summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs/cyrus-sasl/files')
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch30
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch26
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch25
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch67
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch13
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch12
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch15
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch27
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch24
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch38
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch15
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch172
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch39
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch11
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch71
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch24
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch22
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch23
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch104
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch28
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch16
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch28
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch27
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch114
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch16
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch27
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch27
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch10
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch12
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch14
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch27
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch116
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch10
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch90
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch13
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch48
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl.conf1
-rw-r--r--dev-libs/cyrus-sasl/files/java.README.gentoo39
-rw-r--r--dev-libs/cyrus-sasl/files/pwcheck.rc621
-rw-r--r--dev-libs/cyrus-sasl/files/pwcheck.service9
-rw-r--r--dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf25
-rw-r--r--dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf21
-rw-r--r--dev-libs/cyrus-sasl/files/saslauthd.pam-include8
-rw-r--r--dev-libs/cyrus-sasl/files/saslauthd.service13
-rw-r--r--dev-libs/cyrus-sasl/files/saslauthd2.rc621
-rw-r--r--dev-libs/cyrus-sasl/files/saslauthd2.rc721
46 files changed, 1560 insertions, 0 deletions
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch
new file mode 100644
index 000000000000..312afc8ff57a
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch
@@ -0,0 +1,30 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+
+ Use versioned symbols for libsasl2.
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index e09fe6e..e74c507 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -61,8 +61,8 @@ LIB_DOOR= @LIB_DOOR@
+ lib_LTLIBRARIES = libsasl2.la
+
+ libsasl2_la_SOURCES = $(common_sources) $(common_headers)
+-libsasl2_la_LDFLAGS = -version-info $(sasl_version)
+-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
++libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions
++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions
+ libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
+
+ if MACOSX
+new file mode 100644
+index 0000000..ff7190d
+--- /dev/null
++++ b/Versions
+@@ -0,0 +1,6 @@
++SASL2 {
++ global:
++ sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*;
++};
++
++HIDDEN { local: __*; _rest*; _save*; *; };
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch
new file mode 100644
index 000000000000..c550927962bc
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch
@@ -0,0 +1,26 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Rename the testsuite program to sasltestsuite and use /etc/sasldb2
+instead of ./sasldb as default path for the sasldb database file.
+--- trunk.orig/utils/testsuite.c
++++ trunk/utils/testsuite.c
+@@ -464,9 +464,9 @@
+ *len = (unsigned) strlen("sasldb");
+ return SASL_OK;
+ } else if (!strcmp(option, "sasldb_path")) {
+- *result = "./sasldb";
++ *result = "/etc/sasldb2";
+ if (len)
+- *len = (unsigned) strlen("./sasldb");
++ *len = (unsigned) strlen("/etc/sasldb2");
+ return SASL_OK;
+ } else if (!strcmp(option, "canon_user_plugin")) {
+ *result = cu_plugin;
+@@ -2925,7 +2925,7 @@
+ void usage(void)
+ {
+ printf("Usage:\n" \
+- " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \
++ " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \
+ " g -- gssapi service name to use (default: host)\n" \
+ " r -- # of random tests to do (default: 25)\n" \
+ " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch
new file mode 100644
index 000000000000..539bc06742e7
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch
@@ -0,0 +1,25 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Exact description unknown; make sure mutex-related code works.
+--- trunk.orig/lib/common.c
++++ trunk/lib/common.c
+@@ -771,7 +771,7 @@
+ result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init);
+ if(result != SASL_OK) return result;
+
+- if (!free_mutex)
++ if (!free_mutex || free_mutex == 0x1)
+ free_mutex = sasl_MUTEX_ALLOC();
+ if (!free_mutex) return SASL_FAIL;
+
+@@ -790,6 +790,11 @@
+
+ /* serialize disposes. this is necessary because we can't
+ dispose of conn->mutex if someone else is locked on it */
++
++ if (!free_mutex || free_mutex == 0x1)
++ free_mutex = sasl_MUTEX_ALLOC();
++ if (!free_mutex) return SASL_FAIL;
++
+ result = sasl_MUTEX_LOCK(free_mutex);
+ if (result!=SASL_OK) return;
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch
new file mode 100644
index 000000000000..e252bab568b1
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch
@@ -0,0 +1,67 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Make sasl_set_alloc a one-time function.
+This patch will divert all allocations to whomever called
+sasl_set_alloc first, hopefully that will be the application. If
+not, we sure *hope* the library doing stupid things has sane
+sasl_set_alloc semantics...
+It will also deny any futher tries to sasl_set_alloc after one
+of the _init functions are called.
+This patch was introduced and works fine in SASL 1.5, and no
+applications started behaving in insane ways, so chances are it
+will also work with SASL 2.1
+Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139568
+Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274087
+Reference: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2525
+--- trunk.orig/lib/client.c
++++ trunk/lib/client.c
+@@ -202,6 +202,9 @@
+ { NULL, NULL }
+ };
+
++ /* lock allocation type */
++ _sasl_allocation_locked++;
++
+ if(_sasl_client_active) {
+ /* We're already active, just increase our refcount */
+ /* xxx do something with the callback structure? */
+--- trunk.orig/lib/common.c
++++ trunk/lib/common.c
+@@ -107,6 +107,7 @@
+ (sasl_realloc_t *) &realloc,
+ (sasl_free_t *) &free
+ };
++int _sasl_allocation_locked = 0;
+
+ #define SASL_ENCODEV_EXTRA 4096
+
+@@ -637,6 +638,8 @@
+ sasl_realloc_t *r,
+ sasl_free_t *f)
+ {
++ if (_sasl_allocation_locked++) return;
++
+ _sasl_allocation_utils.malloc=m;
+ _sasl_allocation_utils.calloc=c;
+ _sasl_allocation_utils.realloc=r;
+--- trunk.orig/lib/saslint.h
++++ trunk/lib/saslint.h
+@@ -300,6 +300,7 @@
+
+ extern sasl_allocation_utils_t _sasl_allocation_utils;
+ extern sasl_mutex_utils_t _sasl_mutex_utils;
++extern int _sasl_allocation_locked;
+
+ /*
+ * checkpw.c
+--- trunk.orig/lib/server.c
++++ trunk/lib/server.c
+@@ -698,6 +698,9 @@
+ { NULL, NULL }
+ };
+
++ /* lock allocation type */
++ _sasl_allocation_locked++;
++
+ /* we require the appname (if present) to be short enough to be a path */
+ if (appname != NULL && strlen(appname) >= PATH_MAX)
+ return SASL_BADPARAM;
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch
new file mode 100644
index 000000000000..14d4456494f4
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch
@@ -0,0 +1,13 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Enable maintainer mode to avoid auto* problems.
+--- trunk.orig/configure.in
++++ trunk/configure.in
+@@ -62,6 +62,8 @@
+ AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.23)
+ CMU_INIT_AUTOMAKE
+
++AM_MAINTAINER_MODE
++
+ # and include our config dir scripts
+ ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch
new file mode 100644
index 000000000000..e9b92a40d8e0
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch
@@ -0,0 +1,12 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Enable libtool use.
+--- trunk.orig/saslauthd/configure.in
++++ trunk/saslauthd/configure.in
+@@ -25,6 +25,7 @@
+ AC_PROG_MAKE_SET
+ AC_PROG_LN_S
+ AC_PROG_INSTALL
++AC_PROG_LIBTOOL
+
+ dnl Checks for build foo
+ CMU_C___ATTRIBUTE__
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch
new file mode 100644
index 000000000000..d9daad7d89c9
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch
@@ -0,0 +1,15 @@
+Author: Dann Frazier <dannf@debian.org>
+Description: When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h>
+will define a correct function prototype for the crypt function. This avoids
+segfaults on architectures where the size of a pointer is greater than the size
+of an integer (ia64 and amd64 are examples). This may be detected by looking
+for build log lines such as the following:
+auth_shadow.c:183: warning: implicit declaration of function ‘crypt’
+auth_shadow.c:183: warning: cast to pointer from integer of different size
+--- trunk.orig/saslauthd/auth_shadow.c
++++ trunk/saslauthd/auth_shadow.c
+@@ -1,3 +1,4 @@
++#define _XOPEN_SOURCE
+ #define PWBUFSZ 256 /***SWB***/
+
+ /* MODULE: auth_shadow */
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch
new file mode 100644
index 000000000000..ffc69b77ccaf
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch
@@ -0,0 +1,27 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: This patch makes sure the non-PIC version of libsasldb.a, which
+is created out of non-PIC objects, is not going to overwrite the PIC version,
+which is created out of PIC objects. The PIC version is placed in .libs, and
+the non-PIC version in the current directory. This ensures that both non-PIC
+and PIC versions are available in the correct locations.
+--- trunk.orig/lib/Makefile.am
++++ trunk/lib/Makefile.am
+@@ -76,7 +76,7 @@
+
+ libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
+ @echo adding static plugins and dependencies
+- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
++ $(AR) cru $@ $(SASL_STATIC_OBJS)
+ @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
+ if test ! -f $$i; then continue; fi; . $$i; \
+ for j in $$dependency_libs foo; do \
+--- trunk.orig/sasldb/Makefile.am
++++ trunk/sasldb/Makefile.am
+@@ -63,6 +63,6 @@
+ EXTRA_libsasldb_a_SOURCES =
+
+ libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
+- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
++ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)
+
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch
new file mode 100644
index 000000000000..a80ca0639690
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch
@@ -0,0 +1,24 @@
+Author: Sam Hocevar <sam@zoy.org>
+Description: pid_file_lock is created with a mask of 644 instead of 0644. This
+patch fixes this octal/decimal confusion as well as the (harmless) one in the
+previous umask() call.
+--- trunk.orig/saslauthd/saslauthd-main.c
++++ trunk/saslauthd/saslauthd-main.c
+@@ -276,7 +276,7 @@
+ exit(1);
+ }
+
+- umask(077);
++ umask(0077);
+
+ pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1;
+ if ((pid_file_lock = malloc(pid_file_size)) == NULL) {
+@@ -287,7 +287,7 @@
+ strlcpy(pid_file_lock, run_path, pid_file_size);
+ strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size);
+
+- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) {
++ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) {
+ rc = errno;
+ logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock);
+ logger(L_ERR, L_FUNC, "open: %s", strerror(rc));
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch
new file mode 100644
index 000000000000..4df6a5aba42c
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch
@@ -0,0 +1,38 @@
+Author: Roberto C. Sanchez <roberto@connexer.com>
+Description: Drop gratuitous dependency on krb5support
+--- trunk.orig/aclocal.m4
++++ trunk/aclocal.m4
+@@ -2924,9 +2924,6 @@
+ fi
+
+ if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
+- # check for libkrb5support first
+- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
+-
+ gss_failed=0
+ AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
+ ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
+--- trunk.orig/cmulocal/sasl2.m4
++++ trunk/cmulocal/sasl2.m4
+@@ -110,9 +110,6 @@
+ fi
+
+ if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
+- # check for libkrb5support first
+- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
+-
+ gss_failed=0
+ AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
+ ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
+--- trunk.orig/saslauthd/aclocal.m4
++++ trunk/saslauthd/aclocal.m4
+@@ -1333,9 +1333,6 @@
+ fi
+
+ if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
+- # check for libkrb5support first
+- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
+-
+ gss_failed=0
+ AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
+ ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch
new file mode 100644
index 000000000000..0ee7236d4ab4
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch
@@ -0,0 +1,15 @@
+Fix include path for newer PostgreSQL versions
+
+--- configure.in
++++ configure.in
+@@ -674,7 +674,9 @@
+ LIB_PGSQL_DIR=$LIB_PGSQL
+ LIB_PGSQL="$LIB_PGSQL -lpq"
+
+- if test -d ${with_pgsql}/include/pgsql; then
++ if test -d ${with_pgsql}/include/postgresql/pgsql; then
++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
++ elif test -d ${with_pgsql}/include/pgsql; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+ elif test -d ${with_pgsql}/pgsql/include; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch
new file mode 100644
index 000000000000..1779babaa71a
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch
@@ -0,0 +1,172 @@
+Support for crypted passwords
+
+http://bugs.gentoo.org/45181
+
+--- cyrus-sasl-2.1.19/lib/Makefile.in
++++ cyrus-sasl-2.1.19/lib/Makefile.in
+@@ -120,7 +120,7 @@
+ JAVA_TRUE = @JAVA_TRUE@
+ LDFLAGS = @LDFLAGS@
+ LIBOBJS = @LIBOBJS@
+-LIBS = @LIBS@
++LIBS = -lcrypt @LIBS@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
+--- cyrus-sasl-2.1.19/lib/checkpw.c
++++ cyrus-sasl-2.1.19/lib/checkpw.c
+@@ -94,6 +94,23 @@
+ # endif
+ #endif
+
++/******************************
++ * crypt(3) patch start *
++ ******************************/
++char *crypt(const char *key, const char *salt);
++
++/* cleartext password formats */
++#define PASSWORD_FORMAT_CLEARTEXT 1
++#define PASSWORD_FORMAT_CRYPT 2
++#define PASSWORD_FORMAT_CRYPTTRAD 3
++#define PASSWORD_SALT_BUF_LEN 22
++
++/* weeds out crypt(3) password's salt */
++int _sasl_get_salt (char *dest, char *src, int format);
++
++/******************************
++ * crypt(3) patch stop *
++ ******************************/
+
+ /* we store the following secret to check plaintext passwords:
+ *
+@@ -143,7 +160,51 @@
+ "*cmusaslsecretPLAIN",
+ NULL };
+ struct propval auxprop_values[3];
+-
++
++ /******************************
++ * crypt(3) patch start *
++ * for password format check *
++ ******************************/
++ sasl_getopt_t *getopt;
++ void *context;
++ const char *p = NULL;
++ /**
++ * MD5: 12 char salt
++ * BLOWFISH: 16 char salt
++ */
++ char salt[PASSWORD_SALT_BUF_LEN];
++ int password_format;
++
++ /* get password format from auxprop configuration */
++ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
++ getopt(context, NULL, "password_format", &p, NULL);
++ }
++
++ /* set password format */
++ if (p) {
++ /*
++ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
++ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
++ */
++ /* modern, modular crypt(3) */
++ if (strncmp(p, "crypt", 11) == 0)
++ password_format = PASSWORD_FORMAT_CRYPT;
++ /* traditional crypt(3) */
++ else if (strncmp(p, "crypt_trad", 11) == 0)
++ password_format = PASSWORD_FORMAT_CRYPTTRAD;
++ /* cleartext password */
++ else
++ password_format = PASSWORD_FORMAT_CLEARTEXT;
++ } else {
++ /* cleartext password */
++ password_format = PASSWORD_FORMAT_CLEARTEXT;
++ }
++
++ /******************************
++ * crypt(3) patch stop *
++ * for password format check *
++ ******************************/
++
+ if (!conn || !userstr)
+ return SASL_BADPARAM;
+
+@@ -180,14 +241,31 @@
+ goto done;
+ }
+
+- /* At the point this has been called, the username has been canonified
+- * and we've done the auxprop lookup. This should be easy. */
+- if(auxprop_values[0].name
+- && auxprop_values[0].values
+- && auxprop_values[0].values[0]
+- && !strcmp(auxprop_values[0].values[0], passwd)) {
+- /* We have a plaintext version and it matched! */
+- return SASL_OK;
++
++ /******************************
++ * crypt(3) patch start *
++ ******************************/
++
++ /* get salt */
++ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
++
++ /* crypt(3)-ed password? */
++ if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
++ /* compare password */
++ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
++ return SASL_OK;
++ else
++ ret = SASL_BADAUTH;
++ }
++ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
++ /* compare passwords */
++ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
++ return SASL_OK;
++ else
++ ret = SASL_BADAUTH;
++ /******************************
++ * crypt(3) patch stop *
++ ******************************/
+ } else if(auxprop_values[1].name
+ && auxprop_values[1].values
+ && auxprop_values[1].values[0]) {
+@@ -975,3 +1053,37 @@
+ #endif
+ { NULL, NULL }
+ };
++
++/* weeds out crypt(3) password's salt */
++int _sasl_get_salt (char *dest, char *src, int format) {
++ int num; /* how many characters is salt long? */
++ switch (format) {
++ case PASSWORD_FORMAT_CRYPT:
++ /* md5 crypt */
++ if (src[1] == '1')
++ num = 12;
++ /* blowfish crypt */
++ else if (src[1] == '2')
++ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
++ /* traditional crypt */
++ else
++ num = 2;
++ break;
++
++ case PASSWORD_FORMAT_CRYPTTRAD:
++ num = 2;
++ break;
++
++ default:
++ return 1;
++ }
++
++ /* destroy destination */
++ memset(dest, '\0', (num + 1));
++
++ /* copy salt to destination */
++ strncpy(dest, src, num);
++
++ return 1;
++}
++
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch
new file mode 100644
index 000000000000..2bbacaa64b6b
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch
@@ -0,0 +1,39 @@
+diff -u -r cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 cyrus-sasl-2.1.21/cmulocal/sasl2.m4
+--- cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 2006-08-01 08:29:59.000000000 +0200
++++ cyrus-sasl-2.1.21/cmulocal/sasl2.m4 2006-08-01 08:31:32.000000000 +0200
+@@ -257,7 +257,21 @@
+
+ cmu_save_LIBS="$LIBS"
+ LIBS="$LIBS $GSSAPIBASE_LIBS"
+- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
++ dnl AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
++ AC_CHECK_HEADER(gssapi/gssapi_krb5.h, AC_DEFINE(HAVE_GSSAPI_GSSAPI_KRB5_H,,[Define if you have the gssapi/gssapi_krb5.h header file]))
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
++#ifdef HAVE_GSSAPI_H
++#include <gssapi.h>
++#else
++#include <gssapi/gssapi.h>
++#endif
++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
++#include <gssapi/gssapi_krb5.h>
++#endif
++]],[[gsskrb5_register_acceptor_identity("");]])
++],[AC_DEFINE(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY,,
++ [Define if your GSSAPI implimentation defines GSSKRB5_REGISTER_ACCEPTOR_IDENTITY])
++])
+ LIBS="$cmu_save_LIBS"
+ else
+ AC_MSG_RESULT([disabled])
+diff -u -r cyrus-sasl-2.1.21-orig/plugins/gssapi.c cyrus-sasl-2.1.21/plugins/gssapi.c
+--- cyrus-sasl-2.1.21-orig/plugins/gssapi.c 2004-07-21 16:39:06.000000000 +0200
++++ cyrus-sasl-2.1.21/plugins/gssapi.c 2006-08-01 08:30:26.000000000 +0200
+@@ -50,6 +50,9 @@
+ #else
+ #include <gssapi/gssapi.h>
+ #endif
++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
++#include <gssapi/gssapi_krb5.h>
++#endif
+
+ #ifdef WIN32
+ # include <winsock2.h>
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch
new file mode 100644
index 000000000000..1294cb507783
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch
@@ -0,0 +1,11 @@
+--- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700
++++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700
+@@ -77,7 +77,7 @@
+ AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
+ SASL_DB_PATH_CHECK()
+ SASL_DB_CHECK()
+- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
++ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
+ fi
+
+ AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch
new file mode 100644
index 000000000000..fd356327b4f2
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch
@@ -0,0 +1,71 @@
+http://bugs.gentoo.org/152544
+
+--- cyrus-sasl-2.1.22/lib/Makefile.am
++++ cyrus-sasl-2.1.22/lib/Makefile.am
+@@ -45,6 +45,7 @@ sasl_version = 2:22:0
+
+ INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
+
++AM_CFLAGS = -fPIC
+ EXTRA_DIST = windlopen.c staticopen.h NTMakefile
+ EXTRA_LIBRARIES = libsasl2.a
+ noinst_LIBRARIES = @SASL_STATIC_LIBS@
+--- cyrus-sasl-2.1.22/plugins/Makefile.am
++++ cyrus-sasl-2.1.22/plugins/Makefile.am
+@@ -63,6 +63,7 @@ srp_version = 2:22:0
+
+ INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
+ AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir)
++AM_CFLAGS = -fPIC
+
+ COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
+
+--- cyrus-sasl-2.1.22/sasldb/Makefile.am
++++ cyrus-sasl-2.1.22/sasldb/Makefile.am
+@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top
+
+ extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c
+
++AM_CFLAGS = -fPIC
+ EXTRA_DIST = NTMakefile
+
+ noinst_LTLIBRARIES = libsasldb.la
+--- cyrus-sasl-2.1.22/utils/Makefile.am
++++ cyrus-sasl-2.1.22/utils/Makefile.am
+@@ -42,7 +42,7 @@
+ #
+ ################################################################
+
+-all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
++all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT)
+ all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
+
+ sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer
+--- cyrus-sasl-2.1.22/sample/Makefile.am
++++ cyrus-sasl-2.1.22/sample/Makefile.am
+@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c
+ server_SOURCES = server.c common.c common.h
+ client_SOURCES = client.c common.c common.h
+
+-server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
+-client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
++server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
++client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
+
+-sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
+-sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
++sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
++sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
+
+ EXTRA_DIST = NTMakefile
+--- cyrus-sasl-2.1.22/lib/Makefile.am
++++ cyrus-sasl-2.1.22/lib/Makefile.am
+@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la
+ libsasl2_la_SOURCES = $(common_sources) $(common_headers)
+ libsasl2_la_LDFLAGS = -version-info $(sasl_version)
+ libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
+-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
++libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
+
+ if MACOSX
+ framedir = /Library/Frameworks/SASL2.framework
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch
new file mode 100644
index 000000000000..e2621278ba12
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch
@@ -0,0 +1,24 @@
+fix warnings with gcc-4.4
+
+http://bugs.gentoo.org/248738
+
+--- cyrus-sasl-2.1.22/plugins/digestmd5.c
++++ cyrus-sasl-2.1.22/plugins/digestmd5.c
+@@ -2715,7 +2715,7 @@ static sasl_server_plug_t digestmd5_serv
+ "DIGEST-MD5", /* mech_name */
+ #ifdef WITH_RC4
+ 128, /* max_ssf */
+-#elif WITH_DES
++#elif defined(WITH_DES)
+ 112,
+ #else
+ 1,
+@@ -4034,7 +4034,7 @@ static sasl_client_plug_t digestmd5_clie
+ "DIGEST-MD5",
+ #ifdef WITH_RC4 /* mech_name */
+ 128, /* max ssf */
+-#elif WITH_DES
++#elif defined(WITH_DES)
+ 112,
+ #else
+ 1,
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch
new file mode 100644
index 000000000000..4f7b04f135a7
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch
@@ -0,0 +1,22 @@
+fix missing prototype warnings
+
+--- cyrus-sasl-2.1.22/lib/auxprop.c
++++ cyrus-sasl-2.1.22/lib/auxprop.c
+@@ -43,6 +43,7 @@
+ */
+
+ #include <config.h>
++#include <stdio.h>
+ #include <sasl.h>
+ #include <prop.h>
+ #include <ctype.h>
+--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
+ ******************************************************************/
+
+ #include <shadow.h>
++#include <string.h>
+
+ extern char *crypt();
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch
new file mode 100644
index 000000000000..10be0202ee86
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch
@@ -0,0 +1,23 @@
+--- sasldb/db_berkeley.c.orig 2010-10-04 21:11:15.044010468 -0400
++++ sasldb/db_berkeley.c 2010-10-04 21:12:18.921998718 -0400
+@@ -100,7 +100,7 @@
+ ret = db_create(mbdb, NULL, 0);
+ if (ret == 0 && *mbdb != NULL)
+ {
+-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
++#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
+ ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660);
+ #else
+ ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660);
+
+--- utils/dbconverter-2.c.orig 2010-10-04 21:23:39.778000256 -0400
++++ utils/dbconverter-2.c 2010-10-04 21:24:50.384999893 -0400
+@@ -214,7 +214,7 @@
+ ret = db_create(mbdb, NULL, 0);
+ if (ret == 0 && *mbdb != NULL)
+ {
+-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
++#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
+ ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664);
+ #else
+ ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch
new file mode 100644
index 000000000000..460953bf01e4
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch
@@ -0,0 +1,104 @@
+From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Tue, 9 Jul 2013
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+---
+ pwcheck/pwcheck_getpwnam.c | 3 ++-
+ pwcheck/pwcheck_getspnam.c | 3 ++-
+ saslauthd/auth_getpwent.c | 3 ++-
+ saslauthd/auth_shadow.c | 7 ++-----
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ extern char *crypt();
+ char *password;
+ {
+ char* r;
++ char* crpt_passwd;
+ struct passwd *pwd;
+
+ pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+ else if (pwd->pw_passwd[0] == '*') {
+ r = "Account disabled";
+ }
+- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ r = "Incorrect password";
+ }
+ else {
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -70,6 +70,7 @@ auth_getpwent (
+ {
+ /* VARIABLES */
+ struct passwd *pw; /* pointer to passwd file entry */
++ char *crpt_passwd; /* encrypted password */
+ /* END VARIABLES */
+
+ pw = getpwnam(login);
+@@ -79,7 +80,7 @@ auth_getpwent (
+ RETURN("NO");
+ }
+
+- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ RETURN("NO");
+ }
+
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -180,16 +180,13 @@ auth_shadow (
+ * not returning any information about a login until we have validated
+ * the password.
+ */
+- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+- if (strcmp(sp->sp_pwdp, cpw)) {
++ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ sp->sp_pwdp, cpw);
+ }
+- free(cpw);
+ RETURN("NO");
+ }
+- free(cpw);
+
+ /*
+ * The following fields will be set to -1 if:
+@@ -251,7 +250,7 @@ auth_shadow (
+ RETURN("NO");
+ }
+
+- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ password, upw->upw_passwd);
+--- a/pwcheck/pwcheck_getspnam.c 2013-07-14 08:05:00.000000000 +0000
++++ b/pwcheck/pwcheck_getspnam.c 2013-07-14 08:06:10.958815179 +0000
+@@ -32,13 +33,14 @@
+ char *password;
+ {
+ struct spwd *pwd;
++ char *crpt_passwd;
+
+ pwd = getspnam(userid);
+ if (!pwd) {
+ return "Userid not found";
+ }
+
+- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ return "Incorrect password";
+ }
+ else {
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch
new file mode 100644
index 000000000000..f5f372d171ee
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch
@@ -0,0 +1,28 @@
+fix warnings:
+
+auth_sasldb.c: In function ‘auth_sasldb’:
+auth_sasldb.c:144: warning: implicit declaration of function ‘gethostname’
+
+auth_sasldb.c:153: warning: passing argument 8 of ‘_sasldb_getdata’ from incompatible pointer type
+../sasldb/sasldb.h:60: note: expected ‘size_t *’ but argument is of type ‘int *’
+
+--- saslauthd/auth_sasldb.c
++++ saslauthd/auth_sasldb.c
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <pwd.h>
++#include <unistd.h>
+ /* END PUBLIC DEPENDENCIES */
+
+ #define RETURN(x) return strdup(x)
+@@ -131,7 +132,8 @@
+ /* VARIABLES */
+ char pw[1024]; /* pointer to passwd file entry */
+ sasl_utils_t utils;
+- int ret, outsize;
++ int ret;
++ size_t outsize;
+ const char *use_realm;
+ char realm_buf[MAXHOSTNAMELEN];
+ /* END VARIABLES */
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch
new file mode 100644
index 000000000000..9eeab1b42ff9
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch
@@ -0,0 +1,16 @@
+Gentoo bug #389349
+--- cmulocal/sasl2.m4 2009-04-28 17:09:13.000000000 +0200
++++ cmulocal/sasl2.m4 2011-11-02 17:55:24.000000000 +0100
+@@ -217,7 +217,11 @@
+ [AC_WARN([Cybersafe define not found])])
+
+ elif test "$ac_cv_header_gssapi_h" = "yes"; then
+- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h,
++ AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h,
++ [#include <gssapi.h>
++ #ifdef GSS_C_NT_HOSTBASED_SERVICE
++ hostbased_service_gss_nt_yes
++ #endif],
+ [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,,
+ [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])])
+ elif test "$ac_cv_header_gssapi_gssapi_h"; then
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch
new file mode 100644
index 000000000000..5574072d0e0d
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch
@@ -0,0 +1,28 @@
+--- a/saslauthd/auth_rimap.c 2011-09-01 14:19:54.754622284 +0100
++++ b/saslauthd/auth_rimap.c 2011-09-01 14:19:59.410561033 +0100
+@@ -162,6 +162,7 @@
+ num_quotes = 0;
+ p1 = s;
+ while ((p1 = strchr(p1, '"')) != NULL) {
++ p1++;
+ num_quotes++;
+ }
+
+@@ -438,7 +439,7 @@
+ syslog(LOG_WARNING, "auth_rimap: writev: %m");
+ memset(qlogin, 0, strlen(qlogin));
+ free(qlogin);
+- memset(qpass, 0, strlen(qlogin));
++ memset(qpass, 0, strlen(qpass));
+ free(qpass);
+ (void)close(s);
+ return strdup(RESP_IERROR);
+@@ -447,7 +448,7 @@
+ /* don't need these any longer */
+ memset(qlogin, 0, strlen(qlogin));
+ free(qlogin);
+- memset(qpass, 0, strlen(qlogin));
++ memset(qpass, 0, strlen(qpass));
+ free(qpass);
+
+ /* read and parse the LOGIN response */
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch
new file mode 100644
index 000000000000..67b48b4a4993
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch
@@ -0,0 +1,27 @@
+Author: Matthias Klose <doko@ubuntu.com>
+Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
+it.
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
+ saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
+ saslauthd_LDADD = @SASL_KRB_LIB@ \
+ @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
+- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+
+ testsaslauthd_SOURCES = testsaslauthd.c utils.c
+ testsaslauthd_LDADD = @LIB_SOCKET@
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
+
+ libsasldb_la_SOURCES = allockey.c sasldb.h
+ EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
+-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
+-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+
+ # Prevent make dist stupidity
+ libsasldb_a_SOURCES =
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch
new file mode 100644
index 000000000000..5837921d4f7f
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch
@@ -0,0 +1,114 @@
+--- a/configure.in
++++ b/configure.in
+@@ -44,6 +44,8 @@ dnl
+ AC_INIT(lib/saslint.h)
+ AC_PREREQ([2.54])
+
++AC_CONFIG_MACRO_DIR([cmulocal] [config])
++
+ dnl use ./config.cache as the default cache file.
+ dnl we require a cache file to successfully configure our build.
+ if test $cache_file = "/dev/null"; then
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7
+ #
+ ################################################################
+
++ACLOCAL_AMFLAGS = -I cmulocal -I config
++
+ if SASLAUTHD
+ SAD = saslauthd
+ else
+--- a/saslauthd/configure.in
++++ b/saslauthd/configure.in
+@@ -1,7 +1,8 @@
+ AC_INIT(mechanisms.h)
+ AC_PREREQ([2.54])
+
+-AC_CONFIG_AUX_DIR(config)
++AC_CONFIG_MACRO_DIR([../cmulocal] [../config])
++AC_CONFIG_AUX_DIR([config])
+ AC_CANONICAL_HOST
+
+ dnl Should we enable SASLAUTHd at all?
+@@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS)
+
+ dnl Checks for which function macros exist
+ AC_MSG_CHECKING(whether $CC implements __func__)
+-AC_CACHE_VAL(have_func,
++AC_CACHE_VAL(_cv_have_func,
+ [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);],
+-have_func=yes,
+-have_func=no)])
+-AC_MSG_RESULT($have_func)
+-if test "$have_func" = yes; then
++_cv_have_func=yes,
++_cv_have_func=no)])
++AC_MSG_RESULT($_cv_have_func)
++if test "$_cv_have_func" = yes; then
+ AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__])
+ else
+ AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__)
+- AC_CACHE_VAL(have_pretty_function,
++ AC_CACHE_VAL(_cv_have_pretty_function,
+ [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);],
+- have_pretty_function=yes,
+- have_pretty_function=no)])
+- AC_MSG_RESULT($have_pretty_function)
+- if test "$have_pretty_function" = yes; then
++ _cv_have_pretty_function=yes,
++ _cv_have_pretty_function=no)])
++ AC_MSG_RESULT($_cv_have_pretty_function)
++ if test "$_cv_have_pretty_function" = yes; then
+ AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__])
+ else
+ AC_MSG_CHECKING(whether $CC implements __FUNCTION__)
+- AC_CACHE_VAL(have_function,
++ AC_CACHE_VAL(_cv_have_function,
+ [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);],
+- have_function=yes,
+- have_function=no)])
+- AC_MSG_RESULT($have_function)
+- if test "$have_function" = yes; then
++ _cv_have_function=yes,
++ _cv_have_function=no)])
++ AC_MSG_RESULT($_cv_have_function)
++ if test "$_cv_have_function" = yes; then
+ AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__])
+ fi
+ fi
+--- a/saslauthd/Makefile.am
++++ b/saslauthd/Makefile.am
+@@ -1,4 +1,6 @@
+ AUTOMAKE_OPTIONS = 1.7
++ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config
++
+ sbin_PROGRAMS = saslauthd testsaslauthd
+ EXTRA_PROGRAMS = saslcache
+
+--- a/config/kerberos_v4.m4
++++ b/config/kerberos_v4.m4
+@@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [
+ dnl if we were ambitious, we would look more aggressively for the
+ dnl krb4 install
+ if test -d ${krb4}; then
+- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [
++ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [
+ for krbhloc in include/kerberosIV include/kerberos include
+ do
+ if test -f ${krb4}/${krbhloc}/krb.h ; then
+- cyrus_krbinclude=${krb4}/${krbhloc}
++ cyrus_cv_krbinclude=${krb4}/${krbhloc}
+ break
+ fi
+ done
+ ])
+
+- if test -n "${cyrus_krbinclude}"; then
+- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}"
++ if test -n "${cyrus_cv_krbinclude}"; then
++ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}"
+ fi
+ LDFLAGS="$LDFLAGS -L$krb4/lib"
+ fi
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch
new file mode 100644
index 000000000000..a9dd1476d2e6
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch
@@ -0,0 +1,16 @@
+https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590
+https://bugs.gentoo.org/show_bug.cgi?id=392761
+
+--- cyrus-sasl-2.1.25/lib/auxprop.c~ 2011-10-20 17:33:46.423015318 +0200
++++ cyrus-sasl-2.1.25/lib/auxprop.c 2011-10-20 17:48:49.336348654 +0200
+@@ -971,6 +971,10 @@
+ }
+
+ if(!found) {
++ /* compatibility with <= 2.1.23, ignore the lack of auxrop plugin */
++ if (!plist)
++ result = SASL_OK;
++ else
+ _sasl_log(sparams->utils->conn, SASL_LOG_DEBUG,
+ "could not find auxprop plugin, was searching for '%s'",
+ plist ? plist : "[all]");
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
new file mode 100644
index 000000000000..2e5b1750d00d
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
@@ -0,0 +1,27 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: This patch makes sure the non-PIC version of libsasldb.a, which
+is created out of non-PIC objects, is not going to overwrite the PIC version,
+which is created out of PIC objects. The PIC version is placed in .libs, and
+the non-PIC version in the current directory. This ensures that both non-PIC
+and PIC versions are available in the correct locations.
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -78,7 +78,7 @@ endif
+
+ libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
+ @echo adding static plugins and dependencies
+- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
++ $(AR) cru $@ $(SASL_STATIC_OBJS)
+ @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
+ if test ! -f $$i; then continue; fi; . $$i; \
+ for j in $$dependency_libs foo; do \
+--- a/sasldb/Makefile.am
++++ b/sasldb/Makefile.am
+@@ -63,6 +63,6 @@ libsasldb_a_SOURCES =
+ EXTRA_libsasldb_a_SOURCES =
+
+ libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
+- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
++ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)
+
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch
new file mode 100644
index 000000000000..abf0df2568c6
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch
@@ -0,0 +1,27 @@
+Fix compiling against heimdal
+
+--- sample/server.c 2010-12-01 14:52:55.000000000 +0000
++++ sample/server.c 2011-11-30 14:54:42.000000000 +0000
+@@ -85,8 +85,10 @@
+
+ #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
+ #include <gssapi/gssapi.h>
++#ifndef KRB5_HEIMDAL
+ #include <gssapi/gssapi_ext.h>
+ #endif
++#endif
+
+ #include "common.h"
+
+--- plugins/gssapi.c 2011-05-11 19:25:55.000000000 +0000
++++ plugins/gssapi.c 2011-11-30 14:54:33.000000000 +0000
+@@ -50,6 +50,9 @@
+ #else
+ #include <gssapi/gssapi.h>
+ #endif
++#ifdef KRB5_HEIMDAL
++#include <gssapi/gssapi_krb5.h>
++#endif
+
+ #ifdef WIN32
+ # include <winsock2.h>
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch
new file mode 100644
index 000000000000..597d45a76795
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch
@@ -0,0 +1,10 @@
+--- pwcheck/pwcheck_getspnam.c 1999-08-26 19:22:44.000000000 +0300
++++ pwcheck/pwcheck_getspnam.c 2011-11-30 13:22:24.601023316 +0200
+@@ -24,6 +24,7 @@
+ ******************************************************************/
+
+ #include <shadow.h>
++#include <string.h>
+
+ extern char *crypt();
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch
new file mode 100644
index 000000000000..da1a49f1dd66
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch
@@ -0,0 +1,12 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Enable libtool use.
+--- a/saslauthd/configure.in
++++ b/saslauthd/configure.in
+@@ -25,6 +25,7 @@ AC_PROG_AWK
+ AC_PROG_MAKE_SET
+ AC_PROG_LN_S
+ AC_PROG_INSTALL
++AC_PROG_LIBTOOL
+
+ dnl Checks for build foo
+ CMU_C___ATTRIBUTE__
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch
new file mode 100644
index 000000000000..8eff5a8bdd12
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch
@@ -0,0 +1,14 @@
+Author: Fabian Fagerholm <fabbe@debian.org>
+Description: Fix linking with libsasldb.a when saslauthd is built with sasldb
+support.
+--- a/saslauthd/configure.in
++++ b/saslauthd/configure.in
+@@ -77,7 +77,7 @@ if test "$authsasldb" != no; then
+ AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
+ SASL_DB_PATH_CHECK()
+ SASL_DB_CHECK()
+- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
++ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a"
+ fi
+
+ AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch
new file mode 100644
index 000000000000..117e8eb88802
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch
@@ -0,0 +1,27 @@
+Bug #445932
+--- cmulocal/sasl2.m4 2011-09-02 12:58:00.000000000 +0000
++++ cmulocal/sasl2.m4 2012-12-05 08:37:16.425811319 +0000
+@@ -268,7 +268,11 @@
+
+ cmu_save_LIBS="$LIBS"
+ LIBS="$LIBS $GSSAPIBASE_LIBS"
+- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
++ AC_CHECK_FUNCS([gsskrb5_register_acceptor_identity], [],
++ [AC_CHECK_FUNCS([krb5_gss_register_acceptor_identity],
++ [AC_CHECK_HEADERS([gssapi/gssapi_krb5.h],
++ [AC_DEFINE([HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY], [1])]
++ )])])
+ AC_CHECK_FUNCS(gss_decapsulate_token)
+ AC_CHECK_FUNCS(gss_encapsulate_token)
+ AC_CHECK_FUNCS(gss_oid_equal)
+--- plugins/gssapi.c 2012-12-05 09:03:31.000220161 +0000
++++ plugins/gssapi.c 2012-12-05 09:01:55.043380204 +0000
+@@ -50,7 +50,7 @@
+ #else
+ #include <gssapi/gssapi.h>
+ #endif
+-#ifdef KRB5_HEIMDAL
++#if defined (KRB5_HEIMDAL) || defined (HAVE_GSSAPI_GSSAPI_KRB5_H)
+ #include <gssapi/gssapi_krb5.h>
+ #endif
+
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch
new file mode 100644
index 000000000000..09c9ce86c9ac
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch
@@ -0,0 +1,116 @@
+From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Thu, 11 Jul 2013 09:08:07 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt()
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Patch by mancha1@hush.com.
+---
+diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
+index 4b34222..400289c 100644
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ char *userid;
+ char *password;
+ {
+ char* r;
++ char* crpt_passwd;
+ struct passwd *pwd;
+
+ pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+ else if (pwd->pw_passwd[0] == '*') {
+ r = "Account disabled";
+ }
+- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ r = "Incorrect password";
+ }
+ else {
+diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
+index 2b11286..6d607bb 100644
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -32,13 +32,15 @@ char *userid;
+ char *password;
+ {
+ struct spwd *pwd;
++ char *crpt_passwd;
+
+ pwd = getspnam(userid);
+ if (!pwd) {
+ return "Userid not found";
+ }
+
+- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++ crpt_passwd = crypt(password, pwd->sp_pwdp);
++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ return "Incorrect password";
+ }
+ else {
+diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
+index fc8029d..d4ebe54 100644
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -77,6 +77,7 @@ auth_getpwent (
+ {
+ /* VARIABLES */
+ struct passwd *pw; /* pointer to passwd file entry */
++ char *crpt_passwd; /* encrypted password */
+ int errnum;
+ /* END VARIABLES */
+
+@@ -105,7 +106,8 @@ auth_getpwent (
+ }
+ }
+
+- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++ crpt_passwd = crypt(password, pw->pw_passwd);
++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
+ }
+diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
+index 677131b..1988afd 100644
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -210,8 +210,8 @@ auth_shadow (
+ RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
+ }
+
+- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+- if (strcmp(sp->sp_pwdp, cpw)) {
++ cpw = crypt(password, sp->sp_pwdp);
++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ if (flags & VERBOSE) {
+ /*
+ * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -221,10 +221,8 @@ auth_shadow (
+ syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ sp->sp_pwdp, cpw);
+ }
+- free(cpw);
+ RETURN("NO Incorrect password");
+ }
+- free(cpw);
+
+ /*
+ * The following fields will be set to -1 if:
+@@ -286,7 +284,7 @@ auth_shadow (
+ RETURN("NO Invalid username");
+ }
+
+- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ password, upw->upw_passwd);
+--
+cgit v0.9.0.2
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch
new file mode 100644
index 000000000000..af382181e046
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch
@@ -0,0 +1,10 @@
+--- cyrus-sasl2.orig/plugins/ldapdb.c
++++ cyrus-sasl2/plugins/ldapdb.c
+@@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context,
+ if ( len > out_max )
+ len = out_max;
+ memcpy(out, bvals[0]->bv_val, len);
++ out[len] = '\0';
+ *out_ulen = len;
+ ber_bvecfree(bvals);
+ }
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch
new file mode 100644
index 000000000000..46bbdd1ca1a0
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch
@@ -0,0 +1,90 @@
+Bug #510320
+--- saslauthd/auth_rimap.c 2012-10-12 14:05:48.000000000 +0000
++++ saslauthd/auth_rimap.c 2014-05-15 05:23:02.000000000 +0000
+@@ -371,7 +371,7 @@
+ if ( rc>0 ) {
+ /* check if there is more to read */
+ fd_set perm;
+- int fds, ret;
++ int fds, ret, loopc;
+ struct timeval timeout;
+
+ FD_ZERO(&perm);
+@@ -380,6 +380,7 @@
+
+ timeout.tv_sec = 1;
+ timeout.tv_usec = 0;
++ loopc = 0;
+ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
+ if ( FD_ISSET(s, &perm) ) {
+ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
+@@ -387,6 +388,14 @@
+ rc = ret;
+ break;
+ } else {
++ if (ret == 0) {
++ loopc += 1;
++ } else {
++ loopc = 0;
++ }
++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value
++ break;
++ }
+ rc += ret;
+ }
+ }
+@@ -484,7 +493,7 @@
+ if ( rc>0 ) {
+ /* check if there is more to read */
+ fd_set perm;
+- int fds, ret;
++ int fds, ret, loopc;
+ struct timeval timeout;
+
+ FD_ZERO(&perm);
+@@ -493,6 +502,7 @@
+
+ timeout.tv_sec = 1;
+ timeout.tv_usec = 0;
++ loopc = 0;
+ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
+ if ( FD_ISSET(s, &perm) ) {
+ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
+@@ -500,6 +510,14 @@
+ rc = ret;
+ break;
+ } else {
++ if (ret == 0) {
++ loopc += 1;
++ } else {
++ loopc = 0;
++ }
++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value
++ break;
++ }
+ rc += ret;
+ }
+ }
+--- lib/checkpw.c 2012-01-27 23:31:36.000000000 +0000
++++ lib/checkpw.c 2014-05-15 05:19:35.000000000 +0000
+@@ -587,16 +587,14 @@
+ /* Timeout. */
+ errno = ETIMEDOUT;
+ return -1;
+- case +1:
+- if (FD_ISSET(fd, &rfds)) {
+- /* Success, file descriptor is readable. */
+- return 0;
+- }
+- return -1;
+ case -1:
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+ default:
++ if (FD_ISSET(fd, &rfds)) {
++ /* Success, file descriptor is readable. */
++ return 0;
++ }
+ /* Error catch-all. */
+ return -1;
+ }
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
new file mode 100644
index 000000000000..42f20fb8096b
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
@@ -0,0 +1,13 @@
+Gentoo bug #458790
+--- include/sasl.h 2012-10-12 17:05:48.000000000 +0300
++++ include/sasl.h 2013-02-23 16:56:44.648786268 +0200
+@@ -121,6 +121,9 @@
+ #ifndef SASL_H
+ #define SASL_H 1
+
++/* stddef.h to get size_t defined */
++#include <stddef.h>
++
+ /* Keep in sync with win32/common.mak */
+ #define SASL_VERSION_MAJOR 2
+ #define SASL_VERSION_MINOR 1
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch
new file mode 100644
index 000000000000..d8b4b6efc3f8
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch
@@ -0,0 +1,48 @@
+--- cyrus-sasl2.orig/saslauthd/auth_rimap.c
++++ cyrus-sasl2/saslauthd/auth_rimap.c
+@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re
+ service we connect to. */
+ #define TAG "saslauthd" /* IMAP command tag */
+ #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
++#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
+ #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
+ #define RESP_LEN 1000 /* size of read response buffer */
+
+@@ -307,10 +308,12 @@ auth_rimap (
+ int s=-1; /* socket to remote auth host */
+ struct addrinfo *r; /* remote socket address info */
+ struct iovec iov[5]; /* for sending LOGIN command */
++ struct iovec iov2[2]; /* for sending LOGOUT command */
+ char *qlogin; /* pointer to "quoted" login */
+ char *qpass; /* pointer to "quoted" password */
+ char *c; /* scratch pointer */
+ int rc; /* return code scratch area */
++ int rcl; /* return code scratch area */
+ char rbuf[RESP_LEN]; /* response read buffer */
+ char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+ int saved_errno;
+@@ -505,6 +508,24 @@ auth_rimap (
+ }
+ }
+ }
++
++ /* close remote imap */
++ iov2[0].iov_base = LOGOUT_CMD;
++ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1;
++ iov2[1].iov_base = "\r\n";
++ iov2[1].iov_len = sizeof("\r\n") - 1;
++
++ if (flags & VERBOSE) {
++ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
++ LOGOUT_CMD, qlogin, qpass);
++ }
++ alarm(NETWORK_IO_TIMEOUT);
++ rcl = retry_writev(s, iov2, 2);
++ alarm(0);
++ if (rcl == -1) {
++ syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
++ }
++
+ (void) close(s); /* we're done with the remote */
+ if (rc == -1) {
+ syslog(LOG_WARNING, "auth_rimap: read (response): %m");
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl.conf b/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
new file mode 100644
index 000000000000..d4809f73c8e9
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root -
diff --git a/dev-libs/cyrus-sasl/files/java.README.gentoo b/dev-libs/cyrus-sasl/files/java.README.gentoo
new file mode 100644
index 000000000000..fb73204ecab1
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/java.README.gentoo
@@ -0,0 +1,39 @@
+4-Nov-2000
+
+Note: this file has been modified to adapt to Gentoo specific.
+
+class files are installed in
+
+`java-config -p cyrus-sasl-2`
+
+to compile programs using it, do:
+
+javac -classpath $JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2` <file>.java
+
+(make sure to substitute your JDK for $JAVA_HOME/lib/tools.jar)
+
+to run, do
+
+java -classpath <same path as above> <YourProgram>
+
+----------------------------
+This is a java version of the SASL libraries. It supports all the
+mechanisms in the C version and conforms to the internet draft in the
+doc/ directory. JNI is used.
+
+Sample applications exist in the Test/ directory.
+
+They generally can be run with something like:
+
+java -debug -classpath
+../:$JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2`:. jimtest -p 2143 -m
+KERBEROS_V4 cyrus-dev
+
+and
+
+java -debug -classpath
+../:$JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2`:. testserver
+
+
+Any feedback is welcome.
+
diff --git a/dev-libs/cyrus-sasl/files/pwcheck.rc6 b/dev-libs/cyrus-sasl/files/pwcheck.rc6
new file mode 100644
index 000000000000..4530daf12976
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/pwcheck.rc6
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ need localmount
+ use logger
+}
+
+start() {
+ ebegin "Starting sasl pwcheck daemon"
+ start-stop-daemon --start --quiet --exec /usr/sbin/pwcheck
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping sasl pwcheck daemon"
+ start-stop-daemon --stop --quiet --exec /usr/sbin/pwcheck
+ eend $?
+}
diff --git a/dev-libs/cyrus-sasl/files/pwcheck.service b/dev-libs/cyrus-sasl/files/pwcheck.service
new file mode 100644
index 000000000000..74ff4859abf7
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/pwcheck.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=SASL pwcheck daemon
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/pwcheck
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf b/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf
new file mode 100644
index 000000000000..1bbe44d76553
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf
@@ -0,0 +1,25 @@
+# $Id$
+
+# Config file for /etc/init.d/saslauthd
+
+# Initial (empty) options.
+SASLAUTHD_OPTS=""
+
+# Specify the authentications mechanism.
+# **NOTE** For a list see: saslauthd -v
+# Since 2.1.19, add "-r" to options for old behavior,
+# ie. reassemble user and realm to user@realm form.
+#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r"
+SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam"
+
+# Specify the hostname for remote IMAP server.
+# **NOTE** Only needed if rimap auth mechanism is used.
+#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"
+
+# Specify the number of worker processes to create.
+#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5"
+
+# Enable credential cache, set cache size and timeout.
+# **NOTE** Size is measured in kilobytes.
+# Timeout is measured in seconds.
+#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30"
diff --git a/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf b/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
new file mode 100644
index 000000000000..2b60bc03c974
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
@@ -0,0 +1,21 @@
+# $Id$
+
+# Config file for /etc/init.d/saslauthd and systemd unit
+
+# PLEASE READ THIS IF YOU ARE USING SYSTEMD
+# Please note that systemd does not expand shell variables
+# thus, something like FOO="${FOO} bar" won't work.
+
+# Specify the authentications mechanism.
+# **NOTE** For a list see: saslauthd -v
+# Since 2.1.19, add "-r" to options for old behavior,
+# ie. reassemble user and realm to user@realm form.
+#
+# Specify the hostname for remote IMAP server using:
+# "-O localhost".
+# Specify the number of worker processes to create using:
+# "-n <N>".
+# Enable credential cache, set cache size and timeout using:
+# "-c -s <cache size, like 128> -t <timeout seconds>".
+#
+SASLAUTHD_OPTS="-a pam"
diff --git a/dev-libs/cyrus-sasl/files/saslauthd.pam-include b/dev-libs/cyrus-sasl/files/saslauthd.pam-include
new file mode 100644
index 000000000000..d50a84946a78
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd.pam-include
@@ -0,0 +1,8 @@
+#%PAM-1.0
+
+auth required pam_nologin.so
+auth include system-auth
+
+account include system-auth
+
+session include system-auth
diff --git a/dev-libs/cyrus-sasl/files/saslauthd.service b/dev-libs/cyrus-sasl/files/saslauthd.service
new file mode 100644
index 000000000000..1609a651e4e0
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=SASL Authentication Daemon
+
+[Service]
+Type=forking
+PIDFile=/run/saslauthd/saslauthd.pid
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+ExecStop=/bin/kill -15 $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/dev-libs/cyrus-sasl/files/saslauthd2.rc6 b/dev-libs/cyrus-sasl/files/saslauthd2.rc6
new file mode 100644
index 000000000000..b1cc1c3b333e
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd2.rc6
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ need net
+}
+
+start() {
+ ebegin "Starting saslauthd"
+ start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
+ -- ${SASLAUTHD_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping saslauthd"
+ start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid
+ eend $?
+}
diff --git a/dev-libs/cyrus-sasl/files/saslauthd2.rc7 b/dev-libs/cyrus-sasl/files/saslauthd2.rc7
new file mode 100644
index 000000000000..23504f60f517
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/saslauthd2.rc7
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ need net
+}
+
+start() {
+ ebegin "Starting saslauthd"
+ start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
+ -- ${SASLAUTHD_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping saslauthd"
+ start-stop-daemon --stop --quiet --pidfile /run/saslauthd/saslauthd.pid
+ eend $?
+}