Heimdal: Fix transit path validation CVE-2017-6594
Apply upstream
b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.
Upstream writes in their commit log:
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
Reported by: emaste
Security: CVE-2017-6594
Obtained from: upstream
b1e699103
MFC after: 1 week
projects / FreeBSD / FreeBSD.git / commit