Linux Today: Linux News On Internet Time.

Release Digest: GNU, January 16, 2004

Jan 16, 2004, 23:30 (0 Talkback[s])

Shishi 0.0.13 alpha

Shishi is an implementation of the Kerberos 5 network authentication system. Shishi can be used to authenticate users in distributed systems.

The project page of the library is available at: http://www.gnu.org/software/shishi/

Here are the compressed sources:
ftp://alpha.gnu.org/gnu/shishi/shishi-0.0.13.tar.gz (2.5MB)
http://josefsson.org/shishi/releases/shishi-0.0.13.tar.gz (2.5MB)

Here are GPG detached signatures using key 0xB565716F: ftp://alpha.gnu.org/gnu/shishi/shishi-0.0.13.tar.gz.sig

Here are the build reports for various platforms: http://josefsson.org/autobuild/shishi.html

Here are the MD5 checksums:
fd240f295f58b201112bfbac5fca4bcb shishi-0.0.13.tar.gz
f91c32f430e96e854613211bdb5a0609 shishi-0.0.13.tar.gz.sig

Noteworthy changes (since 0.0.9, last version announced here):

  • Version 0.0.13 (released 2004-01-15)
    • Fixed salt calculation in shisa. The earlier salt computed was incorrect, so existing keys in your Shisa database, that were derived from passwords, are incorrect, and should be changed.
    • Fixed shisa key file parser to handle keys with leading whitespace. The parser used fscanf, which skip whitespace. If your cryptographic key (not passwords), in binary format, had leading whitespace, it would fail to read the correct key.
    • Fix shishid crash on startup when sockets can't be opened.
    • Various minor bugfixes.
  • Version 0.0.12 (released 2004-01-02)
    • The user database library Shisa has been improved. Shisa now support multiple keys for users, and you can now selectively add and remove keys via the command line interface.
    • The Shishi client and Shishid KDC now support TLS resumption. This improve TLS handshake speed, in particular for the normal AS plus TGS combination. Currently the TLS resume database is only stored in memory, so if either the client or server process is restarted, the TLS resume information is lost. This add --resume-limit to Shishid, which can be used to specify the size of the TLS resume database (or to disable it).
    • The KDC has been cleaned up and the error handling is more robust.
    • The Shisa programming API is documented in the manual.
  • Version 0.0.11 (released 2003-12-21)
    • The Shishi library now support X.509 authenticated KDC connections via TLS. The client currently do not check server authentication, however this is no worse than existing UDP/TCP connections. If client certificates are available, the X.509 client certificate is simply sent (via TLS handshake) to the KDC for possible pre-authentication purposes.
    • The KDC now support X.509 authentication. If server certificates are available, X.509 authenticated TLS may be negotiated. The KDC currently only use the client certificate details for logging purposes. However, it do verify client certificate against CA certificates, if those are available.
    • The KDC has been cleaned up and the error handling is more robust.
  • Version 0.0.10 (released 2003-12-16)
    • The TLS support in Shishid now works.
    • All command line interfaces now uses getopt instead of argp.

3DLDF Release

Release of 3DLDF

3DLDF is a GNU package for three-dimensional drawing with MetaPost output.

It is available from http://ftp.gnu.org/gnu/3dldf and other ftp servers.
Please see the author's website,




for more information.

  • Added missing Texinfo files to the `3dldf_TEXINFOS' variable in `3DLDF-', and reordered the filenames.
  • Changed the names of the PNG (Portable Network Graphics) files included in the HTML version of the _3DLDF User and Reference Manual_. Changed the names in the commands for including these files in the Texinfo files. I wasn't able to write some of the files with the old names to a CD-R (Compact Disk, Recordable).

GNU Automake 1.8.2

We're pleased to announce the release of Automake 1.8.2.

Automake is a tool for automatically generating `Makefile.in's suitable for use with Autoconf, compliant with the GNU Makefile standards, and portable to various make implementations.

This is a bug fix release for the Automake 1.8 series. It supersedes Automake 1.8.1, which was not announced here because of a serious bug discovered immediately after its release. Appended is the list of bugs fixed between 1.8 and 1.8.2

You can find the new release here:


MD5 checksums:

7a8138b29361baec06548e6a0ac63189 automake-1.8.2.tar.bz2
181b4218ccd604898956f74f5877eb35 automake-1.8.2.tar.gz

Soon it will also appear on the sources and GNU mirrors listed here:


Please report bugs to <bug-automake@gnu.org>.

Bug fixed in 1.8.2:

  • Bugs introduced by 1.8:
    • Fix Config.pm import error with old Perl versions (at least 5.005_03). One symptom is that aclocal could not find its macro directory.
    • Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories created by `make install' are always world readable, even if the installer happens to have an overly restrictive umask (e.g. 077). This was a mistake and has been reverted. There are at least two reasons why we must not use `-m 0755':
      • it causes special bits like SGID to be ignored,
      • it may be too restrictive (some setups expect 775 directories).
    • Fix aclocal to honor definitions located in files which have been m4_included manually. aclocal 1.8 had been updated to check m4_included files for new requirements, but forgot that these m4_included files can also provide new definitions.

      Note that if you have such a setup, we recommend you get rid of it. In the past, there was a reason to m4_include files manually: aclocal used to duplicate entire M4 files into aclocal.m4, even files that were distributed. Some packages were therefore m4_including the distributed file directly, and playing some tricks to ensure aclocal would not copy that file to aclocal.m4, in order to limit the amount of duplication. Since aclocal 1.8.x will precisely output m4_includes for local M4 files, we recommend that you clean up your setup, removing all manual m4_includes and letting aclocal output them.

  • Output detailed menus in the Info version if the Automake manual, so that Emacs can locate the indexes.
  • configure.ac and configure were listed twice in DIST_COMMON (an internal variable where Automake lists configury files to distribute). This was harmless, but unaesthetic.
  • Use `chmod a-w' instead of `chmod -w' as the latter honors umask. This was an issue only in the Automake package itself, not in its output.
  • Automake assumed that all AC_CONFIG_LINKS arguments had the form DEST:SRC. This was wrong, as some packages do AC_CONFIG_LINKS($computedlinks). This version no longer abort in that situation.
  • Contrary to mkinstalldirs, $(mkdir_p) was expecting exactly one argument. This caused two kinds of failures:
    • Rules installing data in a conditionally defined directory failed when that directory was undefined. In this case no argument was supplied.
    • `make installdirs' failed, because several directories were passed to $(mkdir_p). This was an issue only on platform were $(mkdir_p) is implemented with `install-sh -d'. $(mkdir_p) as been changed to accept 0 or more arguments, as mkinstalldirs did.
      • Long-standing bugs:
  • Fix an unexpected diagnostic occurring when users attempt to override some internal variables that Automake appends to.
  • aclocal now scans configure.ac for macro definitions (PR/319).
  • Fix a portability issue with OSF1/Tru64 Make. If a directory distributes files which are outside itself (this usually occurs when using AC_CONFIG_AUX_DIR([../dir]) to use auxiliary files from a parent package), then `make distcheck' fails due to an optimization performed by OSF1/Tru64 Make in its VPATH handling. (tests/subpkg2.test failure)
  • Fix another portability issue with Sun and OSF1/Tru64 Make. In a VPATH-build configuration, `make install' would install nobase_ files to wrong locations.
  • Fix a Perl `uninitialized value' diagnostic occurring when automake complains that a Texinfo file does not have a @setfilename statement.
  • Erase config.status.lineno/ during `make distclean'. This file can be created by config.status. Automake already knew about configure.lineno, but forgot config.status.lineno/.
  • Distribute all files, even those which are built and installed conditionally. This change affects files listed in conditionally defined *_HEADERS and *_PYTHON variable (unless they are nodist_*) as well as those listed in conditionally defined dist_*_DATA, dist_*_JAVA, dist_*_LISP, and dist_*_SCRIPTS variables.
  • Fix AM_PATH_LISPDIR to avoid ? in sed regular expressions; it doesn't conform to POSIX.
  • Normalize help strings for configure variables and options added by Automake macros.
  • Fix install rules for conditionally built python files.
    • Anticipation:
  • Check for python2.4 in AM_PATH_PYTHON.
    • Spurious failures in test suite:
  • tests/libtool5.test, tests/ltcond.test, tests/ltcond2.test, tests/ltconv.test: fix failures with CVS Libtool.
  • tests/aclocal6.test: fix failure if autom4te.cache is disabled.
  • tests/txinfo24.test, tests/txinfo25.test, tests/txinfo28.test: fix failures with old Texinfo versions.

GNU SASL 0.0.12 alpha

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers.

The project page of the library is available at: http://www.gnu.org/software/gsasl/

Here are the compressed sources:
ftp://alpha.gnu.org/gnu/gsasl/gsasl-0.0.12.tar.gz (1.3MB)
http://josefsson.org/gsasl/releases/gsasl-0.0.12.tar.gz (1.3MB)

Here are GPG detached signatures using key 0xB565716F:

Here are the build reports for various platforms: http://josefsson.org/autobuild/gsasl.html

Here are the MD5 checksums:

a8960acdb90b63046b28e2defb20a125 gsasl-0.0.12.tar.gz
b5c7ed56df02112b0c2ef8514fe5d6da gsasl-0.0.12.tar.gz.sig

Noteworthy changes (since 0.0.10, last version announced here):

  • Changes in 0.0.12 (released 2004-01-15)
    • Protocol line parser in 'gsasl' tool more reliable. Earlier it assumed two lines were sent in one packet in one place, and sent as two packets in another place.
    • Various bugfixes.
  • Changes in 0.0.11 (released 2004-01-06)
    • The client part of CRAM-MD5 now uses SASLprep instead of NFKC. This aligns with draft-ietf-sasl-crammd5-01.
    • The CRAM-MD5 challenge string now conform to the proper syntax.
    • The string preparation (SASLprep and trace) functions now work correctly.
    • DocBook manuals no longer included. The reason is that recent DocBook tools from the distribution I use (Debian) fails with an error. DocBook manuals may be included in the future, if I can get the tools to work.
    • API and ABI modifications.

GNU Generic Security Service Library 0.0.9 alpha

GSS is an implementation of the Generic Security Service Application Program Interface (GSS-API). GSS-API is used by network servers to provide security services, e.g., to authenticate SMTP/IMAP clients against SMTP/IMAP servers. GSS consists of a library and a manual.

The project page of the library is available at:

Here are the compressed sources:
ftp://alpha.gnu.org/gnu/gss/gss-0.0.9.tar.gz (1.2MB)
http://josefsson.org/gss/releases/gss-0.0.9.tar.gz (1.2MB)

Here are GPG detached signatures using key 0xB565716F: ftp://alpha.gnu.org/gnu/gss/gss-0.0.9.tar.gz.sig http://josefsson.org/gss/releases/gss-0.0.9.tar.gz.sig

Here are the build reports for various platforms: http://josefsson.org/autobuild/gss.html

Here are the MD5 checksums:

b054b5732273b25de28cf3ebaf2569a7 gss-0.0.9.tar.gz
92e43720a5342ec72885d3015c247530 gss-0.0.9.tar.gz.sig

Noteworthy changes (since 0.0.7, last version announced here):

  • Changes in 0.0.9 (released 2004-01-15)
    • Implemented gss_exportname and gss_krb5_inquire_credby_mech. The Kerberos 5 backend also support them.
    • gss_inquire_cred support default credentials.
    • Kerberos 5 gss_canonicalize_name now support all mandatory name types.
    • Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ.
    • Added new extended function API: gss_userok. This is the same as invoking gss_export_name on a name, removing the OID, and then comparing the remaining material using memcmp.
    • API documentation in HTML format from GTK-DOC included in doc/reference/.
  • Changes in 0.0.8 (released 2004-01-11)
    • Moved all backend specific code into sub-directories of lib/. This means everything related to the Kerberos 5 backend is now located in lib/krb5/. The backend is built into its own library (libgss-shishi.so), to facilitate future possible use of dlopen to dynamically load backends.
    • The gss_duplicate_name function now allocate the output result properly.
    • Man pages for all public functions are included.
    • Documentation fixes. For example, all official APIs are now documented.