Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Authen-SASL for
openSUSE:Factory checked in at 2025-08-25 20:36:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Authen-SASL (Old)
and /work/SRC/openSUSE:Factory/.perl-Authen-SASL.new.30751 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Authen-SASL"
Mon Aug 25 20:36:44 2025 rev:31 rq:1301194 version:2.190.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Authen-SASL/perl-Authen-SASL.changes
2025-07-25 17:04:01.734035167 +0200
+++
/work/SRC/openSUSE:Factory/.perl-Authen-SASL.new.30751/perl-Authen-SASL.changes
2025-08-25 20:37:28.198512079 +0200
@@ -1,0 +2,12 @@
+Fri Aug 22 20:27:29 UTC 2025 - Tina Müller <[email protected]>
+
+- Remove perl-Authen-SASL-CVE-2025-40918.patch (fixed upstream)
+ CVE-2025-40918 [bsc#1246623]
+
+-------------------------------------------------------------------
+Fri Aug 22 20:26:21 UTC 2025 - Tina Müller <[email protected]>
+
+- updated to 2.190.0 (2.1900)
+ see /usr/share/doc/packages/perl-Authen-SASL/Changes
+
+-------------------------------------------------------------------
Old:
----
Authen-SASL-2.1800.tar.gz
perl-Authen-SASL-CVE-2025-40918.patch
New:
----
Authen-SASL-2.1900.tar.gz
README.md
_scmsync.obsinfo
build.specials.obscpio
----------(Old B)----------
Old:
- Remove perl-Authen-SASL-CVE-2025-40918.patch (fixed upstream)
CVE-2025-40918 [bsc#1246623]
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Authen-SASL.spec ++++++
--- /var/tmp/diff_new_pack.DAwT8X/_old 2025-08-25 20:37:28.826538389 +0200
+++ /var/tmp/diff_new_pack.DAwT8X/_new 2025-08-25 20:37:28.826538389 +0200
@@ -18,17 +18,16 @@
%define cpan_name Authen-SASL
Name: perl-Authen-SASL
-Version: 2.180.0
+Version: 2.190.0
Release: 0
-# 2.1800 -> normalize -> 2.180.0
-%define cpan_version 2.1800
+# 2.1900 -> normalize -> 2.190.0
+%define cpan_version 2.1900
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: SASL Authentication framework
URL: https://metacpan.org/release/%{cpan_name}
Source0:
https://cpan.metacpan.org/authors/id/E/EH/EHUELS/%{cpan_name}-%{cpan_version}.tar.gz
Source1: cpanspec.yml
-# CVE-2025-40918 [bsc#1246623], insecurely generated client nonce
-Patch0: perl-Authen-SASL-CVE-2025-40918.patch
+Source100: README.md
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl-macros
++++++ Authen-SASL-2.1800.tar.gz -> Authen-SASL-2.1900.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/Changes
new/Authen-SASL-2.1900/Changes
--- old/Authen-SASL-2.1800/Changes 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/Changes 2025-08-05 15:22:13.000000000 +0200
@@ -1,5 +1,20 @@
-2.1800 TO BE RELEASED
+2.1900 2025-08-05
+ [Fixed]
+ - CVE-2025-40918 (Insecure source of randomness),
+ required addition of dependency on Crypt::URandom
+ [Changed]
+ - Modules Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5
+ and Authen::SASL::CRAM_MD5 marked as deprecated based on the respective
+ RFC documents; thanks to @robrwo for the suggestion and @neustradamus
+ for the pointers to the documentation
+ - Update module metadata to point to the new 'perl-authen-sasl' org
+ on GitHub to which the modules moved
+ - Use VERSION declarations in 'package' statements, since our minimum
+ Perl version is 5.14 anyway
+
+
+2.1800 2025-04-25
[Changed]
- Minimum required Perl version 5.14+ (from 5.6.0);
Digest::HMAC_MD5 was 5.8.1, making 5.8.1 the effective minimum
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/MANIFEST
new/Authen-SASL-2.1900/MANIFEST
--- old/Authen-SASL-2.1800/MANIFEST 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/MANIFEST 2025-08-05 15:22:13.000000000 +0200
@@ -1,4 +1,4 @@
-# This file was automatically generated by Dist::Zilla::Plugin::Manifest
v6.032.
+# This file was automatically generated by Dist::Zilla::Plugin::Manifest
v6.033.
Changes
LICENSE
MANIFEST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/META.json
new/Authen-SASL-2.1900/META.json
--- old/Authen-SASL-2.1800/META.json 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/META.json 2025-08-05 15:22:13.000000000 +0200
@@ -5,7 +5,7 @@
"Erik Huelsmann <[email protected]>"
],
"dynamic_config" : 0,
- "generated_by" : "Dist::Zilla version 6.032, CPAN::Meta::Converter version
2.150010",
+ "generated_by" : "Dist::Zilla version 6.033, CPAN::Meta::Converter version
2.150010",
"license" : [
"perl_5"
],
@@ -31,8 +31,8 @@
"GSSAPI" : "0"
},
"requires" : {
+ "Crypt::URandom" : "0",
"Digest::HMAC_MD5" : "0",
- "Digest::MD5" : "0",
"perl" : "v5.14.0"
}
},
@@ -48,70 +48,73 @@
"provides" : {
"Authen::SASL" : {
"file" : "lib/Authen/SASL.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::CRAM_MD5" : {
"file" : "lib/Authen/SASL/CRAM_MD5.pm",
- "version" : "2.1800"
+ "version" : "2.1900",
+ "x_deprecated" : 1
},
"Authen::SASL::EXTERNAL" : {
"file" : "lib/Authen/SASL/EXTERNAL.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl" : {
"file" : "lib/Authen/SASL/Perl.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::ANONYMOUS" : {
"file" : "lib/Authen/SASL/Perl/ANONYMOUS.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::CRAM_MD5" : {
"file" : "lib/Authen/SASL/Perl/CRAM_MD5.pm",
- "version" : "2.1800"
+ "version" : "2.1900",
+ "x_deprecated" : 1
},
"Authen::SASL::Perl::DIGEST_MD5" : {
"file" : "lib/Authen/SASL/Perl/DIGEST_MD5.pm",
- "version" : "2.1800"
+ "version" : "2.1900",
+ "x_deprecated" : 1
},
"Authen::SASL::Perl::EXTERNAL" : {
"file" : "lib/Authen/SASL/Perl/EXTERNAL.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::GSSAPI" : {
"file" : "lib/Authen/SASL/Perl/GSSAPI.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::LOGIN" : {
"file" : "lib/Authen/SASL/Perl/LOGIN.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::OAUTHBEARER" : {
"file" : "lib/Authen/SASL/Perl/OAUTHBEARER.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::PLAIN" : {
"file" : "lib/Authen/SASL/Perl/PLAIN.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
},
"Authen::SASL::Perl::XOAUTH2" : {
"file" : "lib/Authen/SASL/Perl/XOAUTH2.pm",
- "version" : "2.1800"
+ "version" : "2.1900"
}
},
"release_status" : "stable",
"resources" : {
"bugtracker" : {
- "web" : "https://github.com/gbarr/perl-authen-sasl/issues";
+ "web" : "https://github.com/perl-authen-sasl/perl-authen-sasl/issues";
},
- "homepage" : "https://github.com/gbarr/perl-authen-sasl/";,
+ "homepage" : "https://github.com/perl-authen-sasl/perl-authen-sasl/";,
"repository" : {
"type" : "git",
- "url" : "git://github.com/gbarr/perl-authen-sasl.git",
- "web" : "https://github.com/gbarr/perl-authen-sasl/";
+ "url" : "git://github.com/perl-authen-sasl/perl-authen-sasl.git",
+ "web" : "https://github.com/perl-authen-sasl/perl-authen-sasl/";
}
},
- "version" : "2.1800",
+ "version" : "2.1900",
"x_contributors" : [
"Aditya Garg <[email protected]>",
"Chris Ridd <[email protected]>",
@@ -121,12 +124,13 @@
"Paul Kranenburg <[email protected]>",
"Pete Houston <[email protected]>",
"Peter Marschall <[email protected]>",
+ "Robert Rothenberg <[email protected]>",
"Steven Lee <[email protected]>",
"Yann Kerherve <[email protected]>",
"openstrike <[email protected]>"
],
"x_generated_by_perl" : "v5.38.2",
- "x_serialization_backend" : "Cpanel::JSON::XS version 4.37",
+ "x_serialization_backend" : "Cpanel::JSON::XS version 4.39",
"x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/META.yml
new/Authen-SASL-2.1900/META.yml
--- old/Authen-SASL-2.1800/META.yml 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/META.yml 2025-08-05 15:22:13.000000000 +0200
@@ -11,7 +11,7 @@
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 0
-generated_by: 'Dist::Zilla version 6.032, CPAN::Meta::Converter version
2.150010'
+generated_by: 'Dist::Zilla version 6.033, CPAN::Meta::Converter version
2.150010'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -20,54 +20,57 @@
provides:
Authen::SASL:
file: lib/Authen/SASL.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::CRAM_MD5:
file: lib/Authen/SASL/CRAM_MD5.pm
- version: '2.1800'
+ version: '2.1900'
+ x_deprecated: 1
Authen::SASL::EXTERNAL:
file: lib/Authen/SASL/EXTERNAL.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl:
file: lib/Authen/SASL/Perl.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::ANONYMOUS:
file: lib/Authen/SASL/Perl/ANONYMOUS.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::CRAM_MD5:
file: lib/Authen/SASL/Perl/CRAM_MD5.pm
- version: '2.1800'
+ version: '2.1900'
+ x_deprecated: 1
Authen::SASL::Perl::DIGEST_MD5:
file: lib/Authen/SASL/Perl/DIGEST_MD5.pm
- version: '2.1800'
+ version: '2.1900'
+ x_deprecated: 1
Authen::SASL::Perl::EXTERNAL:
file: lib/Authen/SASL/Perl/EXTERNAL.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::GSSAPI:
file: lib/Authen/SASL/Perl/GSSAPI.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::LOGIN:
file: lib/Authen/SASL/Perl/LOGIN.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::OAUTHBEARER:
file: lib/Authen/SASL/Perl/OAUTHBEARER.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::PLAIN:
file: lib/Authen/SASL/Perl/PLAIN.pm
- version: '2.1800'
+ version: '2.1900'
Authen::SASL::Perl::XOAUTH2:
file: lib/Authen/SASL/Perl/XOAUTH2.pm
- version: '2.1800'
+ version: '2.1900'
recommends:
GSSAPI: '0'
requires:
+ Crypt::URandom: '0'
Digest::HMAC_MD5: '0'
- Digest::MD5: '0'
perl: v5.14.0
resources:
- bugtracker: https://github.com/gbarr/perl-authen-sasl/issues
- homepage: https://github.com/gbarr/perl-authen-sasl/
- repository: git://github.com/gbarr/perl-authen-sasl.git
-version: '2.1800'
+ bugtracker: https://github.com/perl-authen-sasl/perl-authen-sasl/issues
+ homepage: https://github.com/perl-authen-sasl/perl-authen-sasl/
+ repository: git://github.com/perl-authen-sasl/perl-authen-sasl.git
+version: '2.1900'
x_contributors:
- 'Aditya Garg <[email protected]>'
- 'Chris Ridd <[email protected]>'
@@ -77,9 +80,10 @@
- 'Paul Kranenburg <[email protected]>'
- 'Pete Houston <[email protected]>'
- 'Peter Marschall <[email protected]>'
+ - 'Robert Rothenberg <[email protected]>'
- 'Steven Lee <[email protected]>'
- 'Yann Kerherve <[email protected]>'
- 'openstrike <[email protected]>'
x_generated_by_perl: v5.38.2
-x_serialization_backend: 'YAML::Tiny version 1.74'
+x_serialization_backend: 'YAML::Tiny version 1.76'
x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/Makefile.PL
new/Authen-SASL-2.1900/Makefile.PL
--- old/Authen-SASL-2.1800/Makefile.PL 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/Makefile.PL 2025-08-05 15:22:13.000000000 +0200
@@ -1,4 +1,4 @@
-# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker
v6.032.
+# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker
v6.033.
use strict;
use warnings;
@@ -17,8 +17,8 @@
"MIN_PERL_VERSION" => "5.014000",
"NAME" => "Authen::SASL",
"PREREQ_PM" => {
- "Digest::HMAC_MD5" => 0,
- "Digest::MD5" => 0
+ "Crypt::URandom" => 0,
+ "Digest::HMAC_MD5" => 0
},
"TEST_REQUIRES" => {
"Pod::Coverage::TrustPod" => 0,
@@ -26,7 +26,7 @@
"Test::Pod" => 0,
"Test::Pod::Coverage" => 0
},
- "VERSION" => "2.1800",
+ "VERSION" => "2.1900",
"test" => {
"TESTS" => "t/*.t t/negotiations/*.t t/server/*.t"
}
@@ -34,8 +34,8 @@
my %FallbackPrereqs = (
+ "Crypt::URandom" => 0,
"Digest::HMAC_MD5" => 0,
- "Digest::MD5" => 0,
"Pod::Coverage::TrustPod" => 0,
"Test::More" => 0,
"Test::Pod" => 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/README
new/Authen-SASL-2.1900/README
--- old/Authen-SASL-2.1800/README 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/README 2025-08-05 15:22:13.000000000 +0200
@@ -19,6 +19,7 @@
* Digest::MD5
* JSON::PP
* Test::More (for running tests only)
+ * Crypt::URandom
* Digest::HMAC_MD5
* GSSAPI (optional; for Kerberos v5 support)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/dist.ini
new/Authen-SASL-2.1900/dist.ini
--- old/Authen-SASL-2.1800/dist.ini 2025-04-25 18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/dist.ini 2025-08-05 15:22:13.000000000 +0200
@@ -1,6 +1,6 @@
name = Authen-SASL
abstract = SASL Authentication framework
-version = 2.1800
+version = 2.1900
author = Graham Barr <[email protected]>
author = Erik Huelsmann <[email protected]>
copyright_holder = Graham Barr <[email protected]>
@@ -8,10 +8,10 @@
license = Perl_5
[MetaResources]
-homepage = https://github.com/gbarr/perl-authen-sasl/
-bugtracker.web = https://github.com/gbarr/perl-authen-sasl/issues
-repository.url = git://github.com/gbarr/perl-authen-sasl.git
-repository.web = https://github.com/gbarr/perl-authen-sasl/
+homepage = https://github.com/perl-authen-sasl/perl-authen-sasl/
+bugtracker.web = https://github.com/perl-authen-sasl/perl-authen-sasl/issues
+repository.url = git://github.com/perl-authen-sasl/perl-authen-sasl.git
+repository.web = https://github.com/perl-authen-sasl/perl-authen-sasl/
repository.type = git
[@Filter]
@@ -19,6 +19,11 @@
-remove = GatherDir
-remove = Readme
+[Deprecated]
+module = Authen::SASL::Perl::DIGEST_MD5
+module = Authen::SASL::Perl::CRAM_MD5
+module = Authen::SASL::CRAM_MD5
+
[Git::GatherDir]
[MetaJSON]
[MetaProvides::Package]
@@ -26,8 +31,8 @@
[Prereqs]
perl = 5.14.0
-Digest::MD5 = 0
Digest::HMAC_MD5 = 0
+Crypt::URandom = 0
[Prereqs / RuntimeRecommends]
GSSAPI = 0
@@ -46,3 +51,4 @@
[PodSyntaxTests]
[PodVersion]
[PkgVersion]
+use_package = 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/CRAM_MD5.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/CRAM_MD5.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/CRAM_MD5.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/CRAM_MD5.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,11 +2,15 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::CRAM_MD5;
-$Authen::SASL::CRAM_MD5::VERSION = '2.1800';
+package Authen::SASL::CRAM_MD5 2.1900;
+
use strict;
use warnings;
+warnings::warnif(
+ 'deprecated',
+ 'The CRAM-MD5 SASL mechanism is effectively deprecated by RFC8314 and
should no longer be used'
+ );
sub new {
shift;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/EXTERNAL.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/EXTERNAL.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/EXTERNAL.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/EXTERNAL.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,8 +2,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::EXTERNAL;
-$Authen::SASL::EXTERNAL::VERSION = '2.1800';
+package Authen::SASL::EXTERNAL 2.1900;
+
use strict;
use warnings;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/ANONYMOUS.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/ANONYMOUS.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/ANONYMOUS.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/ANONYMOUS.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,8 +2,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::ANONYMOUS;
-$Authen::SASL::Perl::ANONYMOUS::VERSION = '2.1800';
+package Authen::SASL::Perl::ANONYMOUS 2.1900;
+
use strict;
use warnings;
use vars qw(@ISA);
@@ -40,7 +40,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/CRAM_MD5.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/CRAM_MD5.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/CRAM_MD5.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/CRAM_MD5.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,14 +2,19 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::CRAM_MD5;
-$Authen::SASL::Perl::CRAM_MD5::VERSION = '2.1800';
+package Authen::SASL::Perl::CRAM_MD5 2.1900;
+
use strict;
use warnings;
use vars qw(@ISA);
use Digest::HMAC_MD5 qw(hmac_md5_hex);
-@ISA = qw(Authen::SASL::Perl);
+warnings::warnif(
+ 'deprecated',
+ 'The CRAM-MD5 SASL mechanism is effectively deprecated by RFC8314 and
should no longer be used'
+ );
+
+@ISA = qw(Authen::SASL::Perl);
my %secflags = (
noplaintext => 1,
@@ -44,11 +49,11 @@
=head1 NAME
-Authen::SASL::Perl::CRAM_MD5 - CRAM MD5 Authentication class
+Authen::SASL::Perl::CRAM_MD5 - (DEPRECATED) CRAM MD5 Authentication class
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
@@ -67,6 +72,11 @@
This method implements the client part of the CRAM-MD5 SASL algorithm,
as described in RFC 2195 resp. in IETF Draft draft-ietf-sasl-crammd5-XX.txt.
+Please note that this mechanism has been moved to the "LIMITED" use section of
+the L<mechanism
registry|https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml>
+and is effectively deprecated per
L<RFC8314|https://www.rfc-editor.org/rfc/rfc8314.html> (see
+section 5; security considerations).
+
=head2 CALLBACK
The callbacks used are:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/DIGEST_MD5.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/DIGEST_MD5.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/DIGEST_MD5.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/DIGEST_MD5.pm 2025-08-05
15:22:13.000000000 +0200
@@ -5,14 +5,20 @@
# See http://www.ietf.org/rfc/rfc2831.txt for details
-package Authen::SASL::Perl::DIGEST_MD5;
-$Authen::SASL::Perl::DIGEST_MD5::VERSION = '2.1800';
+package Authen::SASL::Perl::DIGEST_MD5 2.1900;
+
use strict;
use warnings;
use vars qw(@ISA $CNONCE $NONCE);
+use Crypt::URandom qw(urandom);
use Digest::MD5 qw(md5_hex md5);
use Digest::HMAC_MD5 qw(hmac_md5);
+warnings::warnif(
+ 'deprecated',
+ 'The DIGEST-MD5 SASL mechanism is deprecated by RFC6331 and should no
longer be used'
+ );
+
# TODO: complete qop support in server, should be configurable
@ISA = qw(Authen::SASL::Perl);
@@ -201,7 +207,7 @@
$self->{need_step} = 1;
$self->{error} = undef;
- $self->{nonce} = md5_hex($NONCE || join (":", $$, time, rand));
+ $self->{nonce} = $NONCE ? md5_hex($NONCE) : unpack('H32',urandom(16));
$self->init_sec_layer;
@@ -260,7 +266,7 @@
my %response = (
nonce => $sparams{'nonce'},
- cnonce => md5_hex($CNONCE || join (":", $$, time, rand)),
+ cnonce => $CNONCE ? md5_hex($CNONCE) : unpack('H32',urandom(16)),
'digest-uri' => $self->service . '/' . $self->host,
# calc how often the server nonce has been seen; server expects "00000001"
nc => sprintf("%08d",
++$self->{nonce_counts}{$sparams{'nonce'}}),
@@ -746,11 +752,11 @@
=head1 NAME
-Authen::SASL::Perl::DIGEST_MD5 - Digest MD5 Authentication class
+Authen::SASL::Perl::DIGEST_MD5 - (DEPRECATED) Digest MD5 Authentication class
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
@@ -770,6 +776,10 @@
This method implements the client and server parts of the DIGEST-MD5 SASL
algorithm, as described in RFC 2831.
+Please note that this mechanism has been moved to the "OBSOLETE" section of
+the L<mechanism
registry|https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml>
+as per L<RFC6331|https://www.rfc-editor.org/rfc/rfc6331.html>.
+
=head2 CALLBACK
The callbacks used are:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/EXTERNAL.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/EXTERNAL.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/EXTERNAL.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/EXTERNAL.pm 2025-08-05
15:22:13.000000000 +0200
@@ -3,8 +3,8 @@
# is free software; you can redistribute it and/or modify it under the
# same terms as Perl itself.
-package Authen::SASL::Perl::EXTERNAL;
-$Authen::SASL::Perl::EXTERNAL::VERSION = '2.1800';
+package Authen::SASL::Perl::EXTERNAL 2.1900;
+
use strict;
use warnings;
use vars qw(@ISA);
@@ -45,7 +45,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/GSSAPI.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/GSSAPI.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/GSSAPI.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/GSSAPI.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,8 +2,8 @@
# All rights reserved. This program is free software; you can redistribute
# it and/or modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::GSSAPI;
-$Authen::SASL::Perl::GSSAPI::VERSION = '2.1800';
+package Authen::SASL::Perl::GSSAPI 2.1900;
+
use strict;
use warnings;
@@ -228,7 +228,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/LOGIN.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/LOGIN.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/LOGIN.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/LOGIN.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,8 +2,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::LOGIN;
-$Authen::SASL::Perl::LOGIN::VERSION = '2.1800';
+package Authen::SASL::Perl::LOGIN 2.1900;
+
use strict;
use warnings;
use vars qw(@ISA);
@@ -137,7 +137,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/OAUTHBEARER.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/OAUTHBEARER.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/OAUTHBEARER.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/OAUTHBEARER.pm 2025-08-05
15:22:13.000000000 +0200
@@ -4,8 +4,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::OAUTHBEARER;
-$Authen::SASL::Perl::OAUTHBEARER::VERSION = '2.1800';
+package Authen::SASL::Perl::OAUTHBEARER 2.1900;
+
use strict;
use vars qw(@ISA);
use JSON::PP;
@@ -69,7 +69,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
@@ -118,7 +118,9 @@
=head1 COPYRIGHT
Copyright (c) 2025 Aditya Garg.
+
Copyright (c) 2025 Julian Swagemakers.
+
All rights reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.
=cut
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/PLAIN.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/PLAIN.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/PLAIN.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/PLAIN.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,8 +2,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::PLAIN;
-$Authen::SASL::Perl::PLAIN::VERSION = '2.1800';
+package Authen::SASL::Perl::PLAIN 2.1900;
+
use strict;
use warnings;
use vars qw(@ISA);
@@ -104,7 +104,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/XOAUTH2.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/XOAUTH2.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl/XOAUTH2.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl/XOAUTH2.pm 2025-08-05
15:22:13.000000000 +0200
@@ -4,8 +4,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl::XOAUTH2;
-$Authen::SASL::Perl::XOAUTH2::VERSION = '2.1800';
+package Authen::SASL::Perl::XOAUTH2 2.1900;
+
use strict;
use vars qw(@ISA);
use JSON::PP;
@@ -57,7 +57,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
@@ -106,7 +106,9 @@
=head1 COPYRIGHT
Copyright (c) 2025 Aditya Garg.
+
Copyright (c) 2025 Julian Swagemakers.
+
All rights reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.
=cut
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl.pm
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl.pm 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl.pm 2025-08-05
15:22:13.000000000 +0200
@@ -2,8 +2,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL::Perl;
-$Authen::SASL::Perl::VERSION = '2.1800';
+package Authen::SASL::Perl 2.1900;
+
use strict;
use warnings;
use Carp;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL/Perl.pod
new/Authen-SASL-2.1900/lib/Authen/SASL/Perl.pod
--- old/Authen-SASL-2.1800/lib/Authen/SASL/Perl.pod 2025-04-25
18:09:30.000000000 +0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL/Perl.pod 2025-08-05
15:22:13.000000000 +0200
@@ -1,4 +1,6 @@
-# Copyright (c) 2004 Peter Marschall <[email protected]>. All rights reserved.
+# Copyright (c) 2004-2006 Peter Marschall <[email protected]>.
+# Copyright (c) 2025 Aditya Garg <[email protected]>.
+# All rights reserved.
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
@@ -8,7 +10,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
@@ -100,6 +102,14 @@
Thus this mechanism should not be used without adequate security
protection.
+=item OAUTHBEARER
+
+It is one of the methods for OAuth2.0 based authentication.
+Instead of a password, an OAUTHBEARER string is passed in a
+specific format, described in RFC5801 and RFC7628
+
+It is a newer and more secure method of authentication since it
+relies on tokens that have a limited lifespan.
=item PLAIN
@@ -110,6 +120,18 @@
Like LOGIN it sends the credentials in clear over the network
and should not be used without sufficient security protection.
+=item XOAUTH2
+
+It is one of the methods for OAuth2.0 based authentication.
+It has been developed by Google but is used by other email providers
+like Outlook as well.
+Instead of a password, an XOAUTH2 string is passed in a
+specific format. It is documented by Google on:
+https://developers.google.com/workspace/gmail/imap/xoauth2-protocol
+
+It is a newer and more secure method of authentication since it
+relies on tokens that have a limited lifespan.
+
=back
As for server support, only I<PLAIN>, I<LOGIN> and I<DIGEST-MD5> are supported
@@ -139,18 +161,29 @@
L<Authen::SASL::Perl::EXTERNAL>,
L<Authen::SASL::Perl::GSSAPI>,
L<Authen::SASL::Perl::LOGIN>,
-L<Authen::SASL::Perl::PLAIN>
+L<Authen::SASL::Perl::OAUTHBEARER>,
+L<Authen::SASL::Perl::PLAIN>,
+L<Authen::SASL::Perl::XOAUTH2>
=head1 AUTHOR
Peter Marschall <[email protected]>
+=head1 CONTRIBUTORS
+
+Aditya Garg <[email protected]>
+
+Robert Rothenberg
+
Please report any bugs, or post any suggestions, to the perl-ldap mailing list
<[email protected]>
=head1 COPYRIGHT
Copyright (c) 2004-2006 Peter Marschall.
+
+Copyright (c) 2025 Aditya Garg.
+
All rights reserved. This document is distributed, and may be redistributed,
under the same terms as Perl itself.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL.pm
new/Authen-SASL-2.1900/lib/Authen/SASL.pm
--- old/Authen-SASL-2.1800/lib/Authen/SASL.pm 2025-04-25 18:09:30.000000000
+0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL.pm 2025-08-05 15:22:13.000000000
+0200
@@ -2,8 +2,8 @@
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
-package Authen::SASL;
-$Authen::SASL::VERSION = '2.1800';
+package Authen::SASL 2.1900;
+
use strict;
use warnings;
use vars qw(@Plugins);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Authen-SASL-2.1800/lib/Authen/SASL.pod
new/Authen-SASL-2.1900/lib/Authen/SASL.pod
--- old/Authen-SASL-2.1800/lib/Authen/SASL.pod 2025-04-25 18:09:30.000000000
+0200
+++ new/Authen-SASL-2.1900/lib/Authen/SASL.pod 2025-08-05 15:22:13.000000000
+0200
@@ -4,7 +4,7 @@
=head1 VERSION
-version 2.1800
+version 2.1900
=head1 SYNOPSIS
@@ -202,7 +202,7 @@
There are three different ways in which a callback may be passed
-=over
+=over 4
=item CODEREF
@@ -239,12 +239,12 @@
=head1 BUGS
Please report any bugs, or any suggestions, in the GitHub project at
-L<https://github.com/gbarr/perl-authen-sasl/issues>.
+L<https://github.com/perl-authen-sasl/perl-authen-sasl/issues>.
=head1 COPYRIGHT
- Copyright (c) 2023 Erik Huelsmann
+ Copyright (c) 2023-2025 Erik Huelsmann
Copyright (c) 1998-2005 Graham Barr.
All rights reserved. This program is
++++++ README.md ++++++
## Build Results
Current state of perl in openSUSE:Factory is
The current state of perl in the devel project build (devel:languages:perl)
++++++ _scmsync.obsinfo ++++++
mtime: 1755894506
commit: 2033caf2d6e537b57cbe0d4f115797febf24fb86f7b3824a083e757a8a4a9324
url: https://src.opensuse.org/perl/perl-Authen-SASL.git
revision: 2033caf2d6e537b57cbe0d4f115797febf24fb86f7b3824a083e757a8a4a9324
projectscmsync: https://src.opensuse.org/perl/_ObsPrj
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2025-08-25 09:08:43.000000000 +0200
@@ -0,0 +1 @@
+.osc
