libheimdal: 7.4.0 -> 7.5.0

In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet containing empty data
fields for client name or realm.

Security: CVE-2017-17439

pkgs/development/libraries/kerberos/heimdal-make-missing-headers.patch

@@ -0,0 +1,10 @@
+--- a/lib/hx509/Makefile.am 2018-03-21 15:41:38.622968809 +0100
++++ b/lib/hx509/Makefile.am 2018-03-21 15:41:32.655162197 +0100
+@@ -9,6 +9,8 @@
+	sel-gram.h			\
+	$(gen_files_ocsp:.x=.c)		\
+	$(gen_files_pkcs10:.x=.c)	\
++	ocsp_asn1.h			\
++	pkcs10_asn1.h			\
+	hx509_err.c			\
+	hx509_err.h

pkgs/development/libraries/kerberos/heimdal.nix

@@ -12,15 +12,17 @@ in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "${type}heimdal-${version}";
-  version = "7.4.0";
+  version = "7.5.0";
 
   src = fetchFromGitHub {
     owner = "heimdal";
     repo = "heimdal";
     rev = "heimdal-${version}";
-    sha256 = "01ch6kqjrxi9fki54yjj2fhxhdkxijz161w2inh5k8mcixlf67vp";
+    sha256 = "1j38wjj4k0q8vx168k3d3k0fwa8j1q5q8f2688nnx1b9qgjd6w1d";
   };
 
+  patches = [ ./heimdal-make-missing-headers.patch ];
+
   nativeBuildInputs = [ autoreconfHook pkgconfig python2 perl yacc flex ]
     ++ (with perlPackages; [ JSON ])
     ++ optional (!libOnly) texinfo;
@@ -44,6 +46,10 @@ stdenv.mkDerivation rec {
     "--with-capng"
   ];
 
+  postUnpack = ''
+    sed -i '/^DEFAULT_INCLUDES/ s,$, -I..,' source/cf/Makefile.am.common
+  '';
+
   buildPhase = optionalString libOnly ''
     (cd include; make -j $NIX_BUILD_CORES)
     (cd lib; make -j $NIX_BUILD_CORES)