RT RT/krbdev.mit.edu: Bugs fixed in krb5-1.10 Not logged in.

Total: 122
Advanced Search based on this list
1016 gss_import_name returns GSS_S_BAD_NAME if DNS lookup fails
1316 KDC TCP support needs better denial-of-service protection
3427 NAT causes password change to fail with Bad Address
6118 rename principals
6323 kadmin: rename support
6430 Avoid looping when preauth can't be generated
6617 uninitialized values used in mkey-migration code
6732 checks for openpty() aren't made using -lutil
6770 kg_unseal leads to overlap of source and desitination in memcpy...
6813 memory leak in gss_accept_sec_context
6814 Improve kdb5_util load locking and recovery
6816 potential memory leak in spnego
6817 potential null dereference in gss mechglue
6835 accept_sec_context RFC4121 support bug in 1.8.3
6851 pkinit can't parse some valid cms messages
6854 kadmin's ktremove can remove wrong entries when removing kvno 0
6855 Improve acceptor name flexibility
6857 missing ifdefs around IPv6 code
6858 Assume ELF on FreeBSD if objformat doesn't exist
6863 memory leak on SPNEGO error path
6868 Defer hostname lookups in krb5_sendto_kdc
6872 Fix memory leak in t_expire_warn
6874 Fortuna as default PRNG
6878 Add test script for user2user programs
6887 Use first principal in keytab when verifying creds
6890 Implement draft-josefsson-gss-capsulate
6891 Add gss_userok and gss_pname_to_uid
6892 Prevent bleed-through of mechglue symbols into loaded mechs
6893 error codes from error responses can be discarded when there's e-data
6894 More sensical mech selection for gss_acquire_cred/accept_sec_context
6895 gss_duplicate_name SPI for SPNEGO
6896 Allow anonymous name to be imported with empty name buffer
6897 Default principal name in the acceptor cred corresponds to first entry in associated keytab.
6898 Set correct minor_status value in call to gss_display_status.
6902 S4U impersonated credential KRB5_CC_NOT_FOUND
6904 Install k5login(5) as well as .k5login(5)
6905 support poll() in sendto_kdc.c
6909 Kernel subset
6910 Account lockout policy parameters not documented
6911 Account lockout policy options time format
6914 krb5-1.9.1 static compile error +preliminary patch (fwd)
6915 klist -s trips over referral entries
6918 Localize user interface strings using gettext
6921 Convert preauth_plugin.h to new plugin framework
6922 Work around glibc getaddrinfo PTR lookups
6923 Use AI_ADDRCONFIG for more efficient getaddrinfo
6924 Fix multiple libkdb_ldap memory leaks
6927 chpass_util.c improvements
6928 use timegm() for krb5int_gmt_mktime() when available
6929 Pluggable configuration
6931 Add libedit/readline support to ss.
6933 blocking recv caused our server to hang
6934 don't require a default realm
6936 multiple mechanisms and spnego_gss_init_sec_context
6944 gss_acquire_cred erroneous failure and potential segfault for caller
6945 spnego_gss_acquire_cred_impersonate_name incorrect usage of impersonator_cred_handle
6951 assertion failure when connections fail in service_fds()
6953 Add the DIR ccache type
6954 Add new cache collection APIs
6955 Remove unneeded cccol behaviors
6956 Add ccache collection support to tools
6957 Add krb5_cc_select() API and pluggable interface
6958 Make gss-krb5 use cache collection
6961 Support pkinit: SignedData with no signers (KDC)
6962 pkinit: client: Use SignedData for anonymous
6964 Support special salt type in default krb5_dbe_cpw.
6965 Remove CFLAGS and external deps from krb5-config --libs
6966 Eliminate domain-based client realm walk
6968 [PATCH] Man page fixes
6969 Create e_data as pa_data in KDC interfaces.
6971 Use type-safe callbacks in preauth interface
6974 Make krb5_pac_sign public
6975 Add PKINIT NSS support
6976 Hide gak_fct interface and arguments in clpreauth
6977 Install krb5/preauth_plugin.h
6978 Allow rd_priv/rd_safe without remote address
6979 Allow password changes over NATs
6980 Ensure termination in Windows vsnprintf wrapper
6981 SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
6987 Fix krb5_cc_set_config
6988 Fix handling of null edata method in KDC preauth
6989 fix tar invocation in mkrel
6992 Make krb5_find_authdata public
6994 Fix intermediate key length in hmac-md5 checksum
6995 Initialize typed_e_data in as_req_state
6996 Make krb5_check_clockskew public
6997 don't build po/ if msgfmt is missing
6999 compile warnings, mininum version check for pkinit (NSS code paths)
7000 Exit on error in kadmind kprop child
7002 verto sshould have a pointer to upstream sources and be in NOTICE
7003 Fix month/year units in getdate
7006 Fix format string for TRACE_INIT_CREDS_SERVICE
7014 Fix com_err.h dependencies in gss-kernel-lib
7015 Add plugin interface_names entry for ccselect
7017 Simplify and fix kdcpreauth request_body callback
7018 Update verto to 0.2.2 release
7019 Make verto context available to kdcpreauth modules
7020 reading minor error message doesn't work for the IAKERB mech
7021 Fix failure interval of 0 in LDAP lockout code
7023 Clean up client-side preauth error data handling
7029 Fix --with-system-verto without pkg-config
7030 Ldap dependency for parallel builds
7033 krb5 1.10 KRB5_PADATA_ENC_TIMESTAMP isn't working
7034 mk_cred: memory management
7035 krb5_lcc_store() now ignores config credentials
7036 Fix free ofuninitialized memory in sname_to_princ
7037 Use LsaDeregisterLogonProcess(), not CloseHandle()
7038 Added support for loading of Krb5.ini from Windows APPDATA
7039 Handle TGS referrals to the same realm
7042 SA-2011-007 KDC null pointer deref in TGS handling [CVE-2011-1530]
7049 Fix subkey memory leak in krb5_get_credentials
7050 KfW changes for krb5-1.10
7051 krb5_server_decrypt_ticket_keytab wrongly succeeds
7053 Verify acceptor's mech in SPNEGO initiator
7055 Rename Table of Contents.hhc
7057 Krb5 1.9.x does not build on Solaris 8 - Implicit function declaration error
7060 Convert securid module edata method
7065 delete duplicate NOTICE file
7067 documentation license to CC-BY-SA 3.0 Unported
7077 LIBS should not include PKINIT_CRYPTO_IMPL_LIBS
7078 Use INSTALL_DATA to install message catalogues