Contents of 7.8.1 release #1222
Open
Commits on Nov 16, 2022
-
kdc: avoid re-encoding KDC-REQ-BODY
Use --preserve-binary=KDC-REQ-BODY option to ASN.1 compiler to avoid re-encoding KDC-REQ-BODYs for verification in GSS preauth, TGS and PKINIT. [abartlet@samba.org adapted from Heimdal commit ebfd48e by removing references to FAST and GSS-pre-auth. This fixes the Windows 11 22H2 issue with TGS-REQ as seen at https:github.com//issues/1011 and so removes the knownfail file for this test] FIXES: 1011 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-
lib/ipc: set but unused 'kr' variables
mach_complete_async() and mach_complete_sync() are void functions. Nothing uses the 'kr' value after being set which results in error: variable 'kr' set but not used [-Werror,-Wunused-but-set-variable] Remove the variables.
-
kuser/kinit: NO_AFS unused-but-set-variable
When NO_AFS is defined, 'ret' is set but unused resulting in a build failure on macOS. error: variable 'ret' set but not used [-Werror,-Wunused-but-set-variable
-
lib/krb5: fix _krb5_get_int64 on 32-bit systems
On systems where 'unsigned long' is 32-bits and the 'size' parameter is set to 8 and the bytes are: 0x78 0x00 0x00 0x00 0x00 0x00 0x00 0x00 When 'i' becomes 4 'v' will be 0 again. As 'unsigned long' is only able to hold 4 bytes. Change the type of 'v' from 'unsigned long' to 'uint64_t' which matches the type of the output parameter 'value'. (cherry picked from commit 9d1bfab) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> CVE: CVE-2022-42898 Samba-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Commits on Nov 17, 2022
-
lib/krb5: krb5_pac_parse mem leak if pac_header_size failure
48 byte memory leak from krb5_pac_parse() each time pac_header_size() fails.
-
kdc: Check generate_pac() return code
If the function fails, we should not issue a ticket missing the PAC. (cherry picked from commit 05e589d)
Commits on Dec 13, 2022
-
roken: do not override system network address functions
Roken functions rk_copyhostent(), rk_freeaddrinfo(), rk_freehostent() rk_getaddrinfo(), rk_getipnodebyaddr(), rk_getipnodebyname(), and rk_getnameinfo() should never be built without the "rk_" prefix. Doing so overrides the system provided functions of the same name when they exist. (cherry picked from commit 7b3a993)
Commits on Jan 13, 2024
-
ipropd_slave: open hdb around kadm5_log_init in case recovery needed
log_init in the event a log is found will do recovery. kadm5_log_replay will call methods which expect an hdb_db to be set but without this none is
-
kadm5: Added kadm_log_init_recover
This takes care of opening and closing the database for use with log possible recovery, without immediate intent to keep the database open for one or more changes. This simplifies code in kadmin/load.c and lib/kadm5/ipropd_slave.c.
-
-
hcrypto: Don't test rc2 nor rc4 (OS X)
This is just for 7.8.1. Do not pull this into master.
-
-
-
-
-
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.