SASL 2.1.27 rc6

Jakub Jelen jjelen at redhat.com
Mon Jan 8 09:48:26 EST 2018


Hello,
I took this snapshot shrough our testing and I did not notice any
significant problem.

Is there anything more needed for this to get released?

Regards,
Jakub

On Mon, 2017-12-11 at 08:01 -0500, Ken Murchison wrote:
> All,
> 
> I have built a sixth (and hopefully last) release candidate of SASL 
> 2.1.27 which can be downloaded from here:
> 
> HTTP:
>   http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz
>   http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz.sig
> 
> FTP:
>   ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc6.tar.gz
>   ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc6.tar.gz.sig
> 
> MD5 Sum:
> cyrus-sasl-2.1.27-rc6.tar.gz : de083cc2e5c1cc3a1b88f7d85332a3ff
> cyrus-sasl-2.1.27-rc6.tar.gz.sig: 868cc9f5feee63ca2bd91279f5ac043b
> 
> 
> Note that the distro has been signed by my colleague Partha Susarla
> at 
> FastMail.
> 
> 
> We didn't receive much feedback to Alexey's post on the GSSAPI/LDAP 
> issue, so hopefully this release candidate will provoke some
> discussion 
> leading to a resolution.  As stated previously, we would like to make
> a 
> final release before Christmas.  If we have some last minute activity
> on 
> the GSSAPI issue or any other showstoppers, we could push the
> release 
> back to the end of the year as a last resort.
> 
> 
> The (mostly) complete list of changes from 2.1.26 are these:
> 
>   * Added support for OpenSSL 1.1
>   * Added support for lmdb (from Howard Chu)
>   * Lots of build fixes (from Ignacio Casal Quinteiro and others)
>   * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when
> selecting
>     client mech
>   * DIGEST-MD5 plugin:
>       o Fixed memory leaks
>       o Fixed a segfault when looking for non-existent reauth cache
>       o Prevent client from going from step 3 back to step 2
>       o Allow cmusaslsecretDIGEST-MD5 property to be disabled
>   * GSSAPI plugin:
>       o Added support for retrieving negotiated SSF
>       o Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
>       o Properly compute maxbufsize AFTER security layers have been
> set
>   * SCRAM plugin:
>       o Added support for SCRAM-SHA-256
>       o Allow SCRAM-* to be used by HTTP
>   * LOGIN plugin:
>       o Don’t prompt client for password until requested by server
>   * NTLM plugin:
>       o Fixed crash due to uninitialized HMAC context
>   * saslauthd:
>       o cache.c:
>           + Don’t use cached credentials if timeout has expired
>           + Fixed debug logging output
>       o ipc_doors.c:
>           + Fixed potential DoS attack (from Oracle)
>       o ipc_unix.c:
>           + Prevent premature closing of socket
>       o auth_rimap.c:
>           + Added support LOGOUT command
>           + Added support for unsolicited CAPABILITY responses in
> LOGIN
>             reply
>           + Properly detect end of responses (don’t needlessly wait)
>           + Properly handle backslash in passwords
>       o auth_httpform:
>           + Fix off-by-one error in string termination
>           + Added support for 204 success response
>       o auth_krb5.c:
>           + Added krb5_conv_krb4_instance option
>           + Added more verbose error logging
> 
> 
> 
> At this point any major changes (e.g. API, wire protocol) will be
> pushed 
> out to 2.1.28 or 2.2.0.  I believe that this is close to being a
> final 
> release which I would like to get out by the end of December.
> 
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.


More information about the Cyrus-sasl mailing list