cyrus-sasl: upgrade 2.1.27 -> 2.1.28

0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch 0001-makeinit.sh-fix-parallel-build-issue.patch 0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch deleted since they're included in 2.1.28 CVE-2019-19906.patch avoid-to-call-AC_TRY_RUN.patch refreshed for new version Changelog: ========= build: ------ configure - Restore LIBS after checking gss_inquire_sec_context_by_oid makemd5.c - Fix potential out of bound writes fix build with –disable-shared –enable-static Dozens of fixes for Windows specific builds Fix cross platform builds with SPNEGO Do not try to build broken java subtree Fix build error with –enable-auth-sasldb common: ------- plugin_common.c: Ensure size is always checked if called repeatedly (#617) documentation: -------------- Fixed generation of saslauthd(8) man page Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373) Updates for additional SCRAM mechanisms Fix sasl_decode64 and sasl_encode64 man pages Tons of fixes for Sphinx include: -------- sasl.h: Allow up to 16 bits for security flags lib: ---- checkpw.c: Skip one call to strcat Disable auxprop-hashed (#374) client.c: Use proper length for fully qualified domain names common.c: CVE-2019-19906 Fix off by one error (#587) external.c: fix EXTERNAL with non-terminated input (#689) saslutil.c: fix index_64 to be a signed char (#619) plugins: -------- gssapi.c: Emit debug log only in case of errors ntlm.c: Fail compile if MD4 is not available (#632) sql.c: Finish reading residual return data (#639) CVE-2022-24407 Escape password for SQL insert/update commands. sasldb: ------- db_gdbm.c: fix gdbm_errno overlay from gdbm_close DIGEST-MD5 plugin: ------------------ Prevent double free of RC4 context Use OpenSSL RC4 implementation if available SCRAM plugin: ------------ Return BADAUTH on incorrect password (#545) Add -224, -384, -512 (#552) Remove SCRAM_HASH_SIZE Add function to return SCRAM auth method name Allocate enough memory in scam_setpass() Add function to sort SCRAM methods by hash strength Update windows build for newer SCRAM options saslauthd: --------- auth_httpform.c: Avoid signed overflow with non-ascii characters (#576) auth_krb5.c: support setting an explicit auth_krb5 server name support setting an explicit servername with Heimdal unify the MIT and Heimdal auth_krb5 implementations Remove call to krbtf auth_rimap.c: provide native memmem implementation if missing lak.c: Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification) lak.h: Increase supported DN length to 4096 (#626) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Wang Mingyu <wangmy@fujitsu.com> 2022-02-28 22:09:06 +0800
committer: Khem Raj <raj.khem@gmail.com> 2022-03-01 09:13:42 -0800
commit: edd8bd0f2443bbf1acc794df981cd05f1dbd6778 (patch)
tree: 3f6f6d22c8f4a22f1e9b8ad31cf0a7a73809f5dd /meta-networking/recipes-daemons
parent: 8abc3bd017cc5feffedfe20af3b9e381931acc23 (diff)
download: meta-openembedded-edd8bd0f2443bbf1acc794df981cd05f1dbd6778.tar.gz
6 files changed, 32 insertions, 199 deletions
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
deleted file mode 100644
index c89822c36..000000000
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 6515f3e7656d97d40a6a1cf4eb3ada193a698309 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 12 Sep 2018 23:18:12 +0800
-Subject: [PATCH] Allow saslauthd to be built outside of source tree while
- configuring with `--enable-ldapdb'
-[snip]
-| powerpc-wrs-linux-gcc [snip] -I../common
-|../../git/saslauthd/lak.c:58:10: fatal error: crypto-compat.h:
-No such file or directory
-[snip]
-The crypto-compat.h locates in git/common/, it should be                                                                                                                           |
-`-I../../git/common'
-Remove useless `-I$(top_srcdir)/../include' which was incorrectly
-added by commit `faae590 cleanup misc INCLUDES for different build paths'
-Upstream-Status: Submitted [https://github.com/cyrusimap/cyrus-sasl]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- saslauthd/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
-index d7244be..864b29b 100644
--- a/saslauthd/Makefile.am
-+++ b/saslauthd/Makefile.am
-@@ -34,7 +34,7 @@ saslcache_SOURCES = saslcache.c
- 
- EXTRA_DIST     = saslauthd.8 saslauthd.mdoc include \
-                  getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD
-AM_CPPFLAGS    = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include -I$(top_builddir)/common
-+AM_CPPFLAGS    = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_builddir)/common -I$(top_srcdir)/common
- DEFS            = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I..
- 
- 
-- 
-2.7.4
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch
deleted file mode 100644
index bf232ac27..000000000
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From bb693db0e1d1d693e8ca31fcbc4f46d1674eeca1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Thu, 13 Sep 2018 14:20:57 +0800
-Subject: [PATCH] makeinit.sh: fix parallel build issue
-While building plugins, each <plugin>.c requires a <plugin>_init.c,
-and the <plugin>_init.c is dynamically generated by makeinit.sh.
-But the makeinit.sh generates all *_init.c (13 mechanism plugins,
-3 auxprop plugins) at one time, if there are multiple plugins,
-there will be multiple makeinit.sh invoking.
-It caused a parallel issue, the *_init.c files will be generated
-repeatedly.
-It occasionally generate dapdb_init.c incorrectly
-[snip plugins/ldapdb_init.c]
-SASL_CANONUSER_PLUG_INIT( ldapdb )
-SASL_CANONUSER_PLUG_INIT( ldapdb )
-SASL_CANONUSER_PLUG_INIT( ldapdb )
-[snip plugins/ldapdb_init.c]
-Let makeinit.sh generate the expected <plugin>_init.c which
-is exactly required by <plugin>.c.
-Upstream-Status: Submitted [https://github.com/cyrusimap/cyrus-sasl/pull/532]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- plugins/Makefile.am |  2 +-
- plugins/makeinit.sh | 19 ++++++++++++++-----
- 2 files changed, 15 insertions(+), 6 deletions(-)
-diff --git a/plugins/Makefile.am b/plugins/Makefile.am
-index 929f6a4..81e7f0b 100644
--- a/plugins/Makefile.am
-+++ b/plugins/Makefile.am
-@@ -149,4 +149,4 @@ passdss_init.c sasldb_init.c sql_init.c ldapdb_init.c
- CLEANFILES=$(init_src)
- 
- ${init_src}: $(srcdir)/makeinit.sh
-       $(SHELL) $(srcdir)/makeinit.sh
-+       $(SHELL) $(srcdir)/makeinit.sh $@
-diff --git a/plugins/makeinit.sh b/plugins/makeinit.sh
-index cc65f7d..3131877 100644
--- a/plugins/makeinit.sh
-+++ b/plugins/makeinit.sh
-@@ -1,7 +1,9 @@
-+plugin_init="$1"
- # mechanism plugins
- for mech in anonymous crammd5 digestmd5 scram gssapiv2 kerberos4 login ntlm otp passdss plain srp gs2; do
-+    if [ ${plugin_init} = "${mech}_init.c" ];then
- 
-echo "
-+        echo "
- #include <config.h>
- 
- #include <string.h>
-@@ -43,13 +45,16 @@ BOOL APIENTRY DllMain( HANDLE hModule,
- 
- SASL_CLIENT_PLUG_INIT( $mech )
- SASL_SERVER_PLUG_INIT( $mech )
-" > ${mech}_init.c
-+"       > ${mech}_init.c
-+        echo "generating $1"
-+    fi # End of `if [ ${plugin_init} = "${mech}_init.c" ];then'
- done
- 
- # auxprop plugins
- for auxprop in sasldb sql ldapdb; do
-+    if [ ${plugin_init} = "${auxprop}_init.c" ];then
- 
-echo "
-+        echo "
- #include <config.h>
- 
- #include <string.h>
-@@ -86,8 +91,12 @@ BOOL APIENTRY DllMain( HANDLE hModule,
- #endif
- 
- SASL_AUXPROP_PLUG_INIT( $auxprop )
-" > ${auxprop}_init.c
-+"       > ${auxprop}_init.c
-+        echo "generating $1"
-+    fi # End of `if [ ${plugin_init} = "${auxprop}_init.c" ];then'
- done
- 
- # ldapdb is also a canon_user plugin
-echo "SASL_CANONUSER_PLUG_INIT( ldapdb )" >> ldapdb_init.c
-+if [ ${plugin_init} = "ldapdb_init.c" ];then
-+    echo "SASL_CANONUSER_PLUG_INIT( ldapdb )" >> ldapdb_init.c
-+fi
-- 
-2.7.4
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
deleted file mode 100644
index 68d09c385..000000000
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 98082f81da1b49876081ff1ab340e952755f985a Mon Sep 17 00:00:00 2001
-From: OBATA Akio <obache@users.noreply.github.com>
-Date: Fri, 11 May 2018 18:36:26 +0900
-Subject: [PATCH] configure.ac: fix condition for suppliment snprintf
- implementation
-$sasl_cv_snprintf means requremnt of suppliment snprintf
-implementation, not existence of system snprintf implementation,
-Upstream-Status: Submitted [https://github.com/cyrusimap/cyrus-sasl/pull/512]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/configure.ac b/configure.ac
-index ac59f14..9804e98 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -1264,7 +1264,7 @@ SNPRINTFOBJS=""
- LTSNPRINTFOBJS=""
- AC_CHECK_FUNC(snprintf, [AC_DEFINE(HAVE_SNPRINTF,[],[Does the system have snprintf()?])], [sasl_cv_snprintf=yes])
- AC_CHECK_FUNC(vsnprintf, [AC_DEFINE(HAVE_VSNPRINTF,[],[Does the system have vsnprintf()?])], [sasl_cv_snprintf=yes])
-if test $sasl_cv_snprintf = no; then
-+if test $sasl_cv_snprintf = yes; then
-        AC_LIBOBJ(snprintf)
-        SNPRINTFOBJS="snprintf.o"
-        LTSNPRINTFOBJS="snprintf.lo"
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
index b94780f30..33a9e3f6e 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
@@ -18,7 +18,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/common.c b/lib/common.c
-index 305311d..445c5d5 100644
+index d9104c8..fef82db 100644
 --- a/lib/common.c
 +++ b/lib/common.c
 @@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
@@ -27,9 +27,9 @@ index 305311d..445c5d5 100644
 
 -  addlen=strlen(add); /* only compute once */
 +  addlen=strlen(add)+1; /* only compute once */
-   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK)
     return SASL_NOMEM;
 
 -- 
-2.7.4
+2.25.1
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
index aa271b8fb..1e6f99603 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
@@ -9,41 +9,42 @@ Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO
 on cross-compile environment by definition AC_ARG_ENABLE enable-spnego
 Signed-off-by: Roy.Li <rongqing.li@windriver.com>
 ---
- m4/sasl2.m4 | 15 +++++++++++++--
+ m4/sasl2.m4 | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 2 deletions(-)
+ 1 file changed, 13 insertions(+), 1 deletion(-)
 diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
-index 56e0504..cf62607 100644
+index 80371ef..ff70083 100644
 --- a/m4/sasl2.m4
 +++ b/m4/sasl2.m4
-@@ -314,7 +314,18 @@ if test "$gssapi" != no; then
+@@ -316,6 +316,18 @@ if test "$gssapi" != no; then
-   cmu_save_LIBS="$LIBS"
+   AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
-   LIBS="$LIBS $GSSAPIBASE_LIBS"
+     cmu_save_LIBS="$LIBS"
- 
+     LIBS="$LIBS $GSSAPIBASE_LIBS"
-  AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+    AC_ARG_ENABLE([spnego],
-+  AC_ARG_ENABLE([spnego],
+                [AC_HELP_STRING([--enable-spnego=<DIR>],
-+              [AC_HELP_STRING([--enable-spnego=<DIR>],
+                                [enable SPNEGO support in GSSAPI libraries [no]])],
-+                              [enable SPNEGO support in GSSAPI libraries [no]])],
+                [spnego=$enableval],
-+              [spnego=$enableval],
+                [spnego=no])
-+              [spnego=no])
+  
-+
+    if test "$spnego" = no; then
-+  if test "$spnego" = no; then
+         echo "no"
-+       echo "no"
+    elif test "$spnego" = yes; then
-+  elif test "$spnego" = yes; then
+         AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
-+       AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+    else
-+  else
+         AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
-+       AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+     AC_TRY_RUN([
-   AC_TRY_RUN([
 #ifdef HAVE_GSSAPI_H
 #include <gssapi.h>
-@@ -341,7 +352,7 @@ int main(void)
+@@ -343,7 +355,7 @@ int main(void)
-        AC_MSG_RESULT(yes) ],
+   AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
-        AC_MSG_RESULT(no))
+     AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
-   LIBS="$cmu_save_LIBS"
+   ])
 -
 +   fi
 else
   AC_MSG_RESULT([disabled])
 fi
+-- 
+2.25.1
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
index 43b69f7a2..95a093cd1 100644
--- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -5,17 +5,13 @@ DEPENDS = "openssl db groff-native"
 LICENSE = "BSD-4-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"
-SRCREV = "e41cfb986c1b1935770de554872247453fdbb079"
+SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084"
-SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=master \
+SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \
           file://avoid-to-call-AC_TRY_RUN.patch \
-           file://Fix-hardcoded-libdir.patch \
           file://debian_patches_0014_avoid_pic_overwrite.diff \
           file://saslauthd.service \
           file://saslauthd.conf \
-           file://0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch \
-           file://0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch \
-           file://0001-makeinit.sh-fix-parallel-build-issue.patch \
           file://CVE-2019-19906.patch \
           "
author	Wang Mingyu <wangmy@fujitsu.com>	2022-02-28 22:09:06 +0800
committer	Khem Raj <raj.khem@gmail.com>	2022-03-01 09:13:42 -0800
commit	edd8bd0f2443bbf1acc794df981cd05f1dbd6778 (patch)
tree	3f6f6d22c8f4a22f1e9b8ad31cf0a7a73809f5dd /meta-networking/recipes-daemons
parent	8abc3bd017cc5feffedfe20af3b9e381931acc23 (diff)
download	meta-openembedded-edd8bd0f2443bbf1acc794df981cd05f1dbd6778.tar.gz

diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch deleted file mode 100644 index c89822c36..000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch +++ /dev/null
@@ -1,41 +0,0 @@
1	From 6515f3e7656d97d40a6a1cf4eb3ada193a698309 Mon Sep 17 00:00:00 2001
2	From: Hongxu Jia <hongxu.jia@windriver.com>
3	Date: Wed, 12 Sep 2018 23:18:12 +0800
4	Subject: [PATCH] Allow saslauthd to be built outside of source tree while
5	configuring with `--enable-ldapdb'
6
7	[snip]
8	\| powerpc-wrs-linux-gcc [snip] -I../common
9	\|../../git/saslauthd/lak.c:58:10: fatal error: crypto-compat.h:
10	No such file or directory
11	[snip]
12
13	The crypto-compat.h locates in git/common/, it should be \|
14	`-I../../git/common'
15
16	Remove useless `-I$(top_srcdir)/../include' which was incorrectly
17	added by commit `faae590 cleanup misc INCLUDES for different build paths'
18
19	Upstream-Status: Submitted [https://github.com/cyrusimap/cyrus-sasl]
20
21	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
22	---
23	saslauthd/Makefile.am \| 2 +-
24	1 file changed, 1 insertion(+), 1 deletion(-)
25
26	diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
27	index d7244be..864b29b 100644
28	--- a/saslauthd/Makefile.am
29	+++ b/saslauthd/Makefile.am
30	@@ -34,7 +34,7 @@ saslcache_SOURCES = saslcache.c
31
32	EXTRA_DIST = saslauthd.8 saslauthd.mdoc include \
33	getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD
34	-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include -I$(top_builddir)/common
35	+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_builddir)/common -I$(top_srcdir)/common
36	DEFS = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I..
37
38
39	--
40	2.7.4
41


diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch deleted file mode 100644 index bf232ac27..000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch +++ /dev/null
@@ -1,95 +0,0 @@
1	From bb693db0e1d1d693e8ca31fcbc4f46d1674eeca1 Mon Sep 17 00:00:00 2001
2	From: Hongxu Jia <hongxu.jia@windriver.com>
3	Date: Thu, 13 Sep 2018 14:20:57 +0800
4	Subject: [PATCH] makeinit.sh: fix parallel build issue
5
6	While building plugins, each <plugin>.c requires a <plugin>_init.c,
7	and the <plugin>_init.c is dynamically generated by makeinit.sh.
8
9	But the makeinit.sh generates all *_init.c (13 mechanism plugins,
10	3 auxprop plugins) at one time, if there are multiple plugins,
11	there will be multiple makeinit.sh invoking.
12
13	It caused a parallel issue, the *_init.c files will be generated
14	repeatedly.
15
16	It occasionally generate dapdb_init.c incorrectly
17	[snip plugins/ldapdb_init.c]
18	SASL_CANONUSER_PLUG_INIT( ldapdb )
19	SASL_CANONUSER_PLUG_INIT( ldapdb )
20	SASL_CANONUSER_PLUG_INIT( ldapdb )
21	[snip plugins/ldapdb_init.c]
22
23	Let makeinit.sh generate the expected <plugin>_init.c which
24	is exactly required by <plugin>.c.
25
26	Upstream-Status: Submitted [https://github.com/cyrusimap/cyrus-sasl/pull/532]
27
28	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
29	---
30	plugins/Makefile.am \| 2 +-
31	plugins/makeinit.sh \| 19 ++++++++++++++-----
32	2 files changed, 15 insertions(+), 6 deletions(-)
33
34	diff --git a/plugins/Makefile.am b/plugins/Makefile.am
35	index 929f6a4..81e7f0b 100644
36	--- a/plugins/Makefile.am
37	+++ b/plugins/Makefile.am
38	@@ -149,4 +149,4 @@ passdss_init.c sasldb_init.c sql_init.c ldapdb_init.c
39	CLEANFILES=$(init_src)
40
41	${init_src}: $(srcdir)/makeinit.sh
42	- $(SHELL) $(srcdir)/makeinit.sh
43	+ $(SHELL) $(srcdir)/makeinit.sh $@
44	diff --git a/plugins/makeinit.sh b/plugins/makeinit.sh
45	index cc65f7d..3131877 100644
46	--- a/plugins/makeinit.sh
47	+++ b/plugins/makeinit.sh
48	@@ -1,7 +1,9 @@
49	+plugin_init="$1"
50	# mechanism plugins
51	for mech in anonymous crammd5 digestmd5 scram gssapiv2 kerberos4 login ntlm otp passdss plain srp gs2; do
52	+ if [ ${plugin_init} = "${mech}_init.c" ];then
53
54	-echo "
55	+ echo "
56	#include <config.h>
57
58	#include <string.h>
59	@@ -43,13 +45,16 @@ BOOL APIENTRY DllMain( HANDLE hModule,
60
61	SASL_CLIENT_PLUG_INIT( $mech )
62	SASL_SERVER_PLUG_INIT( $mech )
63	-" > ${mech}_init.c
64	+" > ${mech}_init.c
65	+ echo "generating $1"
66	+ fi # End of `if [ ${plugin_init} = "${mech}_init.c" ];then'
67	done
68
69	# auxprop plugins
70	for auxprop in sasldb sql ldapdb; do
71	+ if [ ${plugin_init} = "${auxprop}_init.c" ];then
72
73	-echo "
74	+ echo "
75	#include <config.h>
76
77	#include <string.h>
78	@@ -86,8 +91,12 @@ BOOL APIENTRY DllMain( HANDLE hModule,
79	#endif
80
81	SASL_AUXPROP_PLUG_INIT( $auxprop )
82	-" > ${auxprop}_init.c
83	+" > ${auxprop}_init.c
84	+ echo "generating $1"
85	+ fi # End of `if [ ${plugin_init} = "${auxprop}_init.c" ];then'
86	done
87
88	# ldapdb is also a canon_user plugin
89	-echo "SASL_CANONUSER_PLUG_INIT( ldapdb )" >> ldapdb_init.c
90	+if [ ${plugin_init} = "ldapdb_init.c" ];then
91	+ echo "SASL_CANONUSER_PLUG_INIT( ldapdb )" >> ldapdb_init.c
92	+fi
93	--
94	2.7.4
95


diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch deleted file mode 100644 index 68d09c385..000000000 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch +++ /dev/null
@@ -1,28 +0,0 @@
1	From 98082f81da1b49876081ff1ab340e952755f985a Mon Sep 17 00:00:00 2001
2	From: OBATA Akio <obache@users.noreply.github.com>
3	Date: Fri, 11 May 2018 18:36:26 +0900
4	Subject: [PATCH] configure.ac: fix condition for suppliment snprintf
5	implementation
6
7	$sasl_cv_snprintf means requremnt of suppliment snprintf
8	implementation, not existence of system snprintf implementation,
9
10	Upstream-Status: Submitted [https://github.com/cyrusimap/cyrus-sasl/pull/512]
11	Signed-off-by: Khem Raj <raj.khem@gmail.com>
12	---
13	configure.ac \| 2 +-
14	1 file changed, 1 insertion(+), 1 deletion(-)
15
16	diff --git a/configure.ac b/configure.ac
17	index ac59f14..9804e98 100644
18	--- a/configure.ac
19	+++ b/configure.ac
20	@@ -1264,7 +1264,7 @@ SNPRINTFOBJS=""
21	LTSNPRINTFOBJS=""
22	AC_CHECK_FUNC(snprintf, [AC_DEFINE(HAVE_SNPRINTF,[],[Does the system have snprintf()?])], [sasl_cv_snprintf=yes])
23	AC_CHECK_FUNC(vsnprintf, [AC_DEFINE(HAVE_VSNPRINTF,[],[Does the system have vsnprintf()?])], [sasl_cv_snprintf=yes])
24	-if test $sasl_cv_snprintf = no; then
25	+if test $sasl_cv_snprintf = yes; then
26	AC_LIBOBJ(snprintf)
27	SNPRINTFOBJS="snprintf.o"
28	LTSNPRINTFOBJS="snprintf.lo"


diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch index b94780f30..33a9e3f6e 100644 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch +++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
@@ -18,7 +18,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
18	1 file changed, 1 insertion(+), 1 deletion(-)	18	1 file changed, 1 insertion(+), 1 deletion(-)
19		19
20	diff --git a/lib/common.c b/lib/common.c	20	diff --git a/lib/common.c b/lib/common.c
21	index 305311d..445c5d5 100644	21	index d9104c8..fef82db 100644
22	--- a/lib/common.c	22	--- a/lib/common.c
23	+++ b/lib/common.c	23	+++ b/lib/common.c
24	@@ -190,7 +190,7 @@ int _sasl_add_string(char *out, size_t alloclen,	24	@@ -190,7 +190,7 @@ int _sasl_add_string(char *out, size_t alloclen,
@@ -27,9 +27,9 @@ index 305311d..445c5d5 100644
27		27
28	- addlen=strlen(add); /* only compute once */	28	- addlen=strlen(add); /* only compute once */
29	+ addlen=strlen(add)+1; /* only compute once */	29	+ addlen=strlen(add)+1; /* only compute once */
30	if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)	30	if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK)
31	return SASL_NOMEM;	31	return SASL_NOMEM;
32		32
33	--	33	--
34	2.7.4	34	2.25.1
35		35


diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch index aa271b8fb..1e6f99603 100644 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch +++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
@@ -9,41 +9,42 @@ Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO
9	on cross-compile environment by definition AC_ARG_ENABLE enable-spnego	9	on cross-compile environment by definition AC_ARG_ENABLE enable-spnego
10		10
11	Signed-off-by: Roy.Li <rongqing.li@windriver.com>	11	Signed-off-by: Roy.Li <rongqing.li@windriver.com>
12
13	---	12	---
14	m4/sasl2.m4 \| 15 +++++++++++++--	13	m4/sasl2.m4 \| 14 +++++++++++++-
15	1 file changed, 13 insertions(+), 2 deletions(-)	14	1 file changed, 13 insertions(+), 1 deletion(-)
16		15
17	diff --git a/m4/sasl2.m4 b/m4/sasl2.m4	16	diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
18	index 56e0504..cf62607 100644	17	index 80371ef..ff70083 100644
19	--- a/m4/sasl2.m4	18	--- a/m4/sasl2.m4
20	+++ b/m4/sasl2.m4	19	+++ b/m4/sasl2.m4
21	@@ -314,7 +314,18 @@ if test "$gssapi" != no; then	20	@@ -316,6 +316,18 @@ if test "$gssapi" != no; then
22	cmu_save_LIBS="$LIBS"	21	AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
23	LIBS="$LIBS $GSSAPIBASE_LIBS"	22	cmu_save_LIBS="$LIBS"
24		23	LIBS="$LIBS $GSSAPIBASE_LIBS"
25	- AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])	24	+ AC_ARG_ENABLE([spnego],
26	+ AC_ARG_ENABLE([spnego],	25	+ [AC_HELP_STRING([--enable-spnego=<DIR>],
27	+ [AC_HELP_STRING([--enable-spnego=<DIR>],	26	+ [enable SPNEGO support in GSSAPI libraries [no]])],
28	+ [enable SPNEGO support in GSSAPI libraries [no]])],	27	+ [spnego=$enableval],
29	+ [spnego=$enableval],	28	+ [spnego=no])
30	+ [spnego=no])	29	+
31	+	30	+ if test "$spnego" = no; then
32	+ if test "$spnego" = no; then	31	+ echo "no"
33	+ echo "no"	32	+ elif test "$spnego" = yes; then
34	+ elif test "$spnego" = yes; then	33	+ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
35	+ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])	34	+ else
36	+ else	35	+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
37	+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])	36	AC_TRY_RUN([
38	AC_TRY_RUN([
39	#ifdef HAVE_GSSAPI_H	37	#ifdef HAVE_GSSAPI_H
40	#include <gssapi.h>	38	#include <gssapi.h>
41	@@ -341,7 +352,7 @@ int main(void)	39	@@ -343,7 +355,7 @@ int main(void)
42	AC_MSG_RESULT(yes) ],	40	AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
43	AC_MSG_RESULT(no))	41	AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
44	LIBS="$cmu_save_LIBS"	42	])
45	-	43	-
46	+ fi	44	+ fi
47	else	45	else
48	AC_MSG_RESULT([disabled])	46	AC_MSG_RESULT([disabled])
49	fi	47	fi
		48	--
		49	2.25.1
		50


diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb index 43b69f7a2..95a093cd1 100644 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb +++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -5,17 +5,13 @@ DEPENDS = "openssl db groff-native"
5	LICENSE = "BSD-4-Clause"	5	LICENSE = "BSD-4-Clause"
6	LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"	6	LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"
7		7
8	SRCREV = "e41cfb986c1b1935770de554872247453fdbb079"	8	SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084"
9		9
10	SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=master \	10	SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \
11	file://avoid-to-call-AC_TRY_RUN.patch \	11	file://avoid-to-call-AC_TRY_RUN.patch \
12	file://Fix-hardcoded-libdir.patch \
13	file://debian_patches_0014_avoid_pic_overwrite.diff \	12	file://debian_patches_0014_avoid_pic_overwrite.diff \
14	file://saslauthd.service \	13	file://saslauthd.service \
15	file://saslauthd.conf \	14	file://saslauthd.conf \
16	file://0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch \
17	file://0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch \
18	file://0001-makeinit.sh-fix-parallel-build-issue.patch \
19	file://CVE-2019-19906.patch \	15	file://CVE-2019-19906.patch \
20	"	16	"
21		17