From cb0f7bcb52472d999d68bb68482f5d3a9f2a8df4 Mon Sep 17 00:00:00 2001 From: zyppe <210hcl@gmail.com> Date: Thu, 29 Feb 2024 14:34:03 +0800 Subject: [PATCH] Initialize for cyrus-sasl --- .cyrus-sasl.metadata | 2 + .gitignore | 2 + README.Source | 7 + baselibs.conf | 12 + cyrus-sasl-lfs.patch | 13 ++ cyrus-sasl-no_rpath.patch | 21 ++ cyrus-sasl.changes | 481 ++++++++++++++++++++++++++++++++++++++ cyrus-sasl.dif | 49 ++++ cyrus-sasl.spec | 290 +++++++++++++++++++++++ fix_libpq-fe_include.diff | 11 + 10 files changed, 888 insertions(+) create mode 100644 .cyrus-sasl.metadata create mode 100644 .gitignore create mode 100644 README.Source create mode 100644 baselibs.conf create mode 100644 cyrus-sasl-lfs.patch create mode 100644 cyrus-sasl-no_rpath.patch create mode 100644 cyrus-sasl.changes create mode 100644 cyrus-sasl.dif create mode 100644 cyrus-sasl.spec create mode 100644 fix_libpq-fe_include.diff diff --git a/.cyrus-sasl.metadata b/.cyrus-sasl.metadata new file mode 100644 index 0000000..fc04aaf --- /dev/null +++ b/.cyrus-sasl.metadata @@ -0,0 +1,2 @@ +4ddb3309664ea95f0a54bd693796e4f4ee2f5585d17d02a1f074b4a793183b37 cyrus-sasl-2.1.28.tar.gz +63ac564ee4bde5da20f1afd39042496e08449da59a40551bcb644843aec4712e cyrus-sasl-rc.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6f55575 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +cyrus-sasl-2.1.28.tar.gz +cyrus-sasl-rc.tar.bz2 diff --git a/README.Source b/README.Source new file mode 100644 index 0000000..67f69bc --- /dev/null +++ b/README.Source @@ -0,0 +1,7 @@ +Because of potential legal risk we have removed the +directory "dlcompat-20010505/" from the source tarball + +If you want to see the original sources you can download +them from: + + ftp://ftp.cyrusimap.org/cyrus-sasl diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..eccf2af --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,12 @@ +libsasl2-3 +cyrus-sasl +cyrus-sasl-devel + requires -cyrus-sasl- + requires "libsasl2-3- = " +cyrus-sasl-crammd5 +cyrus-sasl-digestmd5 +cyrus-sasl-gssapi +cyrus-sasl-otp +cyrus-sasl-plain +cyrus-sasl-sqlauxprop +cyrus-sasl-ldap-auxprop diff --git a/cyrus-sasl-lfs.patch b/cyrus-sasl-lfs.patch new file mode 100644 index 0000000..6cdca71 --- /dev/null +++ b/cyrus-sasl-lfs.patch @@ -0,0 +1,13 @@ +--- cyrus-sasl-2.1.27.orig/configure.ac 2018-10-09 16:58:04.000000000 +0200 ++++ cyrus-sasl-2.1.27/configure.ac 2018-11-17 13:05:26.475631124 +0100 +@@ -95,7 +95,9 @@ + enable_obsolete_digest_attr=$enableval, + enable_obsolete_digest_attr=yes) + +-AC_PROG_CC ++AC_PROG_CC_STDC ++AC_USE_SYSTEM_EXTENSIONS ++AC_SYS_LARGEFILE + AX_PROG_CC_FOR_BUILD + AC_PROG_CPP + AC_PROG_AWK diff --git a/cyrus-sasl-no_rpath.patch b/cyrus-sasl-no_rpath.patch new file mode 100644 index 0000000..3206bfd --- /dev/null +++ b/cyrus-sasl-no_rpath.patch @@ -0,0 +1,21 @@ +Index: cyrus-sasl-2.1.26/m4/cyrus.m4 +=================================================================== +--- cyrus-sasl-2.1.26.orig/m4/cyrus.m4 ++++ cyrus-sasl-2.1.26/m4/cyrus.m4 +@@ -32,14 +32,5 @@ AC_DEFUN([CMU_ADD_LIBPATH_TO], [ + dnl runpath initialization + AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ + # CMU GUESS RUNPATH SWITCH +- AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ +- # first, try -R +- SAVE_LDFLAGS="${LDFLAGS}" +- LDFLAGS="-R /usr/lib" +- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ +-# LDFLAGS="-Wl,-rpath,/usr/lib" +- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], +- [andrew_cv_runpath_switch="none"]) +- ]) +- LDFLAGS="${SAVE_LDFLAGS}" +- ])]) ++ andrew_cv_runpath_switch="none" ++]) diff --git a/cyrus-sasl.changes b/cyrus-sasl.changes new file mode 100644 index 0000000..49080ab --- /dev/null +++ b/cyrus-sasl.changes @@ -0,0 +1,481 @@ +* Mon Jan 23 2023 dmueller@suse.com +- drop optional opie dependency +* Wed Dec 7 2022 dimstar@opensuse.org +- Do not set directories inside doc/ mode 644; otherwise the + directories are set 644 as well, which means no files inside are + accessible. This resulted in the past in doc/ actually not being + added to the devel package. +* Wed Mar 9 2022 dmueller@suse.com +- update to 2.1.28 (bsc#1196036, CVE-2022-24407): + * https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 +- drop cyrus-sasl-bug587.patch (upstream) +* Mon Jan 31 2022 dmueller@suse.com +- cyrus-sasl: prevent fail of %%pre when berkely db utils are + not installed (seems like we want to use this only for upgrade + so no Prereq added) +- move license to licensedir +- remove use of RPM_BUILD_ROOT +- minimal spec cleanups +- avoid bashisms +* Thu Jan 13 2022 varkoly@suse.com +- postfix: sasl authentication with password fails (bsc#1194265) + Add config parameter --with-dblib=gdbm +- Avoid converting of /etc/sasldb2 by every update. Convert + /etc/sasldb2 only if it is a Berkeley DB +* Thu Feb 25 2021 varkoly@suse.com +- Fix build: Do not build libsasl2-3 in the bdb package. This will + not be linked to berkely db. libsasl2-3 is now defined as + %%BuildRequires and %%Requires +* Fri Jan 8 2021 varkoly@suse.com +- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root + due to insecure tmp file usage. (bsc#1180669) + Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary + files. +* Tue Dec 8 2020 varkoly@suse.com +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The packages cyrus-sasl and cyrus-sasl-saslauthd are built + without Berkely DB support. gdbm will be used instead of BDB. + The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %%_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch +* Thu Feb 6 2020 scabrero@suse.de +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch +* Thu Nov 28 2019 michael@stroeder.com +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) +* Mon Feb 4 2019 varkoly@suse.com +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch +* Mon Sep 4 2017 vcizek@suse.com +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora +* Wed Mar 22 2017 michael@stroeder.com +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) +* Tue Mar 7 2017 varkoly@suse.com +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 +* Wed Dec 9 2015 bwiedemann@suse.com +- really use SASLAUTHD_PARAMS variable (bnc#938657) +* Tue Jan 6 2015 varkoly@suse.com +- bnc#908883 cyrus-sasl-scram refers to wrong RFC +* Thu Nov 27 2014 jengelh@inai.de +- Make sure /usr/sbin/rcsaslauthd exists +* Tue Sep 23 2014 varkoly@suse.com +- bnc#897837 saslauthd package has no config +* Tue Jul 29 2014 sfalken@opensuse.org +- Changed --with-saslauthd=/var/run/sasl2 in %%build to /run/sasl2 to clear rpmlint check failure +* Sat Jul 19 2014 p.drouand@gmail.com +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file +* Fri Jun 13 2014 ckornacker@suse.com +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) +* Tue Apr 1 2014 varkoly@suse.com +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' +* Sat Nov 2 2013 jengelh@inai.de +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal +* Sat Oct 5 2013 tchvatal@suse.com +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available +* Sun Sep 29 2013 tittiatcoke@gmail.com +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) +* Wed Sep 11 2013 jcnengel@gmail.com +- Removed server side service to comply with Factory rules +* Tue Sep 3 2013 jcnengel@gmail.com +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package +* Fri Jul 26 2013 obs@botter.cc +- Fix for bnc#827230 and #784705, fix patch as described in + [#827230], typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work +* Fri Jun 14 2013 jengelh@inai.de +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find +* Mon Aug 13 2012 rhafer@suse.de +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) +* Wed May 9 2012 crrodriguez@opensuse.org +- Ensure libraries and tools are built with LFS and include + config.h in all C files. +* Wed Apr 4 2012 dvaleev@suse.com +- remove rpath +* Wed Jan 18 2012 aj@suse.de +- Move some doc files to devel package and to cyrus-sasl-saslauthd. +* Fri Nov 25 2011 rhafer@suse.de +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements +* Wed Nov 16 2011 rhafer@suse.de +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually +* Fri Sep 30 2011 coolo@suse.com +- add libtool as buildrequire to make the spec file more reliable +* Sun Sep 18 2011 jengelh@medozas.de +- Remove redundant tags/sections from specfile +* Mon Jun 28 2010 jengelh@medozas.de +- use %%_smp_mflags +* Mon Jun 7 2010 coolo@novell.com +- add dependency to avoid broken parallel make +* Mon May 10 2010 rhafer@novell.com +- Fixed attributes of /var/run/sasl2 in filelist +* Wed Apr 28 2010 rhafer@novell.com +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. +* Mon Dec 14 2009 jengelh@medozas.de +- add baselibs.conf as a source +* Mon Nov 23 2009 rhafer@novell.com +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) +* Mon Jul 20 2009 coolo@novell.com +- build against krb5-mini to avoid build cycle +* Fri May 15 2009 rhafer@novell.com +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs +* Mon Mar 2 2009 crrodriguez@suse.de +- fix build with GCC 4.4 +- remove all "la" files +* Wed Dec 10 2008 olh@suse.de +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) +* Thu Oct 30 2008 olh@suse.de +- obsolete old -XXbit packages (bnc#437293) +* Mon Aug 18 2008 rhafer@suse.de +- Fixed init-scripts Required-Stop Tags +* Tue Jul 29 2008 rhafer@suse.de +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. +* Thu Apr 10 2008 ro@suse.de +- added baselibs.conf file to build xxbit packages + for multilib support +* Fri Mar 28 2008 rhafer@suse.de +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. +* Wed Mar 26 2008 rhafer@suse.de +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %%run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides +* Fri Oct 26 2007 rhafer@suse.de +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) +* Tue Mar 20 2007 rhafer@suse.de +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) +* Fri Oct 27 2006 rhafer@suse.de +- Use /etc/sasl2/ as directory for config files of services + %%{_libdir} can still be used for backwards compatibilty + (Bug #206414) +* Mon Sep 25 2006 rhafer@suse.de +- Remove unneeded automake/autoheader calls +* Mon Sep 11 2006 rhafer@suse.de +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd +* Tue Aug 29 2006 rhafer@suse.de +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) +* Fri Aug 25 2006 rhafer@suse.de +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) +* Fri Jun 2 2006 rhafer@suse.de +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) +* Mon Apr 3 2006 rhafer@suse.de +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Nov 23 2005 choeger@suse.de +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database +* Sun Sep 25 2005 ro@suse.de +- added LDAP_DEPRECATED to CFLAGS +* Wed Jul 13 2005 choeger@suse.de +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm +* Tue May 17 2005 choeger@suse.de +- update to version 2.1.21 +* Mon Mar 14 2005 choeger@suse.de +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop +* Fri Feb 25 2005 uli@suse.de +- better GCC4 fix +* Fri Feb 25 2005 uli@suse.de +- fixed to build with GCC4 +* Tue Nov 2 2004 mmj@suse.de +- Get rid of .cvsignore files +- Don't remove buildroot before install +* Mon Oct 25 2004 choeger@suse.de +- update to version 2.1.20 +* Wed Oct 6 2004 choeger@suse.de +- Bugfix ID#46847 - VUL-0: SASL environment variable local root +* Mon Sep 20 2004 choeger@suse.de +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) +* Fri Sep 17 2004 choeger@suse.de +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd +* Mon Sep 6 2004 choeger@suse.de +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec +* Fri Sep 3 2004 choeger@suse.de +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support +* Tue Aug 31 2004 choeger@suse.de +- removed update messages and implemented "split-provides" + instead +* Tue Aug 31 2004 choeger@suse.de +- added LDAP support for saslauthd, Bugzilla ID#44051 +* Mon Aug 30 2004 choeger@suse.de +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list +* Thu Jul 15 2004 choeger@suse.de +- update to version 2.1.19 +* Tue Jun 15 2004 choeger@suse.de +- bugfix id#39245 - cyrus-sasl includes straycat man page +* Fri Mar 12 2004 choeger@suse.de +- update to version 2.1.18 (Bugfix Release) +* Tue Jan 27 2004 choeger@suse.de +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath +* Thu Jan 22 2004 choeger@suse.de +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages +* Fri Jan 16 2004 kukuk@suse.de +- Add pam-devel to neededforbuild +* Tue Dec 2 2003 choeger@suse.de +- update to version 2.1.17 +* Fri Oct 31 2003 choeger@suse.de +- Don't build as root +* Fri Oct 17 2003 kukuk@suse.de +- Remove unused des from neededforbuild +* Tue Sep 16 2003 kukuk@suse.de +- Add missing Provides [Bug #31005] +* Mon Sep 1 2003 choeger@suse.de +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) +* Thu Aug 14 2003 choeger@suse.de +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template +* Wed Jul 30 2003 choeger@suse.de +- new macros for stop/restart of services on rpm update/removal +* Tue Jul 15 2003 choeger@suse.de +- update to version 2.1.15 +* Mon Jun 30 2003 choeger@suse.de +- update to version 2.1.14 +* Wed Jun 18 2003 ro@suse.de +- use kerberos-devel-packages in neededforbuild +* Fri Jun 13 2003 kukuk@suse.de +- Add missing directory to filelist +* Fri May 9 2003 choeger@suse.de +- use -ldb instead of -ldb-x.y to manually link the + dbconverter +* Tue May 6 2003 choeger@suse.de +- update to version 2.1.13 +* Tue Apr 15 2003 ro@suse.de +- added krb4-lib,krb4-devel to neededforbuild +* Mon Apr 7 2003 choeger@suse.de +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use +* Thu Mar 6 2003 choeger@suse.de +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter +* Thu Mar 6 2003 choeger@suse.de +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) +* Tue Feb 4 2003 choeger@suse.de +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues +* Mon Feb 3 2003 choeger@suse.de +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. +* Thu Jan 23 2003 choeger@suse.de +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc +* Wed Jan 15 2003 kukuk@suse.de +- Remove openldap2 from needed for build +* Tue Jan 14 2003 choeger@suse.de +- do not build the static library anymore +* Wed Dec 11 2002 choeger@suse.de +- added sysconfig metadata to sysconfig templates +* Tue Dec 10 2002 choeger@suse.de +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. +* Wed Oct 30 2002 ro@suse.de +- make it build again +* Tue Oct 29 2002 ro@suse.de +- remove own libtool macros +* Thu Oct 24 2002 choeger@suse.de +- update to latest version 2.1.9 +* Thu Sep 12 2002 choeger@suse.de +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name +* Mon Aug 19 2002 rhafer@suse.de +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) +* Mon Aug 12 2002 choeger@suse.de +- update to version 2.1.7 +* Thu Aug 8 2002 choeger@suse.de +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) +* Mon Aug 5 2002 choeger@suse.de +- added Prereq +* Sat Jul 27 2002 adrian@suse.de +- add %%run_ldconfig +* Wed Jul 17 2002 choeger@suse.de +- update to version 2.1.6 +* Wed Jun 19 2002 choeger@suse.de +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) +* Tue Jun 18 2002 choeger@suse.de +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket +* Tue Jun 18 2002 choeger@suse.de +- added initscript and sysconfig file for saslauthd +- added docs +* Tue Jun 18 2002 rhafer@suse.de +- added opie to needforbuild +- should build on ppc64 and s390x now +* Mon Jun 17 2002 rhafer@suse.de +- additional autoconf related patches, that were missing at first + check in +* Mon Jun 17 2002 rhafer@suse.de +- Initial checkin of cyrus-sasl-2.1.5 diff --git a/cyrus-sasl.dif b/cyrus-sasl.dif new file mode 100644 index 0000000..3908b75 --- /dev/null +++ b/cyrus-sasl.dif @@ -0,0 +1,49 @@ +Index: m4/cyrus.m4 +=================================================================== +--- m4/cyrus.m4.orig ++++ m4/cyrus.m4 +@@ -36,7 +36,7 @@ AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ + SAVE_LDFLAGS="${LDFLAGS}" + LDFLAGS="-R /usr/lib" + AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ +- LDFLAGS="-Wl,-rpath,/usr/lib" ++# LDFLAGS="-Wl,-rpath,/usr/lib" + AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], + [andrew_cv_runpath_switch="none"]) + ]) +Index: Makefile.am +=================================================================== +--- Makefile.am.orig ++++ Makefile.am +@@ -44,6 +44,7 @@ ACLOCAL_AMFLAGS = -I m4 + # + ################################################################ + ++ACLOCAL_AMFLAGS=-I config -I cmulocal + if SASLAUTHD + SAD = saslauthd + else +Index: sasldb/Makefile.am +=================================================================== +--- sasldb/Makefile.am.orig ++++ sasldb/Makefile.am +@@ -57,3 +57,9 @@ EXTRA_libsasldb_la_SOURCES = $(extra_com + libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) + libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + libsasldb_la_LDFLAGS = -no-undefined ++ ++# avoid these two files created at the same time, they use both the same ++# dep file ++db_berkeley.lo: db_berkeley.o ++allockey.lo: allockey.o ++ +Index: saslauthd/Makefile.am +=================================================================== +--- saslauthd/Makefile.am.orig ++++ saslauthd/Makefile.am +@@ -1,4 +1,5 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS=-I ../config -I ../cmulocal + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec new file mode 100644 index 0000000..579cd67 --- /dev/null +++ b/cyrus-sasl.spec @@ -0,0 +1,290 @@ +# +# spec file for package cyrus-sasl +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +%define lname libsasl2-3 +Name: cyrus-sasl +Version: 2.1.28 +Release: 150500.1.1 +Summary: Implementation of Cyrus SASL API +License: BSD-4-Clause +Group: Productivity/Networking/Other +URL: https://github.com/cyrusimap/cyrus-sasl/ +Source: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-%{version}/cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Patch0: cyrus-sasl.dif +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +BuildRequires: gdbm-devel +BuildRequires: krb5-mini-devel +BuildRequires: libtool +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pkgconfig +Conflicts: cyrus-sasl-bdb +%ifarch ppc64 +# bug437293 +Obsoletes: cyrus-sasl-64bit +%endif + +%description +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package gssapi +Summary: Plugin for the GSSAPI SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-gssapi + +%description gssapi +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package crammd5 +Summary: Plugin for the CRAMMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-crammd5 + +%description crammd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package digestmd5 +Summary: Plugin for the DIGESTMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-digestmd5 + +%description digestmd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package otp +Summary: Plugin for the OTP SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-otp + +%description otp +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package plain +Summary: Plugin for the PLAIN SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-plain + +%description plain +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package ntlm +Summary: Plugin for the NTLM SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-ntlm + +%description ntlm +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package gs2 +Summary: Plugin for the GS2 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-ntlm + +%description gs2 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package scram +Summary: Plugin for the SCRAM SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-scram + +%description scram +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 5802 for more +information. + +%package devel +Summary: Cyrus SASL API Implementation, Libraries and Header Files +Group: Development/Libraries/C and C++ +Requires: %lname = %version +Requires: glibc-devel +Conflicts: cyrus-sasl-devel-bdb +# bug437293 +%ifarch ppc64 +Obsoletes: cyrus-sasl-devel-64bit +%endif + +%description devel +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package -n libsasl2-3 +Summary: Simple Authentication and Security Layer (SASL) library +Group: System/Libraries + +%description -n libsasl2-3 +Simple Authentication and Security Layer (SASL) is a framework for +authentication and data security in Internet protocols. + +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%prep +%setup -q -n cyrus-sasl-%{version} -a 1 +if [ -e %{_builddir}/%{name}-%{version}/dlcompat-*/ ] +then + echo "dlcompat contains potential legal risks." + rm -rf %{_builddir}/%{name}-%{version}/dlcompat-* +fi +%patch0 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="%optflags -fno-strict-aliasing" +%configure --with-pic \ + --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=%{_sysconfdir}/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --with-dblib=gdbm \ + --enable-pam \ + --enable-sample \ + --enable-login \ + --enable-gssapi \ + --enable-ntlm \ + --enable-krb4=no \ + --enable-sql=no \ + --with-devrandom=/dev/urandom +%make_build sasldir=%{_libdir}/sasl2 + +%install +make DESTDIR=%{buildroot} sasldir=%{_libdir}/sasl2 install +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sysconfdir}/sasl2 +install -m 755 sample/.libs/client %{buildroot}%{_bindir}/cyrus_sasl_sample_client +install -m 755 sample/.libs/server %{buildroot}%{_bindir}/cyrus_sasl_sample_server +find doc -type f -exec chmod 0644 {} \; +rm -f doc/Makefile* +rm -f %{buildroot}/%{_mandir}/cat?/* +rm -f %{buildroot}/%{_mandir}/man8/saslauthd* +rm -f %{buildroot}/%{_mandir}/man8/testsaslauthd* +rm -f %{buildroot}%{_sbindir}/saslauthd +rm -f %{buildroot}%{_sbindir}/testsaslauthd +find %{buildroot} -type f -name "*.la" -delete -print + +%pre +#Convert password file from berkely into gdbm +#In %pre the existing file will be dumped out + +if test -x %{_bindir}/db_verify && %{_bindir}/db_verify %{_sysconfdir}/sasldb2 >/dev/null 2>&1 ; then +cat > %{_localstatedir}/adm/update-scripts/saslpw.awk < %{_localstatedir}/adm/update-scripts/saslpwd +rm -f %{_localstatedir}/adm/update-scripts/saslpw.awk +mv %{_sysconfdir}/sasldb2 %{_sysconfdir}/sasldb2-back +fi + +%post +if [ -e %{_localstatedir}/adm/update-scripts/saslpwd ]; then + chmod 755 %{_localstatedir}/adm/update-scripts/saslpwd + %{_localstatedir}/adm/update-scripts/saslpwd + rm -f %{_localstatedir}/adm/update-scripts/saslpwd +fi + +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%{_libdir}/libsasl2.so.3* + +%files +%license COPYING +%dir %{_libdir}/sasl2 +%{_libdir}/sasl2/libanonymous.so* +%{_libdir}/sasl2/liblogin.so* +%{_libdir}/sasl2/libsasldb.so* +%dir %{_sysconfdir}/sasl2/ +%{_sbindir}/* +%{_bindir}/* +%{_mandir}/man3/sasl.*.gz +%{_mandir}/man8/*.gz + +%files gssapi +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgssapiv2.so* + +%files crammd5 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libcrammd5.so* + +%files digestmd5 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libdigestmd5.so* + +%files otp +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libotp.so* + +%files plain +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libplain.so* + +%files ntlm +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libntlm.so* + +%files gs2 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgs2.so* + +%files scram +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libscram.so* + +%files devel +%license COPYING +%doc AUTHORS ChangeLog README doc +%_includedir/sasl/ +%{_mandir}/man3/sasl_*.gz +%{_libdir}/libsasl2.so +%{_libdir}/pkgconfig/* + +%changelog diff --git a/fix_libpq-fe_include.diff b/fix_libpq-fe_include.diff new file mode 100644 index 0000000..1651ab0 --- /dev/null +++ b/fix_libpq-fe_include.diff @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.27.orig/plugins/sql.c 2016-12-10 16:45:55.000000000 +0100 ++++ cyrus-sasl-2.1.27/plugins/sql.c 2018-11-17 14:04:33.821540573 +0100 +@@ -188,7 +188,7 @@ + #endif /* HAVE_MYSQL */ + + #ifdef HAVE_PGSQL +-#include ++#include + + static void *_pgsql_open(char *host, char *port, int usessl, + const char *user, const char *password,