Package: heimdal | Debian Sources

Package: heimdal / 7.8.git20221117.28daf24+dfsg-9

Metadata

Package	Version	Patches format
heimdal	7.8.git20221117.28daf24+dfsg-9	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
nfs_des \| (download)	kdc/kerberos5.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	nfs_des === modified file 'kdc/kerberos5.c'
021_debian \| (download)	doc/setup.texi \| 2 1 + 1 - 0 ! kdc/kdc.8 \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	debian === modified file 'doc/setup.texi'
022_openafs \| (download)	lib/krb5/keytab_keyfile.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	openafs ===================================================================
025_krb5 config paths \| (download)	tools/krb5-config.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	krb5-config-paths === modified file 'a/tools/krb5-config.in'
025_pthreads \| (download)	cf/pthreads.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	pthreads === modified file 'cf/pthreads.m4'
030_pkg config paths \| (download)	tools/heimdal-gssapi.pc.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	pkg-config-paths === modified file 'tools/heimdal-gssapi.pc.in'
installsh \| (download)	po/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	installsh ===================================================================
041_hurd_maxhostnamelen \| (download)	appl/gssmask/gssmask.c \| 4 2 + 2 - 0 ! appl/kf/kfd.c \| 2 1 + 1 - 0 ! appl/test/tcp_server.c \| 2 1 + 1 - 0 ! kdc/kx509.c \| 2 1 + 1 - 0 ! lib/gssapi/spnego/accept_sec_context.c \| 2 1 + 1 - 0 ! lib/krb5/get_addrs.c \| 2 1 + 1 - 0 ! lib/krb5/get_host_realm.c \| 4 2 + 2 - 0 ! lib/krb5/krbhst-test.c \| 2 1 + 1 - 0 ! lib/krb5/krbhst.c \| 2 1 + 1 - 0 ! lib/krb5/principal.c \| 8 4 + 4 - 0 ! lib/krb5/test_plugin.c \| 2 1 + 1 - 0 ! lib/krb5/verify_init.c \| 2 1 + 1 - 0 ! lib/roken/getaddrinfo_hostspec.c \| 2 1 + 1 - 0 ! 13 files changed, 18 insertions(+), 18 deletions(-)	hurd_maxhostnamelen
042_hurd_path_max \| (download)	lib/sl/slc-gram.y \| 28 19 + 9 - 0 ! 1 file changed, 19 insertions(+), 9 deletions(-)	hurd_path_max
046_hurd_sundevdata \| (download)	lib/kafs/afssys.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	hurd sundevdata
047_link_gssapi \| (download)	kadmin/Makefile.am \| 1 1 + 0 - 0 ! kdc/Makefile.am \| 4 4 + 0 - 0 ! kpasswd/Makefile.am \| 1 1 + 0 - 0 ! lib/hdb/Makefile.am \| 1 1 + 0 - 0 ! lib/kadm5/Makefile.am \| 2 2 + 0 - 0 ! 5 files changed, 9 insertions(+)	link gssapi Link against just build gssapi, instead of the system one this resolves FTBFS when gssapi adds new symbols.
060_no_build_string \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	no build string Remove hostname and build time from version as they make the build unreproducible
parallel build \| (download)	lib/kadm5/Makefile.am \| 3 1 + 2 - 0 ! 1 file changed, 1 insertion(+), 2 deletions(-)	parallel build
disable_iprop \| (download)	tests/kdc/Makefile.am \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	disable iprop
disable_rpath \| (download)	tools/krb5-config.in \| 39 0 + 39 - 0 ! 1 file changed, 39 deletions(-)	disable use of rpath in krb5-config.heimdal See https://bugs.debian.org/868840 This also solves another issue: Disable use of @CANONICAL_HOST@, which is not reproducible. https://github.com/heimdal/heimdal/issues/237
0016 Add back in base64_encode and base64_decode.patch \| (download)	lib/roken/base64.c \| 12 12 + 0 - 0 ! lib/roken/base64.h \| 6 6 + 0 - 0 ! lib/roken/version-script.map \| 2 2 + 0 - 0 ! 3 files changed, 20 insertions(+)	add back in base64_encode and base64_decode These functions were removed upstream. See https://github.com/heimdal/heimdal/issues/107 Unfortunately the SONAME was not incremented for libroken. This could cause breakage. This change reintroduces the old names until the SONAME can be incremented.
fix missing headers \| (download)	lib/hcrypto/Makefile.am \| 5 5 + 0 - 0 ! lib/hx509/Makefile.am \| 4 2 + 2 - 0 ! 2 files changed, 7 insertions(+), 2 deletions(-)	fix-missing-headers ===================================================================
0018 Increment roken library version.patch \| (download)	lib/roken/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment roken library version
0019 Increment hcrypto library version.patch \| (download)	lib/hcrypto/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment hcrypto library version
CVE 2022 45142 gsskrb5 fix accidental logic inversio.patch \| (download)	lib/gssapi/krb5/arcfour.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] cve-2022-45142: gsskrb5: fix accidental logic inversions The referenced commit attempted to fix miscompilations with gcc-9 and gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, it also inverted the result of the comparison in two occasions. This inversion happened during backporting the patch to 7.7.1 and 7.8.0. Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour unwrap") Signed-off-by: Helmut Grohne <helmut@subdivi.de>
0021 Add missing initialization of kdc_offset in kcm.patch \| (download)	kcm/cache.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	add missing initialization of kdc_offset in kcm In KCM, when allocating new kcm_ccache struct, there is missing inicialization of kdc_offset. It is getting random values in my case and stored tickets are unusable, last time I got this value to "klist -v": KDC time offset: 61 years 11 months 2 weeks 3 days 5 hours 28 minutes 32 seconds This commit seems to correct it.
0022 Always build rk_strlcat and rk_strlcpy symbols.patch \| (download)	cf/roken-frag.m4 \| 5 3 + 2 - 0 ! 1 file changed, 3 insertions(+), 2 deletions(-)	always build rk_strlcat and rk_strlcpy symbols
0023 cf Include string.h for memset in AC_HAVE_STRUCT_FIE.patch \| (download)	cf/have-struct-field.m4 \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	cf: include <string.h> for memset in ac_have_struct_field Otherwise, the check relies on an implicit function declaration, and will fail unconditionally with compilers that do not support them.
0024 cf Do not use headers and argument lists in AC_FIND_.patch \| (download)	cf/find-func-no-libs2.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cf: do not use headers and argument lists in ac_find_func_no_libs2 The callers of this macro generally do not supply this information. Without it, the checks rely on compiler support for implicit function declarations. It would be possible to supply this information in the callers. But even then, with the existing macro interface, it would be necessary to pass eg. null pointers where they trigger undefined behavior. Therefore, use the same kludge that autoconf uses to make up prototypes, avoiding those implicit function declarations. The includes/arguments macro parameters are now ignored, but preserved for interface compatibility.
add include support 1.patch \| (download)	doc/setup.texi \| 7 7 + 0 - 0 ! lib/krb5/config_file.c \| 100 97 + 3 - 0 ! lib/krb5/krb5.conf.5 \| 13 13 + 0 - 0 ! lib/krb5/krb5_locl.h \| 1 1 + 0 - 0 ! tests/gss/include-krb5.conf \| 17 17 + 0 - 0 ! tests/gss/krb5.conf.in \| 17 1 + 16 - 0 ! 6 files changed, 136 insertions(+), 19 deletions(-)	add-include-support-1 commit fe43be85587f834266623adb0ecf2793d212a7ca
add include support 2.patch \| (download)	lib/krb5/config_file.c \| 107 89 + 18 - 0 ! 1 file changed, 89 insertions(+), 18 deletions(-)	add-include-support-2 commit 0259f1c44927ab8f5906212804693dec48c9a04a
add include support 3.patch \| (download)	lib/krb5/config_file.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	add-include-support-3 commit 23ee804e9d23ed83a3a502501dbe5fe50ab9094a
add include support 4.patch \| (download)	configure.ac \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	add-include-support-4 commit 96641e12ba61806201f420fe880888047ebd5402
fix build with autoconf 272.patch \| (download)	cf/largefile.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] cf/largefile.m4: fix build with autoconf-2.72 Fixes https://github.com/heimdal/heimdal/issues/1201

Patch	File delta	Description
nfs_des \| (download)	kdc/kerberos5.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	nfs_des === modified file 'kdc/kerberos5.c'
021_debian \| (download)	doc/setup.texi \| 2 1 + 1 - 0 ! kdc/kdc.8 \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	debian === modified file 'doc/setup.texi'
022_openafs \| (download)	lib/krb5/keytab_keyfile.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	openafs ===================================================================
025_krb5 config paths \| (download)	tools/krb5-config.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	krb5-config-paths === modified file 'a/tools/krb5-config.in'
025_pthreads \| (download)	cf/pthreads.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	pthreads === modified file 'cf/pthreads.m4'
030_pkg config paths \| (download)	tools/heimdal-gssapi.pc.in \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	pkg-config-paths === modified file 'tools/heimdal-gssapi.pc.in'
installsh \| (download)	po/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	installsh ===================================================================
041_hurd_maxhostnamelen \| (download)	appl/gssmask/gssmask.c \| 4 2 + 2 - 0 ! appl/kf/kfd.c \| 2 1 + 1 - 0 ! appl/test/tcp_server.c \| 2 1 + 1 - 0 ! kdc/kx509.c \| 2 1 + 1 - 0 ! lib/gssapi/spnego/accept_sec_context.c \| 2 1 + 1 - 0 ! lib/krb5/get_addrs.c \| 2 1 + 1 - 0 ! lib/krb5/get_host_realm.c \| 4 2 + 2 - 0 ! lib/krb5/krbhst-test.c \| 2 1 + 1 - 0 ! lib/krb5/krbhst.c \| 2 1 + 1 - 0 ! lib/krb5/principal.c \| 8 4 + 4 - 0 ! lib/krb5/test_plugin.c \| 2 1 + 1 - 0 ! lib/krb5/verify_init.c \| 2 1 + 1 - 0 ! lib/roken/getaddrinfo_hostspec.c \| 2 1 + 1 - 0 ! 13 files changed, 18 insertions(+), 18 deletions(-)	hurd_maxhostnamelen
042_hurd_path_max \| (download)	lib/sl/slc-gram.y \| 28 19 + 9 - 0 ! 1 file changed, 19 insertions(+), 9 deletions(-)	hurd_path_max
046_hurd_sundevdata \| (download)	lib/kafs/afssys.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	hurd sundevdata
047_link_gssapi \| (download)	kadmin/Makefile.am \| 1 1 + 0 - 0 ! kdc/Makefile.am \| 4 4 + 0 - 0 ! kpasswd/Makefile.am \| 1 1 + 0 - 0 ! lib/hdb/Makefile.am \| 1 1 + 0 - 0 ! lib/kadm5/Makefile.am \| 2 2 + 0 - 0 ! 5 files changed, 9 insertions(+)	link gssapi Link against just build gssapi, instead of the system one this resolves FTBFS when gssapi adds new symbols.
060_no_build_string \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	no build string Remove hostname and build time from version as they make the build unreproducible
parallel build \| (download)	lib/kadm5/Makefile.am \| 3 1 + 2 - 0 ! 1 file changed, 1 insertion(+), 2 deletions(-)	parallel build
disable_iprop \| (download)	tests/kdc/Makefile.am \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	disable iprop
disable_rpath \| (download)	tools/krb5-config.in \| 39 0 + 39 - 0 ! 1 file changed, 39 deletions(-)	disable use of rpath in krb5-config.heimdal See https://bugs.debian.org/868840 This also solves another issue: Disable use of @CANONICAL_HOST@, which is not reproducible. https://github.com/heimdal/heimdal/issues/237
0016 Add back in base64_encode and base64_decode.patch \| (download)	lib/roken/base64.c \| 12 12 + 0 - 0 ! lib/roken/base64.h \| 6 6 + 0 - 0 ! lib/roken/version-script.map \| 2 2 + 0 - 0 ! 3 files changed, 20 insertions(+)	add back in base64_encode and base64_decode These functions were removed upstream. See https://github.com/heimdal/heimdal/issues/107 Unfortunately the SONAME was not incremented for libroken. This could cause breakage. This change reintroduces the old names until the SONAME can be incremented.
fix missing headers \| (download)	lib/hcrypto/Makefile.am \| 5 5 + 0 - 0 ! lib/hx509/Makefile.am \| 4 2 + 2 - 0 ! 2 files changed, 7 insertions(+), 2 deletions(-)	fix-missing-headers ===================================================================
0018 Increment roken library version.patch \| (download)	lib/roken/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment roken library version
0019 Increment hcrypto library version.patch \| (download)	lib/hcrypto/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	increment hcrypto library version
CVE 2022 45142 gsskrb5 fix accidental logic inversio.patch \| (download)	lib/gssapi/krb5/arcfour.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] cve-2022-45142: gsskrb5: fix accidental logic inversions The referenced commit attempted to fix miscompilations with gcc-9 and gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, it also inverted the result of the comparison in two occasions. This inversion happened during backporting the patch to 7.7.1 and 7.8.0. Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour unwrap") Signed-off-by: Helmut Grohne <helmut@subdivi.de>
0021 Add missing initialization of kdc_offset in kcm.patch \| (download)	kcm/cache.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	add missing initialization of kdc_offset in kcm In KCM, when allocating new kcm_ccache struct, there is missing inicialization of kdc_offset. It is getting random values in my case and stored tickets are unusable, last time I got this value to "klist -v": KDC time offset: 61 years 11 months 2 weeks 3 days 5 hours 28 minutes 32 seconds This commit seems to correct it.
0022 Always build rk_strlcat and rk_strlcpy symbols.patch \| (download)	cf/roken-frag.m4 \| 5 3 + 2 - 0 ! 1 file changed, 3 insertions(+), 2 deletions(-)	always build rk_strlcat and rk_strlcpy symbols
0023 cf Include string.h for memset in AC_HAVE_STRUCT_FIE.patch \| (download)	cf/have-struct-field.m4 \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	cf: include <string.h> for memset in ac_have_struct_field Otherwise, the check relies on an implicit function declaration, and will fail unconditionally with compilers that do not support them.
0024 cf Do not use headers and argument lists in AC_FIND_.patch \| (download)	cf/find-func-no-libs2.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cf: do not use headers and argument lists in ac_find_func_no_libs2 The callers of this macro generally do not supply this information. Without it, the checks rely on compiler support for implicit function declarations. It would be possible to supply this information in the callers. But even then, with the existing macro interface, it would be necessary to pass eg. null pointers where they trigger undefined behavior. Therefore, use the same kludge that autoconf uses to make up prototypes, avoiding those implicit function declarations. The includes/arguments macro parameters are now ignored, but preserved for interface compatibility.
add include support 1.patch \| (download)	doc/setup.texi \| 7 7 + 0 - 0 ! lib/krb5/config_file.c \| 100 97 + 3 - 0 ! lib/krb5/krb5.conf.5 \| 13 13 + 0 - 0 ! lib/krb5/krb5_locl.h \| 1 1 + 0 - 0 ! tests/gss/include-krb5.conf \| 17 17 + 0 - 0 ! tests/gss/krb5.conf.in \| 17 1 + 16 - 0 ! 6 files changed, 136 insertions(+), 19 deletions(-)	add-include-support-1 commit fe43be85587f834266623adb0ecf2793d212a7ca
add include support 2.patch \| (download)	lib/krb5/config_file.c \| 107 89 + 18 - 0 ! 1 file changed, 89 insertions(+), 18 deletions(-)	add-include-support-2 commit 0259f1c44927ab8f5906212804693dec48c9a04a
add include support 3.patch \| (download)	lib/krb5/config_file.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	add-include-support-3 commit 23ee804e9d23ed83a3a502501dbe5fe50ab9094a
add include support 4.patch \| (download)	configure.ac \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	add-include-support-4 commit 96641e12ba61806201f420fe880888047ebd5402
fix build with autoconf 272.patch \| (download)	cf/largefile.m4 \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] cf/largefile.m4: fix build with autoconf-2.72 Fixes https://github.com/heimdal/heimdal/issues/1201