diff --git a/heimdal-7.1.0-patched.tar.bz2 b/heimdal-7.1.0-patched.tar.bz2 deleted file mode 100644 index 7c9dfd3..0000000 --- a/heimdal-7.1.0-patched.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dc1da4ff8d176c44cda87ba9022a5f1b1e5addfe2db48e148e23e88b45b41754 -size 7448895 diff --git a/heimdal-7.3.0-patched.tar.bz2 b/heimdal-7.3.0-patched.tar.bz2 new file mode 100644 index 0000000..be46582 --- /dev/null +++ b/heimdal-7.3.0-patched.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:550e99237a823e3aeda6ac25de59b4edafaee8a5eb1769145d0f5c9fce01a672 +size 7458288 diff --git a/heimdal-patched.diff b/heimdal-patched.diff index edea0fe..fc6546e 100644 --- a/heimdal-patched.diff +++ b/heimdal-patched.diff @@ -1,15 +1,15 @@ -diff -uNr heimdal-7.1.0/configure.ac heimdal-7.1.0-patched/configure.ac ---- heimdal-7.1.0/configure.ac 2016-12-20 04:27:06.000000000 +0100 -+++ heimdal-7.1.0-patched/configure.ac 2017-01-07 22:38:34.618849987 +0100 +diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac +--- heimdal-7.3.0/configure.ac 2017-04-11 23:51:24.000000000 +0200 ++++ heimdal-7.3.0-patched/configure.ac 2017-06-15 18:34:59.934156728 +0200 @@ -3,7 +3,6 @@ AC_PREREQ(2.62) test -z "$CFLAGS" && CFLAGS="-g" - AC_INIT([Heimdal],[7.1.0],[https://github.com/heimdal/heimdal/issues]) + AC_INIT([Heimdal],[7.3.0],[https://github.com/heimdal/heimdal/issues]) -AC_CONFIG_SRCDIR([kuser/kinit.c]) AC_CONFIG_HEADERS(include/config.h) AC_CONFIG_MACRO_DIR([cf]) -@@ -589,7 +588,6 @@ +@@ -591,7 +590,6 @@ AM_CONDITIONAL(HEIMDAL_DOCUMENTATION, test "$enable_heimdal_documentation" != no) AC_CONFIG_FILES(Makefile \ @@ -17,7 +17,7 @@ diff -uNr heimdal-7.1.0/configure.ac heimdal-7.1.0-patched/configure.ac include/Makefile \ include/gssapi/Makefile \ include/hcrypto/Makefile \ -@@ -614,35 +612,8 @@ +@@ -616,35 +614,8 @@ lib/sqlite/Makefile \ lib/vers/Makefile \ lib/wind/Makefile \ @@ -53,9 +53,9 @@ diff -uNr heimdal-7.1.0/configure.ac heimdal-7.1.0-patched/configure.ac ) AC_OUTPUT -diff -uNr heimdal-7.1.0/doc/Makefile.am heimdal-7.1.0-patched/doc/Makefile.am ---- heimdal-7.1.0/doc/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/doc/Makefile.am 2017-01-07 22:44:10.588388824 +0100 +diff -uNr heimdal-7.3.0/doc/Makefile.am heimdal-7.3.0-patched/doc/Makefile.am +--- heimdal-7.3.0/doc/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/doc/Makefile.am 2017-06-15 18:39:31.129170287 +0200 @@ -10,50 +10,6 @@ info_TEXINFOS = heimdal.texi hx509.texi @@ -107,7 +107,7 @@ diff -uNr heimdal-7.1.0/doc/Makefile.am heimdal-7.1.0-patched/doc/Makefile.am texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \ -e 's,[@]dbtype[@],$(db_type),g' \ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' -@@ -63,54 +19,6 @@ +@@ -63,55 +19,6 @@ chmod +x vars.texi.tmp mv vars.texi.tmp vars.texi @@ -116,7 +116,8 @@ diff -uNr heimdal-7.1.0/doc/Makefile.am heimdal-7.1.0-patched/doc/Makefile.am -PROJECTS += hcrypto - -doxyout doxygen: base.dxy hdb.dxy hx509.dxy hcrypto.dxy gssapi.dxy krb5.dxy ntlm.dxy wind.dxy -- @find $(srcdir)/doxyout -type d ! -perm -200 -exec chmod u+w {} ';' ; \ +- @test -d $(srcdir)/doxyout && \ +- find $(srcdir)/doxyout -type d ! -perm -200 -exec chmod u+w {} ';' ; \ - rm -rf $(srcdir)/doxyout ; \ - mkdir $(srcdir)/doxyout ; \ - for a in $(PROJECTS) ; do \ @@ -162,7 +163,7 @@ diff -uNr heimdal-7.1.0/doc/Makefile.am heimdal-7.1.0-patched/doc/Makefile.am heimdal_TEXINFOS = \ ack.texi \ apps.texi \ -@@ -128,35 +36,6 @@ +@@ -129,35 +36,6 @@ win2k.texi EXTRA_DIST = \ @@ -198,9 +199,9 @@ diff -uNr heimdal-7.1.0/doc/Makefile.am heimdal-7.1.0-patched/doc/Makefile.am - ntlm.dxy* \ - wind.dxy* \ - vars.texi* -diff -uNr heimdal-7.1.0/kdc/Makefile.am heimdal-7.1.0-patched/kdc/Makefile.am ---- heimdal-7.1.0/kdc/Makefile.am 2016-11-29 02:35:27.000000000 +0100 -+++ heimdal-7.1.0-patched/kdc/Makefile.am 2017-01-07 22:49:06.830692956 +0100 +diff -uNr heimdal-7.3.0/kdc/Makefile.am heimdal-7.3.0-patched/kdc/Makefile.am +--- heimdal-7.3.0/kdc/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/kdc/Makefile.am 2017-06-15 18:48:08.799562904 +0200 @@ -6,35 +6,6 @@ lib_LTLIBRARIES = libkdc.la @@ -314,9 +315,9 @@ diff -uNr heimdal-7.1.0/kdc/Makefile.am heimdal-7.1.0-patched/kdc/Makefile.am libkdc-exports.def \ - NTMakefile $(man_MANS) version-script.map + NTMakefile version-script.map -diff -uNr heimdal-7.1.0/lib/asn1/Makefile.am heimdal-7.1.0-patched/lib/asn1/Makefile.am ---- heimdal-7.1.0/lib/asn1/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/asn1/Makefile.am 2017-01-07 22:51:20.320151260 +0100 +diff -uNr heimdal-7.3.0/lib/asn1/Makefile.am heimdal-7.3.0-patched/lib/asn1/Makefile.am +--- heimdal-7.3.0/lib/asn1/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/asn1/Makefile.am 2017-06-15 18:50:21.049171267 +0200 @@ -44,9 +44,7 @@ gen_files_digest = asn1_digest_asn1.x gen_files_kx509 = asn1_kx509_asn1.x @@ -328,9 +329,9 @@ diff -uNr heimdal-7.1.0/lib/asn1/Makefile.am heimdal-7.1.0-patched/lib/asn1/Make TESTS = check-der check-gen check-timegm check-ber check-template check_PROGRAMS = $(TESTS) -diff -uNr heimdal-7.1.0/lib/com_err/Makefile.am heimdal-7.1.0-patched/lib/com_err/Makefile.am ---- heimdal-7.1.0/lib/com_err/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/com_err/Makefile.am 2017-01-07 22:53:45.293356105 +0100 +diff -uNr heimdal-7.3.0/lib/com_err/Makefile.am heimdal-7.3.0-patched/lib/com_err/Makefile.am +--- heimdal-7.3.0/lib/com_err/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/com_err/Makefile.am 2017-06-15 18:51:50.655556704 +0200 @@ -13,12 +13,8 @@ libcom_err_la_LIBADD = $(LIB_libintl) @@ -352,9 +353,9 @@ diff -uNr heimdal-7.1.0/lib/com_err/Makefile.am heimdal-7.1.0-patched/lib/com_er libcom_err-version.rc \ libcom_err-exports.def \ version-script.map -diff -uNr heimdal-7.1.0/lib/gssapi/Makefile.am heimdal-7.1.0-patched/lib/gssapi/Makefile.am ---- heimdal-7.1.0/lib/gssapi/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/gssapi/Makefile.am 2017-01-07 22:56:26.486216239 +0100 +diff -uNr heimdal-7.3.0/lib/gssapi/Makefile.am heimdal-7.3.0-patched/lib/gssapi/Makefile.am +--- heimdal-7.3.0/lib/gssapi/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/gssapi/Makefile.am 2017-06-15 22:32:32.008472360 +0200 @@ -227,8 +227,6 @@ $(LIB_hcrypto) \ $(LIBADD_roken) @@ -364,31 +365,17 @@ diff -uNr heimdal-7.1.0/lib/gssapi/Makefile.am heimdal-7.1.0-patched/lib/gssapi/ include_HEADERS = gssapi.h noinst_HEADERS = \ gssapi_mech.h \ -@@ -303,7 +301,6 @@ +@@ -303,8 +301,7 @@ check_PROGRAMS = test_acquire_cred $(TESTS) -bin_PROGRAMS = gsstool - noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm test_add_store_cred +-noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm test_add_store_cred ++noinst_PROGRAMS = gsstool test_cred test_kcred test_context test_ntlm test_add_store_cred test_context_SOURCES = test_context.c test_common.c test_common.h -@@ -322,15 +319,6 @@ - - # gss - --dist_gsstool_SOURCES = gsstool.c --nodist_gsstool_SOURCES = gss-commands.c gss-commands.h -- --gsstool_LDADD = libgssapi.la \ -- $(top_builddir)/lib/sl/libsl.la \ -- $(top_builddir)/lib/krb5/libkrb5.la \ -- $(LIB_readline) \ -- $(LIB_roken) -- - gss-commands.c gss-commands.h: gss-commands.in - $(SLC) $(srcdir)/gss-commands.in - -@@ -340,7 +328,6 @@ + test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h +@@ -340,7 +337,6 @@ NTMakefile \ libgssapi-version.rc \ libgssapi-exports.def \ @@ -396,9 +383,9 @@ diff -uNr heimdal-7.1.0/lib/gssapi/Makefile.am heimdal-7.1.0-patched/lib/gssapi/ gen-oid.pl \ gssapi/gssapi_netlogon.h \ krb5/test_acquire_cred.c \ -diff -uNr heimdal-7.1.0/lib/hx509/Makefile.am heimdal-7.1.0-patched/lib/hx509/Makefile.am ---- heimdal-7.1.0/lib/hx509/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/hx509/Makefile.am 2017-01-07 22:59:56.746084317 +0100 +diff -uNr heimdal-7.3.0/lib/hx509/Makefile.am heimdal-7.3.0-patched/lib/hx509/Makefile.am +--- heimdal-7.3.0/lib/hx509/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/hx509/Makefile.am 2017-06-15 18:57:26.925556550 +0200 @@ -141,7 +141,6 @@ $(heim_verbose)$(ASN1_COMPILE) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1) @@ -453,9 +440,9 @@ diff -uNr heimdal-7.1.0/lib/hx509/Makefile.am heimdal-7.1.0-patched/lib/hx509/Ma quote.py \ ocsp.asn1 \ ocsp.opt \ -diff -uNr heimdal-7.1.0/lib/kadm5/Makefile.am heimdal-7.1.0-patched/lib/kadm5/Makefile.am ---- heimdal-7.1.0/lib/kadm5/Makefile.am 2016-11-29 04:57:20.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/kadm5/Makefile.am 2017-01-07 23:04:16.188923265 +0100 +diff -uNr heimdal-7.3.0/lib/kadm5/Makefile.am heimdal-7.3.0-patched/lib/kadm5/Makefile.am +--- heimdal-7.3.0/lib/kadm5/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/kadm5/Makefile.am 2017-06-15 19:01:08.093605880 +0200 @@ -13,10 +13,6 @@ libkadm5srv_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map endif @@ -540,9 +527,9 @@ diff -uNr heimdal-7.1.0/lib/kadm5/Makefile.am heimdal-7.1.0-patched/lib/kadm5/Ma check-cracklib.pl \ flush.c \ sample_passwd_check.c \ -diff -uNr heimdal-7.1.0/lib/kafs/Makefile.am heimdal-7.1.0-patched/lib/kafs/Makefile.am ---- heimdal-7.1.0/lib/kafs/Makefile.am 2016-11-29 02:35:27.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/kafs/Makefile.am 2017-01-07 23:05:24.459561114 +0100 +diff -uNr heimdal-7.3.0/lib/kafs/Makefile.am heimdal-7.3.0-patched/lib/kafs/Makefile.am +--- heimdal-7.3.0/lib/kafs/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/kafs/Makefile.am 2017-06-15 19:02:08.300529791 +0200 @@ -74,8 +74,6 @@ EXTRA_DIST = NTMakefile afsl.exp afslib.exp $(man_MANS) @@ -552,9 +539,9 @@ diff -uNr heimdal-7.1.0/lib/kafs/Makefile.am heimdal-7.1.0-patched/lib/kafs/Make # AIX: this almost works with gcc, but somehow it fails to use the # correct ld, use ld instead afslib.so: afslib.o -diff -uNr heimdal-7.1.0/lib/krb5/Makefile.am heimdal-7.1.0-patched/lib/krb5/Makefile.am ---- heimdal-7.1.0/lib/krb5/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/krb5/Makefile.am 2017-01-07 23:08:14.036174775 +0100 +diff -uNr heimdal-7.3.0/lib/krb5/Makefile.am heimdal-7.3.0-patched/lib/krb5/Makefile.am +--- heimdal-7.3.0/lib/krb5/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/krb5/Makefile.am 2017-06-15 19:04:24.834088744 +0200 @@ -4,8 +4,6 @@ AM_CPPFLAGS += -I../com_err -I$(srcdir)/../com_err $(INCLUDE_sqlite3) $(INCLUDE_libintl) $(INCLUDE_openssl_crypto) @@ -633,9 +620,9 @@ diff -uNr heimdal-7.1.0/lib/krb5/Makefile.am heimdal-7.1.0-patched/lib/krb5/Make version-script.map \ test_config_strings.cfg \ krb5.moduli -diff -uNr heimdal-7.1.0/lib/roken/Makefile.am heimdal-7.1.0-patched/lib/roken/Makefile.am ---- heimdal-7.1.0/lib/roken/Makefile.am 2016-12-16 19:06:32.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/roken/Makefile.am 2017-01-07 23:09:27.658703525 +0100 +diff -uNr heimdal-7.3.0/lib/roken/Makefile.am heimdal-7.3.0-patched/lib/roken/Makefile.am +--- heimdal-7.3.0/lib/roken/Makefile.am 2017-04-11 23:45:33.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/roken/Makefile.am 2017-06-15 19:05:47.976601832 +0200 @@ -209,8 +209,6 @@ rokenincludedir = $(includedir)/roken nodist_rokeninclude_HEADERS = $(XHEADERS) @@ -653,29 +640,21 @@ diff -uNr heimdal-7.1.0/lib/roken/Makefile.am heimdal-7.1.0-patched/lib/roken/Ma dirent.c \ dirent.hin \ dirent-test.c \ -diff -uNr heimdal-7.1.0/lib/sl/Makefile.am heimdal-7.1.0-patched/lib/sl/Makefile.am ---- heimdal-7.1.0/lib/sl/Makefile.am 2016-11-29 02:35:27.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/sl/Makefile.am 2017-01-07 23:10:31.289431529 +0100 -@@ -25,16 +25,8 @@ +diff -uNr heimdal-7.3.0/lib/sl/Makefile.am heimdal-7.3.0-patched/lib/sl/Makefile.am +--- heimdal-7.3.0/lib/sl/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/sl/Makefile.am 2017-06-15 19:41:03.226301040 +0200 +@@ -25,7 +25,7 @@ # install these? -libexec_heimdal_PROGRAMS = slc -- --slc_SOURCES = slc-gram.y slc-lex.l slc.h -- - CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c slc-lex.c ++noinst_PROGRAMS = slc --LDADD = libsl.la $(LIB_roken) -- --slc_LDADD = $(LEXLIB) $(LDADD) -- - strtok_r.c: - $(LN_S) $(srcdir)/../roken/strtok_r.c . - snprintf.c: -diff -uNr heimdal-7.1.0/lib/wind/Makefile.am heimdal-7.1.0-patched/lib/wind/Makefile.am ---- heimdal-7.1.0/lib/wind/Makefile.am 2016-11-29 02:35:28.000000000 +0100 -+++ heimdal-7.1.0-patched/lib/wind/Makefile.am 2017-01-07 23:11:32.444208705 +0100 + slc_SOURCES = slc-gram.y slc-lex.l slc.h + +diff -uNr heimdal-7.3.0/lib/wind/Makefile.am heimdal-7.3.0-patched/lib/wind/Makefile.am +--- heimdal-7.3.0/lib/wind/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/lib/wind/Makefile.am 2017-06-15 19:08:45.601419024 +0200 @@ -83,12 +83,6 @@ $(test_punycode_OBJECTS): $(built_tests) @@ -689,9 +668,9 @@ diff -uNr heimdal-7.1.0/lib/wind/Makefile.am heimdal-7.1.0-patched/lib/wind/Make PYTHON = python if !MAINTAINER_MODE -diff -uNr heimdal-7.1.0/Makefile.am heimdal-7.1.0-patched/Makefile.am ---- heimdal-7.1.0/Makefile.am 2016-12-15 21:00:41.000000000 +0100 -+++ heimdal-7.1.0-patched/Makefile.am 2017-01-07 23:12:58.254424837 +0100 +diff -uNr heimdal-7.3.0/Makefile.am heimdal-7.3.0-patched/Makefile.am +--- heimdal-7.3.0/Makefile.am 2017-04-11 23:38:21.000000000 +0200 ++++ heimdal-7.3.0-patched/Makefile.am 2017-06-15 19:10:10.407885586 +0200 @@ -2,12 +2,7 @@ include $(top_srcdir)/Makefile.am.common diff --git a/libheimdal.changes b/libheimdal.changes index 14b1b89..a7d091c 100644 --- a/libheimdal.changes +++ b/libheimdal.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Thu Jun 15 20:52:17 UTC 2017 - joerg.lorenzen@ki.tng.de + +- Update to version 7.3.0 + - Security + + Fix transit path validation. Commit f469fc6 (2010-10-02) + inadvertently caused the previous hop realm to not be added + to the transit path of issued tickets. This may, in some + cases, enable bypass of capath policy in Heimdal versions 1.5 + through 7.2. + Note, this may break sites that rely on the bug. With the bug + some incomplete [capaths] worked, that should not have. + These may now break authentication in some cross-realm + configurations. (CVE-2017-6594) +- Version 7.2.0 + - Bug fixes + + Portability improvements. + + More strict parsing of encoded URI components in HTTP KDC. + + Fixed memory leak in malloc error recovery in NTLM GSSAPI + mechanism. + + Avoid overly specific CPU info in krb5-config in aid of + reproducible builds. + + Don't do AFS string-to-key tests when feature is disabled. + + Skip mdb_stat test when the command is not available. + + Windows: update SHA2 timestamp server. + + hdb: add missing export + hdb_generate_key_set_password_with_ks_tuple. + + Fix signature of hdb_generate_key_set_password(). + + Windows: enable KX509 support in the KDC. + + kdc: fix kx509 service principal match. + + iprop: handle case where master sends nothing new. + + ipropd-slave: fix incorrect error codes. + + Allow choice of sqlite for HDB pref. + + check-iprop: don't fail to kill daemons. + + roken: pidfile -> rk_pidfile. + + kdc: _kdc_do_kx509 fix use after free error. + + Do not detect x32 as 64-bit platform. + + No sys/ttydefaults.h on CYGWIN. + + Fix check-iprop races. + + roken_detach_prep() close pipe. +- Fixed heimdal-patched.diff. + ------------------------------------------------------------------- Thu Feb 2 01:44:35 UTC 2017 - jengelh@inai.de diff --git a/libheimdal.spec b/libheimdal.spec index 1a47bba..bc830ac 100644 --- a/libheimdal.spec +++ b/libheimdal.spec @@ -20,7 +20,7 @@ Name: libheimdal Summary: The Heimdal implementation of the Kerberos 5 protocol License: BSD-3-Clause Group: Productivity/Networking/Security -Version: 7.1.0 +Version: 7.3.0 Release: 0 Url: http://www.h5l.org # patched source can be created with script heimdal-patch-source.sh: