Hey Ken, would be great to get this patch in as well: https://github.com/cyrusimap/cyrus-sasl/pull/503
this makes cyrus-sasl to build with visual studio 2017 Cheers On Tue, Feb 6, 2018 at 12:18 AM, Ken Murchison <mu...@fastmail.com> wrote: > All, > > I have built a seventh (and hopefully last) release candidate of SASL > 2.1.27 which can be downloaded from here: > > HTTP: > https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz > https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc7.tar.gz.sig > > FTP: > ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz > ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc7.tar.gz.sig > > > The primary reason for this candidate is to test the latest GSSAPI > changes. I'd like to roll out the final release in about a week. If not > done by Feb 14, it will wait until Feb 21 when I return from vacation. > > > The (mostly) complete list of changes from 2.1.26 are these: > > - Added support for OpenSSL 1.1 > - Added support for lmdb (from Howard Chu) > - Lots of build fixes (from Ignacio Casal Quinteiro and others) > - Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting > client mech > - DIGEST-MD5 plugin: > - Fixed memory leaks > - Fixed a segfault when looking for non-existent reauth cache > - Prevent client from going from step 3 back to step 2 > - Allow cmusaslsecretDIGEST-MD5 property to be disabled > - GSSAPI plugin: > - Added support for retrieving negotiated SSF > - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF > - Properly compute maxbufsize AFTER security layers have been set > - SCRAM plugin: > - Added support for SCRAM-SHA-256 > - Allow SCRAM-* to be used by HTTP > - LOGIN plugin: > - Don’t prompt client for password until requested by server > - NTLM plugin: > - Fixed crash due to uninitialized HMAC context > - saslauthd: > - cache.c: > - Don’t use cached credentials if timeout has expired > - Fixed debug logging output > - ipc_doors.c: > - Fixed potential DoS attack (from Oracle) > - ipc_unix.c: > - Prevent premature closing of socket > - auth_rimap.c: > - Added support LOGOUT command > - Added support for unsolicited CAPABILITY responses in LOGIN > reply > - Properly detect end of responses (don’t needlessly wait) > - Properly handle backslash in passwords > - auth_httpform: > - Fix off-by-one error in string termination > - Added support for 204 success response > - auth_krb5.c: > - Added krb5_conv_krb4_instance option > - Added more verbose error logging > > > > At this point any major changes (e.g. API, wire protocol) will be pushed > out to 2.1.28 or 2.2.0. > > -- > Kenneth Murchison > Cyrus Development Team > FastMail Pty Ltd > > -- Ignacio Casal Quinteiro
