<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>All,</p>
<p>I have built a seventh (and hopefully last) release candidate of
SASL 2.1.27 which can be downloaded from here:</p>
<pre wrap="">HTTP:
<a class="moz-txt-link-freetext" href="https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz">https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz</a>
<a class="moz-txt-link-freetext" href="https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig">https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig</a>
FTP:
<a class="moz-txt-link-freetext" href="ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz">ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz</a>
<a class="moz-txt-link-freetext" href="ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz.sig">ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz.sig</a>
</pre>
<br>
The primary reason for this candidate is to test the latest GSSAPI
changes. I'd like to roll out the final release in about a week.
If not done by Feb 14, it will wait until Feb 21 when I return from
vacation.<br>
<p><br>
</p>
<p>The (mostly) complete list of changes from 2.1.26 are these:</p>
<ul class="simple">
<li>Added support for OpenSSL 1.1</li>
<li>Added support for lmdb (from Howard Chu)</li>
<li>Lots of build fixes (from Ignacio Casal Quinteiro and others)</li>
<li>Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when
selecting client mech</li>
<li>DIGEST-MD5 plugin:
<ul>
<li>Fixed memory leaks</li>
<li>Fixed a segfault when looking for non-existent reauth
cache</li>
<li>Prevent client from going from step 3 back to step 2</li>
<li>Allow cmusaslsecretDIGEST-MD5 property to be disabled</li>
</ul>
</li>
<li>GSSAPI plugin:
<ul>
<li>Added support for retrieving negotiated SSF</li>
<li>Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF</li>
<li>Properly compute maxbufsize AFTER security layers have
been set</li>
</ul>
</li>
<li>SCRAM plugin:
<ul>
<li>Added support for SCRAM-SHA-256</li>
<li>Allow SCRAM-* to be used by HTTP<br>
</li>
</ul>
</li>
<li>LOGIN plugin:
<ul>
<li>Don’t prompt client for password until requested by server</li>
</ul>
</li>
<li>NTLM plugin:
<ul>
<li>Fixed crash due to uninitialized HMAC context</li>
</ul>
</li>
<li>saslauthd:
<ul>
<li>cache.c:
<ul>
<li>Don’t use cached credentials if timeout has expired</li>
<li>Fixed debug logging output</li>
</ul>
</li>
<li>ipc_doors.c:
<ul>
<li>Fixed potential DoS attack (from Oracle)</li>
</ul>
</li>
<li>ipc_unix.c:
<ul>
<li>Prevent premature closing of socket</li>
</ul>
</li>
<li>auth_rimap.c:
<ul>
<li>Added support LOGOUT command</li>
<li>Added support for unsolicited CAPABILITY responses in
LOGIN reply</li>
<li>Properly detect end of responses (don’t needlessly
wait)</li>
<li>Properly handle backslash in passwords</li>
</ul>
</li>
<li>auth_httpform:
<ul>
<li>Fix off-by-one error in string termination</li>
<li>Added support for 204 success response</li>
</ul>
</li>
<li>auth_krb5.c:
<ul>
<li>Added krb5_conv_krb4_instance option</li>
<li>Added more verbose error logging</li>
</ul>
</li>
</ul>
</li>
</ul>
<p> </p>
<br>
<br>
At this point any major changes (e.g. API, wire protocol) will be
pushed out to 2.1.28 or 2.2.0.<br>
<br>
<pre class="moz-signature" cols="72">--
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd</pre>
</body>
</html>