| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Wang Mingyu <wangmy@fujitsu.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
0001-makeinit.sh-fix-parallel-build-issue.patch
0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
deleted since they're included in 2.1.28
CVE-2019-19906.patch
avoid-to-call-AC_TRY_RUN.patch
refreshed for new version
Changelog:
=========
build:
------
configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
makemd5.c - Fix potential out of bound writes
fix build with –disable-shared –enable-static
Dozens of fixes for Windows specific builds
Fix cross platform builds with SPNEGO
Do not try to build broken java subtree
Fix build error with –enable-auth-sasldb
common:
-------
plugin_common.c:
Ensure size is always checked if called repeatedly (#617)
documentation:
--------------
Fixed generation of saslauthd(8) man page
Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
Updates for additional SCRAM mechanisms
Fix sasl_decode64 and sasl_encode64 man pages
Tons of fixes for Sphinx
include:
--------
sasl.h:
Allow up to 16 bits for security flags
lib:
----
checkpw.c:
Skip one call to strcat
Disable auxprop-hashed (#374)
client.c:
Use proper length for fully qualified domain names
common.c:
CVE-2019-19906 Fix off by one error (#587)
external.c:
fix EXTERNAL with non-terminated input (#689)
saslutil.c:
fix index_64 to be a signed char (#619)
plugins:
--------
gssapi.c:
Emit debug log only in case of errors
ntlm.c:
Fail compile if MD4 is not available (#632)
sql.c:
Finish reading residual return data (#639)
CVE-2022-24407 Escape password for SQL insert/update commands.
sasldb:
-------
db_gdbm.c:
fix gdbm_errno overlay from gdbm_close
DIGEST-MD5 plugin:
------------------
Prevent double free of RC4 context
Use OpenSSL RC4 implementation if available
SCRAM plugin:
------------
Return BADAUTH on incorrect password (#545)
Add -224, -384, -512 (#552)
Remove SCRAM_HASH_SIZE
Add function to return SCRAM auth method name
Allocate enough memory in scam_setpass()
Add function to sort SCRAM methods by hash strength
Update windows build for newer SCRAM options
saslauthd:
---------
auth_httpform.c:
Avoid signed overflow with non-ascii characters (#576)
auth_krb5.c:
support setting an explicit auth_krb5 server name
support setting an explicit servername with Heimdal
unify the MIT and Heimdal auth_krb5 implementations
Remove call to krbtf
auth_rimap.c:
provide native memmem implementation if missing
lak.c:
Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
lak.h:
Increase supported DN length to 4096 (#626)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
This affects only openSUSE, so add it to allowlist.
Signed-off-by: Yuichi Ito <ito-yuichi@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
ntlm requires md4 algorith defines which is now disabled in openssl
recipe by default also see [1]
[1] https://github.com/cyrusimap/cyrus-sasl/issues/632
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
The License of cyrus-sasl is BSD-4-Clause.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While building plugins, each <plugin>.c requires a <plugin>_init.c,
and the <plugin>_init.c is dynamically generated by makeinit.sh.
But the makeinit.sh generates all *_init.c (13 mechanism plugins,
3 auxprop plugins) at one time, if there are multiple plugins,
there will be multiple makeinit.sh invoking.
It caused a parallel issue, the *_init.c files will be generated
repeatedly.
It occasionally generate dapdb_init.c incorrectly
[snip plugins/ldapdb_init.c]
SASL_CANONUSER_PLUG_INIT( ldapdb )
SASL_CANONUSER_PLUG_INIT( ldapdb )
SASL_CANONUSER_PLUG_INIT( ldapdb )
[snip plugins/ldapdb_init.c]
Let makeinit.sh generate the expected <plugin>_init.c which
is exactly required by <plugin>.c.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`--enable-ldapdb'
[snip]
| powerpc-wrs-linux-gcc [snip] -I../common
|../../git/saslauthd/lak.c:58:10: fatal error: crypto-compat.h:
No such file or directory
[snip]
The crypto-compat.h locates in git/common/, it should be |
`-I../../git/common'
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A previous commit set CLEANBROKEN to "1" to claim to fix the following
error.
Fixed rebuild error:
configure: error: changes in the environment can compromise the build
configure: error: run `make distclean' and/or `rm .././config.cache' and start over
configure: error: ./configure failed for saslauthd
However, I'm still seeing these errors!
The actual problem is about autotools.bbclass not cleaning things up. It just
uses 'make clean' while maybe 'make distclean' and 'rm -f ${B}/config.cache' also
needs to be there.
In fact, setting CLEANBROKEN will do no cleanup except removing some .la files.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This update also fixes build failures with openSSL 1.1.x
Drop patches which are not required anymore
Backport a proposed patch to fix build on musl
Readjust configure options since some of the options are not available
anymore
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixed rebuild error:
configure: error: changes in the environment can compromise the build
configure: error: run `make distclean' and/or `rm .././config.cache' and start over
configure: error: ./configure failed for saslauthd
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The service file belongs to ${PN}-bin instead of ${PN}, fix things
accordingly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Acked-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
| |
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
* remove tabs which sneaked in since last cleanup
* meta-oe layers are using consistent indentation with 4 spaces, see
http://www.openembedded.org/wiki/Styleguide
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mail group is provided by base-passwd so would always be present. Therefore
drop the uneeded group addition from this recipe.
This works around the recent user cleanup code improvements which meant
this started causing failures for people.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Tested-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
| |
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifying the plugin directory with a trailing '/' hit this failure in
the install rule:
... snip ...
install-exec-local: $(INSTALLOSX)
@if test "$(plugindir)" != "$(prefix)/lib/sasl2"; then \
echo "********************************************************"; \
echo "* WARNING:"; \
echo "* Plugins are being installed into $(prefix)/lib/sasl2,"; \
echo "* but the library will look for them in $(plugindir)."; \
echo "* You need to make sure that the plugins will eventually"; \
echo "* be in $(plugindir) -- the easiest way is to make a"; \
echo "* symbolic link from $(plugindir) to $(prefix)/lib/sasl2,"; \
echo "* but this may not be appropriate for your site, so this"; \
echo "* installation procedure won't do it for you."; \
echo "*"; \
echo "* If you don't want to do this for some reason, you can"; \
echo "* set the location where the library will look for plugins"; \
echo "* by setting the environment variable SASL_PATH to the path"; \
echo "* the library should use."; \
echo "********************************************************"; \
fi
Work around that.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
It needs autotools-brokensep, otherwise do_configure error:
sed: can't read sasldb/db_berkeley.c: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
saslpasswd2 is used by an administrator to set a user's sasl password,
setting a default one in pkg_postinst in not only unnecessary but also
inappropriate.
Besides, running saslpasswd2 takes a significant amount of time to finish,
so this pkg_postinst will make the first boot take longer time.
According to the above two reasons, the patch remove the pkg_postint.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
While making use of the cyrus-sasl library an external application
will most likely include sasl.h which will cause compilation failures
if steps haven't been taken to define size_t. This should not be the
responsibility of the application building against the sasl library
but rather handled already in sasl.h. Here we ensure sasl.h has the
proper includes to have size_t defined before it is used.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
| |
This fixes the build on at least Fedora 19 x86_64 as a host; we were
trying to link a non-PIC static object into a shared library.
Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
| |
|
|
|
|
|
| |
A minor bit of reorganization of the cyrus-sasl recipe directory in
preparation for a build fix.
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Fix hardcoded libdir
2. configure cyrus-sasl based on PACKAGECONFIG
3. create user by inherit useradd
4. add -fPIC to CFLAG to fix the below building failure:
ld: ../sasldb/.libs/libsasldb.a(db_berkeley.o): relocation R_X86_64_32S against
`.rodata' can not be used when making a shared object; recompile with -fPIC
../sasldb/.libs/libsasldb.a(db_berkeley.o): could not read symbols: Bad value
The cause is that libsasldb.a is built twice since {.c.o: and .c.lo} co-exist, one
with -fPIC, other without -fPIC. if no -fPIC library follows behind, this error
will appear. so we enable -fPIC no matter whatever objects are built.
5. The version of db in oe-core is 5.0
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
If the gssapi libraries are compiled before cyrus-sasl, configure will call
AC_TRY_RUN to check if gssapi libraries support SPNEGO, but calling AC_TRY_RUN
will fail on cross-compile environment.
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The Cyrus SASL plugins are loaded without their version number so the
plugin *.so symbolic links need to be placed in the cyrus-sasl package
rather than the cyrus-sasl-dev package.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
| |
|
|
|
|
| |
Cleaning QA errors from commit 770b14191143fd89fa18daa4048af1f618debdee
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
|
|
I took recipe from OE classic, updated, cleaned and got it build. I use
it only as build dependency - did not checked binaries from ${PN}-bin.
There are RPATH problems to solve:
WARNING: QA Issue: package cyrus-sasl-bin contains bad RPATH
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/sysroots/genericarmv8/usr/lib
in file
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/work/aarch64-oe-linux/cyrus-sasl/2.1.26-r0/packages-split/cyrus-sasl-bin/usr/sbin/saslpasswd2
WARNING: QA Issue: package cyrus-sasl-bin contains bad RPATH
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/sysroots/genericarmv8/usr/lib
in file
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/work/aarch64-oe-linux/cyrus-sasl/2.1.26-r0/packages-split/cyrus-sasl-bin/usr/sbin/pluginviewer
WARNING: QA Issue: package cyrus-sasl-bin contains bad RPATH
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/sysroots/genericarmv8/usr/lib
in file
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/work/aarch64-oe-linux/cyrus-sasl/2.1.26-r0/packages-split/cyrus-sasl-bin/usr/sbin/sasldblistusers2
WARNING: QA Issue: package cyrus-sasl contains bad RPATH
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/sysroots/genericarmv8/usr/lib
in file
/home/hrw/HDD/devel/canonical/aarch64/openembedded/build/tmp-eglibc/work/aarch64-oe-linux/cyrus-sasl/2.1.26-r0/packages-split/cyrus-sasl/usr/lib/sasl2/libsasldb.so.3.0.0
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
