[arch-commits] Commit in libsasl/trunk (22 files)
Jan de Groot
jgc at archlinux.org
Sun Feb 3 15:35:27 UTC 2019
Date: Sunday, February 3, 2019 @ 15:35:26
Author: jgc
Revision: 345182
upgpkg: cyrus-sasl 2.1.27-1
Added:
libsasl/trunk/0003-Update-saslauthd.conf-location-in-documentation.patch
(from rev 345181, cyrus-sasl/trunk/0003-Update-saslauthd.conf-location-in-documentation.patch)
libsasl/trunk/0006-Enable-autoconf-maintainer-mode.patch
(from rev 345181, cyrus-sasl/trunk/0006-Enable-autoconf-maintainer-mode.patch)
libsasl/trunk/0010-Update-required-libraries-when-ld-as-needed-is-used.patch
(from rev 345181, cyrus-sasl/trunk/0010-Update-required-libraries-when-ld-as-needed-is-used.patch)
libsasl/trunk/0013-Don-t-use-la-files-for-opening-plugins.patch
(from rev 345181, cyrus-sasl/trunk/0013-Don-t-use-la-files-for-opening-plugins.patch)
libsasl/trunk/0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch
(from rev 345181, cyrus-sasl/trunk/0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch)
libsasl/trunk/0022-Fix-keytab-option-for-MIT-Kerberos.patch
(from rev 345181, cyrus-sasl/trunk/0022-Fix-keytab-option-for-MIT-Kerberos.patch)
libsasl/trunk/0032-Add-with_pgsql-include-postgresql-to-include-path.patch
(from rev 345181, cyrus-sasl/trunk/0032-Add-with_pgsql-include-postgresql-to-include-path.patch)
libsasl/trunk/gdbm-errno.patch
(from rev 345181, cyrus-sasl/trunk/gdbm-errno.patch)
Modified:
libsasl/trunk/PKGBUILD
Deleted:
libsasl/trunk/0010_maintainer_mode.patch
libsasl/trunk/0011_saslauthd_ac_prog_libtool.patch
libsasl/trunk/0025_ld_as_needed.patch
libsasl/trunk/0026_drop_krb5support_dependency.patch
libsasl/trunk/0030-dont_use_la_files_for_opening_plugins.patch
libsasl/trunk/CVE-2013-4122.patch
libsasl/trunk/cyrus-sasl-2.1.22-as-needed.patch
libsasl/trunk/cyrus-sasl-2.1.22-qa.patch
libsasl/trunk/cyrus-sasl-2.1.26-size_t.patch
libsasl/trunk/cyrus-sasl-2.1.27-openssl-1.1.0.patch
libsasl/trunk/cyrus-sasl-gssapi.patch
libsasl/trunk/cyrus-sasl-sql.patch
libsasl/trunk/fix-pkgconfig.patch
-----------------------------------------------------------------+
0003-Update-saslauthd.conf-location-in-documentation.patch | 41
0006-Enable-autoconf-maintainer-mode.patch | 22
0010-Update-required-libraries-when-ld-as-needed-is-used.patch | 37
0010_maintainer_mode.patch | 19
0011_saslauthd_ac_prog_libtool.patch | 15
0013-Don-t-use-la-files-for-opening-plugins.patch | 153 +++
0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch | 26
0022-Fix-keytab-option-for-MIT-Kerberos.patch | 66 +
0025_ld_as_needed.patch | 27
0026_drop_krb5support_dependency.patch | 14
0030-dont_use_la_files_for_opening_plugins.patch | 134 ---
0032-Add-with_pgsql-include-postgresql-to-include-path.patch | 23
CVE-2013-4122.patch | 116 --
PKGBUILD | 97 --
cyrus-sasl-2.1.22-as-needed.patch | 11
cyrus-sasl-2.1.22-qa.patch | 22
cyrus-sasl-2.1.26-size_t.patch | 11
cyrus-sasl-2.1.27-openssl-1.1.0.patch | 435 ----------
cyrus-sasl-gssapi.patch | 16
cyrus-sasl-sql.patch | 39
fix-pkgconfig.patch | 27
gdbm-errno.patch | 29
22 files changed, 434 insertions(+), 946 deletions(-)
Copied: libsasl/trunk/0003-Update-saslauthd.conf-location-in-documentation.patch (from rev 345181, cyrus-sasl/trunk/0003-Update-saslauthd.conf-location-in-documentation.patch)
===================================================================
--- 0003-Update-saslauthd.conf-location-in-documentation.patch (rev 0)
+++ 0003-Update-saslauthd.conf-location-in-documentation.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,41 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:03 +0100
+Subject: Update saslauthd.conf location in documentation
+
+date format (cosmetic).
+---
+ saslauthd/saslauthd.mdoc | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc
+index 0c2209e..17c9284 100644
+--- a/saslauthd/saslauthd.mdoc
++++ b/saslauthd/saslauthd.mdoc
+@@ -10,7 +10,7 @@
+ .\" manpage in saslauthd.8 whenever you change this source
+ .\" version. Only the pre-formatted manpage is installed.
+ .\"
+-.Dd 12 12 2005
++.Dd December 12 2005
+ .Dt SASLAUTHD 8
+ .Os "CMU-SASL"
+ .Sh NAME
+@@ -245,7 +245,7 @@ instead.
+ .Em (All platforms that support OpenLDAP 2.0 or higher)
+ .Pp
+ Authenticate against an ldap server. The ldap configuration parameters are
+-read from /usr/local/etc/saslauthd.conf. The location of this file can be
++read from /etc/saslauthd.conf. The location of this file can be
+ changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
+ distribution for the list of available parameters.
+ .It Li sia
+@@ -278,7 +278,7 @@ was never intended to be used in this manner, anyway.)
+ .Bl -tag -width "/var/run/saslauthd/mux"
+ .It Pa /var/run/saslauthd/mux
+ The default communications socket.
+-.It Pa /usr/local/etc/saslauthd.conf
++.It Pa /etc/saslauthd.conf
+ The default configuration file for ldap support.
+ .El
+ .Sh SEE ALSO
Copied: libsasl/trunk/0006-Enable-autoconf-maintainer-mode.patch (from rev 345181, cyrus-sasl/trunk/0006-Enable-autoconf-maintainer-mode.patch)
===================================================================
--- 0006-Enable-autoconf-maintainer-mode.patch (rev 0)
+++ 0006-Enable-autoconf-maintainer-mode.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,22 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:03 +0100
+Subject: Enable autoconf maintainer mode
+
+---
+ configure.ac | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 388f5d0..b3db52c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -69,6 +69,8 @@ AC_CANONICAL_TARGET
+
+ AM_INIT_AUTOMAKE([1.11 tar-ustar dist-bzip2 foreign -Wno-portability subdir-objects])
+
++AM_MAINTAINER_MODE
++
+ DIRS=""
+
+ AC_ARG_ENABLE(cmulocal,
Copied: libsasl/trunk/0010-Update-required-libraries-when-ld-as-needed-is-used.patch (from rev 345181, cyrus-sasl/trunk/0010-Update-required-libraries-when-ld-as-needed-is-used.patch)
===================================================================
--- 0010-Update-required-libraries-when-ld-as-needed-is-used.patch (rev 0)
+++ 0010-Update-required-libraries-when-ld-as-needed-is-used.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,37 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:04 +0100
+Subject: Update required libraries when ld --as-needed is used
+
+it.
+---
+ saslauthd/Makefile.am | 2 +-
+ sasldb/Makefile.am | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
+index 864b29b..4cf3a3d 100644
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -25,7 +25,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c getnameinfo.c
+ saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
+ saslauthd_LDADD = @SASL_KRB_LIB@ \
+ @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
+
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+diff --git a/sasldb/Makefile.am b/sasldb/Makefile.am
+index 497ee25..a27645f 100644
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -54,6 +54,6 @@ noinst_LTLIBRARIES = libsasldb.la
+
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+ libsasldb_la_LDFLAGS = -no-undefined
Deleted: 0010_maintainer_mode.patch
===================================================================
--- 0010_maintainer_mode.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ 0010_maintainer_mode.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,19 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 0010_maintainer_mode.dpatch by <fabbe at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Enable maintainer mode to avoid auto* problems.
-
- at DPATCH@
-diff -urNad trunk~/configure.in trunk/configure.in
---- trunk~/configure.in 2006-05-29 22:52:46.000000000 +0300
-+++ trunk/configure.in 2006-11-01 23:24:55.000000000 +0200
-@@ -62,6 +62,8 @@
- AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.22)
- CMU_INIT_AUTOMAKE
-
-+AM_MAINTAINER_MODE
-+
- # and include our config dir scripts
- ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
-
Deleted: 0011_saslauthd_ac_prog_libtool.patch
===================================================================
--- 0011_saslauthd_ac_prog_libtool.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ 0011_saslauthd_ac_prog_libtool.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,15 +0,0 @@
-0011_saslauthd_ac_prog_libtool.dpatch by <fabbe at debian.org>
-
-Enable libtool use.
-
-diff -urNad trunk~/saslauthd/configure.in trunk/saslauthd/configure.in
---- trunk~/saslauthd/configure.in 2006-05-29 22:52:42.000000000 +0300
-+++ trunk/saslauthd/configure.in 2006-11-01 23:41:51.000000000 +0200
-@@ -25,6 +25,7 @@
- AC_PROG_MAKE_SET
- AC_PROG_LN_S
- AC_PROG_INSTALL
-+AC_PROG_LIBTOOL
-
- dnl Checks for build foo
- CMU_C___ATTRIBUTE__
Copied: libsasl/trunk/0013-Don-t-use-la-files-for-opening-plugins.patch (from rev 345181, cyrus-sasl/trunk/0013-Don-t-use-la-files-for-opening-plugins.patch)
===================================================================
--- 0013-Don-t-use-la-files-for-opening-plugins.patch (rev 0)
+++ 0013-Don-t-use-la-files-for-opening-plugins.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,153 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:04 +0100
+Subject: Don't use la files for opening plugins
+
+---
+ lib/dlopen.c | 121 ++++-------------------------------------------------------
+ 1 file changed, 7 insertions(+), 114 deletions(-)
+
+diff --git a/lib/dlopen.c b/lib/dlopen.c
+index 8284cd8..ef90b11 100644
+--- a/lib/dlopen.c
++++ b/lib/dlopen.c
+@@ -246,113 +246,6 @@ static int _sasl_plugin_load(char *plugin, void *library,
+ return result;
+ }
+
+-/* this returns the file to actually open.
+- * out should be a buffer of size PATH_MAX
+- * and may be the same as in. */
+-
+-/* We'll use a static buffer for speed unless someone complains */
+-#define MAX_LINE 2048
+-
+-static int _parse_la(const char *prefix, const char *in, char *out)
+-{
+- FILE *file;
+- size_t length;
+- char line[MAX_LINE];
+- char *ntmp = NULL;
+-
+- if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
+-
+- /* Set this so we can detect failure */
+- *out = '\0';
+-
+- length = strlen(in);
+-
+- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
+- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
+- /* check for a .la file */
+- if (strlen(prefix) + strlen(in) + strlen(LA_SUFFIX) + 1 >= MAX_LINE)
+- return SASL_BADPARAM;
+- strcpy(line, prefix);
+- strcat(line, in);
+- length = strlen(line);
+- *(line + (length - strlen(SO_SUFFIX))) = '\0';
+- strcat(line, LA_SUFFIX);
+- file = fopen(line, "r");
+- if(file) {
+- /* We'll get it on the .la open */
+- fclose(file);
+- return SASL_FAIL;
+- }
+- }
+- if (strlen(prefix) + strlen(in) + 1 >= PATH_MAX)
+- return SASL_BADPARAM;
+- strcpy(out, prefix);
+- strcat(out, in);
+- return SASL_OK;
+- }
+-
+- if (strlen(prefix) + strlen(in) + 1 >= MAX_LINE)
+- return SASL_BADPARAM;
+- strcpy(line, prefix);
+- strcat(line, in);
+-
+- file = fopen(line, "r");
+- if(!file) {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "unable to open LA file: %s", line);
+- return SASL_FAIL;
+- }
+-
+- while(!feof(file)) {
+- if(!fgets(line, MAX_LINE, file)) break;
+- if(line[strlen(line) - 1] != '\n') {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "LA file has too long of a line: %s", in);
+- fclose(file);
+- return SASL_BUFOVER;
+- }
+- if(line[0] == '\n' || line[0] == '#') continue;
+- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
+- /* We found the line with the name in it */
+- char *end;
+- char *start;
+- size_t len;
+- end = strrchr(line, '\'');
+- if(!end) continue;
+- start = &line[sizeof("dlname=")-1];
+- len = strlen(start);
+- if(len > 3 && start[0] == '\'') {
+- ntmp=&start[1];
+- *end='\0';
+- /* Do we have dlname="" ? */
+- if(ntmp == end) {
+- _sasl_log(NULL, SASL_LOG_DEBUG,
+- "dlname is empty in .la file: %s", in);
+- fclose(file);
+- return SASL_FAIL;
+- }
+- strcpy(out, prefix);
+- strcat(out, ntmp);
+- }
+- break;
+- }
+- }
+- if(ferror(file) || feof(file)) {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "Error reading .la: %s\n", in);
+- fclose(file);
+- return SASL_FAIL;
+- }
+- fclose(file);
+-
+- if(!(*out)) {
+- _sasl_log(NULL, SASL_LOG_WARN,
+- "Could not find a dlname line in .la file: %s", in);
+- return SASL_FAIL;
+- }
+-
+- return SASL_OK;
+-}
+ #endif /* DO_DLOPEN */
+
+ /* loads a plugin library */
+@@ -506,18 +399,18 @@ int _sasl_load_plugins(const add_plugin_list_t *entrypoints,
+ if (length + pos>=PATH_MAX) continue; /* too big */
+
+ if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
+- SO_SUFFIX)
+- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
+- LA_SUFFIX))
++ SO_SUFFIX))
+ continue;
+
++ /* We only use .so files for loading plugins */
++
+ memcpy(name,dir->d_name,length);
+ name[length]='\0';
+
+- result = _parse_la(prefix, name, tmp);
+- if(result != SASL_OK)
+- continue;
+-
++ /* Create full name with path */
++ strncpy(tmp, prefix, PATH_MAX);
++ strncat(tmp, name, PATH_MAX);
++
+ /* skip "lib" and cut off suffix --
+ this only need be approximate */
+ strcpy(plugname, name + 3);
Copied: libsasl/trunk/0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch (from rev 345181, cyrus-sasl/trunk/0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch)
===================================================================
--- 0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch (rev 0)
+++ 0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,26 @@
+From 31b68a9438c24fc9e3e52f626462bf514de31757 Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan at nardis.ca>
+Date: Mon, 24 Dec 2018 15:07:02 -0800
+Subject: [PATCH] Restore LIBS after checking gss_inquire_sec_context_by_oid
+
+Fixes: 4b0306dcd76031460246b2dabcb7db766d6b04d8
+---
+ m4/sasl2.m4 | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 56e0504a..17f5d081 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -311,9 +311,10 @@ if test "$gssapi" != no; then
+ [AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
+ [Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
+ fi
++ LIBS="$cmu_save_LIBS"
++
+ cmu_save_LIBS="$LIBS"
+ LIBS="$LIBS $GSSAPIBASE_LIBS"
+-
+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+ AC_TRY_RUN([
+ #ifdef HAVE_GSSAPI_H
Copied: libsasl/trunk/0022-Fix-keytab-option-for-MIT-Kerberos.patch (from rev 345181, cyrus-sasl/trunk/0022-Fix-keytab-option-for-MIT-Kerberos.patch)
===================================================================
--- 0022-Fix-keytab-option-for-MIT-Kerberos.patch (rev 0)
+++ 0022-Fix-keytab-option-for-MIT-Kerberos.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,66 @@
+From: Debian Cyrus SASL Team
+ <pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org>
+Date: Thu, 24 Mar 2016 11:35:05 +0100
+Subject: Fix keytab option for MIT Kerberos
+
+---
+ m4/sasl2.m4 | 1 +
+ plugins/gssapi.c | 11 ++++++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 56e0504..a90f7b4 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -282,6 +282,7 @@ if test "$gssapi" != no; then
+ ])
+ fi
+ fi
++ AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity)
+ AC_CHECK_FUNCS(gss_decapsulate_token)
+ AC_CHECK_FUNCS(gss_encapsulate_token)
+ AC_CHECK_FUNCS(gss_oid_equal)
+diff --git a/plugins/gssapi.c b/plugins/gssapi.c
+index ff663da..7c69ac2 100644
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -1545,7 +1545,7 @@ static sasl_server_plug_t gssapi_server_plugins[] =
+ };
+
+ int gssapiv2_server_plug_init(
+-#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
++#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+ const sasl_utils_t *utils __attribute__((unused)),
+ #else
+ const sasl_utils_t *utils,
+@@ -1555,7 +1555,7 @@ int gssapiv2_server_plug_init(
+ sasl_server_plug_t **pluglist,
+ int *plugcount)
+ {
+-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
++#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+ const char *keytab = NULL;
+ char keytab_path[1024];
+ unsigned int rl;
+@@ -1565,7 +1565,7 @@ int gssapiv2_server_plug_init(
+ return SASL_BADVERS;
+ }
+
+-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
++#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+ /* unfortunately, we don't check for readability of keytab if it's
+ the standard one, since we don't know where it is */
+
+@@ -1587,7 +1587,12 @@ int gssapiv2_server_plug_init(
+
+ strncpy(keytab_path, keytab, 1024);
+
++#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+ gsskrb5_register_acceptor_identity(keytab_path);
++#endif
++#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
++ krb5_gss_register_acceptor_identity(keytab_path);
++#endif
+ }
+ #endif
+
Deleted: 0025_ld_as_needed.patch
===================================================================
--- 0025_ld_as_needed.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ 0025_ld_as_needed.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,27 +0,0 @@
-Author: Matthias Klose <doko at ubuntu.com>
-Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
-it.
---- a/saslauthd/Makefile.am
-+++ b/saslauthd/Makefile.am
-@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
- saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
- saslauthd_LDADD = @SASL_KRB_LIB@ \
- @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
-- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
-+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
-
- testsaslauthd_SOURCES = testsaslauthd.c utils.c
- testsaslauthd_LDADD = @LIB_SOCKET@
---- a/sasldb/Makefile.am
-+++ b/sasldb/Makefile.am
-@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
-
- libsasldb_la_SOURCES = allockey.c sasldb.h
- EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
--libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
--libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
-+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
-+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
-
- # Prevent make dist stupidity
- libsasldb_a_SOURCES =
Deleted: 0026_drop_krb5support_dependency.patch
===================================================================
--- 0026_drop_krb5support_dependency.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ 0026_drop_krb5support_dependency.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,14 +0,0 @@
-Author: Roberto C. Sanchez <roberto at connexer.com>
-Description: Drop gratuitous dependency on krb5support
---- a/cmulocal/sasl2.m4
-+++ b/cmulocal/sasl2.m4
-@@ -112,9 +112,6 @@ if test "$gssapi" != no; then
- fi
-
- if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
-- # check for libkrb5support first
-- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
--
- gss_failed=0
- AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
- ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
Deleted: 0030-dont_use_la_files_for_opening_plugins.patch
===================================================================
--- 0030-dont_use_la_files_for_opening_plugins.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ 0030-dont_use_la_files_for_opening_plugins.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,134 +0,0 @@
---- a/lib/dlopen.c
-+++ b/lib/dlopen.c
-@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
- return result;
- }
-
--/* this returns the file to actually open.
-- * out should be a buffer of size PATH_MAX
-- * and may be the same as in. */
--
--/* We'll use a static buffer for speed unless someone complains */
--#define MAX_LINE 2048
--
--static int _parse_la(const char *prefix, const char *in, char *out)
--{
-- FILE *file;
-- size_t length;
-- char line[MAX_LINE];
-- char *ntmp = NULL;
--
-- if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
--
-- /* Set this so we can detect failure */
-- *out = '\0';
--
-- length = strlen(in);
--
-- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
-- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
-- /* check for a .la file */
-- strcpy(line, prefix);
-- strcat(line, in);
-- length = strlen(line);
-- *(line + (length - strlen(SO_SUFFIX))) = '\0';
-- strcat(line, LA_SUFFIX);
-- file = fopen(line, "r");
-- if(file) {
-- /* We'll get it on the .la open */
-- fclose(file);
-- return SASL_FAIL;
-- }
-- }
-- strcpy(out, prefix);
-- strcat(out, in);
-- return SASL_OK;
-- }
--
-- strcpy(line, prefix);
-- strcat(line, in);
--
-- file = fopen(line, "r");
-- if(!file) {
-- _sasl_log(NULL, SASL_LOG_WARN,
-- "unable to open LA file: %s", line);
-- return SASL_FAIL;
-- }
--
-- while(!feof(file)) {
-- if(!fgets(line, MAX_LINE, file)) break;
-- if(line[strlen(line) - 1] != '\n') {
-- _sasl_log(NULL, SASL_LOG_WARN,
-- "LA file has too long of a line: %s", in);
-- return SASL_BUFOVER;
-- }
-- if(line[0] == '\n' || line[0] == '#') continue;
-- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
-- /* We found the line with the name in it */
-- char *end;
-- char *start;
-- size_t len;
-- end = strrchr(line, '\'');
-- if(!end) continue;
-- start = &line[sizeof("dlname=")-1];
-- len = strlen(start);
-- if(len > 3 && start[0] == '\'') {
-- ntmp=&start[1];
-- *end='\0';
-- /* Do we have dlname="" ? */
-- if(ntmp == end) {
-- _sasl_log(NULL, SASL_LOG_DEBUG,
-- "dlname is empty in .la file: %s", in);
-- return SASL_FAIL;
-- }
-- strcpy(out, prefix);
-- strcat(out, ntmp);
-- }
-- break;
-- }
-- }
-- if(ferror(file) || feof(file)) {
-- _sasl_log(NULL, SASL_LOG_WARN,
-- "Error reading .la: %s\n", in);
-- fclose(file);
-- return SASL_FAIL;
-- }
-- fclose(file);
--
-- if(!(*out)) {
-- _sasl_log(NULL, SASL_LOG_WARN,
-- "Could not find a dlname line in .la file: %s", in);
-- return SASL_FAIL;
-- }
--
-- return SASL_OK;
--}
- #endif /* DO_DLOPEN */
-
- /* loads a plugin library */
-@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
- if (length + pos>=PATH_MAX) continue; /* too big */
-
- if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
-- SO_SUFFIX)
-- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
-- LA_SUFFIX))
-+ SO_SUFFIX))
- continue;
-
-+ /* We only use .so files for loading plugins */
-+
- memcpy(name,dir->d_name,length);
- name[length]='\0';
-
-- result = _parse_la(prefix, name, tmp);
-- if(result != SASL_OK)
-- continue;
--
-+ /* Create full name with path */
-+ strncpy(tmp, prefix, PATH_MAX);
-+ strncat(tmp, name, PATH_MAX);
-+
- /* skip "lib" and cut off suffix --
- this only need be approximate */
- strcpy(plugname, name + 3);
Copied: libsasl/trunk/0032-Add-with_pgsql-include-postgresql-to-include-path.patch (from rev 345181, cyrus-sasl/trunk/0032-Add-with_pgsql-include-postgresql-to-include-path.patch)
===================================================================
--- 0032-Add-with_pgsql-include-postgresql-to-include-path.patch (rev 0)
+++ 0032-Add-with_pgsql-include-postgresql-to-include-path.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,23 @@
+From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej at sury.org>
+Date: Tue, 25 Oct 2016 12:33:27 +0200
+Subject: Add ${with_pgsql}include/postgresql/ to include path
+
+---
+ configure.ac | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fe7f0eb..1882f31 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -894,7 +894,9 @@ case "$with_pgsql" in
+ LIB_PGSQL_DIR=$LIB_PGSQL
+ LIB_PGSQL="$LIB_PGSQL -lpq"
+
+- if test -d ${with_pgsql}/include/pgsql; then
++ if test -d ${with_pgsql}/include/postgresql/; then
++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql"
++ elif test -d ${with_pgsql}/include/pgsql; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+ elif test -d ${with_pgsql}/pgsql/include; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"
Deleted: CVE-2013-4122.patch
===================================================================
--- CVE-2013-4122.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ CVE-2013-4122.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,116 +0,0 @@
-From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
-From: mancha <mancha1 at hush.com>
-Date: Thu, 11 Jul 2013 09:08:07 +0000
-Subject: Handle NULL returns from glibc 2.17+ crypt()
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-When using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
-
-Patch by mancha1 at hush.com.
----
-diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
-index 4b34222..400289c 100644
---- a/pwcheck/pwcheck_getpwnam.c
-+++ b/pwcheck/pwcheck_getpwnam.c
-@@ -32,6 +32,7 @@ char *userid;
- char *password;
- {
- char* r;
-+ char* crpt_passwd;
- struct passwd *pwd;
-
- pwd = getpwnam(userid);
-@@ -41,7 +42,7 @@ char *password;
- else if (pwd->pw_passwd[0] == '*') {
- r = "Account disabled";
- }
-- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
- r = "Incorrect password";
- }
- else {
-diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
-index 2b11286..6d607bb 100644
---- a/pwcheck/pwcheck_getspnam.c
-+++ b/pwcheck/pwcheck_getspnam.c
-@@ -32,13 +32,15 @@ char *userid;
- char *password;
- {
- struct spwd *pwd;
-+ char *crpt_passwd;
-
- pwd = getspnam(userid);
- if (!pwd) {
- return "Userid not found";
- }
-
-- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
-+ crpt_passwd = crypt(password, pwd->sp_pwdp);
-+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
- return "Incorrect password";
- }
- else {
-diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
-index fc8029d..d4ebe54 100644
---- a/saslauthd/auth_getpwent.c
-+++ b/saslauthd/auth_getpwent.c
-@@ -77,6 +77,7 @@ auth_getpwent (
- {
- /* VARIABLES */
- struct passwd *pw; /* pointer to passwd file entry */
-+ char *crpt_passwd; /* encrypted password */
- int errnum;
- /* END VARIABLES */
-
-@@ -105,7 +106,8 @@ auth_getpwent (
- }
- }
-
-- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+ crpt_passwd = crypt(password, pw->pw_passwd);
-+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- }
-diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
-index 677131b..1988afd 100644
---- a/saslauthd/auth_shadow.c
-+++ b/saslauthd/auth_shadow.c
-@@ -210,8 +210,8 @@ auth_shadow (
- RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
- }
-
-- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
-- if (strcmp(sp->sp_pwdp, cpw)) {
-+ cpw = crypt(password, sp->sp_pwdp);
-+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
- if (flags & VERBOSE) {
- /*
- * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -221,10 +221,8 @@ auth_shadow (
- syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- sp->sp_pwdp, cpw);
- }
-- free(cpw);
- RETURN("NO Incorrect password");
- }
-- free(cpw);
-
- /*
- * The following fields will be set to -1 if:
-@@ -286,7 +284,7 @@ auth_shadow (
- RETURN("NO Invalid username");
- }
-
-- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- password, upw->upw_passwd);
---
-cgit v0.9.2
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-02-03 15:26:46 UTC (rev 345181)
+++ PKGBUILD 2019-02-03 15:35:26 UTC (rev 345182)
@@ -3,66 +3,53 @@
# This package spans multiple repositories.
# Always build from cyrus-sasl/trunk and merge changes to libsasl/trunk.
-#pkgbase=('cyrus-sasl')
+pkgbase=('cyrus-sasl')
#pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
pkgname=libsasl
-pkgver=2.1.26
-pkgrel=16
+pkgver=2.1.27
+pkgrel=1
pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
arch=('x86_64')
-url="http://cyrusimap.web.cmu.edu/"
+url="https://www.cyrusimap.org/sasl/"
license=('custom')
options=('!makeflags')
makedepends=('postgresql-libs' 'mariadb-libs' 'libldap' 'krb5' 'openssl' 'sqlite')
source=(https://www.cyrusimap.org/releases/cyrus-sasl-${pkgver}.tar.gz
- cyrus-sasl-2.1.22-qa.patch
- cyrus-sasl-2.1.26-size_t.patch
- 0010_maintainer_mode.patch
- 0011_saslauthd_ac_prog_libtool.patch
- 0025_ld_as_needed.patch
- 0026_drop_krb5support_dependency.patch
- 0030-dont_use_la_files_for_opening_plugins.patch
+ 0003-Update-saslauthd.conf-location-in-documentation.patch
+ 0006-Enable-autoconf-maintainer-mode.patch
+ 0010-Update-required-libraries-when-ld-as-needed-is-used.patch
+ 0013-Don-t-use-la-files-for-opening-plugins.patch
+ 0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch
+ 0022-Fix-keytab-option-for-MIT-Kerberos.patch
+ 0032-Add-with_pgsql-include-postgresql-to-include-path.patch
+ gdbm-errno.patch
saslauthd.service
saslauthd.conf.d
- tmpfiles.conf
- CVE-2013-4122.patch
- cyrus-sasl-sql.patch
- cyrus-sasl-gssapi.patch
- cyrus-sasl-2.1.27-openssl-1.1.0.patch
- fix-pkgconfig.patch)
-md5sums=('a7f4e5e559a0e37b3ffc438c9456e425'
- '79b8a5e8689989e2afd4b7bda595a7b1'
- 'f45aa8c42b32e0569ab3d14a83485b37'
- 'f45d8b60e8f74dd7f7c2ec1665fa602a'
- '9d93880514cb5ff5da969f1ceb64a661'
- '62bf892fe4d1df41ff748e91a1afaf67'
- 'b7848957357e7c02d6490102be496bf9'
- '8e7106f32e495e9ade69014fd1b3352a'
- '3499dcd610ad1ad58e0faffde2aa7a23'
- '49219af5641150edec288a3fdb65e7c1'
- '45bb0192d2f188066240b9a66ee6365f'
- 'c5f0ec88c584a75c14d7f402eaeed7ef'
- '82c0f66fdc5c1145eb48ea9116c27931'
- '0363b1a0337474a57b1f75f72fe88fa3'
- 'c8a385bbca9bd79910c6bda3dd02845c'
- '409727695f9f28a3c43e340232462ff6')
+ tmpfiles.conf)
+sha256sums=('26866b1549b00ffd020f188a43c258017fa1c382b3ddadd8201536f72efb05d5'
+ '9919c81196701d11a3a77e2573a541489ad9ab42a4c50eb7d19edfb37713c604'
+ '7bd2b2af36c061e92f69944a18e2c122aea0d2b21773f5ea47bb6209f13d0812'
+ '8e22cb6ac58208f191b1eb19aac602c1bf49708f2a3b2e3de5f5b2c1e2467906'
+ 'bbee401c01dc6942710e0c1285091fcd98588bf636b52f24ed0e3b04039b748b'
+ 'a953c79c585d579f25135de0fe807d6da1fddccbd5b66a9606fb6390c12c7e31'
+ '1a0ae7bd722d57feb6fab12c05eb1922982c68bd9be1c165d405954012e6634f'
+ '3c375f8755fdbd98a21c4ee195bebbd2a146901fee327e4dd6cfde7a4dcba7c3'
+ '03a57cbcec85602fb8e39b7c8a3ff1a22d2c20a28e771b8b326a570d733bf432'
+ '5c6453050a5f594ca1d53baf3a6188d8f3cdc7a28467ad7c844ad51f663dae9a'
+ 'fa57b4f374ae633633091b1c8b44e1e0be814e4fddbfa75f16eb3dd1f16b8640'
+ '16ca1a4185847b0c6c70ef6c7c314cb466f698d3ed02185a5f50e8179822f024')
prepare() {
cd cyrus-sasl-$pkgver
- patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch
- patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch
- patch -Np1 -i ../0010_maintainer_mode.patch
- patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch
- patch -Np1 -i ../0025_ld_as_needed.patch
- patch -Np1 -i ../0026_drop_krb5support_dependency.patch
- patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch
- patch -Np1 -i ../CVE-2013-4122.patch
- patch -Np0 -i ../cyrus-sasl-sql.patch
- patch -Np1 -i ../cyrus-sasl-gssapi.patch
- patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch
- patch -Np1 -i ../fix-pkgconfig.patch
-
- sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in
+ patch -Np1 -i ../0003-Update-saslauthd.conf-location-in-documentation.patch
+ patch -Np1 -i ../0006-Enable-autoconf-maintainer-mode.patch
+ patch -Np1 -i ../0010-Update-required-libraries-when-ld-as-needed-is-used.patch
+ patch -Np1 -i ../0013-Don-t-use-la-files-for-opening-plugins.patch
+ patch -Np1 -i ../0020-Restore-LIBS-after-checking-gss_inquire_sec_context_.patch
+ patch -Np1 -i ../0022-Fix-keytab-option-for-MIT-Kerberos.patch
+ patch -Np1 -i ../0032-Add-with_pgsql-include-postgresql-to-include-path.patch
+ patch -Np1 -i ../gdbm-errno.patch
+ cp -a saslauthd/saslauthd.mdoc saslauthd/saslauthd.8
}
build() {
@@ -73,22 +60,11 @@
rm -f config/ltconfig config/ltmain.sh config/libtool.m4
rm -fr autom4te.cache
libtoolize -c
- aclocal -I config -I cmulocal
+ aclocal -I config
automake -a -c
autoheader
autoconf
- pushd saslauthd
- rm -f config/config.guess config/config.sub
- rm -f config/ltconfig config/ltmain.sh config/libtool.m4
- rm -fr autom4te.cache
- libtoolize -c
- aclocal -I config -I ../cmulocal -I ../config
- automake -a -c
- autoheader
- autoconf
- popd
-
./configure --prefix=/usr \
--sbin=/usr/bin \
--mandir=/usr/share/man \
@@ -123,6 +99,7 @@
--with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
--sysconfdir=/etc \
--with-devrandom=/dev/urandom
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
make
}
@@ -147,7 +124,7 @@
}
package_cyrus-sasl() {
- depends=("libsasl=${pkgver}" 'krb5')
+ depends=("libsasl=${pkgver}" 'krb5' 'pam')
pkgdesc="Cyrus saslauthd SASL authentication daemon"
backup=('etc/conf.d/saslauthd')
Deleted: cyrus-sasl-2.1.22-as-needed.patch
===================================================================
--- cyrus-sasl-2.1.22-as-needed.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ cyrus-sasl-2.1.22-as-needed.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,11 +0,0 @@
---- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700
-+++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700
-@@ -77,7 +77,7 @@
- AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
- SASL_DB_PATH_CHECK()
- SASL_DB_CHECK()
-- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
-+ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
- fi
-
- AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],
Deleted: cyrus-sasl-2.1.22-qa.patch
===================================================================
--- cyrus-sasl-2.1.22-qa.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ cyrus-sasl-2.1.22-qa.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,22 +0,0 @@
-fix missing prototype warnings
-
---- cyrus-sasl-2.1.22/lib/auxprop.c
-+++ cyrus-sasl-2.1.22/lib/auxprop.c
-@@ -43,6 +43,7 @@
- */
-
- #include <config.h>
-+#include <stdio.h>
- #include <sasl.h>
- #include <prop.h>
- #include <ctype.h>
---- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
-+++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
-@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
- ******************************************************************/
-
- #include <shadow.h>
-+#include <string.h>
-
- extern char *crypt();
-
Deleted: cyrus-sasl-2.1.26-size_t.patch
===================================================================
--- cyrus-sasl-2.1.26-size_t.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ cyrus-sasl-2.1.26-size_t.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,11 +0,0 @@
---- cyrus-sasl-2.1.26/include/sasl.h 2012-10-12 09:05:48.000000000 -0500
-+++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600
-@@ -223,6 +223,8 @@ extern "C" {
- * they must be called before all other SASL functions:
- */
-
-+#include <sys/types.h>
-+
- /* memory allocation functions which may optionally be replaced:
- */
- typedef void *sasl_malloc_t(size_t);
Deleted: cyrus-sasl-2.1.27-openssl-1.1.0.patch
===================================================================
--- cyrus-sasl-2.1.27-openssl-1.1.0.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ cyrus-sasl-2.1.27-openssl-1.1.0.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,435 +0,0 @@
-diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c
---- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 2012-01-28 00:31:36.000000000 +0100
-+++ cyrus-sasl-2.1.26/plugins/ntlm.c 2016-11-07 16:15:57.498259304 +0100
-@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
- return P24;
- }
-
-+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ return HMAC_CTX_new();
-+#else
-+ return utils->malloc(sizeof(HMAC_CTX));
-+#endif
-+}
-+
-+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ HMAC_CTX_free(ctx);
-+#else
-+ HMAC_cleanup(ctx);
-+ utils->free(ctx);
-+#endif
-+}
-+
- static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- const char *authid, const char *target,
- const unsigned char *challenge,
-@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
- const sasl_utils_t *utils,
- char **buf, unsigned *buflen, int *result)
- {
-- HMAC_CTX ctx;
-+ HMAC_CTX *ctx = NULL;
- unsigned char hash[EVP_MAX_MD_SIZE];
- char *upper;
- unsigned int len;
-@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
- SETERROR(utils, "cannot allocate NTLMv2 hash");
- *result = SASL_NOMEM;
- }
-+ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate HMAC CTX");
-+ *result = SASL_NOMEM;
-+ }
- else {
- /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
- P16_nt(hash, passwd, utils, buf, buflen, result);
-@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
- HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
-
- /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
-- HMAC_Init(&ctx, hash, len, EVP_md5());
-- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
-- HMAC_Update(&ctx, blob, bloblen);
-- HMAC_Final(&ctx, V2, &len);
-- HMAC_cleanup(&ctx);
-+ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
-+ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
-+ HMAC_Update(ctx, blob, bloblen);
-+ HMAC_Final(ctx, V2, &len);
-
- /* the blob is concatenated outside of this function */
-
- *result = SASL_OK;
- }
-
-+ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
-+
- return V2;
- }
-
-diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c
---- cyrus-sasl-2.1.26/plugins/otp.c.openssl110 2012-10-12 16:05:48.000000000 +0200
-+++ cyrus-sasl-2.1.26/plugins/otp.c 2016-11-07 16:13:54.374327601 +0100
-@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
- {NULL, 0, NULL}
- };
-
-+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ return EVP_MD_CTX_new();
-+#else
-+ return utils->malloc(sizeof(EVP_MD_CTX));
-+#endif
-+}
-+
-+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX_free(ctx);
-+#else
-+ utils->free(ctx);
-+#endif
-+}
-+
- /* Convert the binary data into ASCII hex */
- void bin2hex(unsigned char *bin, int binlen, char *hex)
- {
-@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
- * swabbing bytes if necessary.
- */
- static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
-- unsigned char *out, int swab)
-+ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
- {
-- EVP_MD_CTX mdctx;
-- char hash[EVP_MAX_MD_SIZE];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- unsigned int i;
- int j;
- unsigned hashlen;
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, in, inlen);
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, in, inlen);
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-
- /* Fold the result into 64 bits */
- for (i = OTP_HASH_SIZE; i < hashlen; i++) {
-@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
- char *secret, char *otp)
- {
- const EVP_MD *md;
-- char *key;
-+ EVP_MD_CTX *mdctx = NULL;
-+ char *key = NULL;
-+ int r = SASL_OK;
-
- if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- utils->seterror(utils->conn, 0,
-@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
- return SASL_FAIL;
- }
-
-+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate MD CTX");
-+ r = SASL_NOMEM;
-+ goto done;
-+ }
-+
- if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
- SETERROR(utils, "cannot allocate OTP key");
-- return SASL_NOMEM;
-+ r = SASL_NOMEM;
-+ goto done;
- }
-
- /* initial step */
- strcpy(key, seed);
- strcat(key, secret);
-- otp_hash(md, key, strlen(key), otp, alg->swab);
-+ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
-
- /* computation step */
- while (seq-- > 0)
-- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
--
-- utils->free(key);
-+ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
-+
-+ done:
-+ if (key) utils->free(key);
-+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-
-- return SASL_OK;
-+ return r;
- }
-
- static int parse_challenge(const sasl_utils_t *utils,
-@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
-
- /* Convert the 6 words into binary data */
- static int word2bin(const sasl_utils_t *utils,
-- char *words, unsigned char *bin, const EVP_MD *md)
-+ char *words, unsigned char *bin, const EVP_MD *md,
-+ EVP_MD_CTX *mdctx)
- {
- int i, j;
- char *c, *word, buf[OTP_RESPONSE_MAX+1];
-@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
-
- /* alternate dictionary */
- if (alt_dict) {
-- EVP_MD_CTX mdctx;
-- char hash[EVP_MAX_MD_SIZE];
-- int hashlen;
-+ unsigned char hash[EVP_MAX_MD_SIZE];
-+ unsigned hashlen;
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, word, strlen(word));
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, word, strlen(word));
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-
- /* use lowest 11 bits */
- x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
-@@ -802,6 +834,7 @@ static int verify_response(server_contex
- char *response)
- {
- const EVP_MD *md;
-+ EVP_MD_CTX *mdctx = NULL;
- char *c;
- int do_init = 0;
- unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
-@@ -815,6 +848,11 @@ static int verify_response(server_contex
- return SASL_FAIL;
- }
-
-+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate MD CTX");
-+ return SASL_NOMEM;
-+ }
-+
- /* eat leading whitespace */
- c = response;
- while (isspace((int) *c)) c++;
-@@ -824,7 +862,7 @@ static int verify_response(server_contex
- r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
- }
- else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
-- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
-+ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
- }
- else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
- strlen(OTP_INIT_HEX_TYPE))) {
-@@ -834,7 +872,7 @@ static int verify_response(server_contex
- else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- strlen(OTP_INIT_WORD_TYPE))) {
- do_init = 1;
-- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
-+ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
- }
- else {
- SETERROR(utils, "unknown OTP extended response type");
-@@ -843,14 +881,15 @@ static int verify_response(server_contex
- }
- else {
- /* standard response, try word first, and then hex */
-- r = word2bin(utils, c, cur_otp, md);
-+ r = word2bin(utils, c, cur_otp, md, mdctx);
- if (r != SASL_OK)
- r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
- }
-
- if (r == SASL_OK) {
- /* do one more hash (previous otp) and compare to stored otp */
-- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
-+ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
-+ prev_otp, text->alg->swab, mdctx);
-
- if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
- /* update the secret with this seq/otp */
-@@ -879,23 +918,28 @@ static int verify_response(server_contex
- *new_resp++ = '\0';
- }
-
-- if (!(new_chal && new_resp))
-- return SASL_BADAUTH;
-+ if (!(new_chal && new_resp)) {
-+ r = SASL_BADAUTH;
-+ goto done;
-+ }
-
- if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
- != SASL_OK) {
-- return r;
-+ goto done;
- }
-
-- if (seq < 1 || !strcasecmp(seed, text->seed))
-- return SASL_BADAUTH;
-+ if (seq < 1 || !strcasecmp(seed, text->seed)) {
-+ r = SASL_BADAUTH;
-+ goto done;
-+ }
-
- /* find the MDA */
- if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- utils->seterror(utils->conn, 0,
- "OTP algorithm %s is not available",
- alg->evp_name);
-- return SASL_BADAUTH;
-+ r = SASL_BADAUTH;
-+ goto done;
- }
-
- if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
-@@ -903,7 +947,7 @@ static int verify_response(server_contex
- }
- else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- strlen(OTP_INIT_WORD_TYPE))) {
-- r = word2bin(utils, new_resp, new_otp, md);
-+ r = word2bin(utils, new_resp, new_otp, md, mdctx);
- }
-
- if (r == SASL_OK) {
-@@ -914,7 +958,10 @@ static int verify_response(server_contex
- memcpy(text->otp, new_otp, OTP_HASH_SIZE);
- }
- }
--
-+
-+ done:
-+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-+
- return r;
- }
-
-diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c
---- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 2016-11-07 16:13:54.347327616 +0100
-+++ cyrus-sasl-2.1.26/saslauthd/lak.c 2016-11-07 16:18:42.283167898 +0100
-@@ -61,6 +61,35 @@
- #include <sasl.h>
- #include "lak.h"
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+static EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+ return EVP_MD_CTX_create();
-+}
-+static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-+{
-+ if (ctx == NULL)
-+ return;
-+
-+ EVP_MD_CTX_destroy(ctx);
-+}
-+
-+static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
-+{
-+ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-+
-+ if (ctx != NULL) {
-+ memset(ctx, 0, sizeof(*ctx));
-+ }
-+ return ctx;
-+}
-+static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
-+{
-+ OPENSSL_free(ctx);
-+ return;
-+}
-+#endif
-+
- typedef struct lak_auth_method {
- int method;
- int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
-@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
-
- int rc, i, tlen = 0;
- char *text;
-- EVP_ENCODE_CTX EVP_ctx;
-+ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
-
-- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
- if (text == NULL)
- return LAK_NOMEM;
-
-- EVP_DecodeInit(&EVP_ctx);
-- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
-+ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
-+ if (text == NULL) {
-+ EVP_ENCODE_CTX_free(enc_ctx);
-+ return LAK_NOMEM;
-+ }
-+
-+ EVP_DecodeInit(enc_ctx);
-+ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
- if (rc < 0) {
-+ EVP_ENCODE_CTX_free(enc_ctx);
- free(text);
- return LAK_FAIL;
- }
- tlen += i;
-- EVP_DecodeFinal(&EVP_ctx, text, &i);
-+ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
-+
-+ EVP_ENCODE_CTX_free(enc_ctx);
-
- *ret = text;
- if (rlen != NULL)
-@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
- {
- int rc, clen;
- LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- const EVP_MD *md;
- unsigned char digest[EVP_MAX_MD_SIZE];
- char *cred;
-@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
- if (!md)
- return LAK_FAIL;
-
-+ mdctx = EVP_MD_CTX_new();
-+ if (!mdctx)
-+ return LAK_NOMEM;
-+
- rc = lak_base64_decode(hash, &cred, &clen);
-- if (rc != LAK_OK)
-+ if (rc != LAK_OK) {
-+ EVP_MD_CTX_free(mdctx);
- return rc;
-+ }
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
- if (hrock->salted) {
-- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
-+ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
- clen - EVP_MD_size(md));
- }
-- EVP_DigestFinal(&mdctx, digest, NULL);
-+ EVP_DigestFinal(mdctx, digest, NULL);
-+ EVP_MD_CTX_free(mdctx);
-
- rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
- free(cred);
Deleted: cyrus-sasl-gssapi.patch
===================================================================
--- cyrus-sasl-gssapi.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ cyrus-sasl-gssapi.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,16 +0,0 @@
-diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c
---- cyrus-sasl-2.1.26.orig/plugins/gssapi.c 2016-06-10 13:55:25.985676293 -0700
-+++ cyrus-sasl-2.1.26/plugins/gssapi.c 2016-06-10 13:58:00.687337430 -0700
-@@ -1583,10 +1583,10 @@
- }
-
- /* Setup req_flags properly */
-- req_flags = GSS_C_INTEG_FLAG;
-+ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
- if (params->props.max_ssf > params->external_ssf) {
- /* We are requesting a security layer */
-- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
-+ req_flags |= GSS_C_INTEG_FLAG;
- /* Any SSF bigger than 1 is confidentiality. */
- /* Let's check if the client of the API requires confidentiality,
- and it wasn't already provided by an external layer */
Deleted: cyrus-sasl-sql.patch
===================================================================
--- cyrus-sasl-sql.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ cyrus-sasl-sql.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,39 +0,0 @@
---- configure.in 2012-10-12 16:05:48.000000000 +0200
-+++ configure.in 2013-05-11 18:48:59.021848013 +0200
-@@ -861,9 +860,9 @@
- notfound) AC_WARN([SQLite Library not found]); true;;
- *)
- if test -d ${with_sqlite}/lib; then
-- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
-+ LIB_SQLITE="-L${with_sqlite}/lib"
- else
-- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
-+ LIB_SQLITE="-L${with_sqlite}"
- fi
-
- LIB_SQLITE_DIR=$LIB_SQLITE
-@@ -913,9 +912,9 @@
- notfound) AC_WARN([SQLite3 Library not found]); true;;
- *)
- if test -d ${with_sqlite3}/lib; then
-- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
-+ LIB_SQLITE3="-L${with_sqlite3}/lib"
- else
-- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
-+ LIB_SQLITE3="-L${with_sqlite3}"
- fi
-
- LIB_SQLITE3_DIR=$LIB_SQLITE3
---- configure.in
-+++ configure.in
-@@ -674,7 +674,9 @@
- LIB_PGSQL_DIR=$LIB_PGSQL
- LIB_PGSQL="$LIB_PGSQL -lpq"
-
-- if test -d ${with_pgsql}/include/pgsql; then
-+ if test -d ${with_pgsql}/include/postgresql/pgsql; then
-+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
-+ elif test -d ${with_pgsql}/include/pgsql; then
- CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
- elif test -d ${with_pgsql}/pgsql/include; then
- CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"
Deleted: fix-pkgconfig.patch
===================================================================
--- fix-pkgconfig.patch 2019-02-03 15:26:46 UTC (rev 345181)
+++ fix-pkgconfig.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -1,27 +0,0 @@
-From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
-From: Ignacio Casal Quinteiro <icq at gnome.org>
-Date: Fri, 20 Nov 2015 11:16:31 +0100
-Subject: [PATCH] Fix up pkgconfig pc file
-
----
- libsasl2.pc.in | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/libsasl2.pc.in b/libsasl2.pc.in
-index 40bea37..ddad76d 100644
---- a/libsasl2.pc.in
-+++ b/libsasl2.pc.in
-@@ -1,8 +1,12 @@
--libdir = @libdir@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-
- Name: Cyrus SASL
- Description: Cyrus SASL implementation
- URL: http://www.cyrussasl.org/
- Version: @VERSION@
-+Cflags: -I${includedir}
- Libs: -L${libdir} -lsasl2
- Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@
Copied: libsasl/trunk/gdbm-errno.patch (from rev 345181, cyrus-sasl/trunk/gdbm-errno.patch)
===================================================================
--- gdbm-errno.patch (rev 0)
+++ gdbm-errno.patch 2019-02-03 15:35:26 UTC (rev 345182)
@@ -0,0 +1,29 @@
+From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
+From: Jonas Jelten <jj at sft.mx>
+Date: Sat, 2 Feb 2019 20:53:37 +0100
+Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
+
+`gdbm_close` also sets gdbm_errno since version 1.17.
+This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
+the `gdbm_errno` value which is then later used for the error handling.
+---
+ sasldb/db_gdbm.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
+index ee56a6bf..c908808e 100644
+--- a/sasldb/db_gdbm.c
++++ b/sasldb/db_gdbm.c
+@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
+ gkey.dptr = key;
+ gkey.dsize = key_len;
+ gvalue = gdbm_fetch(db, gkey);
++ int fetch_errno = gdbm_errno;
++
+ gdbm_close(db);
+ if (! gvalue.dptr) {
+- if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
++ if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
+ utils->seterror(conn, SASL_NOLOG,
+ "user: %s@%s property: %s not found in %s",
+ authid, realm, propName, path);
More information about the arch-commits
mailing list