SASL 2.1.27

Ignacio Casal ignacio.casal at nice-software.com
Tue Nov 20 16:23:44 EST 2018


Thanks Ken for getting this released. Very much appreciated

El mar., 20 nov. 2018 16:10, Ken Murchison <murch at fastmail.com> escribió:

> All,
>
> I'm pleased to announce the release of the long-awaited SASL 2.1.27 which
> can be downloaded from here:
>
>
> * HTTP:
>
>     https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz
>     https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig
>
> * FTP:
>
>     ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz
>     ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig
>
> md5sum:
>
> a33820c66e0622222c5aefafa1581083  cyrus-sasl-2.1.27.tar.gz
> b295313b9915be32b334f7e88f30dacd  cyrus-sasl-2.1.27.tar.gz.sig
>
>
> The (mostly) complete list of changes from 2.1.26 are these:
>
>    - Added support for OpenSSL 1.1
>    - Added support for lmdb (from Howard Chu)
>    - Lots of build fixes (from Ignacio Casal Quinteiro and others)
>    - Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting
>    client mech
>    - DIGEST-MD5 plugin:
>       - Fixed memory leaks
>       - Fixed a segfault when looking for non-existent reauth cache
>       - Prevent client from going from step 3 back to step 2
>       - Allow cmusaslsecretDIGEST-MD5 property to be disabled
>    - GSSAPI plugin:
>       - Added support for retrieving negotiated SSF
>       - Properly compute maxbufsize AFTER security layers have been set
>    - SCRAM plugin:
>       - Added support for SCRAM-SHA-256
>       - Allow SCRAM-* to be used by HTTP
>       - LOGIN plugin:
>       - Don’t prompt client for password until requested by server
>    - NTLM plugin:
>       - Fixed crash due to uninitialized HMAC context
>    - saslauthd:
>       - cache.c:
>          - Don’t use cached credentials if timeout has expired
>          - Fixed debug logging output
>       - ipc_doors.c:
>          - Fixed potential DoS attack (from Oracle)
>       - ipc_unix.c:
>          - Prevent premature closing of socket
>       - auth_rimap.c:
>          - Added support LOGOUT command
>          - Added support for unsolicited CAPABILITY responses in LOGIN
>          reply
>          - Properly detect end of responses (don’t needlessly wait)
>          - Properly handle backslash in passwords
>       - auth_httpform:
>          - Fix off-by-one error in string termination
>          - Added support for 204 success response
>       - auth_krb5.c:
>          - Added krb5_conv_krb4_instance option
>          - Added more verbose error logging
>
>
>
>
> --
> Ken Murchison
> Cyrus Development Team
> FastMail US LLC
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20181120/0466b5df/attachment.html>


More information about the Cyrus-sasl mailing list