<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>All,</p>
<p>I'm pleased to announce the release of the long-awaited SASL
2.1.27 which can be downloaded from here:<br>
</p>
<pre class="moz-quote-pre" wrap="">
* HTTP:
<a class="moz-txt-link-freetext" href="https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz">https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz</a>
<a class="moz-txt-link-freetext" href="https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig">https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig</a>
* FTP:
<a class="moz-txt-link-freetext" href="ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz">ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz</a>
<a class="moz-txt-link-freetext" href="ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig">ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig</a>
md5sum:
a33820c66e0622222c5aefafa1581083 cyrus-sasl-2.1.27.tar.gz
b295313b9915be32b334f7e88f30dacd cyrus-sasl-2.1.27.tar.gz.sig
</pre>
<br>
<p>The (mostly) complete list of changes from 2.1.26 are these:</p>
<ul class="simple">
<li>Added support for OpenSSL 1.1</li>
<li>Added support for lmdb (from Howard Chu)</li>
<li>Lots of build fixes (from Ignacio Casal Quinteiro and others)</li>
<li>Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when
selecting client mech</li>
<li>DIGEST-MD5 plugin:
<ul>
<li>Fixed memory leaks</li>
<li>Fixed a segfault when looking for non-existent reauth
cache</li>
<li>Prevent client from going from step 3 back to step 2</li>
<li>Allow cmusaslsecretDIGEST-MD5 property to be disabled</li>
</ul>
</li>
<li>GSSAPI plugin:
<ul>
<li>Added support for retrieving negotiated SSF</li>
<li>Properly compute maxbufsize AFTER security layers have
been set</li>
</ul>
</li>
<li>SCRAM plugin:
<ul>
<li>Added support for SCRAM-SHA-256</li>
<li>Allow SCRAM-* to be used by HTTP<br>
</li>
</ul>
</li>
<li>LOGIN plugin:
<ul>
<li>Don’t prompt client for password until requested by server</li>
</ul>
</li>
<li>NTLM plugin:
<ul>
<li>Fixed crash due to uninitialized HMAC context</li>
</ul>
</li>
<li>saslauthd:
<ul>
<li>cache.c:
<ul>
<li>Don’t use cached credentials if timeout has expired</li>
<li>Fixed debug logging output</li>
</ul>
</li>
<li>ipc_doors.c:
<ul>
<li>Fixed potential DoS attack (from Oracle)</li>
</ul>
</li>
<li>ipc_unix.c:
<ul>
<li>Prevent premature closing of socket</li>
</ul>
</li>
<li>auth_rimap.c:
<ul>
<li>Added support LOGOUT command</li>
<li>Added support for unsolicited CAPABILITY responses in
LOGIN reply</li>
<li>Properly detect end of responses (don’t needlessly
wait)</li>
<li>Properly handle backslash in passwords</li>
</ul>
</li>
<li>auth_httpform:
<ul>
<li>Fix off-by-one error in string termination</li>
<li>Added support for 204 success response</li>
</ul>
</li>
<li>auth_krb5.c:
<ul>
<li>Added krb5_conv_krb4_instance option</li>
<li>Added more verbose error logging</li>
</ul>
</li>
</ul>
</li>
</ul>
<p> </p>
<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Ken Murchison
Cyrus Development Team
FastMail US LLC</pre>
</body>
</html>