GNU SASL 0.2.3

[Simon Josefsson]

GNU SASL version 0.2.3 has been released!

This version fixes several bugs for all the new things that went into
the 0.2.x series.

Sadly, the DIGEST-MD5 mechanism is currently disabled by default,
pending a rewrite, to work with the new 0.2.x API.  However, if your
application is using the old callback interface (which is still fully
supported), you can enable the mechanism using --enable-digest-md5.
It has been reported to work.

Enjoy,
Simon

GNU SASL is an implementation of the Simple Authentication and
Security Layer framework and a few common SASL mechanisms.  SASL is
used by network servers (e.g., IMAP, SMTP) to request authentication
from clients, and in clients to authenticate against servers.

The project page of the library is available at:
  http://www.gnu.org/software/gsasl/
  http://josefsson.org/gsasl/

Here are the compressed sources of the entire package:
  ftp://alpha.gnu.org/gnu/gsasl/gsasl-0.2.3.tar.gz         (2.5MB)
  http://josefsson.org/gsasl/releases/gsasl-0.2.3.tar.gz   (2.5MB)

Here are GPG detached signatures using key 0xB565716F:
  ftp://alpha.gnu.org/gnu/gsasl/gsasl-0.2.3.tar.gz.sig
  http://josefsson.org/gsasl/releases/gsasl-0.2.3.tar.gz.sig

Here are the compressed sources of the LGPL library (included above):
  ftp://alpha.gnu.org/gnu/gsasl/libgsasl-0.2.3.tar.gz         (524KB)
  http://josefsson.org/gsasl/releases/libgsasl-0.2.3.tar.gz   (524KB)

Here are GPG detached signatures using key 0xB565716F:
  ftp://alpha.gnu.org/gnu/gsasl/libgsasl-0.2.3.tar.gz.sig
  http://josefsson.org/gsasl/releases/libgsasl-0.2.3.tar.gz.sig

Here are the SHA-1 checksums:

c975091be2f5ee1d14a4ef1bab3159db31f8377e  gsasl-0.2.3.tar.gz
81efb8449ae5fa113ca61235ffcedb8e64e64104  gsasl-0.2.3.tar.gz.sig
f5b546574b7b43e3e66d97c90fd095f48b3febab  libgsasl-0.2.3.tar.gz
7e7a90f334dbb8743ac64990474b66c397c78281  libgsasl-0.2.3.tar.gz.sig

Here are the build reports for various platforms:
  http://josefsson.org/autobuild/gsasl.html

Noteworthy changes (since 0.2.0, last version announced here) in the
front-end (changes in library below):

* Version 0.2.3 (released 2004-12-15)

** Fix example code to handle base64 encoded data properly.

** DIGEST-MD5 is disabled by default, pending a rewrite for the new API.

** Command line tool uses new callback interface to the library.

** Command line tool uses "iconvme" from gnulib for UTF-8 string conversion.

** Server mode in the command line tool does not work currently.
It is unclear if this feature was ever that useful.  If there are no
objections, it will be removed completely in future versions.

** Documentation fixes.

** Fix self test bugs.

* Version 0.2.2 (released 2004-11-29)

** Update of gnulib files.

* Version 0.2.1 (released 2004-11-19)

** Documentation fixes; the old callback API functions are marked as obsolete.

Noteworthy changes (since 0.1.0, last version announced here) in the
library:

* Version 0.2.3 (released 2004-12-15)

** NTLM now set the 'domain' field to the GSASL_REALM property value.
Some servers appear to need non-empty but arbitrary domain values,
reported by Martin Lambers.

** PLAIN client no longer perform NFKC on strings.
This aligns with draft-ietf-sasl-plain-05.

** LOGIN client no longer perform NFKC on strings.
There is no specification for LOGIN, but arguable it should use
SASLprep, but on the server side.

** DIGEST-MD5 is disabled by default, pending a rewrite for the new API.
The mechanism still work if your application is using the old callback
API, in which case you may enable it (--enable-digest-md5) to have the
same functionality as in older versions.

** LOGIN client now uses authentication identity, not authorization identity,
reported by Martin Lambers.

** PLAIN client now work when no authorization identity is provided,
reported by Martin Lambers.

** Callback backwards compatibility improved, thanks to Sergey Poznyakoff.
The GSASL_VALIDATE_SIMPLE and GSASL_PASSWORD are now translated into
calls to gsasl_server_callback_validate_get() and
gsasl_server_callback_retrieve_get(), respectively.

** A crash in the new base64 code was fixed.

** Use of SASLprep in CRAM-MD5 changed.
The client now prepare authid/password as if they were query strings.
The server prepare the password as a storage string.

** The shared library version was incremented to reflect that the base64 APIs
were added, this was forgotten in the last release.

** Disabling Libidn/SASLprep should now result in a RFC 2222 compliant library.
However, it will reject non-ASCII strings, since the handling of those
strings was not specified in RFC 2222.

** API and ABI modifications.
gsasl_stringprep_nfkc, gsasl_stringprep_saslprep,
gsasl_stringprep_trace: DEPRECATED.  Use gsasl_saslprep() instead.
gsasl_saslprep: ADD.
Gsasl_saslprep_flags: ADD.  New enum type to go with gsasl_saslprep.
GSASL_REALM: ADD, new property.
GSASL_UNICODE_NORMALIZATION_ERROR: DEPRECATED.  Use
                                   GSASL_SASLPREP_ERROR instead.
GSASL_CANNOT_VALIDATE: REMOVED.  Never used for any reasonable purpose.

* Version 0.2.2 (released 2004-11-29)

** Fix memory leak in server-side CRAM-MD5.

** Fix read out of bound error in client-side CRAM-MD5.

** Tighten the base64 decoder, will not accept white space in input.

** Documentation fixes.

** API and ABI modifications.
gsasl_base64_encode, gsasl_base64_decode: DEPRECATED.
gsasl_base64_to, gsasl_base64_from: NEW.  Allocates the output buffer.

* Version 0.2.1 (released 2004-11-19)

** Fix DIGEST-MD5 application data encode/decode functions.

** Documentation fixes; the old callback API functions are marked as obsolete.

** API and ABI modifications.
No changes since last version.