cyrus-sasl: move from meta-networking to meta-oe

Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2022-05-02 07:33:37 -0700
committer: Khem Raj <raj.khem@gmail.com> 2022-05-02 17:51:58 -0700
commit: eaa0fd9c2f91eac8b2e83e7d1a45119613f9ad14 (patch)
tree: 1ee39fbfea69d0f9909064475eec45e3c1c7a721 /meta-oe/recipes-networking/cyrus-sasl
parent: 7be928f107e3c11148bc557db41fd6a4438e2421 (diff)
download: meta-openembedded-eaa0fd9c2f91eac8b2e83e7d1a45119613f9ad14.tar.gz
8 files changed, 351 insertions, 0 deletions
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch
new file mode 100644
index 000000000..4c6d61dfc
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch
@@ -0,0 +1,91 @@
+From ade70f39c4aa5a8830462d9ccf3b8f8dd968c0d8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 28 Feb 2022 11:10:26 -0800
+Subject: [PATCH] sample: Rename dprintf to cyrus_dprintf
+This avoids shadowing the dprintf implementations in glibc
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sample/client.c | 12 ++++++------
+ sample/common.c |  2 +-
+ sample/common.h |  2 +-
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+diff --git a/sample/client.c b/sample/client.c
+index e723c6b7..6a04f428 100644
+--- a/sample/client.c
+++ b/sample/client.c
+@@ -241,9 +241,9 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+     int r, c;
+ 
+     /* get the capability list */
+-    dprintf(0, "receiving capability list... ");
+    cyrus_dprintf(0, "receiving capability list... ");
+     len = recv_string(in, buf, sizeof buf);
+-    dprintf(0, "%s\n", buf);
+    cyrus_dprintf(0, "%s\n", buf);
+ 
+     if (mech) {
+        /* make sure that 'mech' appears in 'buf' */
+@@ -262,7 +262,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+        return -1;
+     }
+     
+-    dprintf(1, "using mechanism %s\n", chosenmech);
+    cyrus_dprintf(1, "using mechanism %s\n", chosenmech);
+ 
+     /* we send up to 3 strings;
+        the mechanism chosen, the presence of initial response,
+@@ -276,7 +276,7 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+     }
+ 
+     for (;;) {
+-       dprintf(2, "waiting for server reply...\n");
+       cyrus_dprintf(2, "waiting for server reply...\n");
+ 
+        c = fgetc(in);
+        switch (c) {
+@@ -303,10 +303,10 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
+        }
+ 
+        if (data) {
+-           dprintf(2, "sending response length %d...\n", len);
+           cyrus_dprintf(2, "sending response length %d...\n", len);
+            send_string(out, data, len);
+        } else {
+-           dprintf(2, "sending null response...\n");
+           cyrus_dprintf(2, "sending null response...\n");
+            send_string(out, "", 0);
+        }
+     }
+diff --git a/sample/common.c b/sample/common.c
+index 712549fd..d138e450 100644
+--- a/sample/common.c
+++ b/sample/common.c
+@@ -127,7 +127,7 @@ int recv_string(FILE *f, char *buf, int buflen)
+ 
+ int debuglevel = 0;
+ 
+-int dprintf(int lvl, const char *fmt, ...)
+int cyrus_dprintf(int lvl, const char *fmt, ...)
+ {
+     va_list ap;
+     int ret = 0;
+diff --git a/sample/common.h b/sample/common.h
+index 819d0101..cd56907a 100644
+--- a/sample/common.h
+++ b/sample/common.h
+@@ -43,7 +43,7 @@ extern int send_string(FILE *f, const char *s, int l);
+ extern int recv_string(FILE *f, char *buf, int buflen);
+ 
+ extern int debuglevel;
+-extern int dprintf(int lvl, const char *fmt, ...);
+extern int cyrus_dprintf(int lvl, const char *fmt, ...);
+ 
+ extern void saslerr(int why, const char *what);
+ extern void saslfail(int why, const char *what);
+-- 
+2.35.1
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
new file mode 100644
index 000000000..33a9e3f6e
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
@@ -0,0 +1,35 @@
+From 94fe6eb9ea2691f4a7c32fbf2d0c7c454995b666 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 27 Feb 2020 11:08:57 +0800
+Subject: [PATCH] Fix #587
+Off by one error in common.c, CVE-2019-19906.
+Thanks to Stephan Zeisberg for reporting
+CVE: CVE-2019-19906
+Upstream-Stauts: Backport [https://github.com/cyrusimap/cyrus-sasl
+/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/common.c b/lib/common.c
+index d9104c8..fef82db 100644
+--- a/lib/common.c
+++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
+ 
+   if (add==NULL) add = "(null)";
+ 
+-  addlen=strlen(add); /* only compute once */
+  addlen=strlen(add)+1; /* only compute once */
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK)
+     return SASL_NOMEM;
+ 
+-- 
+2.25.1
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch
new file mode 100644
index 000000000..f172362f4
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch
@@ -0,0 +1,26 @@
+From 188ad4497947259811ad32faeee95c20f9a44046 Mon Sep 17 00:00:00 2001
+From: "Roy.Li" <rongqing.li@windriver.com>
+Date: Fri, 19 Jul 2013 14:29:31 +0800
+Subject: [PATCH] Fix hardcoded libdir.
+Upstream-Status: Pending
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ plugins/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/plugins/Makefile.am b/plugins/Makefile.am
+index 2b02a52..929f6a4 100644
+--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
+@@ -65,7 +65,7 @@ LIB_MYSQL = @LIB_MYSQL@
+ 
+ plugindir = @plugindir@
+ 
+-sasldir = $(prefix)/lib/sasl2
+sasldir = $(libdir)/sasl2
+ sasl_LTLIBRARIES = @SASL_MECHS@
+ EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \
+        libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
new file mode 100644
index 000000000..1e6f99603
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
@@ -0,0 +1,50 @@
+From 288430d3c2d3f36a4c9d40c4fffa85288f44549a Mon Sep 17 00:00:00 2001
+From: "Roy.Li" <rongqing.li@windriver.com>
+Date: Tue, 25 Jun 2013 09:22:59 +0800
+Subject: [PATCH] Avoid to call AC_TRY_RUN
+Upstream-Status: Inappropriate [configuration]
+Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO
+on cross-compile environment by definition AC_ARG_ENABLE enable-spnego
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ m4/sasl2.m4 | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 80371ef..ff70083 100644
+--- a/m4/sasl2.m4
+++ b/m4/sasl2.m4
+@@ -316,6 +316,18 @@ if test "$gssapi" != no; then
+   AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
+     cmu_save_LIBS="$LIBS"
+     LIBS="$LIBS $GSSAPIBASE_LIBS"
+    AC_ARG_ENABLE([spnego],
+                [AC_HELP_STRING([--enable-spnego=<DIR>],
+                                [enable SPNEGO support in GSSAPI libraries [no]])],
+                [spnego=$enableval],
+                [spnego=no])
+  
+    if test "$spnego" = no; then
+         echo "no"
+    elif test "$spnego" = yes; then
+         AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+    else
+         AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+     AC_TRY_RUN([
+ #ifdef HAVE_GSSAPI_H
+ #include <gssapi.h>
+@@ -343,7 +355,7 @@ int main(void)
+   AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
+     AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+   ])
+-
+   fi
+ else
+   AC_MSG_RESULT([disabled])
+ fi
+-- 
+2.25.1
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff
new file mode 100644
index 000000000..0479acfb0
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff
@@ -0,0 +1,28 @@
+From 1a5f3004e9081eab6263a29cd5be792f06441e36 Mon Sep 17 00:00:00 2001
+From: Fabian Fagerholm <fabbe@debian.org>
+Date: Wed, 24 Jul 2013 11:38:25 -0400
+Subject: [PATCH] cyrus-sasl: Add patches from Debian to fix linking
+Description: This patch makes sure the non-PIC version of libsasldb.a, which
+is created out of non-PIC objects, is not going to overwrite the PIC version,
+which is created out of PIC objects. The PIC version is placed in .libs, and
+the non-PIC version in the current directory.  This ensures that both non-PIC
+and PIC versions are available in the correct locations.
+---
+ lib/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index a158ca3..3137e19 100644
+--- a/lib/Makefile.am
+++ b/lib/Makefile.am
+@@ -99,7 +99,7 @@ endif
+ 
+ libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
+        @echo adding static plugins and dependencies
+-       $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
+       $(AR) cru $@ $(SASL_STATIC_OBJS)
+        @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
+        if test ! -f $$i; then continue; fi; . $$i; \
+        for j in $$dependency_libs foo; do \
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf
new file mode 100644
index 000000000..a91a9d334
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf
@@ -0,0 +1,11 @@
+# Directory in which to place saslauthd's listening socket, pid file, and so
+# on.  This directory must already exist.
+SOCKETDIR=@LOCALSTATEDIR@/run/saslauthd
+# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
+# of which mechanism your installation was compiled with the ablity to use.
+MECH=pam
+# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
+# for the list of accepted flags.
+FLAGS=
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service
new file mode 100644
index 000000000..e63592af6
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=SASL authentication daemon.
+After=syslog.target
+[Service]
+Type=forking
+PIDFile=/run/saslauthd/saslauthd.pid
+EnvironmentFile=@SYSCONFDIR@/default/saslauthd
+ExecStart=@SBINDIR@/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb
new file mode 100644
index 000000000..98899dfd5
--- /dev/null
+++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -0,0 +1,98 @@
+SUMMARY = "Generic client/server library for SASL authentication"
+SECTION = "libs"
+HOMEPAGE = "http://asg.web.cmu.edu/sasl/"
+DEPENDS = "openssl db groff-native"
+LICENSE = "BSD-4-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"
+SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084"
+SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \
+           file://avoid-to-call-AC_TRY_RUN.patch \
+           file://debian_patches_0014_avoid_pic_overwrite.diff \
+           file://0001-sample-Rename-dprintf-to-cyrus_dprintf.patch \
+           file://saslauthd.service \
+           file://saslauthd.conf \
+           file://CVE-2019-19906.patch \
+           "
+UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"
+S = "${WORKDIR}/git"
+inherit autotools pkgconfig useradd systemd
+EXTRA_OECONF += "--with-dblib=berkeley \
+                 --with-plugindir='${libdir}/sasl2' \
+                 andrew_cv_runpath_switch=none"
+PACKAGECONFIG ??= "\
+    ${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam', d)} \
+"
+PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5,"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam,"
+PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie,"
+PACKAGECONFIG[des] = "--with-des,--without-des,,"
+PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap,"
+PACKAGECONFIG[ntlm] = "--enable-ntlm=yes,--enable-ntlm=no,,"
+CFLAGS += "-fPIC"
+do_configure:prepend () {
+    # make it be able to work with db 5.0 version
+    local sed_files="sasldb/db_berkeley.c utils/dbconverter-2.c"
+    for sed_file in $sed_files; do
+        sed -i 's#DB_VERSION_MAJOR == 4.*#(&) || DB_VERSION_MAJOR == 5#' ${S}/$sed_file
+    done
+}
+do_compile:prepend () {
+    cd include
+    ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} ${S}/include/makemd5.c -o makemd5
+    touch makemd5.o makemd5.lo makemd5
+    cd ..
+}
+do_install:append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/saslauthd.service ${D}${systemd_unitdir}/system
+        sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/saslauthd.service
+        sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${systemd_unitdir}/system/saslauthd.service
+        sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/saslauthd.service
+        install -d ${D}${sysconfdir}/tmpfiles.d
+        echo "d /run/saslauthd/ - - - -" > ${D}${sysconfdir}/tmpfiles.d/saslauthd.conf
+        install -d ${D}${sysconfdir}/default/
+        install -m 0644 ${WORKDIR}/saslauthd.conf ${D}${sysconfdir}/default/saslauthd
+        sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/default/saslauthd
+    fi
+}
+USERADD_PACKAGES = "${PN}-bin"
+USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus"
+SYSTEMD_PACKAGES = "${PN}-bin"
+SYSTEMD_SERVICE:${PN}-bin = "saslauthd.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+SRC_URI[md5sum] = "a7f4e5e559a0e37b3ffc438c9456e425"
+SRC_URI[sha256sum] = "8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3"
+PACKAGES =+ "${PN}-bin"
+FILES:${PN}           += "${libdir}/sasl2/*.so*"
+FILES:${PN}-bin       += "${bindir} \
+                          ${sysconfdir}/default/saslauthd \
+                          ${systemd_unitdir}/system/saslauthd.service \
+                          ${sysconfdir}/tmpfiles.d/saslauthd.conf"
+FILES:${PN}-dev       += "${libdir}/sasl2/*.la"
+FILES:${PN}-dbg       += "${libdir}/sasl2/.debug"
+FILES:${PN}-staticdev += "${libdir}/sasl2/*.a"
+INSANE_SKIP:${PN} += "dev-so"
+# CVE-2020-8032 affects only openSUSE
+CVE_CHECK_IGNORE += "CVE-2020-8032"
author	Armin Kuster <akuster808@gmail.com>	2022-05-02 07:33:37 -0700
committer	Khem Raj <raj.khem@gmail.com>	2022-05-02 17:51:58 -0700
commit	eaa0fd9c2f91eac8b2e83e7d1a45119613f9ad14 (patch)
tree	1ee39fbfea69d0f9909064475eec45e3c1c7a721 /meta-oe/recipes-networking/cyrus-sasl
parent	7be928f107e3c11148bc557db41fd6a4438e2421 (diff)
download	meta-openembedded-eaa0fd9c2f91eac8b2e83e7d1a45119613f9ad14.tar.gz

diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch new file mode 100644 index 000000000..4c6d61dfc --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/0001-sample-Rename-dprintf-to-cyrus_dprintf.patch
@@ -0,0 +1,91 @@
	1	From ade70f39c4aa5a8830462d9ccf3b8f8dd968c0d8 Mon Sep 17 00:00:00 2001
	2	From: Khem Raj <raj.khem@gmail.com>
	3	Date: Mon, 28 Feb 2022 11:10:26 -0800
	4	Subject: [PATCH] sample: Rename dprintf to cyrus_dprintf
	5
	6	This avoids shadowing the dprintf implementations in glibc
	7
	8	Upstream-Status: Pending
	9	Signed-off-by: Khem Raj <raj.khem@gmail.com>
	10	---
	11	sample/client.c \| 12 ++++++------
	12	sample/common.c \| 2 +-
	13	sample/common.h \| 2 +-
	14	3 files changed, 8 insertions(+), 8 deletions(-)
	15
	16	diff --git a/sample/client.c b/sample/client.c
	17	index e723c6b7..6a04f428 100644
	18	--- a/sample/client.c
	19	+++ b/sample/client.c
	20	@@ -241,9 +241,9 @@ int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn)
	21	int r, c;
	22
	23	/* get the capability list */
	24	- dprintf(0, "receiving capability list... ");
	25	+ cyrus_dprintf(0, "receiving capability list... ");
	26	len = recv_string(in, buf, sizeof buf);
	27	- dprintf(0, "%s\n", buf);
	28	+ cyrus_dprintf(0, "%s\n", buf);
	29
	30	if (mech) {
	31	/* make sure that 'mech' appears in 'buf' */
	32	@@ -262,7 +262,7 @@ int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn)
	33	return -1;
	34	}
	35
	36	- dprintf(1, "using mechanism %s\n", chosenmech);
	37	+ cyrus_dprintf(1, "using mechanism %s\n", chosenmech);
	38
	39	/* we send up to 3 strings;
	40	the mechanism chosen, the presence of initial response,
	41	@@ -276,7 +276,7 @@ int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn)
	42	}
	43
	44	for (;;) {
	45	- dprintf(2, "waiting for server reply...\n");
	46	+ cyrus_dprintf(2, "waiting for server reply...\n");
	47
	48	c = fgetc(in);
	49	switch (c) {
	50	@@ -303,10 +303,10 @@ int mysasl_negotiate(FILE in, FILE out, sasl_conn_t *conn)
	51	}
	52
	53	if (data) {
	54	- dprintf(2, "sending response length %d...\n", len);
	55	+ cyrus_dprintf(2, "sending response length %d...\n", len);
	56	send_string(out, data, len);
	57	} else {
	58	- dprintf(2, "sending null response...\n");
	59	+ cyrus_dprintf(2, "sending null response...\n");
	60	send_string(out, "", 0);
	61	}
	62	}
	63	diff --git a/sample/common.c b/sample/common.c
	64	index 712549fd..d138e450 100644
	65	--- a/sample/common.c
	66	+++ b/sample/common.c
	67	@@ -127,7 +127,7 @@ int recv_string(FILE f, char buf, int buflen)
	68
	69	int debuglevel = 0;
	70
	71	-int dprintf(int lvl, const char *fmt, ...)
	72	+int cyrus_dprintf(int lvl, const char *fmt, ...)
	73	{
	74	va_list ap;
	75	int ret = 0;
	76	diff --git a/sample/common.h b/sample/common.h
	77	index 819d0101..cd56907a 100644
	78	--- a/sample/common.h
	79	+++ b/sample/common.h
	80	@@ -43,7 +43,7 @@ extern int send_string(FILE f, const char s, int l);
	81	extern int recv_string(FILE f, char buf, int buflen);
	82
	83	extern int debuglevel;
	84	-extern int dprintf(int lvl, const char *fmt, ...);
	85	+extern int cyrus_dprintf(int lvl, const char *fmt, ...);
	86
	87	extern void saslerr(int why, const char *what);
	88	extern void saslfail(int why, const char *what);
	89	--
	90	2.35.1
	91


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch new file mode 100644 index 000000000..33a9e3f6e --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
@@ -0,0 +1,35 @@
	1	From 94fe6eb9ea2691f4a7c32fbf2d0c7c454995b666 Mon Sep 17 00:00:00 2001
	2	From: Changqing Li <changqing.li@windriver.com>
	3	Date: Thu, 27 Feb 2020 11:08:57 +0800
	4	Subject: [PATCH] Fix #587
	5
	6	Off by one error in common.c, CVE-2019-19906.
	7
	8	Thanks to Stephan Zeisberg for reporting
	9
	10	CVE: CVE-2019-19906
	11
	12	Upstream-Stauts: Backport [https://github.com/cyrusimap/cyrus-sasl
	13	/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1]
	14
	15	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	16	---
	17	lib/common.c \| 2 +-
	18	1 file changed, 1 insertion(+), 1 deletion(-)
	19
	20	diff --git a/lib/common.c b/lib/common.c
	21	index d9104c8..fef82db 100644
	22	--- a/lib/common.c
	23	+++ b/lib/common.c
	24	@@ -190,7 +190,7 @@ int _sasl_add_string(char *out, size_t alloclen,
	25
	26	if (add==NULL) add = "(null)";
	27
	28	- addlen=strlen(add); /* only compute once */
	29	+ addlen=strlen(add)+1; /* only compute once */
	30	if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK)
	31	return SASL_NOMEM;
	32
	33	--
	34	2.25.1
	35


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch new file mode 100644 index 000000000..f172362f4 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/Fix-hardcoded-libdir.patch
@@ -0,0 +1,26 @@
	1	From 188ad4497947259811ad32faeee95c20f9a44046 Mon Sep 17 00:00:00 2001
	2	From: "Roy.Li" <rongqing.li@windriver.com>
	3	Date: Fri, 19 Jul 2013 14:29:31 +0800
	4	Subject: [PATCH] Fix hardcoded libdir.
	5
	6	Upstream-Status: Pending
	7
	8	Signed-off-by: Roy.Li <rongqing.li@windriver.com>
	9
	10	---
	11	plugins/Makefile.am \| 2 +-
	12	1 file changed, 1 insertion(+), 1 deletion(-)
	13
	14	diff --git a/plugins/Makefile.am b/plugins/Makefile.am
	15	index 2b02a52..929f6a4 100644
	16	--- a/plugins/Makefile.am
	17	+++ b/plugins/Makefile.am
	18	@@ -65,7 +65,7 @@ LIB_MYSQL = @LIB_MYSQL@
	19
	20	plugindir = @plugindir@
	21
	22	-sasldir = $(prefix)/lib/sasl2
	23	+sasldir = $(libdir)/sasl2
	24	sasl_LTLIBRARIES = @SASL_MECHS@
	25	EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \
	26	libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch new file mode 100644 index 000000000..1e6f99603 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
@@ -0,0 +1,50 @@
	1	From 288430d3c2d3f36a4c9d40c4fffa85288f44549a Mon Sep 17 00:00:00 2001
	2	From: "Roy.Li" <rongqing.li@windriver.com>
	3	Date: Tue, 25 Jun 2013 09:22:59 +0800
	4	Subject: [PATCH] Avoid to call AC_TRY_RUN
	5
	6	Upstream-Status: Inappropriate [configuration]
	7
	8	Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO
	9	on cross-compile environment by definition AC_ARG_ENABLE enable-spnego
	10
	11	Signed-off-by: Roy.Li <rongqing.li@windriver.com>
	12	---
	13	m4/sasl2.m4 \| 14 +++++++++++++-
	14	1 file changed, 13 insertions(+), 1 deletion(-)
	15
	16	diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
	17	index 80371ef..ff70083 100644
	18	--- a/m4/sasl2.m4
	19	+++ b/m4/sasl2.m4
	20	@@ -316,6 +316,18 @@ if test "$gssapi" != no; then
	21	AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
	22	cmu_save_LIBS="$LIBS"
	23	LIBS="$LIBS $GSSAPIBASE_LIBS"
	24	+ AC_ARG_ENABLE([spnego],
	25	+ [AC_HELP_STRING([--enable-spnego=<DIR>],
	26	+ [enable SPNEGO support in GSSAPI libraries [no]])],
	27	+ [spnego=$enableval],
	28	+ [spnego=no])
	29	+
	30	+ if test "$spnego" = no; then
	31	+ echo "no"
	32	+ elif test "$spnego" = yes; then
	33	+ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
	34	+ else
	35	+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
	36	AC_TRY_RUN([
	37	#ifdef HAVE_GSSAPI_H
	38	#include <gssapi.h>
	39	@@ -343,7 +355,7 @@ int main(void)
	40	AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
	41	AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
	42	])
	43	-
	44	+ fi
	45	else
	46	AC_MSG_RESULT([disabled])
	47	fi
	48	--
	49	2.25.1
	50


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff new file mode 100644 index 000000000..0479acfb0 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/debian_patches_0014_avoid_pic_overwrite.diff
@@ -0,0 +1,28 @@
	1	From 1a5f3004e9081eab6263a29cd5be792f06441e36 Mon Sep 17 00:00:00 2001
	2	From: Fabian Fagerholm <fabbe@debian.org>
	3	Date: Wed, 24 Jul 2013 11:38:25 -0400
	4	Subject: [PATCH] cyrus-sasl: Add patches from Debian to fix linking
	5
	6	Description: This patch makes sure the non-PIC version of libsasldb.a, which
	7	is created out of non-PIC objects, is not going to overwrite the PIC version,
	8	which is created out of PIC objects. The PIC version is placed in .libs, and
	9	the non-PIC version in the current directory. This ensures that both non-PIC
	10	and PIC versions are available in the correct locations.
	11
	12	---
	13	lib/Makefile.am \| 2 +-
	14	1 file changed, 1 insertion(+), 1 deletion(-)
	15
	16	diff --git a/lib/Makefile.am b/lib/Makefile.am
	17	index a158ca3..3137e19 100644
	18	--- a/lib/Makefile.am
	19	+++ b/lib/Makefile.am
	20	@@ -99,7 +99,7 @@ endif
	21
	22	libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
	23	@echo adding static plugins and dependencies
	24	- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
	25	+ $(AR) cru $@ $(SASL_STATIC_OBJS)
	26	@for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
	27	if test ! -f $$i; then continue; fi; . $$i; \
	28	for j in $$dependency_libs foo; do \


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf new file mode 100644 index 000000000..a91a9d334 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.conf
@@ -0,0 +1,11 @@
	1	# Directory in which to place saslauthd's listening socket, pid file, and so
	2	# on. This directory must already exist.
	3	SOCKETDIR=@LOCALSTATEDIR@/run/saslauthd
	4
	5	# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
	6	# of which mechanism your installation was compiled with the ablity to use.
	7	MECH=pam
	8
	9	# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
	10	# for the list of accepted flags.
	11	FLAGS=


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service new file mode 100644 index 000000000..e63592af6 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl/saslauthd.service
@@ -0,0 +1,12 @@
	1	[Unit]
	2	Description=SASL authentication daemon.
	3	After=syslog.target
	4
	5	[Service]
	6	Type=forking
	7	PIDFile=/run/saslauthd/saslauthd.pid
	8	EnvironmentFile=@SYSCONFDIR@/default/saslauthd
	9	ExecStart=@SBINDIR@/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
	10
	11	[Install]
	12	WantedBy=multi-user.target


diff --git a/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb new file mode 100644 index 000000000..98899dfd5 --- /dev/null +++ b/meta-oe/recipes-networking/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -0,0 +1,98 @@
	1	SUMMARY = "Generic client/server library for SASL authentication"
	2	SECTION = "libs"
	3	HOMEPAGE = "http://asg.web.cmu.edu/sasl/"
	4	DEPENDS = "openssl db groff-native"
	5	LICENSE = "BSD-4-Clause"
	6	LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"
	7
	8	SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084"
	9
	10	SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \
	11	file://avoid-to-call-AC_TRY_RUN.patch \
	12	file://debian_patches_0014_avoid_pic_overwrite.diff \
	13	file://0001-sample-Rename-dprintf-to-cyrus_dprintf.patch \
	14	file://saslauthd.service \
	15	file://saslauthd.conf \
	16	file://CVE-2019-19906.patch \
	17	"
	18
	19	UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"
	20
	21	S = "${WORKDIR}/git"
	22
	23	inherit autotools pkgconfig useradd systemd
	24
	25	EXTRA_OECONF += "--with-dblib=berkeley \
	26	--with-plugindir='${libdir}/sasl2' \
	27	andrew_cv_runpath_switch=none"
	28
	29	PACKAGECONFIG ??= "\
	30	${@bb.utils.filter('DISTRO_FEATURES', 'ldap pam', d)} \
	31	"
	32	PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5,"
	33	PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam,"
	34	PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie,"
	35	PACKAGECONFIG[des] = "--with-des,--without-des,,"
	36	PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap,"
	37	PACKAGECONFIG[ntlm] = "--enable-ntlm=yes,--enable-ntlm=no,,"
	38
	39	CFLAGS += "-fPIC"
	40
	41	do_configure:prepend () {
	42	# make it be able to work with db 5.0 version
	43	local sed_files="sasldb/db_berkeley.c utils/dbconverter-2.c"
	44	for sed_file in $sed_files; do
	45	sed -i 's#DB_VERSION_MAJOR == 4.*#(&) \|\| DB_VERSION_MAJOR == 5#' ${S}/$sed_file
	46	done
	47	}
	48
	49	do_compile:prepend () {
	50	cd include
	51	${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} ${S}/include/makemd5.c -o makemd5
	52	touch makemd5.o makemd5.lo makemd5
	53	cd ..
	54	}
	55
	56	do_install:append() {
	57	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
	58	install -d ${D}${systemd_unitdir}/system
	59	install -m 0644 ${WORKDIR}/saslauthd.service ${D}${systemd_unitdir}/system
	60
	61	sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/saslauthd.service
	62	sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${systemd_unitdir}/system/saslauthd.service
	63	sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/saslauthd.service
	64
	65	install -d ${D}${sysconfdir}/tmpfiles.d
	66	echo "d /run/saslauthd/ - - - -" > ${D}${sysconfdir}/tmpfiles.d/saslauthd.conf
	67
	68	install -d ${D}${sysconfdir}/default/
	69	install -m 0644 ${WORKDIR}/saslauthd.conf ${D}${sysconfdir}/default/saslauthd
	70	sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/default/saslauthd
	71	fi
	72	}
	73
	74	USERADD_PACKAGES = "${PN}-bin"
	75	USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus"
	76
	77	SYSTEMD_PACKAGES = "${PN}-bin"
	78	SYSTEMD_SERVICE:${PN}-bin = "saslauthd.service"
	79	SYSTEMD_AUTO_ENABLE = "disable"
	80
	81	SRC_URI[md5sum] = "a7f4e5e559a0e37b3ffc438c9456e425"
	82	SRC_URI[sha256sum] = "8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3"
	83
	84	PACKAGES =+ "${PN}-bin"
	85
	86	FILES:${PN} += "${libdir}/sasl2/.so"
	87	FILES:${PN}-bin += "${bindir} \
	88	${sysconfdir}/default/saslauthd \
	89	${systemd_unitdir}/system/saslauthd.service \
	90	${sysconfdir}/tmpfiles.d/saslauthd.conf"
	91	FILES:${PN}-dev += "${libdir}/sasl2/*.la"
	92	FILES:${PN}-dbg += "${libdir}/sasl2/.debug"
	93	FILES:${PN}-staticdev += "${libdir}/sasl2/*.a"
	94
	95	INSANE_SKIP:${PN} += "dev-so"
	96
	97	# CVE-2020-8032 affects only openSUSE
	98	CVE_CHECK_IGNORE += "CVE-2020-8032"