head 1.23; access; symbols pkgsrc-2023Q4:1.23.0.12 pkgsrc-2023Q4-base:1.23 pkgsrc-2023Q3:1.23.0.10 pkgsrc-2023Q3-base:1.23 pkgsrc-2023Q2:1.23.0.8 pkgsrc-2023Q2-base:1.23 pkgsrc-2023Q1:1.23.0.6 pkgsrc-2023Q1-base:1.23 pkgsrc-2022Q4:1.23.0.4 pkgsrc-2022Q4-base:1.23 pkgsrc-2022Q3:1.23.0.2 pkgsrc-2022Q3-base:1.23 pkgsrc-2022Q2:1.22.0.6 pkgsrc-2022Q2-base:1.22 pkgsrc-2022Q1:1.22.0.4 pkgsrc-2022Q1-base:1.22 pkgsrc-2021Q4:1.22.0.2 pkgsrc-2021Q4-base:1.22 pkgsrc-2021Q3:1.20.0.6 pkgsrc-2021Q3-base:1.20 pkgsrc-2021Q2:1.20.0.4 pkgsrc-2021Q2-base:1.20 pkgsrc-2021Q1:1.20.0.2 pkgsrc-2021Q1-base:1.20 pkgsrc-2020Q4:1.19.0.2 pkgsrc-2020Q4-base:1.19 pkgsrc-2020Q3:1.18.0.40 pkgsrc-2020Q3-base:1.18 pkgsrc-2020Q2:1.18.0.36 pkgsrc-2020Q2-base:1.18 pkgsrc-2020Q1:1.18.0.16 pkgsrc-2020Q1-base:1.18 pkgsrc-2019Q4:1.18.0.38 pkgsrc-2019Q4-base:1.18 pkgsrc-2019Q3:1.18.0.34 pkgsrc-2019Q3-base:1.18 pkgsrc-2019Q2:1.18.0.32 pkgsrc-2019Q2-base:1.18 pkgsrc-2019Q1:1.18.0.30 pkgsrc-2019Q1-base:1.18 pkgsrc-2018Q4:1.18.0.28 pkgsrc-2018Q4-base:1.18 pkgsrc-2018Q3:1.18.0.26 pkgsrc-2018Q3-base:1.18 pkgsrc-2018Q2:1.18.0.24 pkgsrc-2018Q2-base:1.18 pkgsrc-2018Q1:1.18.0.22 pkgsrc-2018Q1-base:1.18 pkgsrc-2017Q4:1.18.0.20 pkgsrc-2017Q4-base:1.18 pkgsrc-2017Q3:1.18.0.18 pkgsrc-2017Q3-base:1.18 pkgsrc-2017Q2:1.18.0.14 pkgsrc-2017Q2-base:1.18 pkgsrc-2017Q1:1.18.0.12 pkgsrc-2017Q1-base:1.18 pkgsrc-2016Q4:1.18.0.10 pkgsrc-2016Q4-base:1.18 pkgsrc-2016Q3:1.18.0.8 pkgsrc-2016Q3-base:1.18 pkgsrc-2016Q2:1.18.0.6 pkgsrc-2016Q2-base:1.18 pkgsrc-2016Q1:1.18.0.4 pkgsrc-2016Q1-base:1.18 pkgsrc-2015Q4:1.18.0.2 pkgsrc-2015Q4-base:1.18 pkgsrc-2015Q3:1.17.0.28 pkgsrc-2015Q3-base:1.17 pkgsrc-2015Q2:1.17.0.26 pkgsrc-2015Q2-base:1.17 pkgsrc-2015Q1:1.17.0.24 pkgsrc-2015Q1-base:1.17 pkgsrc-2014Q4:1.17.0.22 pkgsrc-2014Q4-base:1.17 pkgsrc-2014Q3:1.17.0.20 pkgsrc-2014Q3-base:1.17 pkgsrc-2014Q2:1.17.0.18 pkgsrc-2014Q2-base:1.17 pkgsrc-2014Q1:1.17.0.16 pkgsrc-2014Q1-base:1.17 pkgsrc-2013Q4:1.17.0.14 pkgsrc-2013Q4-base:1.17 pkgsrc-2013Q3:1.17.0.12 pkgsrc-2013Q3-base:1.17 pkgsrc-2013Q2:1.17.0.10 pkgsrc-2013Q2-base:1.17 pkgsrc-2013Q1:1.17.0.8 pkgsrc-2013Q1-base:1.17 pkgsrc-2012Q4:1.17.0.6 pkgsrc-2012Q4-base:1.17 pkgsrc-2012Q3:1.17.0.4 pkgsrc-2012Q3-base:1.17 pkgsrc-2012Q2:1.17.0.2 pkgsrc-2012Q2-base:1.17 pkgsrc-2012Q1:1.16.0.4 pkgsrc-2012Q1-base:1.16 pkgsrc-2011Q4:1.16.0.2 pkgsrc-2011Q4-base:1.16 pkgsrc-2011Q3:1.15.0.4 pkgsrc-2011Q3-base:1.15 pkgsrc-2011Q2:1.15.0.2 pkgsrc-2011Q2-base:1.15 pkgsrc-2011Q1:1.14.0.4 pkgsrc-2011Q1-base:1.14 pkgsrc-2010Q4:1.14.0.2 pkgsrc-2010Q4-base:1.14 pkgsrc-2010Q3:1.13.0.4 pkgsrc-2010Q3-base:1.13 pkgsrc-2010Q2:1.13.0.2 pkgsrc-2010Q2-base:1.13 pkgsrc-2010Q1:1.12.0.8 pkgsrc-2010Q1-base:1.12 pkgsrc-2009Q4:1.12.0.6 pkgsrc-2009Q4-base:1.12 pkgsrc-2009Q3:1.12.0.4 pkgsrc-2009Q3-base:1.12 pkgsrc-2009Q2:1.12.0.2 pkgsrc-2009Q2-base:1.12 pkgsrc-2009Q1:1.11.0.4 pkgsrc-2009Q1-base:1.11 pkgsrc-2008Q4:1.11.0.2 pkgsrc-2008Q4-base:1.11 pkgsrc-2008Q3:1.10.0.4 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.2 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.8.0.4 pkgsrc-2008Q2-base:1.8 cwrapper:1.8.0.2 pkgsrc-2008Q1:1.7.0.4 pkgsrc-2008Q1-base:1.7 pkgsrc-2007Q4:1.7.0.2 pkgsrc-2007Q4-base:1.7 pkgsrc-2007Q3:1.6.0.8 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.6 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.4 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.2 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.5.0.14 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.5.0.12 pkgsrc-2006Q2-base:1.5 pkgsrc-2006Q1:1.5.0.10 pkgsrc-2006Q1-base:1.5 pkgsrc-2005Q4:1.5.0.8 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.6 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.4 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.2 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.2.0.4 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.2 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.1.1.1.0.4 pkgsrc-2004Q2-base:1.1.1.1 pkgsrc-2004Q1:1.1.1.1.0.2 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.23 date 2022.07.17.08.24.53; author wiz; state Exp; branches; next 1.22; commitid SYqQl6Jq1YLpXdMD; 1.22 date 2021.10.26.11.17.07; author nia; state Exp; branches; next 1.21; commitid PNswNV9GDLZeojeD; 1.21 date 2021.10.07.14.53.51; author nia; state Exp; branches; next 1.20; commitid nfjKlj1wTplMcTbD; 1.20 date 2021.01.07.22.09.52; author wiz; state Exp; branches; next 1.19; commitid 1cVtMDJd6DJnoQCC; 1.19 date 2020.11.16.13.05.07; author wiz; state Exp; branches; next 1.18; commitid Vuku6dmcdmGf37wC; 1.18 date 2015.11.04.01.17.46; author agc; state Exp; branches; next 1.17; commitid agUNgZr58GM2fIHy; 1.17 date 2012.05.30.06.52.58; author adam; state Exp; branches; next 1.16; 1.16 date 2011.11.24.09.04.18; author marino; state Exp; branches; next 1.15; 1.15 date 2011.06.01.10.05.57; author adam; state Exp; branches; next 1.14; 1.14 date 2010.12.23.18.03.48; author christos; state Exp; branches; next 1.13; 1.13 date 2010.06.03.09.23.34; author wiz; state Exp; branches; next 1.12; 1.12 date 2009.06.04.18.38.30; author adam; state Exp; branches; next 1.11; 1.11 date 2008.11.07.18.40.52; author adam; state Exp; branches; next 1.10; 1.10 date 2008.09.08.08.58.49; author adam; state Exp; branches; next 1.9; 1.9 date 2008.08.14.10.01.03; author adam; state Exp; branches; next 1.8; 1.8 date 2008.05.21.15.22.56; author obache; state Exp; branches; next 1.7; 1.7 date 2007.10.25.21.24.53; author adam; state Exp; branches; next 1.6; 1.6 date 2006.12.09.14.06.13; author obache; state Exp; branches; next 1.5; 1.5 date 2005.02.28.13.29.31; author wiz; state Exp; branches; next 1.4; 1.4 date 2005.02.24.13.10.06; author agc; state Exp; branches; next 1.3; 1.3 date 2004.12.26.22.56.09; author wiz; state Exp; branches; next 1.2; 1.2 date 2004.09.19.12.48.45; author wiz; state Exp; branches; next 1.1; 1.1 date 2003.12.03.19.23.13; author xtraeme; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2003.12.03.19.23.13; author xtraeme; state Exp; branches; next ; desc @@ 1.23 log @gsasl: update to 2.0.1. * Noteworthy changes in release 2.0.1 (2022-07-15) [stable] ** Support for the libgssglue GSS-API library were added. We encourage you to build with libgssglue, as that allows system administrators and end-users to chose between MIT Kerberos, Heimdal and GNU GSS during run-time. Read about the background here: https://blog.josefsson.org/2022/07/14/towards-pluggable-gss-api-modules/ ** GSSAPI client: don't use AUTHID as fallback for AUTHZID. The code historically used the AUTHID as authorization identity, but in 2012 we changed it to first query for AUTHZID, and only if that is not available, fall back to using AUTHID as the authorization identity. The change was not released until version 1.8.1 on 2019-08-02, when it was properly documented to be removed 'after the year 2012'. While documented behaviour, this seems like just surprising behaviour and we now finally make the change. ** GSSAPI server: don't set AUTHZID to empty string when absent. The GSS-API SASL protocol does not differentiate between an absent authorization identity and an authorization identity that is the empty string. Previously libgsasl would set it to the empty string but now it is set to NULL. The manual explains that this is a protocol limitation. ** The examples/smtp-server.c now supports GSSAPI/GS2-KRB5. The example is used during CI/CD testing of GNU SASL and thus it made sense to extend it. Some bugs related to getline error conditions were also fixed. ** GSSAPI server: Fix out-of-bounds read. A malicious client can after it has authenticated with Kerberos send a specially crafted message that causes Libgsasl to read out of bounds and cause a crash in the server. * Noteworthy changes in release 2.0.0 (2022-06-20) [stable] ** Compared to last stable branch 1.10.x the 2.0.0 release ** drops all obsolete APIs, drops the abandoned KERBEROS_V5 mechanism, ** stops shipping a separate tarball for only the library, adds new APIs ** gsasl_mechanism_name_p() and gsasl_property_free(). Numerous other translation improvements, code cleanups, bug fixes, documentation additions, build improvements and portability enhancements were made as well. @ text @$NetBSD: distinfo,v 1.22 2021/10/26 11:17:07 nia Exp $ BLAKE2s (gsasl-2.0.1.tar.gz) = d3c1968d9ce3a8602df57be4efa4cec6e1da8c52f585f4f7f734cdd540bf4c98 SHA512 (gsasl-2.0.1.tar.gz) = 01c6f6bd9f986c942a25b89fee0052aef8c10bf914ead29983abdf0cc8fcaa7223fd9d9eeafb4be07e4bc318f087f6f6258facaaeb7f83bca8de512406812be5 Size (gsasl-2.0.1.tar.gz) = 3279632 bytes @ 1.22 log @security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2021/10/07 14:53:51 nia Exp $ d3 3 a5 3 BLAKE2s (gsasl-1.10.0.tar.gz) = 0f33658e5a7a6f99ae48e5d21529190fa32040e5f1f7781b00c2c952a13d9bec SHA512 (gsasl-1.10.0.tar.gz) = 8b1dc87e85dbfd0255b3b43c4b7f9c2e896cb03efe4cd4af86393b62fd193665aae4ce59e66db736722e32babfcea6d4f6ddd3c5f069dcc4210f7e9531043e4a Size (gsasl-1.10.0.tar.gz) = 5946076 bytes @ 1.21 log @security: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2021/01/07 22:09:52 wiz Exp $ d3 1 a3 1 RMD160 (gsasl-1.10.0.tar.gz) = 0b7b66702493527f295ba35c4f2a409600839946 @ 1.20 log @gsasl: update to 1.10.0. * Version 1.10.0 (released 2021-01-01) [stable] ** This is a new major stable release. Brief changes compared to 1.8.x: *** SCRAM-SHA-256 and SCRAM-SHA-256-PLUS support per RFC 7677. *** SCRAM supports password-less usage (StoredKey/ServerKey). *** New 'gsasl --mkpasswd' command to prepare SCRAM salted/hashed passwords. *** Final warning that obsolete APIs will be removed. *** Various cleanups, portability and other bug fixes. See the entries in NEWS and lib/NEWS covering the 1.9.x branch for details. * Version 1.9.3 (released 2021-01-01) [beta] ** Fix build/portability problems. GnuTLS >= 3.4 is required. Thanks to Bruno Haible for reports. * Version 1.9.2 (released 2020-12-24) [beta] ** gsasl: Don't abort command on some exepected TLS events (for TLS 1.3). Patch from Enrico Scholz in: https://lists.gnu.org/archive/html/help-gsasl/2020-08/msg00000.html ** gsasl: Use GnuTLS system trust settings by default for X.509 server ** certificate validation. Before it was documented behaviour that unless --x509-ca-file was used, no verification of the server-side certificate was performed. Now instead it will use the system trust settings, which on properly configured systems results in verification of the server certificate. As a result, you may now start to get server certificate verification errors in situations where you didn't expect them. Use --x509-ca-file with the empty string ("") as a file name to use the old behaviour to not abort on server certificate verification failures. ** SCRAM, GS2 and GSSAPI retrieve properties later in ** the authentication process. Before the property GSASL_CB_TLS_UNIQUE was retrieved during SCRAM gsasl_client_start() and gsasl_server_start(), and the properties GSSAPI_SERVICE and GSSAPI_HOSTNAME was retrived during GS2/GSSAPI gsasl_server_start(). Now they are retrieved during the first call to gsasl_step(). The only user-visible impact of this should be that 'gsasl --client-mechanisms' and 'gsasl --server-mechanisms' will now not query for parameters before giving a list of supported mechanisms, which arguable gives a better user experience. The downside of this is that SCRAM-*-PLUS, GS2 and GSSAPI may be advertised even though completing the server mechanism may not complete. The problem with calling callbacks in the start() function is that the callback will have no per-session context at that point, only a global context, so the only way to give per-session unique callback responses is to use a separate global handle per session. This was discovered in the Exim implementation of gsasl with SCRAM that used to request the GSASL_CB_TLS_UNIQUE property in the start() function. After noticing this design issue, and writing this self test, it was discovered that it also happened for the GSSAPI/GS2 server (not client) mechanism for the GSASL_SERVICE and GSASL_HOSTNAME properties. Thanks to Jeremy Harris for noticing the problem and discussion, see https://lists.gnu.org/archive/html/help-gsasl/2020-01/msg00035.html ** gsasl: The --mkpasswd output format follows Dovecot 'doveadm pw'. ** Filenames of images in the manual are now prefixed with 'gsasl-'. This makes /usr/share/info more understandable, and it is suggested by at least Debian to do this in upstream. ** Build changes. Some more compiler warnings used and code fixed. Improved ./configure diagnostics. * Version 1.9.1 (released 2020-01-14) [beta] ** gsasl: New --mkpasswd argument to prepare salted/hashed passwords. Currently mechanisms SCRAM-SHA-1 and SCRAM-SHA-256 are supported. New parameter --iteration-count to indicate number of PBKDF2 rounds, default being 65536. New parameter --salt to specify PBKDF2 salt. * Version 1.9.0 (released 2020-01-03) [beta] ** Client and server support for SCRAM-SHA-256 and SCRAM-SHA-256-PLUS. ** gsasl: If PORT argument is "587" or "submission", SMTP mode is used. Further, unrecognized PORT arguments will now on raise an error to specify --smtp or --imap. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2020/11/16 13:05:07 wiz Exp $ a2 1 SHA1 (gsasl-1.10.0.tar.gz) = ec3def1bdc4a0b6284f0d1e2901495218c87587e @ 1.19 log @gsasl: update to 1.8.1. * Version 1.8.1 (released 2019-08-02) [stable] ** gsasl: IMAP client code now permits empty SASL tokens prefixed with '+'. Normally servers should send '+ '. Buggy servers include Microsoft Exchange. Reported by Adam Sjøgren. ** GSSAPI client: Now retrieves GSASL_AUTHZID for authorization identity. ** GSSAPI client: Can now transmit an empty/missing authorization identity. See lib/NEWS for more information. ** Build fixes. Update of gnulib, including how it is bootstrapped. ** i18n: Updated translations. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2015/11/04 01:17:46 agc Exp $ d3 4 a6 5 SHA1 (gsasl-1.8.1.tar.gz) = 82ba0079da6918784a8170d4a13ee133d9df1d7a RMD160 (gsasl-1.8.1.tar.gz) = 8cf11ab86e608f36c74593e4b37ebdb000df4292 SHA512 (gsasl-1.8.1.tar.gz) = 8973f5af12cc17aae76a4a2ea887d17e74e48b1ce896dfd62fde8cb874ed965d77c62d671ff86ce3217158e58a7a521b7fde9ea606f73c3a912a8973f1b204cb Size (gsasl-1.8.1.tar.gz) = 5774550 bytes SHA1 (patch-ac) = 8a51c8a8bc046a0efe6572c244cd0c886e7ab7b4 @ 1.18 log @Add SHA512 digests for distfiles for security category Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2012/05/30 06:52:58 adam Exp $ d3 5 a7 5 SHA1 (gsasl-1.8.0.tar.gz) = 343fd97ae924dc406986c02fb9b889f4114239ae RMD160 (gsasl-1.8.0.tar.gz) = 66690049347357d2ba42e4a0c7f82eb488e4133e SHA512 (gsasl-1.8.0.tar.gz) = 711bd87d27656834ae7e19b22a76db2b1db37dd25999cd303fe8439e23e74e87fd1474c5db1b5f97e9ab75437eeeb6167a752e9191f364f530eeabb6cddda36f Size (gsasl-1.8.0.tar.gz) = 4914837 bytes SHA1 (patch-ac) = 8ce0f4e970a220127c1f199d7a492501ac054bc8 @ 1.17 log @Changes 1.8.0: This is a new major stable release. Brief changes compared to 1.6.x: * SAML20 support following RFC 6595. * OPENID20 support following RFC 6616. * Added SMTP server examples (for e.g., SCRAM, SAML20, OPENID20). * Various cleanups, portability and other bug fixes. See the NEWS entries during the 1.7.x branch for details. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2011/11/24 09:04:18 marino Exp $ d5 1 @ 1.16 log @security/gsasl: Remove windows function gss-extra.c fails compilation on DragonFly: line 43: error: unexpected identifier or '(' before '&' token It's on code that is only intended for a windows target. Gentoo patched it by wrapping it in "if (defined _WIN32 || defined __WIN32__)" macro which is effectively the same is deleting the definition completely, which is what is being done here. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2011/06/01 10:05:57 adam Exp $ d3 3 a5 3 SHA1 (gsasl-1.6.1.tar.gz) = 5439fd32ac975c36015263fafdc79ededdd57c72 RMD160 (gsasl-1.6.1.tar.gz) = 510661e88a41300ad3b32dd4a6bd6236aab28c78 Size (gsasl-1.6.1.tar.gz) = 4623634 bytes @ 1.15 log @Changes 1.6.1: * build: Demand gettext >= 0.18.1 in order to get newer M4 files. The old M4 files associated with 0.17 caused problems on Solaris, which will hopefully be fixed with this. * doc: Typo fix in autoconf snippet. * i18n: Updated translations. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2010/12/23 18:03:48 christos Exp $ d6 1 @ 1.14 log @de to 1.6.0 from Anon Ymous Changes since 1.1: ** gsasl: Add --no-cb to disable use of TLS channel bindings. ** build: Use silent build rules via automake. Use 'make V=99' to see the command lines used. ** Update gnulib files. ** gsasl: Support for TLS channel bindings. Requires GnuTLS 2.11.4 or later for the gnutls_session_channel_binding function. Used by the SCRAM-SHA-1-PLUS mechanism. ** doc: Mention new property GSASL_CB_TLS_UNIQUE and SCRAM-SHA-1-PLUS. ** tests: Added self-tests for SCRAM-SHA-1-PLUS. ** gsasl: Avoid fixed size buffers. This caused problems on Windows where the BUFSIZ was too small for some line lengths with GS2-KRB5. ** tests: Fix error strings to be more unique. ** doc: Added section on how to build with MIT Kerberos for Windows. ** doc: Added PDF version of API reference manual. See doc/reference/gsasl.pdf. ** i18n: Updated translations. Thanks to Benno Schulenberg. ** doc: Explain GS2-related changes. ** doc: GTK-DOC manual improved. Now almost all symbols and types are explained. ** gsasl: Fix crash when getaddrinfo does not get a canonical name. ** gsasl: Improve error message when server rejects authentication. ** tests: Self checks are improved. ** gsasl: Improve application data throughput. Patch from Enrico Scholz in . ** Improve MinGW builds. ** doc: Fix doc/cyclo/ output. ** tests/crypto: Also test newly added SHA-1 interfaces. ** tests/scram: Also test GSASL_SCRAM_SALTED_PASSWORD case. This code path triggered a crash in v1.3. ** i18n: Added Finnish translation. Thanks to Jorma Karvonen . ** Experimental support for SCRAM-SHA-1 added. Please test it but don't put it into production use, the RFC have not been finalized yet. For this reason, the mechanism priority list is such that SCRAM-SHA-1 will never be selected over any other mechanism (including PLAIN, CRAM-MD5, and DIGEST-MD5). When it has been tested further, we'll make SCRAM-SHA-1 the preferred mechanism after GSSAPI. ** gsasl: Fix libintl-related build errors on MinGW. Tiny patch from "carlo.bramix" . ** doc: Typo fixes to manual. Based on report by Marco Maggi in . ** tests: Rewrite basic self test using modern API. ** tests: New self-test 'crypto' to increase code coverage. ** gsasl: Fix out of bounds write when in IMAP/SMTP mode. Reported by Enrico Scholz in . ** doc: Rewritten introduction material. ** doc: Improved sections for the info manual. We now follow the advice given by the texinfo manual on which directory categories to use. In particular, libgsasl moved from the 'GNU Libraries' section to the 'Software libraries' as GNU SASL, and 'Invoking gsasl' moved from 'GNU utilities' to 'Security'. ** examples: Removed unneeded 'ctx' parameter from client_authenticate. ** Building with many warning flags now requires --enable-gcc-warnings. This avoids crying wolf for normal compiles. ** New configure parameters to set packaging specific information. The parameters are --with-packager, --with-packager-version, and --with-packager-bug-reports. See for more details. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2010/06/03 09:23:34 wiz Exp $ d3 3 a5 3 SHA1 (gsasl-1.6.0.tar.gz) = 56055324ebf1d1b823412b6fcee192c03452ea84 RMD160 (gsasl-1.6.0.tar.gz) = e2fc43899a18f19afa1a06d4e97788fe74689dc4 Size (gsasl-1.6.0.tar.gz) = 4611016 bytes @ 1.13 log @Add patch-a{a,b} to distinfo. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2009/06/04 18:38:30 adam Exp $ d3 3 a5 5 SHA1 (gsasl-1.1.tar.gz) = 18ad50a16da8cbb53b720968545330fa5cdaa380 RMD160 (gsasl-1.1.tar.gz) = a6f4b77c4d9de37099e780471d4e16e0d5da9365 Size (gsasl-1.1.tar.gz) = 3775776 bytes SHA1 (patch-aa) = 6dd2c9ba9e7828fbbbf7c7fad95bea492ba00b5c SHA1 (patch-ab) = 40da8472cdd755ca2afd0dd0be054b462764fbe2 @ 1.12 log @Changes 1.1: * Reading integrity protected data from server now works. * The --quality-of-protection parameter now works. * Only detect sufficiently recent GnuTLS versions. Changes 1.0: * New parameter --priority to specify GnuTLS priority strings. * Print web page links in --help, per new GNU coding standard. * New self-test for the gsasl_client_suggest_mechanism function. * Modernize doxygen configuration. * Use permissive license for man pages. * Change license on the manual to GFDLv1.3+. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2008/11/07 18:40:52 adam Exp $ d6 2 @ 1.11 log @Changes 0.2.29: * gsasl: Don't use poll with POLLOUT to avoid busy-waiting. * doc: Error codes are now extracted using official library APIs. * doc: Included cyclomatic code complexity charts of the library code. * tests: Add self test of obsolete base64 functions. * Update gnulib files. Improves Windows compatibility. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2008/09/08 08:58:49 adam Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.29.tar.gz) = 5495963208574f8b2532603e898829fe3325a3dd RMD160 (gsasl-0.2.29.tar.gz) = 56aabbf07f5d02921d3dc24dfa8ff4525b1789ff Size (gsasl-0.2.29.tar.gz) = 3519920 bytes @ 1.10 log @Changes 0.2.28: * Rewrite to use poll instead of select. * Improve Windows installation instructions in the manual. * tests: New self test of gsasl_mechanism_name function. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2008/08/14 10:01:03 adam Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.28.tar.gz) = 0aa1f088eb2d0e5fe33eff80ea760407e407ee70 RMD160 (gsasl-0.2.28.tar.gz) = 88697beab847b1702679eb31aa58ccd37b451b37 Size (gsasl-0.2.28.tar.gz) = 3440615 bytes @ 1.9 log @Changes 0.2.27: * Fix SASL operations through TLS. * Update gnulib files, and include gnulib self-tests. * Update translations. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2008/05/21 15:22:56 obache Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.27.tar.gz) = ac04c7776f154929d0474df9b60840eda7d5d9fb RMD160 (gsasl-0.2.27.tar.gz) = 66c68b884d357cc51150b51bc6829af2e142b25c Size (gsasl-0.2.27.tar.gz) = 3429990 bytes @ 1.8 log @Update gsasl to 0.2.26. Based on patch provided by Eric Schnoebelen in PR 38692. While here, marked as DESTDIR support. Also fix CONFIGURE option for GSSAPI implement (I don't know from when). * Version 0.2.26 (released 2008-05-05) ** Translations files not stored directly in git to avoid merge conflicts. This allows us to avoid use of --no-location which makes the translation teams happier. ** Build fixes for the documentation. ** Update gnulib files. * Version 0.2.25 (released 2008-03-10) ** gsasl: Fix buffering issue to avoid mixing stdout/stderr outputs. This would manifest itself when redirecting output to a pipe, such as when used with Gnus. Reported by Enrico Scholz , see . ** Fix non-portable use of brace expansion in makefiles. * Version 0.2.24 (released 2008-01-15) ** Link self-tests with gnulib, to fix link failures under MinGW. * Version 0.2.23 (released 2008-01-15) ** Improve CRAM-MD5 self-test to detect if challenges are the same. ** Improve gsasl --help and --version to conform with GNU standards. ** Use gettext 0.17. ** Update gnulib files. * Version 0.2.22 (released 2007-10-08) ** Development git tree moved to savannah. See . ** Fix warnings when building the tool 'gsasl'. ** Update gnulib files. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2007/10/25 21:24:53 adam Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.26.tar.gz) = bd6d201bc2d35291e1b2a24a32932d709ec4c0f5 RMD160 (gsasl-0.2.26.tar.gz) = 89a1e711ef1efefca898d21d8763ad062357854a Size (gsasl-0.2.26.tar.gz) = 3371738 bytes @ 1.7 log @Changes 0.2.21: * Fix typos in manual. * Update gnulib files. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2006/12/09 14:06:13 obache Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.21.tar.gz) = 971ede97fc148ac3238415c55b1b95eca485afac RMD160 (gsasl-0.2.21.tar.gz) = a570098ba0e3f6d1b50b92010c6aeb687ada14ec Size (gsasl-0.2.21.tar.gz) = 3293537 bytes @ 1.6 log @Update gsasl to 0.2.15, based on patch provided by PR 33638. * Version 0.2.15 (released 2006-08-22) ** Changed libgsasl shared library version. The shared library version was not incremented correctly in the last release, even though new APIs were added. * Version 0.2.14 (released 2006-08-19) ** New section "Requirements" in the manual, lists the external components. Suggested by James Mansion. ** Update of gnulib files. * Version 0.2.13 (released 2006-06-14) ** Update of gnulib files. Further improves portability to MinGW. ** Various improvements in the manuals. ** The tests are run under valgrind, if it is installed. Use --disable-valgrind-tests to unconditionally disable this. It is disabled by default for cross compiles. ** Various minor fixes. * Version 0.2.12 (released 2006-03-08) ** Update of gnulib files. Improves portability to Mingw32. * Version 0.2.11 (released 2006-02-07) ** Ported to Windows by cross-compiling using Mingw32. Using Debian's mingw32 compiler, you can build it for Windows by invoking `./configure --host=i586-mingw32msvc --disable-gssapi'. ** Update of gnulib files. * Version 0.2.10 (released 2005-10-23) ** Work around bug in GnuTLS that made the command line tool exit after ** failing to write a zero length message to the peer. ** Don't use GnuTLS if gnutls_certificate_verify_peers2 isn't present. ** Update of gnulib files. * Version 0.2.9 (released 2005-10-07) ** Update of gnulib files. * Version 0.2.8 (released 2005-09-08) ** The gsasl tool now support STARTTLS for IMAP and SMTP using GnuTLS. ** The --client and --server parameters for the gsasl tool now work properly. ** The --client and --server stdin/stdout modes now use the readline library. ** Fixed build problems in getpass on uClibc and Mingw32 platforms. ** Kinyarwanda translation added. * Version 0.2.7 (released 2005-08-25) ** Fix build problems when cross-compiling to uClibc and Mingw32 platforms. ** Detecting and using the readline library has been improved. * Version 0.2.6 (released 2005-08-08) ** The gsasl tool now try to connect to all addresses for a server name. ** The help-gsasl@@gnu.org mailing list is now mentioned in documentation. ** The license template in files were updated with the new FSF address. ** Update of gnulib files. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2005/02/28 13:29:31 wiz Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.15.tar.gz) = b0a043d086423a3eb538cfae15e383fb6f4126d0 RMD160 (gsasl-0.2.15.tar.gz) = 454d5671ecb1f040f78939c7ac3878a78f4fc8ee Size (gsasl-0.2.15.tar.gz) = 2859611 bytes @ 1.5 log @Update to 0.2.5: * Version 0.2.5 (released 2005-02-08) ** Added self test of EXTERNAL mechanism. ** Vietnamese translation added, thanks to Clytie Siddall. * Version 0.2.4 (released 2005-01-01) ** The CRAM-MD5 mechanism is now preferred over DIGEST-MD5. This decision was based on recent public research that suggest MD5 is broken, while HMAC-MD5 not immediately compromised, and the lack of public analysis on what consequences the MD5 break have for DIGEST-MD5. Support for CRAM-SHA1 is under investigation, to enable users to avoid MD5 completely ** Fixed a bug that prevented SMTP client from working. ** New configure option --disable-obsolete to remove backwards compatibility. This is mostly intended to be used when compiling for platforms with constrained memory/space resources. ** DIGEST-MD5 rewritten and enabled by default (see lib/NEWS for details). ** Command line tool now query for realm, hostname and service name properly. ** Documentation updates and improvements. ** Self test improvements. ** Update of gnulib files. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2005/02/24 13:10:06 agc Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.5.tar.gz) = 50efa73bb7f0cfd3da67c8d294d7ab5cc02dc9ad RMD160 (gsasl-0.2.5.tar.gz) = b9168c7629427c9e8d6af8525473f7aeb725f7fe Size (gsasl-0.2.5.tar.gz) = 2620281 bytes @ 1.4 log @Add RMD160 digests. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2004/12/26 22:56:09 wiz Exp $ d3 3 a5 3 SHA1 (gsasl-0.2.3.tar.gz) = c975091be2f5ee1d14a4ef1bab3159db31f8377e RMD160 (gsasl-0.2.3.tar.gz) = f007d2795b7c69edc50566e87a2d9bccf38f0923 Size (gsasl-0.2.3.tar.gz) = 2566341 bytes @ 1.3 log @Update to 0.2.3. * Version 0.2.3 (released 2004-12-15) ** Fix example code to handle base64 encoded data properly. ** DIGEST-MD5 is disabled by default, pending a rewrite for the new API. ** Command line tool uses new callback interface to the library. ** Command line tool uses "iconvme" from gnulib for UTF-8 string conversion. ** Server mode in the command line tool does not work currently. It is unclear if this feature was ever that useful. If there are no objections, it will be removed completely in future versions. ** Documentation fixes. ** Fix self test bugs. * Version 0.2.2 (released 2004-11-29) ** Update of gnulib files. * Version 0.2.1 (released 2004-11-19) ** Documentation fixes; the old callback API functions are marked as obsolete. * Version 0.2.0 (released 2004-11-07) ** Added new directory examples/ with complete examples for new API. ** Documentation improvements. For example, you can now browse the GNU SASL API manual using DevHelp. ** Update of gnulib files. ** More self tests. ** Translation fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2004/09/19 12:48:45 wiz Exp $ d4 1 @ 1.2 log @Update to 0.1.4, provided by Sergio Jimenez in PR 26974. Changes since 0.0.8: * Changes in 0.1.4 (released 2004-08-08) ** Revamp of gnulib compatibility files. ** More translations. German (by Roland Illig), Basque (by Mikel Olasagasti), French (by Michel Robitaille), Irish (by Kevin Patrick Scannell), Dutch (by Elros Cyriatan), Polish (by Jakub Bogusz), Romanian (by Laurentiu Buzdugan), and Serbian (by Aleksandar Jelenak). * Changes in 0.1.3 (released 2004-08-04) ** Command line tool support IPv6 (and other protocol families). Requires that your system has `getaddrinfo'. ** Command line behaviour for gsasl tool improved. The --client and --imap parameters are now the default. The --connect host and port can now be specified directly. If --authentication-id is not specified, the username of the user invoking gsasl is used (i.e., getpwuid(getuid)->pw_name). Alltogether, this allows simple usage, as in `gsasl mail.example.com' to connect, via IMAP, to mail.example.com. * Changes in 0.1.2 (released 2004-07-16) ** The SMTP mode in `gsasl' should now work. ** Cross compile builds should work. It should work for any sane cross compile target, but the only tested platform is uClibc/uClinux on Motorola Coldfire. ** The GNU Readline library is used to read data, if available. ** Passwords read from stdin are not echoed to the terminal. * Changes in 0.1.1 (released 2004-06-26) ** In the command line client, the default quality of protection is now none. * Changes in 0.1.0 (released 2004-04-16) ** The library re-licensed to LGPL and distributed as a separate package. This means a fork of this NEWS file, all the entries below relate to the combined work of earlier versions. New entries above does not document user visible changes for the library ("libgsasl"), for that see NEWS in the lib/ sub-directory, which is also distributed as a stand-alone package. * Changes in 0.0.14 (released 2004-01-22) ** Moved all mechanism specific code into sub-directories of lib/. Each backend is built into its own library (e.g., libgsasl-plain.so), to facilitate future possible use of dlopen to dynamically load backends. ** Moved compatibility files (getopt*) to gl/, and added more (strdup*). * Changes in 0.0.13 (released 2004-01-17) ** Nettle (the crypto functionality, crypto/) has been updated. This fixes two portability issues, the new code should work on platforms that doesn't have inttypes.h and alloca. * Changes in 0.0.12 (released 2004-01-15) ** Protocol line parser in 'gsasl' tool more reliable. Earlier it assumed two lines were sent in one packet in one place, and sent as two packets in another place. ** Various bugfixes. * Changes in 0.0.11 (released 2004-01-06) ** The client part of CRAM-MD5 now uses SASLprep instead of NFKC. This aligns with draft-ietf-sasl-crammd5-01. ** The CRAM-MD5 challenge string now conform to the proper syntax. ** The string preparation (SASLprep and trace) functions now work correctly. ** DocBook manuals no longer included. The reason is that recent DocBook tools from the distribution I use (Debian) fails with an error. DocBook manuals may be included in the future, if I can get the tools to work. ** API and ABI modifications. GSASL_SASLPREP_ERROR: ADD. * Changes in 0.0.10 (released 2003-11-22) ** The CRAM-MD5 server now reject invalid passwords. The logic flaw was introduced in 0.0.9, after blindly making code changes to shut up valgrind just before the release. ** Various build improvements. Pkg-config is no longer needed. GTK-DOC is only used if present. * Changes in 0.0.9 (released 2003-11-21) ** Command line client can talk to SMTP servers with --smtp. ** DocBook manuals in XML, PDF, PostScript, ASCII and HTML formats included. ** Token parser in DIGEST-MD5 fixed, improve interoperability of DIGEST-MD5. ** Libgcrypt >= 1.1.42 is used if available (for CRAM-MD5 and DIGEST-MD5). The previous libgcrypt API is no longer supported. ** CRAM-MD5 and DIGEST-MD5 no longer require libgcrypt (but can still use it). If libgcrypt 1.1.42 or later is not found, it uses a minimalistic cryptographic library based on Nettle, from crypto/. Currently only MD5 and HMAC-MD5 is needed, making a dependence on libgcrypt overkill. ** Listing supported server mechanisms with gsasl_server_mechlist work. ** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used. ** Source code for each SASL mechanism moved to its own sub-directory in lib/. ** The command line interface now uses getopt instead of argp. The reason is portability, this also means we no longer use gnulib. ** API and ABI modifications. gsasl_randomize: ADD. gsasl_md5: ADD. gsasl_hmac_md5: ADD. gsasl_hexdump: REMOVED. Never intended to be exported. gsasl_step: ADD. gsasl_step64: ADD. gsasl_client_step: DEPRECATED: use gsasl_step instead. gsasl_server_step: DEPRECATED: use gsasl_step instead. gsasl_client_step_base64: DEPRECATED: use gsasl_step64 instead. gsasl_server_step_base64: DEPRECATED: use gsasl_step64 instead. gsasl_finish: ADD. gsasl_client_finish: DEPRECATED: use gsasl_finish instead. gsasl_server_finish: DEPRECATED: use gsasl_finish instead. gsasl_ctx_get: ADD. gsasl_client_ctx_get: DEPRECATED: use gsasl_ctx_get instead. gsasl_server_ctx_get: DEPRECATED: use gsasl_ctx_get instead. gsasl_appinfo_get: ADD. gsasl_appinfo_set: ADD. gsasl_client_application_data_get: DEPRECATED: use gsasl_appinfo_get instead. gsasl_client_application_data_set: DEPRECATED: use gsasl_appinfo_set instead. gsasl_server_application_data_get: DEPRECATED: use gsasl_appinfo_get instead. gsasl_server_application_data_set: DEPRECATED: use gsasl_appinfo_set instead. Gsasl: ADD. Gsasl_ctx: DEPRECATED: use Gsasl instead. Gsasl_session: ADD. Gsasl_session_ctx: DEPRECATED: use Gsasl_session instead. GSASL_CRYPTO_ERROR: ADD, replaces deprecated GSASL_LIBGCRYPT_ERROR. GSASL_LIBGCRYPT_ERROR: DEPRECATED: use GSASL_CRYPTO_ERROR instead. GSASL_KERBEROS_V5_INTERNAL_ERROR: ADD, replaces deprecated GSASL_SHISHI_ERROR. GSASL_SHISHI_ERROR: DEPRECATED: use GSASL_KERBEROS_V5_INTERNAL_ERROR instead. GSASL_INVALID_HANDLE: ADD. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2003/12/03 19:23:13 xtraeme Exp $ d3 2 a4 2 SHA1 (gsasl-0.1.4.tar.gz) = 33194d4546f419d4235085d9e813d73fecddfd2e Size (gsasl-0.1.4.tar.gz) = 1658659 bytes @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 SHA1 (gsasl-0.0.8.tar.gz) = 57b9eda2f04872e55b4a94bf89a5ca6e488bca44 Size (gsasl-0.0.8.tar.gz) = 1342014 bytes @ 1.1.1.1 log @Initial import gsasl-0.0.8 from pkgsrc-wip. GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers. GNU SASL contains a library (`libgsasl'), a command line utility (`gsasl') to access the library from the shell, and a manual. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM and KERBEROS_V5 mechanisms. @ text @@