From noreply at github.com Sun Nov 3 00:50:37 2019 From: noreply at github.com (Nico Williams) Date: Sat, 02 Nov 2019 16:50:37 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] db35ae: asn1: Fix OID resolution bug Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: db35aeb5bee04b241c39e7dd0adb2e4f383f406a https://github.com/heimdal/heimdal/commit/db35aeb5bee04b241c39e7dd0adb2e4f383f406a Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/asn1/oid_resolution.c Log Message: ----------- asn1: Fix OID resolution bug Commit: ed1f900cfb2ac6b78dc5d2025c349ebcdda542cc https://github.com/heimdal/heimdal/commit/ed1f900cfb2ac6b78dc5d2025c349ebcdda542cc Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/asn1/libasn1-exports.def M lib/asn1/rfc2459.asn1 Log Message: ----------- asn1: Add some missing OIDs from RFC5280 Commit: b54107ee2b1f9fcfbd25962df5c374edfaf31aa9 https://github.com/heimdal/heimdal/commit/b54107ee2b1f9fcfbd25962df5c374edfaf31aa9 Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/asn1/rfc2459.asn1 Log Message: ----------- asn1: Add more EKU OIDs from RFC7299, OpenSSL Commit: ec858b3a46e875285d044bf55b4cdb5fc06a196b https://github.com/heimdal/heimdal/commit/ec858b3a46e875285d044bf55b4cdb5fc06a196b Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/ipc/client.c M lib/ipc/server.c Log Message: ----------- ipc: Get socket dir via secure_getenv() Using /var/run means needing privilege to run. Commit: 7dc134e41056451badae3c0fa2c4b1b662308eb5 https://github.com/heimdal/heimdal/commit/7dc134e41056451badae3c0fa2c4b1b662308eb5 Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/krb5/common_plugin.h M lib/krb5/plugin.c Log Message: ----------- krb5: Move krb5_plugin_load_t typedef to header Commit: ddbc36d86b4dd5f06ca648fabc3475e465974c25 https://github.com/heimdal/heimdal/commit/ddbc36d86b4dd5f06ca648fabc3475e465974c25 Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/hx509/ks_file.c Log Message: ----------- hx509: Store priv keys first in PEM stores Most consumers of PEM files don't care about the order in which private keys and certificates are stored. However, Postfix does care when multiple EE certs (and chains) are stored in a file, in which case it requires that private keys come before their certificates. Commit: 6612090ba06e1b7016c0a733e590d4a469189e51 https://github.com/heimdal/heimdal/commit/6612090ba06e1b7016c0a733e590d4a469189e51 Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/hx509/libhx509-exports.def M lib/hx509/version-script.map Log Message: ----------- hx509: Export missing symbols Commit: 427751a2041b4b2fe12ded5038100d46df168337 https://github.com/heimdal/heimdal/commit/427751a2041b4b2fe12ded5038100d46df168337 Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/hx509/hxtool-commands.in M lib/hx509/hxtool.c Log Message: ----------- hxtool: Add "acert" (assert cert contents) command This will prove useful in testing kx509. Commit: 35c91324ed828ca1fb1c1b8f9973acec5e4d4cee https://github.com/heimdal/heimdal/commit/35c91324ed828ca1fb1c1b8f9973acec5e4d4cee Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/hx509/cert.c M lib/hx509/libhx509-exports.def M lib/hx509/version-script.map Log Message: ----------- hx509: Add hx509_get_instance() Commit: 66cde3e580ef7354f4ea94b1df8df6db62504620 https://github.com/heimdal/heimdal/commit/66cde3e580ef7354f4ea94b1df8df6db62504620 Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/hx509/req.c Log Message: ----------- hx509: Fix hx509_request_get_exts() Commit: 94bf464f8d00c209ae2bd6ee8b71026daa76fafb https://github.com/heimdal/heimdal/commit/94bf464f8d00c209ae2bd6ee8b71026daa76fafb Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M lib/krb5/libkrb5-exports.def.in M lib/krb5/ticket.c M lib/krb5/version-script.map Log Message: ----------- krb5: Add krb5_ticket_get_times() Commit: 0cc708ba36bdc699645e2384b335a5c3b15928fd https://github.com/heimdal/heimdal/commit/0cc708ba36bdc699645e2384b335a5c3b15928fd Author: Nicolas Williams Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M kuser/heimtools-commands.in M kuser/kx509.1 M kuser/kx509.c Log Message: ----------- kx509: add time-to-live for kx509 -t option It's useful to check for having so many seconds left in useful credential lifetime. Compare: https://github.com/heimdal/heimdal/compare/f717c7344bf7...0cc708ba36bd From noreply at github.com Sun Nov 3 02:17:09 2019 From: noreply at github.com (Jeffrey Altman) Date: Sat, 02 Nov 2019 18:17:09 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] efb27f: Windows: update default timestamping service Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: efb27f15ac3def3db4ad629d70e8def764adba21 https://github.com/heimdal/heimdal/commit/efb27f15ac3def3db4ad629d70e8def764adba21 Author: Jeffrey Altman Date: 2019-11-02 (Sat, 02 Nov 2019) Changed paths: M windows/NTMakefile.w32 M windows/README.md Log Message: ----------- Windows: update default timestamping service The Verisign and Symantec timestamping services have been shutdown. Switch to the Digicert service which replaced the Symantec services as of 31 Oct 2019. http://timestamp.digicert.com Change-Id: I365e6c3698b8fc99b18e8d1e5a54ce3519f3c5eb From noreply at github.com Mon Nov 4 21:11:54 2019 From: noreply at github.com (Nico Williams) Date: Mon, 04 Nov 2019 12:11:54 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9ca5d7: hx509: fix hx509_request_get_eku() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9ca5d710f9e23364cbb53eb7dcd326fbb0bf151f https://github.com/heimdal/heimdal/commit/9ca5d710f9e23364cbb53eb7dcd326fbb0bf151f Author: Nicolas Williams Date: 2019-11-04 (Mon, 04 Nov 2019) Changed paths: M lib/hx509/req.c Log Message: ----------- hx509: fix hx509_request_get_eku() From noreply at github.com Thu Nov 7 02:29:31 2019 From: noreply at github.com (Viktor Dukhovni) Date: Wed, 06 Nov 2019 17:29:31 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 12826c: Handle partial writes on non-blocking sockets Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 12826c9586f19b63198879c4bb93eb6395d0bfe1 https://github.com/heimdal/heimdal/commit/12826c9586f19b63198879c4bb93eb6395d0bfe1 Author: Viktor Dukhovni Date: 2019-11-06 (Wed, 06 Nov 2019) Changed paths: M lib/roken/net_write.c Log Message: ----------- Handle partial writes on non-blocking sockets Now that we're using krb5_net_write() with non-blocking sockets in ipropd_master, we MUST correctly account for partial writes. Therefore, roken net_write() called from krb5_net_write() now returns the number of bytes written when the socket error was EWOULDBLOCK (or EAGAIN). Also, fix potential issue on Windows, where errno was used instead of rk_SOCKET_ERRNO whether or not we used _write() or send(). From noreply at github.com Thu Nov 7 02:51:35 2019 From: noreply at github.com (Nico Williams) Date: Wed, 06 Nov 2019 17:51:35 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] fce3f1: hx509: Add hx509_ca_tbs_get_name() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: fce3f168593f4aff18882accf26e21625b491eb8 https://github.com/heimdal/heimdal/commit/fce3f168593f4aff18882accf26e21625b491eb8 Author: Nicolas Williams Date: 2019-11-06 (Wed, 06 Nov 2019) Changed paths: M lib/hx509/ca.c M lib/hx509/libhx509-exports.def M lib/hx509/version-script.map Log Message: ----------- hx509: Add hx509_ca_tbs_get_name() This is so we can check if a TBS gets an empty subject name, then refuse to issue the certificate if it doesn't also have at least one SAN. Commit: a2650ef20b6ab0f07f771eb53b4e41844320fe71 https://github.com/heimdal/heimdal/commit/a2650ef20b6ab0f07f771eb53b4e41844320fe71 Author: Nicolas Williams Date: 2019-11-06 (Wed, 06 Nov 2019) Changed paths: M kuser/kx509.c Log Message: ----------- kx509: Fix uninitalized ret var use Compare: https://github.com/heimdal/heimdal/compare/12826c9586f1...a2650ef20b6a From noreply at github.com Fri Nov 8 02:11:58 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Thu, 07 Nov 2019 17:11:58 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3c7da7: derived keys: ensure that princ is correct Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3c7da79838d370244822326b805ea97a2b7fe2ab https://github.com/heimdal/heimdal/commit/3c7da79838d370244822326b805ea97a2b7fe2ab Author: Roland C. Dowdeswell Date: 2019-11-07 (Thu, 07 Nov 2019) Changed paths: M kdc/misc.c Log Message: ----------- derived keys: ensure that princ is correct We copy the princ in the hdb_entry so that if it is later used, it will reflect what we want. From noreply at github.com Sat Nov 9 02:55:41 2019 From: noreply at github.com (Viktor Dukhovni) Date: Fri, 08 Nov 2019 17:55:41 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] e89e3b: Do not recover log in kadm5_get_principal() Message-ID: Branch: refs/heads/heimdal-7-1-branch Home: https://github.com/heimdal/heimdal Commit: e89e3be1346ad4dcd6f8edbd70d5061865ee11b5 https://github.com/heimdal/heimdal/commit/e89e3be1346ad4dcd6f8edbd70d5061865ee11b5 Author: Nicolas Williams Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M lib/kadm5/get_s.c M tests/kdc/check-iprop.in Log Message: ----------- Do not recover log in kadm5_get_principal() Commit: 5733372241456e8cf4d9052802712dc762e8b262 https://github.com/heimdal/heimdal/commit/5733372241456e8cf4d9052802712dc762e8b262 Author: Nicolas Williams Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M lib/kadm5/ipropd_slave.c Log Message: ----------- ipropd-slave: don't send I_HAVE in response to AYT ipropd-master sends AYT messages often as a result of a possibly- transient error, but if the slave responds to such an AYT with I_HAVE, then the same code path that failed will be executed on the master, and if the error wasn't transient then we'll loop hard. So don't send an I_HAVE in response to an AYT. Commit: 360351529c275f307c1dc41aca40bc2e76a2fa55 https://github.com/heimdal/heimdal/commit/360351529c275f307c1dc41aca40bc2e76a2fa55 Author: Nicolas Williams Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M lib/kadm5/ipropd_master.c Log Message: ----------- ipropd-master: use async I/O If a slave is slow to consume what the master sends it, the master can block and all iprop operations with it. With minimal effort we make the master async oriented. Commit: 4757a1235326840ddfe054154e1e58c10ec97de0 https://github.com/heimdal/heimdal/commit/4757a1235326840ddfe054154e1e58c10ec97de0 Author: Viktor Dukhovni Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M configure.ac M include/config.h.w32 M lib/kadm5/ipropd_master.c M lib/kadm5/ipropd_slave.c M lib/kadm5/kadm5_locl.h Log Message: ----------- Disable Nagle in iprop master and slave Commit: 937dfde2e21c0b5db7945dc718a1b0d91fe12274 https://github.com/heimdal/heimdal/commit/937dfde2e21c0b5db7945dc718a1b0d91fe12274 Author: Viktor Dukhovni Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M lib/roken/net_write.c Log Message: ----------- Handle partial writes on non-blocking sockets Now that we're using krb5_net_write() with non-blocking sockets in ipropd_master, we MUST correctly account for partial writes. Therefore, roken net_write() called from krb5_net_write() now returns the number of bytes written when the socket error was EWOULDBLOCK (or EAGAIN). Also, fix potential issue on Windows, where errno was used instead of rk_SOCKET_ERRNO whether or not we used _write() or send(). Commit: bb2fe326066de3dd093768347a54ae3f6ee3a4e9 https://github.com/heimdal/heimdal/commit/bb2fe326066de3dd093768347a54ae3f6ee3a4e9 Author: Viktor Dukhovni Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M lib/kadm5/Makefile.am M lib/kadm5/ipropd_master.c M lib/kadm5/libkadm5srv-exports.def M lib/kadm5/log.c M lib/kadm5/version-script.map Log Message: ----------- Refactor send_diffs making it progressive When a slave is many diffs behind, send these in batches of up to 50, then handle other slaves. This also implements a fast-path that makes incremental diffs faster when the log has not rolled over. Related code cleanup. Commit: f000d703224376d658f99b0765c2d8e3b757b98f https://github.com/heimdal/heimdal/commit/f000d703224376d658f99b0765c2d8e3b757b98f Author: Viktor Dukhovni Date: 2019-11-08 (Fri, 08 Nov 2019) Changed paths: M lib/kadm5/Makefile.am M lib/kadm5/ipropd_master.c M lib/kadm5/kadm5_locl.h M lib/kadm5/test_pw_quality.c Log Message: ----------- Align inclusion of krb5_locl.h with master Compare: https://github.com/heimdal/heimdal/compare/cd10e32900a0...f000d7032243 From noreply at github.com Sun Nov 10 23:47:39 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Sun, 10 Nov 2019 14:47:39 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 0c8691: Define a token expansion for %{strftime:}. Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 0c869176f4122fb04b60453d1210fa6b7630624f https://github.com/heimdal/heimdal/commit/0c869176f4122fb04b60453d1210fa6b7630624f Author: Roland C. Dowdeswell Date: 2019-11-10 (Sun, 10 Nov 2019) Changed paths: M lib/krb5/expand_path.c M lib/krb5/krb5.h Log Message: ----------- Define a token expansion for %{strftime:}. Commit: e44c680d8efbb20ab1980e604178eb9d0d38cdcb https://github.com/heimdal/heimdal/commit/e44c680d8efbb20ab1980e604178eb9d0d38cdcb Author: Roland C. Dowdeswell Date: 2019-11-10 (Sun, 10 Nov 2019) Changed paths: M lib/krb5/krb5_openlog.3 M lib/krb5/log.c Log Message: ----------- Make logging path definitions subject to token expansion. Commit: 84ffa22c93375f27bf2fc6f711cbbffd74737eb3 https://github.com/heimdal/heimdal/commit/84ffa22c93375f27bf2fc6f711cbbffd74737eb3 Author: Roland C. Dowdeswell Date: 2019-11-10 (Sun, 10 Nov 2019) Changed paths: M lib/krb5/krb5_openlog.3 M lib/krb5/log.c Log Message: ----------- Add an "EFILE:" target for logging. This target will write to a file IFF it exists. Compare: https://github.com/heimdal/heimdal/compare/3c7da79838d3...84ffa22c9337 From noreply at github.com Mon Nov 11 00:48:01 2019 From: noreply at github.com (Nico Williams) Date: Sun, 10 Nov 2019 15:48:01 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal From noreply at github.com Thu Nov 14 01:43:53 2019 From: noreply at github.com (Nico Williams) Date: Wed, 13 Nov 2019 16:43:53 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] ba5bb0: krb5: disable automatic kx509 by default Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ba5bb074950b029f59f11a44cf20315aae70d4fb https://github.com/heimdal/heimdal/commit/ba5bb074950b029f59f11a44cf20315aae70d4fb Author: Nicolas Williams Date: 2019-11-13 (Wed, 13 Nov 2019) Changed paths: M lib/krb5/cache.c M tests/kdc/krb5-pkinit.conf.in Log Message: ----------- krb5: disable automatic kx509 by default From noreply at github.com Mon Nov 18 21:20:21 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Mon, 18 Nov 2019 12:20:21 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] a8b749: include if it's available. Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a8b749685c77b997de89e197d1214ea261b7a65a https://github.com/heimdal/heimdal/commit/a8b749685c77b997de89e197d1214ea261b7a65a Author: Roland C. Dowdeswell Date: 2019-11-18 (Mon, 18 Nov 2019) Changed paths: M cf/roken-frag.m4 M lib/roken/getauxval.h Log Message: ----------- include if it's available. This fixes the auxval logic on NetBSD. From noreply at github.com Wed Nov 20 07:00:43 2019 From: noreply at github.com (Nico Williams) Date: Tue, 19 Nov 2019 22:00:43 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4981cf: roken: base64: set errno on decode errors Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4981cfc420ab9f9cd3c51e146cbad2c1aa95c4e9 https://github.com/heimdal/heimdal/commit/4981cfc420ab9f9cd3c51e146cbad2c1aa95c4e9 Author: Nicolas Williams Date: 2019-11-18 (Mon, 18 Nov 2019) Changed paths: M lib/roken/base64.c Log Message: ----------- roken: base64: set errno on decode errors Commit: 56c5f5909e41c827e77c181b5648fd758a804287 https://github.com/heimdal/heimdal/commit/56c5f5909e41c827e77c181b5648fd758a804287 Author: Nicolas Williams Date: 2019-11-19 (Tue, 19 Nov 2019) Changed paths: M lib/roken/Makefile.am M lib/roken/vis.c M lib/roken/vis.hin Log Message: ----------- roken: Add rkvis program for test scripts This will help programs that need to URL-escape strings. Also, this changes `do_hvis()` to not fallback on `do_svis()` for chars in `extra` -- that `do_hvis()` was doing that seems like an oversight. Christos Zoulas, of NetBSD, agrees. `do_hvis()` still falls back on `do_svis()` for characters not in the RFC 1808 / 3986 to-be-escaped set *and* characters not in the `extra` set -- that much seems to have been the intent. Commit: c1841f2f6786b21719a12f6c23b2d2d561ab5d38 https://github.com/heimdal/heimdal/commit/c1841f2f6786b21719a12f6c23b2d2d561ab5d38 Author: Nicolas Williams Date: 2019-11-19 (Tue, 19 Nov 2019) Changed paths: M lib/gssapi/Makefile.am A lib/gssapi/gss-token.1 A lib/gssapi/gss-token.c Log Message: ----------- gssapi: Import elric1's gss-token Commit: 944eae82cf2a1973e770b56c3401e777a7be5799 https://github.com/heimdal/heimdal/commit/944eae82cf2a1973e770b56c3401e777a7be5799 Author: Nicolas Williams Date: 2019-11-19 (Tue, 19 Nov 2019) Changed paths: M lib/asn1/rfc2459.asn1 M lib/hx509/hxtool.c Log Message: ----------- asn1: Remove alias of id-kp-clientAuth Commit: a40d4056bd6a4c708deee70a2739f228e2461f04 https://github.com/heimdal/heimdal/commit/a40d4056bd6a4c708deee70a2739f228e2461f04 Author: Nicolas Williams Date: 2019-11-19 (Tue, 19 Nov 2019) Changed paths: M lib/asn1/oid_resolution.c Log Message: ----------- asn1: Add der_find_or_parse_heim_oid() Commit: 4500a14f95acb3847dc45340ef0ec41ad4cac75e https://github.com/heimdal/heimdal/commit/4500a14f95acb3847dc45340ef0ec41ad4cac75e Author: Nicolas Williams Date: 2019-11-19 (Tue, 19 Nov 2019) Changed paths: M lib/hx509/cert.c M lib/hx509/hxtool.c M lib/hx509/sel.c Log Message: ----------- hx509: Show query expression parse errors Compare: https://github.com/heimdal/heimdal/compare/a8b749685c77...4500a14f95ac From noreply at github.com Thu Nov 21 00:14:46 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Wed, 20 Nov 2019 15:14:46 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 06f350: Update .gitignore to catch more test remains Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 06f3507c770c68281cdfb6a821d3f764f8823487 https://github.com/heimdal/heimdal/commit/06f3507c770c68281cdfb6a821d3f764f8823487 Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M .gitignore Log Message: ----------- Update .gitignore to catch more test remains Commit: 01126367d3560d219192993da5442369e3cce97f https://github.com/heimdal/heimdal/commit/01126367d3560d219192993da5442369e3cce97f Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M cf/w32-check-exported-symbols.pl Log Message: ----------- w32-check-exported-symbols: Eliminate perl warning This will become fatal in the next version of Perl, so we need to eliminate it now. Commit: cd297eb462233e35f4089ada0763a13d629766f7 https://github.com/heimdal/heimdal/commit/cd297eb462233e35f4089ada0763a13d629766f7 Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M lib/hx509/hxtool.c Log Message: ----------- Declare variables at the beginning of a block. Looks like this fixes the Appveyor build. Commit: 69dd82d33e33ab53b77a959c2c2879f4d4f8aba5 https://github.com/heimdal/heimdal/commit/69dd82d33e33ab53b77a959c2c2879f4d4f8aba5 Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M lib/krb5/libkrb5-exports.def.in Log Message: ----------- Stop stuttering in libkrb5-exports.def.in Commit: 3b828e23e7c31e3b62d44ba2f3a3929194872a84 https://github.com/heimdal/heimdal/commit/3b828e23e7c31e3b62d44ba2f3a3929194872a84 Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M NTMakefile Log Message: ----------- Don't build the docs on appveyor Commit: 8b20d436d9049dc79a38051ced704eee0d573d73 https://github.com/heimdal/heimdal/commit/8b20d436d9049dc79a38051ced704eee0d573d73 Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M lib/roken/test-detach.c Log Message: ----------- disable test-detach on Windows Commit: b5449e6c97d592c4df90b0cbe84e674084a3b88f https://github.com/heimdal/heimdal/commit/b5449e6c97d592c4df90b0cbe84e674084a3b88f Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M lib/krb5/test_cc.c Log Message: ----------- disable test_cc on Windows Compare: https://github.com/heimdal/heimdal/compare/4500a14f95ac...b5449e6c97d5 From noreply at github.com Thu Nov 21 00:19:00 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Wed, 20 Nov 2019 15:19:00 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8ee86d: Add enforce_ok_as_delegate setting Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8ee86db261ebbc523660c6c456fc805d4b2064be https://github.com/heimdal/heimdal/commit/8ee86db261ebbc523660c6c456fc805d4b2064be Author: Roland C. Dowdeswell Date: 2019-11-20 (Wed, 20 Nov 2019) Changed paths: M lib/gssapi/krb5/init_sec_context.c M lib/krb5/context.c M lib/krb5/krb5.conf.5 M lib/krb5/krb5_locl.h Log Message: ----------- Add enforce_ok_as_delegate setting If this flag is set to true, then GSSAPI credential delegation will be disabled when the "ok-as-delegate" flag is not set in the service ticket. From noreply at github.com Thu Nov 21 15:56:32 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Thu, 21 Nov 2019 06:56:32 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9265c1: Fix windows build Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9265c1ce5462e8374d4eccac2cbb72f1e4de5c81 https://github.com/heimdal/heimdal/commit/9265c1ce5462e8374d4eccac2cbb72f1e4de5c81 Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M lib/asn1/libasn1-exports.def Log Message: ----------- Fix windows build In 0cc708ba36, we removed the definition of id-ms-client-authentication without a corresponding removal from lib/asn1/libasn1-exports.def. Maybe we should generate lib*-exports.def? From noreply at github.com Sat Nov 23 10:57:17 2019 From: noreply at github.com (Viktor Dukhovni) Date: Sat, 23 Nov 2019 01:57:17 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] f6400f: Improve encoding of krb5_{, un}parse_principal(). Message-ID: Branch: refs/heads/pull/650/head Home: https://github.com/heimdal/heimdal Commit: f6400fdb74c3e24ca7564feb80b4cad6e021755f https://github.com/heimdal/heimdal/commit/f6400fdb74c3e24ca7564feb80b4cad6e021755f Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M lib/gssapi/krb5/export_name.c M lib/krb5/krb5.h M lib/krb5/principal.c Log Message: ----------- Improve encoding of krb5_{,un}parse_principal(). By default, we encode all unprintable characaters as well as the set specified in RFC1964's section on export names. We use unvis(3) when parsing but open-code the unparser. unvis(3) needed to be slightly corrected with a macro and svis(3) would have required a much less pleasant macro. The out text format is almost compatible with unvis(3) but spaces are quoted as "\ " rather than "\s". This is specified in RFC 1964. We define a new constant KRB5_PRINCIPAL_UNPARSE_EXPORT_NAME which if passed in as a flag will preserve the existing behaviour. Commit: e7e696295c235bd42ec9350f4a36f1eec44580d3 https://github.com/heimdal/heimdal/commit/e7e696295c235bd42ec9350f4a36f1eec44580d3 Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M lib/krb5/log.c Log Message: ----------- We stop strnvisx(3)ing logs to FILE: by default. Our logging framework used to strnvisx(3) each and every line iff it is written to a FILE. This is often unhelpful because the line usually contains a number of elements that have already been quoted and it makes the logs much more difficult to read in this case. An example if krb5_unparse_name() which will already quote most characters that one cares about. We change the behaviour to simply drop unprintable characters rather than encoding them. We thus rely on the rest of the code to properly encode data elements written into the logs. Commit: b7ea4ce46ebd3ae9fbb50d34d05890589055fd17 https://github.com/heimdal/heimdal/commit/b7ea4ce46ebd3ae9fbb50d34d05890589055fd17 Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M kdc/digest-service.c M kdc/fast.c M kdc/kdc.h M kdc/kdc_locl.h M kdc/kerberos5.c M kdc/krb5tgs.c M kdc/pkinit.c M kdc/process.c M kdc/windc.c Log Message: ----------- Generate a single summary audit line for AS/TGS. We refactor the code a bit to extend kdc_request_t which until now was only used for the AS. We make the structure extensible and start using it for the TGS as well. We leave digest and kx509 alone for the time being. We also define the concept of kv-pairs in our audit trail which allows us to define a rigorous but extensible format: type error from-addr client server key1=val1 key2=val2 ... Commit: 5d71f060baa4be26e21a0b1043e3a7284cc7287b https://github.com/heimdal/heimdal/commit/5d71f060baa4be26e21a0b1043e3a7284cc7287b Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M kdc/kerberos5.c M kdc/krb5tgs.c M kdc/windc.c Log Message: ----------- Reduce older log messages to level 4 and collect some errors. We take all of the kdc_log() and _kdc_r_log() calls in AS and TGS and move their log levels down to debugging on the assumption that our new log line subsumes the "informational" requirements. We collect some additional information in the kv-pair "pe-text" which is like e-text except it is not returned to the client. Commit: 0c7a7322da6b20a5f3a3c7aceac80225f23eaaaf https://github.com/heimdal/heimdal/commit/0c7a7322da6b20a5f3a3c7aceac80225f23eaaaf Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M lib/krb5/krb5_openlog.3 Log Message: ----------- Document that log level 7 is for tracing. Commit: 2e7b5eb5df6d0f277e6e803100f563ac11801a69 https://github.com/heimdal/heimdal/commit/2e7b5eb5df6d0f277e6e803100f563ac11801a69 Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M kdc/kdc.h M kdc/process.c Log Message: ----------- kdc/process.c: add tracing messages. Commit: d46dbf2f68cbe08cb58a2bf75712e4863c5c6fd0 https://github.com/heimdal/heimdal/commit/d46dbf2f68cbe08cb58a2bf75712e4863c5c6fd0 Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M kdc/fast.c Log Message: ----------- kdc/fast.c: fix leak in unusual error path. Commit: 995b52584cc4b9e3d710855482d7458081f6c1aa https://github.com/heimdal/heimdal/commit/995b52584cc4b9e3d710855482d7458081f6c1aa Author: Roland C. Dowdeswell Date: 2019-11-21 (Thu, 21 Nov 2019) Changed paths: M lib/krb5/cache.c Log Message: ----------- Make krb5_cc_close(ctx, NULL) stop SEGV'ing. Commit: 00b832fb4657357a2440a7f277a0ab4283ae10b9 https://github.com/heimdal/heimdal/commit/00b832fb4657357a2440a7f277a0ab4283ae10b9 Author: Roland C. Dowdeswell Date: 2019-11-22 (Fri, 22 Nov 2019) Changed paths: M kdc/kdc.h M kdc/kdc_locl.h M kdc/kx509.c M kdc/process.c Log Message: ----------- Bring the KDC's KX509 service into the kdc_request_t fold. Commit: d723b9c22d9a7418b73852c1aaef47e36334694a https://github.com/heimdal/heimdal/commit/d723b9c22d9a7418b73852c1aaef47e36334694a Author: Viktor Dukhovni Date: 2019-11-23 (Sat, 23 Nov 2019) Changed paths: M lib/krb5/principal.c Log Message: ----------- fixup! Improve encoding of krb5_{,un}parse_principal(). Compare: https://github.com/heimdal/heimdal/compare/f6400fdb74c3%5E...d723b9c22d9a From noreply at github.com Sat Nov 23 10:59:24 2019 From: noreply at github.com (Viktor Dukhovni) Date: Sat, 23 Nov 2019 01:59:24 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/pull/650/head Home: https://github.com/heimdal/heimdal From noreply at github.com Tue Nov 26 20:38:20 2019 From: noreply at github.com (Roland C. Dowdeswell) Date: Tue, 26 Nov 2019 11:38:20 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 62d13e: lib/krb5/kx509.c: fix memory leak in an error case. Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 62d13ebf28e04d6fd890ff2003c5f4acaf1e8390 https://github.com/heimdal/heimdal/commit/62d13ebf28e04d6fd890ff2003c5f4acaf1e8390 Author: Roland C. Dowdeswell Date: 2019-11-26 (Tue, 26 Nov 2019) Changed paths: M lib/krb5/kx509.c Log Message: ----------- lib/krb5/kx509.c: fix memory leak in an error case. Commit: 8c5d2f7cc4266953074033dd47ef4908fafc6cbf https://github.com/heimdal/heimdal/commit/8c5d2f7cc4266953074033dd47ef4908fafc6cbf Author: Roland C. Dowdeswell Date: 2019-11-26 (Tue, 26 Nov 2019) Changed paths: M kuser/kx509.c Log Message: ----------- kuser/kx509.c: Fix add1_2chain. Compare: https://github.com/heimdal/heimdal/compare/9265c1ce5462...8c5d2f7cc426