Package: heimdal | Debian Sources

Package: heimdal / 7.8.git20221117.28daf24+dfsg-2

Metadata

Package	Version	Patches format
heimdal	7.8.git20221117.28daf24+dfsg-2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
nfs_des \| (download)	kdc/kerberos5.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	nfs_des === modified file 'kdc/kerberos5.c'
021_debian \| (download)	doc/setup.texi \| 2 1 + 1 - 0 ! kdc/kdc.8 \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	debian === modified file 'doc/setup.texi'
022_openafs \| (download)	lib/krb5/keytab_keyfile.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	openafs ===================================================================
025_krb5 config paths \| (download)	tools/krb5-config.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	krb5-config-paths === modified file 'a/tools/krb5-config.in'
025_pthreads \| (download)	cf/pthreads.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	pthreads === modified file 'cf/pthreads.m4'
030_pkg config paths \| (download)	tools/heimdal-gssapi.pc.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	pkg-config-paths === modified file 'tools/heimdal-gssapi.pc.in'
installsh \| (download)	po/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	installsh ===================================================================
041_hurd_maxhostnamelen \| (download)	appl/gssmask/gssmask.c \| 4 2 + 2 - 0 ! appl/kf/kfd.c \| 2 1 + 1 - 0 ! appl/test/tcp_server.c \| 2 1 + 1 - 0 ! kdc/kx509.c \| 2 1 + 1 - 0 ! lib/gssapi/spnego/accept_sec_context.c \| 2 1 + 1 - 0 ! lib/krb5/get_addrs.c \| 2 1 + 1 - 0 ! lib/krb5/get_host_realm.c \| 4 2 + 2 - 0 ! lib/krb5/krbhst-test.c \| 2 1 + 1 - 0 ! lib/krb5/krbhst.c \| 2 1 + 1 - 0 ! lib/krb5/principal.c \| 8 4 + 4 - 0 ! lib/krb5/test_plugin.c \| 2 1 + 1 - 0 ! lib/krb5/verify_init.c \| 2 1 + 1 - 0 ! lib/roken/getaddrinfo_hostspec.c \| 2 1 + 1 - 0 ! 13 files changed, 18 insertions(+), 18 deletions(-)	hurd_maxhostnamelen
042_hurd_path_max \| (download)	lib/sl/slc-gram.y \| 28 19 + 9 - 0 ! 1 file changed, 19 insertions(+), 9 deletions(-)	hurd_path_max
046_hurd_sundevdata \| (download)	lib/kafs/afssys.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	hurd sundevdata
047_link_gssapi \| (download)	kadmin/Makefile.am \| 1 1 + 0 - 0 ! kdc/Makefile.am \| 4 4 + 0 - 0 ! kpasswd/Makefile.am \| 1 1 + 0 - 0 ! lib/hdb/Makefile.am \| 1 1 + 0 - 0 ! lib/kadm5/Makefile.am \| 2 2 + 0 - 0 ! 5 files changed, 9 insertions(+)	link gssapi Link against just build gssapi, instead of the system one this resolves FTBFS when gssapi adds new symbols.
060_no_build_string \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	no build string Remove hostname and build time from version as they make the build unreproducible
parallel build \| (download)	lib/kadm5/Makefile.am \| 3 1 + 2 - 0 ! 1 file changed, 1 insertion(+), 2 deletions(-)	parallel build
disable_iprop \| (download)	tests/kdc/Makefile.am \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	disable iprop
disable_rpath \| (download)	tools/krb5-config.in \| 39 0 + 39 - 0 ! 1 file changed, 39 deletions(-)	disable use of rpath in krb5-config.heimdal See https://bugs.debian.org/868840 This also solves another issue: Disable use of @CANONICAL_HOST@, which is not reproducible. https://github.com/heimdal/heimdal/issues/237
0016 Add back in base64_encode and base64_decode.patch \| (download)	lib/roken/base64.c \| 12 12 + 0 - 0 ! lib/roken/base64.h \| 6 6 + 0 - 0 ! lib/roken/version-script.map \| 2 2 + 0 - 0 ! 3 files changed, 20 insertions(+)	add back in base64_encode and base64_decode These functions were removed upstream. See https://github.com/heimdal/heimdal/issues/107 Unfortunately the SONAME was not incremented for libroken. This could cause breakage. This change reintroduces the old names until the SONAME can be incremented.
fix missing headers \| (download)	lib/hcrypto/Makefile.am \| 5 5 + 0 - 0 ! lib/hx509/Makefile.am \| 4 2 + 2 - 0 ! 2 files changed, 7 insertions(+), 2 deletions(-)	fix-missing-headers ===================================================================
0018 Increment roken library version.patch \| (download)	lib/roken/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment roken library version
0019 Increment hcrypto library version.patch \| (download)	lib/hcrypto/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment hcrypto library version
CVE 2022 45142 gsskrb5 fix accidental logic inversio.patch \| (download)	lib/gssapi/krb5/arcfour.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] cve-2022-45142: gsskrb5: fix accidental logic inversions The referenced commit attempted to fix miscompilations with gcc-9 and gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, it also inverted the result of the comparison in two occasions. This inversion happened during backporting the patch to 7.7.1 and 7.8.0. Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour unwrap") Signed-off-by: Helmut Grohne <helmut@subdivi.de>

Patch	File delta	Description
nfs_des \| (download)	kdc/kerberos5.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	nfs_des === modified file 'kdc/kerberos5.c'
021_debian \| (download)	doc/setup.texi \| 2 1 + 1 - 0 ! kdc/kdc.8 \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	debian === modified file 'doc/setup.texi'
022_openafs \| (download)	lib/krb5/keytab_keyfile.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	openafs ===================================================================
025_krb5 config paths \| (download)	tools/krb5-config.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	krb5-config-paths === modified file 'a/tools/krb5-config.in'
025_pthreads \| (download)	cf/pthreads.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	pthreads === modified file 'cf/pthreads.m4'
030_pkg config paths \| (download)	tools/heimdal-gssapi.pc.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	pkg-config-paths === modified file 'tools/heimdal-gssapi.pc.in'
installsh \| (download)	po/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	installsh ===================================================================
041_hurd_maxhostnamelen \| (download)	appl/gssmask/gssmask.c \| 4 2 + 2 - 0 ! appl/kf/kfd.c \| 2 1 + 1 - 0 ! appl/test/tcp_server.c \| 2 1 + 1 - 0 ! kdc/kx509.c \| 2 1 + 1 - 0 ! lib/gssapi/spnego/accept_sec_context.c \| 2 1 + 1 - 0 ! lib/krb5/get_addrs.c \| 2 1 + 1 - 0 ! lib/krb5/get_host_realm.c \| 4 2 + 2 - 0 ! lib/krb5/krbhst-test.c \| 2 1 + 1 - 0 ! lib/krb5/krbhst.c \| 2 1 + 1 - 0 ! lib/krb5/principal.c \| 8 4 + 4 - 0 ! lib/krb5/test_plugin.c \| 2 1 + 1 - 0 ! lib/krb5/verify_init.c \| 2 1 + 1 - 0 ! lib/roken/getaddrinfo_hostspec.c \| 2 1 + 1 - 0 ! 13 files changed, 18 insertions(+), 18 deletions(-)	hurd_maxhostnamelen
042_hurd_path_max \| (download)	lib/sl/slc-gram.y \| 28 19 + 9 - 0 ! 1 file changed, 19 insertions(+), 9 deletions(-)	hurd_path_max
046_hurd_sundevdata \| (download)	lib/kafs/afssys.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	hurd sundevdata
047_link_gssapi \| (download)	kadmin/Makefile.am \| 1 1 + 0 - 0 ! kdc/Makefile.am \| 4 4 + 0 - 0 ! kpasswd/Makefile.am \| 1 1 + 0 - 0 ! lib/hdb/Makefile.am \| 1 1 + 0 - 0 ! lib/kadm5/Makefile.am \| 2 2 + 0 - 0 ! 5 files changed, 9 insertions(+)	link gssapi Link against just build gssapi, instead of the system one this resolves FTBFS when gssapi adds new symbols.
060_no_build_string \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	no build string Remove hostname and build time from version as they make the build unreproducible
parallel build \| (download)	lib/kadm5/Makefile.am \| 3 1 + 2 - 0 ! 1 file changed, 1 insertion(+), 2 deletions(-)	parallel build
disable_iprop \| (download)	tests/kdc/Makefile.am \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	disable iprop
disable_rpath \| (download)	tools/krb5-config.in \| 39 0 + 39 - 0 ! 1 file changed, 39 deletions(-)	disable use of rpath in krb5-config.heimdal See https://bugs.debian.org/868840 This also solves another issue: Disable use of @CANONICAL_HOST@, which is not reproducible. https://github.com/heimdal/heimdal/issues/237
0016 Add back in base64_encode and base64_decode.patch \| (download)	lib/roken/base64.c \| 12 12 + 0 - 0 ! lib/roken/base64.h \| 6 6 + 0 - 0 ! lib/roken/version-script.map \| 2 2 + 0 - 0 ! 3 files changed, 20 insertions(+)	add back in base64_encode and base64_decode These functions were removed upstream. See https://github.com/heimdal/heimdal/issues/107 Unfortunately the SONAME was not incremented for libroken. This could cause breakage. This change reintroduces the old names until the SONAME can be incremented.
fix missing headers \| (download)	lib/hcrypto/Makefile.am \| 5 5 + 0 - 0 ! lib/hx509/Makefile.am \| 4 2 + 2 - 0 ! 2 files changed, 7 insertions(+), 2 deletions(-)	fix-missing-headers ===================================================================
0018 Increment roken library version.patch \| (download)	lib/roken/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment roken library version
0019 Increment hcrypto library version.patch \| (download)	lib/hcrypto/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment hcrypto library version
CVE 2022 45142 gsskrb5 fix accidental logic inversio.patch \| (download)	lib/gssapi/krb5/arcfour.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] cve-2022-45142: gsskrb5: fix accidental logic inversions The referenced commit attempted to fix miscompilations with gcc-9 and gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, it also inverted the result of the comparison in two occasions. This inversion happened during backporting the patch to 7.7.1 and 7.8.0. Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour unwrap") Signed-off-by: Helmut Grohne <helmut@subdivi.de>