- Notifications
You must be signed in to change notification settings - Fork180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Contents of 7.8.1 release#1222
Open
nicowilliams wants to merge17 commits intoheimdal-7-8-branchChoose a base branch
base:heimdal-7-8-branch
Could not load branches
Branch not found:{{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline, and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Use --preserve-binary=KDC-REQ-BODY option to ASN.1 compiler to avoidre-encoding KDC-REQ-BODYs for verification in GSS preauth, TGS and PKINIT.[abartlet@samba.org adapted from Heimdal commitebfd48e by removing references to FAST and GSS-pre-auth. This fixes the Windows 11 22H2 issue with TGS-REQ as seen at https:github.com//issues/1011 and so removes the knownfail file for this test]FIXES: 1011Signed-off-by: Andrew Bartlett <abartlet@samba.org>
mach_complete_async() and mach_complete_sync() are void functions.Nothing uses the 'kr' value after being set which results in error: variable 'kr' set but not used [-Werror,-Wunused-but-set-variable]Remove the variables.
When NO_AFS is defined, 'ret' is set but unused resulting in a buildfailure on macOS. error: variable 'ret' set but not used [-Werror,-Wunused-but-set-variable
On systems where 'unsigned long' is 32-bits and the 'size'parameter is set to 8 and the bytes are: 0x78 0x00 0x00 0x00 0x00 0x00 0x00 0x00When 'i' becomes 4 'v' will be 0 again. As 'unsigned long' is onlyable to hold 4 bytes.Change the type of 'v' from 'unsigned long' to 'uint64_t' whichmatches the type of the output parameter 'value'.(cherry picked from commit9d1bfab)Signed-off-by: Stefan Metzmacher <metze@samba.org>Reviewed-by: Ralph Boehme <slow@samba.org>CVE: CVE-2022-42898Samba-BUG:https://bugzilla.samba.org/show_bug.cgi?id=15203
48 byte memory leak from krb5_pac_parse() each time pac_header_size()fails.
If the function fails, we should not issue a ticket missing the PAC.(cherry picked from commit05e589d)
Roken functions rk_copyhostent(), rk_freeaddrinfo(), rk_freehostent()rk_getaddrinfo(), rk_getipnodebyaddr(), rk_getipnodebyname(), andrk_getnameinfo() should never be built without the "rk_" prefix. Doingso overrides the system provided functions of the same name when theyexist.(cherry picked from commit7b3a993)
log_init in the event a log is found will do recovery. kadm5_log_replaywill call methods which expect an hdb_db to be set but without thisnone is
This takes care of opening and closing the database for use with log possiblerecovery, without immediate intent to keep the database open for one or morechanges. This simplifies code in kadmin/load.c and lib/kadm5/ipropd_slave.c.
This is just for 7.8.1. Do not pull this into master.
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I pushede4fa0db..1b4565a to
heimdal-7-1-branch. Those and the ones from theheimdal-7.8.0tag to the new HEAD are all included here.The commits that had already been in the
heimdal-7-1-branchwerea6cf945..e4fa0db:e4fa0db roken: do not override system network address functions
28daf24 kdc: Check generate_pac() return code
f6b0433 lib/krb5: krb5_pac_parse mem leak if pac_header_size failure
5e2e89b lib/krb5: fix _krb5_get_int64 on 32-bit systems
3c9019d kuser/kinit: NO_AFS unused-but-set-variable
6fa4d05 lib/ipc: set but unused 'kr' variables
4cd3926 kdc: avoid re-encoding KDC-REQ-BODY
and the new commits are:
1b4565a Bump version to 7.8.1
191d1d4 Update NEWS for 7.8.1 release
61198c5 GHA: Enable fallback hcrypto backend for OS X build
3e7bfff GHA: Disable AFS support for Linux
7464768 GHA: Use newer Linux runners
f8c3a03 cf: Deal with clang-format not being available
f136efa hcrypto: Don't test rc2 nor rc4 (OS X)
cd4f7c9 kinit: Fix build error
d60d2ea kadm5: Added kadm_log_init_recover
d2faa38 ipropd_slave: open hdb around kadm5_log_init in case recovery needed