From: Andrew Bartlett Date: Wed, 29 Nov 2023 09:46:28 +0000 (+1300) Subject: third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f84... X-Git-Tag: talloc-2.4.2~432 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b12a33e225197ec71285586ec44140b421f2e5c6;p=thirdparty%2Fsamba.git third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07) Some of our pending PRs for Heimdal were recently accepted, so this brings in a new update (mostly improved spelling). Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Nov 30 21:25:56 UTC 2023 on atb-devel-224 --- diff --git a/third_party/heimdal/kdc/kerberos5.c b/third_party/heimdal/kdc/kerberos5.c index 76cecd3e12f..5991711a289 100644 --- a/third_party/heimdal/kdc/kerberos5.c +++ b/third_party/heimdal/kdc/kerberos5.c @@ -1125,7 +1125,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa) ret = pa_enc_ts_decrypt_kvno(r, kvno, &enc_data, &ts_data, &pa_key); if (ret == KRB5KDC_ERR_ETYPE_NOSUPP) { char *estr; - _kdc_set_e_text(r, "No key matching entype"); + _kdc_set_e_text(r, "No key matching enctype"); if(krb5_enctype_to_string(r->context, enc_data.etype, &estr)) estr = NULL; if(estr == NULL) @@ -1143,6 +1143,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa) kvno); goto out; } + if (ret == KRB5KDC_ERR_PREAUTH_FAILED) { krb5_error_code ret2; const char *msg = krb5_get_error_message(r->context, ret); @@ -1211,7 +1212,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa) krb5_data_free(&ts_data); if(ret){ ret = KRB5KDC_ERR_PREAUTH_FAILED; - _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s", + _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS-ENC -- %s", r->cname); goto out; } @@ -1846,7 +1847,7 @@ get_pa_etype_info2(krb5_context context, } /* - * Return 0 if the client have only older enctypes, this is for + * Return 0 if the client has only older enctypes, this is for * determining if the server should send ETYPE_INFO2 or not. */ @@ -2895,7 +2896,7 @@ _kdc_as_rep(astgs_request_t r) if(r->client->flags.postdate && r->server->flags.postdate) r->et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ - _kdc_set_e_text(r, "Ticket may not be postdate"); + _kdc_set_e_text(r, "Ticket may not be postdateable"); ret = KRB5KDC_ERR_POLICY; goto out; } @@ -2936,7 +2937,7 @@ _kdc_as_rep(astgs_request_t r) _kdc_fix_time(&b->till); t = *b->till; - /* be careful not overflowing */ + /* be careful not to overflow */ /* * Pre-auth can override r->client->max_life if configured. @@ -3075,7 +3076,7 @@ _kdc_as_rep(astgs_request_t r) } /* - * Check and session and reply keys + * Check session and reply keys */ if (r->session_key.keytype == ETYPE_NULL) { @@ -3085,7 +3086,7 @@ _kdc_as_rep(astgs_request_t r) } if (r->reply_key.keytype == ETYPE_NULL) { - _kdc_set_e_text(r, "Client have no reply key"); + _kdc_set_e_text(r, "Client has no reply key"); ret = KRB5KDC_ERR_CLIENT_NOTYET; goto out; } @@ -3169,7 +3170,7 @@ _kdc_as_rep(astgs_request_t r) goto out; /* - * Check if message too large + * Check if message is too large */ if (r->datagram_reply && r->reply->length > config->max_datagram_reply_length) { krb5_data_free(r->reply); diff --git a/third_party/heimdal/kdc/krb5tgs.c b/third_party/heimdal/kdc/krb5tgs.c index af80450c4b0..d744f5610f3 100644 --- a/third_party/heimdal/kdc/krb5tgs.c +++ b/third_party/heimdal/kdc/krb5tgs.c @@ -1789,7 +1789,7 @@ server_lookup: break; if(i == b->etype.len) { kdc_log(context, config, 4, - "Addition ticket have not matching etypes"); + "Addition ticket has no matching etypes"); krb5_clear_error_message(context); ret = KRB5KDC_ERR_ETYPE_NOSUPP; kdc_audit_addreason((kdc_request_t)priv, diff --git a/third_party/heimdal/kdc/pkinit.c b/third_party/heimdal/kdc/pkinit.c index 255441ce071..c853359bbc2 100644 --- a/third_party/heimdal/kdc/pkinit.c +++ b/third_party/heimdal/kdc/pkinit.c @@ -534,8 +534,8 @@ _kdc_pk_rd_padata(astgs_request_t priv, } /* - * If the client sent more then 10 EDI, don't bother - * looking more then 10 of performance reasons. + * If the client sent more than 10 EDIs, don't bother + * looking at more than 10 for performance reasons. */ maxedi = edi->len; if (maxedi > 10) @@ -873,7 +873,7 @@ pk_mk_pa_reply_enckey(krb5_context context, *kdc_cert = NULL; /* - * If the message client is a win2k-type but it send pa data + * If the message client is a win2k-type but it sends pa data * 09-binding it expects a IETF (checksum) reply so there can be * no replay attacks. */ @@ -1533,7 +1533,7 @@ _kdc_pk_mk_pa_reply(astgs_request_t r, pk_client_params *cp) krb5_data_free(&ocsp.data); ocsp.expire = 0; } else if (ocsp.expire > 180) { - ocsp.expire -= 180; /* refetch the ocsp before it expire */ + ocsp.expire -= 180; /* refetch the ocsp before it expires */ ocsp.next_update = ocsp.expire; } else { ocsp.next_update = kdc_time; @@ -1808,7 +1808,7 @@ _kdc_pk_check_client(astgs_request_t r, if (strcmp(*subject_name, acl->val[0].subject) != 0) continue; - /* Don't support isser and anchor checking right now */ + /* Don't support issuer and anchor checking right now */ if (acl->val[0].issuer) continue; if (acl->val[0].anchor) diff --git a/third_party/heimdal/kuser/kinit.c b/third_party/heimdal/kuser/kinit.c index 8df1c1b796f..9a2fac642ad 100644 --- a/third_party/heimdal/kuser/kinit.c +++ b/third_party/heimdal/kuser/kinit.c @@ -221,7 +221,7 @@ static struct getargs args[] = { NP_("use this credential cache as FAST armor cache", ""), "cache" }, { "use-referrals", 0, arg_flag, &use_referrals_flag, - NP_("only use referrals, no dns canalisation", ""), NULL }, + NP_("only use referrals, no dns canonicalisation", ""), NULL }, { "windows", 0, arg_flag, &windows_flag, NP_("get windows behavior", ""), NULL }, diff --git a/third_party/heimdal/lib/base/json.c b/third_party/heimdal/lib/base/json.c index 4fa0f2d5aff..ed4ea683308 100644 --- a/third_party/heimdal/lib/base/json.c +++ b/third_party/heimdal/lib/base/json.c @@ -976,7 +976,7 @@ parse_string(struct parse_ctx *ctx) /* NUL-terminate for rk_base64_decode() and plain paranoia */ if (p0 != NULL && p == pend) { /* - * Work out how far p is into p0 to re-esablish p after + * Work out how far p is into p0 to re-establish p after * the realloc() */ size_t p0_to_pend_len = (pend - p0); diff --git a/third_party/heimdal/lib/hdb/ext.c b/third_party/heimdal/lib/hdb/ext.c index 48683ef1607..465a235f744 100644 --- a/third_party/heimdal/lib/hdb/ext.c +++ b/third_party/heimdal/lib/hdb/ext.c @@ -43,7 +43,7 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) return 0; /* - * check for unknown extensions and if they where tagged mandatory + * check for unknown extensions and if they were tagged mandatory */ for (i = 0; i < ent->extensions->len; i++) { @@ -52,7 +52,7 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) continue; if (ent->extensions->val[i].mandatory) { krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION, - "Principal have unknown " + "Principal has unknown " "mandatory extension"); return HDB_ERR_MANDATORY_OPTION; } @@ -592,7 +592,7 @@ hdb_validate_key_rotation(krb5_context context, if (new_kr->base_kvno <= last_kvno) { krb5_set_error_message(context, EINVAL, "New key rotation base kvno must be larger " - "the last kvno for the current key " + "than the last kvno for the current key " "rotation (%u)", last_kvno); return EINVAL; } @@ -751,7 +751,7 @@ hdb_entry_add_key_rotation(krb5_context context, ((kr->epoch - prev_kr->epoch) / prev_kr->period))) { krb5_set_error_message(context, EINVAL, "New key rotation base kvno must be larger " - "the last kvno for the current key " + "than the last kvno for the current key " "rotation (%u)", last_kvno); return EINVAL; } diff --git a/third_party/heimdal/lib/hx509/cert.c b/third_party/heimdal/lib/hx509/cert.c index e7e2423c54d..4fcb4ba8da9 100644 --- a/third_party/heimdal/lib/hx509/cert.c +++ b/third_party/heimdal/lib/hx509/cert.c @@ -237,13 +237,13 @@ hx509_set_warn_dest(hx509_context context, heim_log_facility *fac) /** * Selects if the hx509_revoke_verify() function is going to require - * the existans of a revokation method (OCSP, CRL) or not. Note that - * hx509_verify_path(), hx509_cms_verify_signed(), and other function + * the existence of a revocation method (OCSP, CRL) or not. Note that + * hx509_verify_path(), hx509_cms_verify_signed(), and other functions * call hx509_revoke_verify(). * * @param context hx509 context to change the flag for. - * @param flag zero, revokation method required, non zero missing - * revokation method ok + * @param flag zero, revocation method required, non zero missing + * revocation method ok * * @ingroup hx509_verify */ @@ -555,7 +555,7 @@ hx509_cert_ref(hx509_cert cert) } /** - * Allocate an verification context that is used fo control the + * Allocate an verification context that is used to control the * verification process. * * @param context A hx509 context. @@ -952,7 +952,7 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context, ret = add_to_list(list, &sa.val[j].u.otherName.value); if (ret) { hx509_set_error_string(context, 0, ret, - "Error adding an exra SAN to " + "Error adding an extra SAN to " "return list"); hx509_free_octet_string_list(list); free_GeneralNames(&sa); @@ -2436,7 +2436,7 @@ hx509_verify_path(hx509_context context, /* * The subject name of the proxy certificate should be - * CN=XXX,, prune of CN and check if its + * CN=XXX,. Prune off CN and check if it's * the same over the whole chain of proxy certs and * then check with the EE cert when we get to it. */ @@ -2496,7 +2496,7 @@ hx509_verify_path(hx509_context context, } else { /* * Now we are done with the proxy certificates, this - * cert was an EE cert and we we will fall though to + * cert was an EE cert and we will fall though to * EE checking below. */ type = EE_CERT; @@ -2505,9 +2505,9 @@ hx509_verify_path(hx509_context context, HEIM_FALLTHROUGH; case EE_CERT: /* - * If there where any proxy certificates in the chain + * If there were any proxy certificates in the chain * (proxy_cert_depth > 0), check that the proxy issuer - * matched proxy certificates "base" subject. + * matched the proxy certificate's "base" subject. */ if (proxy_cert_depth) { @@ -2598,7 +2598,7 @@ hx509_verify_path(hx509_context context, } /* - * Verify that no certificates has been revoked. + * Verify that no certificates have been revoked. */ if (ctx->revoke_ctx) { @@ -2681,7 +2681,7 @@ hx509_verify_path(hx509_context context, goto out; } /* - * Verify that the sigature algorithm is not weak. Ignore + * Verify that the signature algorithm is not weak. Ignore * trust anchors since they are provisioned by the user. */ @@ -2708,7 +2708,7 @@ out: * @param signer the certificate that made the signature. * @param alg algorthm that was used to sign the data. * @param data the data that was signed. - * @param sig the sigature to verify. + * @param sig the signature to verify. * * @return An hx509 error code, see hx509_get_error_string(). * diff --git a/third_party/heimdal/lib/hx509/cms.c b/third_party/heimdal/lib/hx509/cms.c index 8615f03ee81..1723f3a6424 100644 --- a/third_party/heimdal/lib/hx509/cms.c +++ b/third_party/heimdal/lib/hx509/cms.c @@ -117,8 +117,8 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid, * @param in the encoded buffer. * @param oid type of the content. * @param out data to be wrapped. - * @param have_data since the data is optional, this flags show dthe - * diffrence between no data and the zero length data. + * @param have_data since the data is optional, this flag shows the + * difference between no data and the zero length data. * * @return Returns an hx509 error code. * @@ -250,7 +250,7 @@ unparse_CMSIdentifier(hx509_context context, break; } default: - ret = asprintf(str, "certificate have unknown CMSidentifier type"); + ret = asprintf(str, "certificate has unknown CMSidentifier type"); break; } /* @@ -331,7 +331,7 @@ find_CMSIdentifier(hx509_context context, /** * Decode and unencrypt EnvelopedData. * - * Extract data and parameteres from from the EnvelopedData. Also + * Extract data and parameters from the EnvelopedData. Also * supports using detached EnvelopedData. * * @param context A hx509 context. @@ -342,7 +342,7 @@ find_CMSIdentifier(hx509_context context, * EnvelopedData stucture. * @param length length of the data that data point to. * @param encryptedContent in case of detached signature, this - * contains the actual encrypted data, othersize its should be NULL. + * contains the actual encrypted data, otherwise it should be NULL. * @param time_now set the current time, if zero the library uses now as the date. * @param contentType output type oid, should be freed with der_free_oid(). * @param content the data, free with der_free_octet_string(). @@ -437,7 +437,7 @@ hx509_cms_unenvelope(hx509_context context, hx509_cert_free(cert); if (ret == 0) - break; /* succuessfully decrypted cert */ + break; /* successfully decrypted cert */ cert = NULL; ret2 = unparse_CMSIdentifier(context, &ri->rid, &str); if (ret2 == 0) { @@ -531,17 +531,17 @@ out: } /** - * Encrypt end encode EnvelopedData. + * Encrypt and encode EnvelopedData. * * Encrypt and encode EnvelopedData. The data is encrypted with a * random key and the the random key is encrypted with the - * certificates private key. This limits what private key type can be + * certificate's private key. This limits what private key type can be * used to RSA. * * @param context A hx509 context. * @param flags flags to control the behavior. * - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate - * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo + * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crypto * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number * @param cert Certificate to encrypt the EnvelopedData encryption key * with. @@ -773,12 +773,12 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid) * * @param context A hx509 context. * @param ctx a hx509 verify context. - * @param flags to control the behaivor of the function. + * @param flags to control the behavior of the function. * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below. * @param data pointer to CMS SignedData encoded data. - * @param length length of the data that data point to. + * @param length length of the data that data points to. * @param signedContent external data used for signature. * @param pool certificate pool to build certificates paths. * @param contentType free with der_free_oid(). @@ -829,7 +829,7 @@ hx509_cms_verify_signed(hx509_context context, * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below. * @param data pointer to CMS SignedData encoded data. - * @param length length of the data that data point to. + * @param length length of the data that data points to. * @param signedContent external data used for signature. * @param pool certificate pool to build certificates paths. * @param contentType free with der_free_oid(). @@ -939,7 +939,7 @@ hx509_cms_verify_signed_ext(hx509_context context, ret = HX509_CMS_MISSING_SIGNER_DATA; hx509_set_error_string(context, 0, ret, "SignerInfo %zu in SignedData " - "missing sigature", i); + "missing signature", i); continue; } @@ -972,22 +972,22 @@ hx509_cms_verify_signed_ext(hx509_context context, sa.val = signer_info->signedAttrs->val; sa.len = signer_info->signedAttrs->len; - /* verify that sigature exists */ + /* verify that signature exists */ attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest); if (attr == NULL) { ret = HX509_CRYPTO_SIGNATURE_MISSING; hx509_set_error_string(context, 0, ret, - "SignerInfo have signed attributes " + "SignerInfo has signed attributes " "but messageDigest (signature) " "is missing"); - goto next_sigature; + goto next_signature; } if (attr->value.len != 1) { ret = HX509_CRYPTO_SIGNATURE_MISSING; hx509_set_error_string(context, 0, ret, - "SignerInfo have more then one " + "SignerInfo has more than one " "messageDigest (signature)"); - goto next_sigature; + goto next_signature; } ret = decode_MessageDigest(attr->value.val[0].data, @@ -998,7 +998,7 @@ hx509_cms_verify_signed_ext(hx509_context context, hx509_set_error_string(context, 0, ret, "Failed to decode " "messageDigest (signature)"); - goto next_sigature; + goto next_signature; } ret = _hx509_verify_signature(context, @@ -1010,7 +1010,7 @@ hx509_cms_verify_signed_ext(hx509_context context, if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "Failed to verify messageDigest"); - goto next_sigature; + goto next_signature; } /* @@ -1024,8 +1024,8 @@ hx509_cms_verify_signed_ext(hx509_context context, if (attr->value.len != 1) { ret = HX509_CMS_DATA_OID_MISMATCH; hx509_set_error_string(context, 0, ret, - "More then one oid in signedAttrs"); - goto next_sigature; + "More than one oid in signedAttrs"); + goto next_signature; } ret = decode_ContentType(attr->value.val[0].data, @@ -1036,7 +1036,7 @@ hx509_cms_verify_signed_ext(hx509_context context, hx509_set_error_string(context, 0, ret, "Failed to decode " "oid in signedAttrs"); - goto next_sigature; + goto next_signature; } match_oid = &decode_oid; } @@ -1050,7 +1050,7 @@ hx509_cms_verify_signed_ext(hx509_context context, if (match_oid == &decode_oid) der_free_oid(&decode_oid); hx509_clear_error_string(context); - goto next_sigature; + goto next_signature; } if (size != signed_data.length) _hx509_abort("internal ASN.1 encoder error"); @@ -1094,7 +1094,7 @@ hx509_cms_verify_signed_ext(hx509_context context, signed_data.data = NULL; } if (ret) - goto next_sigature; + goto next_signature; /** * If HX509_CMS_VS_NO_VALIDATE flags is set, return the signer @@ -1110,17 +1110,17 @@ hx509_cms_verify_signed_ext(hx509_context context, found_valid_sig++; } - next_sigature: + next_signature: if (cert) hx509_cert_free(cert); cert = NULL; } /** * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty - * SignerInfo (no signatures). If SignedData have no signatures, + * SignerInfo (no signatures). If SignedData has no signatures, * the function will return 0 with signer_certs set to NULL. Zero - * signers is allowed by the standard, but since its only useful - * in corner cases, it make into a flag that the caller have to + * signers is allowed by the standard, but since it's only useful + * in corner cases, it's made into a flag that the caller has to * turn on. */ if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) { @@ -1130,7 +1130,7 @@ hx509_cms_verify_signed_ext(hx509_context context, if (ret == 0) { ret = HX509_CMS_SIGNER_NOT_FOUND; hx509_set_error_string(context, 0, ret, - "No signers where found"); + "No signers were found"); } goto out; } @@ -1196,10 +1196,10 @@ add_one_attribute(Attribute **attr, * @param flags * @param eContentType the type of the data. * @param data data to sign - * @param length length of the data that data point to. + * @param length length of the data that data points to. * @param digest_alg digest algorithm to use, use NULL to get the * default or the peer determined algorithm. - * @param cert certificate to use for sign the data. + * @param cert certificate to use for signing the data. * @param peer info about the peer the message to send the message to, * like what digest algorithm to use. * @param anchors trust anchors that the client will use, used to diff --git a/third_party/heimdal/lib/hx509/crypto-ec.c b/third_party/heimdal/lib/hx509/crypto-ec.c index bd5d01a609a..b7435c907b6 100644 --- a/third_party/heimdal/lib/hx509/crypto-ec.c +++ b/third_party/heimdal/lib/hx509/crypto-ec.c @@ -462,7 +462,7 @@ ecdsa_create_signature(hx509_context context, goto error; } if (siglen > sig->length) - _hx509_abort("ECDSA signature prelen longer the output len"); + _hx509_abort("ECDSA signature prelen longer than output len"); sig->length = siglen; diff --git a/third_party/heimdal/lib/hx509/crypto.c b/third_party/heimdal/lib/hx509/crypto.c index 05f694b41c5..ba9db64660d 100644 --- a/third_party/heimdal/lib/hx509/crypto.c +++ b/third_party/heimdal/lib/hx509/crypto.c @@ -391,7 +391,7 @@ rsa_create_signature(hx509_context context, memmove((uint8_t *)sig->data + size, sig->data, ret); memset(sig->data, 0, size); } else if (sig->length < (size_t)ret) - _hx509_abort("RSA signature prelen longer the output len"); + _hx509_abort("RSA signature prelen longer than output len"); return 0; } @@ -738,7 +738,7 @@ evp_md_verify_signature(hx509_context context, if (sig->length != sigsize || sigsize > sizeof(digest)) { hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, - "SHA256 sigature have wrong length"); + "SHA256 sigature has wrong length"); return HX509_CRYPTO_SIG_INVALID_FORMAT; } diff --git a/third_party/heimdal/lib/hx509/hx509_err.et b/third_party/heimdal/lib/hx509/hx509_err.et index db81f5d294b..9b816754022 100644 --- a/third_party/heimdal/lib/hx509/hx509_err.et +++ b/third_party/heimdal/lib/hx509/hx509_err.et @@ -74,7 +74,7 @@ index 96 prefix HX509 error_code CRL_USED_BEFORE_TIME, "CRL used before it became valid" error_code CRL_USED_AFTER_TIME, "CRL used after it became invalid" -error_code CRL_INVALID_FORMAT, "CRL have invalid format" +error_code CRL_INVALID_FORMAT, "CRL has invalid format" error_code CERT_REVOKED, "Certificate is revoked" error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates" error_code CRL_UNKNOWN_EXTENSION, "Unknown extension" diff --git a/third_party/heimdal/lib/hx509/req.c b/third_party/heimdal/lib/hx509/req.c index 3cbe4a39da4..c8be1d452bc 100644 --- a/third_party/heimdal/lib/hx509/req.c +++ b/third_party/heimdal/lib/hx509/req.c @@ -193,7 +193,7 @@ hx509_request_get_name(hx509_context context, hx509_name *name) { if (req->name == NULL) { - hx509_set_error_string(context, 0, EINVAL, "Request have no name"); + hx509_set_error_string(context, 0, EINVAL, "Request has no name"); return EINVAL; } return hx509_name_copy(context, req->name, name); diff --git a/third_party/heimdal/lib/hx509/revoke.c b/third_party/heimdal/lib/hx509/revoke.c index 4cfdaaee48c..ade0bd34256 100644 --- a/third_party/heimdal/lib/hx509/revoke.c +++ b/third_party/heimdal/lib/hx509/revoke.c @@ -81,10 +81,10 @@ struct hx509_revoke_ctx_data { }; /** - * Allocate a revokation context. Free with hx509_revoke_free(). + * Allocate a revocation context. Free with hx509_revoke_free(). * * @param context A hx509 context. - * @param ctx returns a newly allocated revokation context. + * @param ctx returns a newly allocated revocation context. * * @return An hx509 error code, see hx509_get_error_string(). * @@ -130,7 +130,7 @@ free_ocsp(struct revoke_ocsp *ocsp) } /** - * Free a hx509 revokation context. + * Free a hx509 revocation context. * * @param ctx context to be freed * @@ -208,8 +208,8 @@ verify_ocsp(hx509_context context, goto out; /* - * If signer certificate isn't the CA certificate, lets check the - * it is the CA that signed the signer certificate and the OCSP EKU + * If signer certificate isn't the CA certificate, let's check that + * it is the CA that signed the signer certificate and that the OCSP EKU * is set. */ if (hx509_cert_cmp(signer, parent) != 0) { @@ -390,10 +390,10 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) } /** - * Add a OCSP file to the revokation context. + * Add a OCSP file to the revocation context. * * @param context hx509 context - * @param ctx hx509 revokation context + * @param ctx hx509 revocation context * @param path path to file that is going to be added to the context. * * @return An hx509 error code, see hx509_get_error_string(). @@ -412,7 +412,7 @@ hx509_revoke_add_ocsp(hx509_context context, if (strncmp(path, "FILE:", 5) != 0) { hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, - "unsupport type in %s", path); + "unsupported type in %s", path); return HX509_UNSUPPORTED_OPERATION; } @@ -525,7 +525,7 @@ verify_crl(hx509_context context, /* * If signer is not CA cert, need to check revoke status of this * CRL signing cert too, this include all parent CRL signer cert - * up to the root *sigh*, assume root at least hve CERTSIGN flag + * up to the root *sigh*, assume root at least has CERTSIGN flag * set. */ while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) { @@ -626,10 +626,10 @@ load_crl(hx509_context context, const char *path, time_t *t, CRLCertificateList } /** - * Add a CRL file to the revokation context. + * Add a CRL file to the revocation context. * * @param context hx509 context - * @param ctx hx509 revokation context + * @param ctx hx509 revocation context * @param path path to file that is going to be added to the context. * * @return An hx509 error code, see hx509_get_error_string(). @@ -691,12 +691,12 @@ hx509_revoke_add_crl(hx509_context context, } /** - * Check that a certificate is not expired according to a revokation - * context. Also need the parent certificte to the check OCSP + * Check that a certificate is not expired according to a revocation + * context. Also need the parent certificate to check the OCSP * parent identifier. * * @param context hx509 context - * @param ctx hx509 revokation context + * @param ctx hx509 revocation context * @param certs * @param now * @param cert @@ -726,7 +726,7 @@ hx509_revoke_verify(hx509_context context, struct revoke_ocsp *ocsp = &ctx->ocsps.val[i]; struct stat sb; - /* check this ocsp apply to this cert */ + /* check if this ocsp applies to this cert */ /* check if there is a newer version of the file */ ret = stat(ocsp->path, &sb); @@ -926,7 +926,7 @@ add_to_req(hx509_context context, void *ptr, hx509_cert cert) if (hx509_cert_cmp(ctx->parent, parent) != 0) { ret = HX509_REVOKE_NOT_SAME_PARENT; hx509_set_error_string(context, 0, ret, - "Not same parent certifate as " + "Not same parent certificate as " "last certificate in request"); goto out; } diff --git a/third_party/heimdal/lib/hx509/test_cms.in b/third_party/heimdal/lib/hx509/test_cms.in index 8b3de76efd6..8edb62a0e4c 100644 --- a/third_party/heimdal/lib/hx509/test_cms.in +++ b/third_party/heimdal/lib/hx509/test_cms.in @@ -99,7 +99,7 @@ ${hxtool} cms-verify-sd \ --missing-revoke \ --anchors=FILE:$srcdir/data/ca.crt \ sd.data sd.data.out 2> signer.tmp && exit 1 -grep "No signers where found" signer.tmp > /dev/null || exit 1 +grep "No signers were found" signer.tmp > /dev/null || exit 1 echo "create signed data (id-by-name)" ${hxtool} cms-create-sd \ diff --git a/third_party/heimdal/lib/kadm5/bump_pw_expire.c b/third_party/heimdal/lib/kadm5/bump_pw_expire.c index 5d72360df91..1938c754a6d 100644 --- a/third_party/heimdal/lib/kadm5/bump_pw_expire.c +++ b/third_party/heimdal/lib/kadm5/bump_pw_expire.c @@ -53,7 +53,12 @@ _kadm5_bump_pw_expire(kadm5_server_context *context, "password_lifetime", NULL); - *(ent->pw_end) = time(NULL) + life; + if (life != 0) + *(ent->pw_end) = time(NULL) + life; + else { + free(ent->pw_end); + ent->pw_end = NULL; + } } return 0; } diff --git a/third_party/heimdal/lib/krb5/cache.c b/third_party/heimdal/lib/krb5/cache.c index 4afb0ca5c80..3f16d6996e8 100644 --- a/third_party/heimdal/lib/krb5/cache.c +++ b/third_party/heimdal/lib/krb5/cache.c @@ -558,14 +558,14 @@ krb5_cc_get_full_name(krb5_context context, type = krb5_cc_get_type(context, id); if (type == NULL) { krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, - "cache have no name of type"); + "cache has no name of type"); return KRB5_CC_UNKNOWN_TYPE; } name = krb5_cc_get_name(context, id); if (name == NULL) { krb5_set_error_message(context, KRB5_CC_BADNAME, - "cache of type %s have no name", type); + "cache of type %s has no name", type); return KRB5_CC_BADNAME; } diff --git a/third_party/heimdal/lib/krb5/crypto.c b/third_party/heimdal/lib/krb5/crypto.c index ba7e132254a..b52f084669a 100644 --- a/third_party/heimdal/lib/krb5/crypto.c +++ b/third_party/heimdal/lib/krb5/crypto.c @@ -3120,8 +3120,8 @@ krb5_crypto_prfplus(krb5_context context, * @param context Kerberos 5 context * @param crypto1 first key to combine * @param crypto2 second key to combine - * @param pepper1 factor to combine with first key to garante uniqueness - * @param pepper2 factor to combine with second key to garante uniqueness + * @param pepper1 factor to combine with first key to guarantee uniqueness + * @param pepper2 factor to combine with second key to guarantee uniqueness * @param enctype the encryption type of the resulting key * @param res allocated key, free with krb5_free_keyblock_contents() * @@ -3184,7 +3184,7 @@ _krb5_crypto_set_flags(krb5_context context, #ifndef HEIMDAL_SMALLER /** - * Deprecated: keytypes doesn't exists, they are really enctypes. + * Deprecated: keytypes don't exist, they are really enctypes. * * @ingroup krb5_deprecated */ @@ -3208,7 +3208,7 @@ krb5_keytype_to_enctypes (krb5_context context, } if (n == 0) { krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "Keytype have no mapping"); + "Keytype has no mapping"); return KRB5_PROG_KEYTYPE_NOSUPP; } @@ -3228,7 +3228,7 @@ krb5_keytype_to_enctypes (krb5_context context, } /** - * Deprecated: keytypes doesn't exists, they are really enctypes. + * Deprecated: keytypes don't exist, they are really enctypes. * * @ingroup krb5_deprecated */ diff --git a/third_party/heimdal/lib/krb5/digest.c b/third_party/heimdal/lib/krb5/digest.c index 7be249253bd..cc37c6d8e3b 100644 --- a/third_party/heimdal/lib/krb5/digest.c +++ b/third_party/heimdal/lib/krb5/digest.c @@ -347,7 +347,7 @@ digest_request(krb5_context context, if (key == NULL) { ret = EINVAL; krb5_set_error_message(context, ret, - N_("Digest reply have no remote subkey", "")); + N_("Digest reply has no remote subkey", "")); goto out; } diff --git a/third_party/heimdal/lib/krb5/init_creds_pw.c b/third_party/heimdal/lib/krb5/init_creds_pw.c index 79057d7eeda..4790c7e6339 100644 --- a/third_party/heimdal/lib/krb5/init_creds_pw.c +++ b/third_party/heimdal/lib/krb5/init_creds_pw.c @@ -1623,9 +1623,9 @@ enc_chal_step(krb5_context context, krb5_init_creds_context ctx, void *pa_ctx, P ppaid = process_pa_info(context, ctx->cred.client, a, &paid, in_md); /* - * If we don't have ppaid, ts because the KDC have not sent any - * salt info, lets to the first roundtrip so the KDC have a chance - * to send any. + * If we don't have ppaid, it's because the KDC has not sent any + * salt info. Let's do the first roundtrip so the KDC has a chance + * to send some. */ if (ppaid == NULL) { _krb5_debug(context, 5, "no ppaid found"); @@ -1781,7 +1781,7 @@ enc_ts_step(krb5_context context, krb5_init_creds_context ctx, void *pa_ctx, PA_ if (rep) { /* * Some KDC's don't send salt info in the reply when there is - * success pre-auth happned before, so use cached copy (or + * success pre-auth happened before, so use cached copy (or * even better, if there is just one pre-auth, save reply-key). */ if (ppaid == NULL && ctx->paid.etype != KRB5_ENCTYPE_NULL) { @@ -1800,15 +1800,15 @@ enc_ts_step(krb5_context context, krb5_init_creds_context ctx, void *pa_ctx, PA_ } /* - * If we don't have ppaid, ts because the KDC have not sent any - * salt info, lets to the first roundtrip so the KDC have a chance - * to send any. + * If we don't have ppaid, it's because the KDC has not sent any + * salt info. Let's do the first roundtrip so the KDC has a chance + * to send some. * * Don't bother guessing, it sounds like a good idea until you run * into KDCs that are doing failed auth counting based on the * ENC_TS tries. * - * Stashing the salt for the next run is a diffrent issue and + * Stashing the salt for the next run is a different issue and * could be considered in the future. */ @@ -1826,10 +1826,10 @@ enc_ts_step(krb5_context context, krb5_init_creds_context ctx, void *pa_ctx, PA_ /* * We have to allow the KDC to re-negotiate the PA-TS data - * once, this is since the in the case of a windows read only + * once, this is since a windows read only * KDC that doesn't have the keys simply guesses what the - * master is supposed to support. In the case where this - * breaks in when the RO-KDC is a newer version the the RW-KDC + * master is supposed to support. The case where this + * breaks is when the RO-KDC is a newer version than the RW-KDC * and the RO-KDC announced a enctype that the older doesn't * support. */ @@ -1979,7 +1979,7 @@ static const struct patype { */ pa_restart_f restart; /** - * Return 0 if the when complete, HEIM_ERR_PA_CONTINUE_NEEDED if more steps are require + * Return 0 when complete, HEIM_ERR_PA_CONTINUE_NEEDED if more steps are required */ pa_step_f step; pa_release_f release; @@ -2543,7 +2543,7 @@ krb5_init_creds_init(krb5_context context, /* FIXME should generate a new nonce for each AS-REQ */ krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce)); ctx->nonce &= 0x7fffffff; - /* XXX these just needs to be the same when using Windows PK-INIT */ + /* XXX these just need to be the same when using Windows PK-INIT */ ctx->pk_nonce = ctx->nonce; ctx->prompter = prompter; @@ -2769,8 +2769,8 @@ krb5_init_creds_set_keytab(krb5_context context, ctx->keyproc = keytab_key_proc; /* - * We need to the KDC what enctypes we support for this keytab, - * esp if the keytab is really a password based entry, then the + * We need to tell the KDC what enctypes we support for this keytab, + * especially if the keytab is really a password based entry, then the * KDC might have more enctypes in the database then what we have * in the keytab. */ @@ -2787,7 +2787,7 @@ krb5_init_creds_set_keytab(krb5_context context, found = 1; - /* check if we ahve this kvno already */ + /* check if we have this kvno already */ if (entry.vno > kvno) { /* remove old list of etype */ if (etypes) @@ -3277,7 +3277,7 @@ init_creds_step(krb5_context context, ref_realm); /* - * If its a krbtgt, lets updat the requested krbtgt too + * If its a krbtgt, lets update the requested krbtgt too */ if (krb5_principal_is_krbtgt(context, ctx->cred.server)) { diff --git a/third_party/heimdal/lib/krb5/krb5.conf.5 b/third_party/heimdal/lib/krb5/krb5.conf.5 index fda55e3ed17..a10b572142e 100644 --- a/third_party/heimdal/lib/krb5/krb5.conf.5 +++ b/third_party/heimdal/lib/krb5/krb5.conf.5 @@ -1310,7 +1310,8 @@ Certification authority related parameters are as for .Bl -tag -width "xxx" -offset indent .It Li password_lifetime = Va time If a principal already have its password set for expiration, this is -the time it will be valid for after a change. +the time it will be valid for after a change. A value of 0 will clear +the password expiration after a successful password change. .It Li default_keys = Va keytypes... For each entry in .Va default_keys diff --git a/third_party/heimdal/lib/krb5/krb5_err.et b/third_party/heimdal/lib/krb5/krb5_err.et index 704f509006a..2b4062e6abd 100644 --- a/third_party/heimdal/lib/krb5/krb5_err.et +++ b/third_party/heimdal/lib/krb5/krb5_err.et @@ -106,7 +106,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo #index 85 #prefix KRB5_IAKERB #error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" -#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" +#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never received a response from a KDC" index 90 error_code PREAUTH_EXPIRED, "Pre-authentication data expired" diff --git a/third_party/heimdal/lib/krb5/pac.c b/third_party/heimdal/lib/krb5/pac.c index dd774950eed..0437a8965ee 100644 --- a/third_party/heimdal/lib/krb5/pac.c +++ b/third_party/heimdal/lib/krb5/pac.c @@ -155,7 +155,7 @@ static const struct heim_type_data pac_object = { /* * Returns the size of the PACTYPE header + the PAC_INFO_BUFFER array. This is * also the end of the whole thing, and any offsets to buffers from - * thePAC_INFO_BUFFER[] entries have to be beyond it. + * the PAC_INFO_BUFFER[] entries have to be beyond it. */ static krb5_error_code pac_header_size(krb5_context context, uint32_t num_buffers, uint32_t *result) @@ -760,7 +760,7 @@ verify_checksum(krb5_context context, * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 * for the same issue in MIT, and * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx - * for Microsoft's explaination */ + * for Microsoft's explanation */ if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5 && !strict_cksumtype_match) { Checksum local_checksum; diff --git a/third_party/heimdal/lib/krb5/pkinit.c b/third_party/heimdal/lib/krb5/pkinit.c index 0fcaf640955..6dcdcfa7329 100644 --- a/third_party/heimdal/lib/krb5/pkinit.c +++ b/third_party/heimdal/lib/krb5/pkinit.c @@ -886,7 +886,7 @@ pk_verify_sign(krb5_context context, ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert); if (ret) { pk_copy_error(context, context->hx509ctx, ret, - "Failed to get on of the signer certs"); + "Failed to get one of the signer certs"); goto out; } @@ -1086,7 +1086,7 @@ pk_verify_host(krb5_context context, ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX: Lost in translation... */ krb5_set_error_message(context, ret, - N_("KDC have wrong realm name in " + N_("KDC has wrong realm name in " "the certificate", "")); } } @@ -1930,7 +1930,7 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_revoke_init(context->hx509ctx, &id->revokectx); if (ret) { pk_copy_error(context, context->hx509ctx, ret, - "Failed init revoke list"); + "Failed to init revoke list"); goto out; } @@ -1940,7 +1940,7 @@ _krb5_pk_load_id(krb5_context context, *revoke_list); if (ret) { pk_copy_error(context, context->hx509ctx, ret, - "Failed load revoke list"); + "Failed to load revoke list"); goto out; } revoke_list++; @@ -1951,7 +1951,7 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx); if (ret) { pk_copy_error(context, context->hx509ctx, ret, - "Failed init verify context"); + "Failed to init verify context"); goto out; } @@ -2080,7 +2080,7 @@ _krb5_parse_moduli_line(krb5_context context, m1->bits = atoi(p1); if (m1->bits == 0) { krb5_set_error_message(context, ret, - N_("moduli file %s have un-parsable " + N_("moduli file %s has un-parsable " "bits on line %d", ""), file, lineno); goto out; } @@ -2294,7 +2294,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, krb5_set_error_message(context, KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, N_("PKINIT: DH group parameter %s " - "no accepted, not enough bits " + "not accepted, not enough bits " "generated", ""), moduli[i]->name); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; @@ -2306,7 +2306,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, } krb5_set_error_message(context, KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, - N_("PKINIT: DH group parameter no ok", "")); + N_("PKINIT: DH group parameter not ok", "")); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } #endif /* PKINIT */ diff --git a/third_party/heimdal/lib/krb5/store.c b/third_party/heimdal/lib/krb5/store.c index e98dd4b9674..01961f0e61d 100644 --- a/third_party/heimdal/lib/krb5/store.c +++ b/third_party/heimdal/lib/krb5/store.c @@ -178,7 +178,7 @@ krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) * Truncate the storage buffer in sp to offset. * * @param sp the storage buffer to truncate. - * @param offset the offset to truncate too. + * @param offset the offset to truncate to. * * @return An Kerberos 5 error code. * @@ -440,7 +440,7 @@ krb5_store_int(krb5_storage *sp, * Store a int32 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -463,7 +463,7 @@ krb5_store_int32(krb5_storage *sp, * Store a int64 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -490,7 +490,7 @@ krb5_store_int64(krb5_storage *sp, * Store a uint32 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -509,7 +509,7 @@ krb5_store_uint32(krb5_storage *sp, * Store a uint64 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -570,7 +570,7 @@ krb5_ret_int(krb5_storage *sp, * Read a int64 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -600,7 +600,7 @@ krb5_ret_int64(krb5_storage *sp, * Read a uint64 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -626,7 +626,7 @@ krb5_ret_uint64(krb5_storage *sp, * Read a int32 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -655,7 +655,7 @@ krb5_ret_int32(krb5_storage *sp, * Read a uint32 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -680,7 +680,7 @@ krb5_ret_uint32(krb5_storage *sp, uint32_t *value) * Store a int16 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -703,7 +703,7 @@ krb5_store_int16(krb5_storage *sp, * Store a uint16 to storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -722,7 +722,7 @@ krb5_store_uint16(krb5_storage *sp, * Read a int16 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -751,7 +751,7 @@ krb5_ret_int16(krb5_storage *sp, * Read a int16 from storage, byte order is controlled by the settings * on the storage, see krb5_storage_set_byteorder(). * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -776,7 +776,7 @@ krb5_ret_uint16(krb5_storage *sp, /** * Store a int8 to storage. * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -799,7 +799,7 @@ krb5_store_int8(krb5_storage *sp, /** * Store a uint8 to storage. * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value to store * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -817,7 +817,7 @@ krb5_store_uint8(krb5_storage *sp, /** * Read a int8 from storage * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. @@ -840,7 +840,7 @@ krb5_ret_int8(krb5_storage *sp, /** * Read a uint8 from storage * - * @param sp the storage to write too + * @param sp the storage to write to * @param value the value read from the buffer * * @return 0 for success, or a Kerberos 5 error code on failure. diff --git a/third_party/heimdal/lib/roken/parse_time-test.c b/third_party/heimdal/lib/roken/parse_time-test.c index a2dfb22f980..95b45135fc8 100644 --- a/third_party/heimdal/lib/roken/parse_time-test.c +++ b/third_party/heimdal/lib/roken/parse_time-test.c @@ -51,6 +51,7 @@ static struct testcase { { 15, 3601, "1 hour 1 second" }, { 16, 3602, "1 hour 2 seconds" }, { 9, 300, "5 minutes" }, + { 1, 0, "0" }, }; int diff --git a/third_party/heimdal/lib/wind/utf8.c b/third_party/heimdal/lib/wind/utf8.c index 7e71448285d..574405da1bf 100644 --- a/third_party/heimdal/lib/wind/utf8.c +++ b/third_party/heimdal/lib/wind/utf8.c @@ -116,7 +116,7 @@ utf8toutf32(const unsigned char **pp, uint32_t *out) * Convert an UTF-8 string to an UCS4 string. * * @param in an UTF-8 string to convert. - * @param out the resulting UCS4 strint, must be at least + * @param out the resulting UCS4 string, must be at least * wind_utf8ucs4_length() long. If out is NULL, the function will * calculate the needed space for the out variable (just like * wind_utf8ucs4_length()). @@ -179,7 +179,7 @@ static const char first_char[4] = * @param in an UCS4 string to convert. * @param in_len the length input array. - * @param out the resulting UTF-8 strint, must be at least + * @param out the resulting UTF-8 string, must be at least * wind_ucs4utf8_length() + 1 long (the extra char for the NUL). If * out is NULL, the function will calculate the needed space for the * out variable (just like wind_ucs4utf8_length()). @@ -403,7 +403,7 @@ wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags, * Convert an UTF-8 string to an UCS2 string. * * @param in an UTF-8 string to convert. - * @param out the resulting UCS2 strint, must be at least + * @param out the resulting UCS2 string, must be at least * wind_utf8ucs2_length() long. If out is NULL, the function will * calculate the needed space for the out variable (just like * wind_utf8ucs2_length()). @@ -480,7 +480,7 @@ wind_utf8ucs2_length(const char *in, size_t *out_len) * * @param in an UCS2 string to convert. * @param in_len the length of the in UCS2 string. - * @param out the resulting UTF-8 strint, must be at least + * @param out the resulting UTF-8 string, must be at least * wind_ucs2utf8_length() long. If out is NULL, the function will * calculate the needed space for the out variable (just like * wind_ucs2utf8_length()). diff --git a/third_party/heimdal/po/heimdal_krb5/de.po b/third_party/heimdal/po/heimdal_krb5/de.po index e7e8a1deaed..037cc46c1e5 100644 --- a/third_party/heimdal/po/heimdal_krb5/de.po +++ b/third_party/heimdal/po/heimdal_krb5/de.po @@ -391,7 +391,7 @@ msgstr "Auswerten der Digest-Antwort fehlgeschlagen" # FIXME s/have/has/ or s/reply/replys/ #: lib/krb5/digest.c:365 -msgid "Digest reply have no remote subkey" +msgid "Digest reply has no remote subkey" msgstr "Digest-Antwort hat keinen fernen Unterschlüssel." #: lib/krb5/digest.c:385 diff --git a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot index 3edacd2c246..9dbaaaf7282 100644 --- a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot +++ b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot @@ -609,7 +609,7 @@ msgid "Failed to parse digest response" msgstr "" #: lib/krb5/digest.c:365 -msgid "Digest reply have no remote subkey" +msgid "Digest reply has no remote subkey" msgstr "" #: lib/krb5/digest.c:385 diff --git a/third_party/heimdal/po/heimdal_krb5/sv_SE.po b/third_party/heimdal/po/heimdal_krb5/sv_SE.po index f9721845a0b..ffd1ca7c8d6 100644 --- a/third_party/heimdal/po/heimdal_krb5/sv_SE.po +++ b/third_party/heimdal/po/heimdal_krb5/sv_SE.po @@ -600,7 +600,7 @@ msgid "Failed to parse digest response" msgstr "" #: lib/krb5/digest.c:363 -msgid "Digest reply have no remote subkey" +msgid "Digest reply has no remote subkey" msgstr "" #: lib/krb5/digest.c:383