Date: Wednesday, January 16, 2019 @ 11:26:50 Author: felixonmars Revision: 344219
archrelease: copy trunk to staging-x86_64 Added: libsasl/repos/staging-x86_64/ libsasl/repos/staging-x86_64/0010_maintainer_mode.patch (from rev 344218, libsasl/trunk/0010_maintainer_mode.patch) libsasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch (from rev 344218, libsasl/trunk/0011_saslauthd_ac_prog_libtool.patch) libsasl/repos/staging-x86_64/0025_ld_as_needed.patch (from rev 344218, libsasl/trunk/0025_ld_as_needed.patch) libsasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch (from rev 344218, libsasl/trunk/0026_drop_krb5support_dependency.patch) libsasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch (from rev 344218, libsasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch) libsasl/repos/staging-x86_64/CVE-2013-4122.patch (from rev 344218, libsasl/trunk/CVE-2013-4122.patch) libsasl/repos/staging-x86_64/PKGBUILD (from rev 344218, libsasl/trunk/PKGBUILD) libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-as-needed.patch) libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-qa.patch) libsasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.26-size_t.patch) libsasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch) libsasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch (from rev 344218, libsasl/trunk/cyrus-sasl-gssapi.patch) libsasl/repos/staging-x86_64/cyrus-sasl-sql.patch (from rev 344218, libsasl/trunk/cyrus-sasl-sql.patch) libsasl/repos/staging-x86_64/fix-pkgconfig.patch (from rev 344218, libsasl/trunk/fix-pkgconfig.patch) libsasl/repos/staging-x86_64/saslauthd.conf.d (from rev 344218, libsasl/trunk/saslauthd.conf.d) libsasl/repos/staging-x86_64/saslauthd.service (from rev 344218, libsasl/trunk/saslauthd.service) libsasl/repos/staging-x86_64/tmpfiles.conf (from rev 344218, libsasl/trunk/tmpfiles.conf) --------------------------------------------------+ 0010_maintainer_mode.patch | 19 0011_saslauthd_ac_prog_libtool.patch | 15 0025_ld_as_needed.patch | 27 + 0026_drop_krb5support_dependency.patch | 14 0030-dont_use_la_files_for_opening_plugins.patch | 134 ++++++ CVE-2013-4122.patch | 116 +++++ PKGBUILD | 202 +++++++++ cyrus-sasl-2.1.22-as-needed.patch | 11 cyrus-sasl-2.1.22-qa.patch | 22 + cyrus-sasl-2.1.26-size_t.patch | 11 cyrus-sasl-2.1.27-openssl-1.1.0.patch | 435 +++++++++++++++++++++ cyrus-sasl-gssapi.patch | 16 cyrus-sasl-sql.patch | 39 + fix-pkgconfig.patch | 27 + saslauthd.conf.d | 1 saslauthd.service | 11 tmpfiles.conf | 1 17 files changed, 1101 insertions(+) Copied: libsasl/repos/staging-x86_64/0010_maintainer_mode.patch (from rev 344218, libsasl/trunk/0010_maintainer_mode.patch) =================================================================== --- staging-x86_64/0010_maintainer_mode.patch (rev 0) +++ staging-x86_64/0010_maintainer_mode.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 0010_maintainer_mode.dpatch by <fa...@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Enable maintainer mode to avoid auto* problems. + +@DPATCH@ +diff -urNad trunk~/configure.in trunk/configure.in +--- trunk~/configure.in 2006-05-29 22:52:46.000000000 +0300 ++++ trunk/configure.in 2006-11-01 23:24:55.000000000 +0200 +@@ -62,6 +62,8 @@ + AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22) + CMU_INIT_AUTOMAKE + ++AM_MAINTAINER_MODE ++ + # and include our config dir scripts + ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" + Property changes on: libsasl/repos/staging-x86_64/0010_maintainer_mode.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/0010_maintainer_mode.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch (from rev 344218, libsasl/trunk/0011_saslauthd_ac_prog_libtool.patch) =================================================================== --- staging-x86_64/0011_saslauthd_ac_prog_libtool.patch (rev 0) +++ staging-x86_64/0011_saslauthd_ac_prog_libtool.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,15 @@ +0011_saslauthd_ac_prog_libtool.dpatch by <fa...@debian.org> + +Enable libtool use. + +diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in +--- trunk~/saslauthd/configure.in 2006-05-29 22:52:42.000000000 +0300 ++++ trunk/saslauthd/configure.in 2006-11-01 23:41:51.000000000 +0200 +@@ -25,6 +25,7 @@ + AC_PROG_MAKE_SET + AC_PROG_LN_S + AC_PROG_INSTALL ++AC_PROG_LIBTOOL + + dnl Checks for build foo + CMU_C___ATTRIBUTE__ Property changes on: libsasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/0011_saslauthd_ac_prog_libtool.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/0025_ld_as_needed.patch (from rev 344218, libsasl/trunk/0025_ld_as_needed.patch) =================================================================== --- staging-x86_64/0025_ld_as_needed.patch (rev 0) +++ staging-x86_64/0025_ld_as_needed.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,27 @@ +Author: Matthias Klose <d...@ubuntu.com> +Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use +it. +--- a/saslauthd/Makefile.am ++++ b/saslauthd/Makefile.am +@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c + saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ + saslauthd_LDADD = @SASL_KRB_LIB@ \ + @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ +- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ ++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ + + testsaslauthd_SOURCES = testsaslauthd.c utils.c + testsaslauthd_LDADD = @LIB_SOCKET@ +--- a/sasldb/Makefile.am ++++ b/sasldb/Makefile.am +@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a + + libsasldb_la_SOURCES = allockey.c sasldb.h + EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) +-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) +-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) ++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) ++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + + # Prevent make dist stupidity + libsasldb_a_SOURCES = Property changes on: libsasl/repos/staging-x86_64/0025_ld_as_needed.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/0025_ld_as_needed.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch (from rev 344218, libsasl/trunk/0026_drop_krb5support_dependency.patch) =================================================================== --- staging-x86_64/0026_drop_krb5support_dependency.patch (rev 0) +++ staging-x86_64/0026_drop_krb5support_dependency.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,14 @@ +Author: Roberto C. Sanchez <robe...@connexer.com> +Description: Drop gratuitous dependency on krb5support +--- a/cmulocal/sasl2.m4 ++++ b/cmulocal/sasl2.m4 +@@ -112,9 +112,6 @@ if test "$gssapi" != no; then + fi + + if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then +- # check for libkrb5support first +- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) +- + gss_failed=0 + AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, + ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) Property changes on: libsasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/0026_drop_krb5support_dependency.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch (from rev 344218, libsasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch) =================================================================== --- staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch (rev 0) +++ staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,134 @@ +--- a/lib/dlopen.c ++++ b/lib/dlopen.c +@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi + return result; + } + +-/* this returns the file to actually open. +- * out should be a buffer of size PATH_MAX +- * and may be the same as in. */ +- +-/* We'll use a static buffer for speed unless someone complains */ +-#define MAX_LINE 2048 +- +-static int _parse_la(const char *prefix, const char *in, char *out) +-{ +- FILE *file; +- size_t length; +- char line[MAX_LINE]; +- char *ntmp = NULL; +- +- if(!in || !out || !prefix || out == in) return SASL_BADPARAM; +- +- /* Set this so we can detect failure */ +- *out = '\0'; +- +- length = strlen(in); +- +- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) { +- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) { +- /* check for a .la file */ +- strcpy(line, prefix); +- strcat(line, in); +- length = strlen(line); +- *(line + (length - strlen(SO_SUFFIX))) = '\0'; +- strcat(line, LA_SUFFIX); +- file = fopen(line, "r"); +- if(file) { +- /* We'll get it on the .la open */ +- fclose(file); +- return SASL_FAIL; +- } +- } +- strcpy(out, prefix); +- strcat(out, in); +- return SASL_OK; +- } +- +- strcpy(line, prefix); +- strcat(line, in); +- +- file = fopen(line, "r"); +- if(!file) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "unable to open LA file: %s", line); +- return SASL_FAIL; +- } +- +- while(!feof(file)) { +- if(!fgets(line, MAX_LINE, file)) break; +- if(line[strlen(line) - 1] != '\n') { +- _sasl_log(NULL, SASL_LOG_WARN, +- "LA file has too long of a line: %s", in); +- return SASL_BUFOVER; +- } +- if(line[0] == '\n' || line[0] == '#') continue; +- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) { +- /* We found the line with the name in it */ +- char *end; +- char *start; +- size_t len; +- end = strrchr(line, '\''); +- if(!end) continue; +- start = &line[sizeof("dlname=")-1]; +- len = strlen(start); +- if(len > 3 && start[0] == '\'') { +- ntmp=&start[1]; +- *end='\0'; +- /* Do we have dlname="" ? */ +- if(ntmp == end) { +- _sasl_log(NULL, SASL_LOG_DEBUG, +- "dlname is empty in .la file: %s", in); +- return SASL_FAIL; +- } +- strcpy(out, prefix); +- strcat(out, ntmp); +- } +- break; +- } +- } +- if(ferror(file) || feof(file)) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "Error reading .la: %s\n", in); +- fclose(file); +- return SASL_FAIL; +- } +- fclose(file); +- +- if(!(*out)) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "Could not find a dlname line in .la file: %s", in); +- return SASL_FAIL; +- } +- +- return SASL_OK; +-} + #endif /* DO_DLOPEN */ + + /* loads a plugin library */ +@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_ + if (length + pos>=PATH_MAX) continue; /* too big */ + + if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)), +- SO_SUFFIX) +- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)), +- LA_SUFFIX)) ++ SO_SUFFIX)) + continue; + ++ /* We only use .so files for loading plugins */ ++ + memcpy(name,dir->d_name,length); + name[length]='\0'; + +- result = _parse_la(prefix, name, tmp); +- if(result != SASL_OK) +- continue; +- ++ /* Create full name with path */ ++ strncpy(tmp, prefix, PATH_MAX); ++ strncat(tmp, name, PATH_MAX); ++ + /* skip "lib" and cut off suffix -- + this only need be approximate */ + strcpy(plugname, name + 3); Property changes on: libsasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/CVE-2013-4122.patch (from rev 344218, libsasl/trunk/CVE-2013-4122.patch) =================================================================== --- staging-x86_64/CVE-2013-4122.patch (rev 0) +++ staging-x86_64/CVE-2013-4122.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,116 @@ +From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 +From: mancha <manc...@hush.com> +Date: Thu, 11 Jul 2013 09:08:07 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt() + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +When using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Patch by manc...@hush.com. +--- +diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c +index 4b34222..400289c 100644 +--- a/pwcheck/pwcheck_getpwnam.c ++++ b/pwcheck/pwcheck_getpwnam.c +@@ -32,6 +32,7 @@ char *userid; + char *password; + { + char* r; ++ char* crpt_passwd; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,7 +42,7 @@ char *password; + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { ++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { + r = "Incorrect password"; + } + else { +diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c +index 2b11286..6d607bb 100644 +--- a/pwcheck/pwcheck_getspnam.c ++++ b/pwcheck/pwcheck_getspnam.c +@@ -32,13 +32,15 @@ char *userid; + char *password; + { + struct spwd *pwd; ++ char *crpt_passwd; + + pwd = getspnam(userid); + if (!pwd) { + return "Userid not found"; + } + +- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { ++ crpt_passwd = crypt(password, pwd->sp_pwdp); ++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { + return "Incorrect password"; + } + else { +diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c +index fc8029d..d4ebe54 100644 +--- a/saslauthd/auth_getpwent.c ++++ b/saslauthd/auth_getpwent.c +@@ -77,6 +77,7 @@ auth_getpwent ( + { + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ ++ char *crpt_passwd; /* encrypted password */ + int errnum; + /* END VARIABLES */ + +@@ -105,7 +106,8 @@ auth_getpwent ( + } + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ crpt_passwd = crypt(password, pw->pw_passwd); ++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); + } +diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c +index 677131b..1988afd 100644 +--- a/saslauthd/auth_shadow.c ++++ b/saslauthd/auth_shadow.c +@@ -210,8 +210,8 @@ auth_shadow ( + RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); + } + +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ cpw = crypt(password, sp->sp_pwdp); ++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { + if (flags & VERBOSE) { + /* + * This _should_ reveal the SHADOW_PW_LOCKED prefix to an +@@ -221,10 +221,8 @@ auth_shadow ( + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO Incorrect password"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -286,7 +284,7 @@ auth_shadow ( + RETURN("NO Invalid username"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); +-- +cgit v0.9.2 Property changes on: libsasl/repos/staging-x86_64/CVE-2013-4122.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/CVE-2013-4122.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/PKGBUILD (from rev 344218, libsasl/trunk/PKGBUILD) =================================================================== --- staging-x86_64/PKGBUILD (rev 0) +++ staging-x86_64/PKGBUILD 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,202 @@ +# Maintainer: Jan de Groot <j...@archlinux.org> + +# This package spans multiple repositories. +# Always build from cyrus-sasl/trunk and merge changes to libsasl/trunk. + +#pkgbase=('cyrus-sasl') +#pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql') +pkgname=libsasl +pkgver=2.1.26 +pkgrel=14 +pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library" +arch=('x86_64') +url="http://cyrusimap.web.cmu.edu/" +license=('custom') +options=('!makeflags') +makedepends=('postgresql-libs' 'mariadb-libs' 'libldap' 'krb5' 'openssl' 'sqlite') +source=(https://www.cyrusimap.org/releases/cyrus-sasl-${pkgver}.tar.gz + cyrus-sasl-2.1.22-qa.patch + cyrus-sasl-2.1.26-size_t.patch + 0010_maintainer_mode.patch + 0011_saslauthd_ac_prog_libtool.patch + 0025_ld_as_needed.patch + 0026_drop_krb5support_dependency.patch + 0030-dont_use_la_files_for_opening_plugins.patch + saslauthd.service + saslauthd.conf.d + tmpfiles.conf + CVE-2013-4122.patch + cyrus-sasl-sql.patch + cyrus-sasl-gssapi.patch + cyrus-sasl-2.1.27-openssl-1.1.0.patch + fix-pkgconfig.patch) +md5sums=('a7f4e5e559a0e37b3ffc438c9456e425' + '79b8a5e8689989e2afd4b7bda595a7b1' + 'f45aa8c42b32e0569ab3d14a83485b37' + 'f45d8b60e8f74dd7f7c2ec1665fa602a' + '9d93880514cb5ff5da969f1ceb64a661' + '62bf892fe4d1df41ff748e91a1afaf67' + 'b7848957357e7c02d6490102be496bf9' + '8e7106f32e495e9ade69014fd1b3352a' + '3499dcd610ad1ad58e0faffde2aa7a23' + '49219af5641150edec288a3fdb65e7c1' + '45bb0192d2f188066240b9a66ee6365f' + 'c5f0ec88c584a75c14d7f402eaeed7ef' + '82c0f66fdc5c1145eb48ea9116c27931' + '0363b1a0337474a57b1f75f72fe88fa3' + 'c8a385bbca9bd79910c6bda3dd02845c' + '409727695f9f28a3c43e340232462ff6') + +prepare() { + cd cyrus-sasl-$pkgver + patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch + patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch + patch -Np1 -i ../0010_maintainer_mode.patch + patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch + patch -Np1 -i ../0025_ld_as_needed.patch + patch -Np1 -i ../0026_drop_krb5support_dependency.patch + patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch + patch -Np1 -i ../CVE-2013-4122.patch + patch -Np0 -i ../cyrus-sasl-sql.patch + patch -Np1 -i ../cyrus-sasl-gssapi.patch + patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch + patch -Np1 -i ../fix-pkgconfig.patch + + sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in +} + +build() { + export CFLAGS="$CFLAGS -fPIC" + cd cyrus-sasl-$pkgver + + rm -f config/config.guess config/config.sub + rm -f config/ltconfig config/ltmain.sh config/libtool.m4 + rm -fr autom4te.cache + libtoolize -c + aclocal -I config -I cmulocal + automake -a -c + autoheader + autoconf + + pushd saslauthd + rm -f config/config.guess config/config.sub + rm -f config/ltconfig config/ltmain.sh config/libtool.m4 + rm -fr autom4te.cache + libtoolize -c + aclocal -I config -I ../cmulocal -I ../config + automake -a -c + autoheader + autoconf + popd + + ./configure --prefix=/usr \ + --sbin=/usr/bin \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --disable-static \ + --enable-shared \ + --enable-alwaystrue \ + --enable-checkapop \ + --enable-cram \ + --enable-digest \ + --disable-otp \ + --disable-srp \ + --disable-srp-setpass \ + --disable-krb4 \ + --enable-gssapi \ + --enable-auth-sasldb \ + --enable-plain \ + --enable-anon \ + --enable-login \ + --enable-ntlm \ + --disable-passdss \ + --enable-sql \ + --with-mysql=/usr \ + --with-pgsql=/usr/lib \ + --with-sqlite3=/usr/lib \ + --enable-ldapdb \ + --disable-macos-framework \ + --with-pam \ + --with-saslauthd=/var/run/saslauthd \ + --with-ldap \ + --with-dblib=gdbm \ + --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \ + --sysconfdir=/etc \ + --with-devrandom=/dev/urandom + make +} + +package_libsasl() { + pkgdesc="Cyrus Simple Authentication Service Layer (SASL) Library" + depends=('openssl') + conflicts=('cyrus-sasl-plugins') + + cd cyrus-sasl-$pkgver + make DESTDIR="$pkgdir" install-pkgconfigDATA + for dir in include lib sasldb plugins utils; do + pushd ${dir} + make DESTDIR="${pkgdir}" install + popd + done + rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so* + rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so* + rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so* + rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so* + install -m755 -d "${pkgdir}/usr/share/licenses/libsasl" + install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/" +} + +package_cyrus-sasl() { + depends=("libsasl=${pkgver}" 'krb5') + pkgdesc="Cyrus saslauthd SASL authentication daemon" + backup=('etc/conf.d/saslauthd') + + cd cyrus-sasl-$pkgver/saslauthd + make DESTDIR="${pkgdir}" install + install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd" + install -Dm644 "${srcdir}/saslauthd.service" "${pkgdir}/usr/lib/systemd/system/saslauthd.service" + install -Dm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf" + + install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl" + ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/" +} + +package_cyrus-sasl-gssapi() { + pkgdesc="GSSAPI authentication mechanism for Cyrus SASL" + depends=("libsasl=${pkgver}" 'krb5') + replaces=('cyrus-sasl-plugins') + + cd cyrus-sasl-$pkgver/plugins + install -m755 -d "${pkgdir}/usr/lib/sasl2" + cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/" + cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/" + + install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi" + ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/" +} + +package_cyrus-sasl-ldap() { + pkgdesc="ldapdb auxprop module for Cyrus SASL" + depends=("libsasl=${pkgver}" 'libldap') + replaces=('cyrus-sasl-plugins') + + cd cyrus-sasl-$pkgver/plugins + install -m755 -d "${pkgdir}/usr/lib/sasl2" + cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/" + + install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap" + ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap/" +} + +package_cyrus-sasl-sql() { + pkgdesc="SQL auxprop module for Cyrus SASL" + depends=("libsasl=${pkgver}" 'postgresql-libs' 'mariadb-libs' 'sqlite') + replaces=('cyrus-sasl-plugins') + + cd cyrus-sasl-$pkgver/plugins + install -m755 -d "${pkgdir}/usr/lib/sasl2" + cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/" + + install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql" + ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/" +} Property changes on: libsasl/repos/staging-x86_64/PKGBUILD ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/PKGBUILD:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-as-needed.patch) =================================================================== --- staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch (rev 0) +++ staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,11 @@ +--- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700 ++++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700 +@@ -77,7 +77,7 @@ + AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) + SASL_DB_PATH_CHECK() + SASL_DB_CHECK() +- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" ++ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB" + fi + + AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/cyrus-sasl-2.1.22-as-needed.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.22-qa.patch) =================================================================== --- staging-x86_64/cyrus-sasl-2.1.22-qa.patch (rev 0) +++ staging-x86_64/cyrus-sasl-2.1.22-qa.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,22 @@ +fix missing prototype warnings + +--- cyrus-sasl-2.1.22/lib/auxprop.c ++++ cyrus-sasl-2.1.22/lib/auxprop.c +@@ -43,6 +43,7 @@ + */ + + #include <config.h> ++#include <stdio.h> + #include <sasl.h> + #include <prop.h> + #include <ctype.h> +--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c ++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c +@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF + ******************************************************************/ + + #include <shadow.h> ++#include <string.h> + + extern char *crypt(); + Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/cyrus-sasl-2.1.22-qa.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.26-size_t.patch) =================================================================== --- staging-x86_64/cyrus-sasl-2.1.26-size_t.patch (rev 0) +++ staging-x86_64/cyrus-sasl-2.1.26-size_t.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.26/include/sasl.h 2012-10-12 09:05:48.000000000 -0500 ++++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600 +@@ -223,6 +223,8 @@ extern "C" { + * they must be called before all other SASL functions: + */ + ++#include <sys/types.h> ++ + /* memory allocation functions which may optionally be replaced: + */ + typedef void *sasl_malloc_t(size_t); Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/cyrus-sasl-2.1.26-size_t.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch (from rev 344218, libsasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch) =================================================================== --- staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch (rev 0) +++ staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,435 @@ +diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c +--- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 2012-01-28 00:31:36.000000000 +0100 ++++ cyrus-sasl-2.1.26/plugins/ntlm.c 2016-11-07 16:15:57.498259304 +0100 +@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char + return P24; + } + ++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return HMAC_CTX_new(); ++#else ++ return utils->malloc(sizeof(HMAC_CTX)); ++#endif ++} ++ ++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ HMAC_CTX_free(ctx); ++#else ++ HMAC_cleanup(ctx); ++ utils->free(ctx); ++#endif ++} ++ + static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const char *authid, const char *target, + const unsigned char *challenge, +@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char * + const sasl_utils_t *utils, + char **buf, unsigned *buflen, int *result) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx = NULL; + unsigned char hash[EVP_MAX_MD_SIZE]; + char *upper; + unsigned int len; +@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char * + SETERROR(utils, "cannot allocate NTLMv2 hash"); + *result = SASL_NOMEM; + } ++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate HMAC CTX"); ++ *result = SASL_NOMEM; ++ } + else { + /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ + P16_nt(hash, passwd, utils, buf, buflen, result); +@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char * + HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); + + /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ +- HMAC_Init(&ctx, hash, len, EVP_md5()); +- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); +- HMAC_Update(&ctx, blob, bloblen); +- HMAC_Final(&ctx, V2, &len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); ++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); ++ HMAC_Update(ctx, blob, bloblen); ++ HMAC_Final(ctx, V2, &len); + + /* the blob is concatenated outside of this function */ + + *result = SASL_OK; + } + ++ if (ctx) _plug_HMAC_CTX_free(ctx, utils); ++ + return V2; + } + +diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c +--- cyrus-sasl-2.1.26/plugins/otp.c.openssl110 2012-10-12 16:05:48.000000000 +0200 ++++ cyrus-sasl-2.1.26/plugins/otp.c 2016-11-07 16:13:54.374327601 +0100 +@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti + {NULL, 0, NULL} + }; + ++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return EVP_MD_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(ctx); ++#else ++ utils->free(ctx); ++#endif ++} ++ + /* Convert the binary data into ASCII hex */ + void bin2hex(unsigned char *bin, int binlen, char *hex) + { +@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin + * swabbing bytes if necessary. + */ + static void otp_hash(const EVP_MD *md, char *in, size_t inlen, +- unsigned char *out, int swab) ++ unsigned char *out, int swab, EVP_MD_CTX *mdctx) + { +- EVP_MD_CTX mdctx; +- char hash[EVP_MAX_MD_SIZE]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned int i; + int j; + unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, in, inlen); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, in, inlen); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* Fold the result into 64 bits */ + for (i = OTP_HASH_SIZE; i < hashlen; i++) { +@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils + char *secret, char *otp) + { + const EVP_MD *md; +- char *key; ++ EVP_MD_CTX *mdctx = NULL; ++ char *key = NULL; ++ int r = SASL_OK; + + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, +@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ r = SASL_NOMEM; ++ goto done; ++ } ++ + if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { + SETERROR(utils, "cannot allocate OTP key"); +- return SASL_NOMEM; ++ r = SASL_NOMEM; ++ goto done; + } + + /* initial step */ + strcpy(key, seed); + strcat(key, secret); +- otp_hash(md, key, strlen(key), otp, alg->swab); ++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); + + /* computation step */ + while (seq-- > 0) +- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); +- +- utils->free(key); ++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); ++ ++ done: ++ if (key) utils->free(key); ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); + +- return SASL_OK; ++ return r; + } + + static int parse_challenge(const sasl_utils_t *utils, +@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg + + /* Convert the 6 words into binary data */ + static int word2bin(const sasl_utils_t *utils, +- char *words, unsigned char *bin, const EVP_MD *md) ++ char *words, unsigned char *bin, const EVP_MD *md, ++ EVP_MD_CTX *mdctx) + { + int i, j; + char *c, *word, buf[OTP_RESPONSE_MAX+1]; +@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t * + + /* alternate dictionary */ + if (alt_dict) { +- EVP_MD_CTX mdctx; +- char hash[EVP_MAX_MD_SIZE]; +- int hashlen; ++ unsigned char hash[EVP_MAX_MD_SIZE]; ++ unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, word, strlen(word)); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, word, strlen(word)); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* use lowest 11 bits */ + x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; +@@ -802,6 +834,7 @@ static int verify_response(server_contex + char *response) + { + const EVP_MD *md; ++ EVP_MD_CTX *mdctx = NULL; + char *c; + int do_init = 0; + unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; +@@ -815,6 +848,11 @@ static int verify_response(server_contex + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ return SASL_NOMEM; ++ } ++ + /* eat leading whitespace */ + c = response; + while (isspace((int) *c)) c++; +@@ -824,7 +862,7 @@ static int verify_response(server_contex + r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); + } + else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { +- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); + } + else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, + strlen(OTP_INIT_HEX_TYPE))) { +@@ -834,7 +872,7 @@ static int verify_response(server_contex + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { + do_init = 1; +- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); + } + else { + SETERROR(utils, "unknown OTP extended response type"); +@@ -843,14 +881,15 @@ static int verify_response(server_contex + } + else { + /* standard response, try word first, and then hex */ +- r = word2bin(utils, c, cur_otp, md); ++ r = word2bin(utils, c, cur_otp, md, mdctx); + if (r != SASL_OK) + r = hex2bin(c, cur_otp, OTP_HASH_SIZE); + } + + if (r == SASL_OK) { + /* do one more hash (previous otp) and compare to stored otp */ +- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); ++ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE, ++ prev_otp, text->alg->swab, mdctx); + + if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { + /* update the secret with this seq/otp */ +@@ -879,23 +918,28 @@ static int verify_response(server_contex + *new_resp++ = '\0'; + } + +- if (!(new_chal && new_resp)) +- return SASL_BADAUTH; ++ if (!(new_chal && new_resp)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) + != SASL_OK) { +- return r; ++ goto done; + } + +- if (seq < 1 || !strcasecmp(seed, text->seed)) +- return SASL_BADAUTH; ++ if (seq < 1 || !strcasecmp(seed, text->seed)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + /* find the MDA */ + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, + "OTP algorithm %s is not available", + alg->evp_name); +- return SASL_BADAUTH; ++ r = SASL_BADAUTH; ++ goto done; + } + + if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { +@@ -903,7 +947,7 @@ static int verify_response(server_contex + } + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { +- r = word2bin(utils, new_resp, new_otp, md); ++ r = word2bin(utils, new_resp, new_otp, md, mdctx); + } + + if (r == SASL_OK) { +@@ -914,7 +958,10 @@ static int verify_response(server_contex + memcpy(text->otp, new_otp, OTP_HASH_SIZE); + } + } +- ++ ++ done: ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); ++ + return r; + } + +diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c +--- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 2016-11-07 16:13:54.347327616 +0100 ++++ cyrus-sasl-2.1.26/saslauthd/lak.c 2016-11-07 16:18:42.283167898 +0100 +@@ -61,6 +61,35 @@ + #include <sasl.h> + #include "lak.h" + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ return EVP_MD_CTX_create(); ++} ++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return; ++ ++ EVP_MD_CTX_destroy(ctx); ++} ++ ++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) ++{ ++ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); ++ ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++ return ctx; ++} ++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) ++{ ++ OPENSSL_free(ctx); ++ return; ++} ++#endif ++ + typedef struct lak_auth_method { + int method; + int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ; +@@ -1720,20 +1749,28 @@ static int lak_base64_decode( + + int rc, i, tlen = 0; + char *text; +- EVP_ENCODE_CTX EVP_ctx; ++ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new(); + +- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); + if (text == NULL) + return LAK_NOMEM; + +- EVP_DecodeInit(&EVP_ctx); +- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src)); ++ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); ++ if (text == NULL) { ++ EVP_ENCODE_CTX_free(enc_ctx); ++ return LAK_NOMEM; ++ } ++ ++ EVP_DecodeInit(enc_ctx); ++ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src)); + if (rc < 0) { ++ EVP_ENCODE_CTX_free(enc_ctx); + free(text); + return LAK_FAIL; + } + tlen += i; +- EVP_DecodeFinal(&EVP_ctx, text, &i); ++ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); ++ ++ EVP_ENCODE_CTX_free(enc_ctx); + + *ret = text; + if (rlen != NULL) +@@ -1749,7 +1786,7 @@ static int lak_check_hashed( + { + int rc, clen; + LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock; +- EVP_MD_CTX mdctx; ++ EVP_MD_CTX *mdctx; + const EVP_MD *md; + unsigned char digest[EVP_MAX_MD_SIZE]; + char *cred; +@@ -1758,17 +1795,24 @@ static int lak_check_hashed( + if (!md) + return LAK_FAIL; + ++ mdctx = EVP_MD_CTX_new(); ++ if (!mdctx) ++ return LAK_NOMEM; ++ + rc = lak_base64_decode(hash, &cred, &clen); +- if (rc != LAK_OK) ++ if (rc != LAK_OK) { ++ EVP_MD_CTX_free(mdctx); + return rc; ++ } + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd)); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, passwd, strlen(passwd)); + if (hrock->salted) { +- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)], ++ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)], + clen - EVP_MD_size(md)); + } +- EVP_DigestFinal(&mdctx, digest, NULL); ++ EVP_DigestFinal(mdctx, digest, NULL); ++ EVP_MD_CTX_free(mdctx); + + rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md)); + free(cred); Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch (from rev 344218, libsasl/trunk/cyrus-sasl-gssapi.patch) =================================================================== --- staging-x86_64/cyrus-sasl-gssapi.patch (rev 0) +++ staging-x86_64/cyrus-sasl-gssapi.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,16 @@ +diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c +--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c 2016-06-10 13:55:25.985676293 -0700 ++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2016-06-10 13:58:00.687337430 -0700 +@@ -1583,10 +1583,10 @@ + } + + /* Setup req_flags properly */ +- req_flags = GSS_C_INTEG_FLAG; ++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; + if (params->props.max_ssf > params->external_ssf) { + /* We are requesting a security layer */ +- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; ++ req_flags |= GSS_C_INTEG_FLAG; + /* Any SSF bigger than 1 is confidentiality. */ + /* Let's check if the client of the API requires confidentiality, + and it wasn't already provided by an external layer */ Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/cyrus-sasl-gssapi.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/cyrus-sasl-sql.patch (from rev 344218, libsasl/trunk/cyrus-sasl-sql.patch) =================================================================== --- staging-x86_64/cyrus-sasl-sql.patch (rev 0) +++ staging-x86_64/cyrus-sasl-sql.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,39 @@ +--- configure.in 2012-10-12 16:05:48.000000000 +0200 ++++ configure.in 2013-05-11 18:48:59.021848013 +0200 +@@ -861,9 +860,9 @@ + notfound) AC_WARN([SQLite Library not found]); true;; + *) + if test -d ${with_sqlite}/lib; then +- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" ++ LIB_SQLITE="-L${with_sqlite}/lib" + else +- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" ++ LIB_SQLITE="-L${with_sqlite}" + fi + + LIB_SQLITE_DIR=$LIB_SQLITE +@@ -913,9 +912,9 @@ + notfound) AC_WARN([SQLite3 Library not found]); true;; + *) + if test -d ${with_sqlite3}/lib; then +- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" ++ LIB_SQLITE3="-L${with_sqlite3}/lib" + else +- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" ++ LIB_SQLITE3="-L${with_sqlite3}" + fi + + LIB_SQLITE3_DIR=$LIB_SQLITE3 +--- configure.in ++++ configure.in +@@ -674,7 +674,9 @@ + LIB_PGSQL_DIR=$LIB_PGSQL + LIB_PGSQL="$LIB_PGSQL -lpq" + +- if test -d ${with_pgsql}/include/pgsql; then ++ if test -d ${with_pgsql}/include/postgresql/pgsql; then ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql" ++ elif test -d ${with_pgsql}/include/pgsql; then + CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" + elif test -d ${with_pgsql}/pgsql/include; then + CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" Property changes on: libsasl/repos/staging-x86_64/cyrus-sasl-sql.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/cyrus-sasl-sql.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/fix-pkgconfig.patch (from rev 344218, libsasl/trunk/fix-pkgconfig.patch) =================================================================== --- staging-x86_64/fix-pkgconfig.patch (rev 0) +++ staging-x86_64/fix-pkgconfig.patch 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,27 @@ +From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro <i...@gnome.org> +Date: Fri, 20 Nov 2015 11:16:31 +0100 +Subject: [PATCH] Fix up pkgconfig pc file + +--- + libsasl2.pc.in | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libsasl2.pc.in b/libsasl2.pc.in +index 40bea37..ddad76d 100644 +--- a/libsasl2.pc.in ++++ b/libsasl2.pc.in +@@ -1,8 +1,12 @@ +-libdir = @libdir@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ + + Name: Cyrus SASL + Description: Cyrus SASL implementation + URL: http://www.cyrussasl.org/ + Version: @VERSION@ ++Cflags: -I${includedir} + Libs: -L${libdir} -lsasl2 + Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@ Property changes on: libsasl/repos/staging-x86_64/fix-pkgconfig.patch ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/fix-pkgconfig.patch:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/saslauthd.conf.d (from rev 344218, libsasl/trunk/saslauthd.conf.d) =================================================================== --- staging-x86_64/saslauthd.conf.d (rev 0) +++ staging-x86_64/saslauthd.conf.d 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1 @@ +SASLAUTHD_OPTS="-a pam" Property changes on: libsasl/repos/staging-x86_64/saslauthd.conf.d ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/saslauthd.conf.d:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/saslauthd.service (from rev 344218, libsasl/trunk/saslauthd.service) =================================================================== --- staging-x86_64/saslauthd.service (rev 0) +++ staging-x86_64/saslauthd.service 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1,11 @@ +[Unit] +Description=Cyrus SASL authentication daemon + +[Service] +Type=forking +EnvironmentFile=/etc/conf.d/saslauthd +ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS +PIDFile=/var/run/saslauthd/saslauthd.pid + +[Install] +WantedBy=multi-user.target Property changes on: libsasl/repos/staging-x86_64/saslauthd.service ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/saslauthd.service:195303-195304 \ No newline at end of property Copied: libsasl/repos/staging-x86_64/tmpfiles.conf (from rev 344218, libsasl/trunk/tmpfiles.conf) =================================================================== --- staging-x86_64/tmpfiles.conf (rev 0) +++ staging-x86_64/tmpfiles.conf 2019-01-16 11:26:50 UTC (rev 344219) @@ -0,0 +1 @@ +d /run/saslauthd 0755 root root - - Property changes on: libsasl/repos/staging-x86_64/tmpfiles.conf ___________________________________________________________________ Added: svn:mergeinfo ## -0,0 +1 ## +/cyrus-sasl/trunk/tmpfiles.conf:195303-195304 \ No newline at end of property