Hello community, here is the log from the commit of package libheimdal for openSUSE:Factory checked in at 2017-08-10 14:05:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libheimdal (Old) and /work/SRC/openSUSE:Factory/.libheimdal.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libheimdal" Thu Aug 10 14:05:08 2017 rev:5 rq:514480 version:7.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libheimdal/libheimdal.changes 2017-06-16 10:55:49.238737696 +0200 +++ /work/SRC/openSUSE:Factory/.libheimdal.new/libheimdal.changes 2017-08-10 14:13:01.180710783 +0200 @@ -1,0 +2,18 @@ +Thu Aug 03 20:25:45 UTC 2017 - joerg.loren...@ki.tng.de + +- Update to version 7.4.0 + - Security + - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name + validation. + This is a critical vulnerability. + In _krb5_extract_ticket() the KDC-REP service name must be + obtained from encrypted version stored in 'enc_part' instead + of the unencrypted version stored in 'ticket'. + Use of the unecrypted version provides an opportunity for + successful server impersonation and other attacks. + Identified by Jeffrey Altman, Viktor Duchovni and + Nico Williams. + See https://www.orpheus-lyre.info/ for more details. +- Fixed heimdal-patched.diff. + +------------------------------------------------------------------- Old: ---- heimdal-7.3.0-patched.tar.bz2 New: ---- heimdal-7.4.0-patched.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libheimdal.spec ++++++ --- /var/tmp/diff_new_pack.x8okNP/_old 2017-08-10 14:13:01.888611110 +0200 +++ /var/tmp/diff_new_pack.x8okNP/_new 2017-08-10 14:13:01.892610547 +0200 @@ -20,7 +20,7 @@ Summary: The Heimdal implementation of the Kerberos 5 protocol License: BSD-3-Clause Group: Productivity/Networking/Security -Version: 7.3.0 +Version: 7.4.0 Release: 0 Url: http://www.h5l.org # patched source can be created with script heimdal-patch-source.sh: ++++++ heimdal-7.3.0-patched.tar.bz2 -> heimdal-7.4.0-patched.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/libheimdal/heimdal-7.3.0-patched.tar.bz2 /work/SRC/openSUSE:Factory/.libheimdal.new/heimdal-7.4.0-patched.tar.bz2 differ: char 11, line 1 ++++++ heimdal-patched.diff ++++++ --- /var/tmp/diff_new_pack.x8okNP/_old 2017-08-10 14:13:01.980598158 +0200 +++ /var/tmp/diff_new_pack.x8okNP/_new 2017-08-10 14:13:01.980598158 +0200 @@ -4,7 +4,7 @@ @@ -3,7 +3,6 @@ AC_PREREQ(2.62) test -z "$CFLAGS" && CFLAGS="-g" - AC_INIT([Heimdal],[7.3.0],[https://github.com/heimdal/heimdal/issues]) + AC_INIT([Heimdal],[7.4.0],[https://github.com/heimdal/heimdal/issues]) -AC_CONFIG_SRCDIR([kuser/kinit.c]) AC_CONFIG_HEADERS(include/config.h) AC_CONFIG_MACRO_DIR([cf])