From a49a3ac8e082921c2793a073b5991c4693f167ab Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 12 Oct 2022 13:55:51 +1300
Subject: [PATCH 06/15] CVE-2022-3437 source4/heimdal_build: Add
 gssapi-subsystem subsystem

This allows us to access (and so test) functions internal to GSSAPI by
depending on this subsystem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[jsutton@samba.org Adapted to older wscript_build file]

Conflict: NA
Reference: https://download.samba.org/pub/samba/patches/security/samba-4.15.11-security-2022-10-25.patch
---
 source4/heimdal_build/wscript_build | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index e91c8ab2eeb..41152192798 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -571,8 +571,8 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
     HEIMDAL_AUTOPROTO_PRIVATE('lib/gssapi/krb5/gsskrb5-private.h',
                               HEIMDAL_GSSAPI_KRB5_SOURCE)
 
-    HEIMDAL_LIBRARY('gssapi',
-                    HEIMDAL_GSSAPI_SPNEGO_SOURCE + HEIMDAL_GSSAPI_KRB5_SOURCE + '''
+    HEIMDAL_SUBSYSTEM('gssapi-subsystem',
+                      HEIMDAL_GSSAPI_SPNEGO_SOURCE + HEIMDAL_GSSAPI_KRB5_SOURCE + '''
     lib/gssapi/mech/context.c lib/gssapi/mech/gss_krb5.c lib/gssapi/mech/gss_mech_switch.c
     lib/gssapi/mech/gss_process_context_token.c lib/gssapi/mech/gss_buffer_set.c
     lib/gssapi/mech/gss_aeap.c lib/gssapi/mech/gss_add_cred.c lib/gssapi/mech/gss_cred.c
@@ -597,10 +597,16 @@ if not bld.CONFIG_SET("USING_SYSTEM_GSSAPI"):
     lib/gssapi/mech/gss_set_cred_option.c  lib/gssapi/mech/gss_pseudo_random.c ../heimdal_build/gssapi-glue.c''',
         includes='../heimdal/lib/gssapi ../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech',
         deps='hcrypto asn1 HEIMDAL_SPNEGO_ASN1 HEIMDAL_GSSAPI_ASN1 roken krb5 com_err wind heimbase',
-        vnum='2.0.0',
-        version_script='lib/gssapi/version-script.map',
         )
 
+    HEIMDAL_LIBRARY('gssapi',
+                    '',
+                    includes='../heimdal/lib/gssapi ../heimdal/lib/gssapi/gssapi ../heimdal/lib/gssapi/spnego ../heimdal/lib/gssapi/krb5 ../heimdal/lib/gssapi/mech',
+                    deps='gssapi-subsystem',
+                    vnum='2.0.0',
+                    version_script='lib/gssapi/version-script.map',
+                    )
+
 if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
     # expand_path.c needs some of the install paths
     HEIMDAL_SUBSYSTEM('HEIMDAL_CONFIG',
-- 
2.25.1