From 471a4229ece2b59c5786f8fc4c47e667e9bc97fe Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Thu, 28 Apr 2022 10:43:04 -0700 Subject: cyrus-sasl: move from meta-networking to meta-oe Signed-off-by: Armin Kuster --- ...01-sample-Rename-dprintf-to-cyrus_dprintf.patch | 91 -------------------- .../cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch | 35 -------- .../cyrus-sasl/Fix-hardcoded-libdir.patch | 26 ------ .../cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch | 50 ----------- .../debian_patches_0014_avoid_pic_overwrite.diff | 28 ------- .../cyrus-sasl/cyrus-sasl/saslauthd.conf | 11 --- .../cyrus-sasl/cyrus-sasl/saslauthd.service | 12 --- .../cyrus-sasl/cyrus-sasl_2.1.28.bb | 98 ---------------------- ...01-sample-Rename-dprintf-to-cyrus_dprintf.patch | 91 ++++++++++++++++++++ .../cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch | 35 ++++++++ .../cyrus-sasl/Fix-hardcoded-libdir.patch | 26 ++++++ .../cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch | 50 +++++++++++ .../debian_patches_0014_avoid_pic_overwrite.diff | 28 +++++++ .../cyrus-sasl/cyrus-sasl/saslauthd.conf | 11 +++ .../cyrus-sasl/cyrus-sasl/saslauthd.service | 12 +++ .../cyrus-sasl/cyrus-sasl_2.1.28.bb | 98 ++++++++++++++++++++++ 16 files changed, 351 insertions(+), 351 deletions(-) delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.conf delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.service delete mode 100644 meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service create mode 100644 meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch deleted file mode 100644 index 4c6d61dfc7..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch +++ /dev/null @@ -1,91 +0,0 @@ -From ade70f39c4aa5a8830462d9ccf3b8f8dd968c0d8 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 28 Feb 2022 11:10:26 -0800 -Subject: [PATCH] sample: Rename dprintf to cyrus_dprintf - -This avoids shadowing the dprintf implementations in glibc - -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- - sample/client.c | 12 ++++++------ - sample/common.c | 2 +- - sample/common.h | 2 +- - 3 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/sample/client.c b/sample/client.c -index e723c6b7..6a04f428 100644 ---- a/sample/client.c -+++ b/sample/client.c -@@ -241,9 +241,9 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) - int r, c; - - /* get the capability list */ -- dprintf(0, "receiving capability list... "); -+ cyrus_dprintf(0, "receiving capability list... "); - len = recv_string(in, buf, sizeof buf); -- dprintf(0, "%s\n", buf); -+ cyrus_dprintf(0, "%s\n", buf); - - if (mech) { - /* make sure that 'mech' appears in 'buf' */ -@@ -262,7 +262,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) - return -1; - } - -- dprintf(1, "using mechanism %s\n", chosenmech); -+ cyrus_dprintf(1, "using mechanism %s\n", chosenmech); - - /* we send up to 3 strings; - the mechanism chosen, the presence of initial response, -@@ -276,7 +276,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) - } - - for (;;) { -- dprintf(2, "waiting for server reply...\n"); -+ cyrus_dprintf(2, "waiting for server reply...\n"); - - c = fgetc(in); - switch (c) { -@@ -303,10 +303,10 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) - } - - if (data) { -- dprintf(2, "sending response length %d...\n", len); -+ cyrus_dprintf(2, "sending response length %d...\n", len); - send_string(out, data, len); - } else { -- dprintf(2, "sending null response...\n"); -+ cyrus_dprintf(2, "sending null response...\n"); - send_string(out, "", 0); - } - } -diff --git a/sample/common.c b/sample/common.c -index 712549fd..d138e450 100644 ---- a/sample/common.c -+++ b/sample/common.c -@@ -127,7 +127,7 @@ int recv_string(FILE *f, char *buf, int buflen) - - int debuglevel = 0; - --int dprintf(int lvl, const char *fmt, ...) -+int cyrus_dprintf(int lvl, const char *fmt, ...) - { - va_list ap; - int ret = 0; -diff --git a/sample/common.h b/sample/common.h -index 819d0101..cd56907a 100644 ---- a/sample/common.h -+++ b/sample/common.h -@@ -43,7 +43,7 @@ extern int send_string(FILE *f, const char *s, int l); - extern int recv_string(FILE *f, char *buf, int buflen); - - extern int debuglevel; --extern int dprintf(int lvl, const char *fmt, ...); -+extern int cyrus_dprintf(int lvl, const char *fmt, ...); - - extern void saslerr(int why, const char *what); - extern void saslfail(int why, const char *what); --- -2.35.1 - diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch deleted file mode 100644 index 33a9e3f6e6..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 94fe6eb9ea2691f4a7c32fbf2d0c7c454995b666 Mon Sep 17 00:00:00 2001 -From: Changqing Li -Date: Thu, 27 Feb 2020 11:08:57 +0800 -Subject: [PATCH] Fix #587 - -Off by one error in common.c, CVE-2019-19906. - -Thanks to Stephan Zeisberg for reporting - -CVE: CVE-2019-19906 - -Upstream-Stauts: Backport [https://github.com/cyrusimap/cyrus-sasl -/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1] - -Signed-off-by: Changqing Li ---- - lib/common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/common.c b/lib/common.c -index d9104c8..fef82db 100644 ---- a/lib/common.c -+++ b/lib/common.c -@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, - - if (add==NULL) add = "(null)"; - -- addlen=strlen(add); /* only compute once */ -+ addlen=strlen(add)+1; /* only compute once */ - if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK) - return SASL_NOMEM; - --- -2.25.1 - diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch deleted file mode 100644 index f172362f4e..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 188ad4497947259811ad32faeee95c20f9a44046 Mon Sep 17 00:00:00 2001 -From: "Roy.Li" -Date: Fri, 19 Jul 2013 14:29:31 +0800 -Subject: [PATCH] Fix hardcoded libdir. - -Upstream-Status: Pending - -Signed-off-by: Roy.Li - ---- - plugins/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/Makefile.am b/plugins/Makefile.am -index 2b02a52..929f6a4 100644 ---- a/plugins/Makefile.am -+++ b/plugins/Makefile.am -@@ -65,7 +65,7 @@ LIB_MYSQL = @LIB_MYSQL@ - - plugindir = @plugindir@ - --sasldir = $(prefix)/lib/sasl2 -+sasldir = $(libdir)/sasl2 - sasl_LTLIBRARIES = @SASL_MECHS@ - EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \ - libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \ diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch deleted file mode 100644 index 1e6f99603c..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 288430d3c2d3f36a4c9d40c4fffa85288f44549a Mon Sep 17 00:00:00 2001 -From: "Roy.Li" -Date: Tue, 25 Jun 2013 09:22:59 +0800 -Subject: [PATCH] Avoid to call AC_TRY_RUN - -Upstream-Status: Inappropriate [configuration] - -Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO -on cross-compile environment by definition AC_ARG_ENABLE enable-spnego - -Signed-off-by: Roy.Li ---- - m4/sasl2.m4 | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/m4/sasl2.m4 b/m4/sasl2.m4 -index 80371ef..ff70083 100644 ---- a/m4/sasl2.m4 -+++ b/m4/sasl2.m4 -@@ -316,6 +316,18 @@ if test "$gssapi" != no; then - AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[ - cmu_save_LIBS="$LIBS" - LIBS="$LIBS $GSSAPIBASE_LIBS" -+ AC_ARG_ENABLE([spnego], -+ [AC_HELP_STRING([--enable-spnego=], -+ [enable SPNEGO support in GSSAPI libraries [no]])], -+ [spnego=$enableval], -+ [spnego=no]) -+ -+ if test "$spnego" = no; then -+ echo "no" -+ elif test "$spnego" = yes; then -+ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) -+ else -+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries]) - AC_TRY_RUN([ - #ifdef HAVE_GSSAPI_H - #include -@@ -343,7 +355,7 @@ int main(void) - AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[ - AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) - ]) -- -+ fi - else - AC_MSG_RESULT([disabled]) - fi --- -2.25.1 - diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff deleted file mode 100644 index 0479acfb09..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff +++ /dev/null @@ -1,28 +0,0 @@ -From 1a5f3004e9081eab6263a29cd5be792f06441e36 Mon Sep 17 00:00:00 2001 -From: Fabian Fagerholm -Date: Wed, 24 Jul 2013 11:38:25 -0400 -Subject: [PATCH] cyrus-sasl: Add patches from Debian to fix linking - -Description: This patch makes sure the non-PIC version of libsasldb.a, which -is created out of non-PIC objects, is not going to overwrite the PIC version, -which is created out of PIC objects. The PIC version is placed in .libs, and -the non-PIC version in the current directory. This ensures that both non-PIC -and PIC versions are available in the correct locations. - ---- - lib/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/Makefile.am b/lib/Makefile.am -index a158ca3..3137e19 100644 ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -99,7 +99,7 @@ endif - - libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) - @echo adding static plugins and dependencies -- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) -+ $(AR) cru $@ $(SASL_STATIC_OBJS) - @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ - if test ! -f $$i; then continue; fi; . $$i; \ - for j in $$dependency_libs foo; do \ diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.conf b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.conf deleted file mode 100644 index a91a9d3340..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Directory in which to place saslauthd's listening socket, pid file, and so -# on. This directory must already exist. -SOCKETDIR=@LOCALSTATEDIR@/run/saslauthd - -# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list -# of which mechanism your installation was compiled with the ablity to use. -MECH=pam - -# Additional flags to pass to saslauthd on the command line. See saslauthd(8) -# for the list of accepted flags. -FLAGS= diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.service b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.service deleted file mode 100644 index e63592af6c..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/saslauthd.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=SASL authentication daemon. -After=syslog.target - -[Service] -Type=forking -PIDFile=/run/saslauthd/saslauthd.pid -EnvironmentFile=@SYSCONFDIR@/default/saslauthd -ExecStart=@SBINDIR@/saslauthd -m $SOCKETDIR -a $MECH $FLAGS - -[Install] -WantedBy=multi-user.target diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb deleted file mode 100644 index 98899dfd5e..0000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb +++ /dev/null @@ -1,98 +0,0 @@ -SUMMARY = "Generic client/server library for SASL authentication" -SECTION = "libs" -HOMEPAGE = "http://asg.web.cmu.edu/sasl/" -DEPENDS = "openssl db groff-native" -LICENSE = "BSD-4-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396" - -SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084" - -SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \ - file://avoid-to-call-AC_TRY_RUN.patch \ - file://debian_patches_0014_avoid_pic_overwrite.diff \ - file://0001-sample-Rename-dprintf-to-cyrus_dprintf.patch \ - file://saslauthd.service \ - file://saslauthd.conf \ - file://CVE-2019-19906.patch \ - " - -UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig useradd systemd - -EXTRA_OECONF += "--with-dblib=berkeley \ - --with-plugindir='${libdir}/sasl2' \ - andrew_cv_runpath_switch=none" - -PACKAGECONFIG ??= "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam', d)} \ -" -PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5," -PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," -PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie," -PACKAGECONFIG[des] = "--with-des,--without-des,," -PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap," -PACKAGECONFIG[ntlm] = "--enable-ntlm=yes,--enable-ntlm=no,," - -CFLAGS += "-fPIC" - -do_configure:prepend () { - # make it be able to work with db 5.0 version - local sed_files="sasldb/db_berkeley.c utils/dbconverter-2.c" - for sed_file in $sed_files; do - sed -i 's#DB_VERSION_MAJOR == 4.*#(&) || DB_VERSION_MAJOR == 5#' ${S}/$sed_file - done -} - -do_compile:prepend () { - cd include - ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} ${S}/include/makemd5.c -o makemd5 - touch makemd5.o makemd5.lo makemd5 - cd .. -} - -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/saslauthd.service ${D}${systemd_unitdir}/system - - sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/saslauthd.service - sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${systemd_unitdir}/system/saslauthd.service - sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/saslauthd.service - - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/saslauthd/ - - - -" > ${D}${sysconfdir}/tmpfiles.d/saslauthd.conf - - install -d ${D}${sysconfdir}/default/ - install -m 0644 ${WORKDIR}/saslauthd.conf ${D}${sysconfdir}/default/saslauthd - sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/default/saslauthd - fi -} - -USERADD_PACKAGES = "${PN}-bin" -USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus" - -SYSTEMD_PACKAGES = "${PN}-bin" -SYSTEMD_SERVICE:${PN}-bin = "saslauthd.service" -SYSTEMD_AUTO_ENABLE = "disable" - -SRC_URI[md5sum] = "a7f4e5e559a0e37b3ffc438c9456e425" -SRC_URI[sha256sum] = "8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3" - -PACKAGES =+ "${PN}-bin" - -FILES:${PN} += "${libdir}/sasl2/*.so*" -FILES:${PN}-bin += "${bindir} \ - ${sysconfdir}/default/saslauthd \ - ${systemd_unitdir}/system/saslauthd.service \ - ${sysconfdir}/tmpfiles.d/saslauthd.conf" -FILES:${PN}-dev += "${libdir}/sasl2/*.la" -FILES:${PN}-dbg += "${libdir}/sasl2/.debug" -FILES:${PN}-staticdev += "${libdir}/sasl2/*.a" - -INSANE_SKIP:${PN} += "dev-so" - -# CVE-2020-8032 affects only openSUSE -CVE_CHECK_IGNORE += "CVE-2020-8032" diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch new file mode 100644 index 0000000000..4c6d61dfc7 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch @@ -0,0 +1,91 @@ +From ade70f39c4aa5a8830462d9ccf3b8f8dd968c0d8 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 28 Feb 2022 11:10:26 -0800 +Subject: [PATCH] sample: Rename dprintf to cyrus_dprintf + +This avoids shadowing the dprintf implementations in glibc + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + sample/client.c | 12 ++++++------ + sample/common.c | 2 +- + sample/common.h | 2 +- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/sample/client.c b/sample/client.c +index e723c6b7..6a04f428 100644 +--- a/sample/client.c ++++ b/sample/client.c +@@ -241,9 +241,9 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + int r, c; + + /* get the capability list */ +- dprintf(0, "receiving capability list... "); ++ cyrus_dprintf(0, "receiving capability list... "); + len = recv_string(in, buf, sizeof buf); +- dprintf(0, "%s\n", buf); ++ cyrus_dprintf(0, "%s\n", buf); + + if (mech) { + /* make sure that 'mech' appears in 'buf' */ +@@ -262,7 +262,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + return -1; + } + +- dprintf(1, "using mechanism %s\n", chosenmech); ++ cyrus_dprintf(1, "using mechanism %s\n", chosenmech); + + /* we send up to 3 strings; + the mechanism chosen, the presence of initial response, +@@ -276,7 +276,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + } + + for (;;) { +- dprintf(2, "waiting for server reply...\n"); ++ cyrus_dprintf(2, "waiting for server reply...\n"); + + c = fgetc(in); + switch (c) { +@@ -303,10 +303,10 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) + } + + if (data) { +- dprintf(2, "sending response length %d...\n", len); ++ cyrus_dprintf(2, "sending response length %d...\n", len); + send_string(out, data, len); + } else { +- dprintf(2, "sending null response...\n"); ++ cyrus_dprintf(2, "sending null response...\n"); + send_string(out, "", 0); + } + } +diff --git a/sample/common.c b/sample/common.c +index 712549fd..d138e450 100644 +--- a/sample/common.c ++++ b/sample/common.c +@@ -127,7 +127,7 @@ int recv_string(FILE *f, char *buf, int buflen) + + int debuglevel = 0; + +-int dprintf(int lvl, const char *fmt, ...) ++int cyrus_dprintf(int lvl, const char *fmt, ...) + { + va_list ap; + int ret = 0; +diff --git a/sample/common.h b/sample/common.h +index 819d0101..cd56907a 100644 +--- a/sample/common.h ++++ b/sample/common.h +@@ -43,7 +43,7 @@ extern int send_string(FILE *f, const char *s, int l); + extern int recv_string(FILE *f, char *buf, int buflen); + + extern int debuglevel; +-extern int dprintf(int lvl, const char *fmt, ...); ++extern int cyrus_dprintf(int lvl, const char *fmt, ...); + + extern void saslerr(int why, const char *what); + extern void saslfail(int why, const char *what); +-- +2.35.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch new file mode 100644 index 0000000000..33a9e3f6e6 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch @@ -0,0 +1,35 @@ +From 94fe6eb9ea2691f4a7c32fbf2d0c7c454995b666 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 27 Feb 2020 11:08:57 +0800 +Subject: [PATCH] Fix #587 + +Off by one error in common.c, CVE-2019-19906. + +Thanks to Stephan Zeisberg for reporting + +CVE: CVE-2019-19906 + +Upstream-Stauts: Backport [https://github.com/cyrusimap/cyrus-sasl +/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1] + +Signed-off-by: Changqing Li +--- + lib/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common.c b/lib/common.c +index d9104c8..fef82db 100644 +--- a/lib/common.c ++++ b/lib/common.c +@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, + + if (add==NULL) add = "(null)"; + +- addlen=strlen(add); /* only compute once */ ++ addlen=strlen(add)+1; /* only compute once */ + if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK) + return SASL_NOMEM; + +-- +2.25.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch new file mode 100644 index 0000000000..f172362f4e --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch @@ -0,0 +1,26 @@ +From 188ad4497947259811ad32faeee95c20f9a44046 Mon Sep 17 00:00:00 2001 +From: "Roy.Li" +Date: Fri, 19 Jul 2013 14:29:31 +0800 +Subject: [PATCH] Fix hardcoded libdir. + +Upstream-Status: Pending + +Signed-off-by: Roy.Li + +--- + plugins/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/Makefile.am b/plugins/Makefile.am +index 2b02a52..929f6a4 100644 +--- a/plugins/Makefile.am ++++ b/plugins/Makefile.am +@@ -65,7 +65,7 @@ LIB_MYSQL = @LIB_MYSQL@ + + plugindir = @plugindir@ + +-sasldir = $(prefix)/lib/sasl2 ++sasldir = $(libdir)/sasl2 + sasl_LTLIBRARIES = @SASL_MECHS@ + EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \ + libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \ diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch new file mode 100644 index 0000000000..1e6f99603c --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch @@ -0,0 +1,50 @@ +From 288430d3c2d3f36a4c9d40c4fffa85288f44549a Mon Sep 17 00:00:00 2001 +From: "Roy.Li" +Date: Tue, 25 Jun 2013 09:22:59 +0800 +Subject: [PATCH] Avoid to call AC_TRY_RUN + +Upstream-Status: Inappropriate [configuration] + +Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO +on cross-compile environment by definition AC_ARG_ENABLE enable-spnego + +Signed-off-by: Roy.Li +--- + m4/sasl2.m4 | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/m4/sasl2.m4 b/m4/sasl2.m4 +index 80371ef..ff70083 100644 +--- a/m4/sasl2.m4 ++++ b/m4/sasl2.m4 +@@ -316,6 +316,18 @@ if test "$gssapi" != no; then + AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[ + cmu_save_LIBS="$LIBS" + LIBS="$LIBS $GSSAPIBASE_LIBS" ++ AC_ARG_ENABLE([spnego], ++ [AC_HELP_STRING([--enable-spnego=], ++ [enable SPNEGO support in GSSAPI libraries [no]])], ++ [spnego=$enableval], ++ [spnego=no]) ++ ++ if test "$spnego" = no; then ++ echo "no" ++ elif test "$spnego" = yes; then ++ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) ++ else ++ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries]) + AC_TRY_RUN([ + #ifdef HAVE_GSSAPI_H + #include +@@ -343,7 +355,7 @@ int main(void) + AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[ + AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO]) + ]) +- ++ fi + else + AC_MSG_RESULT([disabled]) + fi +-- +2.25.1 + diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff new file mode 100644 index 0000000000..0479acfb09 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff @@ -0,0 +1,28 @@ +From 1a5f3004e9081eab6263a29cd5be792f06441e36 Mon Sep 17 00:00:00 2001 +From: Fabian Fagerholm +Date: Wed, 24 Jul 2013 11:38:25 -0400 +Subject: [PATCH] cyrus-sasl: Add patches from Debian to fix linking + +Description: This patch makes sure the non-PIC version of libsasldb.a, which +is created out of non-PIC objects, is not going to overwrite the PIC version, +which is created out of PIC objects. The PIC version is placed in .libs, and +the non-PIC version in the current directory. This ensures that both non-PIC +and PIC versions are available in the correct locations. + +--- + lib/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index a158ca3..3137e19 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -99,7 +99,7 @@ endif + + libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) + @echo adding static plugins and dependencies +- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) ++ $(AR) cru $@ $(SASL_STATIC_OBJS) + @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ + if test ! -f $$i; then continue; fi; . $$i; \ + for j in $$dependency_libs foo; do \ diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf new file mode 100644 index 0000000000..a91a9d3340 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf @@ -0,0 +1,11 @@ +# Directory in which to place saslauthd's listening socket, pid file, and so +# on. This directory must already exist. +SOCKETDIR=@LOCALSTATEDIR@/run/saslauthd + +# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list +# of which mechanism your installation was compiled with the ablity to use. +MECH=pam + +# Additional flags to pass to saslauthd on the command line. See saslauthd(8) +# for the list of accepted flags. +FLAGS= diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service new file mode 100644 index 0000000000..e63592af6c --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service @@ -0,0 +1,12 @@ +[Unit] +Description=SASL authentication daemon. +After=syslog.target + +[Service] +Type=forking +PIDFile=/run/saslauthd/saslauthd.pid +EnvironmentFile=@SYSCONFDIR@/default/saslauthd +ExecStart=@SBINDIR@/saslauthd -m $SOCKETDIR -a $MECH $FLAGS + +[Install] +WantedBy=multi-user.target diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb new file mode 100644 index 0000000000..98899dfd5e --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb @@ -0,0 +1,98 @@ +SUMMARY = "Generic client/server library for SASL authentication" +SECTION = "libs" +HOMEPAGE = "http://asg.web.cmu.edu/sasl/" +DEPENDS = "openssl db groff-native" +LICENSE = "BSD-4-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396" + +SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084" + +SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \ + file://avoid-to-call-AC_TRY_RUN.patch \ + file://debian_patches_0014_avoid_pic_overwrite.diff \ + file://0001-sample-Rename-dprintf-to-cyrus_dprintf.patch \ + file://saslauthd.service \ + file://saslauthd.conf \ + file://CVE-2019-19906.patch \ + " + +UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig useradd systemd + +EXTRA_OECONF += "--with-dblib=berkeley \ + --with-plugindir='${libdir}/sasl2' \ + andrew_cv_runpath_switch=none" + +PACKAGECONFIG ??= "\ + ${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam', d)} \ +" +PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5," +PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," +PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie," +PACKAGECONFIG[des] = "--with-des,--without-des,," +PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap," +PACKAGECONFIG[ntlm] = "--enable-ntlm=yes,--enable-ntlm=no,," + +CFLAGS += "-fPIC" + +do_configure:prepend () { + # make it be able to work with db 5.0 version + local sed_files="sasldb/db_berkeley.c utils/dbconverter-2.c" + for sed_file in $sed_files; do + sed -i 's#DB_VERSION_MAJOR == 4.*#(&) || DB_VERSION_MAJOR == 5#' ${S}/$sed_file + done +} + +do_compile:prepend () { + cd include + ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} ${S}/include/makemd5.c -o makemd5 + touch makemd5.o makemd5.lo makemd5 + cd .. +} + +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/saslauthd.service ${D}${systemd_unitdir}/system + + sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/saslauthd.service + + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/saslauthd/ - - - -" > ${D}${sysconfdir}/tmpfiles.d/saslauthd.conf + + install -d ${D}${sysconfdir}/default/ + install -m 0644 ${WORKDIR}/saslauthd.conf ${D}${sysconfdir}/default/saslauthd + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/default/saslauthd + fi +} + +USERADD_PACKAGES = "${PN}-bin" +USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus" + +SYSTEMD_PACKAGES = "${PN}-bin" +SYSTEMD_SERVICE:${PN}-bin = "saslauthd.service" +SYSTEMD_AUTO_ENABLE = "disable" + +SRC_URI[md5sum] = "a7f4e5e559a0e37b3ffc438c9456e425" +SRC_URI[sha256sum] = "8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3" + +PACKAGES =+ "${PN}-bin" + +FILES:${PN} += "${libdir}/sasl2/*.so*" +FILES:${PN}-bin += "${bindir} \ + ${sysconfdir}/default/saslauthd \ + ${systemd_unitdir}/system/saslauthd.service \ + ${sysconfdir}/tmpfiles.d/saslauthd.conf" +FILES:${PN}-dev += "${libdir}/sasl2/*.la" +FILES:${PN}-dbg += "${libdir}/sasl2/.debug" +FILES:${PN}-staticdev += "${libdir}/sasl2/*.a" + +INSANE_SKIP:${PN} += "dev-so" + +# CVE-2020-8032 affects only openSUSE +CVE_CHECK_IGNORE += "CVE-2020-8032" -- cgit 1.2.3-korg