diff options
| author |   Armin Kuster <akuster808@gmail.com> | 2022-05-02 07:33:37 -0700 |
|---|---|---|
| committer |   Khem Raj <raj.khem@gmail.com> | 2022-05-02 17:51:58 -0700 |
| commit | eaa0fd9c2f91eac8b2e83e7d1a45119613f9ad14 (patch) | |
| tree | 1ee39fbfea69d0f9909064475eec45e3c1c7a721 /meta-oe/recipes-networking | |
| parent | 7be928f107e3c11148bc557db41fd6a4438e2421 (diff) | |
| download | meta-openembedded-contrib-eaa0fd9c2f91eac8b2e83e7d1a45119613f9ad14.tar.gz | |
cyrus-sasl: move from meta-networking to meta-oe
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-networking')
8 files changed, 351 insertions, 0 deletions
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch new file mode 100644 index 0000000000..4c6d61dfc7 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch @@ -0,0 +1,91 @@ +From ade70f39c4aa5a8830462d9ccf3b8f8dd968c0d8 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 28 Feb 2022 11:10:26 -0800 +Subject: [PATCH] sample: Rename dprintf to cyrus_dprintf + +This avoids shadowing the dprintf implementations in glibc + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sample/client.c | 12 ++++++------ + sample/common.c | 2 +- + sample/common.h | 2 +- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/sample/client.c b/sample/client.c +index e723c6b7..6a04f428 100644 +--- a/sample/client.c ++++ b/sample/client.c +@@ -241,9 +241,9 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + int r, c; + + /* get the capability list */ +- dprintf(0, "receiving capability list... "); ++ cyrus_dprintf(0, "receiving capability list... "); + len = recv_string(in, buf, sizeof buf); +- dprintf(0, "%s\n", buf); ++ cyrus_dprintf(0, "%s\n", buf); + + if (mech) { + /* make sure that 'mech' appears in 'buf' */ +@@ -262,7 +262,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + return -1; + } + +- dprintf(1, "using mechanism %s\n", chosenmech); ++ cyrus_dprintf(1, "using mechanism %s\n", chosenmech); + + /* we send up to 3 strings; + the mechanism chosen, the presence of initial response, +@@ -276,7 +276,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + } + + for (;;) { +- dprintf(2, "waiting for server reply...\n"); ++ cyrus_dprintf(2, "waiting for server reply...\n"); + + c = fgetc(in); + switch (c) { +@@ -303,10 +303,10 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + } + + if (data) { +- dprintf(2, "sending response length %d...\n", len); ++ cyrus_dprintf(2, "sending response length %d...\n", len); + send_string(out, data, len); + } else { +- dprintf(2, "sending null response...\n"); ++ cyrus_dprintf(2, "sending null response...\n"); + send_string(out, "", 0); + } + } +diff --git a/sample/common.c b/sample/common.c +index 712549fd..d138e450 100644 +--- a/sample/common.c ++++ b/sample/common.c +@@ -127,7 +127,7 @@ int recv_string(FILE *f, char *buf, int buflen) + + int debuglevel = 0; + +-int dprintf(int lvl, const char *fmt, ...) ++int cyrus_dprintf(int lvl, const char *fmt, ...) + { + va_list ap; + int ret = 0; +diff --git a/sample/common.h b/sample/common.h +index 819d0101..cd56907a 100644 +--- a/sample/common.h ++++ b/sample/common.h +@@ -43,7 +43,7 @@ extern int send_string(FILE *f, const char *s, int l); + extern int recv_string(FILE *f, char *buf, int buflen); + + extern int debuglevel; +-extern int dprintf(int lvl, const char *fmt, ...); ++extern int cyrus_dprintf(int lvl, const char *fmt, ...); + + extern void saslerr(int why, const char *what); + extern void saslfail(int why, const char *what); +-- +2.35.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch new file mode 100644 index 0000000000..33a9e3f6e6 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch @@ -0,0 +1,35 @@ +From 94fe6eb9ea2691f4a7c32fbf2d0c7c454995b666 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 27 Feb 2020 11:08:57 +0800 +Subject: [PATCH] Fix #587 + +Off by one error in common.c, CVE-2019-19906. + +Thanks to Stephan Zeisberg for reporting + +CVE: CVE-2019-19906 + +Upstream-Stauts: Backport [https://github.com/cyrusimap/cyrus-sasl +/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + lib/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common.c b/lib/common.c +index d9104c8..fef82db 100644 +--- a/lib/common.c ++++ b/lib/common.c +@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, + + if (add==NULL) add = "(null)"; + +- addlen=strlen(add); /* only compute once */ ++ addlen=strlen(add)+1; /* only compute once */ + if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK) + return SASL_NOMEM; + +-- +2.25.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch new file mode 100644 index 0000000000..f172362f4e --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch @@ -0,0 +1,26 @@ +From 188ad4497947259811ad32faeee95c20f9a44046 Mon Sep 17 00:00:00 2001 +From: "Roy.Li" <rongqing.li@windriver.com> +Date: Fri, 19 Jul 2013 14:29:31 +0800 +Subject: [PATCH] Fix hardcoded libdir. + +Upstream-Status: Pending + +Signed-off-by: Roy.Li <rongqing.li@windriver.com> + +--- + plugins/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/Makefile.am b/plugins/Makefile.am +index 2b02a52..929f6a4 100644 +--- a/plugins/Makefile.am ++++ b/plugins/Makefile.am +@@ -65,7 +65,7 @@ LIB_MYSQL = @LIB_MYSQL@ + + plugindir = @plugindir@ + +-sasldir = $(prefix)/lib/sasl2 ++sasldir = $(libdir)/sasl2 + sasl_LTLIBRARIES = @SASL_MECHS@ + EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \ + libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \ diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch new file mode 100644 index 0000000000..1e6f99603c --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch @@ -0,0 +1,50 @@ +From 288430d3c2d3f36a4c9d40c4fffa85288f44549a Mon Sep 17 00:00:00 2001 +From: "Roy.Li" <rongqing.li@windriver.com> +Date: Tue, 25 Jun 2013 09:22:59 +0800 +Subject: [PATCH] Avoid to call AC_TRY_RUN + +Upstream-Status: Inappropriate [configuration] + +Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO +on cross-compile environment by definition AC_ARG_ENABLE enable-spnego + +Signed-off-by: Roy.Li <rongqing.li@windriver.com> +--- + m4/sasl2.m4 | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/m4/sasl2.m4 b/m4/sasl2.m4 +index 80371ef..ff70083 100644 +--- a/m4/sasl2.m4 ++++ b/m4/sasl2.m4 +@@ -316,6 +316,18 @@ if test "$gssapi" != no; then + AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[ + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" ++ AC_ARG_ENABLE([spnego], ++ [AC_HELP_STRING([--enable-spnego=<DIR>], ++ [enable SPNEGO support in GSSAPI libraries [no]])], ++ [spnego=$enableval], ++ [spnego=no]) ++ ++ if test "$spnego" = no; then ++ echo "no" ++ elif test "$spnego" = yes; then ++ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) ++ else ++ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries]) + AC_TRY_RUN([ + #ifdef HAVE_GSSAPI_H + #include <gssapi.h> +@@ -343,7 +355,7 @@ int main(void) + AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[ + AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) + ]) +- ++ fi + else + AC_MSG_RESULT([disabled]) + fi +-- +2.25.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff new file mode 100644 index 0000000000..0479acfb09 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff @@ -0,0 +1,28 @@ +From 1a5f3004e9081eab6263a29cd5be792f06441e36 Mon Sep 17 00:00:00 2001 +From: Fabian Fagerholm <fabbe@debian.org> +Date: Wed, 24 Jul 2013 11:38:25 -0400 +Subject: [PATCH] cyrus-sasl: Add patches from Debian to fix linking + +Description: This patch makes sure the non-PIC version of libsasldb.a, which +is created out of non-PIC objects, is not going to overwrite the PIC version, +which is created out of PIC objects. The PIC version is placed in .libs, and +the non-PIC version in the current directory. This ensures that both non-PIC +and PIC versions are available in the correct locations. + +--- + lib/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index a158ca3..3137e19 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -99,7 +99,7 @@ endif + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf new file mode 100644 index 0000000000..a91a9d3340 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf @@ -0,0 +1,11 @@ +# Directory in which to place saslauthd's listening socket, pid file, and so +# on. This directory must already exist. +SOCKETDIR=@LOCALSTATEDIR@/run/saslauthd + +# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list +# of which mechanism your installation was compiled with the ablity to use. +MECH=pam + +# Additional flags to pass to saslauthd on the command line. See saslauthd(8) +# for the list of accepted flags. +FLAGS= diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service new file mode 100644 index 0000000000..e63592af6c --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service @@ -0,0 +1,12 @@ +[Unit] +Description=SASL authentication daemon. +After=syslog.target + +[Service] +Type=forking +PIDFile=/run/saslauthd/saslauthd.pid +EnvironmentFile=@SYSCONFDIR@/default/saslauthd +ExecStart=@SBINDIR@/saslauthd -m $SOCKETDIR -a $MECH $FLAGS + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb new file mode 100644 index 0000000000..98899dfd5e --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb @@ -0,0 +1,98 @@ +SUMMARY = "Generic client/server library for SASL authentication" +SECTION = "libs" +HOMEPAGE = "http://asg.web.cmu.edu/sasl/" +DEPENDS = "openssl db groff-native" +LICENSE = "BSD-4-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396" + +SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084" + +SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \ + file://avoid-to-call-AC_TRY_RUN.patch \ + file://debian_patches_0014_avoid_pic_overwrite.diff \ + file://0001-sample-Rename-dprintf-to-cyrus_dprintf.patch \ + file://saslauthd.service \ + file://saslauthd.conf \ + file://CVE-2019-19906.patch \ + " + +UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig useradd systemd + +EXTRA_OECONF += "--with-dblib=berkeley \ + --with-plugindir='${libdir}/sasl2' \ + andrew_cv_runpath_switch=none" + +PACKAGECONFIG ??= "\ + ${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam', d)} \ +" +PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5," +PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," +PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie," +PACKAGECONFIG[des] = "--with-des,--without-des,," +PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap," +PACKAGECONFIG[ntlm] = "--enable-ntlm=yes,--enable-ntlm=no,," + +CFLAGS += "-fPIC" + +do_configure:prepend () { + # make it be able to work with db 5.0 version + local sed_files="sasldb/db_berkeley.c utils/dbconverter-2.c" + for sed_file in $sed_files; do + sed -i 's#DB_VERSION_MAJOR == 4.*#(&) || DB_VERSION_MAJOR == 5#' ${S}/$sed_file + done +} + +do_compile:prepend () { + cd include + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} ${S}/include/makemd5.c -o makemd5 + touch makemd5.o makemd5.lo makemd5 + cd .. +} + +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/saslauthd.service ${D}${systemd_unitdir}/system + + sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/saslauthd/ - - - -" > ${D}${sysconfdir}/tmpfiles.d/saslauthd.conf + + install -d ${D}${sysconfdir}/default/ + install -m 0644 ${WORKDIR}/saslauthd.conf ${D}${sysconfdir}/default/saslauthd + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/default/saslauthd + fi +} + +USERADD_PACKAGES = "${PN}-bin" +USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus" + +SYSTEMD_PACKAGES = "${PN}-bin" +SYSTEMD_SERVICE:${PN}-bin = "saslauthd.service" +SYSTEMD_AUTO_ENABLE = "disable" + +SRC_URI[md5sum] = "a7f4e5e559a0e37b3ffc438c9456e425" +SRC_URI[sha256sum] = "8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3" + +PACKAGES =+ "${PN}-bin" + +FILES:${PN} += "${libdir}/sasl2/*.so*" +FILES:${PN}-bin += "${bindir} \ + ${sysconfdir}/default/saslauthd \ + ${systemd_unitdir}/system/saslauthd.service \ + ${sysconfdir}/tmpfiles.d/saslauthd.conf" +FILES:${PN}-dev += "${libdir}/sasl2/*.la" +FILES:${PN}-dbg += "${libdir}/sasl2/.debug" +FILES:${PN}-staticdev += "${libdir}/sasl2/*.a" + +INSANE_SKIP:${PN} += "dev-so" + +# CVE-2020-8032 affects only openSUSE +CVE_CHECK_IGNORE += "CVE-2020-8032" |