[cyrus-sasl] update to 2.1.26
plautrba
plautrba at fedoraproject.org
Thu Jan 31 10:21:33 UTC 2013
commit 5c0901a6f3b6eb116a5c983bd0a5075f298043c2
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Tue Jan 15 15:32:58 2013 +0100
update to 2.1.26
cyrus-sasl-2.1.23-null-crypt.patch | 86 --------------------
cyrus-sasl-2.1.25-release-server_creds.patch | 15 ----
cyrus-sasl-2.1.25-warnings.patch | 62 --------------
cyrus-sasl-2.1.26-null-crypt.patch | 86 ++++++++++++++++++++
cyrus-sasl-2.1.26-release-server_creds.patch | 16 ++++
...25-relro.patch => cyrus-sasl-2.1.26-relro.patch | 18 ++--
cyrus-sasl-2.1.26-warnings.patch | 62 ++++++++++++++
cyrus-sasl.spec | 24 +++---
sasl-mechlist.c | 3 +-
9 files changed, 187 insertions(+), 185 deletions(-)
---
diff --git a/cyrus-sasl-2.1.26-null-crypt.patch b/cyrus-sasl-2.1.26-null-crypt.patch
new file mode 100644
index 0000000..ce9b5e2
--- /dev/null
+++ b/cyrus-sasl-2.1.26-null-crypt.patch
@@ -0,0 +1,86 @@
+diff -up cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c
+--- cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt 2012-01-28 00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c 2012-12-20 17:00:14.614580310 +0100
+@@ -31,7 +31,7 @@ char *pwcheck(userid, password)
+ char *userid;
+ char *password;
+ {
+- char* r;
++ char* r, *cryptbuf;
+ struct passwd *pwd;
+
+ pwd = getpwnam(userid);
+@@ -41,11 +41,13 @@ char *password;
+ else if (pwd->pw_passwd[0] == '*') {
+ r = "Account disabled";
+ }
+- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
+- r = "Incorrect password";
+- }
+ else {
+- r = "OK";
++ cryptbuf = crypt(password, pwd->pw_passwd);
++ if((cryptbuf == NULL) || (strcmp(pwd->pw_passwd, cryptbuf) != 0)) {
++ r = "Incorrect password";
++ } else {
++ r = "OK";
++ }
+ }
+
+ endpwent();
+diff -up cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c
+--- cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c 2012-12-20 17:03:17.940793653 +0100
+@@ -78,6 +78,7 @@ auth_getpwent (
+ /* VARIABLES */
+ struct passwd *pw; /* pointer to passwd file entry */
+ int errnum;
++ char *cryptbuf;
+ /* END VARIABLES */
+
+ errno = 0;
+@@ -105,7 +106,8 @@ auth_getpwent (
+ }
+ }
+
+- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++ cryptbuf = crypt(password, pw->pw_passwd);
++ if ((cryptbuf == NULL) || strcmp(pw->pw_passwd, cryptbuf)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
+ }
+diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
+--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt 2012-12-20 17:00:14.000000000 +0100
++++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c 2012-12-20 17:16:44.190360006 +0100
+@@ -214,8 +214,8 @@ auth_shadow (
+ RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
+ }
+
+- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+- if (strcmp(sp->sp_pwdp, cpw)) {
++ cpw = crypt(password, sp->sp_pwdp);
++ if ((cpw == NULL) || strcmp(sp->sp_pwdp, cpw)) {
+ if (flags & VERBOSE) {
+ /*
+ * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
+@@ -225,10 +225,8 @@ auth_shadow (
+ syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ sp->sp_pwdp, cpw);
+ }
+- free(cpw);
+ RETURN("NO Incorrect password");
+ }
+- free(cpw);
+
+ /*
+ * The following fields will be set to -1 if:
+@@ -290,7 +288,8 @@ auth_shadow (
+ RETURN("NO Invalid username");
+ }
+
+- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++ cpw = crypt(password, upw->upw_passwd);
++ if ((cpw == NULL) || strcmp(upw->upw_passwd, cpw) != 0) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ password, upw->upw_passwd);
diff --git a/cyrus-sasl-2.1.26-release-server_creds.patch b/cyrus-sasl-2.1.26-release-server_creds.patch
new file mode 100644
index 0000000..a84bf9f
--- /dev/null
+++ b/cyrus-sasl-2.1.26-release-server_creds.patch
@@ -0,0 +1,16 @@
+diff -up cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds 2012-12-20 17:17:37.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-12-20 17:42:11.498138999 +0100
+@@ -945,6 +945,12 @@ gssapi_server_mech_authneg(context_t *te
+ ret = SASL_CONTINUE;
+ }
+
++ /* Release server creds which are no longer needed */
++ if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
++ maj_stat = gss_release_cred(&min_stat, &text->server_creds);
++ text->server_creds = GSS_C_NO_CREDENTIAL;
++ }
++
+ cleanup:
+ if (client_name_MN) {
+ GSS_LOCK_MUTEX(params->utils);
diff --git a/cyrus-sasl-2.1.25-relro.patch b/cyrus-sasl-2.1.26-relro.patch
similarity index 56%
rename from cyrus-sasl-2.1.25-relro.patch
rename to cyrus-sasl-2.1.26-relro.patch
index 0a305f1..1e955b5 100644
--- a/cyrus-sasl-2.1.25-relro.patch
+++ b/cyrus-sasl-2.1.26-relro.patch
@@ -1,7 +1,7 @@
-diff -up cyrus-sasl-2.1.25/lib/Makefile.am.relro cyrus-sasl-2.1.25/lib/Makefile.am
---- cyrus-sasl-2.1.25/lib/Makefile.am.relro 2011-09-05 16:18:10.000000000 +0200
-+++ cyrus-sasl-2.1.25/lib/Makefile.am 2012-12-07 12:49:13.693026807 +0100
-@@ -62,7 +62,7 @@ LIB_DOOR= @LIB_DOOR@
+diff -up cyrus-sasl-2.1.26/lib/Makefile.am.relro cyrus-sasl-2.1.26/lib/Makefile.am
+--- cyrus-sasl-2.1.26/lib/Makefile.am.relro 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/lib/Makefile.am 2012-12-20 16:57:51.245192138 +0100
+@@ -64,7 +64,7 @@ LIB_DOOR= @LIB_DOOR@
lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
@@ -10,11 +10,11 @@ diff -up cyrus-sasl-2.1.25/lib/Makefile.am.relro cyrus-sasl-2.1.25/lib/Makefile.
libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
-diff -up cyrus-sasl-2.1.25/plugins/Makefile.am.relro cyrus-sasl-2.1.25/plugins/Makefile.am
---- cyrus-sasl-2.1.25/plugins/Makefile.am.relro 2011-09-05 16:18:10.000000000 +0200
-+++ cyrus-sasl-2.1.25/plugins/Makefile.am 2012-12-07 12:56:16.916231903 +0100
-@@ -49,7 +49,7 @@
- plugin_version = 2:25:0
+diff -up cyrus-sasl-2.1.26/plugins/Makefile.am.relro cyrus-sasl-2.1.26/plugins/Makefile.am
+--- cyrus-sasl-2.1.26/plugins/Makefile.am.relro 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/plugins/Makefile.am 2012-12-20 16:59:01.932901285 +0100
+@@ -50,7 +50,7 @@
+ plugin_version = 3:0:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
-AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
diff --git a/cyrus-sasl-2.1.26-warnings.patch b/cyrus-sasl-2.1.26-warnings.patch
new file mode 100644
index 0000000..69d8f01
--- /dev/null
+++ b/cyrus-sasl-2.1.26-warnings.patch
@@ -0,0 +1,62 @@
+diff -up cyrus-sasl-2.1.26/lib/server.c.warnings cyrus-sasl-2.1.26/lib/server.c
+--- cyrus-sasl-2.1.26/lib/server.c.warnings 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/lib/server.c 2012-12-20 17:49:39.620254792 +0100
+@@ -650,7 +650,7 @@ static int load_config(const sasl_callba
+ goto done;
+ }
+
+- snprintf(config_filename, len, "%.*s%c%s.conf", path_len, path_to_config,
++ snprintf(config_filename, len, "%.*s%c%s.conf", (int)path_len, path_to_config,
+ HIER_DELIMITER, global_callbacks.appname);
+
+ /* Ask the application if it's safe to use this file */
+diff -up cyrus-sasl-2.1.26/plugins/gssapi.c.warnings cyrus-sasl-2.1.26/plugins/gssapi.c
+--- cyrus-sasl-2.1.26/plugins/gssapi.c.warnings 2012-01-28 00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-12-20 17:49:39.620254792 +0100
+@@ -202,7 +202,8 @@ sasl_gss_seterror_(const sasl_utils_t *u
+ OM_uint32 msg_ctx;
+ int ret;
+ char *out = NULL;
+- size_t len, curlen = 0;
++ size_t len;
++ unsigned curlen = 0;
+ const char prefix[] = "GSSAPI Error: ";
+
+ if (!utils) return SASL_OK;
+diff -up cyrus-sasl-2.1.26/plugins/ldapdb.c.warnings cyrus-sasl-2.1.26/plugins/ldapdb.c
+--- cyrus-sasl-2.1.26/plugins/ldapdb.c.warnings 2012-01-28 00:31:36.000000000 +0100
++++ cyrus-sasl-2.1.26/plugins/ldapdb.c 2012-12-20 17:49:39.621254788 +0100
+@@ -22,6 +22,7 @@
+
+ #include "plugin_common.h"
+
++#define LDAP_DEPRECATED 1
+ #include <ldap.h>
+
+ static char ldapdb[] = "ldapdb";
+diff -up cyrus-sasl-2.1.26/saslauthd/auth_httpform.c.warnings cyrus-sasl-2.1.26/saslauthd/auth_httpform.c
+--- cyrus-sasl-2.1.26/saslauthd/auth_httpform.c.warnings 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/saslauthd/auth_httpform.c 2012-12-20 17:50:13.247110021 +0100
+@@ -574,7 +574,7 @@ auth_httpform (
+ "Content-Type: application/x-www-form-urlencoded" CRLF
+ "Content-Length: %d" TWO_CRLF
+ "%s",
+- r_uri, r_host, r_port, strlen(req), req);
++ r_uri, r_host, r_port, (int)strlen(req), req);
+
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_httpform: sending %s %s %s",
+diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.warnings cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
+--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.warnings 2012-10-12 16:05:48.000000000 +0200
++++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c 2012-12-20 17:49:39.621254788 +0100
+@@ -70,6 +70,10 @@
+ # include <shadow.h>
+ # endif /* ! HAVE_GETUSERPW */
+
++# ifdef HAVE_CRYPT_H
++# include <crypt.h>
++# endif
++
+ # include "auth_shadow.h"
+ # include "globals.h"
+ /* END PUBLIC DEPENDENCIES */
diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 4540251..0c6a40c 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -7,8 +7,8 @@
Summary: The Cyrus SASL library
Name: cyrus-sasl
-Version: 2.1.25
-Release: 2%{?dist}
+Version: 2.1.26
+Release: 1%{?dist}
License: BSD with advertising
Group: System Environment/Libraries
# Source0 originally comes from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/;
@@ -30,18 +30,15 @@ Patch24: cyrus-sasl-2.1.21-sizes.patch
Patch27: cyrus-sasl-2.1.22-automake-1.10.patch
Patch28: cyrus-sasl-2.1.21-keytab.patch
Patch31: cyrus-sasl-2.1.22-kerberos4.patch
-Patch32: cyrus-sasl-2.1.25-warnings.patch
+Patch32: cyrus-sasl-2.1.26-warnings.patch
Patch33: cyrus-sasl-2.1.25-current-db.patch
Patch34: cyrus-sasl-2.1.22-ldap-timeout.patch
-Patch37: cyrus-sasl-2.1.23-race.patch
# removed due to #759334
#Patch38: cyrus-sasl-2.1.23-pam_rhosts.patch
-Patch40: cyrus-sasl-2.1.23-rimap2.patch
-Patch41: cyrus-sasl-2.1.23-db5.patch
-Patch42: cyrus-sasl-2.1.25-relro.patch
+Patch42: cyrus-sasl-2.1.26-relro.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=816250
-Patch43: cyrus-sasl-2.1.23-null-crypt.patch
-Patch44: cyrus-sasl-2.1.25-release-server_creds.patch
+Patch43: cyrus-sasl-2.1.26-null-crypt.patch
+Patch44: cyrus-sasl-2.1.26-release-server_creds.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
@@ -75,6 +72,7 @@ applications which use the Cyrus SASL library.
%package devel
Requires: %{name}-lib = %{version}-%{release}
Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
Group: Development/Libraries
Summary: Files needed for developing applications with Cyrus SASL
@@ -174,9 +172,6 @@ chmod -x include/*.h
%patch32 -p1 -b .warnings
%patch33 -p1 -b .current-db
%patch34 -p1 -b .ldap-timeout
-%patch37 -p1 -b .race
-%patch40 -p1 -b .rimap2
-%patch41 -p1 -b .db5
%patch42 -p1 -b .relro
%patch43 -p1 -b .null-crypt
%patch44 -p1 -b .release-server_creds
@@ -424,10 +419,15 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
%{_bindir}/sasl2-sample-server
%{_includedir}/*
%{_libdir}/libsasl*.*so
+%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%{_sbindir}/sasl2-shared-mechlist
%changelog
+* Thu Dec 20 2012 Petr Lautrbach <plautrba at redhat.com> 2.1.26-1
+- update to 2.1.26
+- fix segfaults in sasl_gss_encode (#886140)
+
* Mon Dec 10 2012 Petr Lautrbach <plautrba at redhat.com> 2.1.25-2
- always use the current external Berkeley DB when linking
diff --git a/sasl-mechlist.c b/sasl-mechlist.c
index 43db3c9..680e983 100644
--- a/sasl-mechlist.c
+++ b/sasl-mechlist.c
@@ -1,9 +1,10 @@
-#include "sasl.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include "sasl.h"
+
static int
my_getopt(void *context, const char *plugin_name,
const char *option, const char **result, unsigned *len)
More information about the scm-commits
mailing list