From noreply at github.com Tue Jul 11 18:54:27 2017 From: noreply at github.com (GitHub) Date: Tue, 11 Jul 2017 09:54:27 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6dd3eb: CVE-2017-11103: Orpheus' Lyre KDC-REP service name... Message-ID: <596502c360563_4f8a3fe04b98dc24978e6@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Author: Jeffrey Altman Date: 2017-07-10 (Mon, 10 Jul 2017) Changed paths: M lib/krb5/ticket.c Log Message: ----------- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c From noreply at github.com Tue Jul 11 18:57:07 2017 From: noreply at github.com (GitHub) Date: Tue, 11 Jul 2017 09:57:07 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4a2009: CVE-2017-11103: Orpheus' Lyre KDC-REP service name... Message-ID: <596503636fb5e_514b3ff7a3919c38122862@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-7-1-branch Home: https://github.com/heimdal/heimdal Commit: 4a2009f6eded93e021534db7ab22f97caf4a74bd https://github.com/heimdal/heimdal/commit/4a2009f6eded93e021534db7ab22f97caf4a74bd Author: Jeffrey Altman Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M lib/krb5/ticket.c Log Message: ----------- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c Commit: 9808f83e1e4ad5f3b7740547c994f9e948f704a3 https://github.com/heimdal/heimdal/commit/9808f83e1e4ad5f3b7740547c994f9e948f704a3 Author: Nicolas Williams Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M configure.ac M windows/NTMakefile.version Log Message: ----------- Bump version to 7.4 Compare: https://github.com/heimdal/heimdal/compare/76347f849d64...9808f83e1e4a From noreply at github.com Tue Jul 11 18:57:08 2017 From: noreply at github.com (GitHub) Date: Tue, 11 Jul 2017 09:57:08 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: <596503645b6e0_39053fc588f53c2c5093@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/tags/heimdal-7.4.0 Home: https://github.com/heimdal/heimdal From noreply at github.com Tue Jul 11 19:01:51 2017 From: noreply at github.com (GitHub) Date: Tue, 11 Jul 2017 10:01:51 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a3d72c: Update NEWS file for 7.4 Message-ID: <5965047f95e8_462a3f89fe907c447323a@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/tags/heimdal-7.4.0 Home: https://github.com/heimdal/heimdal Commit: a3d72c604378e0bff787cc426f2b17f75b112dce https://github.com/heimdal/heimdal/commit/a3d72c604378e0bff787cc426f2b17f75b112dce Author: Nicolas Williams Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M NEWS Log Message: ----------- Update NEWS file for 7.4 From noreply at github.com Tue Jul 11 19:01:50 2017 From: noreply at github.com (GitHub) Date: Tue, 11 Jul 2017 10:01:50 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a3d72c: Update NEWS file for 7.4 Message-ID: <5965047e1c0ae_54ab3fc04edbbc3c468c7@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/heimdal-7-1-branch Home: https://github.com/heimdal/heimdal Commit: a3d72c604378e0bff787cc426f2b17f75b112dce https://github.com/heimdal/heimdal/commit/a3d72c604378e0bff787cc426f2b17f75b112dce Author: Nicolas Williams Date: 2017-07-11 (Tue, 11 Jul 2017) Changed paths: M NEWS Log Message: ----------- Update NEWS file for 7.4 From noreply at github.com Wed Jul 12 13:27:32 2017 From: noreply at github.com (GitHub) Date: Wed, 12 Jul 2017 04:27:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3910c2: Retain `ret != 0` when capaths finds no match. Message-ID: <596607a4dec51_66683fa882a09c3042027@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3910c23378e56f35dc23a94fdc331cf64a025329 https://github.com/heimdal/heimdal/commit/3910c23378e56f35dc23a94fdc331cf64a025329 Author: Viktor Dukhovni Date: 2017-07-12 (Wed, 12 Jul 2017) Changed paths: M kdc/krb5tgs.c Log Message: ----------- Retain `ret != 0` when capaths finds no match. From noreply at github.com Thu Jul 13 04:39:08 2017 From: noreply at github.com (GitHub) Date: Wed, 12 Jul 2017 19:39:08 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 794417: Retain `ret != 0` when capaths finds no match. Message-ID: <5966dd4c6b57a_20f7a3f9d4c933c34107132@hookshot-fe-6dbb0c4.cp1-iad.github.net.mail> Branch: refs/heads/heimdal-7-1-branch Home: https://github.com/heimdal/heimdal Commit: 79441760aedb61f64e263fb8c4b95b9c8f3646c8 https://github.com/heimdal/heimdal/commit/79441760aedb61f64e263fb8c4b95b9c8f3646c8 Author: Viktor Dukhovni Date: 2017-07-12 (Wed, 12 Jul 2017) Changed paths: M kdc/krb5tgs.c Log Message: ----------- Retain `ret != 0` when capaths finds no match. (cherry picked from commit 3910c23378e56f35dc23a94fdc331cf64a025329) From noreply at github.com Sat Jul 22 17:36:43 2017 From: noreply at github.com (GitHub) Date: Sat, 22 Jul 2017 08:36:43 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] b78749: Fixes https://github.com/heimdal/heimdal/issues/29... Message-ID: <5973710b1ddad_59b43fa643fedc284937c@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: b787491942651280a323c28ddfee44dd8aa3e915 https://github.com/heimdal/heimdal/commit/b787491942651280a323c28ddfee44dd8aa3e915 Author: Quanah Gibson-Mount Date: 2017-07-22 (Sat, 22 Jul 2017) Changed paths: M lib/libedit/src/vis.h Log Message: ----------- Fixes https://github.com/heimdal/heimdal/issues/294 From noreply at github.com Fri Jul 28 05:03:53 2017 From: noreply at github.com (GitHub) Date: Thu, 27 Jul 2017 20:03:53 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 237cd8: kdc: unused pid element is (pid_t)-1 not zero Message-ID: <597aa999b7ddd_57823ff1bf00dc3c1224ba@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 237cd892d9e9625b135f8c9d078d50dfa44bba91 https://github.com/heimdal/heimdal/commit/237cd892d9e9625b135f8c9d078d50dfa44bba91 Author: Jeffrey Altman Date: 2017-07-27 (Thu, 27 Jul 2017) Changed paths: M kdc/connect.c Log Message: ----------- kdc: unused pid element is (pid_t)-1 not zero When the termination of a child process is observed by reap_kid() it clears the pids[] element by assigning it the invalid pid value (pid_t)-1. However, start_kdc() assumes that the unused pid[[] element value is 0. As a result, each pid[] element's associated child process can only be restarted once since start_kdc() will not be able to locate an unused element. This change alters start_kdc() to initialize all elements of pids[] to (pid_t)-1 and use that as the marker for unused elements. By doing so start_kdc() can properly record child process pids and indefinitely restart child processes as necessary. Change-Id: Ia93c9284ab21289994eca7fc9cf1278be7c00683