Tom Yu [Thu, 9 Jul 2009 01:59:03 +0000 (01:59 +0000)]
pull up r20485 from trunk
------------------------------------------------------------------------
r20485 | raeburn | 2008-06-26 23:33:14 -0400 (Thu, 26 Jun 2008) | 8 lines
ticket: new
target_version: 1.6.4
tags: pullup
subject: use-after-free bugs
Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.
ticket: 5998
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22427
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Jul 2009 01:54:50 +0000 (01:54 +0000)]
pull up r20482, r20481 from trunk
------------------------------------------------------------------------
r20482 | raeburn | 2008-06-26 22:51:09 -0400 (Thu, 26 Jun 2008) | 5 lines
ticket: 5997
Memory leak, and possible freed-memory dereference, in an error (small
allocation failure) path.
------------------------------------------------------------------------
r20481 | raeburn | 2008-06-26 22:47:06 -0400 (Thu, 26 Jun 2008) | 9 lines
ticket: new
target_version: 1.6.4
subject: misc memory leaks
tags: pullup
Fix various memory leaks that show up mostly in error cases (e.g.,
failure to allocate one small object, and then we forget to free
another one).
ticket: 5997
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22426
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Apr 2009 01:23:03 +0000 (01:23 +0000)]
CVE-2009-0846 (1.6.x) asn1_decode_generaltime can free uninitialized pointer
pull up rxxxx from trunk
The asn1_decode_generaltime() function can free an uninitialized
pointer if asn1buf_remove_charstring() fails.
ticket: 6448
tags: pullup
target_version: 1.6.4
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22181
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Apr 2009 01:22:57 +0000 (01:22 +0000)]
CVE-2009-0847 (1.6.x) asn1buf_imbed incorrect length validatin
pull up rxxxx from trunk
asn1buf_imbed() can perform pointer arithmetic that causes the "bound"
pointer of the subbuffer to be less than the "next" pointer. This can
lead to malloc() failure or crash.
In asn1buf_imbed(), check the length before doing arithmetic to set
subbuf->bound. In asn1buf_remove_octetstring() and
asn1buf_remove_charstring(), check for invalid buffer pointers before
executing an unsigned length check against a (casted to size_t)
negative number.
ticket: 6447
tags: pullup
target_version: 1.6.4
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22180
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Apr 2009 01:22:51 +0000 (01:22 +0000)]
CVE-2009-0844 (1.6.x) SPNEGO can read beyond buffer end
pull up rxxxxx from trunk
SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.
Thanks to Apple for reporting this vulnerability and providing
patches.
ticket: 6446
tags: pullup
target_version: 1.6.4
version_fixd: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22179
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Apr 2009 01:22:45 +0000 (01:22 +0000)]
Apply revised patch from Apple that ensures that a REJECT token is
sent on error.
ticket: 6426
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22178
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Mar 2009 21:34:13 +0000 (21:34 +0000)]
CVE-2009-0845 (1.6.x) SPNEGO can dereference a null pointer
pull up r22084 from trunk
acc_ctx_new() can return an error condition without establishing a
SPNEGO context structure. This can cause a null pointer dereference
in cleanup code in spnego_gss_accept_sec_context().
ticket: 6426
tags: pullup
target_version: 1.6.4
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22104
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 11 Aug 2008 15:08:52 +0000 (15:08 +0000)]
pull up r20573 from trunk
r20573@cathode-dark-space: jaltman | 2008-07-23 11:09:15 -0400
ticket: 6047
tags: pullup
The NIM error reporting functions (in src/windows/identity/kherr ) keep
track of the the error message with the highest severity level that was
reported for a specific error reporting context. However, if another
error message of the same severity is reported, the error message being
tracked will be updated to be the newly received error.
The user will often only be notified of the error message that was
tracked for a specific operation. Therefore, tracking the last message
with the highest priority has the unfortunate side-effect of not
reporting the cause of a failure.
This patch changes the condition for updating the tracked error message
to be the first message with the highest severity.
ticket: 6047
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20641
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 11 Aug 2008 15:08:37 +0000 (15:08 +0000)]
pull up r20572 from trunk
r20572@cathode-dark-space: jaltman | 2008-07-23 11:04:26 -0400
ticket: 5745
tags: pullup
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.
ticket: 5745
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20640
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 11 Aug 2008 15:08:23 +0000 (15:08 +0000)]
pull up r20571 from trunk
r20571@cathode-dark-space: jaltman | 2008-07-23 10:44:50 -0400
ticket: 6046
tags: pullup
The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking. They
currently do not declare or import the following functions:
krb5_get_error_message()
krb5_free_error_message()
krb5_clear_error_message()
This patch adds declarations and definitions required for locating these
functions. Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h. See ticket 6045.
ticket: 6046
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20639
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 11 Aug 2008 15:08:03 +0000 (15:08 +0000)]
pull up r20570 from trunk
r20570@cathode-dark-space: jaltman | 2008-07-23 10:38:27 -0400
ticket: 5605
tags: pullup
cw_handle_header_msg():
The behavior of the HDN_ENDTRACK notification has changed slightly on
Vista. HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns
the item extents that were there prior to the user starting the resizing
operation. Earlier it would return the extents that resulted from the
resizing operation.
This resulted in a visual update problem on Windows Vista/2008
in the NIM Advanced View.
ticket: 5605
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20638
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 22:39:28 +0000 (22:39 +0000)]
pull up r20478 from trunk
r20478@cathode-dark-space: raeburn | 2008-06-26 20:22:43 -0400
ticket: new
target_version: 1.6.4
Fix off-by-one error in range check on file descriptor number.
ticket: 5995
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20587
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 22:38:59 +0000 (22:38 +0000)]
pull up r20127 from trunk
r20127@cathode-dark-space: raeburn | 2007-10-17 20:14:01 -0400
Reject socket fds > FD_SETSIZE.
ticket: 5995
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20586
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 21:47:03 +0000 (21:47 +0000)]
pull up r20553 from trunk
r20553@cathode-dark-space: jaltman | 2008-07-21 14:48:03 -0400
ticket: new
subject: Assign fixed ordinals to comerr32.dll exports
component: krb5-libs
tags: pullup
All of the other libraries on Windows have fixed assignments
of ordinals to the exported functions. Assign the ordinals
that were in use in the last public release, kfw 3.2.2, so
that they will remain constant into the future in case additional
exports are added to the library.
ticket: 6040
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20585
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 21:07:57 +0000 (21:07 +0000)]
pull up r20558 from trunk
r20558@cathode-dark-space: jaltman | 2008-07-21 16:33:53 -0400
ticket: 5840
tags: pullup
kadm5_decrypt_key(). This patch prevents the returned keyblock's
enctype from being coerced to the requested 'ktype' if the requested
'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".
ticket: 5840
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20584
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 20:33:31 +0000 (20:33 +0000)]
r20575@cathode-dark-space: tlyu | 2008-07-23 13:06:56 -0400
ticket: 5442
Fix one missed rename of "exit" label to "done".
ticket: 5442
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20583
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 20:33:17 +0000 (20:33 +0000)]
pull up r20574 from trunk
r20574@cathode-dark-space: jaltman | 2008-07-23 12:03:40 -0400
ticket: 5442
replace "exit" label with "done"
ticket: 5442
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20582
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Jul 2008 20:32:56 +0000 (20:32 +0000)]
pull up r20559 from trunk
r20559@cathode-dark-space: jaltman | 2008-07-21 16:47:35 -0400
ticket: 5442
tags: pullup
This patch addresses the issues raised in this ticket and ticket 5936.
(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.
(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.
The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto. After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.
In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.
In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().
[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.
ticket: 5442
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20581
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 22:59:39 +0000 (22:59 +0000)]
pull up r20561 from trunk
(includes unrelated cleanup of dead assignment)
r20561@cathode-dark-space: raeburn | 2008-07-21 16:59:24 -0400
ticket: 5980
Another check for null return from krb5_cc_default_name.
ticket: 5980
version_fixed: 1.6.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20565
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 22:59:28 +0000 (22:59 +0000)]
pull up r20551 from trunk
r20551@cathode-dark-space: jaltman | 2008-07-21 13:44:43 -0400
ticket: 5080
tags: pullup
ccdefault.c:
krb5_cc_default_name() is permitted to return a NULL
pointer as a valid output. Passing a NULL pointer to
strcmp() will result in an exception as NULL is not
a valid input parameter to strcmp().
Save the output of krb5_cc_default_name() to a variable
and modify the conditional to set the new default ccache
name in the case where there is no existing default
ccache name.
ticket: 5980
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20564
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 22:59:15 +0000 (22:59 +0000)]
pull up r20557 from trunk
r20557@cathode-dark-space: jaltman | 2008-07-21 16:30:44 -0400
ticket: 5839
tags: pullup
krb5_string_to_keysalts()
Fix an infinite loop in the parsing of 'kp'
ticket: 5839
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20563
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 22:59:01 +0000 (22:59 +0000)]
pull up r20555 from trunk
r20555@cathode-dark-space: jaltman | 2008-07-21 15:43:21 -0400
ticket: 5895
tags: pullup
There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.
The same problem exists in cc_memory.c:krb5_mcc_destroy().
ticket: 5895
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20562
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 16:08:33 +0000 (16:08 +0000)]
pull up r20527 from trunk
r20527@cathode-dark-space: tlyu | 2008-07-15 17:43:35 -0400
ticket: new
subject: krb5_get_cred_via_tkt() should null out_cred on errors
tags: pullup
target_version: 1.6.4
component: krb5-libs
Helper function krb5_kdcrep2creds(), called from
krb5_get_cred_via_tkt(), should null its output pointer after freeing
allocated memory, to avoid returning an invalid pointer.
ticket: 6033
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20550
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 16:08:19 +0000 (16:08 +0000)]
pull up r20532 from trunk
r20532@cathode-dark-space: tlyu | 2008-07-17 11:44:43 -0400
ticket: 6030
tags: pullup
target_version: 1.6.4
Apply patch from Mark Phalan to correctly use progname instead of
argv[0].
ticket: 6030
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20549
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 16:08:05 +0000 (16:08 +0000)]
pull up r20531 from trunk
r20531@cathode-dark-space: tlyu | 2008-07-16 19:01:54 -0400
ticket: 6028
target_version: 1.6.4
tags: pullup
Apply patch from Mark Phalan to initialize progname before use.
ticket: 6028
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20548
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 21 Jul 2008 16:07:46 +0000 (16:07 +0000)]
pull up r20536 from trunk
r20536@cathode-dark-space: tlyu | 2008-07-17 19:40:32 -0400
ticket: 6018
target_version: 1.6.4
tags: pullup
In krb5_rc_io_creat(), unlink any existing rcache file before trying
to create a new rcache. This allows better recovery from corrupt
rcache files.
ticket: 6018
status: resolved
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20547
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 23:23:12 +0000 (23:23 +0000)]
pull up r20503 from trunk
r20503@cathode-dark-space: tlyu | 2008-07-09 15:54:56 -0400
ticket: new
tags: pullup
component: krb5-libs
subject: add copyright to lib/crypto/enc_provider/aes.c
target_version: 1.6.4
lib/crypto/enc_provider/aes.c was missing a copyright statement.
Added.
ticket: 6022
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20524
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:13:19 +0000 (22:13 +0000)]
pull up r20480 from trunk
r20480@cathode-dark-space: raeburn | 2008-06-26 21:26:08 -0400
ticket: new
subject: fix free of automatic storage
target_version: 1.6.4
tags: pullup
Fix a possible free of automatic storage that can happen on an
(unlikely) encoding failure.
ticket: 5996
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20523
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:12:54 +0000 (22:12 +0000)]
pull up r20477 from trunk
r20477@cathode-dark-space: raeburn | 2008-06-26 20:20:33 -0400
ticket: new
target_version: 1.6.4
Fix possible null pointer deref, possible uninit ptr use, possible
leak in unlikely small-allocation failure case.
ticket: 5994
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20522
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:12:38 +0000 (22:12 +0000)]
pull up r20304 from trunk
r20304@cathode-dark-space: raeburn | 2008-04-18 15:31:47 -0400
ticket: new
subject: fix possible buffer overrun in handling generic-error return
target_version: 1.6.5
tags: pullup
Jeff Altman reported this, based on a crash seen in KfW in the wild.
The krb5_data handle used to describe the message field returned by the KDC is
not null-terminated, but we use a "%s" format to incorporate it into an error
message string. In the right circumstances, garbage bytes can be pulled into
the string, or a memory fault may result.
However, as this is in the error-reporting part of the client-side code for
fetching new credentials, it's a relatively minor DoS attack only, not a
serious security exposure. Should be fixed in the next releases, though.
ticket: 5944
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20521
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:12:21 +0000 (22:12 +0000)]
pull up r20296 from trunk
r20296@cathode-dark-space: raeburn | 2008-03-28 21:09:00 -0400
ticket: new
subject: Coverity CID 101: Fix minor bounds check error.
target_version: 1.6.4
tags: pullup
Coverity CID 101: Fix minor bounds check error.
ticket: 5933
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20520
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:12:05 +0000 (22:12 +0000)]
pull up r20413 from trunk
r20413@cathode-dark-space: jaltman | 2008-06-18 15:36:49 -0400
ticket: 5924
tags: pullup
This patch is derived from a patch originally submitted to RT
by: Nik Conwell <nik@bu.edu>
krb5_set_real_time() accepts as input the time of the KDC
or an application server as a combination of seconds and
microseconds. Often it is the case that the time source
does not provide the real time with less than one second
granularity. Up until this patch such a caller would fill
in the microseconds parameter as zero. krb5_set_real_time()
would treat the zero microseconds as the actual reported
time and compute a microsecond based offset.
During a one second window subsequent calls to
krb5_set_real_time() would have an ever increasing offset
size until the number of seconds is incremented. This
in turn produces a side effect in which the microseconds
value of the local clock is effectively erased.
If there are multiple processes or threads on the same
machine each requesting service tickets using the same
client principal for the same service principal where
the number of seconds reported by the KDC are equivalent,
then they will now all create authenticators with
exactly the same timestamp. As a result, the authenticating
service will detect a replay attack even though the
authenticators are actually unique. The replay cache
only maintains a tuple of client, server and timestamp.
This patch modifies the interpretation of the microseconds
parameter. If -1 is specified, the microseconds offset is
ignored.
ticket: 5924
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20519
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:11:49 +0000 (22:11 +0000)]
pull up r20509 from trunk
r20509@cathode-dark-space: tlyu | 2008-07-09 22:04:03 -0400
ticket: 5632
Apply patch from Apple to handle missing krb5.conf for zeroconf
situations.
ticket: 5632
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20518
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:11:33 +0000 (22:11 +0000)]
pull up r20311 from trunk
r20311@cathode-dark-space: rra | 2008-04-28 19:05:27 -0400
Ticket: new
Subject: Properly escape - in kdb5_ldap_util man page
Component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup
The LDAP plugin introduced a new man page which has unescaped hyphens.
Unicode-aware groffs may convert those to real hyphens rather than
the intended ASCII hyphen. This patch adds backslashes in front of
all the bare hyphens that I plus Debian's lintian program could find
to force interpretation as ASCII hyphens.
ticket: 5953
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20517
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Jul 2008 22:11:11 +0000 (22:11 +0000)]
pull up r20316 from trunk
r20316@cathode-dark-space: rra | 2008-05-10 23:54:41 -0400
Ticket: 5544
Tags: pullup
Fix a typo in krb5.conf: ldap_server should be ldap_servers, as the
latter is what the LDAP KDB plugin looks for.
ticket: 5544
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20516
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 22 Mar 2008 01:30:31 +0000 (01:30 +0000)]
krb5-1.6.4-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20288
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 22 Mar 2008 01:12:24 +0000 (01:12 +0000)]
README and patchlevel for krb5-1.6.4-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20286
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 Mar 2008 23:03:59 +0000 (23:03 +0000)]
Apply patch for MITKRB5-SA-2008-001
ticket: 5919
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20283
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 Mar 2008 18:38:34 +0000 (18:38 +0000)]
pull up r20278 from trunk
r20278@cathode-dark-space: raeburn | 2008-03-18 14:55:26 -0400
ticket: new
subject: MITKRB5-SA-2008-002
target_version: 1.6.4
tags: pullup
Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.
Don't update the internally-tracked maximum file descriptor value if
the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file
descriptors of FD_SETSIZE (NOFILE) or above.
ticket: 5918
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20282
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 7 Mar 2008 20:43:42 +0000 (20:43 +0000)]
pull up r20254 from trunk
r20254@cathode-dark-space: jander | 2008-03-04 15:27:19 -0500
ticket: 5897
tags: pullup
Fix memory leak by delaying instantiation of lid until it's needed.
ticket: 5897
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20258
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 7 Mar 2008 20:43:26 +0000 (20:43 +0000)]
pull up r20243 from trunk
r20243@cathode-dark-space: tlyu | 2008-02-29 00:23:56 -0500
ticket: 5893
tags: pullup
target_version: 1.6.4
Make a NUL-terminated copy of realm name before passing to a plugin
interface that takes a C string rather than krb5_data.
ticket: 5893
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20257
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 23 Feb 2008 02:10:59 +0000 (02:10 +0000)]
pull up r20228 from trunk
r20228@cathode-dark-space: rra | 2008-02-18 23:49:11 -0500
ticket: new
subject: man page macro and hyphen fixes
component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup
Fix various unescaped hyphens, lines starting with . that shouldn't be
macros, undefined strings, and misspelled macros in the man pages.
Found via man --warnings on a current Debian unstable system.
ticket: 5892
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20237
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 23 Feb 2008 02:10:40 +0000 (02:10 +0000)]
pull up r20213 from trunk
r20213@cathode-dark-space: kpkoch | 2008-01-31 10:51:18 -0500
TargetVersion: 1.7
Component: windows
Ticket: new
Subj: Build automation
Tags: pullup
Actually pass the nmake arguments to nmake.
ticket: 5879
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20236
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Feb 2008 18:29:15 +0000 (18:29 +0000)]
pull up r20222 from trunk
r20222@cathode-dark-space: tlyu | 2008-02-07 02:07:06 -0500
ticket: new
target_version: 1.6.4
tags: pullup
subject: more tests for libdb btree page split on zero index
component: krb5-kdc
Enhance btree debugging output somewhat to limit key printout to the
key length if the key is not null-terminated.
Add additional test case for the zero-index page split bug; test case
can create a corrupted btree database with records unreachable by
random access but reachable by sequential access. Requires
recompiling with CPPFLAGS='-DDEBUG -DDEBUG_IDX0SPLIT' to correctly
model mpool page reuse that would be present in production conditions.
(CPPFLAGS=-DDEBUG would otherwise explicitly overwrite the contents of
reused pages.)
ticket: 5888
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20233
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Feb 2008 18:28:59 +0000 (18:28 +0000)]
pull up r20211 from trunk
r20211@cathode-dark-space: jaltman | 2008-01-23 17:10:56 -0500
ticket: new
subject: Windows: avoid use of cygwin mkdir and rmdir commands
tags: pullup
Microsoft's nmake versions 8.x and 9.x prefer executables over
internal shell commands. This is a change from previous versions.
Cygwin's mkdir and rmdir commands do not have the same semantics
as the cmd.exe shell versions.
Change the definitions of MKDIR and RMDIR to use 'md' and 'rd'
in order to avoid the use of the cygwin versions.
ticket: 5875
target_version: 1.6.4
version_fixed: 1.6.4
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20232
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 1 Feb 2008 01:23:12 +0000 (01:23 +0000)]
pull up r20214 from trunk
r20214@cathode-dark-space: tlyu | 2008-01-31 20:03:11 -0500
ticket: new
target_version: 1.6.4
tags: pullup
subject: libdb btree page split on zero index corrupts db
component: krb5-kdc
Splitting a btree page on index 0 can corrupt the database if the key
length plus data length is exactly a certain value. This certain size
causes the item to get the left page to itself, and causes the right
page to contain an erroneous additional index "hole" having an
uninitialized value. This bug may be one of the remaining causes of
unexplained database corruption reported over the years. Shawn Emery
provided useful data from actual instances of this corruption.
Add a test case for this bug. (Raw libdb test rather than kdb; the
latter would be much harder.)
ticket: 5880
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20215
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 2 Jan 2008 23:49:06 +0000 (23:49 +0000)]
pull up r20176 from trunk
r20176@cathode-dark-space: jaltman | 2007-12-12 17:32:19 -0500
ticket: new
subject: KFW: BUG: KRB5CRED: Set identity data before sending notification
component: windows
tags: pullup
Call tc_set_ident_data() before kcdb_credset_collect(). Make sure the
identity data is set before the credentials change notification is broadcast.
ticket: 5858
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20199
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 2 Jan 2008 23:48:54 +0000 (23:48 +0000)]
pull up r20175 from trunk
r20175@cathode-dark-space: coffman | 2007-12-12 09:10:33 -0500
ticket: new
subject: copy correct key for lucid context acceptor_subkey
component: krb5-libs
Tags: pullup
Copy the correct key (acceptor_subkey) to lucid context's acceptor_subkey.
ticket: 5852
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20198
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 2 Jan 2008 23:48:36 +0000 (23:48 +0000)]
pull up r20174 from trunk
r20174@cathode-dark-space: jaltman | 2007-12-11 22:45:42 -0500
ticket: new
subject: KFW BUG: WIX: 64-bit installer attempts to uninstall 32-bit NSIS
component: windows
tags: pullup
The 64-bit MSI must examine Win64 registry keys and not the 32-bit registry
keys which is where the 32-bit NSIS installation will be detected.
ticket: 5851
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20197
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 15 Dec 2007 01:23:08 +0000 (01:23 +0000)]
pull up r20179 from trunk
r20179@cathode-dark-space: tlyu | 2007-12-13 23:38:42 -0500
ticket: 5857
target_version: 1.6.4
tags: pullup
fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()
ticket: 5857
version_fied: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20187
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 15 Dec 2007 01:22:56 +0000 (01:22 +0000)]
pull up r20180 from trunk
r20180@cathode-dark-space: tlyu | 2007-12-14 00:01:07 -0500
ticket: 5856
target_version: 1.6.4
tags: pullup
fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()
ticket: 5856
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20186
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 15 Dec 2007 01:22:44 +0000 (01:22 +0000)]
pull up r20181 from trunk
r20181@cathode-dark-space: tlyu | 2007-12-14 00:01:23 -0500
ticket: 5855
target_version: 1.6.4
tags: pullup
fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()
ticket: 5855
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20185
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 15 Dec 2007 01:22:32 +0000 (01:22 +0000)]
pull up r20178 from trunk
r20178@cathode-dark-space: tlyu | 2007-12-13 23:38:28 -0500
ticket: 5856
tags: pullup
target_version: 1.6.4
fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()
ticket: 5854
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20184
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 15 Dec 2007 01:22:17 +0000 (01:22 +0000)]
pull up r20182 from trunk
r20182@cathode-dark-space: tlyu | 2007-12-14 00:14:11 -0500
ticket: 5853
target_version: 1.6.4
tags: pullup
fix CVE-2007-5894: apparent uninit length in ftpd.c:reply()
ticket: 5853
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20183
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Nov 2007 00:59:23 +0000 (00:59 +0000)]
pull up r20164 from trunk
r20164@cathode-dark-space: jaltman | 2007-11-14 17:34:53 -0500
ticket: 5842
The khm_show_main_window() function is no longer called
at startup with khm_nCmdShow == SW_SHOWMINIMIZED in order to
hide the main application by calling khm_hide_main_window().
Instead, the main application window is simply never shown.
As a result, khm_show_main_window() needs to respond to
khm_nCmdShow == SW_SHOWMINIMIZED not by hiding the window
but by changing the khm_nCmdShow state to SW_SHOW and then
calling ShowWindow().
This change will address the problem whereby "Show NIM Window"
had to be triggered twice by the user when the process
was started in a minimized state.
ticket: 5842
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20172
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Nov 2007 00:53:32 +0000 (00:53 +0000)]
pull up r20111 from trunk
r20111@cathode-dark-space: raeburn | 2007-10-10 14:27:37 -0400
ticket: 5777
Add enhanced error messages to new error return cases, explaining the
(fairly generic) errors codes.
ticket: 5777
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20171
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Nov 2007 00:53:20 +0000 (00:53 +0000)]
pull up r20109 from trunk
r20109@cathode-dark-space: raeburn | 2007-10-09 00:03:59 -0400
ticket: 5777
kt_file.c: Support multiple iterators active simultaneously, using a
counter. In get_entry, if the file was already open, rewind it to
just after the version number, and don't close it when done. Don't
allow add or remove calls if any iterator is active.
t_keytab.c: Test mixing two iterators with get_entry calls.
ticket: 5777
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20170
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Nov 2007 00:53:03 +0000 (00:53 +0000)]
pull up r19961 from trunk
r19961@cathode-dark-space: tlyu | 2007-09-18 22:54:56 -0400
ticket: 5752
target_version: 1.6.4
tags: pullup
Ignore dependency lines beginning with '#' to deal with gcc
-fworking-directory output during make depend.
ticket: 5752
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20169
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Oct 2007 22:28:13 +0000 (22:28 +0000)]
Delete AC_CHECK_FUNCS invocation having empty argument. Discovered by
Jeff Blaine.
ticket: 5830
version_fixed: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20146
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 22 Oct 2007 03:51:26 +0000 (03:51 +0000)]
krb5-1.6.3-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20141
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 22 Oct 2007 03:43:54 +0000 (03:43 +0000)]
patchlevel and winlevel for kfw-3.2.2 final
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20139
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 22 Oct 2007 03:24:12 +0000 (03:24 +0000)]
patchlevel.h for krb5-1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20137
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 19 Oct 2007 23:28:21 +0000 (23:28 +0000)]
update README
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20131
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 19 Oct 2007 20:51:43 +0000 (20:51 +0000)]
pull up r20128 from trunk
r20128@cathode-dark-space: jaltman | 2007-10-18 11:22:43 -0400
ticket: new
subject: KFW: BUG: WIX: Beta value hard coded
component: windows
tags: pullup
target: 1.6.3
The beta variable value was inadvertantly committed as part of
ticket 5820 (Revision 20117). The build script needs to
export this value when appropriate.
ticket: 5823
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20130
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 19 Oct 2007 20:51:27 +0000 (20:51 +0000)]
pull up r19881 from trunk
r19881@cathode-dark-space: jaltman | 2007-08-27 03:08:24 -0400
ticket: new
subject: Windows 64-bit - avoid missing symbol errors
component: windows
Microsoft defaults stack checking (/Gs) to on. This requires
that bufferoverflowU.lib be included in the link step. The
macro SCLIB in the build system specifies this library on
versions of Windows that require it. Include SCLIB on the
link line of the makefile.
ticket: 5692
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20129
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Oct 2007 19:59:01 +0000 (19:59 +0000)]
back to krb5-1.6.3-beta2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20125
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Oct 2007 19:54:02 +0000 (19:54 +0000)]
patchlevel and readme for kfw-3.2.2-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20123
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Oct 2007 22:07:39 +0000 (22:07 +0000)]
pull up r20119 from trunk
r20119@cathode-dark-space: jaltman | 2007-10-12 19:08:30 -0400
ticket: 5820
There appears to be a bug either in the WiX engine or the Windows Installer 3.1.
The "File" type on the Registry Search property is supposed to provide the full
path name. Instead, we are being given just the directory as if it were being
processed with the "Directory" type.
We can avoid this for a REG_SZ value by using the "Raw" type because we are
sure that the string is not going to begin with a '#' character.
Because the full path was not being obtained for the UPGRADENSIS property, the
Uninstall routine was unable to CreateProcess() the uninstall program.
This commit also includes addition debugging in the NSIS Uninstall custom
handler to report the path and the GetLastError() value when the uninstall
fails. This will be logged in the msiexec log file and displayed in a
MessageBox.
ticket: 5820
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20122
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Oct 2007 22:07:25 +0000 (22:07 +0000)]
pull up r20118 from trunk
r20118@cathode-dark-space: jaltman | 2007-10-12 15:18:04 -0400
ticket: 5820
Set the Shortcut string to match the base product name
ticket: 5820
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20121
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Oct 2007 22:07:08 +0000 (22:07 +0000)]
pull up r20117 from trunk
r20117@cathode-dark-space: jaltman | 2007-10-12 15:01:38 -0400
ticket: new
subject: KFW: BUG: WIX: Improve Usability of multiple architecture MSI installations, remove non-unique GUID component identifiers, and include Beta ID in the package name
component: windows
tags: pullup
target_version: 1.6.3
The WiX installation package suffered from several problems:
* The Beta ID was not being included in the package name.
Fixed this by swapping the priority of "Release" and "Beta".
"Beta" is an official release that has a beta value.
A non-release has a datestamp as part of the package name.
* There were duplicate GUID values being used for registry components.
This would prevent proper removal of the components on uninstall.
* 64-bit Installers were being constructed with the 32-bit installer
schema. This prevented side-by-side installation of the 64-bit and
32-bit versions. This also permitted 64-bit installers to be
installed on 32-bit systems.
* The 64-bit and 32-bit installers had the same package name.
64-bit and 32-bit are now identified in the package name.
* 64-bit files were being installed to the WOW64 environment.
ticket: 5820
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20120
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Oct 2007 16:33:56 +0000 (16:33 +0000)]
patchlevel for kfw-3.2.2-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20104
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Oct 2007 16:31:34 +0000 (16:31 +0000)]
pull up r20101 from trunk
r20101@cathode-dark-space: jaltman | 2007-10-05 11:23:53 -0400
ticket: new
subject: NIM: BUG: APP: New edit controls should be marked ES_AUTOHSCROLL
component: windows
The EDIT controls used to accept input from the user must be set to
support automatic horizontal scrolling. Otherwise, the number of input
characters is arbitrarily restricted based upon the font selected by
the user as part of the active Windows theme.
Horizontal scrolling is enabled with the ES_AUTOHSCROLL flag during
control construction.
ticket: 5809
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20102
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Oct 2007 14:32:59 +0000 (14:32 +0000)]
pull up r20099 from trunk
r20099@cathode-dark-space: kpkoch | 2007-10-04 21:26:34 -0400
Ticket: new
Tags: pullup
Target_Version: 1.6.3
Subject: KfW Build: add new installer build files to copyfiles.xml.
Files were added to the installer build area. They also need to be added to the copylist, so that they are copied to the staging area, where the installer is built.
ticket: 5808
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20100
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Oct 2007 00:00:23 +0000 (00:00 +0000)]
krb5-1.6.3-beta2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20098
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Oct 2007 23:55:44 +0000 (23:55 +0000)]
readme and patchlevel for krb5-1.6.3-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20096
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Oct 2007 22:55:57 +0000 (22:55 +0000)]
pull up r20094 from trunk
r20094@cathode-dark-space: tlyu | 2007-10-04 18:13:13 -0400
ticket: 4136
target_version: 1.6.3
tags: pullup
Will Fiveash and Mark Phalan report that kadmin's unlock command calls
kadm5_lock() instead of of kadm5_unlock(). Apply the obvious fix.
ticket: 4136
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20095
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Oct 2007 20:44:33 +0000 (20:44 +0000)]
back to krb5-1.6.3-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20093
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Oct 2007 20:23:21 +0000 (20:23 +0000)]
readme and patchlevel for kfw-3.2.2-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20091
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Oct 2007 20:17:48 +0000 (20:17 +0000)]
pull up r19754 from trunk
r19754@cathode-dark-space: jaltman | 2007-08-06 11:11:03 -0400
ticket: new
subject: KRB5_CALLCONV must be specified inside parens
When declaring a function pointer, the function type
modifiers must be inside the parentheses.
return-type (modifers * function-name) (parameters)
ticket: 5625
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20089
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 3 Oct 2007 20:46:33 +0000 (20:46 +0000)]
back to krb5-1.6.3-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20088
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 3 Oct 2007 20:44:11 +0000 (20:44 +0000)]
patchlevel and winlevel for kfw-3.2.2-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20086
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 3 Oct 2007 00:26:01 +0000 (00:26 +0000)]
pull up r20082 from trunk
r20082@cathode-dark-space: tlyu | 2007-10-02 20:17:27 -0400
ticket: 5802
target_version: 1.6.3
tags: pullup
Apply patch from Nalin Dahyabhai to correctly handle delegated
credentials if ret_flags is null.
ticket: 5802
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20083
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 2 Oct 2007 04:07:12 +0000 (04:07 +0000)]
fix for krb5-1.6.x: Correctly build pkinit plugin including
dependencies. Reported by Doug Engert.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20080
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 2 Oct 2007 02:42:17 +0000 (02:42 +0000)]
pull up r20040 from trunk
r20040@cathode-dark-space: jaltman | 2007-10-01 16:09:55 -0400
ticket: new
subject: remove error tables by pointer
tags: pullup
target_version: 1.6.3
On Windows, it is possible for the same DLL to be loaded
into a process multiple times as separate instances. Each
time a DLL is loaded it registers its error tables at different
locations in the process address space. Removing the tables
by base instead of pointer value can result in the error table
list pointing at invalid memory.
ticket: 5801
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20079
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 2 Oct 2007 02:42:02 +0000 (02:42 +0000)]
pull up r20064 from trunk
r20064@cathode-dark-space: raeburn | 2007-10-01 19:48:57 -0400
ticket: 5800
tags: pullup
Initialize options for _alloc interface to same defaults as for _init.
ticket: 5800
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20078
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:55:38 +0000 (23:55 +0000)]
pull up r20039 from trunk
r20039@cathode-dark-space: raeburn | 2007-10-01 15:21:49 -0400
ticket: new
subject: def-check.pl needs to ignore ordinals in .def file
Otherwise, the UNIX build blows out now that the Windows export lists
have been updated. Silly consistency checks....
ticket: 5791
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20077
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:55:23 +0000 (23:55 +0000)]
pull up r20035 from trunk
r20035@cathode-dark-space: jaltman | 2007-10-01 12:15:39 -0400
ticket: 5798
tags: pullup
target_version: 1.6.3
component: windows
Process WM_CLOSE for the command-line option dialog.
ticket: 5798
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20076
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:55:09 +0000 (23:55 +0000)]
pull up r20034 from trunk
r20034@cathode-dark-space: jaltman | 2007-10-01 01:32:26 -0400
ticket: new
subject: NIM: BUG: APP: notification icon tooltip wrong string
The Network Identity Manager notification icon can display a tooltip
when the user hovers the mouse cursor over it. It is currently used
to indicate the default identity (if one is found). However, when
retrieving the name of the default identity, the size of the buffer
was left unspecified. This patch specifies the correct buffer size.
The function called with the incorrect buffer size was
kcdb_identity_get_name(). That function does not write more than
KCDB_IDENT_MAXCCH_NAME characters regardless of the size of the buffer
specified, and the buffer that was passed in is allocated to be this
size. No buffer overrun was present in the existing code, although
the behavior was incorrect.
ticket: 5797
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20075
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:54:52 +0000 (23:54 +0000)]
pull up r20033 from trunk
r20033@cathode-dark-space: jaltman | 2007-10-01 01:31:02 -0400
ticket: 5782
When Network Identity Manager starts, the credentials display
enumerates known identities and displays them if necessary. However,
as plug-ins load and the list of known identities, their properties
and credentials change, the order of the displayed list will also
change.
The existing code does not deal well in respect to tracking the
current selection when the list of identities and credentials change.
This results in inconsistent behavior where the identity that was
originally at the top of the list maintains its selection state while
the identity at the top of the list after all the plug-ins have loaded
will receive focus.
This patch fixes this problem by explicitly setting focus and
selection to the identity or credential at the current cursor location
following a change in the credentials list.
ticket: 5782
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20074
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:54:39 +0000 (23:54 +0000)]
pull up r20032 from trunk
r20032@cathode-dark-space: jaltman | 2007-10-01 01:29:38 -0400
ticket: 5783
The credentials display in Network Identity Manager colors the
background of identity headings based on the expiration state of the
credentials that belong to the identity.
This patch changes the behavior to color these headings based on the
existence and expiration state of identity credentials. With this
change, only identities that have valid identity credentials will
appear in green.
The same logic is used when drawing the menu items in the "Set
default" sub-menu in the notification icon.
ticket: 5783
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20073
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:54:23 +0000 (23:54 +0000)]
pull up r20031 from trunk
r20031@cathode-dark-space: jaltman | 2007-10-01 01:27:29 -0400
ticket: new
subject: NIM: BUG: APP: notification icon state
Currently, the notification icon that is created by Network Identity
Manager indicates the status of all the known credentials. If any
credential belonging to any identity is expired or in a critical
state, the icon will change color to indicate this.
This patch changes the behavior to only indicate the status of
credentials belonging to the default identity. The expiration state
of credentials that do not belong to the default identity no longer
affect the appearance of the notification icon.
ticket: 5796
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20072
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:54:09 +0000 (23:54 +0000)]
pull up r20030 from trunk
r20030@cathode-dark-space: jaltman | 2007-10-01 01:25:34 -0400
ticket: new
subject: NIM: BUG: APP: identity data corruption
The credentials display in Network Identity Manager uses a cached set
of properties for each identity that has credentials. The existing
code used the wrong field of the khui_credwnd_identity structure to
store the credentials type name associated with an identity, resulting
in a corrupt data structure.
This patch fixes the code to use the correct field.
ticket: 5795
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20071
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:53:55 +0000 (23:53 +0000)]
pull up r20029 from trunk
r20029@cathode-dark-space: jaltman | 2007-10-01 01:20:51 -0400
ticket: new
subject: NIM: BUG: APP: View-Select columns
Change "View columns" to "Select columns" in the "View" menu of
Network Identity Manager to be consistent with other Windows
applications.
ticket: 5794
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20070
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:53:38 +0000 (23:53 +0000)]
pull up r20028 from trunk
r20028@cathode-dark-space: jaltman | 2007-10-01 01:19:05 -0400
ticket: new
subject: NIM: BUG: APP: leaking prompts in obtain new credentials dialog
The Kerberos v5 plug-in for Network Identity Manager was not clearing
the list of prompts properly when a user changes the active identity
in the new credentials dialog. The stale prompts would be visible to
the user if the newly selected identity is invalid or the new identity
cannot be validated.
This patch clears the prompts if there is an identity change.
ticket: 5793
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20069
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:53:20 +0000 (23:53 +0000)]
pull up r20027 from trunk
r20027@cathode-dark-space: jaltman | 2007-09-30 23:22:07 -0400
ticket: 5789
add descriptions of credential flags, identity icons, and push-pins
update screen shots
add credits to Fermilabs and Stanford University.
other changes for kfw 3.2.2 release.
ticket: 5789
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20068
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:52:57 +0000 (23:52 +0000)]
pull up r20026 from trunk
r20026@cathode-dark-space: jaltman | 2007-09-30 23:20:06 -0400
ticket: 5789
fix the description of the notification icon status colors
ticket: 5789
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20067
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:52:44 +0000 (23:52 +0000)]
pull up r20025 from trunk
r20025@cathode-dark-space: jaltman | 2007-09-30 16:50:45 -0400
ticket: new
subject: NIM: BUG: LIB: deadlock in kmq
component: windows
Do not obtain a critical section that is already being held:
"cs_kmq_types"
Update the docs to indicate the additional restriction.
ticket: 5792
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20066
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:52:30 +0000 (23:52 +0000)]
pull up r20024 from trunk
r20024@cathode-dark-space: jaltman | 2007-09-30 16:46:02 -0400
ticket: new
subject: Add static ordinals to DLL exports
Add static ordinals to DLL exports in krb5_32.def, xpprof32.def
gssapi32.def, and krb524.def.
Not added to k5sprt32.def as all of the functions are
private.
Not added to krb4_32.def as the library is not supported
as part of KFW.
ticket: 5791
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20065
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:18:25 +0000 (23:18 +0000)]
pull up r20023 from trunk
r20023@cathode-dark-space: jaltman | 2007-09-30 10:42:22 -0400
ticket: 5753
When there is no ImagePath value for a module it indicates
that the module has not been installed. Do not report an
error to the end user for uninstalled modules. This will
only annoy the user and there is probably nothing the user
can do about it. Perhaps the user uninstalled the module
intentionally. The fact that there is still a HKCU key
remaining is not an indication that the module is in use.
ticket: 5753
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20063
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Oct 2007 23:18:10 +0000 (23:18 +0000)]
pull up r20022 from trunk
r20022@cathode-dark-space: jaltman | 2007-09-30 00:44:31 -0400
ticket: 5753
Remove Krb5Cred, Krb5Ident, and Krb4Cred default configuration data from
the KMM Schema. Require that modules that are installed be properly
installed.
Add NIM Module Registry values to the NSIS installer. These values were
already being set by the Wix installer.
By removing the ImagePath default, unable to load module errors will
not be generated when the module has not in fact been installed.
ticket: 5753
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20062
dc483132-0cff-0310-8789-
dd5450dbe970