Skip to content

Commit

Permalink
cyrus-sasl: upgrade 2.1.27 -> 2.1.28
Browse files Browse the repository at this point in the history
0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
0001-makeinit.sh-fix-parallel-build-issue.patch
0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
deleted since they're included in 2.1.28

CVE-2019-19906.patch
avoid-to-call-AC_TRY_RUN.patch
refreshed for new version

Changelog:
=========
build:
------
configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
makemd5.c - Fix potential out of bound writes
fix build with –disable-shared –enable-static
Dozens of fixes for Windows specific builds
Fix cross platform builds with SPNEGO
Do not try to build broken java subtree
Fix build error with –enable-auth-sasldb

common:
-------
plugin_common.c:
Ensure size is always checked if called repeatedly (openembedded#617)

documentation:
--------------
Fixed generation of saslauthd(8) man page
Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (openembedded#373)
Updates for additional SCRAM mechanisms
Fix sasl_decode64 and sasl_encode64 man pages
Tons of fixes for Sphinx

include:
--------
sasl.h:
Allow up to 16 bits for security flags

lib:
----
checkpw.c:
Skip one call to strcat
Disable auxprop-hashed (openembedded#374)
client.c:
Use proper length for fully qualified domain names
common.c:
CVE-2019-19906 Fix off by one error (openembedded#587)
external.c:
fix EXTERNAL with non-terminated input (openembedded#689)
saslutil.c:
fix index_64 to be a signed char (openembedded#619)

plugins:
--------
gssapi.c:
Emit debug log only in case of errors
ntlm.c:
Fail compile if MD4 is not available (openembedded#632)
sql.c:
Finish reading residual return data (openembedded#639)
CVE-2022-24407 Escape password for SQL insert/update commands.

sasldb:
-------
db_gdbm.c:
fix gdbm_errno overlay from gdbm_close

DIGEST-MD5 plugin:
------------------
Prevent double free of RC4 context
Use OpenSSL RC4 implementation if available

SCRAM plugin:
------------
Return BADAUTH on incorrect password (openembedded#545)
Add -224, -384, -512 (openembedded#552)
Remove SCRAM_HASH_SIZE
Add function to return SCRAM auth method name
Allocate enough memory in scam_setpass()
Add function to sort SCRAM methods by hash strength
Update windows build for newer SCRAM options

saslauthd:
---------
auth_httpform.c:
Avoid signed overflow with non-ascii characters (openembedded#576)
auth_krb5.c:
support setting an explicit auth_krb5 server name
support setting an explicit servername with Heimdal
unify the MIT and Heimdal auth_krb5 implementations
Remove call to krbtf
auth_rimap.c:
provide native memmem implementation if missing
lak.c:
Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
lak.h:
Increase supported DN length to 4096 (openembedded#626)

Signed-off-by: Wang Mingyu <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
  • Loading branch information
wangmingyu84 authored and kraj committed Feb 28, 2022
1 parent afb0b36 commit 55ac06b
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 199 deletions.

This file was deleted.

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Signed-off-by: Changqing Li <[email protected]>
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/common.c b/lib/common.c
index 305311d..445c5d5 100644
index d9104c8..fef82db 100644
--- a/lib/common.c
+++ b/lib/common.c
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
Expand All @@ -27,9 +27,9 @@ index 305311d..445c5d5 100644

- addlen=strlen(add); /* only compute once */
+ addlen=strlen(add)+1; /* only compute once */
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK)
return SASL_NOMEM;

--
2.7.4
2.25.1

Original file line number Diff line number Diff line change
Expand Up @@ -9,41 +9,42 @@ Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO
on cross-compile environment by definition AC_ARG_ENABLE enable-spnego

Signed-off-by: Roy.Li <[email protected]>

---
m4/sasl2.m4 | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
m4/sasl2.m4 | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
index 56e0504..cf62607 100644
index 80371ef..ff70083 100644
--- a/m4/sasl2.m4
+++ b/m4/sasl2.m4
@@ -314,7 +314,18 @@ if test "$gssapi" != no; then
cmu_save_LIBS="$LIBS"
LIBS="$LIBS $GSSAPIBASE_LIBS"

- AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+ AC_ARG_ENABLE([spnego],
+ [AC_HELP_STRING([--enable-spnego=<DIR>],
+ [enable SPNEGO support in GSSAPI libraries [no]])],
+ [spnego=$enableval],
+ [spnego=no])
+
+ if test "$spnego" = no; then
+ echo "no"
+ elif test "$spnego" = yes; then
+ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+ else
+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
AC_TRY_RUN([
@@ -316,6 +316,18 @@ if test "$gssapi" != no; then
AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
cmu_save_LIBS="$LIBS"
LIBS="$LIBS $GSSAPIBASE_LIBS"
+ AC_ARG_ENABLE([spnego],
+ [AC_HELP_STRING([--enable-spnego=<DIR>],
+ [enable SPNEGO support in GSSAPI libraries [no]])],
+ [spnego=$enableval],
+ [spnego=no])
+
+ if test "$spnego" = no; then
+ echo "no"
+ elif test "$spnego" = yes; then
+ AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+ else
+ AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
AC_TRY_RUN([
#ifdef HAVE_GSSAPI_H
#include <gssapi.h>
@@ -341,7 +352,7 @@ int main(void)
AC_MSG_RESULT(yes) ],
AC_MSG_RESULT(no))
LIBS="$cmu_save_LIBS"
@@ -343,7 +355,7 @@ int main(void)
AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
])
-
+ fi
else
AC_MSG_RESULT([disabled])
fi
--
2.25.1

Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,13 @@ DEPENDS = "openssl db groff-native"
LICENSE = "BSD-4-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"

SRCREV = "e41cfb986c1b1935770de554872247453fdbb079"
SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084"

SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=master \
SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \
file://avoid-to-call-AC_TRY_RUN.patch \
file://Fix-hardcoded-libdir.patch \
file://debian_patches_0014_avoid_pic_overwrite.diff \
file://saslauthd.service \
file://saslauthd.conf \
file://0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch \
file://0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch \
file://0001-makeinit.sh-fix-parallel-build-issue.patch \
file://CVE-2019-19906.patch \
"

Expand Down

0 comments on commit 55ac06b

Please sign in to comment.