From afa539a836b1a9a209912f5760837fa9cdb364bd Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 17 Feb 2010 03:13:29 +0000 Subject: [PATCH] README and patchlevel.h for krb5-1.8-beta1 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23728 dc483132-0cff-0310-8789-dd5450dbe970 --- NOTICE | 548 +++++++++++++++++++++++++++++++ README | 820 ++++++++++++++--------------------------------- src/patchlevel.h | 4 +- 3 files changed, 786 insertions(+), 586 deletions(-) create mode 100644 NOTICE diff --git a/NOTICE b/NOTICE new file mode 100644 index 000000000..b34a0be32 --- /dev/null +++ b/NOTICE @@ -0,0 +1,548 @@ +Copyright (C) 1985-2010 by the Massachusetts Institute of Technology. + +All rights reserved. + +Export of this software from the United States of America may require +a specific license from the United States Government. It is the +responsibility of any person or organization contemplating export to +obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. Furthermore if you modify this software you must label +your software as modified software and not distribute it in such a +fashion that it might be confused with the original MIT software. +M.I.T. makes no representations about the suitability of this software +for any purpose. It is provided "as is" without express or implied +warranty. + +THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +Individual source code files are copyright MIT, Cygnus Support, +Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems, +FundsXpress, and others. + +Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, +and Zephyr are trademarks of the Massachusetts Institute of Technology +(MIT). No commercial use of these trademarks may be made without +prior written permission of MIT. + +"Commercial use" means use of a name in a product or other for-profit +manner. It does NOT prevent a commercial firm from referring to the +MIT trademarks in order to convey information (although in doing so, +recognition of their trademark status should be given). + + -------------------- + +Portions of src/lib/crypto have the following copyright: + + Copyright (C) 1998 by the FundsXpress, INC. + + All rights reserved. + + Export of this software from the United States of America may require + a specific license from the United States Government. It is the + responsibility of any person or organization contemplating export to + obtain such a license before exporting. + + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of FundsXpress. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. FundsXpress makes no representations about the suitability of + this software for any purpose. It is provided "as is" without express + or implied warranty. + + THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + + + -------------------- + +The following copyright and permission notice applies to the +OpenVision Kerberos Administration system located in kadmin/create, +kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions +of lib/rpc: + + Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved + + WARNING: Retrieving the OpenVision Kerberos Administration system + source code, as described below, indicates your acceptance of the + following terms. If you do not agree to the following terms, do not + retrieve the OpenVision Kerberos administration system. + + You may freely use and distribute the Source Code and Object Code + compiled from it, with or without modification, but this Source + Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, + INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER + EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY + FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR + CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, + WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE + CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY + OTHER REASON. + + OpenVision retains all copyrights in the donated Source Code. OpenVision + also retains copyright to derivative works of the Source Code, whether + created by OpenVision or by a third party. The OpenVision copyright + notice must be preserved if derivative works are made based on the + donated Source Code. + + OpenVision Technologies, Inc. has donated this Kerberos + Administration system to MIT for inclusion in the standard + Kerberos 5 distribution. This donation underscores our + commitment to continuing Kerberos technology development + and our gratitude for the valuable work which has been + performed by MIT and the Kerberos community. + + -------------------- + + Portions contributed by Matt Crawford were + work performed at Fermi National Accelerator Laboratory, which is + operated by Universities Research Association, Inc., under + contract DE-AC02-76CHO3000 with the U.S. Department of Energy. + + -------------------- + +The implementation of the Yarrow pseudo-random number generator in +src/lib/crypto/yarrow has the following copyright: + + Copyright 2000 by Zero-Knowledge Systems, Inc. + + Permission to use, copy, modify, distribute, and sell this software + and its documentation for any purpose is hereby granted without fee, + provided that the above copyright notice appear in all copies and that + both that copyright notice and this permission notice appear in + supporting documentation, and that the name of Zero-Knowledge Systems, + Inc. not be used in advertising or publicity pertaining to + distribution of the software without specific, written prior + permission. Zero-Knowledge Systems, Inc. makes no representations + about the suitability of this software for any purpose. It is + provided "as is" without express or implied warranty. + + ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO + THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR + ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT + OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + -------------------- + +The implementation of the AES encryption algorithm in +src/lib/crypto/aes has the following copyright: + + Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. + All rights reserved. + + LICENSE TERMS + + The free distribution and use of this software in both source and binary + form is allowed (with or without changes) provided that: + + 1. distributions of this source code include the above copyright + notice, this list of conditions and the following disclaimer; + + 2. distributions in binary form include the above copyright + notice, this list of conditions and the following disclaimer + in the documentation and/or other associated materials; + + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. + + DISCLAIMER + + This software is provided 'as is' with no explcit or implied warranties + in respect of any properties, including, but not limited to, correctness + and fitness for purpose. + + -------------------- + +Portions contributed by Red Hat, including the pre-authentication +plug-ins framework, contain the following copyright: + + Copyright (c) 2006 Red Hat, Inc. + Portions copyright (c) 2006 Massachusetts Institute of Technology + All Rights Reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of Red Hat, Inc., nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + -------------------- + +The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in +src/lib/gssapi, including the following files: + + lib/gssapi/generic/gssapi_err_generic.et + lib/gssapi/mechglue/g_accept_sec_context.c + lib/gssapi/mechglue/g_acquire_cred.c + lib/gssapi/mechglue/g_canon_name.c + lib/gssapi/mechglue/g_compare_name.c + lib/gssapi/mechglue/g_context_time.c + lib/gssapi/mechglue/g_delete_sec_context.c + lib/gssapi/mechglue/g_dsp_name.c + lib/gssapi/mechglue/g_dsp_status.c + lib/gssapi/mechglue/g_dup_name.c + lib/gssapi/mechglue/g_exp_sec_context.c + lib/gssapi/mechglue/g_export_name.c + lib/gssapi/mechglue/g_glue.c + lib/gssapi/mechglue/g_imp_name.c + lib/gssapi/mechglue/g_imp_sec_context.c + lib/gssapi/mechglue/g_init_sec_context.c + lib/gssapi/mechglue/g_initialize.c + lib/gssapi/mechglue/g_inquire_context.c + lib/gssapi/mechglue/g_inquire_cred.c + lib/gssapi/mechglue/g_inquire_names.c + lib/gssapi/mechglue/g_process_context.c + lib/gssapi/mechglue/g_rel_buffer.c + lib/gssapi/mechglue/g_rel_cred.c + lib/gssapi/mechglue/g_rel_name.c + lib/gssapi/mechglue/g_rel_oid_set.c + lib/gssapi/mechglue/g_seal.c + lib/gssapi/mechglue/g_sign.c + lib/gssapi/mechglue/g_store_cred.c + lib/gssapi/mechglue/g_unseal.c + lib/gssapi/mechglue/g_userok.c + lib/gssapi/mechglue/g_utils.c + lib/gssapi/mechglue/g_verify.c + lib/gssapi/mechglue/gssd_pname_to_uid.c + lib/gssapi/mechglue/mglueP.h + lib/gssapi/mechglue/oid_ops.c + lib/gssapi/spnego/gssapiP_spnego.h + lib/gssapi/spnego/spnego_mech.c + +and the initial implementation of incremental propagation, including +the following new or changed files: + + include/iprop_hdr.h + kadmin/server/ipropd_svc.c + lib/kdb/iprop.x + lib/kdb/kdb_convert.c + lib/kdb/kdb_log.c + lib/kdb/kdb_log.h + lib/krb5/error_tables/kdb5_err.et + slave/kpropd_rpc.c + slave/kproplog.c + +and marked portions of the following files: + + lib/krb5/os/hst_realm.c + +are subject to the following license: + + Copyright (c) 2004 Sun Microsystems, Inc. + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + -------------------- + +MIT Kerberos includes documentation and software developed at the +University of California at Berkeley, which includes this copyright +notice: + + Copyright (C) 1983 Regents of the University of California. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + -------------------- + +Portions contributed by Novell, Inc., including the LDAP database +backend, are subject to the following license: + + Copyright (c) 2004-2005, Novell, Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * The copyright holder's name is not used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + -------------------- + +Portions funded by Sandia National Laboratory and developed by the +University of Michigan's Center for Information Technology +Integration, including the PKINIT implementation, are subject to the +following license: + + COPYRIGHT (C) 2006-2007 + THE REGENTS OF THE UNIVERSITY OF MICHIGAN + ALL RIGHTS RESERVED + + Permission is granted to use, copy, create derivative works + and redistribute this software and such derivative works + for any purpose, so long as the name of The University of + Michigan is not used in any advertising or publicity + pertaining to the use of distribution of this software + without specific, written prior authorization. If the + above copyright notice or any other identification of the + University of Michigan is included in any copy of any + portion of this software, then the disclaimer below must + also be included. + + THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION + FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY + PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF + MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING + WITHOUT LIMITATION THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE + REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE + FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR + CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING + OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN + IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF + SUCH DAMAGES. + + -------------------- + +The pkcs11.h file included in the PKINIT code has the following +license: + + Copyright 2006 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. + + -------------------- + +Portions contributed by Apple Inc. are subject to the following license: + +Copyright 2004-2008 Apple Inc. All Rights Reserved. + +Export of this software from the United States of America may require +a specific license from the United States Government. It is the +responsibility of any person or organization contemplating export to +obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of Apple Inc. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. Apple Inc. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + + -------------------- + +The implementations of strlcpy and strlcat in +src/util/support/strlcat.c have the following copyright and permission +notice: + +Copyright (c) 1998 Todd C. Miller + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + -------------------- + +The implementations of UTF-8 string handling in src/util/support and +src/lib/krb5/unicode are subject to the following copyright and +permission notice: + +The OpenLDAP Public License + Version 2.8, 17 August 2003 + +Redistribution and use of this software and associated documentation +("Software"), with or without modification, are permitted provided +that the following conditions are met: + +1. Redistributions in source form must retain copyright statements + and notices, + +2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + +3. Redistributions must contain a verbatim copy of this document. + +The OpenLDAP Foundation may revise this license from time to time. +Each revision is distinguished by a version number. You may use +this Software under terms of this license revision or under the +terms of any subsequent revision of the license. + +THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS +CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) +OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +The names of the authors and copyright holders must not be used in +advertising or otherwise to promote the sale, use or other dealing +in this Software without specific, written prior permission. Title +to copyright in this Software shall at all times remain with copyright +holders. + +OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, +California, USA. All Rights Reserved. Permission to copy and +distribute verbatim copies of this document is granted. + + -------------------- + +Marked test programs in src/lib/krb5/krb have the following copyright: + +Copyright (c) 2006 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of KTH nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + -------------------- diff --git a/README b/README index c1eabc522..26e516b50 100644 --- a/README +++ b/README @@ -3,24 +3,22 @@ Release Notes The MIT Kerberos Team -Unpacking the Source Distribution ---------------------------------- +Copyright and Other Notices +--------------------------- -The source distribution of Kerberos 5 comes in a gzipped tarfile, -krb5-1.8.tar.gz. Instructions on how to extract the entire -distribution follow. +Copyright (C) 1985-2010 by the Massachusetts Institute of Technology +and its contributors. All rights reserved. -If you have the GNU tar program and gzip installed, you can simply do: +Please see the file named NOTICE for additional notices. - gtar zxpf krb5-1.8.tar.gz +MIT Kerberos is a project of the MIT Kerberos Consortium. For more +information about the Kerberos Consortium, see http://kerberos.org/ -If you don't have GNU tar, you will need to get the FSF gzip -distribution and use gzcat: +For more information about the MIT Kerberos software, see + http://web.mit.edu/kerberos/ - gzcat krb5-1.8.tar.gz | tar xpf - - -Both of these methods will extract the sources into krb5-1.8/src and -the documentation into krb5-1.8/doc. +People interested in participating in the MIT Kerberos development +effort should see http://k5wiki.kerberos.org/ Building and Installing Kerberos 5 ---------------------------------- @@ -53,9 +51,13 @@ If you are not able to use krb5-send-pr because you haven't been able compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs@mit.edu. +Please keep in mind that unencrypted e-mail is not secure. If you need +to report a security vulnerability, or send sensitive information, +please PGP-encrypt it to krbcore-security@mit.edu. + You may view bug reports by visiting -http://krbdev.mit.edu/rt/ + http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". @@ -65,8 +67,9 @@ DES transition The Data Encryption Standard (DES) is widely recognized as weak. The krb5-1.7 release contains measures to encourage sites to migrate away from using single-DES cryptosystems. Among these is a configuration -variable that enables "weak" enctypes, which defaults to "false" -beginning with krb5-1.8. +variable that enables "weak" enctypes, which now defaults to "false" +beginning with krb5-1.8. The krb5-1.8 release includes additional +measures to ease the transition away from single-DES. Major changes in 1.8 -------------------- @@ -75,7 +78,7 @@ The krb5-1.8 release contains a large number of changes, featuring improvements in the following broad areas: * Code quality -* Modularity +* Developer experience * Performance * End-user experience * Administrator experience @@ -86,19 +89,23 @@ Code quality: * Move toward test-driven development -- new features have test code, or at least written testing procedures. +* Remove applications to a separate distribution to simplify + independent maintenance. + * Increase conformance to coding style + "The great reindent" + Selective refactoring -Modularity: +Developer experience: * Crypto modularity -- vendors can more easily substitute their own crypto implementations, which might be hardware-accelerated or validated to FIPS 140, for the builtin crypto implementation that has historically shipped as part of MIT Kerberos. Currently, only - an OpenSSL provider is included, but others are possible. + an OpenSSL provider is included, but others are planned for the + future. * Move toward improved KDB interface @@ -130,9 +137,15 @@ Administrator experience: password guessing attacks, and helps with some enterprise regulatory compliance. +* Bridge layer to allow Heimdal HDB modules to act as KDB backend + modules. This provides a migration path from a Heimdal to an MIT + KDC. + Protocol evolution: -* FAST enhancements -- preauthentication framework enhancements +* FAST enhancements -- preauthentication framework enhancements to + allow a client to securely negotiate the use of FAST with a KDC of + unknown capabilities. * Microsoft Services for User (S4U) compatibility: S4U2Self, also known as "protocol transition", allows for service to ask a KDC for @@ -143,6 +156,10 @@ Protocol evolution: * Anonymous PKINIT -- allows the use of public-key cryptography to anonymously authenticate to a realm +* Support doing constrained delegation similar to Microsoft's + S4U2Proxy without the use of the Windows PAC. This functionality + uses a protocol compatible with Heimdal. + krb5-1.8 changes by ticket ID ----------------------------- @@ -152,6 +169,7 @@ krb5-1.8 changes by ticket ID 6454 Make krb5_mkt_resolve error handling work 6510 Restore limited support for static linking 6539 Enctype list configuration enhancements +6546 KDB should use enctype of stashed master key 6547 Modify kadm5 initializers to accept krb5 contexts 6563 Implement s4u extensions 6564 s4u extensions integration broke test suite... @@ -166,9 +184,14 @@ krb5-1.8 changes by ticket ID 6586 libkrb5 support for non-blocking AS requests 6590 allow testing even if name->addr->name mapping doesn't work 6591 fix slow behavior on Mac OS X with link-local addresses +6592 handle negative enctypes better 6593 Remove dependency on /bin/csh in test suite 6595 FAST (preauth framework) negotiation 6597 Add GSS extensions to store credentials, generate random bits +6598 gss_init_sec_context potential segfault +6599 memory leak in krb5_rd_req_decrypt_tkt_part +6600 gss_inquire_context cannot handle no target name from mechanism +6601 gsssspi_set_cred_option cannot handle mech specific option 6605 PKINIT client should validate SAN for TGS, not service principal 6606 allow testing when offline 6607 anonymous PKINIT @@ -176,567 +199,196 @@ krb5-1.8 changes by ticket ID 6618 Support optional creation of PID files for krb5kdc and kadmind 6620 kdc_supported_enctypes does nothing; eradicate mentions thereof 6621 disable weak crypto by default - -Copyright and Other Legal Notices ---------------------------------- - -Copyright (C) 1985-2010 by the Massachusetts Institute of Technology. - -All rights reserved. - -Export of this software from the United States of America may require -a specific license from the United States Government. It is the -responsibility of any person or organization contemplating export to -obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Furthermore if you modify this software you must label -your software as modified software and not distribute it in such a -fashion that it might be confused with the original MIT software. -M.I.T. makes no representations about the suitability of this software -for any purpose. It is provided "as is" without express or implied -warranty. - -THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -Individual source code files are copyright MIT, Cygnus Support, -Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems, -FundsXpress, and others. - -Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, -and Zephyr are trademarks of the Massachusetts Institute of Technology -(MIT). No commercial use of these trademarks may be made without -prior written permission of MIT. - -"Commercial use" means use of a name in a product or other for-profit -manner. It does NOT prevent a commercial firm from referring to the -MIT trademarks in order to convey information (although in doing so, -recognition of their trademark status should be given). - - -------------------- - -Portions of src/lib/crypto have the following copyright: - - Copyright (C) 1998 by the FundsXpress, INC. - - All rights reserved. - - Export of this software from the United States of America may require - a specific license from the United States Government. It is the - responsibility of any person or organization contemplating export to - obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of FundsXpress. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. FundsXpress makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. - - THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR - IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - - - -------------------- - -The following copyright and permission notice applies to the -OpenVision Kerberos Administration system located in kadmin/create, -kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions -of lib/rpc: - - Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved - - WARNING: Retrieving the OpenVision Kerberos Administration system - source code, as described below, indicates your acceptance of the - following terms. If you do not agree to the following terms, do not - retrieve the OpenVision Kerberos administration system. - - You may freely use and distribute the Source Code and Object Code - compiled from it, with or without modification, but this Source - Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, - INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR - FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER - EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY - FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR - CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, - WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE - CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY - OTHER REASON. - - OpenVision retains all copyrights in the donated Source Code. OpenVision - also retains copyright to derivative works of the Source Code, whether - created by OpenVision or by a third party. The OpenVision copyright - notice must be preserved if derivative works are made based on the - donated Source Code. - - OpenVision Technologies, Inc. has donated this Kerberos - Administration system to MIT for inclusion in the standard - Kerberos 5 distribution. This donation underscores our - commitment to continuing Kerberos technology development - and our gratitude for the valuable work which has been - performed by MIT and the Kerberos community. - - -------------------- - - Portions contributed by Matt Crawford were - work performed at Fermi National Accelerator Laboratory, which is - operated by Universities Research Association, Inc., under - contract DE-AC02-76CHO3000 with the U.S. Department of Energy. - - -------------------- - -The implementation of the Yarrow pseudo-random number generator in -src/lib/crypto/yarrow has the following copyright: - - Copyright 2000 by Zero-Knowledge Systems, Inc. - - Permission to use, copy, modify, distribute, and sell this software - and its documentation for any purpose is hereby granted without fee, - provided that the above copyright notice appear in all copies and that - both that copyright notice and this permission notice appear in - supporting documentation, and that the name of Zero-Knowledge Systems, - Inc. not be used in advertising or publicity pertaining to - distribution of the software without specific, written prior - permission. Zero-Knowledge Systems, Inc. makes no representations - about the suitability of this software for any purpose. It is - provided "as is" without express or implied warranty. - - ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO - THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND - FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR - ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT - OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - -------------------- - -The implementation of the AES encryption algorithm in -src/lib/crypto/aes has the following copyright: - - Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. - All rights reserved. - - LICENSE TERMS - - The free distribution and use of this software in both source and binary - form is allowed (with or without changes) provided that: - - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; - - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other associated materials; - - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness - and fitness for purpose. - - -------------------- - -Portions contributed by Red Hat, including the pre-authentication -plug-ins framework, contain the following copyright: - - Copyright (c) 2006 Red Hat, Inc. - Portions copyright (c) 2006 Massachusetts Institute of Technology - All Rights Reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - * Neither the name of Red Hat, Inc., nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -------------------- - -The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in -src/lib/gssapi, including the following files: - - lib/gssapi/generic/gssapi_err_generic.et - lib/gssapi/mechglue/g_accept_sec_context.c - lib/gssapi/mechglue/g_acquire_cred.c - lib/gssapi/mechglue/g_canon_name.c - lib/gssapi/mechglue/g_compare_name.c - lib/gssapi/mechglue/g_context_time.c - lib/gssapi/mechglue/g_delete_sec_context.c - lib/gssapi/mechglue/g_dsp_name.c - lib/gssapi/mechglue/g_dsp_status.c - lib/gssapi/mechglue/g_dup_name.c - lib/gssapi/mechglue/g_exp_sec_context.c - lib/gssapi/mechglue/g_export_name.c - lib/gssapi/mechglue/g_glue.c - lib/gssapi/mechglue/g_imp_name.c - lib/gssapi/mechglue/g_imp_sec_context.c - lib/gssapi/mechglue/g_init_sec_context.c - lib/gssapi/mechglue/g_initialize.c - lib/gssapi/mechglue/g_inquire_context.c - lib/gssapi/mechglue/g_inquire_cred.c - lib/gssapi/mechglue/g_inquire_names.c - lib/gssapi/mechglue/g_process_context.c - lib/gssapi/mechglue/g_rel_buffer.c - lib/gssapi/mechglue/g_rel_cred.c - lib/gssapi/mechglue/g_rel_name.c - lib/gssapi/mechglue/g_rel_oid_set.c - lib/gssapi/mechglue/g_seal.c - lib/gssapi/mechglue/g_sign.c - lib/gssapi/mechglue/g_store_cred.c - lib/gssapi/mechglue/g_unseal.c - lib/gssapi/mechglue/g_userok.c - lib/gssapi/mechglue/g_utils.c - lib/gssapi/mechglue/g_verify.c - lib/gssapi/mechglue/gssd_pname_to_uid.c - lib/gssapi/mechglue/mglueP.h - lib/gssapi/mechglue/oid_ops.c - lib/gssapi/spnego/gssapiP_spnego.h - lib/gssapi/spnego/spnego_mech.c - -and the initial implementation of incremental propagation, including -the following new or changed files: - - include/iprop_hdr.h - kadmin/server/ipropd_svc.c - lib/kdb/iprop.x - lib/kdb/kdb_convert.c - lib/kdb/kdb_log.c - lib/kdb/kdb_log.h - lib/krb5/error_tables/kdb5_err.et - slave/kpropd_rpc.c - slave/kproplog.c - -and marked portions of the following files: - - lib/krb5/os/hst_realm.c - -are subject to the following license: - - Copyright (c) 2004 Sun Microsystems, Inc. - - Permission is hereby granted, free of charge, to any person obtaining a - copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to - permit persons to whom the Software is furnished to do so, subject to - the following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS - OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY - CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, - TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - -------------------- - -MIT Kerberos includes documentation and software developed at the -University of California at Berkeley, which includes this copyright -notice: - - Copyright (C) 1983 Regents of the University of California. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - - -------------------- - -Portions contributed by Novell, Inc., including the LDAP database -backend, are subject to the following license: - - Copyright (c) 2004-2005, Novell, Inc. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * The copyright holder's name is not used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - -------------------- - -Portions funded by Sandia National Laboratory and developed by the -University of Michigan's Center for Information Technology -Integration, including the PKINIT implementation, are subject to the -following license: - - COPYRIGHT (C) 2006-2007 - THE REGENTS OF THE UNIVERSITY OF MICHIGAN - ALL RIGHTS RESERVED - - Permission is granted to use, copy, create derivative works - and redistribute this software and such derivative works - for any purpose, so long as the name of The University of - Michigan is not used in any advertising or publicity - pertaining to the use of distribution of this software - without specific, written prior authorization. If the - above copyright notice or any other identification of the - University of Michigan is included in any copy of any - portion of this software, then the disclaimer below must - also be included. - - THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION - FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY - PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF - MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING - WITHOUT LIMITATION THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE - REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE - FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR - CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING - OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN - IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF - SUCH DAMAGES. - - -------------------- - -The pkcs11.h file included in the PKINIT code has the following -license: - - Copyright 2006 g10 Code GmbH - Copyright 2006 Andreas Jellinghaus - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. - - -------------------- - -Portions contributed by Apple Inc. are subject to the following license: - -Copyright 2004-2008 Apple Inc. All Rights Reserved. - -Export of this software from the United States of America may require -a specific license from the United States Government. It is the -responsibility of any person or organization contemplating export to -obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of Apple Inc. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Apple Inc. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - - -------------------- - -The implementations of strlcpy and strlcat in -src/util/support/strlcat.c have the following copyright and permission -notice: - -Copyright (c) 1998 Todd C. Miller - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - -------------------- - -The implementations of UTF-8 string handling in src/util/support and -src/lib/krb5/unicode are subject to the following copyright and -permission notice: - -The OpenLDAP Public License - Version 2.8, 17 August 2003 - -Redistribution and use of this software and associated documentation -("Software"), with or without modification, are permitted provided -that the following conditions are met: - -1. Redistributions in source form must retain copyright statements - and notices, - -2. Redistributions in binary form must reproduce applicable copyright - statements and notices, this list of conditions, and the following - disclaimer in the documentation and/or other materials provided - with the distribution, and - -3. Redistributions must contain a verbatim copy of this document. - -The OpenLDAP Foundation may revise this license from time to time. -Each revision is distinguished by a version number. You may use -this Software under terms of this license revision or under the -terms of any subsequent revision of the license. - -THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS -CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT -SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) -OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. - -The names of the authors and copyright holders must not be used in -advertising or otherwise to promote the sale, use or other dealing -in this Software without specific, written prior permission. Title -to copyright in this Software shall at all times remain with copyright -holders. - -OpenLDAP is a registered trademark of the OpenLDAP Foundation. - -Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, -California, USA. All Rights Reserved. Permission to copy and -distribute verbatim copies of this document is granted. - - -------------------- - -Marked test programs in src/lib/krb5/krb have the following copyright: - -Copyright (c) 2006 Kungliga Tekniska Högskolan -(Royal Institute of Technology, Stockholm, Sweden). -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -3. Neither the name of KTH nor the names of its contributors may be - used to endorse or promote products derived from this software without - specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY -EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -Acknowledgements for krb5-1.8 ------------------------------ - -Thanks to the members of the Kerberos V5 development team at MIT, both -past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson, -Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe -Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, -Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, -Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl, -Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, -Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff -Schiller, Jen Selby, Robert Silk, Brad Thompson, Harry Tsai, Zhanna -Tsitkova, Ted Ts'o, Marshall Vale, Tom Yu. +6622 kinit_fast fails if weak enctype is among client principal keys +6623 Always treat anonymous as preauth required +6624 automated tests for anonymous pkinit +6625 yarrow code does not initialize keyblock enctype and uses unitialized value +6626 Restore interoperability with 1.6 addprinc -randkey +6627 Set enctype in crypto_tests to prevent memory leaks +6628 krb5int_dk_string_to_key fails to set enctype +6629 krb5int_derive_key results in cache with uninitialized values +6630 krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock +6632 Simplify and fix FAST check for keyed checksum type +6634 Use keyed checksum type for DES FAST +6640 Make history key exempt from permitted_enctypes +6642 Add test program for decryption of overly short buffers +6643 Problem with krb5 libcom_err vs. system libcom_err +6644 Change basename of libkadm5 libraries to avoid Heimdal conflict +6645 Add krb5_allow_weak_crypto API +6648 define MIN() in lib/gssapi/krb5/prf.c +6649 Get rid of kdb_ext.h and allow out-of-tree KDB plugins +6651 Handle migration from pre-1.7 databases with master key kvno != 1 (1.8 pullup) +6652 Make decryption of master key list more robust +6653 set_default_enctype_var should filter not reject weak enctypes +6654 Fix greet_server build +6655 Fix cross-realm handling of AD-SIGNEDPATH +6656 krb5int_fast_free_state segfaults if state is null +6657 enc_padata can include empty sequence +6658 Implement gss_set_neg_mechs +6660 Minimal support for updating history key +6662 MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service +6663 update mkrel to deal with changed source layout + +Acknowledgements +---------------- + +Past and present Sponsors of the MIT Kerberos Consortium: + + Apple + Carnegie Mellon University + Centrify Corporation + Columbia University + Cornell University + The Department of Defense of the United States of America (DoD) + Google + Iowa State University + MIT + Michigan State University + Microsoft + The National Aeronautics and Space Administration + of the United States of America (NASA) + Nippon Telephone and Telegraph (NTT) + Oracle + Pennsylvania State University + Red Hat + Stanford University + TeamF1, Inc. + The University of Alaska + The University of Michigan + +Past and present members of the Kerberos Team at MIT: + + Danilo Almeida + Jeffrey Altman + Justin Anderson + Richard Basch + Mitch Berger + Jay Berkenbilt + Andrew Boardman + Bill Bryant + Steve Buckley + Joe Calzaretta + John Carr + Mark Colan + Don Davis + Alexandra Ellwood + Dan Geer + Nancy Gilman + Matt Hancher + Thomas Hardjono + Sam Hartman + Paul Hill + Marc Horowitz + Eva Jacobus + Miroslav Jurisic + Barry Jaspan + Geoffrey King + Kevin Koch + John Kohl + HaoQi Li + Peter Litwack + Scott McGuire + Steve Miller + Kevin Mitchell + Cliff Neuman + Paul Park + Ezra Peisach + Chris Provenzano + Ken Raeburn + Jon Rochlis + Jeff Schiller + Jen Selby + Robert Silk + Bill Sommerfeld + Jennifer Steiner + Ralph Swick + Brad Thompson + Harry Tsai + Zhanna Tsitkova + Ted Ts'o + Marshall Vale + Tom Yu + +The following external contributors have provided code, patches, bug +reports, suggestions, and valuable resources: + + Brandon Allbery + Russell Allbery + Michael B Allen + Derek Atkins + David Bantz + Alex Baule + Arlene Berry + Jeff Blaine + Radoslav Bodo + Emmanuel Bouillon + Michael Calmer + Ravi Channavajhala + Srinivas Cheruku + Howard Chu + Andrea Cirulli + Christopher D. Clausen + Kevin Coffman + Simon Cooper + Sylvain Cortes + Nalin Dahyabhai + Roland Dowdeswell + Jason Edgecombe + Mark Eichin + Shawn M. Emery + Douglas E. Engert + Peter Eriksson + Ronni Feldt + JC Ferguson + William Fiveash + Ákos Frohner + Marcus Granado + Scott Grizzard + Steve Grubb + Philip Guenther + Jakob Haufe + Jeff Hodges + Love Hörnquist Åstrand + Ken Hornstein + Henry B. Hotz + Luke Howard + Shumon Huque + Jeffrey Hutzelman + Wyllys Ingersoll + Holger Isenberg + Mikkel Kruse + Volker Lendecke + Ryan Lynch + Franklyn Mendez + Markus Moeller + Paul Moore + Edward Murrell + Nikos Nikoleris + Dmitri Pal + Javier Palacios + Ezra Peisach + W. Michael Petullo + Mark Phalan + Xu Qiang + Robert Relyea + Martin Rex + Guillaume Rousse + Tom Shaw + Peter Shoults + Simo Sorce + Michael Ströder + Bjørn Tore Sund + Rathor Vipin + Jorgen Wahlsten + Max (Weijun) Wang + John Washington + Marcus Watts + Simon Wilkinson + Nicolas Williams + Ross Wilper + Hanz van Zijst + +The above is not an exhaustive list; many others have contributed in +various ways to the MIT Kerberos development effort over the years. +Other acknowledgments (for bug reports and patches) are in the +doc/CHANGES file. diff --git a/src/patchlevel.h b/src/patchlevel.h index 1b2a0c6ee..407408565 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 8 #define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "alpha1-postrelease" +#define KRB5_RELTAIL "beta1" /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "branches/krb5-1-8" +#define KRB5_RELTAG "tags/krb5-1-8-beta1" -- 2.26.2