./security/cyrus-saslauthd, Cyrus SASL plaintext authentication daemon

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.26nb3, Package name: cyrus-saslauthd-2.1.26nb3, Maintainer: obache

saslauthd is a daemon process that handles plaintext authentication
requests on behalf of the Cyrus SASL library.

DEINSTALL [+/-]

Master sites: (Expand)

SHA1: d6669fb91434192529bd13ee95737a8a5040241c
RMD160: 861a06d663cf3da37a198d0f971d99b249b5f4b8
Filesize: 5097.882 KB

Version history: (Expand)


CVS history: (Expand)


   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-09-30 08:16:34 by OBATA Akio | Files touched by this commit (3) | Package updated
Log message:
Take patch for CVE-2013-4122 from upstream git repo.

Bump PKGREVISION of cyrus-saslauthd.
   2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) | Package updated
Log message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
   2012-12-16 02:36:44 by OBATA Akio | Files touched by this commit (10) | Package updated
Log message:
Update cyrus-sasl to 2.1.26.

New in 2.1.26
-------------

* Modernize SASL malloc/realloc callback prototypes
* Added sasl_config_done() to plug a memory leak when using an application
  specific config file
* Fixed PLAIN/LOGIN authentication failure when using saslauthd
  with no auxprop plugins (bug # 3590).
* unlock the mutex in sasl_dispose if the context was freed by another thread
* MINGW32 compatibility patches
* Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0
* Fixed some memory leaks in libsasl
* GSSAPI plugin:
 - Fixed a segfault in gssapi.c introduced in 2.1.25.
 - Code refactoring
 - Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also
   HTTP capable
* GS2 plugin:
 - Updated GS2 plugin not to lose minor GSS-API status codes on errors
* DIGEST-MD5 plugin:
 - Correctly send "stale" directive to prevent clients from (re)promtping
   for password
 - Better handling of HTTP reauthentication cases
 - fixed some memory leaks
* SASLDB plugin:
 - Added support for BerkleyDB 5.X or later
* OTP plugin:
 - Removed calling of EVP_cleanup() on plugin shutdown in order to prevent
   TLS from failing in calling applications
* SRP plugin:
 - Removed calling of EVP_cleanup() on plugin shutdown in order to prevent
   TLS from failing in calling applications
* saslauthd:
 - auth_rimap.c: qstring incorrectly appending the closing double quote,
   which might be causing crashes
 - auth_rimap.c: read the whole IMAP greeting
 - better error reporting from some drivers
 - fixed some memory leaks
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2012-09-22 08:20:21 by OBATA Akio | Files touched by this commit (3) | Package updated
Log message:
Install man source into $(mandir)/man8 instead of catman for saslauthd(8),
or manpage will not displayed correctly with man(1).
It also fixes installation failure for platforms missing `nroff -mandoc'.

Bump PKGREVISION.
   2011-09-17 13:32:03 by OBATA Akio | Files touched by this commit (35) | Package removed
Log message:
Update cyrus-sasl to 2.1.25.
Take maintainership.

New in 2.1.25
-------------

* Make sure that a failed authorization doesn't preclude
  further server-side SASL authentication attempts from working.
* Fixed a crash caused by aborted SASL authentication
  and initiation of another one using the same SASL context.
* (Windows) Fixed the random number generator to actually produce random
  output on each run.
* Be protective against calling sasl_server_step once authentication
  has failed (multiple SASL plugins)
* Fixed several bugs in the mech_avail callback handling
  in the server side code.
* Added support for channel bindings
* Added support for ordering SASL mechanisms by strength (on the client side),
  or using the "client_mech_list" option.
* server_idle needs to obey server's SASL mechanism list from the server
  context.
* Better server plugin API mismatch reporting
* Build:
 - Updated config to the latest GNU snapshot
 - Fixed SASL's libtool MacOS/X 64-bit file magic
* New SASL plugin: SCRAM
* New SASL plugin: GS2
* DIGEST-MD5 plugin:
 -  Allow DIGEST-MD5 plugin to be used for client-side and
    server-side HTTP Digest, including running over non-persistent
    connections (RFC 2617)
 - Use the same username for reauthentication cache lookup and update
 - Minimize the number of auxprop lookups in the server side DIGEST-MD5
   plugin for the most common case when authentication and authorization
   identities are the same.
 - Updated digestmd5_server_mech_step2() to be more defensive against
   empty client input.
 - Fixed some memory leaks on failed plugin initialization.
   Prevent potential race condition when freeding plugin state.
   Set the freed reauthentication cache mutex to NULL, to make errors
   due to mutex access after free more obvious.
 - Test against broken UTF-8 based hashes if calculation using special
   ISO-8859-1 code fails.
 - Fixed an interop problem with some LDAP clients ignoring server
   advertised realm and providing their own.
* GSSAPI plugin:
 - Fix to build GSSAPI with Heimdal
 - Properly set serveroutlen to 0 in one place.
   Don't send empty challenge once server context establishment is done,
   as this is in violation of the RFC 2222 and its successor.
 - Don't send maxbuf, if no security layer can be established.
   Added additional checks for buffer lengths.
* LDAPDB plugin:
 - build fixes

New in 2.1.24
-------------

* Order advertised server-side SASL mechanisms per the specified 'mech_list'
  option or by relative "strength"
* Make sure that sasl_set_alloc() has no effect once sasl_client_init()
  or sasl_server_init() is called
* Fixed sasl_set_mutex() to disallow changing mutex management functions
  once sasl_server_init()/sasl_client_init() is called (bug # 3083)
* Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141)
* Added direct support for hashed password to auxprop API
* Don't treat a constraint violation as an error to store an auxprop property
* Extended libsasl (auxprop) to support user deletion
* Extended SASL auxprop_lookup to return error code
* Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. \ 
disabled)
* (Windows) Free handles of shared libraries on Windows that were loaded
  but are not SASL plugins (bug # 2089)
* Prevent freeing of common state on a subsequent call to _sasl_common_init.
  Make sure that the last global callback always wins.
* Implemented sasl_client_done()/sasl_server_done()
* Added automatic hostname canonicalization inside libsasl
* Made sasl_config_init() public
* Strip trailing spaces from server config file option values (bug # 3139, bug # \ 
3041)
* Fixed potential buffer overflow in saslautd_verify_password().
* Fixed segfault in dlclose() on HPUX
* Various bugfixes for 64bit platforms
* Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c,
  sample/sample-server.c, utils/smtptest.c
* pluginviewer: Code cleanup, improved human readable messages
* Build:
 - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005)
 - (Windows) Added Windows64 build
 - Updated to use .plugin extension on MacOS
 - Changed 64bit HP-UX build to use .so for shared libraries
* saslauthd:
 - Fixed bug counting double-quotes in username/password in
   auth_rimap.c. Also fixed bug zeroing password.
 - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function.
 - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644
 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h,
   so that crypt is correctly defined
 - auth_getpwent.c: Fixed Solaris build
* SASLDB plugin:
 - Fixed spurious 'user not found' errors caused by an attempt
   to delete a non-existent property
 - Added direct support for hashed password to auxprop API
 - Sleepycat driver:  Return SASL_NOUSER instead of SASL_FAIL when the database
   file doesn't exist
 - Ignore properties starting with '*' in the auxprop store function
* SQL plugin:
 - Added support for SQLITE3
 - Uninitialized variables can cause crash when the searched user is not found
 - Added direct support for hashed password
 - Ignore properties starting with '*' in the auxprop store function
* LDAPDB plugin:
 - Added code to extend LDAPDB into a canon_user plugin in addition
   to its existing auxprop plugin functionality
* PLAIN plugin:
 - Advertise SASL_SEC_PASS_CREDENTIALS feature
* LOGIN plugin:
 - Advertise SASL_SEC_PASS_CREDENTIALS feature
* DIGEST-MD5 plugin:
 - Fixed a memory leak in the DIGEST-MD5 security layer
 - Fixed memory leaks in client-side reauth and other places
 - More detailed error reporting.
 - Fixed parsing of challenges/responses with extra commas.
 - Allow for multiple qop options from the server and require
   a single qop option from the client.
* GSSAPI plugin:
 - Check that params->serverFQDN is not NULL before using strlen on it
 - Make auxprop lookup calls optional
* EXTERNAL plugin:
 - Make auxprop lookup calls optional
* NTLM plugin:
 - allow a comma separated list of servernames in 'ntlm_server' option
 - Fixed crash in calculating NTv2 reponse
* OTP plugin:
 - Don't use a stack variable for an OTP prompt (bug # 2822)
 - Downgrade the failure to store OTP secret to debug level
* KERBEROS_V4 plugin:
 - Make auxprop lookup calls optional