[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

zxid-0.79 fixes leap calc (Was: Ahh! Leap year (February) miscalculation?)



Please find release 0.79 at

http://zxid.org/zxid-0.79.tgz

This fixes the leap year calculation bug (independently found by many people on 1.3.2011).

Sorry about this. The test suite has been enhanced so this should not happen again, at
least not before 2038.

If you can't upgrade, use the BEFORE_SLOP fix Cal uses, i.e. put in /var/zxid/zxid.conf

BEFORE_SLOP=170000

Recent releases and changes:

zxid-0.79:: 1.3.2011
    - Enhanced zxidhlo to show attributes
    - Added ability comment out AAMAP directives
    - Fixed timegm bug

zxid-0.78:: 23.2.2011
    - Fixed processing (by ignoring it) of whitespace in metadata (and elsewhere)
    - Improved fault handing in zxid_call()
    - Fixed segv caused by other side returning illegal XML in zxid_call()

zxid-0.77:: 16.2.2011
    - upgraded for php-5.3 support (patch from Jeroen Asselman)
    - Improved -at handling in zxpasswd
    - curl_easy_reset() patch from Jeroen Asselman (fixes crash on Win32)
    - Applied zxid_saml2_map_nid_fmt() patch by Cal Heldenbrand
    - Robustified error processing in cases where encryption certificate is missing
    - Fixed NAMEID_ENC=0 missing a NameID element (TAS3 bug #493, found by Stijn)
    - Fixed IdP crash due to null pointer in zx_alloc() (TAS3 bug #494, found by Stijn)

zxid-0.76:: 26.1.2011
    - Added error checks
    - Fixed ordering of RelatesTo header
    - Fixed leakage of unknown namespaces to decoder
    - Made memory allocators really use function pointers

zxid-0.75:: 24.1.2011
    - MINGW fixes
    - User supplied MessageID duplicate fix
    - Fixed XML encoding of empty namespace prefixes
    - Fixed Brian's ordering problem (risaris-bad.xml)

zxid-0.74:: 22.1.2011
    - Changed 0 to fileno(stdin) in calls to read_all_fd() for better Windows portability
    - Included Axis2ZXIDModule.zip
    - Added Trust PDP call to discovery
    - Added Credentials and Privacy Negotiation capability to discovery

Cheers,
--Sampo

Cal Heldenbrand <cal@xxxxxxxxxxx> said:
> Hi everyone,
> 
> Right at 6:00pm Central (midnight GMT) all of my web servers started
> throwing login errors, showing a clock skew of 86400 seconds:
> 
> t  zxidsso.c:476 zxid_validate_cond     zx E ssof: NotBefore rejected with
> slop of 39600. Time to validity 86400 secs. Our gettimeofday: 1298938582
> secs, remote: 1299024982 secs
> 
> The remote epoch calculation there is incorrect, it should be the same as
> "Our gettimeofday"   (The web servers and IdPs are in sync, within a
> second)  Is this a leap year problem?
> 
> I managed to bandaid this for now by adding a BEFORE_SLOP of 2 days.  Also,
> my zxid version is a little dated, at 0.69.  Apologies if this has already
> been fixed!
> 
> Thank you,
> 
> --Cal