update to 2.1.26

This commit is contained in:
Petr Lautrbach 2013-01-15 15:32:58 +01:00
parent 52015887e0
commit 5c0901a6f3
9 changed files with 187 additions and 185 deletions

View File

@ -1,86 +0,0 @@
diff -Naur cyrus-sasl-2.1.23-orig/pwcheck/pwcheck_getpwnam.c cyrus-sasl-2.1.23/pwcheck/pwcheck_getpwnam.c
--- cyrus-sasl-2.1.23-orig/pwcheck/pwcheck_getpwnam.c 1999-08-26 12:22:43.000000000 -0400
+++ cyrus-sasl-2.1.23/pwcheck/pwcheck_getpwnam.c 2012-04-25 10:16:04.240783975 -0400
@@ -31,7 +31,7 @@
char *userid;
char *password;
{
- char* r;
+ char* r, *cryptbuf;
struct passwd *pwd;
pwd = getpwnam(userid);
@@ -41,11 +41,13 @@
else if (pwd->pw_passwd[0] == '*') {
r = "Account disabled";
}
- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
- r = "Incorrect password";
- }
else {
- r = "OK";
+ cryptbuf = crypt(password, pwd->pw_passwd);
+ if((cryptbuf == NULL) || (strcmp(pwd->pw_passwd, cryptbuf) != 0)) {
+ r = "Incorrect password";
+ } else {
+ r = "OK";
+ }
}
endpwent();
diff -Naur cyrus-sasl-2.1.23-orig/saslauthd/auth_getpwent.c cyrus-sasl-2.1.23/saslauthd/auth_getpwent.c
--- cyrus-sasl-2.1.23-orig/saslauthd/auth_getpwent.c 2009-04-28 11:09:18.000000000 -0400
+++ cyrus-sasl-2.1.23/saslauthd/auth_getpwent.c 2012-04-25 10:06:01.329748386 -0400
@@ -70,6 +70,7 @@
{
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry */
+ char *cryptbuf;
/* END VARIABLES */
pw = getpwnam(login);
@@ -79,7 +80,8 @@
RETURN("NO");
}
- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
+ cryptbuf = crypt(password, pw->pw_passwd);
+ if( (cryptbuf == NULL) || strcmp(pw->pw_passwd, cryptbuf)) {
RETURN("NO");
}
diff -Naur cyrus-sasl-2.1.23-orig/saslauthd/auth_shadow.c cyrus-sasl-2.1.23/saslauthd/auth_shadow.c
--- cyrus-sasl-2.1.23-orig/saslauthd/auth_shadow.c 2012-04-25 10:02:23.777487508 -0400
+++ cyrus-sasl-2.1.23/saslauthd/auth_shadow.c 2012-04-25 10:12:53.727866162 -0400
@@ -184,16 +184,16 @@
* not returning any information about a login until we have validated
* the password.
*/
- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+ cpw = crypt(password, sp->sp_pwdp);
+ if(cpw == NULL)
+ RETURN("NO");
if (strcmp(sp->sp_pwdp, cpw)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
sp->sp_pwdp, cpw);
}
- free(cpw);
RETURN("NO");
}
- free(cpw);
/*
* The following fields will be set to -1 if:
@@ -254,8 +254,9 @@
}
RETURN("NO");
}
-
- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
+
+ cpw = crypt(password, upw->upw_passwd);
+ if((cpw == NULL) || (strcmp(upw->upw_passwd, cpw) != 0)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
password, upw->upw_passwd);

View File

@ -1,15 +0,0 @@
diff -up cyrus-sasl-2.1.25/plugins/gssapi.c.release-server_creds cyrus-sasl-2.1.25/plugins/gssapi.c
--- cyrus-sasl-2.1.25/plugins/gssapi.c.release-server_creds 2012-12-07 12:57:14.000000000 +0100
+++ cyrus-sasl-2.1.25/plugins/gssapi.c 2012-12-07 12:58:11.122533870 +0100
@@ -829,6 +829,11 @@ gssapi_server_mech_step(void *conn_conte
}
if (maj_stat == GSS_S_COMPLETE) {
+ /* Release server creds which are no longer needed */
+ if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
+ maj_stat = gss_release_cred(&min_stat, &text->server_creds);
+ text->server_creds = GSS_C_NO_CREDENTIAL;
+ }
/* Switch to ssf negotiation */
text->state = SASL_GSSAPI_STATE_SSFCAP;

View File

@ -1,62 +0,0 @@
diff -up cyrus-sasl-2.1.25/lib/server.c.warnings cyrus-sasl-2.1.25/lib/server.c
--- cyrus-sasl-2.1.25/lib/server.c.warnings 2011-09-02 14:58:01.000000000 +0200
+++ cyrus-sasl-2.1.25/lib/server.c 2012-12-06 16:21:07.705102996 +0100
@@ -646,7 +646,7 @@ static int load_config(const sasl_callba
goto done;
}
- snprintf(config_filename, len, "%.*s%c%s.conf", path_len, path_to_config,
+ snprintf(config_filename, len, "%.*s%c%s.conf", (int)path_len, path_to_config,
HIER_DELIMITER, global_callbacks.appname);
/* Ask the application if it's safe to use this file */
diff -up cyrus-sasl-2.1.25/plugins/gssapi.c.warnings cyrus-sasl-2.1.25/plugins/gssapi.c
--- cyrus-sasl-2.1.25/plugins/gssapi.c.warnings 2011-05-11 21:25:55.000000000 +0200
+++ cyrus-sasl-2.1.25/plugins/gssapi.c 2012-12-06 16:24:30.223307272 +0100
@@ -196,7 +196,8 @@ sasl_gss_seterror_(const sasl_utils_t *u
OM_uint32 msg_ctx;
int ret;
char *out = NULL;
- size_t len, curlen = 0;
+ size_t len;
+ unsigned curlen = 0;
const char prefix[] = "GSSAPI Error: ";
if (!utils) return SASL_OK;
diff -up cyrus-sasl-2.1.25/plugins/ldapdb.c.warnings cyrus-sasl-2.1.25/plugins/ldapdb.c
--- cyrus-sasl-2.1.25/plugins/ldapdb.c.warnings 2011-05-11 21:25:55.000000000 +0200
+++ cyrus-sasl-2.1.25/plugins/ldapdb.c 2012-12-06 16:21:07.706102988 +0100
@@ -22,6 +22,7 @@
#include "plugin_common.h"
+#define LDAP_DEPRECATED 1
#include <ldap.h>
static char ldapdb[] = "ldapdb";
diff -up cyrus-sasl-2.1.25/saslauthd/auth_httpform.c.warnings cyrus-sasl-2.1.25/saslauthd/auth_httpform.c
--- cyrus-sasl-2.1.25/saslauthd/auth_httpform.c.warnings 2006-04-20 16:30:14.000000000 +0200
+++ cyrus-sasl-2.1.25/saslauthd/auth_httpform.c 2012-12-06 16:21:10.520091567 +0100
@@ -552,7 +552,7 @@ auth_httpform (
"Content-Type: application/x-www-form-urlencoded" CRLF
"Content-Length: %d" TWO_CRLF
"%s",
- r_uri, r_host, r_port, strlen(escreq), escreq);
+ r_uri, r_host, r_port, (int)strlen(escreq), escreq);
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_httpform: sending %s %s %s",
diff -up cyrus-sasl-2.1.25/saslauthd/auth_shadow.c.warnings cyrus-sasl-2.1.25/saslauthd/auth_shadow.c
--- cyrus-sasl-2.1.25/saslauthd/auth_shadow.c.warnings 2009-12-03 20:07:03.000000000 +0100
+++ cyrus-sasl-2.1.25/saslauthd/auth_shadow.c 2012-12-06 16:21:10.521091564 +0100
@@ -68,6 +68,10 @@
# include <shadow.h>
# endif /* ! HAVE_GETUSERPW */
+# ifdef HAVE_CRYPT_H
+# include <crypt.h>
+# endif
+
# include "auth_shadow.h"
# include "globals.h"
/* END PUBLIC DEPENDENCIES */

View File

@ -0,0 +1,86 @@
diff -up cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c
--- cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt 2012-01-28 00:31:36.000000000 +0100
+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c 2012-12-20 17:00:14.614580310 +0100
@@ -31,7 +31,7 @@ char *pwcheck(userid, password)
char *userid;
char *password;
{
- char* r;
+ char* r, *cryptbuf;
struct passwd *pwd;
pwd = getpwnam(userid);
@@ -41,11 +41,13 @@ char *password;
else if (pwd->pw_passwd[0] == '*') {
r = "Account disabled";
}
- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
- r = "Incorrect password";
- }
else {
- r = "OK";
+ cryptbuf = crypt(password, pwd->pw_passwd);
+ if((cryptbuf == NULL) || (strcmp(pwd->pw_passwd, cryptbuf) != 0)) {
+ r = "Incorrect password";
+ } else {
+ r = "OK";
+ }
}
endpwent();
diff -up cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c
--- cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt 2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c 2012-12-20 17:03:17.940793653 +0100
@@ -78,6 +78,7 @@ auth_getpwent (
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry */
int errnum;
+ char *cryptbuf;
/* END VARIABLES */
errno = 0;
@@ -105,7 +106,8 @@ auth_getpwent (
}
}
- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
+ cryptbuf = crypt(password, pw->pw_passwd);
+ if ((cryptbuf == NULL) || strcmp(pw->pw_passwd, cryptbuf)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
}
diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt 2012-12-20 17:00:14.000000000 +0100
+++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c 2012-12-20 17:16:44.190360006 +0100
@@ -214,8 +214,8 @@ auth_shadow (
RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
}
- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
- if (strcmp(sp->sp_pwdp, cpw)) {
+ cpw = crypt(password, sp->sp_pwdp);
+ if ((cpw == NULL) || strcmp(sp->sp_pwdp, cpw)) {
if (flags & VERBOSE) {
/*
* This _should_ reveal the SHADOW_PW_LOCKED prefix to an
@@ -225,10 +225,8 @@ auth_shadow (
syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
sp->sp_pwdp, cpw);
}
- free(cpw);
RETURN("NO Incorrect password");
}
- free(cpw);
/*
* The following fields will be set to -1 if:
@@ -290,7 +288,8 @@ auth_shadow (
RETURN("NO Invalid username");
}
- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
+ cpw = crypt(password, upw->upw_passwd);
+ if ((cpw == NULL) || strcmp(upw->upw_passwd, cpw) != 0) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
password, upw->upw_passwd);

View File

@ -0,0 +1,16 @@
diff -up cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds cyrus-sasl-2.1.26/plugins/gssapi.c
--- cyrus-sasl-2.1.26/plugins/gssapi.c.release-server_creds 2012-12-20 17:17:37.000000000 +0100
+++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-12-20 17:42:11.498138999 +0100
@@ -945,6 +945,12 @@ gssapi_server_mech_authneg(context_t *te
ret = SASL_CONTINUE;
}
+ /* Release server creds which are no longer needed */
+ if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
+ maj_stat = gss_release_cred(&min_stat, &text->server_creds);
+ text->server_creds = GSS_C_NO_CREDENTIAL;
+ }
+
cleanup:
if (client_name_MN) {
GSS_LOCK_MUTEX(params->utils);

View File

@ -1,7 +1,7 @@
diff -up cyrus-sasl-2.1.25/lib/Makefile.am.relro cyrus-sasl-2.1.25/lib/Makefile.am
--- cyrus-sasl-2.1.25/lib/Makefile.am.relro 2011-09-05 16:18:10.000000000 +0200
+++ cyrus-sasl-2.1.25/lib/Makefile.am 2012-12-07 12:49:13.693026807 +0100
@@ -62,7 +62,7 @@ LIB_DOOR= @LIB_DOOR@
diff -up cyrus-sasl-2.1.26/lib/Makefile.am.relro cyrus-sasl-2.1.26/lib/Makefile.am
--- cyrus-sasl-2.1.26/lib/Makefile.am.relro 2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/lib/Makefile.am 2012-12-20 16:57:51.245192138 +0100
@@ -64,7 +64,7 @@ LIB_DOOR= @LIB_DOOR@
lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
@ -10,11 +10,11 @@ diff -up cyrus-sasl-2.1.25/lib/Makefile.am.relro cyrus-sasl-2.1.25/lib/Makefile.
libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
diff -up cyrus-sasl-2.1.25/plugins/Makefile.am.relro cyrus-sasl-2.1.25/plugins/Makefile.am
--- cyrus-sasl-2.1.25/plugins/Makefile.am.relro 2011-09-05 16:18:10.000000000 +0200
+++ cyrus-sasl-2.1.25/plugins/Makefile.am 2012-12-07 12:56:16.916231903 +0100
@@ -49,7 +49,7 @@
plugin_version = 2:25:0
diff -up cyrus-sasl-2.1.26/plugins/Makefile.am.relro cyrus-sasl-2.1.26/plugins/Makefile.am
--- cyrus-sasl-2.1.26/plugins/Makefile.am.relro 2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/plugins/Makefile.am 2012-12-20 16:59:01.932901285 +0100
@@ -50,7 +50,7 @@
plugin_version = 3:0:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
-AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)

View File

@ -0,0 +1,62 @@
diff -up cyrus-sasl-2.1.26/lib/server.c.warnings cyrus-sasl-2.1.26/lib/server.c
--- cyrus-sasl-2.1.26/lib/server.c.warnings 2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/lib/server.c 2012-12-20 17:49:39.620254792 +0100
@@ -650,7 +650,7 @@ static int load_config(const sasl_callba
goto done;
}
- snprintf(config_filename, len, "%.*s%c%s.conf", path_len, path_to_config,
+ snprintf(config_filename, len, "%.*s%c%s.conf", (int)path_len, path_to_config,
HIER_DELIMITER, global_callbacks.appname);
/* Ask the application if it's safe to use this file */
diff -up cyrus-sasl-2.1.26/plugins/gssapi.c.warnings cyrus-sasl-2.1.26/plugins/gssapi.c
--- cyrus-sasl-2.1.26/plugins/gssapi.c.warnings 2012-01-28 00:31:36.000000000 +0100
+++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-12-20 17:49:39.620254792 +0100
@@ -202,7 +202,8 @@ sasl_gss_seterror_(const sasl_utils_t *u
OM_uint32 msg_ctx;
int ret;
char *out = NULL;
- size_t len, curlen = 0;
+ size_t len;
+ unsigned curlen = 0;
const char prefix[] = "GSSAPI Error: ";
if (!utils) return SASL_OK;
diff -up cyrus-sasl-2.1.26/plugins/ldapdb.c.warnings cyrus-sasl-2.1.26/plugins/ldapdb.c
--- cyrus-sasl-2.1.26/plugins/ldapdb.c.warnings 2012-01-28 00:31:36.000000000 +0100
+++ cyrus-sasl-2.1.26/plugins/ldapdb.c 2012-12-20 17:49:39.621254788 +0100
@@ -22,6 +22,7 @@
#include "plugin_common.h"
+#define LDAP_DEPRECATED 1
#include <ldap.h>
static char ldapdb[] = "ldapdb";
diff -up cyrus-sasl-2.1.26/saslauthd/auth_httpform.c.warnings cyrus-sasl-2.1.26/saslauthd/auth_httpform.c
--- cyrus-sasl-2.1.26/saslauthd/auth_httpform.c.warnings 2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/saslauthd/auth_httpform.c 2012-12-20 17:50:13.247110021 +0100
@@ -574,7 +574,7 @@ auth_httpform (
"Content-Type: application/x-www-form-urlencoded" CRLF
"Content-Length: %d" TWO_CRLF
"%s",
- r_uri, r_host, r_port, strlen(req), req);
+ r_uri, r_host, r_port, (int)strlen(req), req);
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_httpform: sending %s %s %s",
diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.warnings cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.warnings 2012-10-12 16:05:48.000000000 +0200
+++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c 2012-12-20 17:49:39.621254788 +0100
@@ -70,6 +70,10 @@
# include <shadow.h>
# endif /* ! HAVE_GETUSERPW */
+# ifdef HAVE_CRYPT_H
+# include <crypt.h>
+# endif
+
# include "auth_shadow.h"
# include "globals.h"
/* END PUBLIC DEPENDENCIES */

View File

@ -7,8 +7,8 @@
Summary: The Cyrus SASL library
Name: cyrus-sasl
Version: 2.1.25
Release: 2%{?dist}
Version: 2.1.26
Release: 1%{?dist}
License: BSD with advertising
Group: System Environment/Libraries
# Source0 originally comes from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/;
@ -30,18 +30,15 @@ Patch24: cyrus-sasl-2.1.21-sizes.patch
Patch27: cyrus-sasl-2.1.22-automake-1.10.patch
Patch28: cyrus-sasl-2.1.21-keytab.patch
Patch31: cyrus-sasl-2.1.22-kerberos4.patch
Patch32: cyrus-sasl-2.1.25-warnings.patch
Patch32: cyrus-sasl-2.1.26-warnings.patch
Patch33: cyrus-sasl-2.1.25-current-db.patch
Patch34: cyrus-sasl-2.1.22-ldap-timeout.patch
Patch37: cyrus-sasl-2.1.23-race.patch
# removed due to #759334
#Patch38: cyrus-sasl-2.1.23-pam_rhosts.patch
Patch40: cyrus-sasl-2.1.23-rimap2.patch
Patch41: cyrus-sasl-2.1.23-db5.patch
Patch42: cyrus-sasl-2.1.25-relro.patch
Patch42: cyrus-sasl-2.1.26-relro.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=816250
Patch43: cyrus-sasl-2.1.23-null-crypt.patch
Patch44: cyrus-sasl-2.1.25-release-server_creds.patch
Patch43: cyrus-sasl-2.1.26-null-crypt.patch
Patch44: cyrus-sasl-2.1.26-release-server_creds.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
@ -75,6 +72,7 @@ applications which use the Cyrus SASL library.
%package devel
Requires: %{name}-lib = %{version}-%{release}
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
Group: Development/Libraries
Summary: Files needed for developing applications with Cyrus SASL
@ -174,9 +172,6 @@ chmod -x include/*.h
%patch32 -p1 -b .warnings
%patch33 -p1 -b .current-db
%patch34 -p1 -b .ldap-timeout
%patch37 -p1 -b .race
%patch40 -p1 -b .rimap2
%patch41 -p1 -b .db5
%patch42 -p1 -b .relro
%patch43 -p1 -b .null-crypt
%patch44 -p1 -b .release-server_creds
@ -424,10 +419,15 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
%{_bindir}/sasl2-sample-server
%{_includedir}/*
%{_libdir}/libsasl*.*so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%{_sbindir}/sasl2-shared-mechlist
%changelog
* Thu Dec 20 2012 Petr Lautrbach <plautrba@redhat.com> 2.1.26-1
- update to 2.1.26
- fix segfaults in sasl_gss_encode (#886140)
* Mon Dec 10 2012 Petr Lautrbach <plautrba@redhat.com> 2.1.25-2
- always use the current external Berkeley DB when linking

View File

@ -1,9 +1,10 @@
#include "sasl.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "sasl.h"
static int
my_getopt(void *context, const char *plugin_name,
const char *option, const char **result, unsigned *len)