Ken Murchison
2018-11-20 15:00:56 UTC
All,
I'm pleased to announce the release of the long-awaited SASL 2.1.27
which can be downloaded from here:
* HTTP:
https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz
https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig
* FTP:
ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz
ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig
md5sum:
a33820c66e0622222c5aefafa1581083 cyrus-sasl-2.1.27.tar.gz
b295313b9915be32b334f7e88f30dacd cyrus-sasl-2.1.27.tar.gz.sig
The (mostly) complete list of changes from 2.1.26 are these:
* Added support for OpenSSL 1.1
* Added support for lmdb (from Howard Chu)
* Lots of build fixes (from Ignacio Casal Quinteiro and others)
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting
client mech
* DIGEST-MD5 plugin:
o Fixed memory leaks
o Fixed a segfault when looking for non-existent reauth cache
o Prevent client from going from step 3 back to step 2
o Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
o Added support for retrieving negotiated SSF
o Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
o Added support for SCRAM-SHA-256
o Allow SCRAM-* to be used by HTTP
* LOGIN plugin:
o Donât prompt client for password until requested by server
* NTLM plugin:
o Fixed crash due to uninitialized HMAC context
* saslauthd:
o cache.c:
+ Donât use cached credentials if timeout has expired
+ Fixed debug logging output
o ipc_doors.c:
+ Fixed potential DoS attack (from Oracle)
o ipc_unix.c:
+ Prevent premature closing of socket
o auth_rimap.c:
+ Added support LOGOUT command
+ Added support for unsolicited CAPABILITY responses in LOGIN
reply
+ Properly detect end of responses (donât needlessly wait)
+ Properly handle backslash in passwords
o auth_httpform:
+ Fix off-by-one error in string termination
+ Added support for 204 success response
o auth_krb5.c:
+ Added krb5_conv_krb4_instance option
+ Added more verbose error logging
I'm pleased to announce the release of the long-awaited SASL 2.1.27
which can be downloaded from here:
* HTTP:
https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz
https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27.tar.gz.sig
* FTP:
ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz
ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27.tar.gz.sig
md5sum:
a33820c66e0622222c5aefafa1581083 cyrus-sasl-2.1.27.tar.gz
b295313b9915be32b334f7e88f30dacd cyrus-sasl-2.1.27.tar.gz.sig
The (mostly) complete list of changes from 2.1.26 are these:
* Added support for OpenSSL 1.1
* Added support for lmdb (from Howard Chu)
* Lots of build fixes (from Ignacio Casal Quinteiro and others)
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting
client mech
* DIGEST-MD5 plugin:
o Fixed memory leaks
o Fixed a segfault when looking for non-existent reauth cache
o Prevent client from going from step 3 back to step 2
o Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
o Added support for retrieving negotiated SSF
o Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
o Added support for SCRAM-SHA-256
o Allow SCRAM-* to be used by HTTP
* LOGIN plugin:
o Donât prompt client for password until requested by server
* NTLM plugin:
o Fixed crash due to uninitialized HMAC context
* saslauthd:
o cache.c:
+ Donât use cached credentials if timeout has expired
+ Fixed debug logging output
o ipc_doors.c:
+ Fixed potential DoS attack (from Oracle)
o ipc_unix.c:
+ Prevent premature closing of socket
o auth_rimap.c:
+ Added support LOGOUT command
+ Added support for unsolicited CAPABILITY responses in LOGIN
reply
+ Properly detect end of responses (donât needlessly wait)
+ Properly handle backslash in passwords
o auth_httpform:
+ Fix off-by-one error in string termination
+ Added support for 204 success response
o auth_krb5.c:
+ Added krb5_conv_krb4_instance option
+ Added more verbose error logging
--
Ken Murchison
Cyrus Development Team
FastMail US LLC
Ken Murchison
Cyrus Development Team
FastMail US LLC