Hello community, here is the log from the commit of package CASA checked in at Tue May 9 00:15:00 CEST 2006. -------- --- CASA/CASA.changes 2006-04-25 17:55:26.000000000 +0200 +++ STABLE/CASA/CASA.changes 2006-05-08 17:35:54.000000000 +0200 @@ -1,0 +2,217 @@ +Thu May 07 18:16:25 MST 2006 - jnorman@novell.com +- Bug 169353. Prompt user for Desktop Password when Master Password + is not present. + +------------------------------------------------------------------- +Fri May 5 17:51:27 IST 2006 - smanojna@novell.com + +- Description: + Bug 152929: Secret with special characters in name causing + unexpected behaviour. This fix will only prevent the + following special characters * : ' \ & = < > + +- Modified files: + c_gui/Common.cs + c_gui/images/casa.glade + +------------------------------------------------------------------- +Fri May 5 10:25:10 IST 2006 - smanojna@novell.com + +- Description: + Bug 165283: CASA docs and About screen states that CASA runs on + Mac OSX which does not currently. + +- Modified files: + package/linux/CASA.spec.in + +------------------------------------------------------------------- +Thu May 04 13:32:25 MST 2006 - jnorman@novell.com +- Bug 172719: Clean debug out. + +------------------------------------------------------------------- +Thu May 04 21:30:25 IST 2006 - smanojna@novell.com + +- Description: + 1. Fixed Bug 152929: Secret with special characters in name causing + unexpected behaviour. + +- Modified files: + c_gui/images/casa.glade + c_gui/Common.cs + c_gui/MiCasa.cs + c_gui/KdeWallet.cs + c_gui/GnomeKeyring.cs + c_gui/Firefox.cs + +------------------------------------------------------------------- +Thu May 04 17:38:25 IST 2006 - smanojna@novell.com + +- Description: + 1. Fixed Bug 170854: CASAGui only allows one edit at a time. + 2. Added 512 character limit during the edit operation, i.e. + the newly edited value string cannot be longer than 512. + 3. Fixed a bug caused during deleting and adding new key-value pairs, + this bug had not been filed in Bugzilla. + -In the manage secret dialog, delete a key-value pair. + -Add a new key with the same name as the one deleted above but + but with a different value. + -When you click the OK button the changes are not effected. + +- Modified files: + c_gui/MiCasa.cs + c_gui/Firefox.cs + c_gui/GnomeKeyring.cs + c_gui/KdeWallet.cs + c_gui/Common.cs + +------------------------------------------------------------------- +Thu May 04 15:23:17 IST 2006 - smanojna@novell.com + +- Description: + 1. Added dialog-modal property for change master password dialog. + 2. Added delete dialog handler for master password prompt dialog + during unlock store. + +- Modified files: + c_gui/images/casa.glade + c_gui/CommonGUI.cs + +------------------------------------------------------------------- +Thu May 04 09:36:04 IST 2006 - smanojna@novell.com +- Description: + 1. Removed references to support for Mac OS from rpm spec files. + 2. Fixed an invalid <href> in Contents.htm file. + +- Modified files: + shsrc/lshsrc/CASA.spec + shsrc/lshsrc/CASA_dbg.spec + c_gui/help/en/Contents.htm + +------------------------------------------------------------------- +Tue May 02 15:37:37 MST 2006 - jnorman@novell.com +- Bug 171135. Give user the option to launch YAST when micasad is + not running. + +------------------------------------------------------------------- +Tue May 02 15:37:37 MST 2006 - jnorman@novell.com +- Security Audit 4.1. Enhanced Persistence encryption salt generation + to be more random based on the password or master password used. + +------------------------------------------------------------------- +Tue May 02 20:30:37 IST 2006 - lsreevatsa@novell.com +- Description: + Security Audit 5:13. Refix for using proper length on strncpy. + Maximum Length is 512 characters. + +- Modified files: + c_adlib/GKEngine.cs + c_adlib/ad_gk/GnomeKeyring.cs + c_adlib/ad_gk/native/ad_gk.c + +------------------------------------------------------------------- +Tue May 02 12:37:22 IST 2006 - smanojna@novell.com +- Description: + CASAManager GUI shall now support a maximum of 512 characters in + length. User will not be able to create secrets and key-value pairs + of lenght more than 512 characters from within CASAManager GUI. + This check is essential to protect CASA from possible buffer + overflow attacks. + +- Modified files: + casa.glade + +------------------------------------------------------------------- +Wed Apr 26 16:17:00 MST 2006 - jnorman@novell.com +- Bug 165283. Remove reference to Mac OS from help file. + +------------------------------------------------------------------- +Wed Apr 26 15:50:00 MST 2006 - jnorman@novell.com +- Security Audit Recap: +- Item 4.1, File: c_micasad/lss/Rfc2898DeriveBytes.c + 1. This item is awaiting licensing on a portable random number + generator received through a contribution to the the project. +- Item 4.2 File: c_micasad/cache/KeyValue.c + 1. Fix is in line 202 of the file. We improved XOR algorithm by + increasing the size of the key to equate the value. +- Item 4.3 File: c_micasad/lss/LocalStorage.cs + 1. Now files are checked for ownership before being removed. + New methods added and there are changes through out the file to support this. +- Item 4.4 File: c_micasad/lss/CASACrypto.cs + 1. IV fix will be checked in as soon as the item No. 1 above is approved. + 2. For this item now we testing the file to make sure it is not a + symbolic link. (line 454, 455 in the file.) + 3. This was a low priority item and we are investigating this. + 4. This function was not used hence removed. + 5. The default behavior of the file creation was modified to set the + rights at creation time. +- Item 5.1 File: c_micasad/communication/UnixCommunication + 1. This was fixed by checking to see if the root was not the owner + of the socket to remove the file. +- Item 5.2 File: c_micasad/lib/communication/UnixIPCClientChannel.cs + 1. This was fixed by validating the owner of the socket before use. +- Item 5.3 File: c_micasad/lib/communication/UnixIPCClientChannel.cs + 1. This was fixed by validating the buffer size before allocation of memory. +- Item 5.4 File: c_micasad/lss/CASACrypto.cs + 1. This was fixed by checking for minimum length. + 2. We can't check for upper limit for memory for maximum file size because + we don't know how big the file can get. System will swap the pages out + of the cache if it gets big and those pages are fragments of the encrypted + cache. The original decrypted cache will be subject to garbage collection + by Mono or .Net. We have added the forced garbage collection after + finishing the decryption operation. +- Item 5.5 File: c_micasad/verbs/ObjectSerializtion.cs + 1. The memory size checks have been added to the code for validation. +- Item 5.6 File: c_micasad/verbs/OpenSecretStore.cs + 1. The buffer size validation is added. + 2. MsgId 0x1001 is not correct. +- Item 5.7 File: c_micasad/verbs/SetMasterPasscode.cs + 1. The buffer size validation is added. +- Item 5.8 File: c_micasad/common/SessionManager.cs + 1. We are running as root so $PATH is root's $PATH. + 2. We can go through he while loop twice that is the reason we used the loop. +- Item 5.9 File: c_micasad/sscs_ndk.c + 1. All of the instances of strcpy, strcmp, strcat, strlen, were replaced + with strncpy, strncmp, strncat and strlen was eliminated. + 2. TheUtf8 macros were modified to force a null at the end of the string + buffer where the length was declared. + 3. All of the buffer lengths for upper bounds are being validated before use. + 4. sscsshs_ChkEscapeString was fixed. +- Item 5.10 File: auth_token/kbr5_token/linux/get.c + 1. This file is not build as a part of CASA 1.6 yet and is supposed to be + completed and shipped in CASA 1.7. The fix will be applied later. +- Item 5.11 File: c_micasacache/sscs_ipc + 1. Handling of the end files has been added to the code. +- Item 5.12 File: c_micasacache/sscs_unx_ipc_client.c + 1. Tokenize function has been fixed. + 2. Validation of the buflen is added where applicable. +- Item 5.13 File: c_adlib/ad_gk/native.c + 1. The validation of the buffer length has been added to the code. + +------------------------------------------------------------------- +Wed Apr 26 15:39:00 MST 2006 - jnorman@novell.com +- Security Audit 5:13. Use proper length on strncpy. + +------------------------------------------------------------------- +Wed Apr 26 11:02:00 MST 2006 - jnorman@novell.com +- Security Audit 5.6: Check length of ssNameLen < 256 + before allocating buffer + +------------------------------------------------------------------- +Wed Apr 26 10:55:20 MST 2006 - jnorman@novell.com +- Security Audit 5.4: Issue Garbage Collect after loading persistence. + +------------------------------------------------------------------- +Wed Apr 26 10:26:20 MST 2006 - jnorman@novell.com +- Security Audit 5.5: Check length of message to be within range. + +------------------------------------------------------------------- +Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com +- Security Audit 5.13: Ensure that string lengths are within limits + and null terminated before copying them to buffers. + +------------------------------------------------------------------- +Wed Apr 26 12:53:10 IST 2006 - smanojna@novell.com +- Bug 165283: CASA docs and About screen states that CASA runs on + Mac OSX which it does not currently. + +------------------------------------------------------------------- Old: ---- CASA-1.6.497.tar.bz2 New: ---- CASA-1.6.602.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ CASA.spec ++++++ --- /var/tmp/diff_new_pack.ykYIt2/_old 2006-05-09 00:14:47.000000000 +0200 +++ /var/tmp/diff_new_pack.ykYIt2/_new 2006-05-09 00:14:47.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package CASA (Version 1.6.497 ) +# spec file for package CASA (Version 1.6.602 ) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -22,8 +22,8 @@ Group: Productivity/Other Autoreqprov: on %define bldno 1.1.1 -Version: 1.6.497 -Release: 1 +Version: 1.6.602 +Release: 3 Summary: Novell Common Authentication Service Adapter (CASA) Source: %{name}-%{version}.tar.bz2 #Patch: %{name}-%{version}.diff @@ -151,6 +151,7 @@ install -d %{buildroot}/%{_lib}/security install -d %{buildroot}/etc/init.d #install -m 644 %{buildroot}%{prefix}/%{_lib}/miCASA.jar %{buildroot}%{prefix}/CASA/%{_lib} +install -m 755 %{_lib}/%{cfg}/miCASA.jar %{buildroot}%{bin_prefix}/%{_lib} install -m 644 doc/CASA_Reference_Guide.pdf %{buildroot}%{prefix}/CASA/doc install -m 644 doc/License.txt %{buildroot}%{prefix}/CASA/doc install -m 644 doc/Readme.txt %{buildroot}%{prefix}/CASA/doc @@ -160,7 +161,6 @@ ln -s libmicasa.so.%{bldno} %{buildroot}%{bin_prefix}/%{_lib}/libmicasa.so.1 ln -s libjmicasa.so.%{bldno} %{buildroot}%{bin_prefix}/%{_lib}/libjmicasa.so ln -s libjmicasa.so.%{bldno} %{buildroot}%{bin_prefix}/%{_lib}/libjmicasa.so.1 -#ln -s miCASA.jar %{buildroot}%{bin_prefix}/CASA/%{_lib}/jmiCASA.jar #ln -s libkwallets_rw.so.%{bldno} %{buildroot}%{bin_prefix}/%{_lib}/libkwallets_rw.so #ln -s libkwallets_rw.so.%{bldno} %{buildroot}%{bin_prefix}/%{_lib}/libkwallets_rw.so.1 ln -s libad_gk.so.%{bldno} %{buildroot}%{bin_prefix}/%{_lib}/libad_gk.so @@ -233,6 +233,7 @@ %defattr(-,root,root) %{bin_prefix}/include/micasa_mgmd.h %{bin_prefix}/include/micasa_types.h +%{bin_prefix}/%{_lib}/miCASA.jar %files gui %defattr(-,root,root) @@ -261,6 +262,169 @@ %{prefix}/CASA/help/en/* %changelog -n CASA +* Sun May 07 2006 - jnorman@novell.com +- Bug 169353. Prompt user for Desktop Password when Master Password + is not present. +* Fri May 05 2006 - smanojna@novell.com +- Description: + Bug 152929: Secret with special characters in name causing + unexpected behaviour. This fix will only prevent the + following special characters * : ' \ & = < > +- Modified files: + c_gui/Common.cs + c_gui/images/casa.glade +* Fri May 05 2006 - smanojna@novell.com +- Description: + Bug 165283: CASA docs and About screen states that CASA runs on + Mac OSX which does not currently. +- Modified files: + package/linux/CASA.spec.in +* Thu May 04 2006 - smanojna@novell.com +- Description: + 1. Fixed Bug 152929: Secret with special characters in name causing + unexpected behaviour. +- Modified files: + c_gui/images/casa.glade + c_gui/Common.cs + c_gui/MiCasa.cs + c_gui/KdeWallet.cs + c_gui/GnomeKeyring.cs + c_gui/Firefox.cs +* Thu May 04 2006 - smanojna@novell.com +- Description: + 1. Fixed Bug 170854: CASAGui only allows one edit at a time. + 2. Added 512 character limit during the edit operation, i.e. + the newly edited value string cannot be longer than 512. + 3. Fixed a bug caused during deleting and adding new key-value pairs, + this bug had not been filed in Bugzilla. +-In the manage secret dialog, delete a key-value pair. +-Add a new key with the same name as the one deleted above but + but with a different value. +-When you click the OK button the changes are not effected. +- Modified files: + c_gui/MiCasa.cs + c_gui/Firefox.cs + c_gui/GnomeKeyring.cs + c_gui/KdeWallet.cs + c_gui/Common.cs +* Thu May 04 2006 - smanojna@novell.com +- Description: + 1. Added dialog-modal property for change master password dialog. + 2. Added delete dialog handler for master password prompt dialog + during unlock store. +- Modified files: + c_gui/images/casa.glade + c_gui/CommonGUI.cs +* Thu May 04 2006 - jnorman@novell.com +- Bug 172719: Clean debug out. +* Thu May 04 2006 - smanojna@novell.com +- Description: + 1. Removed references to support for Mac OS from rpm spec files. + 2. Fixed an invalid <href> in Contents.htm file. +- Modified files: + shsrc/lshsrc/CASA.spec + shsrc/lshsrc/CASA_dbg.spec + c_gui/help/en/Contents.htm +* Tue May 02 2006 - lsreevatsa@novell.com +- Description: + Security Audit 5:13. Refix for using proper length on strncpy. + Maximum Length is 512 characters. +- Modified files: + c_adlib/GKEngine.cs + c_adlib/ad_gk/GnomeKeyring.cs + c_adlib/ad_gk/native/ad_gk.c +* Tue May 02 2006 - jnorman@novell.com +- Bug 171135. Give user the option to launch YAST when micasad is + not running. +- Security Audit 4.1. Enhanced Persistence encryption salt generation + to be more random based on the password or master password used. +* Tue May 02 2006 - smanojna@novell.com +- Description: + CASAManager GUI shall now support a maximum of 512 characters in + length. User will not be able to create secrets and key-value pairs + of lenght more than 512 characters from within CASAManager GUI. + This check is essential to protect CASA from possible buffer + overflow attacks. +- Modified files: + casa.glade +* Wed Apr 26 2006 - jnorman@novell.com +- Bug 165283. Remove reference to Mac OS from help file. +* Wed Apr 26 2006 - jnorman@novell.com +- Security Audit Recap: +- Item 4.1, File: c_micasad/lss/Rfc2898DeriveBytes.c + 1. This item is awaiting licensing on a portable random number + generator received through a contribution to the the project. +- Item 4.2 File: c_micasad/cache/KeyValue.c + 1. Fix is in line 202 of the file. We improved XOR algorithm by + increasing the size of the key to equate the value. +- Item 4.3 File: c_micasad/lss/LocalStorage.cs + 1. Now files are checked for ownership before being removed. + New methods added and there are changes through out the file to support this. +- Item 4.4 File: c_micasad/lss/CASACrypto.cs + 1. IV fix will be checked in as soon as the item No. 1 above is approved. + 2. For this item now we testing the file to make sure it is not a + symbolic link. (line 454, 455 in the file.) + 3. This was a low priority item and we are investigating this. + 4. This function was not used hence removed. + 5. The default behavior of the file creation was modified to set the + rights at creation time. +- Item 5.1 File: c_micasad/communication/UnixCommunication + 1. This was fixed by checking to see if the root was not the owner + of the socket to remove the file. +- Item 5.2 File: c_micasad/lib/communication/UnixIPCClientChannel.cs + 1. This was fixed by validating the owner of the socket before use. +- Item 5.3 File: c_micasad/lib/communication/UnixIPCClientChannel.cs + 1. This was fixed by validating the buffer size before allocation of memory. +- Item 5.4 File: c_micasad/lss/CASACrypto.cs + 1. This was fixed by checking for minimum length. + 2. We can't check for upper limit for memory for maximum file size because + we don't know how big the file can get. System will swap the pages out + of the cache if it gets big and those pages are fragments of the encrypted + cache. The original decrypted cache will be subject to garbage collection + by Mono or .Net. We have added the forced garbage collection after + finishing the decryption operation. +- Item 5.5 File: c_micasad/verbs/ObjectSerializtion.cs + 1. The memory size checks have been added to the code for validation. +- Item 5.6 File: c_micasad/verbs/OpenSecretStore.cs + 1. The buffer size validation is added. + 2. MsgId 0x1001 is not correct. +- Item 5.7 File: c_micasad/verbs/SetMasterPasscode.cs + 1. The buffer size validation is added. +- Item 5.8 File: c_micasad/common/SessionManager.cs + 1. We are running as root so $PATH is root's $PATH. + 2. We can go through he while loop twice that is the reason we used the loop. +- Item 5.9 File: c_micasad/sscs_ndk.c + 1. All of the instances of strcpy, strcmp, strcat, strlen, were replaced + with strncpy, strncmp, strncat and strlen was eliminated. + 2. TheUtf8 macros were modified to force a null at the end of the string + buffer where the length was declared. + 3. All of the buffer lengths for upper bounds are being validated before use. + 4. sscsshs_ChkEscapeString was fixed. +- Item 5.10 File: auth_token/kbr5_token/linux/get.c + 1. This file is not build as a part of CASA 1.6 yet and is supposed to be + completed and shipped in CASA 1.7. The fix will be applied later. +- Item 5.11 File: c_micasacache/sscs_ipc + 1. Handling of the end files has been added to the code. +- Item 5.12 File: c_micasacache/sscs_unx_ipc_client.c + 1. Tokenize function has been fixed. + 2. Validation of the buflen is added where applicable. +- Item 5.13 File: c_adlib/ad_gk/native.c + 1. The validation of the buffer length has been added to the code. +* Wed Apr 26 2006 - jnorman@novell.com +- Security Audit 5:13. Use proper length on strncpy. +* Wed Apr 26 2006 - smanojna@novell.com +- Bug 165283: CASA docs and About screen states that CASA runs on + Mac OSX which it does not currently. +* Wed Apr 26 2006 - jnorman@novell.com +- Security Audit 5.6: Check length of ssNameLen < 256 + before allocating buffer +* Wed Apr 26 2006 - jnorman@novell.com +- Security Audit 5.4: Issue Garbage Collect after loading persistence. +* Wed Apr 26 2006 - jnorman@novell.com +- Security Audit 5.5: Check length of message to be within range. +* Wed Apr 26 2006 - jnorman@novell.com +- Security Audit 5.13: Ensure that string lengths are within limits + and null terminated before copying them to buffers. * Mon Apr 24 2006 - jnorman@novell.com - Bug 157218. Clear lists of secrets when GUI is locked. * Mon Apr 24 2006 - cmashayekhi@novell.com ++++++ CASA-1.6.497.tar.bz2 -> CASA-1.6.602.tar.bz2 ++++++ ++++ 50515 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...