From noreply at github.com Wed Jan 7 20:43:30 2015 From: noreply at github.com (GitHub) Date: Wed, 07 Jan 2015 11:43:30 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] ef8e4d: only perform dir separator normalization for file ... Message-ID: <54ad8c6289b26_28ac3f82ad4ab2c0228a3@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ef8e4da01035981b228d8d26ca25598dd81bc766 https://github.com/heimdal/heimdal/commit/ef8e4da01035981b228d8d26ca25598dd81bc766 Author: Jeffrey Altman Date: 2015-01-07 (Wed, 07 Jan 2015) Changed paths: M lib/krb5/acache.c M lib/krb5/cache.c M lib/krb5/config_file.c M lib/krb5/expand_path.c M lib/krb5/fcache.c M lib/krb5/kuserok.c M lib/krb5/pkinit.c M lib/krb5/test_expand_toks.c Log Message: ----------- only perform dir separator normalization for file paths Commit ad7e54d698433cea77bfb4c98ac93255743d0c93 introduced the use of _krb5_expand_path_tokens() to expand tokens (and on Windows convert path delimiters) within credential cache names. This is safe to do for the path based credential cache types FILE, DIR and SCC but on Windows is unsafe for the non-path types. For example on Windows, the API credential cache names are often based on the principal name and the principal name is parsed from the ccname. This practice was introduced with the version v2 ccapi when there was no method of enumerating the caches from the krb5 library. This change adds a "filepath" boolean parameter to _krb5_expand_path_tokens() which is set to TRUE (non-zero) when the input is a file path and FALSE (zero) when the input is not a file path. _krb5_expand_path_tokens() will only perform directory separator normalization on Windows when the "filepath" parameter is TRUE. This change is not the preferred solution because it requires that the library be aware of all credential cache types that use path based residuals. The preferred solution would require that the credential cache implementation indicate whether or not it uses a path based residual. This change has been implemented using a prefix test and not a change to struct krb5_cc_ops because existing ccache plugins will not know how to advertise their use of path based residuals and that path expansion is safe. Change-Id: I8135991e8ce69fc5273d381ea9c2078bc2bcd19a From noreply at github.com Thu Jan 15 10:27:40 2015 From: noreply at github.com (GitHub) Date: Thu, 15 Jan 2015 01:27:40 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] db29ba: kadm5: fix race in Makefile with kadm5_err.h Message-ID: <54b7880c42ddc_48a13ff156d0b2b8493e1@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-1-6-branch Home: https://github.com/heimdal/heimdal Commit: db29ba0199d5368eb13b273c26b36d4e5c7d3e4e https://github.com/heimdal/heimdal/commit/db29ba0199d5368eb13b273c26b36d4e5c7d3e4e Author: Jakub ?ajka Date: 2015-01-14 (Wed, 14 Jan 2015) Changed paths: M lib/kadm5/Makefile.am Log Message: ----------- kadm5: fix race in Makefile with kadm5_err.h When running make with -j4, occasionally kadm5 fails due to a missing header file kadm5_err.h. Fix the race condition. Reported at https://bugzilla.redhat.com/1115164 Reviewed-by: Ken Dreyer (cherry picked from commit 6affa4cceceaa1369dd895f8acdd7a883ee65674) Commit: c25f45a4c0cd252402484316b23582e1d4555fd6 https://github.com/heimdal/heimdal/commit/c25f45a4c0cd252402484316b23582e1d4555fd6 Author: Love Hörnquist Åstrand Date: 2015-01-15 (Thu, 15 Jan 2015) Changed paths: M lib/kadm5/Makefile.am Log Message: ----------- Merge pull request #118 from ktdreyer/kadm5-make-race-1-6-branch kadm5: fix race in Makefile with kadm5_err.h Compare: https://github.com/heimdal/heimdal/compare/79b7b074a009...c25f45a4c0cd From noreply at github.com Sun Jan 25 22:19:06 2015 From: noreply at github.com (GitHub) Date: Sun, 25 Jan 2015 13:19:06 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 59b8f4: ipv6 loopbacks fix for GNU libc getaddrinfo() Message-ID: <54c55dca624c5_29e3f970b4812a020281@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 59b8f4ff840aaaf1f06c348d26da64cc75f87eac https://github.com/heimdal/heimdal/commit/59b8f4ff840aaaf1f06c348d26da64cc75f87eac Author: Rok Pape?, ARNES Date: 2015-01-25 (Sun, 25 Jan 2015) Changed paths: M lib/krb5/addr_families.c Log Message: ----------- ipv6 loopbacks fix for GNU libc getaddrinfo() On any OS with a properly implemented getaddrinfo() this change is a no-op. Passing NULL for the hint is supposed to be the same as an addrinfo structure with all fields set to 0. There is no need to set ai_family to AF_UNSPEC because that value is already 0. GNU libc doesn't follow standard behaviour. Quoting from http://man7.org/linux/man-pages/man3/getaddrinfo.3.html : "Specifying hints as NULL is equivalent to setting ai_socktype and ai_protocol to 0; ai_family to AF_UNSPEC; and ai_flags to (AI_V4MAPPED | AI_ADDRCONFIG). (POSIX specifies different defaults for ai_flags; see NOTES.)" The NOTES section says: "According to POSIX.1-2001, specifying hints as NULL should cause ai_flags to be assumed as 0. The GNU C library instead assumes a value of (AI_V4MAPPED | AI_ADDRCONFIG) for this case, since this value is considered an improvement on the specification." The patch makes sure that krb5_parse_address works consistently on both GNU libc and systems that follow POSIX.1-2001 to the letter. Some incorrect Fedora 17 patches managed to break IPv6 connectivity and were later backed out (see discussion at https://bugzilla.redhat.com/808147). This patch resolves the incompatibility. Signed-off-by: Ken Dreyer Commit: c1564e2cdb84f4ee4f8c1d70fcebe9db973cafca https://github.com/heimdal/heimdal/commit/c1564e2cdb84f4ee4f8c1d70fcebe9db973cafca Author: Jeffrey Altman Date: 2015-01-25 (Sun, 25 Jan 2015) Changed paths: M lib/krb5/addr_families.c Log Message: ----------- Merge pull request #119 from ktdreyer/ipv6-loopback ipv6 loopbacks fix Compare: https://github.com/heimdal/heimdal/compare/ef8e4da01035...c1564e2cdb84