Red Hat Bugzilla – Bug 18968
cyrus-sasl-1.5.24 is not the "real" 1.5.24
Last modified: 2007-03-26 23:36:31 EDT
NOTE: This is a cyrus-sasl bug, but it is not in the component list, I
think Nalin should get this report
I seems that there have been silent upgrades and what not to cyrus-sasl so
that there are many version 1.5.24's floating around. Quoting Kurt D.
Zeilenga from openldap:
"Sounds like you might be suffering from a nasty (and dangerous) Cyrus SASL
bug. Make sure you have Cyrus SASL 1.5.24 installed as currently available
from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail. Do not install
versions from any other source as there appears
multiple versions labeled 1.5.24 floating about (due to a
upgrade) and only the version in the official FTP site is known
contain the bug."
A diff of the 1.5.24 tarball from the 7.0 src.rpm and the "official" 1.5.24
reveals the following:
diff -uNr rh/cyrus-sasl-1.5.24/lib/server.c
--- rh/cyrus-sasl-1.5.24/lib/server.c Mon Jul 10 14:54:45 2000
+++ cyrus/cyrus-sasl-1.5.24/lib/server.c Sun Aug 13 22:04:42 2000
@@ -895,7 +895,7 @@
s_conn->base.oparams.user = (char *) canonuser;
- return SASL_OK;
+ return ret;
This should be verified to find out if this is a serious bug or not.
Looks like you're right. Refetching the tarball gives me a file that's 58 bytes
larger than the one I had. Will be updated in 1.5.24-11 and -12. Thanks *very*
much for the heads-up!
I've put an updated cyrus-sasl-1.5.24 into the pipeline for release as a