Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: tags/krb5-1-8-…
Commits on Jun 10, 2010
  1. tag krb5-1.8.2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-8-2-final@24128 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel for krb5-1.8.2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24127 dc483132-0cff-0310-8789-dd5450dbe970
Commits on May 28, 2010
  1. krb5-1.8.2-beta1-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24114 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel.h for krb5-1.8.2-beta1

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24112 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6734

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24102 from trunk
    
     ------------------------------------------------------------------------
     r24102 | ghudson | 2010-05-24 22:44:45 -0400 (Mon, 24 May 2010) | 11 lines
    
     ticket: 6734
     subject: FAST negotiation could erroneously succeed
     target_version: 1.8.2
     tags: pullup
    
     When FAST negotiation is performed against an older KDC
     (rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set),
     krb5int_fast_verify_nego did not set the value of *fast_avail, causing
     stack garbage to be used in init_creds_step_reply.  Initialize
     *fast_avail at the beginning of the function per coding practices.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24111 dc483132-0cff-0310-8789-dd5450dbe970
Commits on May 20, 2010
  1. ticket: 6730

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24074 from trunk
    
     ------------------------------------------------------------------------
     r24074 | tlyu | 2010-05-20 16:42:26 -0400 (Thu, 20 May 2010) | 11 lines
    
     ticket: 6730
     subject: kdc_tcp_ports not documented in kdc.conf.M
     target_version: 1.8.2
     tags: pullup
    
     The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M,
     though it was documented in doc/admin.texinfo.  Copy text from there
     for now.  The setting defaults to an empty string at the moment,
     causing the KDC to not listen on TCP by default, confusing some users.
     Changing this behavior is a separate issue.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24077 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6726

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24075 from trunk
    
     ------------------------------------------------------------------------
     r24075 | tlyu | 2010-05-20 17:32:47 -0400 (Thu, 20 May 2010) | 8 lines
    
     ticket: 6726
     target_version: 1.8.2
     tags: pullup
    
     Apply patch from Arlene Berry to detect and ignore a duplicate
     mechanism token sent in the mechListMIC field, such as sent by Windows
     2000 Server.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24076 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6562

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24055 from trunk
    
     ------------------------------------------------------------------------
     r24055 | ghudson | 2010-05-18 13:19:15 -0400 (Tue, 18 May 2010) | 6 lines
    
     ticket:	6562
    
     When parsing a KDC or admin server string, allow the name or address
     to be enclosed in brackets so that IPv6 addresses can be represented.
     (IPv6 addresses contain colons, which look like port separators.)
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24073 dc483132-0cff-0310-8789-dd5450dbe970
Commits on May 19, 2010
  1. ticket: 6725

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24056 from trunk
    
     ------------------------------------------------------------------------
     r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines
    
     ticket: 6725
     subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
     tags: pullup
     target_version: 1.8.2
    
     Make krb5_gss_accept_sec_context() check for a null authenticator
     checksum pointer before attempting to dereference it.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24063 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6722

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24020 from trunk
    
     ------------------------------------------------------------------------
     r24020 | ghudson | 2010-05-13 14:49:20 -0400 (Thu, 13 May 2010) | 8 lines
    
     ticket: 6722
     subject: Error handling bug in krb5_init_creds_init()
     tags: pullup
     target_version: 1.8.2
    
     Fix a bug in krb5_init_creds_init() where a freed context could be
     returned to the caller in certain error cases.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24062 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6718

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r24002 from trunk
    
     ------------------------------------------------------------------------
     r24002 | ghudson | 2010-05-10 18:23:57 -0400 (Mon, 10 May 2010) | 14 lines
    
     ticket: 6718
     subject: Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
     target_version: 1.8.2
     tags: pullup
    
     In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine
     whether krbLoginFailedCount existed on the entry when it was
     retrieved.  If it didn't exist, don't try to use LDAP_MOD_INCREMENT,
     and don't assert an old value when not using LDAP_MOD_INCREMENT.
    
     Also, create the krbLoginFailedCount attribute when creating new
     entries.  This allows us to use LDAP_MOD_INCREMENT during the first
     failed login (if the server supports it), avoiding a race condition.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24061 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 6711

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r23959 from trunk
    
     ------------------------------------------------------------------------
     r23959 | tlyu | 2010-04-30 17:10:55 -0400 (Fri, 30 Apr 2010) | 8 lines
    
     ticket: 6711
     subject: memory leak in process_tgs_req in r23724
     tags: pullup
     target_version: 1.8.2
    
     Fix a KDC memory leak that was introduced by r23724 that could leak
     the decoded request.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24060 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 6698

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r23928 from trunk
    
     ------------------------------------------------------------------------
     r23928 | tlyu | 2010-04-22 21:10:20 -0400 (Thu, 22 Apr 2010) | 10 lines
    
     ticket: 6698
     target_version: 1.8.2
     tags: pullup
    
     Adapted patch from Jason Rogers.  It wasn't complete, so this commit
     fixes the other instances of the 64-bit problem.
    
     Also fix krb5_deltat_to_str(), which would previously always return an
     empty string.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24059 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 6697

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r23929 from trunk
    
     ------------------------------------------------------------------------
     r23929 | tlyu | 2010-04-22 21:30:48 -0400 (Thu, 22 Apr 2010) | 7 lines
    
     ticket: 6697
     target_version: 1.8.2
     tags: pullup
    
     Adapted patch from Arlene Berry to handle dlerror() returning a null
     pointer.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24058 dc483132-0cff-0310-8789-dd5450dbe970
  7. ticket: 6696

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r23925 from trunk
    
     ------------------------------------------------------------------------
     r23925 | tlyu | 2010-04-22 16:04:01 -0400 (Thu, 22 Apr 2010) | 8 lines
    
     ticket: 6696
     target_version: 1.8.2
     tags: pullup
    
     Apply patch from Arlene Berry to cease freeing error tokens output by
     accept_sec_context, allowing them to actually be sent to the
     initiator.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24057 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Apr 20, 2010
  1. ticket: 6702

    tlyu authored
    version_fixed: 1.8.2
    status: resolved
    
    pull up r23912 from trunk
    
     ------------------------------------------------------------------------
     r23912 | tlyu | 2010-04-20 17:12:10 -0400 (Tue, 20 Apr 2010) | 11 lines
    
     ticket: 6702
     target_version: 1.8.2
     tags: pullup
    
     Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggered
     by ticket renewal.  Add a test case.
    
     See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
    
     Thanks to Joel Johnson and Brian Almeida for the reports.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23914 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Apr 8, 2010
  1. krb5-1.8.1-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23880 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel.h for krb5-1.8.1 final

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23878 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Mar 30, 2010
  1. krb5-1.8.1-beta2-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23849 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel for krb5-1.8.1-beta2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23847 dc483132-0cff-0310-8789-dd5450dbe970
  3. make depend

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23846 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 6693

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23844 from trunk
    
     ------------------------------------------------------------------------
     r23844 | ghudson | 2010-03-29 18:08:21 -0400 (Mon, 29 Mar 2010) | 9 lines
    
     ticket: 6693
     subject: Fix backwards flag output in krb5_init_creds_step()
     tags: pullup
     target_version: 1.8.1
    
     krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1
     for "continue" and 0 for "stop".  Unfortunately, we got it backwards
     in 1.8; fix it for 1.8.1.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23845 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Mar 28, 2010
  1. krb5-1.8.1-beta1-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23841 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel for krb5-1.8.1-beta1

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23839 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Mar 23, 2010
  1. ticket: 6678

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23834 from trunk
    
     ------------------------------------------------------------------------
     r23834 | tlyu | 2010-03-23 15:00:13 -0700 (Tue, 23 Mar 2010) | 7 lines
    
     ticket: 6678
     target_version: 1.8.1
     tags: pullup
    
     Apply patch from Arlene Berry to not use freed memory in
     gss_import_sec_context in some error paths.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23835 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6690

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23832 from trunk
    
     ------------------------------------------------------------------------
     r23832 | tlyu | 2010-03-23 11:53:52 -0700 (Tue, 23 Mar 2010) | 8 lines
    
     ticket: 6690
     target_version: 1.8.1
     tags: pullup
     subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
    
     The SPNEGO implementation in krb5-1.7 and later could crash due to
     assertion failure when receiving some sorts of invalid GSS-API tokens.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23833 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6689

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23829 from trunk
    
     ------------------------------------------------------------------------
     r23829 | tlyu | 2010-03-22 23:09:02 -0700 (Mon, 22 Mar 2010) | 10 lines
    
     ticket: 6689
     target_version: 1.8.1
     tags: pullup
     subject: krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
    
     Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because
     krb5int_fast_process_error was assuming that it was safe to cast it to
     krb5_pa_data.  It's not safe to do the cast on 64-bit MacOSX because
     krb5.hin uses #pragma pack on that platform.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23830 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 6687

    tlyu authored
    version_fixed: 1.8.1
    
    pull up r23821 from trunk
    
     ------------------------------------------------------------------------
     r23821 | ghudson | 2010-03-19 20:50:06 -0700 (Fri, 19 Mar 2010) | 17 lines
    
     ticket: 6687
     subject: Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
     target_version: 1.8.1
     tags: pullup
    
     KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data
     type, was used to implement PAC-less constrained delegation in krb5
     1.8.  Unfortunately, it was found that Microsoft was using 142 for
     other purposes, which could result in a ticket issued by an MIT or
     Heimdal KDC being rejected by a Windows Server 2008 R2 application
     server.  Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate
     among a realm's KDCs, it is relatively easy to change the number, so
     MIT and Heimdal are both migrating to a new number.  This change will
     cause a transitional interoperability issue when a realm mixes MIT
     krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal
     1.3.2) KDCs, but only for constrained delegation evidence tickets.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23828 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 6680

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23820 from trunk
    
     ------------------------------------------------------------------------
     r23820 | ghudson | 2010-03-19 09:17:05 -0700 (Fri, 19 Mar 2010) | 7 lines
    
     ticket: 6680
     target_version: 1.8.1
     tags: pullup
    
     Document the ticket_lifetime libdefaults setting (which was added in
     r16656, #2656).  Based on a patch from nalin@redhat.com.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23827 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 6683

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23819 from trunk
    
     ------------------------------------------------------------------------
     r23819 | ghudson | 2010-03-18 10:37:31 -0700 (Thu, 18 Mar 2010) | 7 lines
    
     ticket: 6683
     target_version: 1.8.1
     tags: pullup
    
     Fix the kpasswd fallback from the ccache principal name to the
     username in the case where the ccache doesn't exist.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23826 dc483132-0cff-0310-8789-dd5450dbe970
  7. ticket: 6681

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23815 from trunk
    
     ------------------------------------------------------------------------
     r23815 | ghudson | 2010-03-17 14:10:10 -0700 (Wed, 17 Mar 2010) | 7 lines
    
     ticket: 6681
     target_version: 1.8.1
     tags: pullup
    
     When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don't
     dereference options if it's NULL.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23825 dc483132-0cff-0310-8789-dd5450dbe970
  8. ticket: 6685

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23810 from trunk
    
     ------------------------------------------------------------------------
     r23810 | tlyu | 2010-03-16 12:14:33 -0700 (Tue, 16 Mar 2010) | 8 lines
    
     ticket: 6685
     target_version: 1.8.1
     subject: handle NT_SRV_INST in service principal referrals
    
     Handle NT_SRV_INST in service principal cross-realm referrals, as
     Windows apparently uses that instead of NT_SRV_HST for at least some
     service principals.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23824 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Mar 15, 2010
  1. ticket: 6676

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23766 from trunk
    
     ------------------------------------------------------------------------
     r23766 | ghudson | 2010-03-05 12:45:46 -0500 (Fri, 05 Mar 2010) | 10 lines
    
     ticket: 6676
     subject: Ignore improperly encoded signedpath AD elements
     target_version: 1.8.1
     tags: pullup
    
     We have some reason to believe Microsoft and Heimdal are both using
     the authdata value 142 for different purposes, leading to failures in
     verify_ad_signedpath().  For better interoperability, treat such
     tickets as unsigned, rather than invalid.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23809 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 6674

    tlyu authored
    status: resolved
    version_fixed: 1.8.1
    
    pull up r23772 from trunk
    
     ------------------------------------------------------------------------
     r23772 | ghudson | 2010-03-05 15:35:26 -0500 (Fri, 05 Mar 2010) | 7 lines
    
     ticket: 6674
     target_version: 1.8.1
     tags: pullup
    
     Release the internal_name field of a SPNEGO context if it has not been
     claimed for a caller argument.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23808 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 6668

    tlyu authored
    version_fixed: 1.8.1
    status: resolved
    
    pull up r23749 from trunk
    
     ------------------------------------------------------------------------
     r23749 | ghudson | 2010-02-24 13:57:08 -0500 (Wed, 24 Feb 2010) | 9 lines
    
     ticket: 6668
     subject: Two problems in kadm5_get_principal mask handling
     target_version: 1.8
     tags: pullup
    
     KADM5_MOD_NAME was being applied to entry->principal instead of
     entry->mod_name.  KADM5_MKVNO was not being applied to entry->mkvno.
     Patch from Marcus Watts <mdw@umich.edu>.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23807 dc483132-0cff-0310-8789-dd5450dbe970
Something went wrong with that request. Please try again.