summaryrefslogtreecommitdiff
path: root/dev-libs/cyrus-sasl
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-01-15 15:51:32 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-01-15 15:51:32 +0000
commit21435953e16cda318a82334ddbadb3b5c36d9ea7 (patch)
treee1810a4b135afce04b34862ef0fab2bfaeb8aeca /dev-libs/cyrus-sasl
parent7bc9c63c9da678a7e6fceb095d56c634afd22c56 (diff)
gentoo resync : 15.01.2020
Diffstat (limited to 'dev-libs/cyrus-sasl')
-rw-r--r--dev-libs/cyrus-sasl/Manifest2
-rw-r--r--dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild259
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch20
3 files changed, 281 insertions, 0 deletions
diff --git a/dev-libs/cyrus-sasl/Manifest b/dev-libs/cyrus-sasl/Manifest
index c43342bf0e04..08ef56ad2e9c 100644
--- a/dev-libs/cyrus-sasl/Manifest
+++ b/dev-libs/cyrus-sasl/Manifest
@@ -1,5 +1,6 @@
AUX cyrus-sasl-2.1.25-auxprop.patch 552 BLAKE2B 2d932e05863da6b108eec405e792003d6d8df4bde07bd044537729232a9b23e7261cbb33b82df7c5685ee96aae3e0aed62317f89e970fbedffea65bf9d89ccdc SHA512 73ae914e684ae698eb56a1579ba9a477a946625a3b079e2b400d88583074f1701d8a6926ed17dea36b923050f21c04fbf746d54284568bd21c14be3d10283b6f
AUX cyrus-sasl-2.1.26-missing-size_t.patch 280 BLAKE2B d686930b0b04f994ef9f5315ee86e69b61b8e800e192ab45f0b891d3f13a12c2bbd11f99a15533169d0690e9558dcc0327f6632a1a3baaa68679784079884088 SHA512 d6ed3a981da06f60d63b0364d8d841922bb007bf478b67558e88e9b297a4ed7c8eee9501e232d9ca17601f63f6c1cf04962a59c4f0c24fc641868d56006b3616
+AUX cyrus-sasl-2.1.27-CVE-2019-19906.patch 706 BLAKE2B 5165697869a0ce71ecba927165e164df12b1329183e4215a888b64e0e7ca00fa22662bd97ddc2bc6e057c7655c0792f9ce6c20dfc5c351fbcb9a4af4168ce001 SHA512 3b9448f32216ce794b615b3c7c2e6acd6c01892ff35db78a55d44adc4cee3f540a443d5da5f07124bea134e2cfd88a45bb02b169a6015313d540caf363ab8378
AUX cyrus-sasl-2.1.27-as_needed.patch 1141 BLAKE2B 7d289e96ef1f4593dd48db270dd698a7cf6f21aae3c58043b0f8af30c2d935b24d2a4902f39c9fcfc3261833d1b09032511919f15fc94f62527e46ea25cb2fcc SHA512 9eefa6d45e3dd9157a5672909acdd88f0ae35e76d64c3723890a474bbb05b22499cfadb0c077924d27f34da3710b2b700094dd7d5704050138c08dabcefdde94
AUX cyrus-sasl-2.1.27-autotools_fixes.patch 749 BLAKE2B b7f832a5e937053deaf1696f8dbf777ebf789df8165fe90f6d1be7efc47e4114a8a467c74f4acf06245e7ffab22f62436159cd610ebe5c5b0cef61f1cb01fb71 SHA512 0d99ca049e76c11500769079d94f3bdb634bddb4c8d45a83b383e9bb9777edda66b17566800acbd450e1f4842d070ec3fbc236e7f0ef8759c36e6dd5ea8e3c64
AUX cyrus-sasl-2.1.27-avoid_pic_overwrite.patch 866 BLAKE2B 1e117d9d07ad3937066c7b4ef8415df55bf9c5ce821902331792056e6df63e366fd3adebfdf09f0292aae889d0db632521f37ec5ebf74005b71a474ccc6fe250 SHA512 4ca601839b023ef790e48dae567ffbbd57c632384c980946639ec7437ad23874961451718569455e6e25afaeff1728ecbc71a8686f6b43246f83465f95a2c904
@@ -16,4 +17,5 @@ AUX saslauthd.service 277 BLAKE2B cf80eaa1e3f7ef854978a458e4b026f3f47891620ac63e
AUX saslauthd2.rc7 411 BLAKE2B 7cda36ea03aeea5f8e32c2fd0319a483dae78080fa213fb423bd1545e9d29193ebe077ebe5d15ab5940b2d805cb46a25ad2629757f55d2c40c4acc3f0adfa355 SHA512 1d5942a94ffbc15774443d60a88d4c89c7c3c6ea68b041d304f0110f6ec3aa2a812f59021cddc78de6f51a25bb00955e4e56d769e766a9d856f13774dd37ce83
DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b
EBUILD cyrus-sasl-2.1.27-r2.ebuild 8118 BLAKE2B fab752538f93a5a09ebfddeb45d8274a25a68f8fb65bfe633503aafdba1e5f8772cb3265a29a9f0c09e9ff9dd0a91e2c186bd5b7c5dd33700968fa7199257f2b SHA512 db586ef972936f3f8d2d007a799cadfb16e00ab3caf076acf06d1b7344a495825d5128cd3789b4e25b513ab48f39ab4eebe586cdd631c28b88511d79cd67636d
+EBUILD cyrus-sasl-2.1.27-r3.ebuild 8159 BLAKE2B 5b2c95bef9d0f8c62fd26e4aea21edcc0eed0158e99cee1c7cf94bc545dbbd9d7a4f50b77a66dda0b52cbe05f65a1b60384fd68134f8f0170f835db72f62ebd8 SHA512 20154ba52f371fb290a7b1104d0ef8e67095dafff0b84aac4a41ba5adb840302ea7d5d2a1ef8a495378c603e69333cc1753cb8511cc302d2bc642bb38adc2e98
MISC metadata.xml 630 BLAKE2B b24d644395a824cc17a25bef92679a2dd50656722223ded02b3311cd9b386470f4f2dafe8c8d604fd042a096d8f0f2d532e2bbc261e3c0affe4dc8d7a1db816c SHA512 45178682e8cfab5eda20e3244f42ce37be7f0e16c87405d0a1e198f561a73f8105df384055f6f228864030f4a196dcdd6b2eaf51b65b7e49f84827df9b56fba4
diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild
new file mode 100644
index 000000000000..800fbc9b1ac2
--- /dev/null
+++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd
+
+SASLAUTHD_CONF_VER="2.1.26"
+
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+
+CDEPEND="
+ net-mail/mailbase
+ authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+ berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+ gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
+ mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+ pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+ postgres? ( dev-db/postgresql:* )
+ sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+ ssl? (
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
+ libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
+ )
+ java? ( >=virtual/jdk-1.6:= )"
+
+REQUIRED_USE="ldapdb? ( openldap )"
+
+RDEPEND="
+ ${CDEPEND}
+ selinux? ( sec-policy/selinux-sasl )"
+
+DEPEND="${CDEPEND}"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch"
+ "${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch"
+ "${FILESDIR}/${PN}-2.1.27-as_needed.patch"
+ "${FILESDIR}/${PN}-2.1.25-auxprop.patch"
+ "${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch"
+ "${FILESDIR}/${PN}-2.1.26-missing-size_t.patch"
+ "${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
+ "${FILESDIR}/${PN}-2.1.27-memmem.patch"
+ "${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
+)
+
+pkg_setup() {
+ java-pkg-opt-2_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # Get rid of the -R switch (runpath_switch for Sun)
+ # >=gcc-4.6 errors out with unknown option
+ sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
+ configure.ac || die
+
+ # Use plugindir for sasldir
+ sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+ "${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+ # #486740 #468556
+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
+ -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
+ configure.ac || die
+
+ eautoreconf
+}
+
+src_configure() {
+ append-flags -fno-strict-aliasing
+ if [[ ${CHOST} == *-solaris* ]] ; then
+ # getpassphrase is defined in /usr/include/stdlib.h
+ append-cppflags -DHAVE_GETPASSPHRASE
+ else
+ # this horrendously breaks things on Solaris
+ append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+ fi
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+ # Java support.
+ multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
+
+ local myeconfargs=(
+ --enable-login
+ --enable-ntlm
+ --enable-auth-sasldb
+ --disable-cmulocal
+ --disable-krb4
+ --disable-macos-framework
+ --enable-otp
+ --without-sqlite
+ --with-saslauthd="${EPREFIX}"/run/saslauthd
+ --with-pwcheck="${EPREFIX}"/run/saslauthd
+ --with-configdir="${EPREFIX}"/etc/sasl2
+ --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2
+ --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+ --with-sphinx-build=no
+ $(use_with ssl openssl)
+ $(use_with pam)
+ $(use_with openldap ldap)
+ $(use_enable ldapdb)
+ $(multilib_native_use_enable sample)
+ $(use_enable kerberos gssapi)
+ $(multilib_native_use_enable java)
+ $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+ $(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql)
+ $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir))
+ $(use_enable srp)
+ $(use_enable static-libs static)
+
+ # Add authdaemond support (bug #56523).
+ $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+ # Fix for bug #59634.
+ $(usex ssl '' --without-des)
+
+ # Use /dev/urandom instead of /dev/random (bug #46038).
+ $(usex urandom --with-devrandom=/dev/urandom '')
+ )
+
+ if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+ myeconfargs+=( --enable-sql )
+ else
+ myeconfargs+=( --disable-sql )
+ fi
+
+ # Default to GDBM if both 'gdbm' and 'berkdb' are present.
+ if use gdbm ; then
+ einfo "Building with GNU DB as database backend for your SASLdb"
+ myeconfargs+=( --with-dblib=gdbm )
+ elif use berkdb ; then
+ einfo "Building with BerkeleyDB as database backend for your SASLdb"
+ myeconfargs+=(
+ --with-dblib=berkeley
+ --with-bdb-incdir="$(db_includedir)"
+ )
+ else
+ einfo "Building without SASLdb support"
+ myeconfargs+=( --with-dblib=none )
+ fi
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake
+
+ # Default location for java classes breaks OpenOffice (bug #60769).
+ # Thanks to axxo@gentoo.org for the solution.
+ if multilib_is_native_abi && use java ; then
+ jar -cvf ${PN}.jar -C java $(find java -name "*.class")
+ fi
+}
+
+multilib_src_install() {
+ default
+
+ if multilib_is_native_abi; then
+ if use sample ; then
+ docinto sample
+ dodoc "${S}"/sample/*.c
+ exeinto /usr/share/doc/${P}/sample
+ doexe sample/client sample/server
+ fi
+
+ # Default location for java classes breaks OpenOffice (bug #60769).
+ if use java; then
+ java-pkg_dojar ${PN}.jar
+ java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)"
+ # hackish, don't wanna dig through makefile
+ rm -rf "${ED}/usr/$(get_libdir)/java" || die
+ docinto "java"
+ dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
+ dodir "/usr/share/doc/${PF}/java/Test"
+ insinto "/usr/share/doc/${PF}/java/Test"
+ doins "${S}"/java/Test/*.java
+ fi
+
+ dosbin saslauthd/testsaslauthd
+ fi
+}
+
+multilib_src_install_all() {
+ doman man/*
+
+ keepdir /etc/sasl2
+
+ # Reset docinto to default value (#674296)
+ docinto
+ dodoc AUTHORS ChangeLog doc/legacy/TODO
+ newdoc pwcheck/README README.pwcheck
+
+ newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+ edos2unix "${ED}/usr/share/doc/${PF}/release-notes"
+
+ docinto html
+ dodoc doc/html/*.html
+
+ newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
+
+ newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
+ systemd_dounit "${FILESDIR}/pwcheck.service"
+
+ newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
+ newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
+ systemd_dounit "${FILESDIR}/saslauthd.service"
+ systemd_dotmpfilesd "${FILESDIR}/${PN}.conf"
+
+ # The get_modname bit is important: do not remove the .la files on
+ # platforms where the lib isn't called .so for cyrus searches the .la to
+ # figure out what the name is supposed to be instead
+ if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+ find "${ED}" -name "*.la" -delete || die
+ fi
+}
+
+pkg_postinst () {
+ # Generate an empty sasldb2 with correct permissions.
+ if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+ einfo "Generating an empty sasldb2 with correct permissions ..."
+ echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+ || die "Failed to generate sasldb2"
+ "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+ || die "Failed to delete temp user"
+ chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+ || die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+ chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+ || die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+ fi
+
+ if use authdaemond ; then
+ elog "You need to add a user running a service using Courier's"
+ elog "authdaemon to the 'mail' group. For example, do:"
+ elog " gpasswd -a postfix mail"
+ elog "to add the 'postfix' user to the 'mail' group."
+ fi
+
+ elog "pwcheck and saslauthd home directories have moved to:"
+ elog " /run/saslauthd, using tmpfiles.d"
+}
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch
new file mode 100644
index 000000000000..82b9e1fb6dbe
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch
@@ -0,0 +1,20 @@
+Description: CVE-2019-19906: Off-by-one in _sasl_add_string function
+Origin: vendor
+Bug: https://github.com/cyrusimap/cyrus-sasl/issues/587
+Bug-Debian: https://bugs.debian.org/947043
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19906
+Author: Stephan Zeisberg <stephan@srlabs.de>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2019-12-19
+
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t
+
+ if (add==NULL) add = "(null)";
+
+- addlen=strlen(add); /* only compute once */
++ addlen=strlen(add)+1; /* only compute once */
+ if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+ return SASL_NOMEM;
+