[arch-commits] Commit in cyrus-sasl/repos (52 files)

Jan de Groot jgc at archlinux.org
Fri Mar 3 12:39:27 UTC 2017


    Date: Friday, March 3, 2017 @ 12:39:27
  Author: jgc
Revision: 289931

archrelease: copy trunk to staging-i686, staging-x86_64

Added:
  cyrus-sasl/repos/staging-i686/0010_maintainer_mode.patch
    (from rev 289930, cyrus-sasl/trunk/0010_maintainer_mode.patch)
  cyrus-sasl/repos/staging-i686/0011_saslauthd_ac_prog_libtool.patch
    (from rev 289930, cyrus-sasl/trunk/0011_saslauthd_ac_prog_libtool.patch)
  cyrus-sasl/repos/staging-i686/0025_ld_as_needed.patch
    (from rev 289930, cyrus-sasl/trunk/0025_ld_as_needed.patch)
  cyrus-sasl/repos/staging-i686/0026_drop_krb5support_dependency.patch
    (from rev 289930, cyrus-sasl/trunk/0026_drop_krb5support_dependency.patch)
  cyrus-sasl/repos/staging-i686/0030-dont_use_la_files_for_opening_plugins.patch
    (from rev 289930, cyrus-sasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch)
  cyrus-sasl/repos/staging-i686/CVE-2013-4122.patch
    (from rev 289930, cyrus-sasl/trunk/CVE-2013-4122.patch)
  cyrus-sasl/repos/staging-i686/PKGBUILD
    (from rev 289930, cyrus-sasl/trunk/PKGBUILD)
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.22-as-needed.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-as-needed.patch)
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.22-qa.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-qa.patch)
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.26-size_t.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.26-size_t.patch)
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch)
  cyrus-sasl/repos/staging-i686/cyrus-sasl-gssapi.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-gssapi.patch)
  cyrus-sasl/repos/staging-i686/cyrus-sasl-sql.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-sql.patch)
  cyrus-sasl/repos/staging-i686/fix-pkgconfig.patch
    (from rev 289930, cyrus-sasl/trunk/fix-pkgconfig.patch)
  cyrus-sasl/repos/staging-i686/saslauthd.conf.d
    (from rev 289930, cyrus-sasl/trunk/saslauthd.conf.d)
  cyrus-sasl/repos/staging-i686/saslauthd.service
    (from rev 289930, cyrus-sasl/trunk/saslauthd.service)
  cyrus-sasl/repos/staging-i686/tmpfiles.conf
    (from rev 289930, cyrus-sasl/trunk/tmpfiles.conf)
  cyrus-sasl/repos/staging-x86_64/
  cyrus-sasl/repos/staging-x86_64/0010_maintainer_mode.patch
    (from rev 289930, cyrus-sasl/trunk/0010_maintainer_mode.patch)
  cyrus-sasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch
    (from rev 289930, cyrus-sasl/trunk/0011_saslauthd_ac_prog_libtool.patch)
  cyrus-sasl/repos/staging-x86_64/0025_ld_as_needed.patch
    (from rev 289930, cyrus-sasl/trunk/0025_ld_as_needed.patch)
  cyrus-sasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch
    (from rev 289930, cyrus-sasl/trunk/0026_drop_krb5support_dependency.patch)
  cyrus-sasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch
    (from rev 289930, cyrus-sasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch)
  cyrus-sasl/repos/staging-x86_64/CVE-2013-4122.patch
    (from rev 289930, cyrus-sasl/trunk/CVE-2013-4122.patch)
  cyrus-sasl/repos/staging-x86_64/PKGBUILD
    (from rev 289930, cyrus-sasl/trunk/PKGBUILD)
  cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-as-needed.patch)
  cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-qa.patch)
  cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.26-size_t.patch)
  cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch)
  cyrus-sasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-gssapi.patch)
  cyrus-sasl/repos/staging-x86_64/cyrus-sasl-sql.patch
    (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-sql.patch)
  cyrus-sasl/repos/staging-x86_64/fix-pkgconfig.patch
    (from rev 289930, cyrus-sasl/trunk/fix-pkgconfig.patch)
  cyrus-sasl/repos/staging-x86_64/saslauthd.conf.d
    (from rev 289930, cyrus-sasl/trunk/saslauthd.conf.d)
  cyrus-sasl/repos/staging-x86_64/saslauthd.service
    (from rev 289930, cyrus-sasl/trunk/saslauthd.service)
  cyrus-sasl/repos/staging-x86_64/tmpfiles.conf
    (from rev 289930, cyrus-sasl/trunk/tmpfiles.conf)
Deleted:
  cyrus-sasl/repos/staging-i686/0010_maintainer_mode.patch
  cyrus-sasl/repos/staging-i686/0011_saslauthd_ac_prog_libtool.patch
  cyrus-sasl/repos/staging-i686/0025_ld_as_needed.patch
  cyrus-sasl/repos/staging-i686/0026_drop_krb5support_dependency.patch
  cyrus-sasl/repos/staging-i686/0030-dont_use_la_files_for_opening_plugins.patch
  cyrus-sasl/repos/staging-i686/CVE-2013-4122.patch
  cyrus-sasl/repos/staging-i686/PKGBUILD
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.22-as-needed.patch
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.22-qa.patch
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.26-size_t.patch
  cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch
  cyrus-sasl/repos/staging-i686/cyrus-sasl-gssapi.patch
  cyrus-sasl/repos/staging-i686/cyrus-sasl-sql.patch
  cyrus-sasl/repos/staging-i686/fix-pkgconfig.patch
  cyrus-sasl/repos/staging-i686/saslauthd.conf.d
  cyrus-sasl/repos/staging-i686/saslauthd.service
  cyrus-sasl/repos/staging-i686/tmpfiles.conf

-----------------------------------------------------------------+
 /0010_maintainer_mode.patch                                     |   19 
 /0011_saslauthd_ac_prog_libtool.patch                           |   15 
 /0025_ld_as_needed.patch                                        |   27 
 /0026_drop_krb5support_dependency.patch                         |   14 
 /0030-dont_use_la_files_for_opening_plugins.patch               |  134 +++
 /CVE-2013-4122.patch                                            |  116 ++
 /PKGBUILD                                                       |  203 ++++
 /cyrus-sasl-2.1.22-as-needed.patch                              |   11 
 /cyrus-sasl-2.1.22-qa.patch                                     |   22 
 /cyrus-sasl-2.1.26-size_t.patch                                 |   11 
 /cyrus-sasl-2.1.27-openssl-1.1.0.patch                          |  435 ++++++++++
 /cyrus-sasl-gssapi.patch                                        |   16 
 /cyrus-sasl-sql.patch                                           |   39 
 /fix-pkgconfig.patch                                            |   27 
 /saslauthd.conf.d                                               |    1 
 /saslauthd.service                                              |   11 
 /tmpfiles.conf                                                  |    1 
 staging-i686/0010_maintainer_mode.patch                         |   19 
 staging-i686/0011_saslauthd_ac_prog_libtool.patch               |   15 
 staging-i686/0025_ld_as_needed.patch                            |   27 
 staging-i686/0026_drop_krb5support_dependency.patch             |   14 
 staging-i686/0030-dont_use_la_files_for_opening_plugins.patch   |  134 ---
 staging-i686/CVE-2013-4122.patch                                |  116 --
 staging-i686/PKGBUILD                                           |  203 ----
 staging-i686/cyrus-sasl-2.1.22-as-needed.patch                  |   11 
 staging-i686/cyrus-sasl-2.1.22-qa.patch                         |   22 
 staging-i686/cyrus-sasl-2.1.26-size_t.patch                     |   11 
 staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch              |  435 ----------
 staging-i686/cyrus-sasl-gssapi.patch                            |   16 
 staging-i686/cyrus-sasl-sql.patch                               |   39 
 staging-i686/fix-pkgconfig.patch                                |   27 
 staging-i686/saslauthd.conf.d                                   |    1 
 staging-i686/saslauthd.service                                  |   11 
 staging-i686/tmpfiles.conf                                      |    1 
 staging-x86_64/0010_maintainer_mode.patch                       |   19 
 staging-x86_64/0011_saslauthd_ac_prog_libtool.patch             |   15 
 staging-x86_64/0025_ld_as_needed.patch                          |   27 
 staging-x86_64/0026_drop_krb5support_dependency.patch           |   14 
 staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch |  134 +++
 staging-x86_64/CVE-2013-4122.patch                              |  116 ++
 staging-x86_64/PKGBUILD                                         |  203 ++++
 staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch                |   11 
 staging-x86_64/cyrus-sasl-2.1.22-qa.patch                       |   22 
 staging-x86_64/cyrus-sasl-2.1.26-size_t.patch                   |   11 
 staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch            |  435 ++++++++++
 staging-x86_64/cyrus-sasl-gssapi.patch                          |   16 
 staging-x86_64/cyrus-sasl-sql.patch                             |   39 
 staging-x86_64/fix-pkgconfig.patch                              |   27 
 staging-x86_64/saslauthd.conf.d                                 |    1 
 staging-x86_64/saslauthd.service                                |   11 
 staging-x86_64/tmpfiles.conf                                    |    1 
 51 files changed, 2204 insertions(+), 1102 deletions(-)

Deleted: staging-i686/0010_maintainer_mode.patch
===================================================================
--- staging-i686/0010_maintainer_mode.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/0010_maintainer_mode.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,19 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 0010_maintainer_mode.dpatch by  <fabbe at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Enable maintainer mode to avoid auto* problems.
-
- at DPATCH@
-diff -urNad trunk~/configure.in trunk/configure.in
---- trunk~/configure.in	2006-05-29 22:52:46.000000000 +0300
-+++ trunk/configure.in	2006-11-01 23:24:55.000000000 +0200
-@@ -62,6 +62,8 @@
- AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
- CMU_INIT_AUTOMAKE
- 
-+AM_MAINTAINER_MODE
-+
- # and include our config dir scripts
- ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
- 

Copied: cyrus-sasl/repos/staging-i686/0010_maintainer_mode.patch (from rev 289930, cyrus-sasl/trunk/0010_maintainer_mode.patch)
===================================================================
--- staging-i686/0010_maintainer_mode.patch	                        (rev 0)
+++ staging-i686/0010_maintainer_mode.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0010_maintainer_mode.dpatch by  <fabbe at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Enable maintainer mode to avoid auto* problems.
+
+ at DPATCH@
+diff -urNad trunk~/configure.in trunk/configure.in
+--- trunk~/configure.in	2006-05-29 22:52:46.000000000 +0300
++++ trunk/configure.in	2006-11-01 23:24:55.000000000 +0200
+@@ -62,6 +62,8 @@
+ AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
+ CMU_INIT_AUTOMAKE
+ 
++AM_MAINTAINER_MODE
++
+ # and include our config dir scripts
+ ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
+ 

Deleted: staging-i686/0011_saslauthd_ac_prog_libtool.patch
===================================================================
--- staging-i686/0011_saslauthd_ac_prog_libtool.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/0011_saslauthd_ac_prog_libtool.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,15 +0,0 @@
-0011_saslauthd_ac_prog_libtool.dpatch by  <fabbe at debian.org>
-
-Enable libtool use.
-
-diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
---- trunk~/saslauthd/configure.in	2006-05-29 22:52:42.000000000 +0300
-+++ trunk/saslauthd/configure.in	2006-11-01 23:41:51.000000000 +0200
-@@ -25,6 +25,7 @@
- AC_PROG_MAKE_SET
- AC_PROG_LN_S
- AC_PROG_INSTALL
-+AC_PROG_LIBTOOL
- 
- dnl Checks for build foo
- CMU_C___ATTRIBUTE__

Copied: cyrus-sasl/repos/staging-i686/0011_saslauthd_ac_prog_libtool.patch (from rev 289930, cyrus-sasl/trunk/0011_saslauthd_ac_prog_libtool.patch)
===================================================================
--- staging-i686/0011_saslauthd_ac_prog_libtool.patch	                        (rev 0)
+++ staging-i686/0011_saslauthd_ac_prog_libtool.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,15 @@
+0011_saslauthd_ac_prog_libtool.dpatch by  <fabbe at debian.org>
+
+Enable libtool use.
+
+diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
+--- trunk~/saslauthd/configure.in	2006-05-29 22:52:42.000000000 +0300
++++ trunk/saslauthd/configure.in	2006-11-01 23:41:51.000000000 +0200
+@@ -25,6 +25,7 @@
+ AC_PROG_MAKE_SET
+ AC_PROG_LN_S
+ AC_PROG_INSTALL
++AC_PROG_LIBTOOL
+ 
+ dnl Checks for build foo
+ CMU_C___ATTRIBUTE__

Deleted: staging-i686/0025_ld_as_needed.patch
===================================================================
--- staging-i686/0025_ld_as_needed.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/0025_ld_as_needed.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,27 +0,0 @@
-Author: Matthias Klose <doko at ubuntu.com>
-Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
-it.
---- a/saslauthd/Makefile.am
-+++ b/saslauthd/Makefile.am
-@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
- saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
- saslauthd_LDADD	= @SASL_KRB_LIB@ \
- 		  @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
--		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
-+		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
- 
- testsaslauthd_SOURCES = testsaslauthd.c utils.c
- testsaslauthd_LDADD = @LIB_SOCKET@
---- a/sasldb/Makefile.am
-+++ b/sasldb/Makefile.am
-@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
- 
- libsasldb_la_SOURCES = allockey.c sasldb.h
- EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
--libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
--libsasldb_la_LIBADD = $(SASL_DB_BACKEND) 
-+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
-+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
- 
- # Prevent make dist stupidity
- libsasldb_a_SOURCES =

Copied: cyrus-sasl/repos/staging-i686/0025_ld_as_needed.patch (from rev 289930, cyrus-sasl/trunk/0025_ld_as_needed.patch)
===================================================================
--- staging-i686/0025_ld_as_needed.patch	                        (rev 0)
+++ staging-i686/0025_ld_as_needed.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,27 @@
+Author: Matthias Klose <doko at ubuntu.com>
+Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
+it.
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
+ saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
+ saslauthd_LDADD	= @SASL_KRB_LIB@ \
+ 		  @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+-		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
++		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+ 
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
+ 
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) 
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+ 
+ # Prevent make dist stupidity
+ libsasldb_a_SOURCES =

Deleted: staging-i686/0026_drop_krb5support_dependency.patch
===================================================================
--- staging-i686/0026_drop_krb5support_dependency.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/0026_drop_krb5support_dependency.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,14 +0,0 @@
-Author: Roberto C. Sanchez <roberto at connexer.com>
-Description: Drop gratuitous dependency on krb5support
---- a/cmulocal/sasl2.m4
-+++ b/cmulocal/sasl2.m4
-@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
-   fi
- 
-   if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
--    # check for libkrb5support first
--    AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
--
-     gss_failed=0
-     AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
-                  ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})

Copied: cyrus-sasl/repos/staging-i686/0026_drop_krb5support_dependency.patch (from rev 289930, cyrus-sasl/trunk/0026_drop_krb5support_dependency.patch)
===================================================================
--- staging-i686/0026_drop_krb5support_dependency.patch	                        (rev 0)
+++ staging-i686/0026_drop_krb5support_dependency.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,14 @@
+Author: Roberto C. Sanchez <roberto at connexer.com>
+Description: Drop gratuitous dependency on krb5support
+--- a/cmulocal/sasl2.m4
++++ b/cmulocal/sasl2.m4
+@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
+   fi
+ 
+   if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
+-    # check for libkrb5support first
+-    AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
+-
+     gss_failed=0
+     AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
+                  ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})

Deleted: staging-i686/0030-dont_use_la_files_for_opening_plugins.patch
===================================================================
--- staging-i686/0030-dont_use_la_files_for_opening_plugins.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/0030-dont_use_la_files_for_opening_plugins.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,134 +0,0 @@
---- a/lib/dlopen.c
-+++ b/lib/dlopen.c
-@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
-     return result;
- }
- 
--/* this returns the file to actually open.
-- *  out should be a buffer of size PATH_MAX
-- *  and may be the same as in. */
--
--/* We'll use a static buffer for speed unless someone complains */
--#define MAX_LINE 2048
--
--static int _parse_la(const char *prefix, const char *in, char *out) 
--{
--    FILE *file;
--    size_t length;
--    char line[MAX_LINE];
--    char *ntmp = NULL;
--
--    if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
--
--    /* Set this so we can detect failure */
--    *out = '\0';
--
--    length = strlen(in);
--
--    if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
--	if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
--	    /* check for a .la file */
--	    strcpy(line, prefix);
--	    strcat(line, in);
--	    length = strlen(line);
--	    *(line + (length - strlen(SO_SUFFIX))) = '\0';
--	    strcat(line, LA_SUFFIX);
--	    file = fopen(line, "r");
--	    if(file) {
--		/* We'll get it on the .la open */
--		fclose(file);
--		return SASL_FAIL;
--	    }
--	}
--	strcpy(out, prefix);
--	strcat(out, in);
--	return SASL_OK;
--    }
--
--    strcpy(line, prefix);
--    strcat(line, in);
--
--    file = fopen(line, "r");
--    if(!file) {
--	_sasl_log(NULL, SASL_LOG_WARN,
--		  "unable to open LA file: %s", line);
--	return SASL_FAIL;
--    }
--    
--    while(!feof(file)) {
--	if(!fgets(line, MAX_LINE, file)) break;
--	if(line[strlen(line) - 1] != '\n') {
--	    _sasl_log(NULL, SASL_LOG_WARN,
--		      "LA file has too long of a line: %s", in);
--	    return SASL_BUFOVER;
--	}
--	if(line[0] == '\n' || line[0] == '#') continue;
--	if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
--	    /* We found the line with the name in it */
--	    char *end;
--	    char *start;
--	    size_t len;
--	    end = strrchr(line, '\'');
--	    if(!end) continue;
--	    start = &line[sizeof("dlname=")-1];
--	    len = strlen(start);
--	    if(len > 3 && start[0] == '\'') {
--		ntmp=&start[1];
--		*end='\0';
--		/* Do we have dlname="" ? */
--		if(ntmp == end) {
--		    _sasl_log(NULL, SASL_LOG_DEBUG,
--			      "dlname is empty in .la file: %s", in);
--		    return SASL_FAIL;
--		}
--		strcpy(out, prefix);
--		strcat(out, ntmp);
--	    }
--	    break;
--	}
--    }
--    if(ferror(file) || feof(file)) {
--	_sasl_log(NULL, SASL_LOG_WARN,
--		  "Error reading .la: %s\n", in);
--	fclose(file);
--	return SASL_FAIL;
--    }
--    fclose(file);
--
--    if(!(*out)) {
--	_sasl_log(NULL, SASL_LOG_WARN,
--		  "Could not find a dlname line in .la file: %s", in);
--	return SASL_FAIL;
--    }
--
--    return SASL_OK;
--}
- #endif /* DO_DLOPEN */
- 
- /* loads a plugin library */
-@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
- 		if (length + pos>=PATH_MAX) continue; /* too big */
- 
- 		if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
--			   SO_SUFFIX)
--		    && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
--			   LA_SUFFIX))
-+			   SO_SUFFIX))
- 		    continue;
- 
-+		/* We only use .so files for loading plugins */
-+
- 		memcpy(name,dir->d_name,length);
- 		name[length]='\0';
- 
--		result = _parse_la(prefix, name, tmp);
--		if(result != SASL_OK)
--		    continue;
--		
-+		/* Create full name with path */
-+		strncpy(tmp, prefix, PATH_MAX);
-+		strncat(tmp, name, PATH_MAX);
-+
- 		/* skip "lib" and cut off suffix --
- 		   this only need be approximate */
- 		strcpy(plugname, name + 3);

Copied: cyrus-sasl/repos/staging-i686/0030-dont_use_la_files_for_opening_plugins.patch (from rev 289930, cyrus-sasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch)
===================================================================
--- staging-i686/0030-dont_use_la_files_for_opening_plugins.patch	                        (rev 0)
+++ staging-i686/0030-dont_use_la_files_for_opening_plugins.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,134 @@
+--- a/lib/dlopen.c
++++ b/lib/dlopen.c
+@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
+     return result;
+ }
+ 
+-/* this returns the file to actually open.
+- *  out should be a buffer of size PATH_MAX
+- *  and may be the same as in. */
+-
+-/* We'll use a static buffer for speed unless someone complains */
+-#define MAX_LINE 2048
+-
+-static int _parse_la(const char *prefix, const char *in, char *out) 
+-{
+-    FILE *file;
+-    size_t length;
+-    char line[MAX_LINE];
+-    char *ntmp = NULL;
+-
+-    if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
+-
+-    /* Set this so we can detect failure */
+-    *out = '\0';
+-
+-    length = strlen(in);
+-
+-    if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
+-	if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
+-	    /* check for a .la file */
+-	    strcpy(line, prefix);
+-	    strcat(line, in);
+-	    length = strlen(line);
+-	    *(line + (length - strlen(SO_SUFFIX))) = '\0';
+-	    strcat(line, LA_SUFFIX);
+-	    file = fopen(line, "r");
+-	    if(file) {
+-		/* We'll get it on the .la open */
+-		fclose(file);
+-		return SASL_FAIL;
+-	    }
+-	}
+-	strcpy(out, prefix);
+-	strcat(out, in);
+-	return SASL_OK;
+-    }
+-
+-    strcpy(line, prefix);
+-    strcat(line, in);
+-
+-    file = fopen(line, "r");
+-    if(!file) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "unable to open LA file: %s", line);
+-	return SASL_FAIL;
+-    }
+-    
+-    while(!feof(file)) {
+-	if(!fgets(line, MAX_LINE, file)) break;
+-	if(line[strlen(line) - 1] != '\n') {
+-	    _sasl_log(NULL, SASL_LOG_WARN,
+-		      "LA file has too long of a line: %s", in);
+-	    return SASL_BUFOVER;
+-	}
+-	if(line[0] == '\n' || line[0] == '#') continue;
+-	if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
+-	    /* We found the line with the name in it */
+-	    char *end;
+-	    char *start;
+-	    size_t len;
+-	    end = strrchr(line, '\'');
+-	    if(!end) continue;
+-	    start = &line[sizeof("dlname=")-1];
+-	    len = strlen(start);
+-	    if(len > 3 && start[0] == '\'') {
+-		ntmp=&start[1];
+-		*end='\0';
+-		/* Do we have dlname="" ? */
+-		if(ntmp == end) {
+-		    _sasl_log(NULL, SASL_LOG_DEBUG,
+-			      "dlname is empty in .la file: %s", in);
+-		    return SASL_FAIL;
+-		}
+-		strcpy(out, prefix);
+-		strcat(out, ntmp);
+-	    }
+-	    break;
+-	}
+-    }
+-    if(ferror(file) || feof(file)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Error reading .la: %s\n", in);
+-	fclose(file);
+-	return SASL_FAIL;
+-    }
+-    fclose(file);
+-
+-    if(!(*out)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Could not find a dlname line in .la file: %s", in);
+-	return SASL_FAIL;
+-    }
+-
+-    return SASL_OK;
+-}
+ #endif /* DO_DLOPEN */
+ 
+ /* loads a plugin library */
+@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
+ 		if (length + pos>=PATH_MAX) continue; /* too big */
+ 
+ 		if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
+-			   SO_SUFFIX)
+-		    && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
+-			   LA_SUFFIX))
++			   SO_SUFFIX))
+ 		    continue;
+ 
++		/* We only use .so files for loading plugins */
++
+ 		memcpy(name,dir->d_name,length);
+ 		name[length]='\0';
+ 
+-		result = _parse_la(prefix, name, tmp);
+-		if(result != SASL_OK)
+-		    continue;
+-		
++		/* Create full name with path */
++		strncpy(tmp, prefix, PATH_MAX);
++		strncat(tmp, name, PATH_MAX);
++
+ 		/* skip "lib" and cut off suffix --
+ 		   this only need be approximate */
+ 		strcpy(plugname, name + 3);

Deleted: staging-i686/CVE-2013-4122.patch
===================================================================
--- staging-i686/CVE-2013-4122.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/CVE-2013-4122.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,116 +0,0 @@
-From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
-From: mancha <mancha1 at hush.com>
-Date: Thu, 11 Jul 2013 09:08:07 +0000
-Subject: Handle NULL returns from glibc 2.17+ crypt()
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-When using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
-
-Patch by mancha1 at hush.com.
----
-diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
-index 4b34222..400289c 100644
---- a/pwcheck/pwcheck_getpwnam.c
-+++ b/pwcheck/pwcheck_getpwnam.c
-@@ -32,6 +32,7 @@ char *userid;
- char *password;
- {
-     char* r;
-+    char* crpt_passwd;
-     struct passwd *pwd;
- 
-     pwd = getpwnam(userid);
-@@ -41,7 +42,7 @@ char *password;
-     else if (pwd->pw_passwd[0] == '*') {
- 	r = "Account disabled";
-     }
--    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-+    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
- 	r = "Incorrect password";
-     }
-     else {
-diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
-index 2b11286..6d607bb 100644
---- a/pwcheck/pwcheck_getspnam.c
-+++ b/pwcheck/pwcheck_getspnam.c
-@@ -32,13 +32,15 @@ char *userid;
- char *password;
- {
-     struct spwd *pwd;
-+    char *crpt_passwd;
- 
-     pwd = getspnam(userid);
-     if (!pwd) {
- 	return "Userid not found";
-     }
-     
--    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
-+    crpt_passwd = crypt(password, pwd->sp_pwdp);
-+    if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
- 	return "Incorrect password";
-     }
-     else {
-diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
-index fc8029d..d4ebe54 100644
---- a/saslauthd/auth_getpwent.c
-+++ b/saslauthd/auth_getpwent.c
-@@ -77,6 +77,7 @@ auth_getpwent (
- {
-     /* VARIABLES */
-     struct passwd *pw;			/* pointer to passwd file entry */
-+    char *crpt_passwd;			/* encrypted password */
-     int errnum;
-     /* END VARIABLES */
-   
-@@ -105,7 +106,8 @@ auth_getpwent (
- 	}
-     }
- 
--    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+    crpt_passwd = crypt(password, pw->pw_passwd);
-+    if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
- 	if (flags & VERBOSE) {
- 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- 	}
-diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
-index 677131b..1988afd 100644
---- a/saslauthd/auth_shadow.c
-+++ b/saslauthd/auth_shadow.c
-@@ -210,8 +210,8 @@ auth_shadow (
- 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
-     }
- 
--    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
--    if (strcmp(sp->sp_pwdp, cpw)) {
-+    cpw = crypt(password, sp->sp_pwdp);
-+    if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
- 	if (flags & VERBOSE) {
- 	    /*
- 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -221,10 +221,8 @@ auth_shadow (
- 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- 		   sp->sp_pwdp, cpw);
- 	}
--	free(cpw);
- 	RETURN("NO Incorrect password");
-     }
--    free(cpw);
- 
-     /*
-      * The following fields will be set to -1 if:
-@@ -286,7 +284,7 @@ auth_shadow (
- 	RETURN("NO Invalid username");
-     }
-   
--    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
- 	if (flags & VERBOSE) {
- 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- 		   password, upw->upw_passwd);
---
-cgit v0.9.2

Copied: cyrus-sasl/repos/staging-i686/CVE-2013-4122.patch (from rev 289930, cyrus-sasl/trunk/CVE-2013-4122.patch)
===================================================================
--- staging-i686/CVE-2013-4122.patch	                        (rev 0)
+++ staging-i686/CVE-2013-4122.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,116 @@
+From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 at hush.com>
+Date: Thu, 11 Jul 2013 09:08:07 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt()
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Patch by mancha1 at hush.com.
+---
+diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
+index 4b34222..400289c 100644
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ char *userid;
+ char *password;
+ {
+     char* r;
++    char* crpt_passwd;
+     struct passwd *pwd;
+ 
+     pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+     else if (pwd->pw_passwd[0] == '*') {
+ 	r = "Account disabled";
+     }
+-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ 	r = "Incorrect password";
+     }
+     else {
+diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
+index 2b11286..6d607bb 100644
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -32,13 +32,15 @@ char *userid;
+ char *password;
+ {
+     struct spwd *pwd;
++    char *crpt_passwd;
+ 
+     pwd = getspnam(userid);
+     if (!pwd) {
+ 	return "Userid not found";
+     }
+     
+-    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++    crpt_passwd = crypt(password, pwd->sp_pwdp);
++    if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ 	return "Incorrect password";
+     }
+     else {
+diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
+index fc8029d..d4ebe54 100644
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -77,6 +77,7 @@ auth_getpwent (
+ {
+     /* VARIABLES */
+     struct passwd *pw;			/* pointer to passwd file entry */
++    char *crpt_passwd;			/* encrypted password */
+     int errnum;
+     /* END VARIABLES */
+   
+@@ -105,7 +106,8 @@ auth_getpwent (
+ 	}
+     }
+ 
+-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++    crpt_passwd = crypt(password, pw->pw_passwd);
++    if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
+ 	}
+diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
+index 677131b..1988afd 100644
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -210,8 +210,8 @@ auth_shadow (
+ 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
+     }
+ 
+-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+-    if (strcmp(sp->sp_pwdp, cpw)) {
++    cpw = crypt(password, sp->sp_pwdp);
++    if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ 	if (flags & VERBOSE) {
+ 	    /*
+ 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -221,10 +221,8 @@ auth_shadow (
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ 		   sp->sp_pwdp, cpw);
+ 	}
+-	free(cpw);
+ 	RETURN("NO Incorrect password");
+     }
+-    free(cpw);
+ 
+     /*
+      * The following fields will be set to -1 if:
+@@ -286,7 +284,7 @@ auth_shadow (
+ 	RETURN("NO Invalid username");
+     }
+   
+-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ 		   password, upw->upw_passwd);
+--
+cgit v0.9.2

Deleted: staging-i686/PKGBUILD
===================================================================
--- staging-i686/PKGBUILD	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/PKGBUILD	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,203 +0,0 @@
-# $Id$
-# Maintainer: Jan de Groot <jgc at archlinux.org>
-
-# This package spans multiple repositories. 
-# Always build from cyrus-sasl/trunk and merge changes to libsasl/trunk.
-
-pkgbase=('cyrus-sasl')
-pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
-#pkgname=libsasl
-pkgver=2.1.26
-pkgrel=10
-pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
-arch=('i686' 'x86_64')
-url="http://cyrusimap.web.cmu.edu/"
-license=('custom')
-options=('!makeflags')
-makedepends=('postgresql-libs' 'libmariadbclient' 'libldap' 'krb5' 'openssl' 'sqlite')
-source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-${pkgver}.tar.gz
-        cyrus-sasl-2.1.22-qa.patch
-        cyrus-sasl-2.1.26-size_t.patch
-        0010_maintainer_mode.patch
-        0011_saslauthd_ac_prog_libtool.patch
-        0025_ld_as_needed.patch
-        0026_drop_krb5support_dependency.patch
-        0030-dont_use_la_files_for_opening_plugins.patch
-        saslauthd.service
-        saslauthd.conf.d
-        tmpfiles.conf
-        CVE-2013-4122.patch
-        cyrus-sasl-sql.patch
-        cyrus-sasl-gssapi.patch
-        cyrus-sasl-2.1.27-openssl-1.1.0.patch
-        fix-pkgconfig.patch)
-md5sums=('a7f4e5e559a0e37b3ffc438c9456e425'
-         '79b8a5e8689989e2afd4b7bda595a7b1'
-         'f45aa8c42b32e0569ab3d14a83485b37'
-         'f45d8b60e8f74dd7f7c2ec1665fa602a'
-         '9d93880514cb5ff5da969f1ceb64a661'
-         '62bf892fe4d1df41ff748e91a1afaf67'
-         'b7848957357e7c02d6490102be496bf9'
-         '8e7106f32e495e9ade69014fd1b3352a'
-         '3499dcd610ad1ad58e0faffde2aa7a23'
-         '49219af5641150edec288a3fdb65e7c1'
-         '45bb0192d2f188066240b9a66ee6365f'
-         'c5f0ec88c584a75c14d7f402eaeed7ef'
-         '82c0f66fdc5c1145eb48ea9116c27931'
-         '0363b1a0337474a57b1f75f72fe88fa3'
-         'c8a385bbca9bd79910c6bda3dd02845c'
-         '409727695f9f28a3c43e340232462ff6')
-
-prepare() {
-  cd cyrus-sasl-$pkgver
-  patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch
-  patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch
-  patch -Np1 -i ../0010_maintainer_mode.patch
-  patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch
-  patch -Np1 -i ../0025_ld_as_needed.patch
-  patch -Np1 -i ../0026_drop_krb5support_dependency.patch
-  patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch
-  patch -Np1 -i ../CVE-2013-4122.patch
-  patch -Np0 -i ../cyrus-sasl-sql.patch
-  patch -Np1 -i ../cyrus-sasl-gssapi.patch
-  patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch
-  patch -Np1 -i ../fix-pkgconfig.patch
-
-  sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in
-}
-
-build() {
-  export CFLAGS="$CFLAGS -fPIC"
-  cd cyrus-sasl-$pkgver
-
-  rm -f config/config.guess config/config.sub 
-  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
-  rm -fr autom4te.cache
-  libtoolize -c
-  aclocal -I config -I cmulocal
-  automake -a -c
-  autoheader
-  autoconf
-
-  pushd saslauthd
-  rm -f config/config.guess config/config.sub 
-  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
-  rm -fr autom4te.cache
-  libtoolize -c
-  aclocal -I config -I ../cmulocal -I ../config
-  automake -a -c
-  autoheader
-  autoconf
-  popd
-
-  ./configure --prefix=/usr \
-      --sbin=/usr/bin \
-      --mandir=/usr/share/man \
-      --infodir=/usr/share/info \
-      --disable-static \
-      --enable-shared \
-      --enable-alwaystrue \
-      --enable-checkapop \
-      --enable-cram \
-      --enable-digest \
-      --disable-otp \
-      --disable-srp \
-      --disable-srp-setpass \
-      --disable-krb4 \
-      --enable-gssapi \
-      --enable-auth-sasldb \
-      --enable-plain \
-      --enable-anon \
-      --enable-login \
-      --enable-ntlm \
-      --disable-passdss \
-      --enable-sql \
-      --with-mysql=/usr \
-      --with-pgsql=/usr/lib \
-      --with-sqlite3=/usr/lib \
-      --enable-ldapdb \
-      --disable-macos-framework \
-      --with-pam \
-      --with-saslauthd=/var/run/saslauthd \
-      --with-ldap \
-      --with-dblib=gdbm \
-      --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
-      --sysconfdir=/etc \
-      --with-devrandom=/dev/urandom
-  make
-}
-
-package_libsasl() {
-  pkgdesc="Cyrus Simple Authentication Service Layer (SASL) Library"
-  depends=('openssl')
-  conflicts=('cyrus-sasl-plugins')
-
-  cd cyrus-sasl-$pkgver
-  make DESTDIR="$pkgdir" install-pkgconfigDATA
-  for dir in include lib sasldb plugins utils; do
-    pushd ${dir}
-    make DESTDIR="${pkgdir}" install
-    popd
-  done
-  rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so*
-  rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so*
-  rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so*
-  rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so*
-  install -m755 -d "${pkgdir}/usr/share/licenses/libsasl"
-  install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/"
-}
-
-package_cyrus-sasl() {
-  depends=("libsasl=${pkgver}" 'krb5')
-  pkgdesc="Cyrus saslauthd SASL authentication daemon"
-  backup=('etc/conf.d/saslauthd')
-
-  cd cyrus-sasl-$pkgver/saslauthd
-  make DESTDIR="${pkgdir}" install
-  install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd"
-  install -Dm644 "${srcdir}/saslauthd.service" "${pkgdir}/usr/lib/systemd/system/saslauthd.service"
-  install -Dm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf"
-
-  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl"
-  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/"
-}
-
-package_cyrus-sasl-gssapi() {
-  pkgdesc="GSSAPI authentication mechanism for Cyrus SASL"
-  depends=("libsasl=${pkgver}" 'krb5')
-  replaces=('cyrus-sasl-plugins')
-
-  cd cyrus-sasl-$pkgver/plugins
-  install -m755 -d "${pkgdir}/usr/lib/sasl2"
-  cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/"
-  cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/"
-
-  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi"
-  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/"
-}
-
-package_cyrus-sasl-ldap() {
-  pkgdesc="ldapdb auxprop module for Cyrus SASL"
-  depends=("libsasl=${pkgver}" 'libldap')
-  replaces=('cyrus-sasl-plugins')
-
-  cd cyrus-sasl-$pkgver/plugins
-  install -m755 -d "${pkgdir}/usr/lib/sasl2"
-  cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/"
-
-  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap"
-  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap/"
-}
-
-package_cyrus-sasl-sql() {
-  pkgdesc="SQL auxprop module for Cyrus SASL"
-  depends=("libsasl=${pkgver}" 'postgresql-libs' 'libmariadbclient' 'sqlite')
-  replaces=('cyrus-sasl-plugins')
-
-  cd cyrus-sasl-$pkgver/plugins
-  install -m755 -d "${pkgdir}/usr/lib/sasl2"
-  cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/"
-
-  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql"
-  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/"
-}

Copied: cyrus-sasl/repos/staging-i686/PKGBUILD (from rev 289930, cyrus-sasl/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD	                        (rev 0)
+++ staging-i686/PKGBUILD	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,203 @@
+# $Id$
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+
+# This package spans multiple repositories. 
+# Always build from cyrus-sasl/trunk and merge changes to libsasl/trunk.
+
+pkgbase=('cyrus-sasl')
+pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
+#pkgname=libsasl
+pkgver=2.1.26
+pkgrel=10
+pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
+arch=('i686' 'x86_64')
+url="http://cyrusimap.web.cmu.edu/"
+license=('custom')
+options=('!makeflags')
+makedepends=('postgresql-libs' 'libmariadbclient' 'libldap' 'krb5' 'openssl' 'sqlite')
+source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-${pkgver}.tar.gz
+        cyrus-sasl-2.1.22-qa.patch
+        cyrus-sasl-2.1.26-size_t.patch
+        0010_maintainer_mode.patch
+        0011_saslauthd_ac_prog_libtool.patch
+        0025_ld_as_needed.patch
+        0026_drop_krb5support_dependency.patch
+        0030-dont_use_la_files_for_opening_plugins.patch
+        saslauthd.service
+        saslauthd.conf.d
+        tmpfiles.conf
+        CVE-2013-4122.patch
+        cyrus-sasl-sql.patch
+        cyrus-sasl-gssapi.patch
+        cyrus-sasl-2.1.27-openssl-1.1.0.patch
+        fix-pkgconfig.patch)
+md5sums=('a7f4e5e559a0e37b3ffc438c9456e425'
+         '79b8a5e8689989e2afd4b7bda595a7b1'
+         'f45aa8c42b32e0569ab3d14a83485b37'
+         'f45d8b60e8f74dd7f7c2ec1665fa602a'
+         '9d93880514cb5ff5da969f1ceb64a661'
+         '62bf892fe4d1df41ff748e91a1afaf67'
+         'b7848957357e7c02d6490102be496bf9'
+         '8e7106f32e495e9ade69014fd1b3352a'
+         '3499dcd610ad1ad58e0faffde2aa7a23'
+         '49219af5641150edec288a3fdb65e7c1'
+         '45bb0192d2f188066240b9a66ee6365f'
+         'c5f0ec88c584a75c14d7f402eaeed7ef'
+         '82c0f66fdc5c1145eb48ea9116c27931'
+         '0363b1a0337474a57b1f75f72fe88fa3'
+         'c8a385bbca9bd79910c6bda3dd02845c'
+         '409727695f9f28a3c43e340232462ff6')
+
+prepare() {
+  cd cyrus-sasl-$pkgver
+  patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch
+  patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch
+  patch -Np1 -i ../0010_maintainer_mode.patch
+  patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch
+  patch -Np1 -i ../0025_ld_as_needed.patch
+  patch -Np1 -i ../0026_drop_krb5support_dependency.patch
+  patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch
+  patch -Np1 -i ../CVE-2013-4122.patch
+  patch -Np0 -i ../cyrus-sasl-sql.patch
+  patch -Np1 -i ../cyrus-sasl-gssapi.patch
+  patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch
+  patch -Np1 -i ../fix-pkgconfig.patch
+
+  sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in
+}
+
+build() {
+  export CFLAGS="$CFLAGS -fPIC"
+  cd cyrus-sasl-$pkgver
+
+  rm -f config/config.guess config/config.sub 
+  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+  rm -fr autom4te.cache
+  libtoolize -c
+  aclocal -I config -I cmulocal
+  automake -a -c
+  autoheader
+  autoconf
+
+  pushd saslauthd
+  rm -f config/config.guess config/config.sub 
+  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+  rm -fr autom4te.cache
+  libtoolize -c
+  aclocal -I config -I ../cmulocal -I ../config
+  automake -a -c
+  autoheader
+  autoconf
+  popd
+
+  ./configure --prefix=/usr \
+      --sbin=/usr/bin \
+      --mandir=/usr/share/man \
+      --infodir=/usr/share/info \
+      --disable-static \
+      --enable-shared \
+      --enable-alwaystrue \
+      --enable-checkapop \
+      --enable-cram \
+      --enable-digest \
+      --disable-otp \
+      --disable-srp \
+      --disable-srp-setpass \
+      --disable-krb4 \
+      --enable-gssapi \
+      --enable-auth-sasldb \
+      --enable-plain \
+      --enable-anon \
+      --enable-login \
+      --enable-ntlm \
+      --disable-passdss \
+      --enable-sql \
+      --with-mysql=/usr \
+      --with-pgsql=/usr/lib \
+      --with-sqlite3=/usr/lib \
+      --enable-ldapdb \
+      --disable-macos-framework \
+      --with-pam \
+      --with-saslauthd=/var/run/saslauthd \
+      --with-ldap \
+      --with-dblib=gdbm \
+      --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
+      --sysconfdir=/etc \
+      --with-devrandom=/dev/urandom
+  make
+}
+
+package_libsasl() {
+  pkgdesc="Cyrus Simple Authentication Service Layer (SASL) Library"
+  depends=('openssl')
+  conflicts=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver
+  make DESTDIR="$pkgdir" install-pkgconfigDATA
+  for dir in include lib sasldb plugins utils; do
+    pushd ${dir}
+    make DESTDIR="${pkgdir}" install
+    popd
+  done
+  rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so*
+  rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so*
+  rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so*
+  rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so*
+  install -m755 -d "${pkgdir}/usr/share/licenses/libsasl"
+  install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/"
+}
+
+package_cyrus-sasl() {
+  depends=("libsasl=${pkgver}" 'krb5')
+  pkgdesc="Cyrus saslauthd SASL authentication daemon"
+  backup=('etc/conf.d/saslauthd')
+
+  cd cyrus-sasl-$pkgver/saslauthd
+  make DESTDIR="${pkgdir}" install
+  install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd"
+  install -Dm644 "${srcdir}/saslauthd.service" "${pkgdir}/usr/lib/systemd/system/saslauthd.service"
+  install -Dm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/"
+}
+
+package_cyrus-sasl-gssapi() {
+  pkgdesc="GSSAPI authentication mechanism for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'krb5')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/"
+  cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/"
+}
+
+package_cyrus-sasl-ldap() {
+  pkgdesc="ldapdb auxprop module for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'libldap')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap/"
+}
+
+package_cyrus-sasl-sql() {
+  pkgdesc="SQL auxprop module for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'postgresql-libs' 'libmariadbclient' 'sqlite')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/"
+}

Deleted: staging-i686/cyrus-sasl-2.1.22-as-needed.patch
===================================================================
--- staging-i686/cyrus-sasl-2.1.22-as-needed.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/cyrus-sasl-2.1.22-as-needed.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,11 +0,0 @@
---- saslauthd/configure.in.orig	2006-05-23 15:53:17.000000000 -0700
-+++ saslauthd/configure.in	2006-05-23 15:53:33.000000000 -0700
-@@ -77,7 +77,7 @@
-   AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
-   SASL_DB_PATH_CHECK()
-   SASL_DB_CHECK()
--  SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
-+  SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
- fi
- 
- AC_ARG_ENABLE(httpform, [  --enable-httpform       enable HTTP form authentication [[no]] ],

Copied: cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.22-as-needed.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-as-needed.patch)
===================================================================
--- staging-i686/cyrus-sasl-2.1.22-as-needed.patch	                        (rev 0)
+++ staging-i686/cyrus-sasl-2.1.22-as-needed.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,11 @@
+--- saslauthd/configure.in.orig	2006-05-23 15:53:17.000000000 -0700
++++ saslauthd/configure.in	2006-05-23 15:53:33.000000000 -0700
+@@ -77,7 +77,7 @@
+   AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
+   SASL_DB_PATH_CHECK()
+   SASL_DB_CHECK()
+-  SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
++  SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
+ fi
+ 
+ AC_ARG_ENABLE(httpform, [  --enable-httpform       enable HTTP form authentication [[no]] ],

Deleted: staging-i686/cyrus-sasl-2.1.22-qa.patch
===================================================================
--- staging-i686/cyrus-sasl-2.1.22-qa.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/cyrus-sasl-2.1.22-qa.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,22 +0,0 @@
-fix missing prototype warnings
-
---- cyrus-sasl-2.1.22/lib/auxprop.c
-+++ cyrus-sasl-2.1.22/lib/auxprop.c
-@@ -43,6 +43,7 @@
-  */
- 
- #include <config.h>
-+#include <stdio.h>
- #include <sasl.h>
- #include <prop.h>
- #include <ctype.h>
---- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
-+++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
-@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
- ******************************************************************/
- 
- #include <shadow.h>
-+#include <string.h>
- 
- extern char *crypt();
- 

Copied: cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.22-qa.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-qa.patch)
===================================================================
--- staging-i686/cyrus-sasl-2.1.22-qa.patch	                        (rev 0)
+++ staging-i686/cyrus-sasl-2.1.22-qa.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,22 @@
+fix missing prototype warnings
+
+--- cyrus-sasl-2.1.22/lib/auxprop.c
++++ cyrus-sasl-2.1.22/lib/auxprop.c
+@@ -43,6 +43,7 @@
+  */
+ 
+ #include <config.h>
++#include <stdio.h>
+ #include <sasl.h>
+ #include <prop.h>
+ #include <ctype.h>
+--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
+ ******************************************************************/
+ 
+ #include <shadow.h>
++#include <string.h>
+ 
+ extern char *crypt();
+ 

Deleted: staging-i686/cyrus-sasl-2.1.26-size_t.patch
===================================================================
--- staging-i686/cyrus-sasl-2.1.26-size_t.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/cyrus-sasl-2.1.26-size_t.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,11 +0,0 @@
---- cyrus-sasl-2.1.26/include/sasl.h	2012-10-12 09:05:48.000000000 -0500
-+++ cyrus-sasl-2.1.26/include/sasl.h	2013-01-31 13:21:04.007739327 -0600
-@@ -223,6 +223,8 @@ extern "C" {
-  * they must be called before all other SASL functions:
-  */
- 
-+#include <sys/types.h>
-+
- /* memory allocation functions which may optionally be replaced:
-  */
- typedef void *sasl_malloc_t(size_t);

Copied: cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.26-size_t.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.26-size_t.patch)
===================================================================
--- staging-i686/cyrus-sasl-2.1.26-size_t.patch	                        (rev 0)
+++ staging-i686/cyrus-sasl-2.1.26-size_t.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,11 @@
+--- cyrus-sasl-2.1.26/include/sasl.h	2012-10-12 09:05:48.000000000 -0500
++++ cyrus-sasl-2.1.26/include/sasl.h	2013-01-31 13:21:04.007739327 -0600
+@@ -223,6 +223,8 @@ extern "C" {
+  * they must be called before all other SASL functions:
+  */
+ 
++#include <sys/types.h>
++
+ /* memory allocation functions which may optionally be replaced:
+  */
+ typedef void *sasl_malloc_t(size_t);

Deleted: staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch
===================================================================
--- staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,435 +0,0 @@
-diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c
---- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110	2012-01-28 00:31:36.000000000 +0100
-+++ cyrus-sasl-2.1.26/plugins/ntlm.c	2016-11-07 16:15:57.498259304 +0100
-@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
-     return P24;
- }
- 
-+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
-+{
-+    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+    return HMAC_CTX_new();
-+#else
-+    return utils->malloc(sizeof(HMAC_CTX));
-+#endif
-+}
-+
-+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
-+{
-+    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+    HMAC_CTX_free(ctx);
-+#else
-+    HMAC_cleanup(ctx);
-+    utils->free(ctx);
-+#endif
-+}
-+
- static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- 			 const char *authid, const char *target,
- 			 const unsigned char *challenge,
-@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
- 			 const sasl_utils_t *utils,
- 			 char **buf, unsigned *buflen, int *result)
- {
--    HMAC_CTX ctx;
-+    HMAC_CTX *ctx = NULL;
-     unsigned char hash[EVP_MAX_MD_SIZE];
-     char *upper;
-     unsigned int len;
-@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
- 	SETERROR(utils, "cannot allocate NTLMv2 hash");
- 	*result = SASL_NOMEM;
-     }
-+    else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
-+        SETERROR(utils, "cannot allocate HMAC CTX");
-+        *result = SASL_NOMEM;
-+    }
-     else {
- 	/* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
- 	P16_nt(hash, passwd, utils, buf, buflen, result);
-@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
- 	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
- 
- 	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
--	HMAC_Init(&ctx, hash, len, EVP_md5());
--	HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
--	HMAC_Update(&ctx, blob, bloblen);
--	HMAC_Final(&ctx, V2, &len);
--	HMAC_cleanup(&ctx);
-+	HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
-+	HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
-+	HMAC_Update(ctx, blob, bloblen);
-+	HMAC_Final(ctx, V2, &len);
- 
- 	/* the blob is concatenated outside of this function */
- 
- 	*result = SASL_OK;
-     }
- 
-+    if (ctx) _plug_HMAC_CTX_free(ctx, utils);
-+
-     return V2;
- }
- 
-diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c
---- cyrus-sasl-2.1.26/plugins/otp.c.openssl110	2012-10-12 16:05:48.000000000 +0200
-+++ cyrus-sasl-2.1.26/plugins/otp.c	2016-11-07 16:13:54.374327601 +0100
-@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
-     {NULL,	0,	NULL}
- };
- 
-+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
-+{
-+    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+    return EVP_MD_CTX_new();
-+#else
-+    return utils->malloc(sizeof(EVP_MD_CTX));
-+#endif    
-+}
-+
-+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
-+{
-+    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+    EVP_MD_CTX_free(ctx);
-+#else
-+    utils->free(ctx);
-+#endif    
-+}
-+
- /* Convert the binary data into ASCII hex */
- void bin2hex(unsigned char *bin, int binlen, char *hex)
- {
-@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
-  * swabbing bytes if necessary.
-  */
- static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
--		     unsigned char *out, int swab)
-+		     unsigned char *out, int swab, EVP_MD_CTX *mdctx)
- {
--    EVP_MD_CTX mdctx;
--    char hash[EVP_MAX_MD_SIZE];
-+    unsigned char hash[EVP_MAX_MD_SIZE];
-     unsigned int i;
-     int j;
-     unsigned hashlen;
-     
--    EVP_DigestInit(&mdctx, md);
--    EVP_DigestUpdate(&mdctx, in, inlen);
--    EVP_DigestFinal(&mdctx, hash, &hashlen);
-+    EVP_DigestInit(mdctx, md);
-+    EVP_DigestUpdate(mdctx, in, inlen);
-+    EVP_DigestFinal(mdctx, hash, &hashlen);
-     
-     /* Fold the result into 64 bits */
-     for (i = OTP_HASH_SIZE; i < hashlen; i++) {
-@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
- 			char *secret, char *otp)
- {
-     const EVP_MD *md;
--    char *key;
-+    EVP_MD_CTX *mdctx = NULL;
-+    char *key = NULL;
-+    int r = SASL_OK;
-     
-     if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- 	utils->seterror(utils->conn, 0,
-@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
- 	return SASL_FAIL;
-     }
-     
-+    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+	SETERROR(utils, "cannot allocate MD CTX");
-+	r = SASL_NOMEM;
-+        goto done;
-+    }
-+    
-     if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
- 	SETERROR(utils, "cannot allocate OTP key");
--	return SASL_NOMEM;
-+	r = SASL_NOMEM;
-+        goto done;
-     }
-     
-     /* initial step */
-     strcpy(key, seed);
-     strcat(key, secret);
--    otp_hash(md, key, strlen(key), otp, alg->swab);
-+    otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
-     
-     /* computation step */
-     while (seq-- > 0)
--	otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
--    
--    utils->free(key);
-+        otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
-+
-+  done:
-+    if (key) utils->free(key);
-+    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-     
--    return SASL_OK;
-+    return r;
- }
- 
- static int parse_challenge(const sasl_utils_t *utils,
-@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
- 
- /* Convert the 6 words into binary data */
- static int word2bin(const sasl_utils_t *utils,
--		    char *words, unsigned char *bin, const EVP_MD *md)
-+		    char *words, unsigned char *bin, const EVP_MD *md,
-+                    EVP_MD_CTX *mdctx)
- {
-     int i, j;
-     char *c, *word, buf[OTP_RESPONSE_MAX+1];
-@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
- 	
- 	/* alternate dictionary */
- 	if (alt_dict) {
--	    EVP_MD_CTX mdctx;
--	    char hash[EVP_MAX_MD_SIZE];
--	    int hashlen;
-+	    unsigned char hash[EVP_MAX_MD_SIZE];
-+	    unsigned hashlen;
- 	    
--	    EVP_DigestInit(&mdctx, md);
--	    EVP_DigestUpdate(&mdctx, word, strlen(word));
--	    EVP_DigestFinal(&mdctx, hash, &hashlen);
-+	    EVP_DigestInit(mdctx, md);
-+	    EVP_DigestUpdate(mdctx, word, strlen(word));
-+	    EVP_DigestFinal(mdctx, hash, &hashlen);
- 	    
- 	    /* use lowest 11 bits */
- 	    x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
-@@ -802,6 +834,7 @@ static int verify_response(server_contex
- 			   char *response)
- {
-     const EVP_MD *md;
-+    EVP_MD_CTX *mdctx = NULL;
-     char *c;
-     int do_init = 0;
-     unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
-@@ -815,6 +848,11 @@ static int verify_response(server_contex
- 	return SASL_FAIL;
-     }
-     
-+    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+	SETERROR(utils, "cannot allocate MD CTX");
-+	return SASL_NOMEM;
-+    }
-+    
-     /* eat leading whitespace */
-     c = response;
-     while (isspace((int) *c)) c++;
-@@ -824,7 +862,7 @@ static int verify_response(server_contex
- 	    r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
- 	}
- 	else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
--	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
-+	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
- 	}
- 	else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
- 			      strlen(OTP_INIT_HEX_TYPE))) {
-@@ -834,7 +872,7 @@ static int verify_response(server_contex
- 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- 			      strlen(OTP_INIT_WORD_TYPE))) {
- 	    do_init = 1;
--	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
-+	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
- 	}
- 	else {
- 	    SETERROR(utils, "unknown OTP extended response type");
-@@ -843,14 +881,15 @@ static int verify_response(server_contex
-     }
-     else {
- 	/* standard response, try word first, and then hex */
--	r = word2bin(utils, c, cur_otp, md);
-+	r = word2bin(utils, c, cur_otp, md, mdctx);
- 	if (r != SASL_OK)
- 	    r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
-     }
-     
-     if (r == SASL_OK) {
- 	/* do one more hash (previous otp) and compare to stored otp */
--	otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
-+	otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
-+                 prev_otp, text->alg->swab, mdctx);
- 	
- 	if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
- 	    /* update the secret with this seq/otp */
-@@ -879,23 +918,28 @@ static int verify_response(server_contex
- 		*new_resp++ = '\0';
- 	}
- 	
--	if (!(new_chal && new_resp))
--	    return SASL_BADAUTH;
-+	if (!(new_chal && new_resp)) {
-+	    r = SASL_BADAUTH;
-+            goto done;
-+        }
- 	
- 	if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
- 	    != SASL_OK) {
--	    return r;
-+            goto done;
- 	}
- 	
--	if (seq < 1 || !strcasecmp(seed, text->seed))
--	    return SASL_BADAUTH;
-+	if (seq < 1 || !strcasecmp(seed, text->seed)) {
-+	    r = SASL_BADAUTH;
-+            goto done;
-+        }
- 	
- 	/* find the MDA */
- 	if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- 	    utils->seterror(utils->conn, 0,
- 			    "OTP algorithm %s is not available",
- 			    alg->evp_name);
--	    return SASL_BADAUTH;
-+	    r = SASL_BADAUTH;
-+            goto done;
- 	}
- 	
- 	if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
-@@ -903,7 +947,7 @@ static int verify_response(server_contex
- 	}
- 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- 			      strlen(OTP_INIT_WORD_TYPE))) {
--	    r = word2bin(utils, new_resp, new_otp, md);
-+	    r = word2bin(utils, new_resp, new_otp, md, mdctx);
- 	}
- 	
- 	if (r == SASL_OK) {
-@@ -914,7 +958,10 @@ static int verify_response(server_contex
- 	    memcpy(text->otp, new_otp, OTP_HASH_SIZE);
- 	}
-     }
--    
-+
-+  done:
-+    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-+
-     return r;
- }
- 
-diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c
---- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110	2016-11-07 16:13:54.347327616 +0100
-+++ cyrus-sasl-2.1.26/saslauthd/lak.c	2016-11-07 16:18:42.283167898 +0100
-@@ -61,6 +61,35 @@
- #include <sasl.h>
- #include "lak.h"
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+static EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+	return EVP_MD_CTX_create();
-+}
-+static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-+{
-+	if (ctx == NULL)
-+		return;
-+
-+	EVP_MD_CTX_destroy(ctx);
-+}
-+
-+static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
-+{
-+	EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-+
-+	if (ctx != NULL) {
-+		memset(ctx, 0, sizeof(*ctx));
-+	}
-+	return ctx;
-+}
-+static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
-+{
-+	OPENSSL_free(ctx);
-+	return;
-+}
-+#endif
-+
- typedef struct lak_auth_method {
- 	int method;
- 	int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
-@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
- 
- 	int rc, i, tlen = 0;
- 	char *text;
--	EVP_ENCODE_CTX EVP_ctx;
-+	EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
- 
--	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
- 	if (text == NULL)
- 		return LAK_NOMEM;
- 
--	EVP_DecodeInit(&EVP_ctx);
--	rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
-+	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
-+	if (text == NULL) {
-+		EVP_ENCODE_CTX_free(enc_ctx);
-+		return LAK_NOMEM;
-+	}
-+
-+	EVP_DecodeInit(enc_ctx);
-+	rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
- 	if (rc < 0) {
-+		EVP_ENCODE_CTX_free(enc_ctx);
- 		free(text);
- 		return LAK_FAIL;
- 	}
- 	tlen += i;
--	EVP_DecodeFinal(&EVP_ctx, text, &i); 
-+	EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); 
-+
-+	EVP_ENCODE_CTX_free(enc_ctx);
- 
- 	*ret = text;
- 	if (rlen != NULL)
-@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
- {
- 	int rc, clen;
- 	LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
--	EVP_MD_CTX mdctx;
-+	EVP_MD_CTX *mdctx;
- 	const EVP_MD *md;
- 	unsigned char digest[EVP_MAX_MD_SIZE];
- 	char *cred;
-@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
- 	if (!md)
- 		return LAK_FAIL;
- 
-+	mdctx = EVP_MD_CTX_new();
-+	if (!mdctx)
-+		return LAK_NOMEM;
-+
- 	rc = lak_base64_decode(hash, &cred, &clen);
--	if (rc != LAK_OK)
-+	if (rc != LAK_OK) {
-+		EVP_MD_CTX_free(mdctx);
- 		return rc;
-+	}
- 
--	EVP_DigestInit(&mdctx, md);
--	EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
-+	EVP_DigestInit(mdctx, md);
-+	EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
- 	if (hrock->salted) {
--		EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
-+		EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
- 				 clen - EVP_MD_size(md));
- 	}
--	EVP_DigestFinal(&mdctx, digest, NULL);
-+	EVP_DigestFinal(mdctx, digest, NULL);
-+	EVP_MD_CTX_free(mdctx);
- 
- 	rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
- 	free(cred);

Copied: cyrus-sasl/repos/staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch)
===================================================================
--- staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch	                        (rev 0)
+++ staging-i686/cyrus-sasl-2.1.27-openssl-1.1.0.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,435 @@
+diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c
+--- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110	2012-01-28 00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/ntlm.c	2016-11-07 16:15:57.498259304 +0100
+@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
+     return P24;
+ }
+ 
++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    return HMAC_CTX_new();
++#else
++    return utils->malloc(sizeof(HMAC_CTX));
++#endif
++}
++
++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    HMAC_CTX_free(ctx);
++#else
++    HMAC_cleanup(ctx);
++    utils->free(ctx);
++#endif
++}
++
+ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ 			 const char *authid, const char *target,
+ 			 const unsigned char *challenge,
+@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
+ 			 const sasl_utils_t *utils,
+ 			 char **buf, unsigned *buflen, int *result)
+ {
+-    HMAC_CTX ctx;
++    HMAC_CTX *ctx = NULL;
+     unsigned char hash[EVP_MAX_MD_SIZE];
+     char *upper;
+     unsigned int len;
+@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
+ 	SETERROR(utils, "cannot allocate NTLMv2 hash");
+ 	*result = SASL_NOMEM;
+     }
++    else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
++        SETERROR(utils, "cannot allocate HMAC CTX");
++        *result = SASL_NOMEM;
++    }
+     else {
+ 	/* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
+ 	P16_nt(hash, passwd, utils, buf, buflen, result);
+@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
+ 	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
+ 
+ 	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
+-	HMAC_Init(&ctx, hash, len, EVP_md5());
+-	HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
+-	HMAC_Update(&ctx, blob, bloblen);
+-	HMAC_Final(&ctx, V2, &len);
+-	HMAC_cleanup(&ctx);
++	HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
++	HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
++	HMAC_Update(ctx, blob, bloblen);
++	HMAC_Final(ctx, V2, &len);
+ 
+ 	/* the blob is concatenated outside of this function */
+ 
+ 	*result = SASL_OK;
+     }
+ 
++    if (ctx) _plug_HMAC_CTX_free(ctx, utils);
++
+     return V2;
+ }
+ 
+diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c
+--- cyrus-sasl-2.1.26/plugins/otp.c.openssl110	2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/plugins/otp.c	2016-11-07 16:13:54.374327601 +0100
+@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
+     {NULL,	0,	NULL}
+ };
+ 
++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    return EVP_MD_CTX_new();
++#else
++    return utils->malloc(sizeof(EVP_MD_CTX));
++#endif    
++}
++
++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_MD_CTX_free(ctx);
++#else
++    utils->free(ctx);
++#endif    
++}
++
+ /* Convert the binary data into ASCII hex */
+ void bin2hex(unsigned char *bin, int binlen, char *hex)
+ {
+@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
+  * swabbing bytes if necessary.
+  */
+ static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
+-		     unsigned char *out, int swab)
++		     unsigned char *out, int swab, EVP_MD_CTX *mdctx)
+ {
+-    EVP_MD_CTX mdctx;
+-    char hash[EVP_MAX_MD_SIZE];
++    unsigned char hash[EVP_MAX_MD_SIZE];
+     unsigned int i;
+     int j;
+     unsigned hashlen;
+     
+-    EVP_DigestInit(&mdctx, md);
+-    EVP_DigestUpdate(&mdctx, in, inlen);
+-    EVP_DigestFinal(&mdctx, hash, &hashlen);
++    EVP_DigestInit(mdctx, md);
++    EVP_DigestUpdate(mdctx, in, inlen);
++    EVP_DigestFinal(mdctx, hash, &hashlen);
+     
+     /* Fold the result into 64 bits */
+     for (i = OTP_HASH_SIZE; i < hashlen; i++) {
+@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
+ 			char *secret, char *otp)
+ {
+     const EVP_MD *md;
+-    char *key;
++    EVP_MD_CTX *mdctx = NULL;
++    char *key = NULL;
++    int r = SASL_OK;
+     
+     if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ 	utils->seterror(utils->conn, 0,
+@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
+ 	return SASL_FAIL;
+     }
+     
++    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++	SETERROR(utils, "cannot allocate MD CTX");
++	r = SASL_NOMEM;
++        goto done;
++    }
++    
+     if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
+ 	SETERROR(utils, "cannot allocate OTP key");
+-	return SASL_NOMEM;
++	r = SASL_NOMEM;
++        goto done;
+     }
+     
+     /* initial step */
+     strcpy(key, seed);
+     strcat(key, secret);
+-    otp_hash(md, key, strlen(key), otp, alg->swab);
++    otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
+     
+     /* computation step */
+     while (seq-- > 0)
+-	otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
+-    
+-    utils->free(key);
++        otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
++
++  done:
++    if (key) utils->free(key);
++    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+     
+-    return SASL_OK;
++    return r;
+ }
+ 
+ static int parse_challenge(const sasl_utils_t *utils,
+@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
+ 
+ /* Convert the 6 words into binary data */
+ static int word2bin(const sasl_utils_t *utils,
+-		    char *words, unsigned char *bin, const EVP_MD *md)
++		    char *words, unsigned char *bin, const EVP_MD *md,
++                    EVP_MD_CTX *mdctx)
+ {
+     int i, j;
+     char *c, *word, buf[OTP_RESPONSE_MAX+1];
+@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
+ 	
+ 	/* alternate dictionary */
+ 	if (alt_dict) {
+-	    EVP_MD_CTX mdctx;
+-	    char hash[EVP_MAX_MD_SIZE];
+-	    int hashlen;
++	    unsigned char hash[EVP_MAX_MD_SIZE];
++	    unsigned hashlen;
+ 	    
+-	    EVP_DigestInit(&mdctx, md);
+-	    EVP_DigestUpdate(&mdctx, word, strlen(word));
+-	    EVP_DigestFinal(&mdctx, hash, &hashlen);
++	    EVP_DigestInit(mdctx, md);
++	    EVP_DigestUpdate(mdctx, word, strlen(word));
++	    EVP_DigestFinal(mdctx, hash, &hashlen);
+ 	    
+ 	    /* use lowest 11 bits */
+ 	    x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
+@@ -802,6 +834,7 @@ static int verify_response(server_contex
+ 			   char *response)
+ {
+     const EVP_MD *md;
++    EVP_MD_CTX *mdctx = NULL;
+     char *c;
+     int do_init = 0;
+     unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
+@@ -815,6 +848,11 @@ static int verify_response(server_contex
+ 	return SASL_FAIL;
+     }
+     
++    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++	SETERROR(utils, "cannot allocate MD CTX");
++	return SASL_NOMEM;
++    }
++    
+     /* eat leading whitespace */
+     c = response;
+     while (isspace((int) *c)) c++;
+@@ -824,7 +862,7 @@ static int verify_response(server_contex
+ 	    r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
+ 	}
+ 	else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
+-	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
++	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
+ 	}
+ 	else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
+ 			      strlen(OTP_INIT_HEX_TYPE))) {
+@@ -834,7 +872,7 @@ static int verify_response(server_contex
+ 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ 			      strlen(OTP_INIT_WORD_TYPE))) {
+ 	    do_init = 1;
+-	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
++	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
+ 	}
+ 	else {
+ 	    SETERROR(utils, "unknown OTP extended response type");
+@@ -843,14 +881,15 @@ static int verify_response(server_contex
+     }
+     else {
+ 	/* standard response, try word first, and then hex */
+-	r = word2bin(utils, c, cur_otp, md);
++	r = word2bin(utils, c, cur_otp, md, mdctx);
+ 	if (r != SASL_OK)
+ 	    r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
+     }
+     
+     if (r == SASL_OK) {
+ 	/* do one more hash (previous otp) and compare to stored otp */
+-	otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
++	otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
++                 prev_otp, text->alg->swab, mdctx);
+ 	
+ 	if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
+ 	    /* update the secret with this seq/otp */
+@@ -879,23 +918,28 @@ static int verify_response(server_contex
+ 		*new_resp++ = '\0';
+ 	}
+ 	
+-	if (!(new_chal && new_resp))
+-	    return SASL_BADAUTH;
++	if (!(new_chal && new_resp)) {
++	    r = SASL_BADAUTH;
++            goto done;
++        }
+ 	
+ 	if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
+ 	    != SASL_OK) {
+-	    return r;
++            goto done;
+ 	}
+ 	
+-	if (seq < 1 || !strcasecmp(seed, text->seed))
+-	    return SASL_BADAUTH;
++	if (seq < 1 || !strcasecmp(seed, text->seed)) {
++	    r = SASL_BADAUTH;
++            goto done;
++        }
+ 	
+ 	/* find the MDA */
+ 	if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ 	    utils->seterror(utils->conn, 0,
+ 			    "OTP algorithm %s is not available",
+ 			    alg->evp_name);
+-	    return SASL_BADAUTH;
++	    r = SASL_BADAUTH;
++            goto done;
+ 	}
+ 	
+ 	if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
+@@ -903,7 +947,7 @@ static int verify_response(server_contex
+ 	}
+ 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ 			      strlen(OTP_INIT_WORD_TYPE))) {
+-	    r = word2bin(utils, new_resp, new_otp, md);
++	    r = word2bin(utils, new_resp, new_otp, md, mdctx);
+ 	}
+ 	
+ 	if (r == SASL_OK) {
+@@ -914,7 +958,10 @@ static int verify_response(server_contex
+ 	    memcpy(text->otp, new_otp, OTP_HASH_SIZE);
+ 	}
+     }
+-    
++
++  done:
++    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
++
+     return r;
+ }
+ 
+diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c
+--- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110	2016-11-07 16:13:54.347327616 +0100
++++ cyrus-sasl-2.1.26/saslauthd/lak.c	2016-11-07 16:18:42.283167898 +0100
+@@ -61,6 +61,35 @@
+ #include <sasl.h>
+ #include "lak.h"
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++	return EVP_MD_CTX_create();
++}
++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++	if (ctx == NULL)
++		return;
++
++	EVP_MD_CTX_destroy(ctx);
++}
++
++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
++{
++	EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
++
++	if (ctx != NULL) {
++		memset(ctx, 0, sizeof(*ctx));
++	}
++	return ctx;
++}
++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
++{
++	OPENSSL_free(ctx);
++	return;
++}
++#endif
++
+ typedef struct lak_auth_method {
+ 	int method;
+ 	int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
+@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
+ 
+ 	int rc, i, tlen = 0;
+ 	char *text;
+-	EVP_ENCODE_CTX EVP_ctx;
++	EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
+ 
+-	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
+ 	if (text == NULL)
+ 		return LAK_NOMEM;
+ 
+-	EVP_DecodeInit(&EVP_ctx);
+-	rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
++	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
++	if (text == NULL) {
++		EVP_ENCODE_CTX_free(enc_ctx);
++		return LAK_NOMEM;
++	}
++
++	EVP_DecodeInit(enc_ctx);
++	rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
+ 	if (rc < 0) {
++		EVP_ENCODE_CTX_free(enc_ctx);
+ 		free(text);
+ 		return LAK_FAIL;
+ 	}
+ 	tlen += i;
+-	EVP_DecodeFinal(&EVP_ctx, text, &i); 
++	EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); 
++
++	EVP_ENCODE_CTX_free(enc_ctx);
+ 
+ 	*ret = text;
+ 	if (rlen != NULL)
+@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
+ {
+ 	int rc, clen;
+ 	LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx;
+ 	const EVP_MD *md;
+ 	unsigned char digest[EVP_MAX_MD_SIZE];
+ 	char *cred;
+@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
+ 	if (!md)
+ 		return LAK_FAIL;
+ 
++	mdctx = EVP_MD_CTX_new();
++	if (!mdctx)
++		return LAK_NOMEM;
++
+ 	rc = lak_base64_decode(hash, &cred, &clen);
+-	if (rc != LAK_OK)
++	if (rc != LAK_OK) {
++		EVP_MD_CTX_free(mdctx);
+ 		return rc;
++	}
+ 
+-	EVP_DigestInit(&mdctx, md);
+-	EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
++	EVP_DigestInit(mdctx, md);
++	EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
+ 	if (hrock->salted) {
+-		EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
++		EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
+ 				 clen - EVP_MD_size(md));
+ 	}
+-	EVP_DigestFinal(&mdctx, digest, NULL);
++	EVP_DigestFinal(mdctx, digest, NULL);
++	EVP_MD_CTX_free(mdctx);
+ 
+ 	rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
+ 	free(cred);

Deleted: staging-i686/cyrus-sasl-gssapi.patch
===================================================================
--- staging-i686/cyrus-sasl-gssapi.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/cyrus-sasl-gssapi.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,16 +0,0 @@
-diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c
---- cyrus-sasl-2.1.26.orig/plugins/gssapi.c	2016-06-10 13:55:25.985676293 -0700
-+++ cyrus-sasl-2.1.26/plugins/gssapi.c	2016-06-10 13:58:00.687337430 -0700
-@@ -1583,10 +1583,10 @@
- 	}
- 
- 	/* Setup req_flags properly */
--	req_flags = GSS_C_INTEG_FLAG;
-+	req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
- 	if (params->props.max_ssf > params->external_ssf) {
- 	    /* We are requesting a security layer */
--	    req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
-+	    req_flags |= GSS_C_INTEG_FLAG;
- 	    /* Any SSF bigger than 1 is confidentiality. */
- 	    /* Let's check if the client of the API requires confidentiality,
- 	       and it wasn't already provided by an external layer */

Copied: cyrus-sasl/repos/staging-i686/cyrus-sasl-gssapi.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-gssapi.patch)
===================================================================
--- staging-i686/cyrus-sasl-gssapi.patch	                        (rev 0)
+++ staging-i686/cyrus-sasl-gssapi.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,16 @@
+diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c	2016-06-10 13:55:25.985676293 -0700
++++ cyrus-sasl-2.1.26/plugins/gssapi.c	2016-06-10 13:58:00.687337430 -0700
+@@ -1583,10 +1583,10 @@
+ 	}
+ 
+ 	/* Setup req_flags properly */
+-	req_flags = GSS_C_INTEG_FLAG;
++	req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ 	if (params->props.max_ssf > params->external_ssf) {
+ 	    /* We are requesting a security layer */
+-	    req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++	    req_flags |= GSS_C_INTEG_FLAG;
+ 	    /* Any SSF bigger than 1 is confidentiality. */
+ 	    /* Let's check if the client of the API requires confidentiality,
+ 	       and it wasn't already provided by an external layer */

Deleted: staging-i686/cyrus-sasl-sql.patch
===================================================================
--- staging-i686/cyrus-sasl-sql.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/cyrus-sasl-sql.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,39 +0,0 @@
---- configure.in	2012-10-12 16:05:48.000000000 +0200
-+++ configure.in	2013-05-11 18:48:59.021848013 +0200
-@@ -861,9 +860,9 @@
-     notfound) AC_WARN([SQLite Library not found]); true;;
-     *)
-      if test -d ${with_sqlite}/lib; then
--         LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
-+         LIB_SQLITE="-L${with_sqlite}/lib"
-      else
--         LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
-+         LIB_SQLITE="-L${with_sqlite}"
-      fi
- 
-      LIB_SQLITE_DIR=$LIB_SQLITE
-@@ -913,9 +912,9 @@
-     notfound) AC_WARN([SQLite3 Library not found]); true;;
-     *)
-      if test -d ${with_sqlite3}/lib; then
--         LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
-+         LIB_SQLITE3="-L${with_sqlite3}/lib"
-      else
--         LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
-+         LIB_SQLITE3="-L${with_sqlite3}"
-      fi
- 
-      LIB_SQLITE3_DIR=$LIB_SQLITE3
---- configure.in
-+++ configure.in
-@@ -674,7 +674,9 @@
-      LIB_PGSQL_DIR=$LIB_PGSQL
-      LIB_PGSQL="$LIB_PGSQL -lpq"
- 
--     if test -d ${with_pgsql}/include/pgsql; then
-+     if test -d ${with_pgsql}/include/postgresql/pgsql; then
-+         CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
-+     elif test -d ${with_pgsql}/include/pgsql; then
-          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
-      elif test -d ${with_pgsql}/pgsql/include; then
-          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"

Copied: cyrus-sasl/repos/staging-i686/cyrus-sasl-sql.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-sql.patch)
===================================================================
--- staging-i686/cyrus-sasl-sql.patch	                        (rev 0)
+++ staging-i686/cyrus-sasl-sql.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,39 @@
+--- configure.in	2012-10-12 16:05:48.000000000 +0200
++++ configure.in	2013-05-11 18:48:59.021848013 +0200
+@@ -861,9 +860,9 @@
+     notfound) AC_WARN([SQLite Library not found]); true;;
+     *)
+      if test -d ${with_sqlite}/lib; then
+-         LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
++         LIB_SQLITE="-L${with_sqlite}/lib"
+      else
+-         LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
++         LIB_SQLITE="-L${with_sqlite}"
+      fi
+ 
+      LIB_SQLITE_DIR=$LIB_SQLITE
+@@ -913,9 +912,9 @@
+     notfound) AC_WARN([SQLite3 Library not found]); true;;
+     *)
+      if test -d ${with_sqlite3}/lib; then
+-         LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
++         LIB_SQLITE3="-L${with_sqlite3}/lib"
+      else
+-         LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
++         LIB_SQLITE3="-L${with_sqlite3}"
+      fi
+ 
+      LIB_SQLITE3_DIR=$LIB_SQLITE3
+--- configure.in
++++ configure.in
+@@ -674,7 +674,9 @@
+      LIB_PGSQL_DIR=$LIB_PGSQL
+      LIB_PGSQL="$LIB_PGSQL -lpq"
+ 
+-     if test -d ${with_pgsql}/include/pgsql; then
++     if test -d ${with_pgsql}/include/postgresql/pgsql; then
++         CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
++     elif test -d ${with_pgsql}/include/pgsql; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+      elif test -d ${with_pgsql}/pgsql/include; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"

Deleted: staging-i686/fix-pkgconfig.patch
===================================================================
--- staging-i686/fix-pkgconfig.patch	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/fix-pkgconfig.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,27 +0,0 @@
-From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
-From: Ignacio Casal Quinteiro <icq at gnome.org>
-Date: Fri, 20 Nov 2015 11:16:31 +0100
-Subject: [PATCH] Fix up pkgconfig pc file
-
----
- libsasl2.pc.in | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/libsasl2.pc.in b/libsasl2.pc.in
-index 40bea37..ddad76d 100644
---- a/libsasl2.pc.in
-+++ b/libsasl2.pc.in
-@@ -1,8 +1,12 @@
--libdir = @libdir@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
- 
- Name: Cyrus SASL
- Description: Cyrus SASL implementation
- URL: http://www.cyrussasl.org/
- Version: @VERSION@
-+Cflags: -I${includedir}
- Libs: -L${libdir} -lsasl2
- Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@

Copied: cyrus-sasl/repos/staging-i686/fix-pkgconfig.patch (from rev 289930, cyrus-sasl/trunk/fix-pkgconfig.patch)
===================================================================
--- staging-i686/fix-pkgconfig.patch	                        (rev 0)
+++ staging-i686/fix-pkgconfig.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,27 @@
+From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <icq at gnome.org>
+Date: Fri, 20 Nov 2015 11:16:31 +0100
+Subject: [PATCH] Fix up pkgconfig pc file
+
+---
+ libsasl2.pc.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsasl2.pc.in b/libsasl2.pc.in
+index 40bea37..ddad76d 100644
+--- a/libsasl2.pc.in
++++ b/libsasl2.pc.in
+@@ -1,8 +1,12 @@
+-libdir = @libdir@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
+ 
+ Name: Cyrus SASL
+ Description: Cyrus SASL implementation
+ URL: http://www.cyrussasl.org/
+ Version: @VERSION@
++Cflags: -I${includedir}
+ Libs: -L${libdir} -lsasl2
+ Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@

Deleted: staging-i686/saslauthd.conf.d
===================================================================
--- staging-i686/saslauthd.conf.d	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/saslauthd.conf.d	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1 +0,0 @@
-SASLAUTHD_OPTS="-a pam"

Copied: cyrus-sasl/repos/staging-i686/saslauthd.conf.d (from rev 289930, cyrus-sasl/trunk/saslauthd.conf.d)
===================================================================
--- staging-i686/saslauthd.conf.d	                        (rev 0)
+++ staging-i686/saslauthd.conf.d	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1 @@
+SASLAUTHD_OPTS="-a pam"

Deleted: staging-i686/saslauthd.service
===================================================================
--- staging-i686/saslauthd.service	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/saslauthd.service	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1,11 +0,0 @@
-[Unit]
-Description=Cyrus SASL authentication daemon
-
-[Service]
-Type=forking
-EnvironmentFile=/etc/conf.d/saslauthd
-ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
-PIDFile=/var/run/saslauthd/saslauthd.pid
-
-[Install]
-WantedBy=multi-user.target

Copied: cyrus-sasl/repos/staging-i686/saslauthd.service (from rev 289930, cyrus-sasl/trunk/saslauthd.service)
===================================================================
--- staging-i686/saslauthd.service	                        (rev 0)
+++ staging-i686/saslauthd.service	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cyrus SASL authentication daemon
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+PIDFile=/var/run/saslauthd/saslauthd.pid
+
+[Install]
+WantedBy=multi-user.target

Deleted: staging-i686/tmpfiles.conf
===================================================================
--- staging-i686/tmpfiles.conf	2017-03-03 12:13:14 UTC (rev 289930)
+++ staging-i686/tmpfiles.conf	2017-03-03 12:39:27 UTC (rev 289931)
@@ -1 +0,0 @@
-d /run/saslauthd 0755 root root - -

Copied: cyrus-sasl/repos/staging-i686/tmpfiles.conf (from rev 289930, cyrus-sasl/trunk/tmpfiles.conf)
===================================================================
--- staging-i686/tmpfiles.conf	                        (rev 0)
+++ staging-i686/tmpfiles.conf	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root - -

Copied: cyrus-sasl/repos/staging-x86_64/0010_maintainer_mode.patch (from rev 289930, cyrus-sasl/trunk/0010_maintainer_mode.patch)
===================================================================
--- staging-x86_64/0010_maintainer_mode.patch	                        (rev 0)
+++ staging-x86_64/0010_maintainer_mode.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0010_maintainer_mode.dpatch by  <fabbe at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Enable maintainer mode to avoid auto* problems.
+
+ at DPATCH@
+diff -urNad trunk~/configure.in trunk/configure.in
+--- trunk~/configure.in	2006-05-29 22:52:46.000000000 +0300
++++ trunk/configure.in	2006-11-01 23:24:55.000000000 +0200
+@@ -62,6 +62,8 @@
+ AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
+ CMU_INIT_AUTOMAKE
+ 
++AM_MAINTAINER_MODE
++
+ # and include our config dir scripts
+ ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
+ 

Copied: cyrus-sasl/repos/staging-x86_64/0011_saslauthd_ac_prog_libtool.patch (from rev 289930, cyrus-sasl/trunk/0011_saslauthd_ac_prog_libtool.patch)
===================================================================
--- staging-x86_64/0011_saslauthd_ac_prog_libtool.patch	                        (rev 0)
+++ staging-x86_64/0011_saslauthd_ac_prog_libtool.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,15 @@
+0011_saslauthd_ac_prog_libtool.dpatch by  <fabbe at debian.org>
+
+Enable libtool use.
+
+diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
+--- trunk~/saslauthd/configure.in	2006-05-29 22:52:42.000000000 +0300
++++ trunk/saslauthd/configure.in	2006-11-01 23:41:51.000000000 +0200
+@@ -25,6 +25,7 @@
+ AC_PROG_MAKE_SET
+ AC_PROG_LN_S
+ AC_PROG_INSTALL
++AC_PROG_LIBTOOL
+ 
+ dnl Checks for build foo
+ CMU_C___ATTRIBUTE__

Copied: cyrus-sasl/repos/staging-x86_64/0025_ld_as_needed.patch (from rev 289930, cyrus-sasl/trunk/0025_ld_as_needed.patch)
===================================================================
--- staging-x86_64/0025_ld_as_needed.patch	                        (rev 0)
+++ staging-x86_64/0025_ld_as_needed.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,27 @@
+Author: Matthias Klose <doko at ubuntu.com>
+Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
+it.
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
+ saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
+ saslauthd_LDADD	= @SASL_KRB_LIB@ \
+ 		  @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+-		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
++		  @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+ 
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
+ 
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) 
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+ 
+ # Prevent make dist stupidity
+ libsasldb_a_SOURCES =

Copied: cyrus-sasl/repos/staging-x86_64/0026_drop_krb5support_dependency.patch (from rev 289930, cyrus-sasl/trunk/0026_drop_krb5support_dependency.patch)
===================================================================
--- staging-x86_64/0026_drop_krb5support_dependency.patch	                        (rev 0)
+++ staging-x86_64/0026_drop_krb5support_dependency.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,14 @@
+Author: Roberto C. Sanchez <roberto at connexer.com>
+Description: Drop gratuitous dependency on krb5support
+--- a/cmulocal/sasl2.m4
++++ b/cmulocal/sasl2.m4
+@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
+   fi
+ 
+   if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
+-    # check for libkrb5support first
+-    AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
+-
+     gss_failed=0
+     AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
+                  ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})

Copied: cyrus-sasl/repos/staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch (from rev 289930, cyrus-sasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch)
===================================================================
--- staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch	                        (rev 0)
+++ staging-x86_64/0030-dont_use_la_files_for_opening_plugins.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,134 @@
+--- a/lib/dlopen.c
++++ b/lib/dlopen.c
+@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
+     return result;
+ }
+ 
+-/* this returns the file to actually open.
+- *  out should be a buffer of size PATH_MAX
+- *  and may be the same as in. */
+-
+-/* We'll use a static buffer for speed unless someone complains */
+-#define MAX_LINE 2048
+-
+-static int _parse_la(const char *prefix, const char *in, char *out) 
+-{
+-    FILE *file;
+-    size_t length;
+-    char line[MAX_LINE];
+-    char *ntmp = NULL;
+-
+-    if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
+-
+-    /* Set this so we can detect failure */
+-    *out = '\0';
+-
+-    length = strlen(in);
+-
+-    if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
+-	if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
+-	    /* check for a .la file */
+-	    strcpy(line, prefix);
+-	    strcat(line, in);
+-	    length = strlen(line);
+-	    *(line + (length - strlen(SO_SUFFIX))) = '\0';
+-	    strcat(line, LA_SUFFIX);
+-	    file = fopen(line, "r");
+-	    if(file) {
+-		/* We'll get it on the .la open */
+-		fclose(file);
+-		return SASL_FAIL;
+-	    }
+-	}
+-	strcpy(out, prefix);
+-	strcat(out, in);
+-	return SASL_OK;
+-    }
+-
+-    strcpy(line, prefix);
+-    strcat(line, in);
+-
+-    file = fopen(line, "r");
+-    if(!file) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "unable to open LA file: %s", line);
+-	return SASL_FAIL;
+-    }
+-    
+-    while(!feof(file)) {
+-	if(!fgets(line, MAX_LINE, file)) break;
+-	if(line[strlen(line) - 1] != '\n') {
+-	    _sasl_log(NULL, SASL_LOG_WARN,
+-		      "LA file has too long of a line: %s", in);
+-	    return SASL_BUFOVER;
+-	}
+-	if(line[0] == '\n' || line[0] == '#') continue;
+-	if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
+-	    /* We found the line with the name in it */
+-	    char *end;
+-	    char *start;
+-	    size_t len;
+-	    end = strrchr(line, '\'');
+-	    if(!end) continue;
+-	    start = &line[sizeof("dlname=")-1];
+-	    len = strlen(start);
+-	    if(len > 3 && start[0] == '\'') {
+-		ntmp=&start[1];
+-		*end='\0';
+-		/* Do we have dlname="" ? */
+-		if(ntmp == end) {
+-		    _sasl_log(NULL, SASL_LOG_DEBUG,
+-			      "dlname is empty in .la file: %s", in);
+-		    return SASL_FAIL;
+-		}
+-		strcpy(out, prefix);
+-		strcat(out, ntmp);
+-	    }
+-	    break;
+-	}
+-    }
+-    if(ferror(file) || feof(file)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Error reading .la: %s\n", in);
+-	fclose(file);
+-	return SASL_FAIL;
+-    }
+-    fclose(file);
+-
+-    if(!(*out)) {
+-	_sasl_log(NULL, SASL_LOG_WARN,
+-		  "Could not find a dlname line in .la file: %s", in);
+-	return SASL_FAIL;
+-    }
+-
+-    return SASL_OK;
+-}
+ #endif /* DO_DLOPEN */
+ 
+ /* loads a plugin library */
+@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
+ 		if (length + pos>=PATH_MAX) continue; /* too big */
+ 
+ 		if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
+-			   SO_SUFFIX)
+-		    && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
+-			   LA_SUFFIX))
++			   SO_SUFFIX))
+ 		    continue;
+ 
++		/* We only use .so files for loading plugins */
++
+ 		memcpy(name,dir->d_name,length);
+ 		name[length]='\0';
+ 
+-		result = _parse_la(prefix, name, tmp);
+-		if(result != SASL_OK)
+-		    continue;
+-		
++		/* Create full name with path */
++		strncpy(tmp, prefix, PATH_MAX);
++		strncat(tmp, name, PATH_MAX);
++
+ 		/* skip "lib" and cut off suffix --
+ 		   this only need be approximate */
+ 		strcpy(plugname, name + 3);

Copied: cyrus-sasl/repos/staging-x86_64/CVE-2013-4122.patch (from rev 289930, cyrus-sasl/trunk/CVE-2013-4122.patch)
===================================================================
--- staging-x86_64/CVE-2013-4122.patch	                        (rev 0)
+++ staging-x86_64/CVE-2013-4122.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,116 @@
+From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 at hush.com>
+Date: Thu, 11 Jul 2013 09:08:07 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt()
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Patch by mancha1 at hush.com.
+---
+diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
+index 4b34222..400289c 100644
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ char *userid;
+ char *password;
+ {
+     char* r;
++    char* crpt_passwd;
+     struct passwd *pwd;
+ 
+     pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+     else if (pwd->pw_passwd[0] == '*') {
+ 	r = "Account disabled";
+     }
+-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ 	r = "Incorrect password";
+     }
+     else {
+diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
+index 2b11286..6d607bb 100644
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -32,13 +32,15 @@ char *userid;
+ char *password;
+ {
+     struct spwd *pwd;
++    char *crpt_passwd;
+ 
+     pwd = getspnam(userid);
+     if (!pwd) {
+ 	return "Userid not found";
+     }
+     
+-    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++    crpt_passwd = crypt(password, pwd->sp_pwdp);
++    if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ 	return "Incorrect password";
+     }
+     else {
+diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
+index fc8029d..d4ebe54 100644
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -77,6 +77,7 @@ auth_getpwent (
+ {
+     /* VARIABLES */
+     struct passwd *pw;			/* pointer to passwd file entry */
++    char *crpt_passwd;			/* encrypted password */
+     int errnum;
+     /* END VARIABLES */
+   
+@@ -105,7 +106,8 @@ auth_getpwent (
+ 	}
+     }
+ 
+-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++    crpt_passwd = crypt(password, pw->pw_passwd);
++    if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
+ 	}
+diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
+index 677131b..1988afd 100644
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -210,8 +210,8 @@ auth_shadow (
+ 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
+     }
+ 
+-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+-    if (strcmp(sp->sp_pwdp, cpw)) {
++    cpw = crypt(password, sp->sp_pwdp);
++    if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ 	if (flags & VERBOSE) {
+ 	    /*
+ 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -221,10 +221,8 @@ auth_shadow (
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ 		   sp->sp_pwdp, cpw);
+ 	}
+-	free(cpw);
+ 	RETURN("NO Incorrect password");
+     }
+-    free(cpw);
+ 
+     /*
+      * The following fields will be set to -1 if:
+@@ -286,7 +284,7 @@ auth_shadow (
+ 	RETURN("NO Invalid username");
+     }
+   
+-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ 		   password, upw->upw_passwd);
+--
+cgit v0.9.2

Copied: cyrus-sasl/repos/staging-x86_64/PKGBUILD (from rev 289930, cyrus-sasl/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,203 @@
+# $Id$
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+
+# This package spans multiple repositories. 
+# Always build from cyrus-sasl/trunk and merge changes to libsasl/trunk.
+
+pkgbase=('cyrus-sasl')
+pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
+#pkgname=libsasl
+pkgver=2.1.26
+pkgrel=10
+pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
+arch=('i686' 'x86_64')
+url="http://cyrusimap.web.cmu.edu/"
+license=('custom')
+options=('!makeflags')
+makedepends=('postgresql-libs' 'libmariadbclient' 'libldap' 'krb5' 'openssl' 'sqlite')
+source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-${pkgver}.tar.gz
+        cyrus-sasl-2.1.22-qa.patch
+        cyrus-sasl-2.1.26-size_t.patch
+        0010_maintainer_mode.patch
+        0011_saslauthd_ac_prog_libtool.patch
+        0025_ld_as_needed.patch
+        0026_drop_krb5support_dependency.patch
+        0030-dont_use_la_files_for_opening_plugins.patch
+        saslauthd.service
+        saslauthd.conf.d
+        tmpfiles.conf
+        CVE-2013-4122.patch
+        cyrus-sasl-sql.patch
+        cyrus-sasl-gssapi.patch
+        cyrus-sasl-2.1.27-openssl-1.1.0.patch
+        fix-pkgconfig.patch)
+md5sums=('a7f4e5e559a0e37b3ffc438c9456e425'
+         '79b8a5e8689989e2afd4b7bda595a7b1'
+         'f45aa8c42b32e0569ab3d14a83485b37'
+         'f45d8b60e8f74dd7f7c2ec1665fa602a'
+         '9d93880514cb5ff5da969f1ceb64a661'
+         '62bf892fe4d1df41ff748e91a1afaf67'
+         'b7848957357e7c02d6490102be496bf9'
+         '8e7106f32e495e9ade69014fd1b3352a'
+         '3499dcd610ad1ad58e0faffde2aa7a23'
+         '49219af5641150edec288a3fdb65e7c1'
+         '45bb0192d2f188066240b9a66ee6365f'
+         'c5f0ec88c584a75c14d7f402eaeed7ef'
+         '82c0f66fdc5c1145eb48ea9116c27931'
+         '0363b1a0337474a57b1f75f72fe88fa3'
+         'c8a385bbca9bd79910c6bda3dd02845c'
+         '409727695f9f28a3c43e340232462ff6')
+
+prepare() {
+  cd cyrus-sasl-$pkgver
+  patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch
+  patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch
+  patch -Np1 -i ../0010_maintainer_mode.patch
+  patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch
+  patch -Np1 -i ../0025_ld_as_needed.patch
+  patch -Np1 -i ../0026_drop_krb5support_dependency.patch
+  patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch
+  patch -Np1 -i ../CVE-2013-4122.patch
+  patch -Np0 -i ../cyrus-sasl-sql.patch
+  patch -Np1 -i ../cyrus-sasl-gssapi.patch
+  patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch
+  patch -Np1 -i ../fix-pkgconfig.patch
+
+  sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in
+}
+
+build() {
+  export CFLAGS="$CFLAGS -fPIC"
+  cd cyrus-sasl-$pkgver
+
+  rm -f config/config.guess config/config.sub 
+  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+  rm -fr autom4te.cache
+  libtoolize -c
+  aclocal -I config -I cmulocal
+  automake -a -c
+  autoheader
+  autoconf
+
+  pushd saslauthd
+  rm -f config/config.guess config/config.sub 
+  rm -f config/ltconfig config/ltmain.sh config/libtool.m4
+  rm -fr autom4te.cache
+  libtoolize -c
+  aclocal -I config -I ../cmulocal -I ../config
+  automake -a -c
+  autoheader
+  autoconf
+  popd
+
+  ./configure --prefix=/usr \
+      --sbin=/usr/bin \
+      --mandir=/usr/share/man \
+      --infodir=/usr/share/info \
+      --disable-static \
+      --enable-shared \
+      --enable-alwaystrue \
+      --enable-checkapop \
+      --enable-cram \
+      --enable-digest \
+      --disable-otp \
+      --disable-srp \
+      --disable-srp-setpass \
+      --disable-krb4 \
+      --enable-gssapi \
+      --enable-auth-sasldb \
+      --enable-plain \
+      --enable-anon \
+      --enable-login \
+      --enable-ntlm \
+      --disable-passdss \
+      --enable-sql \
+      --with-mysql=/usr \
+      --with-pgsql=/usr/lib \
+      --with-sqlite3=/usr/lib \
+      --enable-ldapdb \
+      --disable-macos-framework \
+      --with-pam \
+      --with-saslauthd=/var/run/saslauthd \
+      --with-ldap \
+      --with-dblib=gdbm \
+      --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
+      --sysconfdir=/etc \
+      --with-devrandom=/dev/urandom
+  make
+}
+
+package_libsasl() {
+  pkgdesc="Cyrus Simple Authentication Service Layer (SASL) Library"
+  depends=('openssl')
+  conflicts=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver
+  make DESTDIR="$pkgdir" install-pkgconfigDATA
+  for dir in include lib sasldb plugins utils; do
+    pushd ${dir}
+    make DESTDIR="${pkgdir}" install
+    popd
+  done
+  rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so*
+  rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so*
+  rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so*
+  rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so*
+  install -m755 -d "${pkgdir}/usr/share/licenses/libsasl"
+  install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/"
+}
+
+package_cyrus-sasl() {
+  depends=("libsasl=${pkgver}" 'krb5')
+  pkgdesc="Cyrus saslauthd SASL authentication daemon"
+  backup=('etc/conf.d/saslauthd')
+
+  cd cyrus-sasl-$pkgver/saslauthd
+  make DESTDIR="${pkgdir}" install
+  install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd"
+  install -Dm644 "${srcdir}/saslauthd.service" "${pkgdir}/usr/lib/systemd/system/saslauthd.service"
+  install -Dm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/"
+}
+
+package_cyrus-sasl-gssapi() {
+  pkgdesc="GSSAPI authentication mechanism for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'krb5')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/"
+  cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/"
+}
+
+package_cyrus-sasl-ldap() {
+  pkgdesc="ldapdb auxprop module for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'libldap')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-ldap/"
+}
+
+package_cyrus-sasl-sql() {
+  pkgdesc="SQL auxprop module for Cyrus SASL"
+  depends=("libsasl=${pkgver}" 'postgresql-libs' 'libmariadbclient' 'sqlite')
+  replaces=('cyrus-sasl-plugins')
+
+  cd cyrus-sasl-$pkgver/plugins
+  install -m755 -d "${pkgdir}/usr/lib/sasl2"
+  cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/"
+
+  install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql"
+  ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/"
+}

Copied: cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-as-needed.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch	                        (rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.22-as-needed.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,11 @@
+--- saslauthd/configure.in.orig	2006-05-23 15:53:17.000000000 -0700
++++ saslauthd/configure.in	2006-05-23 15:53:33.000000000 -0700
+@@ -77,7 +77,7 @@
+   AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
+   SASL_DB_PATH_CHECK()
+   SASL_DB_CHECK()
+-  SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
++  SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
+ fi
+ 
+ AC_ARG_ENABLE(httpform, [  --enable-httpform       enable HTTP form authentication [[no]] ],

Copied: cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.22-qa.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.22-qa.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.22-qa.patch	                        (rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.22-qa.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,22 @@
+fix missing prototype warnings
+
+--- cyrus-sasl-2.1.22/lib/auxprop.c
++++ cyrus-sasl-2.1.22/lib/auxprop.c
+@@ -43,6 +43,7 @@
+  */
+ 
+ #include <config.h>
++#include <stdio.h>
+ #include <sasl.h>
+ #include <prop.h>
+ #include <ctype.h>
+--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
+ ******************************************************************/
+ 
+ #include <shadow.h>
++#include <string.h>
+ 
+ extern char *crypt();
+ 

Copied: cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.26-size_t.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.26-size_t.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.26-size_t.patch	                        (rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.26-size_t.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,11 @@
+--- cyrus-sasl-2.1.26/include/sasl.h	2012-10-12 09:05:48.000000000 -0500
++++ cyrus-sasl-2.1.26/include/sasl.h	2013-01-31 13:21:04.007739327 -0600
+@@ -223,6 +223,8 @@ extern "C" {
+  * they must be called before all other SASL functions:
+  */
+ 
++#include <sys/types.h>
++
+ /* memory allocation functions which may optionally be replaced:
+  */
+ typedef void *sasl_malloc_t(size_t);

Copied: cyrus-sasl/repos/staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch	                        (rev 0)
+++ staging-x86_64/cyrus-sasl-2.1.27-openssl-1.1.0.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,435 @@
+diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c
+--- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110	2012-01-28 00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/ntlm.c	2016-11-07 16:15:57.498259304 +0100
+@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
+     return P24;
+ }
+ 
++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    return HMAC_CTX_new();
++#else
++    return utils->malloc(sizeof(HMAC_CTX));
++#endif
++}
++
++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    HMAC_CTX_free(ctx);
++#else
++    HMAC_cleanup(ctx);
++    utils->free(ctx);
++#endif
++}
++
+ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ 			 const char *authid, const char *target,
+ 			 const unsigned char *challenge,
+@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
+ 			 const sasl_utils_t *utils,
+ 			 char **buf, unsigned *buflen, int *result)
+ {
+-    HMAC_CTX ctx;
++    HMAC_CTX *ctx = NULL;
+     unsigned char hash[EVP_MAX_MD_SIZE];
+     char *upper;
+     unsigned int len;
+@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
+ 	SETERROR(utils, "cannot allocate NTLMv2 hash");
+ 	*result = SASL_NOMEM;
+     }
++    else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
++        SETERROR(utils, "cannot allocate HMAC CTX");
++        *result = SASL_NOMEM;
++    }
+     else {
+ 	/* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
+ 	P16_nt(hash, passwd, utils, buf, buflen, result);
+@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
+ 	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
+ 
+ 	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
+-	HMAC_Init(&ctx, hash, len, EVP_md5());
+-	HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
+-	HMAC_Update(&ctx, blob, bloblen);
+-	HMAC_Final(&ctx, V2, &len);
+-	HMAC_cleanup(&ctx);
++	HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
++	HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
++	HMAC_Update(ctx, blob, bloblen);
++	HMAC_Final(ctx, V2, &len);
+ 
+ 	/* the blob is concatenated outside of this function */
+ 
+ 	*result = SASL_OK;
+     }
+ 
++    if (ctx) _plug_HMAC_CTX_free(ctx, utils);
++
+     return V2;
+ }
+ 
+diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c
+--- cyrus-sasl-2.1.26/plugins/otp.c.openssl110	2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/plugins/otp.c	2016-11-07 16:13:54.374327601 +0100
+@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
+     {NULL,	0,	NULL}
+ };
+ 
++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    return EVP_MD_CTX_new();
++#else
++    return utils->malloc(sizeof(EVP_MD_CTX));
++#endif    
++}
++
++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_MD_CTX_free(ctx);
++#else
++    utils->free(ctx);
++#endif    
++}
++
+ /* Convert the binary data into ASCII hex */
+ void bin2hex(unsigned char *bin, int binlen, char *hex)
+ {
+@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
+  * swabbing bytes if necessary.
+  */
+ static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
+-		     unsigned char *out, int swab)
++		     unsigned char *out, int swab, EVP_MD_CTX *mdctx)
+ {
+-    EVP_MD_CTX mdctx;
+-    char hash[EVP_MAX_MD_SIZE];
++    unsigned char hash[EVP_MAX_MD_SIZE];
+     unsigned int i;
+     int j;
+     unsigned hashlen;
+     
+-    EVP_DigestInit(&mdctx, md);
+-    EVP_DigestUpdate(&mdctx, in, inlen);
+-    EVP_DigestFinal(&mdctx, hash, &hashlen);
++    EVP_DigestInit(mdctx, md);
++    EVP_DigestUpdate(mdctx, in, inlen);
++    EVP_DigestFinal(mdctx, hash, &hashlen);
+     
+     /* Fold the result into 64 bits */
+     for (i = OTP_HASH_SIZE; i < hashlen; i++) {
+@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
+ 			char *secret, char *otp)
+ {
+     const EVP_MD *md;
+-    char *key;
++    EVP_MD_CTX *mdctx = NULL;
++    char *key = NULL;
++    int r = SASL_OK;
+     
+     if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ 	utils->seterror(utils->conn, 0,
+@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
+ 	return SASL_FAIL;
+     }
+     
++    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++	SETERROR(utils, "cannot allocate MD CTX");
++	r = SASL_NOMEM;
++        goto done;
++    }
++    
+     if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
+ 	SETERROR(utils, "cannot allocate OTP key");
+-	return SASL_NOMEM;
++	r = SASL_NOMEM;
++        goto done;
+     }
+     
+     /* initial step */
+     strcpy(key, seed);
+     strcat(key, secret);
+-    otp_hash(md, key, strlen(key), otp, alg->swab);
++    otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
+     
+     /* computation step */
+     while (seq-- > 0)
+-	otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
+-    
+-    utils->free(key);
++        otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
++
++  done:
++    if (key) utils->free(key);
++    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+     
+-    return SASL_OK;
++    return r;
+ }
+ 
+ static int parse_challenge(const sasl_utils_t *utils,
+@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
+ 
+ /* Convert the 6 words into binary data */
+ static int word2bin(const sasl_utils_t *utils,
+-		    char *words, unsigned char *bin, const EVP_MD *md)
++		    char *words, unsigned char *bin, const EVP_MD *md,
++                    EVP_MD_CTX *mdctx)
+ {
+     int i, j;
+     char *c, *word, buf[OTP_RESPONSE_MAX+1];
+@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
+ 	
+ 	/* alternate dictionary */
+ 	if (alt_dict) {
+-	    EVP_MD_CTX mdctx;
+-	    char hash[EVP_MAX_MD_SIZE];
+-	    int hashlen;
++	    unsigned char hash[EVP_MAX_MD_SIZE];
++	    unsigned hashlen;
+ 	    
+-	    EVP_DigestInit(&mdctx, md);
+-	    EVP_DigestUpdate(&mdctx, word, strlen(word));
+-	    EVP_DigestFinal(&mdctx, hash, &hashlen);
++	    EVP_DigestInit(mdctx, md);
++	    EVP_DigestUpdate(mdctx, word, strlen(word));
++	    EVP_DigestFinal(mdctx, hash, &hashlen);
+ 	    
+ 	    /* use lowest 11 bits */
+ 	    x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
+@@ -802,6 +834,7 @@ static int verify_response(server_contex
+ 			   char *response)
+ {
+     const EVP_MD *md;
++    EVP_MD_CTX *mdctx = NULL;
+     char *c;
+     int do_init = 0;
+     unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
+@@ -815,6 +848,11 @@ static int verify_response(server_contex
+ 	return SASL_FAIL;
+     }
+     
++    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++	SETERROR(utils, "cannot allocate MD CTX");
++	return SASL_NOMEM;
++    }
++    
+     /* eat leading whitespace */
+     c = response;
+     while (isspace((int) *c)) c++;
+@@ -824,7 +862,7 @@ static int verify_response(server_contex
+ 	    r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
+ 	}
+ 	else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
+-	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
++	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
+ 	}
+ 	else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
+ 			      strlen(OTP_INIT_HEX_TYPE))) {
+@@ -834,7 +872,7 @@ static int verify_response(server_contex
+ 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ 			      strlen(OTP_INIT_WORD_TYPE))) {
+ 	    do_init = 1;
+-	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
++	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
+ 	}
+ 	else {
+ 	    SETERROR(utils, "unknown OTP extended response type");
+@@ -843,14 +881,15 @@ static int verify_response(server_contex
+     }
+     else {
+ 	/* standard response, try word first, and then hex */
+-	r = word2bin(utils, c, cur_otp, md);
++	r = word2bin(utils, c, cur_otp, md, mdctx);
+ 	if (r != SASL_OK)
+ 	    r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
+     }
+     
+     if (r == SASL_OK) {
+ 	/* do one more hash (previous otp) and compare to stored otp */
+-	otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
++	otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
++                 prev_otp, text->alg->swab, mdctx);
+ 	
+ 	if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
+ 	    /* update the secret with this seq/otp */
+@@ -879,23 +918,28 @@ static int verify_response(server_contex
+ 		*new_resp++ = '\0';
+ 	}
+ 	
+-	if (!(new_chal && new_resp))
+-	    return SASL_BADAUTH;
++	if (!(new_chal && new_resp)) {
++	    r = SASL_BADAUTH;
++            goto done;
++        }
+ 	
+ 	if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
+ 	    != SASL_OK) {
+-	    return r;
++            goto done;
+ 	}
+ 	
+-	if (seq < 1 || !strcasecmp(seed, text->seed))
+-	    return SASL_BADAUTH;
++	if (seq < 1 || !strcasecmp(seed, text->seed)) {
++	    r = SASL_BADAUTH;
++            goto done;
++        }
+ 	
+ 	/* find the MDA */
+ 	if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ 	    utils->seterror(utils->conn, 0,
+ 			    "OTP algorithm %s is not available",
+ 			    alg->evp_name);
+-	    return SASL_BADAUTH;
++	    r = SASL_BADAUTH;
++            goto done;
+ 	}
+ 	
+ 	if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
+@@ -903,7 +947,7 @@ static int verify_response(server_contex
+ 	}
+ 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ 			      strlen(OTP_INIT_WORD_TYPE))) {
+-	    r = word2bin(utils, new_resp, new_otp, md);
++	    r = word2bin(utils, new_resp, new_otp, md, mdctx);
+ 	}
+ 	
+ 	if (r == SASL_OK) {
+@@ -914,7 +958,10 @@ static int verify_response(server_contex
+ 	    memcpy(text->otp, new_otp, OTP_HASH_SIZE);
+ 	}
+     }
+-    
++
++  done:
++    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
++
+     return r;
+ }
+ 
+diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c
+--- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110	2016-11-07 16:13:54.347327616 +0100
++++ cyrus-sasl-2.1.26/saslauthd/lak.c	2016-11-07 16:18:42.283167898 +0100
+@@ -61,6 +61,35 @@
+ #include <sasl.h>
+ #include "lak.h"
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++	return EVP_MD_CTX_create();
++}
++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++	if (ctx == NULL)
++		return;
++
++	EVP_MD_CTX_destroy(ctx);
++}
++
++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
++{
++	EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
++
++	if (ctx != NULL) {
++		memset(ctx, 0, sizeof(*ctx));
++	}
++	return ctx;
++}
++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
++{
++	OPENSSL_free(ctx);
++	return;
++}
++#endif
++
+ typedef struct lak_auth_method {
+ 	int method;
+ 	int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
+@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
+ 
+ 	int rc, i, tlen = 0;
+ 	char *text;
+-	EVP_ENCODE_CTX EVP_ctx;
++	EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
+ 
+-	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
+ 	if (text == NULL)
+ 		return LAK_NOMEM;
+ 
+-	EVP_DecodeInit(&EVP_ctx);
+-	rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
++	text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
++	if (text == NULL) {
++		EVP_ENCODE_CTX_free(enc_ctx);
++		return LAK_NOMEM;
++	}
++
++	EVP_DecodeInit(enc_ctx);
++	rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
+ 	if (rc < 0) {
++		EVP_ENCODE_CTX_free(enc_ctx);
+ 		free(text);
+ 		return LAK_FAIL;
+ 	}
+ 	tlen += i;
+-	EVP_DecodeFinal(&EVP_ctx, text, &i); 
++	EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); 
++
++	EVP_ENCODE_CTX_free(enc_ctx);
+ 
+ 	*ret = text;
+ 	if (rlen != NULL)
+@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
+ {
+ 	int rc, clen;
+ 	LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx;
+ 	const EVP_MD *md;
+ 	unsigned char digest[EVP_MAX_MD_SIZE];
+ 	char *cred;
+@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
+ 	if (!md)
+ 		return LAK_FAIL;
+ 
++	mdctx = EVP_MD_CTX_new();
++	if (!mdctx)
++		return LAK_NOMEM;
++
+ 	rc = lak_base64_decode(hash, &cred, &clen);
+-	if (rc != LAK_OK)
++	if (rc != LAK_OK) {
++		EVP_MD_CTX_free(mdctx);
+ 		return rc;
++	}
+ 
+-	EVP_DigestInit(&mdctx, md);
+-	EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
++	EVP_DigestInit(mdctx, md);
++	EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
+ 	if (hrock->salted) {
+-		EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
++		EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
+ 				 clen - EVP_MD_size(md));
+ 	}
+-	EVP_DigestFinal(&mdctx, digest, NULL);
++	EVP_DigestFinal(mdctx, digest, NULL);
++	EVP_MD_CTX_free(mdctx);
+ 
+ 	rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
+ 	free(cred);

Copied: cyrus-sasl/repos/staging-x86_64/cyrus-sasl-gssapi.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-gssapi.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-gssapi.patch	                        (rev 0)
+++ staging-x86_64/cyrus-sasl-gssapi.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,16 @@
+diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c	2016-06-10 13:55:25.985676293 -0700
++++ cyrus-sasl-2.1.26/plugins/gssapi.c	2016-06-10 13:58:00.687337430 -0700
+@@ -1583,10 +1583,10 @@
+ 	}
+ 
+ 	/* Setup req_flags properly */
+-	req_flags = GSS_C_INTEG_FLAG;
++	req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ 	if (params->props.max_ssf > params->external_ssf) {
+ 	    /* We are requesting a security layer */
+-	    req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++	    req_flags |= GSS_C_INTEG_FLAG;
+ 	    /* Any SSF bigger than 1 is confidentiality. */
+ 	    /* Let's check if the client of the API requires confidentiality,
+ 	       and it wasn't already provided by an external layer */

Copied: cyrus-sasl/repos/staging-x86_64/cyrus-sasl-sql.patch (from rev 289930, cyrus-sasl/trunk/cyrus-sasl-sql.patch)
===================================================================
--- staging-x86_64/cyrus-sasl-sql.patch	                        (rev 0)
+++ staging-x86_64/cyrus-sasl-sql.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,39 @@
+--- configure.in	2012-10-12 16:05:48.000000000 +0200
++++ configure.in	2013-05-11 18:48:59.021848013 +0200
+@@ -861,9 +860,9 @@
+     notfound) AC_WARN([SQLite Library not found]); true;;
+     *)
+      if test -d ${with_sqlite}/lib; then
+-         LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
++         LIB_SQLITE="-L${with_sqlite}/lib"
+      else
+-         LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
++         LIB_SQLITE="-L${with_sqlite}"
+      fi
+ 
+      LIB_SQLITE_DIR=$LIB_SQLITE
+@@ -913,9 +912,9 @@
+     notfound) AC_WARN([SQLite3 Library not found]); true;;
+     *)
+      if test -d ${with_sqlite3}/lib; then
+-         LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
++         LIB_SQLITE3="-L${with_sqlite3}/lib"
+      else
+-         LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
++         LIB_SQLITE3="-L${with_sqlite3}"
+      fi
+ 
+      LIB_SQLITE3_DIR=$LIB_SQLITE3
+--- configure.in
++++ configure.in
+@@ -674,7 +674,9 @@
+      LIB_PGSQL_DIR=$LIB_PGSQL
+      LIB_PGSQL="$LIB_PGSQL -lpq"
+ 
+-     if test -d ${with_pgsql}/include/pgsql; then
++     if test -d ${with_pgsql}/include/postgresql/pgsql; then
++         CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
++     elif test -d ${with_pgsql}/include/pgsql; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+      elif test -d ${with_pgsql}/pgsql/include; then
+          CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"

Copied: cyrus-sasl/repos/staging-x86_64/fix-pkgconfig.patch (from rev 289930, cyrus-sasl/trunk/fix-pkgconfig.patch)
===================================================================
--- staging-x86_64/fix-pkgconfig.patch	                        (rev 0)
+++ staging-x86_64/fix-pkgconfig.patch	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,27 @@
+From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <icq at gnome.org>
+Date: Fri, 20 Nov 2015 11:16:31 +0100
+Subject: [PATCH] Fix up pkgconfig pc file
+
+---
+ libsasl2.pc.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsasl2.pc.in b/libsasl2.pc.in
+index 40bea37..ddad76d 100644
+--- a/libsasl2.pc.in
++++ b/libsasl2.pc.in
+@@ -1,8 +1,12 @@
+-libdir = @libdir@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
+ 
+ Name: Cyrus SASL
+ Description: Cyrus SASL implementation
+ URL: http://www.cyrussasl.org/
+ Version: @VERSION@
++Cflags: -I${includedir}
+ Libs: -L${libdir} -lsasl2
+ Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@

Copied: cyrus-sasl/repos/staging-x86_64/saslauthd.conf.d (from rev 289930, cyrus-sasl/trunk/saslauthd.conf.d)
===================================================================
--- staging-x86_64/saslauthd.conf.d	                        (rev 0)
+++ staging-x86_64/saslauthd.conf.d	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1 @@
+SASLAUTHD_OPTS="-a pam"

Copied: cyrus-sasl/repos/staging-x86_64/saslauthd.service (from rev 289930, cyrus-sasl/trunk/saslauthd.service)
===================================================================
--- staging-x86_64/saslauthd.service	                        (rev 0)
+++ staging-x86_64/saslauthd.service	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cyrus SASL authentication daemon
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+PIDFile=/var/run/saslauthd/saslauthd.pid
+
+[Install]
+WantedBy=multi-user.target

Copied: cyrus-sasl/repos/staging-x86_64/tmpfiles.conf (from rev 289930, cyrus-sasl/trunk/tmpfiles.conf)
===================================================================
--- staging-x86_64/tmpfiles.conf	                        (rev 0)
+++ staging-x86_64/tmpfiles.conf	2017-03-03 12:39:27 UTC (rev 289931)
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root - -



More information about the arch-commits mailing list