Accepting request 711481 from network

OBS-URL: https://build.opensuse.org/request/show/711481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libheimdal?expand=0&rev=9

heimdal-7.5.0-patched.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2a77570b72566f4dcc67c6d159017eb2baf927995441fea3a872f527e8089328
-size 7632037

heimdal-7.7.0-patched.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:83b8758a7005991c03efde6dd59fe126c2c09399e148dca695772a6394eb7ad1
+size 7839783

heimdal-patched.diff

@@ -1,10 +1,10 @@
-diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac
+diff -uNr heimdal-7.7.0/configure.ac heimdal-7.7.0-patched/configure.ac
---- heimdal-7.3.0/configure.ac	2017-04-11 23:51:24.000000000 +0200
+--- heimdal-7.7.0/configure.ac	2019-06-07 08:21:39.000000000 +0200
-+++ heimdal-7.3.0-patched/configure.ac	2017-06-15 18:34:59.934156728 +0200
++++ heimdal-7.7.0-patched/configure.ac	2019-06-23 01:05:58.354087165 +0200
 @@ -3,7 +3,6 @@
  AC_PREREQ(2.62)
  test -z "$CFLAGS" && CFLAGS="-g"
- AC_INIT([Heimdal],[7.5.0],[https://github.com/heimdal/heimdal/issues])
+ AC_INIT([Heimdal],[7.7.0],[https://github.com/heimdal/heimdal/issues])
 -AC_CONFIG_SRCDIR([kuser/kinit.c])
  AC_CONFIG_HEADERS(include/config.h)
  AC_CONFIG_MACRO_DIR([cf])
@@ -53,9 +53,9 @@ diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac
  )
  
  AC_OUTPUT
-diff -uNr heimdal-7.3.0/doc/Makefile.am heimdal-7.3.0-patched/doc/Makefile.am
+diff -uNr heimdal-7.7.0/doc/Makefile.am heimdal-7.7.0-patched/doc/Makefile.am
---- heimdal-7.3.0/doc/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/doc/Makefile.am	2017-03-17 19:19:59.000000000 +0100
-+++ heimdal-7.3.0-patched/doc/Makefile.am	2017-06-15 18:39:31.129170287 +0200
++++ heimdal-7.7.0-patched/doc/Makefile.am	2019-06-23 01:11:42.915659771 +0200
 @@ -10,50 +10,6 @@
  
  info_TEXINFOS = heimdal.texi hx509.texi
@@ -199,9 +199,9 @@ diff -uNr heimdal-7.3.0/doc/Makefile.am heimdal-7.3.0-patched/doc/Makefile.am
 -	ntlm.dxy* \
 -	wind.dxy* \
 -	vars.texi*
-diff -uNr heimdal-7.3.0/kdc/Makefile.am heimdal-7.3.0-patched/kdc/Makefile.am
+diff -uNr heimdal-7.7.0/kdc/Makefile.am heimdal-7.7.0-patched/kdc/Makefile.am
---- heimdal-7.3.0/kdc/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/kdc/Makefile.am	2016-12-20 15:23:06.000000000 +0100
-+++ heimdal-7.3.0-patched/kdc/Makefile.am	2017-06-15 18:48:08.799562904 +0200
++++ heimdal-7.7.0-patched/kdc/Makefile.am	2019-06-23 01:20:05.650281843 +0200
 @@ -6,35 +6,6 @@
  
  lib_LTLIBRARIES = libkdc.la
@@ -315,9 +315,9 @@ diff -uNr heimdal-7.3.0/kdc/Makefile.am heimdal-7.3.0-patched/kdc/Makefile.am
  	libkdc-exports.def \
 -	NTMakefile $(man_MANS) version-script.map
 +	NTMakefile version-script.map
-diff -uNr heimdal-7.3.0/lib/asn1/Makefile.am heimdal-7.3.0-patched/lib/asn1/Makefile.am
+diff -uNr heimdal-7.7.0/lib/asn1/Makefile.am heimdal-7.7.0-patched/lib/asn1/Makefile.am
---- heimdal-7.3.0/lib/asn1/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/asn1/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/asn1/Makefile.am	2017-06-15 18:50:21.049171267 +0200
++++ heimdal-7.7.0-patched/lib/asn1/Makefile.am	2019-06-23 01:21:42.864468490 +0200
 @@ -44,9 +44,7 @@
  gen_files_digest = asn1_digest_asn1.x
  gen_files_kx509 = asn1_kx509_asn1.x
@@ -329,9 +329,9 @@ diff -uNr heimdal-7.3.0/lib/asn1/Makefile.am heimdal-7.3.0-patched/lib/asn1/Make
  
  TESTS = check-der check-gen check-timegm check-ber check-template
  check_PROGRAMS = $(TESTS)
-diff -uNr heimdal-7.3.0/lib/com_err/Makefile.am heimdal-7.3.0-patched/lib/com_err/Makefile.am
+diff -uNr heimdal-7.7.0/lib/com_err/Makefile.am heimdal-7.7.0-patched/lib/com_err/Makefile.am
---- heimdal-7.3.0/lib/com_err/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/com_err/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/com_err/Makefile.am	2017-06-15 18:51:50.655556704 +0200
++++ heimdal-7.7.0-patched/lib/com_err/Makefile.am	2019-06-23 01:23:17.626700892 +0200
 @@ -13,12 +13,8 @@
  
  libcom_err_la_LIBADD = $(LIB_libintl)
@@ -353,9 +353,9 @@ diff -uNr heimdal-7.3.0/lib/com_err/Makefile.am heimdal-7.3.0-patched/lib/com_er
  	libcom_err-version.rc \
  	libcom_err-exports.def \
  	version-script.map
-diff -uNr heimdal-7.3.0/lib/gssapi/Makefile.am heimdal-7.3.0-patched/lib/gssapi/Makefile.am
+diff -uNr heimdal-7.7.0/lib/gssapi/Makefile.am heimdal-7.7.0-patched/lib/gssapi/Makefile.am
---- heimdal-7.3.0/lib/gssapi/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/gssapi/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/gssapi/Makefile.am	2017-06-15 22:32:32.008472360 +0200
++++ heimdal-7.7.0-patched/lib/gssapi/Makefile.am	2019-06-23 01:25:34.416149361 +0200
 @@ -227,8 +227,6 @@
  	$(LIB_hcrypto) \
  	$(LIBADD_roken)
@@ -383,9 +383,9 @@ diff -uNr heimdal-7.3.0/lib/gssapi/Makefile.am heimdal-7.3.0-patched/lib/gssapi/
  	gen-oid.pl \
  	gssapi/gssapi_netlogon.h \
  	krb5/test_acquire_cred.c \
-diff -uNr heimdal-7.3.0/lib/hx509/Makefile.am heimdal-7.3.0-patched/lib/hx509/Makefile.am
+diff -uNr heimdal-7.7.0/lib/hx509/Makefile.am heimdal-7.7.0-patched/lib/hx509/Makefile.am
---- heimdal-7.3.0/lib/hx509/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/hx509/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/hx509/Makefile.am	2017-06-15 18:57:26.925556550 +0200
++++ heimdal-7.7.0-patched/lib/hx509/Makefile.am	2019-06-23 01:28:59.528323408 +0200
 @@ -141,7 +141,6 @@
  	$(heim_verbose)$(ASN1_COMPILE) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
  
@@ -440,9 +440,9 @@ diff -uNr heimdal-7.3.0/lib/hx509/Makefile.am heimdal-7.3.0-patched/lib/hx509/Ma
  	quote.py \
  	ocsp.asn1 \
  	ocsp.opt \
-diff -uNr heimdal-7.3.0/lib/kadm5/Makefile.am heimdal-7.3.0-patched/lib/kadm5/Makefile.am
+diff -uNr heimdal-7.7.0/lib/kadm5/Makefile.am heimdal-7.7.0-patched/lib/kadm5/Makefile.am
---- heimdal-7.3.0/lib/kadm5/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/kadm5/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/kadm5/Makefile.am	2017-06-15 19:01:08.093605880 +0200
++++ heimdal-7.7.0-patched/lib/kadm5/Makefile.am	2019-06-23 01:32:40.000210950 +0200
 @@ -13,10 +13,6 @@
  libkadm5srv_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
  endif
@@ -527,9 +527,9 @@ diff -uNr heimdal-7.3.0/lib/kadm5/Makefile.am heimdal-7.3.0-patched/lib/kadm5/Ma
  	check-cracklib.pl \
  	flush.c \
  	sample_passwd_check.c \
-diff -uNr heimdal-7.3.0/lib/kafs/Makefile.am heimdal-7.3.0-patched/lib/kafs/Makefile.am
+diff -uNr heimdal-7.7.0/lib/kafs/Makefile.am heimdal-7.7.0-patched/lib/kafs/Makefile.am
---- heimdal-7.3.0/lib/kafs/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/kafs/Makefile.am	2016-12-20 15:23:06.000000000 +0100
-+++ heimdal-7.3.0-patched/lib/kafs/Makefile.am	2017-06-15 19:02:08.300529791 +0200
++++ heimdal-7.7.0-patched/lib/kafs/Makefile.am	2019-06-23 01:33:33.887205797 +0200
 @@ -74,8 +74,6 @@
  
  EXTRA_DIST = NTMakefile afsl.exp afslib.exp $(man_MANS)
@@ -539,9 +539,9 @@ diff -uNr heimdal-7.3.0/lib/kafs/Makefile.am heimdal-7.3.0-patched/lib/kafs/Make
  # AIX: this almost works with gcc, but somehow it fails to use the
  # correct ld, use ld instead
  afslib.so: afslib.o
-diff -uNr heimdal-7.3.0/lib/krb5/Makefile.am heimdal-7.3.0-patched/lib/krb5/Makefile.am
+diff -uNr heimdal-7.7.0/lib/krb5/Makefile.am heimdal-7.7.0-patched/lib/krb5/Makefile.am
---- heimdal-7.3.0/lib/krb5/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/krb5/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/krb5/Makefile.am	2017-06-15 19:04:24.834088744 +0200
++++ heimdal-7.7.0-patched/lib/krb5/Makefile.am	2019-06-23 01:35:41.372827811 +0200
 @@ -4,8 +4,6 @@
  
  AM_CPPFLAGS += -I../com_err -I$(srcdir)/../com_err $(INCLUDE_sqlite3) $(INCLUDE_libintl) $(INCLUDE_openssl_crypto)
@@ -620,9 +620,9 @@ diff -uNr heimdal-7.3.0/lib/krb5/Makefile.am heimdal-7.3.0-patched/lib/krb5/Make
  	version-script.map \
  	test_config_strings.cfg \
  	krb5.moduli
-diff -uNr heimdal-7.3.0/lib/roken/Makefile.am heimdal-7.3.0-patched/lib/roken/Makefile.am
+diff -uNr heimdal-7.7.0/lib/roken/Makefile.am heimdal-7.7.0-patched/lib/roken/Makefile.am
---- heimdal-7.3.0/lib/roken/Makefile.am	2017-04-11 23:45:33.000000000 +0200
+--- heimdal-7.7.0/lib/roken/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/roken/Makefile.am	2017-06-15 19:05:47.976601832 +0200
++++ heimdal-7.7.0-patched/lib/roken/Makefile.am	2019-06-23 01:37:25.910877865 +0200
 @@ -209,8 +209,6 @@
  rokenincludedir = $(includedir)/roken
  nodist_rokeninclude_HEADERS = $(XHEADERS)
@@ -640,9 +640,9 @@ diff -uNr heimdal-7.3.0/lib/roken/Makefile.am heimdal-7.3.0-patched/lib/roken/Ma
  	dirent.c \
  	dirent.hin \
  	dirent-test.c \
-diff -uNr heimdal-7.3.0/lib/sl/Makefile.am heimdal-7.3.0-patched/lib/sl/Makefile.am
+diff -uNr heimdal-7.7.0/lib/sl/Makefile.am heimdal-7.7.0-patched/lib/sl/Makefile.am
---- heimdal-7.3.0/lib/sl/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/sl/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/lib/sl/Makefile.am	2017-06-15 19:41:03.226301040 +0200
++++ heimdal-7.7.0-patched/lib/sl/Makefile.am	2019-06-23 01:38:29.661688483 +0200
 @@ -25,7 +25,7 @@
  
  # install these?
@@ -652,9 +652,9 @@ diff -uNr heimdal-7.3.0/lib/sl/Makefile.am heimdal-7.3.0-patched/lib/sl/Makefile
  
  slc_SOURCES = slc-gram.y slc-lex.l slc.h
  
-diff -uNr heimdal-7.3.0/lib/wind/Makefile.am heimdal-7.3.0-patched/lib/wind/Makefile.am
+diff -uNr heimdal-7.7.0/lib/wind/Makefile.am heimdal-7.7.0-patched/lib/wind/Makefile.am
---- heimdal-7.3.0/lib/wind/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/lib/wind/Makefile.am	2016-12-20 15:23:06.000000000 +0100
-+++ heimdal-7.3.0-patched/lib/wind/Makefile.am	2017-06-15 19:08:45.601419024 +0200
++++ heimdal-7.7.0-patched/lib/wind/Makefile.am	2019-06-23 01:39:34.124485774 +0200
 @@ -83,12 +83,6 @@
  
  $(test_punycode_OBJECTS): $(built_tests)
@@ -668,9 +668,9 @@ diff -uNr heimdal-7.3.0/lib/wind/Makefile.am heimdal-7.3.0-patched/lib/wind/Make
  PYTHON = python
  
  if !MAINTAINER_MODE
-diff -uNr heimdal-7.3.0/Makefile.am heimdal-7.3.0-patched/Makefile.am
+diff -uNr heimdal-7.7.0/Makefile.am heimdal-7.7.0-patched/Makefile.am
---- heimdal-7.3.0/Makefile.am	2017-04-11 23:38:21.000000000 +0200
+--- heimdal-7.7.0/Makefile.am	2019-06-07 08:21:35.000000000 +0200
-+++ heimdal-7.3.0-patched/Makefile.am	2017-06-15 19:10:10.407885586 +0200
++++ heimdal-7.7.0-patched/Makefile.am	2019-06-23 01:40:47.395118733 +0200
 @@ -2,12 +2,7 @@
  
  include $(top_srcdir)/Makefile.am.common

libheimdal.changes

@@ -1,3 +1,136 @@
+-------------------------------------------------------------------
+Sun Jun 23 00:50:31 UTC 2019 - enzokiel@kabelmail.de
+
+- Update to version 7.7.0
+  + Bug fixes:
+    - PKCS#11 hcrypto back-end:
+      + initialize the p11_module_load function list
+      + verify that not only is a mechanism present but that its
+        mechanism info states that it offers the required
+        encryption, decryption or digest services
+    - krb5:
+      + Starting with 7.6, Heimdal permitted requesting
+        authenticated anonymous tickets. However, it did not
+        verify that a KDC in fact returned an anonymous ticket
+        when one was requested.
+      + Cease setting the KDCOption reaquest_anonymous flag when
+        issuing S4UProxy (constrained delegation) TGS requests.
+      + when the Win2K PKINIT compatibility option is set, do not
+        require krbtgt otherName to match when validating KDC
+        certificate.
+      + set PKINIT_BTMM flag per Apple implementation
+      + use memset_s() instead of memset()
+    - kdc:
+      + When generating KRB5SignedPath in the AS, use the reply
+        client name rather than the one from the request, so
+        validation will work correctly in the TGS.
+      + allow checksum of PA-FOR-USER to be HMAC_MD5. Even if TGT
+        used an enctype with a different checksum. Per [MS-SFU]
+        2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and
+        that's what Windows and MIT clients send.
+        In Heimdal both the client and kdc use instead the
+        checksum of the TGT, and therefore work with each other
+        but Windows and MIT clients fail against Heimdal KDC.
+        Both Windows and MIT KDC would allow any keyed checksum
+        to be used so Heimdal client work fine against it.
+        Change Heimdal KDC to allow HMAC_MD5 even for non RC4
+        based TGT in order to support per-spec clients.
+      + use memset_s() instead of memset()
+      + Detect Heimdal 1.0 through 7.6 clients that issue
+        S4UProxy (constrained delegation) TGS Requests with the
+        request anonymous flag set. These requests will be
+        treated as S4UProxy requests and not anonymous requests.
+    - HDB:
+      + Set SQLite3 backend default page size to 8KB.
+      + Add hdb_set_sync() method
+    - kadmind:
+      + disable HDB sync during database load avoiding
+        unnecessary disk i/o.
+    - ipropd:
+      + disable HDB sync during receive_everything. Doing an
+        fsync per-record when receiving the complete HDB is a
+        performance disaster. Among other things, if the HDB is
+        very large, then one slave receving a full HDB can cause
+        other slaves to timeout and, if HDB write activity is
+        high enough to cause iprop log truncation, then also need
+        full syncs, which leads to a cycle of full syncs for all
+        slaves until HDB write activity drops.
+        Allowing the iprop log to be larger helps, but improving
+        receive_everything() performance helps even more.
+    - kinit:
+      + Anonymous PKINIT tickets discard the realm information
+        used to locate the issuing AS. Store the issuing realm in
+        the credentials cache in order to locate a KDC which can
+        renew them.
+      + Do not leak the result of krb5_cc_get_config() when
+        determining anonymous PKINIT start realm.
+    - klist:
+      + Show transited-policy-checked, ok-as-delegate and
+        anonymous flags when listing credentials.
+    - tests:
+      + Regenerate certs so that they expire before the 2038
+        armageddon so the test suite will pass on 32-bit
+        operating systems until the underlying issues can be
+        resolved.
+    - Solaris:
+      + Define _STDC_C11_BCI for memset_s prototype
+    - build tooling:
+      + Convert from python 2 to python 3
+    - documentation:
+      + rename verify-password to verify-password-quality
+      + hprop default mode is encrypt
+      + kadmind "all" permission does not include "get-keys"
+      + verify-password-quality might not be stateless
+
+- Version 7.6.0
+  + Security (#555):
+    - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed
+      checksum
+      When the Heimdal KDC checks the checksum that is placed on
+      the S4U2Self packet by the server to protect the requested
+      principal against modification, it does not confirm that
+      the checksum algorithm that protects the user name
+      (principal) in the request is keyed. This allows a
+      man-in-the-middle attacker who can intercept the request to
+      the KDC to modify the packet by replacing the user name
+      (principal) in the request with any desired user name
+      (principal) that exists in the KDC and replace the checksum
+      protecting that name with a CRC32 checksum (which requires
+      no prior knowledge to compute).
+      This would allow a S4U2Self ticket requested on behalf of
+      user name (principal) user@EXAMPLE.COM to any service to be
+      changed to a S4U2Self ticket with a user name (principal) of
+      Administrator@EXAMPLE.COM. This ticket would then contain
+      the PAC of the modified user name (principal).
+
+    - CVE-2019-12098, client-only:
+      RFC8062 Section 7 requires verification of the PA-PKINIT-KX
+      key exchange when anonymous PKINIT is used. Failure to do
+      so can permit an active attacker to become a
+      man-in-the-middle.
+  + Bug fixes:
+    - Happy eyeballs: Don't wait for responses from
+      known-unreachable KDCs.
+    - kdc:
+      + check return copy_Realm, copy_PrincipalName,
+        copy_EncryptionKey
+    - kinit:
+      + cleanup temporary ccaches
+      + see man page for "kinit --anonymous" command line syntax
+        change
+    - kdc:
+      + Make anonymous AS-requests more RFC8062-compliant.
+        Updated expired test certificates
+    - Solaris:
+      + PKCS#11 hcrypto backend broken since 7.0.1
+      + Building with Sun Pro C
+  + Features:
+    - kuser: support authenticated anonymous AS-REQs in kinit
+    - kdc: support for anonymous TGS-REQs
+    - kgetcred support for anonymous service tickets
+    - Support builds with OpenSSL 1.1.1
+- fixed heimdal-patched.diff and reproducible.patch
+
 -------------------------------------------------------------------
 Tue Aug  7 06:22:33 UTC 2018 - bwiedemann@suse.com
 

libheimdal.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libheimdal
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@ Name:           libheimdal
 Summary:        The Heimdal implementation of the Kerberos 5 protocol
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Security
-Version:        7.5.0
+Version:        7.7.0
 Release:        0
 Url:            http://www.h5l.org
 # patched source can be created with script heimdal-patch-source.sh:

reproducible.patch

@@ -1,20 +1,6 @@
-From 6d27e0048963955b547584f004109bbbad6e9baf Mon Sep 17 00:00:00 2001
+--- heimdal-7.7.0-patched/Makefile.am.orig	2019-06-23 01:48:28.994506480 +0200
-From: Nicolas Williams <nico@twosigma.com>
++++ heimdal-7.7.0-patched/Makefile.am	2019-06-23 01:48:29.018506032 +0200
-Date: Wed, 27 Sep 2017 15:30:00 -0500
+@@ -45,7 +45,6 @@
-Subject: [PATCH] Make builds reproduceable (#336)
-
----
- Makefile.am       |  1 -
- cf/krb-version.m4 | 24 ------------------------
- configure.ac      | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
- 3 files changed, 46 insertions(+), 30 deletions(-)
- delete mode 100644 cf/krb-version.m4
-
-diff --git a/Makefile.am b/Makefile.am
-index f2bb5ac116..7fb69fdf4e 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -50,7 +50,6 @@ EXTRA_DIST = \
  	cf/krb-prog-yacc.m4 \
  	cf/krb-sys-aix.m4 \
  	cf/krb-sys-nextstep.m4 \
@@ -22,11 +8,8 @@ index f2bb5ac116..7fb69fdf4e 100644
  	cf/roken.m4 \
  	cf/valgrind-suppressions \
  	cf/maybe-valgrind.sh \
-diff --git a/cf/krb-version.m4 b/cf/krb-version.m4
+--- heimdal-7.7.0-patched/cf/krb-version.m4	2019-06-07 08:21:35.000000000 +0200
-deleted file mode 100644
++++ /dev/null	2019-06-22 12:06:27.378020779 +0200
-index e196d993de..0000000000
---- a/cf/krb-version.m4
-+++ /dev/null
 @@ -1,24 +0,0 @@
 -dnl $Id$
 -dnl
@@ -52,11 +35,9 @@ index e196d993de..0000000000
 -	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
 -fi
 -])
-diff --git a/configure.ac b/configure.ac
+--- heimdal-7.7.0-patched/configure.ac.orig	2019-06-23 01:55:47.954316969 +0200
-index 806b639730..212a7d2744 100644
++++ heimdal-7.7.0-patched/configure.ac	2019-06-23 01:55:47.974316595 +0200
---- a/configure.ac
+@@ -624,22 +624,63 @@
-+++ b/configure.ac
-@@ -663,22 +663,63 @@ dnl
  dnl This is the release version name-number[beta]
  dnl