cyrus-sasl: upgrade 2.1.27 -> 2.1.28

0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch 0001-makeinit.sh-fix-parallel-build-issue.patch 0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch deleted since they're included in 2.1.28 CVE-2019-19906.patch avoid-to-call-AC_TRY_RUN.patch refreshed for new version Changelog: ========= build: ------ configure - Restore LIBS after checking gss_inquire_sec_context_by_oid makemd5.c - Fix potential out of bound writes fix build with –disable-shared –enable-static Dozens of fixes for Windows specific builds Fix cross platform builds with SPNEGO Do not try to build broken java subtree Fix build error with –enable-auth-sasldb common: ------- plugin_common.c: Ensure size is always checked if called repeatedly (openembedded#617) documentation: -------------- Fixed generation of saslauthd(8) man page Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (openembedded#373) Updates for additional SCRAM mechanisms Fix sasl_decode64 and sasl_encode64 man pages Tons of fixes for Sphinx include: -------- sasl.h: Allow up to 16 bits for security flags lib: ---- checkpw.c: Skip one call to strcat Disable auxprop-hashed (openembedded#374) client.c: Use proper length for fully qualified domain names common.c: CVE-2019-19906 Fix off by one error (openembedded#587) external.c: fix EXTERNAL with non-terminated input (openembedded#689) saslutil.c: fix index_64 to be a signed char (openembedded#619) plugins: -------- gssapi.c: Emit debug log only in case of errors ntlm.c: Fail compile if MD4 is not available (openembedded#632) sql.c: Finish reading residual return data (openembedded#639) CVE-2022-24407 Escape password for SQL insert/update commands. sasldb: ------- db_gdbm.c: fix gdbm_errno overlay from gdbm_close DIGEST-MD5 plugin: ------------------ Prevent double free of RC4 context Use OpenSSL RC4 implementation if available SCRAM plugin: ------------ Return BADAUTH on incorrect password (openembedded#545) Add -224, -384, -512 (openembedded#552) Remove SCRAM_HASH_SIZE Add function to return SCRAM auth method name Allocate enough memory in scam_setpass() Add function to sort SCRAM methods by hash strength Update windows build for newer SCRAM options saslauthd: --------- auth_httpform.c: Avoid signed overflow with non-ascii characters (openembedded#576) auth_krb5.c: support setting an explicit auth_krb5 server name support setting an explicit servername with Heimdal unify the MIT and Heimdal auth_krb5 implementations Remove call to krbtf auth_rimap.c: provide native memmem implementation if missing lak.c: Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification) lak.h: Increase supported DN length to 4096 (openembedded#626) Signed-off-by: Wang Mingyu <[email protected]> Signed-off-by: Khem Raj <[email protected]>
YoeDistro · Feb 28, 2022 · 55ac06b · 55ac06b
1 parent afb0b36
commit 55ac06b
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 199 deletions.
diff --git a/...ons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch b/...ons/cyrus-sasl/cyrus-sasl/0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch
diff --git a/...ing/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch b/...ing/recipes-daemons/cyrus-sasl/cyrus-sasl/0001-makeinit.sh-fix-parallel-build-issue.patch
diff --git a/...ons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch b/...ons/cyrus-sasl/cyrus-sasl/0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2019-19906.patch
@@ -18,7 +18,7 @@ Signed-off-by: Changqing Li <[email protected]>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/lib/common.c b/lib/common.c
-index 305311d..445c5d5 100644
+index d9104c8..fef82db 100644
 --- a/lib/common.c
 +++ b/lib/common.c
 @@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
@@ -27,9 +27,9 @@ index 305311d..445c5d5 100644
 
 -  addlen=strlen(add); /* only compute once */
 +  addlen=strlen(add)+1; /* only compute once */
-   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen+1)!=SASL_OK)
      return SASL_NOMEM;
 
 -- 
-2.7.4
+2.25.1
 
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/avoid-to-call-AC_TRY_RUN.patch
@@ -9,41 +9,42 @@ Avoid to call AC_TRY_RUN to check if GSSAPI libraries support SPNEGO
 on cross-compile environment by definition AC_ARG_ENABLE enable-spnego
 
 Signed-off-by: Roy.Li <[email protected]>
-
 ---
- m4/sasl2.m4 | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
+ m4/sasl2.m4 | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
 
 diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
-index 56e0504..cf62607 100644
+index 80371ef..ff70083 100644
 --- a/m4/sasl2.m4
 +++ b/m4/sasl2.m4
-@@ -314,7 +314,18 @@ if test "$gssapi" != no; then
-   cmu_save_LIBS="$LIBS"
-   LIBS="$LIBS $GSSAPIBASE_LIBS"
-
--  AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
-+  AC_ARG_ENABLE([spnego],
-+              [AC_HELP_STRING([--enable-spnego=<DIR>],
-+                              [enable SPNEGO support in GSSAPI libraries [no]])],
-+              [spnego=$enableval],
-+              [spnego=no])
-+
-+  if test "$spnego" = no; then
-+       echo "no"
-+  elif test "$spnego" = yes; then
-+       AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
-+  else
-+       AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
-   AC_TRY_RUN([
+@@ -316,6 +316,18 @@ if test "$gssapi" != no; then
+   AC_CACHE_CHECK([for SPNEGO support in GSSAPI libraries],[ac_cv_gssapi_supports_spnego],[
+     cmu_save_LIBS="$LIBS"
+     LIBS="$LIBS $GSSAPIBASE_LIBS"
++    AC_ARG_ENABLE([spnego],
++                [AC_HELP_STRING([--enable-spnego=<DIR>],
++                                [enable SPNEGO support in GSSAPI libraries [no]])],
++                [spnego=$enableval],
++                [spnego=no])
++  
++    if test "$spnego" = no; then
++         echo "no"
++    elif test "$spnego" = yes; then
++         AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
++    else
++         AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
+     AC_TRY_RUN([
  #ifdef HAVE_GSSAPI_H
  #include <gssapi.h>
-@@ -341,7 +352,7 @@ int main(void)
- 	AC_MSG_RESULT(yes) ],
- 	AC_MSG_RESULT(no))
-   LIBS="$cmu_save_LIBS"
+@@ -343,7 +355,7 @@ int main(void)
+   AS_IF([test "$ac_cv_gssapi_supports_spnego" = yes],[
+     AC_DEFINE(HAVE_GSS_SPNEGO,,[Define if your GSSAPI implementation supports SPNEGO])
+   ])
 -
 +   fi
  else
    AC_MSG_RESULT([disabled])
  fi
+-- 
+2.25.1
+
diff --git a/...s-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb → ...s-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb b/...s-daemons/cyrus-sasl/cyrus-sasl_2.1.27.bb → ...s-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb
@@ -5,17 +5,13 @@ DEPENDS = "openssl db groff-native"
 LICENSE = "BSD-4-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396"
 
-SRCREV = "e41cfb986c1b1935770de554872247453fdbb079"
+SRCREV = "7a6b45b177070198fed0682bea5fa87c18abb084"
 
-SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=master \
+SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sasl-2.1 \
            file://avoid-to-call-AC_TRY_RUN.patch \
-           file://Fix-hardcoded-libdir.patch \
            file://debian_patches_0014_avoid_pic_overwrite.diff \
            file://saslauthd.service \
            file://saslauthd.conf \
-           file://0004-configure.ac-fix-condition-for-suppliment-snprintf-i.patch \
-           file://0001-Allow-saslauthd-to-be-built-outside-of-source-tree-w.patch \
-           file://0001-makeinit.sh-fix-parallel-build-issue.patch \
            file://CVE-2019-19906.patch \
            "