Re: SASL 2.1.27 rc6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Waiting on some last minute GSSAPI testing to be done.

On 01/08/2018 09:48 AM, Jakub Jelen wrote:
I took this snapshot shrough our testing and I did not notice any
significant problem.

Is there anything more needed for this to get released?


On Mon, 2017-12-11 at 08:01 -0500, Ken Murchison wrote:

I have built a sixth (and hopefully last) release candidate of SASL
2.1.27 which can be downloaded from here:



MD5 Sum:
cyrus-sasl-2.1.27-rc6.tar.gz : de083cc2e5c1cc3a1b88f7d85332a3ff
cyrus-sasl-2.1.27-rc6.tar.gz.sig: 868cc9f5feee63ca2bd91279f5ac043b

Note that the distro has been signed by my colleague Partha Susarla

We didn't receive much feedback to Alexey's post on the GSSAPI/LDAP
issue, so hopefully this release candidate will provoke some
leading to a resolution.  As stated previously, we would like to make
final release before Christmas.  If we have some last minute activity
the GSSAPI issue or any other showstoppers, we could push the
back to the end of the year as a last resort.

The (mostly) complete list of changes from 2.1.26 are these:

   * Added support for OpenSSL 1.1
   * Added support for lmdb (from Howard Chu)
   * Lots of build fixes (from Ignacio Casal Quinteiro and others)
   * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when
     client mech
   * DIGEST-MD5 plugin:
       o Fixed memory leaks
       o Fixed a segfault when looking for non-existent reauth cache
       o Prevent client from going from step 3 back to step 2
       o Allow cmusaslsecretDIGEST-MD5 property to be disabled
   * GSSAPI plugin:
       o Added support for retrieving negotiated SSF
       o Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
       o Properly compute maxbufsize AFTER security layers have been
   * SCRAM plugin:
       o Added support for SCRAM-SHA-256
       o Allow SCRAM-* to be used by HTTP
   * LOGIN plugin:
       o Don’t prompt client for password until requested by server
   * NTLM plugin:
       o Fixed crash due to uninitialized HMAC context
   * saslauthd:
       o cache.c:
           + Don’t use cached credentials if timeout has expired
           + Fixed debug logging output
       o ipc_doors.c:
           + Fixed potential DoS attack (from Oracle)
       o ipc_unix.c:
           + Prevent premature closing of socket
       o auth_rimap.c:
           + Added support LOGOUT command
           + Added support for unsolicited CAPABILITY responses in
           + Properly detect end of responses (don’t needlessly wait)
           + Properly handle backslash in passwords
       o auth_httpform:
           + Fix off-by-one error in string termination
           + Added support for 204 success response
       o auth_krb5.c:
           + Added krb5_conv_krb4_instance option
           + Added more verbose error logging

At this point any major changes (e.g. API, wire protocol) will be
out to 2.1.28 or 2.2.0.  I believe that this is close to being a
release which I would like to get out by the end of December.

Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux