From noreply at github.com Sat Mar 1 07:17:15 2014 From: noreply at github.com (GitHub) Date: Fri, 28 Feb 2014 22:17:15 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] dfdbf8: telnet: don't ignore HAVE_OPENPTY on linux Message-ID: <53117b6b92502_9d365bd3c9898c@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: dfdbf8e350fba484e90b2c62bf91605d7c741c74 https://github.com/heimdal/heimdal/commit/dfdbf8e350fba484e90b2c62bf91605d7c741c74 Author: Ken Dreyer Date: 2014-02-20 (Thu, 20 Feb 2014) Changed paths: M appl/telnet/telnetd/sys_term.c Log Message: ----------- telnet: don't ignore HAVE_OPENPTY on linux openpty() is not available on all Linux distributions. Trust autoconf's determination for HAVE_OPENPTY instead of unconditionally using openpty() on all Linux. This is similar to the change to roken in 9ae257d7d444667c9cb368bb95f744ae00240b59, but this is for telnet. This is a 1.6-only change, since telnet has been removed from master in e55b0d0ca5038a8101276a593ffbb6be4c27c8d0. Commit: ecdd6b43758845e21d17f7f42134b20a00c25b1a https://github.com/heimdal/heimdal/commit/ecdd6b43758845e21d17f7f42134b20a00c25b1a Author: Jeffrey Altman Date: 2014-02-28 (Fri, 28 Feb 2014) Changed paths: M appl/telnet/telnetd/sys_term.c Log Message: ----------- Merge pull request #66 from ktdreyer/openpty-1-6 telnet: don't ignore HAVE_OPENPTY on linux Compare: https://github.com/heimdal/heimdal/compare/36a14babd40c...ecdd6b437588 From noreply at github.com Thu Mar 13 02:19:46 2014 From: noreply at github.com (GitHub) Date: Wed, 12 Mar 2014 18:19:46 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 46e0bd: Use P-256 for EC tests Message-ID: <532107b228b09_6fb46a7d4028951@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 46e0bd3c6872b80a2201efedba81c71d96069c89 https://github.com/heimdal/heimdal/commit/46e0bd3c6872b80a2201efedba81c71d96069c89 Author: Viktor Dukhovni Date: 2014-03-12 (Wed, 12 Mar 2014) Changed paths: M lib/hx509/Makefile.am A lib/hx509/data/mkcert.sh R lib/hx509/data/secp160r1TestCA.cert.pem R lib/hx509/data/secp160r1TestCA.key.pem R lib/hx509/data/secp160r1TestCA.pem R lib/hx509/data/secp160r2TestClient.cert.pem R lib/hx509/data/secp160r2TestClient.key.pem R lib/hx509/data/secp160r2TestClient.pem R lib/hx509/data/secp160r2TestServer.cert.pem R lib/hx509/data/secp160r2TestServer.key.pem R lib/hx509/data/secp160r2TestServer.pem A lib/hx509/data/secp256r1TestCA.cert.pem A lib/hx509/data/secp256r1TestCA.key.pem A lib/hx509/data/secp256r1TestCA.pem A lib/hx509/data/secp256r2TestClient.cert.pem A lib/hx509/data/secp256r2TestClient.key.pem A lib/hx509/data/secp256r2TestClient.pem A lib/hx509/data/secp256r2TestServer.cert.pem A lib/hx509/data/secp256r2TestServer.key.pem A lib/hx509/data/secp256r2TestServer.pem M lib/hx509/test_chain.in M lib/hx509/test_cms.in Log Message: ----------- Use P-256 for EC tests Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521. The new mkcert.sh script can create updated certs when these expire on Jan 17th 2038. From noreply at github.com Thu Mar 13 02:21:32 2014 From: noreply at github.com (GitHub) Date: Wed, 12 Mar 2014 18:21:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c5d2ac: Use P-256 for EC tests Message-ID: <5321081c63a_70cc5b9d3481344@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: c5d2ac0698edde2e19ee2e20ab52cb756b1cd5c3 https://github.com/heimdal/heimdal/commit/c5d2ac0698edde2e19ee2e20ab52cb756b1cd5c3 Author: Viktor Dukhovni Date: 2014-03-12 (Wed, 12 Mar 2014) Changed paths: M lib/hx509/Makefile.am A lib/hx509/data/mkcert.sh R lib/hx509/data/secp160r1TestCA.cert.pem R lib/hx509/data/secp160r1TestCA.key.pem R lib/hx509/data/secp160r1TestCA.pem R lib/hx509/data/secp160r2TestClient.cert.pem R lib/hx509/data/secp160r2TestClient.key.pem R lib/hx509/data/secp160r2TestClient.pem R lib/hx509/data/secp160r2TestServer.cert.pem R lib/hx509/data/secp160r2TestServer.key.pem R lib/hx509/data/secp160r2TestServer.pem A lib/hx509/data/secp256r1TestCA.cert.pem A lib/hx509/data/secp256r1TestCA.key.pem A lib/hx509/data/secp256r1TestCA.pem A lib/hx509/data/secp256r2TestClient.cert.pem A lib/hx509/data/secp256r2TestClient.key.pem A lib/hx509/data/secp256r2TestClient.pem A lib/hx509/data/secp256r2TestServer.cert.pem A lib/hx509/data/secp256r2TestServer.key.pem A lib/hx509/data/secp256r2TestServer.pem M lib/hx509/test_chain.in M lib/hx509/test_cms.in Log Message: ----------- Use P-256 for EC tests Fedora/RedHat OpenSSL supports only P-256, P-384 and P-521. The new mkcert.sh script can create updated certs when these expire on Jan 17th 2038. From noreply at github.com Thu Mar 13 17:26:05 2014 From: noreply at github.com (GitHub) Date: Thu, 13 Mar 2014 09:26:05 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 23559e: env KRB5CCNAME=/tmp/foocc kinit ignores the env Message-ID: <5321dc1d4384c_27ee611d40112635@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: 23559e734da4eac5ad6c8934f12161a47e49c824 https://github.com/heimdal/heimdal/commit/23559e734da4eac5ad6c8934f12161a47e49c824 Author: Nicolas Williams Date: 2014-03-13 (Thu, 13 Mar 2014) Changed paths: M lib/krb5/fcache.c Log Message: ----------- env KRB5CCNAME=/tmp/foocc kinit ignores the env The problem is that fcc_get_cache_next() is called in a context where context->default_cc_name is not set. We should call krb5_cc_default_name(), and that fixes the problem. There's a comment warning that this can result in reentering krb5_cc_cache_match(), but nothing in libkrb5 calls krb5_cc_cache_match(), so the comment is wrong, at least in the github tree. An alternative would be to call krb5_cc_set_default_name(NULL) in kuser/kinit.c before calling krb5_cc_cache_match(), however, that seems like an insufficiently general solution. Also, the semantics of krb5_cc_cache_match() would differ from MIT's -- it seems better to match MIT's semantics. From noreply at github.com Fri Mar 14 04:34:57 2014 From: noreply at github.com (GitHub) Date: Thu, 13 Mar 2014 20:34:57 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c9f65f: env KRB5CCNAME=/tmp/foocc kinit ignores the env Message-ID: <532278e11e883_279584bd401301df@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c9f65fc9422e3dbbcda6cfa4db78c321f7a3c4e9 https://github.com/heimdal/heimdal/commit/c9f65fc9422e3dbbcda6cfa4db78c321f7a3c4e9 Author: Nicolas Williams Date: 2014-03-13 (Thu, 13 Mar 2014) Changed paths: M lib/krb5/fcache.c Log Message: ----------- env KRB5CCNAME=/tmp/foocc kinit ignores the env The problem is that fcc_get_cache_next() is called in a context where context->default_cc_name is not set. We should call krb5_cc_default_name(), and that fixes the problem. There's a comment warning that this can result in reentering krb5_cc_cache_match(), but nothing in libkrb5 calls krb5_cc_cache_match(), so the comment is wrong, at least in the github tree. An alternative would be to call krb5_cc_set_default_name(NULL) in kuser/kinit.c before calling krb5_cc_cache_match(), however, that seems like an insufficiently general solution. Also, the semantics of krb5_cc_cache_match() would differ from MIT's -- it seems better to match MIT's semantics. From noreply at github.com Sat Mar 15 05:07:19 2014 From: noreply at github.com (GitHub) Date: Fri, 14 Mar 2014 21:07:19 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] dacfbf: More complete logging of capths violations Message-ID: <5323d1f79b888_6780973d44262d@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: dacfbf19179bafbcc08c4c8c024c23d5efe2580f https://github.com/heimdal/heimdal/commit/dacfbf19179bafbcc08c4c8c024c23d5efe2580f Author: Viktor Dukhovni Date: 2014-03-15 (Sat, 15 Mar 2014) Changed paths: M lib/krb5/transited.c M po/heimdal_krb5/heimdal_krb5.pot M po/heimdal_krb5/sv_SE.po Log Message: ----------- More complete logging of capths violations It is much easier (i.e. actually possible) to debug transit path policy violations when the logs specify the client and server realms, not just the transit realm. From noreply at github.com Sat Mar 15 05:07:20 2014 From: noreply at github.com (GitHub) Date: Fri, 14 Mar 2014 21:07:20 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] ae2df3: More complete logging of capths violations Message-ID: <5323d1f8cc5ff_62d9bfdd446502c@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ae2df333cd7d0dfc80fa621e5c65399b1ab9b552 https://github.com/heimdal/heimdal/commit/ae2df333cd7d0dfc80fa621e5c65399b1ab9b552 Author: Viktor Dukhovni Date: 2014-03-15 (Sat, 15 Mar 2014) Changed paths: M lib/krb5/transited.c M po/heimdal_krb5/heimdal_krb5.pot M po/heimdal_krb5/sv_SE.po Log Message: ----------- More complete logging of capths violations It is much easier (i.e. actually possible) to debug transit path policy violations when the logs specify the client and server realms, not just the transit realm. From noreply at github.com Mon Mar 17 04:58:09 2014 From: noreply at github.com (GitHub) Date: Sun, 16 Mar 2014 20:58:09 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9269a4: Add missing KRB-FX-CF2 test vectors (3DES broken) Message-ID: <532672d1717d7_28a2509d4483313@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9269a4428a40a5a462abf2279050f1d983bf5da3 https://github.com/heimdal/heimdal/commit/9269a4428a40a5a462abf2279050f1d983bf5da3 Author: Nicolas Williams Date: 2014-03-16 (Sun, 16 Mar 2014) Changed paths: M lib/krb5/test_fx.c Log Message: ----------- Add missing KRB-FX-CF2 test vectors (3DES broken) Note that this shows that the our KRB-FX-CF2 is broken as to 3DES (and the 1DES PRF is still missing). Commit: cdf39f13699e1a8ad972d70e33ce31f1bbc5f497 https://github.com/heimdal/heimdal/commit/cdf39f13699e1a8ad972d70e33ce31f1bbc5f497 Author: Greg Hudson Date: 2014-03-16 (Sun, 16 Mar 2014) Changed paths: M lib/krb5/crypto-des3.c Log Message: ----------- Fix DES3 PRF RFC 3961 says the simplified profile PRF should truncate the hash output to "multiple of m", which MIT krb5 interprets as the largest possible multiple of m. RFC 6113 appendix A also uses that interpretation for the KRB-FX-CF2 test vector. So the DES3 PRF should truncate the 20-byte SHA-1 result to 16 bytes, not 8. Also make krb5_crypto_prf_length work with DES3 by giving the DES3 enctype a non-zero PRF length. Signed-off-by: Nicolas Williams Commit: ad5786899621ab612a9de8d941a3d2f8b769a8ae https://github.com/heimdal/heimdal/commit/ad5786899621ab612a9de8d941a3d2f8b769a8ae Author: Benjamin Kaduk Date: 2014-03-16 (Sun, 16 Mar 2014) Changed paths: M lib/krb5/crypto.c Log Message: ----------- Fix KRB-FX-CF2 for enctypes with non-dense keyspaces It is necessary to use the RFC3961 random_to_key operation when creating a key from a bitstring. Signed-off-by: Nicolas Williams Compare: https://github.com/heimdal/heimdal/compare/ae2df333cd7d...ad5786899621 From noreply at github.com Mon Mar 17 05:12:32 2014 From: noreply at github.com (GitHub) Date: Sun, 16 Mar 2014 21:12:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 333904: Add missing KRB-FX-CF2 test vectors (3DES broken) Message-ID: <5326763035525_212082dd40459f5@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: 333904c5873be769febd31722b248ef86ffa1bcc https://github.com/heimdal/heimdal/commit/333904c5873be769febd31722b248ef86ffa1bcc Author: Nicolas Williams Date: 2014-03-16 (Sun, 16 Mar 2014) Changed paths: M lib/krb5/test_fx.c Log Message: ----------- Add missing KRB-FX-CF2 test vectors (3DES broken) Note that this shows that the our KRB-FX-CF2 is broken as to 3DES (and the 1DES PRF is still missing). Commit: 14090651d48df5f08caf834f0fb052d180416bf0 https://github.com/heimdal/heimdal/commit/14090651d48df5f08caf834f0fb052d180416bf0 Author: Greg Hudson Date: 2014-03-16 (Sun, 16 Mar 2014) Changed paths: M lib/krb5/crypto-des3.c Log Message: ----------- Fix DES3 PRF RFC 3961 says the simplified profile PRF should truncate the hash output to "multiple of m", which MIT krb5 interprets as the largest possible multiple of m. RFC 6113 appendix A also uses that interpretation for the KRB-FX-CF2 test vector. So the DES3 PRF should truncate the 20-byte SHA-1 result to 16 bytes, not 8. Also make krb5_crypto_prf_length work with DES3 by giving the DES3 enctype a non-zero PRF length. Signed-off-by: Nicolas Williams Commit: b8c8c6556178412de03e69b0270181947febf2e6 https://github.com/heimdal/heimdal/commit/b8c8c6556178412de03e69b0270181947febf2e6 Author: Benjamin Kaduk Date: 2014-03-16 (Sun, 16 Mar 2014) Changed paths: M lib/krb5/crypto.c Log Message: ----------- Fix KRB-FX-CF2 for enctypes with non-dense keyspaces It is necessary to use the RFC3961 random_to_key operation when creating a key from a bitstring. Signed-off-by: Nicolas Williams Compare: https://github.com/heimdal/heimdal/compare/dacfbf19179b...b8c8c6556178 From noreply at github.com Thu Mar 20 22:36:04 2014 From: noreply at github.com (GitHub) Date: Thu, 20 Mar 2014 14:36:04 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8a4cf0: don't see anything since /dev/random doesn't reall... Message-ID: <532b5f44bd65f_69c2949d3c43572@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8a4cf0dd12a43c5f0da52ec9325a1d9e2420260a https://github.com/heimdal/heimdal/commit/8a4cf0dd12a43c5f0da52ec9325a1d9e2420260a Author: Love Hörnquist Åstrand Date: 2014-03-20 (Thu, 20 Mar 2014) Changed paths: M lib/hcrypto/rand-unix.c Log Message: ----------- don't see anything since /dev/random doesn't really need more seeding redhat have Linux SE rules that slows down openssh when heimdal tries to write, so lets not write. https://bugzilla.redhat.com/show_bug.cgi?id=1076979 From noreply at github.com Thu Mar 20 22:37:22 2014 From: noreply at github.com (GitHub) Date: Thu, 20 Mar 2014 14:37:22 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] b79f8d: don't see anything since /dev/random doesn't reall... Message-ID: <532b5f92cdff5_62e150dd40132088@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: b79f8df2a51dc63250ee947d208c8f8ca3088ae4 https://github.com/heimdal/heimdal/commit/b79f8df2a51dc63250ee947d208c8f8ca3088ae4 Author: Love Hörnquist Åstrand Date: 2014-03-20 (Thu, 20 Mar 2014) Changed paths: M lib/hcrypto/rand-unix.c Log Message: ----------- don't see anything since /dev/random doesn't really need more seeding redhat have Linux SE rules that slows down openssh when heimdal tries to write, so lets not write. https://bugzilla.redhat.com/show_bug.cgi?id=1076979 From noreply at github.com Tue Mar 25 04:46:34 2014 From: noreply at github.com (GitHub) Date: Mon, 24 Mar 2014 20:46:34 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] cc495f: Avoid breaking symbol names for all previously pre... Message-ID: <5330fc1a3d82_347fc7bd3465355@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: cc495fd78d136f77f706e84181d1ddebbc30585e https://github.com/heimdal/heimdal/commit/cc495fd78d136f77f706e84181d1ddebbc30585e Author: Jelmer Vernooij Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/hx509/version-script.map Log Message: ----------- Avoid breaking symbol names for all previously present functions. Signed-off-by: Jelmer Vernooij Signed-off-by: Nicolas Williams From noreply at github.com Tue Mar 25 04:47:59 2014 From: noreply at github.com (GitHub) Date: Mon, 24 Mar 2014 20:47:59 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 147c5e: Avoid breaking symbol names for all previously pre... Message-ID: <5330fc6f8c133_3a64100dd44455ab@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: 147c5e17fa082d0eb6d970dfe3ccee60487fc72a https://github.com/heimdal/heimdal/commit/147c5e17fa082d0eb6d970dfe3ccee60487fc72a Author: Jelmer Vernooij Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/hx509/version-script.map Log Message: ----------- Avoid breaking symbol names for all previously present functions. Signed-off-by: Jelmer Vernooij Signed-off-by: Nicolas Williams From noreply at github.com Tue Mar 25 05:08:19 2014 From: noreply at github.com (GitHub) Date: Mon, 24 Mar 2014 21:08:19 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6f0caf: heimdal: handle referrals for 3 part DRSUAPI SPNs Message-ID: <533101338befa_179b117bd349341b@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6f0cafa6cf5957ee549e46e899e8bc83eeca52c2 https://github.com/heimdal/heimdal/commit/6f0cafa6cf5957ee549e46e899e8bc83eeca52c2 Author: Andrew Tridgell Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M kdc/krb5tgs.c Log Message: ----------- heimdal: handle referrals for 3 part DRSUAPI SPNs This handles referrals for SPNs of the form E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are used during DRS replication when we don't know the dnsHostName of the target DC (which we don't know until the first replication from that DC completes). We use the 3rd part of the SPN directly as the realm name in the referral. Pair-Programmed-With: Andrew Bartlett Commit: cfc398d32eec3ee68f7f8ec2729924393e3f5bed https://github.com/heimdal/heimdal/commit/cfc398d32eec3ee68f7f8ec2729924393e3f5bed Author: Andreas Schneider Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: A gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c R gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c Log Message: ----------- s4-heimdal: Remove the execute flag of cfx.c. The scripts which are extracting debuginfo are looking for files with the executable bit and find cfx.c which isn't a executable. Commit: c281ad6ccbb2b5185089ef6a30da7a60c6e94577 https://github.com/heimdal/heimdal/commit/c281ad6ccbb2b5185089ef6a30da7a60c6e94577 Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/misc.c Log Message: ----------- heimdal: Fix the build on FreeBSD We don't have BACKTRACE_SYMBOLS by default Commit: 506780a160def11062da7bf5b89d68913a8652f4 https://github.com/heimdal/heimdal/commit/506780a160def11062da7bf5b89d68913a8652f4 Author: Stefan Metzmacher Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/expand_path.c Log Message: ----------- heimdal:lib/krb5: don't name a struct 'token' This is a static const struct and the name is never used, so just make it an anonymous struct. This hopefully fixes the build on AIX: "../lib/roken/roken-common.h", line 276.9: 1506-236 (W) Macro name __attribute__ has been redefined. "../lib/roken/roken-common.h", line 276.9: 1506-358 (I) "__attribute__" is defined on line 45 of ../lib/com_err/com_err.h. "../lib/krb5/expand_path.c", line 331.21: 1506-334 (S) Identifier token has already been defined on line 98 of "/usr/include/net/if_arp.h". "../lib/krb5/expand_path.c", line 390.43: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 391.31: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 392.20: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 392.48: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 393.39: 1506-019 (S) Expecting an array or a pointer to object type. Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin' Build failed: -> task failed (err #1): {task: cc expand_path.c -> expand_path_52.o} gmake: *** [all] Error 1 metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jun 16 15:20:59 CEST 2012 on sn-devel-104 Commit: 2596cfe3245cce523cc27292a9f8d39bb98a8b63 https://github.com/heimdal/heimdal/commit/2596cfe3245cce523cc27292a9f8d39bb98a8b63 Author: Stefan Metzmacher Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/wind/gen-errorlist.py Log Message: ----------- heimdal:lib/wind: make sure errorlist_table.c includes config.h as first header This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jun 16 23:59:07 CEST 2012 on sn-devel-104 Commit: 1ae5df045e6bb9497ec53fb36b0f5db5f941c10e https://github.com/heimdal/heimdal/commit/1ae5df045e6bb9497ec53fb36b0f5db5f941c10e Author: Stefan Metzmacher Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/wind/gen-bidi.py M lib/wind/gen-combining.py M lib/wind/gen-normalize.py Log Message: ----------- heimdal:lib/wind: include at the end This makes sure config.h gets includes first. This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sun Jun 17 16:16:24 CEST 2012 on sn-devel-104 Commit: b408e93ae3cbd29c84ba45ea1d25f8b02fc6a82d https://github.com/heimdal/heimdal/commit/b408e93ae3cbd29c84ba45ea1d25f8b02fc6a82d Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/gssapi/krb5/init_sec_context.c Log Message: ----------- heimdal: Fix 241482 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper Commit: 2aca5c4faef2914a1227bb8a635281793ef8bc6e https://github.com/heimdal/heimdal/commit/2aca5c4faef2914a1227bb8a635281793ef8bc6e Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/get_addrs.c Log Message: ----------- heimdal: Fix CID 241943 Uninitialized pointer read In the error case without EXTRA_ADDRESSES we access ignore_addresses without initialization Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Commit: 56bcd356d880e8959474a969ffa438f44d8a7b19 https://github.com/heimdal/heimdal/commit/56bcd356d880e8959474a969ffa438f44d8a7b19 Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/context.c Log Message: ----------- heimdal: Fix CID 240779 Allocation size mismatch (rebased on current Heimdal by abartlet) The error Coverity complains about is in the malloc. krb5_enctypes is an enum, so it is usually smaller than the size of a pointer. So we overallocate, but in the memcpy further down we copy from potentially invalid memory. Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104 Commit: ba26fa550208e194982bf21725aeb8283410c7a4 https://github.com/heimdal/heimdal/commit/ba26fa550208e194982bf21725aeb8283410c7a4 Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/roken/rkpty.c Log Message: ----------- heimdal: Fix a format error on FreeBSD10 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Commit: ccc4302a183bfb110a47ff7fd3f4c3ba1e6752ce https://github.com/heimdal/heimdal/commit/ccc4302a183bfb110a47ff7fd3f4c3ba1e6752ce Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/asn1/gen_locl.h Log Message: ----------- lib/asn1: Add extern to declaration of fuzzer string in gen_locl.h Commit: 2622b32468118fda4cee7567e1efc17e962b29ea https://github.com/heimdal/heimdal/commit/2622b32468118fda4cee7567e1efc17e962b29ea Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/base/baselocl.h Log Message: ----------- lib/base: Add define for HEIMDAL_TEXTDOMAIN Commit: 9f392c134fae066660cf56bcbcd8e1012677960a https://github.com/heimdal/heimdal/commit/9f392c134fae066660cf56bcbcd8e1012677960a Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/send_to_kdc.c Log Message: ----------- heimdal: rename send and recv pointers to avoid conflict with socket wrapper Commit: 1fad1f8984baa0de258b09c06f0870e298be6c85 https://github.com/heimdal/heimdal/commit/1fad1f8984baa0de258b09c06f0870e298be6c85 Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/base/json.c Log Message: ----------- lib/base: Rename strbuf to heim_strbuf to avoid conflict with stropts.h on linux Compare: https://github.com/heimdal/heimdal/compare/cc495fd78d13...1fad1f8984ba From noreply at github.com Tue Mar 25 05:21:19 2014 From: noreply at github.com (GitHub) Date: Mon, 24 Mar 2014 21:21:19 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] b5f926: heimdal: handle referrals for 3 part DRSUAPI SPNs Message-ID: <5331043fde419_31d6ee5d40112564@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: b5f926bb6946ded55f68eaa1a45432d1fe4a5c2d https://github.com/heimdal/heimdal/commit/b5f926bb6946ded55f68eaa1a45432d1fe4a5c2d Author: Andrew Tridgell Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M kdc/krb5tgs.c Log Message: ----------- heimdal: handle referrals for 3 part DRSUAPI SPNs This handles referrals for SPNs of the form E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are used during DRS replication when we don't know the dnsHostName of the target DC (which we don't know until the first replication from that DC completes). We use the 3rd part of the SPN directly as the realm name in the referral. Pair-Programmed-With: Andrew Bartlett Commit: 889a4d6af2567116ca60f1ac2af428ac045c7d7a https://github.com/heimdal/heimdal/commit/889a4d6af2567116ca60f1ac2af428ac045c7d7a Author: Andreas Schneider Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: A gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c R gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c Log Message: ----------- s4-heimdal: Remove the execute flag of cfx.c. The scripts which are extracting debuginfo are looking for files with the executable bit and find cfx.c which isn't a executable. Commit: 2e77a006af8f56907a93304ca77e7cdd5be9f22f https://github.com/heimdal/heimdal/commit/2e77a006af8f56907a93304ca77e7cdd5be9f22f Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/misc.c Log Message: ----------- heimdal: Fix the build on FreeBSD We don't have BACKTRACE_SYMBOLS by default Commit: 4f32743064447761078adf37ae1ff5fc3bafe17e https://github.com/heimdal/heimdal/commit/4f32743064447761078adf37ae1ff5fc3bafe17e Author: Stefan Metzmacher Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/expand_path.c Log Message: ----------- heimdal:lib/krb5: don't name a struct 'token' This is a static const struct and the name is never used, so just make it an anonymous struct. This hopefully fixes the build on AIX: "../lib/roken/roken-common.h", line 276.9: 1506-236 (W) Macro name __attribute__ has been redefined. "../lib/roken/roken-common.h", line 276.9: 1506-358 (I) "__attribute__" is defined on line 45 of ../lib/com_err/com_err.h. "../lib/krb5/expand_path.c", line 331.21: 1506-334 (S) Identifier token has already been defined on line 98 of "/usr/include/net/if_arp.h". "../lib/krb5/expand_path.c", line 390.43: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 391.31: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 392.20: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 392.48: 1506-019 (S) Expecting an array or a pointer to object type. "../lib/krb5/expand_path.c", line 393.39: 1506-019 (S) Expecting an array or a pointer to object type. Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin' Build failed: -> task failed (err #1): {task: cc expand_path.c -> expand_path_52.o} gmake: *** [all] Error 1 metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jun 16 15:20:59 CEST 2012 on sn-devel-104 Commit: f7410d4a05373af7596ffd05658ee051bf5dce3a https://github.com/heimdal/heimdal/commit/f7410d4a05373af7596ffd05658ee051bf5dce3a Author: Stefan Metzmacher Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/wind/gen-errorlist.py Log Message: ----------- heimdal:lib/wind: make sure errorlist_table.c includes config.h as first header This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jun 16 23:59:07 CEST 2012 on sn-devel-104 Commit: d85ec4272c1604bab173f812a4a163cc920ad6ed https://github.com/heimdal/heimdal/commit/d85ec4272c1604bab173f812a4a163cc920ad6ed Author: Stefan Metzmacher Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/wind/gen-bidi.py M lib/wind/gen-combining.py M lib/wind/gen-normalize.py Log Message: ----------- heimdal:lib/wind: include at the end This makes sure config.h gets includes first. This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sun Jun 17 16:16:24 CEST 2012 on sn-devel-104 Commit: d4d47b61f93f9d140833eeb838867df26959a0a0 https://github.com/heimdal/heimdal/commit/d4d47b61f93f9d140833eeb838867df26959a0a0 Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/gssapi/krb5/init_sec_context.c Log Message: ----------- heimdal: Fix 241482 Resource leak Signed-off-by: Volker Lendecke Reviewed-by: Ira Cooper Commit: 0a6a78599be3c6be8dded227d95a04d6dd28d351 https://github.com/heimdal/heimdal/commit/0a6a78599be3c6be8dded227d95a04d6dd28d351 Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/get_addrs.c Log Message: ----------- heimdal: Fix CID 241943 Uninitialized pointer read In the error case without EXTRA_ADDRESSES we access ignore_addresses without initialization Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Commit: 92f43148f6a34aa2fc2b6c19da1e210ed2ed6c4f https://github.com/heimdal/heimdal/commit/92f43148f6a34aa2fc2b6c19da1e210ed2ed6c4f Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/context.c Log Message: ----------- heimdal: Fix CID 240779 Allocation size mismatch (rebased on current Heimdal by abartlet) The error Coverity complains about is in the malloc. krb5_enctypes is an enum, so it is usually smaller than the size of a pointer. So we overallocate, but in the memcpy further down we copy from potentially invalid memory. Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104 Commit: caac9afec843c1a4c6100b52a5f6eb917f0cb1ae https://github.com/heimdal/heimdal/commit/caac9afec843c1a4c6100b52a5f6eb917f0cb1ae Author: Volker Lendecke Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/roken/rkpty.c Log Message: ----------- heimdal: Fix a format error on FreeBSD10 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Commit: ff1574a903265f6f7563d657965f635c7e4fe77f https://github.com/heimdal/heimdal/commit/ff1574a903265f6f7563d657965f635c7e4fe77f Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/asn1/gen_locl.h Log Message: ----------- lib/asn1: Add extern to declaration of fuzzer string in gen_locl.h Commit: cc3aa7864cc08e378a7ce31da1a0bd224cb0e84f https://github.com/heimdal/heimdal/commit/cc3aa7864cc08e378a7ce31da1a0bd224cb0e84f Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/base/baselocl.h Log Message: ----------- lib/base: Add define for HEIMDAL_TEXTDOMAIN Commit: 9df368e8f54d665659e91209ebb1195965b6d1da https://github.com/heimdal/heimdal/commit/9df368e8f54d665659e91209ebb1195965b6d1da Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/krb5/send_to_kdc.c Log Message: ----------- heimdal: rename send and recv pointers to avoid conflict with socket wrapper Commit: ff7b1891a3ff9bda496cff1ae2d471cb2c18242d https://github.com/heimdal/heimdal/commit/ff7b1891a3ff9bda496cff1ae2d471cb2c18242d Author: Andrew Bartlett Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M lib/base/json.c Log Message: ----------- lib/base: Rename strbuf to heim_strbuf to avoid conflict with stropts.h on linux Compare: https://github.com/heimdal/heimdal/compare/147c5e17fa08...ff7b1891a3ff From noreply at github.com Tue Mar 25 05:42:29 2014 From: noreply at github.com (GitHub) Date: Mon, 24 Mar 2014 21:42:29 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7e6b55: Update krb5-config to include sqlite3 lib Message-ID: <5331093595c87_368a4cdd44245be@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: 7e6b558d2a261228806c0998f3be83985bb1bf3e https://github.com/heimdal/heimdal/commit/7e6b558d2a261228806c0998f3be83985bb1bf3e Author: D Brashear Date: 2014-03-24 (Mon, 24 Mar 2014) Changed paths: M tools/krb5-config.in Log Message: ----------- Update krb5-config to include sqlite3 lib libkrb5 can use sqlite3 as provided internally, and if libheimsqlite is built and libkrb5 needs it, krb5-config --libs should include it. Signed-off-by: Nicolas Williams From noreply at github.com Wed Mar 26 04:19:05 2014 From: noreply at github.com (GitHub) Date: Tue, 25 Mar 2014 20:19:05 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] b80b21: Make kadmin ext work when lacking get-keys priv Message-ID: <5332472985881_61ad72bd3486792@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: b80b21c8a8edb864afedb83dd249498e408fe201 https://github.com/heimdal/heimdal/commit/b80b21c8a8edb864afedb83dd249498e408fe201 Author: Nicolas Williams Date: 2014-03-25 (Tue, 25 Mar 2014) Changed paths: M kadmin/ext.c M lib/kadm5/admin.h M lib/kadm5/marshall.c Log Message: ----------- Make kadmin ext work when lacking get-keys priv When we added the get-keys privilege we lost the ability to setup keytabs with the kadmin ext command. The fix is to note that we got bogus key data and randkey (as we used to). Commit: f7d76c2b6660d3850143a5a9338276d0278f834c https://github.com/heimdal/heimdal/commit/f7d76c2b6660d3850143a5a9338276d0278f834c Author: Nicolas Williams Date: 2014-03-25 (Tue, 25 Mar 2014) Changed paths: M kadmin/kadmin.8 Log Message: ----------- Document that ext_keytab can change a princ's keys Compare: https://github.com/heimdal/heimdal/compare/1fad1f8984ba...f7d76c2b6660 From noreply at github.com Thu Mar 27 01:11:15 2014 From: noreply at github.com (GitHub) Date: Wed, 26 Mar 2014 17:11:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] fd2ca2: Make kadmin ext work when lacking get-keys priv Message-ID: <53336ca3306a0_30d11349d3c685a4@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: fd2ca2020f5f92a07a7dd63e9d44722014e951af https://github.com/heimdal/heimdal/commit/fd2ca2020f5f92a07a7dd63e9d44722014e951af Author: Nicolas Williams Date: 2014-03-26 (Wed, 26 Mar 2014) Changed paths: M kadmin/ext.c M lib/kadm5/admin.h M lib/kadm5/marshall.c Log Message: ----------- Make kadmin ext work when lacking get-keys priv When we added the get-keys privilege we lost the ability to setup keytabs with the kadmin ext command. The fix is to note that we got bogus key data and randkey (as we used to). Commit: d60ba47157db86f1996e055a41caf1a9a96e2afe https://github.com/heimdal/heimdal/commit/d60ba47157db86f1996e055a41caf1a9a96e2afe Author: Nicolas Williams Date: 2014-03-26 (Wed, 26 Mar 2014) Changed paths: M kadmin/kadmin.8 Log Message: ----------- Document that ext_keytab can change a princ's keys Compare: https://github.com/heimdal/heimdal/compare/7e6b558d2a26...d60ba47157db