diff options
Diffstat (limited to 'dev-libs/cyrus-sasl/files')
46 files changed, 1560 insertions, 0 deletions
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch new file mode 100644 index 000000000000..312afc8ff57a --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch @@ -0,0 +1,30 @@ +Author: Fabian Fagerholm <fabbe@debian.org> + + Use versioned symbols for libsasl2. + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index e09fe6e..e74c507 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -61,8 +61,8 @@ LIB_DOOR= @LIB_DOOR@ + lib_LTLIBRARIES = libsasl2.la + + libsasl2_la_SOURCES = $(common_sources) $(common_headers) +-libsasl2_la_LDFLAGS = -version-info $(sasl_version) +-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) ++libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions ++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions + libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT) + + if MACOSX +new file mode 100644 +index 0000000..ff7190d +--- /dev/null ++++ b/Versions +@@ -0,0 +1,6 @@ ++SASL2 { ++ global: ++ sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*; ++}; ++ ++HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch new file mode 100644 index 000000000000..c550927962bc --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch @@ -0,0 +1,26 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Rename the testsuite program to sasltestsuite and use /etc/sasldb2 +instead of ./sasldb as default path for the sasldb database file. +--- trunk.orig/utils/testsuite.c ++++ trunk/utils/testsuite.c +@@ -464,9 +464,9 @@ + *len = (unsigned) strlen("sasldb"); + return SASL_OK; + } else if (!strcmp(option, "sasldb_path")) { +- *result = "./sasldb"; ++ *result = "/etc/sasldb2"; + if (len) +- *len = (unsigned) strlen("./sasldb"); ++ *len = (unsigned) strlen("/etc/sasldb2"); + return SASL_OK; + } else if (!strcmp(option, "canon_user_plugin")) { + *result = cu_plugin; +@@ -2925,7 +2925,7 @@ + void usage(void) + { + printf("Usage:\n" \ +- " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ ++ " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \ + " g -- gssapi service name to use (default: host)\n" \ + " r -- # of random tests to do (default: 25)\n" \ + " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch new file mode 100644 index 000000000000..539bc06742e7 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch @@ -0,0 +1,25 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Exact description unknown; make sure mutex-related code works. +--- trunk.orig/lib/common.c ++++ trunk/lib/common.c +@@ -771,7 +771,7 @@ + result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); + if(result != SASL_OK) return result; + +- if (!free_mutex) ++ if (!free_mutex || free_mutex == 0x1) + free_mutex = sasl_MUTEX_ALLOC(); + if (!free_mutex) return SASL_FAIL; + +@@ -790,6 +790,11 @@ + + /* serialize disposes. this is necessary because we can't + dispose of conn->mutex if someone else is locked on it */ ++ ++ if (!free_mutex || free_mutex == 0x1) ++ free_mutex = sasl_MUTEX_ALLOC(); ++ if (!free_mutex) return SASL_FAIL; ++ + result = sasl_MUTEX_LOCK(free_mutex); + if (result!=SASL_OK) return; + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch new file mode 100644 index 000000000000..e252bab568b1 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch @@ -0,0 +1,67 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Make sasl_set_alloc a one-time function. +This patch will divert all allocations to whomever called +sasl_set_alloc first, hopefully that will be the application. If +not, we sure *hope* the library doing stupid things has sane +sasl_set_alloc semantics... +It will also deny any futher tries to sasl_set_alloc after one +of the _init functions are called. +This patch was introduced and works fine in SASL 1.5, and no +applications started behaving in insane ways, so chances are it +will also work with SASL 2.1 +Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139568 +Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274087 +Reference: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2525 +--- trunk.orig/lib/client.c ++++ trunk/lib/client.c +@@ -202,6 +202,9 @@ + { NULL, NULL } + }; + ++ /* lock allocation type */ ++ _sasl_allocation_locked++; ++ + if(_sasl_client_active) { + /* We're already active, just increase our refcount */ + /* xxx do something with the callback structure? */ +--- trunk.orig/lib/common.c ++++ trunk/lib/common.c +@@ -107,6 +107,7 @@ + (sasl_realloc_t *) &realloc, + (sasl_free_t *) &free + }; ++int _sasl_allocation_locked = 0; + + #define SASL_ENCODEV_EXTRA 4096 + +@@ -637,6 +638,8 @@ + sasl_realloc_t *r, + sasl_free_t *f) + { ++ if (_sasl_allocation_locked++) return; ++ + _sasl_allocation_utils.malloc=m; + _sasl_allocation_utils.calloc=c; + _sasl_allocation_utils.realloc=r; +--- trunk.orig/lib/saslint.h ++++ trunk/lib/saslint.h +@@ -300,6 +300,7 @@ + + extern sasl_allocation_utils_t _sasl_allocation_utils; + extern sasl_mutex_utils_t _sasl_mutex_utils; ++extern int _sasl_allocation_locked; + + /* + * checkpw.c +--- trunk.orig/lib/server.c ++++ trunk/lib/server.c +@@ -698,6 +698,9 @@ + { NULL, NULL } + }; + ++ /* lock allocation type */ ++ _sasl_allocation_locked++; ++ + /* we require the appname (if present) to be short enough to be a path */ + if (appname != NULL && strlen(appname) >= PATH_MAX) + return SASL_BADPARAM; diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch new file mode 100644 index 000000000000..14d4456494f4 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch @@ -0,0 +1,13 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Enable maintainer mode to avoid auto* problems. +--- trunk.orig/configure.in ++++ trunk/configure.in +@@ -62,6 +62,8 @@ + AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.23) + CMU_INIT_AUTOMAKE + ++AM_MAINTAINER_MODE ++ + # and include our config dir scripts + ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch new file mode 100644 index 000000000000..e9b92a40d8e0 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch @@ -0,0 +1,12 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Enable libtool use. +--- trunk.orig/saslauthd/configure.in ++++ trunk/saslauthd/configure.in +@@ -25,6 +25,7 @@ + AC_PROG_MAKE_SET + AC_PROG_LN_S + AC_PROG_INSTALL ++AC_PROG_LIBTOOL + + dnl Checks for build foo + CMU_C___ATTRIBUTE__ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch new file mode 100644 index 000000000000..d9daad7d89c9 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch @@ -0,0 +1,15 @@ +Author: Dann Frazier <dannf@debian.org> +Description: When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h> +will define a correct function prototype for the crypt function. This avoids +segfaults on architectures where the size of a pointer is greater than the size +of an integer (ia64 and amd64 are examples). This may be detected by looking +for build log lines such as the following: +auth_shadow.c:183: warning: implicit declaration of function ‘crypt’ +auth_shadow.c:183: warning: cast to pointer from integer of different size +--- trunk.orig/saslauthd/auth_shadow.c ++++ trunk/saslauthd/auth_shadow.c +@@ -1,3 +1,4 @@ ++#define _XOPEN_SOURCE + #define PWBUFSZ 256 /***SWB***/ + + /* MODULE: auth_shadow */ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch new file mode 100644 index 000000000000..ffc69b77ccaf --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch @@ -0,0 +1,27 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: This patch makes sure the non-PIC version of libsasldb.a, which +is created out of non-PIC objects, is not going to overwrite the PIC version, +which is created out of PIC objects. The PIC version is placed in .libs, and +the non-PIC version in the current directory. This ensures that both non-PIC +and PIC versions are available in the correct locations. +--- trunk.orig/lib/Makefile.am ++++ trunk/lib/Makefile.am +@@ -76,7 +76,7 @@ + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ +--- trunk.orig/sasldb/Makefile.am ++++ trunk/sasldb/Makefile.am +@@ -63,6 +63,6 @@ + EXTRA_libsasldb_a_SOURCES = + + libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) +- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) ++ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) + + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch new file mode 100644 index 000000000000..a80ca0639690 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch @@ -0,0 +1,24 @@ +Author: Sam Hocevar <sam@zoy.org> +Description: pid_file_lock is created with a mask of 644 instead of 0644. This +patch fixes this octal/decimal confusion as well as the (harmless) one in the +previous umask() call. +--- trunk.orig/saslauthd/saslauthd-main.c ++++ trunk/saslauthd/saslauthd-main.c +@@ -276,7 +276,7 @@ + exit(1); + } + +- umask(077); ++ umask(0077); + + pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1; + if ((pid_file_lock = malloc(pid_file_size)) == NULL) { +@@ -287,7 +287,7 @@ + strlcpy(pid_file_lock, run_path, pid_file_size); + strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size); + +- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) { ++ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) { + rc = errno; + logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock); + logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch new file mode 100644 index 000000000000..4df6a5aba42c --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch @@ -0,0 +1,38 @@ +Author: Roberto C. Sanchez <roberto@connexer.com> +Description: Drop gratuitous dependency on krb5support +--- trunk.orig/aclocal.m4 ++++ trunk/aclocal.m4 +@@ -2924,9 +2924,6 @@ + fi + + if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then +- # check for libkrb5support first +- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) +- + gss_failed=0 + AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, + ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) +--- trunk.orig/cmulocal/sasl2.m4 ++++ trunk/cmulocal/sasl2.m4 +@@ -110,9 +110,6 @@ + fi + + if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then +- # check for libkrb5support first +- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) +- + gss_failed=0 + AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, + ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) +--- trunk.orig/saslauthd/aclocal.m4 ++++ trunk/saslauthd/aclocal.m4 +@@ -1333,9 +1333,6 @@ + fi + + if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then +- # check for libkrb5support first +- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) +- + gss_failed=0 + AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, + ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch new file mode 100644 index 000000000000..0ee7236d4ab4 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch @@ -0,0 +1,15 @@ +Fix include path for newer PostgreSQL versions + +--- configure.in ++++ configure.in +@@ -674,7 +674,9 @@ + LIB_PGSQL_DIR=$LIB_PGSQL + LIB_PGSQL="$LIB_PGSQL -lpq" + +- if test -d ${with_pgsql}/include/pgsql; then ++ if test -d ${with_pgsql}/include/postgresql/pgsql; then ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql" ++ elif test -d ${with_pgsql}/include/pgsql; then + CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" + elif test -d ${with_pgsql}/pgsql/include; then + CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch new file mode 100644 index 000000000000..1779babaa71a --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch @@ -0,0 +1,172 @@ +Support for crypted passwords + +http://bugs.gentoo.org/45181 + +--- cyrus-sasl-2.1.19/lib/Makefile.in ++++ cyrus-sasl-2.1.19/lib/Makefile.in +@@ -120,7 +120,7 @@ + JAVA_TRUE = @JAVA_TRUE@ + LDFLAGS = @LDFLAGS@ + LIBOBJS = @LIBOBJS@ +-LIBS = @LIBS@ ++LIBS = -lcrypt @LIBS@ + LIBTOOL = @LIBTOOL@ + LIB_CRYPT = @LIB_CRYPT@ + LIB_DES = @LIB_DES@ +--- cyrus-sasl-2.1.19/lib/checkpw.c ++++ cyrus-sasl-2.1.19/lib/checkpw.c +@@ -94,6 +94,23 @@ + # endif + #endif + ++/****************************** ++ * crypt(3) patch start * ++ ******************************/ ++char *crypt(const char *key, const char *salt); ++ ++/* cleartext password formats */ ++#define PASSWORD_FORMAT_CLEARTEXT 1 ++#define PASSWORD_FORMAT_CRYPT 2 ++#define PASSWORD_FORMAT_CRYPTTRAD 3 ++#define PASSWORD_SALT_BUF_LEN 22 ++ ++/* weeds out crypt(3) password's salt */ ++int _sasl_get_salt (char *dest, char *src, int format); ++ ++/****************************** ++ * crypt(3) patch stop * ++ ******************************/ + + /* we store the following secret to check plaintext passwords: + * +@@ -143,7 +160,51 @@ + "*cmusaslsecretPLAIN", + NULL }; + struct propval auxprop_values[3]; +- ++ ++ /****************************** ++ * crypt(3) patch start * ++ * for password format check * ++ ******************************/ ++ sasl_getopt_t *getopt; ++ void *context; ++ const char *p = NULL; ++ /** ++ * MD5: 12 char salt ++ * BLOWFISH: 16 char salt ++ */ ++ char salt[PASSWORD_SALT_BUF_LEN]; ++ int password_format; ++ ++ /* get password format from auxprop configuration */ ++ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { ++ getopt(context, NULL, "password_format", &p, NULL); ++ } ++ ++ /* set password format */ ++ if (p) { ++ /* ++ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); ++ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); ++ */ ++ /* modern, modular crypt(3) */ ++ if (strncmp(p, "crypt", 11) == 0) ++ password_format = PASSWORD_FORMAT_CRYPT; ++ /* traditional crypt(3) */ ++ else if (strncmp(p, "crypt_trad", 11) == 0) ++ password_format = PASSWORD_FORMAT_CRYPTTRAD; ++ /* cleartext password */ ++ else ++ password_format = PASSWORD_FORMAT_CLEARTEXT; ++ } else { ++ /* cleartext password */ ++ password_format = PASSWORD_FORMAT_CLEARTEXT; ++ } ++ ++ /****************************** ++ * crypt(3) patch stop * ++ * for password format check * ++ ******************************/ ++ + if (!conn || !userstr) + return SASL_BADPARAM; + +@@ -180,14 +241,31 @@ + goto done; + } + +- /* At the point this has been called, the username has been canonified +- * and we've done the auxprop lookup. This should be easy. */ +- if(auxprop_values[0].name +- && auxprop_values[0].values +- && auxprop_values[0].values[0] +- && !strcmp(auxprop_values[0].values[0], passwd)) { +- /* We have a plaintext version and it matched! */ +- return SASL_OK; ++ ++ /****************************** ++ * crypt(3) patch start * ++ ******************************/ ++ ++ /* get salt */ ++ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); ++ ++ /* crypt(3)-ed password? */ ++ if (password_format != PASSWORD_FORMAT_CLEARTEXT) { ++ /* compare password */ ++ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) ++ return SASL_OK; ++ else ++ ret = SASL_BADAUTH; ++ } ++ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { ++ /* compare passwords */ ++ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) ++ return SASL_OK; ++ else ++ ret = SASL_BADAUTH; ++ /****************************** ++ * crypt(3) patch stop * ++ ******************************/ + } else if(auxprop_values[1].name + && auxprop_values[1].values + && auxprop_values[1].values[0]) { +@@ -975,3 +1053,37 @@ + #endif + { NULL, NULL } + }; ++ ++/* weeds out crypt(3) password's salt */ ++int _sasl_get_salt (char *dest, char *src, int format) { ++ int num; /* how many characters is salt long? */ ++ switch (format) { ++ case PASSWORD_FORMAT_CRYPT: ++ /* md5 crypt */ ++ if (src[1] == '1') ++ num = 12; ++ /* blowfish crypt */ ++ else if (src[1] == '2') ++ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; ++ /* traditional crypt */ ++ else ++ num = 2; ++ break; ++ ++ case PASSWORD_FORMAT_CRYPTTRAD: ++ num = 2; ++ break; ++ ++ default: ++ return 1; ++ } ++ ++ /* destroy destination */ ++ memset(dest, '\0', (num + 1)); ++ ++ /* copy salt to destination */ ++ strncpy(dest, src, num); ++ ++ return 1; ++} ++ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch new file mode 100644 index 000000000000..2bbacaa64b6b --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch @@ -0,0 +1,39 @@ +diff -u -r cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 cyrus-sasl-2.1.21/cmulocal/sasl2.m4 +--- cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 2006-08-01 08:29:59.000000000 +0200 ++++ cyrus-sasl-2.1.21/cmulocal/sasl2.m4 2006-08-01 08:31:32.000000000 +0200 +@@ -257,7 +257,21 @@ + + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" +- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) ++ dnl AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) ++ AC_CHECK_HEADER(gssapi/gssapi_krb5.h, AC_DEFINE(HAVE_GSSAPI_GSSAPI_KRB5_H,,[Define if you have the gssapi/gssapi_krb5.h header file])) ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ ++#ifdef HAVE_GSSAPI_H ++#include <gssapi.h> ++#else ++#include <gssapi/gssapi.h> ++#endif ++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H ++#include <gssapi/gssapi_krb5.h> ++#endif ++]],[[gsskrb5_register_acceptor_identity("");]]) ++],[AC_DEFINE(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY,, ++ [Define if your GSSAPI implimentation defines GSSKRB5_REGISTER_ACCEPTOR_IDENTITY]) ++]) + LIBS="$cmu_save_LIBS" + else + AC_MSG_RESULT([disabled]) +diff -u -r cyrus-sasl-2.1.21-orig/plugins/gssapi.c cyrus-sasl-2.1.21/plugins/gssapi.c +--- cyrus-sasl-2.1.21-orig/plugins/gssapi.c 2004-07-21 16:39:06.000000000 +0200 ++++ cyrus-sasl-2.1.21/plugins/gssapi.c 2006-08-01 08:30:26.000000000 +0200 +@@ -50,6 +50,9 @@ + #else + #include <gssapi/gssapi.h> + #endif ++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H ++#include <gssapi/gssapi_krb5.h> ++#endif + + #ifdef WIN32 + # include <winsock2.h> diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch new file mode 100644 index 000000000000..1294cb507783 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch @@ -0,0 +1,11 @@ +--- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700 ++++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700 +@@ -77,7 +77,7 @@ + AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) + SASL_DB_PATH_CHECK() + SASL_DB_CHECK() +- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" ++ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB" + fi + + AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch new file mode 100644 index 000000000000..fd356327b4f2 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch @@ -0,0 +1,71 @@ +http://bugs.gentoo.org/152544 + +--- cyrus-sasl-2.1.22/lib/Makefile.am ++++ cyrus-sasl-2.1.22/lib/Makefile.am +@@ -45,6 +45,7 @@ sasl_version = 2:22:0 + + INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb + ++AM_CFLAGS = -fPIC + EXTRA_DIST = windlopen.c staticopen.h NTMakefile + EXTRA_LIBRARIES = libsasl2.a + noinst_LIBRARIES = @SASL_STATIC_LIBS@ +--- cyrus-sasl-2.1.22/plugins/Makefile.am ++++ cyrus-sasl-2.1.22/plugins/Makefile.am +@@ -63,6 +63,7 @@ srp_version = 2:22:0 + + INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include + AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) ++AM_CFLAGS = -fPIC + + COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ + +--- cyrus-sasl-2.1.22/sasldb/Makefile.am ++++ cyrus-sasl-2.1.22/sasldb/Makefile.am +@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top + + extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c + ++AM_CFLAGS = -fPIC + EXTRA_DIST = NTMakefile + + noinst_LTLIBRARIES = libsasldb.la +--- cyrus-sasl-2.1.22/utils/Makefile.am ++++ cyrus-sasl-2.1.22/utils/Makefile.am +@@ -42,7 +42,7 @@ + # + ################################################################ + +-all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) ++all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT) + all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) + + sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer +--- cyrus-sasl-2.1.22/sample/Makefile.am ++++ cyrus-sasl-2.1.22/sample/Makefile.am +@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c + server_SOURCES = server.c common.c common.h + client_SOURCES = client.c common.c common.h + +-server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) +-client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) ++server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) ++client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) + +-sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) +-sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) ++sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) ++sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) + + EXTRA_DIST = NTMakefile +--- cyrus-sasl-2.1.22/lib/Makefile.am ++++ cyrus-sasl-2.1.22/lib/Makefile.am +@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la + libsasl2_la_SOURCES = $(common_sources) $(common_headers) + libsasl2_la_LDFLAGS = -version-info $(sasl_version) + libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) +-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) ++libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT) + + if MACOSX + framedir = /Library/Frameworks/SASL2.framework diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch new file mode 100644 index 000000000000..e2621278ba12 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch @@ -0,0 +1,24 @@ +fix warnings with gcc-4.4 + +http://bugs.gentoo.org/248738 + +--- cyrus-sasl-2.1.22/plugins/digestmd5.c ++++ cyrus-sasl-2.1.22/plugins/digestmd5.c +@@ -2715,7 +2715,7 @@ static sasl_server_plug_t digestmd5_serv + "DIGEST-MD5", /* mech_name */ + #ifdef WITH_RC4 + 128, /* max_ssf */ +-#elif WITH_DES ++#elif defined(WITH_DES) + 112, + #else + 1, +@@ -4034,7 +4034,7 @@ static sasl_client_plug_t digestmd5_clie + "DIGEST-MD5", + #ifdef WITH_RC4 /* mech_name */ + 128, /* max ssf */ +-#elif WITH_DES ++#elif defined(WITH_DES) + 112, + #else + 1, diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch new file mode 100644 index 000000000000..4f7b04f135a7 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch @@ -0,0 +1,22 @@ +fix missing prototype warnings + +--- cyrus-sasl-2.1.22/lib/auxprop.c ++++ cyrus-sasl-2.1.22/lib/auxprop.c +@@ -43,6 +43,7 @@ + */ + + #include <config.h> ++#include <stdio.h> + #include <sasl.h> + #include <prop.h> + #include <ctype.h> +--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c ++++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c +@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF + ******************************************************************/ + + #include <shadow.h> ++#include <string.h> + + extern char *crypt(); + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch new file mode 100644 index 000000000000..10be0202ee86 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch @@ -0,0 +1,23 @@ +--- sasldb/db_berkeley.c.orig 2010-10-04 21:11:15.044010468 -0400 ++++ sasldb/db_berkeley.c 2010-10-04 21:12:18.921998718 -0400 +@@ -100,7 +100,7 @@ + ret = db_create(mbdb, NULL, 0); + if (ret == 0 && *mbdb != NULL) + { +-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ++#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 + ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); + #else + ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); + +--- utils/dbconverter-2.c.orig 2010-10-04 21:23:39.778000256 -0400 ++++ utils/dbconverter-2.c 2010-10-04 21:24:50.384999893 -0400 +@@ -214,7 +214,7 @@ + ret = db_create(mbdb, NULL, 0); + if (ret == 0 && *mbdb != NULL) + { +-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ++#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 + ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); + #else + ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664); diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch new file mode 100644 index 000000000000..460953bf01e4 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch @@ -0,0 +1,104 @@ +From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Tue, 9 Jul 2013 +Subject: Handle NULL returns from glibc 2.17+ crypt(). + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +When using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. +--- + pwcheck/pwcheck_getpwnam.c | 3 ++- + pwcheck/pwcheck_getspnam.c | 3 ++- + saslauthd/auth_getpwent.c | 3 ++- + saslauthd/auth_shadow.c | 7 ++----- + 4 files changed, 8 insertions(+), 8 deletions(-) + +--- a/pwcheck/pwcheck_getpwnam.c ++++ b/pwcheck/pwcheck_getpwnam.c +@@ -32,6 +32,7 @@ extern char *crypt(); + char *password; + { + char* r; ++ char* crpt_passwd; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,7 +42,7 @@ char *password; + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { ++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { + r = "Incorrect password"; + } + else { +--- a/saslauthd/auth_getpwent.c ++++ b/saslauthd/auth_getpwent.c +@@ -70,6 +70,7 @@ auth_getpwent ( + { + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ ++ char *crpt_passwd; /* encrypted password */ + /* END VARIABLES */ + + pw = getpwnam(login); +@@ -79,7 +80,7 @@ auth_getpwent ( + RETURN("NO"); + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { + RETURN("NO"); + } + +--- a/saslauthd/auth_shadow.c ++++ b/saslauthd/auth_shadow.c +@@ -180,16 +180,13 @@ auth_shadow ( + * not returning any information about a login until we have validated + * the password. + */ +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -251,7 +250,7 @@ auth_shadow ( + RETURN("NO"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); +--- a/pwcheck/pwcheck_getspnam.c 2013-07-14 08:05:00.000000000 +0000 ++++ b/pwcheck/pwcheck_getspnam.c 2013-07-14 08:06:10.958815179 +0000 +@@ -32,13 +33,14 @@ + char *password; + { + struct spwd *pwd; ++ char *crpt_passwd; + + pwd = getspnam(userid); + if (!pwd) { + return "Userid not found"; + } + +- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { ++ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { + return "Incorrect password"; + } + else { diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch new file mode 100644 index 000000000000..f5f372d171ee --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch @@ -0,0 +1,28 @@ +fix warnings: + +auth_sasldb.c: In function ‘auth_sasldb’: +auth_sasldb.c:144: warning: implicit declaration of function ‘gethostname’ + +auth_sasldb.c:153: warning: passing argument 8 of ‘_sasldb_getdata’ from incompatible pointer type +../sasldb/sasldb.h:60: note: expected ‘size_t *’ but argument is of type ‘int *’ + +--- saslauthd/auth_sasldb.c ++++ saslauthd/auth_sasldb.c +@@ -41,6 +41,7 @@ + #include <string.h> + #include <stdlib.h> + #include <pwd.h> ++#include <unistd.h> + /* END PUBLIC DEPENDENCIES */ + + #define RETURN(x) return strdup(x) +@@ -131,7 +132,8 @@ + /* VARIABLES */ + char pw[1024]; /* pointer to passwd file entry */ + sasl_utils_t utils; +- int ret, outsize; ++ int ret; ++ size_t outsize; + const char *use_realm; + char realm_buf[MAXHOSTNAMELEN]; + /* END VARIABLES */ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch new file mode 100644 index 000000000000..9eeab1b42ff9 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch @@ -0,0 +1,16 @@ +Gentoo bug #389349 +--- cmulocal/sasl2.m4 2009-04-28 17:09:13.000000000 +0200 ++++ cmulocal/sasl2.m4 2011-11-02 17:55:24.000000000 +0100 +@@ -217,7 +217,11 @@ + [AC_WARN([Cybersafe define not found])]) + + elif test "$ac_cv_header_gssapi_h" = "yes"; then +- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, ++ AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h, ++ [#include <gssapi.h> ++ #ifdef GSS_C_NT_HOSTBASED_SERVICE ++ hostbased_service_gss_nt_yes ++ #endif], + [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, + [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) + elif test "$ac_cv_header_gssapi_gssapi_h"; then diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch new file mode 100644 index 000000000000..5574072d0e0d --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch @@ -0,0 +1,28 @@ +--- a/saslauthd/auth_rimap.c 2011-09-01 14:19:54.754622284 +0100 ++++ b/saslauthd/auth_rimap.c 2011-09-01 14:19:59.410561033 +0100 +@@ -162,6 +162,7 @@ + num_quotes = 0; + p1 = s; + while ((p1 = strchr(p1, '"')) != NULL) { ++ p1++; + num_quotes++; + } + +@@ -438,7 +439,7 @@ + syslog(LOG_WARNING, "auth_rimap: writev: %m"); + memset(qlogin, 0, strlen(qlogin)); + free(qlogin); +- memset(qpass, 0, strlen(qlogin)); ++ memset(qpass, 0, strlen(qpass)); + free(qpass); + (void)close(s); + return strdup(RESP_IERROR); +@@ -447,7 +448,7 @@ + /* don't need these any longer */ + memset(qlogin, 0, strlen(qlogin)); + free(qlogin); +- memset(qpass, 0, strlen(qlogin)); ++ memset(qpass, 0, strlen(qpass)); + free(qpass); + + /* read and parse the LOGIN response */ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch new file mode 100644 index 000000000000..67b48b4a4993 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch @@ -0,0 +1,27 @@ +Author: Matthias Klose <doko@ubuntu.com> +Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use +it. +--- a/saslauthd/Makefile.am ++++ b/saslauthd/Makefile.am +@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c + saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ + saslauthd_LDADD = @SASL_KRB_LIB@ \ + @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ +- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ ++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ + + testsaslauthd_SOURCES = testsaslauthd.c utils.c + testsaslauthd_LDADD = @LIB_SOCKET@ +--- a/sasldb/Makefile.am ++++ b/sasldb/Makefile.am +@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a + + libsasldb_la_SOURCES = allockey.c sasldb.h + EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) +-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) +-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) ++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) ++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + + # Prevent make dist stupidity + libsasldb_a_SOURCES = diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch new file mode 100644 index 000000000000..5837921d4f7f --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch @@ -0,0 +1,114 @@ +--- a/configure.in ++++ b/configure.in +@@ -44,6 +44,8 @@ dnl + AC_INIT(lib/saslint.h) + AC_PREREQ([2.54]) + ++AC_CONFIG_MACRO_DIR([cmulocal] [config]) ++ + dnl use ./config.cache as the default cache file. + dnl we require a cache file to successfully configure our build. + if test $cache_file = "/dev/null"; then +--- a/Makefile.am ++++ b/Makefile.am +@@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7 + # + ################################################################ + ++ACLOCAL_AMFLAGS = -I cmulocal -I config ++ + if SASLAUTHD + SAD = saslauthd + else +--- a/saslauthd/configure.in ++++ b/saslauthd/configure.in +@@ -1,7 +1,8 @@ + AC_INIT(mechanisms.h) + AC_PREREQ([2.54]) + +-AC_CONFIG_AUX_DIR(config) ++AC_CONFIG_MACRO_DIR([../cmulocal] [../config]) ++AC_CONFIG_AUX_DIR([config]) + AC_CANONICAL_HOST + + dnl Should we enable SASLAUTHd at all? +@@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS) + + dnl Checks for which function macros exist + AC_MSG_CHECKING(whether $CC implements __func__) +-AC_CACHE_VAL(have_func, ++AC_CACHE_VAL(_cv_have_func, + [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);], +-have_func=yes, +-have_func=no)]) +-AC_MSG_RESULT($have_func) +-if test "$have_func" = yes; then ++_cv_have_func=yes, ++_cv_have_func=no)]) ++AC_MSG_RESULT($_cv_have_func) ++if test "$_cv_have_func" = yes; then + AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) + else + AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) +- AC_CACHE_VAL(have_pretty_function, ++ AC_CACHE_VAL(_cv_have_pretty_function, + [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);], +- have_pretty_function=yes, +- have_pretty_function=no)]) +- AC_MSG_RESULT($have_pretty_function) +- if test "$have_pretty_function" = yes; then ++ _cv_have_pretty_function=yes, ++ _cv_have_pretty_function=no)]) ++ AC_MSG_RESULT($_cv_have_pretty_function) ++ if test "$_cv_have_pretty_function" = yes; then + AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) + else + AC_MSG_CHECKING(whether $CC implements __FUNCTION__) +- AC_CACHE_VAL(have_function, ++ AC_CACHE_VAL(_cv_have_function, + [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);], +- have_function=yes, +- have_function=no)]) +- AC_MSG_RESULT($have_function) +- if test "$have_function" = yes; then ++ _cv_have_function=yes, ++ _cv_have_function=no)]) ++ AC_MSG_RESULT($_cv_have_function) ++ if test "$_cv_have_function" = yes; then + AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) + fi + fi +--- a/saslauthd/Makefile.am ++++ b/saslauthd/Makefile.am +@@ -1,4 +1,6 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config ++ + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + +--- a/config/kerberos_v4.m4 ++++ b/config/kerberos_v4.m4 +@@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [ + dnl if we were ambitious, we would look more aggressively for the + dnl krb4 install + if test -d ${krb4}; then +- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ ++ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ + for krbhloc in include/kerberosIV include/kerberos include + do + if test -f ${krb4}/${krbhloc}/krb.h ; then +- cyrus_krbinclude=${krb4}/${krbhloc} ++ cyrus_cv_krbinclude=${krb4}/${krbhloc} + break + fi + done + ]) + +- if test -n "${cyrus_krbinclude}"; then +- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" ++ if test -n "${cyrus_cv_krbinclude}"; then ++ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" + fi + LDFLAGS="$LDFLAGS -L$krb4/lib" + fi diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch new file mode 100644 index 000000000000..a9dd1476d2e6 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-auxprop.patch @@ -0,0 +1,16 @@ +https://bugzilla.cyrusimap.org/show_bug.cgi?id=3590 +https://bugs.gentoo.org/show_bug.cgi?id=392761 + +--- cyrus-sasl-2.1.25/lib/auxprop.c~ 2011-10-20 17:33:46.423015318 +0200 ++++ cyrus-sasl-2.1.25/lib/auxprop.c 2011-10-20 17:48:49.336348654 +0200 +@@ -971,6 +971,10 @@ + } + + if(!found) { ++ /* compatibility with <= 2.1.23, ignore the lack of auxrop plugin */ ++ if (!plist) ++ result = SASL_OK; ++ else + _sasl_log(sparams->utils->conn, SASL_LOG_DEBUG, + "could not find auxprop plugin, was searching for '%s'", + plist ? plist : "[all]"); diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch new file mode 100644 index 000000000000..2e5b1750d00d --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch @@ -0,0 +1,27 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: This patch makes sure the non-PIC version of libsasldb.a, which +is created out of non-PIC objects, is not going to overwrite the PIC version, +which is created out of PIC objects. The PIC version is placed in .libs, and +the non-PIC version in the current directory. This ensures that both non-PIC +and PIC versions are available in the correct locations. +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -78,7 +78,7 @@ endif + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ +--- a/sasldb/Makefile.am ++++ b/sasldb/Makefile.am +@@ -63,6 +63,6 @@ libsasldb_a_SOURCES = + EXTRA_libsasldb_a_SOURCES = + + libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) +- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) ++ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) + + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch new file mode 100644 index 000000000000..abf0df2568c6 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch @@ -0,0 +1,27 @@ +Fix compiling against heimdal + +--- sample/server.c 2010-12-01 14:52:55.000000000 +0000 ++++ sample/server.c 2011-11-30 14:54:42.000000000 +0000 +@@ -85,8 +85,10 @@ + + #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE + #include <gssapi/gssapi.h> ++#ifndef KRB5_HEIMDAL + #include <gssapi/gssapi_ext.h> + #endif ++#endif + + #include "common.h" + +--- plugins/gssapi.c 2011-05-11 19:25:55.000000000 +0000 ++++ plugins/gssapi.c 2011-11-30 14:54:33.000000000 +0000 +@@ -50,6 +50,9 @@ + #else + #include <gssapi/gssapi.h> + #endif ++#ifdef KRB5_HEIMDAL ++#include <gssapi/gssapi_krb5.h> ++#endif + + #ifdef WIN32 + # include <winsock2.h> diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch new file mode 100644 index 000000000000..597d45a76795 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch @@ -0,0 +1,10 @@ +--- pwcheck/pwcheck_getspnam.c 1999-08-26 19:22:44.000000000 +0300 ++++ pwcheck/pwcheck_getspnam.c 2011-11-30 13:22:24.601023316 +0200 +@@ -24,6 +24,7 @@ + ******************************************************************/ + + #include <shadow.h> ++#include <string.h> + + extern char *crypt(); + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch new file mode 100644 index 000000000000..da1a49f1dd66 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch @@ -0,0 +1,12 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Enable libtool use. +--- a/saslauthd/configure.in ++++ b/saslauthd/configure.in +@@ -25,6 +25,7 @@ AC_PROG_AWK + AC_PROG_MAKE_SET + AC_PROG_LN_S + AC_PROG_INSTALL ++AC_PROG_LIBTOOL + + dnl Checks for build foo + CMU_C___ATTRIBUTE__ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch new file mode 100644 index 000000000000..8eff5a8bdd12 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch @@ -0,0 +1,14 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Fix linking with libsasldb.a when saslauthd is built with sasldb +support. +--- a/saslauthd/configure.in ++++ b/saslauthd/configure.in +@@ -77,7 +77,7 @@ if test "$authsasldb" != no; then + AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) + SASL_DB_PATH_CHECK() + SASL_DB_CHECK() +- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" ++ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" + fi + + AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch new file mode 100644 index 000000000000..117e8eb88802 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch @@ -0,0 +1,27 @@ +Bug #445932 +--- cmulocal/sasl2.m4 2011-09-02 12:58:00.000000000 +0000 ++++ cmulocal/sasl2.m4 2012-12-05 08:37:16.425811319 +0000 +@@ -268,7 +268,11 @@ + + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" +- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) ++ AC_CHECK_FUNCS([gsskrb5_register_acceptor_identity], [], ++ [AC_CHECK_FUNCS([krb5_gss_register_acceptor_identity], ++ [AC_CHECK_HEADERS([gssapi/gssapi_krb5.h], ++ [AC_DEFINE([HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY], [1])] ++ )])]) + AC_CHECK_FUNCS(gss_decapsulate_token) + AC_CHECK_FUNCS(gss_encapsulate_token) + AC_CHECK_FUNCS(gss_oid_equal) +--- plugins/gssapi.c 2012-12-05 09:03:31.000220161 +0000 ++++ plugins/gssapi.c 2012-12-05 09:01:55.043380204 +0000 +@@ -50,7 +50,7 @@ + #else + #include <gssapi/gssapi.h> + #endif +-#ifdef KRB5_HEIMDAL ++#if defined (KRB5_HEIMDAL) || defined (HAVE_GSSAPI_GSSAPI_KRB5_H) + #include <gssapi/gssapi_krb5.h> + #endif + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch new file mode 100644 index 000000000000..09c9ce86c9ac --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch @@ -0,0 +1,116 @@ +From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Thu, 11 Jul 2013 09:08:07 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt() + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +When using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Patch by mancha1@hush.com. +--- +diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c +index 4b34222..400289c 100644 +--- a/pwcheck/pwcheck_getpwnam.c ++++ b/pwcheck/pwcheck_getpwnam.c +@@ -32,6 +32,7 @@ char *userid; + char *password; + { + char* r; ++ char* crpt_passwd; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,7 +42,7 @@ char *password; + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { ++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { + r = "Incorrect password"; + } + else { +diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c +index 2b11286..6d607bb 100644 +--- a/pwcheck/pwcheck_getspnam.c ++++ b/pwcheck/pwcheck_getspnam.c +@@ -32,13 +32,15 @@ char *userid; + char *password; + { + struct spwd *pwd; ++ char *crpt_passwd; + + pwd = getspnam(userid); + if (!pwd) { + return "Userid not found"; + } + +- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { ++ crpt_passwd = crypt(password, pwd->sp_pwdp); ++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { + return "Incorrect password"; + } + else { +diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c +index fc8029d..d4ebe54 100644 +--- a/saslauthd/auth_getpwent.c ++++ b/saslauthd/auth_getpwent.c +@@ -77,6 +77,7 @@ auth_getpwent ( + { + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ ++ char *crpt_passwd; /* encrypted password */ + int errnum; + /* END VARIABLES */ + +@@ -105,7 +106,8 @@ auth_getpwent ( + } + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ crpt_passwd = crypt(password, pw->pw_passwd); ++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); + } +diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c +index 677131b..1988afd 100644 +--- a/saslauthd/auth_shadow.c ++++ b/saslauthd/auth_shadow.c +@@ -210,8 +210,8 @@ auth_shadow ( + RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); + } + +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ cpw = crypt(password, sp->sp_pwdp); ++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { + if (flags & VERBOSE) { + /* + * This _should_ reveal the SHADOW_PW_LOCKED prefix to an +@@ -221,10 +221,8 @@ auth_shadow ( + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO Incorrect password"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -286,7 +284,7 @@ auth_shadow ( + RETURN("NO Invalid username"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); +-- +cgit v0.9.0.2 diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch new file mode 100644 index 000000000000..af382181e046 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch @@ -0,0 +1,10 @@ +--- cyrus-sasl2.orig/plugins/ldapdb.c ++++ cyrus-sasl2/plugins/ldapdb.c +@@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context, + if ( len > out_max ) + len = out_max; + memcpy(out, bvals[0]->bv_val, len); ++ out[len] = '\0'; + *out_ulen = len; + ber_bvecfree(bvals); + } diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch new file mode 100644 index 000000000000..46bbdd1ca1a0 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch @@ -0,0 +1,90 @@ +Bug #510320 +--- saslauthd/auth_rimap.c 2012-10-12 14:05:48.000000000 +0000 ++++ saslauthd/auth_rimap.c 2014-05-15 05:23:02.000000000 +0000 +@@ -371,7 +371,7 @@ + if ( rc>0 ) { + /* check if there is more to read */ + fd_set perm; +- int fds, ret; ++ int fds, ret, loopc; + struct timeval timeout; + + FD_ZERO(&perm); +@@ -380,6 +380,7 @@ + + timeout.tv_sec = 1; + timeout.tv_usec = 0; ++ loopc = 0; + while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { + if ( FD_ISSET(s, &perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); +@@ -387,6 +388,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc += ret; + } + } +@@ -484,7 +493,7 @@ + if ( rc>0 ) { + /* check if there is more to read */ + fd_set perm; +- int fds, ret; ++ int fds, ret, loopc; + struct timeval timeout; + + FD_ZERO(&perm); +@@ -493,6 +502,7 @@ + + timeout.tv_sec = 1; + timeout.tv_usec = 0; ++ loopc = 0; + while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { + if ( FD_ISSET(s, &perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); +@@ -500,6 +510,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc += ret; + } + } +--- lib/checkpw.c 2012-01-27 23:31:36.000000000 +0000 ++++ lib/checkpw.c 2014-05-15 05:19:35.000000000 +0000 +@@ -587,16 +587,14 @@ + /* Timeout. */ + errno = ETIMEDOUT; + return -1; +- case +1: +- if (FD_ISSET(fd, &rfds)) { +- /* Success, file descriptor is readable. */ +- return 0; +- } +- return -1; + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + default: ++ if (FD_ISSET(fd, &rfds)) { ++ /* Success, file descriptor is readable. */ ++ return 0; ++ } + /* Error catch-all. */ + return -1; + } diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch new file mode 100644 index 000000000000..42f20fb8096b --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch @@ -0,0 +1,13 @@ +Gentoo bug #458790 +--- include/sasl.h 2012-10-12 17:05:48.000000000 +0300 ++++ include/sasl.h 2013-02-23 16:56:44.648786268 +0200 +@@ -121,6 +121,9 @@ + #ifndef SASL_H + #define SASL_H 1 + ++/* stddef.h to get size_t defined */ ++#include <stddef.h> ++ + /* Keep in sync with win32/common.mak */ + #define SASL_VERSION_MAJOR 2 + #define SASL_VERSION_MINOR 1 diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch new file mode 100644 index 000000000000..d8b4b6efc3f8 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch @@ -0,0 +1,48 @@ +--- cyrus-sasl2.orig/saslauthd/auth_rimap.c ++++ cyrus-sasl2/saslauthd/auth_rimap.c +@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re + service we connect to. */ + #define TAG "saslauthd" /* IMAP command tag */ + #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ ++#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ + #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ + #define RESP_LEN 1000 /* size of read response buffer */ + +@@ -307,10 +308,12 @@ auth_rimap ( + int s=-1; /* socket to remote auth host */ + struct addrinfo *r; /* remote socket address info */ + struct iovec iov[5]; /* for sending LOGIN command */ ++ struct iovec iov2[2]; /* for sending LOGOUT command */ + char *qlogin; /* pointer to "quoted" login */ + char *qpass; /* pointer to "quoted" password */ + char *c; /* scratch pointer */ + int rc; /* return code scratch area */ ++ int rcl; /* return code scratch area */ + char rbuf[RESP_LEN]; /* response read buffer */ + char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; + int saved_errno; +@@ -505,6 +508,24 @@ auth_rimap ( + } + } + } ++ ++ /* close remote imap */ ++ iov2[0].iov_base = LOGOUT_CMD; ++ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; ++ iov2[1].iov_base = "\r\n"; ++ iov2[1].iov_len = sizeof("\r\n") - 1; ++ ++ if (flags & VERBOSE) { ++ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", ++ LOGOUT_CMD, qlogin, qpass); ++ } ++ alarm(NETWORK_IO_TIMEOUT); ++ rcl = retry_writev(s, iov2, 2); ++ alarm(0); ++ if (rcl == -1) { ++ syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); ++ } ++ + (void) close(s); /* we're done with the remote */ + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (response): %m"); diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl.conf b/dev-libs/cyrus-sasl/files/cyrus-sasl.conf new file mode 100644 index 000000000000..d4809f73c8e9 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl.conf @@ -0,0 +1 @@ +d /run/saslauthd 0755 root root - diff --git a/dev-libs/cyrus-sasl/files/java.README.gentoo b/dev-libs/cyrus-sasl/files/java.README.gentoo new file mode 100644 index 000000000000..fb73204ecab1 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/java.README.gentoo @@ -0,0 +1,39 @@ +4-Nov-2000 + +Note: this file has been modified to adapt to Gentoo specific. + +class files are installed in + +`java-config -p cyrus-sasl-2` + +to compile programs using it, do: + +javac -classpath $JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2` <file>.java + +(make sure to substitute your JDK for $JAVA_HOME/lib/tools.jar) + +to run, do + +java -classpath <same path as above> <YourProgram> + +---------------------------- +This is a java version of the SASL libraries. It supports all the +mechanisms in the C version and conforms to the internet draft in the +doc/ directory. JNI is used. + +Sample applications exist in the Test/ directory. + +They generally can be run with something like: + +java -debug -classpath +../:$JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2`:. jimtest -p 2143 -m +KERBEROS_V4 cyrus-dev + +and + +java -debug -classpath +../:$JAVA_HOME/lib/tools.jar:`java-config -p cyrus-sasl-2`:. testserver + + +Any feedback is welcome. + diff --git a/dev-libs/cyrus-sasl/files/pwcheck.rc6 b/dev-libs/cyrus-sasl/files/pwcheck.rc6 new file mode 100644 index 000000000000..4530daf12976 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/pwcheck.rc6 @@ -0,0 +1,21 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + need localmount + use logger +} + +start() { + ebegin "Starting sasl pwcheck daemon" + start-stop-daemon --start --quiet --exec /usr/sbin/pwcheck + eend $? +} + +stop() { + ebegin "Stopping sasl pwcheck daemon" + start-stop-daemon --stop --quiet --exec /usr/sbin/pwcheck + eend $? +} diff --git a/dev-libs/cyrus-sasl/files/pwcheck.service b/dev-libs/cyrus-sasl/files/pwcheck.service new file mode 100644 index 000000000000..74ff4859abf7 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/pwcheck.service @@ -0,0 +1,9 @@ +[Unit] +Description=SASL pwcheck daemon + +[Service] +Type=forking +ExecStart=/usr/sbin/pwcheck + +[Install] +WantedBy=multi-user.target diff --git a/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf b/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf new file mode 100644 index 000000000000..1bbe44d76553 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf @@ -0,0 +1,25 @@ +# $Id$ + +# Config file for /etc/init.d/saslauthd + +# Initial (empty) options. +SASLAUTHD_OPTS="" + +# Specify the authentications mechanism. +# **NOTE** For a list see: saslauthd -v +# Since 2.1.19, add "-r" to options for old behavior, +# ie. reassemble user and realm to user@realm form. +#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r" +SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam" + +# Specify the hostname for remote IMAP server. +# **NOTE** Only needed if rimap auth mechanism is used. +#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost" + +# Specify the number of worker processes to create. +#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5" + +# Enable credential cache, set cache size and timeout. +# **NOTE** Size is measured in kilobytes. +# Timeout is measured in seconds. +#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30" diff --git a/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf b/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf new file mode 100644 index 000000000000..2b60bc03c974 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf @@ -0,0 +1,21 @@ +# $Id$ + +# Config file for /etc/init.d/saslauthd and systemd unit + +# PLEASE READ THIS IF YOU ARE USING SYSTEMD +# Please note that systemd does not expand shell variables +# thus, something like FOO="${FOO} bar" won't work. + +# Specify the authentications mechanism. +# **NOTE** For a list see: saslauthd -v +# Since 2.1.19, add "-r" to options for old behavior, +# ie. reassemble user and realm to user@realm form. +# +# Specify the hostname for remote IMAP server using: +# "-O localhost". +# Specify the number of worker processes to create using: +# "-n <N>". +# Enable credential cache, set cache size and timeout using: +# "-c -s <cache size, like 128> -t <timeout seconds>". +# +SASLAUTHD_OPTS="-a pam" diff --git a/dev-libs/cyrus-sasl/files/saslauthd.pam-include b/dev-libs/cyrus-sasl/files/saslauthd.pam-include new file mode 100644 index 000000000000..d50a84946a78 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/saslauthd.pam-include @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth required pam_nologin.so +auth include system-auth + +account include system-auth + +session include system-auth diff --git a/dev-libs/cyrus-sasl/files/saslauthd.service b/dev-libs/cyrus-sasl/files/saslauthd.service new file mode 100644 index 000000000000..1609a651e4e0 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/saslauthd.service @@ -0,0 +1,13 @@ +[Unit] +Description=SASL Authentication Daemon + +[Service] +Type=forking +PIDFile=/run/saslauthd/saslauthd.pid +EnvironmentFile=/etc/conf.d/saslauthd +ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS +ExecStop=/bin/kill -15 $MAINPID +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/dev-libs/cyrus-sasl/files/saslauthd2.rc6 b/dev-libs/cyrus-sasl/files/saslauthd2.rc6 new file mode 100644 index 000000000000..b1cc1c3b333e --- /dev/null +++ b/dev-libs/cyrus-sasl/files/saslauthd2.rc6 @@ -0,0 +1,21 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + need net +} + +start() { + ebegin "Starting saslauthd" + start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \ + -- ${SASLAUTHD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping saslauthd" + start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid + eend $? +} diff --git a/dev-libs/cyrus-sasl/files/saslauthd2.rc7 b/dev-libs/cyrus-sasl/files/saslauthd2.rc7 new file mode 100644 index 000000000000..23504f60f517 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/saslauthd2.rc7 @@ -0,0 +1,21 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + need net +} + +start() { + ebegin "Starting saslauthd" + start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \ + -- ${SASLAUTHD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping saslauthd" + start-stop-daemon --stop --quiet --pidfile /run/saslauthd/saslauthd.pid + eend $? +} |