- Flatten the vendor heimdal tree.

1 files changed, 0 insertions, 802 deletions

diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS
deleted file mode 100644
index f050427..0000000
--- a/crypto/heimdal/NEWS
+++ /dev/null
@@ -1,802 +0,0 @@
-Changes in release 1.1
-
- * Read-only PKCS11 provider built-in to hx509.
-
- * Documentation for hx509, hcrypto and ntlm libraries improved.
-
- * Better compatibilty with Windows 2008 Server pre-releases and Vista.
-
- * Mac OS X 10.5 support for native credential cache.
-
- * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
-
- * Bug fixes.
-
-Changes in release 1.0.2
-
-* Ubuntu packages.
-
-* Bug fixes.
-
-Changes in release 1.0.1
-
- * Serveral bug fixes to iprop.
-
- * Make work on platforms without dlopen.
-
- * Add RFC3526 modp group14 as default.
-
- * Handle [kdc] database = { } entries without realm = stanzas.
-
- * Make krb5_get_renewed_creds work.
-
- * Make kaserver preauth work again.
-
- * Bug fixes.
-
-Changes in release 1.0
-
- * Add gss_pseudo_random() for mechglue and krb5.
-
- * Make session key for the krbtgt be selected by the best encryption
-   type of the client.
-
- * Better interoperability with other PK-INIT implementations.
-
- * Inital support for Mac OS X Keychain for hx509.
-
- * Alias support for inital ticket requests.
-
- * Add symbol versioning to selected libraries on platforms that uses
-   GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
-
- * New version of imath included in hcrypto.
-
- * Fix memory leaks.
-
- * Bugs fixes.
-
-Changes in release 0.8.1
-
- * Make ASN.1 library less paranoid to with regard to NUL in string to
-   make it inter-operate with MIT Kerberos again.
-
- * Make GSS-API library work again when using gss_acquire_cred
-
- * Add symbol versioning to libgssapi when using GNU ld.
-
- * Fix memory leaks 
-
- * Bugs fixes
-
-Changes in release 0.8
-
- * PK-INIT support.
-
- * HDB extensions support, used by PK-INIT.
-
- * New ASN.1 compiler.
-
- * GSS-API mechglue from FreeBSD.
-
- * Updated SPNEGO to support RFC4178.
-
- * Support for Cryptosystem Negotiation Extension (RFC 4537).
-
- * A new X.509 library (hx509) and related crypto functions.
-
- * A new ntlm library (heimntlm) and related crypto functions.
-
- * Updated the built-in crypto library with bignum support using
-   imath, support for RSA and DH and renamed it to libhcrypto.
-
- * Subsystem in the KDC, digest, that will perform the digest
-   operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
-   DIGEST-MD5 NTLMv1 and NTLMv2.
-
- * KDC will return the "response too big" error to force TCP retries
-   for large (default 1400 bytes) UDP replies.  This is common for
-   PK-INIT requests.
-
- * Libkafs defaults to use 2b tokens.
-
- * Default to use the API cache on Mac OS X.
-
- * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
-   see manpage for krb5_kuserok for description.
-
- * Many, many, other updates to code and info manual and manual pages.
-
- * Bug fixes
-
-Changes in release 0.7.2
-
-* Fix security problem in rshd that enable an attacker to overwrite
-  and change ownership of any file that root could write.
-
-* Fix a DOS in telnetd. The attacker could force the server to crash
-  in a NULL de-reference before the user logged in, resulting in inetd
-  turning telnetd off because it forked too fast.
-
-* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
-  exists in the keytab before returning success. This allows servers
-  to check if its even possible to use GSSAPI.
-
-* Fix receiving end of token delegation for GSS-API. It still wrongly
-  uses subkey for sending for compatibility reasons, this will change
-  in 0.8.
-
-* telnetd, login and rshd are now more verbose in logging failed and
-  successful logins.
-
-* Bug fixes
-
-Changes in release 0.7.1
-
-* Bug fixes
-
-Changes in release 0.7
-
- * Support for KCM, a process based credential cache
-
- * Support CCAPI credential cache
-
- * SPNEGO support
-
- * AES (and the gssapi conterpart, CFX) support
-
- * Adding new and improve old documentation
-
- * Bug fixes
-
-Changes in release 0.6.6
-
-* Fix security problem in rshd that enable an attacker to overwrite
-  and change ownership of any file that root could write.
-
-* Fix a DOS in telnetd. The attacker could force the server to crash
-  in a NULL de-reference before the user logged in, resulting in inetd
-  turning telnetd off because it forked too fast.
-
-Changes in release 0.6.5
-
- * fix vulnerabilities in telnetd
-
- * unbreak Kerberos 4 and kaserver
-
-Changes in release 0.6.4
-
- * fix vulnerabilities in telnet
-
- * rshd: encryption without a separate error socket should now work
-
- * telnet now uses appdefaults for the encrypt and forward/forwardable
-   settings
-
- * bug fixes
-
-Changes in release 0.6.3
-
- * fix vulnerabilities in ftpd
-
- * support for linux AFS /proc "syscalls"
-
- * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
-   kpasswdd
-
- * fix possible KDC denial of service
-
- * bug fixes
-
-Changes in release 0.6.2
-
- * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
-
-Changes in release 0.6.1
-
- * Fixed ARCFOUR suppport
-
- * Cross realm vulnerability
-
- * kdc: fix denial of service attack
-
- * kdc: stop clients from renewing tickets into the future
-
- * bug fixes
-	
-Changes in release 0.6
-
-* The DES3 GSS-API mechanism has been changed to inter-operate with
-  other GSSAPI implementations. See man page for gssapi(3) how to turn
-  on generation of correct MIC messages. Next major release of heimdal 
-  will generate correct MIC by default.
-
-* More complete GSS-API support
-
-* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
-  support in applications no longer requires Kerberos 4 libs
-
-* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
-
-* other bug fixes
-
-Changes in release 0.5.2
-
- * kdc: add option for disabling v4 cross-realm (defaults to off)
-
- * bug fixes
-
-Changes in release 0.5.1
-
- * kadmind: fix remote exploit
-
- * kadmind: add option to disable kerberos 4
-
- * kdc: make sure kaserver token life is positive
-
- * telnet: use the session key if there is no subkey
-
- * fix EPSV parsing in ftp
-
- * other bug fixes
-
-Changes in release 0.5
-
- * add --detach option to kdc
-
- * allow setting forward and forwardable option in telnet from
-   .telnetrc, with override from command line
-
- * accept addresses with or without ports in krb5_rd_cred
-
- * make it work with modern openssl
-
- * use our own string2key function even with openssl (that handles weak
-   keys incorrectly)
-
- * more system-specific requirements in login
-
- * do not use getlogin() to determine root in su
-
- * telnet: abort if telnetd does not support encryption
-
- * update autoconf to 2.53
-
- * update config.guess, config.sub
-
- * other bug fixes
-
-Changes in release 0.4e
-
- * improve libcrypto and database autoconf tests
-
- * do not care about salting of server principals when serving v4 requests
-
- * some improvements to gssapi library
-
- * test for existing compile_et/libcom_err
-
- * portability fixes
-
- * bug fixes
-
-Changes in release 0.4d
-
- * fix some problems when using libcrypto from openssl
-
- * handle /dev/ptmx `unix98' ptys on Linux
-
- * add some forgotten man pages
-
- * rsh: clean-up and add man page
-
- * fix -A and -a in builtin-ls in tpd
-
- * fix building problem on Irix
-
- * make `ktutil get' more efficient
-
- * bug fixes
-
-Changes in release 0.4c
-
- * fix buffer overrun in telnetd
-
- * repair some of the v4 fallback code in kinit
-
- * add more shared library dependencies
-
- * simplify and fix hprop handling of v4 databases
-
- * fix some building problems (osf's sia and osfc2 login)
-
- * bug fixes
-
-Changes in release 0.4b
-
- * update the shared library version numbers correctly
-
-Changes in release 0.4a
-
- * corrected key used for checksum in mk_safe, unfortunately this
-   makes it backwards incompatible
-
- * update to autoconf 2.50, libtool 1.4
-
- * re-write dns/config lookups (krb5_krbhst API)
-
- * make order of using subkeys consistent
-
- * add man page links
-
- * add more man pages
-
- * remove rfc2052 support, now only rfc2782 is supported
-
- * always build with kaserver protocol support in the KDC (assuming
-   KRB4 is enabled) and support for reading kaserver databases in
-   hprop
-
-Changes in release 0.3f
-
- * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
-   the new keytab type that tries both of these in order (SRVTAB is
-   also an alias for krb4:)
-
- * improve error reporting and error handling (error messages should
-   be more detailed and more useful)
-
- * improve building with openssl
-
- * add kadmin -K, rcp -F 
-
- * fix two incorrect weak DES keys
-
- * fix building of kaserver compat in KDC
-
- * the API is closer to what MIT krb5 is using
-
- * more compatible with windows 2000
-
- * removed some memory leaks
-
- * bug fixes
-
-Changes in release 0.3e
-
- * rcp program included
-
- * fix buffer overrun in ftpd
-
- * handle omitted sequence numbers as zeroes to handle MIT krb5 that
-   cannot generate zero sequence numbers
-
- * handle v4 /.k files better
-
- * configure/portability fixes
-
- * fixes in parsing of options to kadmin (sub-)commands
-
- * handle errors in kadmin load better
-
- * bug fixes
-
-Changes in release 0.3d
-
- * add krb5-config
-
- * fix a bug in 3des gss-api mechanism, making it compatible with the
-   specification and the MIT implementation
-
- * make telnetd only allow a specific list of environment variables to
-   stop it from setting `sensitive' variables
-
- * try to use an existing libdes
-
- * lib/krb5, kdc: use correct usage type for ap-req messages.  This
-   should improve compatability with MIT krb5 when using 3DES
-   encryption types
-
- * kdc: fix memory allocation problem
-
- * update config.guess and config.sub
-
- * lib/roken: more stuff implemented
-
- * bug fixes and portability enhancements
-
-Changes in release 0.3c
-
- * lib/krb5: memory caches now support the resolve operation
-
- * appl/login: set PATH to some sane default
-
- * kadmind: handle several realms
-
- * bug fixes (including memory leaks)
-
-Changes in release 0.3b
-
- * kdc: prefer default-salted keys on v5 requests
-
- * kdc: lowercase hostnames in v4 mode
-
- * hprop: handle more types of MIT salts
-
- * lib/krb5: fix memory leak
-
- * bug fixes
-
-Changes in release 0.3a:
-
- * implement arcfour-hmac-md5 to interoperate with W2K
-
- * modularise the handling of the master key, and allow for other
-   encryption types. This makes it easier to import a database from
-   some other source without having to re-encrypt all keys.
-
- * allow for better control over which encryption types are created
-
- * make kinit fallback to v4 if given a v4 KDC
-
- * make klist work better with v4 and v5, and add some more MIT
-   compatibility options
-
- * make the kdc listen on the krb524 (4444) port for compatibility
-   with MIT krb5 clients
-
- * implement more DCE/DFS support, enabled with --enable-dce, see
-   lib/kdfs and appl/dceutils
-
- * make the sequence numbers work correctly
-
- * bug fixes
-
-Changes in release 0.2t:
-
- * bug fixes
-
-Changes in release 0.2s:
-
- * add OpenLDAP support in hdb
-
- * login will get v4 tickets when it receives forwarded tickets
-
- * xnlock supports both v5 and v4
-
- * repair source routing for telnet
-
- * fix building problems with krb4 (krb_mk_req)
-
- * bug fixes
-
-Changes in release 0.2r:
-
- * fix realloc memory corruption bug in kdc
-
- * `add --key' and `cpw --key' in kadmin
-
- * klist supports listing v4 tickets
-
- * update config.guess and config.sub
-
- * make v4 -> v5 principal name conversion more robust
-
- * support for anonymous tickets
-
- * new man-pages
-
- * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
-
- * use and set expiration and not password expiration when dumping
-   to/from ka server databases / krb4 databases
-
- * make the code happier with 64-bit time_t
-
- * follow RFC2782 and by default do not look for non-underscore SRV names
-
-Changes in release 0.2q:
-
- * bug fix in tcp-handling in kdc
-
- * bug fix in expand_hostname
-
-Changes in release 0.2p:
-
- * bug fix in `kadmin load/merge'
-
- * bug fix in krb5_parse_address
-
-Changes in release 0.2o:
-
- * gss_{import,export}_sec_context added to libgssapi
-
- * new option --addresses to kdc (for listening on an explicit set of
-   addresses)
-
- * bug fixes in the krb4 and kaserver emulation part of the kdc
-
- * other bug fixes
-
-Changes in release 0.2n:
-
- * more robust parsing of dump files in kadmin
- * changed default timestamp format for log messages to extended ISO
-   8601 format (Y-M-DTH:M:S)
- * changed md4/md5/sha1 APIes to be de-facto `standard'
- * always make hostname into lower-case before creating principal
- * small bits of more MIT-compatability
- * bug fixes
-
-Changes in release 0.2m:
-
- * handle glibc's getaddrinfo() that returns several ai_canonname
-
- * new endian test
-
- * man pages fixes
-
-Changes in release 0.2l:
-
- * bug fixes
-
-Changes in release 0.2k:
-
- * better IPv6 test
-
- * make struct sockaddr_storage in roken work better on alphas
-
- * some missing [hn]to[hn]s fixed.
-
- * allow users to change their own passwords with kadmin (with initial
-   tickets)
-
- * fix stupid bug in parsing KDC specification
-
- * add `ktutil change' and `ktutil purge'
-
-Changes in release 0.2j:
-
- * builds on Irix
-
- * ftpd works in passive mode
-
- * should build on cygwin
-
- * work around broken IPv6-code on OpenBSD 2.6, also add configure
-   option --disable-ipv6
-
-Changes in release 0.2i:
-
- * use getaddrinfo in the missing places.
-
- * fix SRV lookup for admin server
-
- * use get{addr,name}info everywhere.  and implement it in terms of
-   getipnodeby{name,addr} (which uses gethostbyname{,2} and
-   gethostbyaddr)
-
-Changes in release 0.2h:
-
- * fix typo in kx (now compiles)
-
-Changes in release 0.2g:
-
- * lots of bug fixes:
-   * push works
-   * repair appl/test programs
-   * sockaddr_storage works on solaris (alignment issues)
-   * works better with non-roken getaddrinfo
-   * rsh works
-   * some non standard C constructs removed
-
-Changes in release 0.2f:
-
- * support SRV records for kpasswd
- * look for both _kerberos and krb5-realm when doing host -> realm mapping
-
-Changes in release 0.2e:
-
- * changed copyright notices to remove `advertising'-clause.
- * get{addr,name}info added to roken and used in the other code
-   (this makes things work much better with hosts with both v4 and v6
-    addresses, among other things)
- * do pre-auth for both password and key-based get_in_tkt
- * support for having several databases
- * new command `del_enctype' in kadmin
- * strptime (and new strftime) add to roken
- * more paranoia about finding libdb
- * bug fixes
-
-Changes in release 0.2d:
-
- * new configuration option [libdefaults]default_etypes_des
- * internal ls in ftpd builds without KRB4
- * kx/rsh/push/pop_debug tries v5 and v4 consistenly
- * build bug fixes
- * other bug fixes
-
-Changes in release 0.2c:
-
- * bug fixes (see ChangeLog's for details)
-
-Changes in release 0.2b:
-
- * bug fixes
- * actually bump shared library versions
-
-Changes in release 0.2a:
-
- * a new program verify_krb5_conf for checking your /etc/krb5.conf
- * add 3DES keys when changing password
- * support null keys in database
- * support multiple local realms
- * implement a keytab backend for AFS KeyFile's
- * implement a keytab backend for v4 srvtabs
- * implement `ktutil copy'
- * support password quality control in v4 kadmind
- * improvements in v4 compat kadmind
- * handle the case of having the correct cred in the ccache but with
-   the wrong encryption type better
- * v6-ify the remaining programs.
- * internal ls in ftpd
- * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
- * add `ank --random-password' and `cpw --random-password' in kadmin
- * some programs and documentation for trying to talk to a W2K KDC
- * bug fixes
-
-Changes in release 0.1m:
-
- * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
-   From Miroslav Ruda <ruda@ics.muni.cz>
- * v6-ify hprop and hpropd
- * support numeric addresses in krb5_mk_req
- * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
- * make rsh/rshd IPv6-aware
- * make the gssapi sample applications better at reporting errors
- * lots of bug fixes
- * handle systems with v6-aware libc and non-v6 kernels (like Linux
-   with glibc 2.1) better
- * hide failure of ERPT in ftp
- * lots of bug fixes
-
-Changes in release 0.1l:
-
- * make ftp and ftpd IPv6-aware
- * add inet_pton to roken
- * more IPv6-awareness
- * make mini_inetd v6 aware
-
-Changes in release 0.1k:
-
- * bump shared libraries versions
- * add roken version of inet_ntop
- * merge more changes to rshd
-
-Changes in release 0.1j:
-
- * restore back to the `old' 3DES code.  This was supposed to be done
-   in 0.1h and 0.1i but I did a CVS screw-up.
- * make telnetd handle v6 connections
-
-Changes in release 0.1i:
-
- * start using `struct sockaddr_storage' which simplifies the code
-   (with a fallback definition if it's not defined)
- * bug fixes (including in hprop and kf)
- * don't use mawk which seems to mishandle roken.awk
- * get_addrs should be able to handle v6 addresses on Linux (with the
-   required patch to the Linux kernel -- ask within)
- * rshd builds with shadow passwords
-
-Changes in release 0.1h:
-
- * kf: new program for forwarding credentials
- * portability fixes
- * make forwarding credentials work with MIT code
- * better conversion of ka database
- * add etc/services.append
- * correct `modified by' from kpasswdd
- * lots of bug fixes
-
-Changes in release 0.1g:
-
- * kgetcred: new program for explicitly obtaining tickets
- * configure fixes
- * krb5-aware kx
- * bug fixes
-
-Changes in release 0.1f;
-
- * experimental support for v4 kadmin protokoll in kadmind
- * bug fixes
-
-Changes in release 0.1e:
-
- * try to handle old DCE and MIT kdcs
- * support for older versions of credential cache files and keytabs
- * postdated tickets work
- * support for password quality checks in kpasswdd
- * new flag --enable-kaserver for kdc
- * renew fixes
- * prototype su program
- * updated (some) manpages
- * support for KDC resource records
- * should build with --without-krb4
- * bug fixes
-
-Changes in release 0.1d:
-
- * Support building with DB2 (uses 1.85-compat API)
- * Support krb5-realm.DOMAIN in DNS
- * new `ktutil srvcreate'
- * v4/kafs support in klist/kdestroy
- * bug fixes
-
-Changes in release 0.1c:
-
- * fix ASN.1 encoding of signed integers
- * somewhat working `ktutil get'
- * some documentation updates
- * update to Autoconf 2.13 and Automake 1.4
- * the usual bug fixes
-
-Changes in release 0.1b:
-
- * some old -> new crypto conversion utils
- * bug fixes
-
-Changes in release 0.1a:
-
- * new crypto code
- * more bug fixes
- * make sure we ask for DES keys in gssapi
- * support signed ints in ASN1
- * IPv6-bug fixes
-
-Changes in release 0.0u:
-
- * lots of bug fixes
-
-Changes in release 0.0t:
-
- * more robust parsing of krb5.conf
- * include net{read,write} in lib/roken
- * bug fixes
-
-Changes in release 0.0s:
-
- * kludges for parsing options to rsh
- * more robust parsing of krb5.conf
- * removed some arbitrary limits
- * bug fixes
-
-Changes in release 0.0r:
-
- * default options for some programs
- * bug fixes
-
-Changes in release 0.0q:
-
- * support for building shared libraries with libtool
- * bug fixes
-
-Changes in release 0.0p:
-
- * keytab moved to /etc/krb5.keytab
- * avoid false detection of IPv6 on Linux
- * Lots of more functionality in the gssapi-library
- * hprop can now read ka-server databases
- * bug fixes
-
-Changes in release 0.0o:
-
- * FTP with GSSAPI support.
- * Bug fixes.
-
-Changes in release 0.0n:
-
- * Incremental database propagation.
- * Somewhat improved kadmin ui; the stuff in admin is now removed.
- * Some support for using enctypes instead of keytypes.
- * Lots of other improvement and bug fixes, see ChangeLog for details.