Date: Sunday, July 10, 2016 @ 19:54:55 Author: andyrtr Revision: 271259
upgpkg: libsasl 2.1.26-8 rebuild old pkg, apply fix for FS#42789 Added: libsasl/trunk/cyrus-sasl-gssapi.patch Modified: libsasl/trunk/PKGBUILD -------------------------+ PKGBUILD | 9 ++++++--- cyrus-sasl-gssapi.patch | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-07-10 19:38:53 UTC (rev 271258) +++ PKGBUILD 2016-07-10 19:54:55 UTC (rev 271259) @@ -8,7 +8,7 @@ #pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql') pkgname=libsasl pkgver=2.1.26 -pkgrel=7 +pkgrel=8 pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library" arch=('i686' 'x86_64') url="http://cyrusimap.web.cmu.edu/" @@ -27,7 +27,8 @@ saslauthd.conf.d tmpfiles.conf CVE-2013-4122.patch - cyrus-sasl-sql.patch) + cyrus-sasl-sql.patch + cyrus-sasl-gssapi.patch) md5sums=('a7f4e5e559a0e37b3ffc438c9456e425' '79b8a5e8689989e2afd4b7bda595a7b1' 'f45aa8c42b32e0569ab3d14a83485b37' @@ -40,7 +41,8 @@ '49219af5641150edec288a3fdb65e7c1' '45bb0192d2f188066240b9a66ee6365f' 'c5f0ec88c584a75c14d7f402eaeed7ef' - '82c0f66fdc5c1145eb48ea9116c27931') + '82c0f66fdc5c1145eb48ea9116c27931' + '0363b1a0337474a57b1f75f72fe88fa3') prepare() { cd cyrus-sasl-$pkgver @@ -53,6 +55,7 @@ patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch patch -Np1 -i ../CVE-2013-4122.patch patch -Np0 -i ../cyrus-sasl-sql.patch + patch -Np1 -i ../cyrus-sasl-gssapi.patch sed 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -i configure.in } Added: cyrus-sasl-gssapi.patch =================================================================== --- cyrus-sasl-gssapi.patch (rev 0) +++ cyrus-sasl-gssapi.patch 2016-07-10 19:54:55 UTC (rev 271259) @@ -0,0 +1,16 @@ +diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c +--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c 2016-06-10 13:55:25.985676293 -0700 ++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2016-06-10 13:58:00.687337430 -0700 +@@ -1583,10 +1583,10 @@ + } + + /* Setup req_flags properly */ +- req_flags = GSS_C_INTEG_FLAG; ++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; + if (params->props.max_ssf > params->external_ssf) { + /* We are requesting a security layer */ +- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; ++ req_flags |= GSS_C_INTEG_FLAG; + /* Any SSF bigger than 1 is confidentiality. */ + /* Let's check if the client of the API requires confidentiality, + and it wasn't already provided by an external layer */