From bad1cd91bdf3bd04deffecbca5f58b0ea5a7127f Mon Sep 17 00:00:00 2001
From: psykose <alice@ayaya.dev>
Date: Thu, 9 Feb 2023 03:52:41 +0000
Subject: [PATCH] main/heimdal: fix CVE-2022-45142

---
 main/heimdal/APKBUILD             |  6 +++++-
 main/heimdal/CVE-2022-45142.patch | 22 ++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 main/heimdal/CVE-2022-45142.patch

diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD
index cad4fa57bfc..91f6bb1e32f 100644
--- a/main/heimdal/APKBUILD
+++ b/main/heimdal/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=heimdal
 pkgver=7.7.1
 _ver=${pkgver/_rc/rc}
-pkgrel=0
+pkgrel=1
 pkgdesc="Iplementation of Kerberos 5"
 arch="all"
 url="https://github.com/heimdal/"
@@ -22,10 +22,13 @@ source="https://github.com/heimdal/heimdal/releases/download/heimdal-$pkgver/hei
 	005_all_heimdal-suid_fix.patch
 	heimdal_missing-include.patch
 	CVE-2018-16860.patch
+	CVE-2022-45142.patch
 	silence-include-headers-redirect-warnings.patch
 	"
 
 # secfixes:
+#   7.7.1-r1:
+#     - CVE-2022-45142
 #   7.7.1-r0:
 #     - CVE-2019-14870
 #     - CVE-2021-3671
@@ -137,5 +140,6 @@ abee8390632fa775e74900d09e5c72b02fe4f9616b43cc8d0a76175486ed6d4707fb3ce4d06ceb09
 2a6b20588a86a9ea3c35209b96ef2da0b39bc3112aec1505e69a60efc9ffb9ddc1d0dbdfaf864142e9d2f81da3d2653de56d6ffa01871c20fde17e4642625c56  005_all_heimdal-suid_fix.patch
 e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1  heimdal_missing-include.patch
 36738795eb3478b55790bf1927f85a421b13b6b47dcc273daeb6630c39a4e1c1258148fa0e9f004ae59a9ac89caf54cb25efedb417e852e42a2c32d02e43fd56  CVE-2018-16860.patch
+3205ce659c755b1a9e3bca3a3088cf241550fb2343fe46bee4370623b1ea2845395bcf7682a8c472d067067fbf8b3a8ea8809e8d3e6d5f62e05dcd680ba7230b  CVE-2022-45142.patch
 5d507a4312bbc59f2b67cb441d0880eaa060e3fdd166b7b8cf9b967d404722a1672e10cc8daedc46a786b8cbbb78de0bc2585d1d4d5b985da16c18f60c87d54f  silence-include-headers-redirect-warnings.patch
 "
diff --git a/main/heimdal/CVE-2022-45142.patch b/main/heimdal/CVE-2022-45142.patch
new file mode 100644
index 00000000000..917d41578e7
--- /dev/null
+++ b/main/heimdal/CVE-2022-45142.patch
@@ -0,0 +1,22 @@
+diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c
+index aa03cbe..c6c15eb 100644
+--- a/lib/gssapi/krb5/arcfour.c
++++ b/lib/gssapi/krb5/arcfour.c
+@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+ 	return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
++    cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0);
+     if (cmp) {
+ 	*minor_status = 0;
+ 	return GSS_S_BAD_MIC;
+@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+ 	return GSS_S_FAILURE;
+     }
+ 
+-    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
++    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+     if (cmp) {
+ 	_gsskrb5_release_buffer(minor_status, output_message_buffer);
+ 	*minor_status = 0;