[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ZXID-0.79 fixes leap calc (failure due to NotBefore)

It seems the previous announcement mail has not come through the
list so here comes again.

Unfortunate leap year calculation bug has been found and fixed.

You should upgrade to 0.79 as soon as possible. If you can not
upgrade, consider using following work around:

A leap year calculation error is causing SSO assertions to be rejected starting March 1, 2011. The telltale error message in log is

    t zxidsso.c:476 zxid_validate_cond zx E ssof: NotBefore rejected with slop of 39600. Time to validity 86400 secs. Our gettimeofday: 1298938582 secs, remote: 1299024982 secs 

Best fix is to upgrade to 0.79 release or latest from anon git. If you can't upgrade, use the BEFORE_SLOP to ignore the problem, i.e. put in /var/zxid/zxid.conf


Release notes:

zxid-0.79:: 1.3.2011
    - Enhanced zxidhlo to show attributes
    - Added ability comment out AAMAP directives
    - Fixed timegm bug

zxid-0.78:: 23.2.2011
    - Fixed processing (by ignoring it) of whitespace in metadata (and elsewhere)
    - Improved fault handing in zxid_call()
    - Fixed segv caused by other side returning illegal XML in zxid_call()

zxid-0.77:: 16.2.2011
    - upgraded for php-5.3 support (patch from Jeroen Asselman)
    - Improved -at handling in zxpasswd
    - curl_easy_reset() patch from Jeroen Asselman (fixes crash on Win32)
    - Applied zxid_saml2_map_nid_fmt() patch by Cal Heldenbrand
    - Robustified error processing in cases where encryption certificate is missing
    - Fixed NAMEID_ENC=0 missing a NameID element (TAS3 bug #493, found by Stijn)
    - Fixed IdP crash due to null pointer in zx_alloc() (TAS3 bug #494, found by Stijn)

zxid-0.76:: 26.1.2011
    - Added error checks
    - Fixed ordering of RelatesTo header
    - Fixed leakage of unknown namespaces to decoder
    - Made memory allocators really use function pointers

zxid-0.75:: 24.1.2011
    - MINGW fixes
    - User supplied MessageID duplicate fix
    - Fixed XML encoding of empty namespace prefixes
    - Fixed Brian's ordering problem (risaris-bad.xml)

zxid-0.74:: 22.1.2011
    - Changed 0 to fileno(stdin) in calls to read_all_fd() for better Windows portability
    - Included Axis2ZXIDModule.zip
    - Added Trust PDP call to discovery
    - Added Credentials and Privacy Negotiation capability to discovery