SASL 2.1.27 rc7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



All,

I have built a seventh (and hopefully last) release candidate of SASL 2.1.27 which can be downloaded from here:

HTTP:
 https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz
 https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig

FTP:
 ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz
 ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz.sig


The primary reason for this candidate is to test the latest GSSAPI changes.  I'd like to roll out the final release in about a week.  If not done by Feb 14, it will wait until Feb 21 when I return from vacation.


The (mostly) complete list of changes from 2.1.26 are these:

  • Added support for OpenSSL 1.1
  • Added support for lmdb (from Howard Chu)
  • Lots of build fixes (from Ignacio Casal Quinteiro and others)
  • Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
  • DIGEST-MD5 plugin:
    • Fixed memory leaks
    • Fixed a segfault when looking for non-existent reauth cache
    • Prevent client from going from step 3 back to step 2
    • Allow cmusaslsecretDIGEST-MD5 property to be disabled
  • GSSAPI plugin:
    • Added support for retrieving negotiated SSF
    • Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
    • Properly compute maxbufsize AFTER security layers have been set
  • SCRAM plugin:
    • Added support for SCRAM-SHA-256
    • Allow SCRAM-* to be used by HTTP
  • LOGIN plugin:
    • Don’t prompt client for password until requested by server
  • NTLM plugin:
    • Fixed crash due to uninitialized HMAC context
  • saslauthd:
    • cache.c:
      • Don’t use cached credentials if timeout has expired
      • Fixed debug logging output
    • ipc_doors.c:
      • Fixed potential DoS attack (from Oracle)
    • ipc_unix.c:
      • Prevent premature closing of socket
    • auth_rimap.c:
      • Added support LOGOUT command
      • Added support for unsolicited CAPABILITY responses in LOGIN reply
      • Properly detect end of responses (don’t needlessly wait)
      • Properly handle backslash in passwords
    • auth_httpform:
      • Fix off-by-one error in string termination
      • Added support for 204 success response
    • auth_krb5.c:
      • Added krb5_conv_krb4_instance option
      • Added more verbose error logging



At this point any major changes (e.g. API, wire protocol) will be pushed out to 2.1.28 or 2.2.0.

-- 
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux