Re: SASL 2.1.27
Thanks Sergey, these have been corrected and should update automatically in the next 15 minutes or so :) On Sun, Nov 25, 2018, at 11:14 PM, Sergey wrote: > On Tuesday 20 November 2018, Ken Murchison wrote: > > > I'm pleased to announce the release of the long-awaited SASL 2.1.27 > > which can be downloaded from here: > > Thanks. But I have one question and one note. > > https://github.com/cyrusimap/cyrus-sasl is not updated as I see, > or the source tree have not release tag. Is it planned? > > https://www.cyrusimap.org/sasl/ contains the string "The latest > stable version of Cyrus SASL is 2.1.26". > > -- > Regards, > Sergey > > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: SASL 2.1.27
On Tuesday 20 November 2018, Ken Murchison wrote: > I'm pleased to announce the release of the long-awaited SASL 2.1.27 > which can be downloaded from here: Thanks. But I have one question and one note. https://github.com/cyrusimap/cyrus-sasl is not updated as I see, or the source tree have not release tag. Is it planned? https://www.cyrusimap.org/sasl/ contains the string "The latest stable version of Cyrus SASL is 2.1.26". -- Regards, Sergey Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: SASL 2.1.27 rc6
Ken, I'll try to lab up my original test case (for bug 3480) tomorrow evening. On 12/20/17 11:00 -0500, Ken Murchison wrote: We haven't had much, if any, feedback on this release candidate. Do the GSSAPI/LDAP folks have any further comments on https://github.com/cyrusimap/cyrus-sasl/issues/419 I'd really like to make a final release by Christmas as promised, but I also don't want to make a release that folks will have to patch immediately. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: SASL 2.1.27 rc6
We haven't had much, if any, feedback on this release candidate. Do the GSSAPI/LDAP folks have any further comments on https://github.com/cyrusimap/cyrus-sasl/issues/419 I'd really like to make a final release by Christmas as promised, but I also don't want to make a release that folks will have to patch immediately. On 12/11/2017 08:01 AM, Ken Murchison wrote: All, I have built a sixth (and hopefully last) release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc6.tar.gz.sig FTP: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc6.tar.gz ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc6.tar.gz.sig MD5 Sum: cyrus-sasl-2.1.27-rc6.tar.gz : de083cc2e5c1cc3a1b88f7d85332a3ff cyrus-sasl-2.1.27-rc6.tar.gz.sig: 868cc9f5feee63ca2bd91279f5ac043b Note that the distro has been signed by my colleague Partha Susarla at FastMail. We didn't receive much feedback to Alexey's post on the GSSAPI/LDAP issue, so hopefully this release candidate will provoke some discussion leading to a resolution. As stated previously, we would like to make a final release before Christmas. If we have some last minute activity on the GSSAPI issue or any other showstoppers, we could push the release back to the end of the year as a last resort. The (mostly) complete list of changes from 2.1.26 are these: * Added support for OpenSSL 1.1 * Added support for lmdb (from Howard Chu) * Lots of build fixes (from Ignacio Casal Quinteiro and others) * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech * DIGEST-MD5 plugin: o Fixed memory leaks o Fixed a segfault when looking for non-existent reauth cache o Prevent client from going from step 3 back to step 2 o Allow cmusaslsecretDIGEST-MD5 property to be disabled * GSSAPI plugin: o Added support for retrieving negotiated SSF o Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF o Properly compute maxbufsize AFTER security layers have been set * SCRAM plugin: o Added support for SCRAM-SHA-256 o Allow SCRAM-* to be used by HTTP * LOGIN plugin: o Don’t prompt client for password until requested by server * NTLM plugin: o Fixed crash due to uninitialized HMAC context * saslauthd: o cache.c: + Don’t use cached credentials if timeout has expired + Fixed debug logging output o ipc_doors.c: + Fixed potential DoS attack (from Oracle) o ipc_unix.c: + Prevent premature closing of socket o auth_rimap.c: + Added support LOGOUT command + Added support for unsolicited CAPABILITY responses in LOGIN reply + Properly detect end of responses (don’t needlessly wait) + Properly handle backslash in passwords o auth_httpform: + Fix off-by-one error in string termination + Added support for 204 success response o auth_krb5.c: + Added krb5_conv_krb4_instance option + Added more verbose error logging At this point any major changes (e.g. API, wire protocol) will be pushed out to 2.1.28 or 2.2.0. I believe that this is close to being a final release which I would like to get out by the end of December. -- Kenneth Murchison Cyrus Development Team FastMail Pty Ltd -- Kenneth Murchison Cyrus Development Team FastMail Pty Ltd Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
RE: SASL 2.1.27 rc5
Please unsubscribe this email.Thank you. Sent from my Verizon Wireless 4G LTE smartphone Original message From: Ken MurchisonDate: 10/10/2017 4:59 AM (GMT-08:00) To: cyrus-s...@lists.andrew.cmu.edu, cyrus-annou...@lists.andrew.cmu.edu, info-cy...@andrew.cmu.edu, "cyrus-de...@lists.andrew.cmu.edu cyrus-devel" Subject: SASL 2.1.27 rc5 All, I have built a fourth release candidate of SASL 2.1.27 which can be downloaded from here: HTTP: http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc5.tar.gz [MD5: 0e4ab034e93933ae7e4891b6ff58694f] http://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc5.tar.gz.sig [MD5: 5ebb22737aa11810f6c9e5d12b167f16] FTP: ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc5.tar.gz [MD5: 0e4ab034e93933ae7e4891b6ff58694f] ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc5.tar.gz.sig [MD5: 5ebb22737aa11810f6c9e5d12b167f16] Note that the distro has been signed by my colleague Partha Susarla at FastMail. The only major change since RC4 has to do with detection of PAM support. Those using PAM with saslauthd are encouraged to make sure that this release compiles and runs as expected. The (mostly) complete list of changes from 2.1.26 are these: Added support for OpenSSL 1.1 Added support for lmdb (from Howard Chu) Lots of build fixes (from Ignacio Casal Quinteiro and others) Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set SCRAM plugin: Added support for SCRAM-SHA-256 LOGIN plugin: Don’t prompt client for password until requested by server NTLM plugin: Fixed crash due to uninitialized HMAC context saslauthd: cache.c: Don’t use cached credentials if timeout has expired Fixed debug logging output ipc_doors.c: Fixed potential DoS attack (from Oracle) ipc_unix.c: Prevent premature closing of socket auth_rimap.c: Added support LOGOUT command Added support for unsolicited CAPABILITY responses in LOGIN reply Properly detect end of responses (don’t needlessly wait) Properly handle backslash in passwords auth_httpform: Fix off-by-one error in string termination Added support for 204 success response auth_krb5.c: Added krb5_conv_krb4_instance option Added more verbose error logging At this point any major changes (e.g. API, wire protocol) will be pushed out to 2.1.28 or 2.2.0. I believe that this is close to being a final release which I would like to get out by the end of September. The biggest outstanding issues are those around recent GSSAPI changes. I'm inclined to defer to Alexey's judgement on these unless someone can convince us that the SASL code is wrong per the specs. The fact that it broke a particular piece of code doesn't necessarily mean that the application code is correct and the SASL change was wrong. If there are any other last minute show stoppers, please open an issue on GitHub (preferably with a patch), or better yet create a pull request. -- Kenneth Murchison Cyrus Development Team FastMail Pty Ltd Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: SASL 2.1.27 rc4
Thanks Jakub! On 09/12/2017 11:22 AM, Jakub Jelen wrote: On Mon, 2017-09-11 at 09:58 -0400, Ken Murchison wrote: All, I have built a fourth release candidate of SASL 2.1.27 which can be downloaded from here: https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc4.tar.gz https://www.cyrusimap.org/releases/cyrus-sasl-2.1.27-rc4.tar.gz.sig ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc4.tar.gz ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.27-rc4.tar.gz.sig Note that the distro has been signed by my colleague Partha Susarla at FastMail. I tested the package in Fedora and it looks good. General use cases work as expected, no new regressions noted. Regards, -- Kenneth Murchison Cyrus Development Team FastMail Pty Ltd Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus