From 3ac7c7b26d22adb0e35f92620e55115f153e589e Mon Sep 17 00:00:00 2001
From: Britney Fransen <brfransen@gmail.com>
Date: Wed, 28 Feb 2018 18:45:21 +0000
Subject: libsasl: update to 2.1.26
---
abs/core/libsasl/0003_saslauthd_mdoc.patch | 35 --
abs/core/libsasl/0012_xopen_crypt_prototype.patch | 20 -
.../libsasl/0016_pid_file_lock_creation_mask.patch | 27 --
abs/core/libsasl/0018_auth_rimap_quotes.patch | 35 --
abs/core/libsasl/0019_ldap_deprecated.patch | 22 --
.../libsasl/0022_gcc4.4_preprocessor_syntax.patch | 26 --
abs/core/libsasl/0027_db5_support.patch | 24 --
abs/core/libsasl/CVE-2013-4122.patch | 116 ++++++
abs/core/libsasl/PKGBUILD | 142 +++----
abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch | 170 --------
.../libsasl/cyrus-sasl-2.1.22-automake-1.10.patch | 94 -----
abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch | 71 ----
abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch | 28 --
abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch | 11 +
.../libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch | 435 +++++++++++++++++++++
abs/core/libsasl/cyrus-sasl-gssapi.patch | 16 +
abs/core/libsasl/cyrus-sasl-sql.patch | 39 ++
abs/core/libsasl/fix-pkgconfig.patch | 27 ++
abs/core/libsasl/saslauthd | 49 ---
abs/core/libsasl/saslauthd.service | 11 +
abs/core/libsasl/tmpfiles.conf | 1 +
21 files changed, 727 insertions(+), 672 deletions(-)
delete mode 100644 abs/core/libsasl/0003_saslauthd_mdoc.patch
delete mode 100644 abs/core/libsasl/0012_xopen_crypt_prototype.patch
delete mode 100644 abs/core/libsasl/0016_pid_file_lock_creation_mask.patch
delete mode 100644 abs/core/libsasl/0018_auth_rimap_quotes.patch
delete mode 100644 abs/core/libsasl/0019_ldap_deprecated.patch
delete mode 100644 abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch
delete mode 100644 abs/core/libsasl/0027_db5_support.patch
create mode 100644 abs/core/libsasl/CVE-2013-4122.patch
delete mode 100644 abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch
delete mode 100644 abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch
delete mode 100644 abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch
delete mode 100644 abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch
create mode 100644 abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch
create mode 100644 abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch
create mode 100644 abs/core/libsasl/cyrus-sasl-gssapi.patch
create mode 100644 abs/core/libsasl/cyrus-sasl-sql.patch
create mode 100644 abs/core/libsasl/fix-pkgconfig.patch
delete mode 100644 abs/core/libsasl/saslauthd
create mode 100644 abs/core/libsasl/saslauthd.service
create mode 100644 abs/core/libsasl/tmpfiles.conf
diff --git a/abs/core/libsasl/0003_saslauthd_mdoc.patch b/abs/core/libsasl/0003_saslauthd_mdoc.patch
deleted file mode 100644
index 694f4bb..0000000
--- a/abs/core/libsasl/0003_saslauthd_mdoc.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-0003_saslauthd_mdoc.dpatch by <fabbe@debian.org>
-
-Use the correct path for the saslauthd.conf file, and use another
-date format (cosmetic).
-
-diff -urNad trunk~/saslauthd/saslauthd.mdoc trunk/saslauthd/saslauthd.mdoc
---- trunk~/saslauthd/saslauthd.mdoc 2006-05-29 22:52:42.000000000 +0300
-+++ trunk/saslauthd/saslauthd.mdoc 2006-07-12 15:05:25.000000000 +0300
-@@ -10,7 +10,7 @@
- .\" manpage in saslauthd.8 whenever you change this source
- .\" version. Only the pre-formatted manpage is installed.
- .\"
--.Dd 10 24 2002
-+.Dd October 24 2002
- .Dt SASLAUTHD 8
- .Os "CMU-SASL"
- .Sh NAME
-@@ -216,7 +216,7 @@
- .Em (All platforms that support OpenLDAP 2.0 or higher)
- .Pp
- Authenticate against an ldap server. The ldap configuration parameters are
--read from /usr/local/etc/saslauthd.conf. The location of this file can be
-+read from /etc/saslauthd.conf. The location of this file can be
- changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
- distribution for the list of available parameters.
- .It Li sia
-@@ -249,7 +249,7 @@
- .Bl -tag -width "/var/run/saslauthd/mux"
- .It Pa /var/run/saslauthd/mux
- The default communications socket.
--.It Pa /usr/local/etc/saslauthd.conf
-+.It Pa /etc/saslauthd.conf
- The default configuration file for ldap support.
- .El
- .Sh SEE ALSO
diff --git a/abs/core/libsasl/0012_xopen_crypt_prototype.patch b/abs/core/libsasl/0012_xopen_crypt_prototype.patch
deleted file mode 100644
index d50ec83..0000000
--- a/abs/core/libsasl/0012_xopen_crypt_prototype.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-0012_xopen_crypt_prototype.dpatch by <dannf@debian.org>
-
-When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h>
-will define a correct function prototype for the crypt function.
-This avoids segfaults on architectures where the size of a pointer
-is greater than the size of an integer (ia64 and amd64 are examples).
-This may be detected by looking for build log lines such as the
-following:
-auth_shadow.c:183: warning: implicit declaration of function ‘crypt’
-auth_shadow.c:183: warning: cast to pointer from integer of different
-size
-
-diff -urNad trunk~/saslauthd/auth_shadow.c trunk/saslauthd/auth_shadow.c
---- trunk~/saslauthd/auth_shadow.c 2006-05-29 22:52:42.000000000 +0300
-+++ trunk/saslauthd/auth_shadow.c 2006-11-08 13:44:23.000000000 +0200
-@@ -1,3 +1,4 @@
-+#define _XOPEN_SOURCE
- #define PWBUFSZ 256 /***SWB***/
-
- /* MODULE: auth_shadow */
diff --git a/abs/core/libsasl/0016_pid_file_lock_creation_mask.patch b/abs/core/libsasl/0016_pid_file_lock_creation_mask.patch
deleted file mode 100644
index e9170ce..0000000
--- a/abs/core/libsasl/0016_pid_file_lock_creation_mask.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-0016_pid_file_lock_creation_mask.dpatch by Sam Hocevar <sam@zoy.org>
-
-pid_file_lock is created with a mask of 644 instead of 0644.
-This patch fixes this octal/decimal confusion as well as the
-(harmless) one in the previous umask() call.
-
-diff -urNad trunk~/saslauthd/saslauthd-main.c trunk/saslauthd/saslauthd-main.c
---- trunk~/saslauthd/saslauthd-main.c 2006-05-29 22:52:42.000000000 +0300
-+++ trunk/saslauthd/saslauthd-main.c 2007-06-26 12:07:10.000000000 +0300
-@@ -276,7 +276,7 @@
- exit(1);
- }
-
-- umask(077);
-+ umask(0077);
-
- pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1;
- if ((pid_file_lock = malloc(pid_file_size)) == NULL) {
-@@ -287,7 +287,7 @@
- strlcpy(pid_file_lock, run_path, pid_file_size);
- strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size);
-
-- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) {
-+ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) {
- rc = errno;
- logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock);
- logger(L_ERR, L_FUNC, "open: %s", strerror(rc));
diff --git a/abs/core/libsasl/0018_auth_rimap_quotes.patch b/abs/core/libsasl/0018_auth_rimap_quotes.patch
deleted file mode 100644
index 13fa999..0000000
--- a/abs/core/libsasl/0018_auth_rimap_quotes.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-0016_auth_rimap_quotes.dpatch by <fabbe@debian.org>
-
-All lines beginning with `## DP:' are a description of the patch.
-Avoid infinite loop when username/password has a double quote character.
-Upstream change: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/saslauthd/auth_rimap.c.diff?r1=1.12;r2=1.13
-
-diff -urNad etch~/saslauthd/auth_rimap.c etch/saslauthd/auth_rimap.c
---- etch~/saslauthd/auth_rimap.c 2007-03-29 15:16:20.000000000 +0300
-+++ etch/saslauthd/auth_rimap.c 2008-02-13 13:42:53.000000000 +0200
-@@ -162,6 +162,7 @@
- num_quotes = 0;
- p1 = s;
- while ((p1 = strchr(p1, '"')) != NULL) {
-+ p1++;
- num_quotes++;
- }
-
-@@ -438,7 +439,7 @@
- syslog(LOG_WARNING, "auth_rimap: writev: %m");
- memset(qlogin, 0, strlen(qlogin));
- free(qlogin);
-- memset(qpass, 0, strlen(qlogin));
-+ memset(qpass, 0, strlen(qpass));
- free(qpass);
- (void)close(s);
- return strdup(RESP_IERROR);
-@@ -447,7 +448,7 @@
- /* don't need these any longer */
- memset(qlogin, 0, strlen(qlogin));
- free(qlogin);
-- memset(qpass, 0, strlen(qlogin));
-+ memset(qpass, 0, strlen(qpass));
- free(qpass);
-
- /* read and parse the LOGIN response */
diff --git a/abs/core/libsasl/0019_ldap_deprecated.patch b/abs/core/libsasl/0019_ldap_deprecated.patch
deleted file mode 100644
index 8825256..0000000
--- a/abs/core/libsasl/0019_ldap_deprecated.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-0019_ldap_deprecated.dpatch by dann frazier <dannf@debian.org>
-
-The function ldap_get_values, used in saslauthd/lak.c, is deprecated.
-Therefore, its prototype is not included by default when compiling
-against the ldap.h headers. As a result, the compiler cannot know the
-return type of the function at compile time, and will implicitly
-convert to a pointer. This has implications on 64-bit systems.
-This patch sets the deprecation mode on, so that the function prototype
-gets included when compiling.
-(Description by Fabian Fagerholm <fabbe@debian.org>)
-
-diff -urNad trunk~/saslauthd/lak.c trunk/saslauthd/lak.c
---- trunk~/saslauthd/lak.c 2006-06-04 12:26:20.000000000 +0300
-+++ trunk/saslauthd/lak.c 2008-02-15 14:32:11.000000000 +0200
-@@ -55,6 +55,7 @@
- #include <openssl/des.h>
- #endif
-
-+#define LDAP_DEPRECATED 1
- #include <ldap.h>
- #include <lber.h>
- #include <sasl.h>
diff --git a/abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch b/abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch
deleted file mode 100644
index a49b553..0000000
--- a/abs/core/libsasl/0022_gcc4.4_preprocessor_syntax.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-0022_gcc4.4_preprocessor_syntax.dpatch by <fabbe@paniq.net>
-
-The #elif preprocessor directive requires a test condition.
-GCC 4.4 enforces this rule.
-
-diff -urNad trunk~/plugins/digestmd5.c trunk/plugins/digestmd5.c
---- trunk~/plugins/digestmd5.c 2006-06-04 12:26:19.000000000 +0300
-+++ trunk/plugins/digestmd5.c 2009-01-26 13:29:40.000000000 +0200
-@@ -2715,7 +2715,7 @@
- "DIGEST-MD5", /* mech_name */
- #ifdef WITH_RC4
- 128, /* max_ssf */
--#elif WITH_DES
-+#elif defined(WITH_DES)
- 112,
- #else
- 1,
-@@ -4034,7 +4034,7 @@
- "DIGEST-MD5",
- #ifdef WITH_RC4 /* mech_name */
- 128, /* max ssf */
--#elif WITH_DES
-+#elif defined(WITH_DES)
- 112,
- #else
- 1,
diff --git a/abs/core/libsasl/0027_db5_support.patch b/abs/core/libsasl/0027_db5_support.patch
deleted file mode 100644
index 5228240..0000000
--- a/abs/core/libsasl/0027_db5_support.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Author: Ondřej Surý <ondrej@debian.org>
-Description: Support newer Berkeley DB versions
---- a/sasldb/db_berkeley.c
-+++ b/sasldb/db_berkeley.c
-@@ -101,7 +101,7 @@ static int berkeleydb_open(const sasl_ut
- ret = db_create(mbdb, NULL, 0);
- if (ret == 0 && *mbdb != NULL)
- {
--#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
-+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
- ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660);
- #else
- ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660);
---- a/utils/dbconverter-2.c
-+++ b/utils/dbconverter-2.c
-@@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p
- ret = db_create(mbdb, NULL, 0);
- if (ret == 0 && *mbdb != NULL)
- {
--#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
-+#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1))
- ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664);
- #else
- ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);
diff --git a/abs/core/libsasl/CVE-2013-4122.patch b/abs/core/libsasl/CVE-2013-4122.patch
new file mode 100644
index 0000000..d6b9800
--- /dev/null
+++ b/abs/core/libsasl/CVE-2013-4122.patch
@@ -0,0 +1,116 @@
+From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Thu, 11 Jul 2013 09:08:07 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt()
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Patch by mancha1@hush.com.
+---
+diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
+index 4b34222..400289c 100644
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ char *userid;
+ char *password;
+ {
+ char* r;
++ char* crpt_passwd;
+ struct passwd *pwd;
+
+ pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+ else if (pwd->pw_passwd[0] == '*') {
+ r = "Account disabled";
+ }
+- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ r = "Incorrect password";
+ }
+ else {
+diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
+index 2b11286..6d607bb 100644
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -32,13 +32,15 @@ char *userid;
+ char *password;
+ {
+ struct spwd *pwd;
++ char *crpt_passwd;
+
+ pwd = getspnam(userid);
+ if (!pwd) {
+ return "Userid not found";
+ }
+
+- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++ crpt_passwd = crypt(password, pwd->sp_pwdp);
++ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ return "Incorrect password";
+ }
+ else {
+diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
+index fc8029d..d4ebe54 100644
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -77,6 +77,7 @@ auth_getpwent (
+ {
+ /* VARIABLES */
+ struct passwd *pw; /* pointer to passwd file entry */
++ char *crpt_passwd; /* encrypted password */
+ int errnum;
+ /* END VARIABLES */
+
+@@ -105,7 +106,8 @@ auth_getpwent (
+ }
+ }
+
+- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++ crpt_passwd = crypt(password, pw->pw_passwd);
++ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
+ }
+diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
+index 677131b..1988afd 100644
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -210,8 +210,8 @@ auth_shadow (
+ RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
+ }
+
+- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+- if (strcmp(sp->sp_pwdp, cpw)) {
++ cpw = crypt(password, sp->sp_pwdp);
++ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ if (flags & VERBOSE) {
+ /*
+ * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -221,10 +221,8 @@ auth_shadow (
+ syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ sp->sp_pwdp, cpw);
+ }
+- free(cpw);
+ RETURN("NO Incorrect password");
+ }
+- free(cpw);
+
+ /*
+ * The following fields will be set to -1 if:
+@@ -286,7 +284,7 @@ auth_shadow (
+ RETURN("NO Invalid username");
+ }
+
+- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ password, upw->upw_passwd);
+--
+cgit v0.9.2
diff --git a/abs/core/libsasl/PKGBUILD b/abs/core/libsasl/PKGBUILD
index 2d2de46..d755f72 100644
--- a/abs/core/libsasl/PKGBUILD
+++ b/abs/core/libsasl/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 146449 2012-01-11 15:21:04Z stephane $
+# $Id$
# Maintainer: Jan de Groot <jgc@archlinux.org>
# This package spans multiple repositories.
@@ -7,54 +7,68 @@
#pkgbase=('cyrus-sasl')
#pkgname=('cyrus-sasl' 'cyrus-sasl-gssapi' 'cyrus-sasl-ldap' 'cyrus-sasl-sql')
pkgname=libsasl
-pkgver=2.1.23
-pkgrel=10
+pkgver=2.1.26
+pkgrel=12
pkgdesc="Cyrus Simple Authentication Service Layer (SASL) library"
-arch=('i686' 'x86_64')
+arch=('x86_64')
url="http://cyrusimap.web.cmu.edu/"
license=('custom')
-options=('!makeflags' '!libtool')
-makedepends=('postgresql-libs' 'libmysqlclient' 'libldap' 'krb5' 'openssl')
-source=(ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-${pkgver}.tar.gz
- cyrus-sasl-2.1.19-checkpw.c.patch
- cyrus-sasl-2.1.22-crypt.patch
+options=('!makeflags')
+makedepends=('postgresql-libs' 'libmariadbclient' 'libldap' 'krb5' 'openssl' 'sqlite')
+source=(ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-${pkgver}.tar.gz
cyrus-sasl-2.1.22-qa.patch
- cyrus-sasl-2.1.22-automake-1.10.patch
- cyrus-sasl-2.1.23-authd-fix.patch
- 0003_saslauthd_mdoc.patch
+ cyrus-sasl-2.1.26-size_t.patch
0010_maintainer_mode.patch
0011_saslauthd_ac_prog_libtool.patch
- 0012_xopen_crypt_prototype.patch
- 0016_pid_file_lock_creation_mask.patch
- 0018_auth_rimap_quotes.patch
- 0019_ldap_deprecated.patch
- 0022_gcc4.4_preprocessor_syntax.patch
0025_ld_as_needed.patch
0026_drop_krb5support_dependency.patch
- 0027_db5_support.patch
0030-dont_use_la_files_for_opening_plugins.patch
+ saslauthd.service
saslauthd.conf.d
- saslauthd)
+ tmpfiles.conf
+ CVE-2013-4122.patch
+ cyrus-sasl-sql.patch
+ cyrus-sasl-gssapi.patch
+ cyrus-sasl-2.1.27-openssl-1.1.0.patch
+ fix-pkgconfig.patch)
+md5sums=('a7f4e5e559a0e37b3ffc438c9456e425'
+ '79b8a5e8689989e2afd4b7bda595a7b1'
+ 'f45aa8c42b32e0569ab3d14a83485b37'
+ 'f45d8b60e8f74dd7f7c2ec1665fa602a'
+ '9d93880514cb5ff5da969f1ceb64a661'
+ '62bf892fe4d1df41ff748e91a1afaf67'
+ 'b7848957357e7c02d6490102be496bf9'
+ '8e7106f32e495e9ade69014fd1b3352a'
+ '3499dcd610ad1ad58e0faffde2aa7a23'
+ '49219af5641150edec288a3fdb65e7c1'
+ '45bb0192d2f188066240b9a66ee6365f'
+ 'c5f0ec88c584a75c14d7f402eaeed7ef'
+ '82c0f66fdc5c1145eb48ea9116c27931'
+ '0363b1a0337474a57b1f75f72fe88fa3'
+ 'c8a385bbca9bd79910c6bda3dd02845c'
+ '409727695f9f28a3c43e340232462ff6')
+
+prepare() {
+ cd cyrus-sasl-$pkgver
+ patch -Np1 -i ../cyrus-sasl-2.1.22-qa.patch
+ patch -Np1 -i ../cyrus-sasl-2.1.26-size_t.patch
+ patch -Np1 -i ../0010_maintainer_mode.patch
+ patch -Np1 -i ../0011_saslauthd_ac_prog_libtool.patch
+ patch -Np1 -i ../0025_ld_as_needed.patch
+ patch -Np1 -i ../0026_drop_krb5support_dependency.patch
+ patch -Np1 -i ../0030-dont_use_la_files_for_opening_plugins.patch
+ patch -Np1 -i ../CVE-2013-4122.patch
+ patch -Np0 -i ../cyrus-sasl-sql.patch
+ patch -Np1 -i ../cyrus-sasl-gssapi.patch
+ patch -Np1 -i ../cyrus-sasl-2.1.27-openssl-1.1.0.patch
+ patch -Np1 -i ../fix-pkgconfig.patch
+
+ sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -e 's/libmysqlclient.a/libmysqlclient.so/' -i configure.in
+}
build() {
- cd "${srcdir}/cyrus-sasl-${pkgver}"
- patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.19-checkpw.c.patch"
- patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.22-crypt.patch"
- patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.22-qa.patch"
- patch -Np1 -i "${srcdir}/cyrus-sasl-2.1.22-automake-1.10.patch"
- patch -Np0 -i "${srcdir}/cyrus-sasl-2.1.23-authd-fix.patch"
- patch -Np1 -i "${srcdir}/0003_saslauthd_mdoc.patch"
- patch -Np1 -i "${srcdir}/0010_maintainer_mode.patch"
- patch -Np1 -i "${srcdir}/0011_saslauthd_ac_prog_libtool.patch"
- patch -Np1 -i "${srcdir}/0012_xopen_crypt_prototype.patch"
- patch -Np1 -i "${srcdir}/0016_pid_file_lock_creation_mask.patch"
- patch -Np1 -i "${srcdir}/0018_auth_rimap_quotes.patch"
- patch -Np1 -i "${srcdir}/0019_ldap_deprecated.patch"
- patch -Np1 -i "${srcdir}/0022_gcc4.4_preprocessor_syntax.patch"
- patch -Np1 -i "${srcdir}/0025_ld_as_needed.patch"
- patch -Np1 -i "${srcdir}/0026_drop_krb5support_dependency.patch"
- patch -Np1 -i "${srcdir}/0027_db5_support.patch"
- patch -Np1 -i "${srcdir}/0030-dont_use_la_files_for_opening_plugins.patch"
+ export CFLAGS="$CFLAGS -fPIC"
+ cd cyrus-sasl-$pkgver
rm -f config/config.guess config/config.sub
rm -f config/ltconfig config/ltmain.sh config/libtool.m4
@@ -77,7 +91,7 @@ build() {
popd
./configure --prefix=/usr \
- --sbin=/usr/bin \
+ --sbin=/usr/bin \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--disable-static \
@@ -98,11 +112,15 @@ build() {
--enable-ntlm \
--disable-passdss \
--enable-sql \
+ --with-mysql=/usr \
+ --with-pgsql=/usr/lib \
+ --with-sqlite3=/usr/lib \
--enable-ldapdb \
--disable-macos-framework \
--with-pam \
--with-saslauthd=/var/run/saslauthd \
--with-ldap \
+ --with-dblib=gdbm \
--with-configdir=/etc/sasl2:/etc/sasl:/usr/lib/sasl2 \
--sysconfdir=/etc \
--with-devrandom=/dev/urandom
@@ -114,7 +132,8 @@ package_libsasl() {
depends=('openssl')
conflicts=('cyrus-sasl-plugins')
- cd "${srcdir}/cyrus-sasl-${pkgver}"
+ cd cyrus-sasl-$pkgver
+ make DESTDIR="$pkgdir" install-pkgconfigDATA
for dir in include lib sasldb plugins utils; do
pushd ${dir}
make DESTDIR="${pkgdir}" install
@@ -123,21 +142,21 @@ package_libsasl() {
rm -f "${pkgdir}"/usr/lib/sasl2/libsql.so*
rm -f "${pkgdir}"/usr/lib/sasl2/libgssapiv2.so*
rm -f "${pkgdir}"/usr/lib/sasl2/libldapdb.so*
+ rm -f "${pkgdir}"/usr/lib/sasl2/libgs2.so*
install -m755 -d "${pkgdir}/usr/share/licenses/libsasl"
install -m644 COPYING "${pkgdir}/usr/share/licenses/libsasl/"
}
package_cyrus-sasl() {
- depends=("libsasl=${pkgver}-${pkgrel}")
+ depends=("libsasl=${pkgver}" 'krb5')
pkgdesc="Cyrus saslauthd SASL authentication daemon"
backup=('etc/conf.d/saslauthd')
- cd "${srcdir}/cyrus-sasl-${pkgver}/saslauthd"
+ cd cyrus-sasl-$pkgver/saslauthd
make DESTDIR="${pkgdir}" install
- install -m755 -d "${pkgdir}/etc/rc.d"
- install -m755 -d "${pkgdir}/etc/conf.d"
- install -m755 "${srcdir}/saslauthd" "${pkgdir}/etc/rc.d/"
- install -m644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd"
+ install -Dm644 "${srcdir}/saslauthd.conf.d" "${pkgdir}/etc/conf.d/saslauthd"
+ install -Dm644 "${srcdir}/saslauthd.service" "${pkgdir}/usr/lib/systemd/system/saslauthd.service"
+ install -Dm644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/saslauthd.conf"
install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl"
ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl/"
@@ -145,12 +164,13 @@ package_cyrus-sasl() {
package_cyrus-sasl-gssapi() {
pkgdesc="GSSAPI authentication mechanism for Cyrus SASL"
- depends=("libsasl=${pkgver}-${pkgrel}" 'krb5')
+ depends=("libsasl=${pkgver}" 'krb5')
replaces=('cyrus-sasl-plugins')
- cd "${srcdir}/cyrus-sasl-${pkgver}/plugins"
+ cd cyrus-sasl-$pkgver/plugins
install -m755 -d "${pkgdir}/usr/lib/sasl2"
cp -a .libs/libgssapiv2.so* "${pkgdir}/usr/lib/sasl2/"
+ cp -a .libs/libgs2.so* "${pkgdir}/usr/lib/sasl2/"
install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi"
ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-gssapi/"
@@ -158,10 +178,10 @@ package_cyrus-sasl-gssapi() {
package_cyrus-sasl-ldap() {
pkgdesc="ldapdb auxprop module for Cyrus SASL"
- depends=("libsasl=${pkgver}-${pkgrel}" 'libldap')
+ depends=("libsasl=${pkgver}" 'libldap')
replaces=('cyrus-sasl-plugins')
- cd "${srcdir}/cyrus-sasl-${pkgver}/plugins"
+ cd cyrus-sasl-$pkgver/plugins
install -m755 -d "${pkgdir}/usr/lib/sasl2"
cp -a .libs/libldapdb.so* "${pkgdir}/usr/lib/sasl2/"
@@ -171,33 +191,13 @@ package_cyrus-sasl-ldap() {
package_cyrus-sasl-sql() {
pkgdesc="SQL auxprop module for Cyrus SASL"
- depends=("libsasl=${pkgver}-${pkgrel}" 'postgresql-libs' 'libmysqlclient')
+ depends=("libsasl=${pkgver}" 'postgresql-libs' 'libmariadbclient' 'sqlite')
replaces=('cyrus-sasl-plugins')
- cd "${srcdir}/cyrus-sasl-${pkgver}/plugins"
+ cd cyrus-sasl-$pkgver/plugins
install -m755 -d "${pkgdir}/usr/lib/sasl2"
cp -a .libs/libsql.so* "${pkgdir}/usr/lib/sasl2/"
install -m755 -d "${pkgdir}/usr/share/licenses/cyrus-sasl-sql"
ln -sf ../libsasl/COPYING "${pkgdir}/usr/share/licenses/cyrus-sasl-sql/"
}
-md5sums=('2eb0e48106f0e9cd8001e654f267ecbc'
- 'e27ddff076342e7a3041c4759817d04b'
- 'd7e6886e88af04d05f3dec7f0a59ccf7'
- '79b8a5e8689989e2afd4b7bda595a7b1'
- 'f4131b077ddb5240b375d749162f1b7a'
- 'c7ad2c70c1ef814eb4b119f316c064f2'
- 'caeeac3feba19cbbd36e7345cc805600'
- 'f45d8b60e8f74dd7f7c2ec1665fa602a'
- '9d93880514cb5ff5da969f1ceb64a661'
- 'dfdc052a7e678db9f687482c5d52f34e'
- '4a09f6b24b91f8450892a78e378860da'
- '213abe7c5dfe0d7f446992787da1e780'
- '5a0321177ad30cb5518c8b6812e3961a'
- '0c965748970eea29fa295524821d43f0'
- '62bf892fe4d1df41ff748e91a1afaf67'
- 'b7848957357e7c02d6490102be496bf9'
- 'd86a5aa2e3b5b7c1bad6f8b548b7ea36'
- '8e7106f32e495e9ade69014fd1b3352a'
- '49219af5641150edec288a3fdb65e7c1'
- '75542f613185d5a90520ad0d7d926a20')
diff --git a/abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch b/abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch
deleted file mode 100644
index f7bf44b..0000000
--- a/abs/core/libsasl/cyrus-sasl-2.1.19-checkpw.c.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-diff -ur ../cyrus-sasl-2.1.19.orig/lib/Makefile.in ./lib/Makefile.in
---- ../cyrus-sasl-2.1.19.orig/lib/Makefile.in 2004-07-02 21:40:15.000000000 +0200
-+++ ./lib/Makefile.in 2004-09-07 13:21:22.746680576 +0200
-@@ -120,7 +120,7 @@
- JAVA_TRUE = @JAVA_TRUE@
- LDFLAGS = @LDFLAGS@
- LIBOBJS = @LIBOBJS@
--LIBS = @LIBS@
-+LIBS = -lcrypt @LIBS@
- LIBTOOL = @LIBTOOL@
- LIB_CRYPT = @LIB_CRYPT@
- LIB_DES = @LIB_DES@
-diff -ur ../cyrus-sasl-2.1.19.orig/lib/checkpw.c ./lib/checkpw.c
---- ../cyrus-sasl-2.1.19.orig/lib/checkpw.c 2004-03-17 14:58:13.000000000 +0100
-+++ ./lib/checkpw.c 2004-09-07 13:21:12.645916147 +0200
-@@ -94,6 +94,23 @@
- # endif
- #endif
-
-+/******************************
-+ * crypt(3) patch start *
-+ ******************************/
-+char *crypt(const char *key, const char *salt);
-+
-+/* cleartext password formats */
-+#define PASSWORD_FORMAT_CLEARTEXT 1
-+#define PASSWORD_FORMAT_CRYPT 2
-+#define PASSWORD_FORMAT_CRYPTTRAD 3
-+#define PASSWORD_SALT_BUF_LEN 22
-+
-+/* weeds out crypt(3) password's salt */
-+int _sasl_get_salt (char *dest, char *src, int format);
-+
-+/******************************
-+ * crypt(3) patch stop *
-+ ******************************/
-
- /* we store the following secret to check plaintext passwords:
- *
-@@ -143,7 +160,51 @@
- "*cmusaslsecretPLAIN",
- NULL };
- struct propval auxprop_values[3];
--
-+
-+ /******************************
-+ * crypt(3) patch start *
-+ * for password format check *
-+ ******************************/
-+ sasl_getopt_t *getopt;
-+ void *context;
-+ const char *p = NULL;
-+ /**
-+ * MD5: 12 char salt
-+ * BLOWFISH: 16 char salt
-+ */
-+ char salt[PASSWORD_SALT_BUF_LEN];
-+ int password_format;
-+
-+ /* get password format from auxprop configuration */
-+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
-+ getopt(context, NULL, "password_format", &p, NULL);
-+ }
-+
-+ /* set password format */
-+ if (p) {
-+ /*
-+ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
-+ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
-+ */
-+ /* modern, modular crypt(3) */
-+ if (strncmp(p, "crypt", 11) == 0)
-+ password_format = PASSWORD_FORMAT_CRYPT;
-+ /* traditional crypt(3) */
-+ else if (strncmp(p, "crypt_trad", 11) == 0)
-+ password_format = PASSWORD_FORMAT_CRYPTTRAD;
-+ /* cleartext password */
-+ else
-+ password_format = PASSWORD_FORMAT_CLEARTEXT;
-+ } else {
-+ /* cleartext password */
-+ password_format = PASSWORD_FORMAT_CLEARTEXT;
-+ }
-+
-+ /******************************
-+ * crypt(3) patch stop *
-+ * for password format check *
-+ ******************************/
-+
- if (!conn || !userstr)
- return SASL_BADPARAM;
-
-@@ -180,14 +241,31 @@
- goto done;
- }
-
-- /* At the point this has been called, the username has been canonified
-- * and we've done the auxprop lookup. This should be easy. */
-- if(auxprop_values[0].name
-- && auxprop_values[0].values
-- && auxprop_values[0].values[0]
-- && !strcmp(auxprop_values[0].values[0], passwd)) {
-- /* We have a plaintext version and it matched! */
-- return SASL_OK;
-+
-+ /******************************
-+ * crypt(3) patch start *
-+ ******************************/
-+
-+ /* get salt */
-+ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
-+
-+ /* crypt(3)-ed password? */
-+ if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
-+ /* compare password */
-+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
-+ return SASL_OK;
-+ else
-+ ret = SASL_BADAUTH;
-+ }
-+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
-+ /* compare passwords */
-+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
-+ return SASL_OK;
-+ else
-+ ret = SASL_BADAUTH;
-+ /******************************
-+ * crypt(3) patch stop *
-+ ******************************/
- } else if(auxprop_values[1].name
- && auxprop_values[1].values
- && auxprop_values[1].values[0]) {
-@@ -975,3 +1053,37 @@
- #endif
- { NULL, NULL }
- };
-+
-+/* weeds out crypt(3) password's salt */
-+int _sasl_get_salt (char *dest, char *src, int format) {
-+ int num; /* how many characters is salt long? */
-+ switch (format) {
-+ case PASSWORD_FORMAT_CRYPT:
-+ /* md5 crypt */
-+ if (src[1] == '1')
-+ num = 12;
-+ /* blowfish crypt */
-+ else if (src[1] == '2')
-+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
-+ /* traditional crypt */
-+ else
-+ num = 2;
-+ break;
-+
-+ case PASSWORD_FORMAT_CRYPTTRAD:
-+ num = 2;
-+ break;
-+
-+ default:
-+ return 1;
-+ }
-+
-+ /* destroy destination */
-+ memset(dest, '\0', (num + 1));
-+
-+ /* copy salt to destination */
-+ strncpy(dest, src, num);
-+
-+ return 1;
-+}
-+
diff --git a/abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch b/abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch
deleted file mode 100644
index 8cd71c0..0000000
--- a/abs/core/libsasl/cyrus-sasl-2.1.22-automake-1.10.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-Re-merged patch by Robert Scheck <redhat@linuxnetz.de> for cyrus-sasl >= 2.1.22, which was
-originally written by Jacek Konieczny <jajcus@pld-linux.org> and makes cyrus-sasl building
-using automake 1.10.
-
---- cyrus-sasl-2.1.22/plugins/Makefile.am 2006-05-17 18:46:16.000000000 +0200
-+++ cyrus-sasl-2.1.22/plugins/Makefile.am.am110 2007-02-16 15:42:07.000000000 +0100
-@@ -82,73 +82,73 @@
- libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la
-
- libplain_la_SOURCES = plain.c plain_init.c $(common_sources)
--libplain_la_LDFLAGS = -version-info $(plain_version)
-+libplain_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(plain_version)
- libplain_la_DEPENDENCIES = $(COMPAT_OBJS)
- libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS)
-
- libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources)
--libanonymous_la_LDFLAGS = -version-info $(anonymous_version)
-+libanonymous_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(anonymous_version)
- libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS)
- libanonymous_la_LIBADD = $(COMPAT_OBJS)
-
- libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources)
--libkerberos4_la_LDFLAGS = -version-info $(kerberos4_version)
-+libkerberos4_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(kerberos4_version)
- libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS)
- libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS)
-
- libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources)
--libgssapiv2_la_LDFLAGS = -version-info $(gssapiv2_version)
-+libgssapiv2_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(gssapiv2_version)
- libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS)
- libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS)
-
- libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources)
--libcrammd5_la_LDFLAGS = -version-info $(crammd5_version)
-+libcrammd5_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(crammd5_version)
- libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS)
- libcrammd5_la_LIBADD = $(COMPAT_OBJS)
-
- libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources)
--libdigestmd5_la_LDFLAGS = -version-info $(digestmd5_version)
-+libdigestmd5_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(digestmd5_version)
- libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS)
- libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS)
-
- liblogin_la_SOURCES = login.c login_init.c $(common_sources)
--liblogin_la_LDFLAGS = -version-info $(login_version)
-+liblogin_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(login_version)
- liblogin_la_DEPENDENCIES = $(COMPAT_OBJS)
- liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS)
-
- libsrp_la_SOURCES = srp.c srp_init.c $(common_sources)
--libsrp_la_LDFLAGS = -version-info $(srp_version)
-+libsrp_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(srp_version)
- libsrp_la_DEPENDENCIES = $(COMPAT_OBJS)
- libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS)
-
- libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources)
--libotp_la_LDFLAGS = -version-info $(otp_version)
-+libotp_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(otp_version)
- libotp_la_DEPENDENCIES = $(COMPAT_OBJS)
- libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS)
-
- libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources)
--libntlm_la_LDFLAGS = -version-info $(ntlm_version)
-+libntlm_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(ntlm_version)
- libntlm_la_DEPENDENCIES = $(COMPAT_OBJS)
- libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS)
-
- libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources)
--libpassdss_la_LDFLAGS = -version-info $(passdss_version)
-+libpassdss_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(passdss_version)
- libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS)
- libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS)
-
- # Auxprop Plugins
- libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources)
--libsasldb_la_LDFLAGS = -version-info $(sasldb_version)
-+libsasldb_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(sasldb_version)
- libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS)
- libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS)
-
- libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources)
--libldapdb_la_LDFLAGS = $(LIB_LDAP) -version-info $(ldapdb_version)
-+libldapdb_la_LDFLAGS = $(AM_LDFLAGS) $(LIB_LDAP) -version-info $(ldapdb_version)
- libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS)
- libldapdb_la_LIBADD = $(COMPAT_OBJS)
-
- libsql_la_SOURCES = sql.c sql_init.c $(common_sources)
--libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version)
-+libsql_la_LDFLAGS = $(AM_LDFLAGS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version)
- libsql_la_DEPENDENCIES = $(COMPAT_OBJS)
- libsql_la_LIBADD = $(COMPAT_OBJS)
-
diff --git a/abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch b/abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch
deleted file mode 100644
index fd35632..0000000
--- a/abs/core/libsasl/cyrus-sasl-2.1.22-crypt.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-http://bugs.gentoo.org/152544
-
---- cyrus-sasl-2.1.22/lib/Makefile.am
-+++ cyrus-sasl-2.1.22/lib/Makefile.am
-@@ -45,6 +45,7 @@ sasl_version = 2:22:0
-
- INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
-
-+AM_CFLAGS = -fPIC
- EXTRA_DIST = windlopen.c staticopen.h NTMakefile
- EXTRA_LIBRARIES = libsasl2.a
- noinst_LIBRARIES = @SASL_STATIC_LIBS@
---- cyrus-sasl-2.1.22/plugins/Makefile.am
-+++ cyrus-sasl-2.1.22/plugins/Makefile.am
-@@ -63,6 +63,7 @@ srp_version = 2:22:0
-
- INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
- AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir)
-+AM_CFLAGS = -fPIC
-
- COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
-
---- cyrus-sasl-2.1.22/sasldb/Makefile.am
-+++ cyrus-sasl-2.1.22/sasldb/Makefile.am
-@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top
-
- extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c
-
-+AM_CFLAGS = -fPIC
- EXTRA_DIST = NTMakefile
-
- noinst_LTLIBRARIES = libsasldb.la
---- cyrus-sasl-2.1.22/utils/Makefile.am
-+++ cyrus-sasl-2.1.22/utils/Makefile.am
-@@ -42,7 +42,7 @@
- #
- ################################################################
-
--all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
-+all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT)
- all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
-
- sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer
---- cyrus-sasl-2.1.22/sample/Makefile.am
-+++ cyrus-sasl-2.1.22/sample/Makefile.am
-@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c
- server_SOURCES = server.c common.c common.h
- client_SOURCES = client.c common.c common.h
-
--server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
--client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
-+server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
-+client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
-
--sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
--sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
-+sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
-+sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
-
- EXTRA_DIST = NTMakefile
---- cyrus-sasl-2.1.22/lib/Makefile.am
-+++ cyrus-sasl-2.1.22/lib/Makefile.am
-@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la
- libsasl2_la_SOURCES = $(common_sources) $(common_headers)
- libsasl2_la_LDFLAGS = -version-info $(sasl_version)
- libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
--libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
-+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
-
- if MACOSX
- framedir = /Library/Frameworks/SASL2.framework
diff --git a/abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch b/abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch
deleted file mode 100644
index f5f372d..0000000
--- a/abs/core/libsasl/cyrus-sasl-2.1.23-authd-fix.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-fix warnings:
-
-auth_sasldb.c: In function ‘auth_sasldb’:
-auth_sasldb.c:144: warning: implicit declaration of function ‘gethostname’
-
-auth_sasldb.c:153: warning: passing argument 8 of ‘_sasldb_getdata’ from incompatible pointer type
-../sasldb/sasldb.h:60: note: expected ‘size_t *’ but argument is of type ‘int *’
-
---- saslauthd/auth_sasldb.c
-+++ saslauthd/auth_sasldb.c
-@@ -41,6 +41,7 @@
- #include <string.h>
- #include <stdlib.h>
- #include <pwd.h>
-+#include <unistd.h>
- /* END PUBLIC DEPENDENCIES */
-
- #define RETURN(x) return strdup(x)
-@@ -131,7 +132,8 @@
- /* VARIABLES */
- char pw[1024]; /* pointer to passwd file entry */
- sasl_utils_t utils;
-- int ret, outsize;
-+ int ret;
-+ size_t outsize;
- const char *use_realm;
- char realm_buf[MAXHOSTNAMELEN];
- /* END VARIABLES */
diff --git a/abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch b/abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch
new file mode 100644
index 0000000..3a4820f
--- /dev/null
+++ b/abs/core/libsasl/cyrus-sasl-2.1.26-size_t.patch
@@ -0,0 +1,11 @@
+--- cyrus-sasl-2.1.26/include/sasl.h 2012-10-12 09:05:48.000000000 -0500
++++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600
+@@ -223,6 +223,8 @@ extern "C" {
+ * they must be called before all other SASL functions:
+ */
+
++#include <sys/types.h>
++
+ /* memory allocation functions which may optionally be replaced:
+ */
+ typedef void *sasl_malloc_t(size_t);
diff --git a/abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch b/abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch
new file mode 100644
index 0000000..c02a214
--- /dev/null
+++ b/abs/core/libsasl/cyrus-sasl-2.1.27-openssl-1.1.0.patch
@@ -0,0 +1,435 @@
+diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c
+--- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 2012-01-28 00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/ntlm.c 2016-11-07 16:15:57.498259304 +0100
+@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
+ return P24;
+ }
+
++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ return HMAC_CTX_new();
++#else
++ return utils->malloc(sizeof(HMAC_CTX));
++#endif
++}
++
++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ HMAC_CTX_free(ctx);
++#else
++ HMAC_cleanup(ctx);
++ utils->free(ctx);
++#endif
++}
++
+ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ const char *authid, const char *target,
+ const unsigned char *challenge,
+@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
+ const sasl_utils_t *utils,
+ char **buf, unsigned *buflen, int *result)
+ {
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx = NULL;
+ unsigned char hash[EVP_MAX_MD_SIZE];
+ char *upper;
+ unsigned int len;
+@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
+ SETERROR(utils, "cannot allocate NTLMv2 hash");
+ *result = SASL_NOMEM;
+ }
++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate HMAC CTX");
++ *result = SASL_NOMEM;
++ }
+ else {
+ /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
+ P16_nt(hash, passwd, utils, buf, buflen, result);
+@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
+ HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
+
+ /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
+- HMAC_Init(&ctx, hash, len, EVP_md5());
+- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
+- HMAC_Update(&ctx, blob, bloblen);
+- HMAC_Final(&ctx, V2, &len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
++ HMAC_Update(ctx, blob, bloblen);
++ HMAC_Final(ctx, V2, &len);
+
+ /* the blob is concatenated outside of this function */
+
+ *result = SASL_OK;
+ }
+
++ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
++
+ return V2;
+ }
+
+diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c
+--- cyrus-sasl-2.1.26/plugins/otp.c.openssl110 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/plugins/otp.c 2016-11-07 16:13:54.374327601 +0100
+@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
+ {NULL, 0, NULL}
+ };
+
++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ return EVP_MD_CTX_new();
++#else
++ return utils->malloc(sizeof(EVP_MD_CTX));
++#endif
++}
++
++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX_free(ctx);
++#else
++ utils->free(ctx);
++#endif
++}
++
+ /* Convert the binary data into ASCII hex */
+ void bin2hex(unsigned char *bin, int binlen, char *hex)
+ {
+@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
+ * swabbing bytes if necessary.
+ */
+ static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
+- unsigned char *out, int swab)
++ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
+ {
+- EVP_MD_CTX mdctx;
+- char hash[EVP_MAX_MD_SIZE];
++ unsigned char hash[EVP_MAX_MD_SIZE];
+ unsigned int i;
+ int j;
+ unsigned hashlen;
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, in, inlen);
+- EVP_DigestFinal(&mdctx, hash, &hashlen);
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, in, inlen);
++ EVP_DigestFinal(mdctx, hash, &hashlen);
+
+ /* Fold the result into 64 bits */
+ for (i = OTP_HASH_SIZE; i < hashlen; i++) {
+@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
+ char *secret, char *otp)
+ {
+ const EVP_MD *md;
+- char *key;
++ EVP_MD_CTX *mdctx = NULL;
++ char *key = NULL;
++ int r = SASL_OK;
+
+ if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ utils->seterror(utils->conn, 0,
+@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
+ return SASL_FAIL;
+ }
+
++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate MD CTX");
++ r = SASL_NOMEM;
++ goto done;
++ }
++
+ if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
+ SETERROR(utils, "cannot allocate OTP key");
+- return SASL_NOMEM;
++ r = SASL_NOMEM;
++ goto done;
+ }
+
+ /* initial step */
+ strcpy(key, seed);
+ strcat(key, secret);
+- otp_hash(md, key, strlen(key), otp, alg->swab);
++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
+
+ /* computation step */
+ while (seq-- > 0)
+- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
+-
+- utils->free(key);
++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
++
++ done:
++ if (key) utils->free(key);
++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+
+- return SASL_OK;
++ return r;
+ }
+
+ static int parse_challenge(const sasl_utils_t *utils,
+@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
+
+ /* Convert the 6 words into binary data */
+ static int word2bin(const sasl_utils_t *utils,
+- char *words, unsigned char *bin, const EVP_MD *md)
++ char *words, unsigned char *bin, const EVP_MD *md,
++ EVP_MD_CTX *mdctx)
+ {
+ int i, j;
+ char *c, *word, buf[OTP_RESPONSE_MAX+1];
+@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
+
+ /* alternate dictionary */
+ if (alt_dict) {
+- EVP_MD_CTX mdctx;
+- char hash[EVP_MAX_MD_SIZE];
+- int hashlen;
++ unsigned char hash[EVP_MAX_MD_SIZE];
++ unsigned hashlen;
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, word, strlen(word));
+- EVP_DigestFinal(&mdctx, hash, &hashlen);
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, word, strlen(word));
++ EVP_DigestFinal(mdctx, hash, &hashlen);
+
+ /* use lowest 11 bits */
+ x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
+@@ -802,6 +834,7 @@ static int verify_response(server_contex
+ char *response)
+ {
+ const EVP_MD *md;
++ EVP_MD_CTX *mdctx = NULL;
+ char *c;
+ int do_init = 0;
+ unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
+@@ -815,6 +848,11 @@ static int verify_response(server_contex
+ return SASL_FAIL;
+ }
+
++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate MD CTX");
++ return SASL_NOMEM;
++ }
++
+ /* eat leading whitespace */
+ c = response;
+ while (isspace((int) *c)) c++;
+@@ -824,7 +862,7 @@ static int verify_response(server_contex
+ r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
+ }
+ else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
+- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
+ }
+ else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
+ strlen(OTP_INIT_HEX_TYPE))) {
+@@ -834,7 +872,7 @@ static int verify_response(server_contex
+ else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ strlen(OTP_INIT_WORD_TYPE))) {
+ do_init = 1;
+- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
+ }
+ else {
+ SETERROR(utils, "unknown OTP extended response type");
+@@ -843,14 +881,15 @@ static int verify_response(server_contex
+ }
+ else {
+ /* standard response, try word first, and then hex */
+- r = word2bin(utils, c, cur_otp, md);
++ r = word2bin(utils, c, cur_otp, md, mdctx);
+ if (r != SASL_OK)
+ r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
+ }
+
+ if (r == SASL_OK) {
+ /* do one more hash (previous otp) and compare to stored otp */
+- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
++ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
++ prev_otp, text->alg->swab, mdctx);
+
+ if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
+ /* update the secret with this seq/otp */
+@@ -879,23 +918,28 @@ static int verify_response(server_contex
+ *new_resp++ = '\0';
+ }
+
+- if (!(new_chal && new_resp))
+- return SASL_BADAUTH;
++ if (!(new_chal && new_resp)) {
++ r = SASL_BADAUTH;
++ goto done;
++ }
+
+ if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
+ != SASL_OK) {
+- return r;
++ goto done;
+ }
+
+- if (seq < 1 || !strcasecmp(seed, text->seed))
+- return SASL_BADAUTH;
++ if (seq < 1 || !strcasecmp(seed, text->seed)) {
++ r = SASL_BADAUTH;
++ goto done;
++ }
+
+ /* find the MDA */
+ if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ utils->seterror(utils->conn, 0,
+ "OTP algorithm %s is not available",
+ alg->evp_name);
+- return SASL_BADAUTH;
++ r = SASL_BADAUTH;
++ goto done;
+ }
+
+ if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
+@@ -903,7 +947,7 @@ static int verify_response(server_contex
+ }
+ else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ strlen(OTP_INIT_WORD_TYPE))) {
+- r = word2bin(utils, new_resp, new_otp, md);
++ r = word2bin(utils, new_resp, new_otp, md, mdctx);
+ }
+
+ if (r == SASL_OK) {
+@@ -914,7 +958,10 @@ static int verify_response(server_contex
+ memcpy(text->otp, new_otp, OTP_HASH_SIZE);
+ }
+ }
+-
++
++ done:
++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
++
+ return r;
+ }
+
+diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c
+--- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 2016-11-07 16:13:54.347327616 +0100
++++ cyrus-sasl-2.1.26/saslauthd/lak.c 2016-11-07 16:18:42.283167898 +0100
+@@ -61,6 +61,35 @@
+ #include <sasl.h>
+ #include "lak.h"
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++static EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++ return EVP_MD_CTX_create();
++}
++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++ if (ctx == NULL)
++ return;
++
++ EVP_MD_CTX_destroy(ctx);
++}
++
++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
++{
++ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
++
++ if (ctx != NULL) {
++ memset(ctx, 0, sizeof(*ctx));
++ }
++ return ctx;
++}
++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
++{
++ OPENSSL_free(ctx);
++ return;
++}
++#endif
++
+ typedef struct lak_auth_method {
+ int method;
+ int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
+@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
+
+ int rc, i, tlen = 0;
+ char *text;
+- EVP_ENCODE_CTX EVP_ctx;
++ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
+
+- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
+ if (text == NULL)
+ return LAK_NOMEM;
+
+- EVP_DecodeInit(&EVP_ctx);
+- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
++ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
++ if (text == NULL) {
++ EVP_ENCODE_CTX_free(enc_ctx);
++ return LAK_NOMEM;
++ }
++
++ EVP_DecodeInit(enc_ctx);
++ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
+ if (rc < 0) {
++ EVP_ENCODE_CTX_free(enc_ctx);
+ free(text);
+ return LAK_FAIL;
+ }
+ tlen += i;
+- EVP_DecodeFinal(&EVP_ctx, text, &i);
++ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
++
++ EVP_ENCODE_CTX_free(enc_ctx);
+
+ *ret = text;
+ if (rlen != NULL)
+@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
+ {
+ int rc, clen;
+ LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+ const EVP_MD *md;
+ unsigned char digest[EVP_MAX_MD_SIZE];
+ char *cred;
+@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
+ if (!md)
+ return LAK_FAIL;
+
++ mdctx = EVP_MD_CTX_new();
++ if (!mdctx)
++ return LAK_NOMEM;
++
+ rc = lak_base64_decode(hash, &cred, &clen);
+- if (rc != LAK_OK)
++ if (rc != LAK_OK) {
++ EVP_MD_CTX_free(mdctx);
+ return rc;
++ }
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
+ if (hrock->salted) {
+- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
++ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
+ clen - EVP_MD_size(md));
+ }
+- EVP_DigestFinal(&mdctx, digest, NULL);
++ EVP_DigestFinal(mdctx, digest, NULL);
++ EVP_MD_CTX_free(mdctx);
+
+ rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
+ free(cred);
diff --git a/abs/core/libsasl/cyrus-sasl-gssapi.patch b/abs/core/libsasl/cyrus-sasl-gssapi.patch
new file mode 100644
index 0000000..cfbcd8b
--- /dev/null
+++ b/abs/core/libsasl/cyrus-sasl-gssapi.patch
@@ -0,0 +1,16 @@
+diff -aur cyrus-sasl-2.1.26.orig/plugins/gssapi.c cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26.orig/plugins/gssapi.c 2016-06-10 13:55:25.985676293 -0700
++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2016-06-10 13:58:00.687337430 -0700
+@@ -1583,10 +1583,10 @@
+ }
+
+ /* Setup req_flags properly */
+- req_flags = GSS_C_INTEG_FLAG;
++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ if (params->props.max_ssf > params->external_ssf) {
+ /* We are requesting a security layer */
+- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++ req_flags |= GSS_C_INTEG_FLAG;
+ /* Any SSF bigger than 1 is confidentiality. */
+ /* Let's check if the client of the API requires confidentiality,
+ and it wasn't already provided by an external layer */
diff --git a/abs/core/libsasl/cyrus-sasl-sql.patch b/abs/core/libsasl/cyrus-sasl-sql.patch
new file mode 100644
index 0000000..2dcdad8
--- /dev/null
+++ b/abs/core/libsasl/cyrus-sasl-sql.patch
@@ -0,0 +1,39 @@
+--- configure.in 2012-10-12 16:05:48.000000000 +0200
++++ configure.in 2013-05-11 18:48:59.021848013 +0200
+@@ -861,9 +860,9 @@
+ notfound) AC_WARN([SQLite Library not found]); true;;
+ *)
+ if test -d ${with_sqlite}/lib; then
+- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
++ LIB_SQLITE="-L${with_sqlite}/lib"
+ else
+- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
++ LIB_SQLITE="-L${with_sqlite}"
+ fi
+
+ LIB_SQLITE_DIR=$LIB_SQLITE
+@@ -913,9 +912,9 @@
+ notfound) AC_WARN([SQLite3 Library not found]); true;;
+ *)
+ if test -d ${with_sqlite3}/lib; then
+- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
++ LIB_SQLITE3="-L${with_sqlite3}/lib"
+ else
+- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
++ LIB_SQLITE3="-L${with_sqlite3}"
+ fi
+
+ LIB_SQLITE3_DIR=$LIB_SQLITE3
+--- configure.in
++++ configure.in
+@@ -674,7 +674,9 @@
+ LIB_PGSQL_DIR=$LIB_PGSQL
+ LIB_PGSQL="$LIB_PGSQL -lpq"
+
+- if test -d ${with_pgsql}/include/pgsql; then
++ if test -d ${with_pgsql}/include/postgresql/pgsql; then
++ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
++ elif test -d ${with_pgsql}/include/pgsql; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
+ elif test -d ${with_pgsql}/pgsql/include; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"
diff --git a/abs/core/libsasl/fix-pkgconfig.patch b/abs/core/libsasl/fix-pkgconfig.patch
new file mode 100644
index 0000000..3b1c38e
--- /dev/null
+++ b/abs/core/libsasl/fix-pkgconfig.patch
@@ -0,0 +1,27 @@
+From 3f42b7d7f3ef52056c79b31529d1a5be695c74c1 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <icq@gnome.org>
+Date: Fri, 20 Nov 2015 11:16:31 +0100
+Subject: [PATCH] Fix up pkgconfig pc file
+
+---
+ libsasl2.pc.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsasl2.pc.in b/libsasl2.pc.in
+index 40bea37..ddad76d 100644
+--- a/libsasl2.pc.in
++++ b/libsasl2.pc.in
+@@ -1,8 +1,12 @@
+-libdir = @libdir@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
+
+ Name: Cyrus SASL
+ Description: Cyrus SASL implementation
+ URL: http://www.cyrussasl.org/
+ Version: @VERSION@
++Cflags: -I${includedir}
+ Libs: -L${libdir} -lsasl2
+ Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@
diff --git a/abs/core/libsasl/saslauthd b/abs/core/libsasl/saslauthd
deleted file mode 100644
index 6afafae..0000000
--- a/abs/core/libsasl/saslauthd
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-
-# source application-specific settings
-[ -f /etc/conf.d/saslauthd ] && . /etc/conf.d/saslauthd
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-DAEMON_NAME="saslauthd"
-SASLAUTHD_BIN=/usr/sbin/saslauthd
-SASLAUTHD_RUN=/var/run/saslauthd
-SASLAUTHD_PID=$SASLAUTHD_RUN/saslauthd.pid
-
-case "$1" in
- start)
- stat_busy "Starting $DAEMON_NAME"
- [ ! -d /var/run/saslauthd ] && install -d /var/run/saslauthd
- if $SASLAUTHD_BIN $SASLAUTHD_OPTS >/dev/null; then
- add_daemon $DAEMON_NAME
- stat_done
- else
- stat_fail
- exit 1
- fi
- ;;
-
- stop)
- stat_busy "Stopping $DAEMON_NAME"
- [ -f $SASLAUTHD_PID ] && kill `cat $SASLAUTHD_PID` &>/dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- exit 1
- else
- rm_daemon $DAEMON_NAME
- stat_done
- fi
- ;;
-
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
-
- *)
- echo "usage: $0 {start|stop|restart}"
-esac
-exit 0
-# vim: ts=2 sw=2 et ft=sh
diff --git a/abs/core/libsasl/saslauthd.service b/abs/core/libsasl/saslauthd.service
new file mode 100644
index 0000000..978dbd3
--- /dev/null
+++ b/abs/core/libsasl/saslauthd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Cyrus SASL authentication daemon
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+PIDFile=/var/run/saslauthd/saslauthd.pid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/abs/core/libsasl/tmpfiles.conf b/abs/core/libsasl/tmpfiles.conf
new file mode 100644
index 0000000..7258b1a
--- /dev/null
+++ b/abs/core/libsasl/tmpfiles.conf
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root - -
--
cgit v0.12