diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-09-13 17:49:31 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-09-13 17:49:31 +0100 |
commit | 36ac65103bf5503e5bad1ecc7e8cb9e7643f6840 (patch) | |
tree | d9d1fbc20509d4c90f57fb2d9e1459bc8034c831 /dev-libs/cyrus-sasl | |
parent | a1392efe64137262023d92492396ca9156d22396 (diff) |
Revert "gentoo resync : 13.09.2019"
This reverts commit a1392efe64137262023d92492396ca9156d22396.
Diffstat (limited to 'dev-libs/cyrus-sasl')
20 files changed, 2174 insertions, 0 deletions
diff --git a/dev-libs/cyrus-sasl/Manifest b/dev-libs/cyrus-sasl/Manifest index f92fbeae7c74..af335b3209e3 100644 --- a/dev-libs/cyrus-sasl/Manifest +++ b/dev-libs/cyrus-sasl/Manifest @@ -1,5 +1,19 @@ +AUX cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch 714 BLAKE2B 7943685af8707162db33ba2970fb8336f9f25af844357216b9e5e01ea92010f71485c85979ffe30dac5734b0f4cd104e58502821856194cdf9f33530b6acae92 SHA512 39dcd0d96cd7c5baaf09b5cd36279e45618498cc545696665a54a5fdccfddd351ef178e888c138e945669814ff2bb72e57161f1d77ef78dd0dbba1d730ee8619 +AUX cyrus-sasl-2.1.25-as_needed.patch 1083 BLAKE2B d6a2c9e2bf6d41ea4a30f2043b6cbaff5a26acf6f8da8f681afcb9c9b4dbab2b52dbd6a37c219b337acf35ea2c67a0afe6ebdcbdc3d8f9ad489c4317656cd4a7 SHA512 8fdc7039fda79e95ec310cd63d72871d7b5b35b5a1b6cf30b9693f6a02e265d924e375ddc65158f38de129b5da058ecd26038f988153ff0aacf2665d66f40abb +AUX cyrus-sasl-2.1.25-autotools_fixes.patch 3926 BLAKE2B 33817cdaeb79b03ecd6f75eb98b4946f4c7ca9a7f0ccc194200409d045d158642fecfc7dded004b25735d85e8fd55b378625ffc2bd97f045490414b9eb6b55fc SHA512 d1e39d856addf6b53a278669df6e87f0fddd9a1ceadc0fadf2bdac239fcec8540c797118be642a58e65e2ec667d3c2a4b604f68f659433e64dbcd5bfe35b9a82 AUX cyrus-sasl-2.1.25-auxprop.patch 552 BLAKE2B 2d932e05863da6b108eec405e792003d6d8df4bde07bd044537729232a9b23e7261cbb33b82df7c5685ee96aae3e0aed62317f89e970fbedffea65bf9d89ccdc SHA512 73ae914e684ae698eb56a1579ba9a477a946625a3b079e2b400d88583074f1701d8a6926ed17dea36b923050f21c04fbf746d54284568bd21c14be3d10283b6f +AUX cyrus-sasl-2.1.25-avoid_pic_overwrite.patch 1076 BLAKE2B ed64d970d3321d4f4e8dcfc0ea28638cbfbbe9dc29f585462c81cde945759d3ef9dde275b1472377176973fa8ba15d0beddfa4c32f30762e5e71b618e2a7bbe6 SHA512 033e3634116e1d3b316052dbe0b671cca0fcfb6063fca1a97d990c422c2ce05109a1e424e84ed9928dc0312a325a7248f2d2e3f9547f84453b36331c01f63be5 +AUX cyrus-sasl-2.1.25-fix_heimdal.patch 465 BLAKE2B 63a7eac7a5a36010d73be0d522a83036125025f8996e555ca31291826fb8d9455b4eabce816a0db5056033c6ab36df74a01d572acfbf9443b3cc30e5c382bdec SHA512 fcf498e70069205d07a5bd4de781d2005d762faca620a39094c9e3885bc1208b7bac499bb959ab91cf09a927476ce80ea995ba701dfa35f6c7404382a9549492 +AUX cyrus-sasl-2.1.25-missing_header.patch 224 BLAKE2B 5b42d952bf72e8886fd0e6f470cf0e23aca49942d31698aac9e271884b95fa4ab3f49d539a3dfe34d08c734c7f5a13c5063d5169c1ae73c6c788692d7ab4316f SHA512 6da051b45a47db2852d9ff0fdb1bfeb28b7f4d1fa450a9e15d96a67c4b9d3f376cb8dc1c544b5e9e6e1354a85965001e87306a821b7e48437db702a7a16d574e +AUX cyrus-sasl-2.1.25-saslauthd_libtool.patch 280 BLAKE2B d65e15151232a0c8812b4ba48d796c1948965525f092dff1c0f70bc19bbfe2318355a54d8e1ae6d6ebd955adccd19f5487e4f0c4c519be7cf7f047d230740f1f SHA512 1e79230a3891f1492c7d6f5969f6a4890aaae2f488e9f3942cafeda574bf8810c4fb3e004836f769244db02bae663fa3ac1eeca19658e6fd3c94f2a891ed2653 +AUX cyrus-sasl-2.1.25-sasldb_al.patch 555 BLAKE2B 27a9ca344098a361bdf2aa5089c87e48d8e7717f7c97b965d8e8eda8b00629fbce9d9aebabb4c02f59ffdf50bcdb667dc3fb7bbadd140eac8e3363321a033fb6 SHA512 2da553298b482ca3115294de7264428925911f8d1b6a15ae1af38ee7e0a3191a0f4ad90bcbaeef599c994842a86eea5157b663cb6944f035d9a377dba91dbbf0 +AUX cyrus-sasl-2.1.25-service_keytabs.patch 796 BLAKE2B f41ec0639e0c592dbeb78ac41f85f517742056dacf151a502ac0c4978045d56b3f7e09753ba40c7e2bd05c316409ec46850e5e3683f6c19330c0cab2c207de67 SHA512 1635c20938d7dcfc53f5bf2d48881846e9167d27883eaa8eff8715ce6cebba7307aa0e44d9264f42a8c8d6a1485885b0661a7821703127d8d0f147e44e4a4267 +AUX cyrus-sasl-2.1.26-CVE-2013-4122.patch 3838 BLAKE2B 5a124ef7e4af8749881339a30e66286b83462e10113b51168fd3d67ca77dac34506293fd949688731ea51e8b857157cef6ef071a6828aabf2d16a82f7c0d725e SHA512 3df09f16dc2f4efc601339743eb6e66087977fae4e174aa82c4abb7f85a77aa9eb98629837079236446ef3b494fb48931c9dc8850362a49615749e162b4699c8 +AUX cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch 284 BLAKE2B 77ce4733f92515a98a8f74c68c7e7479d9f0f84302d91d9c3b0e92230f644d59a74588113447320c389c7e48768415f26dbb62fa1a48f3b283b739657f141350 SHA512 f3b789b7dea3f6a51fca6fd1877c81b5f5a3be342fa5c90ddae98a822e0c2a71e8fa582c6cb60c696363aa5cb99db8609cd6b3a91c5d402a0ad1e6124c726f5f +AUX cyrus-sasl-2.1.26-fix_dovecot_authentication.patch 2467 BLAKE2B 83acc34ebe969d2b7cd0868d7811c182181c2588e5973b88c09469e599ae6fbd854762438ce672a4e23d4d0c1000b3da8158b6f1ea2a9428915c472c35aeea94 SHA512 38095e3f6a832893fb1c342f6e19f684a6ee7621fc44b93649b3f301dbc08e2936aba52533ffa97cfd33f320941e19de824e495af26ba628d574548749ef1ade AUX cyrus-sasl-2.1.26-missing-size_t.patch 280 BLAKE2B d686930b0b04f994ef9f5315ee86e69b61b8e800e192ab45f0b891d3f13a12c2bbd11f99a15533169d0690e9558dcc0327f6632a1a3baaa68679784079884088 SHA512 d6ed3a981da06f60d63b0364d8d841922bb007bf478b67558e88e9b297a4ed7c8eee9501e232d9ca17601f63f6c1cf04962a59c4f0c24fc641868d56006b3616 +AUX cyrus-sasl-2.1.26-openssl-1.1.patch 10798 BLAKE2B 4b304d0767b0467ef8df20ca51d6f64339e7b0eb7204dd630e364fa760c532f54d655365d7c96887e7276d40e42377a546e847827a93487318716dd2438a321e SHA512 8fa8370853d0e1f03b701453f79edf783015b354f221467cb64770d88cd0c7bb56b813a16a3777811082b3a2492699264c0447d254b32d033d2c6eaced19486e +AUX cyrus-sasl-2.1.26-send-imap-logout.patch 1897 BLAKE2B 4b817b78cfb81181bc2c57402e2e621ccf1cea346c1460d46e76a605cdbd426aefc0fcae5c18c193dcde1562e8fe16a177ead00b3bc3084c03dd0e2466866ac3 SHA512 b30a4faea9fb66d8fab95a27b8ec87371d3650c5d2d4475449b8cebb223631d1afe9cdebd8c9b076e77bc3d2e2f5c32b24fe9292db26523212a72754cbff9995 AUX cyrus-sasl-2.1.27-as_needed.patch 1141 BLAKE2B 7d289e96ef1f4593dd48db270dd698a7cf6f21aae3c58043b0f8af30c2d935b24d2a4902f39c9fcfc3261833d1b09032511919f15fc94f62527e46ea25cb2fcc SHA512 9eefa6d45e3dd9157a5672909acdd88f0ae35e76d64c3723890a474bbb05b22499cfadb0c077924d27f34da3710b2b700094dd7d5704050138c08dabcefdde94 AUX cyrus-sasl-2.1.27-autotools_fixes.patch 749 BLAKE2B b7f832a5e937053deaf1696f8dbf777ebf789df8165fe90f6d1be7efc47e4114a8a467c74f4acf06245e7ffab22f62436159cd610ebe5c5b0cef61f1cb01fb71 SHA512 0d99ca049e76c11500769079d94f3bdb634bddb4c8d45a83b383e9bb9777edda66b17566800acbd450e1f4842d070ec3fbc236e7f0ef8759c36e6dd5ea8e3c64 AUX cyrus-sasl-2.1.27-avoid_pic_overwrite.patch 866 BLAKE2B 1e117d9d07ad3937066c7b4ef8415df55bf9c5ce821902331792056e6df63e366fd3adebfdf09f0292aae889d0db632521f37ec5ebf74005b71a474ccc6fe250 SHA512 4ca601839b023ef790e48dae567ffbbd57c632384c980946639ec7437ad23874961451718569455e6e25afaeff1728ecbc71a8686f6b43246f83465f95a2c904 @@ -14,6 +28,12 @@ AUX saslauthd-2.1.26.conf 687 BLAKE2B da252bac77b65ba2ac680e51573ac4f9f82221af68 AUX saslauthd.pam-include 160 BLAKE2B a715cd6e780fd6db773920231f6010c35f8998d563a7e5e504987a6e3089070cf01dd5af73a05c1b43b8b7787f55972a13c4afb05997e6fa3783dccf00696e91 SHA512 14fcfc0f69dacd25ac9b298cf44b0b44146d418424ef16e66edf8893353e418ef53beebb7199bd516b828c40954e4875ab5659f50a09af12ef2a371b944b45b1 AUX saslauthd.service 277 BLAKE2B cf80eaa1e3f7ef854978a458e4b026f3f47891620ac63e7fd1b76d7ba6c9d2eeb3690542c416f1c316f4342f0c7316cce8992f46b32bc984ea2baaa43301185d SHA512 fa318aefec6f802badd72a4baf33875bc0021fc4889578877880971470d84bf645ad3c34dd10c582d8cc06ea512e3d56984902efaf09e2806a27feade5fc971c AUX saslauthd2.rc7 411 BLAKE2B 7cda36ea03aeea5f8e32c2fd0319a483dae78080fa213fb423bd1545e9d29193ebe077ebe5d15ab5940b2d805cb46a25ad2629757f55d2c40c4acc3f0adfa355 SHA512 1d5942a94ffbc15774443d60a88d4c89c7c3c6ea68b041d304f0110f6ec3aa2a812f59021cddc78de6f51a25bb00955e4e56d769e766a9d856f13774dd37ce83 +DIST cyrus-sasl-2.1.26.tar.gz 5220231 BLAKE2B 08fe5c1624e7cccb4b5e562f6987fddd047e1221b671cedbbb684d5a2f39e09a438ad14ffcedb5f398c203ca0b6e23574106c87f43a632028d50a69619c54970 SHA512 78819cb9bb38bea4537d6770d309deeeef09ff44a67526177609d3e1257ff4334d2b5e5131d5a1e4dea7430d8db1918ea9d171f0dee38b5e8337f4b72ed068f0 DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b +EBUILD cyrus-sasl-2.1.26-r10.ebuild 7743 BLAKE2B 26b36b8f68ae6af768e41dba4b7946c814411c70fab471dc9c93dc1487d39079306a1e3eb768920720dc7369883804a0b2a92b8a3c1ed6c997879001ea198eb6 SHA512 2b3f5221dfd76f463642ba9fee1d983c383bd9e490dda8cf41ab63e1f63723866faba25bb2042bc35ab954fb4021d9e2450c99da778185c92aa1527dd53eb9e7 +EBUILD cyrus-sasl-2.1.26-r12.ebuild 8431 BLAKE2B 0b769d0f97c9607da49eb82b57203513d7f3c8a82c410085c487f39a54706741700025164188dcef9a8b4622c7491ea995e8c33f374b893044a4a608dca3e1c3 SHA512 741e51ddbe4393927fd637ef84d953126c5fc2c5a877077113e36973239cfd3b0879d20c69dafc74a8b108ba363bc8e87db8bfd533da818ede78f20010efdc5e +EBUILD cyrus-sasl-2.1.26-r13.ebuild 8465 BLAKE2B 48ad450be4078bea4077b8e22d664eab654136b264af31cd08037d78846d4989d3ca16d31123cbd266af0e62f29b0b5017a26dad4673fe56dac61a6e5519edd0 SHA512 80635f22cebf55ab59ae7575d3ea3e6eeeffaee25ad452577ef5af16c04eb9c5dbf300cd824814c09dfe701415b19343951dea40b8cbe957de848693c2d609b9 +EBUILD cyrus-sasl-2.1.26-r9.ebuild 7662 BLAKE2B 8a7b96ca43d133164a9818727486f2d15bd6f66d66e083dee2ac0a8d83c921a86e3e1f34dfa04689c81b5227cf80f06d1fea3c1da74b48c828e4a31f51b67c9e SHA512 6515a66682bc8c0d18b13a3cc540d00f07d26374a6bbefdcb6c974b3184164cfcce80e965b29bc10e81345e2abb8c04eb7edb21adf4097af741d5df1557ae04d +EBUILD cyrus-sasl-2.1.27-r1.ebuild 8080 BLAKE2B e5ec4df72f32f8e29cb06fe0ab9015dfdc906721065ea09d1a625b04687a02cdcdf93df8aa1661849d8341c3a9432d49fbf052f3f9adbaf8d59e1e0827503cec SHA512 345fe84f61ff18b8fb6917d264db8db552d029937d9de242cfc6df0c36e2728d02bac6a7c7a1975b64ffdf1e0922da27339304b9fa5984689382b2650c94ac0a EBUILD cyrus-sasl-2.1.27-r2.ebuild 8139 BLAKE2B 1221f7bd37df906bf75b6dd46dd57e443ae429315b85dbd644acb12e02437b6a2d725e1a1a10b19bc140e7acd0faad5ec9750c6b5553bf8f3aaa3f578d0b89c1 SHA512 64fb3438115b5c2539d788bb4067c6f279720b0342cd87c830e8045bb20142dfec7ab8633757c100fbd8fb029f6733126f1e7a9556e9f0d927129ee0fa231fd1 MISC metadata.xml 630 BLAKE2B b24d644395a824cc17a25bef92679a2dd50656722223ded02b3311cd9b386470f4f2dafe8c8d604fd042a096d8f0f2d532e2bbc261e3c0affe4dc8d7a1db816c SHA512 45178682e8cfab5eda20e3244f42ce37be7f0e16c87405d0a1e198f561a73f8105df384055f6f228864030f4a196dcdd6b2eaf51b65b7e49f84827df9b56fba4 diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild new file mode 100644 index 000000000000..ab28a3dd43bd --- /dev/null +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild @@ -0,0 +1,245 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" +HOMEPAGE="https://www.cyrusimap.org/sasl/" +SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd" +IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite +srp ssl static-libs urandom" + +DEPEND="net-mail/mailbase + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + mysql? ( virtual/mysql ) + pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] ) + postgres? ( dev-db/postgresql:= ) + sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) + ssl? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] ) + ) + java? ( >=virtual/jdk-1.4:= )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-sasl )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/sasl/md5global.h +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.1.25-sasldb_al.patch + epatch "${FILESDIR}"/${PN}-2.1.25-saslauthd_libtool.patch + epatch "${FILESDIR}"/${PN}-2.1.25-avoid_pic_overwrite.patch + epatch "${FILESDIR}"/${PN}-2.1.25-autotools_fixes.patch + epatch "${FILESDIR}"/${PN}-2.1.25-as_needed.patch + epatch "${FILESDIR}"/${PN}-2.1.25-missing_header.patch + epatch "${FILESDIR}"/${PN}-2.1.25-fix_heimdal.patch + epatch "${FILESDIR}"/${PN}-2.1.25-auxprop.patch + epatch "${FILESDIR}"/${PN}-2.1.23-gss_c_nt_hostbased_service.patch + epatch "${FILESDIR}"/${PN}-2.1.25-service_keytabs.patch + epatch "${FILESDIR}"/${PN}-2.1.26-missing-size_t.patch + epatch "${FILESDIR}"/${PN}-2.1.26-CVE-2013-4122.patch + epatch "${FILESDIR}"/${PN}-2.1.26-send-imap-logout.patch + epatch "${FILESDIR}"/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch + epatch "${FILESDIR}"/${PN}-2.1.26-fix_dovecot_authentication.patch + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.in || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.in || die + sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + saslauthd/configure.in || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # Java support. + multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myconf=() + + # Add authdaemond support (bug #56523). + if use authdaemond ; then + myconf+=( --with-authdaemond=/var/lib/courier/authdaemon/socket ) + fi + + # Fix for bug #59634. + if ! use ssl ; then + myconf+=( --without-des ) + fi + + if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then + myconf+=( --enable-sql ) + else + myconf+=( --disable-sql ) + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myconf+=( --with-dblib=gdbm ) + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myconf+=( + --with-dblib=berkeley + --with-bdb-incdir="$(db_includedir)" + ) + else + einfo "Building without SASLdb support" + myconf+=( --with-dblib=none ) + fi + + # Use /dev/urandom instead of /dev/random (bug #46038). + if use urandom ; then + myconf+=( --with-devrandom=/dev/urandom ) + fi + + ECONF_SOURCE=${S} \ + econf \ + --enable-login \ + --enable-ntlm \ + --enable-auth-sasldb \ + --disable-cmulocal \ + --disable-krb4 \ + --enable-otp \ + --without-sqlite \ + --with-saslauthd=/run/saslauthd \ + --with-pwcheck=/run/saslauthd \ + --with-configdir=/etc/sasl2 \ + --with-plugindir=/usr/$(get_libdir)/sasl2 \ + --with-dbpath=/etc/sasl2/sasldb2 \ + $(use_with ssl openssl) \ + $(use_with pam) \ + $(use_with openldap ldap) \ + $(use_enable ldapdb) \ + $(multilib_native_use_enable sample) \ + $(use_enable kerberos gssapi) \ + $(multilib_native_use_enable java) \ + $(multilib_native_use_with java javahome ${JAVA_HOME}) \ + $(multilib_native_use_with mysql mysql /usr) \ + $(multilib_native_use_with postgres pgsql) \ + $(use_with sqlite sqlite3 /usr/$(get_libdir)) \ + $(use_enable srp) \ + $(use_enable static-libs static) \ + "${myconf[@]}" +} + +multilib_src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + if multilib_is_native_abi && use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +multilib_src_install() { + default + + if multilib_is_native_abi; then + if use sample ; then + docinto sample + dodoc "${S}"/sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java ; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${D}/usr/$(get_libdir)/libjavasasl.so" + # hackish, don't wanna dig through makefile + rm -Rf "${D}/usr/$(get_libdir)/java" + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + dosbin saslauthd/testsaslauthd + fi +} + +multilib_src_install_all() { + keepdir /etc/sasl2 + + dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt + newdoc pwcheck/README README.pwcheck + dohtml doc/*.html + + docinto "saslauthd" + dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + prune_libtool_files --modules +} + +pkg_postinst () { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${ROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${ROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${ROOT}/etc/sasl2/sasldb2" + chmod 0640 "${ROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${ROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r12.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r12.ebuild new file mode 100644 index 000000000000..fab53dab97ee --- /dev/null +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r12.ebuild @@ -0,0 +1,260 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" +HOMEPAGE="https://www.cyrusimap.org/sasl/" +SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite +srp ssl static-libs urandom" + +DEPEND=" + net-mail/mailbase + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + mysql? ( virtual/mysql ) + pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) + ssl? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] ) + ) + java? ( >=virtual/jdk-1.6:= )" + +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-sasl )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/sasl/md5global.h +) + +PATCHES=( + "${FILESDIR}/${PN}-2.1.25-sasldb_al.patch" + "${FILESDIR}/${PN}-2.1.25-saslauthd_libtool.patch" + "${FILESDIR}/${PN}-2.1.25-avoid_pic_overwrite.patch" + "${FILESDIR}/${PN}-2.1.25-autotools_fixes.patch" + "${FILESDIR}/${PN}-2.1.25-as_needed.patch" + "${FILESDIR}/${PN}-2.1.25-missing_header.patch" + "${FILESDIR}/${PN}-2.1.25-fix_heimdal.patch" + "${FILESDIR}/${PN}-2.1.25-auxprop.patch" + "${FILESDIR}/${PN}-2.1.23-gss_c_nt_hostbased_service.patch" + "${FILESDIR}/${PN}-2.1.25-service_keytabs.patch" + "${FILESDIR}/${PN}-2.1.26-missing-size_t.patch" + "${FILESDIR}/${PN}-2.1.26-CVE-2013-4122.patch" + "${FILESDIR}/${PN}-2.1.26-send-imap-logout.patch" + "${FILESDIR}/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch" + "${FILESDIR}/${PN}-2.1.26-fix_dovecot_authentication.patch" + "${FILESDIR}/${PN}-2.1.26-openssl-1.1.patch" #592528 +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + default + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.in || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.in || die + sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + saslauthd/configure.in || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + if [[ ${CHOST} == *-solaris* ]] ; then + # getpassphrase is defined in /usr/include/stdlib.h + append-cppflags -DHAVE_GETPASSPHRASE + else + # this horrendously breaks things on Solaris + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # Java support. + multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myeconfargs=( + --enable-login + --enable-ntlm + --enable-auth-sasldb + --disable-cmulocal + --disable-krb4 + --disable-macos-framework + --enable-otp + --without-sqlite + --with-saslauthd="${EPREFIX}"/run/saslauthd + --with-pwcheck="${EPREFIX}"/run/saslauthd + --with-configdir="${EPREFIX}"/etc/sasl2 + --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 + --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 + $(use_with ssl openssl) + $(use_with pam) + $(use_with openldap ldap) + $(use_enable ldapdb) + $(multilib_native_use_enable sample) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable java) + $(multilib_native_use_with java javahome ${JAVA_HOME}) + $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) + $(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql) + $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) + $(use_enable srp) + $(use_enable static-libs static) + + # Add authdaemond support (bug #56523). + $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '') + + # Fix for bug #59634. + $(usex ssl '' --without-des) + + # Use /dev/urandom instead of /dev/random (bug #46038). + $(usex urandom --with-devrandom=/dev/urandom '') + ) + + if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then + myeconfargs+=( --enable-sql ) + else + myeconfargs+=( --disable-sql ) + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myeconfargs+=( --with-dblib=gdbm ) + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myeconfargs+=( + --with-dblib=berkeley + --with-bdb-incdir="$(db_includedir)" + ) + else + einfo "Building without SASLdb support" + myeconfargs+=( --with-dblib=none ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + if multilib_is_native_abi && use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +multilib_src_install() { + default + + if multilib_is_native_abi; then + if use sample ; then + docinto sample + dodoc "${S}"/sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)" + # hackish, don't wanna dig through makefile + rm -rf "${ED}/usr/$(get_libdir)/java" || die + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + dosbin saslauthd/testsaslauthd + fi +} + +multilib_src_install_all() { + keepdir /etc/sasl2 + + dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt + newdoc pwcheck/README README.pwcheck + + docinto html + dodoc doc/*.html + + docinto "saslauthd" + dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + # The get_modname bit is important: do not remove the .la files on + # platforms where the lib isn't called .so for cyrus searches the .la to + # figure out what the name is supposed to be instead + if ! use static-libs && [[ $(get_modname) == .so ]] ; then + find "${ED}" -name "*.la" -delete || die + fi +} + +pkg_postinst () { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${EROOT}/etc/sasl2/sasldb2" + chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r13.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r13.ebuild new file mode 100644 index 000000000000..fd823635a6a8 --- /dev/null +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r13.ebuild @@ -0,0 +1,260 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" +HOMEPAGE="https://www.cyrusimap.org/sasl/" +SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite +srp ssl static-libs urandom" + +DEPEND=" + net-mail/mailbase + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] ) + pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) + ssl? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] ) + ) + java? ( >=virtual/jdk-1.6:= )" + +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-sasl )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/sasl/md5global.h +) + +PATCHES=( + "${FILESDIR}/${PN}-2.1.25-sasldb_al.patch" + "${FILESDIR}/${PN}-2.1.25-saslauthd_libtool.patch" + "${FILESDIR}/${PN}-2.1.25-avoid_pic_overwrite.patch" + "${FILESDIR}/${PN}-2.1.25-autotools_fixes.patch" + "${FILESDIR}/${PN}-2.1.25-as_needed.patch" + "${FILESDIR}/${PN}-2.1.25-missing_header.patch" + "${FILESDIR}/${PN}-2.1.25-fix_heimdal.patch" + "${FILESDIR}/${PN}-2.1.25-auxprop.patch" + "${FILESDIR}/${PN}-2.1.23-gss_c_nt_hostbased_service.patch" + "${FILESDIR}/${PN}-2.1.25-service_keytabs.patch" + "${FILESDIR}/${PN}-2.1.26-missing-size_t.patch" + "${FILESDIR}/${PN}-2.1.26-CVE-2013-4122.patch" + "${FILESDIR}/${PN}-2.1.26-send-imap-logout.patch" + "${FILESDIR}/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch" + "${FILESDIR}/${PN}-2.1.26-fix_dovecot_authentication.patch" + "${FILESDIR}/${PN}-2.1.26-openssl-1.1.patch" #592528 +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + default + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.in || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.in || die + sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + saslauthd/configure.in || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + if [[ ${CHOST} == *-solaris* ]] ; then + # getpassphrase is defined in /usr/include/stdlib.h + append-cppflags -DHAVE_GETPASSPHRASE + else + # this horrendously breaks things on Solaris + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # Java support. + multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myeconfargs=( + --enable-login + --enable-ntlm + --enable-auth-sasldb + --disable-cmulocal + --disable-krb4 + --disable-macos-framework + --enable-otp + --without-sqlite + --with-saslauthd="${EPREFIX}"/run/saslauthd + --with-pwcheck="${EPREFIX}"/run/saslauthd + --with-configdir="${EPREFIX}"/etc/sasl2 + --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 + --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 + $(use_with ssl openssl) + $(use_with pam) + $(use_with openldap ldap) + $(use_enable ldapdb) + $(multilib_native_use_enable sample) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable java) + $(multilib_native_use_with java javahome ${JAVA_HOME}) + $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) + $(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql) + $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) + $(use_enable srp) + $(use_enable static-libs static) + + # Add authdaemond support (bug #56523). + $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '') + + # Fix for bug #59634. + $(usex ssl '' --without-des) + + # Use /dev/urandom instead of /dev/random (bug #46038). + $(usex urandom --with-devrandom=/dev/urandom '') + ) + + if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then + myeconfargs+=( --enable-sql ) + else + myeconfargs+=( --disable-sql ) + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myeconfargs+=( --with-dblib=gdbm ) + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myeconfargs+=( + --with-dblib=berkeley + --with-bdb-incdir="$(db_includedir)" + ) + else + einfo "Building without SASLdb support" + myeconfargs+=( --with-dblib=none ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + if multilib_is_native_abi && use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +multilib_src_install() { + default + + if multilib_is_native_abi; then + if use sample ; then + docinto sample + dodoc "${S}"/sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)" + # hackish, don't wanna dig through makefile + rm -rf "${ED}/usr/$(get_libdir)/java" || die + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + dosbin saslauthd/testsaslauthd + fi +} + +multilib_src_install_all() { + keepdir /etc/sasl2 + + dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt + newdoc pwcheck/README README.pwcheck + + docinto html + dodoc doc/*.html + + docinto "saslauthd" + dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + # The get_modname bit is important: do not remove the .la files on + # platforms where the lib isn't called .so for cyrus searches the .la to + # figure out what the name is supposed to be instead + if ! use static-libs && [[ $(get_modname) == .so ]] ; then + find "${ED}" -name "*.la" -delete || die + fi +} + +pkg_postinst () { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${EROOT}/etc/sasl2/sasldb2" + chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r9.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r9.ebuild new file mode 100644 index 000000000000..023e07bfe40a --- /dev/null +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r9.ebuild @@ -0,0 +1,242 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" +HOMEPAGE="https://www.cyrusimap.org/sasl/" +SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd" +IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite +srp ssl static-libs urandom" + +DEPEND="net-mail/mailbase + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + mysql? ( virtual/mysql ) + pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] ) + postgres? ( dev-db/postgresql:= ) + sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) + ssl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + java? ( >=virtual/jdk-1.4:= )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-sasl )" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/sasl/md5global.h +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.1.25-sasldb_al.patch + epatch "${FILESDIR}"/${PN}-2.1.25-saslauthd_libtool.patch + epatch "${FILESDIR}"/${PN}-2.1.25-avoid_pic_overwrite.patch + epatch "${FILESDIR}"/${PN}-2.1.25-autotools_fixes.patch + epatch "${FILESDIR}"/${PN}-2.1.25-as_needed.patch + epatch "${FILESDIR}"/${PN}-2.1.25-missing_header.patch + epatch "${FILESDIR}"/${PN}-2.1.25-fix_heimdal.patch + epatch "${FILESDIR}"/${PN}-2.1.25-auxprop.patch + epatch "${FILESDIR}"/${PN}-2.1.23-gss_c_nt_hostbased_service.patch + epatch "${FILESDIR}"/${PN}-2.1.25-service_keytabs.patch + epatch "${FILESDIR}"/${PN}-2.1.26-missing-size_t.patch + epatch "${FILESDIR}"/${PN}-2.1.26-CVE-2013-4122.patch + epatch "${FILESDIR}"/${PN}-2.1.26-send-imap-logout.patch + epatch "${FILESDIR}"/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch + epatch "${FILESDIR}"/${PN}-2.1.26-fix_dovecot_authentication.patch + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.in || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.in || die + sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + saslauthd/configure.in || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # Java support. + multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myconf=() + + # Add authdaemond support (bug #56523). + if use authdaemond ; then + myconf+=( --with-authdaemond=/var/lib/courier/authdaemon/socket ) + fi + + # Fix for bug #59634. + if ! use ssl ; then + myconf+=( --without-des ) + fi + + if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then + myconf+=( --enable-sql ) + else + myconf+=( --disable-sql ) + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myconf+=( --with-dblib=gdbm ) + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myconf+=( + --with-dblib=berkeley + --with-bdb-incdir="$(db_includedir)" + ) + else + einfo "Building without SASLdb support" + myconf+=( --with-dblib=none ) + fi + + # Use /dev/urandom instead of /dev/random (bug #46038). + if use urandom ; then + myconf+=( --with-devrandom=/dev/urandom ) + fi + + ECONF_SOURCE=${S} \ + econf \ + --enable-login \ + --enable-ntlm \ + --enable-auth-sasldb \ + --disable-cmulocal \ + --disable-krb4 \ + --enable-otp \ + --without-sqlite \ + --with-saslauthd=/run/saslauthd \ + --with-pwcheck=/run/saslauthd \ + --with-configdir=/etc/sasl2 \ + --with-plugindir=/usr/$(get_libdir)/sasl2 \ + --with-dbpath=/etc/sasl2/sasldb2 \ + $(use_with ssl openssl) \ + $(use_with pam) \ + $(use_with openldap ldap) \ + $(use_enable ldapdb) \ + $(multilib_native_use_enable sample) \ + $(use_enable kerberos gssapi) \ + $(multilib_native_use_enable java) \ + $(multilib_native_use_with java javahome ${JAVA_HOME}) \ + $(multilib_native_use_with mysql mysql /usr) \ + $(multilib_native_use_with postgres pgsql) \ + $(use_with sqlite sqlite3 /usr/$(get_libdir)) \ + $(use_enable srp) \ + $(use_enable static-libs static) \ + "${myconf[@]}" +} + +multilib_src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + if multilib_is_native_abi && use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +multilib_src_install() { + default + + if multilib_is_native_abi; then + if use sample ; then + docinto sample + dodoc "${S}"/sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java ; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${D}/usr/$(get_libdir)/libjavasasl.so" + # hackish, don't wanna dig through makefile + rm -Rf "${D}/usr/$(get_libdir)/java" + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + dosbin saslauthd/testsaslauthd + fi +} + +multilib_src_install_all() { + keepdir /etc/sasl2 + + dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt + newdoc pwcheck/README README.pwcheck + dohtml doc/*.html + + docinto "saslauthd" + dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + prune_libtool_files --modules +} + +pkg_postinst () { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${ROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${ROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${ROOT}/etc/sasl2/sasldb2" + chmod 0640 "${ROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${ROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r1.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r1.ebuild new file mode 100644 index 000000000000..1b0e7ee417d4 --- /dev/null +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r1.ebuild @@ -0,0 +1,256 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd eapi7-ver + +SASLAUTHD_CONF_VER="2.1.26" + +DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)" +HOMEPAGE="https://www.cyrusimap.org/sasl/" +#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz" +SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz" + +LICENSE="BSD-with-attribution" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom" + +CDEPEND=" + net-mail/mailbase + authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) ) + berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] ) + gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] ) + mysql? ( virtual/mysql ) + pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] ) + postgres? ( dev-db/postgresql:* ) + sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] ) + ssl? ( + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] ) + ) + java? ( >=virtual/jdk-1.6:= )" + +RDEPEND=" + ${CDEPEND} + selinux? ( sec-policy/selinux-sasl )" + +DEPEND="${CDEPEND}" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/sasl/md5global.h +) + +PATCHES=( + "${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch" + "${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch" + "${FILESDIR}/${PN}-2.1.27-as_needed.patch" + "${FILESDIR}/${PN}-2.1.25-auxprop.patch" + "${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch" + "${FILESDIR}/${PN}-2.1.26-missing-size_t.patch" + "${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch" + "${FILESDIR}/${PN}-2.1.27-memmem.patch" +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + default + + # Get rid of the -R switch (runpath_switch for Sun) + # >=gcc-4.6 errors out with unknown option + sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \ + configure.ac || die + + # Use plugindir for sasldir + sed -i '/^sasldir =/s:=.*:= $(plugindir):' \ + "${S}"/plugins/Makefile.{am,in} || die "sed failed" + + # #486740 #468556 + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \ + -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \ + configure.ac || die + + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + if [[ ${CHOST} == *-solaris* ]] ; then + # getpassphrase is defined in /usr/include/stdlib.h + append-cppflags -DHAVE_GETPASSPHRASE + else + # this horrendously breaks things on Solaris + append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + # Java support. + multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" + + local myeconfargs=( + --enable-login + --enable-ntlm + --enable-auth-sasldb + --disable-cmulocal + --disable-krb4 + --disable-macos-framework + --enable-otp + --without-sqlite + --with-saslauthd="${EPREFIX}"/run/saslauthd + --with-pwcheck="${EPREFIX}"/run/saslauthd + --with-configdir="${EPREFIX}"/etc/sasl2 + --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 + --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 + --with-sphinx-build=no + $(use_with ssl openssl) + $(use_with pam) + $(use_with openldap ldap) + $(use_enable ldapdb) + $(multilib_native_use_enable sample) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable java) + $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) + $(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql) + $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) + $(use_enable srp) + $(use_enable static-libs static) + + # Add authdaemond support (bug #56523). + $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '') + + # Fix for bug #59634. + $(usex ssl '' --without-des) + + # Use /dev/urandom instead of /dev/random (bug #46038). + $(usex urandom --with-devrandom=/dev/urandom '') + ) + + if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then + myeconfargs+=( --enable-sql ) + else + myeconfargs+=( --disable-sql ) + fi + + # Default to GDBM if both 'gdbm' and 'berkdb' are present. + if use gdbm ; then + einfo "Building with GNU DB as database backend for your SASLdb" + myeconfargs+=( --with-dblib=gdbm ) + elif use berkdb ; then + einfo "Building with BerkeleyDB as database backend for your SASLdb" + myeconfargs+=( + --with-dblib=berkeley + --with-bdb-incdir="$(db_includedir)" + ) + else + einfo "Building without SASLdb support" + myeconfargs+=( --with-dblib=none ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake + + # Default location for java classes breaks OpenOffice (bug #60769). + # Thanks to axxo@gentoo.org for the solution. + if multilib_is_native_abi && use java ; then + jar -cvf ${PN}.jar -C java $(find java -name "*.class") + fi +} + +multilib_src_install() { + default + + if multilib_is_native_abi; then + if use sample ; then + docinto sample + dodoc "${S}"/sample/*.c + exeinto /usr/share/doc/${P}/sample + doexe sample/client sample/server + fi + + # Default location for java classes breaks OpenOffice (bug #60769). + if use java; then + java-pkg_dojar ${PN}.jar + java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)" + # hackish, don't wanna dig through makefile + rm -rf "${ED}/usr/$(get_libdir)/java" || die + docinto "java" + dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/* + dodir "/usr/share/doc/${PF}/java/Test" + insinto "/usr/share/doc/${PF}/java/Test" + doins "${S}"/java/Test/*.java + fi + + dosbin saslauthd/testsaslauthd + fi +} + +multilib_src_install_all() { + doman man/* + + keepdir /etc/sasl2 + + # Reset docinto to default value (#674296) + docinto + dodoc AUTHORS ChangeLog doc/legacy/TODO + newdoc pwcheck/README README.pwcheck + + newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes + edos2unix ${ED%/}/usr/share/doc/${PF}/release-notes + + docinto html + dodoc doc/html/*.html + + newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd + + newinitd "${FILESDIR}/pwcheck.rc6" pwcheck + systemd_dounit "${FILESDIR}/pwcheck.service" + + newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd + newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd + systemd_dounit "${FILESDIR}/saslauthd.service" + systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" + + # The get_modname bit is important: do not remove the .la files on + # platforms where the lib isn't called .so for cyrus searches the .la to + # figure out what the name is supposed to be instead + if ! use static-libs && [[ $(get_modname) == .so ]] ; then + find "${ED}" -name "*.la" -delete || die + fi +} + +pkg_postinst () { + # Generate an empty sasldb2 with correct permissions. + if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then + einfo "Generating an empty sasldb2 with correct permissions ..." + echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \ + || die "Failed to generate sasldb2" + "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \ + || die "Failed to delete temp user" + chown root:mail "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chown ${EROOT}/etc/sasl2/sasldb2" + chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \ + || die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2" + fi + + if use authdaemond ; then + elog "You need to add a user running a service using Courier's" + elog "authdaemon to the 'mail' group. For example, do:" + elog " gpasswd -a postfix mail" + elog "to add the 'postfix' user to the 'mail' group." + fi + + elog "pwcheck and saslauthd home directories have moved to:" + elog " /run/saslauthd, using tmpfiles.d" +} diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch new file mode 100644 index 000000000000..beea8eb28d19 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch @@ -0,0 +1,16 @@ +Gentoo bug #389349 +--- a/cmulocal/sasl2.m4 ++++ b/cmulocal/sasl2.m4 +@@ -217,7 +217,11 @@ + [AC_WARN([Cybersafe define not found])]) + + elif test "$ac_cv_header_gssapi_h" = "yes"; then +- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, ++ AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h, ++ [#include <gssapi.h> ++ #ifdef GSS_C_NT_HOSTBASED_SERVICE ++ hostbased_service_gss_nt_yes ++ #endif], + [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, + [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) + elif test "$ac_cv_header_gssapi_gssapi_h"; then diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch new file mode 100644 index 000000000000..67b48b4a4993 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch @@ -0,0 +1,27 @@ +Author: Matthias Klose <doko@ubuntu.com> +Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use +it. +--- a/saslauthd/Makefile.am ++++ b/saslauthd/Makefile.am +@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c + saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ + saslauthd_LDADD = @SASL_KRB_LIB@ \ + @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ +- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ ++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ + + testsaslauthd_SOURCES = testsaslauthd.c utils.c + testsaslauthd_LDADD = @LIB_SOCKET@ +--- a/sasldb/Makefile.am ++++ b/sasldb/Makefile.am +@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a + + libsasldb_la_SOURCES = allockey.c sasldb.h + EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) +-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) +-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) ++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) ++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + + # Prevent make dist stupidity + libsasldb_a_SOURCES = diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch new file mode 100644 index 000000000000..5837921d4f7f --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch @@ -0,0 +1,114 @@ +--- a/configure.in ++++ b/configure.in +@@ -44,6 +44,8 @@ dnl + AC_INIT(lib/saslint.h) + AC_PREREQ([2.54]) + ++AC_CONFIG_MACRO_DIR([cmulocal] [config]) ++ + dnl use ./config.cache as the default cache file. + dnl we require a cache file to successfully configure our build. + if test $cache_file = "/dev/null"; then +--- a/Makefile.am ++++ b/Makefile.am +@@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7 + # + ################################################################ + ++ACLOCAL_AMFLAGS = -I cmulocal -I config ++ + if SASLAUTHD + SAD = saslauthd + else +--- a/saslauthd/configure.in ++++ b/saslauthd/configure.in +@@ -1,7 +1,8 @@ + AC_INIT(mechanisms.h) + AC_PREREQ([2.54]) + +-AC_CONFIG_AUX_DIR(config) ++AC_CONFIG_MACRO_DIR([../cmulocal] [../config]) ++AC_CONFIG_AUX_DIR([config]) + AC_CANONICAL_HOST + + dnl Should we enable SASLAUTHd at all? +@@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS) + + dnl Checks for which function macros exist + AC_MSG_CHECKING(whether $CC implements __func__) +-AC_CACHE_VAL(have_func, ++AC_CACHE_VAL(_cv_have_func, + [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);], +-have_func=yes, +-have_func=no)]) +-AC_MSG_RESULT($have_func) +-if test "$have_func" = yes; then ++_cv_have_func=yes, ++_cv_have_func=no)]) ++AC_MSG_RESULT($_cv_have_func) ++if test "$_cv_have_func" = yes; then + AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) + else + AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) +- AC_CACHE_VAL(have_pretty_function, ++ AC_CACHE_VAL(_cv_have_pretty_function, + [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);], +- have_pretty_function=yes, +- have_pretty_function=no)]) +- AC_MSG_RESULT($have_pretty_function) +- if test "$have_pretty_function" = yes; then ++ _cv_have_pretty_function=yes, ++ _cv_have_pretty_function=no)]) ++ AC_MSG_RESULT($_cv_have_pretty_function) ++ if test "$_cv_have_pretty_function" = yes; then + AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) + else + AC_MSG_CHECKING(whether $CC implements __FUNCTION__) +- AC_CACHE_VAL(have_function, ++ AC_CACHE_VAL(_cv_have_function, + [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);], +- have_function=yes, +- have_function=no)]) +- AC_MSG_RESULT($have_function) +- if test "$have_function" = yes; then ++ _cv_have_function=yes, ++ _cv_have_function=no)]) ++ AC_MSG_RESULT($_cv_have_function) ++ if test "$_cv_have_function" = yes; then + AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) + fi + fi +--- a/saslauthd/Makefile.am ++++ b/saslauthd/Makefile.am +@@ -1,4 +1,6 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config ++ + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + +--- a/config/kerberos_v4.m4 ++++ b/config/kerberos_v4.m4 +@@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [ + dnl if we were ambitious, we would look more aggressively for the + dnl krb4 install + if test -d ${krb4}; then +- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ ++ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ + for krbhloc in include/kerberosIV include/kerberos include + do + if test -f ${krb4}/${krbhloc}/krb.h ; then +- cyrus_krbinclude=${krb4}/${krbhloc} ++ cyrus_cv_krbinclude=${krb4}/${krbhloc} + break + fi + done + ]) + +- if test -n "${cyrus_krbinclude}"; then +- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" ++ if test -n "${cyrus_cv_krbinclude}"; then ++ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" + fi + LDFLAGS="$LDFLAGS -L$krb4/lib" + fi diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch new file mode 100644 index 000000000000..2e5b1750d00d --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch @@ -0,0 +1,27 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: This patch makes sure the non-PIC version of libsasldb.a, which +is created out of non-PIC objects, is not going to overwrite the PIC version, +which is created out of PIC objects. The PIC version is placed in .libs, and +the non-PIC version in the current directory. This ensures that both non-PIC +and PIC versions are available in the correct locations. +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -78,7 +78,7 @@ endif + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ +--- a/sasldb/Makefile.am ++++ b/sasldb/Makefile.am +@@ -63,6 +63,6 @@ libsasldb_a_SOURCES = + EXTRA_libsasldb_a_SOURCES = + + libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) +- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) ++ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) + + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch new file mode 100644 index 000000000000..92be26003488 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch @@ -0,0 +1,27 @@ +Fix compiling against heimdal + +--- a/sample/server.c ++++ b/sample/server.c +@@ -85,8 +85,10 @@ + + #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE + #include <gssapi/gssapi.h> ++#ifndef KRB5_HEIMDAL + #include <gssapi/gssapi_ext.h> + #endif ++#endif + + #include "common.h" + +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c +@@ -50,6 +50,9 @@ + #else + #include <gssapi/gssapi.h> + #endif ++#ifdef KRB5_HEIMDAL ++#include <gssapi/gssapi_krb5.h> ++#endif + + #ifdef WIN32 + # include <winsock2.h> diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch new file mode 100644 index 000000000000..a413e00bf428 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch @@ -0,0 +1,10 @@ +--- a/pwcheck/pwcheck_getspnam.c ++++ b/pwcheck/pwcheck_getspnam.c +@@ -24,6 +24,7 @@ + ******************************************************************/ + + #include <shadow.h> ++#include <string.h> + + extern char *crypt(); + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch new file mode 100644 index 000000000000..da1a49f1dd66 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch @@ -0,0 +1,12 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Enable libtool use. +--- a/saslauthd/configure.in ++++ b/saslauthd/configure.in +@@ -25,6 +25,7 @@ AC_PROG_AWK + AC_PROG_MAKE_SET + AC_PROG_LN_S + AC_PROG_INSTALL ++AC_PROG_LIBTOOL + + dnl Checks for build foo + CMU_C___ATTRIBUTE__ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch new file mode 100644 index 000000000000..8eff5a8bdd12 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch @@ -0,0 +1,14 @@ +Author: Fabian Fagerholm <fabbe@debian.org> +Description: Fix linking with libsasldb.a when saslauthd is built with sasldb +support. +--- a/saslauthd/configure.in ++++ b/saslauthd/configure.in +@@ -77,7 +77,7 @@ if test "$authsasldb" != no; then + AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) + SASL_DB_PATH_CHECK() + SASL_DB_CHECK() +- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" ++ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" + fi + + AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch new file mode 100644 index 000000000000..43b6162a66f0 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch @@ -0,0 +1,27 @@ +Bug #445932 +--- a/cmulocal/sasl2.m4 ++++ b/cmulocal/sasl2.m4 +@@ -268,7 +268,11 @@ + + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" +- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) ++ AC_CHECK_FUNCS([gsskrb5_register_acceptor_identity], [], ++ [AC_CHECK_FUNCS([krb5_gss_register_acceptor_identity], ++ [AC_CHECK_HEADERS([gssapi/gssapi_krb5.h], ++ [AC_DEFINE([HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY], [1])] ++ )])]) + AC_CHECK_FUNCS(gss_decapsulate_token) + AC_CHECK_FUNCS(gss_encapsulate_token) + AC_CHECK_FUNCS(gss_oid_equal) +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c +@@ -50,7 +50,7 @@ + #else + #include <gssapi/gssapi.h> + #endif +-#ifdef KRB5_HEIMDAL ++#if defined (KRB5_HEIMDAL) || defined (HAVE_GSSAPI_GSSAPI_KRB5_H) + #include <gssapi/gssapi_krb5.h> + #endif + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch new file mode 100644 index 000000000000..09c9ce86c9ac --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch @@ -0,0 +1,116 @@ +From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Thu, 11 Jul 2013 09:08:07 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt() + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +When using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Patch by mancha1@hush.com. +--- +diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c +index 4b34222..400289c 100644 +--- a/pwcheck/pwcheck_getpwnam.c ++++ b/pwcheck/pwcheck_getpwnam.c +@@ -32,6 +32,7 @@ char *userid; + char *password; + { + char* r; ++ char* crpt_passwd; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,7 +42,7 @@ char *password; + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { ++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { + r = "Incorrect password"; + } + else { +diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c +index 2b11286..6d607bb 100644 +--- a/pwcheck/pwcheck_getspnam.c ++++ b/pwcheck/pwcheck_getspnam.c +@@ -32,13 +32,15 @@ char *userid; + char *password; + { + struct spwd *pwd; ++ char *crpt_passwd; + + pwd = getspnam(userid); + if (!pwd) { + return "Userid not found"; + } + +- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { ++ crpt_passwd = crypt(password, pwd->sp_pwdp); ++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { + return "Incorrect password"; + } + else { +diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c +index fc8029d..d4ebe54 100644 +--- a/saslauthd/auth_getpwent.c ++++ b/saslauthd/auth_getpwent.c +@@ -77,6 +77,7 @@ auth_getpwent ( + { + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ ++ char *crpt_passwd; /* encrypted password */ + int errnum; + /* END VARIABLES */ + +@@ -105,7 +106,8 @@ auth_getpwent ( + } + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ crpt_passwd = crypt(password, pw->pw_passwd); ++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); + } +diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c +index 677131b..1988afd 100644 +--- a/saslauthd/auth_shadow.c ++++ b/saslauthd/auth_shadow.c +@@ -210,8 +210,8 @@ auth_shadow ( + RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); + } + +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ cpw = crypt(password, sp->sp_pwdp); ++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { + if (flags & VERBOSE) { + /* + * This _should_ reveal the SHADOW_PW_LOCKED prefix to an +@@ -221,10 +221,8 @@ auth_shadow ( + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO Incorrect password"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -286,7 +284,7 @@ auth_shadow ( + RETURN("NO Invalid username"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); +-- +cgit v0.9.0.2 diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch new file mode 100644 index 000000000000..af382181e046 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch @@ -0,0 +1,10 @@ +--- cyrus-sasl2.orig/plugins/ldapdb.c ++++ cyrus-sasl2/plugins/ldapdb.c +@@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context, + if ( len > out_max ) + len = out_max; + memcpy(out, bvals[0]->bv_val, len); ++ out[len] = '\0'; + *out_ulen = len; + ber_bvecfree(bvals); + } diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch new file mode 100644 index 000000000000..6fc9de80287e --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch @@ -0,0 +1,90 @@ +Bug #510320 +--- a/saslauthd/auth_rimap.c ++++ b/saslauthd/auth_rimap.c +@@ -371,7 +371,7 @@ + if ( rc>0 ) { + /* check if there is more to read */ + fd_set perm; +- int fds, ret; ++ int fds, ret, loopc; + struct timeval timeout; + + FD_ZERO(&perm); +@@ -380,6 +380,7 @@ + + timeout.tv_sec = 1; + timeout.tv_usec = 0; ++ loopc = 0; + while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { + if ( FD_ISSET(s, &perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); +@@ -387,6 +388,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc += ret; + } + } +@@ -484,7 +493,7 @@ + if ( rc>0 ) { + /* check if there is more to read */ + fd_set perm; +- int fds, ret; ++ int fds, ret, loopc; + struct timeval timeout; + + FD_ZERO(&perm); +@@ -493,6 +502,7 @@ + + timeout.tv_sec = 1; + timeout.tv_usec = 0; ++ loopc = 0; + while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { + if ( FD_ISSET(s, &perm) ) { + ret = read(s, rbuf+rc, sizeof(rbuf)-rc); +@@ -500,6 +510,14 @@ + rc = ret; + break; + } else { ++ if (ret == 0) { ++ loopc += 1; ++ } else { ++ loopc = 0; ++ } ++ if (loopc > sizeof(rbuf)) { // arbitrary chosen value ++ break; ++ } + rc += ret; + } + } +--- a/lib/checkpw.c ++++ b/lib/checkpw.c +@@ -587,16 +587,14 @@ + /* Timeout. */ + errno = ETIMEDOUT; + return -1; +- case +1: +- if (FD_ISSET(fd, &rfds)) { +- /* Success, file descriptor is readable. */ +- return 0; +- } +- return -1; + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + default: ++ if (FD_ISSET(fd, &rfds)) { ++ /* Success, file descriptor is readable. */ ++ return 0; ++ } + /* Error catch-all. */ + return -1; + } diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch new file mode 100644 index 000000000000..3b0ffac24f0c --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch @@ -0,0 +1,353 @@ +diff --git a/plugins/ntlm.c b/plugins/ntlm.c +index 79ea47c..554a00d 100644 +--- a/plugins/ntlm.c ++++ b/plugins/ntlm.c +@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char *P24, unsigned char *P21, + return P24; + } + ++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return HMAC_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ HMAC_CTX_free(ctx); ++#else ++ HMAC_cleanup(ctx); ++ utils->free(ctx); ++#endif ++} ++ + static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const char *authid, const char *target, + const unsigned char *challenge, +@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const sasl_utils_t *utils, + char **buf, unsigned *buflen, int *result) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx = NULL; + unsigned char hash[EVP_MAX_MD_SIZE]; + char *upper; + unsigned int len; +@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + SETERROR(utils, "cannot allocate NTLMv2 hash"); + *result = SASL_NOMEM; + } ++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate HMAC CTX"); ++ *result = SASL_NOMEM; ++ } + else { + /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ + P16_nt(hash, passwd, utils, buf, buflen, result); +@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); + + /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ +- HMAC_Init(&ctx, hash, len, EVP_md5()); +- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); +- HMAC_Update(&ctx, blob, bloblen); +- HMAC_Final(&ctx, V2, &len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); ++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); ++ HMAC_Update(ctx, blob, bloblen); ++ HMAC_Final(ctx, V2, &len); + + /* the blob is concatenated outside of this function */ + + *result = SASL_OK; + } + ++ if (ctx) _plug_HMAC_CTX_free(ctx, utils); ++ + return V2; + } + +diff --git a/plugins/otp.c b/plugins/otp.c +index dd73065..d1e9bf4 100644 +--- a/plugins/otp.c ++++ b/plugins/otp.c +@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_options[] = { + {NULL, 0, NULL} + }; + ++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return EVP_MD_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(ctx); ++#else ++ utils->free(ctx); ++#endif ++} ++ + /* Convert the binary data into ASCII hex */ + void bin2hex(unsigned char *bin, int binlen, char *hex) + { +@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int binlen, char *hex) + * swabbing bytes if necessary. + */ + static void otp_hash(const EVP_MD *md, char *in, size_t inlen, +- unsigned char *out, int swab) ++ unsigned char *out, int swab, EVP_MD_CTX *mdctx) + { +- EVP_MD_CTX mdctx; + char hash[EVP_MAX_MD_SIZE]; + unsigned int i; + int j; + unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, in, inlen); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, in, inlen); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* Fold the result into 64 bits */ + for (i = OTP_HASH_SIZE; i < hashlen; i++) { +@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils_t *utils, + char *secret, char *otp) + { + const EVP_MD *md; +- char *key; ++ EVP_MD_CTX *mdctx = NULL; ++ char *key = NULL; ++ int r = SASL_OK; + + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, +@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils_t *utils, + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ r = SASL_NOMEM; ++ goto done; ++ } ++ + if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { + SETERROR(utils, "cannot allocate OTP key"); +- return SASL_NOMEM; ++ r = SASL_NOMEM; ++ goto done; + } + + /* initial step */ + strcpy(key, seed); + strcat(key, secret); +- otp_hash(md, key, strlen(key), otp, alg->swab); ++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); + + /* computation step */ + while (seq-- > 0) +- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); ++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); + +- utils->free(key); ++ done: ++ if (key) utils->free(key); ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); + +- return SASL_OK; ++ return r; + } + + static int parse_challenge(const sasl_utils_t *utils, +@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg1, const void *arg2) + + /* Convert the 6 words into binary data */ + static int word2bin(const sasl_utils_t *utils, +- char *words, unsigned char *bin, const EVP_MD *md) ++ char *words, unsigned char *bin, const EVP_MD *md, ++ EVP_MD_CTX *mdctx) + { + int i, j; + char *c, *word, buf[OTP_RESPONSE_MAX+1]; +@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *utils, + + /* alternate dictionary */ + if (alt_dict) { +- EVP_MD_CTX mdctx; + char hash[EVP_MAX_MD_SIZE]; + int hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, word, strlen(word)); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, word, strlen(word)); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* use lowest 11 bits */ + x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; +@@ -802,6 +834,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + char *response) + { + const EVP_MD *md; ++ EVP_MD_CTX *mdctx = NULL; + char *c; + int do_init = 0; + unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; +@@ -815,6 +848,11 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ return SASL_NOMEM; ++ } ++ + /* eat leading whitespace */ + c = response; + while (isspace((int) *c)) c++; +@@ -824,7 +862,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); + } + else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { +- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); + } + else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, + strlen(OTP_INIT_HEX_TYPE))) { +@@ -834,7 +872,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { + do_init = 1; +- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); + } + else { + SETERROR(utils, "unknown OTP extended response type"); +@@ -843,14 +881,14 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + } + else { + /* standard response, try word first, and then hex */ +- r = word2bin(utils, c, cur_otp, md); ++ r = word2bin(utils, c, cur_otp, md, mdctx); + if (r != SASL_OK) + r = hex2bin(c, cur_otp, OTP_HASH_SIZE); + } + + if (r == SASL_OK) { + /* do one more hash (previous otp) and compare to stored otp */ +- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); ++ otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab, mdctx); + + if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { + /* update the secret with this seq/otp */ +@@ -879,23 +917,28 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + *new_resp++ = '\0'; + } + +- if (!(new_chal && new_resp)) +- return SASL_BADAUTH; ++ if (!(new_chal && new_resp)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) + != SASL_OK) { +- return r; ++ goto done; + } + +- if (seq < 1 || !strcasecmp(seed, text->seed)) +- return SASL_BADAUTH; ++ if (seq < 1 || !strcasecmp(seed, text->seed)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + /* find the MDA */ + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, + "OTP algorithm %s is not available", + alg->evp_name); +- return SASL_BADAUTH; ++ r = SASL_BADAUTH; ++ goto done; + } + + if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { +@@ -903,7 +946,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + } + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { +- r = word2bin(utils, new_resp, new_otp, md); ++ r = word2bin(utils, new_resp, new_otp, md, mdctx); + } + + if (r == SASL_OK) { +@@ -914,7 +957,10 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + memcpy(text->otp, new_otp, OTP_HASH_SIZE); + } + } +- ++ ++ done: ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); ++ + return r; + } + +@@ -1443,8 +1489,10 @@ int otp_server_plug_init(const sasl_utils_t *utils, + *pluglist = otp_server_plugins; + *plugcount = 1; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* Add all digests */ + OpenSSL_add_all_digests(); ++#endif + + return SASL_OK; + } +@@ -1844,8 +1892,10 @@ int otp_client_plug_init(sasl_utils_t *utils, + *pluglist = otp_client_plugins; + *plugcount = 1; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* Add all digests */ + OpenSSL_add_all_digests(); ++#endif + + return SASL_OK; + } +--- a/saslauthd/lak.c ++++ b/saslauthd/lak.c +@@ -729,7 +729,7 @@ int lak_init( + return rc; + } + +-#ifdef HAVE_OPENSSL ++#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_digests(); + #endif + diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch new file mode 100644 index 000000000000..d8b4b6efc3f8 --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch @@ -0,0 +1,48 @@ +--- cyrus-sasl2.orig/saslauthd/auth_rimap.c ++++ cyrus-sasl2/saslauthd/auth_rimap.c +@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re + service we connect to. */ + #define TAG "saslauthd" /* IMAP command tag */ + #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ ++#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ + #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ + #define RESP_LEN 1000 /* size of read response buffer */ + +@@ -307,10 +308,12 @@ auth_rimap ( + int s=-1; /* socket to remote auth host */ + struct addrinfo *r; /* remote socket address info */ + struct iovec iov[5]; /* for sending LOGIN command */ ++ struct iovec iov2[2]; /* for sending LOGOUT command */ + char *qlogin; /* pointer to "quoted" login */ + char *qpass; /* pointer to "quoted" password */ + char *c; /* scratch pointer */ + int rc; /* return code scratch area */ ++ int rcl; /* return code scratch area */ + char rbuf[RESP_LEN]; /* response read buffer */ + char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; + int saved_errno; +@@ -505,6 +508,24 @@ auth_rimap ( + } + } + } ++ ++ /* close remote imap */ ++ iov2[0].iov_base = LOGOUT_CMD; ++ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; ++ iov2[1].iov_base = "\r\n"; ++ iov2[1].iov_len = sizeof("\r\n") - 1; ++ ++ if (flags & VERBOSE) { ++ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", ++ LOGOUT_CMD, qlogin, qpass); ++ } ++ alarm(NETWORK_IO_TIMEOUT); ++ rcl = retry_writev(s, iov2, 2); ++ alarm(0); ++ if (rcl == -1) { ++ syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); ++ } ++ + (void) close(s); /* we're done with the remote */ + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (response): %m"); |