diff options
Diffstat (limited to 'source/n/cyrus-sasl')
-rw-r--r-- | source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff | 105 | ||||
-rw-r--r-- | source/n/cyrus-sasl/cyrus-sasl-2.1.26-null-crypt.patch | 86 | ||||
-rw-r--r-- | source/n/cyrus-sasl/cyrus-sasl-2.1.26-size_t.patch | 12 | ||||
-rwxr-xr-x | source/n/cyrus-sasl/cyrus-sasl.SlackBuild | 16 | ||||
-rw-r--r-- | source/n/cyrus-sasl/cyrus-sasl.bad_elif.diff | 22 |
5 files changed, 105 insertions, 136 deletions
diff --git a/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff deleted file mode 100644 index 2cbb4860..00000000 --- a/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff +++ /dev/null @@ -1,105 +0,0 @@ -From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1@hush.com> -Date: Tue, 9 Jul 2013 -Subject: Handle NULL returns from glibc 2.17+ crypt(). - -Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL -(w/ NULL return) if the salt violates specifications. Additionally, -on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords -passed to crypt() fail with EPERM (w/ NULL return). - -When using glibc's crypt(), check return value to avoid a possible -NULL pointer dereference. ---- - pwcheck/pwcheck_getpwnam.c | 3 ++- - pwcheck/pwcheck_getspnam.c | 3 ++- - saslauthd/auth_getpwent.c | 3 ++- - saslauthd/auth_shadow.c | 7 ++----- - 4 files changed, 8 insertions(+), 8 deletions(-) - ---- a/pwcheck/pwcheck_getpwnam.c -+++ b/pwcheck/pwcheck_getpwnam.c -@@ -32,6 +32,7 @@ extern char *crypt(); - char *password; - { - char* r; -+ char* crpt_passwd; - struct passwd *pwd; - - pwd = getpwnam(userid); -@@ -41,7 +42,7 @@ char *password; - else if (pwd->pw_passwd[0] == '*') { - r = "Account disabled"; - } -- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { -+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) { - r = "Incorrect password"; - } - else { ---- a/pwcheck/pwcheck_getspnam.c -+++ b/pwcheck/pwcheck_getspnam.c -@@ -30,6 +30,7 @@ extern char *crypt(); - char *pwcheck(userid, password) - char *userid; - char *password; -+char *crpt_passwd; - { - struct spwd *pwd; - -@@ -38,7 +39,7 @@ char *password; - return "Userid not found"; - } - -- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { -+ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) { - return "Incorrect password"; - } - else { ---- a/saslauthd/auth_getpwent.c -+++ b/saslauthd/auth_getpwent.c -@@ -70,6 +70,7 @@ auth_getpwent ( - { - /* VARIABLES */ - struct passwd *pw; /* pointer to passwd file entry */ -+ char *crpt_passwd; /* encrypted password */ - /* END VARIABLES */ - - pw = getpwnam(login); -@@ -79,7 +80,7 @@ auth_getpwent ( - RETURN("NO"); - } - -- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { -+ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) { - RETURN("NO"); - } - ---- a/saslauthd/auth_shadow.c -+++ b/saslauthd/auth_shadow.c -@@ -180,16 +180,13 @@ auth_shadow ( - * not returning any information about a login until we have validated - * the password. - */ -- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); -- if (strcmp(sp->sp_pwdp, cpw)) { -+ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", - sp->sp_pwdp, cpw); - } -- free(cpw); - RETURN("NO"); - } -- free(cpw); - - /* - * The following fields will be set to -1 if: -@@ -251,7 +250,7 @@ auth_shadow ( - RETURN("NO"); - } - -- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { -+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) { - if (flags & VERBOSE) { - syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", - password, upw->upw_passwd); diff --git a/source/n/cyrus-sasl/cyrus-sasl-2.1.26-null-crypt.patch b/source/n/cyrus-sasl/cyrus-sasl-2.1.26-null-crypt.patch new file mode 100644 index 00000000..ce9b5e25 --- /dev/null +++ b/source/n/cyrus-sasl/cyrus-sasl-2.1.26-null-crypt.patch @@ -0,0 +1,86 @@ +diff -up cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c +--- cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt 2012-01-28 00:31:36.000000000 +0100 ++++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c 2012-12-20 17:00:14.614580310 +0100 +@@ -31,7 +31,7 @@ char *pwcheck(userid, password) + char *userid; + char *password; + { +- char* r; ++ char* r, *cryptbuf; + struct passwd *pwd; + + pwd = getpwnam(userid); +@@ -41,11 +41,13 @@ char *password; + else if (pwd->pw_passwd[0] == '*') { + r = "Account disabled"; + } +- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { +- r = "Incorrect password"; +- } + else { +- r = "OK"; ++ cryptbuf = crypt(password, pwd->pw_passwd); ++ if((cryptbuf == NULL) || (strcmp(pwd->pw_passwd, cryptbuf) != 0)) { ++ r = "Incorrect password"; ++ } else { ++ r = "OK"; ++ } + } + + endpwent(); +diff -up cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c +--- cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt 2012-10-12 16:05:48.000000000 +0200 ++++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c 2012-12-20 17:03:17.940793653 +0100 +@@ -78,6 +78,7 @@ auth_getpwent ( + /* VARIABLES */ + struct passwd *pw; /* pointer to passwd file entry */ + int errnum; ++ char *cryptbuf; + /* END VARIABLES */ + + errno = 0; +@@ -105,7 +106,8 @@ auth_getpwent ( + } + } + +- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) { ++ cryptbuf = crypt(password, pw->pw_passwd); ++ if ((cryptbuf == NULL) || strcmp(pw->pw_passwd, cryptbuf)) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login); + } +diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_shadow.c +--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt 2012-12-20 17:00:14.000000000 +0100 ++++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c 2012-12-20 17:16:44.190360006 +0100 +@@ -214,8 +214,8 @@ auth_shadow ( + RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); + } + +- cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); +- if (strcmp(sp->sp_pwdp, cpw)) { ++ cpw = crypt(password, sp->sp_pwdp); ++ if ((cpw == NULL) || strcmp(sp->sp_pwdp, cpw)) { + if (flags & VERBOSE) { + /* + * This _should_ reveal the SHADOW_PW_LOCKED prefix to an +@@ -225,10 +225,8 @@ auth_shadow ( + syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", + sp->sp_pwdp, cpw); + } +- free(cpw); + RETURN("NO Incorrect password"); + } +- free(cpw); + + /* + * The following fields will be set to -1 if: +@@ -290,7 +288,8 @@ auth_shadow ( + RETURN("NO Invalid username"); + } + +- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { ++ cpw = crypt(password, upw->upw_passwd); ++ if ((cpw == NULL) || strcmp(upw->upw_passwd, cpw) != 0) { + if (flags & VERBOSE) { + syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", + password, upw->upw_passwd); diff --git a/source/n/cyrus-sasl/cyrus-sasl-2.1.26-size_t.patch b/source/n/cyrus-sasl/cyrus-sasl-2.1.26-size_t.patch new file mode 100644 index 00000000..cde82383 --- /dev/null +++ b/source/n/cyrus-sasl/cyrus-sasl-2.1.26-size_t.patch @@ -0,0 +1,12 @@ +diff -up cyrus-sasl-2.1.26/include/sasl.h.size_t cyrus-sasl-2.1.26/include/sasl.h +--- cyrus-sasl-2.1.26/include/sasl.h.size_t 2012-10-12 09:05:48.000000000 -0500 ++++ cyrus-sasl-2.1.26/include/sasl.h 2013-01-31 13:21:04.007739327 -0600 +@@ -223,6 +223,8 @@ extern "C" { + * they must be called before all other SASL functions: + */ + ++#include <sys/types.h> ++ + /* memory allocation functions which may optionally be replaced: + */ + typedef void *sasl_malloc_t(size_t); diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild index c47821d5..0cbad20a 100755 --- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild +++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2008, 2009, 2010, 2013 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2013, 2015 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -22,12 +22,12 @@ PKGNAM=cyrus-sasl VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i486 ;; + i?86) export ARCH=i586 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -38,8 +38,8 @@ CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/package-cyrus-sasl -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" @@ -59,11 +59,9 @@ rm -rf cyrus-sasl-$VERSION tar xvf $CWD/cyrus-sasl-$VERSION.tar.?z* || exit 1 cd cyrus-sasl-$VERSION || exit 1 -# Fix compiling: -zcat $CWD/cyrus-sasl.bad_elif.diff.gz | patch -p1 --verbose || exit 1 - # Fix for glibc-2.17 crypt() NULL return: -zcat $CWD/cyrus-sasl-2.1.23-glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/cyrus-sasl-2.1.26-null-crypt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/cyrus-sasl-2.1.26-size_t.patch.gz | patch -p1 --verbose || exit 1 chown -R root:root . find . -perm 777 -exec chmod 755 {} \; diff --git a/source/n/cyrus-sasl/cyrus-sasl.bad_elif.diff b/source/n/cyrus-sasl/cyrus-sasl.bad_elif.diff deleted file mode 100644 index a7196b3b..00000000 --- a/source/n/cyrus-sasl/cyrus-sasl.bad_elif.diff +++ /dev/null @@ -1,22 +0,0 @@ -Index: cyrus-sasl-2.1.23/plugins/digestmd5.c -=================================================================== ---- cyrus-sasl-2.1.23.orig/plugins/digestmd5.c -+++ cyrus-sasl-2.1.23/plugins/digestmd5.c -@@ -2715,7 +2715,7 @@ static sasl_server_plug_t digestmd5_serv - "DIGEST-MD5", /* mech_name */ - #ifdef WITH_RC4 - 128, /* max_ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, -@@ -4034,7 +4034,7 @@ static sasl_client_plug_t digestmd5_clie - "DIGEST-MD5", - #ifdef WITH_RC4 /* mech_name */ - 128, /* max ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, |