Bug 231390 - security/heimdal fix for squid gssapi memory leak
Summary: security/heimdal fix for squid gssapi memory leak
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Hiroki Sato
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-09-16 05:59 UTC by dewayne
Modified: 2020-06-17 08:00 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (hrs)


Attachments
kerberos context patch (493 bytes, text/plain)
2018-09-16 05:59 UTC, dewayne
no flags Details
credential memory leak patch (550 bytes, patch)
2018-09-16 06:01 UTC, dewayne
no flags Details | Diff
ports-patch (1.70 KB, patch)
2018-11-05 08:11 UTC, Koichiro Iwao
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description dewayne 2018-09-16 05:59:09 UTC
Created attachment 197124 [details]
kerberos context patch

A conversation on the heimdal-discuss@h5l.org list revealed and fixes a memory leak arising from the squid kerberos authentication helper. 
Search for "Memory leak with Squid negotiate_kerberos_auth helper under OpenBSD 6.3"

I've enclosed the patches that fix this problem, only because the application of the fix and a new release of heimdal may not be as timely as a patch to the "port"; and I created and applied the patch.
Comment 1 dewayne 2018-09-16 06:01:10 UTC
Created attachment 197125 [details]
credential memory leak patch
Comment 2 Koichiro Iwao freebsd_committer 2018-11-05 07:51:34 UTC
Take.

The first patch appears to be committed upstream.
https://github.com/heimdal/heimdal/commit/7b4ea9c42fbb0cdefff6ca2848d7e3e9398aff8e

Could you submit the second patch to upstream? Backporting upstream patch is more reasonable than creating local patches. It is at least reviewed by upstream.
Comment 3 Koichiro Iwao freebsd_committer 2018-11-05 08:11:25 UTC
Created attachment 198958 [details]
ports-patch

I'm thinking like this backporting upstream patch.
Comment 4 dewayne 2019-04-13 17:54:06 UTC
(In reply to Koichiro Iwao from comment #3)
Thank-you for pursuing this bug.  As an aside would it be possible to replace readline, which is GPLv3 with libedit, which is BSD licenced and preserve Heimdal's MIT licence?
(I replaced readline with libedit for most (all) of my non-GPL ports a few years ago, and heimdal is happy.)
Comment 5 Li-Wen Hsu freebsd_committer 2020-06-17 08:00:29 UTC
Over to maintainer.