This is to announce gsasl-2.2.1, a stable release. GNU SASL is a modern C library that implement the network security protocol Simple Authentication and Security Layer (SASL). The framework itself and a couple of common SASL mechanisms are implemented. GNU SASL can be used by network applications for IMAP, SMTP, XMPP and other protocols to provide authentication services. Supported mechanisms include CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), GS2-KRB5, SAML20, OPENID20, LOGIN, and NTLM.
The project's web page is available at: https://www.gnu.org/software/gsasl/ All manuals are available from: https://www.gnu.org/software/gsasl/manual/ https://www.gnu.org/software/gsasl/manual/gsasl.html - HTML format https://www.gnu.org/software/gsasl/manual/gsasl.pdf - PDF format API Reference manual: https://www.gnu.org/software/gsasl/reference/ - GTK-DOC HTML Doxygen documentation: https://www.gnu.org/software/gsasl/doxygen/ - HTML format https://www.gnu.org/software/gsasl/doxygen/gsasl.pdf - PDF format For development snapshot artifacts see: https://gsasl.gitlab.io/gsasl/reference/ https://gsasl.gitlab.io/gsasl/coverage/ https://gsasl.gitlab.io/gsasl/cyclo/ https://gsasl.gitlab.io/gsasl/clang-analyzer/ If you need help to use GNU SASL, or want to help others, you are invited to join our help-gsasl mailing list, see: https://lists.gnu.org/mailman/listinfo/help-gsasl See the NEWS below for a brief summary. For a summary of changes and contributors, see: https://git.sv.gnu.org/gitweb/?p=gsasl.git;a=shortlog;h=v2.2.1 or run this command from a git-cloned gsasl directory: git shortlog v2.2.0..v2.2.1 Here are the compressed sources and a GPG detached signature: https://ftpmirror.gnu.org/gsasl/gsasl-2.2.1.tar.gz https://ftpmirror.gnu.org/gsasl/gsasl-2.2.1.tar.gz.sig Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the SHA1 and SHA256 checksums: c238b3af05af3804808cbf734f049a06840d787c gsasl-2.2.1.tar.gz 1FtWLhO9E7n8ILNy9LUyaXQM9iefg28JzhG50yvO4HU= gsasl-2.2.1.tar.gz Verify the base64 SHA256 checksum with cksum -a sha256 --check from coreutils-9.2 or OpenBSD's cksum since 2007. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify gsasl-2.2.1.tar.gz.sig The signature should match the fingerprint of the following key: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid Simon Josefsson <si...@josefsson.org> If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key si...@josefsson.org gpg --recv-keys 51722B08FE4745A2 wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=gsasl&download=1' | gpg --import - As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify gsasl-2.2.1.tar.gz.sig This release was bootstrapped with the following tools: Autoconf 2.72 Automake 1.16.5 Libtoolize 2.4.7 Gnulib 1cec7095fa Makeinfo 6.8 Help2man 1.49.1 Gperf 3.1 Gengetopt 2.23 Gtkdocize 1.33.1 Tar 1.34 Gzip 1.10 NEWS * Noteworthy changes in release 2.2.1 (2024-01-02) [stable] ** Base64 encoding/decoding now rejects non-conforming data. ** SCRAM server: Add support for GSASL_SCRAM_SALTED_PASSWORD. If the server knows GSASL_SCRAM_SALTED_PASSWORD with matching GSASL_SCRAM_ITER and GSASL_SCRAM_SALT values, it can avoid having to compute the expensive PBKDF2 operation. The SCRAM client already supports this mode. It is recommended for servers to store GSASL_SCRAM_SERVERKEY and GSASL_SCRAM_STOREDKEY values in a database, but sometimes storing GSASL_SCRAM_SALTED_PASSWORD, GSASL_SCRAM_ITER and GSASL_SCRAM_SALT has other advantages. ** gsasl: Added --scram-salted-password=STRING for test purposes. Based on idea from Manvendra Bhangui <mbhan...@gmail.com> in <https://lists.gnu.org/archive/html/help-gsasl/2022-11/msg00000.html>. ** tests: Resolve spurious 'Improper format of Kerberos configuration'. The gsasl-dovecot-gssapi.sh and gsasl-mailutils-gs2krb5-gssapi.sh self-tests configures a local Kerberos KDC running as non-root with configuration and database in local temporary directories. The kadmin.local tool will read and parse all files under the directory pointed to by KRB5_KDC_PROFILE assuming it contain configuration files. We accidentally put the KDC internal database in that directory. Normally reading these binary files (databases with encryption keys) is harmless, the garbage content is just ignored. However once in a while the encryption key or database will contain a line feed followed by the [ character, causing the configuration file parser to look for a balancing ] character, and if this cannot be found the tool fails. Since this only happened once in a while it was challenging to debug. Thanks to Andreas Metzler for report, for more background see <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057285> and <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017638>. ** Reasonable compiler warnings are now enabled by default. You may disable this using --disable-gcc-warnings (old behaviour) or turn them into fatal build errors using --enable-gcc-warnings=error to enable -Werror. Based on gnulib's manywarnings module, see <https://www.gnu.org/software/gnulib//manual/html_node/manywarnings.html>. ** Various minor bug fixes and improvements. Happy hacking, Simon
signature.asc
Description: PGP signature
