X-Git-Url: http://gitweb.hugovil.com/?a=blobdiff_plain;f=stage3%2Fpatches%2Fcommon%2Fcyrus-sasl-2.1.25-fixes-1.patch;fp=stage3%2Fpatches%2Fcommon%2Fcyrus-sasl-2.1.25-fixes-1.patch;h=79d8b001369d22835f24c5b2dc197ffc894fb0a4;hb=f17ab848cb756cad27489bf0c2746e5ead466658;hp=0000000000000000000000000000000000000000;hpb=a1358efe562a4e73ef23f25c606a346f684e1c93;p=hvlinux.git diff --git a/stage3/patches/common/cyrus-sasl-2.1.25-fixes-1.patch b/stage3/patches/common/cyrus-sasl-2.1.25-fixes-1.patch new file mode 100644 index 0000000..79d8b00 --- /dev/null +++ b/stage3/patches/common/cyrus-sasl-2.1.25-fixes-1.patch @@ -0,0 +1,368 @@ +Submitted By: Armin K. +Date: 2012-04-01 +Initial Package Version: 2.1.25 +Upstream Status: Unknown +Origin: Debian +Description: Various package fixes, including BDB 5.x build fix, LDAPDB and GSSAPI build + fixes, plugin loading fixes, documentation typos, dovecot authentification fixes + and shadow authentification fix. + +--- cyrus-sasl.orig/lib/checkpw.c 2009-12-03 20:07:01.000000000 +0100 ++++ cyrus-sasl/lib/checkpw.c 2012-04-01 12:30:31.124336510 +0200 +@@ -587,16 +587,14 @@ + /* Timeout. */ + errno = ETIMEDOUT; + return -1; +- case +1: +- if (FD_ISSET(fd, &rfds)) { +- /* Success, file descriptor is readable. */ +- return 0; +- } +- return -1; + case -1: + if (errno == EINTR || errno == EAGAIN) + continue; + default: ++ if (FD_ISSET(fd, &rfds)) { ++ /* Success, file descriptor is readable. */ ++ return 0; ++ } + /* Error catch-all. */ + return -1; + } +--- cyrus-sasl.orig/lib/common.c 2011-09-02 14:58:01.000000000 +0200 ++++ cyrus-sasl/lib/common.c 2012-04-01 12:27:52.893087046 +0200 +@@ -818,7 +818,7 @@ + result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); + if(result != SASL_OK) return result; + +- if (!free_mutex) { ++ if (!free_mutex || free_mutex == 0x1) { + free_mutex = sasl_MUTEX_ALLOC(); + } + if (!free_mutex) return SASL_FAIL; +@@ -838,6 +838,11 @@ + + /* serialize disposes. this is necessary because we can't + dispose of conn->mutex if someone else is locked on it */ ++ ++ if (!free_mutex || free_mutex == 0x1) ++ free_mutex = sasl_MUTEX_ALLOC(); ++ if (!free_mutex) return SASL_FAIL; ++ + result = sasl_MUTEX_LOCK(free_mutex); + if (result!=SASL_OK) return; + +--- cyrus-sasl.orig/lib/dlopen.c 2009-12-03 20:07:01.000000000 +0100 ++++ cyrus-sasl/lib/dlopen.c 2012-04-01 12:29:44.564379243 +0200 +@@ -247,105 +247,6 @@ + return result; + } + +-/* this returns the file to actually open. +- * out should be a buffer of size PATH_MAX +- * and may be the same as in. */ +- +-/* We'll use a static buffer for speed unless someone complains */ +-#define MAX_LINE 2048 +- +-static int _parse_la(const char *prefix, const char *in, char *out) +-{ +- FILE *file; +- size_t length; +- char line[MAX_LINE]; +- char *ntmp = NULL; +- +- if(!in || !out || !prefix || out == in) return SASL_BADPARAM; +- +- /* Set this so we can detect failure */ +- *out = '\0'; +- +- length = strlen(in); +- +- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) { +- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) { +- /* check for a .la file */ +- strcpy(line, prefix); +- strcat(line, in); +- length = strlen(line); +- *(line + (length - strlen(SO_SUFFIX))) = '\0'; +- strcat(line, LA_SUFFIX); +- file = fopen(line, "r"); +- if(file) { +- /* We'll get it on the .la open */ +- fclose(file); +- return SASL_FAIL; +- } +- } +- strcpy(out, prefix); +- strcat(out, in); +- return SASL_OK; +- } +- +- strcpy(line, prefix); +- strcat(line, in); +- +- file = fopen(line, "r"); +- if(!file) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "unable to open LA file: %s", line); +- return SASL_FAIL; +- } +- +- while(!feof(file)) { +- if(!fgets(line, MAX_LINE, file)) break; +- if(line[strlen(line) - 1] != '\n') { +- _sasl_log(NULL, SASL_LOG_WARN, +- "LA file has too long of a line: %s", in); +- return SASL_BUFOVER; +- } +- if(line[0] == '\n' || line[0] == '#') continue; +- if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) { +- /* We found the line with the name in it */ +- char *end; +- char *start; +- size_t len; +- end = strrchr(line, '\''); +- if(!end) continue; +- start = &line[sizeof("dlname=")-1]; +- len = strlen(start); +- if(len > 3 && start[0] == '\'') { +- ntmp=&start[1]; +- *end='\0'; +- /* Do we have dlname="" ? */ +- if(ntmp == end) { +- _sasl_log(NULL, SASL_LOG_DEBUG, +- "dlname is empty in .la file: %s", in); +- return SASL_FAIL; +- } +- strcpy(out, prefix); +- strcat(out, ntmp); +- } +- break; +- } +- } +- if(ferror(file) || feof(file)) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "Error reading .la: %s\n", in); +- fclose(file); +- return SASL_FAIL; +- } +- fclose(file); +- +- if(!(*out)) { +- _sasl_log(NULL, SASL_LOG_WARN, +- "Could not find a dlname line in .la file: %s", in); +- return SASL_FAIL; +- } +- +- return SASL_OK; +-} + #endif /* DO_DLOPEN */ + + /* loads a plugin library */ +@@ -499,18 +400,18 @@ + if (length + pos>=PATH_MAX) continue; /* too big */ + + if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)), +- SO_SUFFIX) +- && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)), +- LA_SUFFIX)) ++ SO_SUFFIX)) + continue; + ++ /* We only use .so files for loading plugins */ ++ + memcpy(name,dir->d_name,length); + name[length]='\0'; + +- result = _parse_la(prefix, name, tmp); +- if(result != SASL_OK) +- continue; +- ++ /* Create full name with path */ ++ strncpy(tmp, prefix, PATH_MAX); ++ strncat(tmp, name, PATH_MAX); ++ + /* skip "lib" and cut off suffix -- + this only need be approximate */ + strcpy(plugname, name + 3); +--- cyrus-sasl.orig/plugins/gssapi.c 2011-05-11 21:25:55.000000000 +0200 ++++ cyrus-sasl/plugins/gssapi.c 2012-04-01 12:30:17.442055118 +0200 +@@ -370,7 +370,7 @@ + } + + if (output_token->value && output) { +- unsigned char * p = (unsigned char *) text->encode_buf; ++ int len; + + ret = _plug_buf_alloc(text->utils, + &(text->encode_buf), +@@ -384,11 +384,8 @@ + return ret; + } + +- p[0] = (output_token->length>>24) & 0xFF; +- p[1] = (output_token->length>>16) & 0xFF; +- p[2] = (output_token->length>>8) & 0xFF; +- p[3] = output_token->length & 0xFF; +- ++ len = htonl(output_token->length); ++ memcpy(text->encode_buf, &len, 4); + memcpy(text->encode_buf + 4, output_token->value, output_token->length); + } + +@@ -1480,10 +1477,10 @@ + } + + /* Setup req_flags properly */ +- req_flags = GSS_C_INTEG_FLAG; ++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; + if (params->props.max_ssf > params->external_ssf) { + /* We are requesting a security layer */ +- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; ++ req_flags |= GSS_C_INTEG_FLAG; + /* Any SSF bigger than 1 is confidentiality. */ + /* Let's check if the client of the API requires confidentiality, + and it wasn't already provided by an external layer */ +--- cyrus-sasl.orig/plugins/ldapdb.c 2011-05-11 21:25:55.000000000 +0200 ++++ cyrus-sasl/plugins/ldapdb.c 2012-04-01 12:29:19.622866806 +0200 +@@ -251,6 +251,8 @@ + + #if defined(LDAP_PROXY_AUTHZ_FAILURE) + case LDAP_PROXY_AUTHZ_FAILURE: ++#elif defined(LDAP_X_PROXY_AUTHZ_FAILURE) ++ case LDAP_X_PROXY_AUTHZ_FAILURE: + #endif + case LDAP_INAPPROPRIATE_AUTH: + case LDAP_INVALID_CREDENTIALS: +--- cyrus-sasl.orig/saslauthd/auth_rimap.c 2009-12-03 20:07:03.000000000 +0100 ++++ cyrus-sasl/saslauthd/auth_rimap.c 2012-04-01 12:30:31.123336490 +0200 +@@ -1,3 +1,4 @@ ++ + /* MODULE: auth_rimap */ + + /* COPYRIGHT +@@ -367,6 +368,30 @@ + alarm(NETWORK_IO_TIMEOUT); + rc = read(s, rbuf, sizeof(rbuf)); + alarm(0); ++ if ( rc>0 ) { ++ /* check if there is more to read */ ++ fd_set perm; ++ int fds, ret; ++ struct timeval timeout; ++ ++ FD_ZERO(&perm); ++ FD_SET(s, &perm); ++ fds = s +1; ++ ++ timeout.tv_sec = 1; ++ timeout.tv_usec = 0; ++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { ++ if ( FD_ISSET(s, &perm) ) { ++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc); ++ if ( ret<0 ) { ++ rc = ret; ++ break; ++ } else { ++ rc += ret; ++ } ++ } ++ } ++ } + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (banner): %m"); + (void) close(s); +@@ -456,6 +481,30 @@ + alarm(NETWORK_IO_TIMEOUT); + rc = read(s, rbuf, sizeof(rbuf)); + alarm(0); ++ if ( rc>0 ) { ++ /* check if there is more to read */ ++ fd_set perm; ++ int fds, ret; ++ struct timeval timeout; ++ ++ FD_ZERO(&perm); ++ FD_SET(s, &perm); ++ fds = s +1; ++ ++ timeout.tv_sec = 1; ++ timeout.tv_usec = 0; ++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { ++ if ( FD_ISSET(s, &perm) ) { ++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc); ++ if ( ret<0 ) { ++ rc = ret; ++ break; ++ } else { ++ rc += ret; ++ } ++ } ++ } ++ } + (void) close(s); /* we're done with the remote */ + if (rc == -1) { + syslog(LOG_WARNING, "auth_rimap: read (response): %m"); +--- cyrus-sasl.orig/saslauthd/auth_shadow.c 2009-12-03 20:07:03.000000000 +0100 ++++ cyrus-sasl/saslauthd/auth_shadow.c 2012-04-01 12:28:24.619737694 +0200 +@@ -36,6 +36,7 @@ + + #ifdef AUTH_SHADOW + ++#define _XOPEN_SOURCE + #define PWBUFSZ 256 /***SWB***/ + + # include +--- cyrus-sasl.orig/saslauthd/saslauthd.mdoc 2009-12-03 20:07:03.000000000 +0100 ++++ cyrus-sasl/saslauthd/saslauthd.mdoc 2012-04-01 12:26:58.090964382 +0200 +@@ -10,7 +10,7 @@ + .\" manpage in saslauthd.8 whenever you change this source + .\" version. Only the pre-formatted manpage is installed. + .\" +-.Dd 10 24 2002 ++.Dd October 24 2002 + .Dt SASLAUTHD 8 + .Os "CMU-SASL" + .Sh NAME +@@ -216,7 +216,7 @@ + .Em (All platforms that support OpenLDAP 2.0 or higher) + .Pp + Authenticate against an ldap server. The ldap configuration parameters are +-read from /usr/local/etc/saslauthd.conf. The location of this file can be ++read from /etc/saslauthd.conf. The location of this file can be + changed with the -O parameter. See the LDAP_SASLAUTHD file included with the + distribution for the list of available parameters. + .It Li sia +@@ -249,7 +249,7 @@ + .Bl -tag -width "/var/run/saslauthd/mux" + .It Pa /var/run/saslauthd/mux + The default communications socket. +-.It Pa /usr/local/etc/saslauthd.conf ++.It Pa /etc/saslauthd.conf + The default configuration file for ldap support. + .El + .Sh SEE ALSO +--- cyrus-sasl.orig/sasldb/db_berkeley.c 2011-09-02 14:58:02.000000000 +0200 ++++ cyrus-sasl/sasldb/db_berkeley.c 2012-04-01 12:29:02.720519690 +0200 +@@ -101,7 +101,7 @@ + ret = db_create(mbdb, NULL, 0); + if (ret == 0 && *mbdb != NULL) + { +-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ++#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1)) + ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); + #else + ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); +--- cyrus-sasl.orig/utils/dbconverter-2.c 2003-02-13 20:56:17.000000000 +0100 ++++ cyrus-sasl/utils/dbconverter-2.c 2012-04-01 12:29:02.722519730 +0200 +@@ -214,7 +214,7 @@ + ret = db_create(mbdb, NULL, 0); + if (ret == 0 && *mbdb != NULL) + { +-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ++#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1)) + ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); + #else + ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);