| 12002-09-16 Jacques Vidrine <nectar@kth.se>
2
3 * lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
4 to convert the newline to NUL in fgets results.
5
62002-09-13 Johan Danielsson <joda@pdc.kth.se>
7
8 * kuser/kinit.1: remove unneeded Ns
9
10 * lib/krb5/krb5_appdefault.3: remove extra "application"
11
12 * fix-export: remove autom4ate.cache
13
142002-09-10 Johan Danielsson <joda@pdc.kth.se>
15
16 * include/make_crypto.c: don't use function macros if possible
17
18 * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
19
20 * include/Makefile.am: use make_crypto to create crypto-headers.h
21
22 * include/make_crypto.c: crypto header generation tool
23
24 * configure.in: move crypto test to just after testing for krb4,
25 and move roken tests to after both, this speeds up various failure
26 cases with krb4
27
28 * lib/krb5/config_file.c: don't use NULL when we mean 0
29
30 * configure.in: we don't set package_libdir anymore, so no point
31 in testing for it
32
33 * tools/Makefile.am: subst INCLUDE_des
34
35 * tools/krb5-config.in: add INCLUDE_des to cflags
36
37 * configure.in: use AC_CONFIG_SRCDIR
38
39 * fix-export: remove some unneeded stuff
40
41 * kuser/kinit.c (do_524init): free principals
42
432002-09-09 Jacques Vidrine <nectar@kth.se>
44
45 * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
46 kdc/kaserver.c (krb5_ret_xdr_data),
47 lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
48 counts: Check that they are non-negative, and that they are small
49 enough to avoid integer overflow when used in memory allocation
50 calculations. Potential problem areas pointed out by
51 Sebastian Krahmer <krahmer@suse.de>.
52
53 * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
54 creating a new keyfile.
55
562002-09-09 Johan Danielsson <joda@pdc.kth.se>
57
58 * configure.in: don't try to build pam module
59
602002-09-05 Johan Danielsson <joda@pdc.kth.se>
61
62 * appl/kf/kf.c: fix warning string
63
64 * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
65 know we need it
66
672002-09-04 Assar Westerlund <assar@kth.se>
68
69 * kdc/kerberos5.c (encode_reply): correct error logging
70
712002-09-04 Johan Danielsson <joda@pdc.kth.se>
72
73 * lib/krb5/sendauth.c: close ccache if we opened it
74
75 * appl/kf/kf.c: handle new protocol
76
77 * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
78 handle the new protocol, and bail out if an old client tries to
79 connect
80
81 * appl/kf/kf_locl.h: we need a protocol version string
82
83 * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
84
85 * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
86
87 * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
88
89 * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
90
91 * lib/asn1/gen.c: add convenience macro that allocates a buffer
92 and encoded into that
93
94 * lib/krb5/get_cred.c (init_tgs_req): use
95 in_creds->session.keytype literally instead of trying to convert
96 to a list of enctypes (it should already be an enctype)
97
98 * lib/krb5/get_cred.c (init_tgs_req): init ret
99
1002002-09-03 Johan Danielsson <joda@pdc.kth.se>
101
102 * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
103
104 * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
105
106 * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
107 zero ivec in DES3_CBC_encrypt if passed ivec is NULL
108
109 * lib/krb5/Makefile.am: back out 1.144, since it will re-create
110 krb5-protos.h at build-time, which requires perl, which is bad
111
112 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
113 blindly use the local subkey
114
115 * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
116 extracts the required blocksize from a crypto context
117
118 * lib/krb5/build_auth.c: just get the length of the encoded
119 authenticator instead of trying to grow a buffer
120
1212002-09-03 Assar Westerlund <assar@kth.se>
122
123 * configure.in: add --disable-mmap option, and tests for
124 sys/mman.h and mmap
125
1262002-09-03 Jacques Vidrine <nectar@kth.se>
127
128 * lib/krb5/changepw.c: verify lengths in response
129
130 * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
131 truncated integers
132
1332002-09-02 Johan Danielsson <joda@pdc.kth.se>
134
135 * lib/krb5/mk_req_ext.c: generate a local subkey if
136 AP_OPTS_USE_SUBKEY is set
137
138 * lib/krb5/build_auth.c: we don't have enough information about
139 whether to generate a local subkey here, so don't try to
140
141 * lib/krb5/auth_context.c: new function
142 krb5_auth_con_generatelocalsubkey
143
144 * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
145 initial ticket
146
147 * lib/krb5/context.c (init_context_from_config_file): simplify
148 initialisation of srv_lookup
149
150 * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
151
152 * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
153
1542002-08-30 Assar Westerlund <assar@kth.se>
155
156 * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
157 * lib/krb5/Makefile.am (TESTS): add name-45-test
158 * lib/krb5/name-45-test.c: add testcases for
159 krb5_425_conv_principal
160
1612002-08-29 Assar Westerlund <assar@kth.se>
162
163 * lib/krb5/parse-name-test.c: also test unparse_short functions
164 * lib/asn1/asn1_print.c: use com_err/error_message API
165 * lib/krb5/Makefile.am: add parse-name-test
166 * lib/krb5/parse-name-test.c: add a program for testing parsing
167 and unparsing principal names
168
|