SASL 2.1.27 rc7
Ignacio Casal
ignacio.casal at nice-software.com
Tue Feb 6 04:01:51 EST 2018
Hey Ken,
would be great to get this patch in as well:
https://github.com/cyrusimap/cyrus-sasl/pull/503
this makes cyrus-sasl to build with visual studio 2017
Cheers
On Tue, Feb 6, 2018 at 12:18 AM, Ken Murchison <murch at fastmail.com> wrote:
> All,
>
> I have built a seventh (and hopefully last) release candidate of SASL
> 2.1.27 which can be downloaded from here:
>
> HTTP:
> https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz
> https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig
>
> FTP:
> ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz
> ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz.sig
>
>
> The primary reason for this candidate is to test the latest GSSAPI
> changes. I'd like to roll out the final release in about a week. If not
> done by Feb 14, it will wait until Feb 21 when I return from vacation.
>
>
> The (mostly) complete list of changes from 2.1.26 are these:
>
> - Added support for OpenSSL 1.1
> - Added support for lmdb (from Howard Chu)
> - Lots of build fixes (from Ignacio Casal Quinteiro and others)
> - Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting
> client mech
> - DIGEST-MD5 plugin:
> - Fixed memory leaks
> - Fixed a segfault when looking for non-existent reauth cache
> - Prevent client from going from step 3 back to step 2
> - Allow cmusaslsecretDIGEST-MD5 property to be disabled
> - GSSAPI plugin:
> - Added support for retrieving negotiated SSF
> - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
> - Properly compute maxbufsize AFTER security layers have been set
> - SCRAM plugin:
> - Added support for SCRAM-SHA-256
> - Allow SCRAM-* to be used by HTTP
> - LOGIN plugin:
> - Don’t prompt client for password until requested by server
> - NTLM plugin:
> - Fixed crash due to uninitialized HMAC context
> - saslauthd:
> - cache.c:
> - Don’t use cached credentials if timeout has expired
> - Fixed debug logging output
> - ipc_doors.c:
> - Fixed potential DoS attack (from Oracle)
> - ipc_unix.c:
> - Prevent premature closing of socket
> - auth_rimap.c:
> - Added support LOGOUT command
> - Added support for unsolicited CAPABILITY responses in LOGIN
> reply
> - Properly detect end of responses (don’t needlessly wait)
> - Properly handle backslash in passwords
> - auth_httpform:
> - Fix off-by-one error in string termination
> - Added support for 204 success response
> - auth_krb5.c:
> - Added krb5_conv_krb4_instance option
> - Added more verbose error logging
>
>
>
> At this point any major changes (e.g. API, wire protocol) will be pushed
> out to 2.1.28 or 2.2.0.
>
> --
> Kenneth Murchison
> Cyrus Development Team
> FastMail Pty Ltd
>
>
--
Ignacio Casal Quinteiro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180206/dd4612ab/attachment.html>
More information about the Cyrus-sasl
mailing list