Merge branch '3.0' into 3.1
This commit is contained in:
commit
ea212c04a8
@ -13,42 +13,44 @@ drwxr-xr-x root/root usr/include/sasl/
|
||||
-rw-r--r-- root/root usr/include/sasl/saslutil.h
|
||||
drwxr-xr-x root/root usr/lib/
|
||||
-rwxr-xr-x root/root usr/lib/libsasl2.la
|
||||
lrwxrwxrwx root/root usr/lib/libsasl2.so -> libsasl2.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/libsasl2.so.2 -> libsasl2.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/libsasl2.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/libsasl2.so -> libsasl2.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/libsasl2.so.3 -> libsasl2.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/libsasl2.so.3.0.0
|
||||
drwxr-xr-x root/root usr/lib/pkgconfig/
|
||||
-rw-r--r-- root/root usr/lib/pkgconfig/libsasl2.pc
|
||||
drwxr-xr-x root/root usr/lib/sasl2/
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libanonymous.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libanonymous.so -> libanonymous.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libanonymous.so.2 -> libanonymous.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libanonymous.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libanonymous.so -> libanonymous.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libanonymous.so.3 -> libanonymous.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libanonymous.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libcrammd5.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libcrammd5.so -> libcrammd5.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libcrammd5.so.2 -> libcrammd5.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libcrammd5.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libcrammd5.so -> libcrammd5.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libcrammd5.so.3 -> libcrammd5.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libcrammd5.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libdigestmd5.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libdigestmd5.so -> libdigestmd5.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libdigestmd5.so.2 -> libdigestmd5.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libdigestmd5.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libdigestmd5.so -> libdigestmd5.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libdigestmd5.so.3 -> libdigestmd5.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libdigestmd5.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/liblogin.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/liblogin.so -> liblogin.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/liblogin.so.2 -> liblogin.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/liblogin.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/liblogin.so -> liblogin.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/liblogin.so.3 -> liblogin.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/liblogin.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libotp.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libotp.so -> libotp.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libotp.so.2 -> libotp.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libotp.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libotp.so -> libotp.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libotp.so.3 -> libotp.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libotp.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libplain.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libplain.so -> libplain.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libplain.so.2 -> libplain.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libplain.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libplain.so -> libplain.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libplain.so.3 -> libplain.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libplain.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libsasldb.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libsasldb.so -> libsasldb.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libsasldb.so.2 -> libsasldb.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libsasldb.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libsasldb.so -> libsasldb.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libsasldb.so.3 -> libsasldb.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libsasldb.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libscram.la
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libscram.so -> libscram.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libscram.so.2 -> libscram.so.2.0.25
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libscram.so.2.0.25
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libscram.so -> libscram.so.3.0.0
|
||||
lrwxrwxrwx root/root usr/lib/sasl2/libscram.so.3 -> libscram.so.3.0.0
|
||||
-rwxr-xr-x root/root usr/lib/sasl2/libscram.so.3.0.0
|
||||
drwxr-xr-x root/root usr/man/
|
||||
drwxr-xr-x root/root usr/man/man3/
|
||||
-rw-r--r-- root/root usr/man/man3/sasl.3.gz
|
||||
|
@ -1,3 +1,3 @@
|
||||
d86a5aa2e3b5b7c1bad6f8b548b7ea36 0027_db5_support.patch
|
||||
341cffe829a4d71f2a6503d669d5a946 cyrus-sasl-2.1.25.tar.gz
|
||||
a7f4e5e559a0e37b3ffc438c9456e425 cyrus-sasl-2.1.26.tar.gz
|
||||
40a689b74932a7aeb2362ceb887e92d4 fix-CVE-2013-4122.diff
|
||||
ec81c1d452216c3da110d7b9a6f8fa8f saslauthd
|
||||
|
@ -1,24 +0,0 @@
|
||||
Author: Ondřej Surý <ondrej@debian.org>
|
||||
Description: Support newer Berkeley DB versions
|
||||
--- a/sasldb/db_berkeley.c
|
||||
+++ b/sasldb/db_berkeley.c
|
||||
@@ -101,7 +101,7 @@ static int berkeleydb_open(const sasl_ut
|
||||
ret = db_create(mbdb, NULL, 0);
|
||||
if (ret == 0 && *mbdb != NULL)
|
||||
{
|
||||
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
|
||||
+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
|
||||
ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660);
|
||||
#else
|
||||
ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660);
|
||||
--- a/utils/dbconverter-2.c
|
||||
+++ b/utils/dbconverter-2.c
|
||||
@@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p
|
||||
ret = db_create(mbdb, NULL, 0);
|
||||
if (ret == 0 && *mbdb != NULL)
|
||||
{
|
||||
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
|
||||
+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
|
||||
ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664);
|
||||
#else
|
||||
ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);
|
@ -1,41 +1,44 @@
|
||||
# Description: Simple Authentication and Security Layer
|
||||
# URL: http://asg.web.cmu.edu/sasl/sasl-library.html
|
||||
# URL: https://cyrusimap.org/
|
||||
# Maintainer: Thomas Penteker, tek at serverop dot de
|
||||
# Packager: Daniel Mueller, daniel at danm dot de
|
||||
# Depends on: db openssl
|
||||
|
||||
name=cyrus-sasl
|
||||
version=2.1.25
|
||||
version=2.1.26
|
||||
release=1
|
||||
source=(ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/$name-$version.tar.gz saslauthd 0027_db5_support.patch)
|
||||
source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-$version.tar.gz
|
||||
saslauthd fix-CVE-2013-4122.diff)
|
||||
|
||||
build(){
|
||||
cd $name-$version
|
||||
patch -p1 -i $SRC/0027_db5_support.patch
|
||||
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc/sasl \
|
||||
--with-plugindir=/usr/lib/sasl2 \
|
||||
--with-saslauthd=/var/sasl/saslauthd \
|
||||
--with-dbpath=/etc/sasl/sasldb2 \
|
||||
--with-dblib=berkeley \
|
||||
--with-bdb-incdir=/usr/include \
|
||||
--with-bdb-libdir=/usr/lib \
|
||||
--with-openssl=/usr \
|
||||
--enable-login \
|
||||
--enable-cram \
|
||||
--enable-digest \
|
||||
--enable-shared \
|
||||
--mandir=/usr/man
|
||||
cd $name-$version
|
||||
|
||||
make -j1
|
||||
make DESTDIR=$PKG install
|
||||
patch -i ../fix-CVE-2013-4122.diff -p1
|
||||
|
||||
mkdir -p \
|
||||
$PKG/usr/lib/sasl2 \
|
||||
$PKG/var/sasl/saslauthd \
|
||||
$PKG/etc/rc.d
|
||||
|
||||
install -m 755 $SRC/saslauthd $PKG/etc/rc.d
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc/sasl \
|
||||
--with-plugindir=/usr/lib/sasl2 \
|
||||
--with-saslauthd=/var/sasl/saslauthd \
|
||||
--with-dbpath=/etc/sasl/sasldb2 \
|
||||
--with-dblib=berkeley \
|
||||
--with-bdb-incdir=/usr/include \
|
||||
--with-bdb-libdir=/usr/lib \
|
||||
--with-openssl=/usr \
|
||||
--enable-login \
|
||||
--enable-cram \
|
||||
--enable-digest \
|
||||
--enable-shared \
|
||||
--mandir=/usr/man
|
||||
|
||||
make -j1
|
||||
make DESTDIR=$PKG install
|
||||
|
||||
mkdir -p \
|
||||
$PKG/usr/lib/sasl2 \
|
||||
$PKG/var/sasl/saslauthd \
|
||||
$PKG/etc/rc.d
|
||||
|
||||
install -m 755 $SRC/saslauthd $PKG/etc/rc.d
|
||||
}
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- plugins/digestmd5.c~ 2008-11-08 18:28:21.000000000 +0000
|
||||
+++ plugins/digestmd5.c 2008-11-08 18:28:50.000000000 +0000
|
||||
@@ -2715,7 +2715,7 @@
|
||||
"DIGEST-MD5", /* mech_name */
|
||||
#ifdef WITH_RC4
|
||||
128, /* max_ssf */
|
||||
-#elif WITH_DES
|
||||
+#elif defined(WITH_DES)
|
||||
112,
|
||||
#else
|
||||
1,
|
||||
@@ -4034,7 +4034,7 @@
|
||||
"DIGEST-MD5",
|
||||
#ifdef WITH_RC4 /* mech_name */
|
||||
128, /* max ssf */
|
||||
-#elif WITH_DES
|
||||
+#elif defined(WITH_DES)
|
||||
112,
|
||||
#else
|
||||
1,
|
92
cyrus-sasl/fix-CVE-2013-4122.diff
Normal file
92
cyrus-sasl/fix-CVE-2013-4122.diff
Normal file
@ -0,0 +1,92 @@
|
||||
diff -r -u cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getpwnam.c cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c
|
||||
--- cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getpwnam.c 2012-01-28 00:31:36.000000000 +0100
|
||||
+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c 2014-07-16 13:14:09.989720984 +0200
|
||||
@@ -32,6 +32,7 @@
|
||||
char *password;
|
||||
{
|
||||
char* r;
|
||||
+ char* crpt_passwd;
|
||||
struct passwd *pwd;
|
||||
|
||||
pwd = getpwnam(userid);
|
||||
@@ -41,7 +42,7 @@
|
||||
else if (pwd->pw_passwd[0] == '*') {
|
||||
r = "Account disabled";
|
||||
}
|
||||
- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
|
||||
+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
|
||||
r = "Incorrect password";
|
||||
}
|
||||
else {
|
||||
diff -r -u cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getspnam.c cyrus-sasl-2.1.26/pwcheck/pwcheck_getspnam.c
|
||||
--- cyrus-sasl-2.1.26-orig/pwcheck/pwcheck_getspnam.c 2012-01-28 00:31:36.000000000 +0100
|
||||
+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getspnam.c 2014-07-16 13:22:36.257720924 +0200
|
||||
@@ -32,13 +32,14 @@
|
||||
char *password;
|
||||
{
|
||||
struct spwd *pwd;
|
||||
+ char *crpt_passwd;
|
||||
|
||||
pwd = getspnam(userid);
|
||||
if (!pwd) {
|
||||
return "Userid not found";
|
||||
}
|
||||
|
||||
- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
|
||||
+ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
|
||||
return "Incorrect password";
|
||||
}
|
||||
else {
|
||||
diff -r -u cyrus-sasl-2.1.26-orig/saslauthd/auth_getpwent.c cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c
|
||||
--- cyrus-sasl-2.1.26-orig/saslauthd/auth_getpwent.c 2012-10-12 16:05:48.000000000 +0200
|
||||
+++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c 2014-07-16 13:16:29.569720968 +0200
|
||||
@@ -77,6 +77,7 @@
|
||||
{
|
||||
/* VARIABLES */
|
||||
struct passwd *pw; /* pointer to passwd file entry */
|
||||
+ char *crpt_passwd; /* encrypted password */
|
||||
int errnum;
|
||||
/* END VARIABLES */
|
||||
|
||||
@@ -105,7 +106,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
|
||||
+ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
|
||||
if (flags & VERBOSE) {
|
||||
syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
|
||||
}
|
||||
diff -r -u cyrus-sasl-2.1.26-orig/saslauthd/auth_shadow.c cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
|
||||
--- cyrus-sasl-2.1.26-orig/saslauthd/auth_shadow.c 2012-10-12 16:05:48.000000000 +0200
|
||||
+++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c 2014-07-16 13:18:20.208720954 +0200
|
||||
@@ -210,8 +210,7 @@
|
||||
RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
|
||||
}
|
||||
|
||||
- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
|
||||
- if (strcmp(sp->sp_pwdp, cpw)) {
|
||||
+ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
|
||||
if (flags & VERBOSE) {
|
||||
/*
|
||||
* This _should_ reveal the SHADOW_PW_LOCKED prefix to an
|
||||
@@ -221,10 +220,8 @@
|
||||
syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
|
||||
sp->sp_pwdp, cpw);
|
||||
}
|
||||
- free(cpw);
|
||||
RETURN("NO Incorrect password");
|
||||
}
|
||||
- free(cpw);
|
||||
|
||||
/*
|
||||
* The following fields will be set to -1 if:
|
||||
@@ -286,7 +283,7 @@
|
||||
RETURN("NO Invalid username");
|
||||
}
|
||||
|
||||
- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
|
||||
+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
|
||||
if (flags & VERBOSE) {
|
||||
syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
|
||||
password, upw->upw_passwd);
|
Loading…
Reference in New Issue
Block a user