Date: Wednesday, January 16, 2019 @ 11:26:50
Author: felixonmars
Revision: 344219
archrelease: copy trunk to staging-x86_64
Added:
libsasl/repos/staging-x86_64/
libsasl/repos/staging-x86_64/0010_maintainer_mode.patch
(from rev 344218, libsasl/trunk/0010_maintainer_mode.patch)
libsasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch
(from rev 344218, libsasl/trunk/0011_saslauthd_ac_prog_libtool.patch)
libsasl/repos/staging-x86_64/0025_ld_as_needed.patch
(from rev 344218, libsasl/trunk/0025_ld_as_needed.patch)
libsasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch
(from rev 344218, libsasl/trunk/0026_drop_krb5support_dependency.patch)
libsasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch
(from rev 344218,
libsasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch)
libsasl/repos/staging-x86_64/CVE-2013-4122.patch
(from rev 344218, libsasl/trunk/CVE-2013-4122.patch)
libsasl/repos/staging-x86_64/PKGBUILD
(from rev 344218, libsasl/trunk/PKGBUILD)
libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-as-needed.patch)
libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-qa.patch)
libsasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-2.1.26-size_t.patch)
libsasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch)
libsasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-gssapi.patch)
libsasl/repos/staging-x86_64/cyrus-sasl-sql.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-sql.patch)
libsasl/repos/staging-x86_64/fix-pkgconfig.patch
(from rev 344218, libsasl/trunk/fix-pkgconfig.patch)
libsasl/repos/staging-x86_64/saslauthd.conf.d
(from rev 344218, libsasl/trunk/saslauthd.conf.d)
libsasl/repos/staging-x86_64/saslauthd.service
(from rev 344218, libsasl/trunk/saslauthd.service)
libsasl/repos/staging-x86_64/tmpfiles.conf
(from rev 344218, libsasl/trunk/tmpfiles.conf)
--------------------------------------------------+
0010_maintainer_mode.patch | 19
0011_saslauthd_ac_prog_libtool.patch | 15
0025_ld_as_needed.patch | 27 +
0026_drop_krb5support_dependency.patch | 14
0030-dont_use_la_files_for_opening_plugins.patch | 134 ++++++
CVE-2013-4122.patch | 116 +++++
PKGBUILD | 202 +++++++++
cyrus-sasl-2.1.22-as-needed.patch | 11
cyrus-sasl-2.1.22-qa.patch | 22 +
cyrus-sasl-2.1.26-size_t.patch | 11
cyrus-sasl-2.1.27-openssl-1.1.0.patch | 435 +++++++++++++++++++++
cyrus-sasl-gssapi.patch | 16
cyrus-sasl-sql.patch | 39 +
fix-pkgconfig.patch | 27 +
saslauthd.conf.d | 1
saslauthd.service | 11
tmpfiles.conf | 1
17 files changed, 1101 insertions(+)
Copied: libsasl/repos/staging-x86_64/0010_maintainer_mode.patch (from rev
344218, libsasl/trunk/0010_maintainer_mode.patch)
===================================================================
--- staging-x86_64/0010_maintainer_mode.patch (rev 0)
+++ staging-x86_64/0010_maintainer_mode.patch 2019-01-16 11:26:50 UTC (rev
344219)
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0010_maintainer_mode.dpatch by <fa...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Enable maintainer mode to avoid auto* problems.
+
+@DPATCH@
+diff -urNad trunk~/configure.in trunk/configure.in
+--- trunk~/configure.in 2006-05-29 22:52:46.000000000 +0300
++++ trunk/configure.in 2006-11-01 23:24:55.000000000 +0200
+@@ -62,6 +62,8 @@
+ AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
+ CMU_INIT_AUTOMAKE
+
++AM_MAINTAINER_MODE
++
+ # and include our config dir scripts
+ ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
+
Property changes on: libsasl/repos/staging-x86_64/0010_maintainer_mode.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/0010_maintainer_mode.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch (from
rev 344218, libsasl/trunk/0011_saslauthd_ac_prog_libtool.patch)
===================================================================
--- staging-x86_64/0011_saslauthd_ac_prog_libtool.patch
(rev 0)
+++ staging-x86_64/0011_saslauthd_ac_prog_libtool.patch 2019-01-16 11:26:50 UTC
(rev 344219)
@@ -0,0 +1,15 @@
+0011_saslauthd_ac_prog_libtool.dpatch by <fa...@debian.org>
+
+Enable libtool use.
+
+diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
+--- trunk~/saslauthd/configure.in 2006-05-29 22:52:42.000000000 +0300
++++ trunk/saslauthd/configure.in 2006-11-01 23:41:51.000000000 +0200
+@@ -25,6 +25,7 @@
+ AC_PROG_MAKE_SET
+ AC_PROG_LN_S
+ AC_PROG_INSTALL
++AC_PROG_LIBTOOL
+
+ dnl Checks for build foo
+ CMU_C___ATTRIBUTE__
Property changes on:
libsasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/0011_saslauthd_ac_prog_libtool.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/0025_ld_as_needed.patch (from rev 344218,
libsasl/trunk/0025_ld_as_needed.patch)
===================================================================
--- staging-x86_64/0025_ld_as_needed.patch (rev 0)
+++ staging-x86_64/0025_ld_as_needed.patch 2019-01-16 11:26:50 UTC (rev
344219)
@@ -0,0 +1,27 @@
+Author: Matthias Klose <d...@ubuntu.com>
+Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
+it.
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
+ saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
+ saslauthd_LDADD = @SASL_KRB_LIB@ \
+ @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@
@LTLIBOBJS@
+
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
+
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+
+ # Prevent make dist stupidity
+ libsasldb_a_SOURCES =
Property changes on: libsasl/repos/staging-x86_64/0025_ld_as_needed.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/0025_ld_as_needed.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch
(from rev 344218, libsasl/trunk/0026_drop_krb5support_dependency.patch)
===================================================================
--- staging-x86_64/0026_drop_krb5support_dependency.patch
(rev 0)
+++ staging-x86_64/0026_drop_krb5support_dependency.patch 2019-01-16
11:26:50 UTC (rev 344219)
@@ -0,0 +1,14 @@
+Author: Roberto C. Sanchez <robe...@connexer.com>
+Description: Drop gratuitous dependency on krb5support
+--- a/cmulocal/sasl2.m4
++++ b/cmulocal/sasl2.m4
+@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
+ fi
+
+ if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
+- # check for libkrb5support first
+- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support
K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
+-
+ gss_failed=0
+ AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
+ ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
${K5SUP} ${LIB_SOCKET})
Property changes on:
libsasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/0026_drop_krb5support_dependency.patch:195303-195304
\ No newline at end of property
Copied:
libsasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch
(from rev 344218,
libsasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch)
===================================================================
--- staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch
(rev 0)
+++ staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch
2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1,134 @@
+--- a/lib/dlopen.c
++++ b/lib/dlopen.c
+@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
+ return result;
+ }
+
+-/* this returns the file to actually open.
+- * out should be a buffer of size PATH_MAX
+- * and may be the same as in. */
+-
+-/* We'll use a static buffer for speed unless someone complains */
+-#define MAX_LINE 2048
+-
+-static int _parse_la(const char *prefix, const char *in, char *out)
+-{
+- FILE *file;
+- size_t length;
+- char line[MAX_LINE];
+- char *ntmp = NULL;
+-
+- if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
+-
+- /* Set this so we can detect failure */
+- *out = '\0';
+-
+- length = strlen(in);
+-
+- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
+- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
+- /* check for a .la file */
+- strcpy(line, prefix);
+- strcat(line, in);
+- length = strlen(line);
+- *(line + (length - strlen(SO_SUFFIX))) = '\0';
+- strcat(line, LA_SUFFIX);
+- file = fopen(line, "r");
+- if(file) {
+- /* We'll get it on the .la open */
+- fclose(file);
+- return SASL_FAIL;
+- }
+- }
+- strcpy(out, prefix);
+- strcat(out, in);
+- return SASL_OK;
+- }
+-
+- strcpy(line, prefix);
+- strcat(line, in);
+-
+- file = fopen(line, "r");
+- if(!file) {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "unable to open LA file: %s", line);
+- return SASL_FAIL;
+- }
+-
+- while(!feof(file)) {
+- if(!fgets(line, MAX_LINE, file)) break;
+- if(line[strlen(line) - 1] != '\n') {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "LA file has too long of a line: %s", in);
+- return SASL_BUFOVER;
+- }
+- if(line[0] == '\n' || line[0] == '#') continue;
+- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
+- /* We found the line with the name in it */
+- char *end;
+- char *start;
+- size_t len;
+- end = strrchr(line, '\'');
+- if(!end) continue;
+- start = &line[sizeof("dlname=")-1];
+- len = strlen(start);
+- if(len > 3 && start[0] == '\'') {
+- ntmp=&start[1];
+- *end='\0';
+- /* Do we have dlname="" ? */
+- if(ntmp == end) {
+- _sasl_log(NULL, SASL_LOG_DEBUG,
+- "dlname is empty in .la file: %s", in);
+- return SASL_FAIL;
+- }
+- strcpy(out, prefix);
+- strcat(out, ntmp);
+- }
+- break;
+- }
+- }
+- if(ferror(file) || feof(file)) {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "Error reading .la: %s\n", in);
+- fclose(file);
+- return SASL_FAIL;
+- }
+- fclose(file);
+-
+- if(!(*out)) {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "Could not find a dlname line in .la file: %s", in);
+- return SASL_FAIL;
+- }
+-
+- return SASL_OK;
+-}
+ #endif /* DO_DLOPEN */
+
+ /* loads a plugin library */
+@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
+ if (length + pos>=PATH_MAX) continue; /* too big */
+
+ if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
+- SO_SUFFIX)
+- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
+- LA_SUFFIX))
++ SO_SUFFIX))
+ continue;
+
++ /* We only use .so files for loading plugins */
++
+ memcpy(name,dir->d_name,length);
+ name[length]='\0';
+
+- result = _parse_la(prefix, name, tmp);
+- if(result != SASL_OK)
+- continue;
+-
++ /* Create full name with path */
++ strncpy(tmp, prefix, PATH_MAX);
++ strncat(tmp, name, PATH_MAX);
++
+ /* skip "lib" and cut off suffix --
+ this only need be approximate */
+ strcpy(plugname, name + 3);
Property changes on:
libsasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/CVE-2013-4122.patch (from rev 344218,
libsasl/trunk/CVE-2013-4122.patch)
===================================================================
--- staging-x86_64/CVE-2013-4122.patch (rev 0)
+++ staging-x86_64/CVE-2013-4122.patch 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1,116 @@
+From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
+From: mancha <manc...@hush.com>
+Date: Thu, 11 Jul 2013 09:08:07 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt()
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Patch by manc...@hush.com.
+---
+diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
+index 4b34222..400289c 100644
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ char *userid;
+ char *password;
+ {
+ char* r;
++ char* crpt_passwd;
+ struct passwd *pwd;
+
+ pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+ else if (pwd->pw_passwd[0] == '*') {
+ r = "Account disabled";
+ }
+- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) ||
strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ r = "Incorrect password";
+ }
+ else {
+diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
+index 2b11286..6d607bb 100644
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -32,13 +32,15 @@ char *userid;
+ char *password;
+ {
+ struct spwd *pwd;
++ char *crpt_passwd;
+
+ pwd = getspnam(userid);
+ if (!pwd) {
+ return "Userid not found";
+ }
+
+- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++ crpt_passwd = crypt(password, pwd->sp_pwdp);
++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0)
{
+ return "Incorrect password";
+ }
+ else {
+diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
+index fc8029d..d4ebe54 100644
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -77,6 +77,7 @@ auth_getpwent (
+ {
+ /* VARIABLES */
+ struct passwd *pw; /* pointer to passwd file entry
*/
++ char *crpt_passwd; /* encrypted password */
+ int errnum;
+ /* END VARIABLES */
+
+@@ -105,7 +106,8 @@ auth_getpwent (
+ }
+ }
+
+- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++ crpt_passwd = crypt(password, pw->pw_passwd);
++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password",
login);
+ }
+diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
+index 677131b..1988afd 100644
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -210,8 +210,8 @@ auth_shadow (
+ RETURN("NO Insufficient permission to access NIS authentication
database (saslauthd)");
+ }
+
+- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+- if (strcmp(sp->sp_pwdp, cpw)) {
++ cpw = crypt(password, sp->sp_pwdp);
++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ if (flags & VERBOSE) {
+ /*
+ * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -221,10 +221,8 @@ auth_shadow (
+ syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ sp->sp_pwdp, cpw);
+ }
+- free(cpw);
+ RETURN("NO Incorrect password");
+ }
+- free(cpw);
+
+ /*
+ * The following fields will be set to -1 if:
+@@ -286,7 +284,7 @@ auth_shadow (
+ RETURN("NO Invalid username");
+ }
+
+- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd,
(const char *)cpw) != 0)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ password, upw->upw_passwd);
+--
+cgit v0.9.2
Property changes on: libsasl/repos/staging-x86_64/CVE-2013-4122.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/CVE-2013-4122.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/PKGBUILD (from rev 344218,
libsasl/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD (rev 0)
+++ staging-x86_64/PKGBUILD 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1,202 @@
+# Maintainer: Jan de Groot <j...@archlinux.org>
+
+# This package spans multiple repositories.
+# Always build from cyrus-sasl/trunk and merge changes to libsasl/trunk.
+
+#pkgbase=('cyrus-sasl')
+#pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
+pkgname=libsasl
+pkgver=2.1.26
+pkgrel=14
+pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
+arch=('x86_64')
+url="http://cyrusimap.web.cmu.edu/";
+license=('custom')
+options=('!makeflags')
+makedepends=('postgresql-libs' 'mariadb-libs' 'libldap' 'krb5' 'openssl'
'sqlite')
+source=(https://www.cyrusimap.org/releases/cyrus-sasl-${pkgver}.tar.gz
+ cyrus-sasl-2.1.22-qa.patch
+ cyrus-sasl-2.1.26-size_t.patch
+ 0010_maintainer_mode.patch
+ 0011_saslauthd_ac_prog_libtool.patch
+ 0025_ld_as_needed.patch
+ 0026_drop_krb5support_dependency.patch
+ 0030-dont_use_la_files_for_opening_plugins.patch
+ saslauthd.service
+ saslauthd.conf.d
+ tmpfiles.conf
+ CVE-2013-4122.patch
+ cyrus-sasl-sql.patch
+ cyrus-sasl-gssapi.patch
+ cyrus-sasl-2.1.27-openssl-1.1.0.patch
+ fix-pkgconfig.patch)
+md5sums=('a7f4e5e559a0e37b3ffc438c9456e425'
+ '79b8a5e8689989e2afd4b7bda595a7b1'
+ 'f45aa8c42b32e0569ab3d14a83485b37'
+ 'f45d8b60e8f74dd7f7c2ec1665fa602a'
+ '9d93880514cb5ff5da969f1ceb64a661'
+ '62bf892fe4d1df41ff748e91a1afaf67'
+ 'b7848957357e7c02d6490102be496bf9'
+ '8e7106f32e495e9ade69014fd1b3352a'
+ '3499dcd610ad1ad58e0faffde2aa7a23'
+ '49219af5641150edec288a3fdb65e7c1'
+ '45bb0192d2f188066240b9a66ee6365f'
+ 'c5f0ec88c584a75c14d7f402eaeed7ef'
+ '82c0f66fdc5c1145eb48ea9116c27931'
+ '0363b1a0337474a57b1f75f72fe88fa3'
+ 'c8a385bbca9bd79910c6bda3dd02845c'
+ '409727695f9f28a3c43e340232462ff6')
+
+prepare() {
+ cd cyrus-sasl-$pkgver
+ patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch
+ patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch
+ patch -Np1 -i ../0010_maintainer_mode.patch
+ patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch
+ patch -Np1 -i ../0025_ld_as_needed.patch
+ patch -Np1 -i ../0026_drop_krb5support_dependency.patch
+ patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch
+ patch -Np1 -i ../CVE-2013-4122.patch
+ patch -Np0 -i ../cyrus-sasl-sql.patch
+ patch -Np1 -i ../cyrus-sasl-gssapi.patch
+ patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch
+ patch -Np1 -i ../fix-pkgconfig.patch
+
+ sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e
's/libmysqlclient.a/libmysqlclient.so/' -i configure.in
+}
+
+build() {
+ export CFLAGS="$CFLAGS -fPIC"
+ cd cyrus-sasl-$pkgver
+
+ rm -f config/config.guess config/config.sub
+ rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+ rm -fr autom4te.cache
+ libtoolize -c
+ aclocal -I config -I cmulocal
+ automake -a -c
+ autoheader
+ autoconf
+
+ pushd saslauthd
+ rm -f config/config.guess config/config.sub
+ rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+ rm -fr autom4te.cache
+ libtoolize -c
+ aclocal -I config -I ../cmulocal -I ../config
+ automake -a -c
+ autoheader
+ autoconf
+ popd
+
+ ./configure --prefix=/usr \
+ --sbin=/usr/bin \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --disable-static \
+ --enable-shared \
+ --enable-alwaystrue \
+ --enable-checkapop \
+ --enable-cram \
+ --enable-digest \
+ --disable-otp \
+ --disable-srp \
+ --disable-srp-setpass \
+ --disable-krb4 \
+ --enable-gssapi \
+ --enable-auth-sasldb \
+ --enable-plain \
+ --enable-anon \
+ --enable-login \
+ --enable-ntlm \
+ --disable-passdss \
+ --enable-sql \
+ --with-mysql=/usr \
+ --with-pgsql=/usr/lib \
+ --with-sqlite3=/usr/lib \
+ --enable-ldapdb \
+ --disable-macos-framework \
+ --with-pam \
+ --with-saslauthd=/var/run/saslauthd \
+ --with-ldap \
+ --with-dblib=gdbm \
+ --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
+ --sysconfdir=/etc \
+ --with-devrandom=/dev/urandom
+ make
+}
+
+package_libsasl() {
+ pkgdesc="Cyrus Simple Authentication Service Layer (SASL) Library"
+ depends=('openssl')
+ conflicts=('cyrus-sasl-plugins')
+
+ cd cyrus-sasl-$pkgver
+ make DESTDIR="$pkgdir" install-pkgconfigDATA
+ for dir in include lib sasldb plugins utils; do
+ pushd ${dir}
+ make DESTDIR="${pkgdir}" install
+ popd
+ done
+ rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so*
+ rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so*
+ rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so*
+ rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so*
+ install -m755 -d "${pkgdir}/usr/share/licenses/libsasl"
+ install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/"
+}
+
+package_cyrus-sasl() {
+ depends=("libsasl=${pkgver}" 'krb5')
+ pkgdesc="Cyrus saslauthd SASL authentication daemon"
+ backup=('etc/conf.d/saslauthd')
+
+ cd cyrus-sasl-$pkgver/saslauthd
+ make DESTDIR="${pkgdir}" install
+ install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd"
+ install -Dm644 "${srcdir}/saslauthd.service"
"${pkgdir}/usr/lib/systemd/system/saslauthd.service"
+ install -Dm644 "${srcdir}/tmpfiles.conf"
"${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf"
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl"
+ ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/"
+}
+
+package_cyrus-sasl-gssapi() {
+ pkgdesc="GSSAPI authentication mechanism for Cyrus SASL"
+ depends=("libsasl=${pkgver}" 'krb5')
+ replaces=('cyrus-sasl-plugins')
+
+ cd cyrus-sasl-$pkgver/plugins
+ install -m755 -d "${pkgdir}/usr/lib/sasl2"
+ cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/"
+ cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/"
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi"
+ ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/"
+}
+
+package_cyrus-sasl-ldap() {
+ pkgdesc="ldapdb auxprop module for Cyrus SASL"
+ depends=("libsasl=${pkgver}" 'libldap')
+ replaces=('cyrus-sasl-plugins')
+
+ cd cyrus-sasl-$pkgver/plugins
+ install -m755 -d "${pkgdir}/usr/lib/sasl2"
+ cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/"
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap"
+ ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap/"
+}
+
+package_cyrus-sasl-sql() {
+ pkgdesc="SQL auxprop module for Cyrus SASL"
+ depends=("libsasl=${pkgver}" 'postgresql-libs' 'mariadb-libs' 'sqlite')
+ replaces=('cyrus-sasl-plugins')
+
+ cd cyrus-sasl-$pkgver/plugins
+ install -m755 -d "${pkgdir}/usr/lib/sasl2"
+ cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/"
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql"
+ ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/"
+}
Property changes on: libsasl/repos/staging-x86_64/PKGBUILD
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/PKGBUILD:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch (from
rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-as-needed.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch
(rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch 2019-01-16 11:26:50 UTC
(rev 344219)
@@ -0,0 +1,11 @@
+--- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700
++++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700
+@@ -77,7 +77,7 @@
+ AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
+ SASL_DB_PATH_CHECK()
+ SASL_DB_CHECK()
+- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
++ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
+ fi
+
+ AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form
authentication [[no]] ],
Property changes on:
libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/cyrus-sasl-2.1.22-as-needed.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch (from rev
344218, libsasl/trunk/cyrus-sasl-2.1.22-qa.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.22-qa.patch (rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.22-qa.patch 2019-01-16 11:26:50 UTC (rev
344219)
@@ -0,0 +1,22 @@
+fix missing prototype warnings
+
+--- cyrus-sasl-2.1.22/lib/auxprop.c
++++ cyrus-sasl-2.1.22/lib/auxprop.c
+@@ -43,6 +43,7 @@
+ */
+
+ #include <config.h>
++#include <stdio.h>
+ #include <sasl.h>
+ #include <prop.h>
+ #include <ctype.h>
+--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
+ ******************************************************************/
+
+ #include <shadow.h>
++#include <string.h>
+
+ extern char *crypt();
+
Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/cyrus-sasl-2.1.22-qa.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch (from rev
344218, libsasl/trunk/cyrus-sasl-2.1.26-size_t.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.26-size_t.patch
(rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.26-size_t.patch 2019-01-16 11:26:50 UTC
(rev 344219)
@@ -0,0 +1,11 @@
+--- cyrus-sasl-2.1.26/include/sasl.h 2012-10-12 09:05:48.000000000 -0500
++++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600
+@@ -223,6 +223,8 @@ extern "C" {
+ * they must be called before all other SASL functions:
+ */
+
++#include <sys/types.h>
++
+ /* memory allocation functions which may optionally be replaced:
+ */
+ typedef void *sasl_malloc_t(size_t);
Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/cyrus-sasl-2.1.26-size_t.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch
(from rev 344218, libsasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch
(rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch 2019-01-16
11:26:50 UTC (rev 344219)
@@ -0,0 +1,435 @@
+diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110
cyrus-sasl-2.1.26/plugins/ntlm.c
+--- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 2012-01-28
00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/ntlm.c 2016-11-07 16:15:57.498259304 +0100
+@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
+ return P24;
+ }
+
++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ return HMAC_CTX_new();
++#else
++ return utils->malloc(sizeof(HMAC_CTX));
++#endif
++}
++
++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ HMAC_CTX_free(ctx);
++#else
++ HMAC_cleanup(ctx);
++ utils->free(ctx);
++#endif
++}
++
+ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ const char *authid, const char *target,
+ const unsigned char *challenge,
+@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
+ const sasl_utils_t *utils,
+ char **buf, unsigned *buflen, int *result)
+ {
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx = NULL;
+ unsigned char hash[EVP_MAX_MD_SIZE];
+ char *upper;
+ unsigned int len;
+@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
+ SETERROR(utils, "cannot allocate NTLMv2 hash");
+ *result = SASL_NOMEM;
+ }
++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate HMAC CTX");
++ *result = SASL_NOMEM;
++ }
+ else {
+ /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
+ P16_nt(hash, passwd, utils, buf, buflen, result);
+@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
+ HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
+
+ /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
+- HMAC_Init(&ctx, hash, len, EVP_md5());
+- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
+- HMAC_Update(&ctx, blob, bloblen);
+- HMAC_Final(&ctx, V2, &len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
++ HMAC_Update(ctx, blob, bloblen);
++ HMAC_Final(ctx, V2, &len);
+
+ /* the blob is concatenated outside of this function */
+
+ *result = SASL_OK;
+ }
+
++ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
++
+ return V2;
+ }
+
+diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110
cyrus-sasl-2.1.26/plugins/otp.c
+--- cyrus-sasl-2.1.26/plugins/otp.c.openssl110 2012-10-12 16:05:48.000000000
+0200
++++ cyrus-sasl-2.1.26/plugins/otp.c 2016-11-07 16:13:54.374327601 +0100
+@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
+ {NULL, 0, NULL}
+ };
+
++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ return EVP_MD_CTX_new();
++#else
++ return utils->malloc(sizeof(EVP_MD_CTX));
++#endif
++}
++
++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX_free(ctx);
++#else
++ utils->free(ctx);
++#endif
++}
++
+ /* Convert the binary data into ASCII hex */
+ void bin2hex(unsigned char *bin, int binlen, char *hex)
+ {
+@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
+ * swabbing bytes if necessary.
+ */
+ static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
+- unsigned char *out, int swab)
++ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
+ {
+- EVP_MD_CTX mdctx;
+- char hash[EVP_MAX_MD_SIZE];
++ unsigned char hash[EVP_MAX_MD_SIZE];
+ unsigned int i;
+ int j;
+ unsigned hashlen;
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, in, inlen);
+- EVP_DigestFinal(&mdctx, hash, &hashlen);
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, in, inlen);
++ EVP_DigestFinal(mdctx, hash, &hashlen);
+
+ /* Fold the result into 64 bits */
+ for (i = OTP_HASH_SIZE; i < hashlen; i++) {
+@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
+ char *secret, char *otp)
+ {
+ const EVP_MD *md;
+- char *key;
++ EVP_MD_CTX *mdctx = NULL;
++ char *key = NULL;
++ int r = SASL_OK;
+
+ if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ utils->seterror(utils->conn, 0,
+@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
+ return SASL_FAIL;
+ }
+
++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate MD CTX");
++ r = SASL_NOMEM;
++ goto done;
++ }
++
+ if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
+ SETERROR(utils, "cannot allocate OTP key");
+- return SASL_NOMEM;
++ r = SASL_NOMEM;
++ goto done;
+ }
+
+ /* initial step */
+ strcpy(key, seed);
+ strcat(key, secret);
+- otp_hash(md, key, strlen(key), otp, alg->swab);
++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
+
+ /* computation step */
+ while (seq-- > 0)
+- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
+-
+- utils->free(key);
++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
++
++ done:
++ if (key) utils->free(key);
++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+
+- return SASL_OK;
++ return r;
+ }
+
+ static int parse_challenge(const sasl_utils_t *utils,
+@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
+
+ /* Convert the 6 words into binary data */
+ static int word2bin(const sasl_utils_t *utils,
+- char *words, unsigned char *bin, const EVP_MD *md)
++ char *words, unsigned char *bin, const EVP_MD *md,
++ EVP_MD_CTX *mdctx)
+ {
+ int i, j;
+ char *c, *word, buf[OTP_RESPONSE_MAX+1];
+@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
+
+ /* alternate dictionary */
+ if (alt_dict) {
+- EVP_MD_CTX mdctx;
+- char hash[EVP_MAX_MD_SIZE];
+- int hashlen;
++ unsigned char hash[EVP_MAX_MD_SIZE];
++ unsigned hashlen;
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, word, strlen(word));
+- EVP_DigestFinal(&mdctx, hash, &hashlen);
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, word, strlen(word));
++ EVP_DigestFinal(mdctx, hash, &hashlen);
+
+ /* use lowest 11 bits */
+ x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
+@@ -802,6 +834,7 @@ static int verify_response(server_contex
+ char *response)
+ {
+ const EVP_MD *md;
++ EVP_MD_CTX *mdctx = NULL;
+ char *c;
+ int do_init = 0;
+ unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
+@@ -815,6 +848,11 @@ static int verify_response(server_contex
+ return SASL_FAIL;
+ }
+
++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate MD CTX");
++ return SASL_NOMEM;
++ }
++
+ /* eat leading whitespace */
+ c = response;
+ while (isspace((int) *c)) c++;
+@@ -824,7 +862,7 @@ static int verify_response(server_contex
+ r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
+ }
+ else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
+- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
+ }
+ else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
+ strlen(OTP_INIT_HEX_TYPE))) {
+@@ -834,7 +872,7 @@ static int verify_response(server_contex
+ else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ strlen(OTP_INIT_WORD_TYPE))) {
+ do_init = 1;
+- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md,
mdctx);
+ }
+ else {
+ SETERROR(utils, "unknown OTP extended response type");
+@@ -843,14 +881,15 @@ static int verify_response(server_contex
+ }
+ else {
+ /* standard response, try word first, and then hex */
+- r = word2bin(utils, c, cur_otp, md);
++ r = word2bin(utils, c, cur_otp, md, mdctx);
+ if (r != SASL_OK)
+ r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
+ }
+
+ if (r == SASL_OK) {
+ /* do one more hash (previous otp) and compare to stored otp */
+- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
++ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
++ prev_otp, text->alg->swab, mdctx);
+
+ if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
+ /* update the secret with this seq/otp */
+@@ -879,23 +918,28 @@ static int verify_response(server_contex
+ *new_resp++ = '\0';
+ }
+
+- if (!(new_chal && new_resp))
+- return SASL_BADAUTH;
++ if (!(new_chal && new_resp)) {
++ r = SASL_BADAUTH;
++ goto done;
++ }
+
+ if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
+ != SASL_OK) {
+- return r;
++ goto done;
+ }
+
+- if (seq < 1 || !strcasecmp(seed, text->seed))
+- return SASL_BADAUTH;
++ if (seq < 1 || !strcasecmp(seed, text->seed)) {
++ r = SASL_BADAUTH;
++ goto done;
++ }
+
+ /* find the MDA */
+ if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ utils->seterror(utils->conn, 0,
+ "OTP algorithm %s is not available",
+ alg->evp_name);
+- return SASL_BADAUTH;
++ r = SASL_BADAUTH;
++ goto done;
+ }
+
+ if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
+@@ -903,7 +947,7 @@ static int verify_response(server_contex
+ }
+ else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ strlen(OTP_INIT_WORD_TYPE))) {
+- r = word2bin(utils, new_resp, new_otp, md);
++ r = word2bin(utils, new_resp, new_otp, md, mdctx);
+ }
+
+ if (r == SASL_OK) {
+@@ -914,7 +958,10 @@ static int verify_response(server_contex
+ memcpy(text->otp, new_otp, OTP_HASH_SIZE);
+ }
+ }
+-
++
++ done:
++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
++
+ return r;
+ }
+
+diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110
cyrus-sasl-2.1.26/saslauthd/lak.c
+--- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 2016-11-07
16:13:54.347327616 +0100
++++ cyrus-sasl-2.1.26/saslauthd/lak.c 2016-11-07 16:18:42.283167898 +0100
+@@ -61,6 +61,35 @@
+ #include <sasl.h>
+ #include "lak.h"
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++ return EVP_MD_CTX_create();
++}
++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++ if (ctx == NULL)
++ return;
++
++ EVP_MD_CTX_destroy(ctx);
++}
++
++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
++{
++ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
++
++ if (ctx != NULL) {
++ memset(ctx, 0, sizeof(*ctx));
++ }
++ return ctx;
++}
++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
++{
++ OPENSSL_free(ctx);
++ return;
++}
++#endif
++
+ typedef struct lak_auth_method {
+ int method;
+ int (*check) (LAK *lak, const char *user, const char *service, const
char *realm, const char *password) ;
+@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
+
+ int rc, i, tlen = 0;
+ char *text;
+- EVP_ENCODE_CTX EVP_ctx;
++ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
+
+- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
+ if (text == NULL)
+ return LAK_NOMEM;
+
+- EVP_DecodeInit(&EVP_ctx);
+- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
++ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
++ if (text == NULL) {
++ EVP_ENCODE_CTX_free(enc_ctx);
++ return LAK_NOMEM;
++ }
++
++ EVP_DecodeInit(enc_ctx);
++ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const
unsigned char *)src, strlen(src));
+ if (rc < 0) {
++ EVP_ENCODE_CTX_free(enc_ctx);
+ free(text);
+ return LAK_FAIL;
+ }
+ tlen += i;
+- EVP_DecodeFinal(&EVP_ctx, text, &i);
++ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
++
++ EVP_ENCODE_CTX_free(enc_ctx);
+
+ *ret = text;
+ if (rlen != NULL)
+@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
+ {
+ int rc, clen;
+ LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+ const EVP_MD *md;
+ unsigned char digest[EVP_MAX_MD_SIZE];
+ char *cred;
+@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
+ if (!md)
+ return LAK_FAIL;
+
++ mdctx = EVP_MD_CTX_new();
++ if (!mdctx)
++ return LAK_NOMEM;
++
+ rc = lak_base64_decode(hash, &cred, &clen);
+- if (rc != LAK_OK)
++ if (rc != LAK_OK) {
++ EVP_MD_CTX_free(mdctx);
+ return rc;
++ }
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
+ if (hrock->salted) {
+- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
++ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
+ clen - EVP_MD_size(md));
+ }
+- EVP_DigestFinal(&mdctx, digest, NULL);
++ EVP_DigestFinal(mdctx, digest, NULL);
++ EVP_MD_CTX_free(mdctx);
+
+ rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
+ free(cred);
Property changes on:
libsasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch (from rev 344218,
libsasl/trunk/cyrus-sasl-gssapi.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-gssapi.patch (rev 0)
+++ staging-x86_64/cyrus-sasl-gssapi.patch 2019-01-16 11:26:50 UTC (rev
344219)
@@ -0,0 +1,16 @@
+diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c
cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c 2016-06-10 13:55:25.985676293
-0700
++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2016-06-10 13:58:00.687337430 -0700
+@@ -1583,10 +1583,10 @@
+ }
+
+ /* Setup req_flags properly */
+- req_flags = GSS_C_INTEG_FLAG;
++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ if (params->props.max_ssf > params->external_ssf) {
+ /* We are requesting a security layer */
+- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++ req_flags |= GSS_C_INTEG_FLAG;
+ /* Any SSF bigger than 1 is confidentiality. */
+ /* Let's check if the client of the API requires confidentiality,
+ and it wasn't already provided by an external layer */
Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/cyrus-sasl-gssapi.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/cyrus-sasl-sql.patch (from rev 344218,
libsasl/trunk/cyrus-sasl-sql.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-sql.patch (rev 0)
+++ staging-x86_64/cyrus-sasl-sql.patch 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1,39 @@
+--- configure.in 2012-10-12 16:05:48.000000000 +0200
++++ configure.in 2013-05-11 18:48:59.021848013 +0200
+@@ -861,9 +860,9 @@
+ notfound) AC_WARN([SQLite Library not found]); true;;
+ *)
+ if test -d ${with_sqlite}/lib; then
+- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
++ LIB_SQLITE="-L${with_sqlite}/lib"
+ else
+- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
++ LIB_SQLITE="-L${with_sqlite}"
+ fi
+
+ LIB_SQLITE_DIR=$LIB_SQLITE
+@@ -913,9 +912,9 @@
+ notfound) AC_WARN([SQLite3 Library not found]); true;;
+ *)
+ if test -d ${with_sqlite3}/lib; then
+- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
++ LIB_SQLITE3="-L${with_sqlite3}/lib"
+ else
+- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
++ LIB_SQLITE3="-L${with_sqlite3}"
+ fi
+
+ LIB_SQLITE3_DIR=$LIB_SQLITE3
+--- configure.in
++++ configure.in
+@@ -674,7 +674,9 @@
+ LIB_PGSQL_DIR=$LIB_PGSQL
+ LIB_PGSQL="$LIB_PGSQL -lpq"
+
+- if test -d ${with_pgsql}/include/pgsql; then
++ if test -d ${with_pgsql}/include/postgresql/pgsql; then
++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
++ elif test -d ${with_pgsql}/include/pgsql; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+ elif test -d ${with_pgsql}/pgsql/include; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"
Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-sql.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/cyrus-sasl-sql.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/fix-pkgconfig.patch (from rev 344218,
libsasl/trunk/fix-pkgconfig.patch)
===================================================================
--- staging-x86_64/fix-pkgconfig.patch (rev 0)
+++ staging-x86_64/fix-pkgconfig.patch 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1,27 @@
+From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <i...@gnome.org>
+Date: Fri, 20 Nov 2015 11:16:31 +0100
+Subject: [PATCH] Fix up pkgconfig pc file
+
+---
+ libsasl2.pc.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsasl2.pc.in b/libsasl2.pc.in
+index 40bea37..ddad76d 100644
+--- a/libsasl2.pc.in
++++ b/libsasl2.pc.in
+@@ -1,8 +1,12 @@
+-libdir = @libdir@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
+
+ Name: Cyrus SASL
+ Description: Cyrus SASL implementation
+ URL: http://www.cyrussasl.org/
+ Version: @VERSION@
++Cflags: -I${includedir}
+ Libs: -L${libdir} -lsasl2
+ Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@
Property changes on: libsasl/repos/staging-x86_64/fix-pkgconfig.patch
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/fix-pkgconfig.patch:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/saslauthd.conf.d (from rev 344218,
libsasl/trunk/saslauthd.conf.d)
===================================================================
--- staging-x86_64/saslauthd.conf.d (rev 0)
+++ staging-x86_64/saslauthd.conf.d 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1 @@
+SASLAUTHD_OPTS="-a pam"
Property changes on: libsasl/repos/staging-x86_64/saslauthd.conf.d
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/saslauthd.conf.d:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/saslauthd.service (from rev 344218,
libsasl/trunk/saslauthd.service)
===================================================================
--- staging-x86_64/saslauthd.service (rev 0)
+++ staging-x86_64/saslauthd.service 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cyrus SASL authentication daemon
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+PIDFile=/var/run/saslauthd/saslauthd.pid
+
+[Install]
+WantedBy=multi-user.target
Property changes on: libsasl/repos/staging-x86_64/saslauthd.service
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/saslauthd.service:195303-195304
\ No newline at end of property
Copied: libsasl/repos/staging-x86_64/tmpfiles.conf (from rev 344218,
libsasl/trunk/tmpfiles.conf)
===================================================================
--- staging-x86_64/tmpfiles.conf (rev 0)
+++ staging-x86_64/tmpfiles.conf 2019-01-16 11:26:50 UTC (rev 344219)
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root - -
Property changes on: libsasl/repos/staging-x86_64/tmpfiles.conf
___________________________________________________________________
Added: svn:mergeinfo
## -0,0 +1 ##
+/cyrus-sasl/trunk/tmpfiles.conf:195303-195304
\ No newline at end of property
