Accepting request 560559 from network

OBS-URL: https://build.opensuse.org/request/show/560559
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libheimdal?expand=0&rev=7

Avoid_NULL_structure_pointer_member_dereference.patch

@@ -1,23 +0,0 @@
---- kdc/kerberos5.c.orig
-+++ kdc/kerberos5.c
-@@ -2226,15 +2226,17 @@
-     /*
-      * In case of a non proxy error, build an error message.
-      */
--    if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
-+    if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
- 	ret = _kdc_fast_mk_error(context, r,
- 				 &error_method,
- 				 r->armor_crypto,
- 				 &req->req_body,
- 				 ret, r->e_text,
- 				 r->server_princ,
--				 &r->client_princ->name,
--				 &r->client_princ->realm,
-+				 r->client_princ ?
-+                                     &r->client_princ->name : NULL,
-+				 r->client_princ ?
-+                                     &r->client_princ->realm : NULL,
- 				 NULL, NULL,
- 				 reply);
- 	if (ret)

heimdal-7.4.0-patched.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f49a302ab803b536dbc2c1c0e33d9b35ab859fc8e8785908d7e1cb1a78afabe0
-size 7457572

heimdal-7.5.0-patched.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a77570b72566f4dcc67c6d159017eb2baf927995441fea3a872f527e8089328
+size 7632037

heimdal-patched.diff

@@ -4,7 +4,7 @@ diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac
 @@ -3,7 +3,6 @@
  AC_PREREQ(2.62)
  test -z "$CFLAGS" && CFLAGS="-g"
- AC_INIT([Heimdal],[7.4.0],[https://github.com/heimdal/heimdal/issues])
+ AC_INIT([Heimdal],[7.5.0],[https://github.com/heimdal/heimdal/issues])
 -AC_CONFIG_SRCDIR([kuser/kinit.c])
  AC_CONFIG_HEADERS(include/config.h)
  AC_CONFIG_MACRO_DIR([cf])

libheimdal.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Fri Dec 29 13:16:21 UTC 2017 - joerg.lorenzen@ki.tng.de
+
+- Update to version 7.5.0
+  - Security
+    - Fix CVE-2017-17439, which is a remote denial of service
+      vulnerability:
+      In Heimdal 7.1 through 7.4, remote unauthenticated attackers
+      are able to crash the KDC by sending a crafted UDP packet
+      containing empty data fields for client name or realm.
+  - Bug fixes
+    - Handle long input lines when reloading database dumps.
+    - In pre-forked mode (default on Unix), correctly clear the
+      process ids of exited children, allowing new child processes
+      to replace the old.
+    - Fixed incorrect KDC response when no-cross realm TGT exists,
+      allowing client requests to fail quickly rather than time
+      out after trying to get a correct answer from each KDC.
+- Fixed heimdal-patched.diff.
+- Removed Avoid_NULL_structure_pointer_member_dereference.patch,
+  fixed upstream.
+
 -------------------------------------------------------------------
 Thu Dec 07 15:17:23 UTC 2017 - joerg.lorenzen@ki.tng.de
 

libheimdal.spec

@@ -20,7 +20,7 @@ Name:           libheimdal
 Summary:        The Heimdal implementation of the Kerberos 5 protocol
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Security
-Version:        7.4.0
+Version:        7.5.0
 Release:        0
 Url:            http://www.h5l.org
 # patched source can be created with script heimdal-patch-source.sh:
@@ -28,7 +28,6 @@ Url:            http://www.h5l.org
 Source0:        heimdal-%{version}-patched.tar.bz2
 Source2:        heimdal-patch-source.sh
 Patch0:         heimdal-patched.diff
-Patch1:         Avoid_NULL_structure_pointer_member_dereference.patch
 %if 0%{?sles_version} == 11
 BuildRequires:  libcom_err-devel
 BuildRequires:  sqlite3-devel
@@ -99,7 +98,6 @@ libraries are required by 64-bit package of ICAClient version 13.2.
 %prep
 %setup -q -n heimdal-%{version}
 %patch0 -p1
-%patch1 -p0
 
 %build
 autoreconf -fi