SASL 2.1.27

Ken Murchison murch at fastmail.com
Tue Nov 20 10:00:56 EST 2018


All,

I'm pleased to announce the release of the long-awaited SASL 2.1.27 
which can be downloaded from here:

* HTTP:

     https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz
     https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig

* FTP:

     ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz
     ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig

md5sum:

a33820c66e0622222c5aefafa1581083  cyrus-sasl-2.1.27.tar.gz
b295313b9915be32b334f7e88f30dacd  cyrus-sasl-2.1.27.tar.gz.sig


The (mostly) complete list of changes from 2.1.26 are these:

  * Added support for OpenSSL 1.1
  * Added support for lmdb (from Howard Chu)
  * Lots of build fixes (from Ignacio Casal Quinteiro and others)
  * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting
    client mech
  * DIGEST-MD5 plugin:
      o Fixed memory leaks
      o Fixed a segfault when looking for non-existent reauth cache
      o Prevent client from going from step 3 back to step 2
      o Allow cmusaslsecretDIGEST-MD5 property to be disabled
  * GSSAPI plugin:
      o Added support for retrieving negotiated SSF
      o Properly compute maxbufsize AFTER security layers have been set
  * SCRAM plugin:
      o Added support for SCRAM-SHA-256
      o Allow SCRAM-* to be used by HTTP
  * LOGIN plugin:
      o Don’t prompt client for password until requested by server
  * NTLM plugin:
      o Fixed crash due to uninitialized HMAC context
  * saslauthd:
      o cache.c:
          + Don’t use cached credentials if timeout has expired
          + Fixed debug logging output
      o ipc_doors.c:
          + Fixed potential DoS attack (from Oracle)
      o ipc_unix.c:
          + Prevent premature closing of socket
      o auth_rimap.c:
          + Added support LOGOUT command
          + Added support for unsolicited CAPABILITY responses in LOGIN
            reply
          + Properly detect end of responses (don’t needlessly wait)
          + Properly handle backslash in passwords
      o auth_httpform:
          + Fix off-by-one error in string termination
          + Added support for 204 success response
      o auth_krb5.c:
          + Added krb5_conv_krb4_instance option
          + Added more verbose error logging




-- 
Ken Murchison
Cyrus Development Team
FastMail US LLC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20181120/245296b9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: murch.vcf
Type: text/x-vcard
Size: 4 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20181120/245296b9/attachment.vcf>


More information about the Cyrus-sasl mailing list