From noreply at github.com Mon Dec 1 18:43:07 2014 From: noreply at github.com (GitHub) Date: Mon, 01 Dec 2014 09:43:07 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 92aad0: Fix kinit.1's synopsis w.r.t. -f and -F. Message-ID: <547ca8ab547f9_6ca53fcc59d4d2c02411b@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 92aad0fa3d9a6c65641197243d7ae0c02b567729 https://github.com/heimdal/heimdal/commit/92aad0fa3d9a6c65641197243d7ae0c02b567729 Author: Roland C. Dowdeswell Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kuser/kinit.1 Log Message: ----------- Fix kinit.1's synopsis w.r.t. -f and -F. From noreply at github.com Tue Dec 2 00:42:16 2014 From: noreply at github.com (GitHub) Date: Mon, 01 Dec 2014 15:42:16 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 0e93a0: arcfour-hmac-md5 is weak Message-ID: <547cfcd8aa2cf_70b3fec75d4f2a0591b1@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 0e93a04c01540abe7937b579fef111781903e754 https://github.com/heimdal/heimdal/commit/0e93a04c01540abe7937b579fef111781903e754 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/krb5/crypto-arcfour.c Log Message: ----------- arcfour-hmac-md5 is weak From noreply at github.com Tue Dec 2 00:42:52 2014 From: noreply at github.com (GitHub) Date: Mon, 01 Dec 2014 15:42:52 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f84b67: In all_etypes prefer des3-cbc-sha1 over arcfour-hm... Message-ID: <547cfcfc349af_67043faf86fb12b860114@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: f84b6770d4197e31df3e03f47a6fa095c1ea61b4 https://github.com/heimdal/heimdal/commit/f84b6770d4197e31df3e03f47a6fa095c1ea61b4 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/hdb/keys.c Log Message: ----------- In all_etypes prefer des3-cbc-sha1 over arcfour-hmac-md5 Commit: 6e9ce81e9d57bfdac21a4e97237f1658488d83ea https://github.com/heimdal/heimdal/commit/6e9ce81e9d57bfdac21a4e97237f1658488d83ea Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M LICENSE Log Message: ----------- update (c) Commit: 887812b4efbd80effd9023d00934f611ca752074 https://github.com/heimdal/heimdal/commit/887812b4efbd80effd9023d00934f611ca752074 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kdc/process.c Log Message: ----------- release pool when done Commit: db9212e26adef573bbb3c05fbd212bf47db8bf11 https://github.com/heimdal/heimdal/commit/db9212e26adef573bbb3c05fbd212bf47db8bf11 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/krb5/fcache.c M lib/krb5/store.c Log Message: ----------- now that use used up more then 16 flags and we have been using the right bit order for many years, lets stop dealing with broken bit fields from ticket flags Commit: 53fb715f6f2814c10748001afd8fa16224d3a0bd https://github.com/heimdal/heimdal/commit/53fb715f6f2814c10748001afd8fa16224d3a0bd Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M cf/roken-frag.m4 M configure.ac Log Message: ----------- use LT_INIT only, fixes #95 Commit: d0b5f64f71e375c6761196cd807edf2f1232dfb9 https://github.com/heimdal/heimdal/commit/d0b5f64f71e375c6761196cd807edf2f1232dfb9 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M cf/check-compile-et.m4 M cf/check-x.m4 Log Message: ----------- hush autoconf Commit: f1266d25156135a22b5c33727f9a630c1460d0a7 https://github.com/heimdal/heimdal/commit/f1266d25156135a22b5c33727f9a630c1460d0a7 Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/kadm5/Makefile.am Log Message: ----------- version-script-client.map needs to be in dist version-script-client.map needs to be in lib/kadm5's EXTRA_DIST, otherwise make distcheck fails Commit: 6817409a765181360065af994fafaa2911730704 https://github.com/heimdal/heimdal/commit/6817409a765181360065af994fafaa2911730704 Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/asn1/krb5.asn1 Log Message: ----------- Use correct value for anonymous flags The KDC Option and Ticket Flag for the anonymous extension were changed from 14 to 16 due to a conflict with S4U2Proxy in version 11 of the anonymous draft (now RFC6112). Fix the definitions Commit: b9ccbf1cea0e49f6f6238bef16581ffcd5b756df https://github.com/heimdal/heimdal/commit/b9ccbf1cea0e49f6f6238bef16581ffcd5b756df Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kdc/kerberos5.c M kdc/pkinit.c Log Message: ----------- Recognize anonymous AS requests using bit 14 Check KDC Option bit 14 in addition to 16 when identifying anonymous AS-REQs. This provides compatibility with older heimdal releases. Commit: 78b09283142276761e847729fd2c0f7de69293d4 https://github.com/heimdal/heimdal/commit/78b09283142276761e847729fd2c0f7de69293d4 Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kdc/kerberos5.c Log Message: ----------- Include empty PKINIT-KX padata rfc6112 requires kdcs implementing anonymous PKINIT to include an empty PKINIT-KX padata in PREAUTH_REQUIRED messages. Including this improves compatibility with MIT kerberos. Commit: 0e6e757c3f925eaeec61d5750042d3fe8b437348 https://github.com/heimdal/heimdal/commit/0e6e757c3f925eaeec61d5750042d3fe8b437348 Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kdc/pkinit.c Log Message: ----------- When using PKINIT with DH, compute session key RFC6112 provides a method of computing a session key when the PKINIT DH is used, and mandates it for anonymous pkinit. The session key is computed using KRB-FX-CF2 from the reply key and a random key chosen by the kdc. The random key is provided to the client, which is supposed to verify that the session key was computed this way. Commit: a2ccf8b32e40e2c81691d0f9b68601bf057bf6aa https://github.com/heimdal/heimdal/commit/a2ccf8b32e40e2c81691d0f9b68601bf057bf6aa Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kdc/kerberos5.c Log Message: ----------- Document logic in _krb5_is_anon_request describe why we look at the different bits and fields Commit: 8bd13509e8d2790d19b6c8db6340216bbe6ae05d https://github.com/heimdal/heimdal/commit/8bd13509e8d2790d19b6c8db6340216bbe6ae05d Author: Chaskiel Grundman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kdc/kerberos5.c Log Message: ----------- Use anon realm for anonymous PKINIT When an AS request names the anonymous principal, use the anonymous realm in the response and ticket. Commit: 89e25dce2ed7c3de0d7247169bd74fb3e317b47a https://github.com/heimdal/heimdal/commit/89e25dce2ed7c3de0d7247169bd74fb3e317b47a Author: Jelmer Vernoo? Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M admin/Makefile.am M kadmin/Makefile.am Log Message: ----------- Install compatibility symlinks for kadmin and ktutil. Commit: 00783df00fe79cb154529c7860b89e48fd29bea8 https://github.com/heimdal/heimdal/commit/00783df00fe79cb154529c7860b89e48fd29bea8 Author: Jelmer Vernoo? Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M appl/login/login.1 M kuser/kinit.1 Log Message: ----------- Remove references to KRBTKFILE from login.1 and kinit.1. Commit: cc7169340dd141e7b0cd32c727e6ccdc95a49f48 https://github.com/heimdal/heimdal/commit/cc7169340dd141e7b0cd32c727e6ccdc95a49f48 Author: Jelmer Vernoo? Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M appl/afsutil/afslog.1 Log Message: ----------- afslog.1: Remove documentation for removed no-v4 argument. Commit: f4e2183eaa92771bc68c76c32949fc25e67d9412 https://github.com/heimdal/heimdal/commit/f4e2183eaa92771bc68c76c32949fc25e67d9412 Author: Jelmer Vernoo? Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kuser/kimpersonate.8 Log Message: ----------- Remove kerberos 4 references from kimpersonate.8. Commit: 5bc40d1bc01795cdf704a52bedef0db35e5fd836 https://github.com/heimdal/heimdal/commit/5bc40d1bc01795cdf704a52bedef0db35e5fd836 Author: Ken Dreyer Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kadmin/kadm_conn.c Log Message: ----------- kadmin: handle systemd setpgid failure When running as a service under systemd, kadmin cannot successfully use setpgid(). The call fails with EPERM. Do not treat this as a fatal error; instead, allow kadmind to continue starting up. Commit: 1429251dc46f869781df2d1f62cb7b2e73a661d0 https://github.com/heimdal/heimdal/commit/1429251dc46f869781df2d1f62cb7b2e73a661d0 Author: Ken Dreyer Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kuser/klist.c Log Message: ----------- klist: fix spelling in comments Commit: bb8b66cd8c39f078108d6bb4cc59f487d49b198c https://github.com/heimdal/heimdal/commit/bb8b66cd8c39f078108d6bb4cc59f487d49b198c Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M cf/roken-frag.m4 M lib/roken/roken.h.in Log Message: ----------- check for sys/errno.h Commit: c08574ae649a775808a8357f5294e3e61cedf388 https://github.com/heimdal/heimdal/commit/c08574ae649a775808a8357f5294e3e61cedf388 Author: Jeffrey Hutzelman Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/kafs/Makefile.am M lib/kafs/afskrb5.c M lib/kafs/kafs_locl.h A lib/kafs/rxkad_kdf.c Log Message: ----------- libkafs: derivation from non-DES key (rxkad-kdf) Add support for the "rxkad-kdf" protocol for deriving rxkad session keys from non-DES Kerberos session keys. This allows rxkad to be used in realms where the KDC is unwilling or unable to issue tickets with single-DES session keys. Commit: 18669dfaeaab4952fc763559aa1e16b1a7bc5ad0 https://github.com/heimdal/heimdal/commit/18669dfaeaab4952fc763559aa1e16b1a7bc5ad0 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kuser/kinit.c M lib/krb5/init_creds_pw.c M tests/kdc/check-kdc.in Log Message: ----------- resurrect password change support again Commit: 22dd132cdbd71ccfcf53e2765cb4bfdfd8b426fd https://github.com/heimdal/heimdal/commit/22dd132cdbd71ccfcf53e2765cb4bfdfd8b426fd Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M appl/ftp/ftp/gssapi.c M appl/ftp/ftp/security.c M appl/test/http_client.c M kdc/connect.c M kuser/kdigest.c M lib/base/db.c M lib/base/json.c M lib/hdb/test_hdbkeys.c M lib/hx509/file.c M lib/ipc/server.c M lib/kadm5/ad.c M lib/krb5/send_to_kdc.c M lib/roken/base64-test.c M lib/roken/base64.c M lib/roken/base64.h M lib/roken/version-script.map Log Message: ----------- rename roken base64, fixes #107 Commit: cfa39a313ee625c5063cb835c74010250907f98b https://github.com/heimdal/heimdal/commit/cfa39a313ee625c5063cb835c74010250907f98b Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M autogen.sh Log Message: ----------- check for JSON perl module and if not found ask developer to install it partial fix for #74 Commit: a54f8d4f231ab888fb29776f4470ff70dbf6e247 https://github.com/heimdal/heimdal/commit/a54f8d4f231ab888fb29776f4470ff70dbf6e247 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/roken/base64-test.c Log Message: ----------- remove stray a Commit: 2fe00bc4680bf460d98f32ee3a5ba493ec1f5fec https://github.com/heimdal/heimdal/commit/2fe00bc4680bf460d98f32ee3a5ba493ec1f5fec Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M lib/hx509/Makefile.am Log Message: ----------- make quiet Commit: 5269f7163b3ca92ab69e10de6934028f4a297080 https://github.com/heimdal/heimdal/commit/5269f7163b3ca92ab69e10de6934028f4a297080 Author: Love Hörnquist Åstrand Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M admin/Makefile.am M kadmin/Makefile.am Log Message: ----------- revert 31be932fe83d74ffe1c353e035c981dd91756728 Commit: 18a152429ecdef3c9054a5effd26f7d692a62539 https://github.com/heimdal/heimdal/commit/18a152429ecdef3c9054a5effd26f7d692a62539 Author: Roland C. Dowdeswell Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M kuser/kinit.1 Log Message: ----------- Fix kinit.1's synopsis w.r.t. -f and -F. Compare: https://github.com/heimdal/heimdal/compare/8bf9c05ff05b...18a152429ecd From noreply at github.com Wed Dec 24 21:50:44 2014 From: noreply at github.com (GitHub) Date: Wed, 24 Dec 2014 12:50:44 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] b3f291: hcrypto: w32crypto crypt provider handle leak Message-ID: <549b2724b8ab2_1e353fea6937b2a0357bc@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: b3f29170a35a8e249cd512db682e7f4092af663e https://github.com/heimdal/heimdal/commit/b3f29170a35a8e249cd512db682e7f4092af663e Author: Jeffrey Altman Date: 2014-12-24 (Wed, 24 Dec 2014) Changed paths: M lib/hcrypto/rand-w32.c Log Message: ----------- hcrypto: w32crypto crypt provider handle leak _hc_CryptProvider() returns a global handle to a Win32 Crypt Provider. If the global handle is NULL, then a handle is allocated. Unfortunately, due to a coding mistake the global handle variable, g_cryptprovider, was never set and a new handle was allocated with each call. Refactor the function to ensure that the global handle is the value that is returned. Use NULL instead of 0 for pointer assignment. Change-Id: If1ef3aa19cbd1d51860370db24c086e86922ff0d From noreply at github.com Wed Dec 24 21:52:17 2014 From: noreply at github.com (GitHub) Date: Wed, 24 Dec 2014 12:52:17 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 79b7b0: hcrypto: w32crypto crypt provider handle leak Message-ID: <549b2781a655c_6f73fce58e072a01795a@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: 79b7b074a009dc50e3de16c84fb27efadad40429 https://github.com/heimdal/heimdal/commit/79b7b074a009dc50e3de16c84fb27efadad40429 Author: Jeffrey Altman Date: 2014-12-24 (Wed, 24 Dec 2014) Changed paths: M lib/hcrypto/rand-w32.c Log Message: ----------- hcrypto: w32crypto crypt provider handle leak _hc_CryptProvider() returns a global handle to a Win32 Crypt Provider. If the global handle is NULL, then a handle is allocated. Unfortunately, due to a coding mistake the global handle variable, g_cryptprovider, was never set and a new handle was allocated with each call. Refactor the function to ensure that the global handle is the value that is returned. Use NULL instead of 0 for pointer assignment. Change-Id: If1ef3aa19cbd1d51860370db24c086e86922ff0d (cherry picked from commit b3f29170a35a8e249cd512db682e7f4092af663e)