commit a422f584400ab16709a47f6a9c19eccc8ff8e495 Author: CentOS Sources Date: Fri Aug 2 03:51:14 2019 -0400 import cyrus-sasl-2.1.27-1.el8 diff --git a/.cyrus-sasl.metadata b/.cyrus-sasl.metadata new file mode 100644 index 0000000..82b591b --- /dev/null +++ b/.cyrus-sasl.metadata @@ -0,0 +1 @@ +c9e6848d9cc6f9588e0e7a75423f9a3aed3f10db SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..07c8f97 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/cyrus-sasl-2.1.27-nodlcompatorsrp.tar.gz diff --git a/SOURCES/autogen.sh b/SOURCES/autogen.sh new file mode 100644 index 0000000..38e3be2 --- /dev/null +++ b/SOURCES/autogen.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# Run this to generate all the initial makefiles, etc. +test -n "$srcdir" || srcdir=`dirname "$0"` +test -n "$srcdir" || srcdir=. + +olddir=`pwd` + +cd $srcdir + +(test -f configure.ac) || { + echo "*** ERROR: Directory "\`$srcdir\'" does not look like the top-level project directory ***" + exit 1 +} + +PKG_NAME=`autoconf --trace 'AC_INIT:$1' configure.ac` + +if [ "$#" = 0 -a "x$NOCONFIGURE" = "x" ]; then + echo "*** WARNING: I am going to run \`configure' with no arguments." >&2 + echo "*** If you wish to pass any to it, please specify them on the" >&2 + echo "*** \`$0\' command line." >&2 + echo "" >&2 +fi + +aclocal --install || exit 1 +autoreconf --verbose --force --install -Wno-portability || exit 1 + +cd $olddir +if [ "$NOCONFIGURE" = "" ]; then + $srcdir/configure "$@" || exit 1 + + if [ "$1" = "--help" ]; then exit 0 else + echo "Now type \`make\' to compile $PKG_NAME" || exit 1 + fi +else + echo "Skipping configure process." +fi + diff --git a/SOURCES/cyrus-sasl-2.1.20-saslauthd.conf-path.patch b/SOURCES/cyrus-sasl-2.1.20-saslauthd.conf-path.patch new file mode 100644 index 0000000..1e414ff --- /dev/null +++ b/SOURCES/cyrus-sasl-2.1.20-saslauthd.conf-path.patch @@ -0,0 +1,26 @@ +diff -up cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc.path cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc +--- cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc.path 2015-10-15 15:44:43.000000000 +0200 ++++ cyrus-sasl-2.1.27/saslauthd/saslauthd.mdoc 2015-11-20 15:05:30.421377527 +0100 +@@ -221,7 +221,7 @@ instead. + .Em (All platforms that support OpenLDAP 2.0 or higher) + .Pp + Authenticate against an ldap server. The ldap configuration parameters are +-read from /usr/local/etc/saslauthd.conf. The location of this file can be ++read from /etc/saslauthd.conf. The location of this file can be + changed with the -O parameter. See the LDAP_SASLAUTHD file included with the + distribution for the list of available parameters. + .It Li sia +@@ -251,10 +251,10 @@ these ticket files can cause serious per + servers. (Kerberos + was never intended to be used in this manner, anyway.) + .Sh FILES +-.Bl -tag -width "/var/run/saslauthd/mux" +-.It Pa /var/run/saslauthd/mux ++.Bl -tag -width "/run/saslauthd/mux" ++.It Pa /run/saslauthd/mux + The default communications socket. +-.It Pa /usr/local/etc/saslauthd.conf ++.It Pa /etc/saslauthd.conf + The default configuration file for ldap support. + .El + .Sh SEE ALSO diff --git a/SOURCES/cyrus-sasl-2.1.21-sizes.patch b/SOURCES/cyrus-sasl-2.1.21-sizes.patch new file mode 100644 index 0000000..6373924 --- /dev/null +++ b/SOURCES/cyrus-sasl-2.1.21-sizes.patch @@ -0,0 +1,119 @@ +diff -up cyrus-sasl-2.1.27/configure.ac.sizes cyrus-sasl-2.1.27/configure.ac +--- cyrus-sasl-2.1.27/configure.ac.sizes 2015-11-18 09:46:24.000000000 +0100 ++++ cyrus-sasl-2.1.27/configure.ac 2015-11-20 15:11:20.474588247 +0100 +@@ -1312,6 +1312,10 @@ AC_HEADER_STDC + AC_HEADER_DIRENT + AC_HEADER_SYS_WAIT + AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h) ++AC_CHECK_TYPES([long long, int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t, uint64_t],,,[ ++#ifdef HAVE_INTTYPES_H ++#include ++#endif]) + + IPv6_CHECK_SS_FAMILY() + IPv6_CHECK_SA_LEN() +diff -up cyrus-sasl-2.1.27/include/makemd5.c.sizes cyrus-sasl-2.1.27/include/makemd5.c +--- cyrus-sasl-2.1.27/include/makemd5.c.sizes 2015-10-15 15:44:43.000000000 +0200 ++++ cyrus-sasl-2.1.27/include/makemd5.c 2015-11-20 15:11:20.477588240 +0100 +@@ -82,12 +82,19 @@ + */ + + ++#ifdef HAVE_CONFIG_H ++#include "../config.h" ++#endif + + #include + #include + #include + #include + ++#ifdef HAVE_INTTYPES_H ++#include ++#endif ++ + + static void + my_strupr(char *s) +@@ -122,6 +129,18 @@ my_strupr(char *s) + static void + try_signed(FILE *f, int len) + { ++#ifdef HAVE_INT8_T ++ BITSIZE(int8_t); ++#endif ++#ifdef HAVE_INT16_T ++ BITSIZE(int16_t); ++#endif ++#ifdef HAVE_INT32_T ++ BITSIZE(int32_t); ++#endif ++#ifdef HAVE_INT64_T ++ BITSIZE(int64_t); ++#endif + BITSIZE(signed char); + BITSIZE(short); + BITSIZE(int); +@@ -135,6 +154,18 @@ try_signed(FILE *f, int len) + static void + try_unsigned(FILE *f, int len) + { ++#ifdef HAVE_UINT8_T ++ BITSIZE(uint8_t); ++#endif ++#ifdef HAVE_UINT16_T ++ BITSIZE(uint16_t); ++#endif ++#ifdef HAVE_UINT32_T ++ BITSIZE(uint32_t); ++#endif ++#ifdef HAVE_UINT64_T ++ BITSIZE(uint64_t); ++#endif + BITSIZE(unsigned char); + BITSIZE(unsigned short); + BITSIZE(unsigned int); +@@ -165,6 +196,11 @@ static int print_pre(FILE *f) + "/* POINTER defines a generic pointer type */\n" + "typedef unsigned char *POINTER;\n" + "\n" ++#ifdef HAVE_INTTYPES_H ++ "/* We try to define integer types for our use */\n" ++ "#include \n" ++ "\n" ++#endif + ); + return 1; + } +@@ -212,31 +248,15 @@ int main(int argc, char **argv) + + print_pre(f); + +-#ifndef HAVE_INT8_T + try_signed (f, 8); +-#endif /* HAVE_INT8_T */ +-#ifndef HAVE_INT16_T + try_signed (f, 16); +-#endif /* HAVE_INT16_T */ +-#ifndef HAVE_INT32_T + try_signed (f, 32); +-#endif /* HAVE_INT32_T */ +-#ifndef HAVE_INT64_T + try_signed (f, 64); +-#endif /* HAVE_INT64_T */ + +-#ifndef HAVE_U_INT8_T + try_unsigned (f, 8); +-#endif /* HAVE_INT8_T */ +-#ifndef HAVE_U_INT16_T + try_unsigned (f, 16); +-#endif /* HAVE_U_INT16_T */ +-#ifndef HAVE_U_INT32_T + try_unsigned (f, 32); +-#endif /* HAVE_U_INT32_T */ +-#ifndef HAVE_U_INT64_T + try_unsigned (f, 64); +-#endif /* HAVE_U_INT64_T */ + + print_post(f); + diff --git a/SOURCES/cyrus-sasl-2.1.23-man.patch b/SOURCES/cyrus-sasl-2.1.23-man.patch new file mode 100644 index 0000000..21c63cd --- /dev/null +++ b/SOURCES/cyrus-sasl-2.1.23-man.patch @@ -0,0 +1,24 @@ +diff -up cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8.man cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8 +--- cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8.man 2013-09-03 15:25:26.818042047 +0200 ++++ cyrus-sasl-2.1.26/saslauthd/testsaslauthd.8 2013-09-03 15:25:26.818042047 +0200 +@@ -0,0 +1,20 @@ ++.\" Hey, EMACS: -*- nroff -*- ++.TH TESTSASLAUTHD 8 "14 October 2006" ++.SH NAME ++testsaslauthd \- test utility for the SASL authentication server ++.SH SYNOPSIS ++.B testsaslauthd ++.RI "[ " \(hyr " " realm " ] [ " \(hys " " servicename " ] [ " \(hyf " " socket " " path " ] [ " \(hyR " " repeatnum " ]" ++.SH DESCRIPTION ++This manual page documents briefly the ++.B testsaslauthd ++command. ++.PP ++.SH SEE ALSO ++.BR saslauthd (8). ++.br ++.SH AUTHOR ++testsaslauthd was written by Carnegie Mellon University. ++.PP ++This manual page was written by Roberto C. Sanchez , ++for the Debian project (but may be used by others). diff --git a/SOURCES/cyrus-sasl-2.1.25-no_rpath.patch b/SOURCES/cyrus-sasl-2.1.25-no_rpath.patch new file mode 100644 index 0000000..3ff180c --- /dev/null +++ b/SOURCES/cyrus-sasl-2.1.25-no_rpath.patch @@ -0,0 +1,20 @@ +diff -up cyrus-sasl-2.1.25/m4/cyrus.m4.no_rpath cyrus-sasl-2.1.25/m4/cyrus.m4 +--- cyrus-sasl-2.1.25/m4/cyrus.m4.no_rpath 2010-01-22 16:12:01.000000000 +0100 ++++ cyrus-sasl-2.1.25/m4/cyrus.m4 2012-12-06 14:59:47.956102057 +0100 +@@ -32,14 +32,5 @@ AC_DEFUN([CMU_ADD_LIBPATH_TO], [ + dnl runpath initialization + AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ + # CMU GUESS RUNPATH SWITCH +- AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ +- # first, try -R +- SAVE_LDFLAGS="${LDFLAGS}" +- LDFLAGS="-R /usr/lib" +- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ +- LDFLAGS="-Wl,-rpath,/usr/lib" +- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], +- [andrew_cv_runpath_switch="none"]) +- ]) +- LDFLAGS="${SAVE_LDFLAGS}" +- ])]) ++ andrew_runpath_switch="none" ++ ]) diff --git a/SOURCES/cyrus-sasl-2.1.26-md5global.patch b/SOURCES/cyrus-sasl-2.1.26-md5global.patch new file mode 100644 index 0000000..605c8ec --- /dev/null +++ b/SOURCES/cyrus-sasl-2.1.26-md5global.patch @@ -0,0 +1,24 @@ +diff -up cyrus-sasl-2.1.27/include/Makefile.am.md5global.h cyrus-sasl-2.1.27/include/Makefile.am +--- cyrus-sasl-2.1.27/include/Makefile.am.md5global.h 2018-05-17 13:33:49.588368350 +0200 ++++ cyrus-sasl-2.1.27/include/Makefile.am 2018-05-17 13:38:19.377316869 +0200 +@@ -49,20 +49,7 @@ saslinclude_HEADERS = hmac-md5.h md5.h m + + noinst_PROGRAMS = makemd5 + +-makemd5_SOURCES = makemd5.c +- +-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CC=$(CC_FOR_BUILD) +-makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD) +-makemd5$(BUILD_EXEEXT): LDFLAGS=$(LDFLAGS_FOR_BUILD) +- +-md5global.h: makemd5$(BUILD_EXEEXT) Makefile +- -rm -f $@ +- ./$< $@ +- +-BUILT_SOURCES = md5global.h +- + EXTRA_DIST = NTMakefile +-DISTCLEANFILES = md5global.h + + if MACOSX + framedir = /Library/Frameworks/SASL2.framework diff --git a/SOURCES/cyrus-sasl-pr559-RC4-openssl.patch b/SOURCES/cyrus-sasl-pr559-RC4-openssl.patch new file mode 100644 index 0000000..1993639 --- /dev/null +++ b/SOURCES/cyrus-sasl-pr559-RC4-openssl.patch @@ -0,0 +1,155 @@ +From 8aa9ae816ddf66921b4a8a0f422517e6f2e55ac6 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 27 Mar 2019 14:29:08 -0400 +Subject: [PATCH] Use Openssl RC4 when available + +Signed-off-by: Simo Sorce +--- + configure.ac | 5 +-- + plugins/digestmd5.c | 107 +++++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 108 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 388f5d02..cfdee4a2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1102,12 +1102,11 @@ AC_ARG_WITH(configdir, [ --with-configdir=DIR set the directory where confi + AC_SUBST(configdir) + +-dnl look for rc4 libraries. we accept the CMU one or one from openSSL +-AC_ARG_WITH(rc4, [ --with-rc4 use internal rc4 routines [[yes]] ], ++AC_ARG_WITH(rc4, [ --with-rc4 use rc4 routines [[yes]] ], + with_rc4=$withval, + with_rc4=yes) + + if test "$with_rc4" != no; then +- AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?]) ++ AC_DEFINE(WITH_RC4,[],[Use RC4]) + fi + + building_for_macosx=no +diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c +index df35093d..c6b54317 100644 +--- a/plugins/digestmd5.c ++++ b/plugins/digestmd5.c +@@ -1117,6 +1117,111 @@ static void free_des(context_t *text) + #endif /* WITH_DES */ + + #ifdef WITH_RC4 ++#ifdef HAVE_OPENSSL ++#include ++ ++static void free_rc4(context_t *text) ++{ ++ if (text->cipher_enc_context) { ++ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context); ++ text->cipher_enc_context = NULL; ++ } ++ if (text->cipher_dec_context) { ++ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context); ++ text->cipher_dec_context = NULL; ++ } ++} ++ ++static int init_rc4(context_t *text, ++ unsigned char enckey[16], ++ unsigned char deckey[16]) ++{ ++ EVP_CIPHER_CTX *ctx; ++ int rc; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) return SASL_NOMEM; ++ ++ rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL); ++ if (rc != 1) return SASL_FAIL; ++ ++ text->cipher_enc_context = (void *)ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) return SASL_NOMEM; ++ ++ rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL); ++ if (rc != 1) return SASL_FAIL; ++ ++ text->cipher_dec_context = (void *)ctx; ++ ++ return SASL_OK; ++} ++ ++static int dec_rc4(context_t *text, ++ const char *input, ++ unsigned inputlen, ++ unsigned char digest[16] __attribute__((unused)), ++ char *output, ++ unsigned *outputlen) ++{ ++ int len; ++ int rc; ++ ++ /* decrypt the text part & HMAC */ ++ rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context, ++ (unsigned char *)output, &len, ++ (const unsigned char *)input, inputlen); ++ if (rc != 1) return SASL_FAIL; ++ ++ *outputlen = len; ++ ++ rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context, ++ (unsigned char *)output + len, &len); ++ if (rc != 1) return SASL_FAIL; ++ ++ *outputlen += len; ++ ++ /* subtract the HMAC to get the text length */ ++ *outputlen -= 10; ++ ++ return SASL_OK; ++} ++ ++static int enc_rc4(context_t *text, ++ const char *input, ++ unsigned inputlen, ++ unsigned char digest[16], ++ char *output, ++ unsigned *outputlen) ++{ ++ int len; ++ int rc; ++ /* encrypt the text part */ ++ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context, ++ (unsigned char *)output, &len, ++ (const unsigned char *)input, inputlen); ++ if (rc != 1) return SASL_FAIL; ++ ++ *outputlen = len; ++ ++ /* encrypt the `MAC part */ ++ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context, ++ (unsigned char *)output + *outputlen, &len, ++ digest, 10); ++ if (rc != 1) return SASL_FAIL; ++ ++ *outputlen += len; ++ ++ rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context, ++ (unsigned char *)output + *outputlen, &len); ++ if (rc != 1) return SASL_FAIL; ++ ++ *outputlen += len; ++ ++ return SASL_OK; ++} ++#else + /* quick generic implementation of RC4 */ + struct rc4_context_s { + unsigned char sbox[256]; +@@ -1296,7 +1401,7 @@ static int enc_rc4(context_t *text, + + return SASL_OK; + } +- ++#endif /* HAVE_OPENSSL */ + #endif /* WITH_RC4 */ + + struct digest_cipher available_ciphers[] = diff --git a/SOURCES/make-no-dlcompatorsrp-tarball.sh b/SOURCES/make-no-dlcompatorsrp-tarball.sh new file mode 100755 index 0000000..a0a3245 --- /dev/null +++ b/SOURCES/make-no-dlcompatorsrp-tarball.sh @@ -0,0 +1,41 @@ +#!/bin/bash -e +# +# See ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ for unmodified sources. +# + +tmppath=`mktemp -d ${TMPDIR:-/tmp}/make-no-dlcompat-tarball-XXXXXX` +if test -z "$tmppath" ; then + echo Error creating temporary directory. + exit 1 +fi +trap "rm -fr $tmppath" EXIT + +initialdir=`pwd` + +for tarball in ${initialdir}/cyrus-sasl-*.tar.{gz,bz2} ; do + if ! test -s "$tarball" ; then + continue + fi + rm -fr $tmppath/* + pushd $tmppath > /dev/null + case "$tarball" in + *nodlcompat*) + : Do nothing. + ;; + *.gz) + gzip -dc "$tarball" | tar xf - + rm -fr cyrus-sasl-*/dlcompat* + rm -fr cyrus-sasl-*/plugins/srp* + tar cf - * | gzip -9c > \ + $initialdir/`basename $tarball .tar.gz`-nodlcompatorsrp.tar.gz + ;; + *.bz2) + bzip2 -dc "$tarball" | tar xf - + rm -fr cyrus-sasl-*/dlcompat* + rm -fr cyrus-sasl-*/plugins/srp* + tar cf - * | bzip2 -9c > \ + $initialdir/`basename $tarball .tar.bz2`-nodlcompatorsrp.tar.bz2 + ;; + esac + popd > /dev/null +done diff --git a/SOURCES/sasl-mechlist.c b/SOURCES/sasl-mechlist.c new file mode 100644 index 0000000..680e983 --- /dev/null +++ b/SOURCES/sasl-mechlist.c @@ -0,0 +1,99 @@ +#include +#include +#include +#include + +#include "sasl.h" + +static int +my_getopt(void *context, const char *plugin_name, + const char *option, const char **result, unsigned *len) +{ + if (result) { + *result = NULL; +#if 0 + fprintf(stderr, "Getopt plugin=%s%s%s/option=%s%s%s -> ", + plugin_name ? "\"" : "", + plugin_name ? plugin_name : "(null)", + plugin_name ? "\"" : "", + option ? "\"" : "", + option ? option : "(null)", + option ? "\"" : ""); + fprintf(stderr, "'%s'.\n", *result ? *result : ""); +#endif + } + if (len) { + *len = 0; + } + return 0; +} + +int +main(int argc, char **argv) +{ + int ret, i; + const char *mechs, **globals; + sasl_callback_t callbacks[] = { + {SASL_CB_GETOPT, my_getopt, NULL}, + {SASL_CB_LIST_END}, + }; + sasl_conn_t *connection; + char hostname[512]; + + if ((argc > 1) && (argv[1][0] == '-')) { + fprintf(stderr, "Usage: %s [appname [hostname] ]\n", argv[0]); + return 0; + } + + ret = sasl_server_init(callbacks, argc > 1 ? argv[1] : "sasl-mechlist"); + if (ret != SASL_OK) { + fprintf(stderr, "Error in sasl_server_init(): %s\n", + sasl_errstring(ret, NULL, NULL)); + } + + connection = NULL; + strcpy(hostname, "localhost"); + gethostname(hostname, sizeof(hostname)); + ret = sasl_server_new(argc > 2 ? argv[2] : "host", + hostname, + NULL, + NULL, + NULL, + callbacks, + 0, + &connection); + if (ret != SASL_OK) { + fprintf(stderr, "Error in sasl_server_new(): %s\n", + sasl_errstring(ret, NULL, NULL)); + } + + ret = sasl_listmech(connection, + getenv("USER") ? getenv("USER") : "root", + "Available mechanisms: ", + ",", + "\n", + &mechs, + NULL, + NULL); + if (ret != SASL_OK) { + fprintf(stderr, "Error in sasl_listmechs(): %s\n", + sasl_errstring(ret, NULL, NULL)); + } else { + fprintf(stdout, "%s", mechs); + } + + globals = sasl_global_listmech(); + for (i = 0; (globals != NULL) && (globals[i] != NULL); i++) { + if (i == 0) { + fprintf(stdout, "Library supports: "); + } + fprintf(stdout, "%s", globals[i]); + if (globals[i + 1] != NULL) { + fprintf(stdout, ","); + } else { + fprintf(stdout, "\n"); + } + } + + return 0; +} diff --git a/SOURCES/saslauthd.service b/SOURCES/saslauthd.service new file mode 100644 index 0000000..c7c7eca --- /dev/null +++ b/SOURCES/saslauthd.service @@ -0,0 +1,12 @@ +[Unit] +Description=SASL authentication daemon. + +[Service] +Type=forking +PIDFile=/run/saslauthd/saslauthd.pid +EnvironmentFile=/etc/sysconfig/saslauthd +ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS +RuntimeDirectory=saslauthd + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/saslauthd.sysconfig b/SOURCES/saslauthd.sysconfig new file mode 100644 index 0000000..5413c36 --- /dev/null +++ b/SOURCES/saslauthd.sysconfig @@ -0,0 +1,11 @@ +# Directory in which to place saslauthd's listening socket, pid file, and so +# on. This directory must already exist. +SOCKETDIR=/run/saslauthd + +# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list +# of which mechanism your installation was compiled with the ablity to use. +MECH=pam + +# Additional flags to pass to saslauthd on the command line. See saslauthd(8) +# for the list of accepted flags. +FLAGS= diff --git a/SPECS/cyrus-sasl.spec b/SPECS/cyrus-sasl.spec new file mode 100644 index 0000000..103a782 --- /dev/null +++ b/SPECS/cyrus-sasl.spec @@ -0,0 +1,1127 @@ +%global username saslauth +%global hint Saslauthd user +%global homedir /run/saslauthd + +%global _plugindir2 %{_libdir}/sasl2 +%global bootstrap_cyrus_sasl 0 + +Summary: The Cyrus SASL library +Name: cyrus-sasl +Version: 2.1.27 +Release: 1%{?dist} +License: BSD with advertising +Group: System Environment/Libraries +# Source0 originally comes from https://www.cyrusimap.org/releases/; +# make-no-dlcompatorsrp-tarball.sh removes the "dlcompat" subdirectory and builds a +# new tarball. +Source0: cyrus-sasl-%{version}-nodlcompatorsrp.tar.gz +Source5: saslauthd.service +Source7: sasl-mechlist.c +Source9: saslauthd.sysconfig +Source10: make-no-dlcompatorsrp-tarball.sh +# From upstream git, required for reconfigure after applying patches to configure.ac +# https://raw.githubusercontent.com/cyrusimap/cyrus-sasl/master/autogen.sh +Source11: autogen.sh +URL: https://www.cyrusimap.org/sasl/ +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Patch11: cyrus-sasl-2.1.25-no_rpath.patch +Patch15: cyrus-sasl-2.1.20-saslauthd.conf-path.patch +Patch23: cyrus-sasl-2.1.23-man.patch +Patch24: cyrus-sasl-2.1.21-sizes.patch +Patch49: cyrus-sasl-2.1.26-md5global.patch +Patch60: cyrus-sasl-pr559-RC4-openssl.patch + +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: autoconf, automake, libtool, gdbm-devel, groff +BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig +BuildRequires: mariadb-connector-c-devel, postgresql-devel, zlib-devel +BuildRequires: libdb-devel +%if ! %{bootstrap_cyrus_sasl} +BuildRequires: openldap-devel +%endif +%{?systemd_requires} +Requires(post): chkconfig +Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd +Requires(postun): /usr/sbin/userdel /usr/sbin/groupdel +Requires: /sbin/nologin +Requires: systemd >= 211 +Provides: user(%username) +Provides: group(%username) + + +%description +The %{name} package contains the Cyrus implementation of SASL. +SASL is the Simple Authentication and Security Layer, a method for +adding authentication support to connection-based protocols. + +%package lib +Group: System Environment/Libraries +Summary: Shared libraries needed by applications which use Cyrus SASL + +%description lib +The %{name}-lib package contains shared libraries which are needed by +applications which use the Cyrus SASL library. + +%package devel +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig +Group: Development/Libraries +Summary: Files needed for developing applications with Cyrus SASL + +%description devel +The %{name}-devel package contains files needed for developing and +compiling applications which use the Cyrus SASL library. + +%package gssapi +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: GSSAPI authentication support for Cyrus SASL + +%description gssapi +The %{name}-gssapi package contains the Cyrus SASL plugins which +support GSSAPI authentication. GSSAPI is commonly used for Kerberos +authentication. + +%package plain +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: PLAIN and LOGIN authentication support for Cyrus SASL + +%description plain +The %{name}-plain package contains the Cyrus SASL plugins which support +PLAIN and LOGIN authentication schemes. + +%package md5 +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: CRAM-MD5 and DIGEST-MD5 authentication support for Cyrus SASL + +%description md5 +The %{name}-md5 package contains the Cyrus SASL plugins which support +CRAM-MD5 and DIGEST-MD5 authentication schemes. + +%package ntlm +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: NTLM authentication support for Cyrus SASL + +%description ntlm +The %{name}-ntlm package contains the Cyrus SASL plugin which supports +the NTLM authentication scheme. + +# This would more appropriately be named cyrus-sasl-auxprop-sql. +%package sql +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: SQL auxprop support for Cyrus SASL + +%description sql +The %{name}-sql package contains the Cyrus SASL plugin which supports +using a RDBMS for storing shared secrets. + +%if ! %{bootstrap_cyrus_sasl} +# This was *almost* named cyrus-sasl-auxprop-ldapdb, but that's a lot of typing. +%package ldap +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: LDAP auxprop support for Cyrus SASL + +%description ldap +The %{name}-ldap package contains the Cyrus SASL plugin which supports using +a directory server, accessed using LDAP, for storing shared secrets. +%endif + +%package scram +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: SCRAM auxprop support for Cyrus SASL + +%description scram +The %{name}-scram package contains the Cyrus SASL plugin which supports +the SCRAM authentication scheme. + +%package gs2 +Requires: %{name}-lib%{?_isa} = %{version}-%{release} +Group: System Environment/Libraries +Summary: GS2 support for Cyrus SASL + +%description gs2 +The %{name}-gs2 package contains the Cyrus SASL plugin which supports +the GS2 authentication scheme. + +### + + +%prep +%setup -q -n cyrus-sasl-%{version} +%patch11 -p1 -b .no_rpath +%patch15 -p1 -b .path +%patch23 -p1 -b .man +%patch24 -p1 -b .sizes +%patch49 -p1 -b .md5global.h +%patch60 -p1 -b .openssl_rc4 + +%build +# reconfigure +cp %{SOURCE11} ./ +rm configure aclocal.m4 config/ltmain.sh Makefile.in +export NOCONFIGURE=yes +sh autogen.sh + +# Find Kerberos. +krb5_prefix=`krb5-config --prefix` +if test x$krb5_prefix = x%{_prefix} ; then + krb5_prefix= +else + CPPFLAGS="-I${krb5_prefix}/include $CPPFLAGS"; export CPPFLAGS + LDFLAGS="-L${krb5_prefix}/%{_lib} $LDFLAGS"; export LDFLAGS +fi + +# Find OpenSSL. +LIBS="-lcrypt"; export LIBS +if pkg-config openssl ; then + CPPFLAGS="`pkg-config --cflags-only-I openssl` $CPPFLAGS"; export CPPFLAGS + LDFLAGS="`pkg-config --libs-only-L openssl` $LDFLAGS"; export LDFLAGS +fi + +# Find the MySQL libraries used needed by the SQL auxprop plugin. +INC_DIR="`mysql_config --include`" +if test x"$INC_DIR" != "x-I%{_includedir}"; then + CPPFLAGS="$INC_DIR $CPPFLAGS"; export CPPFLAGS +fi +LIB_DIR="`mysql_config --libs | sed -e 's,-[^L][^ ]*,,g' -e 's,^ *,,' -e 's, *$,,' -e 's, *, ,g'`" +if test x"$LIB_DIR" != "x-L%{_libdir}"; then + LDFLAGS="$LIB_DIR $LDFLAGS"; export LDFLAGS +fi + +# Find the PostgreSQL libraries used needed by the SQL auxprop plugin. +INC_DIR="-I`pg_config --includedir`" +if test x"$INC_DIR" != "x-I%{_includedir}"; then + CPPFLAGS="$INC_DIR $CPPFLAGS"; export CPPFLAGS +fi +LIB_DIR="-L`pg_config --libdir`" +if test x"$LIB_DIR" != "x-L%{_libdir}"; then + LDFLAGS="$LIB_DIR $LDFLAGS"; export LDFLAGS +fi + +# Patch config.sub to support ppc64p7 subarch (Fedora specific) +# This is similar to what the config.sub from automake has +for i in `find . -name config.sub`; do + perl -pi -e "s/ppc64-\*/ppc64-\* \| ppc64p7-\*/" $i +done + +CFLAGS="$RPM_OPT_FLAGS $CFLAGS $CPPFLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"; export CFLAGS +LDFLAGS="$LDFLAGS -pie -Wl,-z,now"; export LDFLAGS + +echo "$CFLAGS" +echo "$CPPFLAGS" +echo "$LDFLAGS" + +%configure \ + --enable-shared --disable-static \ + --disable-java \ + --with-plugindir=%{_plugindir2} \ + --with-configdir=%{_plugindir2}:%{_sysconfdir}/sasl2 \ + --disable-krb4 \ + --enable-gssapi${krb5_prefix:+=${krb5_prefix}} \ + --with-gss_impl=mit \ + --with-rc4 \ + --with-dblib=berkeley \ + --with-bdb=db \ + --with-saslauthd=/run/saslauthd --without-pwcheck \ +%if ! %{bootstrap_cyrus_sasl} + --with-ldap \ +%endif + --with-devrandom=/dev/urandom \ + --enable-anon \ + --enable-cram \ + --enable-digest \ + --enable-ntlm \ + --enable-plain \ + --enable-login \ + --enable-alwaystrue \ + --enable-httpform \ + --disable-otp \ +%if ! %{bootstrap_cyrus_sasl} + --enable-ldapdb \ +%endif + --enable-sql --with-mysql=yes --with-pgsql=yes \ + --without-sqlite \ + "$@" + # --enable-auth-sasldb -- EXPERIMENTAL +make sasldir=%{_plugindir2} +make -C saslauthd testsaslauthd +make -C sample + +# Build a small program to list the available mechanisms, because I need it. +pushd lib +../libtool --mode=link %{__cc} -o sasl2-shared-mechlist -I../include $CFLAGS %{SOURCE7} $LDFLAGS ./libsasl2.la + + +%install +test "$RPM_BUILD_ROOT" != "/" && rm -rf $RPM_BUILD_ROOT + +make install DESTDIR=$RPM_BUILD_ROOT sasldir=%{_plugindir2} +make install DESTDIR=$RPM_BUILD_ROOT sasldir=%{_plugindir2} -C plugins + +install -m755 -d $RPM_BUILD_ROOT%{_bindir} +./libtool --mode=install \ +install -m755 sample/client $RPM_BUILD_ROOT%{_bindir}/sasl2-sample-client +./libtool --mode=install \ +install -m755 sample/server $RPM_BUILD_ROOT%{_bindir}/sasl2-sample-server +./libtool --mode=install \ +install -m755 saslauthd/testsaslauthd $RPM_BUILD_ROOT%{_sbindir}/testsaslauthd + +# Install the saslauthd mdoc page in the expected location. Sure, it's not +# really a man page, but groff seems to be able to cope with it. +install -m755 -d $RPM_BUILD_ROOT%{_mandir}/man8/ +install -m644 -p saslauthd/saslauthd.mdoc $RPM_BUILD_ROOT%{_mandir}/man8/saslauthd.8 +install -m644 -p saslauthd/testsaslauthd.8 $RPM_BUILD_ROOT%{_mandir}/man8/testsaslauthd.8 + +# Install the init script for saslauthd and the init script's config file. +install -m755 -d $RPM_BUILD_ROOT/etc/rc.d/init.d $RPM_BUILD_ROOT/etc/sysconfig +install -d -m755 $RPM_BUILD_ROOT/%{_unitdir} +install -m644 -p %{SOURCE5} $RPM_BUILD_ROOT/%{_unitdir}/saslauthd.service +install -m644 -p %{SOURCE9} $RPM_BUILD_ROOT/etc/sysconfig/saslauthd + +# Install the config dirs if they're not already there. +install -m755 -d $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 +install -m755 -d $RPM_BUILD_ROOT/%{_plugindir2} + +# Provide an easy way to query the list of available mechanisms. +./libtool --mode=install \ +install -m755 lib/sasl2-shared-mechlist $RPM_BUILD_ROOT/%{_sbindir}/ + +# Remove unpackaged files from the buildroot. +rm -f $RPM_BUILD_ROOT%{_libdir}/sasl2/libotp.* +rm -f $RPM_BUILD_ROOT%{_libdir}/sasl2/*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/sasl2/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_mandir}/cat8/saslauthd.8 + + +%pre +getent group %{username} >/dev/null || groupadd -g 76 -r %{username} +getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir} -s /sbin/nologin -c "%{hint}" %{username} + +%post +%systemd_post saslauthd.service + +%preun +%systemd_preun saslauthd.service + +%postun +%systemd_postun_with_restart saslauthd.service + +%triggerun -n cyrus-sasl -- cyrus-sasl < 2.1.23-32 +/usr/bin/systemd-sysv-convert --save saslauthd >/dev/null 2>&1 || : +/sbin/chkconfig --del saslauthd >/dev/null 2>&1 || : +/bin/systemctl try-restart saslauthd.service >/dev/null 2>&1 || : + +%post lib -p /sbin/ldconfig +%postun lib -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%doc saslauthd/LDAP_SASLAUTHD +%{_mandir}/man8/* +%{_sbindir}/pluginviewer +%{_sbindir}/saslauthd +%{_sbindir}/testsaslauthd +%config(noreplace) /etc/sysconfig/saslauthd +%{_unitdir}/saslauthd.service +%ghost /run/saslauthd + +%files lib +%defattr(-,root,root) +%license COPYING +%doc AUTHORS doc/html/*.html +%{_libdir}/libsasl*.so.* +%dir %{_sysconfdir}/sasl2 +%dir %{_plugindir2}/ +%{_plugindir2}/*anonymous*.so* +%{_plugindir2}/*sasldb*.so* +%{_sbindir}/saslpasswd2 +%{_sbindir}/sasldblistusers2 + +%files plain +%defattr(-,root,root) +%{_plugindir2}/*plain*.so* +%{_plugindir2}/*login*.so* + +%if ! %{bootstrap_cyrus_sasl} +%files ldap +%defattr(-,root,root) +%{_plugindir2}/*ldapdb*.so* +%endif + +%files md5 +%defattr(-,root,root) +%{_plugindir2}/*crammd5*.so* +%{_plugindir2}/*digestmd5*.so* + +%files ntlm +%defattr(-,root,root) +%{_plugindir2}/*ntlm*.so* + +%files sql +%defattr(-,root,root) +%{_plugindir2}/*sql*.so* + +%files gssapi +%defattr(-,root,root) +%{_plugindir2}/*gssapi*.so* + +%files scram +%defattr(-,root,root) +%{_plugindir2}/libscram.so* + +%files gs2 +%defattr(-,root,root) +%{_plugindir2}/libgs2.so* + +%files devel +%defattr(-,root,root) +%{_bindir}/sasl2-sample-client +%{_bindir}/sasl2-sample-server +%{_includedir}/* +%{_libdir}/libsasl*.*so +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* +%{_sbindir}/sasl2-shared-mechlist + +%changelog +* Fri Jun 14 2019 Simo Sorce - 2.1.27-1 +- Rc7 to final source +- Resovles bz#1618744 + +* Thu Jun 13 2019 Simo Sorce - 2.1.27-0.4rc7 +- Add patch form Upstream PR559 to use RC4 implementation from OpenSSL +- Resolves bz#1618744 +- Fix multilib issue bz#1663120 + +* Mon Jul 30 2018 Florian Weimer - 2.1.27-0.3rc7 +- Rebuild with fixed binutils + +* Wed Jul 25 2018 Petr Kubat - 2.1.27-0.2rc7 +- Rebuilt for gdbm + +* Mon Mar 05 2018 Jakub Jelen - 2.1.27-0.1rc7 +- New upstream (pre-)release +- Import LDFLAGS from redhat-rpm-config (#1548437) + +* Wed Feb 07 2018 Fedora Release Engineering - 2.1.26-37 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 2.1.26-36 +- Rebuilt for switch to libxcrypt + +* Mon Oct 23 2017 Jakub Jelen - 2.1.26-35 +- Use mariadb-connector-c-devel instead of mysql-devel (#1493620) + +* Wed Aug 02 2017 Fedora Release Engineering - 2.1.26-34 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.1.26-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Apr 19 2017 Jakub Jelen - 2.1.26-32 +- Add missing patch for separate mutexes per connection in GSSAPI + +* Tue Apr 18 2017 Jakub Jelen - 2.1.26-31 +- Allow cyrus sasl to get the ssf from gssapi + +* Wed Apr 12 2017 Petr Šabata - 2.1.26-30 +- Removing the obsolete scriptlet /sbin/service dependency + +* Tue Mar 07 2017 Jakub Jelen - 2.1.26-29 +- Fix GSS SPNEGO support (#1421663) + +* Fri Feb 10 2017 Fedora Release Engineering - 2.1.26-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Nov 07 2016 Jakub Jelen - 2.1.26-27 +- Add support for OpenSSL 1.1.0 + +* Wed Feb 03 2016 Fedora Release Engineering - 2.1.26-26.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jul 16 2015 Jakub Jelen 2.1.26-25.2 +- Revert tmpfiles.d and use new systemd feature RuntimeDirectory + +* Wed Jun 17 2015 Fedora Release Engineering - 2.1.26-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri May 29 2015 Jakub Jelen 2.1.26-23 +- Add ability to handle logging in gssapi plugin (#1187097) + +* Mon Mar 16 2015 Jakub Jelen 2.1.26-22 +- Rever "Do not leak memory in plugin_common.c ..." due the breakage of svn (#1202364) + +* Thu Mar 12 2015 Jakub Jelen 2.1.26-21 +- Add and Document ability to run saslauthd as non-root user, fix tpmfiles ownership (#1189203) +- Do not leak memory in sample server (#852755) +- Do not leak memory in plugin_common.c for password callback (#1191183) +- Cleanup spec file: tmpfiles.d macros and tab/space + +* Wed Feb 04 2015 Petr Lautrbach 2.1.26-20 +- Change the ownership of /run/saslauth to saslauth:saslauth (#1189203) + +* Sat Aug 16 2014 Fedora Release Engineering - 2.1.26-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 11 2014 Tom Callaway - 2.1.26-18 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 2.1.26-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Jan 19 2014 Ville Skyttä - 2.1.26-16 +- Don't order service after syslog.target. + +* Fri Nov 15 2013 Petr Lautrbach 2.1.26-15 +- Treat SCRAM-SHA-1/DIGEST-MD5 as more secure than PLAIN (#970718) +- improve configuration error message + +* Fri Nov 01 2013 Petr Lautrbach 2.1.26-14 +- revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 (#984079) + +* Tue Oct 15 2013 Karsten Hopp 2.1.26-13 +- add ppc64p7 subarch support in config.sub (Fedora only) + +* Mon Sep 09 2013 Petr Lautrbach 2.1.26-12 +- build with RPM_OPT_FLAGS (#1005535) + +* Tue Sep 03 2013 Petr Lautrbach 2.1.26-11 +- fix hardening for /usr/sbin/saslauthd +- add testsaslauthd.8 man page to the package +- use static md5global.h file + +* Sat Aug 03 2013 Fedora Release Engineering - 2.1.26-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jun 24 2013 Petr Lautrbach 2.1.26-9 +- detect gsskrb5_register_acceptor_identity macro (#976538) + +* Tue Jun 04 2013 Karsten Hopp 2.1.26-8 +- disable incorrect check for MkLinux to allow building with shared libraries on PPC + +* Tue May 21 2013 Petr Lautrbach 2.1.26-7 +- fix the spec file in order to build the cyrus-sasl-sql plugin + with support for PostgreSQL and MySQL + +* Thu Feb 21 2013 Petr Lautrbach 2.1.26-6 +- don't include system sasl2 library needed for rebuilds after rebase + +* Mon Feb 11 2013 Petr Lautrbach 2.1.26-5 +- enable full relro and PIE compiler flags for saslauthd + +* Fri Feb 01 2013 Petr Lautrbach 2.1.26-4 +- fix library symlinks + +* Thu Jan 31 2013 Rex Dieter 2.1.26-3 +- actually apply size_t patch (#906519) + +* Thu Jan 31 2013 Rex Dieter 2.1.26-2 +- sasl.h: +#include for missing size_t type (#906519) +- tighten subpkg deps via %%?_isa + +* Thu Dec 20 2012 Petr Lautrbach 2.1.26-1 +- update to 2.1.26 +- fix segfaults in sasl_gss_encode (#886140) + +* Mon Dec 10 2012 Petr Lautrbach 2.1.25-2 +- always use the current external Berkeley DB when linking + +* Fri Dec 07 2012 Petr Lautrbach 2.1.25-1 +- update to 2.1.25 +- add cyrus-sasl-scram and cyrus-sasl-gs2 packages + +* Fri Sep 14 2012 Petr Lautrbach 2.1.23-36 +- replace scriptlets with systemd macros (#856666) + +* Wed Jul 18 2012 Fedora Release Engineering - 2.1.23-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jul 17 2012 Petr Lautrbach 2.1.23-34 +- move /etc/tmpfiles.d/saslauthd.conf to /usr/lib/tmpfiles.d/saslauthd.conf (#840193) + +* Wed Jun 20 2012 Petr Lautrbach 2.1.23-33 +- properly deal with crypt() returning NULL (#816250) +- use fixed gid 76 for saslauth + +* Mon Apr 16 2012 Jindrich Novy 2.1.23-32 +- re-enable libdb support and utilities + +* Wed Apr 04 2012 Jindrich Novy 2.1.23-31 +- temporarily disable libdb support to resolve cyrus-sasl + chicken and egg build problem against libdb + +* Tue Apr 03 2012 Jindrich Novy 2.1.23-30 +- rebuild against new libdb + +* Wed Feb 08 2012 Petr Lautrbach 2.1.23-29 +- Change saslauth user homedir to /run/saslauthd (#752889) +- Change all /var/run/ to /run/ +- DAEMONOPTS are not supported any more in systemd units + +* Mon Jan 09 2012 Jeroen van Meeuwen - 2.1.23-28 +- Ship with sasl_pwcheck_method: alwaystrue + +* Mon Dec 12 2011 Petr Lautrbach 2.1.23-27 +- remove support for logging of the remote host via PAM (#759334) +- fix systemd files (#750436) + +* Wed Aug 10 2011 Jan F. Chadima - 2.1.23-26 +- Add partial relro support for libraries + +* Mon Jul 25 2011 Jan F. Chadima - 2.1.23-25 +- Add support for berkeley db 5 + +* Wed Jun 29 2011 Jan F. Chadima - 2.1.23-23 +- Migrate the package to full native systemd unit files, according to the Fedora + packaging guidelines. + +* Wed Jun 1 2011 Jan F. Chadima - 2.1.23-22 +- repair rimap support (more packets in response) + +* Wed May 25 2011 Jan F. Chadima - 2.1.23-21 +- repair ntlm support + +* Mon May 23 2011 Jan F. Chadima - 2.1.23-20 +- add logging of the remote host via PAM + +* Thu Apr 28 2011 Jan F. Chadima - 2.1.23-19 +- temporarilly revert systemd units + +* Tue Apr 26 2011 Jan F. Chadima - 2.1.23-18 +- update scriptlets + +* Fri Apr 22 2011 Jan F. Chadima - 2.1.23-17 +- Add systemd units + +* Wed Mar 23 2011 Tomas Mraz - 2.1.23-16 +- Rebuilt with new mysqlclient + +* Fri Feb 25 2011 Jan F. Chadima - 2.1.23-15 +- set correct license tag +- add ghost to /var/run/saslauthd + +* Tue Feb 08 2011 Fedora Release Engineering - 2.1.23-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Apr 9 2010 Jan F. Chadima - 2.1.23-13 +- Add /etc/tmpfiles.d element (#662734) + +* Fri Apr 9 2010 Jan F. Chadima - 2.1.23-12 +- Update init script to impeach pid file + +* Thu Mar 11 2010 Jan F. Chadima - 2.1.23-11 +- Update pre post preun and postun scripts (#572399) + +* Wed Mar 10 2010 Jan F. Chadima - 2.1.23-10 +- Rewrite spec file, make corect CFLAGS, CPPFLAGS and LDFLAGS + +* Mon Feb 22 2010 Jan F. Chadima - 2.1.23-9 +- solve race condition (#566875) + +* Wed Feb 17 2010 Stepan Kasal - 2.1.23-8 +- improve m4 quoting to fix saslauthd/configure (#566088) +- call autotools in build, not in prep + +* Fri Feb 5 2010 Jan F. Chadima - 2.1.23-7 +- Add man page to testtcpauthd (#526189) + +* Fri Oct 16 2009 Jan F. Chadima - 2.1.23-6 +- Create the saslauth user according to fedora packaging guide + +* Thu Sep 24 2009 Jan F. Chadima - 2.1.23-5 +- Repair initscript to make condrestart working properly (#522103) + +* Wed Sep 23 2009 Jan F. Chadima - 2.1.23-3 +- Add possibility to run the saslauth without root privilegies (#185614) + +* Fri Aug 21 2009 Tomas Mraz - 2.1.23-2 +- rebuilt with new openssl + +* Fri Aug 7 2009 Jan F. Chadima - 2.1.23-1 +- update to 2.1.23 + +* Fri Jul 24 2009 Fedora Release Engineering - 2.1.22-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon May 11 2009 Jan F. Chadima - 2.1.22-24 +- repair sasl_encode64 nul termination (#487251) + +* Thu Apr 16 2009 Robert Scheck - 2.1.22-23 +- Don't build the krb4 plugin as krb5 1.7 will drop it (#225974 #c6) + +* Tue Feb 24 2009 Fedora Release Engineering - 2.1.22-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 6 2009 Tomas Mraz - 2.1.22-21 +- fix build with gcc-4.4 + +* Fri Jan 23 2009 Tomas Mraz - 2.1.22-20 +- set LDAP_OPT_TIMEOUT (#326452) +- provide LSB compatible init script (#246900) + +* Fri Sep 26 2008 Tomas Mraz - 2.1.22-19 +- always use the current external db4 when linking, + thanks to Dan Horak for the original patch (#464098) + +* Wed Sep 10 2008 Tomas Mraz - 2.1.22-18 +- fix most critical build warnings (#433583) +- use external db4 + +* Fri Aug 29 2008 Tomas Mraz - 2.1.22-17 +- always link against the internal db4 (#459163) +- rediff patches for no fuzz + +* Wed Jul 9 2008 Tomas Mraz - 2.1.22-16 +- update internal db4 (#449737) + +* Tue Jul 1 2008 Tomas Mraz - 2.1.22-15 +- drop reload from initscript help (#448154) +- fix hang in rimap auth method (#438533) +- build the krb4 plugin (#154675) + +* Fri May 23 2008 Dennis Gilmore - 2.1.22-14 +- make it so that bootstrap actually works + +* Thu May 22 2008 Tom "spot" Callaway - 2.1.22-13.1 +- minor release bump for sparc rebuild + +* Tue Feb 19 2008 Fedora Release Engineering - 2.1.22-13 +- Autorebuild for GCC 4.3 + +* Thu Feb 14 2008 Steve Conklin - 2.1.22-12 +- rebuild for gcc4.3 + +* Fri Jan 25 2008 Steve Conklin - 2.1.22-11 +- Cleanup after merge review bz #225673 +- no longer mark /etc/rc.d/init.d/saslauthd as config file +- removed -x permissions on include files +- added devel package dependency on cyrus-sasl +- removed some remaining .la files that were being delivered + +* Wed Dec 05 2007 Release Engineering - 2.1.22-10 + - Rebuild for deps + +* Wed Nov 7 2007 Steve Conklin - 2.1.22-9 +- Fixed a typo in the spec file + +* Wed Nov 7 2007 Steve Conklin - 2.1.22-8 +- Removed srp plugin source and added dist to NVR + +* Tue Sep 18 2007 Steve Conklin 2.1.22-7 +- use db4 version 4.6.19 bz#249737 + +* Mon Feb 26 2007 Nalin Dahyabhai 2.1.22-6 +- install config files and init scripts using -p +- pull in patch to build with current automake (#229010, Jacek Konieczny + and Robert Scheck) +- remove prereq on ldconfig, RPM should pick it up based on the -libs + scriptlets +- pull in patch to correctly detect gsskrb5_register_acceptor_identity + (#200892, Mirko Streckenbach) +- move sasldb auxprop modules into the -lib subpackage, so that we'll pick + it up for multilib systems + +* Thu Feb 22 2007 Nalin Dahyabhai +- pull CVS fix for not tripping over extra commas in digest-md5 + challenges (#229640) + +* Fri Feb 16 2007 Nalin Dahyabhai +- remove static build, which is no longer a useful option because not all of + our dependencies are available as static libraries +- drop patches which were needed to keep static builds going +- drop gssapi-generic patch due to lack of interest +- update the bundled copy of db to 4.5.20 (#229012) +- drop dbconverter-2, as we haven't bundled v1 libraries since FC4 + +* Tue Dec 5 2006 Nalin Dahyabhai 2.1.22-5 +- rebuild +- add 'authentication' or 'auxprop' to summaries for plugin packages to + better indicate what the plugin provides +- switch from automake 1.9 to automake 1.7 + +* Fri Sep 29 2006 Nalin Dahyabhai 2.1.22-4 +- rebuild without 'dlcompat' bits (#206119) + +* Mon Jul 17 2006 Nalin Dahyabhai 2.1.22-3 +- rebuild + +* Tue Jun 20 2006 Nalin Dahyabhai 2.1.22-2 +- fix a typo in sasl_client_start(3) (#196066) + +* Mon May 22 2006 Nalin Dahyabhai 2.1.22-1 +- update to 2.1.22, adding pluginviewer to %%{_sbindir} + +* Tue May 16 2006 Nalin Dahyabhai 2.1.21-12 +- add conditionalized build dependency on openldap-devel (#191855) +- patch md5global.h to be the same on all architectures + +* Thu Apr 27 2006 Nalin Dahyabhai 2.1.21-11 +- add unapplied patch which makes the DIGEST-MD5 plugin omit the realm + argument when the environment has $CYRUS_SASL_DIGEST_MD5_OMIT_REALM set to a + non-zero value, for testing purposes +- add missing buildrequires on zlib-devel (#190113) + +* Mon Feb 20 2006 Nalin Dahyabhai 2.1.21-10 +- add missing buildrequires on gdbm-devel (Karsten Hopp) + +* Fri Feb 10 2006 Jesse Keating - 2.1.21-9.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.1.21-9.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Dec 19 2005 Nalin Dahyabhai 2.1.21-9 +- use --as-needed to avoid linking dbconverter-2 with SQL libraries, which + it doesn't use because it manipulates files directly (#173321) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Mon Nov 14 2005 Nalin Dahyabhai 2.1.21-8 +- rebuild with new OpenLDAP, overriding the version checks to assume that + 2.3.11 is acceptable +- remove a lingering patch for 1.x which we no longer use + +* Sat Nov 12 2005 Tom Lane 2.1.21-7 +- Rebuild due to mysql update. + +* Tue Nov 8 2005 Tomas Mraz 2.1.21-6 +- rebuilt with new openssl + +* Fri Sep 9 2005 Nalin Dahyabhai 2.1.21-5 +- add missing buildrequires: on groff (#163032) + +* Thu Sep 1 2005 Nalin Dahyabhai 2.1.21-4 +- move the ldapdb auxprop support into a subpackage (#167300) + (note: the ldap password check support in saslauthd doesn't use auxprop) + +* Tue Aug 30 2005 Nalin Dahyabhai 2.1.21-3 +- correct a use of uninitialized memory in the bundled libdb (Arjan van de Ven) + +* Mon Aug 29 2005 Nalin Dahyabhai 2.1.21-2 +- move the ANONYMOUS mech plugin to the -lib subpackage so that multilib + systems can use it without installing the main package +- build the static libraries without sql auxprop support + +* Mon Aug 29 2005 Nalin Dahyabhai 2.1.21-1 +- update to 2.1.21 +- turn off compilation of libsasl v1 (finally) +- explicitly disable sqlite to avoid the build warning +- change the default mechanism which is set for saslauthd from "shadow" to + "pam" (#159194) +- split the shared library up from saslauthd so that multilib systems don't + have to pull in every dependency of saslauthd for the compat arch (#166749) + +* Wed Apr 13 2005 Nalin Dahyabhai 2.1.20-5 +- rebuild with new deps + +* Tue Mar 1 2005 Nalin Dahyabhai 2.1.20-4 +- rebuild with new deps + +* Thu Nov 11 2004 Jeff Johnson 2.1.20-3 +- rebuild against db-4.3.21. + +* Thu Nov 11 2004 Nalin Dahyabhai 2.1.20-2 +- build with mysql-devel instead of mysqlclient10 + +* Mon Nov 1 2004 Nalin Dahyabhai 2.1.20-1 +- build with mysqlclient10 instead of mysql-devel + +* Wed Oct 27 2004 Nalin Dahyabhai 2.1.20-0 +- update to 2.1.20, including the fix for CAN-2004-0884 + +* Tue Oct 5 2004 Nalin Dahyabhai 2.1.19-3 +- use notting's fix for incorrect patch for CAN-2004-0884 for 1.5.28 + +* Tue Oct 5 2004 Nalin Dahyabhai 2.1.19-2 +- don't trust the environment in setuid/setgid contexts (CAN-2004-0884, #134660) + +* Thu Aug 19 2004 Nalin Dahyabhai 2.1.19-1 +- rebuild (the 2.1.19 changelog for fixing a buffer overflow referred to a CVS + revision between 2.1.18 and 2.1.19) + +* Mon Jul 19 2004 Nalin Dahyabhai 2.1.19-0 +- update to 2.1.19, maybe for update + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon Jun 7 2004 Nalin Dahyabhai 2.1.18-4 +- enable sql auxprop support in a subpackage +- include LDAP_SASLAUTHD documentation file (#124830) + +* Fri Jun 4 2004 Nalin Dahyabhai +- turn on ntlm in a subpackage + +* Thu May 13 2004 Thomas Woerner 2.1.18-3 +- removed rpath + +* Tue Mar 16 2004 Nalin Dahyabhai 2.1.18-2 +- turn on building of libsasl v1 again + +* Fri Mar 12 2004 Nalin Dahyabhai 2.1.18-1 +- update to 2.1.18 +- saslauthd's ldap code is no longer marked experimental, so we build it + +* Mon Mar 8 2004 Nalin Dahyabhai 2.1.17-4 +- rebuild + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Feb 3 2004 Nalin Dahyabhai 2.1.17-2 +- include default /etc/sysconfig/saslauthd configuration file for the init + script (#114868) + +* Thu Jan 29 2004 Nalin Dahyabhai +- drop saslauthd_version patch for libsasl2 + +* Thu Jan 29 2004 Nalin Dahyabhai +- add a saslauthd_version option to libsasl's saslauthd client and teach it to + do the right thing +- enable the saslauthd client code in libsasl version 1 (it's still going away!) +- add saslauthd1-checkpass/saslauthd2-checkpass for testing the above change + +* Wed Jan 7 2004 Nalin Dahyabhai 2.1.17-1 +- forcibly disable otp and sql plugins at compile-time + +* Fri Dec 19 2003 Nalin Dahyabhai +- update to 2.1.17, forcing the gssapi plugin to be shared now, as before +- use a bundled libdb (#112215) +- build static-with-all-plugins and normal-shared libsasl versions +- add sasl2-{shared,static}-mechlist for very basic sanity checking +- make inclusion of sasl1 stuffs conditional, because it's so going away + +* Sat Dec 13 2003 Jeff Johnson 2.1.15-7 +- rebuild against db-4.2.52. + +* Thu Oct 23 2003 Nalin Dahyabhai 2.1.15-6 +- use /dev/urandom instead of /dev/random for SASL2 (docs indicate that this is + safe if you aren't using OTP or SRP, and we build neither); SASL1 appears to + use it to seed the libc RNG only (#103378) + +* Mon Oct 20 2003 Nalin Dahyabhai +- obey RPM_OPT_FLAGS again when krb5_prefix != %%{_prefix} + +* Fri Oct 17 2003 Nalin Dahyabhai 2.1.15-5 +- install saslauthd's mdoc page instead of the pre-formatted man page, which + would get formatted again + +* Thu Sep 25 2003 Jeff Johnson 2.1.15-5 +- rebuild against db-4.2.42. + +* Mon Sep 15 2003 Nalin Dahyabhai +- include testsaslauthd +- note in the README that the saslauthd protocol is different for v1 and v2, + so v1's clients can't talk to the v2 server + +* Thu Aug 21 2003 Nalin Dahyabhai 2.1.15-4 +- rebuild + +* Thu Aug 21 2003 Nalin Dahyabhai 2.1.15-3 +- add logic to build with gssapi libs in either /usr or /usr/kerberos + +* Mon Jul 21 2003 Nalin Dahyabhai 2.1.15-2 +- rebuild + +* Tue Jul 15 2003 Nalin Dahyabhai 2.1.15-1 +- update to 2.1.15 + +* Mon Jul 14 2003 Nalin Dahyabhai 2.1.14-1 +- update to 2.1.14 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Fri May 9 2003 Nalin Dahyabhai 2.1.13-3 +- change -m argument to saslauthd to be a directory instead of a path + +* Thu May 8 2003 Nalin Dahyabhai 2.1.13-2 +- link libsasl2 with -lpthread to ensure that the sasldb plug-in can always + be loaded + +* Tue Apr 29 2003 Nalin Dahyabhai 2.1.13-1 +- update to 2.1.13 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 7 2003 Nalin Dahyabhai 2.1.10-3 +- rebuild + +* Thu Dec 12 2002 Nalin Dahyabhai +- consider either des_cbc_encrypt or DES_cbc_encrypt to be sufficient when + searching for a DES implementation in libcrypto +- pull in CPPFLAGS and LDFLAGS from openssl's pkg-config data, if it exists + +* Mon Dec 9 2002 Nalin Dahyabhai 2.1.10-2 +- rebuild + +* Mon Dec 9 2002 Nalin Dahyabhai 2.1.10-1 +- update to 2.1.10, fixing buffer overflows in libsasl2 noted by Timo Sirainen + +* Tue Nov 12 2002 Tim Powers 2.1.7-5 +- remove files from $RPM_BUILD_ROOT that we don't intend to include + +* Wed Oct 9 2002 Nalin Dahyabhai 2.1.7-4 +- update to SASLv1 to final 1.5.28 + +* Fri Sep 13 2002 Nalin Dahyabhai 2.1.7-3 +- rebuild, overriding sasldir when running make so that on multilib systems + applications will be able to load modules for the right arch + +* Mon Sep 2 2002 Nalin Dahyabhai 2.1.7-2 +- include dbconverter-2 (#68741) + +* Fri Aug 9 2002 Nalin Dahyabhai 2.1.7-1 +- update to 2.1.7, fixing a race condition in digest-md5 + +* Wed Jul 17 2002 Nalin Dahyabhai 2.1.6-1 +- update to 2.1.6 and 1.5.28 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu Jun 13 2002 Nalin Dahyabhai 2.1.5-1 +- update to 2.1.5 + +* Mon Jun 10 2002 Nalin Dahyabhai 2.1.4-1 +- update to 2.1.4 + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 16 2002 Nalin Dahyabhai 2.1.2-1 +- modify to build with db 4.x + +* Thu Apr 18 2002 Nalin Dahyabhai +- update cyrus-sasl 2 to 2.1.2 +- change buildreq to db3-devel + +* Tue Feb 12 2002 Nalin Dahyabhai 2.1.1-3 +- suppress output to stdout/stderr in %%postun + +* Sun Feb 10 2002 Nalin Dahyabhai 2.1.1-2 +- configure sasldb2 to use berkeley DB instead of gdbm + +* Wed Feb 6 2002 Nalin Dahyabhai 2.1.1-1 +- update to 2.1.1 + +* Thu Jan 31 2002 Nalin Dahyabhai 2.1.0-1 +- marge 1.5.24 back in, making a note that it should be removed at some + point in the future + +* Wed Jan 30 2002 Nalin Dahyabhai +- update to 2.1.0, which is designed to be installed in parallel with cyrus sasl + 1.x, so fork the package and rename it to cyrus-sasl2 +- add the sasldb auxprop plugin to the main package +- add disabled-by-default saslauthd init script +- move the .la files for plugins into their respective packages -- they're + needed by the library + +* Wed Jan 23 2002 Nalin Dahyabhai 1.5.24-24 +- free ride through the build system + +* Fri Nov 2 2001 Nalin Dahyabhai 1.5.24-23 +- patch to fix possible syslog format-string vulnerability + +* Mon Oct 29 2001 Nalin Dahyabhai 1.5.24-22 +- add pam-devel as a buildprereq + +* Wed Aug 29 2001 Nalin Dahyabhai 1.5.24-21 +- include sample programs in the -devel subpackage, prefixing their names + with "sasl-" to reduce future potential naming conflicts + +* Tue Aug 14 2001 Nalin Dahyabhai 1.5.24-20 +- build without -ggdb + +* Fri Aug 3 2001 Nalin Dahyabhai +- add gdbm-devel as a build dependency (#44990) +- split off CRAM-MD5 and DIGEST-MD5 into a subpackage of their own (#43079, + and dialogs with David L. Parsley) + +* Fri Apr 27 2001 Nalin Dahyabhai +- split out the PLAIN and LOGIN mechanisms into their own package (this allows + an administrator to disable them by simply removing the package) + +* Fri Jan 19 2001 Nalin Dahyabhai +- rebuild in new environment + +* Wed Dec 6 2000 Nalin Dahyabhai +- fix gssapi-over-tls + +* Fri Oct 27 2000 Nalin Dahyabhai +- enable static libraries, but always build with -fPIC + +* Wed Oct 25 2000 Nalin Dahyabhai +- make sure the version of 1.5.24 in the package matches the masters (#18968) + +* Mon Oct 9 2000 Nalin Dahyabhai +- re-add the libsasl.so symlink to the -devel package (oops) + +* Fri Oct 6 2000 Nalin Dahyabhai +- move .so files for modules to their respective packages -- they're not -devel + links meant for use by ld anyway + +* Thu Oct 5 2000 Nalin Dahyabhai +- split off -devel subpackage +- add a -gssapi subpackage for the gssapi plugins + +* Wed Aug 16 2000 Nalin Dahyabhai +- fix the summary text + +* Sun Aug 13 2000 Nalin Dahyabhai +- re-enable arcfour and CRAM + +* Fri Aug 4 2000 Nalin Dahyabhai +- force use of gdbm for database files to avoid DB migration weirdness +- enable login mechanism +- disable gssapi until it can coexist peacefully with non-gssapi setups +- actually do a make in the build section (#15410) + +* Fri Jul 21 2000 Nalin Dahyabhai +- update to 1.5.24 + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 27 2000 Nalin Dahyabhai +- rebuild in new environment (release 3) + +* Mon Jun 19 2000 Nalin Dahyabhai +- don't muck with syslogd in post +- remove patch for db-3.0 wackiness, no longer needed + +* Thu Jun 8 2000 Nalin Dahyabhai +- FHS cleanup +- don't strip anything by default + +* Fri Feb 11 2000 Tim Powers +- fixed man pages not being gzipped + +* Tue Nov 16 1999 Tim Powers +- incorporated changes from Mads Kiilerich +- release number is 1, not mk1 + +* Wed Nov 10 1999 Mads Kiilerich +- updated to sasl 1.5.11 +- configure --disable-krb4 --without-rc4 --disable-cram + because of missing libraries and pine having cram as default... +- handle changing libsasl.so versions + +* Mon Aug 30 1999 Tim Powers +- changed group + +* Fri Aug 13 1999 Tim Powers +- first build for Powertools