Public bug reported: Upstream: tbd Debian: 7.8.git20221117.28daf24+dfsg-5 Ubuntu: 7.8.git20221117.28daf24+dfsg-5ubuntu3
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### heimdal (7.8.git20221117.28daf24+dfsg-5) unstable; urgency=medium * Apply NMU patches. Closes: #1065373. -- Brian May <b...@debian.org> Sat, 09 Mar 2024 11:01:27 +1100 heimdal (7.8.git20221117.28daf24+dfsg-4.2) unstable; urgency=medium [ Matthias Klose ] * Filter-out -Werror=implicit-function-declaration, unconditionally set by abi=time64. -- Steve Langasek <vor...@debian.org> Fri, 08 Mar 2024 08:21:09 +0000 heimdal (7.8.git20221117.28daf24+dfsg-4.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064097 -- Lukas Märdian <sl...@debian.org> Wed, 28 Feb 2024 08:36:52 +0000 heimdal (7.8.git20221117.28daf24+dfsg-4) unstable; urgency=medium * Always build the rk_strlcat and rk_strlcpy symbols even if included in glibc. Closes: #1055316. -- Brian May <b...@debian.org> Wed, 03 Jan 2024 11:43:58 +1100 heimdal (7.8.git20221117.28daf24+dfsg-3) unstable; urgency=medium * Fix random 'Ticket expired' and 'Clock skew too great' errors by setting kdc_offset correctly. Closes: #1039992. -- Brian May <b...@debian.org> Tue, 04 Jul 2023 10:09:56 +1000 heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium * Fix incorrect license of Debian files. * Fix deprecated dependancies. * gsskrb5: fix accidental logic inversions (CVE-2022-45142) (Closes: #1030849) - change applied from NMU version 7.8.git20221117.28daf24+dfsg-1.1 * Add ro.po file. Closes: #1031897. -- Brian May <b...@debian.org> Sat, 25 Feb 2023 09:32:57 +1100 heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium * New upstream release. -- Brian May <b...@debian.org> Sat, 10 Dec 2022 16:29:20 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium * Source-only upload to enable migration to testingi (2nd attempt). -- Brian May <b...@debian.org> Sun, 04 Dec 2022 09:56:06 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium * Source-only upload to enable migration to testing. -- Brian May <b...@debian.org> Sun, 04 Dec 2022 09:09:44 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium * New upstream version. * Numerous security fixes (Closes: #1024187). * asn1: Invalid free in ASN.1 codec (CVE-2022-44640) * krb5: PAC parse integer overflows (CVE-2022-42898) * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437) * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437) * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap (CVE-2022-3437) * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437) * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Check buffer length against overflow for DES{,3} unwrap (CVE-2022-3437) * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437) * libhx509: Fix denial of service vulnerability (CVE-2022-41916) * spnego: send_reject when no mech selected (CVE-2021-44758) * Fix regression in _krb5_get_int64 on 32 bit systems. https://github.com/heimdal/heimdal/pull/1025 * Increment soname for libroken. * Increment soname for libhcrypto. * Remove legacy shared library version requirements. * Add symbols to libkadm5srv8. -- Brian May <b...@debian.org> Sun, 27 Nov 2022 10:44:26 +1100 heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #857215. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May <b...@debian.org> Mon, 05 Sep 2022 08:35:33 +1000 ### Old Ubuntu Delta ### heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <steve.langa...@ubuntu.com> Sun, 31 Mar 2024 18:24:27 +0000 heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu2) noble; urgency=medium * No-change rebuild against libcom-err2 -- Steve Langasek <steve.langa...@ubuntu.com> Tue, 12 Mar 2024 20:32:53 +0000 heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu1) noble; urgency=low * Merge from Debian unstable. Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. -- Gianfranco Costamagna <locutusofb...@debian.org> Sun, 10 Mar 2024 01:31:18 +0100 ** Affects: heimdal (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: heimdal (Ubuntu) Milestone: None => ubuntu-24.07 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/2064407 Title: Merge heimdal from Debian unstable for oracular Status in heimdal package in Ubuntu: New Bug description: Upstream: tbd Debian: 7.8.git20221117.28daf24+dfsg-5 Ubuntu: 7.8.git20221117.28daf24+dfsg-5ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### heimdal (7.8.git20221117.28daf24+dfsg-5) unstable; urgency=medium * Apply NMU patches. Closes: #1065373. -- Brian May <b...@debian.org> Sat, 09 Mar 2024 11:01:27 +1100 heimdal (7.8.git20221117.28daf24+dfsg-4.2) unstable; urgency=medium [ Matthias Klose ] * Filter-out -Werror=implicit-function-declaration, unconditionally set by abi=time64. -- Steve Langasek <vor...@debian.org> Fri, 08 Mar 2024 08:21:09 +0000 heimdal (7.8.git20221117.28daf24+dfsg-4.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064097 -- Lukas Märdian <sl...@debian.org> Wed, 28 Feb 2024 08:36:52 +0000 heimdal (7.8.git20221117.28daf24+dfsg-4) unstable; urgency=medium * Always build the rk_strlcat and rk_strlcpy symbols even if included in glibc. Closes: #1055316. -- Brian May <b...@debian.org> Wed, 03 Jan 2024 11:43:58 +1100 heimdal (7.8.git20221117.28daf24+dfsg-3) unstable; urgency=medium * Fix random 'Ticket expired' and 'Clock skew too great' errors by setting kdc_offset correctly. Closes: #1039992. -- Brian May <b...@debian.org> Tue, 04 Jul 2023 10:09:56 +1000 heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium * Fix incorrect license of Debian files. * Fix deprecated dependancies. * gsskrb5: fix accidental logic inversions (CVE-2022-45142) (Closes: #1030849) - change applied from NMU version 7.8.git20221117.28daf24+dfsg-1.1 * Add ro.po file. Closes: #1031897. -- Brian May <b...@debian.org> Sat, 25 Feb 2023 09:32:57 +1100 heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium * New upstream release. -- Brian May <b...@debian.org> Sat, 10 Dec 2022 16:29:20 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium * Source-only upload to enable migration to testingi (2nd attempt). -- Brian May <b...@debian.org> Sun, 04 Dec 2022 09:56:06 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium * Source-only upload to enable migration to testing. -- Brian May <b...@debian.org> Sun, 04 Dec 2022 09:09:44 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium * New upstream version. * Numerous security fixes (Closes: #1024187). * asn1: Invalid free in ASN.1 codec (CVE-2022-44640) * krb5: PAC parse integer overflows (CVE-2022-42898) * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437) * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437) * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap (CVE-2022-3437) * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437) * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Check buffer length against overflow for DES{,3} unwrap (CVE-2022-3437) * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437) * libhx509: Fix denial of service vulnerability (CVE-2022-41916) * spnego: send_reject when no mech selected (CVE-2021-44758) * Fix regression in _krb5_get_int64 on 32 bit systems. https://github.com/heimdal/heimdal/pull/1025 * Increment soname for libroken. * Increment soname for libhcrypto. * Remove legacy shared library version requirements. * Add symbols to libkadm5srv8. -- Brian May <b...@debian.org> Sun, 27 Nov 2022 10:44:26 +1100 heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #857215. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May <b...@debian.org> Mon, 05 Sep 2022 08:35:33 +1000 ### Old Ubuntu Delta ### heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <steve.langa...@ubuntu.com> Sun, 31 Mar 2024 18:24:27 +0000 heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu2) noble; urgency=medium * No-change rebuild against libcom-err2 -- Steve Langasek <steve.langa...@ubuntu.com> Tue, 12 Mar 2024 20:32:53 +0000 heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu1) noble; urgency=low * Merge from Debian unstable. Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. -- Gianfranco Costamagna <locutusofb...@debian.org> Sun, 10 Mar 2024 01:31:18 +0100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2064407/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
