Permalink
Switch branches/tags
Nothing to show
Commits on Jan 25, 2010
  1. tag krb5-1.7.1-beta1

    tlyu committed Jan 25, 2010
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7-1-beta1@23669 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel for krb5-1.7.1-beta1

    tlyu committed Jan 25, 2010
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23668 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 13, 2010
  1. ticket: 6594

    tlyu committed Jan 13, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23482 from trunk
    
     ------------------------------------------------------------------------
     r23482 | ghudson | 2009-12-21 12:58:12 -0500 (Mon, 21 Dec 2009) | 9 lines
    
     ticket: 6594
     target_version: 1.7.1
     tags: pullup
    
     Add a set_cred_option handler for SPNEGO which forwards to the
     underlying mechanism.  Fixes SPNEGO credential delegation in 1.7 and
     copying of SPNEGO initiator creds in both 1.7 and trunk.  Patch
     provided by nalin@redhat.com.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23655 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 12, 2010
  1. ticket: 6587

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    Pull up r23492 from branches/anonymous.
    
     ------------------------------------------------------------------------
     r23492 | hartmans | 2009-12-23 16:09:50 -0500 (Wed, 23 Dec 2009) | 17 lines
    
     Subject: ad-initial-verified-cas logic broken
     ticket: 6587
     status: open
    
     In the initial pkinit implementation, the server plugin generates an
     incorrect encoding for ad-initial-verified-cas.  In particular, it
     assumes that ad-if-relevant takes a single authorization data element
     not a sequence of authorization data elements.  Nothing looked at the
     authorization data in 1.6.3 so this was not noticed.  However in 1.7,
     the FAST implementation looks for authorization data.  In 1.8 several
     more parts of the KDC examine authorization data.  The net result is
     that the KDC fails to process the TGT it issues.
    
     However on top of this bug, there is a spec problem.  For many of its
     intended uses, ad-initial-verified-cas needs to be integrity
     protected by the KDC in order to prevent a client from injecting it.
     So, it should be contained in kdc-issued not ad-if-relevant.
    
     For now we're simply removing the generation of this AD element until
     the spec is clarified.
    
    ------------------------------------------------------------------------
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23654 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6637

    tlyu committed Jan 12, 2010
    target_version: 1.7.1
    version_fixed: 1.7.1
    status: resolved
    subject: MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption
    
    Fix integer underflow in AES and RC4 decryption.
    [MITKRB5-SA-2009-004, CVE-2009-4212]
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23651 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6635

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    target_version: 1.7.1
    status: resolved
    tags: pullup
    
    Pull up r22782, r22784, r23610 from trunk, with additional test suite
    changes to compensate for the existence of the api.0/ unit tests that
    removed for 1.8.  Don't pull up the kadmin CLI changes for now.
    
     ------------------------------------------------------------------------
     r23610 | ghudson | 2010-01-07 21:43:21 -0500 (Thu, 07 Jan 2010) | 10 lines
    
     ticket: 6626
     subject: Restore interoperability with 1.6 addprinc -randkey
     tags: pullup
     target_version: 1.8
    
     The arcfour string-to-key operation in krb5 1.7 (or later) disagrees
     with the dummy password used by the addprinc -randkey operation in
     krb5 1.6's kadmin client, because it's not valid UTF-8.  Recognize the
     1.6 dummy password and use a random password instead.
    
     ------------------------------------------------------------------------
     r22784 | ghudson | 2009-09-24 11:40:26 -0400 (Thu, 24 Sep 2009) | 2 lines
    
     Fix kadm5 unit test modified in r22782.
    
     ------------------------------------------------------------------------
     r22782 | ghudson | 2009-09-21 14:40:02 -0400 (Mon, 21 Sep 2009) | 5 lines
    
     Improve the mechanism used for addprinc -randkey.  In the kadmin
     server, if the password is null when creating a principal, treat that
     as a request for a random key.  In the kadmin client, try using the
     new method for random key creation and then fall back to the old one.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23650 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 5668

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22518 from trunk
    
     ------------------------------------------------------------------------
     r22518 | raeburn | 2009-08-12 13:58:24 -0400 (Wed, 12 Aug 2009) | 19 lines
    
      r22529@squish:  raeburn | 2009-08-12 13:49:45 -0400
      .
      r22530@squish:  raeburn | 2009-08-12 13:55:57 -0400
      Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option.
    
      Change all code conditionals to test a new global variable, the
      initial value of which is based on KRBCONF_KDC_MODIFIES_KDB.  There is
      currently no way to alter the value from the command line; that will
      presumably be desired later.
    
      Change initialize_realms to store db_args in a global variable.  In
      process_as_req, call db_open instead of the old set_name + init.
      Don't reopen if an error is reported by krb5_db_fini.
    
      Add a test of running kinit with an incorrect password, to trigger a
      kdb update if enabled.
      r22531@squish:  raeburn | 2009-08-12 13:58:13 -0400
      Fix trailing whitespace.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23647 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 6633

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23629 from trunk
    
     ------------------------------------------------------------------------
     r23629 | ghudson | 2010-01-11 20:07:48 -0500 (Mon, 11 Jan 2010) | 9 lines
    
     ticket: 6633
     subject: Use keyed checksum type for DES FAST
     target_version: 1.7
     tags: pullup
    
     DES enctypes have unkeyed mandatory-to-implement checksums.  Since
     FAST requires a keyed checksum, we must pick something else in that
     case.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23646 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 6589

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23397 from trunk
    
     ------------------------------------------------------------------------
     r23397 | ghudson | 2009-11-30 20:36:42 -0500 (Mon, 30 Nov 2009) | 10 lines
    
     ticket: 6589
     subject: Fix AES IOV decryption of small messages
     tags: pullup
     target_version: 1.7.1
    
     AES messages never need to be padded because the confounder ensures
     that the plaintext is at least one block long.  Remove a check in
     krb5int_dk_decrypt_iov which was rejecting short AES messages because
     it didn't count the header length.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23645 dc483132-0cff-0310-8789-dd5450dbe970
  7. ticket: 6588

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23389 from trunk
    
     ------------------------------------------------------------------------
     r23389 | ghudson | 2009-11-30 14:03:58 -0500 (Mon, 30 Nov 2009) | 10 lines
    
     ticket: 6588
     subject: Fix ivec chaining for DES iov encryption
     tags: pullup
     target_version: 1.7.1
    
     krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
     ivec.  Fix it to use the last cipher block, borrowing from the
     corresponding des3 function.  The impact of this bug is not serious
     since ivec chaining is not typically used with IOV encryption in 1.7.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23644 dc483132-0cff-0310-8789-dd5450dbe970
  8. ticket: 6585

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23325, 23384 from trunk
    
     ------------------------------------------------------------------------
     r23384 | hartmans | 2009-11-30 09:14:47 -0500 (Mon, 30 Nov 2009) | 4 lines
    
     ticket: 6585
    
     Fix memory leak
    
     ------------------------------------------------------------------------
     r23325 | hartmans | 2009-11-23 20:05:30 -0500 (Mon, 23 Nov 2009) | 12 lines
    
     ticket: 6585
     subject: KDC MUST NOT accept ap-request armor in FAST TGS
     target_version: 1.7.1
     tags: pullup
    
     Per the latest preauth framework spec, the working group has decided
     to forbid ap-request armor in the TGS request because of security
     problems with that armor type.
    
     This commit was tested against an implementation of FAST TGS client to
     confirm that if explicit armor is sent, the request is rejected.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23643 dc483132-0cff-0310-8789-dd5450dbe970
  9. ticket: 6584

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    
    Backport test suite portion of r23361 from trunk
    
     ------------------------------------------------------------------------
     r23361 | tlyu | 2009-11-25 22:54:59 -0500 (Wed, 25 Nov 2009) | 15 lines
    
     ticket: 6584
     target_version: 1.7.1
     tags: pullup
    
     Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
     correctly for these checksums.
    
     Fix regression in MD4-DES and MD5-DES keyed checksums.  The original
     key was being used for the DES encryption, not the "xorkey".  (key
     with each byte XORed with 0xf0)
    
     Add a test case that will catch future regressions of this sort, by
     including a verification of a "known-good" checksum (derived from a
     known-to-be-interoperable version of the implementation).
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23642 dc483132-0cff-0310-8789-dd5450dbe970
  10. ticket: 6579

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23144, r23145 from trunk
    
     ------------------------------------------------------------------------
     r23145 | raeburn | 2009-11-09 11:56:01 -0500 (Mon, 09 Nov 2009) | 4 lines
    
     ticket: 6579
    
     Revise patch to avoid using changequote.
    
     ------------------------------------------------------------------------
     r23144 | raeburn | 2009-11-09 01:13:34 -0500 (Mon, 09 Nov 2009) | 21 lines
    
     ticket: 6579
     target_version: 1.7.1
     tags: pullup
     subject: quoting bug causes solaris pre-10 thread handling bugs
    
     Quoting problems in pattern matching on the OS name cause Solaris
     versions up through 9 to not be properly recognized in the
     thread-system configuration setup.  This causes our libraries to make
     the erroneous assumption that valid thread support routines are
     available on all Solaris systems, rather than just assuming it for
     Solaris 10 and later.
    
     The result is assertion failures like this one reported by Meraj
     Mohammed and others:
    
       Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63
    
     Thanks to Tom Shaw for noticing the cause of the problem.
    
     The bug may be present in the 1.6.x series as well.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23641 dc483132-0cff-0310-8789-dd5450dbe970
  11. ticket: 6573

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    backport r22890 from trunk
    
     ------------------------------------------------------------------------
     r22890 | ghudson | 2009-10-13 15:43:17 -0400 (Tue, 13 Oct 2009) | 11 lines
    
     ticket: 6573
     subject: Fix preauth looping in krb5_get_init_creds
     tags: pullup
     target_version: 1.7.1
    
     In 1.7, krb5_get_init_creds will continue attempting the same built-in
     preauth mechanism (e.g. encrypted timestamp) until the loop counter
     maxes out.  Until the preauth framework can remember not to retry
     built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
     error resulting from optimistic preauth.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23640 dc483132-0cff-0310-8789-dd5450dbe970
  12. ticket: 6571

    tlyu committed Jan 12, 2010
    status: resolved
    
    Add manual kfree.c change missing from previous pullup.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23639 dc483132-0cff-0310-8789-dd5450dbe970
  13. ticket: 6571

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22872 from trunk
    
     ------------------------------------------------------------------------
     r22872 | ghudson | 2009-10-09 10:21:04 -0400 (Fri, 09 Oct 2009) | 7 lines
    
     ticket: 6571
     tags: pullup
     target_version: 1.7.1
    
     In asn1_decode_enc_kdc_rep_part, don't leak the enc_padata field on
     invalid representations.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23638 dc483132-0cff-0310-8789-dd5450dbe970
  14. ticket: 6568

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22781 from trunk
    
     ------------------------------------------------------------------------
     r22781 | ghudson | 2009-09-21 12:11:26 -0400 (Mon, 21 Sep 2009) | 10 lines
    
     ticket: 6568
     subject: Fix addprinc -randkey when policy requires multiple character classes
     tags: pullup
     target_version: 1.7.1
    
     The fix for ticket #6074 (r20650) caused a partial regression of
     ticket #115 (r9210) because the dummy password contained only one
     character class.  As a minimal 1.7 fix, use all five character classes
     in the dummy password.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23637 dc483132-0cff-0310-8789-dd5450dbe970
  15. ticket: 6559

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22732 from trunk
    
     ------------------------------------------------------------------------
     r22732 | ghudson | 2009-09-11 13:30:51 -0400 (Fri, 11 Sep 2009) | 7 lines
    
     ticket: 6559
     subject: Fix parsing of GSS exported names
     tags: pullup
     target_version: 1.7.1
    
     Cherry-picked from Luke's authdata branch.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23636 dc483132-0cff-0310-8789-dd5450dbe970
  16. ticket: 6558

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22718 from trunk
    
     ------------------------------------------------------------------------
     r22718 | ghudson | 2009-09-09 11:17:09 -0400 (Wed, 09 Sep 2009) | 8 lines
    
     ticket: 6558
     subject: Fix memory leak in gss_krb5int_copy_ccache
     tags: pullup
     target_version: 1.7.1
    
     gss_krb5int_copy_ccache was iterating over credentials in a ccache
     without freeing them.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23635 dc483132-0cff-0310-8789-dd5450dbe970
  17. ticket: 6557

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
     ------------------------------------------------------------------------
     r22710 | ghudson | 2009-09-03 16:41:56 -0400 (Thu, 03 Sep 2009) | 10 lines
    
     ticket: 6557
     subject: Supply canonical name if present in LDAP iteration
     target_version: 1.7.1
     tags: pullup
    
     In the presence of aliases, LDAP iteration was supplying the first
     principal it found within the expected realm, which is not necessarily
     the same as the canonical name.  If the entry has a canonical name
     field, use that in preference to any of the principal names.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23634 dc483132-0cff-0310-8789-dd5450dbe970
  18. ticket: 6556

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22708 from trunk
     ------------------------------------------------------------------------
     r22708 | ghudson | 2009-09-03 13:39:50 -0400 (Thu, 03 Sep 2009) | 9 lines
    
     ticket: 6556
     subject: Supply LDAP service principal aliases to non-referrals clients
     target_version: 1.7
     tags: pullup
    
     In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY
     flag isn't set (abusing that flag to recognize a client name lookup).
     Based on a patch from Luke Howard.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23633 dc483132-0cff-0310-8789-dd5450dbe970
  19. ticket: 6553

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    
    pull up r22648 from trunk
    
     ------------------------------------------------------------------------
     r22648 | tlyu | 2009-08-28 17:36:28 -0400 (Fri, 28 Aug 2009) | 8 lines
    
     ticket: 6553
     subject: use perror instead of error in kadm5 test suite
     target_version: 1.7.1
     tags: pullup
    
     Use "perror" instead of "error" to ensure that framework error
     conditions actually cause "make check" to report failure.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23632 dc483132-0cff-0310-8789-dd5450dbe970
  20. ticket: 6552

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22644 from trunk
     ------------------------------------------------------------------------
     r22644 | ghudson | 2009-08-28 13:23:20 -0400 (Fri, 28 Aug 2009) | 8 lines
    
     ticket: 6552
     subject: Document kinit -C and -E options
     target_version: 1.7.1
     tags: pullup
    
     kinit -C (canonicalize name) and -E (enterprise principal name)
     weren't documented in the man page.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23631 dc483132-0cff-0310-8789-dd5450dbe970
  21. ticket: 6534

    tlyu committed Jan 12, 2010
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22643 from trunk
    
     ------------------------------------------------------------------------
     r22643 | ghudson | 2009-08-28 12:00:54 -0400 (Fri, 28 Aug 2009) | 7 lines
    
     ticket: 6534
    
     Disable the COPY_FIRST_CANONNAME workaround on Linux glibc 2.4 and
     later, since it leaks memory on fixed glibc versions.  We will still
     leak memory on glibc 2.3.4 through 2.3.6 (e.g. RHEL 4) but that's
     harder to detect.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23630 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 29, 2009
  1. ticket: 6608

    tlyu committed Dec 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r23533 from trunk
    
     ------------------------------------------------------------------------
     r23533 | tlyu | 2009-12-28 21:42:51 -0500 (Mon, 28 Dec 2009) | 10 lines
    
     ticket: 6608
     subject: MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referrals
     tags: pullup
     target_version: 1.7.1
    
     On certain error conditions, prep_reprocess_req() calls kdc_err() with
     a null pointer as the format string, causing a null dereference and
     denial of service.  Legitimate protocol requests can trigger this
     problem.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23534 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Sep 29, 2009
  1. ticket: 6551

    tlyu committed Sep 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22636 from trunk
     ------------------------------------------------------------------------
     r22636 | ghudson | 2009-08-27 09:40:50 -0400 (Thu, 27 Aug 2009) | 17 lines
    
     ticket: 6551
     subject: Memory leak in spnego accept_sec_context error path
     tags: pullup
     target_version: 1.7
    
     If the underlying mechanism's accept_sec_context returns an error, the
     spnego accept_sec_context was leaving allocated data in
     *context_handle, which is incorrect for the first call according to
     RFC 2744.
    
     Fix this by mirroring some code from the spnego init_sec_context,
     which always cleans up the half-constructed context in case of error.
     This is allowed (though not encouraged) by RFC 2744 for second and
     subsequent calls; since we were already doing it in init_sec_context,
     it seems simpler to do that than keep track of whether this is a first
     call or not.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22813 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6543

    tlyu committed Sep 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22519 from trunk
    
     ------------------------------------------------------------------------
     r22519 | ghudson | 2009-08-12 14:53:47 -0400 (Wed, 12 Aug 2009) | 12 lines
    
     ticket: 6543
     subject: Reply message ordering bug in ftpd
     tags: pullup
     target_version: 1.7
    
     user() was replying to the user command and then calling login(),
     which could send a continuation reply if it fails to chdir to the
     user's homedir.  Continuation replies must come before the actual
     reply; the mis-ordering was causing ftp and ftpd to deadlock.  To fix
     the bug, invoke login() before reply() so that the continuation reply
     comes first.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22812 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6542

    tlyu committed Sep 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22516 from trunk
     ------------------------------------------------------------------------
     r22516 | ghudson | 2009-08-10 15:12:47 -0400 (Mon, 10 Aug 2009) | 8 lines
    
     ticket: 6542
     subject: Check for null characters in pkinit cert fields
     tags: pullup
     target_version: 1.7
    
     When processing DNS names or MS UPNs in pkinit certs, disallow
     embedded null characters.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22811 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 6533

    tlyu committed Sep 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22475 from trunk
    
     ------------------------------------------------------------------------
     r22475 | ghudson | 2009-07-30 15:06:37 -0400 (Thu, 30 Jul 2009) | 8 lines
    
     ticket: 6533
     tags: pullup
     target_version: 1.7
    
     Include <assert.h> in k5-platform.h, since we use assertions in some
     of the macros defined there, as well as in many source files which do
     not themselves include <assert.h>.  Report and fix by Rainer Weikusat.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22810 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 6541

    tlyu committed Sep 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22474 from trunk
    
     ------------------------------------------------------------------------
     r22474 | epeisach | 2009-07-30 13:22:28 -0400 (Thu, 30 Jul 2009) | 7 lines
    
     ticket: 6541
     subject: Fix memory leak in k5_pac_verify_server_checksum
    
     k5_pac_verify_server_checksum was leaking memory when the checksum was valid.
    
     t_pac.c: Fix memory leak by forgetting to release memory.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22809 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 6540

    tlyu committed Sep 29, 2009
    status: resolved
    version_fixed: 1.7.1
    
    pull up r22473 from trunk
    
     ------------------------------------------------------------------------
     r22473 | epeisach | 2009-07-30 13:12:20 -0400 (Thu, 30 Jul 2009) | 5 lines
    
     ticket: 6540
     subject: memory leak in test code t_authdata
    
     Free the krb5_context at the end to release memory.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22808 dc483132-0cff-0310-8789-dd5450dbe970
  7. ticket: 6532

    tlyu committed Sep 29, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22443 from trunk
    
     ------------------------------------------------------------------------
     r22443 | tlyu | 2009-07-16 21:35:58 -0400 (Thu, 16 Jul 2009) | 8 lines
    
     ticket: 6531
     target_version: 1.6.4
     tags: pullup
     subject: include win-mac.h in gssftp/ftp/cmds.c for HAVE_STDLIB_H
    
     gssftp/ftp/cmds.c had a preprocessor conditional on HAVE_STDLIB_H that
     will not evaluate correctly on WIN32 unless win-mac.h is included first.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22807 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Sep 28, 2009
  1. ticket: 6530

    tlyu committed Sep 28, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22435 from trunk
    
     ------------------------------------------------------------------------
     r22435 | tlyu | 2009-07-10 15:46:20 -0400 (Fri, 10 Jul 2009) | 9 lines
    
     ticket: 6530
     target_version: 1.7.1
     tags: pullup
     subject: check for slogin failure in setup_root_shell
    
     Add a check for a slogin message that indicates an unknown public key
     fingerprint, as rlogin looks like it points to slogin by default on
     Debian Lenny.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22805 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6519

    tlyu committed Sep 28, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22424 from trunk
    
     ------------------------------------------------------------------------
     r22424 | ghudson | 2009-06-26 21:00:05 -0400 (Fri, 26 Jun 2009) | 7 lines
    
     ticket: 6519
     tags: pullup
     target_version: 1.7
    
     In krb5_copy_error_message, pass correct pointer to
     krb5int_clear_error.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22804 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 1233

    tlyu committed Sep 28, 2009
    version_fixed: 1.7.1
    status: resolved
    
    pull up r22434 from trunk
    
     ------------------------------------------------------------------------
     r22434 | tlyu | 2009-07-10 15:20:26 -0400 (Fri, 10 Jul 2009) | 8 lines
    
     ticket: 1233
    
     Add a new '-W' option to kadmind and kdb5_util create to allow reading
     weak random numbers on startup, to avoid long delays in testing
     situations.  Use only for testing.
    
     Update testing scripts accordingly.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22803 dc483132-0cff-0310-8789-dd5450dbe970