Secure Endpoints Inc. 255 W 94th Street PHB, New York NY 10025


2007 Daylight Savings Time Issues 

>From the Microsoft Knowledge Base articles:

"Starting in 2007, the start date and the end date for daylight saving time (DST) in the United States will change to comply with the Energy Policy Act of 2005. DST in the United States will start three weeks earlier than it has started in the past. DST in the United States will start at 2:00 A.M. on the second Sunday in March. Additionally, DST in the United States will end one week later than it has ended in the past. DST in the United States will end at 2:00 A.M. on the first Sunday in November. In 2007, DST in the United States will start on March 11, 2007, and will end on November 4, 2007.

"In Microsoft Visual C++ .NET 2003, some C runtime (CRT) functions ignore the DST rules that are set in the operating system when the TZ environment variable is set. For example, the *localtime* function and the *_localtime64* function identify the first Sunday in April as the start date for DST and the last Sunday in October as the end date for DST. Therefore, a Visual C++ .NET 2003 application that uses the TZ environment variable may not work as expected."  A supported hotfix is available from http://support.microsoft.com/kb/932299.

MIT Kerberos for Windows releases from 2.6.5 through 3.1.0 and OpenAFS for Windows releases from 1.3.50 to 1.5.15 above were built using Microsoft Visual C++ .NET 2003.  The EXE and MSI installers distributed by MIT contain copies of the associated C Runtime Library and are therefore vulnerable to issue described above.

Under most circumstances the TZ environment variable is not set.   The TZ environment variable may be set in the local machine environment, the user's environment, or be defined by specific applications.  If the TZ environment variable is set and the original C Runtime Library files are not updated, the computation of the start and end of DST by the Kerberos libraries will be affected.

New MIT Kerberos for Windows 3.1.1 installers containing the 3.1.0 Kerberos binaries and the updated C Runtime Library files will be posted to MIT's web site http://web.mit.edu/kerberos/.  Digitally signed versions of the new installers are available from the Secure Endpoints Inc. website:

  http://www.secure-endpoints.com/binaries/mit-kfw-3-1-0/kfw-3-1-1.exe
  http://www.secure-endpoints.com/binaries/mit-kfw-3-1-0/kfw-3-1-1.msi

OpenAFS for Windows 1.5.16 has been built with the updated C Runtime Libraries.  It is available from the OpenAFS for Windows web pages:

  http://www.openafs.org/windows.html
  http://www.secure-endpoints.com/openafs-windows.html

Jeffrey Altman
Secure Endpoints Inc.