diff options
Diffstat (limited to 'dev-libs/cyrus-sasl/files')
14 files changed, 0 insertions, 891 deletions
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch deleted file mode 100644 index beea8eb28d19..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch +++ /dev/null @@ -1,16 +0,0 @@ -Gentoo bug #389349 ---- a/cmulocal/sasl2.m4 -+++ b/cmulocal/sasl2.m4 -@@ -217,7 +217,11 @@ - [AC_WARN([Cybersafe define not found])]) - - elif test "$ac_cv_header_gssapi_h" = "yes"; then -- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, -+ AC_EGREP_CPP(hostbased_service_gss_nt_yes, gssapi.h, -+ [#include <gssapi.h> -+ #ifdef GSS_C_NT_HOSTBASED_SERVICE -+ hostbased_service_gss_nt_yes -+ #endif], - [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, - [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) - elif test "$ac_cv_header_gssapi_gssapi_h"; then diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch deleted file mode 100644 index 67b48b4a4993..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch +++ /dev/null @@ -1,27 +0,0 @@ -Author: Matthias Klose <doko@ubuntu.com> -Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use -it. ---- a/saslauthd/Makefile.am -+++ b/saslauthd/Makefile.am -@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c - saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ - saslauthd_LDADD = @SASL_KRB_LIB@ \ - @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ -- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ -+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ - - testsaslauthd_SOURCES = testsaslauthd.c utils.c - testsaslauthd_LDADD = @LIB_SOCKET@ ---- a/sasldb/Makefile.am -+++ b/sasldb/Makefile.am -@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a - - libsasldb_la_SOURCES = allockey.c sasldb.h - EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) --libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) --libsasldb_la_LIBADD = $(SASL_DB_BACKEND) -+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) -+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) - - # Prevent make dist stupidity - libsasldb_a_SOURCES = diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch deleted file mode 100644 index 5837921d4f7f..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch +++ /dev/null @@ -1,114 +0,0 @@ ---- a/configure.in -+++ b/configure.in -@@ -44,6 +44,8 @@ dnl - AC_INIT(lib/saslint.h) - AC_PREREQ([2.54]) - -+AC_CONFIG_MACRO_DIR([cmulocal] [config]) -+ - dnl use ./config.cache as the default cache file. - dnl we require a cache file to successfully configure our build. - if test $cache_file = "/dev/null"; then ---- a/Makefile.am -+++ b/Makefile.am -@@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7 - # - ################################################################ - -+ACLOCAL_AMFLAGS = -I cmulocal -I config -+ - if SASLAUTHD - SAD = saslauthd - else ---- a/saslauthd/configure.in -+++ b/saslauthd/configure.in -@@ -1,7 +1,8 @@ - AC_INIT(mechanisms.h) - AC_PREREQ([2.54]) - --AC_CONFIG_AUX_DIR(config) -+AC_CONFIG_MACRO_DIR([../cmulocal] [../config]) -+AC_CONFIG_AUX_DIR([config]) - AC_CANONICAL_HOST - - dnl Should we enable SASLAUTHd at all? -@@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS) - - dnl Checks for which function macros exist - AC_MSG_CHECKING(whether $CC implements __func__) --AC_CACHE_VAL(have_func, -+AC_CACHE_VAL(_cv_have_func, - [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);], --have_func=yes, --have_func=no)]) --AC_MSG_RESULT($have_func) --if test "$have_func" = yes; then -+_cv_have_func=yes, -+_cv_have_func=no)]) -+AC_MSG_RESULT($_cv_have_func) -+if test "$_cv_have_func" = yes; then - AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) - else - AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) -- AC_CACHE_VAL(have_pretty_function, -+ AC_CACHE_VAL(_cv_have_pretty_function, - [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);], -- have_pretty_function=yes, -- have_pretty_function=no)]) -- AC_MSG_RESULT($have_pretty_function) -- if test "$have_pretty_function" = yes; then -+ _cv_have_pretty_function=yes, -+ _cv_have_pretty_function=no)]) -+ AC_MSG_RESULT($_cv_have_pretty_function) -+ if test "$_cv_have_pretty_function" = yes; then - AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) - else - AC_MSG_CHECKING(whether $CC implements __FUNCTION__) -- AC_CACHE_VAL(have_function, -+ AC_CACHE_VAL(_cv_have_function, - [AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);], -- have_function=yes, -- have_function=no)]) -- AC_MSG_RESULT($have_function) -- if test "$have_function" = yes; then -+ _cv_have_function=yes, -+ _cv_have_function=no)]) -+ AC_MSG_RESULT($_cv_have_function) -+ if test "$_cv_have_function" = yes; then - AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) - fi - fi ---- a/saslauthd/Makefile.am -+++ b/saslauthd/Makefile.am -@@ -1,4 +1,6 @@ - AUTOMAKE_OPTIONS = 1.7 -+ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config -+ - sbin_PROGRAMS = saslauthd testsaslauthd - EXTRA_PROGRAMS = saslcache - ---- a/config/kerberos_v4.m4 -+++ b/config/kerberos_v4.m4 -@@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [ - dnl if we were ambitious, we would look more aggressively for the - dnl krb4 install - if test -d ${krb4}; then -- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ -+ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ - for krbhloc in include/kerberosIV include/kerberos include - do - if test -f ${krb4}/${krbhloc}/krb.h ; then -- cyrus_krbinclude=${krb4}/${krbhloc} -+ cyrus_cv_krbinclude=${krb4}/${krbhloc} - break - fi - done - ]) - -- if test -n "${cyrus_krbinclude}"; then -- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" -+ if test -n "${cyrus_cv_krbinclude}"; then -+ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" - fi - LDFLAGS="$LDFLAGS -L$krb4/lib" - fi diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch deleted file mode 100644 index 2e5b1750d00d..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch +++ /dev/null @@ -1,27 +0,0 @@ -Author: Fabian Fagerholm <fabbe@debian.org> -Description: This patch makes sure the non-PIC version of libsasldb.a, which -is created out of non-PIC objects, is not going to overwrite the PIC version, -which is created out of PIC objects. The PIC version is placed in .libs, and -the non-PIC version in the current directory. This ensures that both non-PIC -and PIC versions are available in the correct locations. ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -78,7 +78,7 @@ endif - - libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) - @echo adding static plugins and dependencies -- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) -+ $(AR) cru $@ $(SASL_STATIC_OBJS) - @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ - if test ! -f $$i; then continue; fi; . $$i; \ - for j in $$dependency_libs foo; do \ ---- a/sasldb/Makefile.am -+++ b/sasldb/Makefile.am -@@ -63,6 +63,6 @@ libsasldb_a_SOURCES = - EXTRA_libsasldb_a_SOURCES = - - libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) -- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) -+ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) - - diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch deleted file mode 100644 index 92be26003488..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix compiling against heimdal - ---- a/sample/server.c -+++ b/sample/server.c -@@ -85,8 +85,10 @@ - - #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE - #include <gssapi/gssapi.h> -+#ifndef KRB5_HEIMDAL - #include <gssapi/gssapi_ext.h> - #endif -+#endif - - #include "common.h" - ---- a/plugins/gssapi.c -+++ b/plugins/gssapi.c -@@ -50,6 +50,9 @@ - #else - #include <gssapi/gssapi.h> - #endif -+#ifdef KRB5_HEIMDAL -+#include <gssapi/gssapi_krb5.h> -+#endif - - #ifdef WIN32 - # include <winsock2.h> diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch deleted file mode 100644 index a413e00bf428..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/pwcheck/pwcheck_getspnam.c -+++ b/pwcheck/pwcheck_getspnam.c -@@ -24,6 +24,7 @@ - ******************************************************************/ - - #include <shadow.h> -+#include <string.h> - - extern char *crypt(); - diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch deleted file mode 100644 index da1a49f1dd66..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch +++ /dev/null @@ -1,12 +0,0 @@ -Author: Fabian Fagerholm <fabbe@debian.org> -Description: Enable libtool use. ---- a/saslauthd/configure.in -+++ b/saslauthd/configure.in -@@ -25,6 +25,7 @@ AC_PROG_AWK - AC_PROG_MAKE_SET - AC_PROG_LN_S - AC_PROG_INSTALL -+AC_PROG_LIBTOOL - - dnl Checks for build foo - CMU_C___ATTRIBUTE__ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch deleted file mode 100644 index 8eff5a8bdd12..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch +++ /dev/null @@ -1,14 +0,0 @@ -Author: Fabian Fagerholm <fabbe@debian.org> -Description: Fix linking with libsasldb.a when saslauthd is built with sasldb -support. ---- a/saslauthd/configure.in -+++ b/saslauthd/configure.in -@@ -77,7 +77,7 @@ if test "$authsasldb" != no; then - AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) - SASL_DB_PATH_CHECK() - SASL_DB_CHECK() -- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" -+ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" - fi - - AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch deleted file mode 100644 index 43b6162a66f0..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch +++ /dev/null @@ -1,27 +0,0 @@ -Bug #445932 ---- a/cmulocal/sasl2.m4 -+++ b/cmulocal/sasl2.m4 -@@ -268,7 +268,11 @@ - - cmu_save_LIBS="$LIBS" - LIBS="$LIBS $GSSAPIBASE_LIBS" -- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) -+ AC_CHECK_FUNCS([gsskrb5_register_acceptor_identity], [], -+ [AC_CHECK_FUNCS([krb5_gss_register_acceptor_identity], -+ [AC_CHECK_HEADERS([gssapi/gssapi_krb5.h], -+ [AC_DEFINE([HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY], [1])] -+ )])]) - AC_CHECK_FUNCS(gss_decapsulate_token) - AC_CHECK_FUNCS(gss_encapsulate_token) - AC_CHECK_FUNCS(gss_oid_equal) ---- a/plugins/gssapi.c -+++ b/plugins/gssapi.c -@@ -50,7 +50,7 @@ - #else - #include <gssapi/gssapi.h> - #endif --#ifdef KRB5_HEIMDAL -+#if defined (KRB5_HEIMDAL) || defined (HAVE_GSSAPI_GSSAPI_KRB5_H) - #include <gssapi/gssapi_krb5.h> - #endif - diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch deleted file mode 100644 index 09c9ce86c9ac..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch +++ /dev/null @@ -1,116 +0,0 @@ -From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 -From: mancha <mancha1@hush.com> -Date: Thu, 11 Jul 2013 09:08:07 +0000 -Subject: Handle NULL returns from glibc 2.17+ crypt() - -Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL -(w/ NULL return) if the salt violates specifications. Additionally, -on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords -passed to crypt() fail with EPERM (w/ NULL return). - -When using glibc's crypt(), check return value to avoid a possible -NULL pointer dereference. - -Patch by mancha1@hush.com. ---- -diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c -index 4b34222..400289c 100644 ---- a/pwcheck/pwcheck_getpwnam.c -+++ b/pwcheck/pwcheck_getpwnam.c -@@ -32,6 +32,7 @@ char *userid; - char *password; - { - char* r; -+ char* crpt_passwd; - struct passwd *pwd; - - pwd = getpwnam(userid); -@@ -41,7 +42,7 @@ char *password; - else if (pwd->pw_passwd[0] == '*') { - r = "Account disabled"; - } -- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { -+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { - r = "Incorrect password"; - } - else { -diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c -index 2b11286..6d607bb 100644 ---- a/pwcheck/pwcheck_getspnam.c -+++ b/pwcheck/pwcheck_getspnam.c -@@ -32,13 +32,15 @@ char *userid; - char *password; - { - struct spwd *pwd; -+ char *crpt_passwd; - - pwd = getspnam(userid); - if (!pwd) { - return "Userid not found"; - } - -- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { -+ crpt_passwd = crypt(password, pwd->sp_pwdp); -+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { - return "Incorrect password"; - } - else { -diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c -index fc8029d..d4ebe54 100644 ---- a/saslauthd/auth_getpwent.c -+++ b/saslauthd/auth_getpwent.c -@@ -77,6 +77,7 @@ auth_getpwent ( - { - /* VARIABLES */ - struct passwd *pw; /* pointer to passwd file entry */ -+ char *crpt_passwd; /* encrypted password */ - int errnum; - /* END VARIABLES */ - -@@ -105,7 +106,8 @@ auth_getpwent ( - } - } - -- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { -+ crpt_passwd = crypt(password, pw->pw_passwd); -+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); - } -diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c -index 677131b..1988afd 100644 ---- a/saslauthd/auth_shadow.c -+++ b/saslauthd/auth_shadow.c -@@ -210,8 +210,8 @@ auth_shadow ( - RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); - } - -- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); -- if (strcmp(sp->sp_pwdp, cpw)) { -+ cpw = crypt(password, sp->sp_pwdp); -+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { - if (flags & VERBOSE) { - /* - * This _should_ reveal the SHADOW_PW_LOCKED prefix to an -@@ -221,10 +221,8 @@ auth_shadow ( - syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", - sp->sp_pwdp, cpw); - } -- free(cpw); - RETURN("NO Incorrect password"); - } -- free(cpw); - - /* - * The following fields will be set to -1 if: -@@ -286,7 +284,7 @@ auth_shadow ( - RETURN("NO Invalid username"); - } - -- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { -+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", - password, upw->upw_passwd); --- -cgit v0.9.0.2 diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch deleted file mode 100644 index af382181e046..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- cyrus-sasl2.orig/plugins/ldapdb.c -+++ cyrus-sasl2/plugins/ldapdb.c -@@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context, - if ( len > out_max ) - len = out_max; - memcpy(out, bvals[0]->bv_val, len); -+ out[len] = '\0'; - *out_ulen = len; - ber_bvecfree(bvals); - } diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch deleted file mode 100644 index 6fc9de80287e..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch +++ /dev/null @@ -1,90 +0,0 @@ -Bug #510320 ---- a/saslauthd/auth_rimap.c -+++ b/saslauthd/auth_rimap.c -@@ -371,7 +371,7 @@ - if ( rc>0 ) { - /* check if there is more to read */ - fd_set perm; -- int fds, ret; -+ int fds, ret, loopc; - struct timeval timeout; - - FD_ZERO(&perm); -@@ -380,6 +380,7 @@ - - timeout.tv_sec = 1; - timeout.tv_usec = 0; -+ loopc = 0; - while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { - if ( FD_ISSET(s, &perm) ) { - ret = read(s, rbuf+rc, sizeof(rbuf)-rc); -@@ -387,6 +388,14 @@ - rc = ret; - break; - } else { -+ if (ret == 0) { -+ loopc += 1; -+ } else { -+ loopc = 0; -+ } -+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value -+ break; -+ } - rc += ret; - } - } -@@ -484,7 +493,7 @@ - if ( rc>0 ) { - /* check if there is more to read */ - fd_set perm; -- int fds, ret; -+ int fds, ret, loopc; - struct timeval timeout; - - FD_ZERO(&perm); -@@ -493,6 +502,7 @@ - - timeout.tv_sec = 1; - timeout.tv_usec = 0; -+ loopc = 0; - while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { - if ( FD_ISSET(s, &perm) ) { - ret = read(s, rbuf+rc, sizeof(rbuf)-rc); -@@ -500,6 +510,14 @@ - rc = ret; - break; - } else { -+ if (ret == 0) { -+ loopc += 1; -+ } else { -+ loopc = 0; -+ } -+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value -+ break; -+ } - rc += ret; - } - } ---- a/lib/checkpw.c -+++ b/lib/checkpw.c -@@ -587,16 +587,14 @@ - /* Timeout. */ - errno = ETIMEDOUT; - return -1; -- case +1: -- if (FD_ISSET(fd, &rfds)) { -- /* Success, file descriptor is readable. */ -- return 0; -- } -- return -1; - case -1: - if (errno == EINTR || errno == EAGAIN) - continue; - default: -+ if (FD_ISSET(fd, &rfds)) { -+ /* Success, file descriptor is readable. */ -+ return 0; -+ } - /* Error catch-all. */ - return -1; - } diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch deleted file mode 100644 index 3b0ffac24f0c..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch +++ /dev/null @@ -1,353 +0,0 @@ -diff --git a/plugins/ntlm.c b/plugins/ntlm.c -index 79ea47c..554a00d 100644 ---- a/plugins/ntlm.c -+++ b/plugins/ntlm.c -@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char *P24, unsigned char *P21, - return P24; - } - -+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ return HMAC_CTX_new(); -+#else -+ return utils->malloc(sizeof(EVP_MD_CTX)); -+#endif -+} -+ -+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ HMAC_CTX_free(ctx); -+#else -+ HMAC_cleanup(ctx); -+ utils->free(ctx); -+#endif -+} -+ - static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, - const char *authid, const char *target, - const unsigned char *challenge, -@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, - const sasl_utils_t *utils, - char **buf, unsigned *buflen, int *result) - { -- HMAC_CTX ctx; -+ HMAC_CTX *ctx = NULL; - unsigned char hash[EVP_MAX_MD_SIZE]; - char *upper; - unsigned int len; -@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, - SETERROR(utils, "cannot allocate NTLMv2 hash"); - *result = SASL_NOMEM; - } -+ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { -+ SETERROR(utils, "cannot allocate HMAC CTX"); -+ *result = SASL_NOMEM; -+ } - else { - /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ - P16_nt(hash, passwd, utils, buf, buflen, result); -@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, - HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); - - /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ -- HMAC_Init(&ctx, hash, len, EVP_md5()); -- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); -- HMAC_Update(&ctx, blob, bloblen); -- HMAC_Final(&ctx, V2, &len); -- HMAC_cleanup(&ctx); -+ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); -+ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); -+ HMAC_Update(ctx, blob, bloblen); -+ HMAC_Final(ctx, V2, &len); - - /* the blob is concatenated outside of this function */ - - *result = SASL_OK; - } - -+ if (ctx) _plug_HMAC_CTX_free(ctx, utils); -+ - return V2; - } - -diff --git a/plugins/otp.c b/plugins/otp.c -index dd73065..d1e9bf4 100644 ---- a/plugins/otp.c -+++ b/plugins/otp.c -@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_options[] = { - {NULL, 0, NULL} - }; - -+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ return EVP_MD_CTX_new(); -+#else -+ return utils->malloc(sizeof(EVP_MD_CTX)); -+#endif -+} -+ -+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) -+{ -+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(ctx); -+#else -+ utils->free(ctx); -+#endif -+} -+ - /* Convert the binary data into ASCII hex */ - void bin2hex(unsigned char *bin, int binlen, char *hex) - { -@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int binlen, char *hex) - * swabbing bytes if necessary. - */ - static void otp_hash(const EVP_MD *md, char *in, size_t inlen, -- unsigned char *out, int swab) -+ unsigned char *out, int swab, EVP_MD_CTX *mdctx) - { -- EVP_MD_CTX mdctx; - char hash[EVP_MAX_MD_SIZE]; - unsigned int i; - int j; - unsigned hashlen; - -- EVP_DigestInit(&mdctx, md); -- EVP_DigestUpdate(&mdctx, in, inlen); -- EVP_DigestFinal(&mdctx, hash, &hashlen); -+ EVP_DigestInit(mdctx, md); -+ EVP_DigestUpdate(mdctx, in, inlen); -+ EVP_DigestFinal(mdctx, hash, &hashlen); - - /* Fold the result into 64 bits */ - for (i = OTP_HASH_SIZE; i < hashlen; i++) { -@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils_t *utils, - char *secret, char *otp) - { - const EVP_MD *md; -- char *key; -+ EVP_MD_CTX *mdctx = NULL; -+ char *key = NULL; -+ int r = SASL_OK; - - if (!(md = EVP_get_digestbyname(alg->evp_name))) { - utils->seterror(utils->conn, 0, -@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils_t *utils, - return SASL_FAIL; - } - -+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { -+ SETERROR(utils, "cannot allocate MD CTX"); -+ r = SASL_NOMEM; -+ goto done; -+ } -+ - if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { - SETERROR(utils, "cannot allocate OTP key"); -- return SASL_NOMEM; -+ r = SASL_NOMEM; -+ goto done; - } - - /* initial step */ - strcpy(key, seed); - strcat(key, secret); -- otp_hash(md, key, strlen(key), otp, alg->swab); -+ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); - - /* computation step */ - while (seq-- > 0) -- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); -+ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); - -- utils->free(key); -+ done: -+ if (key) utils->free(key); -+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); - -- return SASL_OK; -+ return r; - } - - static int parse_challenge(const sasl_utils_t *utils, -@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg1, const void *arg2) - - /* Convert the 6 words into binary data */ - static int word2bin(const sasl_utils_t *utils, -- char *words, unsigned char *bin, const EVP_MD *md) -+ char *words, unsigned char *bin, const EVP_MD *md, -+ EVP_MD_CTX *mdctx) - { - int i, j; - char *c, *word, buf[OTP_RESPONSE_MAX+1]; -@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *utils, - - /* alternate dictionary */ - if (alt_dict) { -- EVP_MD_CTX mdctx; - char hash[EVP_MAX_MD_SIZE]; - int hashlen; - -- EVP_DigestInit(&mdctx, md); -- EVP_DigestUpdate(&mdctx, word, strlen(word)); -- EVP_DigestFinal(&mdctx, hash, &hashlen); -+ EVP_DigestInit(mdctx, md); -+ EVP_DigestUpdate(mdctx, word, strlen(word)); -+ EVP_DigestFinal(mdctx, hash, &hashlen); - - /* use lowest 11 bits */ - x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; -@@ -802,6 +834,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - char *response) - { - const EVP_MD *md; -+ EVP_MD_CTX *mdctx = NULL; - char *c; - int do_init = 0; - unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; -@@ -815,6 +848,11 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - return SASL_FAIL; - } - -+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { -+ SETERROR(utils, "cannot allocate MD CTX"); -+ return SASL_NOMEM; -+ } -+ - /* eat leading whitespace */ - c = response; - while (isspace((int) *c)) c++; -@@ -824,7 +862,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); - } - else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { -- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); -+ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); - } - else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, - strlen(OTP_INIT_HEX_TYPE))) { -@@ -834,7 +872,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, - strlen(OTP_INIT_WORD_TYPE))) { - do_init = 1; -- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); -+ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); - } - else { - SETERROR(utils, "unknown OTP extended response type"); -@@ -843,14 +881,14 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - } - else { - /* standard response, try word first, and then hex */ -- r = word2bin(utils, c, cur_otp, md); -+ r = word2bin(utils, c, cur_otp, md, mdctx); - if (r != SASL_OK) - r = hex2bin(c, cur_otp, OTP_HASH_SIZE); - } - - if (r == SASL_OK) { - /* do one more hash (previous otp) and compare to stored otp */ -- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); -+ otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab, mdctx); - - if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { - /* update the secret with this seq/otp */ -@@ -879,23 +917,28 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - *new_resp++ = '\0'; - } - -- if (!(new_chal && new_resp)) -- return SASL_BADAUTH; -+ if (!(new_chal && new_resp)) { -+ r = SASL_BADAUTH; -+ goto done; -+ } - - if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) - != SASL_OK) { -- return r; -+ goto done; - } - -- if (seq < 1 || !strcasecmp(seed, text->seed)) -- return SASL_BADAUTH; -+ if (seq < 1 || !strcasecmp(seed, text->seed)) { -+ r = SASL_BADAUTH; -+ goto done; -+ } - - /* find the MDA */ - if (!(md = EVP_get_digestbyname(alg->evp_name))) { - utils->seterror(utils->conn, 0, - "OTP algorithm %s is not available", - alg->evp_name); -- return SASL_BADAUTH; -+ r = SASL_BADAUTH; -+ goto done; - } - - if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { -@@ -903,7 +946,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - } - else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, - strlen(OTP_INIT_WORD_TYPE))) { -- r = word2bin(utils, new_resp, new_otp, md); -+ r = word2bin(utils, new_resp, new_otp, md, mdctx); - } - - if (r == SASL_OK) { -@@ -914,7 +957,10 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, - memcpy(text->otp, new_otp, OTP_HASH_SIZE); - } - } -- -+ -+ done: -+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); -+ - return r; - } - -@@ -1443,8 +1489,10 @@ int otp_server_plug_init(const sasl_utils_t *utils, - *pluglist = otp_server_plugins; - *plugcount = 1; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* Add all digests */ - OpenSSL_add_all_digests(); -+#endif - - return SASL_OK; - } -@@ -1844,8 +1892,10 @@ int otp_client_plug_init(sasl_utils_t *utils, - *pluglist = otp_client_plugins; - *plugcount = 1; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* Add all digests */ - OpenSSL_add_all_digests(); -+#endif - - return SASL_OK; - } ---- a/saslauthd/lak.c -+++ b/saslauthd/lak.c -@@ -729,7 +729,7 @@ int lak_init( - return rc; - } - --#ifdef HAVE_OPENSSL -+#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L - OpenSSL_add_all_digests(); - #endif - diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch deleted file mode 100644 index d8b4b6efc3f8..000000000000 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- cyrus-sasl2.orig/saslauthd/auth_rimap.c -+++ cyrus-sasl2/saslauthd/auth_rimap.c -@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re - service we connect to. */ - #define TAG "saslauthd" /* IMAP command tag */ - #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ -+#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ - #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ - #define RESP_LEN 1000 /* size of read response buffer */ - -@@ -307,10 +308,12 @@ auth_rimap ( - int s=-1; /* socket to remote auth host */ - struct addrinfo *r; /* remote socket address info */ - struct iovec iov[5]; /* for sending LOGIN command */ -+ struct iovec iov2[2]; /* for sending LOGOUT command */ - char *qlogin; /* pointer to "quoted" login */ - char *qpass; /* pointer to "quoted" password */ - char *c; /* scratch pointer */ - int rc; /* return code scratch area */ -+ int rcl; /* return code scratch area */ - char rbuf[RESP_LEN]; /* response read buffer */ - char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; - int saved_errno; -@@ -505,6 +508,24 @@ auth_rimap ( - } - } - } -+ -+ /* close remote imap */ -+ iov2[0].iov_base = LOGOUT_CMD; -+ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; -+ iov2[1].iov_base = "\r\n"; -+ iov2[1].iov_len = sizeof("\r\n") - 1; -+ -+ if (flags & VERBOSE) { -+ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", -+ LOGOUT_CMD, qlogin, qpass); -+ } -+ alarm(NETWORK_IO_TIMEOUT); -+ rcl = retry_writev(s, iov2, 2); -+ alarm(0); -+ if (rcl == -1) { -+ syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); -+ } -+ - (void) close(s); /* we're done with the remote */ - if (rc == -1) { - syslog(LOG_WARNING, "auth_rimap: read (response): %m"); |