ffb04282a 100-check-com_err-pthread.patch
7ebff9a320f18ed62f5fcb68c8fc18b8 heimdal-c++-safe-krb5_cccol_cursor.patch
-248ab80b44568171e432a23524f4fe39 heimdal-locate_plugin-header.patch"
+248ab80b44568171e432a23524f4fe39 heimdal-locate_plugin-header.patch
+a8342f77a1aedb4f332983bcbf141827 return-invalid-enctype-for-weak-crypto.patch"
diff --git a/main/heimdal/return-invalid-enctype-for-weak-crypto.patch b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch
new file mode 100644
index 0000000000..c8ce39fefe
--- /dev/null
+++ b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch
@@ -0,0 +1,48 @@
+--- a/lib/krb5/context.c
++++ b/lib/krb5/context.c
+@@ -825,23 +825,33 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+ krb5_set_default_in_tkt_etypes(krb5_context context,
+ const krb5_enctype *etypes)
+ {
++ krb5_error_code ret;
+ krb5_enctype *p = NULL;
+- int i;
++ unsigned int n, m;
+
+ if(etypes) {
+- for (i = 0; etypes[i]; ++i) {
+- krb5_error_code ret;
+- ret = krb5_enctype_valid(context, etypes[i]);
+- if (ret)
+- return ret;
+- }
+- ++i;
+- ALLOC(p, i);
++ for (n = 0; etypes[n]; n++)
++ ;
++ n++;
++ ALLOC(p, n);
+ if(!p) {
+- krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
++ krb5_set_error_message (context, ENOMEM,
++ N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+- memmove(p, etypes, i * sizeof(krb5_enctype));
++ for (n = 0, m = 0; etypes[n]; n++) {
++ ret = krb5_enctype_valid(context, etypes[n]);
++ if (ret)
++ continue;
++ p[m++] = etypes[n];
++ }
++ p[m] = ETYPE_NULL;
++ if (m == 0) {
++ free(p);
++ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
++ N_("no valid enctype set", ""));
++ return KRB5_PROG_ETYPE_NOSUPP;
++ }
+ }
+ if(context->etypes)
+ free(context->etypes);
+