import cyrus-sasl-2.1.27-1.el8

This commit is contained in:
CentOS Sources 2019-11-05 17:01:49 -05:00 committed by Andrew Lukoshko
parent 3510d3d3d1
commit 9e8c8d78e1
6 changed files with 197 additions and 28 deletions

View File

@ -1 +1 @@
98988c2d3b8f055f6346d8d55ca806a8dbd2dc59 SOURCES/cyrus-sasl-2.1.27-rc7-nodlcompatorsrp.tar.gz c9e6848d9cc6f9588e0e7a75423f9a3aed3f10db SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/cyrus-sasl-2.1.27-rc7-nodlcompatorsrp.tar.gz SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz

View File

@ -0,0 +1,24 @@
diff -up cyrus-sasl-2.1.27/include/Makefile.am.md5global.h cyrus-sasl-2.1.27/include/Makefile.am
--- cyrus-sasl-2.1.27/include/Makefile.am.md5global.h 2018-05-17 13:33:49.588368350 +0200
+++ cyrus-sasl-2.1.27/include/Makefile.am 2018-05-17 13:38:19.377316869 +0200
@@ -49,20 +49,7 @@ saslinclude_HEADERS = hmac-md5.h md5.h m
noinst_PROGRAMS = makemd5
-makemd5_SOURCES = makemd5.c
-
-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CC=$(CC_FOR_BUILD)
-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
-makemd5$(BUILD_EXEEXT): LDFLAGS=$(LDFLAGS_FOR_BUILD)
-
-md5global.h: makemd5$(BUILD_EXEEXT) Makefile
- -rm -f $@
- ./$< $@
-
-BUILT_SOURCES = md5global.h
-
EXTRA_DIST = NTMakefile
-DISTCLEANFILES = md5global.h
if MACOSX
framedir = /Library/Frameworks/SASL2.framework

View File

@ -1,17 +0,0 @@
diff --git a/plugins/gssapi.c b/plugins/gssapi.c
index e6fcf46..a27eb2b 100644
--- a/plugins/gssapi.c
+++ b/plugins/gssapi.c
@@ -1594,10 +1594,10 @@ static int gssapi_client_mech_step(void *conn_context,
}
/* Setup req_flags properly */
- req_flags = GSS_C_INTEG_FLAG;
+ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
if (params->props.max_ssf > params->external_ssf) {
/* We are requesting a security layer */
- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ req_flags |= GSS_C_INTEG_FLAG;
/* Any SSF bigger than 1 is confidentiality. */
/* Let's check if the client of the API requires confidentiality,
and it wasn't already provided by an external layer */

View File

@ -0,0 +1,155 @@
From 8aa9ae816ddf66921b4a8a0f422517e6f2e55ac6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 27 Mar 2019 14:29:08 -0400
Subject: [PATCH] Use Openssl RC4 when available
Signed-off-by: Simo Sorce <simo@redhat.com>
---
configure.ac | 5 +--
plugins/digestmd5.c | 107 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 108 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 388f5d02..cfdee4a2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1102,12 +1102,11 @@ AC_ARG_WITH(configdir, [ --with-configdir=DIR set the directory where confi
AC_SUBST(configdir)
-dnl look for rc4 libraries. we accept the CMU one or one from openSSL
-AC_ARG_WITH(rc4, [ --with-rc4 use internal rc4 routines [[yes]] ],
+AC_ARG_WITH(rc4, [ --with-rc4 use rc4 routines [[yes]] ],
with_rc4=$withval,
with_rc4=yes)
if test "$with_rc4" != no; then
- AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?])
+ AC_DEFINE(WITH_RC4,[],[Use RC4])
fi
building_for_macosx=no
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
index df35093d..c6b54317 100644
--- a/plugins/digestmd5.c
+++ b/plugins/digestmd5.c
@@ -1117,6 +1117,111 @@ static void free_des(context_t *text)
#endif /* WITH_DES */
#ifdef WITH_RC4
+#ifdef HAVE_OPENSSL
+#include <openssl/evp.h>
+
+static void free_rc4(context_t *text)
+{
+ if (text->cipher_enc_context) {
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context);
+ text->cipher_enc_context = NULL;
+ }
+ if (text->cipher_dec_context) {
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context);
+ text->cipher_dec_context = NULL;
+ }
+}
+
+static int init_rc4(context_t *text,
+ unsigned char enckey[16],
+ unsigned char deckey[16])
+{
+ EVP_CIPHER_CTX *ctx;
+ int rc;
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) return SASL_NOMEM;
+
+ rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL);
+ if (rc != 1) return SASL_FAIL;
+
+ text->cipher_enc_context = (void *)ctx;
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) return SASL_NOMEM;
+
+ rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL);
+ if (rc != 1) return SASL_FAIL;
+
+ text->cipher_dec_context = (void *)ctx;
+
+ return SASL_OK;
+}
+
+static int dec_rc4(context_t *text,
+ const char *input,
+ unsigned inputlen,
+ unsigned char digest[16] __attribute__((unused)),
+ char *output,
+ unsigned *outputlen)
+{
+ int len;
+ int rc;
+
+ /* decrypt the text part & HMAC */
+ rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context,
+ (unsigned char *)output, &len,
+ (const unsigned char *)input, inputlen);
+ if (rc != 1) return SASL_FAIL;
+
+ *outputlen = len;
+
+ rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context,
+ (unsigned char *)output + len, &len);
+ if (rc != 1) return SASL_FAIL;
+
+ *outputlen += len;
+
+ /* subtract the HMAC to get the text length */
+ *outputlen -= 10;
+
+ return SASL_OK;
+}
+
+static int enc_rc4(context_t *text,
+ const char *input,
+ unsigned inputlen,
+ unsigned char digest[16],
+ char *output,
+ unsigned *outputlen)
+{
+ int len;
+ int rc;
+ /* encrypt the text part */
+ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
+ (unsigned char *)output, &len,
+ (const unsigned char *)input, inputlen);
+ if (rc != 1) return SASL_FAIL;
+
+ *outputlen = len;
+
+ /* encrypt the `MAC part */
+ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
+ (unsigned char *)output + *outputlen, &len,
+ digest, 10);
+ if (rc != 1) return SASL_FAIL;
+
+ *outputlen += len;
+
+ rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context,
+ (unsigned char *)output + *outputlen, &len);
+ if (rc != 1) return SASL_FAIL;
+
+ *outputlen += len;
+
+ return SASL_OK;
+}
+#else
/* quick generic implementation of RC4 */
struct rc4_context_s {
unsigned char sbox[256];
@@ -1296,7 +1401,7 @@ static int enc_rc4(context_t *text,
return SASL_OK;
}
-
+#endif /* HAVE_OPENSSL */
#endif /* WITH_RC4 */
struct digest_cipher available_ciphers[] =

View File

@ -8,13 +8,13 @@
Summary: The Cyrus SASL library Summary: The Cyrus SASL library
Name: cyrus-sasl Name: cyrus-sasl
Version: 2.1.27 Version: 2.1.27
Release: 0.3rc7%{?dist} Release: 1%{?dist}
License: BSD with advertising License: BSD with advertising
Group: System Environment/Libraries Group: System Environment/Libraries
# Source0 originally comes from https://www.cyrusimap.org/releases/; # Source0 originally comes from https://www.cyrusimap.org/releases/;
# make-no-dlcompatorsrp-tarball.sh removes the "dlcompat" subdirectory and builds a # make-no-dlcompatorsrp-tarball.sh removes the "dlcompat" subdirectory and builds a
# new tarball. # new tarball.
Source0: cyrus-sasl-%{version}-rc7-nodlcompatorsrp.tar.gz Source0: cyrus-sasl-%{version}-nodlcompatorsrp.tar.gz
Source5: saslauthd.service Source5: saslauthd.service
Source7: sasl-mechlist.c Source7: sasl-mechlist.c
Source9: saslauthd.sysconfig Source9: saslauthd.sysconfig
@ -22,16 +22,14 @@ Source10: make-no-dlcompatorsrp-tarball.sh
# From upstream git, required for reconfigure after applying patches to configure.ac # From upstream git, required for reconfigure after applying patches to configure.ac
# https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/master/autogen.sh # https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/master/autogen.sh
Source11: autogen.sh Source11: autogen.sh
URL: http://asg.web.cmu.edu/sasl/sasl-library.html URL: https://www.cyrusimap.org/sasl/
Requires: %{name}-lib%{?_isa} = %{version}-%{release} Requires: %{name}-lib%{?_isa} = %{version}-%{release}
Patch11: cyrus-sasl-2.1.25-no_rpath.patch Patch11: cyrus-sasl-2.1.25-no_rpath.patch
Patch15: cyrus-sasl-2.1.20-saslauthd.conf-path.patch Patch15: cyrus-sasl-2.1.20-saslauthd.conf-path.patch
Patch23: cyrus-sasl-2.1.23-man.patch Patch23: cyrus-sasl-2.1.23-man.patch
Patch24: cyrus-sasl-2.1.21-sizes.patch Patch24: cyrus-sasl-2.1.21-sizes.patch
#Patch49: cyrus-sasl-2.1.26-md5global.patch Patch49: cyrus-sasl-2.1.26-md5global.patch
# revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 (#984079) Patch60: cyrus-sasl-pr559-RC4-openssl.patch
# https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480
Patch50: cyrus-sasl-2.1.26-revert-upstream-080e51c7fa0421eb2f0210d34cf0ac48a228b1e9.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
@ -161,8 +159,8 @@ the GS2 authentication scheme.
%patch15 -p1 -b .path %patch15 -p1 -b .path
%patch23 -p1 -b .man %patch23 -p1 -b .man
%patch24 -p1 -b .sizes %patch24 -p1 -b .sizes
#%patch49 -p1 -b .md5global.h %patch49 -p1 -b .md5global.h
%patch50 -p1 -b .gssapi %patch60 -p1 -b .openssl_rc4
%build %build
# reconfigure # reconfigure
@ -394,6 +392,15 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
%{_sbindir}/sasl2-shared-mechlist %{_sbindir}/sasl2-shared-mechlist
%changelog %changelog
* Fri Jun 14 2019 Simo Sorce <simo@redhat.com> - 2.1.27-1
- Rc7 to final source
- Resovles bz#1618744
* Thu Jun 13 2019 Simo Sorce <simo@redhat.com> - 2.1.27-0.4rc7
- Add patch form Upstream PR559 to use RC4 implementation from OpenSSL
- Resolves bz#1618744
- Fix multilib issue bz#1663120
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 2.1.27-0.3rc7 * Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 2.1.27-0.3rc7
- Rebuild with fixed binutils - Rebuild with fixed binutils