Package: heimdal / 1.6~rc2+dfsg-9+deb8u1

Metadata

Package Version Patches format
heimdal 1.6~rc2+dfsg-9+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
nfs_des | (download)

kdc/kerberos5.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---
020_maintainermode | (download)

configure.ac | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
021_debian | (download)

doc/setup.texi | 2 1 + 1 - 0 !
kdc/kdc.8 | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---
022_openafs | (download)

lib/krb5/keytab_keyfile.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
024_rxtelnet | (download)

appl/kx/rxtelnet.in | 2 1 + 1 - 0 !
appl/kx/rxterm.in | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---
025_krb5 config paths | (download)

tools/krb5-config.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
025_pthreads | (download)

cf/pthreads.m4 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
030_pkg config paths | (download)

tools/heimdal-gssapi.pc.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
031_libedit | (download)

cf/krb-readline.m4 | 4 2 + 2 - 0 !
configure.ac | 19 10 + 9 - 0 !
lib/sl/Makefile.am | 7 2 + 5 - 0 !
3 files changed, 14 insertions(+), 16 deletions(-)

---
041_hurd_maxhostnamelen | (download)

appl/gssmask/gssmask.c | 4 2 + 2 - 0 !
appl/kf/kfd.c | 2 1 + 1 - 0 !
appl/login/login_access.c | 4 2 + 2 - 0 !
appl/test/tcp_server.c | 2 1 + 1 - 0 !
lib/gssapi/spnego/accept_sec_context.c | 2 1 + 1 - 0 !
lib/krb5/get_addrs.c | 2 1 + 1 - 0 !
lib/krb5/get_host_realm.c | 4 2 + 2 - 0 !
lib/krb5/krbhst-test.c | 2 1 + 1 - 0 !
lib/krb5/krbhst.c | 2 1 + 1 - 0 !
lib/krb5/principal.c | 6 3 + 3 - 0 !
lib/krb5/verify_init.c | 2 1 + 1 - 0 !
lib/roken/getaddrinfo_hostspec.c | 2 1 + 1 - 0 !
12 files changed, 17 insertions(+), 17 deletions(-)

---
installsh | (download)

po/Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
042_hurd_path_max | (download)

lib/sl/slc-gram.y | 28 19 + 9 - 0 !
1 file changed, 19 insertions(+), 9 deletions(-)

---
043_clean_headers | (download)

include/Makefile.am | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---
044_hdb_ldap_static | (download)

lib/hdb/hdb-ldap.c | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

---
045_hx509_symbol_names | (download)

lib/hx509/version-script.map | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

---
046_hurd_sundevdata | (download)

lib/kafs/afssys.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

---
047_link_gssapi | (download)

kadmin/Makefile.am | 1 1 + 0 - 0 !
kdc/Makefile.am | 4 4 + 0 - 0 !
kpasswd/Makefile.am | 1 1 + 0 - 0 !
lib/hdb/Makefile.am | 1 1 + 0 - 0 !
lib/kadm5/Makefile.am | 2 2 + 0 - 0 !
5 files changed, 9 insertions(+)

 link against just build gssapi, instead of the system one
 this resolves FTBFS when gssapi adds new symbols.
048_private_libs | (download)

tools/heimdal-gssapi.pc.in | 5 3 + 2 - 0 !
tools/heimdal-kadm-client.pc.in | 2 1 + 1 - 0 !
tools/heimdal-kadm-server.pc.in | 5 3 + 2 - 0 !
tools/heimdal-krb5.pc.in | 3 2 + 1 - 0 !
tools/kadm-client.pc.in | 2 1 + 1 - 0 !
tools/kadm-server.pc.in | 2 1 + 1 - 0 !
tools/kafs.pc.in | 2 1 + 1 - 0 !
7 files changed, 12 insertions(+), 9 deletions(-)

 don't expose private libraries from .pc files
049_testkdc_timeout | (download)

tests/kdc/wait-kdc.sh | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
050_kadmin_to_usr_bin | (download)

admin/Makefile.am | 4 2 + 2 - 0 !
admin/ktutil.1 | 124 124 + 0 - 0 !
admin/ktutil.8 | 124 0 + 124 - 0 !
kadmin/Makefile.am | 4 2 + 2 - 0 !
kadmin/kadmin.1 | 362 362 + 0 - 0 !
kadmin/kadmin.8 | 361 0 + 361 - 0 !
kadmin/kadmind.8 | 2 1 + 1 - 0 !
lib/krb5/kerberos.8 | 4 2 + 2 - 0 !
8 files changed, 493 insertions(+), 492 deletions(-)

 [patch] move kadmin and ktutil to /usr/bin.
051_bug746486 memleak | (download)

kdc/process.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix memory leak in heimdal-kdc
 It has been discovered that heimdal-kdc doesn't a per-request memory allocation
 which can be lead to serious memory leak

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746486


CVE 2017 11103 Orpheus Lyre KDC REP service name val.patch | (download)

lib/krb5/ticket.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] cve-2017-11103: orpheus' lyre kdc-rep service name validation

In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.