diff --git a/libs/cyrus-sasl/cyrus-sasl-2.1.26-fixes-3.patch b/libs/cyrus-sasl/cyrus-sasl-2.1.26-fixes-3.patch new file mode 100644 index 00000000..d13b8725 --- /dev/null +++ b/libs/cyrus-sasl/cyrus-sasl-2.1.26-fixes-3.patch @@ -0,0 +1,774 @@ +Submitted By: Armin K. +Date: 2014-08-24 +Initial Package Version: 2.1.26 +Upstream Status: Unknown +Origin: Debian and Gentoo +Description: Various package fixes, including autotools fixes, plugin fixes, security fixes, parallel build fixes, etc. + +--- a/cmulocal/sasl2.m4 2012-11-06 20:14:29.000000000 +0100 ++++ b/cmulocal/sasl2.m4 2014-08-24 00:06:33.965346597 +0200 +@@ -112,9 +112,6 @@ + fi + + if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then +- # check for libkrb5support first +- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) +- + gss_failed=0 + AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, + ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) +@@ -269,6 +266,7 @@ + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" + AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) ++ AC_CHECK_FUNCS(krb5_gss_register_acceptor_identity) + AC_CHECK_FUNCS(gss_decapsulate_token) + AC_CHECK_FUNCS(gss_encapsulate_token) + AC_CHECK_FUNCS(gss_oid_equal) +--- a/config/kerberos_v4.m4 2012-01-28 00:31:36.000000000 +0100 ++++ b/config/kerberos_v4.m4 2014-08-24 00:06:33.968346643 +0200 +@@ -89,18 +89,18 @@ + dnl if we were ambitious, we would look more aggressively for the + dnl krb4 install + if test -d ${krb4}; then +- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ ++ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [ + for krbhloc in include/kerberosIV include/kerberos include + do + if test -f ${krb4}/${krbhloc}/krb.h ; then +- cyrus_krbinclude=${krb4}/${krbhloc} ++ cyrus_cv_krbinclude=${krb4}/${krbhloc} + break + fi + done + ]) + +- if test -n "${cyrus_krbinclude}"; then +- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" ++ if test -n "${cyrus_cv_krbinclude}"; then ++ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}" + fi + LDFLAGS="$LDFLAGS -L$krb4/lib" + fi +--- a/config.h.in 2012-11-06 20:20:59.000000000 +0100 ++++ b/config.h.in 2014-08-24 00:06:33.969346659 +0200 +@@ -126,6 +126,10 @@ + */ + #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY + ++/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function. ++ */ ++#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY ++ + /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ + #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE + +--- a/configure.in 2012-10-12 16:05:48.000000000 +0200 ++++ b/configure.in 2014-08-24 00:06:46.492540015 +0200 +@@ -44,6 +44,8 @@ + AC_INIT(lib/saslint.h) + AC_PREREQ([2.54]) + ++AC_CONFIG_MACRO_DIR([cmulocal], [config]) ++ + dnl use ./config.cache as the default cache file. + dnl we require a cache file to successfully configure our build. + if test $cache_file = "/dev/null"; then +@@ -62,9 +64,6 @@ + AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.26) + CMU_INIT_AUTOMAKE + +-# and include our config dir scripts +-ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" +- + DIRS="" + + AC_ARG_ENABLE(cmulocal, +@@ -861,9 +860,9 @@ + notfound) AC_WARN([SQLite Library not found]); true;; + *) + if test -d ${with_sqlite}/lib; then +- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" ++ LIB_SQLITE="-L${with_sqlite}/lib" + else +- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" ++ LIB_SQLITE="-L${with_sqlite}" + fi + + LIB_SQLITE_DIR=$LIB_SQLITE +@@ -913,9 +912,9 @@ + notfound) AC_WARN([SQLite3 Library not found]); true;; + *) + if test -d ${with_sqlite3}/lib; then +- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" ++ LIB_SQLITE3="-L${with_sqlite3}/lib" + else +- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" ++ LIB_SQLITE3="-L${with_sqlite3}" + fi + + LIB_SQLITE3_DIR=$LIB_SQLITE3 +@@ -1412,10 +1411,9 @@ + #endif /* CONFIG_H */ + ]) + +-AM_CONFIG_HEADER(config.h) ++AC_CONFIG_HEADERS(config.h) + + AC_OUTPUT(Makefile +-libsasl2.pc + include/Makefile + sasldb/Makefile + plugins/Makefile +--- a/include/sasl.h 2012-10-12 16:05:48.000000000 +0200 ++++ b/include/sasl.h 2014-08-24 00:06:33.970346674 +0200 +@@ -223,6 +223,8 @@ + * they must be called before all other SASL functions: + */ + ++#include ++ + /* memory allocation functions which may optionally be replaced: + */ + typedef void *sasl_malloc_t(size_t); +--- a/java/CyrusSasl/Makefile.am 2012-01-28 00:31:36.000000000 +0100 ++++ b/java/CyrusSasl/Makefile.am 2014-08-24 00:06:33.970346674 +0200 +@@ -28,7 +28,7 @@ + javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl + javahtmldir = $(prefix)/html/sasl + +-INCLUDES=-I$(top_srcdir)/include $(JAVA_INCLUDES) ++AM_CPPFLAGS=-I$(top_srcdir)/include $(JAVA_INCLUDES) + + javasasl_JAVA = Sasl.java GenericClient.java \ + ClientFactory.java \ +--- a/lib/auxprop.c 2012-01-28 00:31:36.000000000 +0100 ++++ b/lib/auxprop.c 2014-08-24 00:06:33.971346690 +0200 +@@ -43,6 +43,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -970,6 +971,10 @@ + } + + if(!found) { ++ /* compatibility with <= 2.1.23, ignore the lack of auxrop plugin */ ++ if (!plist) ++ result = SASL_OK; ++ else + _sasl_log(sparams->utils->conn, SASL_LOG_DEBUG, + "could not find auxprop plugin, was searching for '%s'", + plist ? plist : "[all]"); +--- a/lib/dlopen.c 2012-01-28 00:31:36.000000000 +0100 ++++ b/lib/dlopen.c 2014-08-24 00:06:33.971346690 +0200 +@@ -247,105 +247,6 @@ + return result; + } + +-/* this returns the file to actually open. +- * out should be a buffer of size PATH_MAX +- * and may be the same as in. */ +- +-/* We'll use a static buffer for speed unless someone complains */ +-#define MAX_LINE 2048 +- +-static int _parse_la(const char *prefix, const char *in, char *out) +-{ +- FILE *file; +- size_t length; +- char line[MAX_LINE]; +- char *ntmp = NULL; +- +- if(!in || !out || !prefix || out == in) return SASL_BADPARAM; +- +- /* Set this so we can detect failure */ +- *out = '\0'; +- +- length = strlen(in); +- +- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) { +- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) { +- /* check for a .la file */ +- strcpy(line, prefix); +- strcat(line, in); +- length = strlen(line); +- *(line + (length - strlen(SO_SUFFIX))) = '\0'; +- strcat(line, LA_SUFFIX); +- file = fopen(line, "r"); +- if(file) { +- /* We'll get it on the .la open */ +- fclose(file); +- return SASL_FAIL; +- } +- } +- strcpy(out, prefix); +- strcat(out, in); +- return SASL_OK; +- } +- +- strcpy(line, prefix); +- strcat(line, in); +- +- file = fopen(line, "r"); +- if(!file) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "unable to open LA file: %s", line); +- return SASL_FAIL; +- } +- +- while(!feof(file)) { +- if(!fgets(line, MAX_LINE, file)) break; +- if(line[strlen(line) - 1] != '\n') { +- _sasl_log(NULL, SASL_LOG_WARN, +- "LA file has too long of a line: %s", in); +- return SASL_BUFOVER; +- } +- if(line[0] == '\n' || line[0] == '#') continue; +- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) { +- /* We found the line with the name in it */ +- char *end; +- char *start; +- size_t len; +- end = strrchr(line, '\''); +- if(!end) continue; +- start = &line[sizeof("dlname=")-1]; +- len = strlen(start); +- if(len > 3 && start[0] == '\'') { +- ntmp=&start[1]; +- *end='\0'; +- /* Do we have dlname="" ? */ +- if(ntmp == end) { +- _sasl_log(NULL, SASL_LOG_DEBUG, +- "dlname is empty in .la file: %s", in); +- return SASL_FAIL; +- } +- strcpy(out, prefix); +- strcat(out, ntmp); +- } +- break; +- } +- } +- if(ferror(file) || feof(file)) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "Error reading .la: %s\n", in); +- fclose(file); +- return SASL_FAIL; +- } +- fclose(file); +- +- if(!(*out)) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "Could not find a dlname line in .la file: %s", in); +- return SASL_FAIL; +- } +- +- return SASL_OK; +-} + #endif /* DO_DLOPEN */ + + /* loads a plugin library */ +@@ -499,18 +400,18 @@ + if (length + pos>=PATH_MAX) continue; /* too big */ + + if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)), +- SO_SUFFIX) +- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)), +- LA_SUFFIX)) ++ SO_SUFFIX)) + continue; + ++ /* We only use .so files for loading plugins */ ++ + memcpy(name,dir->d_name,length); + name[length]='\0'; + +- result = _parse_la(prefix, name, tmp); +- if(result != SASL_OK) +- continue; +- ++ /* Create full name with path */ ++ strncpy(tmp, prefix, PATH_MAX); ++ strncat(tmp, name, PATH_MAX); ++ + /* skip "lib" and cut off suffix -- + this only need be approximate */ + strcpy(plugname, name + 3); +--- a/lib/Makefile.am 2012-10-12 16:05:48.000000000 +0200 ++++ b/lib/Makefile.am 2014-08-24 00:06:33.971346690 +0200 +@@ -45,7 +45,7 @@ + # CURRENT:REVISION:AGE + sasl_version = 3:0:0 + +-INCLUDES=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb ++AM_CPPFLAGS=-DLIBSASL_EXPORTS=1 -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb + + EXTRA_DIST = windlopen.c staticopen.h NTMakefile + EXTRA_LIBRARIES = libsasl2.a +@@ -64,8 +64,8 @@ + lib_LTLIBRARIES = libsasl2.la + + libsasl2_la_SOURCES = $(common_sources) $(common_headers) +-libsasl2_la_LDFLAGS = -version-info $(sasl_version) +-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) ++libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions ++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions + libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) + + if MACOSX +@@ -80,7 +80,7 @@ + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ +--- a/Makefile.am 2012-10-12 16:05:48.000000000 +0200 ++++ b/Makefile.am 2014-08-24 00:06:46.492540015 +0200 +@@ -43,6 +43,14 @@ + # + ################################################################ + ++do_subst = sed -e 's,[@]LIB_DOOR[@],$(LIB_DOOR),g' \ ++ -e 's,[@]SASL_DL_LIB[@],$(SASL_DL_LIB),g' \ ++ -e 's,[@]LIBS[@],$(LIBS),g' \ ++ -e 's,[@]VERSION[@],$(VERSION),g' \ ++ -e 's,[@]libdir[@],$(libdir),g' ++ ++ACLOCAL_AMFLAGS = -I cmulocal -I config ++ + if SASLAUTHD + SAD = saslauthd + else +@@ -76,6 +84,10 @@ + pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = libsasl2.pc + ++libsasl2.pc: $(srcdir)/libsasl2.pc.in Makefile ++ rm -f $@ ++ $(do_subst) < $(srcdir)/libsasl2.pc.in > $@ ++ + dist-hook: + @find $(distdir) -exec chmod o+w {} ';' + @find $(distdir) -name CVS -print | xargs -t rm -rf +--- a/plugins/gssapi.c 2012-01-28 00:31:36.000000000 +0100 ++++ b/plugins/gssapi.c 2014-08-24 00:06:33.972346705 +0200 +@@ -50,6 +50,9 @@ + #else + #include + #endif ++#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY ++#include ++#endif + + #ifdef WIN32 + # include +@@ -1367,7 +1370,7 @@ + }; + + int gssapiv2_server_plug_init( +-#ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY ++#if !defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) && !defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) + const sasl_utils_t *utils __attribute__((unused)), + #else + const sasl_utils_t *utils, +@@ -1377,7 +1380,7 @@ + sasl_server_plug_t **pluglist, + int *plugcount) + { +-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY ++#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) + const char *keytab = NULL; + char keytab_path[1024]; + unsigned int rl; +@@ -1387,7 +1390,7 @@ + return SASL_BADVERS; + } + +-#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY ++#if defined(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY) || defined(HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) + /* unfortunately, we don't check for readability of keytab if it's + the standard one, since we don't know where it is */ + +@@ -1410,7 +1413,12 @@ + + strncpy(keytab_path, keytab, 1024); + ++#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY + gsskrb5_register_acceptor_identity(keytab_path); ++#endif ++#ifdef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY ++ krb5_gss_register_acceptor_identity(keytab_path); ++#endif + } + #endif + +--- a/plugins/ldapdb.c 2012-01-28 00:31:36.000000000 +0100 ++++ b/plugins/ldapdb.c 2014-08-24 00:06:33.972346705 +0200 +@@ -251,6 +251,8 @@ + + #if defined(LDAP_PROXY_AUTHZ_FAILURE) + case LDAP_PROXY_AUTHZ_FAILURE: ++#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE) ++ case LDAP_X_PROXY_AUTHZ_FAILURE: + #endif + case LDAP_INAPPROPRIATE_AUTH: + case LDAP_INVALID_CREDENTIALS: +@@ -404,6 +406,7 @@ + if ( len > out_max ) + len = out_max; + memcpy(out, bvals[0]->bv_val, len); ++ out[len] = '\0'; + *out_ulen = len; + ber_bvecfree(bvals); + } +--- a/plugins/Makefile.am 2012-10-12 16:05:48.000000000 +0200 ++++ b/plugins/Makefile.am 2014-08-24 00:06:33.973346721 +0200 +@@ -49,7 +49,7 @@ + # CURRENT:REVISION:AGE + plugin_version = 3:0:0 + +-INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include ++AM_CPPFLAGS=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include + AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) + + COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ +--- a/pwcheck/Makefile.am 2012-01-28 00:31:36.000000000 +0100 ++++ b/pwcheck/Makefile.am 2014-08-24 00:06:33.973346721 +0200 +@@ -24,7 +24,7 @@ + + sbin_PROGRAMS = pwcheck + +-INCLUDES = -I../include -I../lib ++AM_CPPFLAGS = -I../include -I../lib + + pwcheck_SOURCES = pwcheck.c + EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c +--- a/pwcheck/pwcheck_getpwnam.c 2012-01-28 00:31:36.000000000 +0100 ++++ b/pwcheck/pwcheck_getpwnam.c 2014-08-24 00:06:33.973346721 +0200 +@@ -32,6 +32,7 @@ + char *password; + { + char* r; ++ char* crpt_passwd; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,7 +42,7 @@ + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { ++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { + r = "Incorrect password"; + } + else { +--- a/pwcheck/pwcheck_getspnam.c 2012-01-28 00:31:36.000000000 +0100 ++++ b/pwcheck/pwcheck_getspnam.c 2014-08-24 00:06:33.973346721 +0200 +@@ -24,6 +24,7 @@ + ******************************************************************/ + + #include ++#include + + extern char *crypt(); + +@@ -32,13 +33,15 @@ + char *password; + { + struct spwd *pwd; ++ char *crpt_passwd; + + pwd = getspnam(userid); + if (!pwd) { + return "Userid not found"; + } + +- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { ++ crpt_passwd = crypt(password, pwd->sp_pwdp); ++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { + return "Incorrect password"; + } + else { +--- a/sample/Makefile.am 2012-10-16 15:07:55.000000000 +0200 ++++ b/sample/Makefile.am 2014-08-24 00:06:33.973346721 +0200 +@@ -42,7 +42,7 @@ + # + ################################################################ + +-INCLUDES=-I$(top_srcdir)/include ++AM_CPPFLAGS=-I$(top_srcdir)/include + + noinst_PROGRAMS = client server + EXTRA_PROGRAMS = sample-client sample-server +--- a/saslauthd/auth_getpwent.c 2012-10-12 16:05:48.000000000 +0200 ++++ b/saslauthd/auth_getpwent.c 2014-08-24 00:06:33.974346736 +0200 +@@ -77,6 +77,7 @@ + { + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ ++ char *crpt_passwd; /* encrypted password */ + int errnum; + /* END VARIABLES */ + +@@ -105,7 +106,8 @@ + } + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ crpt_passwd = crypt(password, pw->pw_passwd); ++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); + } +--- a/saslauthd/auth_rimap.c 2012-10-12 16:05:48.000000000 +0200 ++++ b/saslauthd/auth_rimap.c 2014-08-24 00:06:33.974346736 +0200 +@@ -90,6 +90,7 @@ + service we connect to. */ + #define TAG "saslauthd" /* IMAP command tag */ + #define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */ ++#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/ + #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ + #define RESP_LEN 1000 /* size of read response buffer */ + +@@ -307,10 +308,12 @@ + int s=-1; /* socket to remote auth host */ + struct addrinfo *r; /* remote socket address info */ + struct iovec iov[5]; /* for sending LOGIN command */ ++ struct iovec iov2[1]; /* for sending LOGOUT command */ + char *qlogin; /* pointer to "quoted" login */ + char *qpass; /* pointer to "quoted" password */ + char *c; /* scratch pointer */ + int rc; /* return code scratch area */ ++ int rcl; /* return code scratch area */ + char rbuf[RESP_LEN]; /* response read buffer */ + char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; + int saved_errno; +@@ -505,6 +508,24 @@ + } + } + } ++ ++ /* close remote imap */ ++ iov2[0].iov_base = LOGOUT_CMD; ++ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1; ++ iov2[1].iov_base = "\r\n"; ++ iov2[1].iov_len = sizeof("\r\n") - 1; ++ ++ if (flags & VERBOSE) { ++ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s", ++ LOGOUT_CMD, qlogin, qpass); ++ } ++ alarm(NETWORK_IO_TIMEOUT); ++ rcl = retry_writev(s, iov2, 2); ++ alarm(0); ++ if (rcl == -1) { ++ syslog(LOG_WARNING, "auth_rimap: writev logout: %m"); ++ } ++ + (void) close(s); /* we're done with the remote */ + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (response): %m"); +--- a/saslauthd/auth_shadow.c 2012-10-12 16:05:48.000000000 +0200 ++++ b/saslauthd/auth_shadow.c 2014-08-24 00:06:33.974346736 +0200 +@@ -210,8 +210,8 @@ + RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); + } + +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ cpw = crypt(password, sp->sp_pwdp); ++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { + if (flags & VERBOSE) { + /* + * This _should_ reveal the SHADOW_PW_LOCKED prefix to an +@@ -221,10 +221,8 @@ + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO Incorrect password"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -286,7 +284,7 @@ + RETURN("NO Invalid username"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); +--- a/saslauthd/configure.in 2012-10-12 16:05:48.000000000 +0200 ++++ b/saslauthd/configure.in 2014-08-24 00:06:33.975346752 +0200 +@@ -1,7 +1,8 @@ + AC_INIT(mechanisms.h) + AC_PREREQ([2.54]) + +-AC_CONFIG_AUX_DIR(config) ++AC_CONFIG_MACRO_DIR([../cmulocal], [../config]) ++AC_CONFIG_AUX_DIR([config]) + AC_CANONICAL_HOST + + dnl Should we enable SASLAUTHd at all? +@@ -25,6 +26,7 @@ + AC_PROG_MAKE_SET + AC_PROG_LN_S + AC_PROG_INSTALL ++AC_PROG_LIBTOOL + + dnl Checks for build foo + CMU_C___ATTRIBUTE__ +@@ -77,7 +79,7 @@ + AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) + SASL_DB_PATH_CHECK() + SASL_DB_CHECK() +- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" ++ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a" + fi + + AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], +@@ -163,30 +165,30 @@ + + dnl Checks for which function macros exist + AC_MSG_CHECKING(whether $CC implements __func__) +-AC_CACHE_VAL(have_func, ++AC_CACHE_VAL(_cv_have_func, + [AC_TRY_LINK([#include ],[printf("%s", __func__);], +-have_func=yes, +-have_func=no)]) +-AC_MSG_RESULT($have_func) +-if test "$have_func" = yes; then ++_cv_have_func=yes, ++_cv_have_func=no)]) ++AC_MSG_RESULT($_cv_have_func) ++if test "$_cv_have_func" = yes; then + AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) + else + AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) +- AC_CACHE_VAL(have_pretty_function, ++ AC_CACHE_VAL(_cv_have_pretty_function, + [AC_TRY_LINK([#include ],[printf("%s", __PRETTY_FUNCTION__);], +- have_pretty_function=yes, +- have_pretty_function=no)]) +- AC_MSG_RESULT($have_pretty_function) +- if test "$have_pretty_function" = yes; then ++ _cv_have_pretty_function=yes, ++ _cv_have_pretty_function=no)]) ++ AC_MSG_RESULT($_cv_have_pretty_function) ++ if test "$_cv_have_pretty_function" = yes; then + AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) + else + AC_MSG_CHECKING(whether $CC implements __FUNCTION__) +- AC_CACHE_VAL(have_function, ++ AC_CACHE_VAL(_cv_have_function, + [AC_TRY_LINK([#include ],[printf("%s", __FUNCTION__);], +- have_function=yes, +- have_function=no)]) +- AC_MSG_RESULT($have_function) +- if test "$have_function" = yes; then ++ _cv_have_function=yes, ++ _cv_have_function=no)]) ++ AC_MSG_RESULT($_cv_have_function) ++ if test "$_cv_have_function" = yes; then + AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) + fi + fi +--- a/saslauthd/Makefile.am 2012-01-28 00:31:36.000000000 +0100 ++++ b/saslauthd/Makefile.am 2014-08-24 00:06:33.975346752 +0200 +@@ -1,4 +1,6 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config ++ + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + +@@ -16,7 +18,7 @@ + saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@ + saslauthd_LDADD = @SASL_KRB_LIB@ \ + @GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \ +- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ ++ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ + + testsaslauthd_SOURCES = testsaslauthd.c utils.c + testsaslauthd_LDADD = @LIB_SOCKET@ +@@ -25,7 +27,7 @@ + + EXTRA_DIST = saslauthd.8 saslauthd.mdoc config include \ + getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD +-INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include ++AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include + DEFS = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I.. + + +--- a/saslauthd/saslauthd.h.in 2012-11-06 20:21:43.000000000 +0100 ++++ b/saslauthd/saslauthd.h.in 2014-08-24 00:06:33.975346752 +0200 +@@ -62,6 +62,10 @@ + */ + #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY + ++/* Define to 1 if you have the `krb5_gss_register_acceptor_identity' function. ++ */ ++#undef HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY ++ + /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ + #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE + +--- a/sasldb/Makefile.am 2012-01-28 00:31:36.000000000 +0100 ++++ b/sasldb/Makefile.am 2014-08-24 00:06:33.975346752 +0200 +@@ -44,7 +44,7 @@ + # Note that this doesn't necessaraly follow the libsasl2 verison info + sasl_version = 1:25:0 + +-INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ ++AM_CPPFLAGS=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ + + extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c + +@@ -55,14 +55,14 @@ + + libsasldb_la_SOURCES = allockey.c sasldb.h + EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) +-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) +-libsasldb_la_LIBADD = $(SASL_DB_BACKEND) ++libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB) ++libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + + # Prevent make dist stupidity + libsasldb_a_SOURCES = + EXTRA_libsasldb_a_SOURCES = + + libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) +- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) ++ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC) + + +--- a/utils/Makefile.am 2012-01-28 00:31:36.000000000 +0100 ++++ b/utils/Makefile.am 2014-08-24 00:06:33.976346767 +0200 +@@ -89,7 +89,7 @@ + libsfsasl2_la_LIBADD = sfsasl.lo + libsfsasl2_la_LDFLAGS = -version-info 1:0:0 -export-dynamic -rpath $(libdir) + +-INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ ++AM_CPPFLAGS=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ + EXTRA_DIST = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 sfsasl.h sfsasl.c smtptest.c testsuite.c pluginviewer.c NTMakefile + + sfsasl.lo: sfsasl.c +--- a/Versions 1970-01-01 01:00:00.000000000 +0100 ++++ b/Versions 2014-08-24 00:06:33.976346767 +0200 +@@ -0,0 +1,7 @@ ++SASL2 { ++ global: ++ sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*; ++}; ++ ++HIDDEN { local: __*; _rest*; _save*; *; }; ++ diff --git a/libs/cyrus-sasl/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch b/libs/cyrus-sasl/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch new file mode 100644 index 00000000..08a27976 --- /dev/null +++ b/libs/cyrus-sasl/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch @@ -0,0 +1,447 @@ +Submitted By: DJ Lucas +Date: 2017-05-27 +Initial Package Version: 2.1.26 +Upstream Status: Comitted +Origin: https://github.com/cyrusimap/cyrus-sasl/commit/f607d99bf6e3e2074ab925f96765488f29b821ec + https://github.com/cyrusimap/cyrus-sasl/commit/4c8e3f24bb943386a67b4de65bb849f562499dd0 + https://github.com/cyrusimap/cyrus-sasl/commit/652334b7701e9394b195d33183cb7ccd916296e8 + https://github.com/cyrusimap/cyrus-sasl/commit/4f3c6beac5a6db053f1d1309353fde6e653d026c + https://github.com/cyrusimap/cyrus-sasl/commit/68fac2fb7166cb482a405f6c6613bce4c982a77e +Description: Allow to build with OpenSSL-1.1.0. + + +diff -Naurp cyrus-sasl-2.1.26-orig/plugins/ntlm.c cyrus-sasl-2.1.26/plugins/ntlm.c +--- cyrus-sasl-2.1.26-orig/plugins/ntlm.c 2012-01-27 17:31:36.000000000 -0600 ++++ cyrus-sasl-2.1.26/plugins/ntlm.c 2017-05-26 23:42:19.293372476 -0500 +@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char + return P24; + } + ++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return HMAC_CTX_new(); ++#else ++ return utils->malloc(sizeof(HMAC_CTX)); ++#endif ++} ++ ++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ HMAC_CTX_free(ctx); ++#else ++ HMAC_cleanup(ctx); ++ utils->free(ctx); ++#endif ++} ++ + static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const char *authid, const char *target, + const unsigned char *challenge, +@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char * + const sasl_utils_t *utils, + char **buf, unsigned *buflen, int *result) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx = NULL; + unsigned char hash[EVP_MAX_MD_SIZE]; + char *upper; + unsigned int len; +@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char * + SETERROR(utils, "cannot allocate NTLMv2 hash"); + *result = SASL_NOMEM; + } ++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate HMAC CTX"); ++ *result = SASL_NOMEM; ++ } + else { + /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ + P16_nt(hash, passwd, utils, buf, buflen, result); +@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char * + HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); + + /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ +- HMAC_Init(&ctx, hash, len, EVP_md5()); +- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); +- HMAC_Update(&ctx, blob, bloblen); +- HMAC_Final(&ctx, V2, &len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); ++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); ++ HMAC_Update(ctx, blob, bloblen); ++ HMAC_Final(ctx, V2, &len); + + /* the blob is concatenated outside of this function */ + + *result = SASL_OK; + } + ++ if (ctx) _plug_HMAC_CTX_free(ctx, utils); ++ + return V2; + } + +diff -Naurp cyrus-sasl-2.1.26-orig/plugins/otp.c cyrus-sasl-2.1.26/plugins/otp.c +--- cyrus-sasl-2.1.26-orig/plugins/otp.c 2012-10-12 09:05:48.000000000 -0500 ++++ cyrus-sasl-2.1.26/plugins/otp.c 2017-05-26 23:42:19.293372476 -0500 +@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti + {NULL, 0, NULL} + }; + ++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return EVP_MD_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(ctx); ++#else ++ utils->free(ctx); ++#endif ++} ++ + /* Convert the binary data into ASCII hex */ + void bin2hex(unsigned char *bin, int binlen, char *hex) + { +@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin + * swabbing bytes if necessary. + */ + static void otp_hash(const EVP_MD *md, char *in, size_t inlen, +- unsigned char *out, int swab) ++ unsigned char *out, int swab, EVP_MD_CTX *mdctx) + { +- EVP_MD_CTX mdctx; +- char hash[EVP_MAX_MD_SIZE]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned int i; + int j; + unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, in, inlen); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, in, inlen); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* Fold the result into 64 bits */ + for (i = OTP_HASH_SIZE; i < hashlen; i++) { +@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils + char *secret, char *otp) + { + const EVP_MD *md; +- char *key; ++ EVP_MD_CTX *mdctx = NULL; ++ char *key = NULL; ++ int r = SASL_OK; + + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, +@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ r = SASL_NOMEM; ++ goto done; ++ } ++ + if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { + SETERROR(utils, "cannot allocate OTP key"); +- return SASL_NOMEM; ++ r = SASL_NOMEM; ++ goto done; + } + + /* initial step */ + strcpy(key, seed); + strcat(key, secret); +- otp_hash(md, key, strlen(key), otp, alg->swab); ++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); + + /* computation step */ + while (seq-- > 0) +- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); +- +- utils->free(key); ++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); ++ ++ done: ++ if (key) utils->free(key); ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); + +- return SASL_OK; ++ return r; + } + + static int parse_challenge(const sasl_utils_t *utils, +@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg + + /* Convert the 6 words into binary data */ + static int word2bin(const sasl_utils_t *utils, +- char *words, unsigned char *bin, const EVP_MD *md) ++ char *words, unsigned char *bin, const EVP_MD *md, ++ EVP_MD_CTX *mdctx) + { + int i, j; + char *c, *word, buf[OTP_RESPONSE_MAX+1]; +@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t * + + /* alternate dictionary */ + if (alt_dict) { +- EVP_MD_CTX mdctx; +- char hash[EVP_MAX_MD_SIZE]; +- int hashlen; ++ unsigned char hash[EVP_MAX_MD_SIZE]; ++ unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, word, strlen(word)); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, word, strlen(word)); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* use lowest 11 bits */ + x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; +@@ -802,6 +834,7 @@ static int verify_response(server_contex + char *response) + { + const EVP_MD *md; ++ EVP_MD_CTX *mdctx = NULL; + char *c; + int do_init = 0; + unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; +@@ -815,6 +848,11 @@ static int verify_response(server_contex + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ return SASL_NOMEM; ++ } ++ + /* eat leading whitespace */ + c = response; + while (isspace((int) *c)) c++; +@@ -824,7 +862,7 @@ static int verify_response(server_contex + r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); + } + else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { +- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); + } + else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, + strlen(OTP_INIT_HEX_TYPE))) { +@@ -834,7 +872,7 @@ static int verify_response(server_contex + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { + do_init = 1; +- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); + } + else { + SETERROR(utils, "unknown OTP extended response type"); +@@ -843,14 +881,15 @@ static int verify_response(server_contex + } + else { + /* standard response, try word first, and then hex */ +- r = word2bin(utils, c, cur_otp, md); ++ r = word2bin(utils, c, cur_otp, md, mdctx); + if (r != SASL_OK) + r = hex2bin(c, cur_otp, OTP_HASH_SIZE); + } + + if (r == SASL_OK) { + /* do one more hash (previous otp) and compare to stored otp */ +- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); ++ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE, ++ prev_otp, text->alg->swab, mdctx); + + if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { + /* update the secret with this seq/otp */ +@@ -879,23 +918,28 @@ static int verify_response(server_contex + *new_resp++ = '\0'; + } + +- if (!(new_chal && new_resp)) +- return SASL_BADAUTH; ++ if (!(new_chal && new_resp)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) + != SASL_OK) { +- return r; ++ goto done; + } + +- if (seq < 1 || !strcasecmp(seed, text->seed)) +- return SASL_BADAUTH; ++ if (seq < 1 || !strcasecmp(seed, text->seed)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + /* find the MDA */ + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, + "OTP algorithm %s is not available", + alg->evp_name); +- return SASL_BADAUTH; ++ r = SASL_BADAUTH; ++ goto done; + } + + if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { +@@ -903,7 +947,7 @@ static int verify_response(server_contex + } + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { +- r = word2bin(utils, new_resp, new_otp, md); ++ r = word2bin(utils, new_resp, new_otp, md, mdctx); + } + + if (r == SASL_OK) { +@@ -914,7 +958,10 @@ static int verify_response(server_contex + memcpy(text->otp, new_otp, OTP_HASH_SIZE); + } + } +- ++ ++ done: ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); ++ + return r; + } + +diff -Naurp cyrus-sasl-2.1.26-orig/saslauthd/lak.c cyrus-sasl-2.1.26/saslauthd/lak.c +--- cyrus-sasl-2.1.26-orig/saslauthd/lak.c 2012-10-12 09:05:48.000000000 -0500 ++++ cyrus-sasl-2.1.26/saslauthd/lak.c 2017-05-26 23:42:19.293372476 -0500 +@@ -61,6 +61,35 @@ + #include + #include "lak.h" + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ return EVP_MD_CTX_create(); ++} ++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return; ++ ++ EVP_MD_CTX_destroy(ctx); ++} ++ ++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) ++{ ++ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); ++ ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++ return ctx; ++} ++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) ++{ ++ OPENSSL_free(ctx); ++ return; ++} ++#endif ++ + typedef struct lak_auth_method { + int method; + int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ; +@@ -1715,20 +1744,28 @@ static int lak_base64_decode( + + int rc, i, tlen = 0; + char *text; +- EVP_ENCODE_CTX EVP_ctx; ++ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new(); + +- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); + if (text == NULL) + return LAK_NOMEM; + +- EVP_DecodeInit(&EVP_ctx); +- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src)); ++ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); ++ if (text == NULL) { ++ EVP_ENCODE_CTX_free(enc_ctx); ++ return LAK_NOMEM; ++ } ++ ++ EVP_DecodeInit(enc_ctx); ++ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src)); + if (rc < 0) { ++ EVP_ENCODE_CTX_free(enc_ctx); + free(text); + return LAK_FAIL; + } + tlen += i; +- EVP_DecodeFinal(&EVP_ctx, text, &i); ++ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); ++ ++ EVP_ENCODE_CTX_free(enc_ctx); + + *ret = text; + if (rlen != NULL) +@@ -1744,7 +1781,7 @@ static int lak_check_hashed( + { + int rc, clen; + LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock; +- EVP_MD_CTX mdctx; ++ EVP_MD_CTX *mdctx; + const EVP_MD *md; + unsigned char digest[EVP_MAX_MD_SIZE]; + char *cred; +@@ -1753,17 +1790,24 @@ static int lak_check_hashed( + if (!md) + return LAK_FAIL; + ++ mdctx = EVP_MD_CTX_new(); ++ if (!mdctx) ++ return LAK_NOMEM; ++ + rc = lak_base64_decode(hash, &cred, &clen); +- if (rc != LAK_OK) ++ if (rc != LAK_OK) { ++ EVP_MD_CTX_free(mdctx); + return rc; ++ } + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd)); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, passwd, strlen(passwd)); + if (hrock->salted) { +- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)], ++ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)], + clen - EVP_MD_size(md)); + } +- EVP_DigestFinal(&mdctx, digest, NULL); ++ EVP_DigestFinal(mdctx, digest, NULL); ++ EVP_MD_CTX_free(mdctx); + + rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md)); + free(cred); diff --git a/libs/cyrus-sasl/cyrus-sasl.py b/libs/cyrus-sasl/cyrus-sasl.py index 284cce31..ba87d457 100644 --- a/libs/cyrus-sasl/cyrus-sasl.py +++ b/libs/cyrus-sasl/cyrus-sasl.py @@ -1,40 +1,44 @@ import info from Package.CMakePackageBase import * # see http://wiki.mozilla.org/LDAP_C_SDK_SASL_Windows class subinfo(info.infoclass): def setTargets(self): - for ver in ['2.1.26']: - self.targets[ver] = 'ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-' + ver + '.tar.gz' - self.targetInstSrc[ver] = 'cyrus-sasl-' + ver + for ver in ["2.1.26"]: + self.targets[ver] = "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-" + ver + ".tar.gz" + self.targetInstSrc[ver] = "cyrus-sasl-" + ver if CraftCore.compiler.isWindows: - self.patchToApply['2.1.26'] = [('cyrus-sasl-2.1.26.patch', 1)] - self.targetDigests['2.1.26'] = 'd6669fb91434192529bd13ee95737a8a5040241c' + self.patchToApply["2.1.26"] = [("cyrus-sasl-2.1.26.patch", 1)] + else: + #http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cyrus-sasl.html + self.patchToApply["2.1.26"] = [("cyrus-sasl-2.1.26-fixes-3.patch", 1) + ("cyrus-sasl-2.1.26-openssl-1.1.0-1.patch", 1)] + self.targetDigests["2.1.26"] = "d6669fb91434192529bd13ee95737a8a5040241c" self.description = "Cyrus SASL implementation" - self.defaultTarget = '2.1.26' + self.defaultTarget = "2.1.26" def setDependencies(self): self.runtimeDependencies["virtual/base"] = "default" class CMakePackage(CMakePackageBase): def __init__(self, **args): # self.subinfo.options.configure.args = "-DSTATIC_LIBRARY=OFF" CMakePackageBase.__init__(self) from Package.AutoToolsPackageBase import * class PackageAutotools(AutoToolsPackageBase): def __init__(self, **args): AutoToolsPackageBase.__init__(self) if CraftCore.compiler.isWindows: class Package(CMakePackageBase): pass else: class Package(PackageAutotools): pass