gentoo resync : 27.10.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-10-27 12:48:57 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-10-27 12:48:57 +0100
commit: 70b82ae359a5538711e103b0e8dfb92654296644 (patch)
tree: 8412b84ff9ce02a22be5251052b00feefe1d5b70 /dev-libs/cyrus-sasl/files
parent: 64e107b9b6058580ff0432107eb37cefb0b2a7d8 (diff)
7 files changed, 371 insertions, 18 deletions
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch
index 9eeab1b42ff9..beea8eb28d19 100644
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch
@@ -1,6 +1,6 @@
 Gentoo bug #389349
---- cmulocal/sasl2.m4	2009-04-28 17:09:13.000000000 +0200
-+++ cmulocal/sasl2.m4	2011-11-02 17:55:24.000000000 +0100
+--- a/cmulocal/sasl2.m4
++++ b/cmulocal/sasl2.m4
 @@ -217,7 +217,11 @@
                   [AC_WARN([Cybersafe define not found])])
  
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch
index abf0df2568c6..92be26003488 100644
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch
@@ -1,7 +1,7 @@
 Fix compiling against heimdal
 
---- sample/server.c	2010-12-01 14:52:55.000000000 +0000
-+++ sample/server.c	2011-11-30 14:54:42.000000000 +0000
+--- a/sample/server.c
++++ b/sample/server.c
 @@ -85,8 +85,10 @@
  
  #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
@@ -13,8 +13,8 @@ Fix compiling against heimdal
  
  #include "common.h"
  
---- plugins/gssapi.c	2011-05-11 19:25:55.000000000 +0000
-+++ plugins/gssapi.c	2011-11-30 14:54:33.000000000 +0000
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
 @@ -50,6 +50,9 @@
  #else
  #include <gssapi/gssapi.h>
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch
index 597d45a76795..a413e00bf428 100644
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch
@@ -1,5 +1,5 @@
---- pwcheck/pwcheck_getspnam.c	1999-08-26 19:22:44.000000000 +0300
-+++ pwcheck/pwcheck_getspnam.c	2011-11-30 13:22:24.601023316 +0200
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
 @@ -24,6 +24,7 @@
  ******************************************************************/
  
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch
index 117e8eb88802..43b6162a66f0 100644
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch
@@ -1,6 +1,6 @@
 Bug #445932
---- cmulocal/sasl2.m4	2011-09-02 12:58:00.000000000 +0000
-+++ cmulocal/sasl2.m4	2012-12-05 08:37:16.425811319 +0000
+--- a/cmulocal/sasl2.m4
++++ b/cmulocal/sasl2.m4
 @@ -268,7 +268,11 @@
  
    cmu_save_LIBS="$LIBS"
@@ -14,8 +14,8 @@ Bug #445932
    AC_CHECK_FUNCS(gss_decapsulate_token)
    AC_CHECK_FUNCS(gss_encapsulate_token)
    AC_CHECK_FUNCS(gss_oid_equal)
---- plugins/gssapi.c	2012-12-05 09:03:31.000220161 +0000
-+++ plugins/gssapi.c	2012-12-05 09:01:55.043380204 +0000
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
 @@ -50,7 +50,7 @@
  #else
  #include <gssapi/gssapi.h>
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch
index 46bbdd1ca1a0..6fc9de80287e 100644
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch
@@ -1,6 +1,6 @@
 Bug #510320
---- saslauthd/auth_rimap.c	2012-10-12 14:05:48.000000000 +0000
-+++ saslauthd/auth_rimap.c	2014-05-15 05:23:02.000000000 +0000
+--- a/saslauthd/auth_rimap.c
++++ b/saslauthd/auth_rimap.c
 @@ -371,7 +371,7 @@
      if ( rc>0 ) {
          /* check if there is more to read */
@@ -65,8 +65,8 @@ Bug #510320
                   rc += ret;
                }
             }
---- lib/checkpw.c	2012-01-27 23:31:36.000000000 +0000
-+++ lib/checkpw.c	2014-05-15 05:19:35.000000000 +0000
+--- a/lib/checkpw.c
++++ b/lib/checkpw.c
 @@ -587,16 +587,14 @@
  	    /* Timeout. */
  	    errno = ETIMEDOUT;
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
index 42f20fb8096b..0177b52567f2 100644
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch
@@ -1,6 +1,6 @@
 Gentoo bug #458790
---- include/sasl.h	2012-10-12 17:05:48.000000000 +0300
-+++ include/sasl.h	2013-02-23 16:56:44.648786268 +0200
+--- a/include/sasl.h
++++ b/include/sasl.h
 @@ -121,6 +121,9 @@
  #ifndef SASL_H
  #define SASL_H 1
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch
new file mode 100644
index 000000000000..3b0ffac24f0c
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch
@@ -0,0 +1,353 @@
+diff --git a/plugins/ntlm.c b/plugins/ntlm.c
+index 79ea47c..554a00d 100644
+--- a/plugins/ntlm.c
++++ b/plugins/ntlm.c
+@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char *P24, unsigned char *P21,
+     return P24;
+ }
+ 
++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    return HMAC_CTX_new();
++#else
++    return utils->malloc(sizeof(EVP_MD_CTX));
++#endif
++}
++
++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    HMAC_CTX_free(ctx);
++#else
++    HMAC_cleanup(ctx);
++    utils->free(ctx);
++#endif
++}
++
+ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ 			 const char *authid, const char *target,
+ 			 const unsigned char *challenge,
+@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ 			 const sasl_utils_t *utils,
+ 			 char **buf, unsigned *buflen, int *result)
+ {
+-    HMAC_CTX ctx;
++    HMAC_CTX *ctx = NULL;
+     unsigned char hash[EVP_MAX_MD_SIZE];
+     char *upper;
+     unsigned int len;
+@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ 	SETERROR(utils, "cannot allocate NTLMv2 hash");
+ 	*result = SASL_NOMEM;
+     }
++    else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
++        SETERROR(utils, "cannot allocate HMAC CTX");
++        *result = SASL_NOMEM;
++    }
+     else {
+ 	/* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
+ 	P16_nt(hash, passwd, utils, buf, buflen, result);
+@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ 	HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
+ 
+ 	/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
+-	HMAC_Init(&ctx, hash, len, EVP_md5());
+-	HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
+-	HMAC_Update(&ctx, blob, bloblen);
+-	HMAC_Final(&ctx, V2, &len);
+-	HMAC_cleanup(&ctx);
++	HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
++	HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
++	HMAC_Update(ctx, blob, bloblen);
++	HMAC_Final(ctx, V2, &len);
+ 
+ 	/* the blob is concatenated outside of this function */
+ 
+ 	*result = SASL_OK;
+     }
+ 
++    if (ctx) _plug_HMAC_CTX_free(ctx, utils);
++
+     return V2;
+ }
+ 
+diff --git a/plugins/otp.c b/plugins/otp.c
+index dd73065..d1e9bf4 100644
+--- a/plugins/otp.c
++++ b/plugins/otp.c
+@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_options[] = {
+     {NULL,	0,	NULL}
+ };
+ 
++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    return EVP_MD_CTX_new();
++#else
++    return utils->malloc(sizeof(EVP_MD_CTX));
++#endif
++}
++
++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
++{
++    utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_MD_CTX_free(ctx);
++#else
++    utils->free(ctx);
++#endif
++}
++
+ /* Convert the binary data into ASCII hex */
+ void bin2hex(unsigned char *bin, int binlen, char *hex)
+ {
+@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int binlen, char *hex)
+  * swabbing bytes if necessary.
+  */
+ static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
+-		     unsigned char *out, int swab)
++		     unsigned char *out, int swab, EVP_MD_CTX *mdctx)
+ {
+-    EVP_MD_CTX mdctx;
+     char hash[EVP_MAX_MD_SIZE];
+     unsigned int i;
+     int j;
+     unsigned hashlen;
+     
+-    EVP_DigestInit(&mdctx, md);
+-    EVP_DigestUpdate(&mdctx, in, inlen);
+-    EVP_DigestFinal(&mdctx, hash, &hashlen);
++    EVP_DigestInit(mdctx, md);
++    EVP_DigestUpdate(mdctx, in, inlen);
++    EVP_DigestFinal(mdctx, hash, &hashlen);
+     
+     /* Fold the result into 64 bits */
+     for (i = OTP_HASH_SIZE; i < hashlen; i++) {
+@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils_t *utils,
+ 			char *secret, char *otp)
+ {
+     const EVP_MD *md;
+-    char *key;
++    EVP_MD_CTX *mdctx = NULL;
++    char *key = NULL;
++    int r = SASL_OK;
+     
+     if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ 	utils->seterror(utils->conn, 0,
+@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils_t *utils,
+ 	return SASL_FAIL;
+     }
+     
++    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++	SETERROR(utils, "cannot allocate MD CTX");
++	r = SASL_NOMEM;
++        goto done;
++    }
++    
+     if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
+ 	SETERROR(utils, "cannot allocate OTP key");
+-	return SASL_NOMEM;
++	r = SASL_NOMEM;
++        goto done;
+     }
+     
+     /* initial step */
+     strcpy(key, seed);
+     strcat(key, secret);
+-    otp_hash(md, key, strlen(key), otp, alg->swab);
++    otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
+     
+     /* computation step */
+     while (seq-- > 0)
+-	otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
++	otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
+     
+-    utils->free(key);
++  done:
++    if (key) utils->free(key);
++    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+     
+-    return SASL_OK;
++    return r;
+ }
+ 
+ static int parse_challenge(const sasl_utils_t *utils,
+@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg1, const void *arg2)
+ 
+ /* Convert the 6 words into binary data */
+ static int word2bin(const sasl_utils_t *utils,
+-		    char *words, unsigned char *bin, const EVP_MD *md)
++		    char *words, unsigned char *bin, const EVP_MD *md,
++                     EVP_MD_CTX *mdctx)
+ {
+     int i, j;
+     char *c, *word, buf[OTP_RESPONSE_MAX+1];
+@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *utils,
+ 	
+ 	/* alternate dictionary */
+ 	if (alt_dict) {
+-	    EVP_MD_CTX mdctx;
+ 	    char hash[EVP_MAX_MD_SIZE];
+ 	    int hashlen;
+ 	    
+-	    EVP_DigestInit(&mdctx, md);
+-	    EVP_DigestUpdate(&mdctx, word, strlen(word));
+-	    EVP_DigestFinal(&mdctx, hash, &hashlen);
++	    EVP_DigestInit(mdctx, md);
++	    EVP_DigestUpdate(mdctx, word, strlen(word));
++	    EVP_DigestFinal(mdctx, hash, &hashlen);
+ 	    
+ 	    /* use lowest 11 bits */
+ 	    x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
+@@ -802,6 +834,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 			   char *response)
+ {
+     const EVP_MD *md;
++    EVP_MD_CTX *mdctx = NULL;
+     char *c;
+     int do_init = 0;
+     unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
+@@ -815,6 +848,11 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 	return SASL_FAIL;
+     }
+     
++    if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++	SETERROR(utils, "cannot allocate MD CTX");
++	return SASL_NOMEM;
++    }
++    
+     /* eat leading whitespace */
+     c = response;
+     while (isspace((int) *c)) c++;
+@@ -824,7 +862,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 	    r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
+ 	}
+ 	else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
+-	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
++	    r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
+ 	}
+ 	else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
+ 			      strlen(OTP_INIT_HEX_TYPE))) {
+@@ -834,7 +872,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ 			      strlen(OTP_INIT_WORD_TYPE))) {
+ 	    do_init = 1;
+-	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
++	    r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
+ 	}
+ 	else {
+ 	    SETERROR(utils, "unknown OTP extended response type");
+@@ -843,14 +881,14 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+     }
+     else {
+ 	/* standard response, try word first, and then hex */
+-	r = word2bin(utils, c, cur_otp, md);
++	r = word2bin(utils, c, cur_otp, md, mdctx);
+ 	if (r != SASL_OK)
+ 	    r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
+     }
+     
+     if (r == SASL_OK) {
+ 	/* do one more hash (previous otp) and compare to stored otp */
+-	otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
++	otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab, mdctx);
+ 	
+ 	if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
+ 	    /* update the secret with this seq/otp */
+@@ -879,23 +917,28 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 		*new_resp++ = '\0';
+ 	}
+ 	
+-	if (!(new_chal && new_resp))
+-	    return SASL_BADAUTH;
++	if (!(new_chal && new_resp)) {
++	    r = SASL_BADAUTH;
++            goto done;
++        }
+ 	
+ 	if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
+ 	    != SASL_OK) {
+-	    return r;
++            goto done;
+ 	}
+ 	
+-	if (seq < 1 || !strcasecmp(seed, text->seed))
+-	    return SASL_BADAUTH;
++	if (seq < 1 || !strcasecmp(seed, text->seed)) {
++	    r = SASL_BADAUTH;
++            goto done;
++        }
+ 	
+ 	/* find the MDA */
+ 	if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ 	    utils->seterror(utils->conn, 0,
+ 			    "OTP algorithm %s is not available",
+ 			    alg->evp_name);
+-	    return SASL_BADAUTH;
++	    r = SASL_BADAUTH;
++            goto done;
+ 	}
+ 	
+ 	if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
+@@ -903,7 +946,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 	}
+ 	else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ 			      strlen(OTP_INIT_WORD_TYPE))) {
+-	    r = word2bin(utils, new_resp, new_otp, md);
++	    r = word2bin(utils, new_resp, new_otp, md, mdctx);
+ 	}
+ 	
+ 	if (r == SASL_OK) {
+@@ -914,7 +957,10 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
+ 	    memcpy(text->otp, new_otp, OTP_HASH_SIZE);
+ 	}
+     }
+-    
++
++  done:
++    if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
++
+     return r;
+ }
+ 
+@@ -1443,8 +1489,10 @@ int otp_server_plug_init(const sasl_utils_t *utils,
+     *pluglist = otp_server_plugins;
+     *plugcount = 1;  
+     
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     /* Add all digests */
+     OpenSSL_add_all_digests();
++#endif
+     
+     return SASL_OK;
+ }
+@@ -1844,8 +1892,10 @@ int otp_client_plug_init(sasl_utils_t *utils,
+     *pluglist = otp_client_plugins;
+     *plugcount = 1;
+     
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     /* Add all digests */
+     OpenSSL_add_all_digests();
++#endif
+     
+     return SASL_OK;
+ }
+--- a/saslauthd/lak.c
++++ b/saslauthd/lak.c
+@@ -729,7 +729,7 @@ int lak_init(
+ 		return rc;
+ 	}
+ 
+-#ifdef HAVE_OPENSSL
++#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	OpenSSL_add_all_digests();
+ #endif
+
author	V3n3RiX <venerix@redcorelinux.org>	2018-10-27 12:48:57 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-10-27 12:48:57 +0100
commit	70b82ae359a5538711e103b0e8dfb92654296644 (patch)
tree	8412b84ff9ce02a22be5251052b00feefe1d5b70 /dev-libs/cyrus-sasl/files
parent	64e107b9b6058580ff0432107eb37cefb0b2a7d8 (diff)