import cyrus-sasl-2.1.27-1.el8
This commit is contained in:
parent
3510d3d3d1
commit
9e8c8d78e1
@ -1 +1 @@
|
|||||||
98988c2d3b8f055f6346d8d55ca806a8dbd2dc59 SOURCES/cyrus-sasl-2.1.27-rc7-nodlcompatorsrp.tar.gz
|
c9e6848d9cc6f9588e0e7a75423f9a3aed3f10db SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/cyrus-sasl-2.1.27-rc7-nodlcompatorsrp.tar.gz
|
SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz
|
||||||
|
24
SOURCES/cyrus-sasl-2.1.26-md5global.patch
Normal file
24
SOURCES/cyrus-sasl-2.1.26-md5global.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -up cyrus-sasl-2.1.27/include/Makefile.am.md5global.h cyrus-sasl-2.1.27/include/Makefile.am
|
||||||
|
--- cyrus-sasl-2.1.27/include/Makefile.am.md5global.h 2018-05-17 13:33:49.588368350 +0200
|
||||||
|
+++ cyrus-sasl-2.1.27/include/Makefile.am 2018-05-17 13:38:19.377316869 +0200
|
||||||
|
@@ -49,20 +49,7 @@ saslinclude_HEADERS = hmac-md5.h md5.h m
|
||||||
|
|
||||||
|
noinst_PROGRAMS = makemd5
|
||||||
|
|
||||||
|
-makemd5_SOURCES = makemd5.c
|
||||||
|
-
|
||||||
|
-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CC=$(CC_FOR_BUILD)
|
||||||
|
-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
|
||||||
|
-makemd5$(BUILD_EXEEXT): LDFLAGS=$(LDFLAGS_FOR_BUILD)
|
||||||
|
-
|
||||||
|
-md5global.h: makemd5$(BUILD_EXEEXT) Makefile
|
||||||
|
- -rm -f $@
|
||||||
|
- ./$< $@
|
||||||
|
-
|
||||||
|
-BUILT_SOURCES = md5global.h
|
||||||
|
-
|
||||||
|
EXTRA_DIST = NTMakefile
|
||||||
|
-DISTCLEANFILES = md5global.h
|
||||||
|
|
||||||
|
if MACOSX
|
||||||
|
framedir = /Library/Frameworks/SASL2.framework
|
@ -1,17 +0,0 @@
|
|||||||
diff --git a/plugins/gssapi.c b/plugins/gssapi.c
|
|
||||||
index e6fcf46..a27eb2b 100644
|
|
||||||
--- a/plugins/gssapi.c
|
|
||||||
+++ b/plugins/gssapi.c
|
|
||||||
@@ -1594,10 +1594,10 @@ static int gssapi_client_mech_step(void *conn_context,
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Setup req_flags properly */
|
|
||||||
- req_flags = GSS_C_INTEG_FLAG;
|
|
||||||
+ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
|
|
||||||
if (params->props.max_ssf > params->external_ssf) {
|
|
||||||
/* We are requesting a security layer */
|
|
||||||
- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
|
|
||||||
+ req_flags |= GSS_C_INTEG_FLAG;
|
|
||||||
/* Any SSF bigger than 1 is confidentiality. */
|
|
||||||
/* Let's check if the client of the API requires confidentiality,
|
|
||||||
and it wasn't already provided by an external layer */
|
|
155
SOURCES/cyrus-sasl-pr559-RC4-openssl.patch
Normal file
155
SOURCES/cyrus-sasl-pr559-RC4-openssl.patch
Normal file
@ -0,0 +1,155 @@
|
|||||||
|
From 8aa9ae816ddf66921b4a8a0f422517e6f2e55ac6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Wed, 27 Mar 2019 14:29:08 -0400
|
||||||
|
Subject: [PATCH] Use Openssl RC4 when available
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
---
|
||||||
|
configure.ac | 5 +--
|
||||||
|
plugins/digestmd5.c | 107 +++++++++++++++++++++++++++++++++++++++++++-
|
||||||
|
2 files changed, 108 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 388f5d02..cfdee4a2 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -1102,12 +1102,11 @@ AC_ARG_WITH(configdir, [ --with-configdir=DIR set the directory where confi
|
||||||
|
AC_SUBST(configdir)
|
||||||
|
|
||||||
|
-dnl look for rc4 libraries. we accept the CMU one or one from openSSL
|
||||||
|
-AC_ARG_WITH(rc4, [ --with-rc4 use internal rc4 routines [[yes]] ],
|
||||||
|
+AC_ARG_WITH(rc4, [ --with-rc4 use rc4 routines [[yes]] ],
|
||||||
|
with_rc4=$withval,
|
||||||
|
with_rc4=yes)
|
||||||
|
|
||||||
|
if test "$with_rc4" != no; then
|
||||||
|
- AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?])
|
||||||
|
+ AC_DEFINE(WITH_RC4,[],[Use RC4])
|
||||||
|
fi
|
||||||
|
|
||||||
|
building_for_macosx=no
|
||||||
|
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
|
||||||
|
index df35093d..c6b54317 100644
|
||||||
|
--- a/plugins/digestmd5.c
|
||||||
|
+++ b/plugins/digestmd5.c
|
||||||
|
@@ -1117,6 +1117,111 @@ static void free_des(context_t *text)
|
||||||
|
#endif /* WITH_DES */
|
||||||
|
|
||||||
|
#ifdef WITH_RC4
|
||||||
|
+#ifdef HAVE_OPENSSL
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
+
|
||||||
|
+static void free_rc4(context_t *text)
|
||||||
|
+{
|
||||||
|
+ if (text->cipher_enc_context) {
|
||||||
|
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context);
|
||||||
|
+ text->cipher_enc_context = NULL;
|
||||||
|
+ }
|
||||||
|
+ if (text->cipher_dec_context) {
|
||||||
|
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context);
|
||||||
|
+ text->cipher_dec_context = NULL;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int init_rc4(context_t *text,
|
||||||
|
+ unsigned char enckey[16],
|
||||||
|
+ unsigned char deckey[16])
|
||||||
|
+{
|
||||||
|
+ EVP_CIPHER_CTX *ctx;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ ctx = EVP_CIPHER_CTX_new();
|
||||||
|
+ if (ctx == NULL) return SASL_NOMEM;
|
||||||
|
+
|
||||||
|
+ rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ text->cipher_enc_context = (void *)ctx;
|
||||||
|
+
|
||||||
|
+ ctx = EVP_CIPHER_CTX_new();
|
||||||
|
+ if (ctx == NULL) return SASL_NOMEM;
|
||||||
|
+
|
||||||
|
+ rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ text->cipher_dec_context = (void *)ctx;
|
||||||
|
+
|
||||||
|
+ return SASL_OK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int dec_rc4(context_t *text,
|
||||||
|
+ const char *input,
|
||||||
|
+ unsigned inputlen,
|
||||||
|
+ unsigned char digest[16] __attribute__((unused)),
|
||||||
|
+ char *output,
|
||||||
|
+ unsigned *outputlen)
|
||||||
|
+{
|
||||||
|
+ int len;
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ /* decrypt the text part & HMAC */
|
||||||
|
+ rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context,
|
||||||
|
+ (unsigned char *)output, &len,
|
||||||
|
+ (const unsigned char *)input, inputlen);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ *outputlen = len;
|
||||||
|
+
|
||||||
|
+ rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context,
|
||||||
|
+ (unsigned char *)output + len, &len);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ *outputlen += len;
|
||||||
|
+
|
||||||
|
+ /* subtract the HMAC to get the text length */
|
||||||
|
+ *outputlen -= 10;
|
||||||
|
+
|
||||||
|
+ return SASL_OK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int enc_rc4(context_t *text,
|
||||||
|
+ const char *input,
|
||||||
|
+ unsigned inputlen,
|
||||||
|
+ unsigned char digest[16],
|
||||||
|
+ char *output,
|
||||||
|
+ unsigned *outputlen)
|
||||||
|
+{
|
||||||
|
+ int len;
|
||||||
|
+ int rc;
|
||||||
|
+ /* encrypt the text part */
|
||||||
|
+ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
|
||||||
|
+ (unsigned char *)output, &len,
|
||||||
|
+ (const unsigned char *)input, inputlen);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ *outputlen = len;
|
||||||
|
+
|
||||||
|
+ /* encrypt the `MAC part */
|
||||||
|
+ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
|
||||||
|
+ (unsigned char *)output + *outputlen, &len,
|
||||||
|
+ digest, 10);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ *outputlen += len;
|
||||||
|
+
|
||||||
|
+ rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context,
|
||||||
|
+ (unsigned char *)output + *outputlen, &len);
|
||||||
|
+ if (rc != 1) return SASL_FAIL;
|
||||||
|
+
|
||||||
|
+ *outputlen += len;
|
||||||
|
+
|
||||||
|
+ return SASL_OK;
|
||||||
|
+}
|
||||||
|
+#else
|
||||||
|
/* quick generic implementation of RC4 */
|
||||||
|
struct rc4_context_s {
|
||||||
|
unsigned char sbox[256];
|
||||||
|
@@ -1296,7 +1401,7 @@ static int enc_rc4(context_t *text,
|
||||||
|
|
||||||
|
return SASL_OK;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
+#endif /* HAVE_OPENSSL */
|
||||||
|
#endif /* WITH_RC4 */
|
||||||
|
|
||||||
|
struct digest_cipher available_ciphers[] =
|
@ -8,13 +8,13 @@
|
|||||||
Summary: The Cyrus SASL library
|
Summary: The Cyrus SASL library
|
||||||
Name: cyrus-sasl
|
Name: cyrus-sasl
|
||||||
Version: 2.1.27
|
Version: 2.1.27
|
||||||
Release: 0.3rc7%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD with advertising
|
License: BSD with advertising
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
# Source0 originally comes from https://www.cyrusimap.org/releases/;
|
# Source0 originally comes from https://www.cyrusimap.org/releases/;
|
||||||
# make-no-dlcompatorsrp-tarball.sh removes the "dlcompat" subdirectory and builds a
|
# make-no-dlcompatorsrp-tarball.sh removes the "dlcompat" subdirectory and builds a
|
||||||
# new tarball.
|
# new tarball.
|
||||||
Source0: cyrus-sasl-%{version}-rc7-nodlcompatorsrp.tar.gz
|
Source0: cyrus-sasl-%{version}-nodlcompatorsrp.tar.gz
|
||||||
Source5: saslauthd.service
|
Source5: saslauthd.service
|
||||||
Source7: sasl-mechlist.c
|
Source7: sasl-mechlist.c
|
||||||
Source9: saslauthd.sysconfig
|
Source9: saslauthd.sysconfig
|
||||||
@ -22,16 +22,14 @@ Source10: make-no-dlcompatorsrp-tarball.sh
|
|||||||
# From upstream git, required for reconfigure after applying patches to configure.ac
|
# From upstream git, required for reconfigure after applying patches to configure.ac
|
||||||
# https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/master/autogen.sh
|
# https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/master/autogen.sh
|
||||||
Source11: autogen.sh
|
Source11: autogen.sh
|
||||||
URL: http://asg.web.cmu.edu/sasl/sasl-library.html
|
URL: https://www.cyrusimap.org/sasl/
|
||||||
Requires: %{name}-lib%{?_isa} = %{version}-%{release}
|
Requires: %{name}-lib%{?_isa} = %{version}-%{release}
|
||||||
Patch11: cyrus-sasl-2.1.25-no_rpath.patch
|
Patch11: cyrus-sasl-2.1.25-no_rpath.patch
|
||||||
Patch15: cyrus-sasl-2.1.20-saslauthd.conf-path.patch
|
Patch15: cyrus-sasl-2.1.20-saslauthd.conf-path.patch
|
||||||
Patch23: cyrus-sasl-2.1.23-man.patch
|
Patch23: cyrus-sasl-2.1.23-man.patch
|
||||||
Patch24: cyrus-sasl-2.1.21-sizes.patch
|
Patch24: cyrus-sasl-2.1.21-sizes.patch
|
||||||
#Patch49: cyrus-sasl-2.1.26-md5global.patch
|
Patch49: cyrus-sasl-2.1.26-md5global.patch
|
||||||
# revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 (#984079)
|
Patch60: cyrus-sasl-pr559-RC4-openssl.patch
|
||||||
# https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480
|
|
||||||
Patch50: cyrus-sasl-2.1.26-revert-upstream-080e51c7fa0421eb2f0210d34cf0ac48a228b1e9.patch
|
|
||||||
|
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||||
@ -161,8 +159,8 @@ the GS2 authentication scheme.
|
|||||||
%patch15 -p1 -b .path
|
%patch15 -p1 -b .path
|
||||||
%patch23 -p1 -b .man
|
%patch23 -p1 -b .man
|
||||||
%patch24 -p1 -b .sizes
|
%patch24 -p1 -b .sizes
|
||||||
#%patch49 -p1 -b .md5global.h
|
%patch49 -p1 -b .md5global.h
|
||||||
%patch50 -p1 -b .gssapi
|
%patch60 -p1 -b .openssl_rc4
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# reconfigure
|
# reconfigure
|
||||||
@ -394,6 +392,15 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
|
|||||||
%{_sbindir}/sasl2-shared-mechlist
|
%{_sbindir}/sasl2-shared-mechlist
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 14 2019 Simo Sorce <simo@redhat.com> - 2.1.27-1
|
||||||
|
- Rc7 to final source
|
||||||
|
- Resovles bz#1618744
|
||||||
|
|
||||||
|
* Thu Jun 13 2019 Simo Sorce <simo@redhat.com> - 2.1.27-0.4rc7
|
||||||
|
- Add patch form Upstream PR559 to use RC4 implementation from OpenSSL
|
||||||
|
- Resolves bz#1618744
|
||||||
|
- Fix multilib issue bz#1663120
|
||||||
|
|
||||||
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 2.1.27-0.3rc7
|
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 2.1.27-0.3rc7
|
||||||
- Rebuild with fixed binutils
|
- Rebuild with fixed binutils
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user