[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU SASL 1.8.1 released

From: Simon Josefsson
Subject: GNU SASL 1.8.1 released
Date: Wed, 01 Jan 2020 12:27:13 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).
The framework itself and a couple of common SASL mechanisms are
implemented.  GNU SASL can be used by network applications for IMAP,
SMTP, XMPP and other protocols to provide authentication services.
Supported mechanisms include CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS,

* Version 1.8.1 (released 2019-08-02) [stable]

** gsasl: IMAP client code now permits empty SASL tokens prefixed with '+'.
Normally servers should send '+ '.  Buggy servers include Microsoft
Exchange.  Reported by Adam Sj√łgren.

** GSSAPI client: Now retrieves GSASL_AUTHZID for authorization identity.
** GSSAPI client: Can now transmit an empty/missing authorization identity.
See lib/NEWS for more information.

** Build fixes.
Update of gnulib, including how it is bootstrapped.

** GSSAPI client: Now retrieves GSASL_AUTHZID for authorization identity.
** GSSAPI client: Can now transmit an empty/missing authorization identity.
Before the GSSAPI client retrieved GSASL_AUTHID (authentication
identity) and used that as the authorization identity.  For backwards
compatibility, the code now first tries GSASL_AUTHZID and then
GSASL_AUTHID when discovering the authorization identity.  If you
don't want any authorization identity (and thus let the server fall
back on the identity implied from the Kerberos layer) then return
GSASL_NO_CALLBACK on both.  Please update code to use GSASL_AUTHZID
instead of GSASL_AUTHID, in case we remove the backwards compatibility
code.  Reported by Amon Ott.

** GSSAPI server: Fix memory leak after successful authentication.
Report and patch by Goktan Kantarcioglu.

** libgsasl: gsasl_md5, gsasl_hmac_md5, gsasl_sha1, gsasl_hmac_sha1 API fix.
The final output variable used to be 'char *out[16]' and
'char *out[20]' respectively, however this triggered bug in the gdoc
automated documentation generator script so the types are now
'char *out[]'.  This should not require any changes in any application
using the library.

** i18n: Updated translations.

** The API and ABI is fully backwards compatible with version 1.6.x.

The project's web page is available at:

All manuals are available from:

The main manual: - HTML format - PDF format

API Reference manual: - GTK-DOC HTML

Doxygen documentation: - HTML format - PDF format

For code coverage, cyclomatic code complexity charts and clang output see:

If you need help to use GNU SASL, or want to help others, you are
invited to join our help-gsasl mailing list, see:

Here are the compressed sources of the entire package: (5.6MB) (OpenPGP)

Here are the compressed sources of the LGPL library (included above): (1.8MB) (OpenPGP)

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   rsa3744 2014-06-22 [SC]
      9AA9 BDB1 1BB1 B99A 2128  5A33 0664 A769 5426 5E8C
uid           [ultimate] Simon Josefsson <address@hidden>
sub   rsa2048 2014-06-22 [S]
sub   rsa2048 2014-06-22 [E]
sub   rsa2048 2014-06-22 [A]

The key is available from:

Future releases will (hopefully) be signed with an OpenPGP Ed25519 key
created on 2019-03-20 with the following fingerprint:

pub   ed25519 2019-03-20 [SC]
      B1D2 BD13 75BE CB78 4CF4  F8C4 D73C F638 C53C 06BE
uid           [ultimate] Simon Josefsson <address@hidden>
sub   cv25519 2019-03-20 [E]
sub   ed25519 2019-03-20 [A]
sub   ed25519 2019-03-20 [S]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

82ba0079da6918784a8170d4a13ee133d9df1d7a  gsasl-1.8.1.tar.gz
2fddefb2e849a74d5e9c177b4c2ef5517964bcdbf1c6ac367353ab3b  gsasl-1.8.1.tar.gz

a34b1459e4b888e60d5f8f8065fb4ab8e91be698  libgsasl-1.8.1.tar.gz
837964e533b59279123e9cfc12c6a5b9a8f1bd5215dc5c182073e9ee  libgsasl-1.8.1.tar.gz

Happy hacking,

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]