svn rev #21856: branches/krb5-1-7/

tlyu@MIT.EDU tlyu at MIT.EDU
Sat Jan 31 22:05:58 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21856
Commit By: tlyu
Log Message:
Update README with changes by ticket ID.


Changed Files:
U   branches/krb5-1-7/README
Modified: branches/krb5-1-7/README
===================================================================
--- branches/krb5-1-7/README	2009-01-31 04:39:34 UTC (rev 21855)
+++ branches/krb5-1-7/README	2009-02-01 03:05:56 UTC (rev 21856)
@@ -114,6 +114,282 @@
 Changes by ticket ID
 --------------------
 
+194	a stash file is not a keytab
+914	keytab add without randomizing key
+1201	replay cache can produce false positive indications
+2836	feature request: compile/link time warnings for deprecated
+        functions
+2939	unified CCAPI implementation
+3496	krb524d should log success as well as failure
+3497	problems with corrupt (truncated) ccaches
+3499	race in replay cache file ownership
+3737	plugins support requires a Windows equivalent to opendir and
+        friends
+3929	support lazy launching of ccapi server
+3930	CCAPI server must be able to distinguish context handles from
+        other server instances
+3931	CCAPI context and ccache change times must be stored by the client
+3932	CCAPI should use a cc_handle not implemented as a pointer
+3933	CCAPI client library reconnection support
+3934	Implement CCAPI blocking calls
+3935	CCAPI implement locking
+3936	krb5_ccache functions should use the ccapi version 3 interface
+5411	MEMORY keytab
+5425	nonce needs to be random
+5427	buffer overflow in krb5_kt_get_name
+5428	MEMORY keytab leaks
+5429	MEMORY keytab should use krb5_copy_keyblock
+5430	MEMORY keytab's get_entry should set enctypes and kvnos
+5431	krb5_kt_get_type should return const char *.
+5432	krb5_kt_default_name should take an unsized length
+5440	sendto_kdc() not signal safe, doesn't respond well to
+        staggered TCP responses.
+5481	manual test of commit handler
+5517	use IP(V6)_PKTINFO in KDC for UDP sockets
+5545	uninitialized salt length when reading some keys
+5560	threads on Solaris 10
+5561	close-on-exec flags
+5565	krb5kdc.M is confused about keytype
+5567	don't check for readability resolving SRVTAB: keytab
+5568	Move CCAPI sources to krb5 repository
+5569	Fixed bugs introduced while moving to krb5 repository
+5570	Only use __attribute__ on GNUC compilers
+5574	Add advisory locking to CCAPI
+5575	don't include time.h in CredentialsCache.h if it's not needed
+5578	test commit handler
+5580	provide asprintf functionality for internal use
+5589	krb5 trunk no longer builds on Windows - vsnprintf
+        implementation required
+5590	gss krb5 mech enhanced error messages
+5593	kadmind crash on Debian AMD64
+5594	Work on compiling CCAPI test suite on Windows
+5595	Problems with kpasswd and an IPv6 enviroment
+5598	ccs_pipe_t needs copy and release functions
+5599	Added new autogenerated file to generate-files-mac target
+5600	provide more useful error message when running kpropd on
+        command line
+5635	need more dylib_file specs for darwin
+5641	kadm5_setkey_principal_3 fix
+5642	Remove unused, unlocalizable error strings
+5643	Alignment fix
+5649	t_ser should no longer use kdb libraries
+5654	remap mechanism-specific status codes in mechglue/spnego
+5655	authorization-data plugin support in KDC
+5657	(Mac-specific) PROG_LIBPATH build fix
+5667	listprincs *z is broken
+5670	Add documentation for CCAPI
+5671	cleanup src/lib/gssapi/krb5/error_map.h on Windows
+5672	no unistd.h on Windows
+5699	test program build problem
+5754	cci_array_move should work when the source and dest positions are equal
+5760	stdint.h should only be accessed if HAVE_STDINT_H defined
+5771	cc_ccache_set_principal always returns error 227
+5776	profile library memory leaks introduced when malloc returns 0
+5786	Update Release Documentation for KFW 3.2.2
+5804	cc_initalize(ccapi_version_2) should return CC_BAD_API_VERSION
+        not CC_NOT_SUPP
+5805	Add documentation for error codes used for flow control.
+5806	Removed NOP line of code from krb5_fcc_next_cred()
+5807	can't store delegated krb5 creds when using spnego
+5813	cc_ccache_store_credentials should return ccErrBadCredentialsVersion
+5814	cci_array_move not returning correct new position
+5815	ccs_lock_status_grant_lock granting wrong lock
+5822	fixed mispelling in kadmin error message
+5828	Include time.h for time()
+5835	Kerberos with apple leopard
+5863	[no subject]
+5864	improve debugging of ticket verification in ksu
+5867	krb-priv sequence numbers don't match up in retransmitted requests
+5872	Add ccs_pipe_compare
+5884	Need CCAPI v2 support for Windows
+5885	Remove AppleConnect workaround
+5894	krb5int_arcfour_string_to_key does not support utf-8 strings
+5899	Compiling krb5-1.6.3 on FreeBSD 7.0-RELEASE
+5900	ccs_ccache_reset should check all arguments for NULL
+5901	CCAPI v2 support crash when client or server strings are NULL
+5902	cci_cred_union_compare_to_credentials_union doesn't work for v5 creds
+5903	Fix pointer cast in cc_seq_fetch_NCs_end
+5904	cc_set_principal should return error on bad cred version
+5905	cc_remove_cred should only remove one cred
+5906	Fixed error code remapping
+5907	Removed tests for check_cc_context_get_version
+5908	Remove C warnings from CCAPI tests
+5909	Add CCAPI v2 tests
+5911	removed unused header file inclusion CoreFoundation.h
+5912	Invalid assignment while trying to set input to NULL
+5915	cc_ccache_iterator_release, cc_credentials_iterator_release
+        leak server memory
+5920	CCacheServer should track client iterators
+5923	Protect CFBundle calls with mutexes
+5925	Windows socket(...) returns SOCKET, not file handle
+5926	Added prototype to test function to remove warning.
+5943	db creation creates a kadmin/hostname princ but doesn't fix case
+5947	krb5_walk_realm_tree broken substring logic
+5948	error in filebase+suffix list generation in plugin code
+5949	Don't leak memory when multiple arguments are NULL
+5954	ksu fails without domain_realm mapping for local host
+5960	Move KIM implementation to the krb5 repository
+5962	unchecked calls to k5_mutex_lock() interact poorly with finalizers
+5963	Profile library should not call rw_access earlier than needed
+5964	Re: Fwd: [modauthkerb] [SOLVED] 'Request is a replay' + Basic auth
+5966	signed vs unsigned char * warnings in kdb_xdr.c
+5967	No prototype when building kdb5_util without krb4 support
+5969	Add header for kill() in USE_PASSWORD_SERVER case
+5982	cci_credentials_iterator_release using wrong message ID
+5989	Add new launchd flags to CCacheServer plist file
+5990	kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvno
+5993	Masterkey Keytab Stash
+5999	fix ktutil listing with timestamp
+6000	misc uninitialized-storage accesses
+6001	Big endian stash file support
+6002	krb5_rc_io_creat should use mkstemp
+6005	krb5_get_error_message returns const char *
+6009	kdc does not compile with glibc 2.8
+6010	krb5int_gic_opte_copy should copy elements individually
+6011	Add EnableTransactions launchd option to CCacheServer
+6012	Add EnableTransactions	launchd	option to KerberosAgent
+6013	Stop building Kerberos.app as part of KfM.
+6015	gss_export_lucid_sec_context support for SPNEGO
+6016	SPNEGO workaround for SAMBA mech OID quirks
+6017	KDC virtual address support
+6019	Add signal to force KDC to check for changed interfaces
+6024	Don't use "ccache" in error string printed to user
+6025	Add macro so we don't print deprecated warnings while building KfM
+6026	CCacheServer crashes iterating over creds which have been destroyed
+6029	kadmind leaks error strings on failures
+6031	krb needs better realm lookup logic
+6032	test commit handler change
+6044	Add Apple Inc. to copyright lists.
+6052	Return extended krb5 error strings
+6055	KIM API
+6066	turn off thread-support debugging code
+6070	update DES code copyright notices
+6074	Use a valid UTF8 password for randkey password
+6075	Open log file for appending only, not also reading
+6076	Don't build PKINIT ASN.1 support code if not building PKINIT plugin
+6077	krb5_fcc_resolve file locking error on malloc failuer
+6080	mac port of kim should not depend on kipc
+6081	Conditionalize building of CCAPI ccache type on USE_CCAPI
+6083	profile write code should only quote empty strings
+6087	Notify clients on ccache deletion
+6088	Add support to send CFNotifications on ccache and cache
+        collection changes
+6090	k5_mutex_destroy calls pthread_mutex_destroy with mutex locked
+6091	lean client changes
+6093	KIM should not provide keytab functions when building lite framework
+6094	CCAPI is leaking mach ports
+6101	compile-time flag to disable iprop
+6103	fix resource leak in USE_PASSWORD_SERVER code
+6111	CCAPI should only use one pthread key
+6120	increase rpc timeout
+6121	dead code in lib/rpc/clnt_udp.c
+6131	Removed argument from kipc_client_lookup_server
+6133	C90 compliance
+6138	Switch KfM back to error tables
+6140	CCAPI should use common ipc and stream code
+6142	KerberosAgent dialogs jump around the screen
+6143	KerberosAgent: Enter Identity text field shouldn't be clear
+        automatically
+6144	KerberosAgent: ignore user interaction while busy
+6145	KerberosAgent attach associated dialogs to Select Identity dialog
+6146	Client name passed by KIM is incorrect
+6147	KerberosAgent Use Defaults button doesn't work
+6151	Don't touch keychain if home directory access is disabled
+6153	Add KLL error table
+6154	Hinge building KLL shim off KIM_TO_KLL_SHIM, not LEAN_CLIENT
+6155	KLLastChangedTime should return current time, not 0
+6156	KLL shim layer does not correctly handle options
+6157	KIM should remember options and identity if prefs indicate
+6158	KerberosAgent should handle multiple clients simultaneously
+6159	KerberosAgent should handle zoom button better
+6160	KLL should use __attribute ((deprecated))
+6162	kim_options_copy should allow in_options to be KIM_OPTIONS_DEFAULT
+6163	Crash in kim_credential_create_from_keytab
+6164	KL APIs which take a NULL principal return klParameterErr
+6165	kim_options_create sometimes returns KIM_OPTIONS_DEFAULT
+6166	preferences should handle KIM_OPTIONS_DEFAULT
+6168	prefs should not create empty dictionary for KIM_OPTIONS_DEFAULT
+6169	Missing keys in KerberosAgent Info.plist
+6170	change password should always reprompt on error
+6171	allow kim ui plugins to have any name
+6172	kim_ui_plugin_fini sends pointer to context instead of context.
+6175	always zero out authentication strings
+6176	Test KIM plugin
+6179	kim_os_string_create_localized leaks CFStringRef
+6181	Free error message returned by krb5_get_error_message
+6182	kim test suite reports error messages incorrectly
+6183	KerberosAgent enter identity dialog should use default
+6184	handle stash file names with missing keytab type spec and colon in path
+6185	Merge KerberosIPC into k5_mig support
+6186	Move GUI/CLI detection from KerberosIPC into KIM
+6187	use KIM_BUILTIN_UI instead of LEAN_CLIENT for builtin UI
+6189	remove unused variable in kim_ui_cli_ask_change_password
+6190	Use a context to store error table info
+6192	Treat unreadable terminal as user cancelled so regression tests work
+6193	Remap some of the more confusing krb5 errors
+6194	Double free and leak in kim_os_library_get_application_path
+6195	Added back KLL test programs
+6197	KLCreatePrincipalFromTriplet should work with empty instance
+6198	KerberosAgent continues to ignore mouse events after error
+6199	don't include "WRFILE:" in call to mktemp
+6201	small leak in KDC authdata plugins
+6202	kadmind leaks extended error strings
+6211	pam_sam leaking outer krb5_data created by encode_krb5_sam_response
+6214	krb5_change_set_password not freeing chpw_rep contents
+6216	Free data in tests so leaks checking is easier
+6217	kim_preferences should free old identity before overwriting
+6218	kim_ccache_iterator_next leaks principal
+6219	kim_os_library_get_caller_name leaks file path
+6220	kim_identity_change_password_with_credential leaks krb5_creds
+6221	KerberosAgent should clear generic auth prompt
+6222	KerberosAgent enter dialog should add entered identities to favorites
+6224	KerberosAgent 'no selection' placeholder in ticket options
+6225	Remove ipc message sent on cc_context_release
+6226	KIM should only display error dialogs if it has displayed UI already
+6227	Apple LW_net_trans.patch make KDC rescan network after 30 seconds
+6231	Apple split build support
+6247	Apple patch: null out pointer in string_to_key after free
+6248	Apple patch: destroy Mach ports on unload
+6250	Use CFStringGetCStringPtr when possible
+6251	Add test for kim_identity_create_from_components
+6252	krb5_build_principal_va does not allocate krb5_principal
+6254	krb5_build_principal_ext walks off beginning of array
+6255	partial rewrite of the ASN.1 encoders
+6256	localize format strings, not final error string
+6260	KerberosAgent hangs changing pw for passwordless identities
+6261	Remove saved password if it fails to get tickets
+6262	Only prompt automatically from GUI apps
+6264	Avoid duplicate identical dialogs in KIM
+6265	KerberosAgent bindings causing crashes
+6266	BIND_8_COMPAT no longer needed in Leopard
+6267	Add _with_password credential acquisition functions to KIM API
+6274	Crypto IOV API per Projects/AEAD encryption API
+6282	krb5kdc deref uninit memory on the stack on unknown principal (pk-init)
+6285	Provide SPI to switch the mach port lookup for kipc
+6286	Allow kerberos configuration files fail with EPERM
+6289	replay cache is insecurely handled
+6290	KIM: Pushing authentication login window do application
+6291	Using referrals fills the the credentials cache more entries
+        of the same name
+6294	lib/gssapi/krb5/init_sec_context.c: don't leak on mutex_lock failure
+6295	Memory leak in KIM identity object
+6297	"make check" fails due to krb5_cc_new_unique() on 64-bit
+        Solaris SPARC under Sun Studio
+6302	kadmind mem leaks [rdar 6358917]
+6303	Remove krb4 support
+6308	Alignment problem in resolver test
+6309	update ldap plugin Makefile for krb4 removal
+6315	move generated dependencies out of Makefile.in
+6316	KIM GC problem on 64-bit
+6335	test failures in password changing
+6336	enctype negotiation - etype list
+6337	kadmin should force non-forwardable tickets
+6339	Fwd: krb5_sendauth vs NAGLE vs DelayedAck
+6342	hash db2 code breaks if st_blksize > 64k
+6351	gss_header|trailerlen should be unsigned int
+6352	return correct kvno in TGS case
+6354	Master Key Migration Project
+
 Copyright and Other Legal Notices
 ---------------------------------

More information about the cvs-krb5 mailing list