File: NEWS

package info (click to toggle)
gsasl 2.2.0-1
links: PTS, VCS
area: main
in suites: bookworm
size: 16,752 kB
sloc: ansic: 55,874; sh: 7,846; makefile: 640; xml: 301; perl: 242; php: 172; sed: 16
file content (1547 lines) | stat: -rw-r--r-- 53,697 bytes
GNU SASL LIBRARY NEWS -- Historic record of changes in the library.
Copyright (C) 2002-2022 Simon Josefsson
See the end for copying conditions.

This file is no longer used since 1.10.x, read ../NEWS instead.

* Version 1.10.0 (released 2021-01-01) [stable]

** This is a new major stable release.
See ../NEWS for summary.  This file will no longer be used to document
user-visible changes in the library, instead ../NEWS will be used to
document everything in order to make the information coherent.

* Version 1.9.3 (released 2021-01-01) [beta]

** API and ABI modifications.
No changes since last version.

* Version 1.9.2 (released 2020-12-24) [beta]

** SCRAM, GS2, and GSSAPI no longer retrieve the TLS channel binding
** data (property GSASL_CB_TLS_UNIQUE) during gsasl_client_start() or
** gsasl_server_start().
** Now it is retrieved during the first call to gsasl_step().
See ../NEWS and ../tests/startcb.c for more information.

** Drop GSASL_HASH_MD5 and GSASL_HASH_MD5_SIZE.
Introduced in 1.9.x series so no API/ABI problem.

** Clarify obsolete deprecated interfaces.
All of the following will be removed in the next stable branch.

The entire KERBEROS_V5 mechanism together with its error codes
GSASL_KERBEROS_V5_INIT_ERROR, GSASL_KERBEROS_V5_INTERNAL_ERROR, and
the already deprecated GSASL_SHISHI_ERROR are now considered obsolete.

Our DIGEST-MD5 implementation does not support confidentiality layers,
thus the Gsasl_cipher type enum is useless and is classified as
obsolete.

The gsasl_simple_getpass() function does not encourage good security
practices (storing passwords in clear text) and is now deprecated.

The following backwards compatibility error codes are obsolete:
  GSASL_TOO_SMALL_BUFFER
  GSASL_FOPEN_ERROR
  GSASL_FCLOSE_ERROR
  GSASL_GCRYPT_ERROR
  GSASL_CANNOT_GET_CTX
  GSASL_NEED_CLIENT_ANONYMOUS_CALLBACK
  GSASL_NEED_CLIENT_PASSWORD_CALLBACK
  GSASL_NEED_CLIENT_PASSCODE_CALLBACK
  GSASL_NEED_CLIENT_PIN_CALLBACK
  GSASL_NEED_CLIENT_AUTHORIZATION_ID_CALLBACK
  GSASL_NEED_CLIENT_AUTHENTICATION_ID_CALLBACK
  GSASL_NEED_CLIENT_SERVICE_CALLBACK
  GSASL_NEED_SERVER_VALIDATE_CALLBACK
  GSASL_NEED_SERVER_CRAM_MD5_CALLBACK
  GSASL_NEED_SERVER_DIGEST_MD5_CALLBACK
  GSASL_NEED_SERVER_EXTERNAL_CALLBACK
  GSASL_NEED_SERVER_ANONYMOUS_CALLBACK
  GSASL_NEED_SERVER_REALM_CALLBACK
  GSASL_NEED_SERVER_SECURID_CALLBACK
  GSASL_NEED_SERVER_SERVICE_CALLBACK
  GSASL_NEED_SERVER_GSSAPI_CALLBACK
  GSASL_NEED_SERVER_RETRIEVE_CALLBACK
  GSASL_UNICODE_NORMALIZATION_ERROR
  GSASL_NO_MORE_REALMS
  GSASL_INVALID_HANDLE

The following backwards compatibility types are obsolete:
  Gsasl_ctx
  Gsasl_session_ctx
  Gsasl_client_callback_anonymous
  Gsasl_client_callback_authentication_id
  Gsasl_client_callback_authorization_id
  Gsasl_client_callback_password
  Gsasl_client_callback_passcode
  Gsasl_client_callback_pin
  Gsasl_client_callback_service
  Gsasl_client_callback_qop
  Gsasl_client_callback_maxbuf
  Gsasl_client_callback_realm
  Gsasl_server_callback_retrieve
  Gsasl_server_callback_validate
  Gsasl_server_callback_gssapi
  Gsasl_server_callback_securid
  Gsasl_server_callback_cram_md5
  Gsasl_server_callback_digest_md5
  Gsasl_server_callback_service
  Gsasl_server_callback_external
  Gsasl_server_callback_anonymous
  Gsasl_server_callback_realm
  Gsasl_server_callback_qop
  Gsasl_server_callback_maxbuf
  Gsasl_server_callback_cipher

The following backwards compatibility functions are obsolete:
  gsasl_client_listmech
  gsasl_server_listmech
  gsasl_client_step
  gsasl_client_step_base64
  gsasl_server_step
  gsasl_server_step_base64
  gsasl_client_finish
  gsasl_server_finish
  gsasl_client_ctx_get
  gsasl_server_ctx_get
  gsasl_client_application_data_set
  gsasl_client_application_data_get
  gsasl_server_application_data_set
  gsasl_server_application_data_get
  gsasl_randomize
  gsasl_ctx_get
  gsasl_encode_inline
  gsasl_decode_inline
  gsasl_application_data_set
  gsasl_application_data_get
  gsasl_appinfo_set
  gsasl_appinfo_get
  gsasl_server_suggest_mechanism
  gsasl_base64_encode
  gsasl_base64_decode
  gsasl_stringprep_nfkc
  gsasl_stringprep_saslprep
  gsasl_stringprep_trace
  gsasl_md5pwd_get_password
  gsasl_client_callback_authorization_id_set
  gsasl_client_callback_authorization_id_get
  gsasl_client_callback_authentication_id_set
  gsasl_client_callback_authentication_id_get
  gsasl_client_callback_anonymous_set
  gsasl_client_callback_anonymous_get
  gsasl_client_callback_password_set
  gsasl_client_callback_password_get
  gsasl_client_callback_passcode_set
  gsasl_client_callback_passcode_get
  gsasl_client_callback_pin_set
  gsasl_client_callback_pin_get
  gsasl_client_callback_service_set
  gsasl_client_callback_service_get
  gsasl_client_callback_qop_set
  gsasl_client_callback_qop_get
  gsasl_client_callback_maxbuf_set
  gsasl_client_callback_maxbuf_get
  gsasl_client_callback_realm_set
  gsasl_client_callback_realm_get
  gsasl_server_callback_validate_set
  gsasl_server_callback_validate_get
  gsasl_server_callback_retrieve_set
  gsasl_server_callback_retrieve_get
  gsasl_server_callback_cram_md5_set
  gsasl_server_callback_cram_md5_get
  gsasl_server_callback_digest_md5_set
  gsasl_server_callback_digest_md5_get
  gsasl_server_callback_external_set
  gsasl_server_callback_external_get
  gsasl_server_callback_anonymous_set
  gsasl_server_callback_anonymous_get
  gsasl_server_callback_realm_set
  gsasl_server_callback_realm_get
  gsasl_server_callback_qop_set
  gsasl_server_callback_qop_get
  gsasl_server_callback_maxbuf_set
  gsasl_server_callback_maxbuf_get
  gsasl_server_callback_cipher_set
  gsasl_server_callback_cipher_get
  gsasl_server_callback_securid_set
  gsasl_server_callback_securid_get
  gsasl_server_callback_gssapi_set
  gsasl_server_callback_gssapi_get
  gsasl_server_callback_service_set
  gsasl_server_callback_service_get
  gsasl_md5
  gsasl_hmac_md5
  gsasl_sha1
  gsasl_hmac_sha1

* Version 1.9.1 (released 2020-01-14) [beta]

** SCRAM server: Support for password-less usage.
New properties GSASL_SCRAM_SERVERKEY and GSASL_SCRAM_STOREDKEY are
used, before asking for a password.  See updated manual for more
information.  Suggested by Jeremy Harris.

** SCRAM: Sets SCRAM_ITER/SCRAM_SALT/SCRAM_SALTED_PASSWORD.
These properties can be read out and stored for future
authentications, instead of storing the password, to improve
performance and security.  The new properties GSASL_SCRAM_SERVERKEY
and GSASL_SCRAM_STOREDKEY can also be read out.  Suggested by Jeremy
Harris.

** New enum Gsasl_hash (and Gsasl_hash_length) for hash algorithms.
The enum declares GSASL_HASH_MD5, GSASL_HASH_SHA1, and
GSASL_HASH_SHA256 as new hash algorithm identifiers for use with
functions such as gsasl_scram_secrets_from_password().  The enum
Gsasl_hash_length declare GSASL_HASH_MD5_SIZE, GSASL_HASH_SHA1_SIZE,
and GSASL_HASH_SHA256_SIZE for the hash algorithm digest output sizes,
together with GSASL_HASH_MAX_SIZE as the largest of all
GSASL_HASH_*_SIZE's.  New function gsasl_hash_length() to get size of
digest.

** Raw crypto interfaces deprecated.
The functions gsasl_md5(), gsasl_sha1(), gsasl_hmac_md5(), and
gsasl_hmac_sha1() are now deprecated.

** New SCRAM crypto helper APIs.
The APIs are gsasl_scram_secrets_from_password() and
gsasl_scram_secrets_from_salted_password().

** New APIs for hex encoding/decoding.
Use gsasl_hex_from and gsasl_hex_to similar to the base64 functions.

** API and ABI modifications.
gsasl_hex_to, gsasl_hex_from, gsasl_hash_length: ADDED.
gsasl_md5, gsasl_sha1: DEPRECATED.
gsasl_hmac_md5, gsasl_hmac_sha1: DEPRECATED.
Gsasl_hash, Gsasl_hash_length: ADDED.
GSASL_HASH_MD5, GSASL_HASH_SHA1, GSASL_HASH_SHA256: ADDED.
GSASL_HASH_MD5_SIZE, GSASL_HASH_SHA1_SIZE, GSASL_HASH_SHA256_SIZE: ADDED.
GSASL_HASH_MAX_SIZE: ADDED.
gsasl_scram_secrets_from_password: ADDED.
gsasl_scram_secrets_from_salted_password: ADDED.

* Version 1.9.0 (released 2020-01-03) [beta]

** API and ABI modifications.
No changes since last version.

* Version 1.8.1 (released 2019-08-02) [stable]

** GSSAPI client: Now retrieves GSASL_AUTHZID for authorization identity.
** GSSAPI client: Can now transmit an empty/missing authorization identity.
Before the GSSAPI client retrieved GSASL_AUTHID (authentication
identity) and used that as the authorization identity.  For backwards
compatibility, the code now first tries GSASL_AUTHZID and then
GSASL_AUTHID when discovering the authorization identity.  If you
don't want any authorization identity (and thus let the server fall
back on the identity implied from the Kerberos layer) then return
GSASL_NO_CALLBACK on both.  Please update code to use GSASL_AUTHZID
instead of GSASL_AUTHID, in case we remove the backwards compatibility
code.  Reported by Amon Ott.

** GSSAPI server: Fix memory leak after successful authentication.
Report and patch by Goktan Kantarcioglu.

** libgsasl: gsasl_md5, gsasl_hmac_md5, gsasl_sha1, gsasl_hmac_sha1 API fix.
The final output variable used to be 'char *out[16]' and
'char *out[20]' respectively, however this triggered bug in the gdoc
automated documentation generator script so the types are now
'char *out[]'.  This should not require any changes in any application
using the library.

** i18n: Updated translations.

** API and ABI modifications.
No changes since last version.

* Version 1.8.0 (released 2012-05-28) [stable]

** This is a new major stable release.  Brief changes compared to 1.6.x:

*** SAML20 support following RFC 6595.

*** OPENID20 support following RFC 6616.

*** Various cleanups, portability and other bug fixes.
See the NEWS entries during the 1.7.x branch for details.

** API and ABI modifications.
No changes since last version.

* Version 1.7.6 (released 2012-05-23) [beta]

** i18n: Updated translations.

** API and ABI modifications.
No changes since last version.

* Version 1.7.5 (released 2012-05-22) [beta]

** i18n: Updated translations.

** Build fixes.

** API and ABI modifications.
No changes since last version.

* Version 1.7.4 (released 2012-05-16) [alpha]

** libgsasl: Reverted unification of OpenID and SAML properties/callbacks.
The reason was that client and servers needs to know whether it is
SAML or OpenID that is used, and using the same property and callback
symbol for both makes this more difficult.

** i18n: Updated translations.

** GSS-API server: Don't output zero-length tokens on context init success.
Reported by Andreas Oberritter <obi@saftware.de>.

** GSS-API server: Only proceed to next step when context is established.
Reported by Andreas Oberritter <obi@saftware.de>.

** Rewrote DIGEST-MD5 code to avoid false positive complaint from valgrind.

** Update gnulib files.

** API and ABI modifications.
GSASL_REDIRECT_URL: Removed.
GSASL_OPENID20_REDIRECT_URL: Added.
GSASL_SAML20_REDIRECT_URL: Added.
GSASL_AUTHENTICATE_IN_BROWSER: Removed.
GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Added.
GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Added.

* Version 1.7.3 (released 2012-04-03) [alpha]

** libgsasl: The SAML20 mechanism is now enabled by default.

** libgsasl: The SAML20 mechanism was updated to draft -09.
There was a minor protocol change, the final client response is now
"=" instead of the empty string.

** libgsasl: Unified some of the SAML and OpenID callbacks/properties.
See API changes below.

** API and ABI modifications.
GSASL_REDIRECT_URL: Added, replaces the next two properties.
GSASL_OPENID20_REDIRECT_URL: Removed.
GSASL_SAML20_REDIRECT_URL: Removed.
GSASL_AUTHENTICATE_IN_BROWSER: Added, replaces the next two callbacks.
GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Removed.
GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Removed.

* Version 1.7.2 (released 2012-03-28) [alpha]

** libgsasl: Updated OPENID20 implementation.
Now following draft-ietf-kitten-sasl-openid-08.

** API and ABI modifications.
GSASL_OPENID20_REDIRECT_URL: Added, new property.
GSASL_OPENID20_OUTCOME_DATA:: Added, new property.
GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Added, new callback.
GSASL_VALIDATE_OPENID20: Added, new callback.
GSASL_NO_OPENID20_REDIRECT_URL: Added, new error code.
GSASL_OPENID20_AUTH_IDENTIFIER: Removed, use GSASL_AUTHID instead.
GSASL_NO_OPENID20_AUTH_IDENTIFIER: Removed error code.

* Version 1.7.1 (released 2012-02-09) [alpha]

** libgsasl: Implement OPENID20 mechanism for OpenID authentication.
Following draft-ietf-kitten-sasl-openid-03.

** libgsasl.pc: Add a Libs.private.
Reported by Volker Grabsch <vog@notjusthosting.com>.

** Demand gettext >= 0.18.1 in order to get newer M4 files.
The old M4 files associated with 0.17 caused problems on Solaris,
which will hopefully be fixed with this.  Reported by Dagobert
Michelsen <dam@opencsw.org>.

** i18n: Updated translations.

** API and ABI modifications.
GSASL_CB_TLS_UNIQUE: Added, new property.
GSASL_OPENID20_AUTH_IDENTIFIER: Added, new property.
GSASL_NO_CB_TLS_UNIQUE: Added, new error code.
GSASL_NO_OPENID20_AUTH_IDENTIFIER: Added, new error code.

* Version 1.7.0 (released 2010-10-22) [alpha]

** SAML20: Implement new mechanism.
Implements draft-ietf-kitten-sasl-saml-01.  See tests/saml20.c for a
self test that illustrate how the mechanism is intended to be used in
both client and server mode.

** API and ABI modifications.
GSASL_NO_SAML20_IDP_IDENTIFIER: ADDED.
GSASL_NO_SAML20_REDIRECT_URL: ADDED.
GSASL_SAML20_IDP_IDENTIFIER: ADDED.
GSASL_SAML20_REDIRECT_URL: ADDED.
GSASL_SAML20_AUTHENTICATE_IN_BROWSER: ADDED.
GSASL_VALIDATE_SAML20: ADDED.

* Version 1.6.1 (released 2011-05-01) [stable]

** libgsasl.pc: Add a Libs.private.
Reported by Volker Grabsch <vog@notjusthosting.com>.

** build: Demand gettext >= 0.18.1 in order to get newer M4 files.
The old M4 files associated with 0.17 caused problems on Solaris,
which will hopefully be fixed with this.  Reported by Dagobert
Michelsen <dam@opencsw.org>.

** i18n: Updated translations.

** API and ABI modifications.
No changes since last version.

* Version 1.6.0 (released 2010-12-14) [stable]

** No changes since release candidate 1.5.5.

** API and ABI modifications.
No changes since last version.

* Version 1.5.5 (released 2010-12-09) [beta]

** API and ABI modifications.
No changes since last version.

* Version 1.5.4 (released 2010-11-14) [beta]

** SCRAM-SHA-1-PLUS: Fix parsing bug causing memory corruption.

** SCRAM: Fix memory leaks.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 1.5.3 (released 2010-11-14) [beta]

** libgsasl: Added property for tls-unique channel binding.
The new property GSASL_CB_TLS_UNIQUE takes a base64 encoded tls-unique
channel binding.  New error code GSASL_NO_CB_TLS_UNIQUE is returned
when application fails to provide a channel binding and the mechanism
requires it (i.e., in a PLUS server).

** SCRAM: Added support for SCRAM-SHA-1-PLUS with channel bindings.

** API and ABI modifications.
GSASL_CB_TLS_UNIQUE: ADDED.
GSASL_NO_CB_TLS_UNIQUE: ADDED.

* Version 1.5.2 (released 2010-09-27) [beta]

** GSSAPI/GS2-KRB5: Support for MIT Kerberos for Windows GSS-API library.

** SCRAM server: Compare c= field in client-final to match client-first.
Before our server did not verify that the channel binding and
authorization identity fields weren't tampered with.  Reported by Marc
Santamaria <asgarath@gmail.com>.

** SCRAM server: Interop against clients that supports channel bindings.
Before our server would refuse such connections.  Reported by Marc
Santamaria <asgarath@gmail.com>.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 1.5.1 (released 2010-04-21) [beta]

** libgsasl: No longer require the same or newer libgcrypt it was built with.
Before libgsasl refused to work if it was used with a libgcrypt shared
library that was older than the version that libgsasl was built with.

** GS2: Fix decoding of invalid data in server.  Code review fixes.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 1.5.0 (released 2010-03-31) [beta]

** GS2-KRB5: New mechanism GS2 with support for Kerberos V5.
The supported GSS-API implementations are GNU GSS, MIT Kerberos or
Heimdal.  The GS2-KRB5-PLUS variant with TLS channel bindings is not
supported.  GNU GSS version 1.0.0 or later is required.

** DIGEST-MD5: The server code now returns GSASL_OK after the final token.

** New error codes for GSS-API library errors (used by GS2).
The error codes are GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR,
GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR,
GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR,
GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR, and
GSASL_GSSAPI_RELEASE_OID_SET_ERROR.

** API and ABI modifications.
GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR: ADDED.
GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR: ADDED.
GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR: ADDED.
GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR: ADDED.
GSASL_GSSAPI_RELEASE_OID_SET_ERROR: ADDED.

* Version 1.4.4 (released 2010-03-25) [stable]

** SCRAM: Fix build error on platforms without strnlen.

** API and ABI modifications.
No changes since last version.

* Version 1.4.3 (released 2010-03-25) [stable]

** SCRAM: Don't read out of bounds when parsing tokens.

** API and ABI modifications.
No changes since last version.

* Version 1.4.2 (released 2010-03-15) [stable]

** SCRAM: Encode and decode username/authzid properly.
Before any username/authzid that contained '=' or ',' would not work.

** Fix typo in error message for GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR.

** i18n: Updated translations.

** API and ABI modifications.
No changes since last version.

* Version 1.4.1 (released 2010-02-16) [stable]

** API and ABI modifications.
No changes since last version.

* Version 1.4.0 (released 2009-11-17) [stable]

** No changes since 1.3.91 release candidate.

** API and ABI modifications.
No changes since last version.

* Version 1.3.91 (released 2009-11-06) [experimental]

** Fix Visual Studio project files to work with SCRAM.
Suggested by Lothar May <lothar.imap@googlemail.com> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/254>.

** API and ABI modifications.
No changes since last version.

* Version 1.3.90 (released 2009-11-06) [experimental]

** libgsasl: Properly increment libtool version to reflect newly added ABIs.
This was accidentally forgotten in the last release.

** libgsasl: Export gsasl_sha1 and gsasl_hmac_sha1 in linker version script.
This was accidentally forgotten in the last release.

** libgsasl: Fix crash in SCRAM-SHA-1 client when the application provides
** a value for GSASL_SCRAM_SALTED_PASSWORD.

** libgsasl: Fix detection of libgcrypt during builds.
Before libgcrypt was not detected and used by default unless you
supplied --with-libgcrypt.

** i18n: Added Finnish translation.
Thanks to Jorma Karvonen <karvonen.jorma@gmail.com>.

** i18n: Updated Vietnamese translation.
Thanks to Clytie Siddall <clytie@riverland.net.au>.

** API and ABI modifications.
No changes since last version.

* Version 1.3 (released 2009-10-08)

** libgsasl: Implement SCRAM-SHA-1.
New properties are GSASL_SCRAM_ITER, GSASL_SCRAM_SALT, and
GSASL_SCRAM_SALTED_PASSWORD.

** libgsasl: Add helper APIs for SHA-1 and HMAC-SHA-1.
New functions are gsasl_sha1 and gsasl_hmac_sha1.

** API and ABI modifications.
GSASL_SCRAM_ITER: ADDED.
GSASL_SCRAM_SALT: ADDED.
GSASL_SCRAM_SALTED_PASSWORD: ADDED.
gsasl_sha1: ADDED.
gsasl_hmac_sha1: ADDED.

* Version 1.2 (released 2009-06-13)

** libgsasl: The library needs at most around 250 bytes of stack frame size.
This is useful for embedded platforms with limited amount of RAM.
Some functions that required a large stack has been rewritten, in
order to achieve this goal.  The 250 byte limit is now part of the
regression test suite, so hopefully no function will ever require more
than that amount of stack space in the future.

** libgsasl: Obsolete gsasl_md5pwd_get_password rewritten to use modern API.

** Include a copy of the GPLv3 license in the archive.
Some parts, such as the gnulib self-tests, are licensed under the
GPLv3.  The library remains licensed under LGPLv2.1+ though.  Reported
by Vincent Untz <vuntz@opensuse.org> in
<http://permalink.gmane.org/gmane.comp.gnu.gsasl.general/225>.

** API and ABI modifications.
No changes since last version.

* Version 1.1 (released 2009-03-25)

** DIGEST-MD5 client: Add support for client integrity layer.
The layer is not used by default, the application needs to request it
specifically in a callback or by setting the GSASL_QOP property.

** DIGEST-MD5: Decoding of integrity protected sessions now works better.
Reported by Andery Melnikov <temnota.am@gmail.com>.

** libgsasl: Add new property GSASL_QOPS.
The DIGEST-MD5 server query for this property to get the set of
quality of protection (QOP) values to advertise.  The property holds
strings with comma separated keywords denoting the set of qops to use,
for example "qop-auth, qop-int".  Valid keywords are "qop-auth",
"qop-int", and "qop-conf".  The GSSAPI mechanism may be enhanced to
use this property as well in the future.

** libgsasl: Add new property GSASL_QOP.
The DIGEST-MD5 client query for this property to get the quality of
protection (QOP) values to request.  The property value is one of the
keywords for GSASL_QOPS.  The client must chose one of the QOP values
offered by the server (which may be inspected through the GSASL_QOPS
property).  The GSSAPI mechanism may be enhanced to use this property
as well in the future.

** DIGEST-MD5 client: Now queries application for QOP value
This makes it possible for client applications to request support for
authentication only and/or authentication plus integrity.  Before, the
client only supported authentication.  Note that confidentiality is
not supported, and if you request it you will get an error.

** DIGEST-MD5 server: Now queries application for QOP values.
This makes it possible for server applications to influence whether to
advertise support for authentication only and/or authentication plus
integrity.  Before, the server unconditionally advertised support for
both.  Note that confidentiality is not supported, and if you request
it you will get an error.  Suggested by Andery Melnikov
<temnota.am@gmail.com>.

** DIGEST-MD5 server: No longer advertises support for integrity by default.
You can request it specifically through a callback or setting the
GSASL_QOPS property.

** libgsasl: Added C pre-processor expressions for version handling.
The new symbols GSASL_VERSION_MAJOR, GSASL_VERSION_MINOR,
GSASL_VERSION_PATCH, and GSASL_VERSION_NUMBER can be used in numeric
comparisons to test version level.

** libgsasl: Use a LD version script on platforms where it is supported.
Currently only GNU LD and the Solaris linker supports it.  This helps
Debian package tools to produce better dependencies.  Before we used
Libtool -export-symbols-regex that created an anonymous version tag.
We use -export-symbols-regex when the system does not support LD
version scripts, but that only affect symbol visibility.

** libgsasl: Compiled with -fvisibility=hidden by default if supported.
Currently only GCC supports it for ELF targets.  This hides internal
symbols and has other advantages, see
<http://gcc.gnu.org/wiki/Visibility>.

** API and ABI modifications.
GSASL_VERSION_MAJOR: ADDED
GSASL_VERSION_MINOR: ADDED
GSASL_VERSION_PATCH: ADDED
GSASL_VERSION_NUMBER: ADDED
GSASL_QOP: ADDED
GSASL_QOPS: ADDED

* Version 1.0 (released 2009-01-23)

** Fix several compiler warnings.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.29 (released 2008-10-21)

** DIGEST-MD5 server: Added callback to retrieve hashed secret.
The callback is GSASL_DIGEST_MD5_HASHED_PASSWORD.  Patch from "Gazsó
Attila" <agazso@gmail.com>.

** DIGEST-MD5 server: Convert realm from ISO 8859-1 to UTF-8 when needed.
Reported by Adam Goode <adam@spicenitz.org>.

** libgsasl: Add function to print name of error codes.
For example, gsasl_strerror_name(GSASL_OK) returns "GSASL_OK".

** libgsasl: Reduce complexity of gsasl_strerror.

** libgsasl: Obsolete base64 functions rewritten to use new functions.
The old functions are gsasl_base64_encode and gsasl_base64_decode.
This reduces size of the library somewhat.

** Make the library compile under MinGW again.

** Added Indonesian translation.
Thanks to Andhika Padmawan <andhika.padmawan@gmail.com>.

** Perl is no longer required to build Libgsasl in Visual Studio.

** Fix several compiler warnings.

** API and ABI modifications.
gsasl_strerror_name: ADDED

* Version 0.2.28 (released 2008-08-20)

** New function to get mechanism name used in current session.
The function is gsasl_mechanism_name.

** The library can be built using Visual Studio.
Patches provided by Adam Strzelecki <ono@java.pl>.  See the manual,
section 'Installing under Windows', for more information.

** Update gnulib files.
Under Windows, the randomness functions will now prefer the Intel RND
crypto provider.  CryptAcquireContext is now invoked with the
CRYPT_VERIFY_CONTEXT parameter.

** API and ABI modifications.
gsasl_mechanism_name: ADD.

* Version 0.2.27 (released 2008-07-01)

** DIGEST-MD5: Fix undefined symbol "utf8tolatin1ifpossible".
This happened if --disable-server is used.  Reported by Martin Lambers
<marlam@marlam.de>.

** Update gnulib files, and include gnulib self-tests.

** Update translations.

** API and ABI modifications.
No changes since last version.

* Version 0.2.26 (released 2008-05-05)

** Translations files not stored directly in git to avoid merge conflicts.
This allows us to avoid use of --no-location which makes the
translation teams happier.

** DIGEST-MD5 server: don't reject authentication if client doesn't use utf-8.
Before, authentication from all non-UTF-8 clients were simply
rejected.  When this situation occurs now, the username is translated
into UTF-8 before being passed on to applications.  Further, the
password retrieved from the application is converted from UTF-8 to
ISO-8859-1 if that is possible.

Reported by marty <marty@ice.org> in
<http://lists.gnu.org/archive/html/help-gsasl/2008-03/msg00002.html>.
See also <http://jabberd2.xiaoka.com/ticket/200> and
<http://developer.pidgin.im/ticket/5213>.  Thanks to Pawel Widera
<momat@man.poznan.pl> for testing and fixing a silly typo in the code
that prevented it from working.

** DIGEST-MD5 client: convert password from UTF-8 to ISO-8859-1 before hash.
For compatibility with server.

** API and ABI modifications.
No changes since last version.

* Version 0.2.25 (released 2008-03-10)

** Fix non-portable use of brace expansion in makefiles.

** Documentation improvements.

** API and ABI modifications.
No changes since last version.

* Version 0.2.24 (released 2008-01-15)

** When libgcrypt is used, disable secure memory to make things work.

** When built under MinGW, generate a libgsasl-XX.def using -Wl,--output-def.

** API and ABI modifications.
No changes since last version.

* Version 0.2.23 (released 2008-01-15)

** CRAM-MD5: Check return value from gc_nonce().  (SECURITY)
If GNU SASL was not built against libgcrypt, and the
--enable-nonce-device device file did not exist, building libgsasl
would warn you but would continue.  Further, the code in CRAM-MD5 to
generate a challenge would not generate a new nonce each time, so
depending on what's stored on the stack, you may get the same
challenge each time.  The function should have checked the return
value from gc_nonce().  Reported by "Daniel Armyr" <daniel@armyr.se>.

** Use gettext 0.17.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.22 (released 2007-10-08)

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.21 (released 2007-08-22)

** DIGEST-MD5: Remove the extra leading, trailing, and intermediate commas.
Patch from James Canete <jcanete01@shaw.ca>.

** API and ABI modifications.
No changes since last version.

* Version 0.2.20 (released 2007-08-11)

** Correctly increment the shared library version.
I forgot to increment it in the last release, to indicate that a new
API/ABI was added.

** If GSS-API and GS2 are disabled, don't bother linking to a GSS-API library.
Reported by Maxim Britov <maxim.britov@gmail.com>.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.19 (released 2007-07-09)

** New API gsasl_free to release memory allocated by other functions.
This is useful on Windows where libgsasl uses one CRT and the
application uses another CRT.  Then malloc/free will not use the same
heap.  This happens if you build libgsasl using mingw32 and the
application with Visual Studio.  Suggested by Adam Strzelecki
<ono@java.pl>.

** Update gnulib files.

** API and ABI modifications.
gsasl_free: ADD.

* Version 0.2.18 (released 2007-06-07)

** Update gnulib files.
Fixes cross-compilation to uClinux.

** API and ABI modifications.
No changes since last version.

* Version 0.2.17 (released 2007-06-01)

** GNU SASL is now developed using Git instead of CVS.
A public git mirror is available from <http://repo.or.cz/w/gsasl.git>.

** Update gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.16 (released 2007-04-20)

** Translation updates.

** Fix gsasl_check_version logic.

** Now uses autoconf 2.61, automake 1.10, gettext 0.16.1.

** API and ABI modifications.
No changes since last version.

* Version 0.2.15 (released 2006-08-22)

** Changed libgsasl shared library version.
The shared library version was not incremented correctly in the last
release, even though new APIs were added.

* Version 0.2.14 (released 2006-08-19)

** New functions to set per-session application hooks.
Earlier only the global functions gsasl_callback_hook_set and
gsasl_callback_hook_set were available, but with the new
gsasl_session_hook_set and gsasl_session_hook_get, it is possible to
store and retrieve per-session specific data.  This simplifies
callback handling in applications.  Suggested by James Mansion.

The new function supersede the gsasl_client_application_data_get,
gsasl_client_application_data_set, gsasl_server_application_data_get,
and gsasl_server_application_data_set functions in the obsolete API.

** API and ABI modifications.
gsasl_session_hook_get,
gsasl_session_hook_set: ADD.

* Version 0.2.13 (released 2006-06-14)

** Update of gnulib files.
Further improves portability to MinGW.

** Fix memory leak in gsasl_client_listmech and gsasl_server_listmech.

** Configure fixes, for portability.

** API and ABI modifications.
No changes since last version.

* Version 0.2.12 (released 2006-03-08)

** Add -no-undefined to libtool command, to build DLL and import library on Mingw32.
Reported by Francis Brosnan Blazquez <francis@aspl.es>.

** Improved validation of received strings in the DIGEST-MD5 parser.

** Enable fixed self-test of DIGEST-MD5 parser.

** Update of gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.11 (released 2006-02-07)

** Ported to Windows by cross-compiling using Mingw32.
Using Debian's mingw32 compiler, you can build it for Windows by invoking
`./configure --host=i586-mingw32msvc --disable-gssapi'.

** Fix memory leak in gsasl_simple_getpass.

** Update of gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.10 (released 2005-10-23)

** Improve configure checks for libidn, libntlm, libgss and libshishi presence.

** Update of gnulib files, now includes self tests.

** API and ABI modifications.
No changes since last version.

* Version 0.2.9 (released 2005-10-07)

** Fix build error with some compilers in GSS-API mechanism.

** Gnulib is now used for crypto functions, instead of Nettle in crypto/.
Libgcrypt can still optionally be used through --with-libgcrypt.

** API and ABI modifications.
No changes since last version.

* Version 0.2.8 (released 2005-09-08)

** The PLAIN mechanism is preferred over LOGIN when both are available.

** Improved checking for libidn when the system need -R, -rpath or similar.

** API and ABI modifications.
No changes since last version.

* Version 0.2.7 (released 2005-08-25)

** Fixed bug in GNU SASL 0.1.x.backwards compatibility code in the
** callback for GSASL_PASSWORD.

** Eliminated some compiler warnings.

** API and ABI modifications.
No changes since last version.

* Version 0.2.6 (released 2005-08-10)

** The SASL PLAIN server now permit unassigned code points in SASLprep.
This aligns with draft-ietf-sasl-plain-08.txt which is in last call.

** Fix use of 'head -1' in configure script.
Replaced with more portable and compliant command 'sed 1q', thanks to
Carsten Lohrke.

** The macro AX_CREATE_STDINT_H used to find uint8_t, uint32_t etc was updated.
Should only be relevant if you use Nettle rather than libgcrypt.

** The license template in files were updated with the new FSF address.

** gsasl_check_version simplified and made more robust.

** Update of gnulib files.

** API and ABI modifications.
No changes since last version.

* Version 0.2.5 (released 2005-02-08)

** Strings that trigger the Unicode NFKC bug in PR#29 are now rejected.
This is only enabled if you use Libidn 0.5.0 or later.

** ANONYMOUS server reject empty and overlong tokens.

** EXTERNAL client now return empty data instead of NULL for empty authzid.

** Typos in gsasl_strerror() messages fixed, thanks to Clytie Siddall.

** API and ABI modifications.
No changes since last version.

* Version 0.2.4 (released 2005-01-01)

** The CRAM-MD5 mechanism is now preferred over DIGEST-MD5.
This decision was based on recent public research that suggest MD5 is
broken, while HMAC-MD5 not immediately compromised, and the lack of
public analysis on what consequences the MD5 break have for
DIGEST-MD5.  Support for CRAM-SHA1 is under investigation, to enable
users to avoid MD5 completely

** The DIGEST-MD5 mechanism is rewritten and enabled by default.
The implementation is written so it can be used separately from GNU
SASL in your own product, it only uses C89 and two external symbols
for MD5 and HMAC-MD5.  For more information, see digest-md5/README.

** Improvements to the PLAIN server.
It now prepare the incoming authid and password using SASLprep
(unassigned code point will be rejected).  It should also reject
invalid input better.

** Improved robustness of callback backwards compatibility.

** Memory leaks fixed.

** New simple user database API `gsasl_simple_getpass'.
This replaces gsasl_md5pwd_get_password.  The functionality is the
same, only the API changed (to remove fixed size buffer restrictions).

** New configure option --disable-obsolete to remove backwards compatibility.
This is mostly intended to be used when compiling for platforms with
constrained memory/space resources.

** Gnulib files were updated.

** API and ABI modifications.
gsasl_md5pwd_get_password: DEPRECATED.  Use gsasl_simple_getpass() instead.
gsasl_simple_getpass: ADD.  No buffer length restriction.
GSASL_FOPEN_ERROR: DEPRECATED.  Not used any more.
GSASL_FCLOSE_ERROR: DEPRECATED.  Not used any more.
GSASL_NO_MORE_REALMS: DEPRECATED.  Not used any more.
GSASL_INVALID_HANDLE: DEPRECATED.  Not used any more.

* Version 0.2.3 (released 2004-12-15)

** NTLM now set the 'domain' field to the GSASL_REALM property value.
Some servers appear to need non-empty but arbitrary domain values,
reported by Martin Lambers.

** PLAIN client no longer perform NFKC on strings.
This aligns with draft-ietf-sasl-plain-05.

** LOGIN client no longer perform NFKC on strings.
There is no specification for LOGIN, but arguable it should use
SASLprep, but on the server side.

** DIGEST-MD5 is disabled by default, pending a rewrite for the new API.
The mechanism still work if your application is using the old callback
API, in which case you may enable it (--enable-digest-md5) to have the
same functionality as in older versions.

** LOGIN client now uses authentication identity, not authorization identity,
reported by Martin Lambers.

** PLAIN client now work when no authorization identity is provided,
reported by Martin Lambers.

** Callback backwards compatibility improved, thanks to Sergey Poznyakoff.
The GSASL_VALIDATE_SIMPLE and GSASL_PASSWORD are now translated into
calls to gsasl_server_callback_validate_get() and
gsasl_server_callback_retrieve_get(), respectively.

** A crash in the new base64 code was fixed.

** Use of SASLprep in CRAM-MD5 changed.
The client now prepare authid/password as if they were query strings.
The server prepare the password as a storage string.

** The shared library version was incremented to reflect that the base64 APIs
were added, this was forgotten in the last release.

** Disabling Libidn/SASLprep should now result in a RFC 2222 compliant library.
However, it will reject non-ASCII strings, since the handling of those
strings was not specified in RFC 2222.

** API and ABI modifications.
gsasl_stringprep_nfkc, gsasl_stringprep_saslprep,
gsasl_stringprep_trace: DEPRECATED.  Use gsasl_saslprep() instead.
gsasl_saslprep: ADD.
Gsasl_saslprep_flags: ADD.  New enum type to go with gsasl_saslprep.
GSASL_REALM: ADD, new property.
GSASL_UNICODE_NORMALIZATION_ERROR: DEPRECATED.  Use
                                   GSASL_SASLPREP_ERROR instead.
GSASL_CANNOT_VALIDATE: REMOVED.  Never used for any reasonable purpose.

* Version 0.2.2 (released 2004-11-29)

** Fix memory leak in server-side CRAM-MD5.

** Fix read out of bound error in client-side CRAM-MD5.

** Tighten the base64 decoder, will not accept white space in input.

** Documentation fixes.

** API and ABI modifications.
gsasl_base64_encode, gsasl_base64_decode: DEPRECATED.
gsasl_base64_to, gsasl_base64_from: NEW.  Allocates the output buffer.

* Version 0.2.1 (released 2004-11-19)

** Fix DIGEST-MD5 application data encode/decode functions.

** Documentation fixes; the old callback API functions are marked as obsolete.

** API and ABI modifications.
No changes since last version.

* Version 0.2.0 (released 2004-11-07)

** Important information for 0.0.x or 0.1.x users.
The only externally visible (i.e., in the API/ABI-sense) effect of the
internal changes made in this version is that GSASL_ENCODE and
GSASL_DECODE have been renamed to, respectively, GSASL_ENCODE_INLINE
and GSASL_DECODE_INLINE, and that the original functions have been
modified to allocate the output buffer.  The GSASL_??CODE_INLINE
functions were added to simplify upgrading existing applications.  We
regret breaking backwards compatibility, but we felt it was necessary
to fix this.

** The EXTERNAL mechanism now support authorization identities.

** Major internal overhaul.
This was done to get rid of all fixed size buffers, and to clean up
the callback interface.  Now, all functions that return data of
non-fixed size will allocate the output, and the caller is responsible
for deallocating the data.  Further, the callback interface has been
simplified, from having one callback function per data item.  There is
now only one callback function, that receive an enumerated integer
type indicating the requested operation.

** Update of generic crypto layer.

** Now possible to add a new SASL mechanism during run-time.
Implement the Gsasl_*_function interfaces, populate a Gsasl_mechanism
struct with name of SASL mechanism and the function pointers, and call
gsasl_register to register your new mechanism.  The library will now
offer and use your mechanism.  The internal mechanisms use the same
interface.  This is the first step toward a dynamic dl_open()
approach.

** A few memory leaks fixed.

** Translation fixes.

** Libtool's -export-symbols-regex is now used to only export official APIs.
Before, applications might accidentally access internal functions.
Note that this is not supported on all platforms, so you must still
make sure you are not using undocumented symbols in Libgsasl.

** API and ABI modifications.
The only non-backwards compatible change is for gsasl_encode and
gsasl_decode, see above.  The library is both source and binary
backwards compatible otherwise, although some functions have been
deprecated in favor of new functions.

gsasl_encode, gsasl_decode: MODIFIED.  Now allocate the output parameter.
gsasl_encode_inline, gsasl_decode_inline: ADD, DEPRECATED.
  Same as the old gsasl_encode and gsasl_decode, to simplify conversion.

gsasl_server_suggest_mechanism: DEPRECATED.  This was a thinko, there
  is never a need for something like this function.

Gsasl_callback: ADD.  New function prototype.
gsasl_callback_set: ADD.  New functions.
gsasl_callback: ADD.  New functions.
GSASL_NO_CALLBACK, GSASL_NO_ANONYMOUS_TOKEN: ADD.  New error codes.

Gsasl_client_callback_anonymous,
Gsasl_client_callback_authentication_id,
Gsasl_client_callback_authorization_id,
Gsasl_client_callback_password,
Gsasl_client_callback_passcode,
Gsasl_client_callback_pin,
Gsasl_client_callback_service,
Gsasl_client_callback_qop,
Gsasl_client_callback_maxbuf,
Gsasl_client_callback_realm,
Gsasl_server_callback_retrieve,
Gsasl_server_callback_validate,
Gsasl_server_callback_gssapi,
Gsasl_server_callback_securid,
Gsasl_server_callback_cram_md5,
Gsasl_server_callback_digest_md5,
Gsasl_server_callback_service,
Gsasl_server_callback_external,
Gsasl_server_callback_anonymous,
Gsasl_server_callback_realm,
Gsasl_server_callback_qop,
Gsasl_server_callback_maxbuf,
Gsasl_server_callback_cipher: DEPRECATED.  Old callback function prototypes.
gsasl_client_callback_*,
gsasl_server_callback_*: DEPRECATED.  Old callback set/get interface.

Gsasl_property, GSASL_CLIENT_*, GSASL_SERVER_*: ADD.  New enumerated type.
gsasl_property_set, gsasl_property_set_raw,
gsasl_property_get, gsasl_property_fast: ADD.  New functions.

gsasl_application_data_get, gsasl_application_data_set: DEPRECATED.
gsasl_appinfo_get, gsasl_appinfo_set: DEPRECATED.
gsasl_callback_hook_get, gsasl_callback_hook_set: ADD.  Replaces
  previous functions.

Gsasl_init_function, Gsasl_done_function, Gsasl_code_function,
Gsasl_start_function, Gsasl_step_function, Gsasl_finish_function: ADD.
Gsasl_mechanism_functions, Gsasl_mechanism: ADD.
gsasl_register: ADD.

gsasl_ctx_get: DEPRECATED.  Not useful, application callback now get both
  library and session context.

* Version 0.1.4 (released 2004-08-08)

** Fix various compile time warnings.

** Revamp of gnulib compatibility files.

** More translations.
French (by Michel Robitaille), Dutch (by Elros Cyriatan), Polish (by
Jakub Bogusz), and Romanian (by Laurentiu Buzdugan).

** API and ABI modifications.
No changes since last version.

* Version 0.1.3 (released 2004-08-04)

** API and ABI modifications.
No changes since last version.

* Version 0.1.2 (released 2004-07-16)

** Cross compile builds should work.
It should work for any sane cross compile target, but the only tested
platform is uClibc/uClinux on Motorola Coldfire.

** API and ABI modifications.
No changes since last version.

* Version 0.1.1 (released 2004-06-26)

** gsasl_client_suggest_mechanism and gsasl_server_suggest_mechanism now work.
Earlier they were not implemented at all.

** GSS-API now support data integrity and privacy options (experimental!).

** Internal crypto framework rehashed.
Now the selection between Nettle/Libgcrypt happens inside crypto/, and
gc.h is the generic header that is used by the rest of the package.

** API and ABI modifications.
gsasl_random: ADD.
gsasl_nonce: ADD.
gsasl_randomize: DEPRECATED.  Use either gsasl_random or gsasl_nonce.

* Version 0.1.0 (released 2004-04-16)

** The library re-licensed to LGPL and distributed as a separate package.
This means a fork of this NEWS file, all the entries below relate to
the combined work of earlier versions.  New entries above only
document user visible aspects of the library ("libgsasl"); for
information about the command line interface and other things
("gsasl") see the NEWS file in the gsasl distribution.  To make
matters more confusing, the "gsasl" distribution includes a copy of
the "libgsasl" distribution.

** API and ABI modifications.
No changes since last version.

* Version 0.0.14 (released 2004-01-22)

** Moved all mechanism specific code into sub-directories of lib/.
Each backend is built into its own library (e.g., libgsasl-plain.so),
to facilitate future possible use of dlopen to dynamically load
backends.

** Moved compatibility files (getopt*) to gl/, and added more (strdup*).

* Version 0.0.13 (released 2004-01-17)

** Nettle (the crypto functionality, crypto/) has been updated.
This fixes two portability issues, the new code should work on
platforms that doesn't have inttypes.h and alloca.

* Version 0.0.12 (released 2004-01-15)

** Protocol line parser in 'gsasl' tool more reliable.
Earlier it assumed two lines were sent in one packet in one place, and
sent as two packets in another place.

** Various bugfixes.

* Version 0.0.11 (released 2004-01-06)

** The client part of CRAM-MD5 now uses SASLprep instead of NFKC.
This aligns with draft-ietf-sasl-crammd5-01.

** The CRAM-MD5 challenge string now conform to the proper syntax.

** The string preparation (SASLprep and trace) functions now work correctly.

** DocBook manuals no longer included.
The reason is that recent DocBook tools from the distribution I use
(Debian) fails with an error.  DocBook manuals may be included in the
future, if I can get the tools to work.

** API and ABI modifications.
GSASL_SASLPREP_ERROR: ADD.

* Version 0.0.10 (released 2003-11-22)

** The CRAM-MD5 server now reject invalid passwords.
The logic flaw was introduced in 0.0.9, after blindly making code
changes to shut up valgrind just before the release.

** Various build improvements.
Pkg-config is no longer needed.  GTK-DOC is only used if present.

* Version 0.0.9 (released 2003-11-21)

** Command line client can talk to SMTP servers with --smtp.

** DocBook manuals in XML, PDF, PostScript, ASCII and HTML formats included.

** Token parser in DIGEST-MD5 fixed, improve interoperability of DIGEST-MD5.

** Libgcrypt >= 1.1.42 is used if available (for CRAM-MD5 and DIGEST-MD5).
The previous libgcrypt API is no longer supported.

** CRAM-MD5 and DIGEST-MD5 no longer require libgcrypt (but can still use it).
If libgcrypt 1.1.42 or later is not found, it uses a minimalistic
cryptographic library based on Nettle, from crypto/.  Currently only
MD5 and HMAC-MD5 is needed, making a dependence on libgcrypt overkill.

** Listing supported server mechanisms with gsasl_server_mechlist work.

** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.

** Source code for each SASL mechanism moved to its own sub-directory in lib/.

** The command line interface now uses getopt instead of argp.
The reason is portability, this also means we no longer use gnulib.

** API and ABI modifications.
gsasl_randomize: ADD.
gsasl_md5: ADD.
gsasl_hmac_md5: ADD.

gsasl_hexdump: REMOVED.  Never intended to be exported.

gsasl_step: ADD.
gsasl_step64: ADD.
gsasl_client_step: DEPRECATED: use gsasl_step instead.
gsasl_server_step: DEPRECATED: use gsasl_step instead.
gsasl_client_step_base64: DEPRECATED: use gsasl_step64 instead.
gsasl_server_step_base64: DEPRECATED: use gsasl_step64 instead.

gsasl_finish: ADD.
gsasl_client_finish: DEPRECATED: use gsasl_finish instead.
gsasl_server_finish: DEPRECATED: use gsasl_finish instead.

gsasl_ctx_get: ADD.
gsasl_client_ctx_get: DEPRECATED: use gsasl_ctx_get instead.
gsasl_server_ctx_get: DEPRECATED: use gsasl_ctx_get instead.

gsasl_appinfo_get: ADD.
gsasl_appinfo_set: ADD.
gsasl_client_application_data_get: DEPRECATED: use gsasl_appinfo_get instead.
gsasl_client_application_data_set: DEPRECATED: use gsasl_appinfo_set instead.
gsasl_server_application_data_get: DEPRECATED: use gsasl_appinfo_get instead.
gsasl_server_application_data_set: DEPRECATED: use gsasl_appinfo_set instead.

Gsasl: ADD.
Gsasl_ctx: DEPRECATED: use Gsasl instead.
Gsasl_session: ADD.
Gsasl_session_ctx: DEPRECATED: use Gsasl_session instead.

GSASL_CRYPTO_ERROR: ADD, replaces deprecated GSASL_LIBGCRYPT_ERROR.
GSASL_LIBGCRYPT_ERROR: DEPRECATED: use GSASL_CRYPTO_ERROR instead.

GSASL_KERBEROS_V5_INTERNAL_ERROR: ADD, replaces deprecated GSASL_SHISHI_ERROR.
GSASL_SHISHI_ERROR: DEPRECATED: use GSASL_KERBEROS_V5_INTERNAL_ERROR instead.

GSASL_INVALID_HANDLE: ADD.

* Version 0.0.8 (released 2003-10-11)

** Improved GSSAPI implementation detection.
Auto detection should work, unless you have both MIT and Heimdal, or
wish to override the default that prefer GSS over Heimdal over MIT.
In that case, use --enable-gssapi=mit or --enable-gssapi=heimdal.

** GNU SASL contain APIs for internationalized string processing via SASLprep.
You no longer have to use Libidn directly.

** Man pages for all public functions are included.

** GNULib is used for compatibility functions.
The directory gl/ is dedicated for GNULib functions, and replace the
earlier ad-hoc usage of argp, memset, etc.

** GNU SASL will be C89 compatible.
The library itself (lib/*) only use C89.  The remaining parts (src/
and tests/) can use C89 and any functionality from GNULib.  This
decision may be revised in the future, if it turns out there are
problems with this.

** Improvements for embedded or otherwise limited systems.
The math library (-lm) is no longer required.  All client code can be
disabled by --disable-client, and all server code can be disabled by
--disable-server.  The internationalized string processing library can
be disabled by --without-stringprep.

** Gettext 0.12.1 and Libtool 1.5 is used.

** Libgcrypt from CVS (1.1.42) is not supported.
Recent libgcrypt is API incompatible with earlier released versions.
If a too recent version is installed, it will not be used.

** Fix command line tool '--connect --imap' on Solaris.

** Bug fixes.

** API and ABI modifications.
Gsasl_client_callback_maxbuf: CHANGED: 'int' was replaced with 'size_t'.
Gsasl_server_callback_maxbuf: CHANGED: 'int' was replaced with 'size_t'.
gsasl_client_mechlist: NEW.
gsasl_server_mechlist: NEW.
gsasl_client_listmech: DEPRECATED: use gsasl_client_mechlist instead.
gsasl_server_listmech: DEPRECATED: use gsasl_server_mechlist instead.
gsasl_stringprep_nfkc: NEW.
gsasl_stringprep_saslprep: NEW.
gsasl_stringprep_trace: NEW.

* Version 0.0.7 (released 2003-06-02)

** Two new GSS libraries supported for the GSS-API mechanism.
See http://josefsson.org/gss/ for GSS, which uses Shishi for Kerberos 5.
See http://www.pdc.kth.se/heimdal/ for Heimdal (Kerberos 5).

** Bug fixes.

* Version 0.0.6 (released 2003-03-17)

** Gettext not included.
Due to some conflicts between libtool and gettext, if you want i18n on
platforms that does not already have a useful gettext implementation,
you must install GNU gettext before building this package.  If you
don't care about i18n, this package should work fine (except for i18n,
of course).

** Rudimentary support for KERBEROS_V5.
Only enable if you want to write code.  This adds two new API errors;
GSASL_KERBEROS_V5_INIT_ERROR, GSASL_SHISHI_ERROR.

** Added API function: gsasl_client_callback_realm_set.
Specifies which realm the client belongs to.

** Bugfixes.
User visible aspects includes not building the API Reference Manual
with GTK-DOC by default, if you want it use configure parameter
--enable-gtk-doc.

* Version 0.0.5 (released 2003-01-27)

** Command line application "gsasl" now supports --imap and --connect.
The --imap parameter makes it use a IMAP-like negotiation on
stdin/stdout.  The --connect parameter makes it connect to a host over
TCP, and talk to it instead of stdin/stdout.  This allows it to be
used as a simple test tool to connect to IMAP servers.  Currently
integrity and confidentiality is not working properly, so if you use
DIGEST-MD5 you currently have to specify --quality-of-protection=auth.

** Texinfo documentation added for command line tool.

** Libgcrypt initialization no longer causes a warning to be printed.

** Added API reference manual in HTML format, generated using GTK-DOC.
See doc/reference/, in particular doc/reference/html/index.html.

** GNU Libidn replaces Libstringprep.
Although it is still stored in the libstringprep/ directory for CVS
reasons.

** Bug fixes for DIGEST-MD5 and GSSAPI.

* Version 0.0.4 (released 2002-12-13)

** License changed to GPL.

** Official GNU project.

* Version 0.0.3 (released 2002-12-05)

** New gsasl arguments --application-data and --no-client-first.

** Bug fixes (client sends first, memory leaks, compiler warnings, more).

* Version 0.0.2 (released 2002-11-07)

** Includes a copy of libstringprep 0.0.2 for Unicode NFKC
normalization and locale charset to UTF-8 string conversion, and
preparation for the future if a SASL Stringprep profile is created.
If libstringprep is already installed, it is used by default.  You can
force the use of the internal version with
--without-system-libstringprep.

** Uses pkg-config instead of libgsasl.m4 + libgsasl-config.in, and
for finding libntlm (requires libntlm 0.3.1 or later).

** Self tests for several mechanisms.

** The API now allows mechanisms to return data even when returning
GSASL_OK (earlier only on GSASL_NEEDS_MORE).

** Bug fixes.

* Version 0.0.1 (released 2002-10-12)

** APIs for integrity and confidentiality protection of application
payload data.

** DIGEST-MD5 support for integrity protection.

* Version 0.0.0 (released 2002-10-07)

** Initial release.

----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.

;;; Local Variables: ***
;;; mode:outline ***
;;; mode:flyspell ***
;;; End: ***