Heimdal: Fix transit path validation CVE-2017-6594
Apply upstream
b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.
Upstream writes in their commit log:
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
Reported by: emaste
Security: CVE-2017-6594
Obtained from: upstream
b1e699103
MFS requested by: re (cperciva
Approved by: re (cperciva)
(cherry picked from commit
f8041e3628bd70cf5562a9c13eb3d6af8463e720)
(cherry picked from commit
9a7121454dc0f68af2687699d5feabf736692fa6)
projects / FreeBSD / FreeBSD.git / commit