./security/gsasl, GNU implementation of the Simple Authentication and Security Layer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.0.1nb1, Package name: gsasl-2.0.1nb1, Maintainer: pkgsrc-users

GNU SASL is an implementation of the Simple Authentication and Security Layer
framework and a few common SASL mechanisms. SASL is used by network servers
(e.g., IMAP, SMTP) to request authentication from clients, and in clients to
authenticate against servers.

GNU SASL contains a library (`libgsasl'), a command line utility (`gsasl')
to access the library from the shell, and a manual. The library includes
support for the SASL framework (with authentication functions and application
data privacy and integrity functions) and at least partial support for the
CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN,
NTLM and KERBEROS_V5 mechanisms.


Required to run:
[security/gnutls] [security/heimdal] [security/libgcrypt] [security/openssl] [devel/libntlm] [devel/libidn]

Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

Filesize: 3202.766 KB

Version history: (Expand)


CVS history: (Expand)


   2022-10-26 12:32:08 by Thomas Klausner | Files touched by this commit (687)
Log message:
*: bump PKGREVISION for libunistring shlib major bump
   2022-07-17 10:24:53 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
gsasl: update to 2.0.1.

* Noteworthy changes in release 2.0.1 (2022-07-15) [stable]

** Support for the libgssglue GSS-API library were added.
We encourage you to build with libgssglue, as that allows system
administrators and end-users to chose between MIT Kerberos, Heimdal
and GNU GSS during run-time.  Read about the background here:
https://blog.josefsson.org/2022/07/14/towards-pluggable-gss-api-modules/

** GSSAPI client: don't use AUTHID as fallback for AUTHZID.
The code historically used the AUTHID as authorization identity, but
in 2012 we changed it to first query for AUTHZID, and only if that is
not available, fall back to using AUTHID as the authorization
identity.  The change was not released until version 1.8.1 on
2019-08-02, when it was properly documented to be removed 'after the
year 2012'.  While documented behaviour, this seems like just
surprising behaviour and we now finally make the change.

** GSSAPI server: don't set AUTHZID to empty string when absent.
The GSS-API SASL protocol does not differentiate between an absent
authorization identity and an authorization identity that is the empty
string.  Previously libgsasl would set it to the empty string but now
it is set to NULL.  The manual explains that this is a protocol
limitation.

** The examples/smtp-server.c now supports GSSAPI/GS2-KRB5.
The example is used during CI/CD testing of GNU SASL and thus it made
sense to extend it.  Some bugs related to getline error conditions
were also fixed.

** GSSAPI server: Fix out-of-bounds read.
A malicious client can after it has authenticated with Kerberos send a
specially crafted message that causes Libgsasl to read out of bounds
and cause a crash in the server.

* Noteworthy changes in release 2.0.0 (2022-06-20) [stable]

** Compared to last stable branch 1.10.x the 2.0.0 release
** drops all obsolete APIs, drops the abandoned KERBEROS_V5 mechanism,
** stops shipping a separate tarball for only the library, adds new APIs
** gsasl_mechanism_name_p() and gsasl_property_free().
Numerous other translation improvements, code cleanups, bug fixes,
documentation additions, build improvements and portability
enhancements were made as well.
   2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063)
Log message:
revbump for icu and libffi
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-21 09:46:39 by Thomas Klausner | Files touched by this commit (77)
Log message:
*: recursive bump for heimdal 7.7.0

its buildlink3.mk now includes openssl's buildlink3.mk
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-09-29 21:01:31 by Adam Ciarcinski | Files touched by this commit (872)
Log message:
revbump for boost-libs
   2021-04-21 15:25:34 by Adam Ciarcinski | Files touched by this commit (864)
Log message:
revbump for boost-libs