[Heimdal-source-changes] [heimdal/heimdal] 90a59a: krb5: Fix fcc_open() FD leak
Nico Williams
noreply at github.com
Tis Dec 10 03:26:39 CET 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 90a59a064b4f40194bbde55075792ce1bf9d3a1f
https://github.com/heimdal/heimdal/commit/90a59a064b4f40194bbde55075792ce1bf9d3a1f
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-06 (Fri, 06 Dec 2019)
Changed paths:
M lib/krb5/fcache.c
Log Message:
-----------
krb5: Fix fcc_open() FD leak
Commit: 7102f2be9e4a7bed4b3a25428789fd4d01280ed5
https://github.com/heimdal/heimdal/commit/7102f2be9e4a7bed4b3a25428789fd4d01280ed5
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-06 (Fri, 06 Dec 2019)
Changed paths:
M lib/krb5/pkinit.c
Log Message:
-----------
krb5: Fix leak in PKINIT client
Commit: d021710efc1d9ba06fb2fd73a8455f527ca23eef
https://github.com/heimdal/heimdal/commit/d021710efc1d9ba06fb2fd73a8455f527ca23eef
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-06 (Fri, 06 Dec 2019)
Changed paths:
M lib/gssapi/mech/gss_add_cred_from.c
Log Message:
-----------
gss: Fix leak in gss_add_cred_from()
Commit: 3c0d1258ceae61a00f7fb2a8ac220399cb0cbe84
https://github.com/heimdal/heimdal/commit/3c0d1258ceae61a00f7fb2a8ac220399cb0cbe84
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-09 (Mon, 09 Dec 2019)
Changed paths:
M lib/hx509/req.c
Log Message:
-----------
hx509: Fix unauthorized feature accounting
Commit: e51574599662486e2e54fec03eb69003a8998fa5
https://github.com/heimdal/heimdal/commit/e51574599662486e2e54fec03eb69003a8998fa5
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-09 (Mon, 09 Dec 2019)
Changed paths:
M lib/hx509/cert.c
M lib/hx509/hx509.h
M lib/hx509/hxtool-commands.in
M lib/hx509/hxtool.c
M lib/hx509/keyset.c
M lib/hx509/ks_file.c
M lib/hx509/ks_keychain.c
M lib/hx509/ks_p11.c
M lib/hx509/ks_p12.c
Log Message:
-----------
hx509: private key exclusion options
Add two ways to exclude private keys when dealing with an hx509
certificate store. One as a load option (load no private keys, never
add private keys), one as a store option (store no private keys).
This is useful for CA code so it can have a single store with the
issuer's credentials _and_ the chain for it, and copy those to a store
with the issued certificate and _not_ accidentally include the issuer's
private key.
It would be much safer still to flip the default for this flag, but that
could break out-of-tree libhx509 dependents.
Commit: 0a0a27ccecb44123df394dc1eed5d54dae96b7d8
https://github.com/heimdal/heimdal/commit/0a0a27ccecb44123df394dc1eed5d54dae96b7d8
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-09 (Mon, 09 Dec 2019)
Changed paths:
M kdc/bx509d.c
M kdc/ca.c
Log Message:
-----------
kdc: bx509: Do not vend issuer private keys
Commit: d1a265209098c10586b19044ef987ba9ed33068a
https://github.com/heimdal/heimdal/commit/d1a265209098c10586b19044ef987ba9ed33068a
Author: Nicolas Williams <nico at twosigma.com>
Date: 2019-12-09 (Mon, 09 Dec 2019)
Changed paths:
M kdc/bx509d.c
M lib/gssapi/gss-token.c
M tests/kdc/Makefile.am
M tests/kdc/check-bx509.in
Log Message:
-----------
bx509: CSRF protection for /bnegotiate
Compare: https://github.com/heimdal/heimdal/compare/d4a319d57ddb...d1a265209098
More information about the Heimdal-source-changes
mailing list