[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU SASL 0.2.23

From: Simon Josefsson
Subject: GNU SASL 0.2.23
Date: Tue, 15 Jan 2008 10:14:11 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

GNU SASL is a modern C library that implement the standard network
security protocol Simple Authentication and Security Layer (SASL).  The
framework and a couple of common SASL mechanisms are implemented.  GNU
SASL can be used by network applications for IMAP, SMTP and similar
protocols to provide authentication services (and more).

Top-level NEWS entries:

* Version 0.2.23 (released 2008-01-15)

** Improve CRAM-MD5 self-test to detect if challenges are the same.

** Improve gsasl --help and --version to conform with GNU standards.

** Use gettext 0.17.

** Update gnulib files.

Library (lib/) NEWS entries:

* Version 0.2.23 (released 2008-01-15)

** CRAM-MD5: Check return value from gc_nonce().  (SECURITY)
If GNU SASL was not built against libgcrypt, and the
--enable-nonce-device device file did not exist, building libgsasl
would warn you but would continue.  Further, the code in CRAM-MD5 to
generate a challenge would not generate a new nonce each time, so
depending on what's stored on the stack, you may get the same
challenge each time.  The function should have checked the return
value from gc_nonce().  Reported by "Daniel Armyr" <address@hidden>.

** Use gettext 0.17.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

Instructions for how to build GNU SASL under uClinux are available from
<>.  If your uClinux toolchain is broken,
it is possible to build GNU SASL without using the ./configure
mechanism, see <>.

Improving GNU SASL is costly, but you can help!  We are looking for
organizations that find GNU SASL useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, purchase
support contracts, or donate money or equipment.

Commercial support contracts for GNU SASL are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GNU SASL
maintenance.  We are always looking for interesting development
projects.  See for more details.

All manual formats are available from:

Specifically, the following formats are available.

The main manual: - HTML format - PDF format

API Reference manual: - GTK-DOC HTML

Doxygen documentation: - HTML format - PDF format

If you need help to use GNU SASL, or want to help others, you are
invited to join our help-gsasl mailing list, see:

The project page of the library is available at:

Here are the build reports for various platforms:

Daily builds of the package are available from:

Here are the compressed sources of the entire package:   (3.2MB)  (PGP)

Here are the compressed sources of the LGPL library (included above):   (780KB)  (PGP)

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2008-06-30]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <address@hidden>
uid                  Simon Josefsson <address@hidden>

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

6e78dac3b2bfc4befc785ea706ed054913997f72  gsasl-0.2.23.tar.gz
c86b5cea8ea94485bedef68c5f7adc17a2721404e2c1110db92828fd  gsasl-0.2.23.tar.gz

f2e55e3f487ed7ce26e210d24aa4c3232b7228ab  libgsasl-0.2.23.tar.gz
6a9217dbbd5bfcd26f8c6ed1991663678ca76038106002fc2e6720d6  libgsasl-0.2.23.tar.gz


Attachment: pgpn9qpnYmnKk.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]