Accepting request 514480 from network

1 OBS-URL: https://build.opensuse.org/request/show/514480 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libheimdal?expand=0&rev=5
2017-08-10 12:05:08 +00:00 · 2017-08-10 12:05:08 +00:00 · dc762e5c7e
commit dc762e5c7e
parent e81ef165ba 6706c5821e
5 changed files with 23 additions and 5 deletions
--- a/heimdal-7.3.0-patched.tar.bz2
+++ b/heimdal-7.3.0-patched.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:550e99237a823e3aeda6ac25de59b4edafaee8a5eb1769145d0f5c9fce01a672
-size 7458288
--- a/heimdal-7.4.0-patched.tar.bz2
+++ b/heimdal-7.4.0-patched.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f49a302ab803b536dbc2c1c0e33d9b35ab859fc8e8785908d7e1cb1a78afabe0
+size 7457572
--- a/heimdal-patched.diff
+++ b/heimdal-patched.diff
@ -4,7 +4,7 @@ diff -uNr heimdal-7.3.0/configure.ac heimdal-7.3.0-patched/configure.ac
@@ -3,7 +3,6 @@
 AC_PREREQ(2.62)
 test -z "$CFLAGS" && CFLAGS="-g"
- AC_INIT([Heimdal],[7.3.0],[https://github.com/heimdal/heimdal/issues])
+ AC_INIT([Heimdal],[7.4.0],[https://github.com/heimdal/heimdal/issues])
 -AC_CONFIG_SRCDIR([kuser/kinit.c])
 AC_CONFIG_HEADERS(include/config.h)
 AC_CONFIG_MACRO_DIR([cf])
--- a/libheimdal.changes
+++ b/libheimdal.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Aug 03 20:25:45 UTC 2017 - joerg.lorenzen@ki.tng.de
+
+- Update to version 7.4.0
+  - Security
+    - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name
+      validation.
+      This is a critical vulnerability.
+      In _krb5_extract_ticket() the KDC-REP service name must be
+      obtained from encrypted version stored in 'enc_part' instead
+      of the unencrypted version stored in 'ticket'.
+      Use of the unecrypted version provides an opportunity for
+      successful server impersonation and other attacks.
+      Identified by Jeffrey Altman, Viktor Duchovni and
+      Nico Williams.
+      See https://www.orpheus-lyre.info/ for more details.
+- Fixed heimdal-patched.diff.
+
 -------------------------------------------------------------------
 Thu Jun 15 20:52:17 UTC 2017 - joerg.lorenzen@ki.tng.de

--- a/libheimdal.spec
+++ b/libheimdal.spec
@ -20,7 +20,7 @@ Name:           libheimdal
 Summary:        The Heimdal implementation of the Kerberos 5 protocol
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Security
-Version:        7.3.0
+Version:        7.4.0
 Release:        0
 Url:            http://www.h5l.org
 # patched source can be created with script heimdal-patch-source.sh: