diff options
21 files changed, 727 insertions, 672 deletions
diff --git a/abs/core/libsasl/0003_saslauthd_mdoc.patch b/abs/core/libsasl/0003_saslauthd_mdoc.patch deleted file mode 100644 index 694f4bb..0000000 --- a/abs/core/libsasl/0003_saslauthd_mdoc.patch +++ /dev/null @@ -1,35 +0,0 @@ -0003_saslauthd_mdoc.dpatch by <fabbe@debian.org> - -Use the correct path for the saslauthd.conf file, and use another -date format (cosmetic). - -diff -urNad trunk~/saslauthd/saslauthd.mdoc trunk/saslauthd/saslauthd.mdoc ---- trunk~/saslauthd/saslauthd.mdoc 2006-05-29 22:52:42.000000000 +0300 -+++ trunk/saslauthd/saslauthd.mdoc 2006-07-12 15:05:25.000000000 +0300 -@@ -10,7 +10,7 @@ - .\" manpage in saslauthd.8 whenever you change this source - .\" version. Only the pre-formatted manpage is installed. - .\" --.Dd 10 24 2002 -+.Dd October 24 2002 - .Dt SASLAUTHD 8 - .Os "CMU-SASL" - .Sh NAME -@@ -216,7 +216,7 @@ - .Em (All platforms that support OpenLDAP 2.0 or higher) - .Pp - Authenticate against an ldap server. The ldap configuration parameters are --read from /usr/local/etc/saslauthd.conf. The location of this file can be -+read from /etc/saslauthd.conf. The location of this file can be - changed with the -O parameter. See the LDAP_SASLAUTHD file included with the - distribution for the list of available parameters. - .It Li sia -@@ -249,7 +249,7 @@ - .Bl -tag -width "/var/run/saslauthd/mux" - .It Pa /var/run/saslauthd/mux - The default communications socket. --.It Pa /usr/local/etc/saslauthd.conf -+.It Pa /etc/saslauthd.conf - The default configuration file for ldap support. - .El - .Sh SEE ALSO diff --git a/abs/core/libsasl/0012_xopen_crypt_prototype.patch b/abs/core/libsasl/0012_xopen_crypt_prototype.patch deleted file mode 100644 index d50ec83..0000000 --- a/abs/core/libsasl/0012_xopen_crypt_prototype.patch +++ /dev/null @@ -1,20 +0,0 @@ -0012_xopen_crypt_prototype.dpatch by <dannf@debian.org> - -When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h> -will define a correct function prototype for the crypt function. -This avoids segfaults on architectures where the size of a pointer -is greater than the size of an integer (ia64 and amd64 are examples). -This may be detected by looking for build log lines such as the -following: -auth_shadow.c:183: warning: implicit declaration of function ‘crypt’ -auth_shadow.c:183: warning: cast to pointer from integer of different -size - -diff -urNad trunk~/saslauthd/auth_shadow.c trunk/saslauthd/auth_shadow.c ---- trunk~/saslauthd/auth_shadow.c 2006-05-29 22:52:42.000000000 +0300 -+++ trunk/saslauthd/auth_shadow.c 2006-11-08 13:44:23.000000000 +0200 -@@ -1,3 +1,4 @@ -+#define _XOPEN_SOURCE - #define PWBUFSZ 256 /***SWB***/ - - /* MODULE: auth_shadow */ diff --git a/abs/core/libsasl/0016_pid_file_lock_creation_mask.patch b/abs/core/libsasl/0016_pid_file_lock_creation_mask.patch deleted file mode 100644 index e9170ce..0000000 --- a/abs/core/libsasl/0016_pid_file_lock_creation_mask.patch +++ /dev/null @@ -1,27 +0,0 @@ -0016_pid_file_lock_creation_mask.dpatch by Sam Hocevar <sam@zoy.org> - -pid_file_lock is created with a mask of 644 instead of 0644. -This patch fixes this octal/decimal confusion as well as the -(harmless) one in the previous umask() call. - -diff -urNad trunk~/saslauthd/saslauthd-main.c trunk/saslauthd/saslauthd-main.c ---- trunk~/saslauthd/saslauthd-main.c 2006-05-29 22:52:42.000000000 +0300 -+++ trunk/saslauthd/saslauthd-main.c 2007-06-26 12:07:10.000000000 +0300 -@@ -276,7 +276,7 @@ - exit(1); - } - -- umask(077); -+ umask(0077); - - pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1; - if ((pid_file_lock = malloc(pid_file_size)) == NULL) { -@@ -287,7 +287,7 @@ - strlcpy(pid_file_lock, run_path, pid_file_size); - strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size); - -- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) { -+ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) { - rc = errno; - logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock); - logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); diff --git a/abs/core/libsasl/0018_auth_rimap_quotes.patch b/abs/core/libsasl/0018_auth_rimap_quotes.patch deleted file mode 100644 index 13fa999..0000000 --- a/abs/core/libsasl/0018_auth_rimap_quotes.patch +++ /dev/null @@ -1,35 +0,0 @@ -0016_auth_rimap_quotes.dpatch by <fabbe@debian.org> - -All lines beginning with `## DP:' are a description of the patch. -Avoid infinite loop when username/password has a double quote character. -Upstream change: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/saslauthd/auth_rimap.c.diff?r1=1.12;r2=1.13 - -diff -urNad etch~/saslauthd/auth_rimap.c etch/saslauthd/auth_rimap.c ---- etch~/saslauthd/auth_rimap.c 2007-03-29 15:16:20.000000000 +0300 -+++ etch/saslauthd/auth_rimap.c 2008-02-13 13:42:53.000000000 +0200 -@@ -162,6 +162,7 @@ - num_quotes = 0; - p1 = s; - while ((p1 = strchr(p1, '"')) != NULL) { -+ p1++; - num_quotes++; - } - -@@ -438,7 +439,7 @@ - syslog(LOG_WARNING, "auth_rimap: writev: %m"); - memset(qlogin, 0, strlen(qlogin)); - free(qlogin); -- memset(qpass, 0, strlen(qlogin)); -+ memset(qpass, 0, strlen(qpass)); - free(qpass); - (void)close(s); - return strdup(RESP_IERROR); -@@ -447,7 +448,7 @@ - /* don't need these any longer */ - memset(qlogin, 0, strlen(qlogin)); - free(qlogin); -- memset(qpass, 0, strlen(qlogin)); -+ memset(qpass, 0, strlen(qpass)); - free(qpass); - - /* read and parse the LOGIN response */ diff --git a/abs/core/libsasl/0019_ldap_deprecated.patch b/abs/core/libsasl/0019_ldap_deprecated.patch deleted file mode 100644 index 8825256..0000000 --- a/abs/core/libsasl/0019_ldap_deprecated.patch +++ /dev/null @@ -1,22 +0,0 @@ -0019_ldap_deprecated.dpatch by dann frazier <dannf@debian.org> - -The function ldap_get_values, used in saslauthd/lak.c, is deprecated. -Therefore, its prototype is not included by default when compiling -against the ldap.h headers. As a result, the compiler cannot know the -return type of the function at compile time, and will implicitly -convert to a pointer. This has implications on 64-bit systems. -This patch sets the deprecation mode on, so that the function prototype -gets included when compiling. -(Description by Fabian Fagerholm <fabbe@debian.org>) - -diff -urNad trunk~/saslauthd/lak.c trunk/saslauthd/lak.c ---- trunk~/saslauthd/lak.c 2006-06-04 12:26:20.000000000 +0300 -+++ trunk/saslauthd/lak.c 2008-02-15 14:32:11.000000000 +0200 -@@ -55,6 +55,7 @@ - #include <openssl/des.h> - #endif - -+#define LDAP_DEPRECATED 1 - #include <ldap.h> - #include <lber.h> - #include <sasl.h> diff --git a/abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch b/abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch deleted file mode 100644 index a49b553..0000000 --- a/abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch +++ /dev/null @@ -1,26 +0,0 @@ -0022_gcc4.4_preprocessor_syntax.dpatch by <fabbe@paniq.net> - -The #elif preprocessor directive requires a test condition. -GCC 4.4 enforces this rule. - -diff -urNad trunk~/plugins/digestmd5.c trunk/plugins/digestmd5.c ---- trunk~/plugins/digestmd5.c 2006-06-04 12:26:19.000000000 +0300 -+++ trunk/plugins/digestmd5.c 2009-01-26 13:29:40.000000000 +0200 -@@ -2715,7 +2715,7 @@ - "DIGEST-MD5", /* mech_name */ - #ifdef WITH_RC4 - 128, /* max_ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, -@@ -4034,7 +4034,7 @@ - "DIGEST-MD5", - #ifdef WITH_RC4 /* mech_name */ - 128, /* max ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, diff --git a/abs/core/libsasl/0027_db5_support.patch b/abs/core/libsasl/0027_db5_support.patch deleted file mode 100644 index 5228240..0000000 --- a/abs/core/libsasl/0027_db5_support.patch +++ /dev/null @@ -1,24 +0,0 @@ -Author: Ondřej Surý <ondrej@debian.org> -Description: Support newer Berkeley DB versions ---- a/sasldb/db_berkeley.c -+++ b/sasldb/db_berkeley.c -@@ -101,7 +101,7 @@ static int berkeleydb_open(const sasl_ut - ret = db_create(mbdb, NULL, 0); - if (ret == 0 && *mbdb != NULL) - { --#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 -+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1)) - ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); - #else - ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); ---- a/utils/dbconverter-2.c -+++ b/utils/dbconverter-2.c -@@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p - ret = db_create(mbdb, NULL, 0); - if (ret == 0 && *mbdb != NULL) - { --#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 -+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1)) - ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); - #else - ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664); diff --git a/abs/core/libsasl/CVE-2013-4122.patch b/abs/core/libsasl/CVE-2013-4122.patch new file mode 100644 index 0000000..d6b9800 --- /dev/null +++ b/abs/core/libsasl/CVE-2013-4122.patch @@ -0,0 +1,116 @@ +From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Thu, 11 Jul 2013 09:08:07 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt() + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +When using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Patch by mancha1@hush.com. +--- +diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c +index 4b34222..400289c 100644 +--- a/pwcheck/pwcheck_getpwnam.c ++++ b/pwcheck/pwcheck_getpwnam.c +@@ -32,6 +32,7 @@ char *userid; + char *password; + { + char* r; ++ char* crpt_passwd; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,7 +42,7 @@ char *password; + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { ++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { + r = "Incorrect password"; + } + else { +diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c +index 2b11286..6d607bb 100644 +--- a/pwcheck/pwcheck_getspnam.c ++++ b/pwcheck/pwcheck_getspnam.c +@@ -32,13 +32,15 @@ char *userid; + char *password; + { + struct spwd *pwd; ++ char *crpt_passwd; + + pwd = getspnam(userid); + if (!pwd) { + return "Userid not found"; + } + +- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { ++ crpt_passwd = crypt(password, pwd->sp_pwdp); ++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { + return "Incorrect password"; + } + else { +diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c +index fc8029d..d4ebe54 100644 +--- a/saslauthd/auth_getpwent.c ++++ b/saslauthd/auth_getpwent.c +@@ -77,6 +77,7 @@ auth_getpwent ( + { + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ ++ char *crpt_passwd; /* encrypted password */ + int errnum; + /* END VARIABLES */ + +@@ -105,7 +106,8 @@ auth_getpwent ( + } + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ crpt_passwd = crypt(password, pw->pw_passwd); ++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); + } +diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c +index 677131b..1988afd 100644 +--- a/saslauthd/auth_shadow.c ++++ b/saslauthd/auth_shadow.c +@@ -210,8 +210,8 @@ auth_shadow ( + RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); + } + +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ cpw = crypt(password, sp->sp_pwdp); ++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) { + if (flags & VERBOSE) { + /* + * This _should_ reveal the SHADOW_PW_LOCKED prefix to an +@@ -221,10 +221,8 @@ auth_shadow ( + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO Incorrect password"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -286,7 +284,7 @@ auth_shadow ( + RETURN("NO Invalid username"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); +-- +cgit v0.9.2 diff --git a/abs/core/libsasl/PKGBUILD b/abs/core/libsasl/PKGBUILD index 2d2de46..d755f72 100644 --- a/abs/core/libsasl/PKGBUILD +++ b/abs/core/libsasl/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 146449 2012-01-11 15:21:04Z stephane $ +# $Id$ # Maintainer: Jan de Groot <jgc@archlinux.org> # This package spans multiple repositories. @@ -7,54 +7,68 @@ #pkgbase=('cyrus-sasl') #pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql') pkgname=libsasl -pkgver=2.1.23 -pkgrel=10 +pkgver=2.1.26 +pkgrel=12 pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library" -arch=('i686' 'x86_64') +arch=('x86_64') url="http://cyrusimap.web.cmu.edu/" license=('custom') -options=('!makeflags' '!libtool') -makedepends=('postgresql-libs' 'libmysqlclient' 'libldap' 'krb5' 'openssl') -source=(ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-${pkgver}.tar.gz - cyrus-sasl-2.1.19-checkpw.c.patch - cyrus-sasl-2.1.22-crypt.patch +options=('!makeflags') +makedepends=('postgresql-libs' 'libmariadbclient' 'libldap' 'krb5' 'openssl' 'sqlite') +source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-${pkgver}.tar.gz cyrus-sasl-2.1.22-qa.patch - cyrus-sasl-2.1.22-automake-1.10.patch - cyrus-sasl-2.1.23-authd-fix.patch - 0003_saslauthd_mdoc.patch + cyrus-sasl-2.1.26-size_t.patch 0010_maintainer_mode.patch 0011_saslauthd_ac_prog_libtool.patch - 0012_xopen_crypt_prototype.patch - 0016_pid_file_lock_creation_mask.patch - 0018_auth_rimap_quotes.patch - 0019_ldap_deprecated.patch - 0022_gcc4.4_preprocessor_syntax.patch 0025_ld_as_needed.patch 0026_drop_krb5support_dependency.patch - 0027_db5_support.patch 0030-dont_use_la_files_for_opening_plugins.patch + saslauthd.service saslauthd.conf.d - saslauthd) + tmpfiles.conf + CVE-2013-4122.patch + cyrus-sasl-sql.patch + cyrus-sasl-gssapi.patch + cyrus-sasl-2.1.27-openssl-1.1.0.patch + fix-pkgconfig.patch) +md5sums=('a7f4e5e559a0e37b3ffc438c9456e425' + '79b8a5e8689989e2afd4b7bda595a7b1' + 'f45aa8c42b32e0569ab3d14a83485b37' + 'f45d8b60e8f74dd7f7c2ec1665fa602a' + '9d93880514cb5ff5da969f1ceb64a661' + '62bf892fe4d1df41ff748e91a1afaf67' + 'b7848957357e7c02d6490102be496bf9' + '8e7106f32e495e9ade69014fd1b3352a' + '3499dcd610ad1ad58e0faffde2aa7a23' + '49219af5641150edec288a3fdb65e7c1' + '45bb0192d2f188066240b9a66ee6365f' + 'c5f0ec88c584a75c14d7f402eaeed7ef' + '82c0f66fdc5c1145eb48ea9116c27931' + '0363b1a0337474a57b1f75f72fe88fa3' + 'c8a385bbca9bd79910c6bda3dd02845c' + '409727695f9f28a3c43e340232462ff6') + +prepare() { + cd cyrus-sasl-$pkgver + patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch + patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch + patch -Np1 -i ../0010_maintainer_mode.patch + patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch + patch -Np1 -i ../0025_ld_as_needed.patch + patch -Np1 -i ../0026_drop_krb5support_dependency.patch + patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch + patch -Np1 -i ../CVE-2013-4122.patch + patch -Np0 -i ../cyrus-sasl-sql.patch + patch -Np1 -i ../cyrus-sasl-gssapi.patch + patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch + patch -Np1 -i ../fix-pkgconfig.patch + + sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in +} build() { - cd "${srcdir}/cyrus-sasl-${pkgver}" - patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.19-checkpw.c.patch" - patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.22-crypt.patch" - patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.22-qa.patch" - patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.22-automake-1.10.patch" - patch -Np0 -i "${srcdir}/cyrus-sasl-2.1.23-authd-fix.patch" - patch -Np1 -i "${srcdir}/0003_saslauthd_mdoc.patch" - patch -Np1 -i "${srcdir}/0010_maintainer_mode.patch" - patch -Np1 -i "${srcdir}/0011_saslauthd_ac_prog_libtool.patch" - patch -Np1 -i "${srcdir}/0012_xopen_crypt_prototype.patch" - patch -Np1 -i "${srcdir}/0016_pid_file_lock_creation_mask.patch" - patch -Np1 -i "${srcdir}/0018_auth_rimap_quotes.patch" - patch -Np1 -i "${srcdir}/0019_ldap_deprecated.patch" - patch -Np1 -i "${srcdir}/0022_gcc4.4_preprocessor_syntax.patch" - patch -Np1 -i "${srcdir}/0025_ld_as_needed.patch" - patch -Np1 -i "${srcdir}/0026_drop_krb5support_dependency.patch" - patch -Np1 -i "${srcdir}/0027_db5_support.patch" - patch -Np1 -i "${srcdir}/0030-dont_use_la_files_for_opening_plugins.patch" + export CFLAGS="$CFLAGS -fPIC" + cd cyrus-sasl-$pkgver rm -f config/config.guess config/config.sub rm -f config/ltconfig config/ltmain.sh config/libtool.m4 @@ -77,7 +91,7 @@ build() { popd ./configure --prefix=/usr \ - --sbin=/usr/bin \ + --sbin=/usr/bin \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --disable-static \ @@ -98,11 +112,15 @@ build() { --enable-ntlm \ --disable-passdss \ --enable-sql \ + --with-mysql=/usr \ + --with-pgsql=/usr/lib \ + --with-sqlite3=/usr/lib \ --enable-ldapdb \ --disable-macos-framework \ --with-pam \ --with-saslauthd=/var/run/saslauthd \ --with-ldap \ + --with-dblib=gdbm \ --with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \ --sysconfdir=/etc \ --with-devrandom=/dev/urandom @@ -114,7 +132,8 @@ package_libsasl() { depends=('openssl') conflicts=('cyrus-sasl-plugins') - cd "${srcdir}/cyrus-sasl-${pkgver}" + cd cyrus-sasl-$pkgver + make DESTDIR="$pkgdir" install-pkgconfigDATA for dir in include lib sasldb plugins utils; do pushd ${dir} make DESTDIR="${pkgdir}" install @@ -123,21 +142,21 @@ package_libsasl() { rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so* rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so* rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so* + rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so* install -m755 -d "${pkgdir}/usr/share/licenses/libsasl" install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/" } package_cyrus-sasl() { - depends=("libsasl=${pkgver}-${pkgrel}") + depends=("libsasl=${pkgver}" 'krb5') pkgdesc="Cyrus saslauthd SASL authentication daemon" backup=('etc/conf.d/saslauthd') - cd "${srcdir}/cyrus-sasl-${pkgver}/saslauthd" + cd cyrus-sasl-$pkgver/saslauthd make DESTDIR="${pkgdir}" install - install -m755 -d "${pkgdir}/etc/rc.d" - install -m755 -d "${pkgdir}/etc/conf.d" - install -m755 "${srcdir}/saslauthd" "${pkgdir}/etc/rc.d/" - install -m644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd" + install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd" + install -Dm644 "${srcdir}/saslauthd.service" "${pkgdir}/usr/lib/systemd/system/saslauthd.service" + install -Dm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf" install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl" ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/" @@ -145,12 +164,13 @@ package_cyrus-sasl() { package_cyrus-sasl-gssapi() { pkgdesc="GSSAPI authentication mechanism for Cyrus SASL" - depends=("libsasl=${pkgver}-${pkgrel}" 'krb5') + depends=("libsasl=${pkgver}" 'krb5') replaces=('cyrus-sasl-plugins') - cd "${srcdir}/cyrus-sasl-${pkgver}/plugins" + cd cyrus-sasl-$pkgver/plugins install -m755 -d "${pkgdir}/usr/lib/sasl2" cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/" + cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/" install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi" ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/" @@ -158,10 +178,10 @@ package_cyrus-sasl-gssapi() { package_cyrus-sasl-ldap() { pkgdesc="ldapdb auxprop module for Cyrus SASL" - depends=("libsasl=${pkgver}-${pkgrel}" 'libldap') + depends=("libsasl=${pkgver}" 'libldap') replaces=('cyrus-sasl-plugins') - cd "${srcdir}/cyrus-sasl-${pkgver}/plugins" + cd cyrus-sasl-$pkgver/plugins install -m755 -d "${pkgdir}/usr/lib/sasl2" cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/" @@ -171,33 +191,13 @@ package_cyrus-sasl-ldap() { package_cyrus-sasl-sql() { pkgdesc="SQL auxprop module for Cyrus SASL" - depends=("libsasl=${pkgver}-${pkgrel}" 'postgresql-libs' 'libmysqlclient') + depends=("libsasl=${pkgver}" 'postgresql-libs' 'libmariadbclient' 'sqlite') replaces=('cyrus-sasl-plugins') - cd "${srcdir}/cyrus-sasl-${pkgver}/plugins" + cd cyrus-sasl-$pkgver/plugins install -m755 -d "${pkgdir}/usr/lib/sasl2" cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/" install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql" ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/" } -md5sums=('2eb0e48106f0e9cd8001e654f267ecbc' - 'e27ddff076342e7a3041c4759817d04b' - 'd7e6886e88af04d05f3dec7f0a59ccf7' - '79b8a5e8689989e2afd4b7bda595a7b1' - 'f4131b077ddb5240b375d749162f1b7a' - 'c7ad2c70c1ef814eb4b119f316c064f2' - 'caeeac3feba19cbbd36e7345cc805600' - 'f45d8b60e8f74dd7f7c2ec1665fa602a' - '9d93880514cb5ff5da969f1ceb64a661' - 'dfdc052a7e678db9f687482c5d52f34e' - '4a09f6b24b91f8450892a78e378860da' - '213abe7c5dfe0d7f446992787da1e780' - '5a0321177ad30cb5518c8b6812e3961a' - '0c965748970eea29fa295524821d43f0' - '62bf892fe4d1df41ff748e91a1afaf67' - 'b7848957357e7c02d6490102be496bf9' - 'd86a5aa2e3b5b7c1bad6f8b548b7ea36' - '8e7106f32e495e9ade69014fd1b3352a' - '49219af5641150edec288a3fdb65e7c1' - '75542f613185d5a90520ad0d7d926a20') diff --git a/abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch b/abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch deleted file mode 100644 index f7bf44b..0000000 --- a/abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff -ur ../cyrus-sasl-2.1.19.orig/lib/Makefile.in ./lib/Makefile.in ---- ../cyrus-sasl-2.1.19.orig/lib/Makefile.in 2004-07-02 21:40:15.000000000 +0200 -+++ ./lib/Makefile.in 2004-09-07 13:21:22.746680576 +0200 -@@ -120,7 +120,7 @@ - JAVA_TRUE = @JAVA_TRUE@ - LDFLAGS = @LDFLAGS@ - LIBOBJS = @LIBOBJS@ --LIBS = @LIBS@ -+LIBS = -lcrypt @LIBS@ - LIBTOOL = @LIBTOOL@ - LIB_CRYPT = @LIB_CRYPT@ - LIB_DES = @LIB_DES@ -diff -ur ../cyrus-sasl-2.1.19.orig/lib/checkpw.c ./lib/checkpw.c ---- ../cyrus-sasl-2.1.19.orig/lib/checkpw.c 2004-03-17 14:58:13.000000000 +0100 -+++ ./lib/checkpw.c 2004-09-07 13:21:12.645916147 +0200 -@@ -94,6 +94,23 @@ - # endif - #endif - -+/****************************** -+ * crypt(3) patch start * -+ ******************************/ -+char *crypt(const char *key, const char *salt); -+ -+/* cleartext password formats */ -+#define PASSWORD_FORMAT_CLEARTEXT 1 -+#define PASSWORD_FORMAT_CRYPT 2 -+#define PASSWORD_FORMAT_CRYPTTRAD 3 -+#define PASSWORD_SALT_BUF_LEN 22 -+ -+/* weeds out crypt(3) password's salt */ -+int _sasl_get_salt (char *dest, char *src, int format); -+ -+/****************************** -+ * crypt(3) patch stop * -+ ******************************/ - - /* we store the following secret to check plaintext passwords: - * -@@ -143,7 +160,51 @@ - "*cmusaslsecretPLAIN", - NULL }; - struct propval auxprop_values[3]; -- -+ -+ /****************************** -+ * crypt(3) patch start * -+ * for password format check * -+ ******************************/ -+ sasl_getopt_t *getopt; -+ void *context; -+ const char *p = NULL; -+ /** -+ * MD5: 12 char salt -+ * BLOWFISH: 16 char salt -+ */ -+ char salt[PASSWORD_SALT_BUF_LEN]; -+ int password_format; -+ -+ /* get password format from auxprop configuration */ -+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { -+ getopt(context, NULL, "password_format", &p, NULL); -+ } -+ -+ /* set password format */ -+ if (p) { -+ /* -+ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN); -+ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1)); -+ */ -+ /* modern, modular crypt(3) */ -+ if (strncmp(p, "crypt", 11) == 0) -+ password_format = PASSWORD_FORMAT_CRYPT; -+ /* traditional crypt(3) */ -+ else if (strncmp(p, "crypt_trad", 11) == 0) -+ password_format = PASSWORD_FORMAT_CRYPTTRAD; -+ /* cleartext password */ -+ else -+ password_format = PASSWORD_FORMAT_CLEARTEXT; -+ } else { -+ /* cleartext password */ -+ password_format = PASSWORD_FORMAT_CLEARTEXT; -+ } -+ -+ /****************************** -+ * crypt(3) patch stop * -+ * for password format check * -+ ******************************/ -+ - if (!conn || !userstr) - return SASL_BADPARAM; - -@@ -180,14 +241,31 @@ - goto done; - } - -- /* At the point this has been called, the username has been canonified -- * and we've done the auxprop lookup. This should be easy. */ -- if(auxprop_values[0].name -- && auxprop_values[0].values -- && auxprop_values[0].values[0] -- && !strcmp(auxprop_values[0].values[0], passwd)) { -- /* We have a plaintext version and it matched! */ -- return SASL_OK; -+ -+ /****************************** -+ * crypt(3) patch start * -+ ******************************/ -+ -+ /* get salt */ -+ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format); -+ -+ /* crypt(3)-ed password? */ -+ if (password_format != PASSWORD_FORMAT_CLEARTEXT) { -+ /* compare password */ -+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0) -+ return SASL_OK; -+ else -+ ret = SASL_BADAUTH; -+ } -+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) { -+ /* compare passwords */ -+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0) -+ return SASL_OK; -+ else -+ ret = SASL_BADAUTH; -+ /****************************** -+ * crypt(3) patch stop * -+ ******************************/ - } else if(auxprop_values[1].name - && auxprop_values[1].values - && auxprop_values[1].values[0]) { -@@ -975,3 +1053,37 @@ - #endif - { NULL, NULL } - }; -+ -+/* weeds out crypt(3) password's salt */ -+int _sasl_get_salt (char *dest, char *src, int format) { -+ int num; /* how many characters is salt long? */ -+ switch (format) { -+ case PASSWORD_FORMAT_CRYPT: -+ /* md5 crypt */ -+ if (src[1] == '1') -+ num = 12; -+ /* blowfish crypt */ -+ else if (src[1] == '2') -+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; -+ /* traditional crypt */ -+ else -+ num = 2; -+ break; -+ -+ case PASSWORD_FORMAT_CRYPTTRAD: -+ num = 2; -+ break; -+ -+ default: -+ return 1; -+ } -+ -+ /* destroy destination */ -+ memset(dest, '\0', (num + 1)); -+ -+ /* copy salt to destination */ -+ strncpy(dest, src, num); -+ -+ return 1; -+} -+ diff --git a/abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch b/abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch deleted file mode 100644 index 8cd71c0..0000000 --- a/abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch +++ /dev/null @@ -1,94 +0,0 @@ -Re-merged patch by Robert Scheck <redhat@linuxnetz.de> for cyrus-sasl >= 2.1.22, which was -originally written by Jacek Konieczny <jajcus@pld-linux.org> and makes cyrus-sasl building -using automake 1.10. - ---- cyrus-sasl-2.1.22/plugins/Makefile.am 2006-05-17 18:46:16.000000000 +0200 -+++ cyrus-sasl-2.1.22/plugins/Makefile.am.am110 2007-02-16 15:42:07.000000000 +0100 -@@ -82,73 +82,73 @@ - libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la - - libplain_la_SOURCES = plain.c plain_init.c $(common_sources) --libplain_la_LDFLAGS = -version-info $(plain_version) -+libplain_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(plain_version) - libplain_la_DEPENDENCIES = $(COMPAT_OBJS) - libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) - - libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources) --libanonymous_la_LDFLAGS = -version-info $(anonymous_version) -+libanonymous_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(anonymous_version) - libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS) - libanonymous_la_LIBADD = $(COMPAT_OBJS) - - libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources) --libkerberos4_la_LDFLAGS = -version-info $(kerberos4_version) -+libkerberos4_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(kerberos4_version) - libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS) - libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS) - - libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources) --libgssapiv2_la_LDFLAGS = -version-info $(gssapiv2_version) -+libgssapiv2_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(gssapiv2_version) - libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS) - libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) - - libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources) --libcrammd5_la_LDFLAGS = -version-info $(crammd5_version) -+libcrammd5_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(crammd5_version) - libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS) - libcrammd5_la_LIBADD = $(COMPAT_OBJS) - - libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources) --libdigestmd5_la_LDFLAGS = -version-info $(digestmd5_version) -+libdigestmd5_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(digestmd5_version) - libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS) - libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS) - - liblogin_la_SOURCES = login.c login_init.c $(common_sources) --liblogin_la_LDFLAGS = -version-info $(login_version) -+liblogin_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(login_version) - liblogin_la_DEPENDENCIES = $(COMPAT_OBJS) - liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) - - libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) --libsrp_la_LDFLAGS = -version-info $(srp_version) -+libsrp_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(srp_version) - libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) - libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) - - libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) --libotp_la_LDFLAGS = -version-info $(otp_version) -+libotp_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(otp_version) - libotp_la_DEPENDENCIES = $(COMPAT_OBJS) - libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) - - libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) --libntlm_la_LDFLAGS = -version-info $(ntlm_version) -+libntlm_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(ntlm_version) - libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) - libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) - - libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) --libpassdss_la_LDFLAGS = -version-info $(passdss_version) -+libpassdss_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(passdss_version) - libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) - libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) - - # Auxprop Plugins - libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) --libsasldb_la_LDFLAGS = -version-info $(sasldb_version) -+libsasldb_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(sasldb_version) - libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS) - libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS) - - libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources) --libldapdb_la_LDFLAGS = $(LIB_LDAP) -version-info $(ldapdb_version) -+libldapdb_la_LDFLAGS = $(AM_LDFLAGS) $(LIB_LDAP) -version-info $(ldapdb_version) - libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) - libldapdb_la_LIBADD = $(COMPAT_OBJS) - - libsql_la_SOURCES = sql.c sql_init.c $(common_sources) --libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version) -+libsql_la_LDFLAGS = $(AM_LDFLAGS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version) - libsql_la_DEPENDENCIES = $(COMPAT_OBJS) - libsql_la_LIBADD = $(COMPAT_OBJS) - diff --git a/abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch b/abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch deleted file mode 100644 index fd35632..0000000 --- a/abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch +++ /dev/null @@ -1,71 +0,0 @@ -http://bugs.gentoo.org/152544 - ---- cyrus-sasl-2.1.22/lib/Makefile.am -+++ cyrus-sasl-2.1.22/lib/Makefile.am -@@ -45,6 +45,7 @@ sasl_version = 2:22:0 - - INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb - -+AM_CFLAGS = -fPIC - EXTRA_DIST = windlopen.c staticopen.h NTMakefile - EXTRA_LIBRARIES = libsasl2.a - noinst_LIBRARIES = @SASL_STATIC_LIBS@ ---- cyrus-sasl-2.1.22/plugins/Makefile.am -+++ cyrus-sasl-2.1.22/plugins/Makefile.am -@@ -63,6 +63,7 @@ srp_version = 2:22:0 - - INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include - AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -+AM_CFLAGS = -fPIC - - COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ - ---- cyrus-sasl-2.1.22/sasldb/Makefile.am -+++ cyrus-sasl-2.1.22/sasldb/Makefile.am -@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top - - extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c - -+AM_CFLAGS = -fPIC - EXTRA_DIST = NTMakefile - - noinst_LTLIBRARIES = libsasldb.la ---- cyrus-sasl-2.1.22/utils/Makefile.am -+++ cyrus-sasl-2.1.22/utils/Makefile.am -@@ -42,7 +42,7 @@ - # - ################################################################ - --all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) -+all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT) - all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) - - sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer ---- cyrus-sasl-2.1.22/sample/Makefile.am -+++ cyrus-sasl-2.1.22/sample/Makefile.am -@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c - server_SOURCES = server.c common.c common.h - client_SOURCES = client.c common.c common.h - --server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) --client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) -+server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) -+client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) - --sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) --sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) -+sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) -+sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT) - - EXTRA_DIST = NTMakefile ---- cyrus-sasl-2.1.22/lib/Makefile.am -+++ cyrus-sasl-2.1.22/lib/Makefile.am -@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la - libsasl2_la_SOURCES = $(common_sources) $(common_headers) - libsasl2_la_LDFLAGS = -version-info $(sasl_version) - libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) --libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) -+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT) - - if MACOSX - framedir = /Library/Frameworks/SASL2.framework diff --git a/abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch b/abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch deleted file mode 100644 index f5f372d..0000000 --- a/abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch +++ /dev/null @@ -1,28 +0,0 @@ -fix warnings: - -auth_sasldb.c: In function ‘auth_sasldb’: -auth_sasldb.c:144: warning: implicit declaration of function ‘gethostname’ - -auth_sasldb.c:153: warning: passing argument 8 of ‘_sasldb_getdata’ from incompatible pointer type -../sasldb/sasldb.h:60: note: expected ‘size_t *’ but argument is of type ‘int *’ - ---- saslauthd/auth_sasldb.c -+++ saslauthd/auth_sasldb.c -@@ -41,6 +41,7 @@ - #include <string.h> - #include <stdlib.h> - #include <pwd.h> -+#include <unistd.h> - /* END PUBLIC DEPENDENCIES */ - - #define RETURN(x) return strdup(x) -@@ -131,7 +132,8 @@ - /* VARIABLES */ - char pw[1024]; /* pointer to passwd file entry */ - sasl_utils_t utils; -- int ret, outsize; -+ int ret; -+ size_t outsize; - const char *use_realm; - char realm_buf[MAXHOSTNAMELEN]; - /* END VARIABLES */ diff --git a/abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch b/abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch new file mode 100644 index 0000000..3a4820f --- /dev/null +++ b/abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.26/include/sasl.h 2012-10-12 09:05:48.000000000 -0500 ++++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600 +@@ -223,6 +223,8 @@ extern "C" { + * they must be called before all other SASL functions: + */ + ++#include <sys/types.h> ++ + /* memory allocation functions which may optionally be replaced: + */ + typedef void *sasl_malloc_t(size_t); diff --git a/abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch b/abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch new file mode 100644 index 0000000..c02a214 --- /dev/null +++ b/abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch @@ -0,0 +1,435 @@ +diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c +--- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 2012-01-28 00:31:36.000000000 +0100 ++++ cyrus-sasl-2.1.26/plugins/ntlm.c 2016-11-07 16:15:57.498259304 +0100 +@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char + return P24; + } + ++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return HMAC_CTX_new(); ++#else ++ return utils->malloc(sizeof(HMAC_CTX)); ++#endif ++} ++ ++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ HMAC_CTX_free(ctx); ++#else ++ HMAC_cleanup(ctx); ++ utils->free(ctx); ++#endif ++} ++ + static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, + const char *authid, const char *target, + const unsigned char *challenge, +@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char * + const sasl_utils_t *utils, + char **buf, unsigned *buflen, int *result) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx = NULL; + unsigned char hash[EVP_MAX_MD_SIZE]; + char *upper; + unsigned int len; +@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char * + SETERROR(utils, "cannot allocate NTLMv2 hash"); + *result = SASL_NOMEM; + } ++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate HMAC CTX"); ++ *result = SASL_NOMEM; ++ } + else { + /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ + P16_nt(hash, passwd, utils, buf, buflen, result); +@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char * + HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); + + /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ +- HMAC_Init(&ctx, hash, len, EVP_md5()); +- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); +- HMAC_Update(&ctx, blob, bloblen); +- HMAC_Final(&ctx, V2, &len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); ++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); ++ HMAC_Update(ctx, blob, bloblen); ++ HMAC_Final(ctx, V2, &len); + + /* the blob is concatenated outside of this function */ + + *result = SASL_OK; + } + ++ if (ctx) _plug_HMAC_CTX_free(ctx, utils); ++ + return V2; + } + +diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c +--- cyrus-sasl-2.1.26/plugins/otp.c.openssl110 2012-10-12 16:05:48.000000000 +0200 ++++ cyrus-sasl-2.1.26/plugins/otp.c 2016-11-07 16:13:54.374327601 +0100 +@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti + {NULL, 0, NULL} + }; + ++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ return EVP_MD_CTX_new(); ++#else ++ return utils->malloc(sizeof(EVP_MD_CTX)); ++#endif ++} ++ ++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) ++{ ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(ctx); ++#else ++ utils->free(ctx); ++#endif ++} ++ + /* Convert the binary data into ASCII hex */ + void bin2hex(unsigned char *bin, int binlen, char *hex) + { +@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin + * swabbing bytes if necessary. + */ + static void otp_hash(const EVP_MD *md, char *in, size_t inlen, +- unsigned char *out, int swab) ++ unsigned char *out, int swab, EVP_MD_CTX *mdctx) + { +- EVP_MD_CTX mdctx; +- char hash[EVP_MAX_MD_SIZE]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned int i; + int j; + unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, in, inlen); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, in, inlen); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* Fold the result into 64 bits */ + for (i = OTP_HASH_SIZE; i < hashlen; i++) { +@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils + char *secret, char *otp) + { + const EVP_MD *md; +- char *key; ++ EVP_MD_CTX *mdctx = NULL; ++ char *key = NULL; ++ int r = SASL_OK; + + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, +@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ r = SASL_NOMEM; ++ goto done; ++ } ++ + if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { + SETERROR(utils, "cannot allocate OTP key"); +- return SASL_NOMEM; ++ r = SASL_NOMEM; ++ goto done; + } + + /* initial step */ + strcpy(key, seed); + strcat(key, secret); +- otp_hash(md, key, strlen(key), otp, alg->swab); ++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); + + /* computation step */ + while (seq-- > 0) +- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); +- +- utils->free(key); ++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); ++ ++ done: ++ if (key) utils->free(key); ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); + +- return SASL_OK; ++ return r; + } + + static int parse_challenge(const sasl_utils_t *utils, +@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg + + /* Convert the 6 words into binary data */ + static int word2bin(const sasl_utils_t *utils, +- char *words, unsigned char *bin, const EVP_MD *md) ++ char *words, unsigned char *bin, const EVP_MD *md, ++ EVP_MD_CTX *mdctx) + { + int i, j; + char *c, *word, buf[OTP_RESPONSE_MAX+1]; +@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t * + + /* alternate dictionary */ + if (alt_dict) { +- EVP_MD_CTX mdctx; +- char hash[EVP_MAX_MD_SIZE]; +- int hashlen; ++ unsigned char hash[EVP_MAX_MD_SIZE]; ++ unsigned hashlen; + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, word, strlen(word)); +- EVP_DigestFinal(&mdctx, hash, &hashlen); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, word, strlen(word)); ++ EVP_DigestFinal(mdctx, hash, &hashlen); + + /* use lowest 11 bits */ + x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; +@@ -802,6 +834,7 @@ static int verify_response(server_contex + char *response) + { + const EVP_MD *md; ++ EVP_MD_CTX *mdctx = NULL; + char *c; + int do_init = 0; + unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; +@@ -815,6 +848,11 @@ static int verify_response(server_contex + return SASL_FAIL; + } + ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { ++ SETERROR(utils, "cannot allocate MD CTX"); ++ return SASL_NOMEM; ++ } ++ + /* eat leading whitespace */ + c = response; + while (isspace((int) *c)) c++; +@@ -824,7 +862,7 @@ static int verify_response(server_contex + r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); + } + else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { +- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); + } + else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, + strlen(OTP_INIT_HEX_TYPE))) { +@@ -834,7 +872,7 @@ static int verify_response(server_contex + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { + do_init = 1; +- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); ++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); + } + else { + SETERROR(utils, "unknown OTP extended response type"); +@@ -843,14 +881,15 @@ static int verify_response(server_contex + } + else { + /* standard response, try word first, and then hex */ +- r = word2bin(utils, c, cur_otp, md); ++ r = word2bin(utils, c, cur_otp, md, mdctx); + if (r != SASL_OK) + r = hex2bin(c, cur_otp, OTP_HASH_SIZE); + } + + if (r == SASL_OK) { + /* do one more hash (previous otp) and compare to stored otp */ +- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); ++ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE, ++ prev_otp, text->alg->swab, mdctx); + + if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { + /* update the secret with this seq/otp */ +@@ -879,23 +918,28 @@ static int verify_response(server_contex + *new_resp++ = '\0'; + } + +- if (!(new_chal && new_resp)) +- return SASL_BADAUTH; ++ if (!(new_chal && new_resp)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) + != SASL_OK) { +- return r; ++ goto done; + } + +- if (seq < 1 || !strcasecmp(seed, text->seed)) +- return SASL_BADAUTH; ++ if (seq < 1 || !strcasecmp(seed, text->seed)) { ++ r = SASL_BADAUTH; ++ goto done; ++ } + + /* find the MDA */ + if (!(md = EVP_get_digestbyname(alg->evp_name))) { + utils->seterror(utils->conn, 0, + "OTP algorithm %s is not available", + alg->evp_name); +- return SASL_BADAUTH; ++ r = SASL_BADAUTH; ++ goto done; + } + + if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { +@@ -903,7 +947,7 @@ static int verify_response(server_contex + } + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, + strlen(OTP_INIT_WORD_TYPE))) { +- r = word2bin(utils, new_resp, new_otp, md); ++ r = word2bin(utils, new_resp, new_otp, md, mdctx); + } + + if (r == SASL_OK) { +@@ -914,7 +958,10 @@ static int verify_response(server_contex + memcpy(text->otp, new_otp, OTP_HASH_SIZE); + } + } +- ++ ++ done: ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); ++ + return r; + } + +diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c +--- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 2016-11-07 16:13:54.347327616 +0100 ++++ cyrus-sasl-2.1.26/saslauthd/lak.c 2016-11-07 16:18:42.283167898 +0100 +@@ -61,6 +61,35 @@ + #include <sasl.h> + #include "lak.h" + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ return EVP_MD_CTX_create(); ++} ++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return; ++ ++ EVP_MD_CTX_destroy(ctx); ++} ++ ++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) ++{ ++ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); ++ ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++ return ctx; ++} ++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) ++{ ++ OPENSSL_free(ctx); ++ return; ++} ++#endif ++ + typedef struct lak_auth_method { + int method; + int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ; +@@ -1720,20 +1749,28 @@ static int lak_base64_decode( + + int rc, i, tlen = 0; + char *text; +- EVP_ENCODE_CTX EVP_ctx; ++ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new(); + +- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); + if (text == NULL) + return LAK_NOMEM; + +- EVP_DecodeInit(&EVP_ctx); +- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src)); ++ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); ++ if (text == NULL) { ++ EVP_ENCODE_CTX_free(enc_ctx); ++ return LAK_NOMEM; ++ } ++ ++ EVP_DecodeInit(enc_ctx); ++ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src)); + if (rc < 0) { ++ EVP_ENCODE_CTX_free(enc_ctx); + free(text); + return LAK_FAIL; + } + tlen += i; +- EVP_DecodeFinal(&EVP_ctx, text, &i); ++ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); ++ ++ EVP_ENCODE_CTX_free(enc_ctx); + + *ret = text; + if (rlen != NULL) +@@ -1749,7 +1786,7 @@ static int lak_check_hashed( + { + int rc, clen; + LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock; +- EVP_MD_CTX mdctx; ++ EVP_MD_CTX *mdctx; + const EVP_MD *md; + unsigned char digest[EVP_MAX_MD_SIZE]; + char *cred; +@@ -1758,17 +1795,24 @@ static int lak_check_hashed( + if (!md) + return LAK_FAIL; + ++ mdctx = EVP_MD_CTX_new(); ++ if (!mdctx) ++ return LAK_NOMEM; ++ + rc = lak_base64_decode(hash, &cred, &clen); +- if (rc != LAK_OK) ++ if (rc != LAK_OK) { ++ EVP_MD_CTX_free(mdctx); + return rc; ++ } + +- EVP_DigestInit(&mdctx, md); +- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd)); ++ EVP_DigestInit(mdctx, md); ++ EVP_DigestUpdate(mdctx, passwd, strlen(passwd)); + if (hrock->salted) { +- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)], ++ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)], + clen - EVP_MD_size(md)); + } +- EVP_DigestFinal(&mdctx, digest, NULL); ++ EVP_DigestFinal(mdctx, digest, NULL); ++ EVP_MD_CTX_free(mdctx); + + rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md)); + free(cred); diff --git a/abs/core/libsasl/cyrus-sasl-gssapi.patch b/abs/core/libsasl/cyrus-sasl-gssapi.patch new file mode 100644 index 0000000..cfbcd8b --- /dev/null +++ b/abs/core/libsasl/cyrus-sasl-gssapi.patch @@ -0,0 +1,16 @@ +diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c +--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c 2016-06-10 13:55:25.985676293 -0700 ++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2016-06-10 13:58:00.687337430 -0700 +@@ -1583,10 +1583,10 @@ + } + + /* Setup req_flags properly */ +- req_flags = GSS_C_INTEG_FLAG; ++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; + if (params->props.max_ssf > params->external_ssf) { + /* We are requesting a security layer */ +- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; ++ req_flags |= GSS_C_INTEG_FLAG; + /* Any SSF bigger than 1 is confidentiality. */ + /* Let's check if the client of the API requires confidentiality, + and it wasn't already provided by an external layer */ diff --git a/abs/core/libsasl/cyrus-sasl-sql.patch b/abs/core/libsasl/cyrus-sasl-sql.patch new file mode 100644 index 0000000..2dcdad8 --- /dev/null +++ b/abs/core/libsasl/cyrus-sasl-sql.patch @@ -0,0 +1,39 @@ +--- configure.in 2012-10-12 16:05:48.000000000 +0200 ++++ configure.in 2013-05-11 18:48:59.021848013 +0200 +@@ -861,9 +860,9 @@ + notfound) AC_WARN([SQLite Library not found]); true;; + *) + if test -d ${with_sqlite}/lib; then +- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" ++ LIB_SQLITE="-L${with_sqlite}/lib" + else +- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" ++ LIB_SQLITE="-L${with_sqlite}" + fi + + LIB_SQLITE_DIR=$LIB_SQLITE +@@ -913,9 +912,9 @@ + notfound) AC_WARN([SQLite3 Library not found]); true;; + *) + if test -d ${with_sqlite3}/lib; then +- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" ++ LIB_SQLITE3="-L${with_sqlite3}/lib" + else +- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" ++ LIB_SQLITE3="-L${with_sqlite3}" + fi + + LIB_SQLITE3_DIR=$LIB_SQLITE3 +--- configure.in ++++ configure.in +@@ -674,7 +674,9 @@ + LIB_PGSQL_DIR=$LIB_PGSQL + LIB_PGSQL="$LIB_PGSQL -lpq" + +- if test -d ${with_pgsql}/include/pgsql; then ++ if test -d ${with_pgsql}/include/postgresql/pgsql; then ++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql" ++ elif test -d ${with_pgsql}/include/pgsql; then + CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" + elif test -d ${with_pgsql}/pgsql/include; then + CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" diff --git a/abs/core/libsasl/fix-pkgconfig.patch b/abs/core/libsasl/fix-pkgconfig.patch new file mode 100644 index 0000000..3b1c38e --- /dev/null +++ b/abs/core/libsasl/fix-pkgconfig.patch @@ -0,0 +1,27 @@ +From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro <icq@gnome.org> +Date: Fri, 20 Nov 2015 11:16:31 +0100 +Subject: [PATCH] Fix up pkgconfig pc file + +--- + libsasl2.pc.in | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libsasl2.pc.in b/libsasl2.pc.in +index 40bea37..ddad76d 100644 +--- a/libsasl2.pc.in ++++ b/libsasl2.pc.in +@@ -1,8 +1,12 @@ +-libdir = @libdir@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ + + Name: Cyrus SASL + Description: Cyrus SASL implementation + URL: http://www.cyrussasl.org/ + Version: @VERSION@ ++Cflags: -I${includedir} + Libs: -L${libdir} -lsasl2 + Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@ diff --git a/abs/core/libsasl/saslauthd b/abs/core/libsasl/saslauthd deleted file mode 100644 index 6afafae..0000000 --- a/abs/core/libsasl/saslauthd +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -# source application-specific settings -[ -f /etc/conf.d/saslauthd ] && . /etc/conf.d/saslauthd - -. /etc/rc.conf -. /etc/rc.d/functions - -DAEMON_NAME="saslauthd" -SASLAUTHD_BIN=/usr/sbin/saslauthd -SASLAUTHD_RUN=/var/run/saslauthd -SASLAUTHD_PID=$SASLAUTHD_RUN/saslauthd.pid - -case "$1" in - start) - stat_busy "Starting $DAEMON_NAME" - [ ! -d /var/run/saslauthd ] && install -d /var/run/saslauthd - if $SASLAUTHD_BIN $SASLAUTHD_OPTS >/dev/null; then - add_daemon $DAEMON_NAME - stat_done - else - stat_fail - exit 1 - fi - ;; - - stop) - stat_busy "Stopping $DAEMON_NAME" - [ -f $SASLAUTHD_PID ] && kill `cat $SASLAUTHD_PID` &>/dev/null - if [ $? -gt 0 ]; then - stat_fail - exit 1 - else - rm_daemon $DAEMON_NAME - stat_done - fi - ;; - - restart) - $0 stop - sleep 1 - $0 start - ;; - - *) - echo "usage: $0 {start|stop|restart}" -esac -exit 0 -# vim: ts=2 sw=2 et ft=sh diff --git a/abs/core/libsasl/saslauthd.service b/abs/core/libsasl/saslauthd.service new file mode 100644 index 0000000..978dbd3 --- /dev/null +++ b/abs/core/libsasl/saslauthd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Cyrus SASL authentication daemon + +[Service] +Type=forking +EnvironmentFile=/etc/conf.d/saslauthd +ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS +PIDFile=/var/run/saslauthd/saslauthd.pid + +[Install] +WantedBy=multi-user.target diff --git a/abs/core/libsasl/tmpfiles.conf b/abs/core/libsasl/tmpfiles.conf new file mode 100644 index 0000000..7258b1a --- /dev/null +++ b/abs/core/libsasl/tmpfiles.conf @@ -0,0 +1 @@ +d /run/saslauthd 0755 root root - - |