Date: Tue, 4 Mar 2003 23:53:13 +0300 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Subject: popa3d 0.6.1, JtR 1.6.33, FOSDEM, new web pages Hi, This is a combined announcement for several new Openwall releases, other relevant news items, and web site updates. New stable versions of the POP3 server, popa3d versions 0.6 and 0.6.1, have been released. Changes since the last stable release (0.5.1) are limited to bug, correctness, and interoperability fixes (this includes a workaround for an Outlook Express client bug which would show up on body-less messages). popa3d 0.6.1 also adds version identification (popa3d -V), which many have asked for. Additional popa3d patches have been contributed shortly before these new releases. They're currently against popa3d versions 0.5.9 and 0.5.1, but should easily apply to 0.6.1 release as well. I've re-organized the list of contributed popa3d resources, dropping references to obsolete packages and separating the rest into three categories. The recently added patches are for Maildir support (by Hallgrimur H. Gunnarsson and Cory Visi) and IPv6 support with popa3d's standalone mode (by Jun-ichiro itojun Hagino). The homepage for popa3d is: http://www.openwall.com/popa3d/ There's a new development version of John the Ripper available, 1.6.33. This adds a Solaris/SPARC64 make target which achieves the expected 90% speedup at DES. This requires a recent version of Solaris, a 64-bit kernel, and a very recent version of gcc, such as the gcc 3.2.2 package off sunfreeware). This version also fixes two issues with the "unique" utility, one was a bug in "unique" itself affecting big-endian systems (that's essentially all systems except x86, Alpha, and VAX) and the other is a bug in the Solaris stdio code for which I've included a workaround. I'd like to thank Corey Becker for reporting and helping me reproduce these. The new version can be downloaded from the usual location: http://www.openwall.com/john/ Of course, the publicly-available Owl-current snapshot already includes popa3d 0.6.1 and John 1.6.33. For those who don't know yet, I made a talk on Openwall GNU/*/Linux (Owl) at FOSDEM, the third Free and Open source Software Developers' European Meeting, which occurred on February 8-9, in Brussels, Belgium. The updated version of our presentation slides on Owl as used at FOSDEM is now available on the Openwall web site: http://www.openwall.com/presentations/Owl/ There's also the interview I gave to FOSDEM organizers shortly before the event: http://www.fosdem.org/index/interviews/interviews_designer The questions (and answers) cover topics such as the history of John the Ripper and indeed Owl. Finally, I've created a number of additional web pages. We're now exporting a few pieces of software originally developed as a part of Owl for use on or by other distributions. The PAM modules developed for Owl are now available at: http://www.openwall.com/pam/ Besides pam_passwdqc, the proactive password strength checker which already had a web page, this includes pam_userpass, pam_mktemp, and pam_tcb. pam_userpass solves the flawed assumption non-interactive services such as FTP and POP3 servers previously had to make in order to provide a username and password pair to a PAM module stack. pam_mktemp provides per-user private temporary file directories. And pam_tcb supersedes pam_unix (pam_pwdb) and is a part of our tcb suite implementing the alternative password shadowing scheme, which in turn is now available for use with other distributions: http://www.openwall.com/tcb/ The tcb scheme allows many core system utilities (passwd(1) being the primary example) to operate with little privilege (not SUID root). Note that pam_tcb may be useful for you even if you don't intend to switch to the tcb scheme. It is fully backwards compatible with Linux-PAM pam_unix, but offers many improvements and cleaner code. The tcb suite has been designed and implemented primarily by Rafal Wojtczuk with significant contributions by me and Dmitry V. Levin. Finally, some of you may have noticed that I've added a number of pointers to password recovery resources, primarily for popular Windows-based file formats. It is due to the popularity of John the Ripper that I was getting a significant number of web site visitors looking for just this kind of thing rather than our Unix security software. As a number of such password recovery products are shareware or purely commercial and good affiliate commissions are paid, this actually helps the project financially. And you could help, too, by simply placing a link off your web site. This may be a regular or an affiliate link. The latter will send any sales commissions to you, helping the project in an indirect way only (which is still greatly appreciated!) The URLs to check are: Password recovery resources within the main Openwall site: http://www.openwall.com/PR/ Password recovery resources on their own: http://PR.openwall.net (you decide which better fits your site). Information on the PR.openwall.net affiliate program (which lets you keep the sales commissions to yourself if you're into it for profit): http://PR.openwall.net/affiliates.shtml Of course, other web links will be appreciated as well. If you have an Owl-based web server, you may state so and link to the Owl homepage ("Powered by Openwall GNU/*/Linux"), etc. If you prefer graphical buttons for such links, some are available at: ftp://ftp.ru.openwall.com/pub/Owl/artwork/ (as well as on other mirrors). Only a few are available currently, but more are to be added and any contributions are welcome. An Owl artwork web page with proper credits is planned. -- /sd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.