really remove unused/applied patches and restore partially resonable one

2017-07-13 14:19:01 +02:00 · 2017-07-13 14:19:01 +02:00 · edd601075d
parent db035e1fec
commit edd601075d
10 changed files with 9 additions and 333 deletions
--- a/cyrus-sasl-2.1.22-kerberos4.patch
+++ b/cyrus-sasl-2.1.22-kerberos4.patch
@ -1,17 +1,17 @@
-diff -up cyrus-sasl-2.1.22/config/kerberos_v4.m4.krb4 cyrus-sasl-2.1.22/config/kerberos_v4.m4
--- cyrus-sasl-2.1.22/config/kerberos_v4.m4.krb4	2005-05-07 06:14:55.000000000 +0200
-+++ cyrus-sasl-2.1.22/config/kerberos_v4.m4	2008-08-14 23:41:26.000000000 +0200
+diff -up cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/m4/kerberos_v4.m4.krb4 cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/m4/kerberos_v4.m4
+--- cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/m4/kerberos_v4.m4.krb4	2017-07-13 13:46:08.828825672 +0200
+++ cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/m4/kerberos_v4.m4	2017-07-13 13:46:16.709804677 +0200
@@ -102,7 +102,6 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [
-        if test -n "${cyrus_krbinclude}"; then
-          CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}"
+        if test -n "${cyrus_cv_krbinclude}"; then
+          CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}"
        fi
 -       LDFLAGS="$LDFLAGS -L$krb4/lib"
     fi
 
     if test "$with_des" != no; then
-diff -up cyrus-sasl-2.1.22/plugins/kerberos4.c.krb4 cyrus-sasl-2.1.22/plugins/kerberos4.c
--- cyrus-sasl-2.1.22/plugins/kerberos4.c.krb4	2005-01-10 08:08:53.000000000 +0100
-+++ cyrus-sasl-2.1.22/plugins/kerberos4.c	2008-08-14 23:36:33.000000000 +0200
+diff -up cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/plugins/kerberos4.c.krb4 cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/plugins/kerberos4.c
+--- cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/plugins/kerberos4.c.krb4	2017-03-03 15:12:10.000000000 +0100
+++ cyrus-sasl-04dd838b2922840c5033c7071e1132e9ac555411/plugins/kerberos4.c	2017-07-13 13:46:08.829825670 +0200
@@ -49,11 +49,7 @@
 #include <krb.h>
 
--- a/cyrus-sasl-2.1.22-ldap-timeout.patch
+++ b/cyrus-sasl-2.1.22-ldap-timeout.patch
@ -1,25 +0,0 @@
-commit c9447e1c3ffba88783e5d9396b832be82d3c78fc
-Author: Kazuo Ito <ito.kazuo@oss.ntt.co.jp>
-Date:   Wed Dec 10 12:03:29 2008 +0900
-
-    support for LDAP_OPT_TIMEOUT
-    
-    OpenLDAP since 2.4 implements support for this option in ldap_result(),
-    among other things.
-
-diff --git a/saslauthd/lak.c b/saslauthd/lak.c
-index 803d51f..8714265 100644
--- a/saslauthd/lak.c
-+++ b/saslauthd/lak.c
-@@ -833,6 +833,11 @@ static int lak_connect(
- 		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
- 	}
- 
-+	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMEOUT, &(lak->conf->timeout));
-+	if (rc != LDAP_OPT_SUCCESS) {
-+		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMEOUT %d.%d.", lak->conf->timeout.tv_sec, lak->conf->timeout.tv_usec);
-+	}
-+
- 	rc = ldap_set_option(lak->ld, LDAP_OPT_TIMELIMIT, &(lak->conf->time_limit));
- 	if (rc != LDAP_OPT_SUCCESS) {
- 		syslog(LOG_WARNING|LOG_AUTH, "Unable to set LDAP_OPT_TIMELIMIT %d.", lak->conf->time_limit);
--- a/cyrus-sasl-2.1.26-config-error.patch
+++ b/cyrus-sasl-2.1.26-config-error.patch
@ -1,46 +0,0 @@
-diff --git a/include/sasl.h b/include/sasl.h
-index d52269f..ed208a5 100644
--- a/include/sasl.h
-+++ b/include/sasl.h
-@@ -177,6 +177,7 @@
- 				       because of some constrains/policy violation */
- 
- #define SASL_BADBINDING -32  /* channel binding failure */
-+#define SASL_CONFIGERR  -100 /* error when parsing configuration file */
- 
- /* max size of a sasl mechanism name */
- #define SASL_MECHNAMEMAX 20
-diff --git a/lib/common.c b/lib/common.c
-index e0f59eb..1a1715e 100644
--- a/lib/common.c
-+++ b/lib/common.c
-@@ -1362,6 +1362,7 @@ const char *sasl_errstring(int saslerr,
-     case SASL_CONSTRAINT_VIOLAT: return "sasl_setpass can't store a property because "
- 			        "of a constraint violation";
-     case SASL_BADBINDING: return "channel binding failure";
-+    case SASL_CONFIGERR:  return "error when parsing configuration file";
- 
-     default:   return "undefined error!";
-     }
-diff --git a/lib/config.c b/lib/config.c
-index 7cae302..fde3757 100644
--- a/lib/config.c
-+++ b/lib/config.c
-@@ -91,7 +91,7 @@ int sasl_config_init(const char *filename)
- 	}
- 	if (*p != ':') {
- 	    fclose(infile);
-	    return SASL_FAIL;
-+	    return SASL_CONFIGERR;
- 	}
- 	*p++ = '\0';
- 
-@@ -99,7 +99,7 @@ int sasl_config_init(const char *filename)
- 	
- 	if (!*p) {
- 	    fclose(infile);
-	    return SASL_FAIL;
-+	    return SASL_CONFIGERR;
- 	}
- 
- 	/* Now strip trailing spaces, if any */
--- a/cyrus-sasl-2.1.26-md5global.patch
+++ b/cyrus-sasl-2.1.26-md5global.patch
@ -18,32 +18,3 @@ diff -up cyrus-sasl-2.1.27/include/Makefile.am.md5global.h cyrus-sasl-2.1.27/inc
 
 if MACOSX
 framedir = /Library/Frameworks/SASL2.framework
-diff -up cyrus-sasl-2.1.27/include/md5global.h.md5global.h cyrus-sasl-2.1.27/include/md5global.h
--- cyrus-sasl-2.1.27/include/md5global.h.md5global.h	2015-11-20 15:28:25.932263083 +0100
-+++ cyrus-sasl-2.1.27/include/md5global.h	2015-11-20 15:36:16.380184280 +0100
-@@ -15,14 +15,17 @@ The following makes PROTOTYPES default t
- /* POINTER defines a generic pointer type */
- typedef unsigned char *POINTER;
- 
-typedef signed char INT1;		/*  8 bits */
-typedef short INT2;			/* 16 bits */
-typedef int INT4;			/* 32 bits */
-typedef long INT8;			/* 64 bits */
-typedef unsigned char UINT1;		/*  8 bits */
-typedef unsigned short UINT2;		/* 16 bits */
-typedef unsigned int UINT4;		/* 32 bits */
-typedef unsigned long UINT8;		/* 64 bits */
-+/* We try to define integer types for our use */
-+#include <inttypes.h>
-+
-+typedef int8_t INT1;			/*  8 bits */
-+typedef int16_t INT2;			/* 16 bits */
-+typedef int32_t INT4;			/* 32 bits */
-+typedef int64_t INT8;			/* 64 bits */
-+typedef uint8_t UINT1;			/*  8 bits */
-+typedef uint16_t UINT2;			/* 16 bits */
-+typedef uint32_t UINT4;			/* 32 bits */
-+typedef uint64_t UINT8;			/* 64 bits */
- 
- /* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
- If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
--- a/cyrus-sasl-2.1.26-null-crypt.patch
+++ b/cyrus-sasl-2.1.26-null-crypt.patch
@ -1,86 +0,0 @@
-diff -up cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c
--- cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt	2012-01-28 00:31:36.000000000 +0100
-+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c	2012-12-20 17:00:14.614580310 +0100
-@@ -31,7 +31,7 @@ char *pwcheck(userid, password)
- char *userid;
- char *password;
- {
-    char* r;
-+    char* r, *cryptbuf;
-     struct passwd *pwd;
- 
-     pwd = getpwnam(userid);
-@@ -41,11 +41,13 @@ char *password;
-     else if (pwd->pw_passwd[0] == '*') {
- 	r = "Account disabled";
-     }
-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-	r = "Incorrect password";
-    }
-     else {
-	r = "OK";
-+	cryptbuf = crypt(password, pwd->pw_passwd);
-+	if((cryptbuf == NULL) || (strcmp(pwd->pw_passwd, cryptbuf) != 0)) {
-+	   r = "Incorrect password";
-+	} else {
-+	   r = "OK";
-+	}
-     }
- 
-     endpwent();
-diff -up cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c
--- cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt	2012-10-12 16:05:48.000000000 +0200
-+++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c	2012-12-20 17:03:17.940793653 +0100
-@@ -78,6 +78,7 @@ auth_getpwent (
-     /* VARIABLES */
-     struct passwd *pw;			/* pointer to passwd file entry */
-     int errnum;
-+    char *cryptbuf;
-     /* END VARIABLES */
-   
-     errno = 0;
-@@ -105,7 +106,8 @@ auth_getpwent (
- 	}
-     }
- 
-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+    cryptbuf = crypt(password, pw->pw_passwd);
-+    if ((cryptbuf == NULL) || strcmp(pw->pw_passwd, cryptbuf)) {
- 	if (flags & VERBOSE) {
- 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- 	}
-diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_shadow.c
--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt	2012-12-20 17:00:14.000000000 +0100
-+++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c	2012-12-20 17:16:44.190360006 +0100
-@@ -214,8 +214,8 @@ auth_shadow (
- 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
-     }
- 
-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
-    if (strcmp(sp->sp_pwdp, cpw)) {
-+    cpw = crypt(password, sp->sp_pwdp);
-+    if ((cpw == NULL) || strcmp(sp->sp_pwdp, cpw)) {
- 	if (flags & VERBOSE) {
- 	    /*
- 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -225,10 +225,8 @@ auth_shadow (
- 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- 		   sp->sp_pwdp, cpw);
- 	}
-	free(cpw);
- 	RETURN("NO Incorrect password");
-     }
-    free(cpw);
- 
-     /*
-      * The following fields will be set to -1 if:
-@@ -290,7 +288,8 @@ auth_shadow (
- 	RETURN("NO Invalid username");
-     }
-   
-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+    cpw = crypt(password, upw->upw_passwd);
-+    if ((cpw == NULL) || strcmp(upw->upw_passwd, cpw) != 0) {
- 	if (flags & VERBOSE) {
- 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- 		   password, upw->upw_passwd);
--- a/cyrus-sasl-2.1.26-obsolete-macro.patch
+++ b/cyrus-sasl-2.1.26-obsolete-macro.patch
@ -1,13 +0,0 @@
-diff --git a/configure.in b/configure.in
-index e70c99a..60f366c 100644
--- a/configure.in
-+++ b/configure.in
-@@ -1416,7 +1416,7 @@ inline static unsigned int sleep(unsigned int seconds) {
- #endif /* CONFIG_H */
- ])
- 
-AM_CONFIG_HEADER(config.h)
-+AC_CONFIG_HEADERS(config.h)
- 
- AC_OUTPUT(Makefile
- libsasl2.pc
--- a/cyrus-sasl-2.1.26-prefer-SCRAM-SHA-1-over-PLAIN.patch
+++ b/cyrus-sasl-2.1.26-prefer-SCRAM-SHA-1-over-PLAIN.patch
@ -1,51 +0,0 @@
-commit 26dcfb2d7176b78e70757aa5d01951a28ca217c7
-Author: Alexey Melnikov <alexey.melnikov@isode.com>
-Date:   Fri Jul 5 16:37:59 2013 +0100
-
-    Treat SCRAM-SHA-1/DIGEST-MD5 as more secure than PLAIN when selecting the best client side SASL mechanism
-    
-    Both SCRAM-SHA-1 & DIGEST-MD5 are lacking SASL_SEC_PASS_CREDENTIALS security
-    flag, which prevented them from being chosen over PLAIN when PLAIN is selected
-    as the best mechanism first. For example the problem can be observed when
-    the server advertises "PLAIN DIGEST-MD5 SCRAM-SHA-1" (PLAIN just has to be
-    returned before SCRAM/DIGEST.)
-    
-    Cyrus SASL bug # 3793
-
-diff --git a/lib/client.c b/lib/client.c
-index 62dfb0b..31fe346 100644
--- a/lib/client.c
-+++ b/lib/client.c
-@@ -658,6 +658,20 @@ _sasl_cbinding_disp(sasl_client_params_t *cparams,
-     return SASL_OK;
- }
- 
-+static int
-+_sasl_are_current_security_flags_worse_then_best(unsigned best_security_flags,
-+						 unsigned current_security_flags)
-+{
-+    /* We don't qualify SASL_SEC_PASS_CREDENTIALS as "secure" flag */
-+    best_security_flags &= ~SASL_SEC_PASS_CREDENTIALS;
-+
-+    if ((current_security_flags ^ best_security_flags) & best_security_flags) {
-+	return 1;
-+    } else {
-+	return 0;
-+    }
-+}
-+
- /* select a mechanism for a connection
-  *  mechlist      -- mechanisms server has available (punctuation ignored)
-  *  secret        -- optional secret from previous session
-@@ -823,8 +837,9 @@ int sasl_client_start(sasl_conn_t *conn,
- 	     */
- 
- 	    if (bestm &&
-		((m->m.plug->security_flags ^ bestm->m.plug->security_flags) &
-		 bestm->m.plug->security_flags)) {
-+		_sasl_are_current_security_flags_worse_then_best(
-+		    bestm->m.plug->security_flags,
-+		    m->m.plug->security_flags)) {
- 		break;
- 	    }
- 
--- a/cyrus-sasl-2.1.26-sample-leak.patch
+++ b/cyrus-sasl-2.1.26-sample-leak.patch
@ -1,13 +0,0 @@
-diff --git a/sample/server.c b/sample/server.c
-index f5aff68..6c684af 100644
--- a/sample/server.c
-+++ b/sample/server.c
-@@ -227,6 +227,8 @@ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn)
- 
-     /* send capability list to client */
-     send_string(out, data, len);
-+    if (mech)
-+		free(data);
- 
-     dprintf(1, "waiting for client mechanism...\n");
-     len = recv_string(in, chosenmech, sizeof chosenmech);
--- a/cyrus-sasl-2.1.26-user-specified-logging.patch
+++ b/cyrus-sasl-2.1.26-user-specified-logging.patch
@ -1,40 +0,0 @@
-diff --git a/plugins/gssapi.c b/plugins/gssapi.c
-index 70a4157..7eb88d2 100644
--- a/plugins/gssapi.c
-+++ b/plugins/gssapi.c
-@@ -1267,7 +1267,7 @@ gssapi_server_mech_step(void *conn_context,
- 
-     if (text == NULL) return SASL_BADPROT;
- 
-    params->utils->log(NULL, SASL_LOG_DEBUG,
-+    params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
- 		       "GSSAPI server step %d\n", text->state);
- 
-     switch (text->state) {
-@@ -1293,7 +1293,7 @@ gssapi_server_mech_step(void *conn_context,
- 	break;
- 
-     default:
-	params->utils->log(NULL, SASL_LOG_ERR,
-+	params->utils->log(params->utils->conn, SASL_LOG_ERR,
- 			   "Invalid GSSAPI server step %d\n", text->state);
- 	return SASL_FAIL;
-     }
-@@ -1499,7 +1499,7 @@ static int gssapi_client_mech_step(void *conn_context,
-     *clientout = NULL;
-     *clientoutlen = 0;
-     
-    params->utils->log(NULL, SASL_LOG_DEBUG,
-+    params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
- 		       "GSSAPI client step %d", text->state);
- 
-     switch (text->state) {
-@@ -1992,7 +1992,7 @@ static int gssapi_client_mech_step(void *conn_context,
-     }
- 	
-     default:
-	params->utils->log(NULL, SASL_LOG_ERR,
-+	params->utils->log(params->utils->conn, SASL_LOG_ERR,
- 			   "Invalid GSSAPI client step %d\n", text->state);
- 	return SASL_FAIL;
-     }
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@ -27,30 +27,16 @@ Patch15: cyrus-sasl-2.1.20-saslauthd.conf-path.patch
 Patch23: cyrus-sasl-2.1.23-man.patch
 Patch24: cyrus-sasl-2.1.21-sizes.patch
 Patch31: cyrus-sasl-2.1.22-kerberos4.patch
-Patch34: cyrus-sasl-2.1.22-ldap-timeout.patch
 # removed due to #759334
 #Patch38: cyrus-sasl-2.1.23-pam_rhosts.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=816250
-Patch43: cyrus-sasl-2.1.26-null-crypt.patch
-# AM_CONFIG_HEADER is obsolete, use AC_CONFIG_HEADERS instead
-Patch45: cyrus-sasl-2.1.26-obsolete-macro.patch
 # disable incorrect check for MkLinux
 Patch47: cyrus-sasl-2.1.26-ppc.patch
-# detect gsskrb5_register_acceptor_identity macro (#976538)
 #Patch49: cyrus-sasl-2.1.26-md5global.patch
 # revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 (#984079)
 # https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480
 Patch50: cyrus-sasl-2.1.26-revert-upstream-080e51c7fa0421eb2f0210d34cf0ac48a228b1e9.patch
-# improve configuration error message
-Patch52: cyrus-sasl-2.1.26-config-error.patch
-# Treat SCRAM-SHA-1/DIGEST-MD5 as more secure than PLAIN (#970718)
-Patch53: cyrus-sasl-2.1.26-prefer-SCRAM-SHA-1-over-PLAIN.patch
-# Do not leak memory in sample server (#852755)
-Patch54: cyrus-sasl-2.1.26-sample-leak.patch
 # Document ability to run saslauthd unprivileged (#1189203)
 Patch55: cyrus-sasl-2.1.26-saslauthd-user.patch
-# Too much loogging in GSSAPI resolved (#1187097)
-Patch56: cyrus-sasl-2.1.26-user-specified-logging.patch
 # OpenSSL 1.1.0 support
 Patch57: cyrus-sasl-2.1.27-openssl-1.1.0.patch
 # Fix support for GSS SPNEGO to be compatible with windows (#1421663)
@ -190,18 +176,11 @@ chmod -x include/*.h
 %patch15 -p1 -b .path
 %patch23 -p1 -b .man
 %patch24 -p1 -b .sizes
-#%patch31 -p1 -b .krb4
-#%patch34 -p1 -b .ldap-timeout
-#%patch43 -p1 -b .null-crypt
-#%patch45 -p1 -b .obsolete-macro
+%patch31 -p1 -b .krb4
 #%patch47 -p1 -b .ppc
 #%patch49 -p1 -b .md5global.h
 %patch50 -p1 -b .gssapi
-#%patch52 -p1 -b .configerr
-#%patch53 -p1 -b .sha1vsplain
-#%patch54 -p1 -b .leak
 %patch55 -p1 -b .man-unprivileged
-#%patch56 -p1 -b .too-much-logging
 %patch57 -p1 -b .openssl110
 %patch58 -p1 -b .spnego
 %patch59 -p1 -b .mutex