Version in base suite: 7.8.git20221117.28daf24+dfsg-9

Base version: heimdal_7.8.git20221117.28daf24+dfsg-9
Target version: heimdal_7.8.git20221117.28daf24+dfsg-9+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/h/heimdal/heimdal_7.8.git20221117.28daf24+dfsg-9.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/h/heimdal/heimdal_7.8.git20221117.28daf24+dfsg-9+deb13u1.dsc

 changelog                                                               |    9 ++
 control                                                                 |    3 
 patches/0030-krb5-not_found-must-free-krb5_get_error_message-stri.patch |   36 ++++++++++
 patches/series                                                          |    1 
 4 files changed, 49 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpr60xvtw4/heimdal_7.8.git20221117.28daf24+dfsg-9.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpr60xvtw4/heimdal_7.8.git20221117.28daf24+dfsg-9+deb13u1.dsc: no acceptable signature found
diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog	2025-03-03 23:58:18.000000000 +0000
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/changelog	2026-03-12 21:39:34.000000000 +0000
@@ -1,3 +1,12 @@
+heimdal (7.8.git20221117.28daf24+dfsg-9+deb13u1) trixie; urgency=medium
+
+  * Fix memory leak in heimdal-clients by applying upstream patch from
+  https://github.com/heimdal/heimdal/commit/739f7e0484e412de7de6d5ef1100fcc20836d19d
+  Closes: #1130242.
+  * Explicitly depend on libcrypt-dev. (Closes: #1102912)
+
+ -- Brian May <bam@debian.org>  Fri, 13 Mar 2026 08:39:34 +1100
+
 heimdal (7.8.git20221117.28daf24+dfsg-9) unstable; urgency=medium
 
   * Use kadmin.heimdal in postinst instead of heimdal. Closes: #1070031.
diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/control heimdal-7.8.git20221117.28daf24+dfsg/debian/control
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/control	2024-08-08 01:22:29.000000000 +0000
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/control	2026-03-12 21:39:34.000000000 +0000
@@ -10,6 +10,7 @@
                debhelper (>= 10),
                flex,
                libcap-ng-dev [linux-any],
+               libcrypt-dev,
                libdb-dev,
                libedit-dev,
                libjson-perl,
@@ -69,6 +70,7 @@
 Conflicts: heimdal-clients (<< 0.4e-7), kerberos4kth-dev
 Depends: comerr-dev,
          libasn1-8t64-heimdal (= ${binary:Version}),
+         libcrypt-dev,
          libgssapi3t64-heimdal (= ${binary:Version}),
          libhcrypto5t64-heimdal (= ${binary:Version}),
          libhdb9t64-heimdal (= ${binary:Version}),
@@ -79,6 +81,7 @@
          libkafs0t64-heimdal (= ${binary:Version}),
          libkdc2t64-heimdal (= ${binary:Version}),
          libkrb5-26t64-heimdal (= ${binary:Version}),
+         libroken19t64-heimdal (= ${binary:Version}),
          libwind0t64-heimdal (= ${binary:Version}),
          libotp0t64-heimdal (= ${binary:Version}),
          libsl0t64-heimdal (= ${binary:Version}),
diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/0030-krb5-not_found-must-free-krb5_get_error_message-stri.patch heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/0030-krb5-not_found-must-free-krb5_get_error_message-stri.patch
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/0030-krb5-not_found-must-free-krb5_get_error_message-stri.patch	1970-01-01 00:00:00.000000000 +0000
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/0030-krb5-not_found-must-free-krb5_get_error_message-stri.patch	2026-03-12 21:39:34.000000000 +0000
@@ -0,0 +1,36 @@
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 27 May 2020 02:35:46 -0400
+Subject: krb5: not_found must free krb5_get_error_message string
+
+Even though krb5_get_error_message() returns 'const char *' the
+C-string is allocated and must be freed using krb5_free_error_message().
+
+Change-Id: I8d4ef6fce12f113617443d15abadf51f1e04cf1a
+---
+ lib/krb5/get_cred.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
+index 70b3e5f..a9c8b18 100644
+--- a/lib/krb5/get_cred.c
++++ b/lib/krb5/get_cred.c
+@@ -683,16 +683,17 @@ static int
+ not_found(krb5_context context, krb5_const_principal p, krb5_error_code code)
+ {
+     krb5_error_code ret;
+-    const char *err;
+     char *str;
++    const char *err;
+ 
+-    err = krb5_get_error_message(context, code);
+     ret = krb5_unparse_name(context, p, &str);
+     if(ret) {
+ 	krb5_clear_error_message(context);
+ 	return code;
+     }
++    err = krb5_get_error_message(context, code);
+     krb5_set_error_message(context, code, N_("%s (%s)", ""), err, str);
++    krb5_free_error_message(context, err);
+     free(str);
+     return code;
+ }
diff -Nru heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series
--- heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series	2024-08-11 22:58:12.000000000 +0000
+++ heimdal-7.8.git20221117.28daf24+dfsg/debian/patches/series	2026-03-12 21:39:34.000000000 +0000
@@ -27,3 +27,4 @@
 add-include-support-3.patch
 add-include-support-4.patch
 fix-build-with-autoconf-272.patch
+0030-krb5-not_found-must-free-krb5_get_error_message-stri.patch