Updated: gsasl, libgsasl{-doc,-devel,-common,18} 2.2.1

public inbox for cygwin-announce@cygwin.com
 help / color / mirror / Atom feed

* Updated: gsasl, libgsasl{-doc,-devel,-common,18} 2.2.1
@ 2024-01-06 22:48 Cygwin gsasl Maintainer
  0 siblings, 0 replies; only message in thread
From: Cygwin gsasl Maintainer @ 2024-01-06 22:48 UTC (permalink / raw)
  To: Cygwin Announcements

The following packages have been uploaded for testing in Cygwin:

* gsasl			2.2.1
* libgsasl-doc		2.2.1
* libgsasl-devel	2.2.1
* libgsasl-common	2.2.1
* libgsasl18		2.2.1

GNU SASL is an implementation of the Simple Authentication and Security
Layer (SASL) framework, consisting of a library with several plugins,
and command-line application.

For more information see the project home page:

	https://www.gnu.org/software/gsasl/

See below or read /usr/share/doc/gsasl/NEWS after installation for
a summary of changes since the last Cygwin release, or read
/usr/share/doc/gsasl/ChangeLog after installation for details.


Noteworthy changes in release 2.2.1	2024-01-02

- Base64 encoding/decoding now rejects non-conforming data.

- SCRAM server: Add support for GSASL_SCRAM_SALTED_PASSWORD.
  If the server knows GSASL_SCRAM_SALTED_PASSWORD with matching
  GSASL_SCRAM_ITER and GSASL_SCRAM_SALT values, it can avoid having to
  compute the expensive PBKDF2 operation.
  The SCRAM client already supports this mode.
  It is recommended for servers to store GSASL_SCRAM_SERVERKEY and
  GSASL_SCRAM_STOREDKEY values in a database, but sometimes storing
  GSASL_SCRAM_SALTED_PASSWORD, GSASL_SCRAM_ITER and GSASL_SCRAM_SALT has
  other advantages.

- gsasl: Added --scram-salted-password=STRING for test purposes.

- tests: Resolve spurious 'Improper format of Kerberos configuration'.
  The gsasl-dovecot-gssapi.sh and gsasl-mailutils-gs2krb5-gssapi.sh
  self-tests configures a local Kerberos KDC running as non-root with
  configuration and database in local temporary directories.
  The kadmin.local tool will read and parse all files under the
  directory pointed to by KRB5_KDC_PROFILE assuming it contain
  configuration files.
  We accidentally put the KDC internal database in that directory.
  Normally reading these binary files (databases with encryption keys)
  is harmless, the garbage content is just ignored.
  However once in a while the encryption key or database will contain a
  line feed followed by the [ character, causing the configuration file
  parser to look for a balancing ] character, and if this cannot be
  found the tool fails.
  Since this only happened once in a while it was challenging to debug.

- Reasonable compiler warnings are now enabled by default.
  You may disable this using --disable-gcc-warnings (old behaviour) or
  turn them into fatal build errors using --enable-gcc-warnings=error to
  enable -Werror.

- Various minor bug fixes and improvements.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-01-06 22:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-06 22:48 Updated: gsasl, libgsasl{-doc,-devel,-common,18} 2.2.1 Cygwin gsasl Maintainer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).