Codebase list cyrus-sasl2 / e0cc18b
Add fix for auth_rimap infinite loop (hang) when IMAP server closes connection (Closes: #815208) Also reformat patches using gbp pq import && export Ondřej Surý 8 years ago
70 changed file(s) with 1769 addition(s) and 1356 deletion(s). Raw diff Collapse all Expand all
+39
-0
debian/patches/0001-Make-the-libsasl2-symbols-versioned.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:02 +0100
3 Subject: Make the libsasl2 symbols versioned
4
5 ---
6 Versions | 7 +++++++
7 lib/Makefile.am | 4 ++--
8 2 files changed, 9 insertions(+), 2 deletions(-)
9 create mode 100644 Versions
10
11 diff --git a/Versions b/Versions
12 new file mode 100644
13 index 0000000..f803d00
14 --- /dev/null
15 +++ b/Versions
16 @@ -0,0 +1,7 @@
17 +SASL2 {
18 + global:
19 + sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*;
20 +};
21 +
22 +HIDDEN { local: __*; _rest*; _save*; *; };
23 +
24 diff --git a/lib/Makefile.am b/lib/Makefile.am
25 index b8964a8..bff8efe 100644
26 --- a/lib/Makefile.am
27 +++ b/lib/Makefile.am
28 @@ -64,8 +64,8 @@ LIB_DOOR= @LIB_DOOR@
29 lib_LTLIBRARIES = libsasl2.la
30
31 libsasl2_la_SOURCES = $(common_sources) $(common_headers)
32 -libsasl2_la_LDFLAGS = -version-info $(sasl_version)
33 -libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
34 +libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions
35 +libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions
36 libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
37
38 if MACOSX
+0
-25
debian/patches/0001_versioned_symbols.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Use versioned symbols for libsasl2.
2 --- cyrus-sasl2.orig/lib/Makefile.am
3 +++ cyrus-sasl2/lib/Makefile.am
4 @@ -64,8 +64,8 @@ LIB_DOOR= @LIB_DOOR@
5 lib_LTLIBRARIES = libsasl2.la
6
7 libsasl2_la_SOURCES = $(common_sources) $(common_headers)
8 -libsasl2_la_LDFLAGS = -version-info $(sasl_version)
9 -libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
10 +libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions
11 +libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions
12 libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
13
14 if MACOSX
15 --- /dev/null
16 +++ cyrus-sasl2/Versions
17 @@ -0,0 +1,7 @@
18 +SASL2 {
19 + global:
20 + sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*;
21 +};
22 +
23 +HIDDEN { local: __*; _rest*; _save*; *; };
24 +
+34
-0
debian/patches/0002-Use-etc-sasldb2-instead-of-.-sasldb-in-the-testsuite.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Use /etc/sasldb2 instead of ./sasldb in the testsuite
4
5 ---
6 utils/testsuite.c | 6 +++---
7 1 file changed, 3 insertions(+), 3 deletions(-)
8
9 diff --git a/utils/testsuite.c b/utils/testsuite.c
10 index 7e4e852..b687e96 100644
11 --- a/utils/testsuite.c
12 +++ b/utils/testsuite.c
13 @@ -462,9 +462,9 @@ int good_getopt(void *context __attribute__((unused)),
14 *len = (unsigned) strlen("sasldb");
15 return SASL_OK;
16 } else if (!strcmp(option, "sasldb_path")) {
17 - *result = "./sasldb";
18 + *result = "/etc/sasldb2";
19 if (len)
20 - *len = (unsigned) strlen("./sasldb");
21 + *len = (unsigned) strlen("/etc/sasldb2");
22 return SASL_OK;
23 } else if (!strcmp(option, "canon_user_plugin")) {
24 *result = cu_plugin;
25 @@ -2924,7 +2924,7 @@ void notes(void)
26 void usage(void)
27 {
28 printf("Usage:\n" \
29 - " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \
30 + " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \
31 " g -- gssapi service name to use (default: host)\n" \
32 " r -- # of random tests to do (default: 25)\n" \
33 " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \
+0
-26
debian/patches/0002_testsuite.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Rename the testsuite program to sasltestsuite and use /etc/sasldb2
2 instead of ./sasldb as default path for the sasldb database file.
3 --- cyrus-sasl2.orig/utils/testsuite.c
4 +++ cyrus-sasl2/utils/testsuite.c
5 @@ -462,9 +462,9 @@ int good_getopt(void *context __attribut
6 *len = (unsigned) strlen("sasldb");
7 return SASL_OK;
8 } else if (!strcmp(option, "sasldb_path")) {
9 - *result = "./sasldb";
10 + *result = "/etc/sasldb2";
11 if (len)
12 - *len = (unsigned) strlen("./sasldb");
13 + *len = (unsigned) strlen("/etc/sasldb2");
14 return SASL_OK;
15 } else if (!strcmp(option, "canon_user_plugin")) {
16 *result = cu_plugin;
17 @@ -2924,7 +2924,7 @@ void notes(void)
18 void usage(void)
19 {
20 printf("Usage:\n" \
21 - " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \
22 + " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \
23 " g -- gssapi service name to use (default: host)\n" \
24 " r -- # of random tests to do (default: 25)\n" \
25 " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \
+41
-0
debian/patches/0003-Update-saslauthd.conf-location-in-documentation.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Update saslauthd.conf location in documentation
4
5 date format (cosmetic).
6 ---
7 saslauthd/saslauthd.mdoc | 6 +++---
8 1 file changed, 3 insertions(+), 3 deletions(-)
9
10 diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc
11 index 50f7dbf..5b0230d 100644
12 --- a/saslauthd/saslauthd.mdoc
13 +++ b/saslauthd/saslauthd.mdoc
14 @@ -10,7 +10,7 @@
15 .\" manpage in saslauthd.8 whenever you change this source
16 .\" version. Only the pre-formatted manpage is installed.
17 .\"
18 -.Dd 12 12 2005
19 +.Dd December 12 2005
20 .Dt SASLAUTHD 8
21 .Os "CMU-SASL"
22 .Sh NAME
23 @@ -221,7 +221,7 @@ instead.
24 .Em (All platforms that support OpenLDAP 2.0 or higher)
25 .Pp
26 Authenticate against an ldap server. The ldap configuration parameters are
27 -read from /usr/local/etc/saslauthd.conf. The location of this file can be
28 +read from /etc/saslauthd.conf. The location of this file can be
29 changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
30 distribution for the list of available parameters.
31 .It Li sia
32 @@ -254,7 +254,7 @@ was never intended to be used in this manner, anyway.)
33 .Bl -tag -width "/var/run/saslauthd/mux"
34 .It Pa /var/run/saslauthd/mux
35 The default communications socket.
36 -.It Pa /usr/local/etc/saslauthd.conf
37 +.It Pa /etc/saslauthd.conf
38 The default configuration file for ldap support.
39 .El
40 .Sh SEE ALSO
+0
-32
debian/patches/0003_saslauthd_mdoc.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Use the correct path for the saslauthd.conf file, and use another
2 date format (cosmetic).
3 --- cyrus-sasl2.orig/saslauthd/saslauthd.mdoc
4 +++ cyrus-sasl2/saslauthd/saslauthd.mdoc
5 @@ -10,7 +10,7 @@
6 .\" manpage in saslauthd.8 whenever you change this source
7 .\" version. Only the pre-formatted manpage is installed.
8 .\"
9 -.Dd 12 12 2005
10 +.Dd December 12 2005
11 .Dt SASLAUTHD 8
12 .Os "CMU-SASL"
13 .Sh NAME
14 @@ -221,7 +221,7 @@ instead.
15 .Em (All platforms that support OpenLDAP 2.0 or higher)
16 .Pp
17 Authenticate against an ldap server. The ldap configuration parameters are
18 -read from /usr/local/etc/saslauthd.conf. The location of this file can be
19 +read from /etc/saslauthd.conf. The location of this file can be
20 changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
21 distribution for the list of available parameters.
22 .It Li sia
23 @@ -254,7 +254,7 @@ was never intended to be used in this ma
24 .Bl -tag -width "/var/run/saslauthd/mux"
25 .It Pa /var/run/saslauthd/mux
26 The default communications socket.
27 -.It Pa /usr/local/etc/saslauthd.conf
28 +.It Pa /etc/saslauthd.conf
29 The default configuration file for ldap support.
30 .El
31 .Sh SEE ALSO
+51
-0
debian/patches/0004-Include-dbconverter-2-in-sbin_PROGRAMS-and-set-defau.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Include dbconverter-2 in sbin_PROGRAMS and set default sasldb file
4 to /etc/sasldb2
5
6 database file to /etc/sasldb2.
7 ---
8 utils/Makefile.am | 4 ++--
9 utils/dbconverter-2.c | 4 ++--
10 2 files changed, 4 insertions(+), 4 deletions(-)
11
12 diff --git a/utils/Makefile.am b/utils/Makefile.am
13 index 7e2f983..25077e2 100644
14 --- a/utils/Makefile.am
15 +++ b/utils/Makefile.am
16 @@ -45,10 +45,10 @@
17 all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
18 all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
19
20 -sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer
21 +sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer dbconverter-2
22 EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest pluginviewer
23
24 -noinst_PROGRAMS = dbconverter-2
25 +#noinst_PROGRAMS = dbconverter-2
26
27 if NO_SASL_DB_MANS
28 man_MANS =
29 diff --git a/utils/dbconverter-2.c b/utils/dbconverter-2.c
30 index 04df2cb..4701898 100644
31 --- a/utils/dbconverter-2.c
32 +++ b/utils/dbconverter-2.c
33 @@ -382,7 +382,7 @@ static struct sasl_callback goodsasl_cb[] = {
34
35 int main(int argc, char **argv)
36 {
37 - const char *db="/etc/sasldb";
38 + const char *db="/etc/sasldb2";
39 int result;
40
41 if (argc > 1) {
42 @@ -418,7 +418,7 @@ int main(int argc, char **argv)
43
44 printf("\nThis program will take the sasldb file specified on the\n"
45 "command line and convert it to a new sasldb file in the default\n"
46 - "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n"
47 + "location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you\n"
48 "backup sasldb before allowing this program to run\n\n"
49 "We are going to convert %s and our output will be in %s\n\n"
50 "Press return to continue\n", db, db_new);
+34
-0
debian/patches/0005-Fixes-in-library-mutexes.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Fixes in library mutexes
4
5 ---
6 lib/common.c | 7 ++++++-
7 1 file changed, 6 insertions(+), 1 deletion(-)
8
9 diff --git a/lib/common.c b/lib/common.c
10 index e0f59eb..1df5702 100644
11 --- a/lib/common.c
12 +++ b/lib/common.c
13 @@ -818,7 +818,7 @@ int _sasl_common_init(sasl_global_callbacks_t *global_callbacks)
14 result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init);
15 if(result != SASL_OK) return result;
16
17 - if (!free_mutex) {
18 + if (!free_mutex || free_mutex == 0x1) {
19 free_mutex = sasl_MUTEX_ALLOC();
20 }
21 if (!free_mutex) return SASL_FAIL;
22 @@ -838,6 +838,11 @@ void sasl_dispose(sasl_conn_t **pconn)
23
24 /* serialize disposes. this is necessary because we can't
25 dispose of conn->mutex if someone else is locked on it */
26 +
27 + if (!free_mutex || free_mutex == 0x1)
28 + free_mutex = sasl_MUTEX_ALLOC();
29 + if (!free_mutex) return SASL_FAIL;
30 +
31 result = sasl_MUTEX_LOCK(free_mutex);
32 if (result!=SASL_OK) return;
33
+0
-38
debian/patches/0005_dbconverter.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Build the dbconverter-2 utility and change the path to the sasldb
2 database file to /etc/sasldb2.
3 --- cyrus-sasl2.orig/utils/Makefile.am
4 +++ cyrus-sasl2/utils/Makefile.am
5 @@ -45,10 +45,10 @@
6 all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
7 all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
8
9 -sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer
10 +sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer dbconverter-2
11 EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest pluginviewer
12
13 -noinst_PROGRAMS = dbconverter-2
14 +#noinst_PROGRAMS = dbconverter-2
15
16 if NO_SASL_DB_MANS
17 man_MANS =
18 --- cyrus-sasl2.orig/utils/dbconverter-2.c
19 +++ cyrus-sasl2/utils/dbconverter-2.c
20 @@ -382,7 +382,7 @@ static struct sasl_callback goodsasl_cb[
21
22 int main(int argc, char **argv)
23 {
24 - const char *db="/etc/sasldb";
25 + const char *db="/etc/sasldb2";
26 int result;
27
28 if (argc > 1) {
29 @@ -418,7 +418,7 @@ int main(int argc, char **argv)
30
31 printf("\nThis program will take the sasldb file specified on the\n"
32 "command line and convert it to a new sasldb file in the default\n"
33 - "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n"
34 + "location (usually /etc/sasldb2). It is STRONGLY RECOMMENDED that you\n"
35 "backup sasldb before allowing this program to run\n\n"
36 "We are going to convert %s and our output will be in %s\n\n"
37 "Press return to continue\n", db, db_new);
+23
-0
debian/patches/0006-Link-with-libsasldb.a-instead-of-libsasldb.al.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Link with libsasldb.a instead of libsasldb.al
4
5 support.
6 ---
7 saslauthd/configure.in | 2 +-
8 1 file changed, 1 insertion(+), 1 deletion(-)
9
10 diff --git a/saslauthd/configure.in b/saslauthd/configure.in
11 index 0addcf4..8fb693c 100644
12 --- a/saslauthd/configure.in
13 +++ b/saslauthd/configure.in
14 @@ -77,7 +77,7 @@ if test "$authsasldb" != no; then
15 AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
16 SASL_DB_PATH_CHECK()
17 SASL_DB_CHECK()
18 - SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
19 + SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a"
20 fi
21
22 AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],
+0
-25
debian/patches/0006_library_mutexes.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Exact description unknown; make sure mutex-related code works.
2 --- cyrus-sasl2.orig/lib/common.c
3 +++ cyrus-sasl2/lib/common.c
4 @@ -818,7 +818,7 @@ int _sasl_common_init(sasl_global_callba
5 result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init);
6 if(result != SASL_OK) return result;
7
8 - if (!free_mutex) {
9 + if (!free_mutex || free_mutex == 0x1) {
10 free_mutex = sasl_MUTEX_ALLOC();
11 }
12 if (!free_mutex) return SASL_FAIL;
13 @@ -838,6 +838,11 @@ void sasl_dispose(sasl_conn_t **pconn)
14
15 /* serialize disposes. this is necessary because we can't
16 dispose of conn->mutex if someone else is locked on it */
17 +
18 + if (!free_mutex || free_mutex == 0x1)
19 + free_mutex = sasl_MUTEX_ALLOC();
20 + if (!free_mutex) return SASL_FAIL;
21 +
22 result = sasl_MUTEX_LOCK(free_mutex);
23 if (result!=SASL_OK) return;
24
+22
-0
debian/patches/0007-Enable-autoconf-maintainer-mode.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Enable autoconf maintainer mode
4
5 ---
6 configure.in | 2 ++
7 1 file changed, 2 insertions(+)
8
9 diff --git a/configure.in b/configure.in
10 index 465a362..d4d250c 100644
11 --- a/configure.in
12 +++ b/configure.in
13 @@ -62,6 +62,8 @@ dnl
14 AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.26)
15 CMU_INIT_AUTOMAKE
16
17 +AM_MAINTAINER_MODE
18 +
19 # and include our config dir scripts
20 ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
21
+21
-0
debian/patches/0008-Add-libtool-to-saslauthd-autoconf.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Add libtool to saslauthd autoconf
4
5 ---
6 saslauthd/configure.in | 1 +
7 1 file changed, 1 insertion(+)
8
9 diff --git a/saslauthd/configure.in b/saslauthd/configure.in
10 index 8fb693c..701dbe4 100644
11 --- a/saslauthd/configure.in
12 +++ b/saslauthd/configure.in
13 @@ -25,6 +25,7 @@ AC_PROG_AWK
14 AC_PROG_MAKE_SET
15 AC_PROG_LN_S
16 AC_PROG_INSTALL
17 +AC_PROG_LIBTOOL
18
19 dnl Checks for build foo
20 CMU_C___ATTRIBUTE__
+30
-0
debian/patches/0009-Define-_XOPEN_SOURCE-in-auth_shadow.c-to-get-proper-.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Define _XOPEN_SOURCE in auth_shadow.c to get proper crypt() prototype
4 MIME-Version: 1.0
5 Content-Type: text/plain; charset="utf-8"
6 Content-Transfer-Encoding: 8bit
7
8 will define a correct function prototype for the crypt function. This avoids
9 segfaults on architectures where the size of a pointer is greater than the size
10 of an integer (ia64 and amd64 are examples). This may be detected by looking
11 for build log lines such as the following:
12 auth_shadow.c:183: warning: implicit declaration of function ‘crypt’
13 auth_shadow.c:183: warning: cast to pointer from integer of different size
14 ---
15 saslauthd/auth_shadow.c | 1 +
16 1 file changed, 1 insertion(+)
17
18 diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
19 index 677131b..d0efa9a 100644
20 --- a/saslauthd/auth_shadow.c
21 +++ b/saslauthd/auth_shadow.c
22 @@ -36,6 +36,7 @@
23
24 #ifdef AUTH_SHADOW
25
26 +#define _XOPEN_SOURCE
27 #define PWBUFSZ 256 /***SWB***/
28
29 # include <unistd.h>
+0
-14
debian/patches/0009_sasldb_al.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Fix linking with libsasldb.a when saslauthd is built with sasldb
2 support.
3 --- cyrus-sasl2.orig/saslauthd/configure.in
4 +++ cyrus-sasl2/saslauthd/configure.in
5 @@ -77,7 +77,7 @@ if test "$authsasldb" != no; then
6 AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
7 SASL_DB_PATH_CHECK()
8 SASL_DB_CHECK()
9 - SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
10 + SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a"
11 fi
12
13 AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],
+39
-0
debian/patches/0010-Don-t-overwrite-PIC-objects-with-non-PIC-variant.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Don't overwrite PIC objects with non-PIC variant
4
5 is created out of non-PIC objects, is not going to overwrite the PIC version,
6 which is created out of PIC objects. The PIC version is placed in .libs, and
7 the non-PIC version in the current directory. This ensures that both non-PIC
8 and PIC versions are available in the correct locations.
9 ---
10 lib/Makefile.am | 2 +-
11 sasldb/Makefile.am | 2 +-
12 2 files changed, 2 insertions(+), 2 deletions(-)
13
14 diff --git a/lib/Makefile.am b/lib/Makefile.am
15 index bff8efe..16b14f4 100644
16 --- a/lib/Makefile.am
17 +++ b/lib/Makefile.am
18 @@ -80,7 +80,7 @@ endif
19
20 libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
21 @echo adding static plugins and dependencies
22 - $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
23 + $(AR) cru $@ $(SASL_STATIC_OBJS)
24 @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
25 if test ! -f $$i; then continue; fi; . $$i; \
26 for j in $$dependency_libs foo; do \
27 diff --git a/sasldb/Makefile.am b/sasldb/Makefile.am
28 index 067477c..311a34b 100644
29 --- a/sasldb/Makefile.am
30 +++ b/sasldb/Makefile.am
31 @@ -63,6 +63,6 @@ libsasldb_a_SOURCES =
32 EXTRA_libsasldb_a_SOURCES =
33
34 libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
35 - $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
36 + $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)
37
38
+0
-13
debian/patches/0010_maintainer_mode.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Enable maintainer mode to avoid auto* problems.
2 --- cyrus-sasl2.orig/configure.in
3 +++ cyrus-sasl2/configure.in
4 @@ -62,6 +62,8 @@ dnl
5 AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.26)
6 CMU_INIT_AUTOMAKE
7
8 +AM_MAINTAINER_MODE
9 +
10 # and include our config dir scripts
11 ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"
12
+22
-0
debian/patches/0011-Look-for-generic-Berkeley-DB-first.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:03 +0100
3 Subject: Look for generic Berkeley DB first
4
5 ---
6 cmulocal/berkdb.m4 | 2 +-
7 1 file changed, 1 insertion(+), 1 deletion(-)
8
9 diff --git a/cmulocal/berkdb.m4 b/cmulocal/berkdb.m4
10 index 98e8cb6..8b7d408 100644
11 --- a/cmulocal/berkdb.m4
12 +++ b/cmulocal/berkdb.m4
13 @@ -213,7 +213,7 @@ AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB],
14 fi
15
16 saved_LIBS=$LIBS
17 - for dbname in ${with_bdb} \
18 + for dbname in ${with_bdb} db \
19 db-5.2 db5.2 db52 \
20 db-5.1 db5.2 db51 \
21 db-5.0 db5.2 db50 \
+0
-12
debian/patches/0011_saslauthd_ac_prog_libtool.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Enable libtool use.
2 --- cyrus-sasl2.orig/saslauthd/configure.in
3 +++ cyrus-sasl2/saslauthd/configure.in
4 @@ -25,6 +25,7 @@ AC_PROG_AWK
5 AC_PROG_MAKE_SET
6 AC_PROG_LN_S
7 AC_PROG_INSTALL
8 +AC_PROG_LIBTOOL
9
10 dnl Checks for build foo
11 CMU_C___ATTRIBUTE__
+39
-0
debian/patches/0012-Update-required-libraries-when-ld-as-needed-is-used.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Update required libraries when ld --as-needed is used
4
5 it.
6 ---
7 saslauthd/Makefile.am | 2 +-
8 sasldb/Makefile.am | 4 ++--
9 2 files changed, 3 insertions(+), 3 deletions(-)
10
11 diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
12 index ce1e92b..a07281d 100644
13 --- a/saslauthd/Makefile.am
14 +++ b/saslauthd/Makefile.am
15 @@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c getnameinfo.c
16 saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
17 saslauthd_LDADD = @SASL_KRB_LIB@ \
18 @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
19 - @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
20 + @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
21
22 testsaslauthd_SOURCES = testsaslauthd.c utils.c
23 testsaslauthd_LDADD = @LIB_SOCKET@
24 diff --git a/sasldb/Makefile.am b/sasldb/Makefile.am
25 index 311a34b..6d7ce0c 100644
26 --- a/sasldb/Makefile.am
27 +++ b/sasldb/Makefile.am
28 @@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
29
30 libsasldb_la_SOURCES = allockey.c sasldb.h
31 EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
32 -libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
33 -libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
34 +libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
35 +libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
36
37 # Prevent make dist stupidity
38 libsasldb_a_SOURCES =
+0
-18
debian/patches/0012_xopen_crypt_prototype.patch less more
0 Author: Dann Frazier <dannf@debian.org>
1 Description: When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h>
2 will define a correct function prototype for the crypt function. This avoids
3 segfaults on architectures where the size of a pointer is greater than the size
4 of an integer (ia64 and amd64 are examples). This may be detected by looking
5 for build log lines such as the following:
6 auth_shadow.c:183: warning: implicit declaration of function ‘crypt’
7 auth_shadow.c:183: warning: cast to pointer from integer of different size
8 --- cyrus-sasl2.orig/saslauthd/auth_shadow.c
9 +++ cyrus-sasl2/saslauthd/auth_shadow.c
10 @@ -36,6 +36,7 @@
11
12 #ifdef AUTH_SHADOW
13
14 +#define _XOPEN_SOURCE
15 #define PWBUFSZ 256 /***SWB***/
16
17 # include <unistd.h>
+23
-0
debian/patches/0013-Drop-krb5support-dependency.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Drop krb5support dependency
4
5 ---
6 cmulocal/sasl2.m4 | 3 ---
7 1 file changed, 3 deletions(-)
8
9 diff --git a/cmulocal/sasl2.m4 b/cmulocal/sasl2.m4
10 index 3c2841a..62af6ab 100644
11 --- a/cmulocal/sasl2.m4
12 +++ b/cmulocal/sasl2.m4
13 @@ -112,9 +112,6 @@ if test "$gssapi" != no; then
14 fi
15
16 if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
17 - # check for libkrb5support first
18 - AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
19 -
20 gss_failed=0
21 AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
22 ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
+137
-0
debian/patches/0014-Several-autotools-fixes.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Several autotools fixes
4
5 ---
6 Makefile.am | 2 ++
7 config/kerberos_v4.m4 | 8 ++++----
8 configure.in | 2 ++
9 saslauthd/Makefile.am | 2 ++
10 saslauthd/configure.in | 33 +++++++++++++++++----------------
11 5 files changed, 27 insertions(+), 20 deletions(-)
12
13 diff --git a/Makefile.am b/Makefile.am
14 index 2091dd1..220565f 100644
15 --- a/Makefile.am
16 +++ b/Makefile.am
17 @@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7
18 #
19 ################################################################
20
21 +ACLOCAL_AMFLAGS = -I cmulocal -I config
22 +
23 if SASLAUTHD
24 SAD = saslauthd
25 else
26 diff --git a/config/kerberos_v4.m4 b/config/kerberos_v4.m4
27 index 7884743..0e9b58c 100644
28 --- a/config/kerberos_v4.m4
29 +++ b/config/kerberos_v4.m4
30 @@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [
31 dnl if we were ambitious, we would look more aggressively for the
32 dnl krb4 install
33 if test -d ${krb4}; then
34 - AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [
35 + AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [
36 for krbhloc in include/kerberosIV include/kerberos include
37 do
38 if test -f ${krb4}/${krbhloc}/krb.h ; then
39 - cyrus_krbinclude=${krb4}/${krbhloc}
40 + cyrus_cv_krbinclude=${krb4}/${krbhloc}
41 break
42 fi
43 done
44 ])
45
46 - if test -n "${cyrus_krbinclude}"; then
47 - CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}"
48 + if test -n "${cyrus_cv_krbinclude}"; then
49 + CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}"
50 fi
51 LDFLAGS="$LDFLAGS -L$krb4/lib"
52 fi
53 diff --git a/configure.in b/configure.in
54 index d4d250c..d9fead6 100644
55 --- a/configure.in
56 +++ b/configure.in
57 @@ -44,6 +44,8 @@ dnl
58 AC_INIT(lib/saslint.h)
59 AC_PREREQ([2.54])
60
61 +AC_CONFIG_MACRO_DIRS([cmulocal] [config])
62 +
63 dnl use ./config.cache as the default cache file.
64 dnl we require a cache file to successfully configure our build.
65 if test $cache_file = "/dev/null"; then
66 diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
67 index a07281d..18c1630 100644
68 --- a/saslauthd/Makefile.am
69 +++ b/saslauthd/Makefile.am
70 @@ -1,4 +1,6 @@
71 AUTOMAKE_OPTIONS = 1.7
72 +ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config
73 +
74 sbin_PROGRAMS = saslauthd testsaslauthd
75 EXTRA_PROGRAMS = saslcache
76
77 diff --git a/saslauthd/configure.in b/saslauthd/configure.in
78 index 701dbe4..8643544 100644
79 --- a/saslauthd/configure.in
80 +++ b/saslauthd/configure.in
81 @@ -1,7 +1,8 @@
82 AC_INIT(mechanisms.h)
83 AC_PREREQ([2.54])
84
85 -AC_CONFIG_AUX_DIR(config)
86 +AC_CONFIG_MACRO_DIRS([../cmulocal] [../config])
87 +AC_CONFIG_AUX_DIR([config])
88 AC_CANONICAL_HOST
89
90 dnl Should we enable SASLAUTHd at all?
91 @@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS)
92
93 dnl Checks for which function macros exist
94 AC_MSG_CHECKING(whether $CC implements __func__)
95 -AC_CACHE_VAL(have_func,
96 +AC_CACHE_VAL(_cv_have_func,
97 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);],
98 -have_func=yes,
99 -have_func=no)])
100 -AC_MSG_RESULT($have_func)
101 -if test "$have_func" = yes; then
102 +_cv_have_func=yes,
103 +_cv_have_func=no)])
104 +AC_MSG_RESULT($_cv_have_func)
105 +if test "$_cv_have_func" = yes; then
106 AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__])
107 else
108 AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__)
109 - AC_CACHE_VAL(have_pretty_function,
110 + AC_CACHE_VAL(_cv_have_pretty_function,
111 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);],
112 - have_pretty_function=yes,
113 - have_pretty_function=no)])
114 - AC_MSG_RESULT($have_pretty_function)
115 - if test "$have_pretty_function" = yes; then
116 + _cv_have_pretty_function=yes,
117 + _cv_have_pretty_function=no)])
118 + AC_MSG_RESULT($_cv_have_pretty_function)
119 + if test "$_cv_have_pretty_function" = yes; then
120 AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__])
121 else
122 AC_MSG_CHECKING(whether $CC implements __FUNCTION__)
123 - AC_CACHE_VAL(have_function,
124 + AC_CACHE_VAL(_cv_have_function,
125 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);],
126 - have_function=yes,
127 - have_function=no)])
128 - AC_MSG_RESULT($have_function)
129 - if test "$have_function" = yes; then
130 + _cv_have_function=yes,
131 + _cv_have_function=no)])
132 + AC_MSG_RESULT($_cv_have_function)
133 + if test "$_cv_have_function" = yes; then
134 AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__])
135 fi
136 fi
+0
-27
debian/patches/0014_avoid_pic_overwrite.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: This patch makes sure the non-PIC version of libsasldb.a, which
2 is created out of non-PIC objects, is not going to overwrite the PIC version,
3 which is created out of PIC objects. The PIC version is placed in .libs, and
4 the non-PIC version in the current directory. This ensures that both non-PIC
5 and PIC versions are available in the correct locations.
6 --- cyrus-sasl2.orig/lib/Makefile.am
7 +++ cyrus-sasl2/lib/Makefile.am
8 @@ -80,7 +80,7 @@ endif
9
10 libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
11 @echo adding static plugins and dependencies
12 - $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
13 + $(AR) cru $@ $(SASL_STATIC_OBJS)
14 @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
15 if test ! -f $$i; then continue; fi; . $$i; \
16 for j in $$dependency_libs foo; do \
17 --- cyrus-sasl2.orig/sasldb/Makefile.am
18 +++ cyrus-sasl2/sasldb/Makefile.am
19 @@ -63,6 +63,6 @@ libsasldb_a_SOURCES =
20 EXTRA_libsasldb_a_SOURCES =
21
22 libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
23 - $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
24 + $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)
25
26
+22
-0
debian/patches/0015-LDAP-fixes.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: LDAP fixes
4
5 ---
6 plugins/ldapdb.c | 2 ++
7 1 file changed, 2 insertions(+)
8
9 diff --git a/plugins/ldapdb.c b/plugins/ldapdb.c
10 index ddead7f..b74dc9e 100644
11 --- a/plugins/ldapdb.c
12 +++ b/plugins/ldapdb.c
13 @@ -251,6 +251,8 @@ static int ldapdb_auxprop_lookup(void *glob_context,
14
15 #if defined(LDAP_PROXY_AUTHZ_FAILURE)
16 case LDAP_PROXY_AUTHZ_FAILURE:
17 +#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE)
18 + case LDAP_X_PROXY_AUTHZ_FAILURE:
19 #endif
20 case LDAP_INAPPROPRIATE_AUTH:
21 case LDAP_INVALID_CREDENTIALS:
+145
-0
debian/patches/0016-Don-t-use-la-files-for-opening-plugins.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Don't use la files for opening plugins
4
5 ---
6 lib/dlopen.c | 113 ++++-------------------------------------------------------
7 1 file changed, 7 insertions(+), 106 deletions(-)
8
9 diff --git a/lib/dlopen.c b/lib/dlopen.c
10 index b9c1c80..8561bef 100644
11 --- a/lib/dlopen.c
12 +++ b/lib/dlopen.c
13 @@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugin, void *library,
14 return result;
15 }
16
17 -/* this returns the file to actually open.
18 - * out should be a buffer of size PATH_MAX
19 - * and may be the same as in. */
20 -
21 -/* We'll use a static buffer for speed unless someone complains */
22 -#define MAX_LINE 2048
23 -
24 -static int _parse_la(const char *prefix, const char *in, char *out)
25 -{
26 - FILE *file;
27 - size_t length;
28 - char line[MAX_LINE];
29 - char *ntmp = NULL;
30 -
31 - if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
32 -
33 - /* Set this so we can detect failure */
34 - *out = '\0';
35 -
36 - length = strlen(in);
37 -
38 - if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
39 - if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
40 - /* check for a .la file */
41 - strcpy(line, prefix);
42 - strcat(line, in);
43 - length = strlen(line);
44 - *(line + (length - strlen(SO_SUFFIX))) = '\0';
45 - strcat(line, LA_SUFFIX);
46 - file = fopen(line, "r");
47 - if(file) {
48 - /* We'll get it on the .la open */
49 - fclose(file);
50 - return SASL_FAIL;
51 - }
52 - }
53 - strcpy(out, prefix);
54 - strcat(out, in);
55 - return SASL_OK;
56 - }
57 -
58 - strcpy(line, prefix);
59 - strcat(line, in);
60 -
61 - file = fopen(line, "r");
62 - if(!file) {
63 - _sasl_log(NULL, SASL_LOG_WARN,
64 - "unable to open LA file: %s", line);
65 - return SASL_FAIL;
66 - }
67 -
68 - while(!feof(file)) {
69 - if(!fgets(line, MAX_LINE, file)) break;
70 - if(line[strlen(line) - 1] != '\n') {
71 - _sasl_log(NULL, SASL_LOG_WARN,
72 - "LA file has too long of a line: %s", in);
73 - return SASL_BUFOVER;
74 - }
75 - if(line[0] == '\n' || line[0] == '#') continue;
76 - if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
77 - /* We found the line with the name in it */
78 - char *end;
79 - char *start;
80 - size_t len;
81 - end = strrchr(line, '\'');
82 - if(!end) continue;
83 - start = &line[sizeof("dlname=")-1];
84 - len = strlen(start);
85 - if(len > 3 && start[0] == '\'') {
86 - ntmp=&start[1];
87 - *end='\0';
88 - /* Do we have dlname="" ? */
89 - if(ntmp == end) {
90 - _sasl_log(NULL, SASL_LOG_DEBUG,
91 - "dlname is empty in .la file: %s", in);
92 - return SASL_FAIL;
93 - }
94 - strcpy(out, prefix);
95 - strcat(out, ntmp);
96 - }
97 - break;
98 - }
99 - }
100 - if(ferror(file) || feof(file)) {
101 - _sasl_log(NULL, SASL_LOG_WARN,
102 - "Error reading .la: %s\n", in);
103 - fclose(file);
104 - return SASL_FAIL;
105 - }
106 - fclose(file);
107 -
108 - if(!(*out)) {
109 - _sasl_log(NULL, SASL_LOG_WARN,
110 - "Could not find a dlname line in .la file: %s", in);
111 - return SASL_FAIL;
112 - }
113 -
114 - return SASL_OK;
115 -}
116 #endif /* DO_DLOPEN */
117
118 /* loads a plugin library */
119 @@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_list_t *entrypoints,
120 if (length + pos>=PATH_MAX) continue; /* too big */
121
122 if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
123 - SO_SUFFIX)
124 - && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
125 - LA_SUFFIX))
126 + SO_SUFFIX))
127 continue;
128
129 + /* We only use .so files for loading plugins */
130 +
131 memcpy(name,dir->d_name,length);
132 name[length]='\0';
133
134 - result = _parse_la(prefix, name, tmp);
135 - if(result != SASL_OK)
136 - continue;
137 -
138 + /* Create full name with path */
139 + strncpy(tmp, prefix, PATH_MAX);
140 + strncat(tmp, name, PATH_MAX);
141 +
142 /* skip "lib" and cut off suffix --
143 this only need be approximate */
144 strcpy(plugname, name + 3);
+37
-0
debian/patches/0017-Don-t-use-R-when-searching-for-SQLite-libraries.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Don't use -R when searching for SQLite libraries
4
5 ---
6 configure.in | 8 ++++----
7 1 file changed, 4 insertions(+), 4 deletions(-)
8
9 diff --git a/configure.in b/configure.in
10 index d9fead6..9fcc80c 100644
11 --- a/configure.in
12 +++ b/configure.in
13 @@ -865,9 +865,9 @@ case "$with_sqlite" in
14 notfound) AC_WARN([SQLite Library not found]); true;;
15 *)
16 if test -d ${with_sqlite}/lib; then
17 - LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
18 + LIB_SQLITE="-L${with_sqlite}/lib"
19 else
20 - LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
21 + LIB_SQLITE="-L${with_sqlite}"
22 fi
23
24 LIB_SQLITE_DIR=$LIB_SQLITE
25 @@ -917,9 +917,9 @@ case "$with_sqlite3" in
26 notfound) AC_WARN([SQLite3 Library not found]); true;;
27 *)
28 if test -d ${with_sqlite3}/lib; then
29 - LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
30 + LIB_SQLITE3="-L${with_sqlite3}/lib"
31 else
32 - LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
33 + LIB_SQLITE3="-L${with_sqlite3}"
34 fi
35
36 LIB_SQLITE3_DIR=$LIB_SQLITE3
+0
-13
debian/patches/0017_db4.8.patch less more
0 Author: Fabian Fagerholm <fabbe@debian.org>
1 Description: Support and build against db4.8.
2 --- cyrus-sasl2.orig/cmulocal/berkdb.m4
3 +++ cyrus-sasl2/cmulocal/berkdb.m4
4 @@ -213,7 +213,7 @@ AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB],
5 fi
6
7 saved_LIBS=$LIBS
8 - for dbname in ${with_bdb} \
9 + for dbname in ${with_bdb} db \
10 db-5.2 db5.2 db52 \
11 db-5.1 db5.2 db51 \
12 db-5.0 db5.2 db50 \
+26
-0
debian/patches/0018-Revert-1.103-revision-to-unbreak-GSSAPI.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Revert 1.103 revision to unbreak GSSAPI
4
5 ---
6 plugins/gssapi.c | 4 ++--
7 1 file changed, 2 insertions(+), 2 deletions(-)
8
9 diff --git a/plugins/gssapi.c b/plugins/gssapi.c
10 index 2fd1b3b..ec9f7aa 100644
11 --- a/plugins/gssapi.c
12 +++ b/plugins/gssapi.c
13 @@ -1583,10 +1583,10 @@ static int gssapi_client_mech_step(void *conn_context,
14 }
15
16 /* Setup req_flags properly */
17 - req_flags = GSS_C_INTEG_FLAG;
18 + req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
19 if (params->props.max_ssf > params->external_ssf) {
20 /* We are requesting a security layer */
21 - req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
22 + req_flags |= GSS_C_INTEG_FLAG;
23 /* Any SSF bigger than 1 is confidentiality. */
24 /* Let's check if the client of the API requires confidentiality,
25 and it wasn't already provided by an external layer */
+35
-0
debian/patches/0019-Fix-segfault-in-GSSAPI.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Fix segfault in GSSAPI
4
5 ---
6 plugins/gssapi.c | 8 +++-----
7 1 file changed, 3 insertions(+), 5 deletions(-)
8
9 diff --git a/plugins/gssapi.c b/plugins/gssapi.c
10 index ec9f7aa..348801b 100644
11 --- a/plugins/gssapi.c
12 +++ b/plugins/gssapi.c
13 @@ -376,6 +376,7 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov,
14 }
15
16 if (output_token->value && output) {
17 + int len;
18 unsigned char * p;
19
20 ret = _plug_buf_alloc(text->utils,
21 @@ -392,11 +393,8 @@ sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov,
22
23 p = (unsigned char *) text->encode_buf;
24
25 - p[0] = (output_token->length>>24) & 0xFF;
26 - p[1] = (output_token->length>>16) & 0xFF;
27 - p[2] = (output_token->length>>8) & 0xFF;
28 - p[3] = output_token->length & 0xFF;
29 -
30 + len = htonl(output_token->length);
31 + memcpy(text->encode_buf, &len, 4);
32 memcpy(text->encode_buf + 4, output_token->value, output_token->length);
33 }
34
+34
-0
debian/patches/0020-Fix-dovecot-authentication.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Fix dovecot authentication
4
5 ---
6 lib/checkpw.c | 10 ++++------
7 1 file changed, 4 insertions(+), 6 deletions(-)
8
9 diff --git a/lib/checkpw.c b/lib/checkpw.c
10 index d371f3f..4e61a19 100644
11 --- a/lib/checkpw.c
12 +++ b/lib/checkpw.c
13 @@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned delta)
14 /* Timeout. */
15 errno = ETIMEDOUT;
16 return -1;
17 - case +1:
18 - if (FD_ISSET(fd, &rfds)) {
19 - /* Success, file descriptor is readable. */
20 - return 0;
21 - }
22 - return -1;
23 case -1:
24 if (errno == EINTR || errno == EAGAIN)
25 continue;
26 default:
27 + if (FD_ISSET(fd, &rfds)) {
28 + /* Success, file descriptor is readable. */
29 + return 0;
30 + }
31 /* Error catch-all. */
32 return -1;
33 }
+36
-0
debian/patches/0021-Temporary-multiarch-fixes.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Temporary multiarch fixes
4
5 ---
6 configure.in | 2 +-
7 saslauthd/configure.in | 2 +-
8 2 files changed, 2 insertions(+), 2 deletions(-)
9
10 diff --git a/configure.in b/configure.in
11 index 9fcc80c..694a734 100644
12 --- a/configure.in
13 +++ b/configure.in
14 @@ -277,7 +277,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [[yes]] ],
15 if test "$with_pam" != no; then
16 if test -d $with_pam; then
17 CPPFLAGS="$CPPFLAGS -I${with_pam}/include"
18 - LDFLAGS="$LDFLAGS -L${with_pam}/lib"
19 + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib"
20 fi
21 AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h)
22 cmu_save_LIBS="$LIBS"
23 diff --git a/saslauthd/configure.in b/saslauthd/configure.in
24 index 8643544..4233017 100644
25 --- a/saslauthd/configure.in
26 +++ b/saslauthd/configure.in
27 @@ -95,7 +95,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [yes] ],
28 if test "$with_pam" != no; then
29 if test -d $with_pam; then
30 CPPFLAGS="$CPPFLAGS -I${with_pam}/include"
31 - LDFLAGS="$LDFLAGS -L${with_pam}/lib"
32 + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib"
33 fi
34 cmu_save_LIBS="$LIBS"
35 AC_CHECK_LIB(pam, pam_start, [
+40
-0
debian/patches/0022-Add-reference-to-LDAP_SASLAUTHD-file-to-the-saslauth.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:04 +0100
3 Subject: Add reference to LDAP_SASLAUTHD file to the saslauthd documentation
4
5 ---
6 saslauthd/saslauthd.8 | 4 ++--
7 saslauthd/saslauthd.mdoc | 4 ++--
8 2 files changed, 4 insertions(+), 4 deletions(-)
9
10 diff --git a/saslauthd/saslauthd.8 b/saslauthd/saslauthd.8
11 index 843edb0..8a35732 100644
12 --- a/saslauthd/saslauthd.8
13 +++ b/saslauthd/saslauthd.8
14 @@ -158,8 +158,8 @@ AAUUTTHHEENNTTIICCAATTIIOONN MMEECCHHAANNIISSMMSS
15 Authenticate against an ldap server. The ldap configuration
16 parameters are read from /usr/local/etc/saslauthd.conf. The
17 location of this file can be changed with the -O parameter.
18 - See the LDAP_SASLAUTHD file included with the distribution for
19 - the list of available parameters.
20 + See the LDAP_SASLAUTHD file included in the cyrus-sasl2-doc
21 + package for the list of available parameters.
22
23 sia _(_D_i_g_i_t_a_l _U_N_I_X_)
24
25 diff --git a/saslauthd/saslauthd.mdoc b/saslauthd/saslauthd.mdoc
26 index 5b0230d..0e84e6f 100644
27 --- a/saslauthd/saslauthd.mdoc
28 +++ b/saslauthd/saslauthd.mdoc
29 @@ -222,8 +222,8 @@ instead.
30 .Pp
31 Authenticate against an ldap server. The ldap configuration parameters are
32 read from /etc/saslauthd.conf. The location of this file can be
33 -changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
34 -distribution for the list of available parameters.
35 +changed with the -O parameter. See the LDAP_SASLAUTHD file included in the
36 +cyrus-sasl2-doc package for the list of available parameters.
37 .It Li sia
38 .Em (Digital UNIX)
39 .Pp
+59
-0
debian/patches/0023-Send-IMAP-logout.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Send IMAP logout
4
5 ---
6 saslauthd/auth_rimap.c | 21 +++++++++++++++++++++
7 1 file changed, 21 insertions(+)
8
9 diff --git a/saslauthd/auth_rimap.c b/saslauthd/auth_rimap.c
10 index 2c3870f..bb8eccb 100644
11 --- a/saslauthd/auth_rimap.c
12 +++ b/saslauthd/auth_rimap.c
13 @@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* remote authentication host */
14 service we connect to. */
15 #define TAG "saslauthd" /* IMAP command tag */
16 #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
17 +#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
18 #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
19 #define RESP_LEN 1000 /* size of read response buffer */
20
21 @@ -307,10 +308,12 @@ auth_rimap (
22 int s=-1; /* socket to remote auth host */
23 struct addrinfo *r; /* remote socket address info */
24 struct iovec iov[5]; /* for sending LOGIN command */
25 + struct iovec iov2[1]; /* for sending LOGOUT command */
26 char *qlogin; /* pointer to "quoted" login */
27 char *qpass; /* pointer to "quoted" password */
28 char *c; /* scratch pointer */
29 int rc; /* return code scratch area */
30 + int rcl; /* return code scratch area */
31 char rbuf[RESP_LEN]; /* response read buffer */
32 char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
33 int saved_errno;
34 @@ -505,6 +508,24 @@ auth_rimap (
35 }
36 }
37 }
38 +
39 + /* close remote imap */
40 + iov2[0].iov_base = LOGOUT_CMD;
41 + iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1;
42 + iov2[1].iov_base = "\r\n";
43 + iov2[1].iov_len = sizeof("\r\n") - 1;
44 +
45 + if (flags & VERBOSE) {
46 + syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
47 + LOGOUT_CMD, qlogin, qpass);
48 + }
49 + alarm(NETWORK_IO_TIMEOUT);
50 + rcl = retry_writev(s, iov2, 2);
51 + alarm(0);
52 + if (rcl == -1) {
53 + syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
54 + }
55 +
56 (void) close(s); /* we're done with the remote */
57 if (rc == -1) {
58 syslog(LOG_WARNING, "auth_rimap: read (response): %m");
+21
-0
debian/patches/0024-Fix-canonuser-ldapdb-garbage-in-out-buffer.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Fix canonuser ldapdb garbage in out buffer
4
5 ---
6 plugins/ldapdb.c | 1 +
7 1 file changed, 1 insertion(+)
8
9 diff --git a/plugins/ldapdb.c b/plugins/ldapdb.c
10 index b74dc9e..730f129 100644
11 --- a/plugins/ldapdb.c
12 +++ b/plugins/ldapdb.c
13 @@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context,
14 if ( len > out_max )
15 len = out_max;
16 memcpy(out, bvals[0]->bv_val, len);
17 + out[len] = '\0';
18 *out_ulen = len;
19 ber_bvecfree(bvals);
20 }
+136
-0
debian/patches/0025-Fix-keytab-option-for-MIT-Kerberos.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Fix keytab option for MIT Kerberos
4
5 ---
6 cmulocal/sasl2.m4 | 1 +
7 config.h.in | 4 ++++
8 configure | 2 +-
9 plugins/gssapi.c | 14 +++++++++++---
10 saslauthd/configure | 2 +-
11 saslauthd/saslauthd.h.in | 4 ++++
12 6 files changed, 22 insertions(+), 5 deletions(-)
13
14 diff --git a/cmulocal/sasl2.m4 b/cmulocal/sasl2.m4
15 index 62af6ab..6a34b7a 100644
16 --- a/cmulocal/sasl2.m4
17 +++ b/cmulocal/sasl2.m4
18 @@ -266,6 +266,7 @@ if test "$gssapi" != no; then
19 cmu_save_LIBS="$LIBS"
20 LIBS="$LIBS $GSSAPIBASE_LIBS"
21 AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
22 + AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity)
23 AC_CHECK_FUNCS(gss_decapsulate_token)
24 AC_CHECK_FUNCS(gss_encapsulate_token)
25 AC_CHECK_FUNCS(gss_oid_equal)
26 diff --git a/config.h.in b/config.h.in
27 index 6794af9..af13c25 100644
28 --- a/config.h.in
29 +++ b/config.h.in
30 @@ -126,6 +126,10 @@
31 */
32 #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
33
34 +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
35 + */
36 +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
37 +
38 /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
39 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
40
41 diff --git a/configure b/configure
42 index 93fee28..c31ba83 100755
43 --- a/configure
44 +++ b/configure
45 @@ -13367,7 +13367,7 @@ fi
46 cmu_save_LIBS="$LIBS"
47 LIBS="$LIBS $GSSAPIBASE_LIBS"
48
49 -for ac_func in gsskrb5_register_acceptor_identity
50 +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity
51 do
52 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
53 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
54 diff --git a/plugins/gssapi.c b/plugins/gssapi.c
55 index 348801b..5102bfc 100644
56 --- a/plugins/gssapi.c
57 +++ b/plugins/gssapi.c
58 @@ -50,6 +50,9 @@
59 #else
60 #include <gssapi/gssapi.h>
61 #endif
62 +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
63 +#include <gssapi/gssapi_krb5.h>
64 +#endif
65
66 #ifdef WIN32
67 # include <winsock2.h>
68 @@ -1365,7 +1368,7 @@ static sasl_server_plug_t gssapi_server_plugins[] =
69 };
70
71 int gssapiv2_server_plug_init(
72 -#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
73 +#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
74 const sasl_utils_t *utils __attribute__((unused)),
75 #else
76 const sasl_utils_t *utils,
77 @@ -1375,7 +1378,7 @@ int gssapiv2_server_plug_init(
78 sasl_server_plug_t **pluglist,
79 int *plugcount)
80 {
81 -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
82 +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
83 const char *keytab = NULL;
84 char keytab_path[1024];
85 unsigned int rl;
86 @@ -1385,7 +1388,7 @@ int gssapiv2_server_plug_init(
87 return SASL_BADVERS;
88 }
89
90 -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
91 +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
92 /* unfortunately, we don't check for readability of keytab if it's
93 the standard one, since we don't know where it is */
94
95 @@ -1408,7 +1411,12 @@ int gssapiv2_server_plug_init(
96
97 strncpy(keytab_path, keytab, 1024);
98
99 +#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
100 gsskrb5_register_acceptor_identity(keytab_path);
101 +#endif
102 +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
103 + krb5_gss_register_acceptor_identity(keytab_path);
104 +#endif
105 }
106 #endif
107
108 diff --git a/saslauthd/configure b/saslauthd/configure
109 index 04cb414..c856644 100755
110 --- a/saslauthd/configure
111 +++ b/saslauthd/configure
112 @@ -9116,7 +9116,7 @@ fi
113 cmu_save_LIBS="$LIBS"
114 LIBS="$LIBS $GSSAPIBASE_LIBS"
115
116 -for ac_func in gsskrb5_register_acceptor_identity
117 +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity
118 do
119 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
120 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
121 diff --git a/saslauthd/saslauthd.h.in b/saslauthd/saslauthd.h.in
122 index a61f3ba..c83e4a9 100644
123 --- a/saslauthd/saslauthd.h.in
124 +++ b/saslauthd/saslauthd.h.in
125 @@ -62,6 +62,10 @@
126 */
127 #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
128
129 +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
130 + */
131 +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
132 +
133 /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
134 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
135
+0
-27
debian/patches/0025_ld_as_needed.patch less more
0 Author: Matthias Klose <doko@ubuntu.com>
1 Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
2 it.
3 --- cyrus-sasl2.orig/saslauthd/Makefile.am
4 +++ cyrus-sasl2/saslauthd/Makefile.am
5 @@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
6 saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
7 saslauthd_LDADD = @SASL_KRB_LIB@ \
8 @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
9 - @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
10 + @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
11
12 testsaslauthd_SOURCES = testsaslauthd.c utils.c
13 testsaslauthd_LDADD = @LIB_SOCKET@
14 --- cyrus-sasl2.orig/sasldb/Makefile.am
15 +++ cyrus-sasl2/sasldb/Makefile.am
16 @@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
17
18 libsasldb_la_SOURCES = allockey.c sasldb.h
19 EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
20 -libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
21 -libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
22 +libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
23 +libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
24
25 # Prevent make dist stupidity
26 libsasldb_a_SOURCES =
+26
-0
debian/patches/0026-Release-server-creds-when-they-are-no-longer-needed.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Release server creds when they are no longer needed
4
5 ---
6 plugins/gssapi.c | 6 ++++++
7 1 file changed, 6 insertions(+)
8
9 diff --git a/plugins/gssapi.c b/plugins/gssapi.c
10 index 5102bfc..a959e06 100644
11 --- a/plugins/gssapi.c
12 +++ b/plugins/gssapi.c
13 @@ -945,6 +945,12 @@ gssapi_server_mech_authneg(context_t *text,
14 ret = SASL_CONTINUE;
15 }
16
17 + /* Release server creds which are no longer needed */
18 + if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
19 + maj_stat = gss_release_cred(&min_stat, &text->server_creds);
20 + text->server_creds = GSS_C_NO_CREDENTIAL;
21 + }
22 +
23 cleanup:
24 if (client_name_MN) {
25 GSS_LOCK_MUTEX(params->utils);
+0
-14
debian/patches/0026_drop_krb5support_dependency.patch less more
0 Author: Roberto C. Sanchez <roberto@connexer.com>
1 Description: Drop gratuitous dependency on krb5support
2 --- cyrus-sasl2.orig/cmulocal/sasl2.m4
3 +++ cyrus-sasl2/cmulocal/sasl2.m4
4 @@ -112,9 +112,6 @@ if test "$gssapi" != no; then
5 fi
6
7 if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
8 - # check for libkrb5support first
9 - AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
10 -
11 gss_failed=0
12 AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
13 ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
+22
-0
debian/patches/0027-Include-sys-types.h-in-sasl.h.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Include sys/types.h in sasl.h
4
5 ---
6 include/sasl.h | 2 ++
7 1 file changed, 2 insertions(+)
8
9 diff --git a/include/sasl.h b/include/sasl.h
10 index fef4d51..d52269f 100755
11 --- a/include/sasl.h
12 +++ b/include/sasl.h
13 @@ -223,6 +223,8 @@ extern "C" {
14 * they must be called before all other SASL functions:
15 */
16
17 +#include <sys/types.h>
18 +
19 /* memory allocation functions which may optionally be replaced:
20 */
21 typedef void *sasl_malloc_t(size_t);
+39
-0
debian/patches/0028-Fix-typo-in-debugging-logs.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Fix typo in debugging logs
4
5 ---
6 saslauthd/cache.c | 6 +++---
7 1 file changed, 3 insertions(+), 3 deletions(-)
8
9 diff --git a/saslauthd/cache.c b/saslauthd/cache.c
10 index 2b78464..b13171d 100644
11 --- a/saslauthd/cache.c
12 +++ b/saslauthd/cache.c
13 @@ -264,7 +264,7 @@ int cache_lookup(const char *user, const char *realm, const char *service, const
14 if (memcmp(pwd_digest, read_bucket->pwd_digest, 16) == 0) {
15
16 if (flags & VERBOSE)
17 - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with valid passwd");
18 + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with valid passwd");
19
20 cache_un_lock(hash_offset);
21 table_stats->hits++;
22 @@ -272,14 +272,14 @@ int cache_lookup(const char *user, const char *realm, const char *service, const
23 }
24
25 if (flags & VERBOSE)
26 - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with invalid passwd, update pending");
27 + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with invalid passwd, update pending");
28
29 result->status = CACHE_FLUSH;
30
31 } else {
32
33 if (flags & VERBOSE)
34 - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "not found, update pending");
35 + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "not found, update pending");
36
37 result->status = CACHE_FLUSH_WITH_RESCAN;
38 }
+0
-114
debian/patches/0028_autotools_fixes.patch less more
0 --- cyrus-sasl2.orig/configure.in
1 +++ cyrus-sasl2/configure.in
2 @@ -44,6 +44,8 @@ dnl
3 AC_INIT(lib/saslint.h)
4 AC_PREREQ([2.54])
5
6 +AC_CONFIG_MACRO_DIRS([cmulocal] [config])
7 +
8 dnl use ./config.cache as the default cache file.
9 dnl we require a cache file to successfully configure our build.
10 if test $cache_file = "/dev/null"; then
11 --- cyrus-sasl2.orig/Makefile.am
12 +++ cyrus-sasl2/Makefile.am
13 @@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7
14 #
15 ################################################################
16
17 +ACLOCAL_AMFLAGS = -I cmulocal -I config
18 +
19 if SASLAUTHD
20 SAD = saslauthd
21 else
22 --- cyrus-sasl2.orig/saslauthd/configure.in
23 +++ cyrus-sasl2/saslauthd/configure.in
24 @@ -1,7 +1,8 @@
25 AC_INIT(mechanisms.h)
26 AC_PREREQ([2.54])
27
28 -AC_CONFIG_AUX_DIR(config)
29 +AC_CONFIG_MACRO_DIRS([../cmulocal] [../config])
30 +AC_CONFIG_AUX_DIR([config])
31 AC_CANONICAL_HOST
32
33 dnl Should we enable SASLAUTHd at all?
34 @@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS)
35
36 dnl Checks for which function macros exist
37 AC_MSG_CHECKING(whether $CC implements __func__)
38 -AC_CACHE_VAL(have_func,
39 +AC_CACHE_VAL(_cv_have_func,
40 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);],
41 -have_func=yes,
42 -have_func=no)])
43 -AC_MSG_RESULT($have_func)
44 -if test "$have_func" = yes; then
45 +_cv_have_func=yes,
46 +_cv_have_func=no)])
47 +AC_MSG_RESULT($_cv_have_func)
48 +if test "$_cv_have_func" = yes; then
49 AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__])
50 else
51 AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__)
52 - AC_CACHE_VAL(have_pretty_function,
53 + AC_CACHE_VAL(_cv_have_pretty_function,
54 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);],
55 - have_pretty_function=yes,
56 - have_pretty_function=no)])
57 - AC_MSG_RESULT($have_pretty_function)
58 - if test "$have_pretty_function" = yes; then
59 + _cv_have_pretty_function=yes,
60 + _cv_have_pretty_function=no)])
61 + AC_MSG_RESULT($_cv_have_pretty_function)
62 + if test "$_cv_have_pretty_function" = yes; then
63 AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__])
64 else
65 AC_MSG_CHECKING(whether $CC implements __FUNCTION__)
66 - AC_CACHE_VAL(have_function,
67 + AC_CACHE_VAL(_cv_have_function,
68 [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);],
69 - have_function=yes,
70 - have_function=no)])
71 - AC_MSG_RESULT($have_function)
72 - if test "$have_function" = yes; then
73 + _cv_have_function=yes,
74 + _cv_have_function=no)])
75 + AC_MSG_RESULT($_cv_have_function)
76 + if test "$_cv_have_function" = yes; then
77 AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__])
78 fi
79 fi
80 --- cyrus-sasl2.orig/saslauthd/Makefile.am
81 +++ cyrus-sasl2/saslauthd/Makefile.am
82 @@ -1,4 +1,6 @@
83 AUTOMAKE_OPTIONS = 1.7
84 +ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config
85 +
86 sbin_PROGRAMS = saslauthd testsaslauthd
87 EXTRA_PROGRAMS = saslcache
88
89 --- cyrus-sasl2.orig/config/kerberos_v4.m4
90 +++ cyrus-sasl2/config/kerberos_v4.m4
91 @@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [
92 dnl if we were ambitious, we would look more aggressively for the
93 dnl krb4 install
94 if test -d ${krb4}; then
95 - AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [
96 + AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [
97 for krbhloc in include/kerberosIV include/kerberos include
98 do
99 if test -f ${krb4}/${krbhloc}/krb.h ; then
100 - cyrus_krbinclude=${krb4}/${krbhloc}
101 + cyrus_cv_krbinclude=${krb4}/${krbhloc}
102 break
103 fi
104 done
105 ])
106
107 - if test -n "${cyrus_krbinclude}"; then
108 - CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}"
109 + if test -n "${cyrus_cv_krbinclude}"; then
110 + CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}"
111 fi
112 LDFLAGS="$LDFLAGS -L$krb4/lib"
113 fi
+63
-0
debian/patches/0029-Revert-upstream-soname-bump.patch less more
0 From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@debian.org>
1 Date: Thu, 24 Mar 2016 11:35:05 +0100
2 Subject: Revert upstream soname bump
3
4 ---
5 lib/Makefile.am | 2 +-
6 lib/Makefile.in | 2 +-
7 plugins/Makefile.am | 2 +-
8 plugins/Makefile.in | 2 +-
9 4 files changed, 4 insertions(+), 4 deletions(-)
10
11 diff --git a/lib/Makefile.am b/lib/Makefile.am
12 index 16b14f4..9777457 100644
13 --- a/lib/Makefile.am
14 +++ b/lib/Makefile.am
15 @@ -43,7 +43,7 @@
16 # Library version info - here at the top, for sanity
17 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
18 # CURRENT:REVISION:AGE
19 -sasl_version = 3:0:0
20 +sasl_version = 2:25:0
21
22 INCLUDES=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
23
24 diff --git a/lib/Makefile.in b/lib/Makefile.in
25 index c1fefd8..629947b 100644
26 --- a/lib/Makefile.in
27 +++ b/lib/Makefile.in
28 @@ -319,7 +319,7 @@ top_srcdir = @top_srcdir@
29 # Library version info - here at the top, for sanity
30 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
31 # CURRENT:REVISION:AGE
32 -sasl_version = 3:0:0
33 +sasl_version = 2:25:0
34 INCLUDES = -DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
35 EXTRA_DIST = windlopen.c staticopen.h NTMakefile
36 EXTRA_LIBRARIES = libsasl2.a
37 diff --git a/plugins/Makefile.am b/plugins/Makefile.am
38 index d570de1..ce1af46 100644
39 --- a/plugins/Makefile.am
40 +++ b/plugins/Makefile.am
41 @@ -47,7 +47,7 @@
42 # Library version info - here at the top, for sanity
43 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
44 # CURRENT:REVISION:AGE
45 -plugin_version = 3:0:0
46 +plugin_version = 2:25:0
47
48 INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
49 AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
50 diff --git a/plugins/Makefile.in b/plugins/Makefile.in
51 index da7956f..4c96dea 100644
52 --- a/plugins/Makefile.in
53 +++ b/plugins/Makefile.in
54 @@ -362,7 +362,7 @@ top_srcdir = @top_srcdir@
55 # Library version info - here at the top, for sanity
56 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
57 # CURRENT:REVISION:AGE
58 -plugin_version = 3:0:0
59 +plugin_version = 2:25:0
60 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
61 AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
62 COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
+0
-11
debian/patches/0029_ldap_fixes.patch less more
0 --- cyrus-sasl2.orig/plugins/ldapdb.c
1 +++ cyrus-sasl2/plugins/ldapdb.c
2 @@ -251,6 +251,8 @@ static int ldapdb_auxprop_lookup(void *g
3
4 #if defined(LDAP_PROXY_AUTHZ_FAILURE)
5 case LDAP_PROXY_AUTHZ_FAILURE:
6 +#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE)
7 + case LDAP_X_PROXY_AUTHZ_FAILURE:
8 #endif
9 case LDAP_INAPPROPRIATE_AUTH:
10 case LDAP_INVALID_CREDENTIALS:
+22
-0
debian/patches/0030-Fix-return-SASL_FAIL-in-void-sasl_dispose.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: Fix 'return SASL_FAIL;' in void sasl_dispose()
4
5 ---
6 lib/common.c | 2 +-
7 1 file changed, 1 insertion(+), 1 deletion(-)
8
9 diff --git a/lib/common.c b/lib/common.c
10 index 1df5702..74ebac8 100644
11 --- a/lib/common.c
12 +++ b/lib/common.c
13 @@ -841,7 +841,7 @@ void sasl_dispose(sasl_conn_t **pconn)
14
15 if (!free_mutex || free_mutex == 0x1)
16 free_mutex = sasl_MUTEX_ALLOC();
17 - if (!free_mutex) return SASL_FAIL;
18 + if (!free_mutex) return;
19
20 result = sasl_MUTEX_LOCK(free_mutex);
21 if (result!=SASL_OK) return;
+0
-134
debian/patches/0030_dont_use_la_files_for_opening_plugins.patch less more
0 --- cyrus-sasl2.orig/lib/dlopen.c
1 +++ cyrus-sasl2/lib/dlopen.c
2 @@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
3 return result;
4 }
5
6 -/* this returns the file to actually open.
7 - * out should be a buffer of size PATH_MAX
8 - * and may be the same as in. */
9 -
10 -/* We'll use a static buffer for speed unless someone complains */
11 -#define MAX_LINE 2048
12 -
13 -static int _parse_la(const char *prefix, const char *in, char *out)
14 -{
15 - FILE *file;
16 - size_t length;
17 - char line[MAX_LINE];
18 - char *ntmp = NULL;
19 -
20 - if(!in || !out || !prefix || out == in) return SASL_BADPARAM;
21 -
22 - /* Set this so we can detect failure */
23 - *out = '\0';
24 -
25 - length = strlen(in);
26 -
27 - if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
28 - if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
29 - /* check for a .la file */
30 - strcpy(line, prefix);
31 - strcat(line, in);
32 - length = strlen(line);
33 - *(line + (length - strlen(SO_SUFFIX))) = '\0';
34 - strcat(line, LA_SUFFIX);
35 - file = fopen(line, "r");
36 - if(file) {
37 - /* We'll get it on the .la open */
38 - fclose(file);
39 - return SASL_FAIL;
40 - }
41 - }
42 - strcpy(out, prefix);
43 - strcat(out, in);
44 - return SASL_OK;
45 - }
46 -
47 - strcpy(line, prefix);
48 - strcat(line, in);
49 -
50 - file = fopen(line, "r");
51 - if(!file) {
52 - _sasl_log(NULL, SASL_LOG_WARN,
53 - "unable to open LA file: %s", line);
54 - return SASL_FAIL;
55 - }
56 -
57 - while(!feof(file)) {
58 - if(!fgets(line, MAX_LINE, file)) break;
59 - if(line[strlen(line) - 1] != '\n') {
60 - _sasl_log(NULL, SASL_LOG_WARN,
61 - "LA file has too long of a line: %s", in);
62 - return SASL_BUFOVER;
63 - }
64 - if(line[0] == '\n' || line[0] == '#') continue;
65 - if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) {
66 - /* We found the line with the name in it */
67 - char *end;
68 - char *start;
69 - size_t len;
70 - end = strrchr(line, '\'');
71 - if(!end) continue;
72 - start = &line[sizeof("dlname=")-1];
73 - len = strlen(start);
74 - if(len > 3 && start[0] == '\'') {
75 - ntmp=&start[1];
76 - *end='\0';
77 - /* Do we have dlname="" ? */
78 - if(ntmp == end) {
79 - _sasl_log(NULL, SASL_LOG_DEBUG,
80 - "dlname is empty in .la file: %s", in);
81 - return SASL_FAIL;
82 - }
83 - strcpy(out, prefix);
84 - strcat(out, ntmp);
85 - }
86 - break;
87 - }
88 - }
89 - if(ferror(file) || feof(file)) {
90 - _sasl_log(NULL, SASL_LOG_WARN,
91 - "Error reading .la: %s\n", in);
92 - fclose(file);
93 - return SASL_FAIL;
94 - }
95 - fclose(file);
96 -
97 - if(!(*out)) {
98 - _sasl_log(NULL, SASL_LOG_WARN,
99 - "Could not find a dlname line in .la file: %s", in);
100 - return SASL_FAIL;
101 - }
102 -
103 - return SASL_OK;
104 -}
105 #endif /* DO_DLOPEN */
106
107 /* loads a plugin library */
108 @@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
109 if (length + pos>=PATH_MAX) continue; /* too big */
110
111 if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
112 - SO_SUFFIX)
113 - && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)),
114 - LA_SUFFIX))
115 + SO_SUFFIX))
116 continue;
117
118 + /* We only use .so files for loading plugins */
119 +
120 memcpy(name,dir->d_name,length);
121 name[length]='\0';
122
123 - result = _parse_la(prefix, name, tmp);
124 - if(result != SASL_OK)
125 - continue;
126 -
127 + /* Create full name with path */
128 + strncpy(tmp, prefix, PATH_MAX);
129 + strncat(tmp, name, PATH_MAX);
130 +
131 /* skip "lib" and cut off suffix --
132 this only need be approximate */
133 strcpy(plugname, name + 3);
+50
-0
debian/patches/0031-properly-create-libsasl2.pc.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:05 +0100
3 Subject: properly create libsasl2.pc
4
5 ---
6 Makefile.am | 10 ++++++++++
7 configure.in | 1 -
8 2 files changed, 10 insertions(+), 1 deletion(-)
9
10 diff --git a/Makefile.am b/Makefile.am
11 index 220565f..4055bf8 100644
12 --- a/Makefile.am
13 +++ b/Makefile.am
14 @@ -43,6 +43,12 @@ AUTOMAKE_OPTIONS = 1.7
15 #
16 ################################################################
17
18 +do_subst = sed -e 's,[@]LIB_DOOR[@],$(LIB_DOOR),g' \
19 + -e 's,[@]SASL_DL_LIB[@],$(SASL_DL_LIB),g' \
20 + -e 's,[@]LIBS[@],$(LIBS),g' \
21 + -e 's,[@]VERSION[@],$(VERSION),g' \
22 + -e 's,[@]libdir[@],$(libdir),g'
23 +
24 ACLOCAL_AMFLAGS = -I cmulocal -I config
25
26 if SASLAUTHD
27 @@ -78,6 +84,10 @@ EXTRA_DIST=config cmulocal win32 mac dlcompat-20010505 NTMakefile INSTALL.TXT \
28 pkgconfigdir = $(libdir)/pkgconfig
29 pkgconfig_DATA = libsasl2.pc
30
31 +libsasl2.pc: $(srcdir)/libsasl2.pc.in Makefile
32 + rm -f $@
33 + $(do_subst) < $(srcdir)/libsasl2.pc.in > $@
34 +
35 dist-hook:
36 @find $(distdir) -exec chmod o+w {} ';'
37 @find $(distdir) -name CVS -print | xargs -t rm -rf
38 diff --git a/configure.in b/configure.in
39 index 694a734..ea24213 100644
40 --- a/configure.in
41 +++ b/configure.in
42 @@ -1419,7 +1419,6 @@ inline static unsigned int sleep(unsigned int seconds) {
43 AM_CONFIG_HEADER(config.h)
44
45 AC_OUTPUT(Makefile
46 -libsasl2.pc
47 include/Makefile
48 sasldb/Makefile
49 plugins/Makefile
+0
-26
debian/patches/0031_dont_use_-R_when_search_for_sqlite_libraries.patch less more
0 --- cyrus-sasl2.orig/configure.in
1 +++ cyrus-sasl2/configure.in
2 @@ -865,9 +865,9 @@ case "$with_sqlite" in
3 notfound) AC_WARN([SQLite Library not found]); true;;
4 *)
5 if test -d ${with_sqlite}/lib; then
6 - LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
7 + LIB_SQLITE="-L${with_sqlite}/lib"
8 else
9 - LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
10 + LIB_SQLITE="-L${with_sqlite}"
11 fi
12
13 LIB_SQLITE_DIR=$LIB_SQLITE
14 @@ -917,9 +917,9 @@ case "$with_sqlite3" in
15 notfound) AC_WARN([SQLite3 Library not found]); true;;
16 *)
17 if test -d ${with_sqlite3}/lib; then
18 - LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
19 + LIB_SQLITE3="-L${with_sqlite3}/lib"
20 else
21 - LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
22 + LIB_SQLITE3="-L${with_sqlite3}"
23 fi
24
25 LIB_SQLITE3_DIR=$LIB_SQLITE3
+177
-0
debian/patches/0032-2.1.26-Allow-CAPABILITY-lines-in-IMAP-login-reply-v4.patch less more
0 From: Sebastian Pipping <sebastian@pipping.org>
1 Date: Fri, 5 Jul 2013 18:34:50 +0200
2 Subject: 2.1.26: Allow "* CAPABILITY" lines in IMAP login reply (v4)
3
4 ---
5 saslauthd/auth_rimap.c | 125 +++++++++++++++++++++++++++++++++++++++++++------
6 1 file changed, 111 insertions(+), 14 deletions(-)
7
8 diff --git a/saslauthd/auth_rimap.c b/saslauthd/auth_rimap.c
9 index bb8eccb..06341d7 100644
10 --- a/saslauthd/auth_rimap.c
11 +++ b/saslauthd/auth_rimap.c
12 @@ -3,6 +3,7 @@
13
14 /* COPYRIGHT
15 * Copyright (c) 1998 Messaging Direct Ltd.
16 + * Copyright (c) 2013 Sebastian Pipping <sebastian@pipping.org>
17 * All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 @@ -91,6 +92,9 @@ static struct addrinfo *ai = NULL; /* remote authentication host */
21 #define TAG "saslauthd" /* IMAP command tag */
22 #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
23 #define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
24 +#define LOGIN_REPLY_GOOD (TAG " OK") /* Expected IMAP login reply, good edition (with tag) */
25 +#define LOGIN_REPLY_BAD (TAG " NO") /* Expected IMAP login reply, bad edition (with tag) */
26 +#define LOGIN_REPLY_CAP "* CAPABILITY" /* Expected IMAP login reply, capabilities edition */
27 #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
28 #define RESP_LEN 1000 /* size of read response buffer */
29
30 @@ -278,6 +282,109 @@ auth_rimap_init (
31
32 /* END FUNCTION: auth_rimap_init */
33
34 +typedef enum _t_login_status {
35 + LOGIN_STATUS_UNKNOWN,
36 +
37 + LOGIN_STATUS_ACCEPTED,
38 + LOGIN_STATUS_REJECTED,
39 + LOGIN_STATUS_MALFORMED
40 +} t_login_status;
41 +
42 +/* FUNCTION: warn_malformed_imap_login_reply */
43 +void
44 +warn_malformed_imap_login_reply(
45 + /* PARAMETERS */
46 + const char * server_reply /* I: plaintext server reply */
47 + /* END PARAMETERS */
48 + )
49 +{
50 + syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s", server_reply);
51 +}
52 +
53 +/* END FUNCTION: warn_malformed_imap_login_reply */
54 +
55 +/* FUNCTION: process_login_reply */
56 +
57 +/* SYNOPSIS
58 + * Classify IMAP server reply into accepted, rejected or malformed.
59 + * END SYNOPSIS */
60 +
61 +t_login_status
62 +process_login_reply(
63 + /* PARAMETERS */
64 + char * server_reply, /* I/O: plaintext server reply */
65 + const char * login /* I : plaintext authenticator */
66 + /* END PARAMETERS */
67 + )
68 +{
69 + /* VARIABLES */
70 + t_login_status res = LOGIN_STATUS_UNKNOWN;
71 + char * line_first = server_reply;
72 + char * line_after_last;
73 + /* END VARIABLES */
74 +
75 + for (;;) {
76 + /* find line boundary */
77 + line_after_last = strpbrk(line_first, "\x0a\x0d");
78 + if (line_after_last == NULL) {
79 + warn_malformed_imap_login_reply(line_first);
80 + return LOGIN_STATUS_MALFORMED;
81 + }
82 +
83 + /* handle single line */
84 + {
85 + /* terminate line (reverted later) */
86 + const char backup = line_after_last[0];
87 + line_after_last[0] = '\0';
88 +
89 + /* classify current line */
90 + if (strncmp(line_first, LOGIN_REPLY_GOOD, sizeof(LOGIN_REPLY_GOOD) - 1) == 0) {
91 + res = LOGIN_STATUS_ACCEPTED;
92 + } else if (strncmp(line_first, LOGIN_REPLY_BAD, sizeof(LOGIN_REPLY_BAD) - 1) == 0) {
93 + res = LOGIN_STATUS_REJECTED;
94 + } else if (strncmp(line_first, LOGIN_REPLY_CAP, sizeof(LOGIN_REPLY_CAP) - 1) == 0) {
95 + /* keep looking for ".. OK" or ".. NO" */
96 + } else {
97 + res = LOGIN_STATUS_MALFORMED;
98 + }
99 +
100 + /* report current line */
101 + if (res == LOGIN_STATUS_MALFORMED) {
102 + warn_malformed_imap_login_reply(line_first);
103 + } else if (flags & VERBOSE) {
104 + syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, line_first);
105 + }
106 +
107 + /* revert termination */
108 + line_after_last[0] = backup;
109 + }
110 +
111 + /* are we done? */
112 + if (res != LOGIN_STATUS_UNKNOWN) {
113 + return res;
114 + }
115 +
116 + /* forward to next line */
117 + while ((line_after_last[0] == '\x0a')
118 + || (line_after_last[0] == '\x0d')) {
119 + line_after_last++;
120 + }
121 +
122 + /* no more lines? */
123 + if (line_after_last[0] == '\0') {
124 + warn_malformed_imap_login_reply("");
125 + return LOGIN_STATUS_MALFORMED;
126 + }
127 +
128 + /* prepare for next round */
129 + line_first = line_after_last;
130 + }
131 +
132 + assert(! "cannot be reached");
133 +}
134 +
135 +/* END FUNCTION: process_login_reply */
136 +
137 /* FUNCTION: auth_rimap */
138
139 /* SYNOPSIS
140 @@ -318,6 +425,7 @@ auth_rimap (
141 char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
142 int saved_errno;
143 int niflags;
144 + t_login_status login_status = LOGIN_STATUS_MALFORMED;
145 /* END VARIABLES */
146
147 /* sanity checks */
148 @@ -533,25 +641,14 @@ auth_rimap (
149 }
150
151 rbuf[rc] = '\0'; /* tie off response */
152 - c = strpbrk(rbuf, "\r\n");
153 - if (c != NULL) {
154 - *c = '\0'; /* tie off line termination */
155 - }
156 + login_status = process_login_reply(rbuf, login);
157
158 - if (!strncmp(rbuf, TAG " OK", sizeof(TAG " OK")-1)) {
159 - if (flags & VERBOSE) {
160 - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf);
161 - }
162 + if (login_status == LOGIN_STATUS_ACCEPTED) {
163 return strdup("OK remote authentication successful");
164 }
165 - if (!strncmp(rbuf, TAG " NO", sizeof(TAG " NO")-1)) {
166 - if (flags & VERBOSE) {
167 - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf);
168 - }
169 + if (login_status == LOGIN_STATUS_REJECTED) {
170 return strdup("NO remote server rejected your credentials");
171 }
172 - syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s",
173 - rbuf);
174 return strdup(RESP_UNEXPECTED);
175
176 }
+0
-15
debian/patches/0032_revert_1.103_revision_to_unbreak_GSSAPI.patch less more
0 --- cyrus-sasl2.orig/plugins/gssapi.c
1 +++ cyrus-sasl2/plugins/gssapi.c
2 @@ -1583,10 +1583,10 @@ static int gssapi_client_mech_step(void
3 }
4
5 /* Setup req_flags properly */
6 - req_flags = GSS_C_INTEG_FLAG;
7 + req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
8 if (params->props.max_ssf > params->external_ssf) {
9 /* We are requesting a security layer */
10 - req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
11 + req_flags |= GSS_C_INTEG_FLAG;
12 /* Any SSF bigger than 1 is confidentiality. */
13 /* Let's check if the client of the API requires confidentiality,
14 and it wasn't already provided by an external layer */
+39
-0
debian/patches/0033-Fix-early-hangup-in-ipc_unix.c.patch less more
0 From: Debian Cyrus SASL Team
1 <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>
2 Date: Thu, 24 Mar 2016 11:35:06 +0100
3 Subject: Fix early hangup in ipc_unix.c
4
5 ---
6 saslauthd/ipc_unix.c | 5 +++++
7 1 file changed, 5 insertions(+)
8
9 diff --git a/saslauthd/ipc_unix.c b/saslauthd/ipc_unix.c
10 index f82a245..7ef7912 100644
11 --- a/saslauthd/ipc_unix.c
12 +++ b/saslauthd/ipc_unix.c
13 @@ -217,6 +217,7 @@ void ipc_loop() {
14
15 int rc;
16 int conn_fd;
17 + unsigned char dummy;
18
19
20 while(1) {
21 @@ -261,6 +262,8 @@ void ipc_loop() {
22 }
23
24 do_request(conn_fd);
25 + shutdown(conn_fd, SHUT_WR);
26 + while (read(conn_fd, &dummy, 1) > 0) { }
27 close(conn_fd);
28
29 if(flags & DETACH_TTY) {
30 @@ -275,6 +278,8 @@ void ipc_loop() {
31 * Normal prefork mode.
32 *************************************************************/
33 do_request(conn_fd);
34 + shutdown(conn_fd, SHUT_WR);
35 + while (read(conn_fd, &dummy, 1) > 0) { }
36 close(conn_fd);
37 }
38
+0
-24
debian/patches/0033_fix_segfault_in_GSSAPI.patch less more
0 --- cyrus-sasl2.orig/plugins/gssapi.c
1 +++ cyrus-sasl2/plugins/gssapi.c
2 @@ -376,6 +376,7 @@ sasl_gss_encode(void *context, const str
3 }
4
5 if (output_token->value && output) {
6 + int len;
7 unsigned char * p;
8
9 ret = _plug_buf_alloc(text->utils,
10 @@ -392,11 +393,8 @@ sasl_gss_encode(void *context, const str
11
12 p = (unsigned char *) text->encode_buf;
13
14 - p[0] = (output_token->length>>24) & 0xFF;
15 - p[1] = (output_token->length>>16) & 0xFF;
16 - p[2] = (output_token->length>>8) & 0xFF;
17 - p[3] = output_token->length & 0xFF;
18 -
19 + len = htonl(output_token->length);
20 + memcpy(text->encode_buf, &len, 4);
21 memcpy(text->encode_buf + 4, output_token->value, output_token->length);
22 }
23
+119
-0
debian/patches/0034-Handle-NULL-returns-from-glibc-2.17-crypt.patch less more
0 From: mancha <mancha1@hush.com>
1 Date: Thu, 11 Jul 2013 10:08:07 +0100
2 Subject: Handle NULL returns from glibc 2.17+ crypt()
3
4 Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
5 (w/ NULL return) if the salt violates specifications. Additionally,
6 on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
7 passed to crypt() fail with EPERM (w/ NULL return).
8
9 When using glibc's crypt(), check return value to avoid a possible
10 NULL pointer dereference.
11
12 Patch by mancha1@hush.com.
13 ---
14 pwcheck/pwcheck_getpwnam.c | 3 ++-
15 pwcheck/pwcheck_getspnam.c | 4 +++-
16 saslauthd/auth_getpwent.c | 4 +++-
17 saslauthd/auth_shadow.c | 8 +++-----
18 4 files changed, 11 insertions(+), 8 deletions(-)
19
20 diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
21 index 4b34222..400289c 100644
22 --- a/pwcheck/pwcheck_getpwnam.c
23 +++ b/pwcheck/pwcheck_getpwnam.c
24 @@ -32,6 +32,7 @@ char *userid;
25 char *password;
26 {
27 char* r;
28 + char* crpt_passwd;
29 struct passwd *pwd;
30
31 pwd = getpwnam(userid);
32 @@ -41,7 +42,7 @@ char *password;
33 else if (pwd->pw_passwd[0] == '*') {
34 r = "Account disabled";
35 }
36 - else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
37 + else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
38 r = "Incorrect password";
39 }
40 else {
41 diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
42 index 2b11286..6d607bb 100644
43 --- a/pwcheck/pwcheck_getspnam.c
44 +++ b/pwcheck/pwcheck_getspnam.c
45 @@ -32,13 +32,15 @@ char *userid;
46 char *password;
47 {
48 struct spwd *pwd;
49 + char *crpt_passwd;
50
51 pwd = getspnam(userid);
52 if (!pwd) {
53 return "Userid not found";
54 }
55
56 - if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
57 + crpt_passwd = crypt(password, pwd->sp_pwdp);
58 + if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
59 return "Incorrect password";
60 }
61 else {
62 diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
63 index fc8029d..d4ebe54 100644
64 --- a/saslauthd/auth_getpwent.c
65 +++ b/saslauthd/auth_getpwent.c
66 @@ -77,6 +77,7 @@ auth_getpwent (
67 {
68 /* VARIABLES */
69 struct passwd *pw; /* pointer to passwd file entry */
70 + char *crpt_passwd; /* encrypted password */
71 int errnum;
72 /* END VARIABLES */
73
74 @@ -105,7 +106,8 @@ auth_getpwent (
75 }
76 }
77
78 - if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
79 + crpt_passwd = crypt(password, pw->pw_passwd);
80 + if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
81 if (flags & VERBOSE) {
82 syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
83 }
84 diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
85 index d0efa9a..c00faa3 100644
86 --- a/saslauthd/auth_shadow.c
87 +++ b/saslauthd/auth_shadow.c
88 @@ -211,8 +211,8 @@ auth_shadow (
89 RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
90 }
91
92 - cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
93 - if (strcmp(sp->sp_pwdp, cpw)) {
94 + cpw = crypt(password, sp->sp_pwdp);
95 + if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
96 if (flags & VERBOSE) {
97 /*
98 * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
99 @@ -222,10 +222,8 @@ auth_shadow (
100 syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
101 sp->sp_pwdp, cpw);
102 }
103 - free(cpw);
104 RETURN("NO Incorrect password");
105 }
106 - free(cpw);
107
108 /*
109 * The following fields will be set to -1 if:
110 @@ -287,7 +285,7 @@ auth_shadow (
111 RETURN("NO Invalid username");
112 }
113
114 - if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
115 + if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
116 if (flags & VERBOSE) {
117 syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
118 password, upw->upw_passwd);
+0
-23
debian/patches/0034_fix_dovecot_authentication.patch less more
0 --- cyrus-sasl2.orig/lib/checkpw.c
1 +++ cyrus-sasl2/lib/checkpw.c
2 @@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de
3 /* Timeout. */
4 errno = ETIMEDOUT;
5 return -1;
6 - case +1:
7 - if (FD_ISSET(fd, &rfds)) {
8 - /* Success, file descriptor is readable. */
9 - return 0;
10 - }
11 - return -1;
12 case -1:
13 if (errno == EINTR || errno == EAGAIN)
14 continue;
15 default:
16 + if (FD_ISSET(fd, &rfds)) {
17 + /* Success, file descriptor is readable. */
18 + return 0;
19 + }
20 /* Error catch-all. */
21 return -1;
22 }
+31
-0
debian/patches/0035-Fix-auth_rimap-infinite-loop-hang-when-IMAP-server-c.patch less more
0 From: Jered Floyd <jered@convivian.com>
1 Date: Thu, 24 Mar 2016 11:36:07 +0100
2 Subject: Fix auth_rimap infinite loop (hang) when IMAP server closes
3 connection
4
5 ---
6 saslauthd/auth_rimap.c | 4 ++--
7 1 file changed, 2 insertions(+), 2 deletions(-)
8
9 diff --git a/saslauthd/auth_rimap.c b/saslauthd/auth_rimap.c
10 index 06341d7..03584ac 100644
11 --- a/saslauthd/auth_rimap.c
12 +++ b/saslauthd/auth_rimap.c
13 @@ -494,7 +494,7 @@ auth_rimap (
14 while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
15 if ( FD_ISSET(s, &perm) ) {
16 ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
17 - if ( ret<0 ) {
18 + if ( ret<=0 ) {
19 rc = ret;
20 break;
21 } else {
22 @@ -607,7 +607,7 @@ auth_rimap (
23 while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
24 if ( FD_ISSET(s, &perm) ) {
25 ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
26 - if ( ret<0 ) {
27 + if ( ret<=0 ) {
28 rc = ret;
29 break;
30 } else {
+0
-22
debian/patches/0035_temporary_multiarch_fixes.patch less more
0 --- cyrus-sasl2.orig/configure.in
1 +++ cyrus-sasl2/configure.in
2 @@ -277,7 +277,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR
3 if test "$with_pam" != no; then
4 if test -d $with_pam; then
5 CPPFLAGS="$CPPFLAGS -I${with_pam}/include"
6 - LDFLAGS="$LDFLAGS -L${with_pam}/lib"
7 + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib"
8 fi
9 AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h)
10 cmu_save_LIBS="$LIBS"
11 --- cyrus-sasl2.orig/saslauthd/configure.in
12 +++ cyrus-sasl2/saslauthd/configure.in
13 @@ -95,7 +95,7 @@ AC_ARG_WITH(pam, [ --with-pam=DIR
14 if test "$with_pam" != no; then
15 if test -d $with_pam; then
16 CPPFLAGS="$CPPFLAGS -I${with_pam}/include"
17 - LDFLAGS="$LDFLAGS -L${with_pam}/lib"
18 + LDFLAGS="$LDFLAGS -L${with_pam}/$DEB_HOST_MULTIARCH/lib"
19 fi
20 cmu_save_LIBS="$LIBS"
21 AC_CHECK_LIB(pam, pam_start, [
+0
-26
debian/patches/0036_add_reference_to_LDAP_SASLAUTHD_file.patch less more
0 --- cyrus-sasl2.orig/saslauthd/saslauthd.8
1 +++ cyrus-sasl2/saslauthd/saslauthd.8
2 @@ -158,8 +158,8 @@ AAUUTTHHEENNTTIICCAATTIIOON
3 Authenticate against an ldap server. The ldap configuration
4 parameters are read from /usr/local/etc/saslauthd.conf. The
5 location of this file can be changed with the -O parameter.
6 - See the LDAP_SASLAUTHD file included with the distribution for
7 - the list of available parameters.
8 + See the LDAP_SASLAUTHD file included in the cyrus-sasl2-doc
9 + package for the list of available parameters.
10
11 sia _(_D_i_g_i_t_a_l _U_N_I_X_)
12
13 --- cyrus-sasl2.orig/saslauthd/saslauthd.mdoc
14 +++ cyrus-sasl2/saslauthd/saslauthd.mdoc
15 @@ -222,8 +222,8 @@ instead.
16 .Pp
17 Authenticate against an ldap server. The ldap configuration parameters are
18 read from /etc/saslauthd.conf. The location of this file can be
19 -changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
20 -distribution for the list of available parameters.
21 +changed with the -O parameter. See the LDAP_SASLAUTHD file included in the
22 +cyrus-sasl2-doc package for the list of available parameters.
23 .It Li sia
24 .Em (Digital UNIX)
25 .Pp
+0
-48
debian/patches/0038_send_imap_logout.patch less more
0 --- cyrus-sasl2.orig/saslauthd/auth_rimap.c
1 +++ cyrus-sasl2/saslauthd/auth_rimap.c
2 @@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re
3 service we connect to. */
4 #define TAG "saslauthd" /* IMAP command tag */
5 #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
6 +#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
7 #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
8 #define RESP_LEN 1000 /* size of read response buffer */
9
10 @@ -307,10 +308,12 @@ auth_rimap (
11 int s=-1; /* socket to remote auth host */
12 struct addrinfo *r; /* remote socket address info */
13 struct iovec iov[5]; /* for sending LOGIN command */
14 + struct iovec iov2[1]; /* for sending LOGOUT command */
15 char *qlogin; /* pointer to "quoted" login */
16 char *qpass; /* pointer to "quoted" password */
17 char *c; /* scratch pointer */
18 int rc; /* return code scratch area */
19 + int rcl; /* return code scratch area */
20 char rbuf[RESP_LEN]; /* response read buffer */
21 char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
22 int saved_errno;
23 @@ -505,6 +508,24 @@ auth_rimap (
24 }
25 }
26 }
27 +
28 + /* close remote imap */
29 + iov2[0].iov_base = LOGOUT_CMD;
30 + iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1;
31 + iov2[1].iov_base = "\r\n";
32 + iov2[1].iov_len = sizeof("\r\n") - 1;
33 +
34 + if (flags & VERBOSE) {
35 + syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
36 + LOGOUT_CMD, qlogin, qpass);
37 + }
38 + alarm(NETWORK_IO_TIMEOUT);
39 + rcl = retry_writev(s, iov2, 2);
40 + alarm(0);
41 + if (rcl == -1) {
42 + syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
43 + }
44 +
45 (void) close(s); /* we're done with the remote */
46 if (rc == -1) {
47 syslog(LOG_WARNING, "auth_rimap: read (response): %m");
+0
-10
debian/patches/0039_fix_canonuser_ldapdb_garbage_in_out_buffer.patch less more
0 --- cyrus-sasl2.orig/plugins/ldapdb.c
1 +++ cyrus-sasl2/plugins/ldapdb.c
2 @@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context,
3 if ( len > out_max )
4 len = out_max;
5 memcpy(out, bvals[0]->bv_val, len);
6 + out[len] = '\0';
7 *out_ulen = len;
8 ber_bvecfree(bvals);
9 }
+0
-112
debian/patches/0041_fix_keytab_option_for_MIT_kerberos.patch less more
0 Author: Roberto C. Sanchez <roberto@connexer.com>
1 Description: Fix buginess that results in the keytab configuration option not working on MIT Kerberos (Closes: #651308).
2 --- cyrus-sasl2.git.orig/cmulocal/sasl2.m4
3 +++ cyrus-sasl2.git/cmulocal/sasl2.m4
4 @@ -266,6 +266,7 @@
5 cmu_save_LIBS="$LIBS"
6 LIBS="$LIBS $GSSAPIBASE_LIBS"
7 AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
8 + AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity)
9 AC_CHECK_FUNCS(gss_decapsulate_token)
10 AC_CHECK_FUNCS(gss_encapsulate_token)
11 AC_CHECK_FUNCS(gss_oid_equal)
12 --- cyrus-sasl2.git.orig/config.h.in
13 +++ cyrus-sasl2.git/config.h.in
14 @@ -126,6 +126,10 @@
15 */
16 #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
17
18 +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
19 + */
20 +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
21 +
22 /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
23 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
24
25 --- cyrus-sasl2.git.orig/configure
26 +++ cyrus-sasl2.git/configure
27 @@ -13367,7 +13367,7 @@
28 cmu_save_LIBS="$LIBS"
29 LIBS="$LIBS $GSSAPIBASE_LIBS"
30
31 -for ac_func in gsskrb5_register_acceptor_identity
32 +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity
33 do
34 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
35 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
36 --- cyrus-sasl2.git.orig/plugins/gssapi.c
37 +++ cyrus-sasl2.git/plugins/gssapi.c
38 @@ -50,6 +50,9 @@
39 #else
40 #include <gssapi/gssapi.h>
41 #endif
42 +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
43 +#include <gssapi/gssapi_krb5.h>
44 +#endif
45
46 #ifdef WIN32
47 # include <winsock2.h>
48 @@ -1365,7 +1368,7 @@
49 };
50
51 int gssapiv2_server_plug_init(
52 -#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
53 +#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
54 const sasl_utils_t *utils __attribute__((unused)),
55 #else
56 const sasl_utils_t *utils,
57 @@ -1375,7 +1378,7 @@
58 sasl_server_plug_t **pluglist,
59 int *plugcount)
60 {
61 -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
62 +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
63 const char *keytab = NULL;
64 char keytab_path[1024];
65 unsigned int rl;
66 @@ -1385,7 +1388,7 @@
67 return SASL_BADVERS;
68 }
69
70 -#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
71 +#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
72 /* unfortunately, we don't check for readability of keytab if it's
73 the standard one, since we don't know where it is */
74
75 @@ -1408,7 +1411,12 @@
76
77 strncpy(keytab_path, keytab, 1024);
78
79 +#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
80 gsskrb5_register_acceptor_identity(keytab_path);
81 +#endif
82 +#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
83 + krb5_gss_register_acceptor_identity(keytab_path);
84 +#endif
85 }
86 #endif
87
88 --- cyrus-sasl2.git.orig/saslauthd/configure
89 +++ cyrus-sasl2.git/saslauthd/configure
90 @@ -9116,7 +9116,7 @@
91 cmu_save_LIBS="$LIBS"
92 LIBS="$LIBS $GSSAPIBASE_LIBS"
93
94 -for ac_func in gsskrb5_register_acceptor_identity
95 +for ac_func in gsskrb5_register_acceptor_identity krb5_gss_regster_acceptor_identity
96 do
97 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
98 { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
99 --- cyrus-sasl2.git.orig/saslauthd/saslauthd.h.in
100 +++ cyrus-sasl2.git/saslauthd/saslauthd.h.in
101 @@ -62,6 +62,10 @@
102 */
103 #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
104
105 +/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function.
106 + */
107 +#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY
108 +
109 /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */
110 #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE
111
+0
-18
debian/patches/0042_release_server_creds.patch less more
0 Author: PhantomX
1 Description: Release server credentials when longer needed to prevent running out of file descriptors (Closes: #722569). https://github.com/PhantomX/slackbuilds/blob/master/cyrus-sasl/patches/cyrus-sasl-2.1.26-release-server_creds.patch
2 diff -up cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds cyrus-sasl-2.1.26/plugins/gssapi.c
3 --- cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds 2012-12-20 17:17:37.000000000 +0100
4 +++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-12-20 17:42:11.498138999 +0100
5 @@ -945,6 +945,12 @@ gssapi_server_mech_authneg(context_t *te
6 ret = SASL_CONTINUE;
7 }
8
9 + /* Release server creds which are no longer needed */
10 + if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
11 + maj_stat = gss_release_cred(&min_stat, &text->server_creds);
12 + text->server_creds = GSS_C_NO_CREDENTIAL;
13 + }
14 +
15 cleanup:
16 if (client_name_MN) {
17 GSS_LOCK_MUTEX(params->utils);
+0
-14
debian/patches/0043_types_h.patch less more
0 Author: Rex Dieter
1 Description: Eliminates "error: typedef 'sasl_malloc_t' is initialized (use decltype instead)". Patch from https://bugzilla.redhat.com/show_bug.cgi?id=906519 (Closes: #719165)
2 diff -up cyrus-sasl-2.1.26/include/sasl.h.size_t cyrus-sasl-2.1.26/include/sasl.h
3 --- cyrus-sasl-2.1.26/include/sasl.h.size_t 2012-10-12 09:05:48.000000000 -0500
4 +++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600
5 @@ -223,6 +223,8 @@ extern "C" {
6 * they must be called before all other SASL functions:
7 */
8
9 +#include <sys/types.h>
10 +
11 /* memory allocation functions which may optionally be replaced:
12 */
13 typedef void *sasl_malloc_t(size_t);
+0
-30
debian/patches/0044_debug_log_typo_fix.patch less more
0 Author: Roberto C. Sanchez <roberto@connexer.com>
1 Description: Fix transposition of realm and service in debug log (Closes: #732373)
2 --- cyrus-sasl2.git.orig/saslauthd/cache.c
3 +++ cyrus-sasl2.git/saslauthd/cache.c
4 @@ -264,7 +264,7 @@
5 if (memcmp(pwd_digest, read_bucket->pwd_digest, 16) == 0) {
6
7 if (flags & VERBOSE)
8 - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with valid passwd");
9 + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with valid passwd");
10
11 cache_un_lock(hash_offset);
12 table_stats->hits++;
13 @@ -272,14 +272,14 @@
14 }
15
16 if (flags & VERBOSE)
17 - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with invalid passwd, update pending");
18 + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "found with invalid passwd, update pending");
19
20 result->status = CACHE_FLUSH;
21
22 } else {
23
24 if (flags & VERBOSE)
25 - logger(L_DEBUG, L_FUNC, debug, user, realm, service, "not found, update pending");
26 + logger(L_DEBUG, L_FUNC, debug, user, service, realm, "not found, update pending");
27
28 result->status = CACHE_FLUSH_WITH_RESCAN;
29 }
+0
-46
debian/patches/0045_revert_upstream_soname_bump.patch less more
0 Author: Roberto C. Sanchez <roberto@connexer.com>
1 Description: Revert upstream's SONAME bump, which was introduced in upstream version 2.1.26. SONAME breakage was previously handled in Debian and a bump is not required at this time.
2 --- cyrus-sasl2.git.orig/lib/Makefile.am
3 +++ cyrus-sasl2.git/lib/Makefile.am
4 @@ -43,7 +43,7 @@
5 # Library version info - here at the top, for sanity
6 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
7 # CURRENT:REVISION:AGE
8 -sasl_version = 3:0:0
9 +sasl_version = 2:25:0
10
11 INCLUDES=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
12
13 --- cyrus-sasl2.git.orig/lib/Makefile.in
14 +++ cyrus-sasl2.git/lib/Makefile.in
15 @@ -319,7 +319,7 @@
16 # Library version info - here at the top, for sanity
17 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
18 # CURRENT:REVISION:AGE
19 -sasl_version = 3:0:0
20 +sasl_version = 2:25:0
21 INCLUDES = -DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
22 EXTRA_DIST = windlopen.c staticopen.h NTMakefile
23 EXTRA_LIBRARIES = libsasl2.a
24 --- cyrus-sasl2.git.orig/plugins/Makefile.am
25 +++ cyrus-sasl2.git/plugins/Makefile.am
26 @@ -47,7 +47,7 @@
27 # Library version info - here at the top, for sanity
28 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
29 # CURRENT:REVISION:AGE
30 -plugin_version = 3:0:0
31 +plugin_version = 2:25:0
32
33 INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
34 AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
35 --- cyrus-sasl2.git.orig/plugins/Makefile.in
36 +++ cyrus-sasl2.git/plugins/Makefile.in
37 @@ -362,7 +362,7 @@
38 # Library version info - here at the top, for sanity
39 # See <http://www.gnu.org/software/libtool/manual/libtool.html#Versioning>
40 # CURRENT:REVISION:AGE
41 -plugin_version = 3:0:0
42 +plugin_version = 2:25:0
43 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
44 AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
45 COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
+0
-13
debian/patches/0046_fix_void_return.patch less more
0 Author: Arthur Marble <arthur@info9.net>
1 Description: Eliminate return value in a function specified to return void (Closes: #739561)
2 --- cyrus-sasl2.git.orig/lib/common.c
3 +++ cyrus-sasl2.git/lib/common.c
4 @@ -841,7 +841,7 @@
5
6 if (!free_mutex || free_mutex == 0x1)
7 free_mutex = sasl_MUTEX_ALLOC();
8 - if (!free_mutex) return SASL_FAIL;
9 + if (!free_mutex) return;
10
11 result = sasl_MUTEX_LOCK(free_mutex);
12 if (result!=SASL_OK) return;
+0
-106
debian/patches/CVE-2013-4122.patch less more
0 From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
1 From: mancha <mancha1@hush.com>
2 Date: Thu, 11 Jul 2013 10:08:07 +0100
3 Subject: Handle NULL returns from glibc 2.17+ crypt()
4
5 Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
6 (w/ NULL return) if the salt violates specifications. Additionally,
7 on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
8 passed to crypt() fail with EPERM (w/ NULL return).
9
10 When using glibc's crypt(), check return value to avoid a possible
11 NULL pointer dereference.
12
13 Patch by mancha1@hush.com.
14
15 --- cyrus-sasl2.orig/pwcheck/pwcheck_getpwnam.c
16 +++ cyrus-sasl2/pwcheck/pwcheck_getpwnam.c
17 @@ -32,6 +32,7 @@ char *userid;
18 char *password;
19 {
20 char* r;
21 + char* crpt_passwd;
22 struct passwd *pwd;
23
24 pwd = getpwnam(userid);
25 @@ -41,7 +42,7 @@ char *password;
26 else if (pwd->pw_passwd[0] == '*') {
27 r = "Account disabled";
28 }
29 - else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
30 + else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
31 r = "Incorrect password";
32 }
33 else {
34 --- cyrus-sasl2.orig/pwcheck/pwcheck_getspnam.c
35 +++ cyrus-sasl2/pwcheck/pwcheck_getspnam.c
36 @@ -32,13 +32,15 @@ char *userid;
37 char *password;
38 {
39 struct spwd *pwd;
40 + char *crpt_passwd;
41
42 pwd = getspnam(userid);
43 if (!pwd) {
44 return "Userid not found";
45 }
46
47 - if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
48 + crpt_passwd = crypt(password, pwd->sp_pwdp);
49 + if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
50 return "Incorrect password";
51 }
52 else {
53 --- cyrus-sasl2.orig/saslauthd/auth_getpwent.c
54 +++ cyrus-sasl2/saslauthd/auth_getpwent.c
55 @@ -77,6 +77,7 @@ auth_getpwent (
56 {
57 /* VARIABLES */
58 struct passwd *pw; /* pointer to passwd file entry */
59 + char *crpt_passwd; /* encrypted password */
60 int errnum;
61 /* END VARIABLES */
62
63 @@ -105,7 +106,8 @@ auth_getpwent (
64 }
65 }
66
67 - if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
68 + crpt_passwd = crypt(password, pw->pw_passwd);
69 + if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
70 if (flags & VERBOSE) {
71 syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
72 }
73 --- cyrus-sasl2.orig/saslauthd/auth_shadow.c
74 +++ cyrus-sasl2/saslauthd/auth_shadow.c
75 @@ -211,8 +211,8 @@ auth_shadow (
76 RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
77 }
78
79 - cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
80 - if (strcmp(sp->sp_pwdp, cpw)) {
81 + cpw = crypt(password, sp->sp_pwdp);
82 + if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
83 if (flags & VERBOSE) {
84 /*
85 * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
86 @@ -222,10 +222,8 @@ auth_shadow (
87 syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
88 sp->sp_pwdp, cpw);
89 }
90 - free(cpw);
91 RETURN("NO Incorrect password");
92 }
93 - free(cpw);
94
95 /*
96 * The following fields will be set to -1 if:
97 @@ -287,7 +285,7 @@ auth_shadow (
98 RETURN("NO Invalid username");
99 }
100
101 - if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
102 + if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
103 if (flags & VERBOSE) {
104 syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
105 password, upw->upw_passwd);
+0
-176
debian/patches/bug715040.patch less more
0 From 98b21c0aa01d4ef1e05158a79dc3e291e53bee81 Mon Sep 17 00:00:00 2001
1 From: Sebastian Pipping <sebastian@pipping.org>
2 Date: Fri, 5 Jul 2013 18:34:50 +0200
3 Subject: [PATCH] 2.1.26: Allow "* CAPABILITY" lines in IMAP login reply (v4)
4
5 ---
6 saslauthd/auth_rimap.c | 125 +++++++++++++++++++++++++++++++++++++++++++------
7 1 file changed, 111 insertions(+), 14 deletions(-)
8
9 --- cyrus-sasl2.orig/saslauthd/auth_rimap.c
10 +++ cyrus-sasl2/saslauthd/auth_rimap.c
11 @@ -3,6 +3,7 @@
12
13 /* COPYRIGHT
14 * Copyright (c) 1998 Messaging Direct Ltd.
15 + * Copyright (c) 2013 Sebastian Pipping <sebastian@pipping.org>
16 * All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 @@ -91,6 +92,9 @@ static struct addrinfo *ai = NULL; /* re
20 #define TAG "saslauthd" /* IMAP command tag */
21 #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
22 #define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
23 +#define LOGIN_REPLY_GOOD (TAG " OK") /* Expected IMAP login reply, good edition (with tag) */
24 +#define LOGIN_REPLY_BAD (TAG " NO") /* Expected IMAP login reply, bad edition (with tag) */
25 +#define LOGIN_REPLY_CAP "* CAPABILITY" /* Expected IMAP login reply, capabilities edition */
26 #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
27 #define RESP_LEN 1000 /* size of read response buffer */
28
29 @@ -278,6 +282,109 @@ auth_rimap_init (
30
31 /* END FUNCTION: auth_rimap_init */
32
33 +typedef enum _t_login_status {
34 + LOGIN_STATUS_UNKNOWN,
35 +
36 + LOGIN_STATUS_ACCEPTED,
37 + LOGIN_STATUS_REJECTED,
38 + LOGIN_STATUS_MALFORMED
39 +} t_login_status;
40 +
41 +/* FUNCTION: warn_malformed_imap_login_reply */
42 +void
43 +warn_malformed_imap_login_reply(
44 + /* PARAMETERS */
45 + const char * server_reply /* I: plaintext server reply */
46 + /* END PARAMETERS */
47 + )
48 +{
49 + syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s", server_reply);
50 +}
51 +
52 +/* END FUNCTION: warn_malformed_imap_login_reply */
53 +
54 +/* FUNCTION: process_login_reply */
55 +
56 +/* SYNOPSIS
57 + * Classify IMAP server reply into accepted, rejected or malformed.
58 + * END SYNOPSIS */
59 +
60 +t_login_status
61 +process_login_reply(
62 + /* PARAMETERS */
63 + char * server_reply, /* I/O: plaintext server reply */
64 + const char * login /* I : plaintext authenticator */
65 + /* END PARAMETERS */
66 + )
67 +{
68 + /* VARIABLES */
69 + t_login_status res = LOGIN_STATUS_UNKNOWN;
70 + char * line_first = server_reply;
71 + char * line_after_last;
72 + /* END VARIABLES */
73 +
74 + for (;;) {
75 + /* find line boundary */
76 + line_after_last = strpbrk(line_first, "\x0a\x0d");
77 + if (line_after_last == NULL) {
78 + warn_malformed_imap_login_reply(line_first);
79 + return LOGIN_STATUS_MALFORMED;
80 + }
81 +
82 + /* handle single line */
83 + {
84 + /* terminate line (reverted later) */
85 + const char backup = line_after_last[0];
86 + line_after_last[0] = '\0';
87 +
88 + /* classify current line */
89 + if (strncmp(line_first, LOGIN_REPLY_GOOD, sizeof(LOGIN_REPLY_GOOD) - 1) == 0) {
90 + res = LOGIN_STATUS_ACCEPTED;
91 + } else if (strncmp(line_first, LOGIN_REPLY_BAD, sizeof(LOGIN_REPLY_BAD) - 1) == 0) {
92 + res = LOGIN_STATUS_REJECTED;
93 + } else if (strncmp(line_first, LOGIN_REPLY_CAP, sizeof(LOGIN_REPLY_CAP) - 1) == 0) {
94 + /* keep looking for ".. OK" or ".. NO" */
95 + } else {
96 + res = LOGIN_STATUS_MALFORMED;
97 + }
98 +
99 + /* report current line */
100 + if (res == LOGIN_STATUS_MALFORMED) {
101 + warn_malformed_imap_login_reply(line_first);
102 + } else if (flags & VERBOSE) {
103 + syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, line_first);
104 + }
105 +
106 + /* revert termination */
107 + line_after_last[0] = backup;
108 + }
109 +
110 + /* are we done? */
111 + if (res != LOGIN_STATUS_UNKNOWN) {
112 + return res;
113 + }
114 +
115 + /* forward to next line */
116 + while ((line_after_last[0] == '\x0a')
117 + || (line_after_last[0] == '\x0d')) {
118 + line_after_last++;
119 + }
120 +
121 + /* no more lines? */
122 + if (line_after_last[0] == '\0') {
123 + warn_malformed_imap_login_reply("");
124 + return LOGIN_STATUS_MALFORMED;
125 + }
126 +
127 + /* prepare for next round */
128 + line_first = line_after_last;
129 + }
130 +
131 + assert(! "cannot be reached");
132 +}
133 +
134 +/* END FUNCTION: process_login_reply */
135 +
136 /* FUNCTION: auth_rimap */
137
138 /* SYNOPSIS
139 @@ -318,6 +425,7 @@ auth_rimap (
140 char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
141 int saved_errno;
142 int niflags;
143 + t_login_status login_status = LOGIN_STATUS_MALFORMED;
144 /* END VARIABLES */
145
146 /* sanity checks */
147 @@ -533,25 +641,14 @@ auth_rimap (
148 }
149
150 rbuf[rc] = '\0'; /* tie off response */
151 - c = strpbrk(rbuf, "\r\n");
152 - if (c != NULL) {
153 - *c = '\0'; /* tie off line termination */
154 - }
155 + login_status = process_login_reply(rbuf, login);
156
157 - if (!strncmp(rbuf, TAG " OK", sizeof(TAG " OK")-1)) {
158 - if (flags & VERBOSE) {
159 - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf);
160 - }
161 + if (login_status == LOGIN_STATUS_ACCEPTED) {
162 return strdup("OK remote authentication successful");
163 }
164 - if (!strncmp(rbuf, TAG " NO", sizeof(TAG " NO")-1)) {
165 - if (flags & VERBOSE) {
166 - syslog(LOG_DEBUG, "auth_rimap: [%s] %s", login, rbuf);
167 - }
168 + if (login_status == LOGIN_STATUS_REJECTED) {
169 return strdup("NO remote server rejected your credentials");
170 }
171 - syslog(LOG_WARNING, "auth_rimap: unexpected response to auth request: %s",
172 - rbuf);
173 return strdup(RESP_UNEXPECTED);
174
175 }
+0
-34
debian/patches/early-hangup.patch less more
0 Description: it is possible for the client side of the socket to miss data
1 when the server uses close() immediately after the last write(). To avoid
2 this, shutdown down the write side of the socket and wait for the client
3 to close the connection (0 byte read) before closing the server side.
4 Author: Kees Cook <kees@debian.org>
5
6 --- cyrus-sasl2.orig/saslauthd/ipc_unix.c
7 +++ cyrus-sasl2/saslauthd/ipc_unix.c
8 @@ -217,6 +217,7 @@ void ipc_loop() {
9
10 int rc;
11 int conn_fd;
12 + unsigned char dummy;
13
14
15 while(1) {
16 @@ -261,6 +262,8 @@ void ipc_loop() {
17 }
18
19 do_request(conn_fd);
20 + shutdown(conn_fd, SHUT_WR);
21 + while (read(conn_fd, &dummy, 1) > 0) { }
22 close(conn_fd);
23
24 if(flags & DETACH_TTY) {
25 @@ -275,6 +278,8 @@ void ipc_loop() {
26 * Normal prefork mode.
27 *************************************************************/
28 do_request(conn_fd);
29 + shutdown(conn_fd, SHUT_WR);
30 + while (read(conn_fd, &dummy, 1) > 0) { }
31 close(conn_fd);
32 }
33
+0
-36
debian/patches/properly-create-libsasl2.pc.patch less more
0 --- cyrus-sasl2.orig/configure.in
1 +++ cyrus-sasl2/configure.in
2 @@ -1419,7 +1419,6 @@ inline static unsigned int sleep(unsigne
3 AM_CONFIG_HEADER(config.h)
4
5 AC_OUTPUT(Makefile
6 -libsasl2.pc
7 include/Makefile
8 sasldb/Makefile
9 plugins/Makefile
10 --- cyrus-sasl2.orig/Makefile.am
11 +++ cyrus-sasl2/Makefile.am
12 @@ -43,6 +43,12 @@ AUTOMAKE_OPTIONS = 1.7
13 #
14 ################################################################
15
16 +do_subst = sed -e 's,[@]LIB_DOOR[@],$(LIB_DOOR),g' \
17 + -e 's,[@]SASL_DL_LIB[@],$(SASL_DL_LIB),g' \
18 + -e 's,[@]LIBS[@],$(LIBS),g' \
19 + -e 's,[@]VERSION[@],$(VERSION),g' \
20 + -e 's,[@]libdir[@],$(libdir),g'
21 +
22 ACLOCAL_AMFLAGS = -I cmulocal -I config
23
24 if SASLAUTHD
25 @@ -78,6 +84,10 @@ EXTRA_DIST=config cmulocal win32 mac dlc
26 pkgconfigdir = $(libdir)/pkgconfig
27 pkgconfig_DATA = libsasl2.pc
28
29 +libsasl2.pc: $(srcdir)/libsasl2.pc.in Makefile
30 + rm -f $@
31 + $(do_subst) < $(srcdir)/libsasl2.pc.in > $@
32 +
33 dist-hook:
34 @find $(distdir) -exec chmod o+w {} ';'
35 @find $(distdir) -name CVS -print | xargs -t rm -rf
+35
-34
debian/patches/series less more
0 0001_versioned_symbols.patch
1 0002_testsuite.patch
2 0003_saslauthd_mdoc.patch
3 0005_dbconverter.patch
4 0006_library_mutexes.patch
5 0009_sasldb_al.patch
6 0010_maintainer_mode.patch
7 0011_saslauthd_ac_prog_libtool.patch
8 0012_xopen_crypt_prototype.patch
9 0014_avoid_pic_overwrite.patch
10 0017_db4.8.patch
11 0025_ld_as_needed.patch
12 0026_drop_krb5support_dependency.patch
13 0028_autotools_fixes.patch
14 0029_ldap_fixes.patch
15 0030_dont_use_la_files_for_opening_plugins.patch
16 0031_dont_use_-R_when_search_for_sqlite_libraries.patch
17 0032_revert_1.103_revision_to_unbreak_GSSAPI.patch
18 0033_fix_segfault_in_GSSAPI.patch
19 0034_fix_dovecot_authentication.patch
20 0035_temporary_multiarch_fixes.patch
21 0036_add_reference_to_LDAP_SASLAUTHD_file.patch
22 0038_send_imap_logout.patch
23 0039_fix_canonuser_ldapdb_garbage_in_out_buffer.patch
24 0041_fix_keytab_option_for_MIT_kerberos.patch
25 0042_release_server_creds.patch
26 0043_types_h.patch
27 0044_debug_log_typo_fix.patch
28 0045_revert_upstream_soname_bump.patch
29 0046_fix_void_return.patch
30 properly-create-libsasl2.pc.patch
31 bug715040.patch
32 early-hangup.patch
33 CVE-2013-4122.patch
0 0001-Make-the-libsasl2-symbols-versioned.patch
1 0002-Use-etc-sasldb2-instead-of-.-sasldb-in-the-testsuite.patch
2 0003-Update-saslauthd.conf-location-in-documentation.patch
3 0004-Include-dbconverter-2-in-sbin_PROGRAMS-and-set-defau.patch
4 0005-Fixes-in-library-mutexes.patch
5 0006-Link-with-libsasldb.a-instead-of-libsasldb.al.patch
6 0007-Enable-autoconf-maintainer-mode.patch
7 0008-Add-libtool-to-saslauthd-autoconf.patch
8 0009-Define-_XOPEN_SOURCE-in-auth_shadow.c-to-get-proper-.patch
9 0010-Don-t-overwrite-PIC-objects-with-non-PIC-variant.patch
10 0011-Look-for-generic-Berkeley-DB-first.patch
11 0012-Update-required-libraries-when-ld-as-needed-is-used.patch
12 0013-Drop-krb5support-dependency.patch
13 0014-Several-autotools-fixes.patch
14 0015-LDAP-fixes.patch
15 0016-Don-t-use-la-files-for-opening-plugins.patch
16 0017-Don-t-use-R-when-searching-for-SQLite-libraries.patch
17 0018-Revert-1.103-revision-to-unbreak-GSSAPI.patch
18 0019-Fix-segfault-in-GSSAPI.patch
19 0020-Fix-dovecot-authentication.patch
20 0021-Temporary-multiarch-fixes.patch
21 0022-Add-reference-to-LDAP_SASLAUTHD-file-to-the-saslauth.patch
22 0023-Send-IMAP-logout.patch
23 0024-Fix-canonuser-ldapdb-garbage-in-out-buffer.patch
24 0025-Fix-keytab-option-for-MIT-Kerberos.patch
25 0026-Release-server-creds-when-they-are-no-longer-needed.patch
26 0027-Include-sys-types.h-in-sasl.h.patch
27 0028-Fix-typo-in-debugging-logs.patch
28 0029-Revert-upstream-soname-bump.patch
29 0030-Fix-return-SASL_FAIL-in-void-sasl_dispose.patch
30 0031-properly-create-libsasl2.pc.patch
31 0032-2.1.26-Allow-CAPABILITY-lines-in-IMAP-login-reply-v4.patch
32 0033-Fix-early-hangup-in-ipc_unix.c.patch
33 0034-Handle-NULL-returns-from-glibc-2.17-crypt.patch
34 0035-Fix-auth_rimap-infinite-loop-hang-when-IMAP-server-c.patch