- Update vendor tree of heimdal to 1.5.2. - src

diff options


context:
space:
mode:

author	Stanislav Sedov <stas@FreeBSD.org>	2012-04-08 04:47:53 +0000
committer	Stanislav Sedov <stas@FreeBSD.org>	2012-04-08 04:47:53 +0000
commit	feec3621854ef6b1ccd3598df2202c0622929444 (patch)
tree	ba2f151899a171234df9949cf23e5f8a9bd43bb7 /lib
parent	813b7899c1cf9c5cd1b72c0fb7c6c740aab26929 (diff)

vendor/heimdal/1.5.2

Diffstat (limited to 'lib')

-rw-r--r--

lib/gssapi/krb5/verify_mic.c

-rw-r--r--

lib/hcrypto/libtommath/bn_mp_prime_next_prime.c

-rw-r--r--

lib/hx509/sel-lex.c

-rw-r--r--

lib/hx509/sel-lex.l

-rw-r--r--

lib/kadm5/password_quality.c

-rw-r--r--

lib/krb5/crypto-arcfour.c

-rw-r--r--

lib/krb5/crypto.c

-rw-r--r--

lib/krb5/eai_to_heim_errno.c

-rw-r--r--

lib/krb5/krb5.conf.5

-rw-r--r--

lib/krb5/krb5.conf.cat5

-rw-r--r--

lib/krb5/pac.c

-rw-r--r--

lib/krb5/verify_krb5_conf.c

-rwxr-xr-x

lib/libedit/configure

-rw-r--r--

lib/wind/bidi_table.c

-rw-r--r--

lib/wind/bidi_table.h

-rw-r--r--

lib/wind/combining_table.c

-rw-r--r--

lib/wind/combining_table.h

-rw-r--r--

lib/wind/errorlist_table.c

-rw-r--r--

lib/wind/errorlist_table.h

-rw-r--r--

lib/wind/map_table.c

-rw-r--r--

lib/wind/map_table.h

-rw-r--r--

lib/wind/normalize_table.c

-rw-r--r--

lib/wind/normalize_table.h

-rw-r--r--

lib/wind/punycode_examples.c

-rw-r--r--

lib/wind/punycode_examples.h

-rw-r--r--

lib/wind/utf8.c

-rw-r--r--

lib/wind/version-script.map

27 files changed, 141 insertions, 91 deletions

diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c
index 3123787ff474..3814ef7062c1 100644
--- a/lib/gssapi/krb5/verify_mic.c
+++ b/lib/gssapi/krb5/verify_mic.c

@@ -251,6 +251,14 @@ retry:

csum.checksum.length = 20;

csum.checksum.data = p + 8;

+ krb5_crypto_destroy (context, crypto);

+ ret = krb5_crypto_init(context, key,

+ ETYPE_DES3_CBC_SHA1, &crypto);

+ if (ret){

+ *minor_status = ret;

+ return GSS_S_FAILURE;

+ }

ret = krb5_verify_checksum (context, crypto,

KRB5_KU_USAGE_SIGN,

tmp, message_buffer->length + 8,

diff --git a/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c b/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
index a2897f087846..db2f46ddbf9b 100644
--- a/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c
+++ b/lib/hcrypto/libtommath/bn_mp_prime_next_prime.c

@@ -142,8 +142,8 @@ int mp_prime_next_prime(mp_int *a, int t, int bbs_style)

}

/* is this prime? */

- for (x = 0; x < t; x++) {

- mp_set(&b, ltm_prime_tab[t]);

+ for (x = 0; x < t && x < PRIME_SIZE; x++) {

+ mp_set(&b, ltm_prime_tab[x]);

if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) {

goto LBL_ERR;

}

diff --git a/lib/hx509/sel-lex.c b/lib/hx509/sel-lex.c
index 51a5feaea2ba..51f1e8407807 100644
--- a/lib/hx509/sel-lex.c
+++ b/lib/hx509/sel-lex.c

@@ -520,6 +520,7 @@ unsigned lineno = 1;

static char * handle_string(void);

static int lex_input(char *, int);

+static int lex_classic_input(void);

struct hx_expr_input _hx509_expr_input;

@@ -534,7 +535,7 @@ struct hx_expr_input _hx509_expr_input;

#undef ECHO

-#line 538 "sel-lex.c"

+#line 539 "sel-lex.c"

#define INITIAL 0

@@ -716,10 +717,10 @@ YY_DECL

-#line 68 "sel-lex.l"

+#line 69 "sel-lex.l"

-#line 723 "sel-lex.c"

+#line 724 "sel-lex.c"

if ( !(yy_init) )

{

@@ -804,37 +805,37 @@ do_action: /* This label is used only to access EOF actions. */

case 1:

YY_RULE_SETUP

-#line 70 "sel-lex.l"

+#line 71 "sel-lex.l"

{ return kw_TRUE; }

YY_BREAK

case 2:

YY_RULE_SETUP

-#line 71 "sel-lex.l"

+#line 72 "sel-lex.l"

{ return kw_FALSE; }

YY_BREAK

case 3:

YY_RULE_SETUP

-#line 72 "sel-lex.l"

+#line 73 "sel-lex.l"

{ return kw_AND; }

YY_BREAK

case 4:

YY_RULE_SETUP

-#line 73 "sel-lex.l"

+#line 74 "sel-lex.l"

{ return kw_OR; }

YY_BREAK

case 5:

YY_RULE_SETUP

-#line 74 "sel-lex.l"

+#line 75 "sel-lex.l"

{ return kw_IN; }

YY_BREAK

case 6:

YY_RULE_SETUP

-#line 75 "sel-lex.l"

+#line 76 "sel-lex.l"

{ return kw_TAILMATCH; }

YY_BREAK

case 7:

YY_RULE_SETUP

-#line 77 "sel-lex.l"

+#line 78 "sel-lex.l"

{

yylval.string = strdup ((const char *)yytext);

return IDENTIFIER;

@@ -842,31 +843,31 @@ YY_RULE_SETUP

YY_BREAK

case 8:

YY_RULE_SETUP

-#line 81 "sel-lex.l"

+#line 82 "sel-lex.l"

{ yylval.string = handle_string(); return STRING; }

YY_BREAK

case 9:

/* rule 9 can match eol */

YY_RULE_SETUP

-#line 82 "sel-lex.l"

+#line 83 "sel-lex.l"

{ ++lineno; }

YY_BREAK

case 10:

YY_RULE_SETUP

-#line 83 "sel-lex.l"

+#line 84 "sel-lex.l"

{ return *yytext; }

YY_BREAK

case 11:

YY_RULE_SETUP

-#line 84 "sel-lex.l"

+#line 85 "sel-lex.l"

;

YY_BREAK

case 12:

YY_RULE_SETUP

-#line 85 "sel-lex.l"

+#line 86 "sel-lex.l"

ECHO;

YY_BREAK

-#line 870 "sel-lex.c"

+#line 871 "sel-lex.c"

case YY_STATE_EOF(INITIAL):

yyterminate();

@@ -1863,7 +1864,7 @@ void yyfree (void * ptr )

#define YYTABLES_NAME "yytables"

-#line 85 "sel-lex.l"

+#line 86 "sel-lex.l"

diff --git a/lib/hx509/sel-lex.l b/lib/hx509/sel-lex.l
index 4c9396750a34..bb7e8374c7d1 100644
--- a/lib/hx509/sel-lex.l
+++ b/lib/hx509/sel-lex.l

@@ -50,6 +50,7 @@ unsigned lineno = 1;

static char * handle_string(void);

static int lex_input(char *, int);

+static int lex_classic_input(void);

struct hx_expr_input _hx509_expr_input;

diff --git a/lib/kadm5/password_quality.c b/lib/kadm5/password_quality.c
index a6f0b3ef67ee..eb72ba6182ee 100644
--- a/lib/kadm5/password_quality.c
+++ b/lib/kadm5/password_quality.c

@@ -34,8 +34,6 @@

#include "kadm5_locl.h"

#include "kadm5-pwcheck.h"

-RCSID("$Id$");

#ifdef HAVE_SYS_WAIT_H

#include <sys/wait.h>

#endif

@@ -473,7 +471,8 @@ kadm5_check_password_quality (krb5_context context,

NULL);

if (v == NULL) {

msg = (*passwd_quality_check) (context, principal, pwd_data);

- krb5_set_error_message(context, 0, "password policy failed: %s", msg);

+ if (msg)

+ krb5_set_error_message(context, 0, "password policy failed: %s", msg);

return msg;

}

diff --git a/lib/krb5/crypto-arcfour.c b/lib/krb5/crypto-arcfour.c
index 1b369d2fda14..7f7e21d0d22c 100644
--- a/lib/krb5/crypto-arcfour.c
+++ b/lib/krb5/crypto-arcfour.c

@@ -317,7 +317,7 @@ struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5 = {

&keytype_arcfour,

&_krb5_checksum_hmac_md5,

- NULL,

+ &_krb5_checksum_hmac_md5,

F_SPECIAL,

ARCFOUR_encrypt,

diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 4b66035155dd..67ecef62e875 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c

@@ -467,7 +467,7 @@ verify_checksum(krb5_context context,

return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */

}

kct = crypto->et->keyed_checksum;

- if (kct != NULL && kct->type != ct->type) {

+ if (kct == NULL || kct->type != ct->type) {

krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,

N_("Checksum type %s is keyed, but "

"the key type %s passed didnt have that checksum "

diff --git a/lib/krb5/eai_to_heim_errno.c b/lib/krb5/eai_to_heim_errno.c
index ef11e370f443..a6e14aba31dd 100644
--- a/lib/krb5/eai_to_heim_errno.c
+++ b/lib/krb5/eai_to_heim_errno.c

@@ -68,6 +68,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)

case EAI_NODATA:

return HEIM_EAI_NODATA;

#endif

+#ifdef WSANO_DATA

+ case WSANO_DATA:

+ return HEIM_EAI_NODATA;

+#endif

case EAI_NONAME:

return HEIM_EAI_NONAME;

case EAI_SERVICE:

diff --git a/lib/krb5/krb5.conf.5 b/lib/krb5/krb5.conf.5
index 9e1edc7b6ca1..77d7f808ae47 100644
--- a/lib/krb5/krb5.conf.5
+++ b/lib/krb5/krb5.conf.5

@@ -412,19 +412,22 @@ Default is the same as

Should the kdc answer kdc-requests over http.

.It Li enable-kaserver = Va BOOL

If this kdc should emulate the AFS kaserver.

-.It Li as-use-strongest-session-key = Va BOOL

+.It Li tgt-use-strongest-session-key = Va BOOL

If this is TRUE then the KDC will prefer the strongest key from the

-client's AS-REQ enctype list, that is also supported by the KDC and the

-target principal, for the ticket session key. Else it will prefer the

-first key from the client's AS-REQ enctype list that is also supported

-by the KDC and the target principal. Defaults to TRUE.

+client's AS-REQ or TGS-REQ enctype list for the ticket session key that

+is supported by the KDC and the target principal when the target

+principal is a krbtgt principal. Else it will prefer the first key from

+the client's AS-REQ enctype list that is also supported by the KDC and

+the target principal. Defaults to TRUE.

+.It Li svc-use-strongest-session-key = Va BOOL

+Like tgt-use-strongest-session-key, but applies to the session key

+enctype of tickets for services other than krbtgt principals. Defaults

+to TRUE.

.It Li preauth-use-strongest-session-key = Va BOOL

-Like as-use-strongest-session-key, but applies to the session key

-enctype selection for PA-ETYPE-INFO2 (i.e., for password-based

-pre-authentication). Defaults to TRUE.

-.It Li tgs-use-strongest-session-key = Va BOOL

-Like as-use-strongest-session-key, but applies to the session key

-enctype of tickets issued by the TGS. Defaults to TRUE.

+If TRUE then select the strongest possible enctype from the client's

+AS-REQ for PA-ETYPE-INFO2 (i.e., for password-based pre-authentication).

+Else pick the first supported enctype from the client's AS-REQ. Defaults

+to TRUE.

.It Li use-strongest-server-key = Va BOOL

If TRUE then the KDC picks, for the ticket encrypted part's key, the

first supported enctype from the target service principal's hdb entry's

diff --git a/lib/krb5/krb5.conf.cat5 b/lib/krb5/krb5.conf.cat5
index 7d10cae2c3e8..aa5ab91bc5e4 100644
--- a/lib/krb5/krb5.conf.cat5
+++ b/lib/krb5/krb5.conf.cat5

@@ -419,25 +419,27 @@ DDEESSCCRRIIPPTTIIOONN

enable-kaserver = _B_O_O_L

If this kdc should emulate the AFS kaserver.

- as-use-strongest-session-key = _B_O_O_L

+ tgt-use-strongest-session-key = _B_O_O_L

If this is TRUE then the KDC will prefer the

- strongest key from the client's AS-REQ enctype

- list, that is also supported by the KDC and the

- target principal, for the ticket session key. Else

+ strongest key from the client's AS-REQ or TGS-REQ

+ enctype list for the ticket session key that is

+ supported by the KDC and the target principal when

+ the target principal is a krbtgt principal. Else

it will prefer the first key from the client's AS-

REQ enctype list that is also supported by the KDC

and the target principal. Defaults to TRUE.

- preauth-use-strongest-session-key = _B_O_O_L

- Like as-use-strongest-session-key, but applies to

- the session key enctype selection for PA-ETYPE-

- INFO2 (i.e., for password-based pre-authentica-

- tion). Defaults to TRUE.

+ svc-use-strongest-session-key = _B_O_O_L

+ Like tgt-use-strongest-session-key, but applies to

+ the session key enctype of tickets for services

+ other than krbtgt principals. Defaults to TRUE.

- tgs-use-strongest-session-key = _B_O_O_L

- Like as-use-strongest-session-key, but applies to

- the session key enctype of tickets issued by the

- TGS. Defaults to TRUE.

+ preauth-use-strongest-session-key = _B_O_O_L

+ If TRUE then select the strongest possible enctype

+ from the client's AS-REQ for PA-ETYPE-INFO2 (i.e.,

+ for password-based pre-authentication). Else pick

+ the first supported enctype from the client's AS-

+ REQ. Defaults to TRUE.

use-strongest-server-key = _B_O_O_L

If TRUE then the KDC picks, for the ticket

diff --git a/lib/krb5/pac.c b/lib/krb5/pac.c
index f4caaddc264b..91f68d5e00e7 100644
--- a/lib/krb5/pac.c
+++ b/lib/krb5/pac.c

@@ -706,7 +706,7 @@ build_logon_name(krb5_context context,

krb5_storage *sp;

uint64_t t;

char *s, *s2;

- size_t i, len;

+ size_t s2_len;

t = unix2nttime(authtime);

@@ -726,29 +726,60 @@ build_logon_name(krb5_context context,

if (ret)

goto out;

- len = strlen(s);

+ {

+ size_t ucs2_len;

+ uint16_t *ucs2;

+ unsigned int flags;

- CHECK(ret, krb5_store_uint16(sp, len * 2), out);

+ ret = wind_utf8ucs2_length(s, &ucs2_len);

+ if (ret) {

+ free(s);

+ krb5_set_error_message(context, ret, "Failed to count length of UTF-8 string");

+ return ret;

+ }

-#if 1 /* cheat for now */

- s2 = malloc(len * 2);

- if (s2 == NULL) {

- ret = krb5_enomem(context);

+ ucs2 = malloc(sizeof(ucs2[0]) * ucs2_len);

+ if (ucs2 == NULL) {

+ free(s);

+ return krb5_enomem(context);

+ }

+ ret = wind_utf8ucs2(s, ucs2, &ucs2_len);

free(s);

- goto out;

- }

- for (i = 0; i < len; i++) {

- s2[i * 2] = s[i];

- s2[i * 2 + 1] = 0;

+ if (ret) {

+ free(ucs2);

+ krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");

+ return ret;

+ }

+ s2_len = (ucs2_len + 1) * 2;

+ s2 = malloc(s2_len);

+ if (ucs2 == NULL) {

+ free(ucs2);

+ return krb5_enomem(context);

+ }

+ flags = WIND_RW_LE;

+ ret = wind_ucs2write(ucs2, ucs2_len,

+ &flags, s2, &s2_len);

+ free(ucs2);

+ if (ret) {

+ free(s2);

+ krb5_set_error_message(context, ret, "Failed to write to UCS-2 buffer");

+ return ret;

+ }

+ /*

+ * we do not want zero termination

+ */

+ s2_len = ucs2_len * 2;

}

- free(s);

-#else

- /* write libwind code here */

-#endif

- ret = krb5_storage_write(sp, s2, len * 2);

+ CHECK(ret, krb5_store_uint16(sp, s2_len), out);

+ ret = krb5_storage_write(sp, s2, s2_len);

free(s2);

- if (ret != (int)(len * 2)) {

+ if (ret != (int)s2_len) {

ret = krb5_enomem(context);

goto out;

}

diff --git a/lib/krb5/verify_krb5_conf.c b/lib/krb5/verify_krb5_conf.c
index d554423a16d1..647a311a2ca6 100644
--- a/lib/krb5/verify_krb5_conf.c
+++ b/lib/krb5/verify_krb5_conf.c

@@ -508,7 +508,7 @@ struct entry kdc_entries[] = {

{ "allow-null-ticket-addresses", krb5_config_string, check_boolean },

{ "allow-anonymous", krb5_config_string, check_boolean },

{ "v4_realm", krb5_config_string, NULL },

- { "enable-kaserver", krb5_config_string, check_boolean },

+ { "enable-kaserver", krb5_config_string, check_boolean, 1 },

{ "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean },

{ "kdc_warn_pwexpire", krb5_config_string, check_time },

{ "use_2b", krb5_config_list, NULL },

diff --git a/lib/libedit/configure b/lib/libedit/configure
index 3bb2d08446f2..c069ba40fe8b 100755
--- a/lib/libedit/configure
+++ b/lib/libedit/configure

@@ -558,7 +558,7 @@ MAKEFLAGS=

# Identity of this package.

PACKAGE_NAME='libedit'

-PACKAGE_TARNAME='libedit-20110930'

+PACKAGE_TARNAME='libedit-20120111'

PACKAGE_VERSION='3.0'

PACKAGE_STRING='libedit 3.0'

PACKAGE_BUGREPORT=''

@@ -1333,7 +1333,7 @@ Fine tuning of the installation directories:

--localedir=DIR locale-dependent data [DATAROOTDIR/locale]

--mandir=DIR man documentation [DATAROOTDIR/man]

--docdir=DIR documentation root

- [DATAROOTDIR/doc/libedit-20110930]

+ [DATAROOTDIR/doc/libedit-20120111]

--htmldir=DIR html documentation [DOCDIR]

--dvidir=DIR dvi documentation [DOCDIR]

--pdfdir=DIR pdf documentation [DOCDIR]

@@ -4004,7 +4004,7 @@ fi

# Define the identity of the package.

- PACKAGE='libedit-20110930'

+ PACKAGE='libedit-20120111'

VERSION='3.0'

diff --git a/lib/wind/bidi_table.c b/lib/wind/bidi_table.c
index 7d703f64dca1..31de1ee6372b 100644
--- a/lib/wind/bidi_table.c
+++ b/lib/wind/bidi_table.c

@@ -1,5 +1,5 @@

/* ./bidi_table.c */

-/* Automatically generated at 2011-09-30T15:24:58.936201 */

+/* Automatically generated at 2012-01-11T14:07:00.535499 */

#include <stdlib.h>

diff --git a/lib/wind/bidi_table.h b/lib/wind/bidi_table.h
index 45556a3ff398..c317b4dc4d42 100644
--- a/lib/wind/bidi_table.h
+++ b/lib/wind/bidi_table.h

@@ -1,5 +1,5 @@

/* ./bidi_table.h */

-/* Automatically generated at 2011-09-30T15:24:58.927315 */

+/* Automatically generated at 2012-01-11T14:07:00.534628 */

#ifndef BIDI_TABLE_H

#define BIDI_TABLE_H 1

diff --git a/lib/wind/combining_table.c b/lib/wind/combining_table.c
index 814e39eb1904..4a1677230adc 100644
--- a/lib/wind/combining_table.c
+++ b/lib/wind/combining_table.c

@@ -1,5 +1,5 @@

/* ./combining_table.c */

-/* Automatically generated at 2011-09-30T15:24:59.280091 */

+/* Automatically generated at 2012-01-11T14:07:00.838826 */

#include <stdlib.h>

diff --git a/lib/wind/combining_table.h b/lib/wind/combining_table.h
index 05a790b37db6..47599ccaff65 100644
--- a/lib/wind/combining_table.h
+++ b/lib/wind/combining_table.h

@@ -1,5 +1,5 @@

/* ./combining_table.h */

-/* Automatically generated at 2011-09-30T15:24:59.272235 */

+/* Automatically generated at 2012-01-11T14:07:00.836450 */

#ifndef COMBINING_TABLE_H

#define COMBINING_TABLE_H 1

diff --git a/lib/wind/errorlist_table.c b/lib/wind/errorlist_table.c
index 7456cb478d6a..d2d57182d483 100644
--- a/lib/wind/errorlist_table.c
+++ b/lib/wind/errorlist_table.c

@@ -1,5 +1,5 @@

/* ./errorlist_table.c */

-/* Automatically generated at 2011-09-30T15:24:59.470044 */

+/* Automatically generated at 2012-01-11T14:07:01.014764 */

#include <stdlib.h>

diff --git a/lib/wind/errorlist_table.h b/lib/wind/errorlist_table.h
index fc1739efc8d8..b822454c03be 100644
--- a/lib/wind/errorlist_table.h
+++ b/lib/wind/errorlist_table.h

@@ -1,5 +1,5 @@

/* ./errorlist_table.h */

-/* Automatically generated at 2011-09-30T15:24:59.457950 */

+/* Automatically generated at 2012-01-11T14:07:01.014378 */

#ifndef ERRORLIST_TABLE_H

#define ERRORLIST_TABLE_H 1

diff --git a/lib/wind/map_table.c b/lib/wind/map_table.c
index 5491b7d1b5ec..7363e54616eb 100644
--- a/lib/wind/map_table.c
+++ b/lib/wind/map_table.c

@@ -1,5 +1,5 @@

/* ./map_table.c */

-/* Automatically generated at 2011-09-30T15:24:59.641639 */

+/* Automatically generated at 2012-01-11T14:07:01.097758 */

#include "map_table.h"

diff --git a/lib/wind/map_table.h b/lib/wind/map_table.h
index ac3d564b36a6..ebfa7256d726 100644
--- a/lib/wind/map_table.h
+++ b/lib/wind/map_table.h

@@ -1,5 +1,5 @@

/* ./map_table.h */

-/* Automatically generated at 2011-09-30T15:24:59.631690 */

+/* Automatically generated at 2012-01-11T14:07:01.097337 */

#ifndef MAP_TABLE_H

#define MAP_TABLE_H 1

diff --git a/lib/wind/normalize_table.c b/lib/wind/normalize_table.c
index 7e0ec2eefa8a..a37e180a4acd 100644
--- a/lib/wind/normalize_table.c
+++ b/lib/wind/normalize_table.c

@@ -1,5 +1,5 @@

/* ./normalize_table.c */

-/* Automatically generated at 2011-09-30T15:25:00.420261 */

+/* Automatically generated at 2012-01-11T14:07:01.714581 */

#include <stdlib.h>

diff --git a/lib/wind/normalize_table.h b/lib/wind/normalize_table.h
index 88816309c40b..b0d0d11850e6 100644
--- a/lib/wind/normalize_table.h
+++ b/lib/wind/normalize_table.h

@@ -1,5 +1,5 @@

/* ./normalize_table.h */

-/* Automatically generated at 2011-09-30T15:25:00.412374 */

+/* Automatically generated at 2012-01-11T14:07:01.713967 */

#ifndef NORMALIZE_TABLE_H

#define NORMALIZE_TABLE_H 1

diff --git a/lib/wind/punycode_examples.c b/lib/wind/punycode_examples.c
index 50ccc4847c7c..d12368040a17 100644
--- a/lib/wind/punycode_examples.c
+++ b/lib/wind/punycode_examples.c

@@ -1,5 +1,5 @@

/* ./punycode_examples.c */

-/* Automatically generated at 2011-09-30T15:25:05.829535 */

+/* Automatically generated at 2012-01-11T14:07:08.539522 */

#ifndef PUNYCODE_EXAMPLES_C

#define PUNYCODE_EXAMPLES_C 1

diff --git a/lib/wind/punycode_examples.h b/lib/wind/punycode_examples.h
index 832234da3560..3e90edc763af 100644
--- a/lib/wind/punycode_examples.h
+++ b/lib/wind/punycode_examples.h

@@ -1,5 +1,5 @@

/* ./punycode_examples.h */

-/* Automatically generated at 2011-09-30T15:25:05.815268 */

+/* Automatically generated at 2012-01-11T14:07:08.539140 */

#ifndef PUNYCODE_EXAMPLES_H

#define PUNYCODE_EXAMPLES_H 1

diff --git a/lib/wind/utf8.c b/lib/wind/utf8.c
index 6907b3c9d3ab..e1a1eb7b2b45 100644
--- a/lib/wind/utf8.c
+++ b/lib/wind/utf8.c

@@ -204,13 +204,13 @@ wind_ucs4utf8(const uint32_t *in, size_t in_len, char *out, size_t *out_len)

switch(len) {

case 4:

out[3] = (ch | 0x80) & 0xbf;

- ch = ch << 6;

+ ch = ch >> 6;

case 3:

out[2] = (ch | 0x80) & 0xbf;

- ch = ch << 6;

+ ch = ch >> 6;

case 2:

out[1] = (ch | 0x80) & 0xbf;

- ch = ch << 6;

+ ch = ch >> 6;

case 1:

out[0] = ch | first_char[len - 1];

}

@@ -346,8 +346,8 @@ wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags,

return WIND_ERR_OVERRUN;

if ((*flags) & WIND_RW_LE) {

- p[0] = (bom >> 8) & 0xff;

- p[1] = (bom ) & 0xff;

+ p[0] = (bom ) & 0xff;

+ p[1] = (bom >> 8) & 0xff;

} else {

p[1] = (bom ) & 0xff;

p[0] = (bom >> 8) & 0xff;

@@ -360,8 +360,8 @@ wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags,

if (len < 2)

return WIND_ERR_OVERRUN;

if ((*flags) & WIND_RW_LE) {

- p[0] = (in[0] >> 8) & 0xff;

- p[1] = (in[0] ) & 0xff;

+ p[0] = (in[0] ) & 0xff;

+ p[1] = (in[0] >> 8) & 0xff;

} else {

p[1] = (in[0] ) & 0xff;

p[0] = (in[0] >> 8) & 0xff;

@@ -479,10 +479,10 @@ wind_ucs2utf8(const uint16_t *in, size_t in_len, char *out, size_t *out_len)

switch(len) {

case 3:

out[2] = (ch | 0x80) & 0xbf;

- ch = ch << 6;

+ ch = ch >> 6;

case 2:

out[1] = (ch | 0x80) & 0xbf;

- ch = ch << 6;

+ ch = ch >> 6;

case 1:

out[0] = ch | first_char[len - 1];

}

diff --git a/lib/wind/version-script.map b/lib/wind/version-script.map
index a6ca3ae54943..6b5abb5ee2a5 100644
--- a/lib/wind/version-script.map
+++ b/lib/wind/version-script.map

@@ -14,6 +14,7 @@ HEIMDAL_WIND_1.0 {

wind_utf8ucs2_length;

wind_ucs2utf8_length;

wind_ucs2read;

+ wind_ucs2write;

# testing

_wind_combining_class;

_wind_stringprep_testbidi;