import cyrus-sasl-2.1.27-0.3rc7.el8

.cyrus-sasl.metadata

@@ -0,0 +1 @@
+98988c2d3b8f055f6346d8d55ca806a8dbd2dc59 SOURCES/cyrus-sasl-2.1.27-rc7-nodlcompatorsrp.tar.gz

.gitignore

@@ -0,0 +1 @@
+SOURCES/cyrus-sasl-2.1.27-rc7-nodlcompatorsrp.tar.gz

SOURCES/autogen.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+# Run this to generate all the initial makefiles, etc.
+test -n "$srcdir" || srcdir=`dirname "$0"`
+test -n "$srcdir" || srcdir=.
+
+olddir=`pwd`
+
+cd $srcdir
+
+(test -f configure.ac) || {
+	echo "*** ERROR: Directory "\`$srcdir\'" does not look like the top-level project directory ***"
+	exit 1
+}
+
+PKG_NAME=`autoconf --trace 'AC_INIT:$1' configure.ac`
+
+if [ "$#" = 0 -a "x$NOCONFIGURE" = "x" ]; then
+	echo "*** WARNING: I am going to run \`configure' with no arguments." >&2
+	echo "*** If you wish to pass any to it, please specify them on the" >&2
+	echo "*** \`$0\' command line." >&2
+	echo "" >&2
+fi
+
+aclocal --install || exit 1
+autoreconf --verbose --force --install -Wno-portability || exit 1
+
+cd $olddir
+if [ "$NOCONFIGURE" = "" ]; then
+	$srcdir/configure "$@" || exit 1
+
+	if [ "$1" = "--help" ]; then exit 0 else
+		echo "Now type \`make\' to compile $PKG_NAME" || exit 1
+	fi
+else
+	echo "Skipping configure process."
+fi
+

SOURCES/cyrus-sasl-2.1.20-saslauthd.conf-path.patch

@@ -0,0 +1,26 @@
+diff -up cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc.path cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc
+--- cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc.path	2015-10-15 15:44:43.000000000 +0200
++++ cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc	2015-11-20 15:05:30.421377527 +0100
+@@ -221,7 +221,7 @@ instead.
+ .Em (All platforms that support OpenLDAP 2.0 or higher)
+ .Pp
+ Authenticate against an ldap server.  The ldap configuration parameters are
+-read from /usr/local/etc/saslauthd.conf.  The location of this file can be
++read from /etc/saslauthd.conf.  The location of this file can be
+ changed with the -O parameter. See the LDAP_SASLAUTHD file included with the
+ distribution for the list of available parameters.
+ .It Li sia
+@@ -251,10 +251,10 @@ these ticket files can cause serious per
+ servers. (Kerberos
+ was never intended to be used in this manner, anyway.)
+ .Sh FILES
+-.Bl -tag -width "/var/run/saslauthd/mux"
+-.It Pa /var/run/saslauthd/mux
++.Bl -tag -width "/run/saslauthd/mux"
++.It Pa /run/saslauthd/mux
+ The default communications socket.
+-.It Pa /usr/local/etc/saslauthd.conf
++.It Pa /etc/saslauthd.conf
+ The default configuration file for ldap support.
+ .El
+ .Sh SEE ALSO

SOURCES/cyrus-sasl-2.1.21-sizes.patch

@@ -0,0 +1,119 @@
+diff -up cyrus-sasl-2.1.27/configure.ac.sizes cyrus-sasl-2.1.27/configure.ac
+--- cyrus-sasl-2.1.27/configure.ac.sizes	2015-11-18 09:46:24.000000000 +0100
++++ cyrus-sasl-2.1.27/configure.ac	2015-11-20 15:11:20.474588247 +0100
+@@ -1312,6 +1312,10 @@ AC_HEADER_STDC
+ AC_HEADER_DIRENT
+ AC_HEADER_SYS_WAIT
+ AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
++AC_CHECK_TYPES([long long, int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t, uint64_t],,,[
++#ifdef HAVE_INTTYPES_H
++#include <inttypes.h>
++#endif])
+ 
+ IPv6_CHECK_SS_FAMILY()
+ IPv6_CHECK_SA_LEN()
+diff -up cyrus-sasl-2.1.27/include/makemd5.c.sizes cyrus-sasl-2.1.27/include/makemd5.c
+--- cyrus-sasl-2.1.27/include/makemd5.c.sizes	2015-10-15 15:44:43.000000000 +0200
++++ cyrus-sasl-2.1.27/include/makemd5.c	2015-11-20 15:11:20.477588240 +0100
+@@ -82,12 +82,19 @@
+  */
+ 
+ 
++#ifdef HAVE_CONFIG_H
++#include "../config.h"
++#endif
+ 
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
+ #include <ctype.h>
+ 
++#ifdef HAVE_INTTYPES_H
++#include <inttypes.h>
++#endif
++
+ 
+ static void
+ my_strupr(char *s)
+@@ -122,6 +129,18 @@ my_strupr(char *s)
+ static void
+ try_signed(FILE *f, int len)
+ {
++#ifdef HAVE_INT8_T
++    BITSIZE(int8_t);
++#endif
++#ifdef HAVE_INT16_T
++    BITSIZE(int16_t);
++#endif
++#ifdef HAVE_INT32_T
++    BITSIZE(int32_t);
++#endif
++#ifdef HAVE_INT64_T
++    BITSIZE(int64_t);
++#endif
+     BITSIZE(signed char);
+     BITSIZE(short);
+     BITSIZE(int);
+@@ -135,6 +154,18 @@ try_signed(FILE *f, int len)
+ static void
+ try_unsigned(FILE *f, int len)
+ {
++#ifdef HAVE_UINT8_T
++    BITSIZE(uint8_t);
++#endif
++#ifdef HAVE_UINT16_T
++    BITSIZE(uint16_t);
++#endif
++#ifdef HAVE_UINT32_T
++    BITSIZE(uint32_t);
++#endif
++#ifdef HAVE_UINT64_T
++    BITSIZE(uint64_t);
++#endif
+     BITSIZE(unsigned char);
+     BITSIZE(unsigned short);
+     BITSIZE(unsigned int);
+@@ -165,6 +196,11 @@ static int print_pre(FILE *f)
+ 	  "/* POINTER defines a generic pointer type */\n"
+ 	  "typedef unsigned char *POINTER;\n"
+ 	  "\n"
++#ifdef HAVE_INTTYPES_H
++	  "/* We try to define integer types for our use */\n"
++	  "#include <inttypes.h>\n"
++	  "\n"
++#endif
+ 	  );
+   return 1;
+ }
+@@ -212,31 +248,15 @@ int main(int argc, char **argv)
+ 
+   print_pre(f);
+ 
+-#ifndef HAVE_INT8_T
+     try_signed (f, 8);
+-#endif /* HAVE_INT8_T */
+-#ifndef HAVE_INT16_T
+     try_signed (f, 16);
+-#endif /* HAVE_INT16_T */
+-#ifndef HAVE_INT32_T
+     try_signed (f, 32);
+-#endif /* HAVE_INT32_T */
+-#ifndef HAVE_INT64_T
+     try_signed (f, 64);
+-#endif /* HAVE_INT64_T */
+ 
+-#ifndef HAVE_U_INT8_T
+     try_unsigned (f, 8);
+-#endif /* HAVE_INT8_T */
+-#ifndef HAVE_U_INT16_T
+     try_unsigned (f, 16);
+-#endif /* HAVE_U_INT16_T */
+-#ifndef HAVE_U_INT32_T
+     try_unsigned (f, 32);
+-#endif /* HAVE_U_INT32_T */
+-#ifndef HAVE_U_INT64_T
+     try_unsigned (f, 64);
+-#endif /* HAVE_U_INT64_T */
+ 
+     print_post(f);
+   

SOURCES/cyrus-sasl-2.1.23-man.patch

@@ -0,0 +1,24 @@
+diff -up cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8.man cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8
+--- cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8.man	2013-09-03 15:25:26.818042047 +0200
++++ cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8	2013-09-03 15:25:26.818042047 +0200
+@@ -0,0 +1,20 @@
++.\"                                      Hey, EMACS: -*- nroff -*-
++.TH TESTSASLAUTHD 8 "14 October 2006"
++.SH NAME
++testsaslauthd \- test utility for the SASL authentication server
++.SH SYNOPSIS
++.B testsaslauthd
++.RI "[ " \(hyr " " realm " ] [ " \(hys " " servicename " ] [ " \(hyf " " socket " " path " ] [ " \(hyR " " repeatnum " ]"
++.SH DESCRIPTION
++This manual page documents briefly the
++.B testsaslauthd
++command.
++.PP
++.SH SEE ALSO
++.BR saslauthd (8).
++.br
++.SH AUTHOR
++testsaslauthd was written by Carnegie Mellon University.
++.PP
++This manual page was written by Roberto C. Sanchez <roberto@connexer.com>,
++for the Debian project (but may be used by others).

SOURCES/cyrus-sasl-2.1.25-no_rpath.patch

@@ -0,0 +1,20 @@
+diff -up cyrus-sasl-2.1.25/m4/cyrus.m4.no_rpath cyrus-sasl-2.1.25/m4/cyrus.m4
+--- cyrus-sasl-2.1.25/m4/cyrus.m4.no_rpath	2010-01-22 16:12:01.000000000 +0100
++++ cyrus-sasl-2.1.25/m4/cyrus.m4	2012-12-06 14:59:47.956102057 +0100
+@@ -32,14 +32,5 @@ AC_DEFUN([CMU_ADD_LIBPATH_TO], [
+ dnl runpath initialization
+ AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [
+    # CMU GUESS RUNPATH SWITCH
+-  AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [
+-    # first, try -R
+-    SAVE_LDFLAGS="${LDFLAGS}"
+-    LDFLAGS="-R /usr/lib"
+-    AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [
+-  	LDFLAGS="-Wl,-rpath,/usr/lib"
+-    AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"],
+-    [andrew_cv_runpath_switch="none"])
+-    ])
+-  LDFLAGS="${SAVE_LDFLAGS}"
+-  ])])
++    andrew_runpath_switch="none"
++  ])

SOURCES/cyrus-sasl-2.1.26-revert-upstream-080e51c7fa0421eb2f0210d34cf0ac48a228b1e9.patch

@@ -0,0 +1,17 @@
+diff --git a/plugins/gssapi.c b/plugins/gssapi.c
+index e6fcf46..a27eb2b 100644
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -1594,10 +1594,10 @@ static int gssapi_client_mech_step(void *conn_context,
+ 	}
+ 
+ 	/* Setup req_flags properly */
+-	req_flags = GSS_C_INTEG_FLAG;
++	req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ 	if (params->props.max_ssf > params->external_ssf) {
+ 	    /* We are requesting a security layer */
+-	    req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++	    req_flags |= GSS_C_INTEG_FLAG;
+ 	    /* Any SSF bigger than 1 is confidentiality. */
+ 	    /* Let's check if the client of the API requires confidentiality,
+ 	       and it wasn't already provided by an external layer */

SOURCES/make-no-dlcompatorsrp-tarball.sh

@@ -0,0 +1,41 @@
+#!/bin/bash -e
+#
+#  See ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ for unmodified sources.
+#
+
+tmppath=`mktemp -d ${TMPDIR:-/tmp}/make-no-dlcompat-tarball-XXXXXX`
+if test -z "$tmppath" ; then
+	echo Error creating temporary directory.
+	exit 1
+fi
+trap "rm -fr $tmppath" EXIT
+
+initialdir=`pwd`
+
+for tarball in ${initialdir}/cyrus-sasl-*.tar.{gz,bz2} ; do
+	if ! test -s "$tarball" ; then
+		continue
+	fi
+	rm -fr $tmppath/*
+	pushd $tmppath > /dev/null
+	case "$tarball" in
+	*nodlcompat*)
+		: Do nothing.
+		;;
+	*.gz)
+		gzip  -dc "$tarball" | tar xf -
+		rm -fr cyrus-sasl-*/dlcompat*
+		rm -fr cyrus-sasl-*/plugins/srp*
+		tar cf - * | gzip  -9c > \
+		$initialdir/`basename $tarball .tar.gz`-nodlcompatorsrp.tar.gz
+		;;
+	*.bz2)
+		bzip2 -dc "$tarball" | tar xf -
+		rm -fr cyrus-sasl-*/dlcompat*
+		rm -fr cyrus-sasl-*/plugins/srp*
+		tar cf - * | bzip2 -9c > \
+		$initialdir/`basename $tarball .tar.bz2`-nodlcompatorsrp.tar.bz2
+		;;
+	esac
+	popd > /dev/null
+done

SOURCES/sasl-mechlist.c

@@ -0,0 +1,99 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "sasl.h"
+
+static int
+my_getopt(void *context, const char *plugin_name,
+	  const char *option, const char **result, unsigned *len)
+{
+	if (result) {
+		*result = NULL;
+#if 0
+		fprintf(stderr, "Getopt plugin=%s%s%s/option=%s%s%s -> ",
+			plugin_name ? "\"" : "",
+			plugin_name ? plugin_name : "(null)",
+			plugin_name ? "\"" : "",
+			option ? "\"" : "",
+			option ? option : "(null)",
+			option ? "\"" : "");
+		fprintf(stderr, "'%s'.\n", *result ? *result : "");
+#endif
+	}
+	if (len) {
+		*len = 0;
+	}
+	return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+	int ret, i;
+	const char *mechs, **globals;
+	sasl_callback_t callbacks[] = {
+		{SASL_CB_GETOPT, my_getopt, NULL},
+		{SASL_CB_LIST_END},
+	};
+	sasl_conn_t *connection;
+	char hostname[512];
+
+	if ((argc > 1) && (argv[1][0] == '-')) {
+		fprintf(stderr, "Usage: %s [appname [hostname] ]\n", argv[0]);
+		return 0;
+	}
+
+	ret = sasl_server_init(callbacks, argc > 1 ? argv[1] : "sasl-mechlist");
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_server_init(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	}
+
+	connection = NULL;
+	strcpy(hostname, "localhost");
+	gethostname(hostname, sizeof(hostname));
+	ret = sasl_server_new(argc > 2 ? argv[2] : "host",
+			      hostname,
+			      NULL,
+			      NULL,
+			      NULL,
+			      callbacks,
+			      0,
+			      &connection);
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_server_new(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	}
+
+	ret = sasl_listmech(connection,
+			    getenv("USER") ? getenv("USER") : "root",
+			    "Available mechanisms: ",
+			    ",",
+			    "\n",
+			    &mechs,
+			    NULL,
+			    NULL);
+	if (ret != SASL_OK) {
+		fprintf(stderr, "Error in sasl_listmechs(): %s\n",
+			sasl_errstring(ret, NULL, NULL));
+	} else {
+		fprintf(stdout, "%s", mechs);
+	}
+
+	globals = sasl_global_listmech();
+	for (i = 0; (globals != NULL) && (globals[i] != NULL); i++) {
+		if (i == 0) {
+			fprintf(stdout, "Library supports: ");
+		}
+		fprintf(stdout, "%s", globals[i]);
+		if (globals[i + 1] != NULL) {
+			fprintf(stdout, ",");
+		} else {
+			fprintf(stdout, "\n");
+		}
+	}
+
+	return 0;
+}

SOURCES/saslauthd.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=SASL authentication daemon.
+
+[Service]
+Type=forking
+PIDFile=/run/saslauthd/saslauthd.pid
+EnvironmentFile=/etc/sysconfig/saslauthd
+ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS
+RuntimeDirectory=saslauthd
+
+[Install]
+WantedBy=multi-user.target

SOURCES/saslauthd.sysconfig

@@ -0,0 +1,11 @@
+# Directory in which to place saslauthd's listening socket, pid file, and so
+# on.  This directory must already exist.
+SOCKETDIR=/run/saslauthd
+
+# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
+# of which mechanism your installation was compiled with the ablity to use.
+MECH=pam
+
+# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
+# for the list of accepted flags.
+FLAGS=