diff --git a/heimdal-7.7.0-autoconf-2.70.patch b/heimdal-7.7.0-autoconf-2.70.patch deleted file mode 100644 index 5217294..0000000 --- a/heimdal-7.7.0-autoconf-2.70.patch +++ /dev/null @@ -1,32 +0,0 @@ -From e109c0e6f550c81095d387761eb37f7c2b914475 Mon Sep 17 00:00:00 2001 -From: Lars Wendler -Date: Wed, 17 Mar 2021 17:49:18 +0100 -Subject: [PATCH] autoconf-2.70 fix - -autoconf-2.70 and newer are more strict with quoting etc. and thus generate -a broken configure file: - - configure: 20855: Syntax error: ")" unexpected (expecting "fi") - -(cherry picked from commit 22352b90e78e2d162b98b5ef6c84672c397be40a) - -Change-Id: I39730c768e7bfaffa3c7ad2474f16649b04e949f -Gentoo-bug: https://bugs.gentoo.org/776241 -Signed-off-by: Lars Wendler ---- - cf/check-var.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cf/check-var.m4 b/cf/check-var.m4 -index 2fd7bca6f0..71d6f70ca8 100644 ---- a/cf/check-var.m4 -+++ b/cf/check-var.m4 -@@ -20,7 +20,7 @@ AC_MSG_RESULT($ac_foo) - if test "$ac_foo" = yes; then - AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, - [Define if you have the `]$1[' variable.]) -- m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2])) -+ m4_ifval([$2], [AC_CHECK_DECLS([$1],[],[],[$2])]) - fi - ]) - diff --git a/heimdal-7.7.0-patched.tar.bz2 b/heimdal-7.7.0-patched.tar.bz2 deleted file mode 100644 index f685e52..0000000 --- a/heimdal-7.7.0-patched.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:83b8758a7005991c03efde6dd59fe126c2c09399e148dca695772a6394eb7ad1 -size 7839783 diff --git a/heimdal-7.8.0-patched.tar.bz2 b/heimdal-7.8.0-patched.tar.bz2 new file mode 100644 index 0000000..2c8df9e --- /dev/null +++ b/heimdal-7.8.0-patched.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c2131e24f35f76ba1f8f588ecf8eedeb68e9589570966731d060da8adb7a4ca9 +size 7665354 diff --git a/heimdal-patched.diff b/heimdal-patched.diff index 617c305..90b100d 100644 --- a/heimdal-patched.diff +++ b/heimdal-patched.diff @@ -1,15 +1,15 @@ -diff -uNr heimdal-7.7.0/configure.ac heimdal-7.7.0-patched/configure.ac ---- heimdal-7.7.0/configure.ac 2019-06-07 08:21:39.000000000 +0200 -+++ heimdal-7.7.0-patched/configure.ac 2019-06-23 01:05:58.354087165 +0200 +diff -uNr heimdal-7.8.0/configure.ac heimdal-7.8.0-patched/configure.ac +--- heimdal-7.8.0/configure.ac 2022-11-15 19:56:25.000000000 +0100 ++++ heimdal-7.8.0-patched/configure.ac 2022-12-20 16:57:00.506113493 +0100 @@ -3,7 +3,6 @@ AC_PREREQ(2.62) test -z "$CFLAGS" && CFLAGS="-g" - AC_INIT([Heimdal],[7.7.0],[https://github.com/heimdal/heimdal/issues]) + AC_INIT([Heimdal],[7.8.0],[https://github.com/heimdal/heimdal/issues]) -AC_CONFIG_SRCDIR([kuser/kinit.c]) AC_CONFIG_HEADERS(include/config.h) AC_CONFIG_MACRO_DIR([cf]) -@@ -591,7 +590,6 @@ +@@ -594,7 +593,6 @@ AM_CONDITIONAL(HEIMDAL_DOCUMENTATION, test "$enable_heimdal_documentation" != no) AC_CONFIG_FILES(Makefile \ @@ -17,7 +17,7 @@ diff -uNr heimdal-7.7.0/configure.ac heimdal-7.7.0-patched/configure.ac include/Makefile \ include/gssapi/Makefile \ include/hcrypto/Makefile \ -@@ -616,35 +614,8 @@ +@@ -619,35 +617,8 @@ lib/sqlite/Makefile \ lib/vers/Makefile \ lib/wind/Makefile \ @@ -53,9 +53,9 @@ diff -uNr heimdal-7.7.0/configure.ac heimdal-7.7.0-patched/configure.ac ) AC_OUTPUT -diff -uNr heimdal-7.7.0/doc/Makefile.am heimdal-7.7.0-patched/doc/Makefile.am ---- heimdal-7.7.0/doc/Makefile.am 2017-03-17 19:19:59.000000000 +0100 -+++ heimdal-7.7.0-patched/doc/Makefile.am 2019-06-23 01:11:42.915659771 +0200 +diff -uNr heimdal-7.8.0/doc/Makefile.am heimdal-7.8.0-patched/doc/Makefile.am +--- heimdal-7.8.0/doc/Makefile.am 2022-09-16 00:59:25.000000000 +0200 ++++ heimdal-7.8.0-patched/doc/Makefile.am 2022-12-20 17:02:32.781246824 +0100 @@ -10,50 +10,6 @@ info_TEXINFOS = heimdal.texi hx509.texi @@ -199,9 +199,9 @@ diff -uNr heimdal-7.7.0/doc/Makefile.am heimdal-7.7.0-patched/doc/Makefile.am - ntlm.dxy* \ - wind.dxy* \ - vars.texi* -diff -uNr heimdal-7.7.0/kdc/Makefile.am heimdal-7.7.0-patched/kdc/Makefile.am ---- heimdal-7.7.0/kdc/Makefile.am 2016-12-20 15:23:06.000000000 +0100 -+++ heimdal-7.7.0-patched/kdc/Makefile.am 2019-06-23 01:20:05.650281843 +0200 +diff -uNr heimdal-7.8.0/kdc/Makefile.am heimdal-7.8.0-patched/kdc/Makefile.am +--- heimdal-7.8.0/kdc/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/kdc/Makefile.am 2022-12-20 17:07:05.344492344 +0100 @@ -6,35 +6,6 @@ lib_LTLIBRARIES = libkdc.la @@ -315,9 +315,9 @@ diff -uNr heimdal-7.7.0/kdc/Makefile.am heimdal-7.7.0-patched/kdc/Makefile.am libkdc-exports.def \ - NTMakefile $(man_MANS) version-script.map + NTMakefile version-script.map -diff -uNr heimdal-7.7.0/lib/asn1/Makefile.am heimdal-7.7.0-patched/lib/asn1/Makefile.am ---- heimdal-7.7.0/lib/asn1/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/asn1/Makefile.am 2019-06-23 01:21:42.864468490 +0200 +diff -uNr heimdal-7.8.0/lib/asn1/Makefile.am heimdal-7.8.0-patched/lib/asn1/Makefile.am +--- heimdal-7.8.0/lib/asn1/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/asn1/Makefile.am 2022-12-20 17:08:36.808229786 +0100 @@ -44,9 +44,7 @@ gen_files_digest = asn1_digest_asn1.x gen_files_kx509 = asn1_kx509_asn1.x @@ -329,9 +329,9 @@ diff -uNr heimdal-7.7.0/lib/asn1/Makefile.am heimdal-7.7.0-patched/lib/asn1/Make TESTS = check-der check-gen check-timegm check-ber check-template check_PROGRAMS = $(TESTS) -diff -uNr heimdal-7.7.0/lib/com_err/Makefile.am heimdal-7.7.0-patched/lib/com_err/Makefile.am ---- heimdal-7.7.0/lib/com_err/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/com_err/Makefile.am 2019-06-23 01:23:17.626700892 +0200 +diff -uNr heimdal-7.8.0/lib/com_err/Makefile.am heimdal-7.8.0-patched/lib/com_err/Makefile.am +--- heimdal-7.8.0/lib/com_err/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/com_err/Makefile.am 2022-12-20 17:14:40.343183718 +0100 @@ -13,12 +13,8 @@ libcom_err_la_LIBADD = $(LIB_libintl) @@ -353,9 +353,9 @@ diff -uNr heimdal-7.7.0/lib/com_err/Makefile.am heimdal-7.7.0-patched/lib/com_er libcom_err-version.rc \ libcom_err-exports.def \ version-script.map -diff -uNr heimdal-7.7.0/lib/gssapi/Makefile.am heimdal-7.7.0-patched/lib/gssapi/Makefile.am ---- heimdal-7.7.0/lib/gssapi/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/gssapi/Makefile.am 2019-06-23 01:25:34.416149361 +0200 +diff -uNr heimdal-7.8.0/lib/gssapi/Makefile.am heimdal-7.8.0-patched/lib/gssapi/Makefile.am +--- heimdal-7.8.0/lib/gssapi/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/gssapi/Makefile.am 2022-12-20 17:16:41.706826603 +0100 @@ -227,8 +227,6 @@ $(LIB_hcrypto) \ $(LIBADD_roken) @@ -383,9 +383,9 @@ diff -uNr heimdal-7.7.0/lib/gssapi/Makefile.am heimdal-7.7.0-patched/lib/gssapi/ gen-oid.pl \ gssapi/gssapi_netlogon.h \ krb5/test_acquire_cred.c \ -diff -uNr heimdal-7.7.0/lib/hx509/Makefile.am heimdal-7.7.0-patched/lib/hx509/Makefile.am ---- heimdal-7.7.0/lib/hx509/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/hx509/Makefile.am 2019-06-23 01:28:59.528323408 +0200 +diff -uNr heimdal-7.8.0/lib/hx509/Makefile.am heimdal-7.8.0-patched/lib/hx509/Makefile.am +--- heimdal-7.8.0/lib/hx509/Makefile.am 2022-11-15 18:24:40.000000000 +0100 ++++ heimdal-7.8.0-patched/lib/hx509/Makefile.am 2022-12-20 17:19:57.330257091 +0100 @@ -141,7 +141,6 @@ $(heim_verbose)$(ASN1_COMPILE) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1) @@ -406,7 +406,7 @@ diff -uNr heimdal-7.7.0/lib/hx509/Makefile.am heimdal-7.7.0-patched/lib/hx509/Ma -dist_hxtool_SOURCES = hxtool.c -nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h - --$(hxtool_OBJECTS): hxtool-commands.h hx509_err.h +-$(hxtool_OBJECTS): hxtool-commands.h $(nodist_include_HEADERS) - -hxtool_LDADD = \ - libhx509.la \ @@ -440,10 +440,10 @@ diff -uNr heimdal-7.7.0/lib/hx509/Makefile.am heimdal-7.7.0-patched/lib/hx509/Ma quote.py \ ocsp.asn1 \ ocsp.opt \ -diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Makefile.am ---- heimdal-7.7.0/lib/kadm5/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/kadm5/Makefile.am 2019-06-23 01:32:40.000210950 +0200 -@@ -13,10 +13,6 @@ +diff -uNr heimdal-7.8.0/lib/kadm5/Makefile.am heimdal-7.8.0-patched/lib/kadm5/Makefile.am +--- heimdal-7.8.0/lib/kadm5/Makefile.am 2022-11-15 18:06:45.000000000 +0100 ++++ heimdal-7.8.0-patched/lib/kadm5/Makefile.am 2022-12-20 17:24:31.273484873 +0100 +@@ -14,10 +14,6 @@ libkadm5srv_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map endif @@ -454,16 +454,16 @@ diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Ma noinst_LTLIBRARIES = sample_passwd_check.la sample_passwd_check_la_SOURCES = sample_passwd_check.c -@@ -28,8 +24,6 @@ +@@ -29,8 +25,6 @@ libkadm5clnt_la_LIBADD = \ $(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken) -libexec_PROGRAMS = ipropd-master ipropd-slave - default_keys_SOURCES = default_keys.c + default_keys_CPPFLAGS = -I$(srcdir)/../krb5 - kadm5includedir = $(includedir)/kadm5 -@@ -120,15 +114,6 @@ +@@ -122,17 +116,6 @@ libkadm5srv_la_DEPENDENCIES = \ version-script.map @@ -471,15 +471,17 @@ diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Ma -nodist_iprop_log_SOURCES = iprop-commands.c - -ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h +-ipropd_master_CPPFLAGS = -I$(srcdir)/../krb5 - -ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h +-ipropd_slave_CPPFLAGS = -I$(srcdir)/../krb5 - -man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 - LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ -@@ -140,26 +125,8 @@ +@@ -144,27 +127,8 @@ $(LIB_dlopen) \ $(LIB_pidfile) @@ -496,6 +498,7 @@ diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Ma - $(LIB_dlopen) \ - $(LIB_pidfile) - +-iprop_log_CPPFLAGS = -I$(srcdir)/../krb5 - -iprop-commands.c iprop-commands.h: iprop-commands.in - $(SLC) $(srcdir)/iprop-commands.in @@ -506,7 +509,7 @@ diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Ma client_glue.lo server_glue.lo: $(srcdir)/common_glue.c -@@ -171,12 +138,7 @@ +@@ -176,12 +140,7 @@ ALL_OBJECTS = $(libkadm5clnt_la_OBJECTS) ALL_OBJECTS += $(libkadm5srv_la_OBJECTS) @@ -519,7 +522,7 @@ diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Ma $(ALL_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h $(ALL_OBJECTS): kadm5_err.h -@@ -208,7 +170,6 @@ +@@ -213,7 +172,6 @@ libkadm5srv-exports.def \ kadm5_err.et \ iprop-commands.in \ @@ -527,9 +530,9 @@ diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Ma check-cracklib.pl \ flush.c \ sample_passwd_check.c \ -diff -uNr heimdal-7.7.0/lib/kafs/Makefile.am heimdal-7.7.0-patched/lib/kafs/Makefile.am ---- heimdal-7.7.0/lib/kafs/Makefile.am 2016-12-20 15:23:06.000000000 +0100 -+++ heimdal-7.7.0-patched/lib/kafs/Makefile.am 2019-06-23 01:33:33.887205797 +0200 +diff -uNr heimdal-7.8.0/lib/kafs/Makefile.am heimdal-7.8.0-patched/lib/kafs/Makefile.am +--- heimdal-7.8.0/lib/kafs/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/kafs/Makefile.am 2022-12-20 17:25:26.133332421 +0100 @@ -74,8 +74,6 @@ EXTRA_DIST = NTMakefile afsl.exp afslib.exp $(man_MANS) @@ -539,9 +542,9 @@ diff -uNr heimdal-7.7.0/lib/kafs/Makefile.am heimdal-7.7.0-patched/lib/kafs/Make # AIX: this almost works with gcc, but somehow it fails to use the # correct ld, use ld instead afslib.so: afslib.o -diff -uNr heimdal-7.7.0/lib/krb5/Makefile.am heimdal-7.7.0-patched/lib/krb5/Makefile.am ---- heimdal-7.7.0/lib/krb5/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/krb5/Makefile.am 2019-06-23 01:35:41.372827811 +0200 +diff -uNr heimdal-7.8.0/lib/krb5/Makefile.am heimdal-7.8.0-patched/lib/krb5/Makefile.am +--- heimdal-7.8.0/lib/krb5/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/krb5/Makefile.am 2022-12-20 17:27:49.080935177 +0100 @@ -4,8 +4,6 @@ AM_CPPFLAGS += -I../com_err -I$(srcdir)/../com_err $(INCLUDE_sqlite3) $(INCLUDE_libintl) $(INCLUDE_openssl_crypto) @@ -620,9 +623,9 @@ diff -uNr heimdal-7.7.0/lib/krb5/Makefile.am heimdal-7.7.0-patched/lib/krb5/Make version-script.map \ test_config_strings.cfg \ krb5.moduli -diff -uNr heimdal-7.7.0/lib/roken/Makefile.am heimdal-7.7.0-patched/lib/roken/Makefile.am ---- heimdal-7.7.0/lib/roken/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/roken/Makefile.am 2019-06-23 01:37:25.910877865 +0200 +diff -uNr heimdal-7.8.0/lib/roken/Makefile.am heimdal-7.8.0-patched/lib/roken/Makefile.am +--- heimdal-7.8.0/lib/roken/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/roken/Makefile.am 2022-12-20 17:28:54.084761232 +0100 @@ -209,8 +209,6 @@ rokenincludedir = $(includedir)/roken nodist_rokeninclude_HEADERS = $(XHEADERS) @@ -640,9 +643,9 @@ diff -uNr heimdal-7.7.0/lib/roken/Makefile.am heimdal-7.7.0-patched/lib/roken/Ma dirent.c \ dirent.hin \ dirent-test.c \ -diff -uNr heimdal-7.7.0/lib/sl/Makefile.am heimdal-7.7.0-patched/lib/sl/Makefile.am ---- heimdal-7.7.0/lib/sl/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/lib/sl/Makefile.am 2019-06-23 01:38:29.661688483 +0200 +diff -uNr heimdal-7.8.0/lib/sl/Makefile.am heimdal-7.8.0-patched/lib/sl/Makefile.am +--- heimdal-7.8.0/lib/sl/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/lib/sl/Makefile.am 2022-12-20 17:30:00.352598492 +0100 @@ -25,7 +25,7 @@ # install these? @@ -652,9 +655,9 @@ diff -uNr heimdal-7.7.0/lib/sl/Makefile.am heimdal-7.7.0-patched/lib/sl/Makefile slc_SOURCES = slc-gram.y slc-lex.l slc.h -diff -uNr heimdal-7.7.0/lib/wind/Makefile.am heimdal-7.7.0-patched/lib/wind/Makefile.am ---- heimdal-7.7.0/lib/wind/Makefile.am 2016-12-20 15:23:06.000000000 +0100 -+++ heimdal-7.7.0-patched/lib/wind/Makefile.am 2019-06-23 01:39:34.124485774 +0200 +diff -uNr heimdal-7.8.0/lib/wind/Makefile.am heimdal-7.8.0-patched/lib/wind/Makefile.am +--- heimdal-7.8.0/lib/wind/Makefile.am 2022-11-15 18:14:35.000000000 +0100 ++++ heimdal-7.8.0-patched/lib/wind/Makefile.am 2022-12-20 17:31:00.324451186 +0100 @@ -83,12 +83,6 @@ $(test_punycode_OBJECTS): $(built_tests) @@ -665,12 +668,12 @@ diff -uNr heimdal-7.7.0/lib/wind/Makefile.am heimdal-7.7.0-patched/lib/wind/Make - -LDADD = libwind.la $(LIB_roken) - - PYTHON = python - if !MAINTAINER_MODE -diff -uNr heimdal-7.7.0/Makefile.am heimdal-7.7.0-patched/Makefile.am ---- heimdal-7.7.0/Makefile.am 2019-06-07 08:21:35.000000000 +0200 -+++ heimdal-7.7.0-patched/Makefile.am 2019-06-23 01:40:47.395118733 +0200 + skip_python = test -f $@ || + endif +diff -uNr heimdal-7.8.0/Makefile.am heimdal-7.8.0-patched/Makefile.am +--- heimdal-7.8.0/Makefile.am 2022-09-16 01:54:19.000000000 +0200 ++++ heimdal-7.8.0-patched/Makefile.am 2022-12-20 17:32:16.540264008 +0100 @@ -2,12 +2,7 @@ include $(top_srcdir)/Makefile.am.common diff --git a/libheimdal.changes b/libheimdal.changes index 8d1473e..628b74a 100644 --- a/libheimdal.changes +++ b/libheimdal.changes @@ -1,3 +1,79 @@ +------------------------------------------------------------------- +Wed Dec 21 09:53:45 UTC 2022 - enzokiel@kabelmail.de + +- Update to version 7.8.0 + + This release includes both the Heimdal 7.7.1 Security + Vulnerability fixes and non-Security bug fixes/improvements. + + Security Vulnerabilities: + - CVE-2022-42898 PAC parse integer overflows + - CVE-2022-3437 Overflows and non-constant time leaks in + DES{,3} and arcfour + - CVE-2022-41916 Fix Unicode normalization read of 1 bytes past + end of array + - CVE-2021-44758 A null pointer de-reference DoS in SPNEGO + acceptors + - CVE-2021-3671 A null pointer de-reference when handling + missing sname in TGS-REQ + - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec + Note that CVE-2022-44640 is a severe vulnerability, + possibly a 10.0 on the Common Vulnerability Scoring + System (CVSS) v3, as we believe it should be possible to + get an RCE on a KDC, which means that credentials can be + compromised that can be used to impersonate anyone in a + realm or forest of realms. + Heimdal's ASN.1 compiler generates code that allows + specially crafted DER encodings of CHOICEs to invoke the + wrong free function on the decoded structure upon decode + error. This is known to impact the Heimdal KDC, leading to + an invalid free() of an address partly or wholly under the + control of the attacker, in turn leading to a potential + remote code execution (RCE) vulnerability. + This error affects the DER codec for all extensible CHOICE + types used in Heimdal, though not all cases will be + exploitable. We have not completed a thorough analysis of + all the Heimdal components affected, thus the Kerberos + client, the X.509 library, and other parts, may be affected + as well. + This bug has been in Heimdal's ASN.1 compiler since 2005, + but it may only affect Heimdal 1.6 and up. It was first + reported by Douglas Bagnall, though it had been found + independently by the Heimdal maintainers via fuzzing a few + weeks earlier. + While no zero-day exploit is known, such an exploit will + likely be available soon after public disclosure. + - CVE-2019-14870: Validate client attributes in + protocol-transition + - CVE-2019-14870: Apply forwardable policy in + protocol-transition + - CVE-2019-14870: Always lookup impersonate client in DB + + Other changes: + - Bugs found by UBSAN (including the incorrect encoding of + unconstrained INTEGER value -1). + - Errors found by the LLVM scan-build static analyzer. + - Errors found by the valgrind memory debugger. + - Work around GCC Bug 95189 (memcmp wrongly stripped like + strcmp). + - Correct ASN.1 OID typo for SHA-384 + - Fix a deadlock in in the MEMORY ccache type. + - TGS: strip forwardable and proxiable flags if the server is + disallowed. + - CVE-2019-14870: Validate client attributes in + protocol-transition + - CVE-2019-14870: Apply forwardable policy in + protocol-transition + - CVE-2019-14870: Always lookup impersonate client in DB + - Incremental HDB propagation improvements + Refactor send_diffs making it progressive + Handle partial writes on non-blocking sockets + Disable Nagle in iprop master and slave + Use async I/O + Don't send I_HAVE in response to AYT + Do not recover log in kadm5_get_principal() + Don't send diffs to slaves with not yet known version + Don't stutter in send_diffs + - Optional backwards-compatible anon-pkinit behavior +- Removed heimdal-7.7.0-autoconf-2.70.patch, fixed upstream. + ------------------------------------------------------------------- Thu Jun 30 20:44:57 UTC 2022 - Antoine Belvire diff --git a/libheimdal.spec b/libheimdal.spec index f5b7ed2..2167152 100644 --- a/libheimdal.spec +++ b/libheimdal.spec @@ -17,7 +17,7 @@ Name: libheimdal -Version: 7.7.0 +Version: 7.8.0 Release: 0 Summary: The Heimdal implementation of the Kerberos 5 protocol License: BSD-3-Clause @@ -30,8 +30,6 @@ Source2: heimdal-patch-source.sh Patch0: heimdal-patched.diff # PATCH-FIX-UPSTREAM bmwiedemann -- make build reproducible (boo#1047218) Patch1: reproducible.patch -# PATCH-FIX-UPSTREAM heimdal-7.7.0-autoconf-2.70.patch -- fix build with autoconf 2.70 (gh#heimdal/heimdal#856) -Patch2: heimdal-7.7.0-autoconf-2.70.patch BuildRequires: automake >= 1.11 BuildRequires: bison BuildRequires: db-devel >= 4.8 diff --git a/reproducible.patch b/reproducible.patch index 88ca639..e24b4f2 100644 --- a/reproducible.patch +++ b/reproducible.patch @@ -1,5 +1,5 @@ ---- heimdal-7.7.0-patched/Makefile.am.orig 2019-06-23 01:48:28.994506480 +0200 -+++ heimdal-7.7.0-patched/Makefile.am 2019-06-23 01:48:29.018506032 +0200 +--- heimdal-7.8.0-patched/Makefile.am.orig 2022-12-20 17:40:01.919051445 +0100 ++++ heimdal-7.8.0-patched/Makefile.am 2022-12-20 17:40:01.927051422 +0100 @@ -45,7 +45,6 @@ cf/krb-prog-yacc.m4 \ cf/krb-sys-aix.m4 \ @@ -8,8 +8,8 @@ cf/roken.m4 \ cf/valgrind-suppressions \ cf/maybe-valgrind.sh \ ---- heimdal-7.7.0-patched/cf/krb-version.m4 2019-06-07 08:21:35.000000000 +0200 -+++ /dev/null 2019-06-22 12:06:27.378020779 +0200 +--- heimdal-7.8.0-patched/cf/krb-version.m4 2022-09-16 01:54:19.000000000 +0200 ++++ /dev/null 2022-12-20 16:43:58.646784977 +0100 @@ -1,24 +0,0 @@ -dnl $Id$ -dnl @@ -35,9 +35,9 @@ - sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h -fi -]) ---- heimdal-7.7.0-patched/configure.ac.orig 2019-06-23 01:55:47.954316969 +0200 -+++ heimdal-7.7.0-patched/configure.ac 2019-06-23 01:55:47.974316595 +0200 -@@ -624,22 +624,63 @@ +--- heimdal-7.8.0-patched/configure.ac.orig 2022-12-20 17:47:29.421826289 +0100 ++++ heimdal-7.8.0-patched/configure.ac 2022-12-20 17:47:29.437826248 +0100 +@@ -627,22 +627,63 @@ dnl This is the release version name-number[beta] dnl