======================================================================== * README ======================================================================== Kerberos Version 5, Release 1.21 Release Notes The MIT Kerberos Team Copyright and Other Notices --------------------------- Copyright (C) 1985-2023 by the Massachusetts Institute of Technology and its contributors. All rights reserved. Please see the file named NOTICE for additional notices. Documentation ------------- Unified documentation for Kerberos V5 is available in both HTML and PDF formats. The table of contents of the HTML format documentation is at doc/html/index.html, and the PDF format documentation is in the doc/pdf directory. Additionally, you may find copies of the HTML format documentation online at https://web.mit.edu/kerberos/krb5-latest/doc/ for the most recent supported release, or at https://web.mit.edu/kerberos/krb5-devel/doc/ for the release under development. More information about Kerberos may be found at https://web.mit.edu/kerberos/ and at the MIT Kerberos Consortium web site https://kerberos.org/ Building and Installing Kerberos 5 ---------------------------------- Build documentation is in doc/html/build/index.html or doc/pdf/build.pdf. The installation guide is in doc/html/admin/install.html or doc/pdf/install.pdf. If you are attempting to build under Windows, please see the src/windows/README file. Reporting Bugs -------------- Please report any problems/bugs/comments by sending email to krb5-bugs@mit.edu. You may view bug reports by visiting https://krbdev.mit.edu/rt/ and using the "Guest Login" button. Please note that the web interface to our bug database is read-only for guests, and the primary way to interact with our bug database is via email. PAC transitions --------------- Beginning with release 1.20, the KDC will include minimal PACs in tickets instead of AD-SIGNEDPATH authdata. S4U requests (protocol transition and constrained delegation) must now contain valid PACs in the incoming tickets. Beginning with release 1.21, service ticket PACs will contain a new KDC checksum buffer, to mitigate a hash collision attack against the old KDC checksum. If only some KDCs in a realm have been upgraded across versions 1.20 or 1.21, the upgraded KDCs will reject S4U requests containing tickets from non-upgraded KDCs and vice versa. Triple-DES and RC4 transitions ------------------------------ Beginning with the krb5-1.21 release, the KDC will not issue tickets with triple-DES or RC4 session keys unless explicitly configured using the new allow_des3 and allow_rc4 variables in [libdefaults]. To facilitate the negotiation of session keys, the KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. Beginning with the krb5-1.19 release, a warning will be issued if initial credentials are acquired using the des3-cbc-sha1 encryption type. Beginning with the krb5-1.21 release, a warning will also be issued for the arcfour-hmac encryption type. In future releases, these encryption types will be disabled by default and eventually removed. Beginning with the krb5-1.18 release, all support for single-DES encryption types has been removed. Major changes in 1.21.1 (2023-07-10) ------------------------------------ This is a bug fix release. * Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. krb5-1.21.1 changes by ticket ID -------------------------------- 9099 Ensure array count consistency in kadm5 RPC Major changes in 1.21 (2023-06-05) ---------------------------------- User experience: * Added a credential cache type providing compatibility with the macOS 11 native credential cache. Developer experience: * libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own. * Added an interface to retrieve the ticket session key from a GSS context. Protocol evolution: * The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. * Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack. * The PKINIT client will advertise a more modern set of supported CMS algorithms. Code quality: * Removed unused code in libkrb5, libkrb5support, and the PKINIT module. * Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code. * Improved the test framework's detection of memory errors in daemon processes when used with asan. krb5-1.21 changes by ticket ID ------------------------------ 9052 Support macOS 11 native credential cache 9053 Make kprop work for dump files larger than 4GB 9054 Replace macros with typedefs in gssrpc types.h 9055 Use SHA-256 instead of SHA-1 for PKINIT CMS digest 9057 Omit LDFLAGS from krb5-config --libs output 9058 Add configure variable for default PKCS#11 module 9059 Use context profile for libkadm5 configuration 9066 Set reasonable supportedCMSTypes in PKINIT 9069 Update error checking for OpenSSL CMS_verify 9071 Add and use ts_interval() helper 9072 Avoid small read overrun in UTF8 normalization 9076 Use memmove() in Unicode functions 9077 Fix aclocal.m4 syntax error for autoconf 2.72 9078 Fix profile crash on memory exhaustion 9079 Fix preauth crash on memory exhaustion 9080 Fix gic_keytab crash on memory exhaustion 9082 Fix policy DB fallback error handling 9083 Fix kpropd crash with unrecognized option 9084 Add PAC full checksums 9085 Fix read overruns in SPNEGO parsing 9086 Fix possible double-free during KDB creation 9087 Fix meridian type in getdate.y 9088 Use control flow guard flag in Windows builds 9089 Add pac_privsvr_enctype string attribute 9090 Convey realm names to certauth modules 9091 Add GSS_C_INQ_ODBC_SESSION_KEY 9092 Fix maintainer-mode build for binutils 2.37 9093 Add PA-REDHAT-PASSKEY padata type Acknowledgements ---------------- Past Sponsors of the MIT Kerberos Consortium: Apple Carnegie Mellon University Centrify Corporation Columbia University Cornell University The Department of Defense of the United States of America (DoD) Fidelity Investments Google Iowa State University MIT Michigan State University Microsoft MITRE Corporation Morgan-Stanley The National Aeronautics and Space Administration of the United States of America (NASA) Network Appliance (NetApp) Nippon Telephone and Telegraph (NTT) US Government Office of the National Coordinator for Health Information Technology (ONC) Oracle Pennsylvania State University Red Hat Stanford University TeamF1, Inc. The University of Alaska The University of Michigan The University of Pennsylvania Past and present members of the Kerberos Team at MIT: Danilo Almeida Jeffrey Altman Justin Anderson Richard Basch Mitch Berger Jay Berkenbilt Andrew Boardman Bill Bryant Steve Buckley Joe Calzaretta John Carr Mark Colan Don Davis Sarah Day Alexandra Ellwood Carlos Garay Dan Geer Nancy Gilman Matt Hancher Thomas Hardjono Sam Hartman Paul Hill Marc Horowitz Eva Jacobus Miroslav Jurisic Barry Jaspan Benjamin Kaduk Geoffrey King Kevin Koch John Kohl HaoQi Li Jonathan Lin Peter Litwack Scott McGuire Steve Miller Kevin Mitchell Cliff Neuman Paul Park Ezra Peisach Chris Provenzano Ken Raeburn Jon Rochlis Jeff Schiller Jen Selby Robert Silk Bill Sommerfeld Jennifer Steiner Ralph Swick Brad Thompson Harry Tsai Zhanna Tsitkova Ted Ts'o Marshall Vale Taylor Yu The following external contributors have provided code, patches, bug reports, suggestions, and valuable resources: Ian Abbott Daniel Albers Brandon Allbery Russell Allbery Brian Almeida Michael B Allen Pooja Anil Jeffrey Arbuckle Heinz-Ado Arnolds Derek Atkins Mark Bannister David Bantz Alex Baule Nikhil Benesch David Benjamin Thomas Bernard Adam Bernstein Arlene Berry Jeff Blaine Toby Blake Radoslav Bodo Alexander Bokovoy Sumit Bose Emmanuel Bouillon Isaac Boukris Ulf Bremer Pavel Březina Philip Brown Samuel Cabrero Michael Calmer Andrea Campi Julien Chaffraix Puran Chand Ravi Channavajhala Srinivas Cheruku Leonardo Chiquitto Rachit Chokshi Seemant Choudhary Howard Chu Andrea Cirulli Christopher D. Clausen Kevin Coffman Simon Cooper Sylvain Cortes Ian Crowther Arran Cudbard-Bell Adam Dabrowski Jeff D'Angelo Nalin Dahyabhai Mark Davies Dennis Davis Alex Dehnert Misty De Meo Mark Deneen Günther Deschner John Devitofranceschi Marc Dionne Roland Dowdeswell Ken Dreyer Dorian Ducournau Viktor Dukhovni Jason Edgecombe Mark Eichin Shawn M. Emery Douglas E. Engert Peter Eriksson Juha Erkkilä Gilles Espinasse Sergey Fedorov Ronni Feldt Bill Fellows JC Ferguson Remi Ferrand Paul Fertser Fabiano Fidêncio Frank Filz William Fiveash Jacques Florent Oliver Freyermuth Ákos Frohner Sebastian Galiano Marcus Granado Dylan Gray Norm Green Scott Grizzard Helmut Grohne Steve Grubb Philip Guenther Timo Gurr Dominic Hargreaves Robbie Harwood John Hascall Jakob Haufe Matthieu Hautreux Jochen Hein Paul B. Henson Kihong Heo Jeff Hodges Christopher Hogan Love Hörnquist Åstrand Ken Hornstein Henry B. Hotz Luke Howard Jakub Hrozek Shumon Huque Jeffrey Hutzelman Sergey Ilinykh Wyllys Ingersoll Holger Isenberg Spencer Jackson Diogenes S. Jesus Mike Jetzer Pavel Jindra Brian Johannesmeyer Joel Johnson Lutz Justen Ganesh Kamath Alexander Karaivanov Anders Kaseorg Bar Katz Zentaro Kavanagh Mubashir Kazia W. Trevor King Patrik Kis Martin Kittel Thomas Klausner Tomasz Kłoczko Matthew Krupcale Mikkel Kruse Reinhard Kugler Harshawardhan Kulkarni Tomas Kuthan Pierre Labastie Andreas Ladanyi Chris Leick Volker Lendecke Jan iankko Lieskovsky Todd Lipcon Oliver Loch Chris Long Kevin Longfellow Frank Lonigro Jon Looney Nuno Lopes Todd Lubin Ryan Lynch Glenn Machin Roland Mainz Sorin Manolache Robert Marshall Andrei Maslennikov Michael Mattioli Nathaniel McCallum Greg McClement Cameron Meadors Vipul Mehta Alexey Melnikov Ivan A. Melnikov Franklyn Mendez Mantas Mikulėnas Markus Moeller Kyle Moffett Paul Moore Keiichi Mori Michael Morony Robert Morris Sam Morris Zbysek Mraz Edward Murrell Joshua Neuheisel Nikos Nikoleris Demi Obenour Felipe Ortega Michael Osipov Andrej Ota Dmitri Pal Javier Palacios Dilyan Palauzov Tom Parker Eric Pauly Leonard Peirce Ezra Peisach Alejandro Perez Zoran Pericic W. Michael Petullo Mark Phalan Sharwan Ram Brett Randall Jonathan Reams Jonathan Reed Robert Relyea Tony Reix Martin Rex Pat Riehecky Julien Rische Jason Rogers Matt Rogers Nate Rosenblum Solly Ross Mike Roszkowski Guillaume Rousse Joshua Schaeffer Alexander Scheel Jens Schleusener Ryan Schmidt Andreas Schneider Paul Seyfert Tom Shaw Jim Shi Jerry Shipman Peter Shoults Richard Silverman Cel Skeggs Simo Sorce Michael Spang Michael Ströder Bjørn Tore Sund Ondřej Surý Joseph Sutton Joe Travaglini Sergei Trofimovich Greg Troxel Fraser Tweedale Tim Uglow Rathor Vipin Denis Vlasenko Thomas Wagner Jorgen Wahlsten Stef Walter Max (Weijun) Wang John Washington Stef Walter Xi Wang Nehal J Wani Kevin Wasserman Margaret Wasserman Marcus Watts Andreas Wiese Simon Wilkinson Nicolas Williams Ross Wilper Augustin Wolf Garrett Wollman David Woodhouse Tsu-Phong Wu Xu Qiang Neng Xue Zhaomo Yang Tianjiao Yin Nickolai Zeldovich Bean Zhang ChenChen Zhou Hanz van Zijst Gertjan Zwartjes The above is not an exhaustive list; many others have contributed in various ways to the MIT Kerberos development effort over the years. ======================================================================== * src/appl/gss-sample/README ======================================================================== # Copyright 1993 by OpenVision Technologies, Inc. # # Permission to use, copy, modify, distribute, and sell this software # and its documentation for any purpose is hereby granted without fee, # provided that the above copyright notice appears in all copies and # that both that copyright notice and this permission notice appear in # supporting documentation, and that the name of OpenVision not be used # in advertising or publicity pertaining to distribution of the software # without specific, written prior permission. OpenVision makes no # representations about the suitability of this software for any # purpose. It is provided "as is" without express or implied warranty. # # OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, # INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO # EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR # CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF # USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR # OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. This directory contains a sample GSS-API client and server application. In addition to serving as an example of GSS-API programming, this application is also intended to be a tool for testing the performance of GSS-API implementations. Each time the client is invoked, it performs one or more exchanges with the server. Each exchange with the server consists primarily of the following steps: 1. A TCP/IP connection is established. 2. (optional, on by default) The client and server establish a GSS-API context, and the server prints the identify of the client. / 3. The client sends a message to the server. The message may / be plaintext, cryptographically "signed" but not encrypted, | or encrypted (default). | 0 or | 4. The server decrypts the message (if necessary), verifies more | its signature (if there is one) and prints it. times| | 5. The server sends either a signature block (the default) or an | empty token back to the client to acknowledge the message. \ \ 6. If the server sent a signature block, the client verifies it and prints a message indicating that it was verified. 7. The client sends an empty block to the server to tell it that the exchange is finished. 8. The client and server close the TCP/IP connection and destroy the GSS-API context. The client also supports the -v1 flag which uses an older exchange format compatible with previous releases of Kerberos and with samples shipped in the Microsoft SDK. The server's command line usage is gss-server [-port port] [-verbose] [-once] [-inetd] [-export] [-logfile file] service_name where service_name is a GSS-API service name of the form "service@host" (or just "service", in which case the local host name is used). The command-line options have the following meanings: -port The TCP port on which to accept connections. Default is 4444. -once Tells the server to exit after a single exchange, rather than persisting. -inetd Tells the server that it is running out of inetd, so it should interact with the client on stdin rather than binding to a network port. Implies "-once". -export Tells the server to test the gss_export_sec_context function after establishing a context with a client. -logfile The file to which the server should append its output, rather than sending it to stdout. The client's command line usage is gss-client [-port port] [-mech mechanism] [-d] [-f] [-q] [-seq] [-noreplay] [-nomutual] [-dce] [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm] host service_name msg where host is the host running the server, service_name is the service name that the server will establish connections as (if you don't specify the host name in the service name when running gss-server, and it's running on a different machine from gss-client, make sure to specify the server's host name in the service name you specify to gss-client!) and msg is the message. The command-line options have the following meanings: -port The TCP port to which to connect. Default is 4444. -mech The OID of the GSS-API mechanism to use. -d Tells the client to delegate credentials to the server. For the Kerberos GSS-API mechanism, this means that a forwardable TGT will be sent to the server, which will put it in its credential cache (you must have acquired your tickets with "kinit -f" for this to work). -seq Tells the client to enforce ordered message delivery via sequencing. -noreplay Tells the client to disable the use of replay detection. -dce Tells the client to request DCE-style authentication. -nomutual Tells the client to disable the use of mutual authentication. -f Tells the client that the "msg" argument is actually the name of a file whose contents should be used as the message. -q Tells the client to be quiet, i.e., to only print error messages. -ccount Specifies how many sessions the client should initiate with the server (the "connection count"). -mcount Specifies how many times the message should be sent to the server in each session (the "message count"). -na Tells the client not to do any authentication with the server. Implies "-nw", "-nx" and "-nm". -nw Tells the client not to "wrap" messages. Implies "-nx". -nx Tells the client not to encrypt messages. -nm Tells the client not to ask the server to send back a cryptographic checksum ("MIC"). To run the server on a host, you need to make sure that the principal corresponding to service_name is in the default keytab on the server host, and that the gss-server process can read the keytab. For example, the service name "host@server" corresponds to the Kerberos principal "host/server.domain.com@REALM". This sample application uses the following GSS-API functions: gss_accept_sec_context gss_inquire_names_for_mech gss_acquire_cred gss_oid_to_str gss_delete_sec_context gss_release_buffer gss_display_name gss_release_cred gss_display_status gss_release_name gss_export_sec_context gss_release_oid gss_get_mic gss_release_oid_set gss_import_name gss_str_to_oid gss_import_sec_context gss_unwrap gss_init_sec_context gss_verify_mic gss_inquire_context gss_wrap This application was originally written by Barry Jaspan of OpenVision Technologies, Inc. It was updated significantly by Jonathan Kamens of OpenVision Technologies, Inc. $Id$ ======================================================================== * src/lib/krb5/unicode/ucdata/README ======================================================================== # # $Id: README,v 1.33 2001/01/02 18:46:19 mleisher Exp $ # MUTT UCData Package 2.5 ----------------------- This is a package that supports ctype-like operations for Unicode UCS-2 text (and surrogates), case mapping, decomposition lookup, and provides a bidirectional reordering algorithm. To use it, you will need to get the latest "UnicodeData-*.txt" (or later) file from the Unicode Web or FTP site. The character information portion of the package consists of three parts: 1. A program called "ucgendat" which generates five data files from the UnicodeData-*.txt file. The files are: A. case.dat - the case mappings. B. ctype.dat - the character property tables. C. comp.dat - the character composition pairs. D. decomp.dat - the character decompositions. E. cmbcl.dat - the non-zero combining classes. F. num.dat - the codes representing numbers. 2. The "ucdata.[ch]" files which implement the functions needed to check to see if a character matches groups of properties, to map between upper, lower, and title case, to look up the decomposition of a character, look up the combining class of a character, and get the number value of a character. 3. The UCData.java class which provides the same API (with minor changes for the numbers) and loads the same binary data files as the C code. A short reference to the functions available is in the "api.txt" file. Techie Details ============== The "ucgendat" program parses files from the command line which are all in the Unicode Character Database (UCDB) format. An additional properties file, "MUTTUCData.txt", provides some extra properties for some characters. The program looks for the two character properties fields (2 and 4), the combining class field (3), the decomposition field (5), the numeric value field (8), and the case mapping fields (12, 13, and 14). The decompositions are recursively expanded before being written out. The decomposition table contains all the canonical decompositions. This means all decompositions that do not have tags such as "" or "". The data is almost all stored as unsigned longs (32-bits assumed) and the routines that load the data take care of endian swaps when necessary. This also means that supplementary characters (>= 0x10000) can be placed in the data files the "ucgendat" program parses. The data is written as external files and broken into six parts so it can be selectively updated at runtime if necessary. The data files currently generated from the "ucgendat" program total about 56K in size all together. The format of the binary data files is documented in the "format.txt" file. ========================================================================== The "Pretty Good Bidi Algorithm" -------------------------------- This routine provides an alternative to the Unicode Bidi algorithm. The difference is that this version of the PGBA does not handle the explicit directional codes (LRE, RLE, LRO, RLO, PDF). It should now produce the same results as the Unicode BiDi algorithm for implicit reordering. Included are functions for doing cursor motion in both logical and visual order. This implementation is provided to demonstrate an effective alternate method for implicit reordering. To make this useful for an application, it probably needs some changes to the memory allocation and deallocation, as well as data structure additions for rendering. Mark Leisher 19 November 1999 ----------------------------------------------------------------------------- CHANGES ======= Version 2.5 ----------- 1. Changed the number lookup to set the denominator to 1 in cases of digits. This restores functional compatibility with John Cowan's UCType package. 2. Added support for the AL property. 3. Modified load and reload functions to return error codes. Version 2.4 ----------- 1. Improved some bidi algorithm documentation in the code. 2. Fixed a code mixup that produced a non-working version. Version 2.3 ----------- 1. Fixed a misspelling in the ucpgba.h header file. 2. Fixed a bug which caused trailing weak non-digit sequences to be left out of the reordered string in the bidi algorithm. 3. Fixed a problem with weak sequences containing non-spacing marks in the bidi algorithm. 4. Fixed a problem with text runs of the opposite direction of the string surrounding a weak + neutral text run appearing in the wrong order in the bidi algorithm. 5. Added a default overall direction parameter to the reordering function for cases of strings with no strong directional characters in the bidi algorithm. 6. The bidi API documentation was improved. 7. Added a man page for the bidi API. Version 2.2 ----------- 1. Fixed a problem with the bidi algorithm locating directional section boundaries. 2. Fixed a problem with the bidi algorithm starting the reordering correctly. 3. Fixed a problem with the bidi algorithm determining end boundaries for LTR segments. 4. Fixed a problem with the bidi algorithm reordering weak (digits and number separators) segments. 5. Added automatic switching of symmetrically paired characters when reversing RTL segments. 6. Added a missing symmetric character to the extra character properties in MUTTUCData.txt. 7. Added support for doing logical and visual cursor traversal. Version 2.1 ----------- 1. Updated the ucgendat program to handle the Unicode 3.0 character database properties. The AL and BM bidi properties gets marked as strong RTL and Other Neutral, the NSM, LRE, RLE, PDF, LRO, and RLO controls all get marked as Other Neutral. 2. Fixed some problems with testing against signed values in the UCData.java code and some minor cleanup. 3. Added the "Pretty Good Bidi Algorithm." Version 2.0 ----------- 1. Removed the old Java stuff for a new class that loads directly from the same data files as the C code does. 2. Fixed a problem with choosing the correct field when mapping case. 3. Adjust some search routines to start their search in the correct position. 4. Moved the copyright year to 1999. Version 1.9 ----------- 1. Fixed a problem with an incorrect amount of storage being allocated for the combining class nodes. 2. Fixed an invalid initialization in the number code. 3. Changed the Java template file formatting a bit. 4. Added tables and function for getting decompositions in the Java class. Version 1.8 ----------- 1. Fixed a problem with adding certain ranges. 2. Added two more macros for testing for identifiers. 3. Tested with the UnicodeData-2.1.5.txt file. Version 1.7 ----------- 1. Fixed a problem with looking up decompositions in "ucgendat." Version 1.6 ----------- 1. Added two new properties introduced with UnicodeData-2.1.4.txt. 2. Changed the "ucgendat.c" program a little to automatically align the property data on a 4-byte boundary when new properties are added. 3. Changed the "ucgendat.c" programs to only generate canonical decompositions. 4. Added two new macros ucisinitialpunct() and ucisfinalpunct() to check for initial and final punctuation characters. 5. Minor additions and changes to the documentation. Version 1.5 ----------- 1. Changed all file open calls to include binary mode with "b" for DOS/WIN platforms. 2. Wrapped the unistd.h include so it won't be included when compiled under Win32. 3. Fixed a bad range check for hex digits in ucgendat.c. 4. Fixed a bad endian swap for combining classes. 5. Added code to make a number table and associated lookup functions. Functions added are ucnumber(), ucdigit(), and ucgetnumber(). The last function is to maintain compatibility with John Cowan's "uctype" package. Version 1.4 ----------- 1. Fixed a bug with adding a range. 2. Fixed a bug with inserting a range in order. 3. Fixed incorrectly specified ucisdefined() and ucisundefined() macros. 4. Added the missing unload for the combining class data. 5. Fixed a bad macro placement in ucisweak(). Version 1.3 ----------- 1. Bug with case mapping calculations fixed. 2. Bug with empty character property entries fixed. 3. Bug with incorrect type in the combining class lookup fixed. 4. Some corrections done to api.txt. 5. Bug in certain character property lookups fixed. 6. Added a character property table that records the defined characters. 7. Replaced ucisunknown() with ucisdefined() and ucisundefined(). Version 1.2 ----------- 1. Added code to ucgendat to generate a combining class table. 2. Fixed an endian problem with the byte count of decompositions. 3. Fixed some minor problems in the "format.txt" file. 4. Removed some bogus "Ss" values from MUTTUCData.txt file. 5. Added API function to get combining class. 6. Changed the open mode to "rb" so binary data files will be opened correctly on DOS/WIN as well as other platforms. 7. Added the "api.txt" file. Version 1.1 ----------- 1. Added ucisxdigit() which I overlooked. 2. Added UC_LT to the ucisalpha() macro which I overlooked. 3. Change uciscntrl() to include UC_CF. 4. Added ucisocntrl() and ucfntcntrl() macros. 5. Added a ucisblank() which I overlooked. 6. Added missing properties to ucissymbol() and ucisnumber(). 7. Added ucisgraph() and ucisprint(). 8. Changed the "Mr" property to "Sy" to mark this subset of mirroring characters as symmetric to avoid trampling the Unicode/ISO10646 sense of mirroring. 9. Added another property called "Ss" which includes control characters traditionally seen as spaces in the isspace() macro. 10. Added a bunch of macros to be API compatible with John Cowan's package. ACKNOWLEDGEMENTS ================ Thanks go to John Cowan for pointing out lots of missing things and giving me stuff, particularly a bunch of new macros. Thanks go to Bob Verbrugge for pointing out various bugs. Thanks go to Christophe Pierret for pointing out that file modes need to have "b" for DOS/WIN machines, pointing out unistd.h is not a Win 32 header, and pointing out a problem with ucisalnum(). Thanks go to Kent Johnson for finding a bug that caused incomplete decompositions to be generated by the "ucgendat" program. Thanks go to Valeriy E. Ushakov for spotting an allocation error and an initialization error. Thanks go to Stig Venaas for providing a patch to support return types on load and reload, and for major updates to handle canonical composition and decomposition. ======================================================================== * src/plugins/preauth/spake/AUTHORS ======================================================================== # This is the official list of fiat-crypto authors for copyright purposes. # This file is distinct from the CONTRIBUTORS files. # See the latter for an explanation. # Names should be added to this file as one of # Organization's name # Individual's name # Individual's name # See CONTRIBUTORS for the meaning of multiple email addresses. # Please keep the list sorted. Andres Erbsen Google Inc. Jade Philipoom Massachusetts Institute of Technology ======================================================================== * doc/copyright.rst, doc/html/_sources/copyright.rst.txt ======================================================================== Copyright ========= Copyright |copy| 1985-2023 by the Massachusetts Institute of Technology and its contributors. All rights reserved. See :ref:`mitK5license` for additional copyright and license information. ======================================================================== * src/lib/gssapi/LICENSE ======================================================================== [ NOTE: MIT has only incorporated the mechglue and spnego change, and not the incremental propagation changes. The filenames are different between the Sun and MIT sources. The actual MIT filenames appear in the top-level README file. Original text of Sun's LICENSE file follows. ] Subject to the license set forth below, Sun Microsystems, Inc. donates the attached files to MIT for the purpose of including these modifications and additions in future versions of the Kerberos system. Many of the files attached are subject to licenses issued by other entities, including OpenVision, MIT, and FundsXpress. See the individual files, and/or related Readme files, for these licenses. In addition Sun requires that the license set forth below be incorporated into any future version of the Kerberos system which contains portions of the files attached. The following files must be listed, in the top level Readme file, as being provided subject to such license: cmd/krb5/iprop/iprop.x cmd/krb5/iprop/iprop_hdr.h cmd/krb5/kadmin/server/ipropd_svc.c cmd/krb5/kproplog/kproplog.c cmd/krb5/slave/kpropd_rpc.c lib/gss_mechs/mech_krb5/et/kdb5_err.c lib/gss_mechs/mech_spnego/mech/gssapiP_spnego.h lib/gss_mechs/mech_spnego/mech/spnego_mech.c lib/krb5/kadm5/kadm_host_srv_names.c lib/krb5/kdb/kdb_convert.c lib/krb5/kdb/kdb_hdr.h lib/krb5/kdb/kdb_log.c lib/krb5/kdb/kdb_log.h lib/libgss/g_accept_sec_context.c lib/libgss/g_acquire_cred.c lib/libgss/g_canon_name.c lib/libgss/g_compare_name.c lib/libgss/g_context_time.c lib/libgss/g_delete_sec_context.c lib/libgss/g_dsp_name.c lib/libgss/g_dsp_status.c lib/libgss/g_dup_name.c lib/libgss/g_exp_sec_context.c lib/libgss/g_export_name.c lib/libgss/g_glue.c lib/libgss/g_imp_name.c lib/libgss/g_imp_sec_context.c lib/libgss/g_init_sec_context.c lib/libgss/g_initialize.c lib/libgss/g_inquire_context.c lib/libgss/g_inquire_cred.c lib/libgss/g_inquire_names.c lib/libgss/g_process_context.c lib/libgss/g_rel_buffer.c lib/libgss/g_rel_cred.c lib/libgss/g_rel_name.c lib/libgss/g_rel_oid_set.c lib/libgss/g_seal.c lib/libgss/g_sign.c lib/libgss/g_store_cred.c lib/libgss/g_unseal.c lib/libgss/g_userok.c lib/libgss/g_utils.c lib/libgss/g_verify.c lib/libgss/gssd_pname_to_uid.c uts/common/gssapi/include/gssapi_err_generic.h uts/common/gssapi/include/mechglueP.h Sun's License is as follows: Copyright (c) 2004 Sun Microsystems, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.