[Heimdal-source-changes] [heimdal/heimdal] a57518: hx509: update gen_req.sh for OpenSSL 1.1 (#392)
Jeffrey Altman
noreply at github.com
Tis May 14 23:48:10 CEST 2019
Branch: refs/heads/heimdal-7-1-branch
Home: https://github.com/heimdal/heimdal
Commit: a57518fcf68b1a561567ed053bab957842238e0d
https://github.com/heimdal/heimdal/commit/a57518fcf68b1a561567ed053bab957842238e0d
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/hx509/Makefile.am
M lib/hx509/data/gen-req.sh
A lib/hx509/data/openssl.1.0.cnf
A lib/hx509/data/openssl.1.1.cnf
R lib/hx509/data/openssl.cnf
Log Message:
-----------
hx509: update gen_req.sh for OpenSSL 1.1 (#392)
OpenSSL 1.1 has the pkInitKDC OID built in, which breaks as it was redefined by
openssl.cnf in Heimdal. Try to determine if OpenSSL >= 1.1 and if so, use a
configuration file that omits this OID definition. The implementation is not
robust but as this is simply an example (not run by the test suites), it should
be adequete.
(cherry picked from commit 6561afff3afdf74e3c9c7b0ecaad4b141275431f)
Commit: 66afdfe1fe639e7b4653d1a8c38199570c2017c3
https://github.com/heimdal/heimdal/commit/66afdfe1fe639e7b4653d1a8c38199570c2017c3
Author: Quanah Gibson-Mount <quanah at symas.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/hx509/data/gen-req.sh
M lib/hx509/data/mkcert.sh
Log Message:
-----------
For https://github.com/heimdal/heimdal/issues/392
Modern OpenSSL no longer has the 2038 year restriction. Update the
certs to last 500 years rather than 10 years.
Modern crypto requirements suggest a stronger key strength than 1024.
Update to use a minimum of 4096.
Fix executable bit on gen-req.sh
(cherry picked from commit 98f904036c7988f5b53a5880ad7b3cf0b3bb6f0f)
Commit: 9e00fc27d001e118a71ad58c4e101067c432d32c
https://github.com/heimdal/heimdal/commit/9e00fc27d001e118a71ad58c4e101067c432d32c
Author: Quanah Gibson-Mount <quanah at symas.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/hx509/data/openssl.1.1.cnf
Log Message:
-----------
For https://github.com/heimdal/heimdal/issues/392
Correctly reference the OID so gen-cert.sh works correctly
(cherry picked from commit 2d193d380d13e0c8b3c9312c26613d58fa7837df)
Commit: 7e602b62c6b4c5ba31a09c52dae7081a235e0511
https://github.com/heimdal/heimdal/commit/7e602b62c6b4c5ba31a09c52dae7081a235e0511
Author: Quanah Gibson-Mount <quanah at symas.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/hx509/data/ca.crt
M lib/hx509/data/ca.key
M lib/hx509/data/crl1.crl
M lib/hx509/data/crl1.der
M lib/hx509/data/https.crt
M lib/hx509/data/https.key
M lib/hx509/data/kdc.crt
M lib/hx509/data/kdc.key
M lib/hx509/data/no-proxy-test.crt
M lib/hx509/data/no-proxy-test.key
M lib/hx509/data/ocsp-req1.der
M lib/hx509/data/ocsp-req2.der
M lib/hx509/data/ocsp-resp1-ca.der
M lib/hx509/data/ocsp-resp1-keyhash.der
M lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
M lib/hx509/data/ocsp-resp1-ocsp.der
M lib/hx509/data/ocsp-resp2.der
M lib/hx509/data/ocsp-responder.crt
M lib/hx509/data/ocsp-responder.key
M lib/hx509/data/pkinit-ec.crt
M lib/hx509/data/pkinit-ec.key
M lib/hx509/data/pkinit-proxy-chain.crt
M lib/hx509/data/pkinit-proxy.crt
M lib/hx509/data/pkinit-proxy.key
M lib/hx509/data/pkinit-pw.key
M lib/hx509/data/pkinit.crt
M lib/hx509/data/pkinit.key
M lib/hx509/data/proxy-level-test.crt
M lib/hx509/data/proxy-level-test.key
M lib/hx509/data/proxy-test.crt
M lib/hx509/data/proxy-test.key
M lib/hx509/data/proxy10-child-child-test.crt
M lib/hx509/data/proxy10-child-child-test.key
M lib/hx509/data/proxy10-child-test.crt
M lib/hx509/data/proxy10-child-test.key
M lib/hx509/data/proxy10-test.crt
M lib/hx509/data/proxy10-test.key
M lib/hx509/data/revoke.crt
M lib/hx509/data/revoke.key
M lib/hx509/data/secp256r1TestCA.cert.pem
M lib/hx509/data/secp256r1TestCA.pem
M lib/hx509/data/secp256r2TestClient.cert.pem
M lib/hx509/data/secp256r2TestClient.pem
M lib/hx509/data/secp256r2TestServer.cert.pem
M lib/hx509/data/secp256r2TestServer.pem
M lib/hx509/data/sub-ca.crt
M lib/hx509/data/sub-ca.key
M lib/hx509/data/sub-cert.crt
M lib/hx509/data/sub-cert.key
M lib/hx509/data/sub-cert.p12
M lib/hx509/data/test-ds-only.crt
M lib/hx509/data/test-ds-only.key
M lib/hx509/data/test-enveloped-aes-128
M lib/hx509/data/test-enveloped-aes-256
M lib/hx509/data/test-enveloped-des
M lib/hx509/data/test-enveloped-des-ede3
M lib/hx509/data/test-enveloped-rc2-128
M lib/hx509/data/test-enveloped-rc2-40
M lib/hx509/data/test-enveloped-rc2-64
M lib/hx509/data/test-ke-only.crt
M lib/hx509/data/test-ke-only.key
M lib/hx509/data/test-nopw.p12
M lib/hx509/data/test-pw.key
M lib/hx509/data/test-signed-data
M lib/hx509/data/test-signed-data-noattr
M lib/hx509/data/test-signed-data-noattr-nocerts
M lib/hx509/data/test-signed-sha-1
M lib/hx509/data/test-signed-sha-256
M lib/hx509/data/test-signed-sha-512
M lib/hx509/data/test.combined.crt
M lib/hx509/data/test.crt
M lib/hx509/data/test.key
M lib/hx509/data/test.p12
Log Message:
-----------
Fixes https://github.com/heimdal/heimdal/issues/533
Update certs to no longer be expired, last 500 years.
(cherry picked from commit aad5c710145053cdeaa7042d0e80db6f1748c606)
Commit: 583b1561739c408e2349f25afcfc9bd6fd89d561
https://github.com/heimdal/heimdal/commit/583b1561739c408e2349f25afcfc9bd6fd89d561
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kinit.c
Log Message:
-----------
kinit: don't leave dangling temporary ccaches
kinit does not destroy ccaches created with krb5_cc_new_unique() if ticket
acquisition fails. This was leaving dangling keyring entries with the keyring
ccache.
(cherry picked from commit 2e1304b9d55d24a3846f4dc9c794d0c197af4438)
Commit: 69c9b28fc4243ff88db80d8817239f2f89a83851
https://github.com/heimdal/heimdal/commit/69c9b28fc4243ff88db80d8817239f2f89a83851
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/krb5tgs.c
M kuser/kimpersonate.c
M lib/krb5/build_auth.c
M lib/krb5/get_for_creds.c
M lib/krb5/rd_cred.c
Log Message:
-----------
check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
The ASN.1 functions copy_Realm(), copy_PrincipalName() and
copy_EncryptionKey() can fail. Check the return and perform error
handling as appropriate.
Change-Id: I2b3629d19db96eb41d1cd554cef1dca99745e753
(cherry picked from commit 6f3ab01c757a2ec66e6550a133f424955ad8a398)
Commit: 87f2798a6ad435e28cea00379d67eb5aa5f8b90a
https://github.com/heimdal/heimdal/commit/87f2798a6ad435e28cea00379d67eb5aa5f8b90a
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/send_to_kdc.c
Log Message:
-----------
krb5: fix spelling error in debug log
(cherry picked from commit 1bc2eb33f9992142815152581c9fe2a8894d7964)
Commit: 721487fbc57c0617cdf82a2941987ec4bfffd777
https://github.com/heimdal/heimdal/commit/721487fbc57c0617cdf82a2941987ec4bfffd777
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: fix compliance with RFC 8062 Section 4.1
RFC 8062 states that if the client in the AS request is anonymous, the
anonymous KDC option must be set in the request; otherwise, KDC_ERR_BADOPTION
must be returned. We were previously returning KDC_ERR_C_PRINCIPAL_UNKNOWN.
(cherry picked from commit 2f013b0d48552b263f5e90279692f55e152ba060)
Commit: d6e29b2c13591a5e807a448e6de5dbebbdcbac50
https://github.com/heimdal/heimdal/commit/d6e29b2c13591a5e807a448e6de5dbebbdcbac50
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: do not include PAC for anonymous AS requests
The PAC will typically contain information that may reveal the identity of a
principal. Do not include it for anonymous requests, at least until such time
as the PAC plugin API supports indicating that the request was anonymous.
(cherry picked from commit 7a7eb9de2fc93e54362b4c8b9ecc15294bc1c762)
Commit: 7f54b116df1d9a5eb22b1e0da094c4280a24a937
https://github.com/heimdal/heimdal/commit/7f54b116df1d9a5eb22b1e0da094c4280a24a937
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: conform _kdc_make_anonymous_principalname() to RFC8062
The utility function _kdc_make_anonymous_principalname() previously returned a
principal of "anonymous" rather than "WELLKNOWN/ANONYMOUS", as specified by
RFC8062. This is not used by the AS-REQ code.
(cherry picked from commit 5c8f48495eab08736fc4f12a8fff0786303af1a7)
Commit: f679379f23ca9c665d70e3a38447d82f0a8b9951
https://github.com/heimdal/heimdal/commit/f679379f23ca9c665d70e3a38447d82f0a8b9951
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/pkinit.c
Log Message:
-----------
kdc: allow anonymous AS requests with long-term keys
RFC8062 section 4.1 allows clients with long-term KDC keys to set the anonymous
flag; in this case their identity is authenticated but the returned ticket
contains the anonymous principal name as the client name.
kdc: allow authenticated anonymous PKINIT
The KDC PKINIT code conflated the checks for authenticated and unauthenticated
anonymous by only looking at the anonymous KDC request option.
(cherry picked from commit 63557427e0a1cd3d23c0942ab58bcae7c2e35534
except for conflict with: c6232299c3b2831d5d8ecf701fcd286ae509fba8)
Commit: 6654399e43010fd74824809dd11c5ea8b0403210
https://github.com/heimdal/heimdal/commit/6654399e43010fd74824809dd11c5ea8b0403210
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kinit.1
M kuser/kinit.c
M tests/kdc/check-kdc.in
Log Message:
-----------
kuser: support authenticated anonymous AS-REQs in kinit
Allow kinit to request anonymous tickets with authenticated clients, not just
anonymous PKINIT.
(cherry picked from commit 3051db0d5dbf52c9dbdb6ed357373ba78750304f)
Commit: 77a7d073ea58b0fd840a83743a7fb73ef83ec3b3
https://github.com/heimdal/heimdal/commit/77a7d073ea58b0fd840a83743a7fb73ef83ec3b3
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/krb5tgs.c
Log Message:
-----------
kdc: support for anonymous TGS-REQs
Allow non-anonymous tickets to be used to obtain an anonymous service ticket,
by setting the anonymous KDC option. Do not include Win2K PAC in anonymous
service tickets. Validate anonymous flags per RFC 8062.
(cherry picked from commit af63541515643782a86d0fddf2b97b265b8ec44d)
Commit: 0972c7f4932fdb632f6b9029598bf90248f723bc
https://github.com/heimdal/heimdal/commit/0972c7f4932fdb632f6b9029598bf90248f723bc
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/get_cred.c
M lib/krb5/krb5.h
M lib/krb5/ticket.c
Log Message:
-----------
krb5: support for anonymous TGS requests
Add support to krb5_get_creds() for requesting anonymous service tickets using
a TGT, using the flag KRB5_GC_ANONYMOUS.
(cherry picked from commit 55ee6c12825aec0f4c557946c2e7e029484054db)
Commit: c15211fe3beabaf8e6b701c66e42318876924f37
https://github.com/heimdal/heimdal/commit/c15211fe3beabaf8e6b701c66e42318876924f37
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kgetcred.1
M kuser/kgetcred.c
Log Message:
-----------
kuser: kgetcred support for anonymous service tickets
(cherry picked from commit 455961839179c55a07502b55203c153711e4d3f0)
Commit: 423f6835d7321c4bbfd36c5d47521a0896749e81
https://github.com/heimdal/heimdal/commit/423f6835d7321c4bbfd36c5d47521a0896749e81
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/kerberos5.c
M kuser/kinit.c
M kuser/kuser_locl.h
M lib/krb5/krb5_locl.h
M lib/krb5/libkrb5-exports.def.in
M lib/krb5/principal.c
M lib/krb5/ticket.c
M lib/krb5/version-script.map
Log Message:
-----------
krb5: _krb5_principal_is_anonymous() helper API
Add _krb5_principal_is_anonymous() private API for checking if a principal is
anonymous or not. The third argument determines whether to match authenticated
anonymous, unauthenticated anonymous, or both types of principal.
(cherry picked from commit bcc90f1b87dd9e79577c0790a4d76efdaf6c6c51)
Commit: 3cfcab2d4fce29ba562fd15038e913bcdb68214c
https://github.com/heimdal/heimdal/commit/3cfcab2d4fce29ba562fd15038e913bcdb68214c
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kuser/kinit.c
M lib/krb5/krb5.h
M lib/krb5/pkinit.c
Log Message:
-----------
krb5: krb5_get_init_creds_opt_set_pkinit flag names
Add macros to give symbolic names to the flags which can be passed to
krb5_get_init_creds_opt_set_pkinit(). Reserve flags for BTMM and not validating
KDC anchors.
(cherry picked from commit 5ca229e0d9c19699eb39345a2a8513a956518cb7)
Commit: e93798dc52bacfce476eb0c65eb5ea731433f443
https://github.com/heimdal/heimdal/commit/e93798dc52bacfce476eb0c65eb5ea731433f443
Author: Roland C. Dowdeswell <roland.dowdeswell at twosigma.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/send_to_kdc.c
Log Message:
-----------
krb5_sendto_kdc: failover for multiple AAAA/A RRs on one domain
We found that the libraries behaviour when dealing with domains with
more than one entry in them is slightly suboptimal. The situation
was
kdc1 IN A 1.2.3.4
kdc1 IN AAAA ff02::1
I.e. a single hostmame with both IPv6 and IPv4 addresses. When we
run krb5_sendto_kdc on a box with only IPv4 addresses, there is a
3s delay before it fails back to the IPv4 address. This is because
the library sets the 2nd address on each hostname to be 3s in the
future and each additional one another 3s.
We change wait_response() s.t. if one is able to make progress, we
iterate over the list of hosts and move them all 1s forward. We
also modify submit_request() to skip hosts if host_connect() fails.
(cherry picked from commit d497d7e4a796c6bda153e7f10fe9478724b855ab)
Commit: 6c9914c871d14d46ec7be34ec320c9b2e847e851
https://github.com/heimdal/heimdal/commit/6c9914c871d14d46ec7be34ec320c9b2e847e851
Author: Viktor Dukhovni <viktor at twosigma.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/send_to_kdc.c
Log Message:
-----------
Windows-compatible sentinel socket type and value
(cherry picked from commit 8740528b2477f872147998ca19a66d2fae12631b)
Commit: 9f2943750b106b5f0131a39f167d45d35d44044c
https://github.com/heimdal/heimdal/commit/9f2943750b106b5f0131a39f167d45d35d44044c
Author: Isaac Boukris <iboukris at gmail.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M kdc/krb5tgs.c
Log Message:
-----------
CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba's AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user at EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator at EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
==================
CVSSv3 calculation
==================
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (7.5)
=========================
Workaround and Mitigation
=========================
If server does not take privileged actions based on Kerberos tickets
obtained by S4U2Self nor obtains Kerberos tickets via further
S4U2Proxy requests then this issue cannot be exploited.
Note that the path to an exploit is not generic, the KDC is not harmed
by the malicious checksum, it is the client service requesting the
ticket being mislead, because it trusted the KDC to return the correct
ticket and PAC.
It is out of scope for Samba to describe all of the possible tool
chains that might be vulnerable. Here are two examples of possible
exploits in order to explain the issue more clearly.
1). SFU2Self might be used by a web service authenticating an end user
via OAuth, Shibboleth, or other protocols to obtain a S4U2Self
Kerberos service ticket for use by any Kerberos service principal the
web service has a keytab for. One example is acquiring an AFS token
by requesting an afs/cell at REALM service ticket for a client via
SFU2Self. With this exploit an organization that deploys a KDC built
from Heimdal (be it Heimdal directly or vendor versions such as found
in Samba) is vulnerable to privilege escalation attacks.
2). If a server authenticates users using X509 certificates, and then
uses S4U2Self to obtain a Kerberos service ticket on behalf of the
user (principal) in order to authorize access to local resources, a
man-in-the-middle attacker could allow a non-privilaged user to access
privilaged resources being protected by the server, or privilaged
resources being protected by a second server, if the first server uses
the S4U2Proxy extension in order to get a new Kerberos service ticket
to obtain access to the second server.
In both these scenarios under conditions allowing man-in-the-middle
active network protocol manipulation, a malicious user could
authenticate using the non-Kerborized credentials of an unprivileged
user, and then elevate its privileges by intercepting the packet from
the server to the KDC and changing the requested user name (principal).
The only Samba clients that use S4U2Self are:
- the "net ads kerberos pac dump" (debugging) tool.
- the CIFS proxy in the deprecated/developer-only NTVFS file
server. Note this code is not compiled or enabled by default.
In particular, winbindd does *not* use S4U2Self.
Finally, MIT Kerberos and so therefore the experimental MIT KDC backend
for Samba AD is understood not to be impacted.
===============
Further Reading
===============
There is more detail on and a description of the protocols in
[MS-SFU]: Kerberos Protocol Extensions: Service for User and Constrained
Delegation Protocol
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/
=======
Credits
=======
Originally reported by Isaac Boukris and Andrew Bartlett of the Samba
Team and Catalyst.
Patches provided by Isaac Boukris.
Advisory written by Andrew Bartlett of the Samba Team and Catalyst,
with contributions from Isaac Boukris, Jeffrey Altman and Jeremy
Allison.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685
Change-Id: I4ac69ebf0503eb999a7d497a2c30fe4d293a8cc8
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeffrey Altman <jaltman at auristor.com>
Signed-off-by: Jeffrey Altman <jaltman at auristor.com>
(cherry picked from commit c6257cc2c842c0faaeb4ef34e33890ee88c4cbba)
Commit: 2f7f3d9960aa6ea21358bdf3687cee5149aa35cf
https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf
Author: Luke Howard <lukeh at padl.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M lib/krb5/init_creds_pw.c
M lib/krb5/krb5_locl.h
M lib/krb5/pkinit.c
Log Message:
-----------
CVE-2019-12098: krb5: always confirm PA-PKINIT-KX for anon PKINIT
RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge
when anonymous PKINIT is used. Failure to do so can permit an active
attacker to become a man-in-the-middle.
Introduced by a1ef548600c5bb51cf52a9a9ea12676506ede19f. First tagged
release Heimdal 1.4.0.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N (4.8)
Change-Id: I6cc1c0c24985936468af08693839ac6c3edda133
Signed-off-by: Jeffrey Altman <jaltman at auristor.com>
Approved-by: Jeffrey Altman <jaltman at auritor.com>
(cherry picked from commit 38c797e1ae9b9c8f99ae4aa2e73957679031fd2b)
Commit: 54c7b3f86082a95b1dfb04d2588b0078fd144c0a
https://github.com/heimdal/heimdal/commit/54c7b3f86082a95b1dfb04d2588b0078fd144c0a
Author: Viktor Dukhovni <viktor at twosigma.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M NEWS
Log Message:
-----------
Update NEWS for 7.6.0
Commit: 0c7ccf3bd48a5cb13893afb8b62e0e9cd66941d3
https://github.com/heimdal/heimdal/commit/0c7ccf3bd48a5cb13893afb8b62e0e9cd66941d3
Author: Viktor Dukhovni <viktor at twosigma.com>
Date: 2019-05-14 (Tue, 14 May 2019)
Changed paths:
M configure.ac
M windows/NTMakefile.version
Log Message:
-----------
Bump version to 7.6
Compare: https://github.com/heimdal/heimdal/compare/dd249257e397...0c7ccf3bd48a
More information about the Heimdal-source-changes
mailing list