CA ControlMinder Premium Edition Release Notes

CA ControlMinder Premium
Edition
Release Notes
12.6.02
This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to
as the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time.
This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without
the prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be disclosed
by you or used for any purpose other than as may be permitted in (i) a separate agreement between you and CA governing
your use of the CA software to which the Documentation relates; or (ii) a separate confidentiality agreement between you and
CA.
Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you may
print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your
employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced
copy.
The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable
license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to
certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY
KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE,
DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST
INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE
POSSIBILITY OF SUCH LOSS OR DAMAGE.
The use of any software product referenced in the Documentation is governed by the applicable license agreement and such
license agreement is not modified in any way by the terms of this notice.
The manufacturer of this Documentation is CA.
Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions
set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or
their successors.
Copyright © 2013 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to
their respective companies.
Third-Party Notices
CONTAINS IBM(R) 32-bit Runtime Environment for AIX(TM), Java(TM) 2 Technology
Edition, Version 1.4 Modules
(c) Copyright IBM Corporation 1999, 2002
All Rights Reserved
Sample Scripts and Sample SDK Code
The Sample Scripts and Sample SDK code included with the CA ControlMinder product
are provided "as is", for informational purposes only. They may need to be adjusted in
specific environments and should not be used in production without testing and
validating them before deploying them on a production system.
CA Technologies does not provide support for these samples and cannot be responsible
for any errors that these scripts may cause.
CA Technologies Product References
This document references the following CA Technologies products:
■
CA ControlMinder Premium Edition
■
CA ControlMinder
■
CA Single Sign-On (CA SSO)
■
CA Top Secret®
■
CA ACF2™
■
CA Audit
■
CA Network and Systems Management (CA NSM, formerly Unicenter NSM and
Unicenter TNG)
■
CA Software Delivery (formerly Unicenter Software Delivery)
■
CA Service Desk (formerly Unicenter Service Desk)
■
CA User Activity Reporting (formerly CA Enterprise Log Manager)
■
CA IdentityMinder
Documentation Conventions
The CA ControlMinder documentation uses the following conventions:
Format
Meaning
Mono-spaced font
Code or program output
Italic
Emphasis or a new term
Bold
Text that you must type exactly as shown
A forward slash (/)
Platform independent directory separator used to
describe UNIX and Windows paths
The documentation also uses the following special conventions when explaining
command syntax and user input (in a mono-spaced font):
Format
Meaning
Italic
Information that you must supply
Between square brackets ([])
Optional operands
Format
Meaning
Between braces ({})
Set of mandatory operands
Choices separated by pipe (|).
Separates alternative operands (choose one).
For example, the following means either a user
name or a group name:
{username|groupname}
...
Indicates that the preceding item or group of items
can be repeated
Underline
Default values
A backslash at end of line
preceded by a space ( \)
Sometimes a command does not fit on a single line
in this guide. In these cases, a space followed by a
backslash ( \) at the end of a line indicates that the
command continues on the following line.
Note: Avoid copying the backslash character and
omit the line break. These are not part of the actual
command syntax.
Example: Command Notation Conventions
The following code illustrates how command conventions are used in this guide:
ruler className [props({all|{propertyName1[,propertyName2]...})]
In this example:
■
The command name (ruler) is shown in regular mono-spaced font as it must be
typed as shown.
■
The className option is in italic as it is a placeholder for a class name (for example,
USER).
■
You can run the command without the second part enclosed in square brackets,
which signifies optional operands.
■
When using the optional parameter (props), you can choose the keyword all or,
specify one or more property names separated by a comma.
File Location Conventions
The CA ControlMinder documentation uses the following file location conventions:
■
ACInstallDir—The default CA ControlMinder installation directory.
–
Windows—C:\Program Files\CA\AccessControl\
–
UNIX—/opt/CA/AccessControl/
■
ACSharedDir—A default directory used by CA ControlMinder for UNIX.
–
■
ACServerInstallDir—The default CA ControlMinder Enterprise Management
installation directory.
–
■
/opt/CA/AccessControlServer
DistServerInstallDir—The default Distribution Server installation directory.
–
■
UNIX—/opt/CA/AccessControlShared
/opt/CA/DistributionServer
JBoss_HOME—The default JBoss installation directory.
–
/opt/jboss-4.2.3.GA
Contact CA Technologies
Contact CA Support
For your convenience, CA Technologies provides one site where you can access the
information that you need for your Home Office, Small Business, and Enterprise CA
Technologies products. At http://ca.com/support, you can access the following
resources:
■
Online and telephone contact information for technical assistance and customer
services
■
Information about user communities and forums
■
Product and documentation downloads
■
CA Support policies and guidelines
■
Other helpful resources appropriate for your product
Providing Feedback About Product Documentation
If you have comments or questions about CA Technologies product documentation, you
can send a message to techpubs@ca.com.
To provide feedback about CA Technologies product documentation, complete our
short customer survey which is available on the CA Support website at
http://ca.com/docs.
Contents
Chapter 1: Welcome
11
Chapter 2: CA ControlMinder Editions
11
CA ControlMinder Installation Media ........................................................................................................................ 11
A Single Documentation Set for All Editions .............................................................................................................. 12
Chapter 3: New and Changed Features
15
CA ControlMinder Enhancements .............................................................................................................................. 15
UNAB Enhancements ................................................................................................................................................. 16
Fixed Issues in This Release ........................................................................................................................................ 16
Chapter 4: System Requirements
17
Operating System Support ......................................................................................................................................... 17
Windows Endpoint Requirements ............................................................................................................................. 17
UNIX Endpoint Requirements .................................................................................................................................... 17
Policy Model Database Requirements ....................................................................................................................... 18
UNAB Requirements .................................................................................................................................................. 18
Chapter 5: Documentation
19
Guides ........................................................................................................................................................................ 19
Chapter 6: FIPS Compliance
21
FIPS Operational Modes ............................................................................................................................................. 21
Unsupported Operating Systems for FIPS-only Mode ............................................................................................... 21
FIPS Encryption Libraries ............................................................................................................................................ 21
FIPS Algorithms Used ................................................................................................................................................. 22
Storage of Keys and Certificates ................................................................................................................................. 22
Features Affected (UNIX) ........................................................................................................................................... 22
Features Affected (Windows) .................................................................................................................................... 24
Chapter 7: Feature Support Limitations
27
IPv6 Support ............................................................................................................................................................... 27
Product Re-branding Limitations ............................................................................................................................... 27
Windows Endpoint Limitations .................................................................................................................................. 28
Contents 7
x64 Feature Support Limitations ......................................................................................................................... 28
IA64 Feature Support Limitations ....................................................................................................................... 28
Windows Server 2008 Feature Support Limitations ........................................................................................... 28
SAN Support ........................................................................................................................................................ 29
McAfee Entercept Buffer Overflow ..................................................................................................................... 29
Short File Name Rules (8.3 Format) Are Not Supported ..................................................................................... 30
UNIX Endpoint Limitations ......................................................................................................................................... 30
HP-UX Feature Support Limitations .................................................................................................................... 30
Unicenter Integration is Not Supported on HP-UX Itanium and RHEL Itanium .................................................. 30
SAM Agent Are Not Supported on Linux IA64..................................................................................................... 30
SAN Support ........................................................................................................................................................ 31
UNAB Limitations ....................................................................................................................................................... 31
Account Password Format in a One-Way Trust Domain Environment ............................................................... 31
UNAB Not Supported on Linux IA64 ................................................................................................................... 31
UNAB is not FIPS140-2 and IPV6 Compliant ........................................................................................................ 32
Chapter 8: Installation Considerations
33
Supported Installation Languages .............................................................................................................................. 33
Endpoint Components Release Only .......................................................................................................................... 33
Windows Endpoint Installation Considerations ......................................................................................................... 33
Restart Message Pops Up During Installation, Uninstallation or Upgrade on Windows Server 2008 ................ 34
UNIX Endpoint Installation Considerations ................................................................................................................ 34
CA ControlMinder Installation Considerations for Solaris 8 and 9 ...................................................................... 34
AIX 6.1 Requires TL3 or Later for CA ControlMinder to Start ............................................................................. 34
Message Queue for Linux390 Requires J2SE Version 5.0.................................................................................... 35
Compatibility Library Missing on x86_64bit Linux .............................................................................................. 35
CA ControlMinder Installation and Uninstallation Restarts UNAB ..................................................................... 35
Propagating CA ControlMinder and UNAB to a New Solaris Zone ...................................................................... 35
Installing CA ControlMinder on Solaris 11 Limitation ......................................................................................... 35
UNAB Endpoint Installation Considerations ............................................................................................................... 36
Error Message Appears if CA_LIC Installed in a Non-Default Directory .............................................................. 36
Users Log in Fail When UNAB SELinux is Enabled on Red Hat Enterprise Linux 5.8 ............................................ 36
UNAB Installation Considerations for Solaris 8 and 9 ......................................................................................... 36
UNAB for Linux 390 Requires J2SE Version 5.0 for Remote Management ......................................................... 37
Chapter 9: Upgrade Considerations
39
Versions You Can Upgrade From ................................................................................................................................ 39
Windows Endpoint Upgrade Considerations ............................................................................................................. 40
Reboot May Be Required When Upgrading ........................................................................................................ 40
Change in Default Access to Database ................................................................................................................ 40
UNIX Endpoint Upgrade Considerations .................................................................................................................... 40
8 Release Notes
Default Installation Location ............................................................................................................................... 40
FIPS 140-2 Library Upgrade ................................................................................................................................. 40
Systemwide Audit Mode for UNIX Upgrades ...................................................................................................... 41
Authorization Recognizes Resource Group Ownership ...................................................................................... 41
syslog Messages That Have a Reduced Priority .................................................................................................. 41
Chapter 10: General Considerations
43
Windows Endpoint Considerations ............................................................................................................................ 43
RunAs Administrator to Start CA ControlMinder on Windows Server 2008 ....................................................... 43
Uninstall Does Not Remove CA License Files ...................................................................................................... 43
UNAB Considerations ................................................................................................................................................. 43
Home Directory Not Created on Log In When SELinux is Enabled ...................................................................... 44
Change Password Attempt Fails on Red Hat Linux ............................................................................................. 44
Disable Local User Account After Migration ....................................................................................................... 44
Do Not Set the unab_refresh_interval Token Value to a Short Interval ............................................................. 45
Do not Set Kerberos dns_lookup_realm to True ................................................................................................ 45
UNAB Users Cannot Change Account Password According to Specified Password Policy.................................. 45
sepass Integration with UNAB Endpoints ........................................................................................................... 45
Log In to UNAB with Active Directory Account ................................................................................................... 46
You Cannot Log In to CA ControlMinder for UNIX Using 'Administrator' Account When UNAB Is
Installed ............................................................................................................................................................... 46
Chapter 11: Known Issues
47
Installation Known Issues ........................................................................................................................................... 47
Windows Endpoint Installation Known Issues .................................................................................................... 47
UNIX Endpoint Installation Known Issues ........................................................................................................... 47
UNAB Endpoint Installation Known Issues .......................................................................................................... 49
Upgrade Known Issues ............................................................................................................................................... 49
Windows Endpoint Upgrade Known Issues ........................................................................................................ 50
UNIX Endpoint Upgrade Known Issues ............................................................................................................... 50
General Known Issues ................................................................................................................................................ 50
Windows Endpoint Known Issues ....................................................................................................................... 50
UNIX Endpoint Known Issues .............................................................................................................................. 52
UNAB Known Issues ............................................................................................................................................ 55
Documentation Known Issues ............................................................................................................................. 60
Appendix A: Third-Party License Agreements
63
Software Under the Apache License .......................................................................................................................... 64
Software Under the Daniel Veillard License ............................................................................................................... 71
Software Under the OpenLDAP License ..................................................................................................................... 73
Contents 9
Software Under the OpenSSL License ........................................................................................................................ 76
AES 2.4........................................................................................................................................................................ 82
AIX JRE 1.4.2 ............................................................................................................................................................... 83
AIX JRE 1.5.0 ............................................................................................................................................................... 83
ANTLR 2.7.5H3............................................................................................................................................................ 84
CentOS 5.6 .................................................................................................................................................................. 85
CPAN Perl 5.8.8 .......................................................................................................................................................... 85
CRC32 ......................................................................................................................................................................... 86
Cyrus SASL 2.1.22 ....................................................................................................................................................... 88
dom4j 1.5 ................................................................................................................................................................... 91
Hibernate 3.2.............................................................................................................................................................. 92
ICU4C 3.4 .................................................................................................................................................................... 93
JBoss 4.0.1 SP1 ........................................................................................................................................................... 94
JBoss Application Server v.4.2.3 ................................................................................................................................. 95
JBoss Native v.2.0.6 .................................................................................................................................................... 96
JDOM 1.0 .................................................................................................................................................................... 97
MD5 Message Digest Algorithm ............................................................................................................................... 100
MIT Kerberos v5 r1.5 ................................................................................................................................................ 102
nss_ldap 2.62 ........................................................................................................................................................... 125
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0) ......................................................................................................... 132
PCRE 6.3 ................................................................................................................................................................... 137
Rhino 1.6r4 ............................................................................................................................................................... 139
SAXPath 1 ................................................................................................................................................................. 140
SHA-1 ........................................................................................................................................................................ 143
Sun JDK 1.4.2_13 ...................................................................................................................................................... 144
Sun JDK 1.6.0 ............................................................................................................................................................ 154
Sun JRE 1.5.0_18 ...................................................................................................................................................... 169
XNTP v.3-5.93 ........................................................................................................................................................... 183
XScreenSaver ............................................................................................................................................................ 184
Zlib 1.2.3 ................................................................................................................................................................... 184
ZThread 2.3.2 ........................................................................................................................................................... 185
10 Release Notes
Chapter 1: Welcome
Welcome to CA ControlMinder Premium Edition r12.6.02. This guide describes new
enhancements, changes to existing features, operating system support, system
requirements, documentation information, installation and general considerations,
published solutions, and known issues for CA ControlMinder Premium Edition.
CA ControlMinder Premium Edition offers the same functionality and components as CA
ControlMinder. In addition, it offers enterprise management and reporting capabilities,
and advanced policy management features.
To simplify terminology, we refer to the product as CA ControlMinder throughout this
guide.
Chapter 2: CA ControlMinder Editions
CA ControlMinder is available in two editions and features vary by product edition:
CA ControlMinder
Contains the core functionality that provides a total security solution for open
systems.
CA ControlMinder Premium Edition
Offers the same functionality and components as CA ControlMinder. In addition, it
offers enterprise management and reporting capabilities, advanced policy
management features, and CA Enterprise Log Manager for collecting and managing
CA ControlMinder audit logs.
CA ControlMinder Premium Edition contains Privileged User Password Management
(SAM) to help you manage and audit the tasks performed by privileged accounts.
The UNIX Authentication Broker (UNAB) feature lets you manage UNIX users in
Active Directory and consolidate your users into a single repository.
CA ControlMinder Installation Media
CA ControlMinder components are available on the following optical discs.
Note: CA ControlMinder Premium Edition installation media is different from that of CA
ControlMinder.
Chapter 1: Welcome 11
A Single Documentation Set for All Editions
The following optical discs contain endpoint components:
■
CA ControlMinder Endpoint Components for Windows
Contains CA ControlMinder for Windows installation files for endpoint components.
These include the core CA ControlMinder functionality required for a standalone
Windows computer, additional executables and libraries to extend core
functionality (for example, Policy Model support), runtime SDK files and libraries
and API samples, mainframe password synchronization, and Stack Overflow
Protection (STOP).
■
CA ControlMinder Endpoint Components for UNIX
Contains CA ControlMinder for UNIX installation files for endpoint components.
These include the core CA ControlMinder functionality required for a standalone
UNIX computer, additional binaries and scripts to extend core functionality (for
example, Policy Model support), API libraries and samples, mainframe password
synchronization, and Stack Overflow Protection (STOP).
This optical disc also contains UNAB installation files for use with CA ControlMinder
Enterprise Management.
A Single Documentation Set for All Editions
We supply the same documentation for both editions. Because of that, some sections of
some guides apply only to CA ControlMinder Premium Edition. The following describes
how the documentation applies to CA ControlMinder:
■
Release Notes
Some information in this guide applies only to CA ControlMinder Premium Edition
features.
■
Implementation Guide
Some information in this guide applies only to CA ControlMinder Premium Edition
features.
■
Enterprise Administration Guide
The entire guide applies only to CA ControlMinder Premium Edition.
■
Upgrade Guide
Some information in this guide applies only to CA ControlMinder Premium Edition
features.
■
Implementation Guide
This entire guide applies to CA ControlMinder Premium Edition.
■
Endpoint Administration Guide for Windows
The entire guide applies to CA ControlMinder.
12 Release Notes
A Single Documentation Set for All Editions
■
Endpoint Administration Guide for UNIX
The entire guide applies to CA ControlMinder.
■
Reference Guide
Some information in this guide applies only to CA ControlMinder Premium Edition
features.
■
selang Reference Guide
Some information in this guide applies only to CA ControlMinder Premium Edition
features.
■
Troubleshooting Guide
Some information in this guide applies only to CA ControlMinder Premium Edition
features.
To simplify terminology, we refer to the product as CA ControlMinder throughout the
documentation.
Chapter 2: CA ControlMinder Editions 13
Chapter 3: New and Changed Features
This section contains the following topics:
CA ControlMinder Enhancements (see page 15)
UNAB Enhancements (see page 16)
Fixed Issues in This Release (see page 16)
CA ControlMinder Enhancements
The following CA ControlMinder enhancements and fixes were made since the last
release:
■
Product Name Change
Changed the product name from CA Access Control to CA ControlMinder.
■
System Devices Protection
You can now use CA ControlMinder to protect system devices against unauthorized
copy using the mknod command.
■
Generic Sesudo commands
(UNIX) You can can now include a generic directory path using wild cards (*) to
enable a single object to control all programs in the directory.
■
Remote Desktop Log off Events Audit
(Windows) CA ControlMinder now logs remote desktop session log off events. CA
ControlMinder now detects users log off events and logs them in the audit file as
"logout" events.
■
Remote Desktop Enforcement by IP Address
(Windows) CA ControlMinder now supports remote desktop login sessions by IP
address using TERMINAL IP rules. To support the enhanced capability the
TerminalSearchOrder token was modified to support terminal authorization by
terminal name and IP address.
Chapter 3: New and Changed Features 15
UNAB Enhancements
UNAB Enhancements
The following UNAB enhancements and fixes were made since the last release:
■
Enhanced Support for One-Way Trust Domains
Enhanced one-way trust support to enable UNAB chance to include users and
groups information from domains in a one-way trust relationship. Further, you can
now register UNAB using an administrative account from the trusted domain.
Fixed Issues in This Release
Fixes included in this release are documented in the Release FIXLIST. You can access the
FIXLIST from the CA ControlMinder Latest Maintenance Release page on CA Support.
16 Release Notes
Chapter 4: System Requirements
This section contains the following topics:
Operating System Support (see page 17)
Windows Endpoint Requirements (see page 17)
UNIX Endpoint Requirements (see page 17)
Policy Model Database Requirements (see page 18)
UNAB Requirements (see page 18)
Operating System Support
For a list of supported operating systems, see the CA ControlMinder Compatibility
Matrix that is available from the CA ControlMinder product page on CA Support.
Windows Endpoint Requirements
The minimum requirements for a CA ControlMinder Windows endpoint are:
■
Processor—Intel-based Pentium 4 PC 1.6 GHz
■
Memory—1-GB RAM
■
Available disk space—100 MB
In addition, you also need the disk space for your CA ControlMinder database. For
example, a database for one thousand users, with one thousand files, and five hundred
access rules, occupies approximately 2 MB of disk space.
UNIX Endpoint Requirements
The minimum requirements for a CA ControlMinder UNIX endpoint are:
■
Memory—1 GB RAM (2 GB recommended)
■
Available disk space—250 MB (300 MB for general installations)
In addition, you need disk space for your CA ControlMinder database, which is the
repository of records describing your users and user groups, your protected files and
other resources, and the authorizations that permit controlled access to the resources.
For example, a database for one thousand users, one thousand files, and five hundred
access rules, occupies approximately 2 MB of disk space.
Chapter 4: System Requirements 17
Policy Model Database Requirements
Policy Model Database Requirements
In addition to endpoint space requirements, you also need additional disk space for
each Policy Model you plan to create on the host. Each Policy Model contains a
database so you need to calculate the space requirements in the same manner as you
did for your CA ControlMinder database.
If you are upgrading and have all your Policy Models databases (PMDBs) in place
already, record the space each of the PMDBs uses in the
ACInstallDir/policy_model_path/pmdb_name directory before you upgrade. Use the
following calculations to estimate the additional disk space you will need for upgrading
each PMDB:
■
ACInstallDir/policies/pmdb_name/subscribers.dat (size) x 2
■
ACInstallDir/policies/pmdb_name/updates.dat (size) x 5 + 1000 KB
UNAB Requirements
The minimum requirements for UNAB are:
■
Memory—128-MB RAM (256 MB recommended)
■
Available disk space—100 MB
Also, you must have an Active Directory server configured, depending on the installation
type:
■
Windows Server 2000 SP4, if you have a partial integration installation
■
Windows Server 2003 SP2 R2, Windows Server 2008 R2, if you have a full
integration installation
Further, complete the following before you install UNAB:
■
Verify that the clocks synchronization between the UNIX and Active Directory
computers.
■
Synchronize the clocks between the Distribution Server and UNAB computers.
■
Verify forward and reverse name resolution for UNIX endpoints and domain
controllers from both UNIX and Active Directory servers.
■
(Optional) Check for UNAB system compliance.
This check runs automatically when you install UNAB.
■
(Optional) If you want to implement full integration mode, install a tool that lets
you view and modify the UNIX attributes of Active Directory users and groups.
Note: For more information about these prerequisite tasks, see the Implementation
Guide.
18 Release Notes
Chapter 5: Documentation
This section contains the following topics:
Guides (see page 19)
Guides
The guides for CA ControlMinder Premium Edition r12.6.01 are as follows:
■
Release Notes
■
Implementation Guide
■
Endpoint Administration Guide for Windows
■
Endpoint Administration Guide for UNIX
■
Enterprise Administration Guide
■
Integration Guide
■
Upgrade Guide
■
Reference Guide
■
selang Reference Guide
■
Troubleshooting Guide
Note: To view PDF files, you must download and install a Portable Document Format
(PDF) reader. The CA ControlMinder documentation requires Adobe Reader 7.0.7 or
later. You can download Adobe Reader from the Adobe website if it is not already
installed on your computer.
In addition to the PDF guides, the CA ControlMinder guides are also available in HTML
format and Online Help is accessible from the various web-based interfaces.
Chapter 5: Documentation 19
Chapter 6: FIPS Compliance
This section contains the following topics:
FIPS Operational Modes (see page 21)
Unsupported Operating Systems for FIPS-only Mode (see page 21)
FIPS Encryption Libraries (see page 21)
FIPS Algorithms Used (see page 22)
Storage of Keys and Certificates (see page 22)
Features Affected (UNIX) (see page 22)
Features Affected (Windows) (see page 24)
FIPS Operational Modes
CA ControlMinder has two FIPS operational modes: FIPS-only and regular. In FIPS-only
mode, CA ControlMinder uses only those cryptographic functions that are FIPS 140-2
compliant. This means that some CA ControlMinder features are disabled in FIPS-only
mode. In regular mode CA ControlMinder uses both FIPS 140-2 cryptographic functions
and non-FIPS compliant functions.
Note: To switch between FIPS-only mode and regular, use the fips_only configuration
setting in the crypto section.
Unsupported Operating Systems for FIPS-only Mode
FIPS-only mode is not supported on the following CA ControlMinder supported
operating system architectures:
■
Linux s390
■
Linux Itanium (IA64)
■
Solaris x64
■
Windows Itanium (IA64)
FIPS Encryption Libraries
In FIPS-only mode CA ControlMinder uses the CAPKI encryption library. On UNIX
systems it uses the OS encryption library for password encryption (“crypt” method). In
regular mode, CA ControlMinder uses the CAPKI 4.1.2 encryption library in addition to
the non-FIPS encryption libraries.
Chapter 6: FIPS Compliance 21
FIPS Algorithms Used
FIPS Algorithms Used
CA ControlMinder components use the following cryptographic algorithms. Different
components use different algorithms.
■
■
In FIPS-only mode:
–
SSL (TLS 1.0)—client/server communication
–
AES in CBC mode—encryption of PMD update file (Windows), bidirectional
password history (Windows)
–
SHA-1—Unidirectional password encryption (Windows), Trusted Programs,
policy signatures (advanced policy management)
In regular mode:
–
CA ControlMinder r8 SP1 encryption libraries (DES, Triple DES, AES, MD5, and
so on)
–
SSL (SSL V2, SSL V3 and TLS 1.0)—client/server communication
–
SHA-1 (from CAPKI)—used for signatures of trusted programs, signatures of
policies
–
AES (from CAPKI)—used for password validation when working with
bidirectional password history
Storage of Keys and Certificates
CA ControlMinder stores keys and certificates as follows.
■
Symmetric keys are stored as in eTrust Access Control r8 SP1.
■
Certificates (subject certificate, private key, and root certificate) are stored on the
file system and protected by CA ControlMinder.
Note: CA ControlMinder encrypts the private key using AES symmetric encryption
(from the CAPKI libraries) using CA ControlMinder symmetric key.
Features Affected (UNIX)
The FIPS operational mode can have an effect on the following CA ControlMinder UNIX
features:
22 Release Notes
Feature
Non-FIPS Mode
FIPS Mode
PMD update file
encryption
Default symmetric key
encryption (two-way)
Disabled
Features Affected (UNIX)
Feature
Non-FIPS Mode
FIPS Mode
Trusted Programs
CAPKI SHA-1 and MD5
CAPKI SHA-1 only
Bidirectional password
encryption
Default symmetric key
encryption
Disabled
Unidirectional password Operating system's
encryption
crypt/bigcrypt method
Operating system's
crypt/bigcrypt method
PMD TNG command
Default symmetric key
encryption
Disabled
CA ControlMinder TNG
daemon
Default symmetric key
encryption
Disabled
LDAP password
encryption usage
(sebuildla -u -n)
Default symmetric key
encryption
Disabled
LDAP password
encryption generation
Default symmetric key
encryption
Disabled
TCP communication
Default symmetric key
encryption (two-way) or
CAPKI sockets over SSL V2,
SSL V3, or TLS V1
CAPKI sockets over TLS V1
seversion utility
CAPKI SHA-1
CAPKI SHA-1
Trusted Programs
(watchdog and
seretrust)
CAPKI SHA-1
CAPKI SHA-1
Advanced policy
management policy
distribution
CAPKI SHA-1 signature, and
for backwards compatibility,
CA ControlMinder internal
SHA-1 signature
CAPKI SHA-1 signature only
selogrd encryption
Default symmetric key
encryption and MD5
Disabled
sechkey key change
Default symmetric key
encryption
Disabled
iRecorder log file
signature
MD5 encryption
Disabled
Report Agent
Enabled
Disabled
SAM Agent
Enabled
Disabled
DMS
Enabled
UNAB endpoints
management disabled
(seldapcred)
Chapter 6: FIPS Compliance 23
Features Affected (Windows)
Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant
program prints an error message and exits, or writes the error message to the system
log if a non interactive process occurred. For example: Report Agent or SAM Agent.
Features Affected (Windows)
The FIPS operational mode can have an effect on the following CA ControlMinder
Windows features:
24 Release Notes
Feature
Non-FIPS Mode
FIPS Mode
PMD update file
encryption
Default symmetric key
encryption (two-way)
CAPKI AES symmetric key
encryption
Password history
(non-bidirectional)
Saved as CAPKI SHA-1.
Saved as CAPKI SHA-1.
Password validation with
CAPKI SHA-1 and fall through
to crypt
Password validation with
CAPKI SHA-1 only
Password history
(bidirectional)
Default symmetric key
encryption.
CAPKI AES symmetric key
encryption.
Password validation with
default symmetric key
encryption
Password validation with
CAPKI AES only.
sechkey key change,
password history
Default symmetric key
encryption to decrypt and
encrypt password history
CAPKI AES symmetric key
encryption to decrypt and
encrypt password history
sechkey key change,
policy model
Default symmetric key
encryption to decrypt and
encrypt policy model update
files
CAPKI AES symmetric key
encryption to decrypt and
encrypt policy model update
files
Trusted Programs
CAPKI SHA-1 and MD5
CAPKI SHA-1 only
Mainframe password
synchronization
Enabled
Disabled
iRecorder
Enabled
Disabled
TNG integartion
Enabled
Disabled
Advanced policy
management policy
distribution
CAPKI SHA-1 signature, and
for backwards compatibility,
CA ControlMinder internal
SHA-1 signature
CAPKI SHA-1 signature only
Report Agent
Enabled
Disabled
SAM Agent
Enabled
Disabled
Features Affected (Windows)
Feature
Non-FIPS Mode
FIPS Mode
DMS
Enabled
UNAB endpoint
management disabled
Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant
program prints an error message and exits, or writes the error message to the system
log if a non interactive process occurred. For example: Report Agent or SAM Agent.
You should also consider the following:
■
When moving from non-FIPS to FIPS, the policy model cannot read old commands.
■
When moving from FIPS to non-FIPS, the policy model can read old commands.
■
For non-bidirectional password history, there is no impact when not using crypt in
FIPS mode. Crypt is only for backwards compatibility.
■
For bidirectional password history, moving from non-FIPS to FIPS, CA ControlMinder
cannot decrypt old passwords.
Chapter 6: FIPS Compliance 25
Chapter 7: Feature Support Limitations
This section contains the following topics:
IPv6 Support (see page 27)
Product Re-branding Limitations (see page 27)
Windows Endpoint Limitations (see page 28)
UNIX Endpoint Limitations (see page 30)
UNAB Limitations (see page 31)
IPv6 Support
CA ControlMinder runs in an IPv4-only environment, an IPv6-only environment, or a
mixed environment of both IPv4 and IPv6.
Note: (UNIX) selogrd and selogrcd will not work in IPv6-only environments.
CA ControlMinder does not currently support network access controls on IPv6 networks.
This affects the HOST, CONNECT and TCP classes.
You can specify IP addresses to CA ControlMinder in IPv6 format, except that the mask
and match feature of HOSTNET class records requires IPv4 format addresses.
Product Re-branding Limitations
The following product components were re-branded to CA ControlMinder:
■
Installation messages
■
Utility messages
■
User interface page titles
■
Display names
■
Login screens
The following product components were not re-branded and use CA Access Control:
■
Product path names
■
Selang command prompts
■
Product and program file names
■
Registry entries
■
Package names
Chapter 7: Feature Support Limitations 27
Windows Endpoint Limitations
Windows Endpoint Limitations
This section describes feature support limitations for Windows endpoints.
x64 Feature Support Limitations
The following are known limitations on Windows 2003 x64:
■
Unicenter TNG migration and integration
■
Mainframe password synchronization
■
Impersonation interception (class SURROGATE functionality), if
SurrogateInterceptionMode is set to 1
Important! Impersonation interception is supported on x64, IA64 and x86 platforms
by default via the RunAs plug-in (SurrogateInterceptionMode is set to 0).
Note: For more information about the SurrogateInterceptionMode registry setting,
see the Reference Guide.
IA64 Feature Support Limitations
The following features are not supported on IA64 platforms:
■
Unicenter TNG migration and integration
■
Mainframe password synchronization
■
STOP
■
Report Agent
■
SAM Agent
■
SSL
■
FIPS 140-2 compliance
Windows Server 2008 Feature Support Limitations
The following are known limitations on Windows Server 2008:
■
Impersonation interception (class SURROGATE functionality), if
SurrogateInterceptionMode is set to 1
Important! Impersonation interception is supported on x64, IA64 and x86 platforms
by default via the RunAs plug-in (SurrogateInterceptionMode is set to 0).
Note: For more information about the SurrogateInterceptionMode registry setting,
see the Reference Guide.
28 Release Notes
Windows Endpoint Limitations
SAN Support
CA ControlMinder supports a SAN (storage area network) environment when you install
CA ControlMinder on:
■
A local file system and use it to protect files on a SAN, when the SAN is accessible
from a single host.
Note: If the SAN is accessible from multiple hosts, install CA ControlMinder on each
host that can access the SAN and use each installation to protect files on the SAN.
■
A SAN disk, subject to the following limitations:
■
CA ControlMinder drivers must be installed on the local file system.
■
You must manually start CA ControlMinder on the SAN disk each time you start
or restart the computer. Do not start CA ControlMinder automatically when
you start or restart the computer.
Note: The previous condition only applies when you install CA ControlMinder
on a SAN disk. If you install CA ControlMinder on a local file system and use it
to protect files on a SAN, you do not need to manually start CA ControlMinder
each time you restart the computer.
If the SAN is accessible from multiple hosts and CA ControlMinder is installed on the
SAN, and you want to install CA ControlMinder from a different host to the same
location on the SAN, consider the following before you begin:
■
The new installation of CA ControlMinder replaces the existing installation of CA
ControlMinder and overwrites the existing CA ControlMinder configuration files and
database.
■
You must stop the existing installation of CA ControlMinder before you begin the
new installation.
McAfee Entercept Buffer Overflow
The CA ControlMinder STOP feature is incompatible with the McAfee Entercept buffer
overflow technology.
Turn off the CA ControlMinder STOP feature or the McAfee Entercept buffer overflow
protection feature.
Chapter 7: Feature Support Limitations 29
UNIX Endpoint Limitations
Short File Name Rules (8.3 Format) Are Not Supported
CA ControlMinder does not support rules created as short file names (8.3 format). When
you define any of the following classes, you must enter the full path name of the file or
directory:
FILE, PROGRAM, PROCESS, SECFILE, SPECIALPGM
The following is an example of a rule using a full path name:
nr file ("C:\program files\text.txt")
The following is an example of a rule using a short path name that is not supported:
nr file ("C:\progra~1\test.txt")
UNIX Endpoint Limitations
This section describes feature support limitations for UNIX endpoints.
HP-UX Feature Support Limitations
The following is a known UNAB and CA ControlMinder limitation on HP-UX operating
systems:
■
seversion utility does not display SHA-1 signature.
Unicenter Integration is Not Supported on HP-UX Itanium and RHEL Itanium
Unicenter integration is not supported on HP-UX Itanium (IA64) and Red Hat Linux
Itanium IA64.
SAM Agent Are Not Supported on Linux IA64
The SAM Agent is not supported on Linux Itanium (IA64). CA ControlMinder does not
install the SAM Agent on these operating systems regardless of the selections you make
during installation.
Note: UNAB is also not supported on Linux IA64.
30 Release Notes
UNAB Limitations
SAN Support
CA ControlMinder supports a SAN (storage area network) environment when you install
CA ControlMinder on a local file system and use it to protect files on a SAN, when the
SAN is accessible from the single host where CA ControlMinder is installed.
Note: If the SAN is accessible from multiple hosts, install CA ControlMinder on each host
that can access the SAN and use each installation to protect files on the SAN.
If the SAN is accessible from multiple hosts and CA ControlMinder is installed on the
SAN, and you want to install CA ControlMinder from a different host to the same
location on the SAN, consider the following before you begin:
■
The new installation of CA ControlMinder replaces the existing installation of CA
ControlMinder and overwrites the existing CA ControlMinder configuration files and
database.
■
You must stop the existing installation of CA ControlMinder before you begin the
new installation.
Note: CA ControlMinder behavior is unspecified when you install it on a SAN and it is
executed from multiple connected hosts.
UNAB Limitations
This section describes feature support limitations for UNAB endpoints.
Account Password Format in a One-Way Trust Domain Environment
When you change your Active Directory account password in a different domain than
the registration domain using the uxconsole utility, you must use the following
command format:
uxconsole -krb -passwd user@DOMAIN
Important! the domain name must appear in capital letters.
UNAB Not Supported on Linux IA64
Currently, you cannot install UNAB on Linux IA64 operating system.
Chapter 7: Feature Support Limitations 31
UNAB Limitations
UNAB is not FIPS140-2 and IPV6 Compliant
Currently, UNAB is not FIPS140-2 and IPV6 compliant.
32 Release Notes
Chapter 8: Installation Considerations
This section contains the following topics:
Supported Installation Languages (see page 33)
Endpoint Components Release Only (see page 33)
Windows Endpoint Installation Considerations (see page 33)
UNIX Endpoint Installation Considerations (see page 34)
UNAB Endpoint Installation Considerations (see page 36)
Supported Installation Languages
You can specify the language in which CA ControlMinder are installed. The following
language IDs are supported, you can specify and their respective languages:
CA ControlMinder for Windows, CA ControlMinder for UNIX and UNAB support the
following languages:
■
1033—English
■
1041—Japanese
■
1042—Korean
■
2052—Chinese(Simplified)
Endpoint Components Release Only
This release of CA ControlMinder contains endpoint components only. The following
endpoint components are included with this release:
■
CA ControlMinder Endpoint for UNIX
■
CA ControlMinder Endpoint for Windows
■
UNAB Endpoint
Windows Endpoint Installation Considerations
This section describes items you should consider when installing CA ControlMinder on
Windows endpoints.
Chapter 8: Installation Considerations 33
UNIX Endpoint Installation Considerations
Restart Message Pops Up During Installation, Uninstallation or Upgrade on
Windows Server 2008
When you install, uninstall or upgrade CA ControlMinder on Windows Server 2008, a
dialog box may appear informing you that a restart is required after the process is
complete. To continue, close the dialog box by selecting OK.
UNIX Endpoint Installation Considerations
This section describes items you should consider when installing CA ControlMinder on
UNIX endpoints.
CA ControlMinder Installation Considerations for Solaris 8 and 9
Valid on Solaris 8, Solais 9
To install CA ControlMinder using the native package installation on Solaris 8 and Solaris
9 operating system complete the following procedure before you extract the installation
package:
1.
Copy the installation package to a temporary directory.
2.
Execute the following commands:
zcat _SOLARIS_126.tar.Z | tar xof rm -f CAeAC/install/depend
3.
Open the /CAeAC/pkgmap file and locate the line that begins with '1 i depend'.
4.
Remove the line from and save the file.
You can now customize the package and install CA ControlMinder.
AIX 6.1 Requires TL3 or Later for CA ControlMinder to Start
Valid on AIX 6.1
To load CA ControlMinder on AIX 6.1, verify that TL3 or later is installed.
34 Release Notes
UNIX Endpoint Installation Considerations
Message Queue for Linux390 Requires J2SE Version 5.0
To use Message Queue functionality on Linux s390 and s390x endpoints, verify that J2SE
version 5.0 or later is installed on the endpoint. Message Queue functionality lets you
send report data to the Report Portal and audit data to CA Enterprise Log Manager.
Note: You may need to configure the java_home configuration setting in the
accommon.ini file. For more information, see the Implementation Guide.
Compatibility Library Missing on x86_64bit Linux
By default x86_64 Linux operating systems should not include 32bit compatibility
libraries when installed. CA ControlMinder endpoint requires that the library
libstdc++.so.6 exists under the usr/lib directory from rpm libstdc++.
Verify that this library exists on the endpoint before you install CA ControlMinder.
CA ControlMinder Installation and Uninstallation Restarts UNAB
When CA ControlMinder is installed or uninstalled from an endpoint that UNAB is
running on, the UNAB agent, uxauthd, is stopped and started.
Propagating CA ControlMinder and UNAB to a New Solaris Zone
When you setup a new Solaris zone, you must complete several post installation steps
before the native operating system completely propagate and run the post installation
part of the package and you can propagate CA ControlMinder and UNAB to the new
zone.
Note: For more information on setting up a new zone correctly, see Sun's System
Administration Guide: Solaris Containers--Resource Management and Solaris Zones,
which is available at the Sun Microsystems Documentation website.
Installing CA ControlMinder on Solaris 11 Limitation
Due to a Solaris 11 limitation, CA ControlMinder package is not propagated into
nonglobal zones during installation. We recommend you to install CA ControlMinder in
each zone individually using the Solaris native packaging tool (pkgadd).
Chapter 8: Installation Considerations 35
UNAB Endpoint Installation Considerations
UNAB Endpoint Installation Considerations
This section describes items you should consider when installing UNAB endpoints.
Error Message Appears if CA_LIC Installed in a Non-Default Directory
Valid on Solaris
Symptom:
After I installed CA_LIC in to a non-default directory I attempted to install CA
ControlMinder and UNAB on the Solaris host. The installation completed successfully
but the registration process ended with an error message.
Solution:
The error message appears when you specify to install the CA_LIC component into a
non-default directory, for example you specified the LIC_INSTALL_DIR parameter to
/work/CA directory. To workaround this problem specify the following parameter
CASHCOMP=/work/CA and install UNAB.
Users Log in Fail When UNAB SELinux is Enabled on Red Hat Enterprise Linux 5.8
Valid on Red Hat Enterprise Linux 5.8
Active Directory users cannot log in to a Red Hat Enterprise Linux 5.8 if UNAB SELinux is
enabled.
UNAB Installation Considerations for Solaris 8 and 9
Valid on Solaris 8, Solais 9
To install UNAB on Solaris 8 and Solaris 9 operating system, you must complete the
following procedure before you extract the installation package:
1.
Copy the installation package to a temporary directory.
2.
Execute the following commands:
zcat _SOLARIS_Ux_PKG_126.tar.Z | tar xof rm -f uxauth/install/depend
3.
Open the pkgmap file and locate the line that begins with '1 i depend'.
4.
Remove the line from and save the file.
You can now customize the package and install UNAB.
36 Release Notes
UNAB Endpoint Installation Considerations
UNAB for Linux 390 Requires J2SE Version 5.0 for Remote Management
To remotely manage Linux s390 and s390x endpoints, verify that J2SE version 5.0 or
later is installed on the endpoint. Remote management lets you use CA ControlMinder
Enterprise Management to manage UNAB endpoints.
Note: You may need to configure the java_home configuration setting in the
accommon.ini file. For more information, see the Implementation Guide.
Chapter 8: Installation Considerations 37
Chapter 9: Upgrade Considerations
This section contains the following topics:
Versions You Can Upgrade From (see page 39)
Windows Endpoint Upgrade Considerations (see page 40)
UNIX Endpoint Upgrade Considerations (see page 40)
Versions You Can Upgrade From
You can upgrade your CA ControlMinder endpoints to r12.6.02 from the following
versions:
■
r12.6.01
■
r12.6
■
r12.5.5
■
r12.5 SP4
■
r12.5 SP3
■
r12.5 SP2
■
r12.5 SP1
■
r12.5
■
r12.0 SP1
■
r12.0
■
Any r8 SP1 CR
You cannot upgrade your CA ControlMinder endpoints to r12.6.02 from the following
versions:
■
r8 SP1 GA
To upgrade an r8 SP1 GA endpoint, install the latest CR for r8 SP1 before you
upgrade to r12.6.02.
■
r5.2 and r5.3
To upgrade an r5.2 or r5.3 endpoint, install the latest CR for r8 SP1 before you
upgrade to r12.6.02.
Chapter 9: Upgrade Considerations 39
Windows Endpoint Upgrade Considerations
Windows Endpoint Upgrade Considerations
This section describes items you should consider when upgrading CA ControlMinder on
Windows endpoints.
Reboot May Be Required When Upgrading
When you upgrade an endpoint to this release from r12.0 SP1 or later, it is not
mandatory that you reboot the computer. After the upgrade, CA ControlMinder
preserves backwards compatibility. However, the upgrade is not complete until you
reboot the computer, and all new functionality may not be supported until after the
reboot.
When you upgrade an r8.0 SP1 or r12.0 endpoint to this release, you must reboot the
computer.
Change in Default Access to Database
The default access to seosdb, the CA ControlMinder database, is now none. In r12.5 SP2
and earlier, the default access to the database was read.
Note: CA ControlMinder internal processes have full access to the database and the NT
AUTHORITY\System user has read access to the database.
UNIX Endpoint Upgrade Considerations
This section describes items you should consider when upgrading CA ControlMinder on
UNIX endpoints.
Default Installation Location
The default installation location has changed in r12.0 and is as follows:
/opt/CA/AccessControl
FIPS 140-2 Library Upgrade
This release of CA ControlMinder uses CAPKI 4.1.2 instead of ETPKI 3.2. The upgrade is
automatic and keeps the ETPKI 3.2 libraries on your computer if they are used by other
components. To determine whether other components are using ETPKI 3.2, CAPKI uses
an internal reference count. When this count equals 0, ETPKI 3.2 uninstalls on upgrade.
40 Release Notes
UNIX Endpoint Upgrade Considerations
Systemwide Audit Mode for UNIX Upgrades
The SYSTEM_AAUDIT_MODE property in the SEOS class specifies the default audit mode
for users and enterprise users (systemwide audit mode). When you upgrade to CA
ControlMinder r12.5 SP1 or later, CA ControlMinder sets the value of the
SYSTEM_AAUDIT_MODE property to the value of the DefaultAudit configuration setting
in the [newusr] section of the lang.ini file.
Note: The default value of both the SYSTEM_AAUDIT_MODE property and the
DefaultAudit configuration setting is Failure LoginSuccess LoginFailure.
Authorization Recognizes Resource Group Ownership
CA ControlMinder takes into account resource group ownership when checking user
authorization to a resource. This behavior was introduced in r12.0. In earlier releases,
the authorization process considered only the resource's owner.
For example, you define a FILE resource with a default access of none and no owner that
is a member to a GFILE resource with a named owner. In CA ControlMinder r12.0 and
later, the named group owner has full access to the file. In earlier releases, nobody has
access to the file.
syslog Messages That Have a Reduced Priority
The following syslog messages have been reduced to informational priority (INFO rather
than ERROR):
■
CA ControlMinder daemon going down.
■
START-UP: CA ControlMinder PID=%d
■
SEOS_load: use_streams=$use_streams unload_enable=$unload_enable
■
Loading CA ControlMinder kernel extension.
■
$prodname kernel extension is already loaded.
■
Starting $SeosBinDir/seosd daemon. (CA ControlMinder)
■
Watchdog started.
■
Watchdog initialized Watchdog extensions.
Chapter 9: Upgrade Considerations 41
Chapter 10: General Considerations
This section contains the following topics:
Windows Endpoint Considerations (see page 43)
UNAB Considerations (see page 43)
Windows Endpoint Considerations
This section describes items you should consider when using CA ControlMinder on
Windows endpoints.
RunAs Administrator to Start CA ControlMinder on Windows Server 2008
Valid on Windows Server 2008
To start CA ControlMinder using the command line options (seosd -start), you must have
administrator privileges if the User Account Control (UAC) option is enabled. Run the
command prompt using the RunAs option and specify a user account with
administrative privileges.
Uninstall Does Not Remove CA License Files
When you uninstall CA ControlMinder, the CA License files are not deleted. By default,
the CA License files are in the CA_license directory (for example, C:\Program
Files\CA\SharedComponents\CA_LIC).
UNAB Considerations
This section describes items you should consider when using UNAB.
Chapter 10: General Considerations 43
UNAB Considerations
Home Directory Not Created on Log In When SELinux is Enabled
Valid on Linux
Symptom:
When I log in to a Linux host using an SSH client the home directory for my account is
not created when SELinux is enabled.
Solution:
The home directory is not created when attempting to log in using an SSH client. To
work around this problem do the following:
1.
Open the password-auth file. This file is located in the following directory by
default:
\etc\pam.d
2.
Locate the session section.
3.
Add the following line before the pam_uxauth section:
session required pam_makehomedir.so
4.
Save and close the file.
Change Password Attempt Fails on Red Hat Linux
Valid on Red Hat Linux
Symptom:
When asked to change my password I cannot continue to work on the host after the
password change processes completed. The problem occurs when I log in using an SSH
client or Telnet.
Solution:
To overcome the problem change the account password, log out of the host and log in
with the new password.
Disable Local User Account After Migration
After fully migrating user accounts to Active Directory, you can disable the local UNIX
account by adding an asterisk (*) at the beginning of the account entry in the
etc/passwd file.
44 Release Notes
UNAB Considerations
Do Not Set the unab_refresh_interval Token Value to a Short Interval
To avoid performance issues in UNAB, do not set the value of the unab_refresh_interval
token value to a short interval.
Do not Set Kerberos dns_lookup_realm to True
Valid for SSO mode
We recommend that unless required, do not set the Kerberos dns_lookup_realm value
to true. When set to true, Kerberos initiates unnecessary DNS searches that can result in
a substantial slowdown of UNAB login processing.
UNAB Users Cannot Change Account Password According to Specified Password
Policy
If UNAB users cannot change their account passwords, verify that the Domain Controller
security policy you use does not prohibit users from changing their account passwords.
sepass Integration with UNAB Endpoints
The sepass utility is integrated with UNAB. The integration lets users change their Active
Directory passwords on endpoints on which both CA ControlMinder and UNAB are
installed.
To integrate sepass with UNAB:
■
Verify that you set the "change_pam" token value, in the seos.ini file, to yes.
Configure this token to instruct sepass to change passwords using the PAM
interface.
■
Verify that you set the "auth_login" token value, in the seos.ini file, to pam.
Configure this token to instruct sepass to validate existing passwords using the PAM
interface.
Note: For more information about seos.ini initialization file tokens, see the Reference
Guide.
Chapter 10: General Considerations 45
UNAB Considerations
Log In to UNAB with Active Directory Account
If you want to log in to UNAB with an Active Directory account that did not previously
exist on the local host, follow these steps:
1.
Register the UNAB host with Active Directory as follows:
uxconsole -register
2.
Activate UNAB as follows:
uxconsole -activate
3.
Create a UNAB login authorization (login policy) or local login policy (users.allow,
users.deny, groups.allow, groups.deny) to enable Active Directory users to log in.
You Cannot Log In to CA ControlMinder for UNIX Using 'Administrator' Account
When UNAB Is Installed
You cannot log in to a CA ControlMinder endpoint for UNIX with the 'Administrator'
Active Directory user account if UNAB is installed on the endpoint. To work around this
problem, you can create userPrincipleName for this account.
46 Release Notes
Chapter 11: Known Issues
This section contains the following topics:
Installation Known Issues (see page 47)
Upgrade Known Issues (see page 49)
General Known Issues (see page 50)
Installation Known Issues
This section describes installation known issues for CA ControlMinder components.
Windows Endpoint Installation Known Issues
This section describes installation known issues for Windows endpoints.
"No Valid Source Could Be Found" Message When Installing From MSI File
A "no valid source could be found" message appears when you upgrade CA
ControlMinder. The message appears if the media that you currently use and the media
that was originally used to install CA ControlMinder have the MSI file at different paths.
To work around this issue, add a registry string named "MediaPackage" and specify the
relative path to the CA ControlMinder msi package. Add the registry string in the
following path:
HKLM\Software\Classes\Installer\Products\
CDAFB228040EC5F40AA08B5E852A6D61\SourceList\Media
For example, if you install CA ControlMinder on a 32-bit Windows operating system, the
full path to the msi file is: E:\x86\, where E: is the removable media drive. In the
MediaPackage value you specify the value: \x86\
UNIX Endpoint Installation Known Issues
This section describes installation known issues for UNIX endpoints.
Chapter 11: Known Issues 47
Installation Known Issues
Native Package Customization on Non-English Locales Fails When Customizing Package for
Several Locales
Symptom:
When I customize the CA ControlMinder or UNAB native packages for several locales on
a non-English operating system the customization process fails.
Solution:
Currently, you cannot customize the CA ControlMinder and UNAB native packages to
support several non-English locales. To fix this issue contact CA Support to obtain a fix
that you deploy before customizing the packages.
RPM Package Verification May Return Errors
When verifying RPM package installations you may receive some verification errors.
These errors do not indicate that there are issues with the functionality of the installed
product and you can safely ignore them.
Client-Server Communication Mode Incompatibility
A client set up with non_ssl or all_modes cannot communicate with a server set up with
fips_only communication mode.
API Libraries for Linux Z-series Are 32-bit
The API libraries that CA ControlMinder supplies for Linux Z-series (s390x) are 32-bit.
CA ControlMinder does not supply 64-bit libraries for Linux Z-series (s390x).
HP-UX requires an Updated Patch Level
On HP-UX, CA ControlMinder requires an updated patch level to install properly. We
recommend the following OS patches:
48 Release Notes
■
11.23 on IA64—Patch PHSS_37492 or OS QPK1123 Bundle that is dated September
2006 or later.
■
11.11 on PA-RISC—OS Path with support for "dld_getenv" or OS QPR Bundle dates
December 2006 or later.
■
11.23 on PA-RISC—OS QPK Bundle that is dated December 2006 or later.
Upgrade Known Issues
PAM Does Not Work on Linux s390x with Older /lib64/libc.so.6 Library
PAM on Linux s390 and s390x does not work if the /lib64/libc.so.6 library on the host is
older than the version CA ControlMinder PAM library was compiled with.
The library version should be 2.3.2 or later.
UNAB Endpoint Installation Known Issues
This section describes installation known issues for UNAB endpoints.
UNAB Restarts Twice When Installing CA ControlMinder
Valid on IBM AIX
When installing CA ControlMinder on IBM AIX and UNAB is already running, UNAB
restarts twice. This behavior is because AIX performs additional Kernel checks.
Uninstalling Fails When Native Installation Is Customized to Install CA ControlMinder and
UNAB in The Same Non-Default Location [UNAB]
Valid on AIX, and HP-UX
Symptom:
Uninstalling UNAB fails after I installed CA ControlMinder and UNAB using native
installation and customized the installation directory to the same path on a nondefault
location.
Solution:
Uninstalling CA ControlMinder corrupts and fails the UNAB installation. Uninstalling fails
as both CA ControlMinder and UNAB are installed on the same directory. While
customizing native installation to a nondefault destination folder, we recommend that
you concatenate the product name (uxauth or UNAB) to the destination path.
UNAB Does Not Support CA ControlMinder r8.0 SP1 and r12.0 SP1
Currently, you cannot install UNAB on CA ControlMinder r8.0 SP1 and r12.0 SP1
endpoints. Also, UNAB and CA ControlMinder must be of identical version or service
pack.
Upgrade Known Issues
This section describes upgrade known issues for CA ControlMinder components.
Chapter 11: Known Issues 49
General Known Issues
Windows Endpoint Upgrade Known Issues
This section describes upgrade known issues for Windows endpoints.
"Insufficient Privileges to Modify File" Message Appears During Upgrade
If you upgrade a CA ControlMinder endpoint and a message appears that informs you
that the installer has insufficient privileges to modify a file, acknowledge the message
and continue with the upgrade.
UNIX Endpoint Upgrade Known Issues
This section describes upgrade known issues for UNIX endpoints.
seaudit, sebuildla Permission Denied Messages After Upgrade
Valid on AIX
After you upgrade using the native package, you may receive permission denied error
messages when using the seaudit and sebuildla utilities.
To work around this problem, re-trust the utilities after the upgrade completes.
Pre-r12.0 Versions Must Use a Maximum of 54 Characters for the Encryption Key
If your environment includes versions of CA ControlMinder earlier than r12.0, you must
use a maximum of 54 characters for the encryption key.
General Known Issues
This section describes general known issues for CA ControlMinder components.
Windows Endpoint Known Issues
This section describes known issues for CA ControlMinder for Windows.
50 Release Notes
General Known Issues
Uninstall Does not Remove the Data and Log Directoroes
Valid on Windows
Symptom:
After I removed CA ControlMinder from the system I noticed that the uninstall process
did not remove Data and Log directories from the following path:
\ProgramFiles\CA\AccessControl\
Solution:
The uninstallation process does not remove the Data and Log directories. You can
manually remove them after the processes completed.
Microsoft Internet Explorer 7.0 Compatibility Issues with CA ControlMinder
Due to compatibility issues of Microsoft Internet Explorer 7.0 with CA ControlMinder,
the browser may stop responding. To work around the issue, Install Microsoft Internet
Explorer 8.0 or do the following:
Important! Apply Microsoft software patch KB957388 before you begin this procedure.
You can download the software patch from the Microsoft web site.
1.
Stop all CA ControlMinder services.
2.
Open a command line window and run the following command:
net stop cainstrm
3.
Open the regedit utility from the Run command line window.
4.
Navigate to the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSset\Services\cainstrm\parameters
5.
Modify the ExcludeProcess registry entry value to include the iexplorer.exe file.
6.
From the command line window, run the following command:
net start cainstrm
7.
Start the CA ControlMinder services.
Privileged Processes Can Save and Restore a Registry Tree Without Authorization
On Window Server 2003 and later, when a process obtains the special privileges
SE_BACKUP_NAME and SE_RESTORE_NAME, it can save and restore a registry tree
without CA ControlMinder authorization.
Chapter 11: Known Issues 51
General Known Issues
FIPS Only Mode on Windows x64
CAPKI 4.1.2 is now supported on x64 CA ControlMinder endpoint for Windows.
However, due to a known issue with RSA, when running the CAPKI 4.1.2 in FIPS enabled
mode, communication is significantly delayed.
Rename HOST Event in selang Marked as Unknown Event in CA Enterprise Log Manager Reports
A rename HOST event performed in selang is displayed as an unknown event in CA
Enterprise Log Manager reports.
UNIX Endpoint Known Issues
This section describes known issues for CA ControlMinder for UNIX.
CAWIN Installation Requires Ncurses
Valid on Linux 64-bit Server
Install Ncurses 32-bit before installing CAWIN on Linux 64-bit servers.
52 Release Notes
General Known Issues
Failed Login Events Not Audited When serevu Daemon Running
Valid on VMware vCenter 4.0 u2
When CA ControlMinder is installed on VMware vCenter version 4.0 u2, the following
occurs when the serevu daemon is running:
■
A LOGIN records for failed login events do not appear in audit file
■
The pam_seos_failed_login.log file size is 0
To work around this issue, do the following:
1.
Stop all CA ControlMinder daemons.
2.
Navigate to the following directory:
/etc/pam.d/
3.
Edit the system-auth file to remove all references to pam_seos.so. For example:
account required pam_per_user.so /etc/pam.d/login.map
auth required pam_per_user.so /etc/pam.d/login.map
password required pam_per_user.so /etc/pam.d/login.map
session required pam_per_user.so /etc/pam.d/login.map
4.
Edit the system-auth-generic file to add reference to pam_seos.so. For example:
password
auth
account
session
5.
sufficient
optional
optional
optional
pam_seos.so
pam_seos.so
pam_seos.so
pam_seos.so
Edit the system-auth-local file to add references to pam_seos.so. For example:
password
auth
account
session
sufficient
optional
optional
optional
pam_seos.so
pam_seos.so
pam_seos.so
pam_seos.so
6.
Save and close the files.
7.
Start CA ControlMinder daemons.
SSH Login Not Audited by CA ControlMinder or by Audit Log if SElinux Enabled
Valid on RedHat Linux Advanced Server 6
On RedHat Linux Advanced Server 6, SSH user log ins are not audited by CA
ControlMinder because the SElinux default policy does not allow SSHD to access the
/proc file system.
To workaround this issue, run the /opt/CA/AccessControl//lbin/sshd_policy.sh script to
load a SElinux policy module to allow access to /proc.
Chapter 11: Known Issues 53
General Known Issues
Cannot Configure JBoss JDBC Password Consumer on Linux
Valid on Linux
Currently, you cannot configure a JBoss JDBC password consumer on LInux.
Log in to CA ControlMinder Requires PAM_Login Flag Enabled
Valid on AIX
If the PAM_login flag is not enabled, CA ControlMinder cannot detect the Active
Directory user account correctly.
To work around this problem, enable the PAM_login flag in the log in program
(LOGINAPPL) you set. Verify that seosd daemon accepts log in requests from PAM
modules by setting the PamPassUserInfo token to 1 in seos.ini under the [pam_seos]
section.
You can use the following command to set the login flags:
er LOGINAPPL SSH loginflags(pamlogin)
User Sessions Are Not Logged when Default Shell Is Not Defined in /etc/shells
Valid for Keyboard Logger
CA ControlMinder does not record user sessions when a user logs in with a shell that is
not defined in /etc/shells.
When PAM is Active segrace Is Not Called for FTP and SSH Grace Login
When PAM is activated, segrace is not called automatically for a grace login to FTP and
SSH services.
To work around this issue on FTP, change the value of the LOGINFLAGS property to
nograce in the LOGINAPPL record for the FTP service.
To work around this issue on SSH, do not call segrace from PAM. Instead, call segrace
from the user or operating system startup script.
54 Release Notes
General Known Issues
CA ControlMinder Does Not Reset Passwords Once the Grace Period Expires
Valid on HPUX, and AIX
If UNAB is installed on the CA ControlMinder endpoint, CA ControlMinder PAM does not
invoke the 'sepass' utility to reset the account password when the user password grace
period expires.
This problem affects login applications that use loginflags(pamlogin), for example, SSH
login, rlogin, FTP, and Telnet. SSH login is not recognized as a login action by CA
ControlMinder on HPUX and AIX. To work around this problem, use loginflags(none) for
SSH login applications.
Run the following command to set the token:
er LOGINAPPL SSH loginflags(none)
Solaris Network Event Bypass Does Not Work for Some Processes
CA ControlMinder on Solaris does not bypass network events (bypass type PBN of
SPECIALPGM records) for processes that start before CA ControlMinder starts.
Stat Interception Calls Not Supported on AIX Systems
File access check on a stat system call with the STAT_intercept token set to “1” is not
supported on AIX systems.
UNAB Known Issues
This section describes known issues for UNAB.
Failed Login Attempt of Mapped Users to AIX Not Logged
Valid on AIX
Symptom:
When I try to login to an AIX UNIX host using SSH as a mapped user the failed attempt is
not logged by uxaudit.
Solution:
Seaudit does not log the first failed log in attempt of a mapped user if the user entered
an incorrect password. Subsequent login attempts are logged by uxaudit..
Chapter 11: Known Issues 55
General Known Issues
Password Change at Next Login Fails on HP-UX
Valid on HP-UX
In Active Directory I selected the "User must change password at next login" option.
When I use SSH or Telnet to login, users cannot login or change the password.
PAM Configuration Changes Blocks Users Login
Valid on Red Hat Linux 5.0 and up
Symptom:
I installed UNAB and CA ControlMinder on a Red Hat Linux and configured the PAM
configuration files to use the "value=action" syntax in the control field. When I attempt
to log in to a Linux host, the log in action is denied.
Solution:
UNAB does not support the "value=action" syntax of the control field in the PAM
configuration files.
Incorrect User ID Displayed After Un-registering UNAB in a One-Way Trust Domain
Environment
After un-registering UNAB from Active Directory in a one-way trust domain environment
user ID details from the one-way trusted domain are displayed even though they should
not appear.
Trusted User SSH Login Failed on AIX
Symptom:
I tried to log in to an AIX 5.3 endpoint using SSH, however the login attempt failed.
Solution:
This error is a known IBM issue with several combinations of AIX and SSH versions. The
issue has been logged with IBM development as APAR (Authorized Program Analysis
Report) number IV10231.
56 Release Notes
General Known Issues
uxauth Starts Even When watchdog_enabled Token is Set to No
Symptom:
When I set the token watchdog_enabled to no and restart UNAB, uxauth starts.
Solution:
The watchdog script ignores changes made to the watchdog_enabled token after
starting uxauth for the first time. We recommend you to specify -n during the
registration process, make changes to the token, and start uxauthd.sh script separately.
Audit Log Records Login With Local Account Password As Attempt Login
Symptom:
When I log in to UNAB and my user account is present in the local password file and the
Active Directory, the audit log shows the following record:
<audit_record_date_and_time> A LOGIN map3
Solution:
This is a known issue with UNAB. The audit log records A LOGIN instead of P LOGIN.
Rlogin Entries Logged Twice
Valid on Linux
If you log in to a host that has UNAB installed using rlogin, the login attempt appears in
the audit twice.
Hot Fix for Microsoft Windows Server 2003 to Improve Performace
Valid on Windows Server 2003 SP1, Windows Server 2003 64 Bit
LDAP queries fails to return Active Directory queries results for extended search using
LDAP_MATCHING_RULE_IN_CHAIN.
To workaround this issue, install the latest service pack for MIcrosoft Windows 2003
Server or disable the UNAB group update during log in by setting the
wingrp_update_login token to no.
Note: For more information, see Microsoft Knowledge Base article 914828.
Chapter 11: Known Issues 57
General Known Issues
Uxpreinstall Utility Fails to Verify Host Name Resolution
The uxpreinstall utility fails to verify the host name resolution after you install UNAB and
before you register with Active Directory.
To work around this problem, use the -d argument to specify the Active Directory
domain name. For example:
./uxpreinstall -d domain_name
Telnet and rlogin Programs Not Displayed in Audit Records
Valid on Linux, HP-UX
The UNAB audit records do not display the telnet and rlogin login programs. In LInux,
the UNAB audit records show "remote" instead of telnet or rlogin. On HP-UX the UNAB
audit records show "login" instead of telnet or rlogin.
Interval between uxconsole -register and -deregister Commands
If you register then deregister a UNAB host in Active Directory, after you register the
host, we recommend that you wait the time necessary for domain controller replication
before you deregister the host.
Note: If you deregister a UNAB host, policies that were not distributed are deleted.
New Domain User Login May Fail on First Attempt
Valid for SSH
If you create a user in Active Directory and the new user immediately tries to log in to a
UNAB endpoint, the first login attempt fails but subsequent login attempts succeed. The
first login attempt fails because the user is not known to the endpoint. However, during
the failed login process, uxauthd updates the local NSS storage with the user
information. Subsequent login attempts succeed because the user is now known to the
endpoint.
By default, uxauthd updates the user information in the NSS storage every hour. If the
new user tries to log in to the endpoint after uxauthd updates the NSS storage, the login
succeeds.
Login Services Bypass PAM on SSO Login
Several login services bypass PAM on SSO login. The login policy is not applied and audit
events are not generated.
58 Release Notes
General Known Issues
Successful Login to Host Generates an Error Message
Valid for Linux, AIX, HP-UX
A limitation in the UNIX PAM flow results in logging a successful login to a UNAB host as
an error message, indicating that account authentication failed in the syslog file.
Password Mismatch Message When Changing Password Using sepass
Valid on AIX 5.3
A password mismatch error message appears when a mapped user attempts to change
an account password using sepass. Regardless of the error message, the account
password is changed on Active Directory.
Active Directory User Cannot Change Password on Solaris
Due to Sun Solaris password limitations, users that are logging in to the UNIX host with
Active Directory account, cannot change their account password using Solaris passwd
tool. If the user must change the account password on the first login, the user must
login from a system other than Solaris.
If UNAB is running on the UNIX host, use the following command to change the local
account password:
passwd -r files username
If CA ControlMinder is running on the UNIX host, use the sepass utility to change the
local account password.
Impersonating an Active Directory User Does Not Create Audit Record
If you impersonate an Active Directory user using su, the impersonation attempt is not
audited.
sshd Program Name Appears in Audit Records of SFTP Sessions
The audit records of login sessions done using sftp program can display the sshd
daemon in the program field and not the sftp program.
UNAB Entries Contain Blank Fields in Event Viewer
UNAB events are displayed in the Windows Event Viewer with blank fields.
Chapter 11: Known Issues 59
General Known Issues
FTP SSO Login of Enterprise Users Not Audited
Valid for Solaris
Kerberized FTP and telnet programs bypass the PAM stack and therefore, UNAB does
not audit FTP and telnet SSO logins of enterprise users.
Deregistering SSO Enabled UNAB Does Not Delete Records from Keytab File
When you deregister a UNAB host that was previously registered with SSO enabled, the
computer object is removed from Active Directory, but the corresponding records are
not deleted from the keytab file. If you attempt to register the UNAB host again, the
Kerberos ticket is not created.
To overcome this problem, we recommend that you do not deregister UNAB hosts, or
remove the keytab file if it is used by UNAB hosts only.
HP-UX Does Not Support @ Symbol in Passwords
Valid on HP-UX
Due to an HP-UX limitation, do not use the @ symbol in passwords on HP-UX endpoints.
HP-UX Does Not Support Fully Qualified Domain Name Login
Valid on HP-UX
You cannot log into a HP-UX host with a fully qualified domain name, for example:
user@domain.
Documentation Known Issues
This section describes known issues for the CA ControlMinder documentation set.
No Alternate Text for Graphics In the SDK Guide
There is no alternate text for graphics in the SDK Guide. The SDK Guide was first
published with a previous release of CA ControlMinder and is provided as a courtesy
with the CA ControlMinder r12.5 documentation.
60 Release Notes
General Known Issues
PDF Documentation Requires Adobe Reader 7.0.7
To read the documentation for CA ControlMinder in print format (PDF files), you must
install Adobe Reader 7.0.7 or later. You can download Adobe Reader from the Adobe
website if it is not already installed on your computer.
Note: Adobe Reader is not available on HP-UX Itanium (IA64) and Red Hat Linux Itanium
IA64.
Chapter 11: Known Issues 61
Appendix A: Third-Party License
Agreements
This section contains the following topics:
Software Under the Apache License (see page 64)
Software Under the Daniel Veillard License (see page 71)
Software Under the OpenLDAP License (see page 73)
Software Under the OpenSSL License (see page 76)
AES 2.4 (see page 82)
AIX JRE 1.4.2 (see page 83)
AIX JRE 1.5.0 (see page 83)
ANTLR 2.7.5H3 (see page 84)
CentOS 5.6 (see page 85)
CPAN Perl 5.8.8 (see page 85)
CRC32 (see page 86)
Cyrus SASL 2.1.22 (see page 88)
dom4j 1.5 (see page 91)
Hibernate 3.2 (see page 92)
ICU4C 3.4 (see page 93)
JBoss 4.0.1 SP1 (see page 94)
JBoss Application Server v.4.2.3 (see page 95)
JBoss Native v.2.0.6 (see page 96)
JDOM 1.0 (see page 97)
MD5 Message Digest Algorithm (see page 100)
MIT Kerberos v5 r1.5 (see page 102)
nss_ldap 2.62 (see page 125)
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0) (see page 132)
PCRE 6.3 (see page 137)
Rhino 1.6r4 (see page 139)
SAXPath 1 (see page 140)
SHA-1 (see page 143)
Sun JDK 1.4.2_13 (see page 144)
Sun JDK 1.6.0 (see page 154)
Sun JRE 1.5.0_18 (see page 169)
XNTP v.3-5.93 (see page 183)
XScreenSaver (see page 184)
Zlib 1.2.3 (see page 184)
ZThread 2.3.2 (see page 185)
Appendix A: Third-Party License Agreements 63
Software Under the Apache License
Software Under the Apache License
Portions of this product include software developed by the Apache Software Foundation
(http://www.apache.org/).
■
Ant 1.6.5
■
Axis 1.2.1
■
Axis 1.4
■
Axis2 1.1.1
■
Blowfish encryption N/A
■
Commons BeanUtils 1.6.1
■
Commons BeanUtils 1.7
■
Commons Codec 1.3
■
Commons Collection 3.1
■
commons dbcp 1.2.1
■
Commons Digester 1.7
■
commons discovery 0.2
■
commons el 1.0
■
Commons FileUpload 1.2
■
Commons httpclient 2.0.2
This product includes Jakarta Commons HttpClient 2.0.2 which is distributed in
accordance with the following license agreement.
64 Release Notes
■
Commons httpclient 3.0.1
■
Commons Lang 2.1
■
Commons Logging 1.0.4
■
Commons Logging 1.04
■
Commons Pool 1.3
■
Commons Validator 1.2
■
Hazelcast 1.9.4.6
■
HTTP Web Server 2.0.54
■
HTTP Web Server 2.2.3
■
JSTL 1.0.6
■
Log4j 1.2.8
■
myfaces 1.1.4
■
ORO 2.0.8
Software Under the Apache License
■
Slide 2.1
■
Struts 1.2.9
■
Tofigurator v.1.0
This product includes Tofigurator v.1.0, which is distributed in accordance with the
following license agreement.
■
tomahawk 1.1.5
■
Tomcat 5.0.28
■
Tomcat 5.5.12
■
Tomcat 5.5.20
This product includes Apache Tomcat 5.5.20 which is distributed in accordance with
the following license agreement.
■
Velocity 1.4
■
Xalan-C 1.10.0
■
Xalan-C 1.9.0
■
Xalan-J 2.6.0
■
Xalan-J 2.7.0
This product includes Apache Xalan-J v.2.7.0, which is distributed in accordance
with the following license agreement(s):
■
Xerces-C++ 2.6.0
■
Xerces-C++ 2.7.0
■
Xerces-C++ 2.8.0
The Apache software is distributed in accordance with the following license agreement:
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
Appendix A: Third-Party License Agreements 65
Software Under the Apache License
'License' shall mean the terms and conditions for use, reproduction,and distribution as
defined by Sections 1 through 9 of this document.
'Licensor' shall mean the copyright owner or entity authorized by the copyright owner
that is granting the License.
'Legal Entity' shall mean the union of the acting entity and all other entities that control,
are controlled by, or are under common control with that entity. For the purposes of
this definition,
'control' means (i) the power, direct or indirect, to cause the direction or management
of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%)
or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
'You' (or 'Your') shall mean an individual or Legal Entity exercising permissions granted
by this License.
'Source' form shall mean the preferred form for making modifications, including but not
limited to software source code, documentation source, and configuration files.
'Object' form shall mean any form resulting from mechanical transformation or
translation of a Source form, including but not limited to compiled object code,
generated documentation, and versions to other media types.
'Work' shall mean the work of authorship, whether in Source or Object form, made
available under the License, as indicated by a copyright notice that is included in or
attached to the work(an example is provided in the Appendix below).
66 Release Notes
Software Under the Apache License
'Derivative Works' shall mean any work, whether in Source or Object form, that is based
on (or derived from) the Work and for which the editorial revisions, annotations,
elaborations, or other modifications represent, as a whole, an original work of
authorship. For the purposes of this License, Derivative Works shall not include works
that remain separable from, or merely link (or bind by name) to the interfaces of, the
Work and Derivative Works thereof.
'Contribution' shall mean any work of authorship, including the original version of the
Work and any modifications or additions to that Work or Derivative Works thereof, that
is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner or by an
individual or Legal Entity authorized to submit on behalf of the copyright owner. For the
purposes of this definition, 'submitted' means any form of electronic, verbal, or written
communication sent
to the Licensor or its representatives, including but not limited to communication on
electronic mailing lists, source code control systems, and issue tracking systems that are
managed by, or on behalf of, the Licensor for the purpose of discussing and improving
the Work, but excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as 'Not a Contribution.'
'Contributor' shall mean Licensor and any individual or Legal Entity on behalf of whom a
Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each
Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to
reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense,
and distribute the
Work and such Derivative Works in Source or Object form.
Appendix A: Third-Party License Agreements 67
Software Under the Apache License
3. Grant of Patent License. Subject to the terms and conditions of this License, each
Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable (except as stated in this section) patent license to make, have
made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
license applies only to those patent claims licensable by such Contributor that are
necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s)with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a cross-claim or counterclaim in a
lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct or contributory patent
infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative
Works thereof in any medium, with or without modifications, and in Source or Object
form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this
License; and
(b) You must cause any modified files to carry prominent notices stating that You
changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all
copyright, patent, trademark, and attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of the Derivative Works; and
(d) If the Work includes a 'NOTICE' text file as part of its distribution, then any Derivative
Works that You distribute must include a readable copy of the attribution notices
contained within such NOTICE file, excluding those notices that do not pertain to any
part of the Derivative Works, in at least one of the following places: within a NOTICE
text file distributed as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or, within a display
generated by the Derivative Works, if and wherever such third-party notices normally
appear. The contents
of the NOTICE file are for informational purposes only and do not modify the License.
You may add Your own attribution notices within Derivative Works that You distribute,
alongside or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed as modifying the License.
68 Release Notes
Software Under the Apache License
You may add Your own copyright statement to Your modifications and may provide
additional or different license terms and conditions for use, reproduction, or distribution
of Your modifications, or for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution
intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of this License, without
any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify the terms of any
separate license agreement you may have executed with Licensor regarding such
Contributions.
6. Trademarks. This License does not grant permission to use the trade names,
trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the origin of the
Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,
Licensor provides the Work (and each Contributor provides its Contributions) on an 'AS
IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness
of using or redistributing the Work and assume any risks associated with Your exercise
of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort
(including negligence), contract, or otherwise, unless required by applicable law (such as
deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
Appendix A: Third-Party License Agreements 69
Software Under the Apache License
incidental, or consequential damages of any character arising as a result of this License
or out of the use or inability to use the Work (including but not limited to damages for
loss of goodwill, work stoppage, computer failure or malfunction, or any and all other
commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or
Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of
support, warranty, indemnity,
or other liability obligations and/or rights consistent with this License. However, in
accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf of any other
Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability incurred by, or claims
asserted against, such Contributor by reason of your accepting any such warranty or
additional liability.
END OF TERMS AND CONDITIONS
70 Release Notes
Software Under the Daniel Veillard License
Software Under the Daniel Veillard License
Portions of this product include software developed by the Daniel Veillard.
■
Libxml2 2.6.27
■
Libxml2 2.6.7
The libxml2 software is distributed in accordance with the following license agreement:
Copyright (C) 1998-2002 Daniel Veillard. All Rights Reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Appendix A: Third-Party License Agreements 71
Software Under the Daniel Veillard License
Except as contained in this notice, the name of Daniel Veillard shall not
be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from him.
72 Release Notes
Software Under the OpenLDAP License
Software Under the OpenLDAP License
This product includes software developed by The OpenLDAP Foundation:
■
OpenLDAP 2.1
■
OpenLDAP 2.4.x
■
OpenLDAP 2.3.39 (20071118)
This product includes software distributed in accordance with the following license
agreement:
The software is distributed in accordance with the following license agreement:
The OpenLDAP Public License
Version 2.8, 17 August 2003
Redistribution and use of this software and associated documentation
("Software"), with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions in source form must retain copyright statements
and notices,
2. Redistributions in binary form must reproduce applicable copyright
statements and notices, this list of conditions, and the following
disclaimer in the documentation and/or other materials provided
with the distribution, and
3. Redistributions must contain a verbatim copy of this document.
Appendix A: Third-Party License Agreements 73
Software Under the OpenLDAP License
The OpenLDAP Foundation may revise this license from time to time.
Each revision is distinguished by a version number. You may use
this Software under terms of this license revision or under the
terms of any subsequent revision of the license.
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
CONTRIBUTORS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
The names of the authors and copyright holders must not be used in
advertising or otherwise to promote the sale, use or other dealing
in this Software without specific, written prior permission. Title
to copyright in this Software shall at all times remain with copyright
holders.
74 Release Notes
Software Under the OpenLDAP License
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
California, USA. All Rights Reserved. Permission to copy and
distribute verbatim copies of this document is granted.
Appendix A: Third-Party License Agreements 75
Software Under the OpenSSL License
Software Under the OpenSSL License
This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/):
■
OpenSSL 0.9.8.d
This product also includes libraries from an SSL implementation written by Eric
Young (eay@cryptsoft.com). This product includes software written by Tim Hudson
(tjh@cryptsoft.com).
■
OpenSSL 0.9.8h
This product also includes libraries from an SSL implementation written by Eric
Young (eay@cryptsoft.com). This product includes OpenSSL Toolkit v0.9.8h, which
is distributed in accordance with the following terms:
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
76 Release Notes
Software Under the OpenSSL License
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
Appendix A: Third-Party License Agreements 77
Software Under the OpenSSL License
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS|&"&| AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
78 Release Notes
Software Under the OpenSSL License
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
Appendix A: Third-Party License Agreements 79
Software Under the OpenSSL License
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
*
Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS|&"&| AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 Release Notes
Software Under the OpenSSL License
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
Appendix A: Third-Party License Agreements 81
AES 2.4
AES 2.4
Portions of this product include software developed by Enhanced Software
Technologies. The Enhanced Software software is distributed in accordance with the
following license agreement.
This software is Copyright 1999,2000 Enhanced Software Technologies Inc.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Enhanced Software
Technologies Inc. and its contributors.
4. Neither the name of the Company nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COMPANY AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS BE LIABLE
82 Release Notes
AIX JRE 1.4.2
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
AIX JRE 1.4.2
CONTAINS IBM(R) 32-bit Runtime Environment for AIX(TM), Java(TM) 2 Technology
Edition, Version 1.4 Modules
(c) Copyright IBM Corporation 1999, 2002
All Rights Reserved
AIX JRE 1.5.0
CONTAINS IBM(R) 32-bit Runtime Environment for AIX(TM), Java(TM) 2 Technology
Edition, Version 1.5 Modules
(c) Copyright IBM Corporation 1999, 2002
All Rights Reserved
Appendix A: Third-Party License Agreements 83
ANTLR 2.7.5H3
ANTLR 2.7.5H3
Portions of this product include software developed by the ANTLR.org. The ANTLR
software is distributed in accordance with the following license agreement.
ANTLR 3 License
[The BSD License]
Copyright (c) 2005, Terence Parr
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
Neither the name of the author nor the names of its contributors may be used to
endorse or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
84 Release Notes
CentOS 5.6
CentOS 5.6
CentOS 5.6
This CA product is distributed with CentOS 5.6 (the “GPL Software”), the use of which is
governed by the following terms:
The GPL Software is open source software that is used with this CA software program
(the “CA Product”). The GPL Software is not owned by CA, Inc. (“CA”). Use, copying,
distribution and modification of the GPL Software are governed by the GNU General
Public License version 2 (the “GPL”). A copy of the GPL license can be found in the same
directory where the Third Party Product is located. Additionally, a copy of the GPL
license can be found at http://www.opensource.org/licenses/gpl-2.0.html or write to
the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA. CA makes the source code for the GPL Software available at
http://opensrcd.ca.com/ips/09001_1/, and includes a copy of the source code on the
same media as the executable code. Use of the CA Product is governed solely by the CA
end user license agreement (“EULA”), not by the GPL license. You cannot use, copy,
modify or redistribute any CA Product code except as may be expressly set forth in the
EULA. The GPL Software is provided “AS IS” WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. Further details of the disclaimer of warranty with respect to the GPL Software
can be found in the GPL license itself. To the full extent permitted under applicable law,
CA disclaims all warranties and liability arising from or related to any use of the GPL
Software.
CPAN Perl 5.8.8
Portions of this product include software copyrighted by Larry Wall. The Standard
Version of Perl 5.8.3 can be downloaded from http://www.perl.org/.
Appendix A: Third-Party License Agreements 85
CRC32
CRC32
Portions of this product include software developed by Markus Friedl and are
distributed in accordance with the following copyright and permission notices.
/*
$OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS|&"&| AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
86 Release Notes
CRC32
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
Appendix A: Third-Party License Agreements 87
Cyrus SASL 2.1.22
Cyrus SASL 2.1.22
Cyrus SASL Library
This product includes software developed by Computing Services at Carnegie Mellon
University (http://www.cmu.edu/computing/). The Cyrus SASL Library was obtained
under the following license:
/* CMU libsasl
* Tim Martin
* Rob Earhart
* Rob Siemborski
*/
/*
* Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
88 Release Notes
Cyrus SASL 2.1.22
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any other legal
* details, please contact
*
Office of Technology Transfer
*
Carnegie Mellon University
*
5000 Forbes Avenue
*
Pittsburgh, PA 15213-3890
*
(412) 268-4387, fax: (412) 268-7395
*
tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
*
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Appendix A: Third-Party License Agreements 89
Cyrus SASL 2.1.22
*/
90 Release Notes
dom4j 1.5
dom4j 1.5
Portions of this product include software developed by the DOM4J Project
(http://dom4j.org/) and is distributed in accordance with the following license
agreement.
BSD style license
Redistribution and use of this software and associated documentation ("Software"),
with or without modification, are permitted provided that the following conditions are
met:
Redistributions of source code must retain copyright statements and notices.
Redistributions must also contain a copy of this document.
Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
The name "DOM4J" must not be used to endorse or promote products derived from this
Software without prior written permission of MetaStuff, Ltd. For written permission,
please contact dom4j-info@metastuff.com.
Products derived from this Software may not be called "DOM4J" nor may "DOM4J"
appear in their names without prior written permission of MetaStuff, Ltd. DOM4J is a
registered trademark of MetaStuff, Ltd.
Due credit should be given to the DOM4J Project - http://www.dom4j.org
Appendix A: Third-Party License Agreements 91
Hibernate 3.2
THIS SOFTWARE IS PROVIDED BY METASTUFF, LTD. AND CONTRIBUTORS "AS IS" AND
ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL METASTUFF, LTD. OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright 2001-2005 (C) MetaStuff, Ltd. All Rights Reserved.
Hibernate 3.2
CA ControlMinder Enterprise Management
This product is shipped with Hibernate v.3.2, the use of which is governed by the
following terms:
Hibernate v.3.2 is open source software that is used with this CA software program (the
CA Product). Hibernate v.3.2 is not owned by CA, Inc. ("CA"). Use, copying, distribution
and modification of Hibernate v.3.2 are governed by the GNU Lesser General Public
License ("LGPL") version 2.1. A copy of the LGPL license in its entirety can be found in
the same directory on the installation disk on which Hibernate v.3.2 is distributed. CA
makes the source code for Hibernate v.3.2 available at
http://opensrcd.ca.com/ips/06519_8/, and includes a copy of the source code on the
same disk as the executable code. Use of the CA Product is governed solely by the CA
end user license agreement ("EULA"), not by the LGPL license. You cannot use, copy,
modify or redistribute any CA Product code except as may be expressly set forth in the
EULA. Hibernate v.3.2 is provided "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Further
details of the disclaimer of warranty with respect to Hibernate v.3.2 can be found in the
LGPL license itself. To the full extent permitted under applicable law, CA disclaims all
warranties and liability arising from or related to any use of Hibernate v.3.2.
92 Release Notes
ICU4C 3.4
ICU4C 3.4
Portions of this product include software developed by the International Business
Machines Corporation. The IBM software is distributed in accordance with the following
license agreement.
ICU License - ICU 1.8.1 and later
COPYRIGHT AND PERMISSION NOTICE
Copyright (c) 1995-2003 International Business Machines Corporation and others
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, and/or sell copies of the Software, and to permit persons
to whom the Software is furnished to do so, provided that the above
copyright notice(s) and this permission notice appear in all copies of
the Software and that both the above copyright notice(s) and this
permission notice appear in supporting documentation.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
Appendix A: Third-Party License Agreements 93
JBoss 4.0.1 SP1
INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Except as contained in this notice, the name of a copyright holder
shall not be used in advertising or otherwise to promote the sale, use
or other dealings in this Software without prior written authorization
of the copyright holder.
JBoss 4.0.1 SP1
JBoss software is an open source library that is used with the software. The JBoss
software is not owned by Computer Associates International, Inc. ( CA ). Use, copying,
distribution and modification of the JBoss software are governed by the GNU Lesser
General Public License ( LGPL ) version 2.1. A copy of the LGPL license can be found in
the directory on the installation disk on which the JBoss software is distributed.
Additionally, a copy of the LGPL license can be found at
http://opensource.org/licenses/lgpl-license.php or write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. CA makes
the source code for the JBoss software available at , and includes a copy of the source
code on the same disk as the executable code. Use of the software is governed solely by
the end user license agreement ( EULA ), not by the LGPL license. You cannot use, copy,
modify or redistribute any code except as may be expressly set forth in the EULA. The
JBoss software is provided AS IS WITHOUT WARRANTY OR CONDITION OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Further details of the disclaimer of warranty with respect to the JBoss software can be
found in the LGPL license itself. To the full extent permitted under applicable law, CA
disclaims all warranties and liability arising from or related to any use of the JBoss
software.
94 Release Notes
JBoss Application Server v.4.2.3
JBoss Application Server v.4.2.3
This product is distributed with JBoss Application Server v.4.2.3 (the LGPL Software), the
use of which is governed by the following terms:
The LGPL Software is open source software that is used with this CA software program
(the CA Product). The LGPL Software is not owned by CA, Inc. (CA). Use, copying,
distribution and modification of the LGPL Software are governed by the GNU Lesser
General Public License (LGPL) version 2.1. A copy of the LGPL license can be found in the
same directory on the installation disk on which the LGPL Software is distributed.
Additionally, a copy of the LGPL license can be found at
http://www.opensource.org/licenses/lgpl-2.1.php or write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. CA makes
the source code for the LGPL Software available at http://opensrcd.ca.com, and includes
a copy of the source code on the same disk as the executable code. Use of the CA
Product is governed solely by the CA end user license agreement (EULA), not by the
LGPL license. You cannot use, copy, modify or redistribute any CA Product code except
as may be expressly set forth in the EULA. The LGPL Software is provided AS IS WITHOUT
WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. Further details of the disclaimer of warranty with respect
to the LGPL Software can be found in the LGPL license itself. To the full extent permitted
under applicable law, CA disclaims all warranties and liability arising from or related to
any use of the LGPL Software.
Appendix A: Third-Party License Agreements 95
JBoss Native v.2.0.6
JBoss Native v.2.0.6
This product is distributed with JBoss Native v.2.0.6 (the LGPL Software), the use of
which is governed by the following terms:
The LGPL Software is open source software that is used with this CA software program
(the CA Product). The LGPL Software is not owned by CA, Inc. (CA). Use, copying,
distribution and modification of the LGPL Software are governed by the GNU Lesser
General Public License (LGPL) version 2.1. A copy of the LGPL license can be found in the
same directory on the installation disk on which the LGPL Software is distributed.
Additionally, a copy of the LGPL license can be found at
http://www.opensource.org/licenses/lgpl-2.1.php or write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. CA makes
the source code for the LGPL Software available at http://opensrcd.ca.com, and includes
a copy of the source code on the same disk as the executable code. Use of the CA
Product is governed solely by the CA end user license agreement (EULA), not by the
LGPL license. You cannot use, copy, modify or redistribute any CA Product code except
as may be expressly set forth in the EULA. The LGPL Software is provided AS IS WITHOUT
WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. Further details of the disclaimer of warranty with respect
to the LGPL Software can be found in the LGPL license itself. To the full extent permitted
under applicable law, CA disclaims all warranties and liability arising from or related to
any use of the LGPL Software.
96 Release Notes
JDOM 1.0
JDOM 1.0
This product includes software developed by the JDOM Project (http://www.jdom.org/).
The JDOM software is distributed in accordance with the following license agreement.
$Id: LICENSE.txt,v 1.11 2004/02/06 09:32:57 jhunter Exp $
Copyright (C) 2000-2004 Jason Hunter & Brett McLaughlin.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions, and the disclaimer that follows
these conditions in the documentation and/or other materials
provided with the distribution.
3. The name "JDOM" must not be used to endorse or promote products
derived from this software without prior written permission. For
written permission, please contact .
4. Products derived from this software may not be called "JDOM", nor
Appendix A: Third-Party License Agreements 97
JDOM 1.0
may "JDOM" appear in their name, without prior written permission
from the JDOM Project Management .
In addition, we request (but do not require) that you include in the
end-user documentation provided with the redistribution and/or in the
software itself an acknowledgement equivalent to the following:
"This product includes software developed by the
JDOM Project (http://www.jdom.org/)."
Alternatively, the acknowledgment may be graphical using the logos
available at http://www.jdom.org/images/logos.
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS OR THE PROJECT
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This software consists of voluntary contributions made by many
98 Release Notes
JDOM 1.0
individuals on behalf of the JDOM Project and was originally
created by Jason Hunter and
Brett McLaughlin . For more information
on the JDOM Project, please see .
Appendix A: Third-Party License Agreements 99
MD5 Message Digest Algorithm
MD5 Message Digest Algorithm
Portions of this product include the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. The RSA Data Security software is distributed in accordance with the
following license agreement.
/* MD5.H - header file for MD5C.C
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
100 Release Notes
MD5 Message Digest Algorithm
Rivest
RFC 1321
[Page 8]
MD5 Message-Digest Algorithm
April 1992
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
Appendix A: Third-Party License Agreements 101
MIT Kerberos v5 r1.5
MIT Kerberos v5 r1.5
This product includes MIT Kerberos v5 r1.5, excluding the OpenVision Kerberos
Administration System donated by Kerberos to MIT for inclusion in the standard
Kerberos 5 distribution.
Kerberos Version 5, Release 1.5.3
Release Notes
The MIT Kerberos Team
Unpacking the Source Distribution
---------------------------------
The source distribution of Kerberos 5 comes in a gzipped tarfile,
krb5-1.5.3.tar.gz. Instructions on how to extract the entire
distribution follow.
If you have the GNU tar program and gzip installed, you can simply do:
gtar zxpf krb5-1.5.3.tar.gz
If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:
gzcat krb5-1.5.3.tar.gz | tar xpf -
102 Release Notes
MIT Kerberos v5 r1.5
Both of these methods will extract the sources into krb5-1.5.3/src and
the documentation into krb5-1.5.3/doc.
Building and Installing Kerberos 5
----------------------------------
The first file you should look at is doc/install-guide.ps; it contains
the notes for building and installing Kerberos 5. The info file
krb5-install.info has the same information in info file format. You
can view this using the GNU emacs info-mode, or by using the
standalone info file viewer from the Free Software Foundation. This
is also available as an HTML file, install.html.
Other good files to look at are admin-guide.ps and user-guide.ps,
which contain the system administrator's guide, and the user's guide,
respectively. They are also available as info files
kerberos-admin.info and krb5-user.info, respectively. These files are
also available as HTML files.
If you are attempting to build under Windows, please see the
src/windows/README file. Note that this release might not build
under Windows currently.
Reporting Bugs
Appendix A: Third-Party License Agreements 103
MIT Kerberos v5 r1.5
--------------
Please report any problems/bugs/comments using the krb5-send-pr
program. The krb5-send-pr program will be installed in the sbin
directory once you have successfully compiled and installed Kerberos
V5 (or if you have installed one of our binary distributions).
If you are not able to use krb5-send-pr because you haven't been able
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs@mit.edu.
You may view bug reports by visiting
http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
Major changes in krb5-1.5.3
---------------------------
[5512] Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
[CVE-2007-0956, VU#220816]
[5513] Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
[CVE-2007-0957, VU#704024]
104 Release Notes
MIT Kerberos v5 r1.5
[5520] Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC
library could perform a double-free due to a GSS-API library
bug [CVE-2007-1216, VU#419344]
krb5-1.5.3 changes by ticket ID
-------------------------------
5512
(krb5-1.5.x) MITKRB5-SA-2007-001: telnetd allows login as
arbitrary user
5513
(krb5-1.5.x) MITKRB5-SA-2007-002: buffer overflow in
krb5_klog_syslog
5520
(krb5-1.5.x) MITKRB5-SA-2007-003: double-free in kadmind
Major changes in krb5-1.5.2
---------------------------
* Fix for MITKRB5-SA-2006-002: the RPC library could call an
uninitialized function pointer, which created a security
vulnerability for kadmind.
* Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
to initialize some output pointers, causing callers to attempt to
free uninitialized pointers. This caused a security vulnerability
in kadmind.
Appendix A: Third-Party License Agreements 105
MIT Kerberos v5 r1.5
Major known bugs in krb5-1.5.2
------------------------------
5293 crash creating db2 database in non-existent directory
Attempting to create a KDB in a non-existent directory using the
Berkeley DB back end may cause a crash resulting from a null pointer
dereference. If a core dump occurs, this may cause a local exposure
of sensitive information such a master key password. This will be
fixed in an upcoming patch release.
krb5-1.5.2 changes by ticket ID
-------------------------------
Listed below are the RT tickets of bugs fixed in krb5-1.5.2. Please see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.2.html
for a current listing with links to the complete tickets.
3965 Autoconf 2.60 datarootdir issue
4237 windows ccache and keytab file paths without a prefix
4305 windows thread support frees thread local storage after TlsSetValue
4309 wix installer - win2k compatibility for netidmgr
106 Release Notes
MIT Kerberos v5 r1.5
4310 NSIS installer - update for Win2K NetIDMgr
4312 KFW 3.1 Beta 2 NetIDMgr Changes
4354 db2 policy database loading broken
4355 test policy dump/load in make check
4368 kdc: make_toolong_error does not initialize all fields for
krb5_mk_error
4407 final commits for KFW 3.1 Beta 2
4499 Document prerequisites for make check
4500 Initialize buffer before calling res_ninit
5307 fix MITKRB5-SA-2006-002 for 1.5-branch
5308 fix MITKRB5-SA-2006-003 for 1.5-branch
Major changes in 1.5.1
----------------------
The only significant change in krb5-1.5.1 is to fix the security
vulnerabilities described in MITKRB5-SA-2006-001, which are local
privilege escalation vulnerabilities in applications running on Linux
and AIX.
krb5-1.5.1 changes by ticket ID
-------------------------------
Listed below are the RT tickets of bugs fixed in krb5-1.5.1. Please see
Appendix A: Third-Party License Agreements 107
MIT Kerberos v5 r1.5
http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.1.html
for a current listing with links to the complete tickets.
3904 fix uninitialized vars
3956 gssapi compilation errors on Windows
3971 broken configure test for dlopen
3998 Document add_entry in ktutil man page
4012 reverse test for copy_oid_set in lib/gssapi/krb5/indicate_mechs.c
4036 reject configure option for static libraries
4037 respect LDFLAGS in NetBSD build
4063 gss mech glue implementation should validate opaque pointer types
4088 gss_import_name can fail to call gssint_initialize_library()
4125 fix MITKRB5-SA-2006-001: multiple local privilege escalation
vulnerabilities
4137 ksu spuriously fails when exiting shell when ksu-ing to non-root
4168 clean up mkrel patchlevel.h editing etc.
Major changes in 1.5
--------------------
Kerberos 5 Release 1.5 includes many significant changes to the
Kerberos build system, to GSS-API, and to the Kerberos KDC and
administration system. These changes build up infrastructure as part
of our efforts to make Kerberos more extensible and flexible. While
108 Release Notes
MIT Kerberos v5 r1.5
we are confident that these changes will improve Kerberos in the long
run, significant code restructuring may introduce portability problems
or change behavior in ways that break applications. It is always
important to test a new version of critical security software like
Kerberos before deploying it in your environment to confirm that the
new version meets your environment's requirements. Because of the
significant restructuring, it is more important than usual to perform
this testing and to report problems you find.
Highlights of major changes include:
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be loaded at
run-time.
* multi-mechanism GSS-API implementation ("mechglue"), donated by
Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
* Per-directory ChangeLog files have been deleted. Releases now
include auto-generated revision history logs in the combined file
doc/CHANGES.
Appendix A: Third-Party License Agreements 109
MIT Kerberos v5 r1.5
Changes by ticket ID
--------------------
Listed below are the RT tickets of bugs fixed in krb5-1.5. Please see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.html
for a current listing with links to the complete tickets.
581
verify_krb_v4_tgt is not 64-bit clean
856
patch to add shared library support for BSD/OS 4
1245 source tree not 64-bit clean
1288 v4 ticket file format incompatibilities
1431 fix errno.h references for cygwin
1434 use win32 rename solution in rcache for cygwin
1988 profile library fails to handle space in front of comments
2577 [Russ Allbery] Bug#250966: /usr/sbin/klogind: Authorization
behavior not fully documented
2615 Fwd: Patch for telnet / telnetd to avoid crashes when used
with MS kdc and PAC field
2628 Cygwin build patches
2648 [Russ Allbery] Bug#262192: libkrb53: krb_get_pw_in_tkt
problems with AFS keys
2712 whitespace patch for src/kdc/kerberos_v4.c
110 Release Notes
MIT Kerberos v5 r1.5
2759 fake-getaddrinfo.h incorrectly checks for gethostbyname_r errors
2761 move getaddrinfo hacks into support lib for easier maintenance
2763 file ccache should be held open while scanning for credentials
2786 dead code in init_common() causes malloc(0)
2791 hooks for recording statistics on locking behavior
2807 Add VERSIONRC branding to krb5 support dll
2855 Possible thread safety issue in lib/krb5/os/def_realm.c
2856 Need a function to clone krb5_context structs for thread safe apps
2863 windows klist won't link
2880 fix calling convention for thread support fns
2882 Windows 2003 SP1 ktpass.exe generate keytab files fail to load with 1.4
2886 krb5_do_preauth could attempt to free NULL pointer
2931 implement SPNEGO
2932 implement multi-mech GSSAPI
2933 plug-in architecture
2936 supplementary error strings
2959 profile library should check high-resolution timestamps if available
2979 threaded test program built even with thread support disabled
3008 Incorrect cross-references in man pages
3010 Minor path and service man page fixes
3011 krb5-config should never return -I/usr/include
3013 Man pages for fakeka and krb524init
3014 texinfo variable fixes, info dir entries
3030 Bug report: Kinit has no suport for addresses in
credentials. Kinit -a is not enabled.
Appendix A: Third-Party License Agreements 111
MIT Kerberos v5 r1.5
3065 Implement RFC 3961 PRF
3086 [Sergio Gelato] Bug#311977: libkrb53: gss_init_sec_context
sometimes fails to initialise output_token
3088 don't always require support library when building with sun cc
3122 fixes for AIX 5.2 select() and IPv4/IPv6 issues
3129 shlib build problems on HP-UX 10.20 with gcc-3.4.3
3233 kuserok needs to check for uid 99 on Mac OS X
3252 Tru64 compilation fails after k5-int.h/krb5.h changes
3266 Include errno.h in kdc/kerberos_v4.c
3268 kprop should fall back on port 754 rather than failing
3269 telnet help should connect to a host named help
3308 kadmin.local is killed due to segmentation fault when
principal name argument is missing.
3332 don't destroy uninitialized rcache mutex in error cases
3358 krb5 doesn't build when pthread_mutexattr_setrobust_np is
defined but not declared
3364 plugins should be thread-safe
3415 Windows 64-bit support
3416 tweak kdb interface for thread safety
3417 move/add thread support to support lib
3423 Add support for utmps interface on HPUX 11.23
3426 trunk builds without thread support are not working
3434 sizeof type should be checked at compile time, not configure time
3438 enhancement: report errno when generic I/O errors happen in kinit
3445 args to ctype.h macros should be cast to unsigned char, not int
112 Release Notes
MIT Kerberos v5 r1.5
3466 ioctl header portability fixes for telnet on GNU/kFreeBSD
3467 Allow GSS_C_NO_OID in krb5_gss_canon_name
3468 udp_preference_limit typo in krb5.conf man page
3490 getpwnam_r status checked incorrectly
3502 Cannot acquire initiator cred using gss_acquire_cred with
explicit name on Windows
3512 updates to NSIS installer for KFW
3521 Add configurable Build value to File and Product versions for Windows
3549 library double-free with an empty keytab
3607 clients/ksu/setenv.c doesn't build on Solaris
3620 use strerror_r
3668 Prototype for krb5_c_prf missing const
3671 shsUpdate should take an unsigned int for length
3675 unsigned/signed int warnings in krb5_context variables.
3687 initialize cc_version to 0 not NULL
3688 Added CoreFoundation bundle plugin support
3689 build kadm5 headers in generate-files-mac target
3690 build rpc includes in generate-files-mac target.
3697 kadmin hangs indefinitely when admin princ has escaped chars
3706 ipv4+ipv6 messages can trip up KDC replay detection
3714 fix incorrect padata memory allocation in send_tgs.c
3716 Plugin search algorithm should take lists of name and directories
3719 fix bug in flag checking in libdb2 mpool code
3724 need to export kadm5_set_use_password_server
3736 Cleanup a number of cast away from const warnings in gssapi
Appendix A: Third-Party License Agreements 113
MIT Kerberos v5 r1.5
3739 vsnprintf not present on windows
3746 krb5_cc_gen_new memory implementation doesn't create a new ccache
3761 combine kdc.conf, krb5.conf data in KDC programs
3783 install headers into include/krb5
3790 memory leak in GSSAPI credential releasing code
3791 memory leak in gss_krb5_set_allowable_enctypes error path
3825 krb5int_get_plugin_dir_data() uses + instead of * in realloc
3826 memory leaks in krb5kdc due to not freeing error messages
3854 CCAPI krb4int_save_credentials_addr should match prototype
3866 gld --as-needed not portable enough
3879 Update texinfo.tex
3888 ftpd's getline conflicts with current glibc headers
3898 Export gss_inquire_mechs_for_name for KFW
3899 Export krb5_gss_register_acceptor_identity in KFW
3900 update config.guess and config.sub
3902 g_userok.c has implicit declaration of strlen
3903 various kadm5 files need string.h
3905 warning fixes for spnego
3909 Plugins need to use RTLD_GROUP when available, but definitely
not RTLD_GLOBAL
3910 fix parallel builds for libgss
3911 getaddrinfo code uses vars outside of storage duration
3918 fix warnings for lib/gssapi/mechglue/g_initialize.c
3920 cease export of krb5_gss_*
3921 remove unimplemented/unused mechglue functions
114 Release Notes
MIT Kerberos v5 r1.5
3922 mkrel should update patchlevel.h prior to reconf
3923 implement RFC4120 behavior on TCP requests with high bit set in length
3924 the krb5_get_server_rcache routine frees already freed memory
in error path
3925 krb5_get_profile should reflect profile in the supplied context
3927 fix signedness warnings in spnego_mech.c
3928 fix typo in MS_BUG_TEST case in krb5_gss_glue.c
3940 Disable MSLSA: ccache in WOW64 on pre-Vista Beta 2 systems
3942 make gssint_get_mechanism match prototype
3944 write svn log output when building release
3945 mkrel should only generate doc/CHANGES for checkouts
3948 Windows: fix krb5.h generation
3949 fix plugin.c to compile on Windows
3950 autoconf 2.60 compatibility
3951 remove unused dlopen code in lib/gssapi/mechglue/g_initialize.c
3952 fix calling convention for krb5 error-message routines,
document usage of krb5_get_error_message
3953 t_std_conf references private function due to explicit linking
of init_os_ctx.o
3954 remove mechglue gss_config's gssint_userok and pname_to_uid
3957 remove unused lib/gssapi/mechglue/g_utils.c
3959 re-order inclusions in spnego_mech.c to avoid breaking system headers
3962 krb5_get_server_rcache double free
3964 "kdb5_util load" to existing db doesn't work, needed for kpropd
3968 fix memory leak in mechglue/g_init_sec_ctx.c
Appendix A: Third-Party License Agreements 115
MIT Kerberos v5 r1.5
3970 test kdb5_util dump/load functionality in dejagnu
3972 make gss_unwrap match prototype
3974 work around failure to load into nonexistent db
Known bugs by ticket ID:
------------------------
Listed below are the RT tickets for known bugs in krb5-1.5. Please
see
http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/bugs-1.5.html
for an up-to-date list, including links to the complete tickets.
3947 allow multiple calls to krb5_get_error_message to retrieve message
3956 gssapi compilation errors on Windows
3973 kdb5_util load now fails if db doesn't exist [workaround]
Copyright Notice and Legal Administrivia
----------------------------------------
Copyright (C) 1985-2007 by the Massachusetts Institute of Technology.
All rights reserved.
116 Release Notes
MIT Kerberos v5 r1.5
Export of this software from the United States of America may require
a specific license from the United States Government. It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original MIT software.
M.I.T. makes no representations about the suitability of this software
for any purpose. It is provided "as is" without express or implied
warranty.
THIS SOFTWARE IS PROVIDED ``AS IS|&"&| AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Individual source code files are copyright MIT, Cygnus Support,
OpenVision, Oracle, Sun Soft, FundsXpress, and others.
Appendix A: Third-Party License Agreements 117
MIT Kerberos v5 r1.5
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
(MIT). No commercial use of these trademarks may be made without
prior written permission of MIT.
"Commercial use" means use of a name in a product or other for-profit
manner. It does NOT prevent a commercial firm from referring to the
MIT trademarks in order to convey information (although in doing so,
recognition of their trademark status should be given).
----
Portions contributed by Matt Crawford were
work performed at Fermi National Accelerator Laboratory, which is
operated by Universities Research Association, Inc., under
contract DE-AC02-76CHO3000 with the U.S. Department of Energy.
---- The implementation of the Yarrow pseudo-random number generator
in src/lib/crypto/yarrow has the following copyright:
Copyright 2000 by Zero-Knowledge Systems, Inc.
Permission to use, copy, modify, distribute, and sell this software
and its documentation for any purpose is hereby granted without fee,
118 Release Notes
MIT Kerberos v5 r1.5
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Zero-Knowledge Systems,
Inc. not be used in advertising or publicity pertaining to
distribution of the software without specific, written prior
permission. Zero-Knowledge Systems, Inc. makes no representations
about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
---- The implementation of the AES encryption algorithm in
src/lib/crypto/aes has the following copyright:
Copyright (c) 2001, Dr Brian Gladman , Worcester, UK.
All rights reserved.
LICENSE TERMS
Appendix A: Third-Party License Agreements 119
MIT Kerberos v5 r1.5
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explcit or implied warranties
in respect of any properties, including, but not limited to, correctness
and fitness for purpose.
--- The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
src/lib/gssapi, including the following files:
lib/gssapi/generic/gssapi_err_generic.et
lib/gssapi/mechglue/g_accept_sec_context.c
lib/gssapi/mechglue/g_acquire_cred.c
120 Release Notes
MIT Kerberos v5 r1.5
lib/gssapi/mechglue/g_canon_name.c
lib/gssapi/mechglue/g_compare_name.c
lib/gssapi/mechglue/g_context_time.c
lib/gssapi/mechglue/g_delete_sec_context.c
lib/gssapi/mechglue/g_dsp_name.c
lib/gssapi/mechglue/g_dsp_status.c
lib/gssapi/mechglue/g_dup_name.c
lib/gssapi/mechglue/g_exp_sec_context.c
lib/gssapi/mechglue/g_export_name.c
lib/gssapi/mechglue/g_glue.c
lib/gssapi/mechglue/g_imp_name.c
lib/gssapi/mechglue/g_imp_sec_context.c
lib/gssapi/mechglue/g_init_sec_context.c
lib/gssapi/mechglue/g_initialize.c
lib/gssapi/mechglue/g_inq_context.c
lib/gssapi/mechglue/g_inq_cred.c
lib/gssapi/mechglue/g_inq_names.c
lib/gssapi/mechglue/g_process_context.c
lib/gssapi/mechglue/g_rel_buffer.c
lib/gssapi/mechglue/g_rel_cred.c
lib/gssapi/mechglue/g_rel_name.c
lib/gssapi/mechglue/g_rel_oid_set.c
lib/gssapi/mechglue/g_seal.c
lib/gssapi/mechglue/g_sign.c
lib/gssapi/mechglue/g_store_cred.c
Appendix A: Third-Party License Agreements 121
MIT Kerberos v5 r1.5
lib/gssapi/mechglue/g_unseal.c
lib/gssapi/mechglue/g_verify.c
lib/gssapi/mechglue/mglueP.h
lib/gssapi/mechglue/oid_ops.c
lib/gssapi/spnego/gssapiP_spnego.h
lib/gssapi/spnego/spnego_mech.c
are subject to the following license:
Copyright (c) 2004 Sun Microsystems, Inc.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
122 Release Notes
MIT Kerberos v5 r1.5
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Acknowledgments
---------------
Thanks to Russ Allbery for contributing and integrating patches from
Debian and other places.
Thanks to Michael Calmer for contributing patches for code clean-up.
Thanks to Novell for donating the KDB abstraction layer.
Thanks to Sun Microsystems for donating their implementations of
mechglue and SPNEGO.
Thanks to the numerous others who reported bugs and/or contributed
patches.
Thanks to iDefense for notifying us about the vulnerability in
MITKRB5-SA-2007-002.
Thanks to the members of the Kerberos V5 development team at MIT, both
Appendix A: Third-Party License Agreements 123
MIT Kerberos v5 r1.5
past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson,
Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe
Calzaretta, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman,
Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus,
Miroslav Jurisic, Barry Jaspan, Geoffrey King, Kevin Koch, John Kohl,
Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
Vale, Tom Yu.
124 Release Notes
nss_ldap 2.62
nss_ldap 2.62
This product includes Heimdal software distributed pursuant to the following terms:
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc.
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
Appendix A: Third-Party License Agreements 125
nss_ldap 2.62
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
126 Release Notes
nss_ldap 2.62
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Appendix A: Third-Party License Agreements 127
nss_ldap 2.62
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
128 Release Notes
nss_ldap 2.62
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
Appendix A: Third-Party License Agreements 129
nss_ldap 2.62
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
130 Release Notes
nss_ldap 2.62
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.
Appendix A: Third-Party License Agreements 131
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0)
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0)
ORACLE TECHNOLOGY NETWORK
DEVELOPMENT AND DISTRIBUTION LICENSE AGREEMENT
"We," "us," and "our" refers to Oracle USA, Inc., for and on behalf of itself and its
subsidiaries and affiliates under common control. "You" and "your" refers to the
individual or entity that wishes to use the programs from Oracle. "Programs" refers to
the software product you wish to download and use and program documentation.
"License" refers to your right to use the programs under the terms of this agreement.
This agreement is governed by the substantive and procedural laws of California. You
and Oracle agree to submit to the exclusive jurisdiction of, and venue in, the courts of
San Francisco, San Mateo, or Santa Clara counties in California in any dispute arising out
of or relating to this agreement.
We are willing to license the programs to you only upon the condition that you accept
all of the terms contained in this agreement. Read the terms carefully and select the
"Accept" button at the bottom of the page to confirm your acceptance. If you are not
willing to be bound by these terms, select the "Do Not Accept" button and the
registration process will not continue.
License Rights
We grant you a nonexclusive, nontransferable limited license to use the programs for
purposes of developing your applications. You may also distribute the programs with
your applications to your customers. If you want to use the programs for any purpose
other than as expressly permitted under this agreement you must contact us, or an
Oracle reseller, to obtain the appropriate license. We may audit your use of the
programs. Program documentation is either shipped with the programs, or
documentation may accessed online at http://otn.oracle.com/docs.
Ownership and Restrictions
We retain all ownership and intellectual property rights in the programs. You may make
a sufficient number of copies of the programs for the licensed use and one copy of the
programs for backup purposes.
132 Release Notes
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0)
You may not:
- use the programs for any purpose other than as provided above;
- distribute the programs unless accompanied with your applications;
- charge your end users for use of the programs;
- remove or modify any program markings or any notice of our proprietary rights;
- use the programs to provide third party training on the content and/or functionality of
the programs, except for training your licensed users;
- assign this agreement or give the programs, program access or an interest in the
programs to any individual or entity except as provided under this agreement;
- cause or permit reverse engineering (unless required by law for interoperability),
disassembly or decompilation of the programs;
- disclose results of any program benchmark tests without our prior consent; or,
- use any Oracle name, trademark or logo.
Program Distribution
We grant you a nonexclusive, nontransferable right to copy and distribute the programs
to your end users provided that you do not charge your end users for use of the
programs and provided your end users may only use the programs to run your
applications for their business operations. Prior to distributing the programs you shall
require your end users to execute an agreement binding them to terms consistent with
those contained in this section and the sections of this agreement entitled "License
Rights," "Ownership and Restrictions," "Export," "Disclaimer of Warranties and Exclusive
Remedies," "No Technical Support," "End of Agreement," "Relationship Between the
Parties," and "Open Source." You must also include a provision stating that your end
users shall have no right to distribute the programs, and a provision specifying us as a
third party beneficiary of the agreement. You are responsible for obtaining these
agreements with your end users.
Appendix A: Third-Party License Agreements 133
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0)
You agree to: (a) defend and indemnify us against all claims and damages caused by
your distribution of the programs in breach of this agreements and/or failure to include
the required contractual provisions in your end user agreement as stated above; (b)
keep executed end user agreements and records of end user information including
name, address, date of distribution and identity of programs distributed; (c) allow us to
inspect your end user agreements and records upon request; and, (d) enforce the terms
of your end user agreements so as to effect a timely cure of any end user breach, and to
notify us of any breach of the terms.
Export
You agree that U.S. export control laws and other applicable export and import laws
govern your use of the programs, including technical data; additional information can be
found on Oracle's Global Trade Compliance web site located at
http://www.oracle.com/products/export/index.html?content.html. You agree that
neither the programs nor any direct product thereof will be exported, directly, or
indirectly, in violation of these laws, or will be used for any purpose prohibited by these
laws including, without limitation, nuclear, chemical, or biological weapons
proliferation.
Disclaimer of Warranty and Exclusive Remedies
THE PROGRAMS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. WE
FURTHER DISCLAIM ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT
LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE OR NONINFRINGEMENT.
IN NO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE
OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA
OR DATA USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN
CONTRACT OR TORT, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. OUR ENTIRE LIABILITY FOR DAMAGES HEREUNDER SHALL IN NO EVENT
EXCEED ONE THOUSAND DOLLARS (U.S. $1,000).
No Technical Support
Our technical support organization will not provide technical support, phone support, or
updates to you for the programs licensed under this agreement.
134 Release Notes
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0)
Restricted Rights
If you distribute a license to the United States government, the programs, including
documentation, shall be considered commercial computer software and you will place a
legend, in addition to applicable copyright notices, on the documentation, and on the
media label, substantially similar to the following:
NOTICE OF RESTRICTED RIGHTS
"Programs delivered subject to the DOD FAR Supplement are 'commercial computer
software' and use, duplication, and disclosure of the programs, including
documentation, shall be subject to the licensing restrictions set forth in the applicable
Oracle license agreement. Otherwise, programs delivered subject to the Federal
Acquisition Regulations are 'restricted computer software' and use, duplication, and
disclosure of the programs, including documentation, shall be subject to the restrictions
in FAR 52.227-19, Commercial Computer Software-Restricted Rights (June 1987). Oracle
USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065."
End of Agreement
You may terminate this agreement by destroying all copies of the programs. We have
the right to terminate your right to use the programs if you fail to comply with any of
the terms of this agreement, in which case you shall destroy all copies of the programs.
Relationship Between the Parties
The relationship between you and us is that of licensee/licensor. Neither party will
represent that it has any authority to assume or create any obligation, express or
implied, on behalf of the other party, nor to represent the other party as agent,
employee, franchisee, or in any other capacity. Nothing in this agreement shall be
construed to limit either party's right to independently develop or distribute software
that is functionally similar to the other party's products, so long as proprietary
information of the other party is not included in such software.
Open Source
Appendix A: Third-Party License Agreements 135
Oracle JDBC Driver 10g Release 2 (10.2.0.1.0)
"Open Source" software - software available without charge for use, modification and
distribution - is often licensed under terms that require the user to make the user's
modifications to the Open Source software or any software that the user 'combines'
with the Open Source software freely available in source code form. If you use Open
Source software in conjunction with the programs, you must ensure that your use does
not: (i) create, or purport to create, obligations of us with respect to the Oracle
programs; or (ii) grant, or purport to grant, to any third party any rights to or immunities
under our intellectual property or proprietary rights in the Oracle programs. For
example, you may not develop a software program using an Oracle program and an
Open Source program where such use results in a program file(s) that contains code
from both the Oracle program and the Open Source program (including without
limitation libraries) if the Open Source program is licensed under a license that requires
any "modifications" be made freely available. You also may not combine the Oracle
program with programs licensed under the GNU General Public License ("GPL") in any
manner that could cause, or could be interpreted or asserted to cause, the Oracle
program or any modifications thereto to become subject to the terms of the GPL.
Entire Agreement
You agree that this agreement is the complete agreement for the programs and
licenses, and this agreement supersedes all prior or contemporaneous agreements or
representations. If any term of this agreement is found to be invalid or unenforceable,
the remaining provisions will remain effective.
Last updated: 03/09/05
136 Release Notes
PCRE 6.3
PCRE 6.3
Portions of this product include software developed by Philip Hazel. The University of
Cambridge Computing Service software is distributed in accordance with the following
license agreement.
THE BASIC LIBRARY FUNCTIONS
---------------------------
Written by:
Philip Hazel
Email local part: ph10
Email domain:
cam.ac.uk
University of Cambridge Computing Service,
Cambridge, England. Phone: +44 1223 334714.
Copyright (c) 1997-2006 University of Cambridge
All rights reserved.
THE C++ WRAPPER FUNCTIONS
-------------------------
Contributed by: Google Inc.
Copyright (c) 2006, Google Inc.
Appendix A: Third-Party License Agreements 137
PCRE 6.3
All rights reserved.
THE "BSD" LICENCE
-----------------
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the University of Cambridge nor the name of Google
Inc. nor the names of their contributors may be used to endorse or
promote products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
138 Release Notes
Rhino 1.6r4
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
End
Rhino 1.6r4
The source code version of Rhino 1.6 Release 4 is licensed under the Mozilla Public
License Version 1.1 which can be found at http://www.mozilla.org/MPL/ and is made
available for download from http://opensrcd.ca.com/ips/P02056_4/.
Appendix A: Third-Party License Agreements 139
SAXPath 1
SAXPath 1
This product includes software developed by the SAXPath Project
(http://www.saxpath.org/). The SAXPath software is distributed in accordance with the
following license agreement.
/*--
$Id: LICENSE,v 1.1 2002/04/26 17:43:56 jstrachan Exp $
Copyright (C) 2000-2002 werken digital.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions, and the disclaimer that follows
these conditions in the documentation and/or other materials
provided with the distribution.
3. The name "SAXPath" must not be used to endorse or promote products
140 Release Notes
SAXPath 1
derived from this software without prior written permission. For
written permission, please contact license@saxpath.org.
4. Products derived from this software may not be called "SAXPath", nor
may "SAXPath" appear in their name, without prior written permission
from the SAXPath Project Management (pm@saxpath.org).
In addition, we request (but do not require) that you include in the
end-user documentation provided with the redistribution and/or in the
software itself an acknowledgement equivalent to the following:
"This product includes software developed by the
SAXPath Project (http://www.saxpath.org/)."
Alternatively, the acknowledgment may be graphical using the logos
available at http://www.saxpath.org/
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE SAXPath AUTHORS OR THE PROJECT
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
Appendix A: Third-Party License Agreements 141
SAXPath 1
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This software consists of voluntary contributions made by many
individuals on behalf of the SAXPath Project and was originally
created by bob mcwhirter and
James Strachan . For more information on the
SAXPath Project, please see .
*/
142 Release Notes
SHA-1
SHA-1
This product includes software developed by Internet Society. The software is
distributed in accordance with the following license agreement.
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and
derivative works that comment on or otherwise explain it or assist in its implementation
may be prepared, copied, published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this document itself may
not be modified in any way, such as by removing the copyright notice or references to
the Internet Society or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures for copyrights defined in
the Internet Standards process must be followed, or as required to translate it into
languages other than English.
The limited permissions granted above are perpetual and will not be revoked by the
Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis
and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS
ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY
RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Appendix A: Third-Party License Agreements 143
Sun JDK 1.4.2_13
Sun JDK 1.4.2_13
This Product is distributed with Sun JRE 1.4.2_13 (JAVATM2 RUNTIME ENVIRONMENT
(J2RE), VERSION 1.4.2_13) (Sun JRE). The Sun JRE is distributed in accordance with the
Sun Microsystems, Inc. (Sun) Binary Code License Agreement set forth below. As noted
in Section F of the Supplemental License Terms of this license, Sun has provided
additional copyright notices and license terms that may be applicable to portions of the
Sun JRE in the THIRDPARTYLICENSEREADME.txt file that accompanies the Sun JRE.
LICENSE:
Sun Microsystems, Inc.
Binary Code License Agreement
for the
JAVATM 2 RUNTIME ENVIRONMENT (J2RE), STANDARD EDITION, VERSION 1.4.2_X
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE SOFTWARE
IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE
TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL
LICENSE TERMS (COLLECTIVELY "AGREEMENT"). PLEASE READ THE AGREEMENT
CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU ACCEPT THE
TERMS OF THE AGREEMENT. INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT"
BUTTON AT THE BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND
BY ALL THE TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE
AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT CONTINUE.
1.DEFINITIONS. "Software" means the identified above in binary form, any
other machine readable materials (including, but not limited to,
libraries, source files, header files, and data files), any updates or
144 Release Notes
Sun JDK 1.4.2_13
error corrections provided by Sun, and any user manuals, programming
guides and other documentation provided to you by Sun under this
Agreement. "Programs" mean Java applets and applications intended to run
on the Java 2 Platform, Standard Edition (J2SETM platform) platform on
Java-enabled general purpose desktop computers and servers.
2.LICENSE TO USE. Subject to the terms and conditions of this Agreement,
including, but not limited to the Java Technology Restrictions of the
Supplemental License Terms, Sun grants you a non-exclusive,
non-transferable, limited license without license fees to reproduce and
use internally Software complete and unmodified for the sole purpose of
running Programs. Additional licenses for developers and/or publishers are
granted in the Supplemental License Terms.
3.RESTRICTIONS. Software is confidential and copyrighted. Title to
Software and all associated intellectual property rights is retained by
Sun and/or its licensors. Unless enforcement is prohibited by applicable
law, you may not modify, decompile, or reverse engineer Software. You
acknowledge that Licensed Software is not designed or intended for use in
the design, construction, operation or maintenance of any nuclear
facility. Sun Microsystems, Inc. disclaims any express or implied
warranty of fitness for such uses. No right, title or interest in or to
any trademark, service mark, logo or trade name of Sun or its licensors is
granted under this Agreement. Additional restrictions for developers
and/or publishers licenses are set forth in the Supplemental License
Appendix A: Third-Party License Agreements 145
Sun JDK 1.4.2_13
Terms.
4.LIMITED WARRANTY. Sun warrants to you that for a period of ninety (90)
days from the date of purchase, as evidenced by a copy of the receipt, the
media on which Software is furnished (if any) will be free of defects in
materials and workmanship under normal use. Except for the foregoing,
Software is provided "AS IS". Your exclusive remedy and Sun's entire
liability under this limited warranty will be at Sun's option to replace
Software media or refund the fee paid for Software. Any implied warranties
on the Software are limited to 90 days. Some states do not allow
limitations on duration of an implied warranty, so the above may not apply
to you. This limited warranty gives you specific legal rights. You may
have others, which vary from state to state.
5.DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS
OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
6.LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR
DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE
DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
146 Release Notes
Sun JDK 1.4.2_13
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event will Sun's
liability to you, whether in contract, tort (including negligence), or
otherwise, exceed the amount paid by you for Software under this
Agreement. The foregoing limitations will apply even if the above stated
warranty fails of its essential purpose. Some states do not allow the
exclusion of incidental or consequential damages, so some of the terms
above may not be applicable to you.
7.SOFTWARE UPDATES FROM SUN. You acknowledge that at your request or
consent optional features of the Software may download, install, and
execute applets, applications, software extensions, and updated versions
of the Software from Sun ("Software Updates"), which may require you to
accept updated terms and conditions for installation. If additional terms
and conditions are not presented on installation, the Software Updates
will be considered part of the Software and subject to the terms and
conditions of the Agreement.
8.SOFTWARE FROM SOURCES OTHER THAN SUN. You acknowledge that, by your use
of optional features of the Software and/or by requesting services that
require use of the optional features of the Software, the Software may
automatically download, install, and execute software applications from
sources other than Sun ("Other Software"). Sun makes no representations of
a relationship of any kind to licensors of Other Software. TO THE EXTENT
NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR
ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
Appendix A: Third-Party License Agreements 147
Sun JDK 1.4.2_13
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY
OF
LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE
OTHER SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. Some states do not allow the exclusion of incidental or
consequential damages, so some of the terms above may not be applicable to
you.
9.TERMINATION. This Agreement is effective until terminated. You may
terminate this Agreement at any time by destroying all copies of Software.
This Agreement will terminate immediately without notice from Sun if you
fail to comply with any provision of this Agreement. Either party may
terminate this Agreement immediately should any Software become, or in
either party's opinion be likely to become, the subject of a claim of
infringement of any intellectual property right. Upon Termination, you
must destroy all copies of Software.
10.EXPORT REGULATIONS. All Software and technical data delivered under
this Agreement are subject to US export control laws and may be subject to
export or import regulations in other countries. You agree to comply
strictly with all such laws and regulations and acknowledge that you have
the responsibility to obtain such licenses to export, re-export, or import
as may be required after delivery to you.
11.TRADEMARKS AND LOGOS. You acknowledge and agree as between you and Sun
148 Release Notes
Sun JDK 1.4.2_13
that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET trademarks
and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related trademarks,
service marks, logos and other brand designations ("Sun Marks"), and you
agree to comply with the Sun Trademark and Logo Usage Requirements
currently located at http://www.sun.com/policies/trademarks. Any use you
make of the Sun Marks inures to Sun's benefit.
12.U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being acquired by or
on behalf of the U.S. Government or by a U.S. Government prime contractor
or subcontractor (at any tier), then the Government's rights in Software
and accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4
(for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and
12.212 (for non-DOD acquisitions).
13.GOVERNING LAW. Any action related to this Agreement will be governed by
California law and controlling U.S. federal law. No choice of law rules of
any jurisdiction will apply.
14.SEVERABILITY. If any provision of this Agreement is held to be
unenforceable, this Agreement will remain in effect with the provision
omitted, unless omission would frustrate the intent of the parties, in
which case this Agreement will immediately terminate.
15.INTEGRATION. This Agreement is the entire agreement between you and Sun
Appendix A: Third-Party License Agreements 149
Sun JDK 1.4.2_13
relating to its subject matter. It supersedes all prior or contemporaneous
oral or written communications, proposals, representations and warranties
and prevails over any conflicting or additional terms of any quote, order,
acknowledgment, or other communication between the parties relating to its
subject matter during the term of this Agreement. No modification of this
Agreement will be binding, unless in writing and signed by an authorized
representative of each party.
SUPPLEMENTAL LICENSE TERMS
These Supplemental License Terms add to or modify the terms of the Binary
Code License Agreement. Capitalized terms not defined in these
Supplemental Terms shall have the same meanings ascribed to them in the
Binary Code License Agreement . These Supplemental Terms shall supersede
any inconsistent or conflicting terms in the Binary Code License
Agreement, or in any license contained within the Software.
A.Software Internal Use and Development License Grant. Subject to the
terms and conditions of this Agreement, including, but not limited to the
Java Technology Restrictions of these Supplemental Terms, Sun grants you a
non-exclusive, non-transferable, limited license without fees to reproduce
internally and use internally the Software complete and unmodified (unless
otherwise specified in the applicable README file) for the purpose of
designing, developing, and testing your Programs.
150 Release Notes
Sun JDK 1.4.2_13
B.License to Distribute Software. Subject to the terms and conditions of
this Agreement, including, but not limited to the Java Technology
Restrictions of these Supplemental Terms, Sun grants you a non-exclusive,
non-transferable, limited license without fees to reproduce and distribute
the Software, provided that (i) you distribute the Software complete and
unmodified (unless otherwise specified in the applicable README file) and
only bundled as part of, and for the sole purpose of running, your
Programs, (ii) the Programs add significant and primary functionality to
the Software, (iii) you do not distribute additional software intended to
replace any component(s) of the Software (unless otherwise specified in
the applicable README file), (iv) you do not remove or alter any
proprietary legends or notices contained in the Software, (v) you only
distribute the Software subject to a license agreement that protects Sun's
interests consistent with the terms contained in this Agreement, and (vi)
you agree to defend and indemnify Sun and its licensors from and against
any damages, costs, liabilities, settlement amounts and/or expenses
(including attorneys' fees) incurred in connection with any claim, lawsuit
or action by any third party that arises or results from the use or
distribution of any and all Programs and/or Software.
C.License to Distribute Redistributables. Subject to the terms and
conditions of this Agreement, including but not limited to the Java
Technology Restrictions of these Supplemental Terms, Sun grants you a
non-exclusive, non-transferable, limited license without fees to reproduce
and distribute those files specifically identified as redistributable in
Appendix A: Third-Party License Agreements 151
Sun JDK 1.4.2_13
the Software "README" file ("Redistributables") provided that: (i) you
distribute the Redistributables complete and unmodified (unless otherwise
specified in the applicable README file), and only bundled as part of
Programs, (ii) you do not distribute additional software intended to
supersede any component(s) of the Redistributables (unless otherwise
specified in the applicable README file), (iii) you do not remove or alter
any proprietary legends or notices contained in or on the
Redistributables, (iv) you only distribute the Redistributables pursuant
to a license agreement that protects Sun's interests consistent with the
terms contained in the Agreement, (v) you agree to defend and indemnify
Sun and its licensors from and against any damages, costs, liabilities,
settlement amounts and/or expenses (including attorneys' fees) incurred in
connection with any claim, lawsuit or action by any third party that
arises or results from the use or distribution of any and all Programs
and/or Software.
D.Java Technology Restrictions. You may not modify the Java Platform
Interface ("JPI", identified as classes contained within the "java"
package or any subpackages of the "java" package), by creating additional
classes within the JPI or otherwise causing the addition to or
modification of the classes in the JPI. In the event that you create an
additional class and associated API(s) which (i) extends the functionality
of the Java platform, and (ii) is exposed to third party software
developers for the purpose of developing additional software which invokes
such additional API, you must promptly publish broadly an accurate
152 Release Notes
Sun JDK 1.4.2_13
specification for such API for free use by all developers. You may not
create, or authorize your licensees to create, additional classes,
interfaces, or subpackages that are in any way identified as "java",
"javax", "sun" or similar convention as specified by Sun in any naming
convention designation.
E.Source Code. Software may contain source code that, unless expressly
licensed for other purposes, is provided solely for reference purposes
pursuant to the terms of this Agreement. Source code may not be
redistributed unless expressly provided for in this Agreement.
F.Third Party Code. Additional copyright notices and license terms
applicable to portions of the Software are set forth in the
THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions
of any third party opensource/freeware license identified in the
THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and
limitation of liability provisions in paragraphs 5 and 6 of the Binary
Code License Agreement shall apply to all Software in this distribution.
For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle,
Santa Clara, California 95054, U.S.A.
(LFI#135955/Form ID#011801)
Appendix A: Third-Party License Agreements 153
Sun JDK 1.6.0
Sun JDK 1.6.0
This Product is distributed with Sun JDK 1.6.0 (JAVA SE DEVELOPMENT KIT (JDK),
VERSION 6) (Sun JDK). The Sun JDK is distributed in accordance with the Sun
Microsystems, Inc. (Sun) Binary Code License Agreement set forth below. As noted in
Section G of the Supplemental License Terms of this license, Sun has provided additional
copyright notices and license terms that may be applicable to portions of the Sun JDK in
the THIRDPARTYLICENSEREADME.txt file that accompanies the Sun JDK.
Sun Microsystems, Inc. Binary Code License Agreement
for the JAVA SE DEVELOPMENT KIT (JDK), VERSION 6
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE
THE SOFTWARE IDENTIFIED BELOW TO YOU ONLY UPON THE
CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED
IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL
LICENSE TERMS (COLLECTIVELY "AGREEMENT"). PLEASE READ
THE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING
THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT.
INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT" BUTTON
AT THE BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING
TO BE BOUND BY ALL THE TERMS, SELECT THE "DECLINE"
BUTTON AT THE BOTTOM OF THE AGREEMENT AND THE DOWNLOAD
OR INSTALL PROCESS WILL NOT CONTINUE.
1. DEFINITIONS. "Software" means the identified above
in binary form, any other machine readable materials
154 Release Notes
Sun JDK 1.6.0
(including, but not limited to, libraries, source
files, header files, and data files), any updates or
error corrections provided by Sun, and any user
manuals, programming guides and other documentation
provided to you by Sun under this Agreement.
"Programs" mean Java applets and applications intended
to run on the Java Platform, Standard Edition (Java
SE) on Java-enabled general purpose desktop computers
and servers.
2. LICENSE TO USE. Subject to the terms and conditions
of this Agreement, including, but not limited to the
Java Technology Restrictions of the Supplemental
License Terms, Sun grants you a non-exclusive,
non-transferable, limited license without license fees
to reproduce and use internally Software complete and
unmodified for the sole purpose of running Programs.
Additional licenses for developers and/or publishers
are granted in the Supplemental License Terms.
3. RESTRICTIONS. Software is confidential and
copyrighted. Title to Software and all associated
intellectual property rights is retained by Sun and/or
its licensors. Unless enforcement is prohibited by
applicable law, you may not modify, decompile, or
Appendix A: Third-Party License Agreements 155
Sun JDK 1.6.0
reverse engineer Software. You acknowledge that
Licensed Software is not designed or intended for use
in the design, construction, operation or maintenance
of any nuclear facility. Sun Microsystems, Inc.
disclaims any express or implied warranty of fitness
for such uses. No right, title or interest in or to
any trademark, service mark, logo or trade name of Sun
or its licensors is granted under this Agreement.
Additional restrictions for developers and/or
publishers licenses are set forth in the Supplemental
License Terms.
4. LIMITED WARRANTY. Sun warrants to you that for a
period of ninety (90) days from the date of purchase,
as evidenced by a copy of the receipt, the media on
which Software is furnished (if any) will be free of
defects in materials and workmanship under normal use.
Except for the foregoing, Software is provided "AS IS".
Your exclusive remedy and Sun's entire liability under
this limited warranty will be at Sun's option to
replace Software media or refund the fee paid for
Software. Any implied warranties on the Software are
limited to 90 days. Some states do not allow
limitations on duration of an implied warranty, so the
above may not apply to you. This limited warranty
156 Release Notes
Sun JDK 1.6.0
gives you specific legal rights. You may have others,
which vary from state to state.
5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS
AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO
THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE
LEGALLY INVALID.
6. LIMITATION OF LIABILITY. TO THE EXTENT NOT
PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS
LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR
DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED
REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE,
EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. In no event will Sun's liability to you,
whether in contract, tort (including negligence), or
otherwise, exceed the amount paid by you for Software
under this Agreement. The foregoing limitations will
apply even if the above stated warranty fails of its
essential purpose. Some states do not allow the
Appendix A: Third-Party License Agreements 157
Sun JDK 1.6.0
exclusion of incidental or consequential damages, so
some of the terms above may not be applicable to you.
7. TERMINATION. This Agreement is effective until
terminated. You may terminate this Agreement at any
time by destroying all copies of Software. This
Agreement will terminate immediately without notice
from Sun if you fail to comply with any provision of
this Agreement. Either party may terminate this
Agreement immediately should any Software become, or
in either party's opinion be likely to become, the
subject of a claim of infringement of any intellectual
property right. Upon Termination, you must destroy all
copies of Software.
8. EXPORT REGULATIONS. All Software and technical data
delivered under this Agreement are subject to US
export control laws and may be subject to export or
import regulations in other countries. You agree to
comply strictly with all such laws and regulations and
acknowledge that you have the responsibility to obtain
such licenses to export, re-export, or import as may
be required after delivery to you.
9. TRADEMARKS AND LOGOS. You acknowledge and agree as
158 Release Notes
Sun JDK 1.6.0
between you and Sun that Sun owns the SUN, SOLARIS,
JAVA, JINI, FORTE, and iPLANET trademarks and all SUN,
SOLARIS, JAVA, JINI, FORTE, and iPLANET-related
trademarks, service marks, logos and other brand
designations ("Sun Marks"), and you agree to comply
with the Sun Trademark and Logo Usage Requirements
currently located at
http://www.sun.com/policies/trademarks. Any use you
make of the Sun Marks inures to Sun's benefit.
10. U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is
being acquired by or on behalf of the U.S. Government
or by a U.S. Government prime contractor or
subcontractor (at any tier), then the Government's
rights in Software and accompanying documentation will
be only as set forth in this Agreement; this is in
accordance with 48 CFR 227.7201 through 227.7202-4
(for Department of Defense (DOD) acquisitions) and
with 48 CFR 2.101 and 12.212 (for non-DOD
acquisitions).
11. GOVERNING LAW. Any action related to this Agreement
will be governed by California law and controlling
U.S. federal law. No choice of law rules of any
jurisdiction will apply.
Appendix A: Third-Party License Agreements 159
Sun JDK 1.6.0
12. SEVERABILITY. If any provision of this Agreement
is held to be unenforceable, this Agreement will
remain in effect with the provision omitted, unless
omission would frustrate the intent of the parties, in
which case this Agreement will immediately terminate.
13. INTEGRATION. This Agreement is the entire agreement
between you and Sun relating to its subject matter. It
supersedes all prior or contemporaneous oral or
written communications, proposals, representations and
warranties and prevails over any conflicting or
additional terms of any quote, order, acknowledgment,
or other communication between the parties relating to
its subject matter during the term of this Agreement.
No modification of this Agreement will be binding,
unless in writing and signed by an authorized
representative of each party.
SUPPLEMENTAL LICENSE TERMS
These Supplemental License Terms add to or modify the
terms of the Binary Code License Agreement.
Capitalized terms not defined in these Supplemental
Terms shall have the same meanings ascribed to them in
160 Release Notes
Sun JDK 1.6.0
the Binary Code License Agreement . These Supplemental
Terms shall supersede any inconsistent or conflicting
terms in the Binary Code License Agreement, or in any
license contained within the Software.
A. Software Internal Use and Development License
Grant. Subject to the terms and conditions of this
Agreement and restrictions and exceptions set forth in
the Software "README" file incorporated herein by
reference, including, but not limited to the Java
Technology Restrictions of these Supplemental Terms,
Sun grants you a non-exclusive, non-transferable,
limited license without fees to reproduce internally
and use internally the Software complete and
unmodified for the purpose of designing, developing,
and testing your Programs.
B. License to Distribute Software. Subject to the
terms and conditions of this Agreement and
restrictions and exceptions set forth in the Software
README file, including, but not limited to the Java
Technology Restrictions of these Supplemental Terms,
Sun grants you a non-exclusive, non-transferable,
limited license without fees to reproduce and
distribute the Software, provided that (i) you
Appendix A: Third-Party License Agreements 161
Sun JDK 1.6.0
distribute the Software complete and unmodified and
only bundled as part of, and for the sole purpose of
running, your Programs, (ii) the Programs add
significant and primary functionality to the Software,
(iii) you do not distribute additional software
intended to replace any component(s) of the Software,
(iv) you do not remove or alter any proprietary
legends or notices contained in the Software, (v) you
only distribute the Software subject to a license
agreement that protects Sun's interests consistent
with the terms contained in this Agreement, and (vi)
you agree to defend and indemnify Sun and its
licensors from and against any damages, costs,
liabilities, settlement amounts and/or expenses
(including attorneys' fees) incurred in connection
with any claim, lawsuit or action by any third party
that arises or results from the use or distribution of
any and all Programs and/or Software.
C. License to Distribute Redistributables. Subject to
the terms and conditions of this Agreement and
restrictions and exceptions set forth in the Software
README file, including but not limited to the Java
Technology Restrictions of these Supplemental Terms,
Sun grants you a non-exclusive, non-transferable,
162 Release Notes
Sun JDK 1.6.0
limited license without fees to reproduce and
distribute those files specifically identified as
redistributable in the Software "README" file
("Redistributables") provided that: (i) you distribute
the Redistributables complete and unmodified, and only
bundled as part of Programs, (ii) the Programs add
significant and primary functionality to the
Redistributables, (iii) you do not distribute
additional software intended to supersede any
component(s) of the Redistributables (unless otherwise
specified in the applicable README file), (iv) you do
not remove or alter any proprietary legends or notices
contained in or on the Redistributables, (v) you only
distribute the Redistributables pursuant to a license
agreement that protects Sun's interests consistent
with the terms contained in the Agreement, (vi) you
agree to defend and indemnify Sun and its licensors
from and against any damages, costs, liabilities,
settlement amounts and/or expenses (including
attorneys' fees) incurred in connection with any
claim, lawsuit or action by any third party that
arises or results from the use or distribution of any
and all Programs and/or Software.
D. Java Technology Restrictions. You may not create,
Appendix A: Third-Party License Agreements 163
Sun JDK 1.6.0
modify, or change the behavior of, or authorize your
licensees to create, modify, or change the behavior
of, classes, interfaces, or subpackages that are in
any way identified as "java", "javax", "sun" or
similar convention as specified by Sun in any naming
convention designation.
E. Distribution by Publishers. This section pertains
to your distribution of the Software with your printed
book or magazine (as those terms are commonly used in
the industry) relating to Java technology
("Publication"). Subject to and conditioned upon your
compliance with the restrictions and obligations
contained in the Agreement, in addition to the license
granted in Paragraph 1 above, Sun hereby grants to you
a non-exclusive, nontransferable limited right to
reproduce complete and unmodified copies of the
Software on electronic media (the "Media") for the
sole purpose of inclusion and distribution with your
Publication(s), subject to the following terms: (i)
You may not distribute the Software on a stand-alone
basis; it must be distributed with your
Publication(s); (ii) You are responsible for
downloading the Software from the applicable Sun web
site; (iii) You must refer to the Software as JavaTM
164 Release Notes
Sun JDK 1.6.0
SE Development Kit 6; (iv) The Software must be
reproduced in its entirety and without any
modification whatsoever (including, without
limitation, the Binary Code License and Supplemental
License Terms accompanying the Software and
proprietary rights notices contained in the Software);
(v) The Media label shall include the following
information: Copyright 2006, Sun Microsystems, Inc.
All rights reserved. Use is subject to license terms.
Sun, Sun Microsystems, the Sun logo, Solaris, Java,
the Java Coffee Cup logo, J2SE, and all trademarks and
logos based on Java are trademarks or registered
trademarks of Sun Microsystems, Inc. in the U.S. and
other countries. This information must be placed on
the Media label in such a manner as to only apply to
the Sun Software; (vi) You must clearly identify the
Software as Sun's product on the Media holder or Media
label, and you may not state or imply that Sun is
responsible for any third-party software contained on
the Media; (vii) You may not include any third party
software on the Media which is intended to be a
replacement or substitute for the Software; (viii) You
shall indemnify Sun for all damages arising from your
failure to comply with the requirements of this
Agreement. In addition, you shall defend, at your
Appendix A: Third-Party License Agreements 165
Sun JDK 1.6.0
expense, any and all claims brought against Sun by
third parties, and shall pay all damages awarded by a
court of competent jurisdiction, or such settlement
amount negotiated by you, arising out of or in
connection with your use, reproduction or distribution
of the Software and/or the Publication. Your
obligation to provide indemnification under this
section shall arise provided that Sun: (a) provides
you prompt notice of the claim; (b) gives you sole
control of the defense and settlement of the claim;
(c) provides you, at your expense, with all available
information, assistance and authority to defend; and
(d) has not compromised or settled such claim without
your prior written consent; and (ix) You shall provide
Sun with a written notice for each Publication; such
notice shall include the following information: (1)
title of Publication, (2) author(s), (3) date of
Publication, and (4) ISBN or ISSN numbers. Such notice
shall be sent to Sun Microsystems, Inc., 4150 Network
Circle, M/S USCA12-110, Santa Clara, California 95054,
U.S.A , Attention: Contracts Administration.
F. Source Code. Software may contain source code that,
unless expressly licensed for other purposes, is
provided solely for reference purposes pursuant to the
166 Release Notes
Sun JDK 1.6.0
terms of this Agreement. Source code may not be
redistributed unless expressly provided for in this
Agreement.
G. Third Party Code. Additional copyright notices and
license terms applicable to portions of the Software
are set forth in the THIRDPARTYLICENSEREADME.txt file.
In addition to any terms and conditions of any third
party opensource/freeware license identified in the
THIRDPARTYLICENSEREADME.txt file, the disclaimer of
warranty and limitation of liability provisions in
paragraphs 5 and 6 of the Binary Code License
Agreement shall apply to all Software in this
distribution.
H. Termination for Infringement. Either party may
terminate this Agreement immediately should any
Software become, or in either party's opinion be
likely to become, the subject of a claim of
infringement of any intellectual property right.
I. Installation and Auto-Update. The Software's
installation and auto-update processes transmit a
limited amount of data to Sun (or its service
provider) about those specific processes to help Sun
Appendix A: Third-Party License Agreements 167
Sun JDK 1.6.0
understand and optimize them. Sun does not associate
the data with personally identifiable information.
You can find more information about the data Sun
collects at http://java.com/data/.
For inquiries please contact: Sun Microsystems, Inc.,
4150 Network Circle, Santa Clara, California 95054,
U.S.A.
168 Release Notes
Sun JRE 1.5.0_18
Sun JRE 1.5.0_18
This Product is distributed with Sun JRE 1.5.0_18 (JAVA 2 PLATFORM STANDARD
EDITION DEVELOPMENT KIT 5.0) ("Sun JDK"). The Sun JDK is distributed in accordance
with the Sun Microsystems, Inc. ("Sun") Binary Code License Agreement set forth below.
As noted in Section G of the Supplemental License Terms of this license, Sun has
provided additional copyright notices and license terms that may be applicable to
portions of the Sun JDK in the THIRDPARTYLICENSEREADME.txt file.
Sun Microsystems, Inc. Binary Code License Agreement
for the JAVA 2 PLATFORM STANDARD EDITION DEVELOPMENT KIT 5.0
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE
SOFTWARE IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION
THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY
CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS
(COLLECTIVELY "AGREEMENT"). PLEASE READ THE AGREEMENT
CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU
ACCEPT THE TERMS OF THE AGREEMENT. INDICATE ACCEPTANCE BY
SELECTING THE "ACCEPT" BUTTON AT THE BOTTOM OF THE
AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY ALL THE
TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE
AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT
CONTINUE.
1. DEFINITIONS. "Software" means the identified above in
binary form, any other machine readable materials
Appendix A: Third-Party License Agreements 169
Sun JRE 1.5.0_18
(including, but not limited to, libraries, source files,
header files, and data files), any updates or error
corrections provided by Sun, and any user manuals,
programming guides and other documentation provided to you
by Sun under this Agreement. "General Purpose Desktop
Computers and Servers" means computers, including desktop
and laptop computers, or servers, used for general
computing functions under end user control (such as but not
specifically limited to email, general purpose Internet
browsing, and office suite productivity tools). The use of
Software in systems and solutions that provide dedicated
functionality (other than as mentioned above) or designed
for use in embedded or function-specific software
applications, for example but not limited to: Software
embedded in or bundled with industrial control systems,
wireless mobile telephones, wireless handheld devices,
netbooks, kiosks, TV/STB, Blu -ray Disc
devices,
telematics and network control switching equipment,
printers and storage management systems, and other related
systems is excluded from this definition and not licensed
under this Agreement. "Programs" means Java technology
applets and applications intended to run on the Java 2
Platform Standard Edition (J2SE) platform on Java-enabled
General Purpose Desktop Computers and Servers.
170 Release Notes
Sun JRE 1.5.0_18
2. LICENSE TO USE. Subject to the terms and conditions of
this Agreement, including, but not limited to the Java
Technology Restrictions of the Supplemental License Terms,
Sun grants you a non-exclusive, non-transferable, limited
license without license fees to reproduce and use internally
Software complete and unmodified for the sole purpose of
running Programs. Additional licenses for developers and/or
publishers are granted in the Supplemental License Terms.
3. RESTRICTIONS. Software is confidential and copyrighted.
Title to Software and all associated intellectual property
rights is retained by Sun and/or its licensors. Unless
enforcement is prohibited by applicable law, you may not
modify, decompile, or reverse engineer Software. You
acknowledge that Licensed Software is not designed or
intended for use in the design, construction, operation or
maintenance of any nuclear facility. Sun Microsystems, Inc.
disclaims any express or implied warranty of fitness for
such uses. No right, title or interest in or to any
trademark, service mark, logo or trade name of Sun or its
licensors is granted under this Agreement. Additional
restrictions for developers and/or publishers licenses are
set forth in the Supplemental License Terms.
4. LIMITED WARRANTY. Sun warrants to you that for a period
Appendix A: Third-Party License Agreements 171
Sun JRE 1.5.0_18
of ninety (90) days from the date of purchase, as evidenced
by a copy of the receipt, the media on which Software is
furnished (if any) will be free of defects in materials and
workmanship under normal use. Except for the foregoing,
Software is provided "AS IS". Your exclusive remedy and
Sun's entire liability under this limited warranty will be
at Sun's option to replace Software media or refund the fee
paid for Software. Any implied warranties on the Software
are limited to 90 days. Some states do not allow
limitations on duration of an implied warranty, so the above
may not apply to you. This limited warranty gives you
specific legal rights. You may have others, which vary from
state to state.
5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS
AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID.
6. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED
BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR
ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT,
172 Release Notes
Sun JRE 1.5.0_18
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN
IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
In no event will Sun's liability to you, whether in
contract, tort (including negligence), or otherwise, exceed
the amount paid by you for Software under this Agreement.
The foregoing limitations will apply even if the above
stated warranty fails of its essential purpose. Some states
do not allow the exclusion of incidental or consequential
damages, so some of the terms above may not be applicable to
you.
7. TERMINATION. This Agreement is effective until
terminated. You may terminate this Agreement at any time by
destroying all copies of Software. This Agreement will
terminate immediately without notice from Sun if you fail to
comply with any provision of this Agreement. Either party
may terminate this Agreement immediately should any Software
become, or in either party's opinion be likely to become,
the subject of a claim of infringement of any intellectual
property right. Upon Termination, you must destroy all
copies of Software.
8. EXPORT REGULATIONS. All Software and technical data
Appendix A: Third-Party License Agreements 173
Sun JRE 1.5.0_18
delivered under this Agreement are subject to US export
control laws and may be subject to export or import
regulations in other countries. You agree to comply
strictly with all such laws and regulations and acknowledge
that you have the responsibility to obtain such licenses to
export, re-export, or import as may be required after
delivery to you.
9. TRADEMARKS AND LOGOS. You acknowledge and agree as
between you and Sun that Sun owns the SUN, SOLARIS, JAVA,
JINI, FORTE, and iPLANET trademarks and all SUN, SOLARIS,
JAVA, JINI, FORTE, and iPLANET-related trademarks, service
marks, logos and other brand designations ("Sun Marks"), and
you agree to comply with the Sun Trademark and Logo Usage
Requirements
currently
located
at
http://www.sun.com/policies/trademarks. Any use you make of
the Sun Marks inures to Sun's benefit.
10. U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is
being acquired by or on behalf of the U.S. Government or by
a U.S. Government prime contractor or subcontractor (at any
tier), then the Government's rights in Software and
accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201
through 227.7202-4 (for Department of Defense (DOD)
174 Release Notes
Sun JRE 1.5.0_18
acquisitions) and with 48 CFR 2.101 and 12.212 (for non-DOD
acquisitions).
11. GOVERNING LAW. Any action related to this Agreement
will be governed by California law and controlling U.S.
federal law. No choice of law rules of any jurisdiction
will apply.
12. SEVERABILITY. If any provision of this Agreement is
held to be unenforceable, this Agreement will remain in
effect with the provision omitted, unless omission would
frustrate the intent of the parties, in which case this
Agreement will immediately terminate.
13. INTEGRATION. This Agreement is the entire agreement
between you and Sun relating to its subject matter. It
supersedes all prior or contemporaneous oral or written
communications, proposals, representations and warranties
and prevails over any conflicting or additional terms of any
quote, order, acknowledgment, or other communication between
the parties relating to its subject matter during the term
of this Agreement. No modification of this Agreement will
be binding, unless in writing and signed by an authorized
representative of each party.
Appendix A: Third-Party License Agreements 175
Sun JRE 1.5.0_18
SUPPLEMENTAL LICENSE TERMS
These Supplemental License Terms add to or modify the terms
of the Binary Code License Agreement. Capitalized terms not
defined in these Supplemental Terms shall have the same
meanings ascribed to them in the Binary Code License
Agreement . These Supplemental Terms shall supersede any
inconsistent or conflicting terms in the Binary Code License
Agreement, or in any license contained within the Software.
A. Software Internal Use and Development License Grant.
Subject to the terms and conditions of this Agreement and
restrictions and exceptions set forth in the Software
"README" file incorporated herein by reference, including,
but not limited to the Java Technology Restrictions of these
Supplemental Terms, Sun grants you a non-exclusive,
non-transferable, limited license without fees to reproduce
internally and use internally the Software complete and
unmodified for the purpose of designing, developing, and
testing your Programs.
B. License to Distribute Software. Subject to the terms
and conditions of this Agreement and restrictions and
exceptions set forth in the Software README file, including,
but not limited to the Java Technology Restrictions of these
176 Release Notes
Sun JRE 1.5.0_18
Supplemental Terms, Sun grants you a non-exclusive,
non-transferable, limited license without fees to reproduce
and distribute the Software, provided that (i) you
distribute the Software complete and unmodified and only
bundled as part of, and for the sole purpose of running,
your Programs, (ii) the Programs add significant and primary
functionality to the Software, (iii) you do not distribute
additional software intended to replace any component(s) of
the Software, (iv) you do not remove or alter any
proprietary legends or notices contained in the Software,
(v) you only distribute the Software subject to a license
agreement that protects Sun's interests consistent with the
terms contained in this Agreement, and (vi) you agree to
defend and indemnify Sun and its licensors from and against
any damages, costs, liabilities, settlement amounts and/or
expenses (including attorneys' fees) incurred in connection
with any claim, lawsuit or action by any third party that
arises or results from the use or distribution of any and
all Programs and/or Software.
C. License to Distribute Redistributables. Subject to the
terms and conditions of this Agreement and restrictions and
exceptions set forth in the Software README file, including
but not limited to the Java Technology Restrictions of these
Supplemental Terms, Sun grants you a non-exclusive,
Appendix A: Third-Party License Agreements 177
Sun JRE 1.5.0_18
non-transferable, limited license without fees to reproduce
and distribute those files specifically identified as
redistributable in the Software "README" file
("Redistributables") provided that: (i) you distribute the
Redistributables complete and unmodified, and only bundled
as part of Programs, (ii) the Programs add significant and
primary functionality to the Redistributables, (iii) you do
not distribute additional software intended to supersede any
component(s) of the Redistributables (unless otherwise
specified in the applicable README file), (iv) you do not
remove or alter any proprietary legends or notices contained
in or on the Redistributables, (v) you only distribute the
Redistributables pursuant to a license agr eement that
protects Sun's interests consistent with the terms contained
in the Agreement, (vi) you agree to defend and indemnify Sun
and its licensors from and against any damages, costs,
liabilities, settlement amounts and/or expenses (including
attorneys' fees) incurred in connection with any claim,
lawsuit or action by any third party that arises or results
from the use or distribution of any and all Programs and/or
Software.
D. Java Technology Restrictions. You may not create,
modify, or change the behavior of, or authorize your
licensees to create, modify, or change the behavior of,
178 Release Notes
Sun JRE 1.5.0_18
classes, interfaces, or subpackages that are in any way
identified as "java", "javax", "sun" or similar convention
as specified by Sun in any naming convention designation.
E. Distribution by Publishers. This section pertains to
your distribution of the Software with your printed book or
magazine (as those terms are commonly used in the industry)
relating to Java technology ("Publication"). Subject to and
conditioned upon your compliance with the restrictions and
obligations contained in the Agreement, in addition to the
license granted in Paragraph 1 above, Sun hereby grants to
you a non-exclusive, nontransferable limited right to
reproduce complete and unmodified copies of the Software on
electronic media (the "Media") for the sole purpose of
inclusion and distribution with your Publication(s), subject
to the following terms: (i) You may not distribute the
Software on a stand-alone basis; it must be distributed with
your Publication(s); (ii) You are responsible for
downloading the Software from the applicable Sun web site;
(iii) You must refer to the Software as JavaTM 2 Platform
Standard Edition Development Kit 5.0; (iv) The Software must
be reproduced in its entirety and wit hout any modification
whatsoever (including, without limitation, the Binary Code
License and Supplemental License Terms accompanying the
Software and proprietary rights notices contained in the
Appendix A: Third-Party License Agreements 179
Sun JRE 1.5.0_18
Software); (v) The Media label shall include the following
information: Copyright 2006, Sun Microsystems, Inc. All
rights reserved. Use is subject to license terms. Sun, Sun
Microsystems, the Sun logo, Solaris, Java, the Java Coffee
Cup logo, J2SE, and all trademarks and logos based on Java
are trademarks or registered trademarks of Sun Microsystems,
Inc. in the U.S. and other countries. This information
must be placed on the Media label in such a manner as to
only apply to the Sun Software; (vi) You must clearly
identify the Software as Sun's product on the Media holder
or Media label, and you may not state or imply that Sun is
responsible for any third-party software contained on the
Media; (vii) You may not include any third party software on
the Media which is intended to be a replacement or
substitute for the Soft ware; (viii) You shall indemnify Sun
for all damages arising from your failure to comply with the
requirements of this Agreement. In addition, you shall
defend, at your expense, any and all claims brought against
Sun by third parties, and shall pay all damages awarded by a
court of competent jurisdiction, or such settlement amount
negotiated by you, arising out of or in connection with your
use, reproduction or distribution of the Software and/or the
Publication. Your obligation to provide indemnification
under this section shall arise provided that Sun: (a)
provides you prompt notice of the claim; (b) gives you sole
180 Release Notes
Sun JRE 1.5.0_18
control of the defense and settlement of the claim; (c)
provides you, at your expense, with all available
information, assistance and authority to defend; and (d) has
not compromised or settled such claim without your prior
written consent; and (ix) You shall provide Sun with a
written notice for each Publication; such notice shall
include the following information: (1) title of
Publication, (2) author(s), (3) date of Publication, and (4)
ISBN or ISSN numbers. Such notice shall be sent to Sun
Microsystems, Inc., 4150 Network Circle, M/S USCA12-110,
Santa Clara, California 95054, U.S.A , Attention: Contracts
Administration.
F. Source Code. Software may contain source code that,
unless expressly licensed for other purposes, is provided
solely for reference purposes pursuant to the terms of this
Agreement. Source code may not be redistributed unless
expressly provided for in this Agreement.
G. Third Party Code. Additional copyright notices and
license terms applicable to portions of the Software are set
forth in the THIRDPARTYLICENSEREADME.txt file. In addition
to any terms and conditions of any third party
opensource/freeware
license
identified
in the
THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty
Appendix A: Third-Party License Agreements 181
Sun JRE 1.5.0_18
and limitation of liability provisions in paragraphs 5 and 6
of the Binary Code License Agreement shall apply to all
Software in this distribution.
H. Termination for Infringement. Either party may
terminate this Agreement immediately should any Software
become, or in either party's opinion be likely to become,
the subject of a claim of infringement of any intellectual
property right.
I. Installation and Auto-Update. The Software's
installation and auto-update processes transmit a limited
amount of data to Sun (or its service provider) about those
specific processes to help Sun understand and optimize them.
Sun does not associate the data with personally identifiable
information. You can find more information about the data
Sun collects at http://java.com/data/.
For inquiries please contact: Sun Microsystems, Inc., 4150
Network Circle, Santa Clara, California 95054, U.S.A.
(LFI#143333/Form ID#011801)
182 Release Notes
XNTP v.3-5.93
XNTP v.3-5.93
This product includes XNTP v.3-5.93. XNTP v.3-5.93 is distributed in accordance with the
following notice and permission:
***********************************************************************
*
*
* Copyright (c) David L. Mills 1992, 1993, 1994, 1995, 1996
*
*
*
* Permission to use, copy, modify, and distribute this software and *
* its documentation for any purpose and without fee is hereby
*
* granted, provided that the above copyright notice appears in all *
* copies and that both the copyright notice and this permission
*
* notice appear in supporting documentation, and that the name
* University of Delaware not be used in advertising or publicity
* pertaining to distribution of the software without specific,
*
*
* written prior permission. The University of Delaware makes no
*
* representations about the suitability this software for any
*
* purpose. It is provided "as is" without express or implied
*
* warranty.
*
*
**********************************************************************/
Appendix A: Third-Party License Agreements 183
XScreenSaver
XScreenSaver
Copyright © 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
2003, 2004, 2005 by Jamie Zawinski. Permission to use, copy, modify, distribute, and sell
this software and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting documentation. No
representations are made about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
Zlib 1.2.3
This product includes zlib developed by Jean-loup Gailly and Mark Adler.
184 Release Notes
ZThread 2.3.2
ZThread 2.3.2
Portions of this product include software developed by Eric Crahen. The ZThread
software is distributed in accordance with the following license agreement.
Copyright (c) 2005, Eric Crahen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Appendix A: Third-Party License Agreements 185