diff options
Diffstat (limited to 'meta-oe/recipes-networking')
9 files changed, 399 insertions, 0 deletions
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-Fix-time.h-check.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-Fix-time.h-check.patch new file mode 100644 index 0000000000..3b7054a799 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-Fix-time.h-check.patch @@ -0,0 +1,54 @@ +From 266f0acf7f5e029afbb3e263437039e50cd6c262 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Wed, 23 Feb 2022 00:45:15 +0000 +Subject: [PATCH] Fix <time.h> check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We're conditionally including based on HAVE_TIME_H in a bunch of places, +but we're not actually checking for time.h, so that's never going to be defined. + +While at it, add in a missing include in the cram plugin. + +This fixes a bunch of implicit declaration warnings: +``` + * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] +``` + +Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/266f0acf7f5e029afbb3e263437039e50cd6c262] +Signed-off-by: Sam James <sam@gentoo.org> +--- + configure.ac | 2 +- + plugins/cram.c | 4 ++++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -1231,7 +1231,7 @@ AC_CHECK_HEADERS_ONCE([sys/time.h]) + + AC_HEADER_DIRENT + AC_HEADER_SYS_WAIT +-AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h) ++AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h time.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h) + + IPv6_CHECK_SS_FAMILY() + IPv6_CHECK_SA_LEN() +--- a/plugins/cram.c ++++ b/plugins/cram.c +@@ -53,6 +53,10 @@ + #endif + #include <fcntl.h> + ++#ifdef HAVE_TIME_H ++#include <time.h> ++#endif ++ + #include <sasl.h> + #include <saslplug.h> + #include <saslutil.h> diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch new file mode 100644 index 0000000000..4c6d61dfc7 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch @@ -0,0 +1,91 @@ +From ade70f39c4aa5a8830462d9ccf3b8f8dd968c0d8 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 28 Feb 2022 11:10:26 -0800 +Subject: [PATCH] sample: Rename dprintf to cyrus_dprintf + +This avoids shadowing the dprintf implementations in glibc + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sample/client.c | 12 ++++++------ + sample/common.c | 2 +- + sample/common.h | 2 +- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/sample/client.c b/sample/client.c +index e723c6b7..6a04f428 100644 +--- a/sample/client.c ++++ b/sample/client.c +@@ -241,9 +241,9 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + int r, c; + + /* get the capability list */ +- dprintf(0, "receiving capability list... "); ++ cyrus_dprintf(0, "receiving capability list... "); + len = recv_string(in, buf, sizeof buf); +- dprintf(0, "%s\n", buf); ++ cyrus_dprintf(0, "%s\n", buf); + + if (mech) { + /* make sure that 'mech' appears in 'buf' */ +@@ -262,7 +262,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + return -1; + } + +- dprintf(1, "using mechanism %s\n", chosenmech); ++ cyrus_dprintf(1, "using mechanism %s\n", chosenmech); + + /* we send up to 3 strings; + the mechanism chosen, the presence of initial response, +@@ -276,7 +276,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + } + + for (;;) { +- dprintf(2, "waiting for server reply...\n"); ++ cyrus_dprintf(2, "waiting for server reply...\n"); + + c = fgetc(in); + switch (c) { +@@ -303,10 +303,10 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + } + + if (data) { +- dprintf(2, "sending response length %d...\n", len); ++ cyrus_dprintf(2, "sending response length %d...\n", len); + send_string(out, data, len); + } else { +- dprintf(2, "sending null response...\n"); ++ cyrus_dprintf(2, "sending null response...\n"); + send_string(out, "", 0); + } + } +diff --git a/sample/common.c b/sample/common.c +index 712549fd..d138e450 100644 +--- a/sample/common.c ++++ b/sample/common.c +@@ -127,7 +127,7 @@ int recv_string(FILE *f, char *buf, int buflen) + + int debuglevel = 0; + +-int dprintf(int lvl, const char *fmt, ...) ++int cyrus_dprintf(int lvl, const char *fmt, ...) + { + va_list ap; + int ret = 0; +diff --git a/sample/common.h b/sample/common.h +index 819d0101..cd56907a 100644 +--- a/sample/common.h ++++ b/sample/common.h +@@ -43,7 +43,7 @@ extern int send_string(FILE *f, const char *s, int l); + extern int recv_string(FILE *f, char *buf, int buflen); + + extern int debuglevel; +-extern int dprintf(int lvl, const char *fmt, ...); ++extern int cyrus_dprintf(int lvl, const char *fmt, ...); + + extern void saslerr(int why, const char *what); + extern void saslfail(int why, const char *what); +-- +2.35.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch new file mode 100644 index 0000000000..8c95268bb5 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch @@ -0,0 +1,37 @@ +From 94fe6eb9ea2691f4a7c32fbf2d0c7c454995b666 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 27 Feb 2020 11:08:57 +0800 +Subject: [PATCH] Fix #587 + +Off by one error in common.c, CVE-2019-19906. + +Thanks to Stephan Zeisberg for reporting + +CVE: CVE-2019-19906 + +Upstream-Stauts: Backport [https://github.com/cyrusimap/cyrus-sasl +/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- +Upstream-Status: Pending + + lib/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common.c b/lib/common.c +index d9104c8..fef82db 100644 +--- a/lib/common.c ++++ b/lib/common.c +@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, + + if (add==NULL) add = "(null)"; + +- addlen=strlen(add); /* only compute once */ ++ addlen=strlen(add)+1; /* only compute once */ + if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK) + return SASL_NOMEM; + +-- +2.25.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch new file mode 100644 index 0000000000..3d67f47414 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch @@ -0,0 +1,27 @@ +From 078f98ea154475d953ce5b7cd851732f4dc270a7 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Tue, 5 Jul 2022 09:31:07 +0530 +Subject: [PATCH] CVE-2022-24407 + +Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc] +CVE: CVE-2022-24407 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + plugins/sql.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plugins/sql.c b/plugins/sql.c +index 6ac81c2f..d90dbac9 100644 +--- a/plugins/sql.c ++++ b/plugins/sql.c +@@ -1127,6 +1127,7 @@ static int sql_auxprop_lookup(void *glob_context, + done: + if (escap_userid) sparams->utils->free(escap_userid); + if (escap_realm) sparams->utils->free(escap_realm); ++ if (escap_passwd) sparams->utils->free(escap_passwd); + if (conn) settings->sql_engine->sql_close(conn); + if (userid) sparams->utils->free(userid); + if (realm) sparams->utils->free(realm); +-- +2.25.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch new file mode 100644 index 0000000000..308d88204f --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch @@ -0,0 +1,39 @@ +Remove AC_TRY_RUN + +It can not be run during cross compile + +Upstream-Status: Inappropriate [Cross-compile specific] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- a/m4/sasl2.m4 ++++ b/m4/sasl2.m4 +@@ -316,28 +316,8 @@ if test "$gssapi" != no; then + AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[ + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" +- AC_TRY_RUN([ +-#ifdef HAVE_GSSAPI_H +-#include <gssapi.h> +-#else +-#include <gssapi/gssapi.h> +-#endif +- +-int main(void) +-{ +- gss_OID_desc spnego_oid = { 6, (void *) "\x2b\x06\x01\x05\x05\x02" }; +- gss_OID_set mech_set; +- OM_uint32 min_stat; +- int have_spnego = 0; +- +- if (gss_indicate_mechs(&min_stat, &mech_set) == GSS_S_COMPLETE) { +- gss_test_oid_set_member(&min_stat, &spnego_oid, mech_set, &have_spnego); +- gss_release_oid_set(&min_stat, &mech_set); +- } +- +- return (!have_spnego); // 0 = success, 1 = failure +-} +-],[ac_cv_gssapi_supports_spnego=yes],[ac_cv_gssapi_supports_spnego=no]) ++ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) ++ AC_MSG_RESULT(yes) + LIBS="$cmu_save_LIBS" + ]) + AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[ diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff new file mode 100644 index 0000000000..a5f2f5dd91 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff @@ -0,0 +1,30 @@ +From 1a5f3004e9081eab6263a29cd5be792f06441e36 Mon Sep 17 00:00:00 2001 +From: Fabian Fagerholm <fabbe@debian.org> +Date: Wed, 24 Jul 2013 11:38:25 -0400 +Subject: [PATCH] cyrus-sasl: Add patches from Debian to fix linking + +Description: This patch makes sure the non-PIC version of libsasldb.a, which +is created out of non-PIC objects, is not going to overwrite the PIC version, +which is created out of PIC objects. The PIC version is placed in .libs, and +the non-PIC version in the current directory. This ensures that both non-PIC +and PIC versions are available in the correct locations. + +--- +Upstream-Status: Pending + + lib/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index a158ca3..3137e19 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -99,7 +99,7 @@ endif + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf new file mode 100644 index 0000000000..a91a9d3340 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf @@ -0,0 +1,11 @@ +# Directory in which to place saslauthd's listening socket, pid file, and so +# on. This directory must already exist. +SOCKETDIR=@LOCALSTATEDIR@/run/saslauthd + +# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list +# of which mechanism your installation was compiled with the ablity to use. +MECH=pam + +# Additional flags to pass to saslauthd on the command line. See saslauthd(8) +# for the list of accepted flags. +FLAGS= diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service new file mode 100644 index 0000000000..e63592af6c --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service @@ -0,0 +1,12 @@ +[Unit] +Description=SASL authentication daemon. +After=syslog.target + +[Service] +Type=forking +PIDFile=/run/saslauthd/saslauthd.pid +EnvironmentFile=@SYSCONFDIR@/default/saslauthd +ExecStart=@SBINDIR@/saslauthd -m $SOCKETDIR -a $MECH $FLAGS + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb new file mode 100644 index 0000000000..a6703ecf8d --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb @@ -0,0 +1,98 @@ +SUMMARY = "Generic client/server library for SASL authentication" +SECTION = "libs" +HOMEPAGE = "http://asg.web.cmu.edu/sasl/" +DEPENDS = "openssl db groff-native" +LICENSE = "BSD-4-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396" + +SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084" + +SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \ + file://avoid-to-call-AC_TRY_RUN.patch \ + file://debian_patches_0014_avoid_pic_overwrite.diff \ + file://0001-sample-Rename-dprintf-to-cyrus_dprintf.patch \ + file://saslauthd.service \ + file://saslauthd.conf \ + file://CVE-2019-19906.patch \ + file://CVE-2022-24407.patch \ + file://0001-Fix-time.h-check.patch \ + " + +UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig useradd systemd + +EXTRA_OECONF += "--with-dblib=berkeley \ + --with-plugindir='${libdir}/sasl2' \ + andrew_cv_runpath_switch=none" + +PACKAGECONFIG ??= "\ + ${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam', d)} \ +" +PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5," +PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," +PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie," +PACKAGECONFIG[des] = "--with-des,--without-des,," +PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap," +PACKAGECONFIG[ntlm] = "--enable-ntlm=yes,--enable-ntlm=no,," + +CFLAGS += "-fPIC" + +do_configure:prepend () { + # make it be able to work with db 5.0 version + local sed_files="sasldb/db_berkeley.c utils/dbconverter-2.c" + for sed_file in $sed_files; do + sed -i 's#DB_VERSION_MAJOR == 4.*#(&) || DB_VERSION_MAJOR == 5#' ${S}/$sed_file + done +} + +do_compile:prepend () { + cd include + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} ${S}/include/makemd5.c -o makemd5 + touch makemd5.o makemd5.lo makemd5 + cd .. +} + +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${UNPACKDIR}/saslauthd.service ${D}${systemd_unitdir}/system + + sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/saslauthd/ - - - -" > ${D}${sysconfdir}/tmpfiles.d/saslauthd.conf + + install -d ${D}${sysconfdir}/default/ + install -m 0644 ${UNPACKDIR}/saslauthd.conf ${D}${sysconfdir}/default/saslauthd + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/default/saslauthd + fi +} + +USERADD_PACKAGES = "${PN}-bin" +GROUPADD_PARAM:${PN}-bin = "--system mail" +USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus" + +SYSTEMD_PACKAGES = "${PN}-bin" +SYSTEMD_SERVICE:${PN}-bin = "saslauthd.service" +SYSTEMD_AUTO_ENABLE = "disable" + +SRC_URI[md5sum] = "a7f4e5e559a0e37b3ffc438c9456e425" +SRC_URI[sha256sum] = "8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3" + +PACKAGES =+ "${PN}-bin" + +FILES:${PN} += "${libdir}/sasl2/*.so*" +FILES:${PN}-bin += "${bindir} \ + ${sysconfdir}/default/saslauthd \ + ${systemd_unitdir}/system/saslauthd.service \ + ${sysconfdir}/tmpfiles.d/saslauthd.conf" +FILES:${PN}-dev += "${libdir}/sasl2/*.la" +FILES:${PN}-dbg += "${libdir}/sasl2/.debug" +FILES:${PN}-staticdev += "${libdir}/sasl2/*.a" + +INSANE_SKIP:${PN} += "dev-so" |