diff options
Diffstat (limited to 'dev-libs/cyrus-sasl')
9 files changed, 433 insertions, 82 deletions
diff --git a/dev-libs/cyrus-sasl/Manifest b/dev-libs/cyrus-sasl/Manifest index d433e4d6bacb..95413c17b7ae 100644 --- a/dev-libs/cyrus-sasl/Manifest +++ b/dev-libs/cyrus-sasl/Manifest @@ -1,17 +1,18 @@ -AUX cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch 782 BLAKE2B 2573c8784bf0abbb86b873a333a244330d2a7ba22767792b38261ba122081f82dbfd8f1c5c3503d9e7cfb82349ead903ce7893f45d75194b73b001d3902b9f80 SHA512 524b199559b5f8f363f12bd1dd677f3354eacb68e88fa43ab8dd227465121c00841ce48ce01ba7e9e64629d5871418ed424d0c9bdda6895914c07ae7f1035595 +AUX cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch 714 BLAKE2B 7943685af8707162db33ba2970fb8336f9f25af844357216b9e5e01ea92010f71485c85979ffe30dac5734b0f4cd104e58502821856194cdf9f33530b6acae92 SHA512 39dcd0d96cd7c5baaf09b5cd36279e45618498cc545696665a54a5fdccfddd351ef178e888c138e945669814ff2bb72e57161f1d77ef78dd0dbba1d730ee8619 AUX cyrus-sasl-2.1.25-as_needed.patch 1083 BLAKE2B d6a2c9e2bf6d41ea4a30f2043b6cbaff5a26acf6f8da8f681afcb9c9b4dbab2b52dbd6a37c219b337acf35ea2c67a0afe6ebdcbdc3d8f9ad489c4317656cd4a7 SHA512 8fdc7039fda79e95ec310cd63d72871d7b5b35b5a1b6cf30b9693f6a02e265d924e375ddc65158f38de129b5da058ecd26038f988153ff0aacf2665d66f40abb AUX cyrus-sasl-2.1.25-autotools_fixes.patch 3926 BLAKE2B 33817cdaeb79b03ecd6f75eb98b4946f4c7ca9a7f0ccc194200409d045d158642fecfc7dded004b25735d85e8fd55b378625ffc2bd97f045490414b9eb6b55fc SHA512 d1e39d856addf6b53a278669df6e87f0fddd9a1ceadc0fadf2bdac239fcec8540c797118be642a58e65e2ec667d3c2a4b604f68f659433e64dbcd5bfe35b9a82 AUX cyrus-sasl-2.1.25-auxprop.patch 552 BLAKE2B 2d932e05863da6b108eec405e792003d6d8df4bde07bd044537729232a9b23e7261cbb33b82df7c5685ee96aae3e0aed62317f89e970fbedffea65bf9d89ccdc SHA512 73ae914e684ae698eb56a1579ba9a477a946625a3b079e2b400d88583074f1701d8a6926ed17dea36b923050f21c04fbf746d54284568bd21c14be3d10283b6f AUX cyrus-sasl-2.1.25-avoid_pic_overwrite.patch 1076 BLAKE2B ed64d970d3321d4f4e8dcfc0ea28638cbfbbe9dc29f585462c81cde945759d3ef9dde275b1472377176973fa8ba15d0beddfa4c32f30762e5e71b618e2a7bbe6 SHA512 033e3634116e1d3b316052dbe0b671cca0fcfb6063fca1a97d990c422c2ce05109a1e424e84ed9928dc0312a325a7248f2d2e3f9547f84453b36331c01f63be5 -AUX cyrus-sasl-2.1.25-fix_heimdal.patch 601 BLAKE2B 373fd892c8b641d51ac5e3a905707cc781662e637525d8a911e6f059dae2f768aaf3b2264c6c5c34f1d68f679cda22ea82786761e42212ae6fe49b522c815bc3 SHA512 80a5181a3c324551ae64ead2d6199691ac9994653e4b86de21852d2caf201b5fccde6464af4189351edcad4b87dc60cab5f1c03148db77f90c6c52a16465045a -AUX cyrus-sasl-2.1.25-missing_header.patch 292 BLAKE2B 9a2d5ae510b08daf9e0b90d1b68ebe7de2e41d4e3573a82f2763dc82148fbe2fb634d5161ad728ddf99740d2160246d22324c2f7b3ce43fb6f7f216d6b21de5a SHA512 b1dc1fa2663c5bd9b051353e6c18ece48460c2de4aff3b6f13672e0aa08e651462af4dae38a2821367728e503ade577218d2645f8c0a96c85e77226ee77ac1a6 +AUX cyrus-sasl-2.1.25-fix_heimdal.patch 465 BLAKE2B 63a7eac7a5a36010d73be0d522a83036125025f8996e555ca31291826fb8d9455b4eabce816a0db5056033c6ab36df74a01d572acfbf9443b3cc30e5c382bdec SHA512 fcf498e70069205d07a5bd4de781d2005d762faca620a39094c9e3885bc1208b7bac499bb959ab91cf09a927476ce80ea995ba701dfa35f6c7404382a9549492 +AUX cyrus-sasl-2.1.25-missing_header.patch 224 BLAKE2B 5b42d952bf72e8886fd0e6f470cf0e23aca49942d31698aac9e271884b95fa4ab3f49d539a3dfe34d08c734c7f5a13c5063d5169c1ae73c6c788692d7ab4316f SHA512 6da051b45a47db2852d9ff0fdb1bfeb28b7f4d1fa450a9e15d96a67c4b9d3f376cb8dc1c544b5e9e6e1354a85965001e87306a821b7e48437db702a7a16d574e AUX cyrus-sasl-2.1.25-saslauthd_libtool.patch 280 BLAKE2B d65e15151232a0c8812b4ba48d796c1948965525f092dff1c0f70bc19bbfe2318355a54d8e1ae6d6ebd955adccd19f5487e4f0c4c519be7cf7f047d230740f1f SHA512 1e79230a3891f1492c7d6f5969f6a4890aaae2f488e9f3942cafeda574bf8810c4fb3e004836f769244db02bae663fa3ac1eeca19658e6fd3c94f2a891ed2653 AUX cyrus-sasl-2.1.25-sasldb_al.patch 555 BLAKE2B 27a9ca344098a361bdf2aa5089c87e48d8e7717f7c97b965d8e8eda8b00629fbce9d9aebabb4c02f59ffdf50bcdb667dc3fb7bbadd140eac8e3363321a033fb6 SHA512 2da553298b482ca3115294de7264428925911f8d1b6a15ae1af38ee7e0a3191a0f4ad90bcbaeef599c994842a86eea5157b663cb6944f035d9a377dba91dbbf0 -AUX cyrus-sasl-2.1.25-service_keytabs.patch 932 BLAKE2B bef7c27d8bcb67e966ed770a43fb29b97e24f31809dc29ea12971466cb6f21111d0d80f70cb46c0f98a6d45772fdaddf35be4f25cb484748007ac001fbbc2974 SHA512 bd5ceebfe1b8f72d275db487a6f11bbb8e6f20f3b44c05040fd9d0bb5c72e656f2c8f22924fecaa9c268e50d54d272f25f4a5a3b72ca49d1c23ef9f178d00733 +AUX cyrus-sasl-2.1.25-service_keytabs.patch 796 BLAKE2B f41ec0639e0c592dbeb78ac41f85f517742056dacf151a502ac0c4978045d56b3f7e09753ba40c7e2bd05c316409ec46850e5e3683f6c19330c0cab2c207de67 SHA512 1635c20938d7dcfc53f5bf2d48881846e9167d27883eaa8eff8715ce6cebba7307aa0e44d9264f42a8c8d6a1485885b0661a7821703127d8d0f147e44e4a4267 AUX cyrus-sasl-2.1.26-CVE-2013-4122.patch 3838 BLAKE2B 5a124ef7e4af8749881339a30e66286b83462e10113b51168fd3d67ca77dac34506293fd949688731ea51e8b857157cef6ef071a6828aabf2d16a82f7c0d725e SHA512 3df09f16dc2f4efc601339743eb6e66087977fae4e174aa82c4abb7f85a77aa9eb98629837079236446ef3b494fb48931c9dc8850362a49615749e162b4699c8 AUX cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch 284 BLAKE2B 77ce4733f92515a98a8f74c68c7e7479d9f0f84302d91d9c3b0e92230f644d59a74588113447320c389c7e48768415f26dbb62fa1a48f3b283b739657f141350 SHA512 f3b789b7dea3f6a51fca6fd1877c81b5f5a3be342fa5c90ddae98a822e0c2a71e8fa582c6cb60c696363aa5cb99db8609cd6b3a91c5d402a0ad1e6124c726f5f -AUX cyrus-sasl-2.1.26-fix_dovecot_authentication.patch 2603 BLAKE2B 1c37d595841da820ee244f6649d4fc9d3e7f68a7024efe3273eb5e53c9f0066f51d531d9b74bc2c080227c115ddb2f107a01455af3c88a25e9053ddee0d399e2 SHA512 4244015451dfd41443a0cf8b56ae19a1dfb550e374fcdc37dc091a54f73ab36818c25fe96f7837e3ddfe5c7952d309a5b51bedfe0b7c7f1dec8ecf15f067acda -AUX cyrus-sasl-2.1.26-missing-size_t.patch 348 BLAKE2B 7d98d1e13cd9abc766c94ec1cbc3c7d58df1f900395a5e5e28f18c2a056e06f89e7c7209115d5d3efdcd7b3f9b698c7a9c51f25d2cf136e975f2ef2d162c4f1d SHA512 026183880caa504af9dda5fb93a6f47a159c7ab6af79463bc512709681dd260489411b8b8da78a9f8cd260b77ae5d1977854a39de80bc48f3a03e3ffa1b09fb2 +AUX cyrus-sasl-2.1.26-fix_dovecot_authentication.patch 2467 BLAKE2B 83acc34ebe969d2b7cd0868d7811c182181c2588e5973b88c09469e599ae6fbd854762438ce672a4e23d4d0c1000b3da8158b6f1ea2a9428915c472c35aeea94 SHA512 38095e3f6a832893fb1c342f6e19f684a6ee7621fc44b93649b3f301dbc08e2936aba52533ffa97cfd33f320941e19de824e495af26ba628d574548749ef1ade +AUX cyrus-sasl-2.1.26-missing-size_t.patch 280 BLAKE2B d686930b0b04f994ef9f5315ee86e69b61b8e800e192ab45f0b891d3f13a12c2bbd11f99a15533169d0690e9558dcc0327f6632a1a3baaa68679784079884088 SHA512 d6ed3a981da06f60d63b0364d8d841922bb007bf478b67558e88e9b297a4ed7c8eee9501e232d9ca17601f63f6c1cf04962a59c4f0c24fc641868d56006b3616 +AUX cyrus-sasl-2.1.26-openssl-1.1.patch 10798 BLAKE2B 4b304d0767b0467ef8df20ca51d6f64339e7b0eb7204dd630e364fa760c532f54d655365d7c96887e7276d40e42377a546e847827a93487318716dd2438a321e SHA512 8fa8370853d0e1f03b701453f79edf783015b354f221467cb64770d88cd0c7bb56b813a16a3777811082b3a2492699264c0447d254b32d033d2c6eaced19486e AUX cyrus-sasl-2.1.26-send-imap-logout.patch 1897 BLAKE2B 4b817b78cfb81181bc2c57402e2e621ccf1cea346c1460d46e76a605cdbd426aefc0fcae5c18c193dcde1562e8fe16a177ead00b3bc3084c03dd0e2466866ac3 SHA512 b30a4faea9fb66d8fab95a27b8ec87371d3650c5d2d4475449b8cebb223631d1afe9cdebd8c9b076e77bc3d2e2f5c32b24fe9292db26523212a72754cbff9995 AUX cyrus-sasl.conf 34 BLAKE2B f41e1d0d58f484958648cc6f6e2903cf7555f825a1f073b247b4080f575f8508b9a73c9d02c155178d2031019a48ff6300adf60bbb0286a6f7dc710c72f433c3 SHA512 67b9bb97191d091ffc2b8f450ad88a558df304a29651a9a49407c50df0a316666a96e7d1a2ca3ac8ee5e60a58a5d5b618ce963661f4f45049dc6b3ef2cf8099e AUX java.README.gentoo 934 BLAKE2B f3447c8422f07cfc17b5e240d5c2fe894f94118132360dda4a5eb04fa51acab10b13d01fcb68beaf6308926256e7c95c457a43f3f697e0c755c7c08143e6c3f6 SHA512 afcecb94e8e8c427b9491fc21312f4bed2a7d4ecedbbec8fec895cf8ca1e747073979f4415e12d8499eadbc29e8d74c6029f7cdfd7a2cb732454faaa19d52dd4 @@ -23,6 +24,6 @@ AUX saslauthd.service 277 BLAKE2B cf80eaa1e3f7ef854978a458e4b026f3f47891620ac63e AUX saslauthd2.rc7 411 BLAKE2B 7cda36ea03aeea5f8e32c2fd0319a483dae78080fa213fb423bd1545e9d29193ebe077ebe5d15ab5940b2d805cb46a25ad2629757f55d2c40c4acc3f0adfa355 SHA512 1d5942a94ffbc15774443d60a88d4c89c7c3c6ea68b041d304f0110f6ec3aa2a812f59021cddc78de6f51a25bb00955e4e56d769e766a9d856f13774dd37ce83 DIST cyrus-sasl-2.1.26.tar.gz 5220231 BLAKE2B 08fe5c1624e7cccb4b5e562f6987fddd047e1221b671cedbbb684d5a2f39e09a438ad14ffcedb5f398c203ca0b6e23574106c87f43a632028d50a69619c54970 SHA512 78819cb9bb38bea4537d6770d309deeeef09ff44a67526177609d3e1257ff4334d2b5e5131d5a1e4dea7430d8db1918ea9d171f0dee38b5e8337f4b72ed068f0 EBUILD cyrus-sasl-2.1.26-r10.ebuild 7752 BLAKE2B 3b242e93223a6538e456a96f42baae31fc097cfcd198030d0a2f8da4971a30c6e457f35a78f9cf98ba32c523f5edd5184d201c49ed62b8cf6fa328f68caa8da5 SHA512 d111f3ddf99ec9bb1439e3f3894cda00f257f312778475d20ecdb80d469bba2b91c70c6b9b05df0e2c737768469351a770254976d7db9fa0f44c953e35cac3c1 -EBUILD cyrus-sasl-2.1.26-r11.ebuild 8403 BLAKE2B 6b23212c3187228fc5bba149368ff67313a4ef7e902d4bc2f9d894e645a31f0de2798f45c10a392f093d0221aabde050cadae29ca71b6fb78e36eab35463918a SHA512 796e8c3c834a5add924aecc6fd5b3ddc9204621198b6a20c39286aa719df58ea9ca14f551ef8da946aec1bbb1915fd8fc52072be841a77e7b714389a1eb2371e +EBUILD cyrus-sasl-2.1.26-r11.ebuild 8389 BLAKE2B 9d185734b523dd8b700299b351633f9e77ee2000f8626343af4032d749fb474e599f8c79c7eb538b8276edc64f925280afddc1d924efa2136f6112c9edbfe78d SHA512 cd9d13a2c9505a636d2d4836fd9f4ff14dc624ce1d10bf64a1185c73d5c33bfd4404cc72da46317833ef7b82180c0f3a12625cef8c4ed2a5055f12540f6d21aa EBUILD cyrus-sasl-2.1.26-r9.ebuild 7662 BLAKE2B 8a7b96ca43d133164a9818727486f2d15bd6f66d66e083dee2ac0a8d83c921a86e3e1f34dfa04689c81b5227cf80f06d1fea3c1da74b48c828e4a31f51b67c9e SHA512 6515a66682bc8c0d18b13a3cc540d00f07d26374a6bbefdcb6c974b3184164cfcce80e965b29bc10e81345e2abb8c04eb7edb21adf4097af741d5df1557ae04d MISC metadata.xml 706 BLAKE2B a5682e5daac9c1a7a3a021989ae9ca856bb08c9eb0ba3a71070b7150cccc7ddfcd1d3d0fe1df33e688d0223ab7fb760ae028e4753523b28a4cedcb625c899d73 SHA512 1e7495deff4727296d29b25b7af535c0b36054b9172763ca8634b40f324dbc33697424a7e5565791c3131def3708c9ffb7e3e2362cbd8b334d650921fc2291ce diff --git a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r11.ebuild b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r11.ebuild index 582c8463da1e..f7cccc351ba2 100644 --- a/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r11.ebuild +++ b/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r11.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=5 +EAPI=6 -inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd +inherit flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd SASLAUTHD_CONF_VER="2.1.26" @@ -58,6 +58,7 @@ PATCHES=( "${FILESDIR}/${PN}-2.1.26-send-imap-logout.patch" "${FILESDIR}/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch" "${FILESDIR}/${PN}-2.1.26-fix_dovecot_authentication.patch" + "${FILESDIR}/${PN}-2.1.26-openssl-1.1.patch" #592528 ) pkg_setup() { @@ -65,7 +66,7 @@ pkg_setup() { } src_prepare() { - epatch "${PATCHES[@]}" + default # Get rid of the -R switch (runpath_switch for Sun) # >=gcc-4.6 errors out with unknown option @@ -103,73 +104,66 @@ multilib_src_configure() { # Java support. multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}" - local myconf=() - - # Add authdaemond support (bug #56523). - if use authdaemond ; then - myconf+=( --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket ) - fi - - # Fix for bug #59634. - if ! use ssl ; then - myconf+=( --without-des ) - fi + local myeconfargs=( + --enable-login + --enable-ntlm + --enable-auth-sasldb + --disable-cmulocal + --disable-krb4 + --disable-macos-framework + --enable-otp + --without-sqlite + --with-saslauthd="${EPREFIX}"/run/saslauthd + --with-pwcheck="${EPREFIX}"/run/saslauthd + --with-configdir="${EPREFIX}"/etc/sasl2 + --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 + --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 + $(use_with ssl openssl) + $(use_with pam) + $(use_with openldap ldap) + $(use_enable ldapdb) + $(multilib_native_use_enable sample) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable java) + $(multilib_native_use_with java javahome ${JAVA_HOME}) + $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) + $(multilib_native_use_with postgres pgsql) + $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) + $(use_enable srp) + $(use_enable static-libs static) + + # Add authdaemond support (bug #56523). + $(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '') + + # Fix for bug #59634. + $(usex ssl '' --without-des) + + # Use /dev/urandom instead of /dev/random (bug #46038). + $(usex urandom --with-devrandom=/dev/urandom '') + ) if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then - myconf+=( --enable-sql ) + myeconfargs+=( --enable-sql ) else - myconf+=( --disable-sql ) + myeconfargs+=( --disable-sql ) fi # Default to GDBM if both 'gdbm' and 'berkdb' are present. if use gdbm ; then einfo "Building with GNU DB as database backend for your SASLdb" - myconf+=( --with-dblib=gdbm ) + myeconfargs+=( --with-dblib=gdbm ) elif use berkdb ; then einfo "Building with BerkeleyDB as database backend for your SASLdb" - myconf+=( + myeconfargs+=( --with-dblib=berkeley --with-bdb-incdir="$(db_includedir)" ) else einfo "Building without SASLdb support" - myconf+=( --with-dblib=none ) - fi - - # Use /dev/urandom instead of /dev/random (bug #46038). - if use urandom ; then - myconf+=( --with-devrandom=/dev/urandom ) + myeconfargs+=( --with-dblib=none ) fi - ECONF_SOURCE=${S} \ - econf \ - --enable-login \ - --enable-ntlm \ - --enable-auth-sasldb \ - --disable-cmulocal \ - --disable-krb4 \ - --disable-macos-framework \ - --enable-otp \ - --without-sqlite \ - --with-saslauthd="${EPREFIX}"/run/saslauthd \ - --with-pwcheck="${EPREFIX}"/run/saslauthd \ - --with-configdir="${EPREFIX}"/etc/sasl2 \ - --with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2 \ - --with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2 \ - $(use_with ssl openssl) \ - $(use_with pam) \ - $(use_with openldap ldap) \ - $(use_enable ldapdb) \ - $(multilib_native_use_enable sample) \ - $(use_enable kerberos gssapi) \ - $(multilib_native_use_enable java) \ - $(multilib_native_use_with java javahome ${JAVA_HOME}) \ - $(multilib_native_use_with mysql mysql "${EPREFIX}"/usr) \ - $(multilib_native_use_with postgres pgsql) \ - $(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir)) \ - $(use_enable srp) \ - $(use_enable static-libs static) \ - "${myconf[@]}" + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" } multilib_src_compile() { @@ -215,7 +209,9 @@ multilib_src_install_all() { dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt newdoc pwcheck/README README.pwcheck - dohtml doc/*.html + + docinto html + dodoc doc/*.html docinto "saslauthd" dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README} @@ -233,8 +229,9 @@ multilib_src_install_all() { # The get_modname bit is important: do not remove the .la files on # platforms where the lib isn't called .so for cyrus searches the .la to # figure out what the name is supposed to be instead - use static-libs || [[ $(get_modname) != .so ]] || \ - prune_libtool_files --modules + if ! use static-libs && [[ $(get_modname) == .so ]] ; then + find "${ED}" -name "*.la" -delete || die + fi } pkg_postinst () { diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch index 9eeab1b42ff9..beea8eb28d19 100644 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch @@ -1,6 +1,6 @@ Gentoo bug #389349 ---- cmulocal/sasl2.m4 2009-04-28 17:09:13.000000000 +0200 -+++ cmulocal/sasl2.m4 2011-11-02 17:55:24.000000000 +0100 +--- a/cmulocal/sasl2.m4 ++++ b/cmulocal/sasl2.m4 @@ -217,7 +217,11 @@ [AC_WARN([Cybersafe define not found])]) diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch index abf0df2568c6..92be26003488 100644 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch @@ -1,7 +1,7 @@ Fix compiling against heimdal ---- sample/server.c 2010-12-01 14:52:55.000000000 +0000 -+++ sample/server.c 2011-11-30 14:54:42.000000000 +0000 +--- a/sample/server.c ++++ b/sample/server.c @@ -85,8 +85,10 @@ #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE @@ -13,8 +13,8 @@ Fix compiling against heimdal #include "common.h" ---- plugins/gssapi.c 2011-05-11 19:25:55.000000000 +0000 -+++ plugins/gssapi.c 2011-11-30 14:54:33.000000000 +0000 +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c @@ -50,6 +50,9 @@ #else #include <gssapi/gssapi.h> diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch index 597d45a76795..a413e00bf428 100644 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch @@ -1,5 +1,5 @@ ---- pwcheck/pwcheck_getspnam.c 1999-08-26 19:22:44.000000000 +0300 -+++ pwcheck/pwcheck_getspnam.c 2011-11-30 13:22:24.601023316 +0200 +--- a/pwcheck/pwcheck_getspnam.c ++++ b/pwcheck/pwcheck_getspnam.c @@ -24,6 +24,7 @@ ******************************************************************/ diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch index 117e8eb88802..43b6162a66f0 100644 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch @@ -1,6 +1,6 @@ Bug #445932 ---- cmulocal/sasl2.m4 2011-09-02 12:58:00.000000000 +0000 -+++ cmulocal/sasl2.m4 2012-12-05 08:37:16.425811319 +0000 +--- a/cmulocal/sasl2.m4 ++++ b/cmulocal/sasl2.m4 @@ -268,7 +268,11 @@ cmu_save_LIBS="$LIBS" @@ -14,8 +14,8 @@ Bug #445932 AC_CHECK_FUNCS(gss_decapsulate_token) AC_CHECK_FUNCS(gss_encapsulate_token) AC_CHECK_FUNCS(gss_oid_equal) ---- plugins/gssapi.c 2012-12-05 09:03:31.000220161 +0000 -+++ plugins/gssapi.c 2012-12-05 09:01:55.043380204 +0000 +--- a/plugins/gssapi.c ++++ b/plugins/gssapi.c @@ -50,7 +50,7 @@ #else #include <gssapi/gssapi.h> diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch index 46bbdd1ca1a0..6fc9de80287e 100644 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch @@ -1,6 +1,6 @@ Bug #510320 ---- saslauthd/auth_rimap.c 2012-10-12 14:05:48.000000000 +0000 -+++ saslauthd/auth_rimap.c 2014-05-15 05:23:02.000000000 +0000 +--- a/saslauthd/auth_rimap.c ++++ b/saslauthd/auth_rimap.c @@ -371,7 +371,7 @@ if ( rc>0 ) { /* check if there is more to read */ @@ -65,8 +65,8 @@ Bug #510320 rc += ret; } } ---- lib/checkpw.c 2012-01-27 23:31:36.000000000 +0000 -+++ lib/checkpw.c 2014-05-15 05:19:35.000000000 +0000 +--- a/lib/checkpw.c ++++ b/lib/checkpw.c @@ -587,16 +587,14 @@ /* Timeout. */ errno = ETIMEDOUT; diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch index 42f20fb8096b..0177b52567f2 100644 --- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch @@ -1,6 +1,6 @@ Gentoo bug #458790 ---- include/sasl.h 2012-10-12 17:05:48.000000000 +0300 -+++ include/sasl.h 2013-02-23 16:56:44.648786268 +0200 +--- a/include/sasl.h ++++ b/include/sasl.h @@ -121,6 +121,9 @@ #ifndef SASL_H #define SASL_H 1 diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch new file mode 100644 index 000000000000..3b0ffac24f0c --- /dev/null +++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch @@ -0,0 +1,353 @@ +diff --git a/plugins/ntlm.c b/plugins/ntlm.c +index 79ea47c..554a00d 100644 +--- a/plugins/ntlm.c ++++ b/plugins/ntlm.c +@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char *P24, unsigned char *P21, + return P24; + } + ++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return HMAC_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ HMAC_CTX_free(ctx); ++#else ++ HMAC_cleanup(ctx); ++ utils->free(ctx); ++#endif ++} ++ + static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const char *authid, const char *target, + const unsigned char *challenge, +@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const sasl_utils_t *utils, + char **buf, unsigned *buflen, int *result) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx = NULL; + unsigned char hash[EVP_MAX_MD_SIZE]; + char *upper; + unsigned int len; +@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + SETERROR(utils, "cannot allocate NTLMv2 hash"); + *result = SASL_NOMEM; + } ++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate HMAC CTX"); ++ *result = SASL_NOMEM; ++ } + else { + /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ + P16_nt(hash, passwd, utils, buf, buflen, result); +@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); + + /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ +- HMAC_Init(&ctx, hash, len, EVP_md5()); +- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); +- HMAC_Update(&ctx, blob, bloblen); +- HMAC_Final(&ctx, V2, &len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); ++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); ++ HMAC_Update(ctx, blob, bloblen); ++ HMAC_Final(ctx, V2, &len); + + /* the blob is concatenated outside of this function */ + + *result = SASL_OK; + } + ++ if (ctx) _plug_HMAC_CTX_free(ctx, utils); ++ + return V2; + } + +diff --git a/plugins/otp.c b/plugins/otp.c +index dd73065..d1e9bf4 100644 +--- a/plugins/otp.c ++++ b/plugins/otp.c +@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_options[] = { + {NULL, 0, NULL} + }; + ++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return EVP_MD_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(ctx); ++#else ++ utils->free(ctx); ++#endif ++} ++ + /* Convert the binary data into ASCII hex */ + void bin2hex(unsigned char *bin, int binlen, char *hex) + { +@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int binlen, char *hex) + * swabbing bytes if necessary. + */ + static void otp_hash(const EVP_MD *md, char *in, size_t inlen, +- unsigned char *out, int swab) ++ unsigned char *out, int swab, EVP_MD_CTX *mdctx) + { +- EVP_MD_CTX mdctx; + char hash[EVP_MAX_MD_SIZE]; + unsigned int i; + int j; + unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, in, inlen); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, in, inlen); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* Fold the result into 64 bits */ + for (i = OTP_HASH_SIZE; i < hashlen; i++) { +@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils_t *utils, + char *secret, char *otp) + { + const EVP_MD *md; +- char *key; ++ EVP_MD_CTX *mdctx = NULL; ++ char *key = NULL; ++ int r = SASL_OK; + + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, +@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils_t *utils, + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ r = SASL_NOMEM; ++ goto done; ++ } ++ + if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { + SETERROR(utils, "cannot allocate OTP key"); +- return SASL_NOMEM; ++ r = SASL_NOMEM; ++ goto done; + } + + /* initial step */ + strcpy(key, seed); + strcat(key, secret); +- otp_hash(md, key, strlen(key), otp, alg->swab); ++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); + + /* computation step */ + while (seq-- > 0) +- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); ++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); + +- utils->free(key); ++ done: ++ if (key) utils->free(key); ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); + +- return SASL_OK; ++ return r; + } + + static int parse_challenge(const sasl_utils_t *utils, +@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg1, const void *arg2) + + /* Convert the 6 words into binary data */ + static int word2bin(const sasl_utils_t *utils, +- char *words, unsigned char *bin, const EVP_MD *md) ++ char *words, unsigned char *bin, const EVP_MD *md, ++ EVP_MD_CTX *mdctx) + { + int i, j; + char *c, *word, buf[OTP_RESPONSE_MAX+1]; +@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *utils, + + /* alternate dictionary */ + if (alt_dict) { +- EVP_MD_CTX mdctx; + char hash[EVP_MAX_MD_SIZE]; + int hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, word, strlen(word)); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, word, strlen(word)); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* use lowest 11 bits */ + x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; +@@ -802,6 +834,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + char *response) + { + const EVP_MD *md; ++ EVP_MD_CTX *mdctx = NULL; + char *c; + int do_init = 0; + unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; +@@ -815,6 +848,11 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ return SASL_NOMEM; ++ } ++ + /* eat leading whitespace */ + c = response; + while (isspace((int) *c)) c++; +@@ -824,7 +862,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); + } + else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { +- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); + } + else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, + strlen(OTP_INIT_HEX_TYPE))) { +@@ -834,7 +872,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { + do_init = 1; +- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); + } + else { + SETERROR(utils, "unknown OTP extended response type"); +@@ -843,14 +881,14 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + } + else { + /* standard response, try word first, and then hex */ +- r = word2bin(utils, c, cur_otp, md); ++ r = word2bin(utils, c, cur_otp, md, mdctx); + if (r != SASL_OK) + r = hex2bin(c, cur_otp, OTP_HASH_SIZE); + } + + if (r == SASL_OK) { + /* do one more hash (previous otp) and compare to stored otp */ +- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); ++ otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab, mdctx); + + if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { + /* update the secret with this seq/otp */ +@@ -879,23 +917,28 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + *new_resp++ = '\0'; + } + +- if (!(new_chal && new_resp)) +- return SASL_BADAUTH; ++ if (!(new_chal && new_resp)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) + != SASL_OK) { +- return r; ++ goto done; + } + +- if (seq < 1 || !strcasecmp(seed, text->seed)) +- return SASL_BADAUTH; ++ if (seq < 1 || !strcasecmp(seed, text->seed)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + /* find the MDA */ + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, + "OTP algorithm %s is not available", + alg->evp_name); +- return SASL_BADAUTH; ++ r = SASL_BADAUTH; ++ goto done; + } + + if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { +@@ -903,7 +946,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + } + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { +- r = word2bin(utils, new_resp, new_otp, md); ++ r = word2bin(utils, new_resp, new_otp, md, mdctx); + } + + if (r == SASL_OK) { +@@ -914,7 +957,10 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils, + memcpy(text->otp, new_otp, OTP_HASH_SIZE); + } + } +- ++ ++ done: ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); ++ + return r; + } + +@@ -1443,8 +1489,10 @@ int otp_server_plug_init(const sasl_utils_t *utils, + *pluglist = otp_server_plugins; + *plugcount = 1; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* Add all digests */ + OpenSSL_add_all_digests(); ++#endif + + return SASL_OK; + } +@@ -1844,8 +1892,10 @@ int otp_client_plug_init(sasl_utils_t *utils, + *pluglist = otp_client_plugins; + *plugcount = 1; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* Add all digests */ + OpenSSL_add_all_digests(); ++#endif + + return SASL_OK; + } +--- a/saslauthd/lak.c ++++ b/saslauthd/lak.c +@@ -729,7 +729,7 @@ int lak_init( + return rc; + } + +-#ifdef HAVE_OPENSSL ++#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_digests(); + #endif + |