RT RT/krbdev.mit.edu: Bugs fixed in krb5-1.7 Not logged in.

Total: 380
Advanced Search based on this list
IdSubject
194 a stash file is not a keytab
914 keytab add without randomizing key
1109 setting default_keytab_name does not work with ktadd in kadmin
1165 annoying error message from krb5_mk_priv()
1201 replay cache can produce false positive indications
1624 use more secure checksum types
2836 feature request: compile/link time warnings for deprecated functions
2939 unified CCAPI implementation
3496 krb524d should log success as well as failure
3497 problems with corrupt (truncated) ccaches
3499 race in replay cache file ownership
3737 plugins support requires a Windows equivalent to opendir and friends
3929 support lazy launching of ccapi server
3930 CCAPI server must be able to distinguish context handles from other server instances
3931 CCAPI context and ccache change times must be stored by the client
3932 CCAPI should use a cc_handle not implemented as a pointer
3933 CCAPI client library reconnection support
3934 Implement CCAPI blocking calls
3935 CCAPI implement locking
3936 krb5_ccache functions should use the ccapi version 3 interface
4241 Command line --version option
5411 MEMORY keytab
5425 nonce needs to be random
5427 buffer overflow in krb5_kt_get_name
5428 MEMORY keytab leaks
5429 MEMORY keytab should use krb5_copy_keyblock
5430 MEMORY keytab's get_entry should set enctypes and kvnos
5431 krb5_kt_get_type should return const char *.
5432 krb5_kt_default_name should take an unsized length
5440 sendto_kdc() not signal safe, doesn't respond well to staggered TCP responses.
5481 manual test of commit handler
5517 use IP(V6)_PKTINFO in KDC for UDP sockets
5545 uninitialized salt length when reading some keys
5560 threads on Solaris 10
5561 close-on-exec flags
5565 krb5kdc.M is confused about keytype
5567 don't check for readability resolving SRVTAB: keytab
5568 Move CCAPI sources to krb5 repository
5569 Fixed bugs introduced while moving to krb5 repository
5570 Only use __attribute__ on GNUC compilers
5574 Add advisory locking to CCAPI
5575 don't include time.h in CredentialsCache.h if it's not needed
5578 test commit handler
5580 provide asprintf functionality for internal use
5587 PRF for non-AES enctypes
5589 krb5 trunk no longer builds on Windows - vsnprintf implementation required
5590 gss krb5 mech enhanced error messages
5593 kadmind crash on Debian AMD64
5594 Work on compiling CCAPI test suite on Windows
5595 Problems with kpasswd and an IPv6 enviroment
5596 patch for providing a way to set the ok-as-delegate flag
5598 ccs_pipe_t needs copy and release functions
5599 Added new autogenerated file to generate-files-mac target
5600 provide more useful error message when running kpropd on command line
5635 need more dylib_file specs for darwin
5641 kadm5_setkey_principal_3 fix
5642 Remove unused, unlocalizable error strings
5643 Alignment fix
5649 t_ser should no longer use kdb libraries
5654 remap mechanism-specific status codes in mechglue/spnego
5655 authorization-data plugin support in KDC
5657 (Mac-specific) PROG_LIBPATH build fix
5667 listprincs *z is broken
5670 Add documentation for CCAPI
5671 cleanup src/lib/gssapi/krb5/error_map.h on Windows
5672 no unistd.h on Windows
5699 test program build problem
5754 cci_array_move should work when the source and dest positions are equal
5760 stdint.h should only be accessed if HAVE_STDINT_H defined
5771 cc_ccache_set_principal always returns error 227
5776 profile library memory leaks introduced when malloc returns 0
5786 Update Release Documentation for KFW 3.2.2
5804 cc_initalize(ccapi_version_2) should return CC_BAD_API_VERSION not CC_NOT_SUPP
5805 Add documentation for error codes used for flow control.
5806 Removed NOP line of code from krb5_fcc_next_cred()
5807 can't store delegated krb5 creds when using spnego
5813 cc_ccache_store_credentials should return ccErrBadCredentialsVersion
5814 cci_array_move not returning correct new position
5815 ccs_lock_status_grant_lock granting wrong lock
5822 fixed mispelling in kadmin error message
5828 Include time.h for time()
5835 Kerberos with apple leopard
5863 [no subject]
5864 improve debugging of ticket verification in ksu
5867 krb-priv sequence numbers don't match up in retransmitted requests
5872 Add ccs_pipe_compare
5884 Need CCAPI v2 support for Windows
5885 Remove AppleConnect workaround
5894 krb5int_arcfour_string_to_key does not support utf-8 strings
5899 Compiling krb5-1.6.3 on FreeBSD 7.0-RELEASE
5900 ccs_ccache_reset should check all arguments for NULL
5901 CCAPI v2 support crash when client or server strings are NULL
5902 cci_cred_union_compare_to_credentials_union doesn't work for v5 creds
5903 Fix pointer cast in cc_seq_fetch_NCs_end
5904 cc_set_principal should return error on bad cred version
5905 cc_remove_cred should only remove one cred
5906 Fixed error code remapping
5907 Removed tests for check_cc_context_get_version
5908 Remove C warnings from CCAPI tests
5909 Add CCAPI v2 tests
5911 removed unused header file inclusion CoreFoundation.h
5912 Invalid assignment while trying to set input to NULL
5915 cc_ccache_iterator_release, cc_credentials_iterator_release leak server memory
5920 CCacheServer should track client iterators
5923 Protect CFBundle calls with mutexes
5925 Windows socket(...) returns SOCKET, not file handle
5926 Added prototype to test function to remove warning.
5943 db creation creates a kadmin/hostname princ but doesn't fix case
5947 krb5_walk_realm_tree broken substring logic
5948 error in filebase+suffix list generation in plugin code
5949 Don't leak memory when multiple arguments are NULL
5954 ksu fails without domain_realm mapping for local host
5960 Move KIM implementation to the krb5 repository
5962 unchecked calls to k5_mutex_lock() interact poorly with finalizers
5963 Profile library should not call rw_access earlier than needed
5964 Re: Fwd: [modauthkerb] [SOLVED] 'Request is a replay' + Basic auth
5966 signed vs unsigned char * warnings in kdb_xdr.c
5967 No prototype when building kdb5_util without krb4 support
5969 Add header for kill() in USE_PASSWORD_SERVER case
5982 cci_credentials_iterator_release using wrong message ID
5989 Add new launchd flags to CCacheServer plist file
5990 kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvno
5992 incorporate Sun's incremental propagation code
5993 Masterkey Keytab Stash
5999 fix ktutil listing with timestamp
6000 misc uninitialized-storage accesses
6001 Big endian stash file support
6002 krb5_rc_io_creat should use mkstemp
6005 krb5_get_error_message returns const char *
6009 kdc does not compile with glibc 2.8
6010 krb5int_gic_opte_copy should copy elements individually
6011 Add EnableTransactions launchd option to CCacheServer
6012 Add EnableTransactions launchd option to KerberosAgent
6013 Stop building Kerberos.app as part of KfM.
6015 gss_export_lucid_sec_context support for SPNEGO
6016 SPNEGO workaround for SAMBA mech OID quirks
6017 KDC virtual address support
6019 Add signal to force KDC to check for changed interfaces
6024 Don't use "ccache" in error string printed to user
6025 Add macro so we don't print deprecated warnings while building KfM
6026 CCacheServer crashes iterating over creds which have been destroyed
6029 kadmind leaks error strings on failures
6031 krb needs better realm lookup logic
6032 test commit handler change
6044 Add Apple Inc. to copyright lists.
6052 Return extended krb5 error strings
6055 KIM API
6063 error in socket number range check in kdc
6066 turn off thread-support debugging code
6070 update DES code copyright notices
6074 Use a valid UTF8 password for randkey password
6075 Open log file for appending only, not also reading
6076 Don't build PKINIT ASN.1 support code if not building PKINIT plugin
6077 krb5_fcc_resolve file locking error on malloc failuer
6080 mac port of kim should not depend on kipc
6081 Conditionalize building of CCAPI ccache type on USE_CCAPI
6083 profile write code should only quote empty strings
6087 Notify clients on ccache deletion
6088 Add support to send CFNotifications on ccache and cache collection changes
6090 k5_mutex_destroy calls pthread_mutex_destroy with mutex locked
6091 lean client changes
6093 KIM should not provide keytab functions when building lite framework
6094 CCAPI is leaking mach ports
6101 compile-time flag to disable iprop
6103 fix resource leak in USE_PASSWORD_SERVER code
6108 A client can fail to get initial creds if it changes the password while doing so.
6111 CCAPI should only use one pthread key
6120 increase rpc timeout
6121 dead code in lib/rpc/clnt_udp.c
6131 Removed argument from kipc_client_lookup_server
6133 don't do C99-style mixing declarations with code
6138 Switch KfM back to error tables
6140 CCAPI should use common ipc and stream code
6142 KerberosAgent dialogs jump around the screen
6143 KerberosAgent: Enter Identity text field shouldn't be clear automatically
6144 KerberosAgent: ignore user interaction while busy
6145 KerberosAgent attach associated dialogs to Select Identity dialog
6146 Client name passed by KIM is incorrect
6147 KerberosAgent Use Defaults button doesn't work
6151 Don't touch keychain if home directory access is disabled
6153 Add KLL error table
6154 Hinge building KLL shim off KIM_TO_KLL_SHIM, not LEAN_CLIENT
6155 KLLastChangedTime should return current time, not 0
6156 KLL shim layer does not correctly handle options
6157 KIM should remember options and identity if prefs indicate
6158 KerberosAgent should handle multiple clients simultaneously
6159 KerberosAgent should handle zoom button better
6160 KLL should use __attribute ((deprecated))
6162 kim_options_copy should allow in_options to be KIM_OPTIONS_DEFAULT
6163 Crash in kim_credential_create_from_keytab
6164 KL APIs which take a NULL principal return klParameterErr
6165 kim_options_create sometimes returns KIM_OPTIONS_DEFAULT
6166 preferences should handle KIM_OPTIONS_DEFAULT
6168 prefs should not create empty dictionary for KIM_OPTIONS_DEFAULT
6169 Missing keys in KerberosAgent Info.plist
6170 change password should always reprompt on error
6171 allow kim ui plugins to have any name
6172 kim_ui_plugin_fini sends pointer to context instead of context.
6175 always zero out authentication strings
6176 Test KIM plugin
6179 kim_os_string_create_localized leaks CFStringRef
6181 Free error message returned by krb5_get_error_message
6182 kim test suite reports error messages incorrectly
6183 KerberosAgent enter identity dialog should use default
6184 handle stash file names with missing keytab type spec and colon in path
6185 Merge KerberosIPC into k5_mig support
6186 Move GUI/CLI detection from KerberosIPC into KIM
6187 use KIM_BUILTIN_UI instead of LEAN_CLIENT for builtin UI
6189 remove unused variable in kim_ui_cli_ask_change_password
6190 Use a context to store error table info
6192 Treat unreadable terminal as user cancelled so regression tests work
6193 Remap some of the more confusing krb5 errors
6194 Double free and leak in kim_os_library_get_application_path
6195 Added back KLL test programs
6197 KLCreatePrincipalFromTriplet should work with empty instance
6198 KerberosAgent continues to ignore mouse events after error
6199 don't include "WRFILE:" in call to mktemp
6201 small leak in KDC authdata plugins
6202 kadmind leaks extended error strings
6203 DELEG_POLICY_FLAG for GSS
6210 pa_sam leaks parts of krb5_sam_challenge
6211 pam_sam leaking outer krb5_data created by encode_krb5_sam_response
6214 krb5_change_set_password not freeing chpw_rep contents
6216 Free data in tests so leaks checking is easier
6217 kim_preferences should free old identity before overwriting
6218 kim_ccache_iterator_next leaks principal
6219 kim_os_library_get_caller_name leaks file path
6220 kim_identity_change_password_with_credential leaks krb5_creds
6221 KerberosAgent should clear generic auth prompt
6222 KerberosAgent enter dialog should add entered identities to favorites
6224 KerberosAgent 'no selection' placeholder in ticket options
6225 Remove ipc message sent on cc_context_release
6226 KIM should only display error dialogs if it has displayed UI already
6227 Apple LW_net_trans.patch make KDC rescan network after 30 seconds
6231 Apple split build support
6247 Apple patch: null out pointer in string_to_key after free
6248 Apple patch: destroy Mach ports on unload
6250 Use CFStringGetCStringPtr when possible
6251 Add test for kim_identity_create_from_components
6252 krb5_build_principal_va does not allocate krb5_principal
6254 krb5_build_principal_ext walks off beginning of array
6255 partial rewrite of the ASN.1 encoders
6256 localize format strings, not final error string
6260 KerberosAgent hangs changing pw for passwordless identities
6261 Remove saved password if it fails to get tickets
6262 Only prompt automatically from GUI apps
6264 Avoid duplicate identical dialogs in KIM
6265 KerberosAgent bindings causing crashes
6266 BIND_8_COMPAT no longer needed in Leopard
6267 Add _with_password credential acquisition functions to KIM API
6274 Crypto IOV API per Projects/AEAD encryption API
6282 krb5kdc deref uninit memory on the stack on unknown principal (pk-init)
6285 Provide SPI to switch the mach port lookup for kipc
6286 Allow kerberos configuration files fail with EPERM
6289 replay cache is insecurely handled
6290 KIM: Pushing authentication login window do application
6291 Using referrals fills the the credentials cache more entries of the same name
6294 lib/gssapi/krb5/init_sec_context.c: don't leak on mutex_lock failure
6295 Memory leak in KIM identity object
6297 "make check" fails due to krb5_cc_new_unique() on 64-bit Solaris SPARC under Sun Studio
6302 kadmind mem leaks [rdar 6358917]
6303 Remove krb4 support
6308 Alignment problem in resolver test
6309 update ldap plugin Makefile for krb4 removal
6312 kg_ctx_internalize() gets some ordering wrong
6313 Merge mskrb-integ onto trunk
6315 move generated dependencies out of Makefile.in
6316 KIM GC problem on 64-bit
6335 test failures in password changing
6336 enctype negotiation - etype list
6337 kadmin should force non-forwardable tickets
6339 Fwd: krb5_sendauth vs NAGLE vs DelayedAck
6342 hash db2 code breaks if st_blksize > 64k
6348 kadmin and ktutil installed in sbin, should be bin
6349 lib/rpc tests should not fail if portmap/rpcbind not running
6351 gss_header|trailerlen should be unsigned int
6352 return correct kvno in TGS case
6354 Master Key Migration Project
6355 use t_inetd with a ready message and avoid waiting a lot in non-root tests
6356 small storage leak in KDC startup
6357 address lib/kadm5 test suite slowness
6358 speed up kpasswd tests
6360 utf8_conv.c: wrong level of indirection in free()
6361 new multi-masterkey support doesn't work well when system clock is set back
6362 don't do arithmetic on void pointers
6363 int/ptr bug in gssapi code
6364 declare replacement [v]asprintf functions
6365 include omitted system header string.h
6367 Fix a memory leak in krb5_kt_resolve
6368 chpw.c: missing break in switch statement
6370 Fix assertion in gc_frm_kdc.c
6371 deal with memleaks in migrate mkey project
6372 Fix memory handling bug in mk_req_ext
6373 remove some redundant or useless qualifiers
6374 Do not assume sizeof(bool_t) == sizeof(krb5_boolean)
6375 Fix error handling in krb5_walk_realm_tree
6376 Memory handling fixes in walk_rtree
6377 make krb5_free_* functions ignore NULL
6378 Change contract of krb5int_utf8_normalize and fix memory leaks
6379 Fix possible free of uninitialized value in walk_rtree
6390 --disable-rpath is not working
6392 Fix allocation failure check in walk_rtree
6393 Implement TGS authenticator subkey support
6397 use macros for config parameter strings
6398 remove obsolete GNU.ORG realm info
6400 GSSAPI authdata extraction should merge ticket and authenticator authdata
6401 send_as_req re-encodes the request
6402 CVE-2009-0845 SPNEGO can dereference a null pointer
6403 kdb5_ldap_util create segfaults when krb5_dbekd_encrypt_key_data() called
6405 fixing several bugs relating to the migrate mkey project using a LDAP KDB
6407 Make a working krb5_copy_error_message
6408 Report verbose error messages from KDC
6412 crash using library-allocated storage for header in wrap_iov
6415 Use correct salt for canonicalized principals
6418 Improve LDAP admin documentation
6419 Document alias support in LDAP back end
6420 Add LDAP back end support for canonical name attribute
6421 Implement KRB-FX_CF2
6422 Implement krb5int_find_authdata
6423 krb5_auth_con_free should support freeing a null auth_context without segfault.
6424 Call kdb_set_mkey_list from the KDC
6425 Memory leak cleanup in ASN.1
6427 Fix error handling issue in ASN.1 decoder
6431 Install kadmin and kdb headers
6432 Update kdb5_util man page for mkey migration project
6435 Add PAC and principal parsing test cases
6436 Implement FAST from draft-ietf-krb-wg-preauth-framework
6437 mark export grade RC4 as weak
6438 Handle authdata encrypted in subkey
6439 Implement KDC side of TGS FAST
6442 Null pointer defref in adding info
6443 CVE-2009-0844 SPNEGO can read beyond buffer end
6444 CVE-2009-0847 asn1buf_imbed incorrect length validation
6445 CVE-2009-0846 asn1_decode_generaltime can free uninitialized pointer
6449 Fall through on error return
6450 kdc: handle_referral_params does not return ENOMEM errors
6451 Update defaults in documentation
6452 Document allow_weak_crypto
6456 fix memory management in handle_referral_params
6457 KDC realm referral test
6458 use isflagset correctly in TGS referrals
6459 Update kdb5_util man page with missing purge_mkeys command
6460 Implement kinit option for FAST armor ccache
6461 Require fast_req checksum to be keyed
6462 clean up KDC realm referrals error handling
6463 realm referral test cases forcing KRB5_NT_UNKNOWN
6464 verify return code from krb5_db_set_mkey_list
6465 send_tgs.c static analyzer friendliness
6466 check encode_krb5_ap_req return in send_tgs.c
6467 new copy_data_contents variant that null-terminates
6468 k5_utf8s_to_ucs2s could deref NULL pointer...
6469 fcc_generate_new destroys locked mutex on error
6470 Send explicit salt for SALTTYPE_NORMAL keys
6472 typo in ksu error message
6473 strip ok-as-delegate if not in cross-realm TGT chain
6474 move kadmin, ktutil, k5srvutil man pages to man1
6475 Adding keys to malformed keytabs can infinitely extend the file
6477 make installed headers C++-safe
6478 Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred
6479 Add DEBUG_ERROR_LOCATIONS support
6480 Do not return PREAUTH_FAILED on unknown preauth
6482 Allow more than 10 past keys to be stored by a policy
6483 man1 in title header for man1 manpages
6484 work around Heimdal not using subkey in TGS-REP
6485 document ok_as_delegate in admin.texinfo
6486 t_pac fails on SPARC Solaris
6488 NFS fails to work with KRB5 1.7
6489 UCS2 support doesn't handle upper half of BMP
6490 Windows interop with RC4 TGS-REQ subkeys
6492 Remove spurious assertion in handle_authdata
6493 some fixes for 1.7
6495 Fix test rules for non-gmake make versions
6496 Fix vector initialization error in KDC preauth code
6497 kinit/fast usage message
6498 spnego_mech.c syntax error under _GSS_STATIC_LINK
6499 use printf format attribute only with gcc
6500 use correct type for krb5_c_prf_length length arg
6501 Temporarily disable FAST PKINIT for 1.7 release
6502 typo in doc/api/krb5.tex
6503 typo in admin.texinfo