<div dir="ltr"><div><div><div>Hey Ken,<br><br></div>would be great to get this patch in as well:<br><a href="https://github.com/cyrusimap/cyrus-sasl/pull/503">https://github.com/cyrusimap/cyrus-sasl/pull/503</a><br><br></div>this makes cyrus-sasl to build with visual studio 2017<br><br></div>Cheers<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 6, 2018 at 12:18 AM, Ken Murchison <span dir="ltr"><<a href="mailto:murch@fastmail.com" target="_blank">murch@fastmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>All,</p>
<p>I have built a seventh (and hopefully last) release candidate of
SASL 2.1.27 which can be downloaded from here:</p>
<pre>HTTP:
<a class="m_41110595119689294moz-txt-link-freetext" href="https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz" target="_blank">https://www.cyrusimap.org/<wbr>releases/cyrus-sasl-2.1.27-<wbr>rc7.tar.gz</a>
<a class="m_41110595119689294moz-txt-link-freetext" href="https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig" target="_blank">https://www.cyrusimap.org/<wbr>releases/cyrus-sasl-2.1.27-<wbr>rc7.tar.gz.sig</a>
FTP:
<a class="m_41110595119689294moz-txt-link-freetext" href="ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz" target="_blank">ftp://ftp.cyrusimap.org/cyrus-<wbr>sasl/cyrus-sasl-2.1.27-rc7.<wbr>tar.gz</a>
<a class="m_41110595119689294moz-txt-link-freetext" href="ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz.sig" target="_blank">ftp://ftp.cyrusimap.org/cyrus-<wbr>sasl/cyrus-sasl-2.1.27-rc7.<wbr>tar.gz.sig</a>
</pre>
<br>
The primary reason for this candidate is to test the latest GSSAPI
changes. I'd like to roll out the final release in about a week.
If not done by Feb 14, it will wait until Feb 21 when I return from
vacation.<br>
<p><br>
</p>
<p>The (mostly) complete list of changes from 2.1.26 are these:</p>
<ul class="m_41110595119689294simple">
<li>Added support for OpenSSL 1.1</li>
<li>Added support for lmdb (from Howard Chu)</li>
<li>Lots of build fixes (from Ignacio Casal Quinteiro and others)</li>
<li>Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when
selecting client mech</li>
<li>DIGEST-MD5 plugin:
<ul>
<li>Fixed memory leaks</li>
<li>Fixed a segfault when looking for non-existent reauth
cache</li>
<li>Prevent client from going from step 3 back to step 2</li>
<li>Allow cmusaslsecretDIGEST-MD5 property to be disabled</li>
</ul>
</li>
<li>GSSAPI plugin:
<ul>
<li>Added support for retrieving negotiated SSF</li>
<li>Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF</li>
<li>Properly compute maxbufsize AFTER security layers have
been set</li>
</ul>
</li>
<li>SCRAM plugin:
<ul>
<li>Added support for SCRAM-SHA-256</li>
<li>Allow SCRAM-* to be used by HTTP<br>
</li>
</ul>
</li>
<li>LOGIN plugin:
<ul>
<li>Don’t prompt client for password until requested by server</li>
</ul>
</li>
<li>NTLM plugin:
<ul>
<li>Fixed crash due to uninitialized HMAC context</li>
</ul>
</li>
<li>saslauthd:
<ul>
<li>cache.c:
<ul>
<li>Don’t use cached credentials if timeout has expired</li>
<li>Fixed debug logging output</li>
</ul>
</li>
<li>ipc_doors.c:
<ul>
<li>Fixed potential DoS attack (from Oracle)</li>
</ul>
</li>
<li>ipc_unix.c:
<ul>
<li>Prevent premature closing of socket</li>
</ul>
</li>
<li>auth_rimap.c:
<ul>
<li>Added support LOGOUT command</li>
<li>Added support for unsolicited CAPABILITY responses in
LOGIN reply</li>
<li>Properly detect end of responses (don’t needlessly
wait)</li>
<li>Properly handle backslash in passwords</li>
</ul>
</li>
<li>auth_httpform:
<ul>
<li>Fix off-by-one error in string termination</li>
<li>Added support for 204 success response</li>
</ul>
</li>
<li>auth_krb5.c:
<ul>
<li>Added krb5_conv_krb4_instance option</li>
<li>Added more verbose error logging</li>
</ul>
</li>
</ul>
</li>
</ul>
<p> </p>
<br>
<br>
At this point any major changes (e.g. API, wire protocol) will be
pushed out to 2.1.28 or 2.2.0.<span class="HOEnZb"><font color="#888888"><br>
<br>
<pre class="m_41110595119689294moz-signature" cols="72">--
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd</pre>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Ignacio Casal Quinteiro<br></div></div></div>
</div>