[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gsasl-2.2.1 released [stable]
From: |
Simon Josefsson |
Subject: |
gsasl-2.2.1 released [stable] |
Date: |
Tue, 02 Jan 2024 21:54:16 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
This is to announce gsasl-2.2.1, a stable release.
GNU SASL is a modern C library that implement the network security
protocol Simple Authentication and Security Layer (SASL). The framework
itself and a couple of common SASL mechanisms are implemented. GNU SASL
can be used by network applications for IMAP, SMTP, XMPP and other
protocols to provide authentication services. Supported mechanisms
include CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID,
DIGEST-MD5, SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), GS2-KRB5, SAML20,
OPENID20, LOGIN, and NTLM.
The project's web page is available at:
https://www.gnu.org/software/gsasl/
All manuals are available from:
https://www.gnu.org/software/gsasl/manual/
https://www.gnu.org/software/gsasl/manual/gsasl.html - HTML format
https://www.gnu.org/software/gsasl/manual/gsasl.pdf - PDF format
API Reference manual:
https://www.gnu.org/software/gsasl/reference/ - GTK-DOC HTML
Doxygen documentation:
https://www.gnu.org/software/gsasl/doxygen/ - HTML format
https://www.gnu.org/software/gsasl/doxygen/gsasl.pdf - PDF format
For development snapshot artifacts see:
https://gsasl.gitlab.io/gsasl/reference/
https://gsasl.gitlab.io/gsasl/coverage/
https://gsasl.gitlab.io/gsasl/cyclo/
https://gsasl.gitlab.io/gsasl/clang-analyzer/
If you need help to use GNU SASL, or want to help others, you are
invited to join our help-gsasl mailing list, see:
https://lists.gnu.org/mailman/listinfo/help-gsasl
See the NEWS below for a brief summary.
For a summary of changes and contributors, see:
https://git.sv.gnu.org/gitweb/?p=gsasl.git;a=shortlog;h=v2.2.1
or run this command from a git-cloned gsasl directory:
git shortlog v2.2.0..v2.2.1
Here are the compressed sources and a GPG detached signature:
https://ftpmirror.gnu.org/gsasl/gsasl-2.2.1.tar.gz
https://ftpmirror.gnu.org/gsasl/gsasl-2.2.1.tar.gz.sig
Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html
Here are the SHA1 and SHA256 checksums:
c238b3af05af3804808cbf734f049a06840d787c gsasl-2.2.1.tar.gz
1FtWLhO9E7n8ILNy9LUyaXQM9iefg28JzhG50yvO4HU= gsasl-2.2.1.tar.gz
Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.
Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify gsasl-2.2.1.tar.gz.sig
The signature should match the fingerprint of the following key:
pub ed25519 2019-03-20 [SC]
B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE
uid Simon Josefsson <simon@josefsson.org>
If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.
gpg --locate-external-key simon@josefsson.org
gpg --recv-keys 51722B08FE4745A2
wget -q -O-
'https://savannah.gnu.org/project/release-gpgkeys.php?group=gsasl&download=1' |
gpg --import -
As a last resort to find the key, you can try the official GNU
keyring:
wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify gsasl-2.2.1.tar.gz.sig
This release was bootstrapped with the following tools:
Autoconf 2.72
Automake 1.16.5
Libtoolize 2.4.7
Gnulib 1cec7095fa
Makeinfo 6.8
Help2man 1.49.1
Gperf 3.1
Gengetopt 2.23
Gtkdocize 1.33.1
Tar 1.34
Gzip 1.10
NEWS
* Noteworthy changes in release 2.2.1 (2024-01-02) [stable]
** Base64 encoding/decoding now rejects non-conforming data.
** SCRAM server: Add support for GSASL_SCRAM_SALTED_PASSWORD.
If the server knows GSASL_SCRAM_SALTED_PASSWORD with matching
GSASL_SCRAM_ITER and GSASL_SCRAM_SALT values, it can avoid having to
compute the expensive PBKDF2 operation. The SCRAM client already
supports this mode. It is recommended for servers to store
GSASL_SCRAM_SERVERKEY and GSASL_SCRAM_STOREDKEY values in a database,
but sometimes storing GSASL_SCRAM_SALTED_PASSWORD, GSASL_SCRAM_ITER
and GSASL_SCRAM_SALT has other advantages.
** gsasl: Added --scram-salted-password=STRING for test purposes.
Based on idea from Manvendra Bhangui <mbhangui@gmail.com> in
<https://lists.gnu.org/archive/html/help-gsasl/2022-11/msg00000.html>.
** tests: Resolve spurious 'Improper format of Kerberos configuration'.
The gsasl-dovecot-gssapi.sh and gsasl-mailutils-gs2krb5-gssapi.sh
self-tests configures a local Kerberos KDC running as non-root with
configuration and database in local temporary directories. The
kadmin.local tool will read and parse all files under the directory
pointed to by KRB5_KDC_PROFILE assuming it contain configuration
files. We accidentally put the KDC internal database in that
directory. Normally reading these binary files (databases with
encryption keys) is harmless, the garbage content is just ignored.
However once in a while the encryption key or database will contain a
line feed followed by the [ character, causing the configuration file
parser to look for a balancing ] character, and if this cannot be
found the tool fails. Since this only happened once in a while it was
challenging to debug. Thanks to Andreas Metzler for report, for more
background see
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057285> and
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017638>.
** Reasonable compiler warnings are now enabled by default.
You may disable this using --disable-gcc-warnings (old behaviour) or
turn them into fatal build errors using --enable-gcc-warnings=error to
enable -Werror. Based on gnulib's manywarnings module, see
<https://www.gnu.org/software/gnulib//manual/html_node/manywarnings.html>.
** Various minor bug fixes and improvements.
Happy hacking,
Simon
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- gsasl-2.2.1 released [stable],
Simon Josefsson <=