Changelog for
cyrus-sasl-2.1.28-7.2.i586.rpm :
* Mon Jan 23 2023 Dirk Müller
- drop optional opie dependency
* Wed Dec 07 2022 Dominique Leuenberger - Do not set directories inside doc/ mode 644; otherwise the directories are set 644 as well, which means no files inside are accessible. This resulted in the past in doc/ actually not being added to the devel package.
* Wed Mar 09 2022 Dirk Müller - update to 2.1.28 (bsc#1196036, CVE-2022-24407):
* https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28- drop cyrus-sasl-bug587.patch (upstream)
* Mon Jan 31 2022 Dirk Müller - cyrus-sasl: prevent fail of %pre when berkely db utils are not installed (seems like we want to use this only for upgrade so no Prereq added)- move license to licensedir- remove use of RPM_BUILD_ROOT- minimal spec cleanups- avoid bashisms
* Thu Jan 13 2022 Peter Varkoly - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm- Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB
* Thu Feb 25 2021 Peter Varkoly - Fix build: Do not build libsasl2-3 in the bdb package. This will not be linked to berkely db. libsasl2-3 is now defined as %BuildRequires and %Requires
* Fri Jan 08 2021 Peter Varkoly - CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files.
* Tue Dec 08 2020 Peter Varkoly - Remove Berkeley DB dependency (JIRA#SLE-12190) The packages cyrus-sasl and cyrus-sasl-saslauthd are built without Berkely DB support. gdbm will be used instead of BDB. The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built with Berkely DB support.- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin: Fixed memory leaks Fixed a segfault when looking for non-existent reauth cache Prevent client from going from step 3 back to step 2 Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin: Added support for retrieving negotiated SSF Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin: Added support for SCRAM-SHA-256
* LOGIN plugin: Don’t prompt client for password until requested by server
* NTLM plugin: Fixed crash due to uninitialized HMAC context- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- bsc#983938 `After=syslog.target` left-overs in several unit files- added patches: fix_libpq-fe_include.diff for fixing including libpq-fe.h- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
* Thu Feb 06 2020 Samuel Cabrero - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* Thu Nov 28 2019 Michael Ströder - added backport-patch cyrus-sasl-bug587.patch which fixes off-by-one error in _sasl_add_string function (see CVE-2019-19906 bsc#1159635)