SASL 2.1.27 rc6
Ken Murchison
murch at fastmail.com
Wed Dec 20 11:00:35 EST 2017
We haven't had much, if any, feedback on this release candidate.
Do the GSSAPI/LDAP folks have any further comments on
https://github.com/cyrusimap/cyrus-sasl/issues/419
I'd really like to make a final release by Christmas as promised, but I
also don't want to make a release that folks will have to patch immediately.
On 12/11/2017 08:01 AM, Ken Murchison wrote:
>
> All,
>
> I have built a sixth (and hopefully last) release candidate of SASL
> 2.1.27 which can be downloaded from here:
>
> HTTP:
> http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz
> http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz.sig
>
> FTP:
> ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc6.tar.gz
> ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc6.tar.gz.sig
>
> MD5 Sum:
> cyrus-sasl-2.1.27-rc6.tar.gz : de083cc2e5c1cc3a1b88f7d85332a3ff
> cyrus-sasl-2.1.27-rc6.tar.gz.sig: 868cc9f5feee63ca2bd91279f5ac043b
>
> Note that the distro has been signed by my colleague Partha Susarla at
> FastMail.
>
>
> We didn't receive much feedback to Alexey's post on the GSSAPI/LDAP
> issue, so hopefully this release candidate will provoke some
> discussion leading to a resolution. As stated previously, we would
> like to make a final release before Christmas. If we have some last
> minute activity on the GSSAPI issue or any other showstoppers, we
> could push the release back to the end of the year as a last resort.
>
>
> The (mostly) complete list of changes from 2.1.26 are these:
>
> * Added support for OpenSSL 1.1
> * Added support for lmdb (from Howard Chu)
> * Lots of build fixes (from Ignacio Casal Quinteiro and others)
> * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when
> selecting client mech
> * DIGEST-MD5 plugin:
> o Fixed memory leaks
> o Fixed a segfault when looking for non-existent reauth cache
> o Prevent client from going from step 3 back to step 2
> o Allow cmusaslsecretDIGEST-MD5 property to be disabled
> * GSSAPI plugin:
> o Added support for retrieving negotiated SSF
> o Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
> o Properly compute maxbufsize AFTER security layers have been set
> * SCRAM plugin:
> o Added support for SCRAM-SHA-256
> o Allow SCRAM-* to be used by HTTP
> * LOGIN plugin:
> o Don’t prompt client for password until requested by server
> * NTLM plugin:
> o Fixed crash due to uninitialized HMAC context
> * saslauthd:
> o cache.c:
> + Don’t use cached credentials if timeout has expired
> + Fixed debug logging output
> o ipc_doors.c:
> + Fixed potential DoS attack (from Oracle)
> o ipc_unix.c:
> + Prevent premature closing of socket
> o auth_rimap.c:
> + Added support LOGOUT command
> + Added support for unsolicited CAPABILITY responses in
> LOGIN reply
> + Properly detect end of responses (don’t needlessly wait)
> + Properly handle backslash in passwords
> o auth_httpform:
> + Fix off-by-one error in string termination
> + Added support for 204 success response
> o auth_krb5.c:
> + Added krb5_conv_krb4_instance option
> + Added more verbose error logging
>
>
>
> At this point any major changes (e.g. API, wire protocol) will be
> pushed out to 2.1.28 or 2.2.0. I believe that this is close to being
> a final release which I would like to get out by the end of December.
>
> --
> Kenneth Murchison
> Cyrus Development Team
> FastMail Pty Ltd
--
Kenneth Murchison
Cyrus Development Team
FastMail Pty Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20171220/e156dbe6/attachment.html>
More information about the Info-cyrus
mailing list