1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
|
2.1900 2025-08-05
[Fixed]
- CVE-2025-40918 (Insecure source of randomness),
required addition of dependency on Crypt::URandom
[Changed]
- Modules Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5
and Authen::SASL::CRAM_MD5 marked as deprecated based on the respective
RFC documents; thanks to @robrwo for the suggestion and @neustradamus
for the pointers to the documentation
- Update module metadata to point to the new 'perl-authen-sasl' org
on GitHub to which the modules moved
- Use VERSION declarations in 'package' statements, since our minimum
Perl version is 5.14 anyway
2.1800 2025-04-25
[Changed]
- Minimum required Perl version 5.14+ (from 5.6.0);
Digest::HMAC_MD5 was 5.8.1, making 5.8.1 the effective minimum
- Move example code to the eg/ directory
[Added]
- Mechanisms XOAUTH2 and OAUTHBEARER added
- Include mechanisms available on server when
negotiation fails on the client
- Add `_acceptable()` function to allow mechanism
implementation classes to decline selection based
on the callback values
2.1700 2023-08-09
[Fixed]
- Version numbering (released as 2.1700,
because 2.17 < 2.1401)
- POD errors
- Typos
- Minimum Perl version 5.005 -> 5.6.0
- Kwalitee errors
* Accidentally packaged MYMETA.*
* 'use warnings;' added in all modules
* Synchronized versions in all modules
- Out of bounds substr() (RT 85294)
[Added]
- README
- More tests
[Changed]
- Release switched from EUMM to D::Z
[Removed]
- Authen::SASL::Cyrus is no longer loaded as
an implementation; Authen::SASL::XS has been
the successor for more than a decade
Authen-SASL 2.16 -- Tue Sep 4 11:01:18 CDT 2012
* SASL.pod: fix typo [Peter Marschall]
* Perl.pm: avoid warning on "uninitialized value" [Peter Marschall]
Authen-SASL 2.15 -- Wed Jun 2 13:47:41 CDT 2010
* Makes sure that user callbacks are called [Yann Kerherve]
Authen-SASL 2.1401 -- Mon Mar 29 14:22:54 CDT 2010
* Add META.yml to release
Authen-SASL 2.14 -- Thu Mar 11 08:21:07 CST 2010
* Documentation updates [Yann Kerherve]
* Added server API description [Yann Kerherve]
* Bugfixes to LOGIN, PLAIN and DIGEST_MD5 [Yann Kerherve]
* Added server support for LOGIN, PLAINaand DIGEST_MD5 [Yann Kerherve]
* Compatiblity with Authen::SASL::XS [Yann Kerherve]
Authen-SASL 2.13 -- Thu Sep 24 17:27:47 CDT 2009
* RT#42191 Only use pass for GSSAPI credentials if it is an object of type GSSAPI::Cred
* RT#675 Authorization with Authen::SASL::Perl::External
* Call client_new and server_new inside eval so further plugins can be tried before failing
* Prefer to use Authen::SASL::XS over Authen::SASL::Cyrus
Authen-SASL 2.12 -- Mon Jun 30 21:35:21 CDT 2008
Enhancements
* GSSAPI implement protocol according to RFC, but by default, remain compatible with cyrus sasl lib
* DIGEST-MD5 implement channel encryption layer
Authen-SASL 2.11 -- Mon Apr 21 10:23:19 CDT 2008
Enhancements
* implement securesocket() in the ::Perl set of plugins
Bug Fixes
* fix parsing challenges from GnuSASL
* update tests for DIGEST-MD5
* New test from Phil Pennock for testing final server response
Authen-SASL 2.10 -- Sat Mar 25 13:11:47 CST 2006
Enhancements
* Added Authen::SASL::Perl::GSSAPI
* Added error method to Authen::SASL to obtain error from last connection
Bug Fixes
* Authen::SASL::Perl::DIGEST_MD5
- Fixed response to server to pass digest-uri
- Correct un-escaping behaviour when reading the challenge,
- check for required fields (according to the RFC),
- allow for qop not to be sent from the server (according to the RFC),
- add a callback for the realm.
Authen-SASL 2.09 -- Tue Apr 26 06:55:10 CDT 2005
Enhancements
* authname support in Authen::SASL::Perl::DIGEST_MD5
* flexible plugin selection in Authen::SASL using import()
i.e. use Authen::SASL qw(Authen::SASL::Cyrus);
* new documentation for
- Authen::SASL::Perl::ANONYMOUS
- Authen::SASL::Perl::CRAM_MD5
- Authen::SASL::Perl::EXTERNAL
- Authen::SASL::Perl::LOGIN
- Authen::SASL::Perl::PLAIN
- Authen::SASL::Perl
* updates in the tests
Authen-SASL 2.08 -- Tue May 25 11:24:21 BST 2004
Bug Fixes
* Fix the handling of qop in Digest-MD5
Authen-SASL 2.07 -- Sat Apr 10 09:06:21 BST 2004
Bug Fixes
* Fixed test bug if Digest::HMAC_MD5 was not installed
* Fixed order of values sent in the PLAIN mechanism
Enhancements
* Added support in the framework for server-side plugins
2003-11-01 18:48 Graham Barr
* lib/Authen/SASL.pm:
Release 2.06
2003-10-21 19:59 Graham Barr
* MANIFEST, lib/Authen/SASL/Perl.pm,
lib/Authen/SASL/Perl/ANONYMOUS.pm,
lib/Authen/SASL/Perl/CRAM_MD5.pm,
lib/Authen/SASL/Perl/DIGEST_MD5.pm,
lib/Authen/SASL/Perl/EXTERNAL.pm, lib/Authen/SASL/Perl/LOGIN.pm,
lib/Authen/SASL/Perl/PLAIN.pm, t/order.t:
Add ordering so we always pich the best of the available methods instead of
just the first
2003-10-17 22:12 Graham Barr
* lib/Authen/SASL.pm:
Release 2.05
2003-10-17 22:06 Graham Barr
* MANIFEST, Makefile.PL:
use Module::Install to generate Makefile and add SIGNATURE and META.yml
2003-10-17 21:19 Graham Barr
* lib/Authen/SASL/Perl/DIGEST_MD5.pm:
Fix typo
2003-10-17 21:17 Graham Barr
* lib/Authen/SASL/: Perl.pm, Perl/DIGEST_MD5.pm:
Don't call die in DIGEST_MD5, but call set_error and return an empty list
2003-10-17 21:16 Graham Barr
* lib/Authen/SASL.pod:
Update docs to reflect that client_start and client_step return an emtpy list on error
2003-05-19 22:41 Graham Barr
* lib/Authen/SASL.pm:
Release 2.04
2003-05-19 22:40 Graham Barr
* t/digest_md5.t:
Avoid used only once warning
2003-05-19 17:06 Graham Barr
* MANIFEST, lib/Authen/SASL/Perl/DIGEST_MD5.pm, t/digest_md5.t:
Add DIGEST-MD5 mechanism
2003-05-19 16:42 Graham Barr
* MANIFEST, t/login.t:
Add test for login mechanism
2003-01-21 19:15 Graham Barr
* lib/Authen/SASL.pm:
Release 2.03
2003-01-21 12:22 Graham Barr
* lib/Authen/SASL/Perl/LOGIN.pm:
Fix LOGIN mechanism to respond with the username when prompted
2002-05-28 15:22 Graham Barr
* lib/Authen/SASL.pm:
Release 2.02
2002-05-28 14:36 Graham Barr
* MANIFEST, lib/Authen/SASL/Perl/LOGIN.pm:
Add LOGIN mechanism commonly used by SMTP
2002-03-31 15:39 Graham Barr
* lib/Authen/SASL.pm:
Release 2.01
2002-03-22 10:13 Graham Barr
* t/cram_md5.t:
Skip cram_md5 test if Digest::HMAC_MD5 is not installed
2002-02-18 16:56 Graham Barr
* lib/Authen/SASL/Perl.pm:
Add securesocket to the ::Perl base class.
2002-01-28 19:52 Graham Barr
* MANIFEST, lib/Authen/SASL.pm, t/anon.t, t/callback.t,
t/cram_md5.t, t/external.t, t/plain.t:
Add some tests
2002-01-24 15:21 Graham Barr
* lib/Authen/SASL/Perl.pm:
Allow callback to be called on the connection object
2002-01-24 12:04 Graham Barr
* MANIFEST, Makefile.PL, api.txt, compat_pl, example_pl,
lib/Authen/SASL.pm, lib/Authen/SASL.pod,
lib/Authen/SASL/CRAM_MD5.pm, lib/Authen/SASL/EXTERNAL.pm,
lib/Authen/SASL/Perl.pm, lib/Authen/SASL/Perl/ANONYMOUS.pm,
lib/Authen/SASL/Perl/CRAM_MD5.pm, lib/Authen/SASL/Perl/EXTERNAL.pm,
lib/Authen/SASL/Perl/PLAIN.pm:
Initial revision
2002-01-24 12:04 Graham Barr
* MANIFEST, Makefile.PL, api.txt, compat_pl, example_pl,
lib/Authen/SASL.pm, lib/Authen/SASL.pod,
lib/Authen/SASL/CRAM_MD5.pm, lib/Authen/SASL/EXTERNAL.pm,
lib/Authen/SASL/Perl.pm, lib/Authen/SASL/Perl/ANONYMOUS.pm,
lib/Authen/SASL/Perl/CRAM_MD5.pm, lib/Authen/SASL/Perl/EXTERNAL.pm,
lib/Authen/SASL/Perl/PLAIN.pm:
import
|
