======================================================================== * krb5 README ======================================================================== Kerberos Version 5, Release 1.15 Release Notes The MIT Kerberos Team Copyright and Other Notices --------------------------- Copyright (C) 1985-2017 by the Massachusetts Institute of Technology and its contributors. All rights reserved. Please see the file named NOTICE for additional notices. Documentation ------------- Unified documentation for Kerberos V5 is available in both HTML and PDF formats. The table of contents of the HTML format documentation is at doc/html/index.html, and the PDF format documentation is in the doc/pdf directory. Additionally, you may find copies of the HTML format documentation online at http://web.mit.edu/kerberos/krb5-latest/doc/ for the most recent supported release, or at http://web.mit.edu/kerberos/krb5-devel/doc/ for the release under development. More information about Kerberos may be found at http://web.mit.edu/kerberos/ and at the MIT Kerberos Consortium web site http://kerberos.org/ Building and Installing Kerberos 5 ---------------------------------- Build documentation is in doc/html/build/index.html or doc/pdf/build.pdf. The installation guide is in doc/html/admin/install.html or doc/pdf/install.pdf. If you are attempting to build under Windows, please see the src/windows/README file. Reporting Bugs -------------- Please report any problems/bugs/comments by sending email to krb5-bugs@mit.edu. You may view bug reports by visiting http://krbdev.mit.edu/rt/ and using the "Guest Login" button. Please note that the web interface to our bug database is read-only for guests, and the primary way to interact with our bug database is via email. DES transition -------------- The Data Encryption Standard (DES) is widely recognized as weak. The krb5-1.7 release contains measures to encourage sites to migrate away from using single-DES cryptosystems. Among these is a configuration variable that enables "weak" enctypes, which defaults to "false" beginning with krb5-1.8. Major changes in 1.15.1 (2017-03-01) ------------------------------------ This is a bug fix release. * Allow KDB modules to determine how the e_data field of principal fields is freed * Fix udp_preference_limit when the KDC location is configured with SRV records * Fix KDC and kadmind startup on some IPv4-only systems * Fix the processing of PKINIT certificate matching rules which have two components and no explicit relation * Improve documentation krb5-1.15.1 changes by ticket ID -------------------------------- 7940 PKINIT docs only work for one-component client principals 8523 Add krbPwdPolicy attributes to kerberos.ldif 8524 Add caveats to krbtgt change documentation 8525 Fix error handling in PKINIT decode_data() 8530 KDC/kadmind explicit wildcard listener addresses do not use pktinfo 8531 KDC/kadmind may fail to start on IPv4-only systems 8532 Fix GSSAPI authind attribute name in docs 8538 Need a way to free KDB module e_data 8540 Document default realm and login authorization 8552 Add GSSAPI S4U documentation 8553 Fix PKINIT two-component matching rule parsing 8554 udp_preference_limit fails with SRV records Major changes in 1.15 (2016-12-01) ---------------------------------- Administrator experience: * Improve support for multihomed Kerberos servers by adding options for specifying restricted listening addresses for the KDC and kadmind. * Add support to kadmin for remote extraction of current keys without changing them (requires a special kadmin permission that is excluded from the wildcard permission), with the exception of highly protected keys. * Add a lockdown_keys principal attribute to prevent retrieval of the principal's keys (old or new) via the kadmin protocol. In newly created databases, this attribute is set on the krbtgt and kadmin principals. * Restore recursive dump capability for DB2 back end, so sites can more easily recover from database corruption resulting from power failure events. * Add DNS auto-discovery of KDC and kpasswd servers from URI records, in addition to SRV records. URI records can convey TCP and UDP servers and master KDC status in a single DNS lookup, and can also point to HTTPS proxy servers. * Add support for password history to the LDAP back end. * Add support for principal renaming to the LDAP back end. * Use the getrandom system call on supported Linux kernels to avoid blocking problems when getting entropy from the operating system. * In the PKINIT client, use the correct DigestInfo encoding for PKCS #1 signatures, so that some especially strict smart cards will work. Code quality: * Clean up numerous compilation warnings. * Remove various infrequently built modules, including some preauth modules that were not built by default. Developer experience: * Add support for building with OpenSSL 1.1. * Use SHA-256 instead of MD5 for (non-cryptographic) hashing of authenticators in the replay cache. This helps sites that must build with FIPS 140 conformant libraries that lack MD5. * Eliminate util/reconf and allow the use of autoreconf alone to regenerate the configure script. Protocol evolution: * Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements. krb5-1.15 changes by ticket ID ------------------------------ 1093 KDC could use feature to limit listening interfaces 5889 password history doesn't work with LDAP KDB 6666 some non-default plugin directories don't build in 1.8 branch 7852 kadmin.local's ktadd -norandkey does not handle multiple kvnos in the KDB 7985 Add krb5_get_init_creds_opt_set_pac_request 8065 Renaming principals with LDAP KDB deletes the principal 8277 iprop can choose wrong realm 8278 Add krb5_expand_hostname() API 8280 Fix impersonate_name to work with interposers 8295 kdb5_ldap_stash_service_password() stash file logic needs tweaking 8297 jsonwalker.py test fails 8298 Audit Test fails when system has IPV6 address 8299 Remove util/reconf 8329 Only run export-check.pl in maintainer mode 8344 Create KDC and kadmind log files with mode 0640 8345 Remove nss libk5crypto implementation 8348 Remove workaround when binding to udp addresses and pktinfo isn't supported by the system 8353 Replace MD5 use in rcache with SHA-256 8354 Only store latest keys in key history entry 8355 Add kadm5_setkey_principal_4 RPC to kadmin 8364 Add get_principal_keys RPC to kadmin 8365 Add the ability to lock down principal keys 8366 Increase initial DNS buffer size 8368 Remove hdb KDB module 8371 Improve libkadm5 client RPC thread safety 8372 Use cached S4U2Proxy tickets in GSSAPI 8374 Interoperate with incomplete SPNEGO responses 8375 Allow zero cksumtype in krb5_k_verify_checksum() 8379 Add auth indicator handling to libkdb_ldap 8381 Don't fall back to master on password read error 8386 Add KDC pre-send and post-receive KDC hooks 8388 Remove port 750 from the KDC default ports 8389 Make profile includedir accept all *.conf files 8391 Add kinit long option support for all platforms 8393 Password Expiration "Never" Inconsistently Applied 8394 Add debug message filtering to krb5_klog_syslog 8396 Skip password prompt when running ksu as root 8398 Add libk5crypto support for OpenSSL 1.1.0 8399 Unconstify some krb5 GSS OIDs 8403 kinit documentation page 8404 Remove non-DFSG documentation 8405 Work around python-ldap bug in kerberos.ldif 8412 Link correct VS2015 C libraries for debug builds 8414 Use library malloc for principal, policy entries 8418 Add libkdb function to specialize principal's salt 8419 Do not indicate deprecated GSS mechanisms 8423 Add SPNEGO special case for NTLMSSP+MechListMIC 8425 Add auth-indicator authdata module 8426 test_check_allowed_to_delegate() should free unparsed princ output 8428 Minimize timing leaks in PKINIT decryption 8429 Fix Makefile for paths containing '+' character 8434 Fix memory leak in old gssrpc authentication 8436 Update libev sources to 4.22 8446 Fix leak in key change operations 8451 Add hints for -A flag to kdestroy 8456 Add the kprop-port option to kadmind 8462 Better handle failures to resolve client keytab 8464 Set prompt type for OTP preauth prompt 8465 Improve bad password inference in kinit 8466 Rename k5-queue.h macros 8471 Change KDC error for encrypted timestamp preauth 8476 Restore recursive dump functionality 8478 usability improvements for bttest 8488 Stop generating doc/CHANGES 8490 Add aes-sha2 enctype support 8494 Add krb5_db_register_keytab() 8496 Add KDC discovery from URI records 8498 Potential memory leak in prepare_error_as() 8499 Use getrandom system call on recent Linux kernels 8500 Document krb5_kt_next_entry() requirement 8502 ret_boolean in profile_get_boolean() should be krb5_boolean * instead of int * 8504 Properly handle EOF condition on libkrad sockets 8506 PKINIT fails with PKCS#11 middlware that implements PKCS#1 V2.1 8507 Suggest unlocked iteration for mkey rollover 8508 Clarify krb5_kt_resolve() API documentation 8509 Leak in krb5_cccol_have_content with truncated ccache 8510 Update features list for 1.15 8512 Fix detection of libaceclnt for securid_sam2 8513 Add doxygen comments for RFC 8009, RFC 4757 8514 Make zap() more reliable 8516 Fix declaration without type in t_shs3.c 8520 Relicense ccapi/common/win/OldCC/autolock.hxx 8521 Allow slapd path configuration in t_kdb.py Acknowledgements ---------------- Past Sponsors of the MIT Kerberos Consortium: Apple Carnegie Mellon University Centrify Corporation Columbia University Cornell University The Department of Defense of the United States of America (DoD) Fidelity Investments Google Iowa State University MIT Michigan State University Microsoft MITRE Corporation Morgan-Stanley The National Aeronautics and Space Administration of the United States of America (NASA) Network Appliance (NetApp) Nippon Telephone and Telegraph (NTT) US Government Office of the National Coordinator for Health Information Technology (ONC) Oracle Pennsylvania State University Red Hat Stanford University TeamF1, Inc. The University of Alaska The University of Michigan The University of Pennsylvania Past and present members of the Kerberos Team at MIT: Danilo Almeida Jeffrey Altman Justin Anderson Richard Basch Mitch Berger Jay Berkenbilt Andrew Boardman Bill Bryant Steve Buckley Joe Calzaretta John Carr Mark Colan Don Davis Sarah Day Alexandra Ellwood Carlos Garay Dan Geer Nancy Gilman Matt Hancher Thomas Hardjono Sam Hartman Paul Hill Marc Horowitz Eva Jacobus Miroslav Jurisic Barry Jaspan Benjamin Kaduk Geoffrey King Kevin Koch John Kohl HaoQi Li Jonathan Lin Peter Litwack Scott McGuire Steve Miller Kevin Mitchell Cliff Neuman Paul Park Ezra Peisach Chris Provenzano Ken Raeburn Jon Rochlis Jeff Schiller Jen Selby Robert Silk Bill Sommerfeld Jennifer Steiner Ralph Swick Brad Thompson Harry Tsai Zhanna Tsitkova Ted Ts'o Marshall Vale Tom Yu The following external contributors have provided code, patches, bug reports, suggestions, and valuable resources: Ian Abbott Brandon Allbery Russell Allbery Brian Almeida Michael B Allen Heinz-Ado Arnolds Derek Atkins Mark Bannister David Bantz Alex Baule David Benjamin Thomas Bernard Adam Bernstein Arlene Berry Jeff Blaine Radoslav Bodo Sumit Bose Emmanuel Bouillon Philip Brown Michael Calmer Andrea Campi Julien Chaffraix Ravi Channavajhala Srinivas Cheruku Leonardo Chiquitto Seemant Choudhary Howard Chu Andrea Cirulli Christopher D. Clausen Kevin Coffman Simon Cooper Sylvain Cortes Ian Crowther Arran Cudbard-Bell Jeff D'Angelo Nalin Dahyabhai Mark Davies Dennis Davis Alex Dehnert Mark Deneen Günther Deschner John Devitofranceschi Roland Dowdeswell Viktor Dukhovni Jason Edgecombe Mark Eichin Shawn M. Emery Douglas E. Engert Peter Eriksson Juha Erkkilä Gilles Espinasse Ronni Feldt Bill Fellows JC Ferguson Remi Ferrand Paul Fertser William Fiveash Jacques Florent Ákos Frohner Sebastian Galiano Marcus Granado Scott Grizzard Helmut Grohne Steve Grubb Philip Guenther Dominic Hargreaves Robbie Harwood Jakob Haufe Matthieu Hautreux Jochen Hein Paul B. Henson Jeff Hodges Christopher Hogan Love Hörnquist Åstrand Ken Hornstein Henry B. Hotz Luke Howard Jakub Hrozek Shumon Huque Jeffrey Hutzelman Wyllys Ingersoll Holger Isenberg Spencer Jackson Diogenes S. Jesus Pavel Jindra Brian Johannesmeyer Joel Johnson Anders Kaseorg W. Trevor King Patrik Kis Mikkel Kruse Reinhard Kugler Tomas Kuthan Pierre Labastie Volker Lendecke Jan iankko Lieskovsky Todd Lipcon Oliver Loch Kevin Longfellow Jon Looney Nuno Lopes Ryan Lynch Roland Mainz Andrei Maslennikov Michael Mattioli Nathaniel McCallum Greg McClement Cameron Meadors Alexey Melnikov Franklyn Mendez Markus Moeller Kyle Moffett Paul Moore Keiichi Mori Michael Morony Zbysek Mraz Edward Murrell Nikos Nikoleris Felipe Ortega Michael Osipov Andrej Ota Dmitri Pal Javier Palacios Tom Parker Ezra Peisach Zoran Pericic W. Michael Petullo Mark Phalan Brett Randall Jonathan Reams Jonathan Reed Robert Relyea Martin Rex Jason Rogers Matt Rogers Nate Rosenblum Solly Ross Mike Roszkowski Guillaume Rousse Andreas Schneider Tom Shaw Jim Shi Peter Shoults Simo Sorce Michael Spang Michael Ströder Bjørn Tore Sund Joe Travaglini Tim Uglow Rathor Vipin Denis Vlasenko Jorgen Wahlsten Stef Walter Max (Weijun) Wang John Washington Stef Walter Xi Wang Kevin Wasserman Margaret Wasserman Marcus Watts Andreas Wiese Simon Wilkinson Nicolas Williams Ross Wilper Augustin Wolf David Woodhouse Tsu-Phong Wu Xu Qiang Neng Xue Zhaomo Yang Nickolai Zeldovich Hanz van Zijst Gertjan Zwartjes The above is not an exhaustive list; many others have contributed in various ways to the MIT Kerberos development effort over the years. Other acknowledgments (for bug reports and patches) are in the doc/CHANGES file. ======================================================================== * krb5 src/appl/gss-sample/README ======================================================================== # Copyright 1993 by OpenVision Technologies, Inc. # # Permission to use, copy, modify, distribute, and sell this software # and its documentation for any purpose is hereby granted without fee, # provided that the above copyright notice appears in all copies and # that both that copyright notice and this permission notice appear in # supporting documentation, and that the name of OpenVision not be used # in advertising or publicity pertaining to distribution of the software # without specific, written prior permission. OpenVision makes no # representations about the suitability of this software for any # purpose. It is provided "as is" without express or implied warranty. # # OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, # INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO # EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR # CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF # USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR # OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. This directory contains a sample GSS-API client and server application. In addition to serving as an example of GSS-API programming, this application is also intended to be a tool for testing the performance of GSS-API implementations. Each time the client is invoked, it performs one or more exchanges with the server. Each exchange with the server consists primarily of the following steps: 1. A TCP/IP connection is established. 2. (optional, on by default) The client and server establish a GSS-API context, and the server prints the identify of the client. / 3. The client sends a message to the server. The message may / be plaintext, cryptographically "signed" but not encrypted, | or encrypted (default). | 0 or | 4. The server decrypts the message (if necessary), verifies more | its signature (if there is one) and prints it. times| | 5. The server sends either a signature block (the default) or an | empty token back to the client to acknowledge the message. \ \ 6. If the server sent a signature block, the client verifies it and prints a message indicating that it was verified. 7. The client sends an empty block to the server to tell it that the exchange is finished. 8. The client and server close the TCP/IP connection and destroy the GSS-API context. The client also supports the -v1 flag which uses an older exchange format compatible with previous releases of Kerberos and with samples shipped in the Microsoft SDK. The server's command line usage is gss-server [-port port] [-verbose] [-once] [-inetd] [-export] [-logfile file] service_name where service_name is a GSS-API service name of the form "service@host" (or just "service", in which case the local host name is used). The command-line options have the following meanings: -port The TCP port on which to accept connections. Default is 4444. -once Tells the server to exit after a single exchange, rather than persisting. -inetd Tells the server that it is running out of inetd, so it should interact with the client on stdin rather than binding to a network port. Implies "-once". -export Tells the server to test the gss_export_sec_context function after establishing a context with a client. -logfile The file to which the server should append its output, rather than sending it to stdout. The client's command line usage is gss-client [-port port] [-mech mechanism] [-d] [-f] [-q] [-seq] [-noreplay] [-nomutual] [-dce] [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm] host service_name msg where host is the host running the server, service_name is the service name that the server will establish connections as (if you don't specify the host name in the service name when running gss-server, and it's running on a different machine from gss-client, make sure to specify the server's host name in the service name you specify to gss-client!) and msg is the message. The command-line options have the following meanings: -port The TCP port to which to connect. Default is 4444. -mech The OID of the GSS-API mechanism to use. -d Tells the client to delegate credentials to the server. For the Kerberos GSS-API mechanism, this means that a forwardable TGT will be sent to the server, which will put it in its credential cache (you must have acquired your tickets with "kinit -f" for this to work). -seq Tells the client to enforce ordered message delivery via sequencing. -noreplay Tells the client to disable the use of replay detection. -dce Tells the client to request DCE-style authentication. -nomutual Tells the client to disable the use of mutual authentication. -f Tells the client that the "msg" argument is actually the name of a file whose contents should be used as the message. -q Tells the client to be quiet, i.e., to only print error messages. -ccount Specifies how many sessions the client should initiate with the server (the "connection count"). -mcount Specifies how many times the message should be sent to the server in each session (the "message count"). -na Tells the client not to do any authentication with the server. Implies "-nw", "-nx" and "-nm". -nw Tells the client not to "wrap" messages. Implies "-nx". -nx Tells the client not to encrypt messages. -nm Tells the client not to ask the server to send back a cryptographic checksum ("MIC"). To run the server on a host, you need to make sure that the principal corresponding to service_name is in the default keytab on the server host, and that the gss-server process can read the keytab. For example, the service name "host@server" corresponds to the Kerberos principal "host/server.domain.com@REALM". This sample application uses the following GSS-API functions: gss_accept_sec_context gss_inquire_names_for_mech gss_acquire_cred gss_oid_to_str gss_delete_sec_context gss_release_buffer gss_display_name gss_release_cred gss_display_status gss_release_name gss_export_sec_context gss_release_oid gss_get_mic gss_release_oid_set gss_import_name gss_str_to_oid gss_import_sec_context gss_unwrap gss_init_sec_context gss_verify_mic gss_inquire_context gss_wrap This application was originally written by Barry Jaspan of OpenVision Technologies, Inc. It was updated significantly by Jonathan Kamens of OpenVision Technologies, Inc. $Id$ ======================================================================== * krb5 src/lib/krb5/rcache/README ======================================================================== /* Copyright 1990, Daniel J. Bernstein. All rights reserved. Please address any questions or comments to the author at brnstnd@acf10.nyu.edu. */ The #include's should be rewritten. All functions return 0 on success. Environment variables: KRB5RCACHETYPE, KRB5RCACHENAME, KRB5RCACHEDIR, and TMPDIR. Obsolete: KRB5RCACHE. All header files are both ANSI-compatible and K&R-compatible. The .c files are only ANSI compatible. Everything passes gcc -Wall -ansi -pedantic. Strings are freed using FREE(), which is defined in terms of free(). The error header files should be redone. The header files don't use __ because that's reserved. Each .c file assumes . rc_io.c assumes fsync() and a gaggle of error codes. These assumptions are not as portable as the code itself. rcache.c: The rcache.c compatibility interface's type registration is a no-op; it simply passes the type name on to rc_base.h. rcache.h is obsolete; use rc_base.h if possible. There are some slight differences between rcache.c and the prototypes I saw in krb/func-proto.h. Don't look at me, it's your interface. rcache.c's get_name doesn't fill with zeros unless strncpy does. rc_base.c: It doesn't take linker magic to preregister types. Just change the typehead initialization in rc_base.c, with an appropriate include file setting the ops. rc_dfl.c: If NOIOSTUFF is defined when rc_dfl.c is compiled, all dfl rcaches will be per-process. This is untested. Provided that separate threads use separate rcaches, rc_dfl.c is safe for multithreading. Getting the name of a cache is only valid after it is created and before it is closed. Recovering a cache is only valid after it has been created. krb5_unparse_name had better produce a zero-terminated string. rc_dfl.c isn't smart enough to try expunge/retry upon a malloc error. Then again, such an error indicates that the whole system's about to die; without real memory management there's no good solution. HASHSIZE can be defined at compile time. It defaults to 997 in rc_dfl.c. EXCESSREPS can be defined at compile time. It defaults to 30 in rc_dfl.c. Hopefully adding a deltat to a time to compare to another time cannot overflow. In rc_dfl's struct dfl_data, the name field is never freed, even though it may be malloced by io_creat on a generate-name call. This should not be a problem: a single process should not be opening and closing many rcaches. One fix would be another field to indicate whether the string was malloced or not; normally this is an unstated characteristic of a char pointer, but here it would have to be explicit. rc_io.c: rc_io.c assumes that siginterrupt() is not set. If siginterrupt() is set and a signal occurs during, say, close(), then the close will fail. On a machine without fsync() you might as well not use the disk at all. ======================================================================== * krb5 src/lib/krb5/unicode/ucdata/README ======================================================================== # # $Id: README,v 1.33 2001/01/02 18:46:19 mleisher Exp $ # MUTT UCData Package 2.5 ----------------------- This is a package that supports ctype-like operations for Unicode UCS-2 text (and surrogates), case mapping, decomposition lookup, and provides a bidirectional reordering algorithm. To use it, you will need to get the latest "UnicodeData-*.txt" (or later) file from the Unicode Web or FTP site. The character information portion of the package consists of three parts: 1. A program called "ucgendat" which generates five data files from the UnicodeData-*.txt file. The files are: A. case.dat - the case mappings. B. ctype.dat - the character property tables. C. comp.dat - the character composition pairs. D. decomp.dat - the character decompositions. E. cmbcl.dat - the non-zero combining classes. F. num.dat - the codes representing numbers. 2. The "ucdata.[ch]" files which implement the functions needed to check to see if a character matches groups of properties, to map between upper, lower, and title case, to look up the decomposition of a character, look up the combining class of a character, and get the number value of a character. 3. The UCData.java class which provides the same API (with minor changes for the numbers) and loads the same binary data files as the C code. A short reference to the functions available is in the "api.txt" file. Techie Details ============== The "ucgendat" program parses files from the command line which are all in the Unicode Character Database (UCDB) format. An additional properties file, "MUTTUCData.txt", provides some extra properties for some characters. The program looks for the two character properties fields (2 and 4), the combining class field (3), the decomposition field (5), the numeric value field (8), and the case mapping fields (12, 13, and 14). The decompositions are recursively expanded before being written out. The decomposition table contains all the canonical decompositions. This means all decompositions that do not have tags such as "" or "". The data is almost all stored as unsigned longs (32-bits assumed) and the routines that load the data take care of endian swaps when necessary. This also means that supplementary characters (>= 0x10000) can be placed in the data files the "ucgendat" program parses. The data is written as external files and broken into six parts so it can be selectively updated at runtime if necessary. The data files currently generated from the "ucgendat" program total about 56K in size all together. The format of the binary data files is documented in the "format.txt" file. ========================================================================== The "Pretty Good Bidi Algorithm" -------------------------------- This routine provides an alternative to the Unicode Bidi algorithm. The difference is that this version of the PGBA does not handle the explicit directional codes (LRE, RLE, LRO, RLO, PDF). It should now produce the same results as the Unicode BiDi algorithm for implicit reordering. Included are functions for doing cursor motion in both logical and visual order. This implementation is provided to demonstrate an effective alternate method for implicit reordering. To make this useful for an application, it probably needs some changes to the memory allocation and deallocation, as well as data structure additions for rendering. Mark Leisher 19 November 1999 ----------------------------------------------------------------------------- CHANGES ======= Version 2.5 ----------- 1. Changed the number lookup to set the denominator to 1 in cases of digits. This restores functional compatibility with John Cowan's UCType package. 2. Added support for the AL property. 3. Modified load and reload functions to return error codes. Version 2.4 ----------- 1. Improved some bidi algorithm documentation in the code. 2. Fixed a code mixup that produced a non-working version. Version 2.3 ----------- 1. Fixed a misspelling in the ucpgba.h header file. 2. Fixed a bug which caused trailing weak non-digit sequences to be left out of the reordered string in the bidi algorithm. 3. Fixed a problem with weak sequences containing non-spacing marks in the bidi algorithm. 4. Fixed a problem with text runs of the opposite direction of the string surrounding a weak + neutral text run appearing in the wrong order in the bidi algorithm. 5. Added a default overall direction parameter to the reordering function for cases of strings with no strong directional characters in the bidi algorithm. 6. The bidi API documentation was improved. 7. Added a man page for the bidi API. Version 2.2 ----------- 1. Fixed a problem with the bidi algorithm locating directional section boundaries. 2. Fixed a problem with the bidi algorithm starting the reordering correctly. 3. Fixed a problem with the bidi algorithm determining end boundaries for LTR segments. 4. Fixed a problem with the bidi algorithm reordering weak (digits and number separators) segments. 5. Added automatic switching of symmetrically paired characters when reversing RTL segments. 6. Added a missing symmetric character to the extra character properties in MUTTUCData.txt. 7. Added support for doing logical and visual cursor traversal. Version 2.1 ----------- 1. Updated the ucgendat program to handle the Unicode 3.0 character database properties. The AL and BM bidi properties gets marked as strong RTL and Other Neutral, the NSM, LRE, RLE, PDF, LRO, and RLO controls all get marked as Other Neutral. 2. Fixed some problems with testing against signed values in the UCData.java code and some minor cleanup. 3. Added the "Pretty Good Bidi Algorithm." Version 2.0 ----------- 1. Removed the old Java stuff for a new class that loads directly from the same data files as the C code does. 2. Fixed a problem with choosing the correct field when mapping case. 3. Adjust some search routines to start their search in the correct position. 4. Moved the copyright year to 1999. Version 1.9 ----------- 1. Fixed a problem with an incorrect amount of storage being allocated for the combining class nodes. 2. Fixed an invalid initialization in the number code. 3. Changed the Java template file formatting a bit. 4. Added tables and function for getting decompositions in the Java class. Version 1.8 ----------- 1. Fixed a problem with adding certain ranges. 2. Added two more macros for testing for identifiers. 3. Tested with the UnicodeData-2.1.5.txt file. Version 1.7 ----------- 1. Fixed a problem with looking up decompositions in "ucgendat." Version 1.6 ----------- 1. Added two new properties introduced with UnicodeData-2.1.4.txt. 2. Changed the "ucgendat.c" program a little to automatically align the property data on a 4-byte boundary when new properties are added. 3. Changed the "ucgendat.c" programs to only generate canonical decompositions. 4. Added two new macros ucisinitialpunct() and ucisfinalpunct() to check for initial and final punctuation characters. 5. Minor additions and changes to the documentation. Version 1.5 ----------- 1. Changed all file open calls to include binary mode with "b" for DOS/WIN platforms. 2. Wrapped the unistd.h include so it won't be included when compiled under Win32. 3. Fixed a bad range check for hex digits in ucgendat.c. 4. Fixed a bad endian swap for combining classes. 5. Added code to make a number table and associated lookup functions. Functions added are ucnumber(), ucdigit(), and ucgetnumber(). The last function is to maintain compatibility with John Cowan's "uctype" package. Version 1.4 ----------- 1. Fixed a bug with adding a range. 2. Fixed a bug with inserting a range in order. 3. Fixed incorrectly specified ucisdefined() and ucisundefined() macros. 4. Added the missing unload for the combining class data. 5. Fixed a bad macro placement in ucisweak(). Version 1.3 ----------- 1. Bug with case mapping calculations fixed. 2. Bug with empty character property entries fixed. 3. Bug with incorrect type in the combining class lookup fixed. 4. Some corrections done to api.txt. 5. Bug in certain character property lookups fixed. 6. Added a character property table that records the defined characters. 7. Replaced ucisunknown() with ucisdefined() and ucisundefined(). Version 1.2 ----------- 1. Added code to ucgendat to generate a combining class table. 2. Fixed an endian problem with the byte count of decompositions. 3. Fixed some minor problems in the "format.txt" file. 4. Removed some bogus "Ss" values from MUTTUCData.txt file. 5. Added API function to get combining class. 6. Changed the open mode to "rb" so binary data files will be opened correctly on DOS/WIN as well as other platforms. 7. Added the "api.txt" file. Version 1.1 ----------- 1. Added ucisxdigit() which I overlooked. 2. Added UC_LT to the ucisalpha() macro which I overlooked. 3. Change uciscntrl() to include UC_CF. 4. Added ucisocntrl() and ucfntcntrl() macros. 5. Added a ucisblank() which I overlooked. 6. Added missing properties to ucissymbol() and ucisnumber(). 7. Added ucisgraph() and ucisprint(). 8. Changed the "Mr" property to "Sy" to mark this subset of mirroring characters as symmetric to avoid trampling the Unicode/ISO10646 sense of mirroring. 9. Added another property called "Ss" which includes control characters traditionally seen as spaces in the isspace() macro. 10. Added a bunch of macros to be API compatible with John Cowan's package. ACKNOWLEDGEMENTS ================ Thanks go to John Cowan for pointing out lots of missing things and giving me stuff, particularly a bunch of new macros. Thanks go to Bob Verbrugge for pointing out various bugs. Thanks go to Christophe Pierret for pointing out that file modes need to have "b" for DOS/WIN machines, pointing out unistd.h is not a Win 32 header, and pointing out a problem with ucisalnum(). Thanks go to Kent Johnson for finding a bug that caused incomplete decompositions to be generated by the "ucgendat" program. Thanks go to Valeriy E. Ushakov for spotting an allocation error and an initialization error. Thanks go to Stig Venaas for providing a patch to support return types on load and reload, and for major updates to handle canonical composition and decomposition. ======================================================================== * krb5 src/lib/krb5/unicode/ure/README ======================================================================== # # $Id: README,v 1.3 1999/09/21 15:47:43 mleisher Exp $ # # Copyright 1997, 1998, 1999 Computing Research Labs, # New Mexico State University # # Permission is hereby granted, free of charge, to any person obtaining a # copy of this software and associated documentation files (the "Software"), # to deal in the Software without restriction, including without limitation # the rights to use, copy, modify, merge, publish, distribute, sublicense, # and/or sell copies of the Software, and to permit persons to whom the # Software is furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL # THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT # OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR # THE USE OR OTHER DEALINGS IN THE SOFTWARE. # Unicode and Regular Expressions Version 0.5 This is a simple regular expression package for matching against Unicode text in UCS2 form. The implementation of this URE package is a variation on the RE->DFA algorithm done by Mark Hopkins (markh@csd4.csd.uwm.edu). Mark Hopkins' algorithm had the virtue of being very simple, so it was used as a model. --------------------------------------------------------------------------- Assumptions: o Regular expression and text already normalized. o Conversion to lower case assumes a 1-1 mapping. Definitions: Separator - any one of U+2028, U+2029, '\n', '\r'. Operators: . - match any character. * - match zero or more of the last subexpression. + - match one or more of the last subexpression. ? - match zero or one of the last subexpression. () - subexpression grouping. Notes: o The "." operator normally does not match separators, but a flag is available for the ure_exec() function that will allow this operator to match a separator. Literals and Constants: c - literal UCS2 character. \x.... - hexadecimal number of up to 4 digits. \X.... - hexadecimal number of up to 4 digits. \u.... - hexadecimal number of up to 4 digits. \U.... - hexadecimal number of up to 4 digits. Character classes: [...] - Character class. [^...] - Negated character class. \pN1,N2,...,Nn - Character properties class. \PN1,N2,...,Nn - Negated character properties class. POSIX character classes recognized: :alnum: :alpha: :cntrl: :digit: :graph: :lower: :print: :punct: :space: :upper: :xdigit: Notes: o Character property classes are \p or \P followed by a comma separated list of integers between 1 and 32. These integers are references to the following character properties: N Character Property -------------------------- 1 _URE_NONSPACING 2 _URE_COMBINING 3 _URE_NUMDIGIT 4 _URE_NUMOTHER 5 _URE_SPACESEP 6 _URE_LINESEP 7 _URE_PARASEP 8 _URE_CNTRL 9 _URE_PUA 10 _URE_UPPER 11 _URE_LOWER 12 _URE_TITLE 13 _URE_MODIFIER 14 _URE_OTHERLETTER 15 _URE_DASHPUNCT 16 _URE_OPENPUNCT 17 _URE_CLOSEPUNCT 18 _URE_OTHERPUNCT 19 _URE_MATHSYM 20 _URE_CURRENCYSYM 21 _URE_OTHERSYM 22 _URE_LTR 23 _URE_RTL 24 _URE_EURONUM 25 _URE_EURONUMSEP 26 _URE_EURONUMTERM 27 _URE_ARABNUM 28 _URE_COMMONSEP 29 _URE_BLOCKSEP 30 _URE_SEGMENTSEP 31 _URE_WHITESPACE 32 _URE_OTHERNEUT o Character classes can contain literals, constants, and character property classes. Example: [abc\U10A\p1,3,4] --------------------------------------------------------------------------- Before using URE ---------------- Before URE is used, two functions need to be created. One to check if a character matches a set of URE character properties, and one to convert a character to lower case. Stubs for these function are located in the urestubs.c file. Using URE --------- Sample pseudo-code fragment. ure_buffer_t rebuf; ure_dfa_t dfa; ucs2_t *re, *text; unsigned long relen, textlen; unsigned long match_start, match_end; /* * Allocate the dynamic storage needed to compile regular expressions. */ rebuf = ure_buffer_create(); for each regular expression in a list { re = next regular expression; relen = length(re); /* * Compile the regular expression with the case insensitive flag * turned on. */ dfa = ure_compile(re, relen, 1, rebuf); /* * Look for the first match in some text. The matching will be done * in a case insensitive manner because the expression was compiled * with the case insensitive flag on. */ if (ure_exec(dfa, 0, text, textlen, &match_start, &match_end)) printf("MATCH: %ld %ld\n", match_start, match_end); /* * Look for the first match in some text, ignoring non-spacing * characters. */ if (ure_exec(dfa, URE_IGNORE_NONSPACING, text, textlen, &match_start, &match_end)) printf("MATCH: %ld %ld\n", match_start, match_end); /* * Free the DFA. */ ure_free_dfa(dfa); } /* * Free the dynamic storage used for compiling the expressions. */ ure_free_buffer(rebuf); --------------------------------------------------------------------------- Mark Leisher 29 March 1997 =========================================================================== CHANGES ------- Version: 0.5 Date : 21 September 1999 ========================== 1. Added copyright stuff and put in CVS. ======================================================================== * krb5 src/lib/krb5/unicode/utbm/README ======================================================================== # # $Id: README,v 1.1 1999/09/21 15:45:17 mleisher Exp $ # # Copyright 1997, 1998, 1999 Computing Research Labs, # New Mexico State University # # Permission is hereby granted, free of charge, to any person obtaining a # copy of this software and associated documentation files (the "Software"), # to deal in the Software without restriction, including without limitation # the rights to use, copy, modify, merge, publish, distribute, sublicense, # and/or sell copies of the Software, and to permit persons to whom the # Software is furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL # THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT # OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR # THE USE OR OTHER DEALINGS IN THE SOFTWARE. # Unicode and Boyer-Moore Searching Version 0.2 UTBM (Unicode Tuned Boyer-Moore) is a simple package that provides tuned Boyer-Moore searches on Unicode UCS2 text (handles high and low surrogates). --------------------------------------------------------------------------- Assumptions: o Search pattern and text already normalized in some fasion. o Upper, lower, and title case conversions are one-to-one. o For conversions between upper, lower, and title case, UCS2 characters always convert to other UCS2 characters, and UTF-16 characters always convert to other UTF-16 characters. Flags: UTBM provides three processing flags: o UTBM_CASEFOLD - search in a case-insensitive manner. o UTBM_IGNORE_NONSPACING - ignore non-spacing characters in the pattern and the text. o UTBM_SPACE_COMPRESS - view as a *single space*, sequential groups of U+2028, U+2029, '\n', '\r', '\t', and any character identified as a space by the Unicode support on the platform. This flag also causes all characters identified as control by the Unicode support on the platform to be ignored (except for '\n', '\r', and '\t'). --------------------------------------------------------------------------- Before using UTBM ----------------- Before UTBM is used, some functions need to be created. The "utbmstub.c" file contains stubs that need to be rewritten so they work with the Unicode support on the platform on which this package is being used. Using UTBM ---------- Sample pseudo-code fragment. utbm_pattern_t pat; ucs2_t *pattern, *text; unsigned long patternlen, textlen; unsigned long flags, match_start, match_end; /* * Allocate the dynamic storage needed for a search pattern. */ pat = utbm_create_pattern(); /* * Set the search flags desired. */ flags = UTBM_CASEFOLD|UTBM_IGNORE_NONSPACING; /* * Compile the search pattern. */ utbm_compile(pattern, patternlen, flags, pat); /* * Find the first occurance of the search pattern in the text. */ if (utbm_exec(pat, text, textlen, &match_start, &match_end)) printf("MATCH: %ld %ld\n", match_start, match_end); /* * Free the dynamic storage used for the search pattern. */ ure_free_pattern(pat); --------------------------------------------------------------------------- Mark Leisher 2 May 1997 =========================================================================== CHANGES ------- Version: 0.2 Date : 21 September 1999 ========================== 1. Added copyright stuff and put in CVS. ======================================================================== * krb5 doc/copyright.rst, doc/html/_sources/copyright.txt ======================================================================== Copyright ========= Copyright |copy| 1985-2017 by the Massachusetts Institute of Technology and its contributors. All rights reserved. See :ref:`mitK5license` for additional copyright and license information. ======================================================================== * krb5 src/lib/gssapi/LICENSE ======================================================================== [ NOTE: MIT has only incorporated the mechglue and spnego change, and not the incremental propagation changes. The filenames are different between the Sun and MIT sources. The actual MIT filenames appear in the top-level README file. Original text of Sun's LICENSE file follows. ] Subject to the license set forth below, Sun Microsystems, Inc. donates the attached files to MIT for the purpose of including these modifications and additions in future versions of the Kerberos system. Many of the files attached are subject to licenses issued by other entities, including OpenVision, MIT, and FundsXpress. See the individual files, and/or related Readme files, for these licenses. In addition Sun requires that the license set forth below be incorporated into any future version of the Kerberos system which contains portions of the files attached. The following files must be listed, in the top level Readme file, as being provided subject to such license: cmd/krb5/iprop/iprop.x cmd/krb5/iprop/iprop_hdr.h cmd/krb5/kadmin/server/ipropd_svc.c cmd/krb5/kproplog/kproplog.c cmd/krb5/slave/kpropd_rpc.c lib/gss_mechs/mech_krb5/et/kdb5_err.c lib/gss_mechs/mech_spnego/mech/gssapiP_spnego.h lib/gss_mechs/mech_spnego/mech/spnego_mech.c lib/krb5/kadm5/kadm_host_srv_names.c lib/krb5/kdb/kdb_convert.c lib/krb5/kdb/kdb_hdr.h lib/krb5/kdb/kdb_log.c lib/krb5/kdb/kdb_log.h lib/libgss/g_accept_sec_context.c lib/libgss/g_acquire_cred.c lib/libgss/g_canon_name.c lib/libgss/g_compare_name.c lib/libgss/g_context_time.c lib/libgss/g_delete_sec_context.c lib/libgss/g_dsp_name.c lib/libgss/g_dsp_status.c lib/libgss/g_dup_name.c lib/libgss/g_exp_sec_context.c lib/libgss/g_export_name.c lib/libgss/g_glue.c lib/libgss/g_imp_name.c lib/libgss/g_imp_sec_context.c lib/libgss/g_init_sec_context.c lib/libgss/g_initialize.c lib/libgss/g_inquire_context.c lib/libgss/g_inquire_cred.c lib/libgss/g_inquire_names.c lib/libgss/g_process_context.c lib/libgss/g_rel_buffer.c lib/libgss/g_rel_cred.c lib/libgss/g_rel_name.c lib/libgss/g_rel_oid_set.c lib/libgss/g_seal.c lib/libgss/g_sign.c lib/libgss/g_store_cred.c lib/libgss/g_unseal.c lib/libgss/g_userok.c lib/libgss/g_utils.c lib/libgss/g_verify.c lib/libgss/gssd_pname_to_uid.c uts/common/gssapi/include/gssapi_err_generic.h uts/common/gssapi/include/mechglueP.h Sun's License is as follows: Copyright (c) 2004 Sun Microsystems, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ======================================================================== * nss_wrapper/COPYING ======================================================================== Copyright (C) Stefan Metzmacher 2007 Copyright (C) Guenther Deschner 2009 Copyright (C) Andreas Schneider 2013 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ======================================================================== * nss_wrapper/cmake/Modules/COPYING-CMAKE-SCRIPTS, socket_wrapper/cmake/Modules/COPYING-CMAKE-SCRIPTS ======================================================================== Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ======================================================================== * socket_wrapper/COPYING ======================================================================== Copyright (C) Jelmer Vernooij 2005,2008 Copyright (C) Stefan Metzmacher 2006-2009 Copyright (C) Andreas Schneider 2013 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.