Merge branch '3.0' into 3.1

2014-07-16 22:09:13 +10:00 · 2014-07-16 22:09:13 +10:00 · ea212c04a8
commit ea212c04a8
parent a74075d335 073b617ce3
6 changed files with 154 additions and 101 deletions
--- a/cyrus-sasl/.footprint
+++ b/cyrus-sasl/.footprint
@ -13,42 +13,44 @@ drwxr-xr-x	root/root	usr/include/sasl/
 -rw-r--r--	root/root	usr/include/sasl/saslutil.h
 drwxr-xr-x	root/root	usr/lib/
 -rwxr-xr-x	root/root	usr/lib/libsasl2.la
-lrwxrwxrwx	root/root	usr/lib/libsasl2.so -> libsasl2.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/libsasl2.so.2 -> libsasl2.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/libsasl2.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/libsasl2.so -> libsasl2.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/libsasl2.so.3 -> libsasl2.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/libsasl2.so.3.0.0
+drwxr-xr-x	root/root	usr/lib/pkgconfig/
+-rw-r--r--	root/root	usr/lib/pkgconfig/libsasl2.pc
 drwxr-xr-x	root/root	usr/lib/sasl2/
 -rwxr-xr-x	root/root	usr/lib/sasl2/libanonymous.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libanonymous.so -> libanonymous.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libanonymous.so.2 -> libanonymous.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libanonymous.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libanonymous.so -> libanonymous.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libanonymous.so.3 -> libanonymous.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libanonymous.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/libcrammd5.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libcrammd5.so -> libcrammd5.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libcrammd5.so.2 -> libcrammd5.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libcrammd5.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libcrammd5.so -> libcrammd5.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libcrammd5.so.3 -> libcrammd5.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libcrammd5.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/libdigestmd5.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libdigestmd5.so -> libdigestmd5.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libdigestmd5.so.2 -> libdigestmd5.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libdigestmd5.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libdigestmd5.so -> libdigestmd5.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libdigestmd5.so.3 -> libdigestmd5.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libdigestmd5.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/liblogin.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/liblogin.so -> liblogin.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/liblogin.so.2 -> liblogin.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/liblogin.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/liblogin.so -> liblogin.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/liblogin.so.3 -> liblogin.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/liblogin.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/libotp.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libotp.so -> libotp.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libotp.so.2 -> libotp.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libotp.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libotp.so -> libotp.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libotp.so.3 -> libotp.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libotp.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/libplain.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libplain.so -> libplain.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libplain.so.2 -> libplain.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libplain.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libplain.so -> libplain.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libplain.so.3 -> libplain.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libplain.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/libsasldb.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libsasldb.so -> libsasldb.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libsasldb.so.2 -> libsasldb.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libsasldb.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libsasldb.so -> libsasldb.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libsasldb.so.3 -> libsasldb.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libsasldb.so.3.0.0
 -rwxr-xr-x	root/root	usr/lib/sasl2/libscram.la
-lrwxrwxrwx	root/root	usr/lib/sasl2/libscram.so -> libscram.so.2.0.25
-lrwxrwxrwx	root/root	usr/lib/sasl2/libscram.so.2 -> libscram.so.2.0.25
-rwxr-xr-x	root/root	usr/lib/sasl2/libscram.so.2.0.25
+lrwxrwxrwx	root/root	usr/lib/sasl2/libscram.so -> libscram.so.3.0.0
+lrwxrwxrwx	root/root	usr/lib/sasl2/libscram.so.3 -> libscram.so.3.0.0
+-rwxr-xr-x	root/root	usr/lib/sasl2/libscram.so.3.0.0
 drwxr-xr-x	root/root	usr/man/
 drwxr-xr-x	root/root	usr/man/man3/
 -rw-r--r--	root/root	usr/man/man3/sasl.3.gz
--- a/cyrus-sasl/.md5sum
+++ b/cyrus-sasl/.md5sum
@ -1,3 +1,3 @@
-d86a5aa2e3b5b7c1bad6f8b548b7ea36  0027_db5_support.patch
-341cffe829a4d71f2a6503d669d5a946  cyrus-sasl-2.1.25.tar.gz
+a7f4e5e559a0e37b3ffc438c9456e425  cyrus-sasl-2.1.26.tar.gz
+40a689b74932a7aeb2362ceb887e92d4  fix-CVE-2013-4122.diff
 ec81c1d452216c3da110d7b9a6f8fa8f  saslauthd
--- a/cyrus-sasl/0027_db5_support.patch
+++ b/cyrus-sasl/0027_db5_support.patch
@ -1,24 +0,0 @@
-Author: Ondřej Surý <ondrej@debian.org>
-Description: Support newer Berkeley DB versions
--- a/sasldb/db_berkeley.c
-+++ b/sasldb/db_berkeley.c
-@@ -101,7 +101,7 @@ static int berkeleydb_open(const sasl_ut
-     ret = db_create(mbdb, NULL, 0);
-     if (ret == 0 && *mbdb != NULL)
-     {
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
-+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
- 	ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660);
- #else
- 	ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660);
--- a/utils/dbconverter-2.c
-+++ b/utils/dbconverter-2.c
-@@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p
-     ret = db_create(mbdb, NULL, 0);
-     if (ret == 0 && *mbdb != NULL)
-     {
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
-+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
- 	ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664);
- #else
- 	ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);
--- a/cyrus-sasl/Pkgfile
+++ b/cyrus-sasl/Pkgfile
@ -1,41 +1,44 @@
 # Description: Simple Authentication and Security Layer
-# URL:         http://asg.web.cmu.edu/sasl/sasl-library.html
+# URL:         https://cyrusimap.org/
 # Maintainer:  Thomas Penteker, tek at serverop dot de
 # Packager:    Daniel Mueller, daniel at danm dot de
 # Depends on:  db openssl

 name=cyrus-sasl
-version=2.1.25
+version=2.1.26
 release=1
-source=(ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/$name-$version.tar.gz saslauthd 0027_db5_support.patch)
+source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-$version.tar.gz
+        saslauthd fix-CVE-2013-4122.diff)

 build(){
-	cd $name-$version
-	patch -p1 -i $SRC/0027_db5_support.patch

-	./configure \
-	    --prefix=/usr \
-	    --sysconfdir=/etc/sasl \
-	    --with-plugindir=/usr/lib/sasl2 \
-	    --with-saslauthd=/var/sasl/saslauthd \
-	    --with-dbpath=/etc/sasl/sasldb2 \
-	    --with-dblib=berkeley \
-	    --with-bdb-incdir=/usr/include \
-	    --with-bdb-libdir=/usr/lib \
-	    --with-openssl=/usr \
-	    --enable-login \
-	    --enable-cram \
-	    --enable-digest \
-	    --enable-shared \
-	    --mandir=/usr/man
+  cd $name-$version

-	make -j1
-	make DESTDIR=$PKG install
+  patch -i ../fix-CVE-2013-4122.diff -p1

-	mkdir -p \
-	    $PKG/usr/lib/sasl2 \
-	    $PKG/var/sasl/saslauthd \
-	    $PKG/etc/rc.d
-	
-	install -m 755 $SRC/saslauthd $PKG/etc/rc.d
+  ./configure \
+      --prefix=/usr \
+      --sysconfdir=/etc/sasl \
+      --with-plugindir=/usr/lib/sasl2 \
+      --with-saslauthd=/var/sasl/saslauthd \
+      --with-dbpath=/etc/sasl/sasldb2 \
+      --with-dblib=berkeley \
+      --with-bdb-incdir=/usr/include \
+      --with-bdb-libdir=/usr/lib \
+      --with-openssl=/usr \
+      --enable-login \
+      --enable-cram \
+      --enable-digest \
+      --enable-shared \
+      --mandir=/usr/man
+
+  make -j1
+  make DESTDIR=$PKG install
+
+  mkdir -p \
+      $PKG/usr/lib/sasl2 \
+      $PKG/var/sasl/saslauthd \
+      $PKG/etc/rc.d
+
+  install -m 755 $SRC/saslauthd $PKG/etc/rc.d
 }
--- a/cyrus-sasl/cyrus-sasl-2.1.23-gcc44.patch
+++ b/cyrus-sasl/cyrus-sasl-2.1.23-gcc44.patch
@ -1,20 +0,0 @@
--- plugins/digestmd5.c~	2008-11-08 18:28:21.000000000 +0000
-+++ plugins/digestmd5.c	2008-11-08 18:28:50.000000000 +0000
-@@ -2715,7 +2715,7 @@
- 	"DIGEST-MD5",			/* mech_name */
- #ifdef WITH_RC4
- 	128,				/* max_ssf */
-#elif WITH_DES
-+#elif defined(WITH_DES)
- 	112,
- #else 
- 	1,
-@@ -4034,7 +4034,7 @@
- 	"DIGEST-MD5",
- #ifdef WITH_RC4				/* mech_name */
- 	128,				/* max ssf */
-#elif WITH_DES
-+#elif defined(WITH_DES)
- 	112,
- #else
- 	1,
--- a/cyrus-sasl/fix-CVE-2013-4122.diff
+++ b/cyrus-sasl/fix-CVE-2013-4122.diff
@ -0,0 +1,92 @@
+diff -r -u cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getpwnam.c cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c
+--- cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getpwnam.c	2012-01-28 00:31:36.000000000 +0100
+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c	2014-07-16 13:14:09.989720984 +0200
+@@ -32,6 +32,7 @@
+ char *password;
+ {
+     char* r;
+    char* crpt_passwd;
+     struct passwd *pwd;
+ 
+     pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@
+     else if (pwd->pw_passwd[0] == '*') {
+ 	r = "Account disabled";
+     }
+-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
+    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ 	r = "Incorrect password";
+     }
+     else {
+diff -r -u cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getspnam.c cyrus-sasl-2.1.26/pwcheck/pwcheck_getspnam.c
+--- cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getspnam.c	2012-01-28 00:31:36.000000000 +0100
+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getspnam.c	2014-07-16 13:22:36.257720924 +0200
+@@ -32,13 +32,14 @@
+ char *password;
+ {
+     struct spwd *pwd;
+    char *crpt_passwd;
+ 
+     pwd = getspnam(userid);
+     if (!pwd) {
+ 	return "Userid not found";
+     }
+     
+-    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
+    if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ 	return "Incorrect password";
+     }
+     else {
+diff -r -u cyrus-sasl-2.1.26-orig/saslauthd/auth_getpwent.c cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c
+--- cyrus-sasl-2.1.26-orig/saslauthd/auth_getpwent.c	2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c	2014-07-16 13:16:29.569720968 +0200
+@@ -77,6 +77,7 @@
+ {
+     /* VARIABLES */
+     struct passwd *pw;			/* pointer to passwd file entry */
+    char *crpt_passwd;     /* encrypted password */
+     int errnum;
+     /* END VARIABLES */
+   
+@@ -105,7 +106,7 @@
+ 	}
+     }
+ 
+-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
+    if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
+ 	}
+diff -r -u cyrus-sasl-2.1.26-orig/saslauthd/auth_shadow.c cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
+--- cyrus-sasl-2.1.26-orig/saslauthd/auth_shadow.c	2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c	2014-07-16 13:18:20.208720954 +0200
+@@ -210,8 +210,7 @@
+ 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
+     }
+ 
+-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+-    if (strcmp(sp->sp_pwdp, cpw)) {
+ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ 	if (flags & VERBOSE) {
+ 	    /*
+ 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -221,10 +220,8 @@
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ 		   sp->sp_pwdp, cpw);
+ 	}
+-	free(cpw);
+ 	RETURN("NO Incorrect password");
+     }
+-    free(cpw);
+ 
+     /*
+      * The following fields will be set to -1 if:
+@@ -286,7 +283,7 @@
+ 	RETURN("NO Invalid username");
+     }
+   
+-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ 		   password, upw->upw_passwd);