Add fix for auth_rimap infinite loop (hang) when IMAP server closes connection (Closes: #815208)
Also reformat patches using gbp pq import && export
Ondřej Surý
8 years ago
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:02 +0100 | |
3 | Subject: Make the libsasl2 symbols versioned | |
4 | ||
5 | --- | |
6 | Versions | 7 +++++++ | |
7 | lib/Makefile.am | 4 ++-- | |
8 | 2 files changed, 9 insertions(+), 2 deletions(-) | |
9 | create mode 100644 Versions | |
10 | ||
11 | diff --git a/Versions b/Versions | |
12 | new file mode 100644 | |
13 | index 0000000..f803d00 | |
14 | --- /dev/null | |
15 | +++ b/Versions | |
16 | @@ -0,0 +1,7 @@ | |
17 | +SASL2 { | |
18 | + global: | |
19 | + sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*; | |
20 | +}; | |
21 | + | |
22 | +HIDDEN { local: __*; _rest*; _save*; *; }; | |
23 | + | |
24 | diff --git a/lib/Makefile.am b/lib/Makefile.am | |
25 | index b8964a8..bff8efe 100644 | |
26 | --- a/lib/Makefile.am | |
27 | +++ b/lib/Makefile.am | |
28 | @@ -64,8 +64,8 @@ LIB_DOOR= @LIB_DOOR@ | |
29 | lib_LTLIBRARIES = libsasl2.la | |
30 | ||
31 | libsasl2_la_SOURCES = $(common_sources) $(common_headers) | |
32 | -libsasl2_la_LDFLAGS = -version-info $(sasl_version) | |
33 | -libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) | |
34 | +libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions | |
35 | +libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions | |
36 | libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) | |
37 | ||
38 | if MACOSX |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Use versioned symbols for libsasl2. | |
2 | --- cyrus-sasl2.orig/lib/Makefile.am | |
3 | +++ cyrus-sasl2/lib/Makefile.am | |
4 | @@ -64,8 +64,8 @@ LIB_DOOR= @LIB_DOOR@ | |
5 | lib_LTLIBRARIES = libsasl2.la | |
6 | ||
7 | libsasl2_la_SOURCES = $(common_sources) $(common_headers) | |
8 | -libsasl2_la_LDFLAGS = -version-info $(sasl_version) | |
9 | -libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) | |
10 | +libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions | |
11 | +libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions | |
12 | libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) | |
13 | ||
14 | if MACOSX | |
15 | --- /dev/null | |
16 | +++ cyrus-sasl2/Versions | |
17 | @@ -0,0 +1,7 @@ | |
18 | +SASL2 { | |
19 | + global: | |
20 | + sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*; | |
21 | +}; | |
22 | + | |
23 | +HIDDEN { local: __*; _rest*; _save*; *; }; | |
24 | + |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Use /etc/sasldb2 instead of ./sasldb in the testsuite | |
4 | ||
5 | --- | |
6 | utils/testsuite.c | 6 +++--- | |
7 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
8 | ||
9 | diff --git a/utils/testsuite.c b/utils/testsuite.c | |
10 | index 7e4e852..b687e96 100644 | |
11 | --- a/utils/testsuite.c | |
12 | +++ b/utils/testsuite.c | |
13 | @@ -462,9 +462,9 @@ int good_getopt(void *context __attribute__((unused)), | |
14 | *len = (unsigned) strlen("sasldb"); | |
15 | return SASL_OK; | |
16 | } else if (!strcmp(option, "sasldb_path")) { | |
17 | - *result = "./sasldb"; | |
18 | + *result = "/etc/sasldb2"; | |
19 | if (len) | |
20 | - *len = (unsigned) strlen("./sasldb"); | |
21 | + *len = (unsigned) strlen("/etc/sasldb2"); | |
22 | return SASL_OK; | |
23 | } else if (!strcmp(option, "canon_user_plugin")) { | |
24 | *result = cu_plugin; | |
25 | @@ -2924,7 +2924,7 @@ void notes(void) | |
26 | void usage(void) | |
27 | { | |
28 | printf("Usage:\n" \ | |
29 | - " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ | |
30 | + " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \ | |
31 | " g -- gssapi service name to use (default: host)\n" \ | |
32 | " r -- # of random tests to do (default: 25)\n" \ | |
33 | " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Rename the testsuite program to sasltestsuite and use /etc/sasldb2 | |
2 | instead of ./sasldb as default path for the sasldb database file. | |
3 | --- cyrus-sasl2.orig/utils/testsuite.c | |
4 | +++ cyrus-sasl2/utils/testsuite.c | |
5 | @@ -462,9 +462,9 @@ int good_getopt(void *context __attribut | |
6 | *len = (unsigned) strlen("sasldb"); | |
7 | return SASL_OK; | |
8 | } else if (!strcmp(option, "sasldb_path")) { | |
9 | - *result = "./sasldb"; | |
10 | + *result = "/etc/sasldb2"; | |
11 | if (len) | |
12 | - *len = (unsigned) strlen("./sasldb"); | |
13 | + *len = (unsigned) strlen("/etc/sasldb2"); | |
14 | return SASL_OK; | |
15 | } else if (!strcmp(option, "canon_user_plugin")) { | |
16 | *result = cu_plugin; | |
17 | @@ -2924,7 +2924,7 @@ void notes(void) | |
18 | void usage(void) | |
19 | { | |
20 | printf("Usage:\n" \ | |
21 | - " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ | |
22 | + " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \ | |
23 | " g -- gssapi service name to use (default: host)\n" \ | |
24 | " r -- # of random tests to do (default: 25)\n" \ | |
25 | " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Update saslauthd.conf location in documentation | |
4 | ||
5 | date format (cosmetic). | |
6 | --- | |
7 | saslauthd/saslauthd.mdoc | 6 +++--- | |
8 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
9 | ||
10 | diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc | |
11 | index 50f7dbf..5b0230d 100644 | |
12 | --- a/saslauthd/saslauthd.mdoc | |
13 | +++ b/saslauthd/saslauthd.mdoc | |
14 | @@ -10,7 +10,7 @@ | |
15 | .\" manpage in saslauthd.8 whenever you change this source | |
16 | .\" version. Only the pre-formatted manpage is installed. | |
17 | .\" | |
18 | -.Dd 12 12 2005 | |
19 | +.Dd December 12 2005 | |
20 | .Dt SASLAUTHD 8 | |
21 | .Os "CMU-SASL" | |
22 | .Sh NAME | |
23 | @@ -221,7 +221,7 @@ instead. | |
24 | .Em (All platforms that support OpenLDAP 2.0 or higher) | |
25 | .Pp | |
26 | Authenticate against an ldap server. The ldap configuration parameters are | |
27 | -read from /usr/local/etc/saslauthd.conf. The location of this file can be | |
28 | +read from /etc/saslauthd.conf. The location of this file can be | |
29 | changed with the -O parameter. See the LDAP_SASLAUTHD file included with the | |
30 | distribution for the list of available parameters. | |
31 | .It Li sia | |
32 | @@ -254,7 +254,7 @@ was never intended to be used in this manner, anyway.) | |
33 | .Bl -tag -width "/var/run/saslauthd/mux" | |
34 | .It Pa /var/run/saslauthd/mux | |
35 | The default communications socket. | |
36 | -.It Pa /usr/local/etc/saslauthd.conf | |
37 | +.It Pa /etc/saslauthd.conf | |
38 | The default configuration file for ldap support. | |
39 | .El | |
40 | .Sh SEE ALSO |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Use the correct path for the saslauthd.conf file, and use another | |
2 | date format (cosmetic). | |
3 | --- cyrus-sasl2.orig/saslauthd/saslauthd.mdoc | |
4 | +++ cyrus-sasl2/saslauthd/saslauthd.mdoc | |
5 | @@ -10,7 +10,7 @@ | |
6 | .\" manpage in saslauthd.8 whenever you change this source | |
7 | .\" version. Only the pre-formatted manpage is installed. | |
8 | .\" | |
9 | -.Dd 12 12 2005 | |
10 | +.Dd December 12 2005 | |
11 | .Dt SASLAUTHD 8 | |
12 | .Os "CMU-SASL" | |
13 | .Sh NAME | |
14 | @@ -221,7 +221,7 @@ instead. | |
15 | .Em (All platforms that support OpenLDAP 2.0 or higher) | |
16 | .Pp | |
17 | Authenticate against an ldap server. The ldap configuration parameters are | |
18 | -read from /usr/local/etc/saslauthd.conf. The location of this file can be | |
19 | +read from /etc/saslauthd.conf. The location of this file can be | |
20 | changed with the -O parameter. See the LDAP_SASLAUTHD file included with the | |
21 | distribution for the list of available parameters. | |
22 | .It Li sia | |
23 | @@ -254,7 +254,7 @@ was never intended to be used in this ma | |
24 | .Bl -tag -width "/var/run/saslauthd/mux" | |
25 | .It Pa /var/run/saslauthd/mux | |
26 | The default communications socket. | |
27 | -.It Pa /usr/local/etc/saslauthd.conf | |
28 | +.It Pa /etc/saslauthd.conf | |
29 | The default configuration file for ldap support. | |
30 | .El | |
31 | .Sh SEE ALSO |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Include dbconverter-2 in sbin_PROGRAMS and set default sasldb file | |
4 | to /etc/sasldb2 | |
5 | ||
6 | database file to /etc/sasldb2. | |
7 | --- | |
8 | utils/Makefile.am | 4 ++-- | |
9 | utils/dbconverter-2.c | 4 ++-- | |
10 | 2 files changed, 4 insertions(+), 4 deletions(-) | |
11 | ||
12 | diff --git a/utils/Makefile.am b/utils/Makefile.am | |
13 | index 7e2f983..25077e2 100644 | |
14 | --- a/utils/Makefile.am | |
15 | +++ b/utils/Makefile.am | |
16 | @@ -45,10 +45,10 @@ | |
17 | all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) | |
18 | all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) | |
19 | ||
20 | -sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer | |
21 | +sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer dbconverter-2 | |
22 | EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest pluginviewer | |
23 | ||
24 | -noinst_PROGRAMS = dbconverter-2 | |
25 | +#noinst_PROGRAMS = dbconverter-2 | |
26 | ||
27 | if NO_SASL_DB_MANS | |
28 | man_MANS = | |
29 | diff --git a/utils/dbconverter-2.c b/utils/dbconverter-2.c | |
30 | index 04df2cb..4701898 100644 | |
31 | --- a/utils/dbconverter-2.c | |
32 | +++ b/utils/dbconverter-2.c | |
33 | @@ -382,7 +382,7 @@ static struct sasl_callback goodsasl_cb[] = { | |
34 | ||
35 | int main(int argc, char **argv) | |
36 | { | |
37 | - const char *db="/etc/sasldb"; | |
38 | + const char *db="/etc/sasldb2"; | |
39 | int result; | |
40 | ||
41 | if (argc > 1) { | |
42 | @@ -418,7 +418,7 @@ int main(int argc, char **argv) | |
43 | ||
44 | printf("\nThis program will take the sasldb file specified on the\n" | |
45 | "command line and convert it to a new sasldb file in the default\n" | |
46 | - "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n" | |
47 | + "location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you\n" | |
48 | "backup sasldb before allowing this program to run\n\n" | |
49 | "We are going to convert %s and our output will be in %s\n\n" | |
50 | "Press return to continue\n", db, db_new); |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Fixes in library mutexes | |
4 | ||
5 | --- | |
6 | lib/common.c | 7 ++++++- | |
7 | 1 file changed, 6 insertions(+), 1 deletion(-) | |
8 | ||
9 | diff --git a/lib/common.c b/lib/common.c | |
10 | index e0f59eb..1df5702 100644 | |
11 | --- a/lib/common.c | |
12 | +++ b/lib/common.c | |
13 | @@ -818,7 +818,7 @@ int _sasl_common_init(sasl_global_callbacks_t *global_callbacks) | |
14 | result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); | |
15 | if(result != SASL_OK) return result; | |
16 | ||
17 | - if (!free_mutex) { | |
18 | + if (!free_mutex || free_mutex == 0x1) { | |
19 | free_mutex = sasl_MUTEX_ALLOC(); | |
20 | } | |
21 | if (!free_mutex) return SASL_FAIL; | |
22 | @@ -838,6 +838,11 @@ void sasl_dispose(sasl_conn_t **pconn) | |
23 | ||
24 | /* serialize disposes. this is necessary because we can't | |
25 | dispose of conn->mutex if someone else is locked on it */ | |
26 | + | |
27 | + if (!free_mutex || free_mutex == 0x1) | |
28 | + free_mutex = sasl_MUTEX_ALLOC(); | |
29 | + if (!free_mutex) return SASL_FAIL; | |
30 | + | |
31 | result = sasl_MUTEX_LOCK(free_mutex); | |
32 | if (result!=SASL_OK) return; | |
33 |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Build the dbconverter-2 utility and change the path to the sasldb | |
2 | database file to /etc/sasldb2. | |
3 | --- cyrus-sasl2.orig/utils/Makefile.am | |
4 | +++ cyrus-sasl2/utils/Makefile.am | |
5 | @@ -45,10 +45,10 @@ | |
6 | all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) | |
7 | all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) | |
8 | ||
9 | -sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer | |
10 | +sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer dbconverter-2 | |
11 | EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest pluginviewer | |
12 | ||
13 | -noinst_PROGRAMS = dbconverter-2 | |
14 | +#noinst_PROGRAMS = dbconverter-2 | |
15 | ||
16 | if NO_SASL_DB_MANS | |
17 | man_MANS = | |
18 | --- cyrus-sasl2.orig/utils/dbconverter-2.c | |
19 | +++ cyrus-sasl2/utils/dbconverter-2.c | |
20 | @@ -382,7 +382,7 @@ static struct sasl_callback goodsasl_cb[ | |
21 | ||
22 | int main(int argc, char **argv) | |
23 | { | |
24 | - const char *db="/etc/sasldb"; | |
25 | + const char *db="/etc/sasldb2"; | |
26 | int result; | |
27 | ||
28 | if (argc > 1) { | |
29 | @@ -418,7 +418,7 @@ int main(int argc, char **argv) | |
30 | ||
31 | printf("\nThis program will take the sasldb file specified on the\n" | |
32 | "command line and convert it to a new sasldb file in the default\n" | |
33 | - "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n" | |
34 | + "location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you\n" | |
35 | "backup sasldb before allowing this program to run\n\n" | |
36 | "We are going to convert %s and our output will be in %s\n\n" | |
37 | "Press return to continue\n", db, db_new); |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Link with libsasldb.a instead of libsasldb.al | |
4 | ||
5 | support. | |
6 | --- | |
7 | saslauthd/configure.in | 2 +- | |
8 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
9 | ||
10 | diff --git a/saslauthd/configure.in b/saslauthd/configure.in | |
11 | index 0addcf4..8fb693c 100644 | |
12 | --- a/saslauthd/configure.in | |
13 | +++ b/saslauthd/configure.in | |
14 | @@ -77,7 +77,7 @@ if test "$authsasldb" != no; then | |
15 | AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) | |
16 | SASL_DB_PATH_CHECK() | |
17 | SASL_DB_CHECK() | |
18 | - SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" | |
19 | + SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" | |
20 | fi | |
21 | ||
22 | AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Exact description unknown; make sure mutex-related code works. | |
2 | --- cyrus-sasl2.orig/lib/common.c | |
3 | +++ cyrus-sasl2/lib/common.c | |
4 | @@ -818,7 +818,7 @@ int _sasl_common_init(sasl_global_callba | |
5 | result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); | |
6 | if(result != SASL_OK) return result; | |
7 | ||
8 | - if (!free_mutex) { | |
9 | + if (!free_mutex || free_mutex == 0x1) { | |
10 | free_mutex = sasl_MUTEX_ALLOC(); | |
11 | } | |
12 | if (!free_mutex) return SASL_FAIL; | |
13 | @@ -838,6 +838,11 @@ void sasl_dispose(sasl_conn_t **pconn) | |
14 | ||
15 | /* serialize disposes. this is necessary because we can't | |
16 | dispose of conn->mutex if someone else is locked on it */ | |
17 | + | |
18 | + if (!free_mutex || free_mutex == 0x1) | |
19 | + free_mutex = sasl_MUTEX_ALLOC(); | |
20 | + if (!free_mutex) return SASL_FAIL; | |
21 | + | |
22 | result = sasl_MUTEX_LOCK(free_mutex); | |
23 | if (result!=SASL_OK) return; | |
24 |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Enable autoconf maintainer mode | |
4 | ||
5 | --- | |
6 | configure.in | 2 ++ | |
7 | 1 file changed, 2 insertions(+) | |
8 | ||
9 | diff --git a/configure.in b/configure.in | |
10 | index 465a362..d4d250c 100644 | |
11 | --- a/configure.in | |
12 | +++ b/configure.in | |
13 | @@ -62,6 +62,8 @@ dnl | |
14 | AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.26) | |
15 | CMU_INIT_AUTOMAKE | |
16 | ||
17 | +AM_MAINTAINER_MODE | |
18 | + | |
19 | # and include our config dir scripts | |
20 | ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" | |
21 |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Add libtool to saslauthd autoconf | |
4 | ||
5 | --- | |
6 | saslauthd/configure.in | 1 + | |
7 | 1 file changed, 1 insertion(+) | |
8 | ||
9 | diff --git a/saslauthd/configure.in b/saslauthd/configure.in | |
10 | index 8fb693c..701dbe4 100644 | |
11 | --- a/saslauthd/configure.in | |
12 | +++ b/saslauthd/configure.in | |
13 | @@ -25,6 +25,7 @@ AC_PROG_AWK | |
14 | AC_PROG_MAKE_SET | |
15 | AC_PROG_LN_S | |
16 | AC_PROG_INSTALL | |
17 | +AC_PROG_LIBTOOL | |
18 | ||
19 | dnl Checks for build foo | |
20 | CMU_C___ATTRIBUTE__ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Define _XOPEN_SOURCE in auth_shadow.c to get proper crypt() prototype | |
4 | MIME-Version: 1.0 | |
5 | Content-Type: text/plain; charset="utf-8" | |
6 | Content-Transfer-Encoding: 8bit | |
7 | ||
8 | will define a correct function prototype for the crypt function. This avoids | |
9 | segfaults on architectures where the size of a pointer is greater than the size | |
10 | of an integer (ia64 and amd64 are examples). This may be detected by looking | |
11 | for build log lines such as the following: | |
12 | auth_shadow.c:183: warning: implicit declaration of function ‘crypt’ | |
13 | auth_shadow.c:183: warning: cast to pointer from integer of different size | |
14 | --- | |
15 | saslauthd/auth_shadow.c | 1 + | |
16 | 1 file changed, 1 insertion(+) | |
17 | ||
18 | diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c | |
19 | index 677131b..d0efa9a 100644 | |
20 | --- a/saslauthd/auth_shadow.c | |
21 | +++ b/saslauthd/auth_shadow.c | |
22 | @@ -36,6 +36,7 @@ | |
23 | ||
24 | #ifdef AUTH_SHADOW | |
25 | ||
26 | +#define _XOPEN_SOURCE | |
27 | #define PWBUFSZ 256 /***SWB***/ | |
28 | ||
29 | # include <unistd.h> |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Fix linking with libsasldb.a when saslauthd is built with sasldb | |
2 | support. | |
3 | --- cyrus-sasl2.orig/saslauthd/configure.in | |
4 | +++ cyrus-sasl2/saslauthd/configure.in | |
5 | @@ -77,7 +77,7 @@ if test "$authsasldb" != no; then | |
6 | AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) | |
7 | SASL_DB_PATH_CHECK() | |
8 | SASL_DB_CHECK() | |
9 | - SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" | |
10 | + SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" | |
11 | fi | |
12 | ||
13 | AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Don't overwrite PIC objects with non-PIC variant | |
4 | ||
5 | is created out of non-PIC objects, is not going to overwrite the PIC version, | |
6 | which is created out of PIC objects. The PIC version is placed in .libs, and | |
7 | the non-PIC version in the current directory. This ensures that both non-PIC | |
8 | and PIC versions are available in the correct locations. | |
9 | --- | |
10 | lib/Makefile.am | 2 +- | |
11 | sasldb/Makefile.am | 2 +- | |
12 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
13 | ||
14 | diff --git a/lib/Makefile.am b/lib/Makefile.am | |
15 | index bff8efe..16b14f4 100644 | |
16 | --- a/lib/Makefile.am | |
17 | +++ b/lib/Makefile.am | |
18 | @@ -80,7 +80,7 @@ endif | |
19 | ||
20 | libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) | |
21 | @echo adding static plugins and dependencies | |
22 | - $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) | |
23 | + $(AR) cru $@ $(SASL_STATIC_OBJS) | |
24 | @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ | |
25 | if test ! -f $$i; then continue; fi; . $$i; \ | |
26 | for j in $$dependency_libs foo; do \ | |
27 | diff --git a/sasldb/Makefile.am b/sasldb/Makefile.am | |
28 | index 067477c..311a34b 100644 | |
29 | --- a/sasldb/Makefile.am | |
30 | +++ b/sasldb/Makefile.am | |
31 | @@ -63,6 +63,6 @@ libsasldb_a_SOURCES = | |
32 | EXTRA_libsasldb_a_SOURCES = | |
33 | ||
34 | libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) | |
35 | - $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) | |
36 | + $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) | |
37 | ||
38 |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Enable maintainer mode to avoid auto* problems. | |
2 | --- cyrus-sasl2.orig/configure.in | |
3 | +++ cyrus-sasl2/configure.in | |
4 | @@ -62,6 +62,8 @@ dnl | |
5 | AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.26) | |
6 | CMU_INIT_AUTOMAKE | |
7 | ||
8 | +AM_MAINTAINER_MODE | |
9 | + | |
10 | # and include our config dir scripts | |
11 | ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" | |
12 |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:03 +0100 | |
3 | Subject: Look for generic Berkeley DB first | |
4 | ||
5 | --- | |
6 | cmulocal/berkdb.m4 | 2 +- | |
7 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
8 | ||
9 | diff --git a/cmulocal/berkdb.m4 b/cmulocal/berkdb.m4 | |
10 | index 98e8cb6..8b7d408 100644 | |
11 | --- a/cmulocal/berkdb.m4 | |
12 | +++ b/cmulocal/berkdb.m4 | |
13 | @@ -213,7 +213,7 @@ AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB], | |
14 | fi | |
15 | ||
16 | saved_LIBS=$LIBS | |
17 | - for dbname in ${with_bdb} \ | |
18 | + for dbname in ${with_bdb} db \ | |
19 | db-5.2 db5.2 db52 \ | |
20 | db-5.1 db5.2 db51 \ | |
21 | db-5.0 db5.2 db50 \ |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Enable libtool use. | |
2 | --- cyrus-sasl2.orig/saslauthd/configure.in | |
3 | +++ cyrus-sasl2/saslauthd/configure.in | |
4 | @@ -25,6 +25,7 @@ AC_PROG_AWK | |
5 | AC_PROG_MAKE_SET | |
6 | AC_PROG_LN_S | |
7 | AC_PROG_INSTALL | |
8 | +AC_PROG_LIBTOOL | |
9 | ||
10 | dnl Checks for build foo | |
11 | CMU_C___ATTRIBUTE__ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Update required libraries when ld --as-needed is used | |
4 | ||
5 | it. | |
6 | --- | |
7 | saslauthd/Makefile.am | 2 +- | |
8 | sasldb/Makefile.am | 4 ++-- | |
9 | 2 files changed, 3 insertions(+), 3 deletions(-) | |
10 | ||
11 | diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am | |
12 | index ce1e92b..a07281d 100644 | |
13 | --- a/saslauthd/Makefile.am | |
14 | +++ b/saslauthd/Makefile.am | |
15 | @@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c getnameinfo.c | |
16 | saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ | |
17 | saslauthd_LDADD = @SASL_KRB_LIB@ \ | |
18 | @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ | |
19 | - @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ | |
20 | + @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ | |
21 | ||
22 | testsaslauthd_SOURCES = testsaslauthd.c utils.c | |
23 | testsaslauthd_LDADD = @LIB_SOCKET@ | |
24 | diff --git a/sasldb/Makefile.am b/sasldb/Makefile.am | |
25 | index 311a34b..6d7ce0c 100644 | |
26 | --- a/sasldb/Makefile.am | |
27 | +++ b/sasldb/Makefile.am | |
28 | @@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a | |
29 | ||
30 | libsasldb_la_SOURCES = allockey.c sasldb.h | |
31 | EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) | |
32 | -libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) | |
33 | -libsasldb_la_LIBADD = $(SASL_DB_BACKEND) | |
34 | +libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) | |
35 | +libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) | |
36 | ||
37 | # Prevent make dist stupidity | |
38 | libsasldb_a_SOURCES = |
0 | Author: Dann Frazier <dannf@debian.org> | |
1 | Description: When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h> | |
2 | will define a correct function prototype for the crypt function. This avoids | |
3 | segfaults on architectures where the size of a pointer is greater than the size | |
4 | of an integer (ia64 and amd64 are examples). This may be detected by looking | |
5 | for build log lines such as the following: | |
6 | auth_shadow.c:183: warning: implicit declaration of function ‘crypt’ | |
7 | auth_shadow.c:183: warning: cast to pointer from integer of different size | |
8 | --- cyrus-sasl2.orig/saslauthd/auth_shadow.c | |
9 | +++ cyrus-sasl2/saslauthd/auth_shadow.c | |
10 | @@ -36,6 +36,7 @@ | |
11 | ||
12 | #ifdef AUTH_SHADOW | |
13 | ||
14 | +#define _XOPEN_SOURCE | |
15 | #define PWBUFSZ 256 /***SWB***/ | |
16 | ||
17 | # include <unistd.h> |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Drop krb5support dependency | |
4 | ||
5 | --- | |
6 | cmulocal/sasl2.m4 | 3 --- | |
7 | 1 file changed, 3 deletions(-) | |
8 | ||
9 | diff --git a/cmulocal/sasl2.m4 b/cmulocal/sasl2.m4 | |
10 | index 3c2841a..62af6ab 100644 | |
11 | --- a/cmulocal/sasl2.m4 | |
12 | +++ b/cmulocal/sasl2.m4 | |
13 | @@ -112,9 +112,6 @@ if test "$gssapi" != no; then | |
14 | fi | |
15 | ||
16 | if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then | |
17 | - # check for libkrb5support first | |
18 | - AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) | |
19 | - | |
20 | gss_failed=0 | |
21 | AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, | |
22 | ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Several autotools fixes | |
4 | ||
5 | --- | |
6 | Makefile.am | 2 ++ | |
7 | config/kerberos_v4.m4 | 8 ++++---- | |
8 | configure.in | 2 ++ | |
9 | saslauthd/Makefile.am | 2 ++ | |
10 | saslauthd/configure.in | 33 +++++++++++++++++---------------- | |
11 | 5 files changed, 27 insertions(+), 20 deletions(-) | |
12 | ||
13 | diff --git a/Makefile.am b/Makefile.am | |
14 | index 2091dd1..220565f 100644 | |
15 | --- a/Makefile.am | |
16 | +++ b/Makefile.am | |
17 | @@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7 | |
18 | # | |
19 | ################################################################ | |
20 | ||
21 | +ACLOCAL_AMFLAGS = -I cmulocal -I config | |
22 | + | |
23 | if SASLAUTHD | |
24 | SAD = saslauthd | |
25 | else | |
26 | diff --git a/config/kerberos_v4.m4 b/config/kerberos_v4.m4 | |
27 | index 7884743..0e9b58c 100644 | |
28 | --- a/config/kerberos_v4.m4 | |
29 | +++ b/config/kerberos_v4.m4 | |
30 | @@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [ | |
31 | dnl if we were ambitious, we would look more aggressively for the | |
32 | dnl krb4 install | |
33 | if test -d ${krb4}; then | |
34 | - AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ | |
35 | + AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ | |
36 | for krbhloc in include/kerberosIV include/kerberos include | |
37 | do | |
38 | if test -f ${krb4}/${krbhloc}/krb.h ; then | |
39 | - cyrus_krbinclude=${krb4}/${krbhloc} | |
40 | + cyrus_cv_krbinclude=${krb4}/${krbhloc} | |
41 | break | |
42 | fi | |
43 | done | |
44 | ]) | |
45 | ||
46 | - if test -n "${cyrus_krbinclude}"; then | |
47 | - CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" | |
48 | + if test -n "${cyrus_cv_krbinclude}"; then | |
49 | + CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" | |
50 | fi | |
51 | LDFLAGS="$LDFLAGS -L$krb4/lib" | |
52 | fi | |
53 | diff --git a/configure.in b/configure.in | |
54 | index d4d250c..d9fead6 100644 | |
55 | --- a/configure.in | |
56 | +++ b/configure.in | |
57 | @@ -44,6 +44,8 @@ dnl | |
58 | AC_INIT(lib/saslint.h) | |
59 | AC_PREREQ([2.54]) | |
60 | ||
61 | +AC_CONFIG_MACRO_DIRS([cmulocal] [config]) | |
62 | + | |
63 | dnl use ./config.cache as the default cache file. | |
64 | dnl we require a cache file to successfully configure our build. | |
65 | if test $cache_file = "/dev/null"; then | |
66 | diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am | |
67 | index a07281d..18c1630 100644 | |
68 | --- a/saslauthd/Makefile.am | |
69 | +++ b/saslauthd/Makefile.am | |
70 | @@ -1,4 +1,6 @@ | |
71 | AUTOMAKE_OPTIONS = 1.7 | |
72 | +ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config | |
73 | + | |
74 | sbin_PROGRAMS = saslauthd testsaslauthd | |
75 | EXTRA_PROGRAMS = saslcache | |
76 | ||
77 | diff --git a/saslauthd/configure.in b/saslauthd/configure.in | |
78 | index 701dbe4..8643544 100644 | |
79 | --- a/saslauthd/configure.in | |
80 | +++ b/saslauthd/configure.in | |
81 | @@ -1,7 +1,8 @@ | |
82 | AC_INIT(mechanisms.h) | |
83 | AC_PREREQ([2.54]) | |
84 | ||
85 | -AC_CONFIG_AUX_DIR(config) | |
86 | +AC_CONFIG_MACRO_DIRS([../cmulocal] [../config]) | |
87 | +AC_CONFIG_AUX_DIR([config]) | |
88 | AC_CANONICAL_HOST | |
89 | ||
90 | dnl Should we enable SASLAUTHd at all? | |
91 | @@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS) | |
92 | ||
93 | dnl Checks for which function macros exist | |
94 | AC_MSG_CHECKING(whether $CC implements __func__) | |
95 | -AC_CACHE_VAL(have_func, | |
96 | +AC_CACHE_VAL(_cv_have_func, | |
97 | [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);], | |
98 | -have_func=yes, | |
99 | -have_func=no)]) | |
100 | -AC_MSG_RESULT($have_func) | |
101 | -if test "$have_func" = yes; then | |
102 | +_cv_have_func=yes, | |
103 | +_cv_have_func=no)]) | |
104 | +AC_MSG_RESULT($_cv_have_func) | |
105 | +if test "$_cv_have_func" = yes; then | |
106 | AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) | |
107 | else | |
108 | AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) | |
109 | - AC_CACHE_VAL(have_pretty_function, | |
110 | + AC_CACHE_VAL(_cv_have_pretty_function, | |
111 | [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);], | |
112 | - have_pretty_function=yes, | |
113 | - have_pretty_function=no)]) | |
114 | - AC_MSG_RESULT($have_pretty_function) | |
115 | - if test "$have_pretty_function" = yes; then | |
116 | + _cv_have_pretty_function=yes, | |
117 | + _cv_have_pretty_function=no)]) | |
118 | + AC_MSG_RESULT($_cv_have_pretty_function) | |
119 | + if test "$_cv_have_pretty_function" = yes; then | |
120 | AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) | |
121 | else | |
122 | AC_MSG_CHECKING(whether $CC implements __FUNCTION__) | |
123 | - AC_CACHE_VAL(have_function, | |
124 | + AC_CACHE_VAL(_cv_have_function, | |
125 | [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);], | |
126 | - have_function=yes, | |
127 | - have_function=no)]) | |
128 | - AC_MSG_RESULT($have_function) | |
129 | - if test "$have_function" = yes; then | |
130 | + _cv_have_function=yes, | |
131 | + _cv_have_function=no)]) | |
132 | + AC_MSG_RESULT($_cv_have_function) | |
133 | + if test "$_cv_have_function" = yes; then | |
134 | AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) | |
135 | fi | |
136 | fi |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: This patch makes sure the non-PIC version of libsasldb.a, which | |
2 | is created out of non-PIC objects, is not going to overwrite the PIC version, | |
3 | which is created out of PIC objects. The PIC version is placed in .libs, and | |
4 | the non-PIC version in the current directory. This ensures that both non-PIC | |
5 | and PIC versions are available in the correct locations. | |
6 | --- cyrus-sasl2.orig/lib/Makefile.am | |
7 | +++ cyrus-sasl2/lib/Makefile.am | |
8 | @@ -80,7 +80,7 @@ endif | |
9 | ||
10 | libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) | |
11 | @echo adding static plugins and dependencies | |
12 | - $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) | |
13 | + $(AR) cru $@ $(SASL_STATIC_OBJS) | |
14 | @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ | |
15 | if test ! -f $$i; then continue; fi; . $$i; \ | |
16 | for j in $$dependency_libs foo; do \ | |
17 | --- cyrus-sasl2.orig/sasldb/Makefile.am | |
18 | +++ cyrus-sasl2/sasldb/Makefile.am | |
19 | @@ -63,6 +63,6 @@ libsasldb_a_SOURCES = | |
20 | EXTRA_libsasldb_a_SOURCES = | |
21 | ||
22 | libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) | |
23 | - $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) | |
24 | + $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) | |
25 | ||
26 |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: LDAP fixes | |
4 | ||
5 | --- | |
6 | plugins/ldapdb.c | 2 ++ | |
7 | 1 file changed, 2 insertions(+) | |
8 | ||
9 | diff --git a/plugins/ldapdb.c b/plugins/ldapdb.c | |
10 | index ddead7f..b74dc9e 100644 | |
11 | --- a/plugins/ldapdb.c | |
12 | +++ b/plugins/ldapdb.c | |
13 | @@ -251,6 +251,8 @@ static int ldapdb_auxprop_lookup(void *glob_context, | |
14 | ||
15 | #if defined(LDAP_PROXY_AUTHZ_FAILURE) | |
16 | case LDAP_PROXY_AUTHZ_FAILURE: | |
17 | +#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE) | |
18 | + case LDAP_X_PROXY_AUTHZ_FAILURE: | |
19 | #endif | |
20 | case LDAP_INAPPROPRIATE_AUTH: | |
21 | case LDAP_INVALID_CREDENTIALS: |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Don't use la files for opening plugins | |
4 | ||
5 | --- | |
6 | lib/dlopen.c | 113 ++++------------------------------------------------------- | |
7 | 1 file changed, 7 insertions(+), 106 deletions(-) | |
8 | ||
9 | diff --git a/lib/dlopen.c b/lib/dlopen.c | |
10 | index b9c1c80..8561bef 100644 | |
11 | --- a/lib/dlopen.c | |
12 | +++ b/lib/dlopen.c | |
13 | @@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugin, void *library, | |
14 | return result; | |
15 | } | |
16 | ||
17 | -/* this returns the file to actually open. | |
18 | - * out should be a buffer of size PATH_MAX | |
19 | - * and may be the same as in. */ | |
20 | - | |
21 | -/* We'll use a static buffer for speed unless someone complains */ | |
22 | -#define MAX_LINE 2048 | |
23 | - | |
24 | -static int _parse_la(const char *prefix, const char *in, char *out) | |
25 | -{ | |
26 | - FILE *file; | |
27 | - size_t length; | |
28 | - char line[MAX_LINE]; | |
29 | - char *ntmp = NULL; | |
30 | - | |
31 | - if(!in || !out || !prefix || out == in) return SASL_BADPARAM; | |
32 | - | |
33 | - /* Set this so we can detect failure */ | |
34 | - *out = '\0'; | |
35 | - | |
36 | - length = strlen(in); | |
37 | - | |
38 | - if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) { | |
39 | - if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) { | |
40 | - /* check for a .la file */ | |
41 | - strcpy(line, prefix); | |
42 | - strcat(line, in); | |
43 | - length = strlen(line); | |
44 | - *(line + (length - strlen(SO_SUFFIX))) = '\0'; | |
45 | - strcat(line, LA_SUFFIX); | |
46 | - file = fopen(line, "r"); | |
47 | - if(file) { | |
48 | - /* We'll get it on the .la open */ | |
49 | - fclose(file); | |
50 | - return SASL_FAIL; | |
51 | - } | |
52 | - } | |
53 | - strcpy(out, prefix); | |
54 | - strcat(out, in); | |
55 | - return SASL_OK; | |
56 | - } | |
57 | - | |
58 | - strcpy(line, prefix); | |
59 | - strcat(line, in); | |
60 | - | |
61 | - file = fopen(line, "r"); | |
62 | - if(!file) { | |
63 | - _sasl_log(NULL, SASL_LOG_WARN, | |
64 | - "unable to open LA file: %s", line); | |
65 | - return SASL_FAIL; | |
66 | - } | |
67 | - | |
68 | - while(!feof(file)) { | |
69 | - if(!fgets(line, MAX_LINE, file)) break; | |
70 | - if(line[strlen(line) - 1] != '\n') { | |
71 | - _sasl_log(NULL, SASL_LOG_WARN, | |
72 | - "LA file has too long of a line: %s", in); | |
73 | - return SASL_BUFOVER; | |
74 | - } | |
75 | - if(line[0] == '\n' || line[0] == '#') continue; | |
76 | - if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) { | |
77 | - /* We found the line with the name in it */ | |
78 | - char *end; | |
79 | - char *start; | |
80 | - size_t len; | |
81 | - end = strrchr(line, '\''); | |
82 | - if(!end) continue; | |
83 | - start = &line[sizeof("dlname=")-1]; | |
84 | - len = strlen(start); | |
85 | - if(len > 3 && start[0] == '\'') { | |
86 | - ntmp=&start[1]; | |
87 | - *end='\0'; | |
88 | - /* Do we have dlname="" ? */ | |
89 | - if(ntmp == end) { | |
90 | - _sasl_log(NULL, SASL_LOG_DEBUG, | |
91 | - "dlname is empty in .la file: %s", in); | |
92 | - return SASL_FAIL; | |
93 | - } | |
94 | - strcpy(out, prefix); | |
95 | - strcat(out, ntmp); | |
96 | - } | |
97 | - break; | |
98 | - } | |
99 | - } | |
100 | - if(ferror(file) || feof(file)) { | |
101 | - _sasl_log(NULL, SASL_LOG_WARN, | |
102 | - "Error reading .la: %s\n", in); | |
103 | - fclose(file); | |
104 | - return SASL_FAIL; | |
105 | - } | |
106 | - fclose(file); | |
107 | - | |
108 | - if(!(*out)) { | |
109 | - _sasl_log(NULL, SASL_LOG_WARN, | |
110 | - "Could not find a dlname line in .la file: %s", in); | |
111 | - return SASL_FAIL; | |
112 | - } | |
113 | - | |
114 | - return SASL_OK; | |
115 | -} | |
116 | #endif /* DO_DLOPEN */ | |
117 | ||
118 | /* loads a plugin library */ | |
119 | @@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_list_t *entrypoints, | |
120 | if (length + pos>=PATH_MAX) continue; /* too big */ | |
121 | ||
122 | if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)), | |
123 | - SO_SUFFIX) | |
124 | - && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)), | |
125 | - LA_SUFFIX)) | |
126 | + SO_SUFFIX)) | |
127 | continue; | |
128 | ||
129 | + /* We only use .so files for loading plugins */ | |
130 | + | |
131 | memcpy(name,dir->d_name,length); | |
132 | name[length]='\0'; | |
133 | ||
134 | - result = _parse_la(prefix, name, tmp); | |
135 | - if(result != SASL_OK) | |
136 | - continue; | |
137 | - | |
138 | + /* Create full name with path */ | |
139 | + strncpy(tmp, prefix, PATH_MAX); | |
140 | + strncat(tmp, name, PATH_MAX); | |
141 | + | |
142 | /* skip "lib" and cut off suffix -- | |
143 | this only need be approximate */ | |
144 | strcpy(plugname, name + 3); |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Don't use -R when searching for SQLite libraries | |
4 | ||
5 | --- | |
6 | configure.in | 8 ++++---- | |
7 | 1 file changed, 4 insertions(+), 4 deletions(-) | |
8 | ||
9 | diff --git a/configure.in b/configure.in | |
10 | index d9fead6..9fcc80c 100644 | |
11 | --- a/configure.in | |
12 | +++ b/configure.in | |
13 | @@ -865,9 +865,9 @@ case "$with_sqlite" in | |
14 | notfound) AC_WARN([SQLite Library not found]); true;; | |
15 | *) | |
16 | if test -d ${with_sqlite}/lib; then | |
17 | - LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" | |
18 | + LIB_SQLITE="-L${with_sqlite}/lib" | |
19 | else | |
20 | - LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" | |
21 | + LIB_SQLITE="-L${with_sqlite}" | |
22 | fi | |
23 | ||
24 | LIB_SQLITE_DIR=$LIB_SQLITE | |
25 | @@ -917,9 +917,9 @@ case "$with_sqlite3" in | |
26 | notfound) AC_WARN([SQLite3 Library not found]); true;; | |
27 | *) | |
28 | if test -d ${with_sqlite3}/lib; then | |
29 | - LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" | |
30 | + LIB_SQLITE3="-L${with_sqlite3}/lib" | |
31 | else | |
32 | - LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" | |
33 | + LIB_SQLITE3="-L${with_sqlite3}" | |
34 | fi | |
35 | ||
36 | LIB_SQLITE3_DIR=$LIB_SQLITE3 |
0 | Author: Fabian Fagerholm <fabbe@debian.org> | |
1 | Description: Support and build against db4.8. | |
2 | --- cyrus-sasl2.orig/cmulocal/berkdb.m4 | |
3 | +++ cyrus-sasl2/cmulocal/berkdb.m4 | |
4 | @@ -213,7 +213,7 @@ AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB], | |
5 | fi | |
6 | ||
7 | saved_LIBS=$LIBS | |
8 | - for dbname in ${with_bdb} \ | |
9 | + for dbname in ${with_bdb} db \ | |
10 | db-5.2 db5.2 db52 \ | |
11 | db-5.1 db5.2 db51 \ | |
12 | db-5.0 db5.2 db50 \ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Revert 1.103 revision to unbreak GSSAPI | |
4 | ||
5 | --- | |
6 | plugins/gssapi.c | 4 ++-- | |
7 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
8 | ||
9 | diff --git a/plugins/gssapi.c b/plugins/gssapi.c | |
10 | index 2fd1b3b..ec9f7aa 100644 | |
11 | --- a/plugins/gssapi.c | |
12 | +++ b/plugins/gssapi.c | |
13 | @@ -1583,10 +1583,10 @@ static int gssapi_client_mech_step(void *conn_context, | |
14 | } | |
15 | ||
16 | /* Setup req_flags properly */ | |
17 | - req_flags = GSS_C_INTEG_FLAG; | |
18 | + req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; | |
19 | if (params->props.max_ssf > params->external_ssf) { | |
20 | /* We are requesting a security layer */ | |
21 | - req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; | |
22 | + req_flags |= GSS_C_INTEG_FLAG; | |
23 | /* Any SSF bigger than 1 is confidentiality. */ | |
24 | /* Let's check if the client of the API requires confidentiality, | |
25 | and it wasn't already provided by an external layer */ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Fix segfault in GSSAPI | |
4 | ||
5 | --- | |
6 | plugins/gssapi.c | 8 +++----- | |
7 | 1 file changed, 3 insertions(+), 5 deletions(-) | |
8 | ||
9 | diff --git a/plugins/gssapi.c b/plugins/gssapi.c | |
10 | index ec9f7aa..348801b 100644 | |
11 | --- a/plugins/gssapi.c | |
12 | +++ b/plugins/gssapi.c | |
13 | @@ -376,6 +376,7 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov, | |
14 | } | |
15 | ||
16 | if (output_token->value && output) { | |
17 | + int len; | |
18 | unsigned char * p; | |
19 | ||
20 | ret = _plug_buf_alloc(text->utils, | |
21 | @@ -392,11 +393,8 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov, | |
22 | ||
23 | p = (unsigned char *) text->encode_buf; | |
24 | ||
25 | - p[0] = (output_token->length>>24) & 0xFF; | |
26 | - p[1] = (output_token->length>>16) & 0xFF; | |
27 | - p[2] = (output_token->length>>8) & 0xFF; | |
28 | - p[3] = output_token->length & 0xFF; | |
29 | - | |
30 | + len = htonl(output_token->length); | |
31 | + memcpy(text->encode_buf, &len, 4); | |
32 | memcpy(text->encode_buf + 4, output_token->value, output_token->length); | |
33 | } | |
34 |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Fix dovecot authentication | |
4 | ||
5 | --- | |
6 | lib/checkpw.c | 10 ++++------ | |
7 | 1 file changed, 4 insertions(+), 6 deletions(-) | |
8 | ||
9 | diff --git a/lib/checkpw.c b/lib/checkpw.c | |
10 | index d371f3f..4e61a19 100644 | |
11 | --- a/lib/checkpw.c | |
12 | +++ b/lib/checkpw.c | |
13 | @@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned delta) | |
14 | /* Timeout. */ | |
15 | errno = ETIMEDOUT; | |
16 | return -1; | |
17 | - case +1: | |
18 | - if (FD_ISSET(fd, &rfds)) { | |
19 | - /* Success, file descriptor is readable. */ | |
20 | - return 0; | |
21 | - } | |
22 | - return -1; | |
23 | case -1: | |
24 | if (errno == EINTR || errno == EAGAIN) | |
25 | continue; | |
26 | default: | |
27 | + if (FD_ISSET(fd, &rfds)) { | |
28 | + /* Success, file descriptor is readable. */ | |
29 | + return 0; | |
30 | + } | |
31 | /* Error catch-all. */ | |
32 | return -1; | |
33 | } |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Temporary multiarch fixes | |
4 | ||
5 | --- | |
6 | configure.in | 2 +- | |
7 | saslauthd/configure.in | 2 +- | |
8 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
9 | ||
10 | diff --git a/configure.in b/configure.in | |
11 | index 9fcc80c..694a734 100644 | |
12 | --- a/configure.in | |
13 | +++ b/configure.in | |
14 | @@ -277,7 +277,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [[yes]] ], | |
15 | if test "$with_pam" != no; then | |
16 | if test -d $with_pam; then | |
17 | CPPFLAGS="$CPPFLAGS -I${with_pam}/include" | |
18 | - LDFLAGS="$LDFLAGS -L${with_pam}/lib" | |
19 | + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib" | |
20 | fi | |
21 | AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h) | |
22 | cmu_save_LIBS="$LIBS" | |
23 | diff --git a/saslauthd/configure.in b/saslauthd/configure.in | |
24 | index 8643544..4233017 100644 | |
25 | --- a/saslauthd/configure.in | |
26 | +++ b/saslauthd/configure.in | |
27 | @@ -95,7 +95,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [yes] ], | |
28 | if test "$with_pam" != no; then | |
29 | if test -d $with_pam; then | |
30 | CPPFLAGS="$CPPFLAGS -I${with_pam}/include" | |
31 | - LDFLAGS="$LDFLAGS -L${with_pam}/lib" | |
32 | + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib" | |
33 | fi | |
34 | cmu_save_LIBS="$LIBS" | |
35 | AC_CHECK_LIB(pam, pam_start, [ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:04 +0100 | |
3 | Subject: Add reference to LDAP_SASLAUTHD file to the saslauthd documentation | |
4 | ||
5 | --- | |
6 | saslauthd/saslauthd.8 | 4 ++-- | |
7 | saslauthd/saslauthd.mdoc | 4 ++-- | |
8 | 2 files changed, 4 insertions(+), 4 deletions(-) | |
9 | ||
10 | diff --git a/saslauthd/saslauthd.8 b/saslauthd/saslauthd.8 | |
11 | index 843edb0..8a35732 100644 | |
12 | --- a/saslauthd/saslauthd.8 | |
13 | +++ b/saslauthd/saslauthd.8 | |
14 | @@ -158,8 +158,8 @@ AAUUTTHHEENNTTIICCAATTIIOONN MMEECCHHAANNIISSMMSS | |
15 | Authenticate against an ldap server. The ldap configuration | |
16 | parameters are read from /usr/local/etc/saslauthd.conf. The | |
17 | location of this file can be changed with the -O parameter. | |
18 | - See the LDAP_SASLAUTHD file included with the distribution for | |
19 | - the list of available parameters. | |
20 | + See the LDAP_SASLAUTHD file included in the cyrus-sasl2-doc | |
21 | + package for the list of available parameters. | |
22 | ||
23 | sia _(_D_i_g_i_t_a_l _U_N_I_X_) | |
24 | ||
25 | diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc | |
26 | index 5b0230d..0e84e6f 100644 | |
27 | --- a/saslauthd/saslauthd.mdoc | |
28 | +++ b/saslauthd/saslauthd.mdoc | |
29 | @@ -222,8 +222,8 @@ instead. | |
30 | .Pp | |
31 | Authenticate against an ldap server. The ldap configuration parameters are | |
32 | read from /etc/saslauthd.conf. The location of this file can be | |
33 | -changed with the -O parameter. See the LDAP_SASLAUTHD file included with the | |
34 | -distribution for the list of available parameters. | |
35 | +changed with the -O parameter. See the LDAP_SASLAUTHD file included in the | |
36 | +cyrus-sasl2-doc package for the list of available parameters. | |
37 | .It Li sia | |
38 | .Em (Digital UNIX) | |
39 | .Pp |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Send IMAP logout | |
4 | ||
5 | --- | |
6 | saslauthd/auth_rimap.c | 21 +++++++++++++++++++++ | |
7 | 1 file changed, 21 insertions(+) | |
8 | ||
9 | diff --git a/saslauthd/auth_rimap.c b/saslauthd/auth_rimap.c | |
10 | index 2c3870f..bb8eccb 100644 | |
11 | --- a/saslauthd/auth_rimap.c | |
12 | +++ b/saslauthd/auth_rimap.c | |
13 | @@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* remote authentication host */ | |
14 | service we connect to. */ | |
15 | #define TAG "saslauthd" /* IMAP command tag */ | |
16 | #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ | |
17 | +#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ | |
18 | #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ | |
19 | #define RESP_LEN 1000 /* size of read response buffer */ | |
20 | ||
21 | @@ -307,10 +308,12 @@ auth_rimap ( | |
22 | int s=-1; /* socket to remote auth host */ | |
23 | struct addrinfo *r; /* remote socket address info */ | |
24 | struct iovec iov[5]; /* for sending LOGIN command */ | |
25 | + struct iovec iov2[1]; /* for sending LOGOUT command */ | |
26 | char *qlogin; /* pointer to "quoted" login */ | |
27 | char *qpass; /* pointer to "quoted" password */ | |
28 | char *c; /* scratch pointer */ | |
29 | int rc; /* return code scratch area */ | |
30 | + int rcl; /* return code scratch area */ | |
31 | char rbuf[RESP_LEN]; /* response read buffer */ | |
32 | char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; | |
33 | int saved_errno; | |
34 | @@ -505,6 +508,24 @@ auth_rimap ( | |
35 | } | |
36 | } | |
37 | } | |
38 | + | |
39 | + /* close remote imap */ | |
40 | + iov2[0].iov_base = LOGOUT_CMD; | |
41 | + iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; | |
42 | + iov2[1].iov_base = "\r\n"; | |
43 | + iov2[1].iov_len = sizeof("\r\n") - 1; | |
44 | + | |
45 | + if (flags & VERBOSE) { | |
46 | + syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", | |
47 | + LOGOUT_CMD, qlogin, qpass); | |
48 | + } | |
49 | + alarm(NETWORK_IO_TIMEOUT); | |
50 | + rcl = retry_writev(s, iov2, 2); | |
51 | + alarm(0); | |
52 | + if (rcl == -1) { | |
53 | + syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); | |
54 | + } | |
55 | + | |
56 | (void) close(s); /* we're done with the remote */ | |
57 | if (rc == -1) { | |
58 | syslog(LOG_WARNING, "auth_rimap: read (response): %m"); |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Fix canonuser ldapdb garbage in out buffer | |
4 | ||
5 | --- | |
6 | plugins/ldapdb.c | 1 + | |
7 | 1 file changed, 1 insertion(+) | |
8 | ||
9 | diff --git a/plugins/ldapdb.c b/plugins/ldapdb.c | |
10 | index b74dc9e..730f129 100644 | |
11 | --- a/plugins/ldapdb.c | |
12 | +++ b/plugins/ldapdb.c | |
13 | @@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context, | |
14 | if ( len > out_max ) | |
15 | len = out_max; | |
16 | memcpy(out, bvals[0]->bv_val, len); | |
17 | + out[len] = '\0'; | |
18 | *out_ulen = len; | |
19 | ber_bvecfree(bvals); | |
20 | } |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Fix keytab option for MIT Kerberos | |
4 | ||
5 | --- | |
6 | cmulocal/sasl2.m4 | 1 + | |
7 | config.h.in | 4 ++++ | |
8 | configure | 2 +- | |
9 | plugins/gssapi.c | 14 +++++++++++--- | |
10 | saslauthd/configure | 2 +- | |
11 | saslauthd/saslauthd.h.in | 4 ++++ | |
12 | 6 files changed, 22 insertions(+), 5 deletions(-) | |
13 | ||
14 | diff --git a/cmulocal/sasl2.m4 b/cmulocal/sasl2.m4 | |
15 | index 62af6ab..6a34b7a 100644 | |
16 | --- a/cmulocal/sasl2.m4 | |
17 | +++ b/cmulocal/sasl2.m4 | |
18 | @@ -266,6 +266,7 @@ if test "$gssapi" != no; then | |
19 | cmu_save_LIBS="$LIBS" | |
20 | LIBS="$LIBS $GSSAPIBASE_LIBS" | |
21 | AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) | |
22 | + AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity) | |
23 | AC_CHECK_FUNCS(gss_decapsulate_token) | |
24 | AC_CHECK_FUNCS(gss_encapsulate_token) | |
25 | AC_CHECK_FUNCS(gss_oid_equal) | |
26 | diff --git a/config.h.in b/config.h.in | |
27 | index 6794af9..af13c25 100644 | |
28 | --- a/config.h.in | |
29 | +++ b/config.h.in | |
30 | @@ -126,6 +126,10 @@ | |
31 | */ | |
32 | #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
33 | ||
34 | +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function. | |
35 | + */ | |
36 | +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
37 | + | |
38 | /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ | |
39 | #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE | |
40 | ||
41 | diff --git a/configure b/configure | |
42 | index 93fee28..c31ba83 100755 | |
43 | --- a/configure | |
44 | +++ b/configure | |
45 | @@ -13367,7 +13367,7 @@ fi | |
46 | cmu_save_LIBS="$LIBS" | |
47 | LIBS="$LIBS $GSSAPIBASE_LIBS" | |
48 | ||
49 | -for ac_func in gsskrb5_register_acceptor_identity | |
50 | +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity | |
51 | do | |
52 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | |
53 | { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 | |
54 | diff --git a/plugins/gssapi.c b/plugins/gssapi.c | |
55 | index 348801b..5102bfc 100644 | |
56 | --- a/plugins/gssapi.c | |
57 | +++ b/plugins/gssapi.c | |
58 | @@ -50,6 +50,9 @@ | |
59 | #else | |
60 | #include <gssapi/gssapi.h> | |
61 | #endif | |
62 | +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
63 | +#include <gssapi/gssapi_krb5.h> | |
64 | +#endif | |
65 | ||
66 | #ifdef WIN32 | |
67 | # include <winsock2.h> | |
68 | @@ -1365,7 +1368,7 @@ static sasl_server_plug_t gssapi_server_plugins[] = | |
69 | }; | |
70 | ||
71 | int gssapiv2_server_plug_init( | |
72 | -#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
73 | +#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) | |
74 | const sasl_utils_t *utils __attribute__((unused)), | |
75 | #else | |
76 | const sasl_utils_t *utils, | |
77 | @@ -1375,7 +1378,7 @@ int gssapiv2_server_plug_init( | |
78 | sasl_server_plug_t **pluglist, | |
79 | int *plugcount) | |
80 | { | |
81 | -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
82 | +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) | |
83 | const char *keytab = NULL; | |
84 | char keytab_path[1024]; | |
85 | unsigned int rl; | |
86 | @@ -1385,7 +1388,7 @@ int gssapiv2_server_plug_init( | |
87 | return SASL_BADVERS; | |
88 | } | |
89 | ||
90 | -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
91 | +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) | |
92 | /* unfortunately, we don't check for readability of keytab if it's | |
93 | the standard one, since we don't know where it is */ | |
94 | ||
95 | @@ -1408,7 +1411,12 @@ int gssapiv2_server_plug_init( | |
96 | ||
97 | strncpy(keytab_path, keytab, 1024); | |
98 | ||
99 | +#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
100 | gsskrb5_register_acceptor_identity(keytab_path); | |
101 | +#endif | |
102 | +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
103 | + krb5_gss_register_acceptor_identity(keytab_path); | |
104 | +#endif | |
105 | } | |
106 | #endif | |
107 | ||
108 | diff --git a/saslauthd/configure b/saslauthd/configure | |
109 | index 04cb414..c856644 100755 | |
110 | --- a/saslauthd/configure | |
111 | +++ b/saslauthd/configure | |
112 | @@ -9116,7 +9116,7 @@ fi | |
113 | cmu_save_LIBS="$LIBS" | |
114 | LIBS="$LIBS $GSSAPIBASE_LIBS" | |
115 | ||
116 | -for ac_func in gsskrb5_register_acceptor_identity | |
117 | +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity | |
118 | do | |
119 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | |
120 | { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 | |
121 | diff --git a/saslauthd/saslauthd.h.in b/saslauthd/saslauthd.h.in | |
122 | index a61f3ba..c83e4a9 100644 | |
123 | --- a/saslauthd/saslauthd.h.in | |
124 | +++ b/saslauthd/saslauthd.h.in | |
125 | @@ -62,6 +62,10 @@ | |
126 | */ | |
127 | #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
128 | ||
129 | +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function. | |
130 | + */ | |
131 | +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
132 | + | |
133 | /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ | |
134 | #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE | |
135 |
0 | Author: Matthias Klose <doko@ubuntu.com> | |
1 | Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use | |
2 | it. | |
3 | --- cyrus-sasl2.orig/saslauthd/Makefile.am | |
4 | +++ cyrus-sasl2/saslauthd/Makefile.am | |
5 | @@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c | |
6 | saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ | |
7 | saslauthd_LDADD = @SASL_KRB_LIB@ \ | |
8 | @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ | |
9 | - @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ | |
10 | + @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ | |
11 | ||
12 | testsaslauthd_SOURCES = testsaslauthd.c utils.c | |
13 | testsaslauthd_LDADD = @LIB_SOCKET@ | |
14 | --- cyrus-sasl2.orig/sasldb/Makefile.am | |
15 | +++ cyrus-sasl2/sasldb/Makefile.am | |
16 | @@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a | |
17 | ||
18 | libsasldb_la_SOURCES = allockey.c sasldb.h | |
19 | EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) | |
20 | -libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) | |
21 | -libsasldb_la_LIBADD = $(SASL_DB_BACKEND) | |
22 | +libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) | |
23 | +libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) | |
24 | ||
25 | # Prevent make dist stupidity | |
26 | libsasldb_a_SOURCES = |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Release server creds when they are no longer needed | |
4 | ||
5 | --- | |
6 | plugins/gssapi.c | 6 ++++++ | |
7 | 1 file changed, 6 insertions(+) | |
8 | ||
9 | diff --git a/plugins/gssapi.c b/plugins/gssapi.c | |
10 | index 5102bfc..a959e06 100644 | |
11 | --- a/plugins/gssapi.c | |
12 | +++ b/plugins/gssapi.c | |
13 | @@ -945,6 +945,12 @@ gssapi_server_mech_authneg(context_t *text, | |
14 | ret = SASL_CONTINUE; | |
15 | } | |
16 | ||
17 | + /* Release server creds which are no longer needed */ | |
18 | + if ( text->server_creds != GSS_C_NO_CREDENTIAL) { | |
19 | + maj_stat = gss_release_cred(&min_stat, &text->server_creds); | |
20 | + text->server_creds = GSS_C_NO_CREDENTIAL; | |
21 | + } | |
22 | + | |
23 | cleanup: | |
24 | if (client_name_MN) { | |
25 | GSS_LOCK_MUTEX(params->utils); |
0 | Author: Roberto C. Sanchez <roberto@connexer.com> | |
1 | Description: Drop gratuitous dependency on krb5support | |
2 | --- cyrus-sasl2.orig/cmulocal/sasl2.m4 | |
3 | +++ cyrus-sasl2/cmulocal/sasl2.m4 | |
4 | @@ -112,9 +112,6 @@ if test "$gssapi" != no; then | |
5 | fi | |
6 | ||
7 | if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then | |
8 | - # check for libkrb5support first | |
9 | - AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) | |
10 | - | |
11 | gss_failed=0 | |
12 | AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, | |
13 | ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Include sys/types.h in sasl.h | |
4 | ||
5 | --- | |
6 | include/sasl.h | 2 ++ | |
7 | 1 file changed, 2 insertions(+) | |
8 | ||
9 | diff --git a/include/sasl.h b/include/sasl.h | |
10 | index fef4d51..d52269f 100755 | |
11 | --- a/include/sasl.h | |
12 | +++ b/include/sasl.h | |
13 | @@ -223,6 +223,8 @@ extern "C" { | |
14 | * they must be called before all other SASL functions: | |
15 | */ | |
16 | ||
17 | +#include <sys/types.h> | |
18 | + | |
19 | /* memory allocation functions which may optionally be replaced: | |
20 | */ | |
21 | typedef void *sasl_malloc_t(size_t); |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Fix typo in debugging logs | |
4 | ||
5 | --- | |
6 | saslauthd/cache.c | 6 +++--- | |
7 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
8 | ||
9 | diff --git a/saslauthd/cache.c b/saslauthd/cache.c | |
10 | index 2b78464..b13171d 100644 | |
11 | --- a/saslauthd/cache.c | |
12 | +++ b/saslauthd/cache.c | |
13 | @@ -264,7 +264,7 @@ int cache_lookup(const char *user, const char *realm, const char *service, const | |
14 | if (memcmp(pwd_digest, read_bucket->pwd_digest, 16) == 0) { | |
15 | ||
16 | if (flags & VERBOSE) | |
17 | - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with valid passwd"); | |
18 | + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with valid passwd"); | |
19 | ||
20 | cache_un_lock(hash_offset); | |
21 | table_stats->hits++; | |
22 | @@ -272,14 +272,14 @@ int cache_lookup(const char *user, const char *realm, const char *service, const | |
23 | } | |
24 | ||
25 | if (flags & VERBOSE) | |
26 | - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with invalid passwd, update pending"); | |
27 | + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with invalid passwd, update pending"); | |
28 | ||
29 | result->status = CACHE_FLUSH; | |
30 | ||
31 | } else { | |
32 | ||
33 | if (flags & VERBOSE) | |
34 | - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "not found, update pending"); | |
35 | + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "not found, update pending"); | |
36 | ||
37 | result->status = CACHE_FLUSH_WITH_RESCAN; | |
38 | } |
0 | --- cyrus-sasl2.orig/configure.in | |
1 | +++ cyrus-sasl2/configure.in | |
2 | @@ -44,6 +44,8 @@ dnl | |
3 | AC_INIT(lib/saslint.h) | |
4 | AC_PREREQ([2.54]) | |
5 | ||
6 | +AC_CONFIG_MACRO_DIRS([cmulocal] [config]) | |
7 | + | |
8 | dnl use ./config.cache as the default cache file. | |
9 | dnl we require a cache file to successfully configure our build. | |
10 | if test $cache_file = "/dev/null"; then | |
11 | --- cyrus-sasl2.orig/Makefile.am | |
12 | +++ cyrus-sasl2/Makefile.am | |
13 | @@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7 | |
14 | # | |
15 | ################################################################ | |
16 | ||
17 | +ACLOCAL_AMFLAGS = -I cmulocal -I config | |
18 | + | |
19 | if SASLAUTHD | |
20 | SAD = saslauthd | |
21 | else | |
22 | --- cyrus-sasl2.orig/saslauthd/configure.in | |
23 | +++ cyrus-sasl2/saslauthd/configure.in | |
24 | @@ -1,7 +1,8 @@ | |
25 | AC_INIT(mechanisms.h) | |
26 | AC_PREREQ([2.54]) | |
27 | ||
28 | -AC_CONFIG_AUX_DIR(config) | |
29 | +AC_CONFIG_MACRO_DIRS([../cmulocal] [../config]) | |
30 | +AC_CONFIG_AUX_DIR([config]) | |
31 | AC_CANONICAL_HOST | |
32 | ||
33 | dnl Should we enable SASLAUTHd at all? | |
34 | @@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS) | |
35 | ||
36 | dnl Checks for which function macros exist | |
37 | AC_MSG_CHECKING(whether $CC implements __func__) | |
38 | -AC_CACHE_VAL(have_func, | |
39 | +AC_CACHE_VAL(_cv_have_func, | |
40 | [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);], | |
41 | -have_func=yes, | |
42 | -have_func=no)]) | |
43 | -AC_MSG_RESULT($have_func) | |
44 | -if test "$have_func" = yes; then | |
45 | +_cv_have_func=yes, | |
46 | +_cv_have_func=no)]) | |
47 | +AC_MSG_RESULT($_cv_have_func) | |
48 | +if test "$_cv_have_func" = yes; then | |
49 | AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) | |
50 | else | |
51 | AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) | |
52 | - AC_CACHE_VAL(have_pretty_function, | |
53 | + AC_CACHE_VAL(_cv_have_pretty_function, | |
54 | [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);], | |
55 | - have_pretty_function=yes, | |
56 | - have_pretty_function=no)]) | |
57 | - AC_MSG_RESULT($have_pretty_function) | |
58 | - if test "$have_pretty_function" = yes; then | |
59 | + _cv_have_pretty_function=yes, | |
60 | + _cv_have_pretty_function=no)]) | |
61 | + AC_MSG_RESULT($_cv_have_pretty_function) | |
62 | + if test "$_cv_have_pretty_function" = yes; then | |
63 | AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) | |
64 | else | |
65 | AC_MSG_CHECKING(whether $CC implements __FUNCTION__) | |
66 | - AC_CACHE_VAL(have_function, | |
67 | + AC_CACHE_VAL(_cv_have_function, | |
68 | [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);], | |
69 | - have_function=yes, | |
70 | - have_function=no)]) | |
71 | - AC_MSG_RESULT($have_function) | |
72 | - if test "$have_function" = yes; then | |
73 | + _cv_have_function=yes, | |
74 | + _cv_have_function=no)]) | |
75 | + AC_MSG_RESULT($_cv_have_function) | |
76 | + if test "$_cv_have_function" = yes; then | |
77 | AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) | |
78 | fi | |
79 | fi | |
80 | --- cyrus-sasl2.orig/saslauthd/Makefile.am | |
81 | +++ cyrus-sasl2/saslauthd/Makefile.am | |
82 | @@ -1,4 +1,6 @@ | |
83 | AUTOMAKE_OPTIONS = 1.7 | |
84 | +ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config | |
85 | + | |
86 | sbin_PROGRAMS = saslauthd testsaslauthd | |
87 | EXTRA_PROGRAMS = saslcache | |
88 | ||
89 | --- cyrus-sasl2.orig/config/kerberos_v4.m4 | |
90 | +++ cyrus-sasl2/config/kerberos_v4.m4 | |
91 | @@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [ | |
92 | dnl if we were ambitious, we would look more aggressively for the | |
93 | dnl krb4 install | |
94 | if test -d ${krb4}; then | |
95 | - AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ | |
96 | + AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ | |
97 | for krbhloc in include/kerberosIV include/kerberos include | |
98 | do | |
99 | if test -f ${krb4}/${krbhloc}/krb.h ; then | |
100 | - cyrus_krbinclude=${krb4}/${krbhloc} | |
101 | + cyrus_cv_krbinclude=${krb4}/${krbhloc} | |
102 | break | |
103 | fi | |
104 | done | |
105 | ]) | |
106 | ||
107 | - if test -n "${cyrus_krbinclude}"; then | |
108 | - CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" | |
109 | + if test -n "${cyrus_cv_krbinclude}"; then | |
110 | + CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" | |
111 | fi | |
112 | LDFLAGS="$LDFLAGS -L$krb4/lib" | |
113 | fi |
0 | From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org> | |
1 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
2 | Subject: Revert upstream soname bump | |
3 | ||
4 | --- | |
5 | lib/Makefile.am | 2 +- | |
6 | lib/Makefile.in | 2 +- | |
7 | plugins/Makefile.am | 2 +- | |
8 | plugins/Makefile.in | 2 +- | |
9 | 4 files changed, 4 insertions(+), 4 deletions(-) | |
10 | ||
11 | diff --git a/lib/Makefile.am b/lib/Makefile.am | |
12 | index 16b14f4..9777457 100644 | |
13 | --- a/lib/Makefile.am | |
14 | +++ b/lib/Makefile.am | |
15 | @@ -43,7 +43,7 @@ | |
16 | # Library version info - here at the top, for sanity | |
17 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
18 | # CURRENT:REVISION:AGE | |
19 | -sasl_version = 3:0:0 | |
20 | +sasl_version = 2:25:0 | |
21 | ||
22 | INCLUDES=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb | |
23 | ||
24 | diff --git a/lib/Makefile.in b/lib/Makefile.in | |
25 | index c1fefd8..629947b 100644 | |
26 | --- a/lib/Makefile.in | |
27 | +++ b/lib/Makefile.in | |
28 | @@ -319,7 +319,7 @@ top_srcdir = @top_srcdir@ | |
29 | # Library version info - here at the top, for sanity | |
30 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
31 | # CURRENT:REVISION:AGE | |
32 | -sasl_version = 3:0:0 | |
33 | +sasl_version = 2:25:0 | |
34 | INCLUDES = -DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb | |
35 | EXTRA_DIST = windlopen.c staticopen.h NTMakefile | |
36 | EXTRA_LIBRARIES = libsasl2.a | |
37 | diff --git a/plugins/Makefile.am b/plugins/Makefile.am | |
38 | index d570de1..ce1af46 100644 | |
39 | --- a/plugins/Makefile.am | |
40 | +++ b/plugins/Makefile.am | |
41 | @@ -47,7 +47,7 @@ | |
42 | # Library version info - here at the top, for sanity | |
43 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
44 | # CURRENT:REVISION:AGE | |
45 | -plugin_version = 3:0:0 | |
46 | +plugin_version = 2:25:0 | |
47 | ||
48 | INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include | |
49 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) | |
50 | diff --git a/plugins/Makefile.in b/plugins/Makefile.in | |
51 | index da7956f..4c96dea 100644 | |
52 | --- a/plugins/Makefile.in | |
53 | +++ b/plugins/Makefile.in | |
54 | @@ -362,7 +362,7 @@ top_srcdir = @top_srcdir@ | |
55 | # Library version info - here at the top, for sanity | |
56 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
57 | # CURRENT:REVISION:AGE | |
58 | -plugin_version = 3:0:0 | |
59 | +plugin_version = 2:25:0 | |
60 | INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include | |
61 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) | |
62 | COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ |
0 | --- cyrus-sasl2.orig/plugins/ldapdb.c | |
1 | +++ cyrus-sasl2/plugins/ldapdb.c | |
2 | @@ -251,6 +251,8 @@ static int ldapdb_auxprop_lookup(void *g | |
3 | ||
4 | #if defined(LDAP_PROXY_AUTHZ_FAILURE) | |
5 | case LDAP_PROXY_AUTHZ_FAILURE: | |
6 | +#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE) | |
7 | + case LDAP_X_PROXY_AUTHZ_FAILURE: | |
8 | #endif | |
9 | case LDAP_INAPPROPRIATE_AUTH: | |
10 | case LDAP_INVALID_CREDENTIALS: |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: Fix 'return SASL_FAIL;' in void sasl_dispose() | |
4 | ||
5 | --- | |
6 | lib/common.c | 2 +- | |
7 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
8 | ||
9 | diff --git a/lib/common.c b/lib/common.c | |
10 | index 1df5702..74ebac8 100644 | |
11 | --- a/lib/common.c | |
12 | +++ b/lib/common.c | |
13 | @@ -841,7 +841,7 @@ void sasl_dispose(sasl_conn_t **pconn) | |
14 | ||
15 | if (!free_mutex || free_mutex == 0x1) | |
16 | free_mutex = sasl_MUTEX_ALLOC(); | |
17 | - if (!free_mutex) return SASL_FAIL; | |
18 | + if (!free_mutex) return; | |
19 | ||
20 | result = sasl_MUTEX_LOCK(free_mutex); | |
21 | if (result!=SASL_OK) return; |
0 | --- cyrus-sasl2.orig/lib/dlopen.c | |
1 | +++ cyrus-sasl2/lib/dlopen.c | |
2 | @@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi | |
3 | return result; | |
4 | } | |
5 | ||
6 | -/* this returns the file to actually open. | |
7 | - * out should be a buffer of size PATH_MAX | |
8 | - * and may be the same as in. */ | |
9 | - | |
10 | -/* We'll use a static buffer for speed unless someone complains */ | |
11 | -#define MAX_LINE 2048 | |
12 | - | |
13 | -static int _parse_la(const char *prefix, const char *in, char *out) | |
14 | -{ | |
15 | - FILE *file; | |
16 | - size_t length; | |
17 | - char line[MAX_LINE]; | |
18 | - char *ntmp = NULL; | |
19 | - | |
20 | - if(!in || !out || !prefix || out == in) return SASL_BADPARAM; | |
21 | - | |
22 | - /* Set this so we can detect failure */ | |
23 | - *out = '\0'; | |
24 | - | |
25 | - length = strlen(in); | |
26 | - | |
27 | - if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) { | |
28 | - if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) { | |
29 | - /* check for a .la file */ | |
30 | - strcpy(line, prefix); | |
31 | - strcat(line, in); | |
32 | - length = strlen(line); | |
33 | - *(line + (length - strlen(SO_SUFFIX))) = '\0'; | |
34 | - strcat(line, LA_SUFFIX); | |
35 | - file = fopen(line, "r"); | |
36 | - if(file) { | |
37 | - /* We'll get it on the .la open */ | |
38 | - fclose(file); | |
39 | - return SASL_FAIL; | |
40 | - } | |
41 | - } | |
42 | - strcpy(out, prefix); | |
43 | - strcat(out, in); | |
44 | - return SASL_OK; | |
45 | - } | |
46 | - | |
47 | - strcpy(line, prefix); | |
48 | - strcat(line, in); | |
49 | - | |
50 | - file = fopen(line, "r"); | |
51 | - if(!file) { | |
52 | - _sasl_log(NULL, SASL_LOG_WARN, | |
53 | - "unable to open LA file: %s", line); | |
54 | - return SASL_FAIL; | |
55 | - } | |
56 | - | |
57 | - while(!feof(file)) { | |
58 | - if(!fgets(line, MAX_LINE, file)) break; | |
59 | - if(line[strlen(line) - 1] != '\n') { | |
60 | - _sasl_log(NULL, SASL_LOG_WARN, | |
61 | - "LA file has too long of a line: %s", in); | |
62 | - return SASL_BUFOVER; | |
63 | - } | |
64 | - if(line[0] == '\n' || line[0] == '#') continue; | |
65 | - if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) { | |
66 | - /* We found the line with the name in it */ | |
67 | - char *end; | |
68 | - char *start; | |
69 | - size_t len; | |
70 | - end = strrchr(line, '\''); | |
71 | - if(!end) continue; | |
72 | - start = &line[sizeof("dlname=")-1]; | |
73 | - len = strlen(start); | |
74 | - if(len > 3 && start[0] == '\'') { | |
75 | - ntmp=&start[1]; | |
76 | - *end='\0'; | |
77 | - /* Do we have dlname="" ? */ | |
78 | - if(ntmp == end) { | |
79 | - _sasl_log(NULL, SASL_LOG_DEBUG, | |
80 | - "dlname is empty in .la file: %s", in); | |
81 | - return SASL_FAIL; | |
82 | - } | |
83 | - strcpy(out, prefix); | |
84 | - strcat(out, ntmp); | |
85 | - } | |
86 | - break; | |
87 | - } | |
88 | - } | |
89 | - if(ferror(file) || feof(file)) { | |
90 | - _sasl_log(NULL, SASL_LOG_WARN, | |
91 | - "Error reading .la: %s\n", in); | |
92 | - fclose(file); | |
93 | - return SASL_FAIL; | |
94 | - } | |
95 | - fclose(file); | |
96 | - | |
97 | - if(!(*out)) { | |
98 | - _sasl_log(NULL, SASL_LOG_WARN, | |
99 | - "Could not find a dlname line in .la file: %s", in); | |
100 | - return SASL_FAIL; | |
101 | - } | |
102 | - | |
103 | - return SASL_OK; | |
104 | -} | |
105 | #endif /* DO_DLOPEN */ | |
106 | ||
107 | /* loads a plugin library */ | |
108 | @@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_ | |
109 | if (length + pos>=PATH_MAX) continue; /* too big */ | |
110 | ||
111 | if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)), | |
112 | - SO_SUFFIX) | |
113 | - && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)), | |
114 | - LA_SUFFIX)) | |
115 | + SO_SUFFIX)) | |
116 | continue; | |
117 | ||
118 | + /* We only use .so files for loading plugins */ | |
119 | + | |
120 | memcpy(name,dir->d_name,length); | |
121 | name[length]='\0'; | |
122 | ||
123 | - result = _parse_la(prefix, name, tmp); | |
124 | - if(result != SASL_OK) | |
125 | - continue; | |
126 | - | |
127 | + /* Create full name with path */ | |
128 | + strncpy(tmp, prefix, PATH_MAX); | |
129 | + strncat(tmp, name, PATH_MAX); | |
130 | + | |
131 | /* skip "lib" and cut off suffix -- | |
132 | this only need be approximate */ | |
133 | strcpy(plugname, name + 3); |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:05 +0100 | |
3 | Subject: properly create libsasl2.pc | |
4 | ||
5 | --- | |
6 | Makefile.am | 10 ++++++++++ | |
7 | configure.in | 1 - | |
8 | 2 files changed, 10 insertions(+), 1 deletion(-) | |
9 | ||
10 | diff --git a/Makefile.am b/Makefile.am | |
11 | index 220565f..4055bf8 100644 | |
12 | --- a/Makefile.am | |
13 | +++ b/Makefile.am | |
14 | @@ -43,6 +43,12 @@ AUTOMAKE_OPTIONS = 1.7 | |
15 | # | |
16 | ################################################################ | |
17 | ||
18 | +do_subst = sed -e 's,[@]LIB_DOOR[@],$(LIB_DOOR),g' \ | |
19 | + -e 's,[@]SASL_DL_LIB[@],$(SASL_DL_LIB),g' \ | |
20 | + -e 's,[@]LIBS[@],$(LIBS),g' \ | |
21 | + -e 's,[@]VERSION[@],$(VERSION),g' \ | |
22 | + -e 's,[@]libdir[@],$(libdir),g' | |
23 | + | |
24 | ACLOCAL_AMFLAGS = -I cmulocal -I config | |
25 | ||
26 | if SASLAUTHD | |
27 | @@ -78,6 +84,10 @@ EXTRA_DIST=config cmulocal win32 mac dlcompat-20010505 NTMakefile INSTALL.TXT \ | |
28 | pkgconfigdir = $(libdir)/pkgconfig | |
29 | pkgconfig_DATA = libsasl2.pc | |
30 | ||
31 | +libsasl2.pc: $(srcdir)/libsasl2.pc.in Makefile | |
32 | + rm -f $@ | |
33 | + $(do_subst) < $(srcdir)/libsasl2.pc.in > $@ | |
34 | + | |
35 | dist-hook: | |
36 | @find $(distdir) -exec chmod o+w {} ';' | |
37 | @find $(distdir) -name CVS -print | xargs -t rm -rf | |
38 | diff --git a/configure.in b/configure.in | |
39 | index 694a734..ea24213 100644 | |
40 | --- a/configure.in | |
41 | +++ b/configure.in | |
42 | @@ -1419,7 +1419,6 @@ inline static unsigned int sleep(unsigned int seconds) { | |
43 | AM_CONFIG_HEADER(config.h) | |
44 | ||
45 | AC_OUTPUT(Makefile | |
46 | -libsasl2.pc | |
47 | include/Makefile | |
48 | sasldb/Makefile | |
49 | plugins/Makefile |
0 | --- cyrus-sasl2.orig/configure.in | |
1 | +++ cyrus-sasl2/configure.in | |
2 | @@ -865,9 +865,9 @@ case "$with_sqlite" in | |
3 | notfound) AC_WARN([SQLite Library not found]); true;; | |
4 | *) | |
5 | if test -d ${with_sqlite}/lib; then | |
6 | - LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" | |
7 | + LIB_SQLITE="-L${with_sqlite}/lib" | |
8 | else | |
9 | - LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" | |
10 | + LIB_SQLITE="-L${with_sqlite}" | |
11 | fi | |
12 | ||
13 | LIB_SQLITE_DIR=$LIB_SQLITE | |
14 | @@ -917,9 +917,9 @@ case "$with_sqlite3" in | |
15 | notfound) AC_WARN([SQLite3 Library not found]); true;; | |
16 | *) | |
17 | if test -d ${with_sqlite3}/lib; then | |
18 | - LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" | |
19 | + LIB_SQLITE3="-L${with_sqlite3}/lib" | |
20 | else | |
21 | - LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" | |
22 | + LIB_SQLITE3="-L${with_sqlite3}" | |
23 | fi | |
24 | ||
25 | LIB_SQLITE3_DIR=$LIB_SQLITE3 |
0 | From: Sebastian Pipping <sebastian@pipping.org> | |
1 | Date: Fri, 5 Jul 2013 18:34:50 +0200 | |
2 | Subject: 2.1.26: Allow "* CAPABILITY" lines in IMAP login reply (v4) | |
3 | ||
4 | --- | |
5 | saslauthd/auth_rimap.c | 125 +++++++++++++++++++++++++++++++++++++++++++------ | |
6 | 1 file changed, 111 insertions(+), 14 deletions(-) | |
7 | ||
8 | diff --git a/saslauthd/auth_rimap.c b/saslauthd/auth_rimap.c | |
9 | index bb8eccb..06341d7 100644 | |
10 | --- a/saslauthd/auth_rimap.c | |
11 | +++ b/saslauthd/auth_rimap.c | |
12 | @@ -3,6 +3,7 @@ | |
13 | ||
14 | /* COPYRIGHT | |
15 | * Copyright (c) 1998 Messaging Direct Ltd. | |
16 | + * Copyright (c) 2013 Sebastian Pipping <sebastian@pipping.org> | |
17 | * All rights reserved. | |
18 | * | |
19 | * Redistribution and use in source and binary forms, with or without | |
20 | @@ -91,6 +92,9 @@ static struct addrinfo *ai = NULL; /* remote authentication host */ | |
21 | #define TAG "saslauthd" /* IMAP command tag */ | |
22 | #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ | |
23 | #define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ | |
24 | +#define LOGIN_REPLY_GOOD (TAG " OK") /* Expected IMAP login reply, good edition (with tag) */ | |
25 | +#define LOGIN_REPLY_BAD (TAG " NO") /* Expected IMAP login reply, bad edition (with tag) */ | |
26 | +#define LOGIN_REPLY_CAP "* CAPABILITY" /* Expected IMAP login reply, capabilities edition */ | |
27 | #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ | |
28 | #define RESP_LEN 1000 /* size of read response buffer */ | |
29 | ||
30 | @@ -278,6 +282,109 @@ auth_rimap_init ( | |
31 | ||
32 | /* END FUNCTION: auth_rimap_init */ | |
33 | ||
34 | +typedef enum _t_login_status { | |
35 | + LOGIN_STATUS_UNKNOWN, | |
36 | + | |
37 | + LOGIN_STATUS_ACCEPTED, | |
38 | + LOGIN_STATUS_REJECTED, | |
39 | + LOGIN_STATUS_MALFORMED | |
40 | +} t_login_status; | |
41 | + | |
42 | +/* FUNCTION: warn_malformed_imap_login_reply */ | |
43 | +void | |
44 | +warn_malformed_imap_login_reply( | |
45 | + /* PARAMETERS */ | |
46 | + const char * server_reply /* I: plaintext server reply */ | |
47 | + /* END PARAMETERS */ | |
48 | + ) | |
49 | +{ | |
50 | + syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s", server_reply); | |
51 | +} | |
52 | + | |
53 | +/* END FUNCTION: warn_malformed_imap_login_reply */ | |
54 | + | |
55 | +/* FUNCTION: process_login_reply */ | |
56 | + | |
57 | +/* SYNOPSIS | |
58 | + * Classify IMAP server reply into accepted, rejected or malformed. | |
59 | + * END SYNOPSIS */ | |
60 | + | |
61 | +t_login_status | |
62 | +process_login_reply( | |
63 | + /* PARAMETERS */ | |
64 | + char * server_reply, /* I/O: plaintext server reply */ | |
65 | + const char * login /* I : plaintext authenticator */ | |
66 | + /* END PARAMETERS */ | |
67 | + ) | |
68 | +{ | |
69 | + /* VARIABLES */ | |
70 | + t_login_status res = LOGIN_STATUS_UNKNOWN; | |
71 | + char * line_first = server_reply; | |
72 | + char * line_after_last; | |
73 | + /* END VARIABLES */ | |
74 | + | |
75 | + for (;;) { | |
76 | + /* find line boundary */ | |
77 | + line_after_last = strpbrk(line_first, "\x0a\x0d"); | |
78 | + if (line_after_last == NULL) { | |
79 | + warn_malformed_imap_login_reply(line_first); | |
80 | + return LOGIN_STATUS_MALFORMED; | |
81 | + } | |
82 | + | |
83 | + /* handle single line */ | |
84 | + { | |
85 | + /* terminate line (reverted later) */ | |
86 | + const char backup = line_after_last[0]; | |
87 | + line_after_last[0] = '\0'; | |
88 | + | |
89 | + /* classify current line */ | |
90 | + if (strncmp(line_first, LOGIN_REPLY_GOOD, sizeof(LOGIN_REPLY_GOOD) - 1) == 0) { | |
91 | + res = LOGIN_STATUS_ACCEPTED; | |
92 | + } else if (strncmp(line_first, LOGIN_REPLY_BAD, sizeof(LOGIN_REPLY_BAD) - 1) == 0) { | |
93 | + res = LOGIN_STATUS_REJECTED; | |
94 | + } else if (strncmp(line_first, LOGIN_REPLY_CAP, sizeof(LOGIN_REPLY_CAP) - 1) == 0) { | |
95 | + /* keep looking for ".. OK" or ".. NO" */ | |
96 | + } else { | |
97 | + res = LOGIN_STATUS_MALFORMED; | |
98 | + } | |
99 | + | |
100 | + /* report current line */ | |
101 | + if (res == LOGIN_STATUS_MALFORMED) { | |
102 | + warn_malformed_imap_login_reply(line_first); | |
103 | + } else if (flags & VERBOSE) { | |
104 | + syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, line_first); | |
105 | + } | |
106 | + | |
107 | + /* revert termination */ | |
108 | + line_after_last[0] = backup; | |
109 | + } | |
110 | + | |
111 | + /* are we done? */ | |
112 | + if (res != LOGIN_STATUS_UNKNOWN) { | |
113 | + return res; | |
114 | + } | |
115 | + | |
116 | + /* forward to next line */ | |
117 | + while ((line_after_last[0] == '\x0a') | |
118 | + || (line_after_last[0] == '\x0d')) { | |
119 | + line_after_last++; | |
120 | + } | |
121 | + | |
122 | + /* no more lines? */ | |
123 | + if (line_after_last[0] == '\0') { | |
124 | + warn_malformed_imap_login_reply(""); | |
125 | + return LOGIN_STATUS_MALFORMED; | |
126 | + } | |
127 | + | |
128 | + /* prepare for next round */ | |
129 | + line_first = line_after_last; | |
130 | + } | |
131 | + | |
132 | + assert(! "cannot be reached"); | |
133 | +} | |
134 | + | |
135 | +/* END FUNCTION: process_login_reply */ | |
136 | + | |
137 | /* FUNCTION: auth_rimap */ | |
138 | ||
139 | /* SYNOPSIS | |
140 | @@ -318,6 +425,7 @@ auth_rimap ( | |
141 | char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; | |
142 | int saved_errno; | |
143 | int niflags; | |
144 | + t_login_status login_status = LOGIN_STATUS_MALFORMED; | |
145 | /* END VARIABLES */ | |
146 | ||
147 | /* sanity checks */ | |
148 | @@ -533,25 +641,14 @@ auth_rimap ( | |
149 | } | |
150 | ||
151 | rbuf[rc] = '\0'; /* tie off response */ | |
152 | - c = strpbrk(rbuf, "\r\n"); | |
153 | - if (c != NULL) { | |
154 | - *c = '\0'; /* tie off line termination */ | |
155 | - } | |
156 | + login_status = process_login_reply(rbuf, login); | |
157 | ||
158 | - if (!strncmp(rbuf, TAG " OK", sizeof(TAG " OK")-1)) { | |
159 | - if (flags & VERBOSE) { | |
160 | - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf); | |
161 | - } | |
162 | + if (login_status == LOGIN_STATUS_ACCEPTED) { | |
163 | return strdup("OK remote authentication successful"); | |
164 | } | |
165 | - if (!strncmp(rbuf, TAG " NO", sizeof(TAG " NO")-1)) { | |
166 | - if (flags & VERBOSE) { | |
167 | - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf); | |
168 | - } | |
169 | + if (login_status == LOGIN_STATUS_REJECTED) { | |
170 | return strdup("NO remote server rejected your credentials"); | |
171 | } | |
172 | - syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s", | |
173 | - rbuf); | |
174 | return strdup(RESP_UNEXPECTED); | |
175 | ||
176 | } |
0 | --- cyrus-sasl2.orig/plugins/gssapi.c | |
1 | +++ cyrus-sasl2/plugins/gssapi.c | |
2 | @@ -1583,10 +1583,10 @@ static int gssapi_client_mech_step(void | |
3 | } | |
4 | ||
5 | /* Setup req_flags properly */ | |
6 | - req_flags = GSS_C_INTEG_FLAG; | |
7 | + req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; | |
8 | if (params->props.max_ssf > params->external_ssf) { | |
9 | /* We are requesting a security layer */ | |
10 | - req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; | |
11 | + req_flags |= GSS_C_INTEG_FLAG; | |
12 | /* Any SSF bigger than 1 is confidentiality. */ | |
13 | /* Let's check if the client of the API requires confidentiality, | |
14 | and it wasn't already provided by an external layer */ |
0 | From: Debian Cyrus SASL Team | |
1 | <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org> | |
2 | Date: Thu, 24 Mar 2016 11:35:06 +0100 | |
3 | Subject: Fix early hangup in ipc_unix.c | |
4 | ||
5 | --- | |
6 | saslauthd/ipc_unix.c | 5 +++++ | |
7 | 1 file changed, 5 insertions(+) | |
8 | ||
9 | diff --git a/saslauthd/ipc_unix.c b/saslauthd/ipc_unix.c | |
10 | index f82a245..7ef7912 100644 | |
11 | --- a/saslauthd/ipc_unix.c | |
12 | +++ b/saslauthd/ipc_unix.c | |
13 | @@ -217,6 +217,7 @@ void ipc_loop() { | |
14 | ||
15 | int rc; | |
16 | int conn_fd; | |
17 | + unsigned char dummy; | |
18 | ||
19 | ||
20 | while(1) { | |
21 | @@ -261,6 +262,8 @@ void ipc_loop() { | |
22 | } | |
23 | ||
24 | do_request(conn_fd); | |
25 | + shutdown(conn_fd, SHUT_WR); | |
26 | + while (read(conn_fd, &dummy, 1) > 0) { } | |
27 | close(conn_fd); | |
28 | ||
29 | if(flags & DETACH_TTY) { | |
30 | @@ -275,6 +278,8 @@ void ipc_loop() { | |
31 | * Normal prefork mode. | |
32 | *************************************************************/ | |
33 | do_request(conn_fd); | |
34 | + shutdown(conn_fd, SHUT_WR); | |
35 | + while (read(conn_fd, &dummy, 1) > 0) { } | |
36 | close(conn_fd); | |
37 | } | |
38 |
0 | --- cyrus-sasl2.orig/plugins/gssapi.c | |
1 | +++ cyrus-sasl2/plugins/gssapi.c | |
2 | @@ -376,6 +376,7 @@ sasl_gss_encode(void *context, const str | |
3 | } | |
4 | ||
5 | if (output_token->value && output) { | |
6 | + int len; | |
7 | unsigned char * p; | |
8 | ||
9 | ret = _plug_buf_alloc(text->utils, | |
10 | @@ -392,11 +393,8 @@ sasl_gss_encode(void *context, const str | |
11 | ||
12 | p = (unsigned char *) text->encode_buf; | |
13 | ||
14 | - p[0] = (output_token->length>>24) & 0xFF; | |
15 | - p[1] = (output_token->length>>16) & 0xFF; | |
16 | - p[2] = (output_token->length>>8) & 0xFF; | |
17 | - p[3] = output_token->length & 0xFF; | |
18 | - | |
19 | + len = htonl(output_token->length); | |
20 | + memcpy(text->encode_buf, &len, 4); | |
21 | memcpy(text->encode_buf + 4, output_token->value, output_token->length); | |
22 | } | |
23 |
0 | From: mancha <mancha1@hush.com> | |
1 | Date: Thu, 11 Jul 2013 10:08:07 +0100 | |
2 | Subject: Handle NULL returns from glibc 2.17+ crypt() | |
3 | ||
4 | Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL | |
5 | (w/ NULL return) if the salt violates specifications. Additionally, | |
6 | on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords | |
7 | passed to crypt() fail with EPERM (w/ NULL return). | |
8 | ||
9 | When using glibc's crypt(), check return value to avoid a possible | |
10 | NULL pointer dereference. | |
11 | ||
12 | Patch by mancha1@hush.com. | |
13 | --- | |
14 | pwcheck/pwcheck_getpwnam.c | 3 ++- | |
15 | pwcheck/pwcheck_getspnam.c | 4 +++- | |
16 | saslauthd/auth_getpwent.c | 4 +++- | |
17 | saslauthd/auth_shadow.c | 8 +++----- | |
18 | 4 files changed, 11 insertions(+), 8 deletions(-) | |
19 | ||
20 | diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c | |
21 | index 4b34222..400289c 100644 | |
22 | --- a/pwcheck/pwcheck_getpwnam.c | |
23 | +++ b/pwcheck/pwcheck_getpwnam.c | |
24 | @@ -32,6 +32,7 @@ char *userid; | |
25 | char *password; | |
26 | { | |
27 | char* r; | |
28 | + char* crpt_passwd; | |
29 | struct passwd *pwd; | |
30 | ||
31 | pwd = getpwnam(userid); | |
32 | @@ -41,7 +42,7 @@ char *password; | |
33 | else if (pwd->pw_passwd[0] == '*') { | |
34 | r = "Account disabled"; | |
35 | } | |
36 | - else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { | |
37 | + else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { | |
38 | r = "Incorrect password"; | |
39 | } | |
40 | else { | |
41 | diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c | |
42 | index 2b11286..6d607bb 100644 | |
43 | --- a/pwcheck/pwcheck_getspnam.c | |
44 | +++ b/pwcheck/pwcheck_getspnam.c | |
45 | @@ -32,13 +32,15 @@ char *userid; | |
46 | char *password; | |
47 | { | |
48 | struct spwd *pwd; | |
49 | + char *crpt_passwd; | |
50 | ||
51 | pwd = getspnam(userid); | |
52 | if (!pwd) { | |
53 | return "Userid not found"; | |
54 | } | |
55 | ||
56 | - if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { | |
57 | + crpt_passwd = crypt(password, pwd->sp_pwdp); | |
58 | + if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { | |
59 | return "Incorrect password"; | |
60 | } | |
61 | else { | |
62 | diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c | |
63 | index fc8029d..d4ebe54 100644 | |
64 | --- a/saslauthd/auth_getpwent.c | |
65 | +++ b/saslauthd/auth_getpwent.c | |
66 | @@ -77,6 +77,7 @@ auth_getpwent ( | |
67 | { | |
68 | /* VARIABLES */ | |
69 | struct passwd *pw; /* pointer to passwd file entry */ | |
70 | + char *crpt_passwd; /* encrypted password */ | |
71 | int errnum; | |
72 | /* END VARIABLES */ | |
73 | ||
74 | @@ -105,7 +106,8 @@ auth_getpwent ( | |
75 | } | |
76 | } | |
77 | ||
78 | - if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { | |
79 | + crpt_passwd = crypt(password, pw->pw_passwd); | |
80 | + if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { | |
81 | if (flags & VERBOSE) { | |
82 | syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); | |
83 | } | |
84 | diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c | |
85 | index d0efa9a..c00faa3 100644 | |
86 | --- a/saslauthd/auth_shadow.c | |
87 | +++ b/saslauthd/auth_shadow.c | |
88 | @@ -211,8 +211,8 @@ auth_shadow ( | |
89 | RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); | |
90 | } | |
91 | ||
92 | - cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); | |
93 | - if (strcmp(sp->sp_pwdp, cpw)) { | |
94 | + cpw = crypt(password, sp->sp_pwdp); | |
95 | + if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { | |
96 | if (flags & VERBOSE) { | |
97 | /* | |
98 | * This _should_ reveal the SHADOW_PW_LOCKED prefix to an | |
99 | @@ -222,10 +222,8 @@ auth_shadow ( | |
100 | syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", | |
101 | sp->sp_pwdp, cpw); | |
102 | } | |
103 | - free(cpw); | |
104 | RETURN("NO Incorrect password"); | |
105 | } | |
106 | - free(cpw); | |
107 | ||
108 | /* | |
109 | * The following fields will be set to -1 if: | |
110 | @@ -287,7 +285,7 @@ auth_shadow ( | |
111 | RETURN("NO Invalid username"); | |
112 | } | |
113 | ||
114 | - if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { | |
115 | + if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { | |
116 | if (flags & VERBOSE) { | |
117 | syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", | |
118 | password, upw->upw_passwd); |
0 | --- cyrus-sasl2.orig/lib/checkpw.c | |
1 | +++ cyrus-sasl2/lib/checkpw.c | |
2 | @@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de | |
3 | /* Timeout. */ | |
4 | errno = ETIMEDOUT; | |
5 | return -1; | |
6 | - case +1: | |
7 | - if (FD_ISSET(fd, &rfds)) { | |
8 | - /* Success, file descriptor is readable. */ | |
9 | - return 0; | |
10 | - } | |
11 | - return -1; | |
12 | case -1: | |
13 | if (errno == EINTR || errno == EAGAIN) | |
14 | continue; | |
15 | default: | |
16 | + if (FD_ISSET(fd, &rfds)) { | |
17 | + /* Success, file descriptor is readable. */ | |
18 | + return 0; | |
19 | + } | |
20 | /* Error catch-all. */ | |
21 | return -1; | |
22 | } |
0 | From: Jered Floyd <jered@convivian.com> | |
1 | Date: Thu, 24 Mar 2016 11:36:07 +0100 | |
2 | Subject: Fix auth_rimap infinite loop (hang) when IMAP server closes | |
3 | connection | |
4 | ||
5 | --- | |
6 | saslauthd/auth_rimap.c | 4 ++-- | |
7 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
8 | ||
9 | diff --git a/saslauthd/auth_rimap.c b/saslauthd/auth_rimap.c | |
10 | index 06341d7..03584ac 100644 | |
11 | --- a/saslauthd/auth_rimap.c | |
12 | +++ b/saslauthd/auth_rimap.c | |
13 | @@ -494,7 +494,7 @@ auth_rimap ( | |
14 | while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { | |
15 | if ( FD_ISSET(s, &perm) ) { | |
16 | ret = read(s, rbuf+rc, sizeof(rbuf)-rc); | |
17 | - if ( ret<0 ) { | |
18 | + if ( ret<=0 ) { | |
19 | rc = ret; | |
20 | break; | |
21 | } else { | |
22 | @@ -607,7 +607,7 @@ auth_rimap ( | |
23 | while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { | |
24 | if ( FD_ISSET(s, &perm) ) { | |
25 | ret = read(s, rbuf+rc, sizeof(rbuf)-rc); | |
26 | - if ( ret<0 ) { | |
27 | + if ( ret<=0 ) { | |
28 | rc = ret; | |
29 | break; | |
30 | } else { |
0 | --- cyrus-sasl2.orig/configure.in | |
1 | +++ cyrus-sasl2/configure.in | |
2 | @@ -277,7 +277,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR | |
3 | if test "$with_pam" != no; then | |
4 | if test -d $with_pam; then | |
5 | CPPFLAGS="$CPPFLAGS -I${with_pam}/include" | |
6 | - LDFLAGS="$LDFLAGS -L${with_pam}/lib" | |
7 | + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib" | |
8 | fi | |
9 | AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h) | |
10 | cmu_save_LIBS="$LIBS" | |
11 | --- cyrus-sasl2.orig/saslauthd/configure.in | |
12 | +++ cyrus-sasl2/saslauthd/configure.in | |
13 | @@ -95,7 +95,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR | |
14 | if test "$with_pam" != no; then | |
15 | if test -d $with_pam; then | |
16 | CPPFLAGS="$CPPFLAGS -I${with_pam}/include" | |
17 | - LDFLAGS="$LDFLAGS -L${with_pam}/lib" | |
18 | + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib" | |
19 | fi | |
20 | cmu_save_LIBS="$LIBS" | |
21 | AC_CHECK_LIB(pam, pam_start, [ |
0 | --- cyrus-sasl2.orig/saslauthd/saslauthd.8 | |
1 | +++ cyrus-sasl2/saslauthd/saslauthd.8 | |
2 | @@ -158,8 +158,8 @@ AAUUTTHHEENNTTIICCAATTIIOON | |
3 | Authenticate against an ldap server. The ldap configuration | |
4 | parameters are read from /usr/local/etc/saslauthd.conf. The | |
5 | location of this file can be changed with the -O parameter. | |
6 | - See the LDAP_SASLAUTHD file included with the distribution for | |
7 | - the list of available parameters. | |
8 | + See the LDAP_SASLAUTHD file included in the cyrus-sasl2-doc | |
9 | + package for the list of available parameters. | |
10 | ||
11 | sia _(_D_i_g_i_t_a_l _U_N_I_X_) | |
12 | ||
13 | --- cyrus-sasl2.orig/saslauthd/saslauthd.mdoc | |
14 | +++ cyrus-sasl2/saslauthd/saslauthd.mdoc | |
15 | @@ -222,8 +222,8 @@ instead. | |
16 | .Pp | |
17 | Authenticate against an ldap server. The ldap configuration parameters are | |
18 | read from /etc/saslauthd.conf. The location of this file can be | |
19 | -changed with the -O parameter. See the LDAP_SASLAUTHD file included with the | |
20 | -distribution for the list of available parameters. | |
21 | +changed with the -O parameter. See the LDAP_SASLAUTHD file included in the | |
22 | +cyrus-sasl2-doc package for the list of available parameters. | |
23 | .It Li sia | |
24 | .Em (Digital UNIX) | |
25 | .Pp |
0 | --- cyrus-sasl2.orig/saslauthd/auth_rimap.c | |
1 | +++ cyrus-sasl2/saslauthd/auth_rimap.c | |
2 | @@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re | |
3 | service we connect to. */ | |
4 | #define TAG "saslauthd" /* IMAP command tag */ | |
5 | #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ | |
6 | +#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ | |
7 | #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ | |
8 | #define RESP_LEN 1000 /* size of read response buffer */ | |
9 | ||
10 | @@ -307,10 +308,12 @@ auth_rimap ( | |
11 | int s=-1; /* socket to remote auth host */ | |
12 | struct addrinfo *r; /* remote socket address info */ | |
13 | struct iovec iov[5]; /* for sending LOGIN command */ | |
14 | + struct iovec iov2[1]; /* for sending LOGOUT command */ | |
15 | char *qlogin; /* pointer to "quoted" login */ | |
16 | char *qpass; /* pointer to "quoted" password */ | |
17 | char *c; /* scratch pointer */ | |
18 | int rc; /* return code scratch area */ | |
19 | + int rcl; /* return code scratch area */ | |
20 | char rbuf[RESP_LEN]; /* response read buffer */ | |
21 | char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; | |
22 | int saved_errno; | |
23 | @@ -505,6 +508,24 @@ auth_rimap ( | |
24 | } | |
25 | } | |
26 | } | |
27 | + | |
28 | + /* close remote imap */ | |
29 | + iov2[0].iov_base = LOGOUT_CMD; | |
30 | + iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; | |
31 | + iov2[1].iov_base = "\r\n"; | |
32 | + iov2[1].iov_len = sizeof("\r\n") - 1; | |
33 | + | |
34 | + if (flags & VERBOSE) { | |
35 | + syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", | |
36 | + LOGOUT_CMD, qlogin, qpass); | |
37 | + } | |
38 | + alarm(NETWORK_IO_TIMEOUT); | |
39 | + rcl = retry_writev(s, iov2, 2); | |
40 | + alarm(0); | |
41 | + if (rcl == -1) { | |
42 | + syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); | |
43 | + } | |
44 | + | |
45 | (void) close(s); /* we're done with the remote */ | |
46 | if (rc == -1) { | |
47 | syslog(LOG_WARNING, "auth_rimap: read (response): %m"); |
0 | --- cyrus-sasl2.orig/plugins/ldapdb.c | |
1 | +++ cyrus-sasl2/plugins/ldapdb.c | |
2 | @@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context, | |
3 | if ( len > out_max ) | |
4 | len = out_max; | |
5 | memcpy(out, bvals[0]->bv_val, len); | |
6 | + out[len] = '\0'; | |
7 | *out_ulen = len; | |
8 | ber_bvecfree(bvals); | |
9 | } |
0 | Author: Roberto C. Sanchez <roberto@connexer.com> | |
1 | Description: Fix buginess that results in the keytab configuration option not working on MIT Kerberos (Closes: #651308). | |
2 | --- cyrus-sasl2.git.orig/cmulocal/sasl2.m4 | |
3 | +++ cyrus-sasl2.git/cmulocal/sasl2.m4 | |
4 | @@ -266,6 +266,7 @@ | |
5 | cmu_save_LIBS="$LIBS" | |
6 | LIBS="$LIBS $GSSAPIBASE_LIBS" | |
7 | AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) | |
8 | + AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity) | |
9 | AC_CHECK_FUNCS(gss_decapsulate_token) | |
10 | AC_CHECK_FUNCS(gss_encapsulate_token) | |
11 | AC_CHECK_FUNCS(gss_oid_equal) | |
12 | --- cyrus-sasl2.git.orig/config.h.in | |
13 | +++ cyrus-sasl2.git/config.h.in | |
14 | @@ -126,6 +126,10 @@ | |
15 | */ | |
16 | #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
17 | ||
18 | +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function. | |
19 | + */ | |
20 | +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
21 | + | |
22 | /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ | |
23 | #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE | |
24 | ||
25 | --- cyrus-sasl2.git.orig/configure | |
26 | +++ cyrus-sasl2.git/configure | |
27 | @@ -13367,7 +13367,7 @@ | |
28 | cmu_save_LIBS="$LIBS" | |
29 | LIBS="$LIBS $GSSAPIBASE_LIBS" | |
30 | ||
31 | -for ac_func in gsskrb5_register_acceptor_identity | |
32 | +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity | |
33 | do | |
34 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | |
35 | { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 | |
36 | --- cyrus-sasl2.git.orig/plugins/gssapi.c | |
37 | +++ cyrus-sasl2.git/plugins/gssapi.c | |
38 | @@ -50,6 +50,9 @@ | |
39 | #else | |
40 | #include <gssapi/gssapi.h> | |
41 | #endif | |
42 | +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
43 | +#include <gssapi/gssapi_krb5.h> | |
44 | +#endif | |
45 | ||
46 | #ifdef WIN32 | |
47 | # include <winsock2.h> | |
48 | @@ -1365,7 +1368,7 @@ | |
49 | }; | |
50 | ||
51 | int gssapiv2_server_plug_init( | |
52 | -#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
53 | +#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) | |
54 | const sasl_utils_t *utils __attribute__((unused)), | |
55 | #else | |
56 | const sasl_utils_t *utils, | |
57 | @@ -1375,7 +1378,7 @@ | |
58 | sasl_server_plug_t **pluglist, | |
59 | int *plugcount) | |
60 | { | |
61 | -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
62 | +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) | |
63 | const char *keytab = NULL; | |
64 | char keytab_path[1024]; | |
65 | unsigned int rl; | |
66 | @@ -1385,7 +1388,7 @@ | |
67 | return SASL_BADVERS; | |
68 | } | |
69 | ||
70 | -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
71 | +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) | |
72 | /* unfortunately, we don't check for readability of keytab if it's | |
73 | the standard one, since we don't know where it is */ | |
74 | ||
75 | @@ -1408,7 +1411,12 @@ | |
76 | ||
77 | strncpy(keytab_path, keytab, 1024); | |
78 | ||
79 | +#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
80 | gsskrb5_register_acceptor_identity(keytab_path); | |
81 | +#endif | |
82 | +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
83 | + krb5_gss_register_acceptor_identity(keytab_path); | |
84 | +#endif | |
85 | } | |
86 | #endif | |
87 | ||
88 | --- cyrus-sasl2.git.orig/saslauthd/configure | |
89 | +++ cyrus-sasl2.git/saslauthd/configure | |
90 | @@ -9116,7 +9116,7 @@ | |
91 | cmu_save_LIBS="$LIBS" | |
92 | LIBS="$LIBS $GSSAPIBASE_LIBS" | |
93 | ||
94 | -for ac_func in gsskrb5_register_acceptor_identity | |
95 | +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity | |
96 | do | |
97 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | |
98 | { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 | |
99 | --- cyrus-sasl2.git.orig/saslauthd/saslauthd.h.in | |
100 | +++ cyrus-sasl2.git/saslauthd/saslauthd.h.in | |
101 | @@ -62,6 +62,10 @@ | |
102 | */ | |
103 | #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY | |
104 | ||
105 | +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function. | |
106 | + */ | |
107 | +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY | |
108 | + | |
109 | /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ | |
110 | #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE | |
111 |
0 | Author: PhantomX | |
1 | Description: Release server credentials when longer needed to prevent running out of file descriptors (Closes: #722569). https://github.com/PhantomX/slackbuilds/blob/master/cyrus-sasl/patches/cyrus-sasl-2.1.26-release-server_creds.patch | |
2 | diff -up cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds cyrus-sasl-2.1.26/plugins/gssapi.c | |
3 | --- cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds 2012-12-20 17:17:37.000000000 +0100 | |
4 | +++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-12-20 17:42:11.498138999 +0100 | |
5 | @@ -945,6 +945,12 @@ gssapi_server_mech_authneg(context_t *te | |
6 | ret = SASL_CONTINUE; | |
7 | } | |
8 | ||
9 | + /* Release server creds which are no longer needed */ | |
10 | + if ( text->server_creds != GSS_C_NO_CREDENTIAL) { | |
11 | + maj_stat = gss_release_cred(&min_stat, &text->server_creds); | |
12 | + text->server_creds = GSS_C_NO_CREDENTIAL; | |
13 | + } | |
14 | + | |
15 | cleanup: | |
16 | if (client_name_MN) { | |
17 | GSS_LOCK_MUTEX(params->utils); |
0 | Author: Rex Dieter | |
1 | Description: Eliminates "error: typedef 'sasl_malloc_t' is initialized (use decltype instead)". Patch from https://bugzilla.redhat.com/show_bug.cgi?id=906519 (Closes: #719165) | |
2 | diff -up cyrus-sasl-2.1.26/include/sasl.h.size_t cyrus-sasl-2.1.26/include/sasl.h | |
3 | --- cyrus-sasl-2.1.26/include/sasl.h.size_t 2012-10-12 09:05:48.000000000 -0500 | |
4 | +++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600 | |
5 | @@ -223,6 +223,8 @@ extern "C" { | |
6 | * they must be called before all other SASL functions: | |
7 | */ | |
8 | ||
9 | +#include <sys/types.h> | |
10 | + | |
11 | /* memory allocation functions which may optionally be replaced: | |
12 | */ | |
13 | typedef void *sasl_malloc_t(size_t); |
0 | Author: Roberto C. Sanchez <roberto@connexer.com> | |
1 | Description: Fix transposition of realm and service in debug log (Closes: #732373) | |
2 | --- cyrus-sasl2.git.orig/saslauthd/cache.c | |
3 | +++ cyrus-sasl2.git/saslauthd/cache.c | |
4 | @@ -264,7 +264,7 @@ | |
5 | if (memcmp(pwd_digest, read_bucket->pwd_digest, 16) == 0) { | |
6 | ||
7 | if (flags & VERBOSE) | |
8 | - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with valid passwd"); | |
9 | + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with valid passwd"); | |
10 | ||
11 | cache_un_lock(hash_offset); | |
12 | table_stats->hits++; | |
13 | @@ -272,14 +272,14 @@ | |
14 | } | |
15 | ||
16 | if (flags & VERBOSE) | |
17 | - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with invalid passwd, update pending"); | |
18 | + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with invalid passwd, update pending"); | |
19 | ||
20 | result->status = CACHE_FLUSH; | |
21 | ||
22 | } else { | |
23 | ||
24 | if (flags & VERBOSE) | |
25 | - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "not found, update pending"); | |
26 | + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "not found, update pending"); | |
27 | ||
28 | result->status = CACHE_FLUSH_WITH_RESCAN; | |
29 | } |
0 | Author: Roberto C. Sanchez <roberto@connexer.com> | |
1 | Description: Revert upstream's SONAME bump, which was introduced in upstream version 2.1.26. SONAME breakage was previously handled in Debian and a bump is not required at this time. | |
2 | --- cyrus-sasl2.git.orig/lib/Makefile.am | |
3 | +++ cyrus-sasl2.git/lib/Makefile.am | |
4 | @@ -43,7 +43,7 @@ | |
5 | # Library version info - here at the top, for sanity | |
6 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
7 | # CURRENT:REVISION:AGE | |
8 | -sasl_version = 3:0:0 | |
9 | +sasl_version = 2:25:0 | |
10 | ||
11 | INCLUDES=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb | |
12 | ||
13 | --- cyrus-sasl2.git.orig/lib/Makefile.in | |
14 | +++ cyrus-sasl2.git/lib/Makefile.in | |
15 | @@ -319,7 +319,7 @@ | |
16 | # Library version info - here at the top, for sanity | |
17 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
18 | # CURRENT:REVISION:AGE | |
19 | -sasl_version = 3:0:0 | |
20 | +sasl_version = 2:25:0 | |
21 | INCLUDES = -DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb | |
22 | EXTRA_DIST = windlopen.c staticopen.h NTMakefile | |
23 | EXTRA_LIBRARIES = libsasl2.a | |
24 | --- cyrus-sasl2.git.orig/plugins/Makefile.am | |
25 | +++ cyrus-sasl2.git/plugins/Makefile.am | |
26 | @@ -47,7 +47,7 @@ | |
27 | # Library version info - here at the top, for sanity | |
28 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
29 | # CURRENT:REVISION:AGE | |
30 | -plugin_version = 3:0:0 | |
31 | +plugin_version = 2:25:0 | |
32 | ||
33 | INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include | |
34 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) | |
35 | --- cyrus-sasl2.git.orig/plugins/Makefile.in | |
36 | +++ cyrus-sasl2.git/plugins/Makefile.in | |
37 | @@ -362,7 +362,7 @@ | |
38 | # Library version info - here at the top, for sanity | |
39 | # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning> | |
40 | # CURRENT:REVISION:AGE | |
41 | -plugin_version = 3:0:0 | |
42 | +plugin_version = 2:25:0 | |
43 | INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include | |
44 | AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) | |
45 | COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ |
0 | Author: Arthur Marble <arthur@info9.net> | |
1 | Description: Eliminate return value in a function specified to return void (Closes: #739561) | |
2 | --- cyrus-sasl2.git.orig/lib/common.c | |
3 | +++ cyrus-sasl2.git/lib/common.c | |
4 | @@ -841,7 +841,7 @@ | |
5 | ||
6 | if (!free_mutex || free_mutex == 0x1) | |
7 | free_mutex = sasl_MUTEX_ALLOC(); | |
8 | - if (!free_mutex) return SASL_FAIL; | |
9 | + if (!free_mutex) return; | |
10 | ||
11 | result = sasl_MUTEX_LOCK(free_mutex); | |
12 | if (result!=SASL_OK) return; |
0 | From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 | |
1 | From: mancha <mancha1@hush.com> | |
2 | Date: Thu, 11 Jul 2013 10:08:07 +0100 | |
3 | Subject: Handle NULL returns from glibc 2.17+ crypt() | |
4 | ||
5 | Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL | |
6 | (w/ NULL return) if the salt violates specifications. Additionally, | |
7 | on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords | |
8 | passed to crypt() fail with EPERM (w/ NULL return). | |
9 | ||
10 | When using glibc's crypt(), check return value to avoid a possible | |
11 | NULL pointer dereference. | |
12 | ||
13 | Patch by mancha1@hush.com. | |
14 | ||
15 | --- cyrus-sasl2.orig/pwcheck/pwcheck_getpwnam.c | |
16 | +++ cyrus-sasl2/pwcheck/pwcheck_getpwnam.c | |
17 | @@ -32,6 +32,7 @@ char *userid; | |
18 | char *password; | |
19 | { | |
20 | char* r; | |
21 | + char* crpt_passwd; | |
22 | struct passwd *pwd; | |
23 | ||
24 | pwd = getpwnam(userid); | |
25 | @@ -41,7 +42,7 @@ char *password; | |
26 | else if (pwd->pw_passwd[0] == '*') { | |
27 | r = "Account disabled"; | |
28 | } | |
29 | - else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { | |
30 | + else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { | |
31 | r = "Incorrect password"; | |
32 | } | |
33 | else { | |
34 | --- cyrus-sasl2.orig/pwcheck/pwcheck_getspnam.c | |
35 | +++ cyrus-sasl2/pwcheck/pwcheck_getspnam.c | |
36 | @@ -32,13 +32,15 @@ char *userid; | |
37 | char *password; | |
38 | { | |
39 | struct spwd *pwd; | |
40 | + char *crpt_passwd; | |
41 | ||
42 | pwd = getspnam(userid); | |
43 | if (!pwd) { | |
44 | return "Userid not found"; | |
45 | } | |
46 | ||
47 | - if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { | |
48 | + crpt_passwd = crypt(password, pwd->sp_pwdp); | |
49 | + if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { | |
50 | return "Incorrect password"; | |
51 | } | |
52 | else { | |
53 | --- cyrus-sasl2.orig/saslauthd/auth_getpwent.c | |
54 | +++ cyrus-sasl2/saslauthd/auth_getpwent.c | |
55 | @@ -77,6 +77,7 @@ auth_getpwent ( | |
56 | { | |
57 | /* VARIABLES */ | |
58 | struct passwd *pw; /* pointer to passwd file entry */ | |
59 | + char *crpt_passwd; /* encrypted password */ | |
60 | int errnum; | |
61 | /* END VARIABLES */ | |
62 | ||
63 | @@ -105,7 +106,8 @@ auth_getpwent ( | |
64 | } | |
65 | } | |
66 | ||
67 | - if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { | |
68 | + crpt_passwd = crypt(password, pw->pw_passwd); | |
69 | + if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { | |
70 | if (flags & VERBOSE) { | |
71 | syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); | |
72 | } | |
73 | --- cyrus-sasl2.orig/saslauthd/auth_shadow.c | |
74 | +++ cyrus-sasl2/saslauthd/auth_shadow.c | |
75 | @@ -211,8 +211,8 @@ auth_shadow ( | |
76 | RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); | |
77 | } | |
78 | ||
79 | - cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); | |
80 | - if (strcmp(sp->sp_pwdp, cpw)) { | |
81 | + cpw = crypt(password, sp->sp_pwdp); | |
82 | + if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { | |
83 | if (flags & VERBOSE) { | |
84 | /* | |
85 | * This _should_ reveal the SHADOW_PW_LOCKED prefix to an | |
86 | @@ -222,10 +222,8 @@ auth_shadow ( | |
87 | syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", | |
88 | sp->sp_pwdp, cpw); | |
89 | } | |
90 | - free(cpw); | |
91 | RETURN("NO Incorrect password"); | |
92 | } | |
93 | - free(cpw); | |
94 | ||
95 | /* | |
96 | * The following fields will be set to -1 if: | |
97 | @@ -287,7 +285,7 @@ auth_shadow ( | |
98 | RETURN("NO Invalid username"); | |
99 | } | |
100 | ||
101 | - if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { | |
102 | + if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { | |
103 | if (flags & VERBOSE) { | |
104 | syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", | |
105 | password, upw->upw_passwd); |
0 | From 98b21c0aa01d4ef1e05158a79dc3e291e53bee81 Mon Sep 17 00:00:00 2001 | |
1 | From: Sebastian Pipping <sebastian@pipping.org> | |
2 | Date: Fri, 5 Jul 2013 18:34:50 +0200 | |
3 | Subject: [PATCH] 2.1.26: Allow "* CAPABILITY" lines in IMAP login reply (v4) | |
4 | ||
5 | --- | |
6 | saslauthd/auth_rimap.c | 125 +++++++++++++++++++++++++++++++++++++++++++------ | |
7 | 1 file changed, 111 insertions(+), 14 deletions(-) | |
8 | ||
9 | --- cyrus-sasl2.orig/saslauthd/auth_rimap.c | |
10 | +++ cyrus-sasl2/saslauthd/auth_rimap.c | |
11 | @@ -3,6 +3,7 @@ | |
12 | ||
13 | /* COPYRIGHT | |
14 | * Copyright (c) 1998 Messaging Direct Ltd. | |
15 | + * Copyright (c) 2013 Sebastian Pipping <sebastian@pipping.org> | |
16 | * All rights reserved. | |
17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | |
19 | @@ -91,6 +92,9 @@ static struct addrinfo *ai = NULL; /* re | |
20 | #define TAG "saslauthd" /* IMAP command tag */ | |
21 | #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ | |
22 | #define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ | |
23 | +#define LOGIN_REPLY_GOOD (TAG " OK") /* Expected IMAP login reply, good edition (with tag) */ | |
24 | +#define LOGIN_REPLY_BAD (TAG " NO") /* Expected IMAP login reply, bad edition (with tag) */ | |
25 | +#define LOGIN_REPLY_CAP "* CAPABILITY" /* Expected IMAP login reply, capabilities edition */ | |
26 | #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ | |
27 | #define RESP_LEN 1000 /* size of read response buffer */ | |
28 | ||
29 | @@ -278,6 +282,109 @@ auth_rimap_init ( | |
30 | ||
31 | /* END FUNCTION: auth_rimap_init */ | |
32 | ||
33 | +typedef enum _t_login_status { | |
34 | + LOGIN_STATUS_UNKNOWN, | |
35 | + | |
36 | + LOGIN_STATUS_ACCEPTED, | |
37 | + LOGIN_STATUS_REJECTED, | |
38 | + LOGIN_STATUS_MALFORMED | |
39 | +} t_login_status; | |
40 | + | |
41 | +/* FUNCTION: warn_malformed_imap_login_reply */ | |
42 | +void | |
43 | +warn_malformed_imap_login_reply( | |
44 | + /* PARAMETERS */ | |
45 | + const char * server_reply /* I: plaintext server reply */ | |
46 | + /* END PARAMETERS */ | |
47 | + ) | |
48 | +{ | |
49 | + syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s", server_reply); | |
50 | +} | |
51 | + | |
52 | +/* END FUNCTION: warn_malformed_imap_login_reply */ | |
53 | + | |
54 | +/* FUNCTION: process_login_reply */ | |
55 | + | |
56 | +/* SYNOPSIS | |
57 | + * Classify IMAP server reply into accepted, rejected or malformed. | |
58 | + * END SYNOPSIS */ | |
59 | + | |
60 | +t_login_status | |
61 | +process_login_reply( | |
62 | + /* PARAMETERS */ | |
63 | + char * server_reply, /* I/O: plaintext server reply */ | |
64 | + const char * login /* I : plaintext authenticator */ | |
65 | + /* END PARAMETERS */ | |
66 | + ) | |
67 | +{ | |
68 | + /* VARIABLES */ | |
69 | + t_login_status res = LOGIN_STATUS_UNKNOWN; | |
70 | + char * line_first = server_reply; | |
71 | + char * line_after_last; | |
72 | + /* END VARIABLES */ | |
73 | + | |
74 | + for (;;) { | |
75 | + /* find line boundary */ | |
76 | + line_after_last = strpbrk(line_first, "\x0a\x0d"); | |
77 | + if (line_after_last == NULL) { | |
78 | + warn_malformed_imap_login_reply(line_first); | |
79 | + return LOGIN_STATUS_MALFORMED; | |
80 | + } | |
81 | + | |
82 | + /* handle single line */ | |
83 | + { | |
84 | + /* terminate line (reverted later) */ | |
85 | + const char backup = line_after_last[0]; | |
86 | + line_after_last[0] = '\0'; | |
87 | + | |
88 | + /* classify current line */ | |
89 | + if (strncmp(line_first, LOGIN_REPLY_GOOD, sizeof(LOGIN_REPLY_GOOD) - 1) == 0) { | |
90 | + res = LOGIN_STATUS_ACCEPTED; | |
91 | + } else if (strncmp(line_first, LOGIN_REPLY_BAD, sizeof(LOGIN_REPLY_BAD) - 1) == 0) { | |
92 | + res = LOGIN_STATUS_REJECTED; | |
93 | + } else if (strncmp(line_first, LOGIN_REPLY_CAP, sizeof(LOGIN_REPLY_CAP) - 1) == 0) { | |
94 | + /* keep looking for ".. OK" or ".. NO" */ | |
95 | + } else { | |
96 | + res = LOGIN_STATUS_MALFORMED; | |
97 | + } | |
98 | + | |
99 | + /* report current line */ | |
100 | + if (res == LOGIN_STATUS_MALFORMED) { | |
101 | + warn_malformed_imap_login_reply(line_first); | |
102 | + } else if (flags & VERBOSE) { | |
103 | + syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, line_first); | |
104 | + } | |
105 | + | |
106 | + /* revert termination */ | |
107 | + line_after_last[0] = backup; | |
108 | + } | |
109 | + | |
110 | + /* are we done? */ | |
111 | + if (res != LOGIN_STATUS_UNKNOWN) { | |
112 | + return res; | |
113 | + } | |
114 | + | |
115 | + /* forward to next line */ | |
116 | + while ((line_after_last[0] == '\x0a') | |
117 | + || (line_after_last[0] == '\x0d')) { | |
118 | + line_after_last++; | |
119 | + } | |
120 | + | |
121 | + /* no more lines? */ | |
122 | + if (line_after_last[0] == '\0') { | |
123 | + warn_malformed_imap_login_reply(""); | |
124 | + return LOGIN_STATUS_MALFORMED; | |
125 | + } | |
126 | + | |
127 | + /* prepare for next round */ | |
128 | + line_first = line_after_last; | |
129 | + } | |
130 | + | |
131 | + assert(! "cannot be reached"); | |
132 | +} | |
133 | + | |
134 | +/* END FUNCTION: process_login_reply */ | |
135 | + | |
136 | /* FUNCTION: auth_rimap */ | |
137 | ||
138 | /* SYNOPSIS | |
139 | @@ -318,6 +425,7 @@ auth_rimap ( | |
140 | char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; | |
141 | int saved_errno; | |
142 | int niflags; | |
143 | + t_login_status login_status = LOGIN_STATUS_MALFORMED; | |
144 | /* END VARIABLES */ | |
145 | ||
146 | /* sanity checks */ | |
147 | @@ -533,25 +641,14 @@ auth_rimap ( | |
148 | } | |
149 | ||
150 | rbuf[rc] = '\0'; /* tie off response */ | |
151 | - c = strpbrk(rbuf, "\r\n"); | |
152 | - if (c != NULL) { | |
153 | - *c = '\0'; /* tie off line termination */ | |
154 | - } | |
155 | + login_status = process_login_reply(rbuf, login); | |
156 | ||
157 | - if (!strncmp(rbuf, TAG " OK", sizeof(TAG " OK")-1)) { | |
158 | - if (flags & VERBOSE) { | |
159 | - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf); | |
160 | - } | |
161 | + if (login_status == LOGIN_STATUS_ACCEPTED) { | |
162 | return strdup("OK remote authentication successful"); | |
163 | } | |
164 | - if (!strncmp(rbuf, TAG " NO", sizeof(TAG " NO")-1)) { | |
165 | - if (flags & VERBOSE) { | |
166 | - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf); | |
167 | - } | |
168 | + if (login_status == LOGIN_STATUS_REJECTED) { | |
169 | return strdup("NO remote server rejected your credentials"); | |
170 | } | |
171 | - syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s", | |
172 | - rbuf); | |
173 | return strdup(RESP_UNEXPECTED); | |
174 | ||
175 | } |
0 | Description: it is possible for the client side of the socket to miss data | |
1 | when the server uses close() immediately after the last write(). To avoid | |
2 | this, shutdown down the write side of the socket and wait for the client | |
3 | to close the connection (0 byte read) before closing the server side. | |
4 | Author: Kees Cook <kees@debian.org> | |
5 | ||
6 | --- cyrus-sasl2.orig/saslauthd/ipc_unix.c | |
7 | +++ cyrus-sasl2/saslauthd/ipc_unix.c | |
8 | @@ -217,6 +217,7 @@ void ipc_loop() { | |
9 | ||
10 | int rc; | |
11 | int conn_fd; | |
12 | + unsigned char dummy; | |
13 | ||
14 | ||
15 | while(1) { | |
16 | @@ -261,6 +262,8 @@ void ipc_loop() { | |
17 | } | |
18 | ||
19 | do_request(conn_fd); | |
20 | + shutdown(conn_fd, SHUT_WR); | |
21 | + while (read(conn_fd, &dummy, 1) > 0) { } | |
22 | close(conn_fd); | |
23 | ||
24 | if(flags & DETACH_TTY) { | |
25 | @@ -275,6 +278,8 @@ void ipc_loop() { | |
26 | * Normal prefork mode. | |
27 | *************************************************************/ | |
28 | do_request(conn_fd); | |
29 | + shutdown(conn_fd, SHUT_WR); | |
30 | + while (read(conn_fd, &dummy, 1) > 0) { } | |
31 | close(conn_fd); | |
32 | } | |
33 |
0 | --- cyrus-sasl2.orig/configure.in | |
1 | +++ cyrus-sasl2/configure.in | |
2 | @@ -1419,7 +1419,6 @@ inline static unsigned int sleep(unsigne | |
3 | AM_CONFIG_HEADER(config.h) | |
4 | ||
5 | AC_OUTPUT(Makefile | |
6 | -libsasl2.pc | |
7 | include/Makefile | |
8 | sasldb/Makefile | |
9 | plugins/Makefile | |
10 | --- cyrus-sasl2.orig/Makefile.am | |
11 | +++ cyrus-sasl2/Makefile.am | |
12 | @@ -43,6 +43,12 @@ AUTOMAKE_OPTIONS = 1.7 | |
13 | # | |
14 | ################################################################ | |
15 | ||
16 | +do_subst = sed -e 's,[@]LIB_DOOR[@],$(LIB_DOOR),g' \ | |
17 | + -e 's,[@]SASL_DL_LIB[@],$(SASL_DL_LIB),g' \ | |
18 | + -e 's,[@]LIBS[@],$(LIBS),g' \ | |
19 | + -e 's,[@]VERSION[@],$(VERSION),g' \ | |
20 | + -e 's,[@]libdir[@],$(libdir),g' | |
21 | + | |
22 | ACLOCAL_AMFLAGS = -I cmulocal -I config | |
23 | ||
24 | if SASLAUTHD | |
25 | @@ -78,6 +84,10 @@ EXTRA_DIST=config cmulocal win32 mac dlc | |
26 | pkgconfigdir = $(libdir)/pkgconfig | |
27 | pkgconfig_DATA = libsasl2.pc | |
28 | ||
29 | +libsasl2.pc: $(srcdir)/libsasl2.pc.in Makefile | |
30 | + rm -f $@ | |
31 | + $(do_subst) < $(srcdir)/libsasl2.pc.in > $@ | |
32 | + | |
33 | dist-hook: | |
34 | @find $(distdir) -exec chmod o+w {} ';' | |
35 | @find $(distdir) -name CVS -print | xargs -t rm -rf |
0 | 0001_versioned_symbols.patch | |
1 | 0002_testsuite.patch | |
2 | 0003_saslauthd_mdoc.patch | |
3 | 0005_dbconverter.patch | |
4 | 0006_library_mutexes.patch | |
5 | 0009_sasldb_al.patch | |
6 | 0010_maintainer_mode.patch | |
7 | 0011_saslauthd_ac_prog_libtool.patch | |
8 | 0012_xopen_crypt_prototype.patch | |
9 | 0014_avoid_pic_overwrite.patch | |
10 | 0017_db4.8.patch | |
11 | 0025_ld_as_needed.patch | |
12 | 0026_drop_krb5support_dependency.patch | |
13 | 0028_autotools_fixes.patch | |
14 | 0029_ldap_fixes.patch | |
15 | 0030_dont_use_la_files_for_opening_plugins.patch | |
16 | 0031_dont_use_-R_when_search_for_sqlite_libraries.patch | |
17 | 0032_revert_1.103_revision_to_unbreak_GSSAPI.patch | |
18 | 0033_fix_segfault_in_GSSAPI.patch | |
19 | 0034_fix_dovecot_authentication.patch | |
20 | 0035_temporary_multiarch_fixes.patch | |
21 | 0036_add_reference_to_LDAP_SASLAUTHD_file.patch | |
22 | 0038_send_imap_logout.patch | |
23 | 0039_fix_canonuser_ldapdb_garbage_in_out_buffer.patch | |
24 | 0041_fix_keytab_option_for_MIT_kerberos.patch | |
25 | 0042_release_server_creds.patch | |
26 | 0043_types_h.patch | |
27 | 0044_debug_log_typo_fix.patch | |
28 | 0045_revert_upstream_soname_bump.patch | |
29 | 0046_fix_void_return.patch | |
30 | properly-create-libsasl2.pc.patch | |
31 | bug715040.patch | |
32 | early-hangup.patch | |
33 | CVE-2013-4122.patch | |
0 | 0001-Make-the-libsasl2-symbols-versioned.patch | |
1 | 0002-Use-etc-sasldb2-instead-of-.-sasldb-in-the-testsuite.patch | |
2 | 0003-Update-saslauthd.conf-location-in-documentation.patch | |
3 | 0004-Include-dbconverter-2-in-sbin_PROGRAMS-and-set-defau.patch | |
4 | 0005-Fixes-in-library-mutexes.patch | |
5 | 0006-Link-with-libsasldb.a-instead-of-libsasldb.al.patch | |
6 | 0007-Enable-autoconf-maintainer-mode.patch | |
7 | 0008-Add-libtool-to-saslauthd-autoconf.patch | |
8 | 0009-Define-_XOPEN_SOURCE-in-auth_shadow.c-to-get-proper-.patch | |
9 | 0010-Don-t-overwrite-PIC-objects-with-non-PIC-variant.patch | |
10 | 0011-Look-for-generic-Berkeley-DB-first.patch | |
11 | 0012-Update-required-libraries-when-ld-as-needed-is-used.patch | |
12 | 0013-Drop-krb5support-dependency.patch | |
13 | 0014-Several-autotools-fixes.patch | |
14 | 0015-LDAP-fixes.patch | |
15 | 0016-Don-t-use-la-files-for-opening-plugins.patch | |
16 | 0017-Don-t-use-R-when-searching-for-SQLite-libraries.patch | |
17 | 0018-Revert-1.103-revision-to-unbreak-GSSAPI.patch | |
18 | 0019-Fix-segfault-in-GSSAPI.patch | |
19 | 0020-Fix-dovecot-authentication.patch | |
20 | 0021-Temporary-multiarch-fixes.patch | |
21 | 0022-Add-reference-to-LDAP_SASLAUTHD-file-to-the-saslauth.patch | |
22 | 0023-Send-IMAP-logout.patch | |
23 | 0024-Fix-canonuser-ldapdb-garbage-in-out-buffer.patch | |
24 | 0025-Fix-keytab-option-for-MIT-Kerberos.patch | |
25 | 0026-Release-server-creds-when-they-are-no-longer-needed.patch | |
26 | 0027-Include-sys-types.h-in-sasl.h.patch | |
27 | 0028-Fix-typo-in-debugging-logs.patch | |
28 | 0029-Revert-upstream-soname-bump.patch | |
29 | 0030-Fix-return-SASL_FAIL-in-void-sasl_dispose.patch | |
30 | 0031-properly-create-libsasl2.pc.patch | |
31 | 0032-2.1.26-Allow-CAPABILITY-lines-in-IMAP-login-reply-v4.patch | |
32 | 0033-Fix-early-hangup-in-ipc_unix.c.patch | |
33 | 0034-Handle-NULL-returns-from-glibc-2.17-crypt.patch | |
34 | 0035-Fix-auth_rimap-infinite-loop-hang-when-IMAP-server-c.patch |