ZhuningOS/cyrus-sasl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
cyrus-sasl/cyrus-sasl.changes
zyppe cb0f7bcb52 Initialize for cyrus-sasl
2024-02-29 14:34:03 +08:00

481 lines
21 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

* Mon Jan 23 2023 dmueller@suse.com
- drop optional opie dependency
* Wed Dec 7 2022 dimstar@opensuse.org
- Do not set directories inside doc/ mode 644; otherwise the
directories are set 644 as well, which means no files inside are
accessible. This resulted in the past in doc/ actually not being
added to the devel package.
* Wed Mar 9 2022 dmueller@suse.com
- update to 2.1.28 (bsc#1196036, CVE-2022-24407):
* https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- drop cyrus-sasl-bug587.patch (upstream)
* Mon Jan 31 2022 dmueller@suse.com
- cyrus-sasl: prevent fail of %%pre when berkely db utils are
not installed (seems like we want to use this only for upgrade
so no Prereq added)
- move license to licensedir
- remove use of RPM_BUILD_ROOT
- minimal spec cleanups
- avoid bashisms
* Thu Jan 13 2022 varkoly@suse.com
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
* Thu Feb 25 2021 varkoly@suse.com
- Fix build: Do not build libsasl2-3 in the bdb package. This will
not be linked to berkely db. libsasl2-3 is now defined as
%%BuildRequires and %%Requires
* Fri Jan 8 2021 varkoly@suse.com
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
* Tue Dec 8 2020 varkoly@suse.com
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB.
The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Dont prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
* Thu Feb 6 2020 scabrero@suse.de
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* Thu Nov 28 2019 michael@stroeder.com
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
* Mon Feb 4 2019 varkoly@suse.com
- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1"
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
* Mon Sep 4 2017 vcizek@suse.com
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
* Wed Mar 22 2017 michael@stroeder.com
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
* Tue Mar 7 2017 varkoly@suse.com
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
* Wed Dec 9 2015 bwiedemann@suse.com
- really use SASLAUTHD_PARAMS variable (bnc#938657)
* Tue Jan 6 2015 varkoly@suse.com
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
* Thu Nov 27 2014 jengelh@inai.de
- Make sure /usr/sbin/rcsaslauthd exists
* Tue Sep 23 2014 varkoly@suse.com
- bnc#897837 saslauthd package has no config
* Tue Jul 29 2014 sfalken@opensuse.org
- Changed --with-saslauthd=/var/run/sasl2 in %%build to /run/sasl2 to clear rpmlint check failure
* Sat Jul 19 2014 p.drouand@gmail.com
- Remove insserv dependency; it's unneeded with systemd' systems
- Remove insserv and fillup dependency in cyrus-sasl package; there
is neither sysconfig or init file
* Fri Jun 13 2014 ckornacker@suse.com
- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9
cyrus-sasl-revert_gssapi_flags.patch (bnc#775279)
* Tue Apr 1 2014 varkoly@suse.com
- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always'
* Sat Nov 2 2013 jengelh@inai.de
- Implement shlib packaging guidelines: make subpackage libsasl2-3.
(All other .so files are _server_ plugins AFAICS, loaded via
dlopen.)
- Ensure directories are owned by packages and thus get torn down
on package removal
* Sat Oct 5 2013 tchvatal@suse.com
- Put back the .so files to sasl auth packages from devel file.
The .so files are read by some application instead of full path
so in order for auth to work this files must be available
* Sun Sep 29 2013 tittiatcoke@gmail.com
- Add patch fix-sasl-header.diff to resolve build issues that
are failing due to typedef 'sasl_malloc_t' is initialized.
(see gentoo#458870, fedora#906519)
* Wed Sep 11 2013 jcnengel@gmail.com
- Removed server side service to comply with Factory rules
* Tue Sep 3 2013 jcnengel@gmail.com
- Update to 2.1.26
* Modernize SASL malloc/realloc callback prototypes
* Added sasl_config_done() to plug a memory leak when using an application specific config file
* Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590).
* unlock the mutex in sasl_dispose if the context was freed by another thread
* MINGW32 compatibility patches
* Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0
* Fixed some memory leaks in libsasl
- GSSAPI plugin:
+ Fixed a segfault in gssapi.c introduced in 2.1.25.
+ Code refactoring
+ Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable
- GS2 plugin:
+ Updated GS2 plugin not to lose minor GSS-API status codes on errors
- DIGEST-MD5 plugin:
+ Correctly send "stale" directive to prevent clients from (re)promtping for password
+ Better handling of HTTP reauthentication cases
+ fixed some memory leaks
- SASLDB plugin:
+ Added support for BerkleyDB 5.X or later
- OTP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- SRP plugin:
+ Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications
- saslauthd:
+ auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes
+ auth_rimap.c: read the whole IMAP greeting
+ better error reporting from some drivers
+ fixed some memory leaks
- New BuildRequires for pkgconfig since pkgconfig file is generated
- Removed patches that do no longer apply
* cyrus-sasl-gcc4.patch (integrated upstream)
* cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream)
* gssapi-null-deref.dif (integrated upstream)
* Fix-abort_if_no_fqdn-behavior.patch (integrated upstream)
* cyrus-sasl-db6.diff (integrated upstream)
- Move *.so files into devel package
* Fri Jul 26 2013 obs@botter.cc
- Fix for bnc#827230 and #784705, fix patch as described in
[#827230], typo in patch from request 112480 (remove rpath,
Apr 4 2012), preventing sql auxprop plugin to work
* Fri Jun 14 2013 jengelh@inai.de
- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5
- Simpler delete of .la files with find
* Mon Aug 13 2012 rhafer@suse.de
- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0,
a getaddrinfo failure should be ignored, as long as gethostname()
succeeded. (bnc#771983)
* Wed May 9 2012 crrodriguez@opensuse.org
- Ensure libraries and tools are built with LFS and include
config.h in all C files.
* Wed Apr 4 2012 dvaleev@suse.com
- remove rpath
* Wed Jan 18 2012 aj@suse.de
- Move some doc files to devel package and to cyrus-sasl-saslauthd.
* Fri Nov 25 2011 rhafer@suse.de
- Removed debug printfs from cyrus-sasl.dif, added by accident
- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with
latest upstream improvements
* Wed Nov 16 2011 rhafer@suse.de
- Update to 2.1.25:
* Added support for channel bindings
* Added support for ordering SASL mechanisms by strength (on
the client side), or using the "client_mech_list" option.
* Allow DIGEST-MD5 plugin to be used for client-side and
server-side HTTP Digest, including running over non-persistent
connections (RFC 2617)
* New SASL plugins: SCRAM and GS2
* Fixed a crash caused by aborted SASL authentication
and initiation of another one using the same SASL context.
* Various improvements to DIGEST-MD5 to improve interoperability
with some slightly broken clients
- cleanup
* removed old dependencies still related to cyrus-sasl2
* plugins now depend on the exact cyrus-sasl version
* use autoreconf instead of calling all tools manually
* Fri Sep 30 2011 coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
* Sun Sep 18 2011 jengelh@medozas.de
- Remove redundant tags/sections from specfile
* Mon Jun 28 2010 jengelh@medozas.de
- use %%_smp_mflags
* Mon Jun 7 2010 coolo@novell.com
- add dependency to avoid broken parallel make
* Mon May 10 2010 rhafer@novell.com
- Fixed attributes of /var/run/sasl2 in filelist
* Wed Apr 28 2010 rhafer@novell.com
- Removed the /var/run/sasl2 directory from cyrus-sasl.spec.
It will now be created on demand by the saslauthd init script.
- Adjusted init script headers to silence rpmlint warning/errors.
* Mon Dec 14 2009 jengelh@medozas.de
- add baselibs.conf as a source
* Mon Nov 23 2009 rhafer@novell.com
- Fixed linker arguments for ldap- and sql-auxprop plugins
(bnc#555568)
* Mon Jul 20 2009 coolo@novell.com
- build against krb5-mini to avoid build cycle
* Fri May 15 2009 rhafer@novell.com
- Update to 2.1.23, the only change is a fix for a potential buffer
overflow in sasl_encode64() (bnc#499104, CVE-2009-0688)
- Imported some automake/libtool fixes from upstream cvs
* Mon Mar 2 2009 crrodriguez@suse.de
- fix build with GCC 4.4
- remove all "la" files
* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Mon Aug 18 2008 rhafer@suse.de
- Fixed init-scripts Required-Stop Tags
* Tue Jul 29 2008 rhafer@suse.de
- Enhance sysconfig file and init script to allow to pass arbitrary
parameters to saslauthd (bnc#397808)
- Fixed description of the SASLAUTHD_THREADS sysconfig option.
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Fri Mar 28 2008 rhafer@suse.de
- Moved "Version:" up to the top to make versioned
Obsoletes/Requires work correctly.
* Wed Mar 26 2008 rhafer@suse.de
- Enabled NTLM authentication plugin (bnc#343665), created new
subpackage cyrus-sasl-ntlm
- Replaced %%run_ldconfig macro as suggested by rpmlint
- Replaced unversioned Obsoltes/Provides with versioned ones
- Removed unneeded Split-Provides
* Fri Oct 26 2007 rhafer@suse.de
- Fixed some RPMLINT complaints
- re-enabled accidently disabled "kerberos5" authmech for saslauthd
(Bug #335754)
* Tue Mar 20 2007 rhafer@suse.de
- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to
set the number of threads that saslauthd should spawn
(Bug #199114)
* Fri Oct 27 2006 rhafer@suse.de
- Use /etc/sasl2/ as directory for config files of services
%%{_libdir} can still be used for backwards compatibilty
(Bug #206414)
* Mon Sep 25 2006 rhafer@suse.de
- Remove unneeded automake/autoheader calls
* Mon Sep 11 2006 rhafer@suse.de
- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce
BuildRequires of cyrus-sasl.spec
- Removed unneeded openldap2 from BuildRequires of
cyrus-sasl-saslauthd
* Tue Aug 29 2006 rhafer@suse.de
- Enabled the ldapdb auxprop plugin and created new subpackage
cyrus-sasl-ldap-auxprop for it (Bug #201478)
* Fri Aug 25 2006 rhafer@suse.de
- remove saslauthd man-page from cyrus-sasl package to solve
confict with -saslauthd subpackage (Bug #200490)
* Fri Jun 2 2006 rhafer@suse.de
- updated to 2.1.22
* new pluginviewer utility for reporting information about client
and server side authentication plugins and auxprop plugins
(e.g. supported features, methods, etc.).
* Added support for HTTP POST password validation in saslauthd
- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name
collision with other packages in src.rpm (Bug #98188)
- include "crypt.h" in auth_shadow.c to avoid possible crash in
saslauthd (Bug #179621)
* Mon Apr 3 2006 rhafer@suse.de
- remove dlcompat-20010505 from tarball because of legal risk and
documented this in README.Source (Bug: #161390)
- added check for dlcompat-20010505 to the spec file
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Nov 23 2005 choeger@suse.de
- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database
* Sun Sep 25 2005 ro@suse.de
- added LDAP_DEPRECATED to CFLAGS
* Wed Jul 13 2005 choeger@suse.de
- use /dev/urandom instead of /dev/random, see
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue
for an explanation
- removed the useless .la files from rpm
* Tue May 17 2005 choeger@suse.de
- update to version 2.1.21
* Mon Mar 14 2005 choeger@suse.de
- now also build the sql auxprop plugin; created new subpackage
cyrus-sasl-sqlauxprop
* Fri Feb 25 2005 uli@suse.de
- better GCC4 fix
* Fri Feb 25 2005 uli@suse.de
- fixed to build with GCC4
* Tue Nov 2 2004 mmj@suse.de
- Get rid of .cvsignore files
- Don't remove buildroot before install
* Mon Oct 25 2004 choeger@suse.de
- update to version 2.1.20
* Wed Oct 6 2004 choeger@suse.de
- Bugfix ID#46847 - VUL-0: SASL environment variable local root
* Mon Sep 20 2004 choeger@suse.de
- package binaries of sample-client and -server instead of
shell wrappers (which do not work)
* Fri Sep 17 2004 choeger@suse.de
- removed saslauthd from cyrus-sasl requires, as it is only
needed on a "server" side and also not in every case (buildin
mechanisms as CRAM- or DIGEST-MD5 do not need it)
- added split-provides for saslauthd
* Mon Sep 6 2004 choeger@suse.de
- added testsaslauthd to filelist
- removed saslauthd and insserv makros from cyrus-sasl.spec
* Fri Sep 3 2004 choeger@suse.de
- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic
dependency openldap2 <-> cyrus-sasl with saslauthd having
LDAP support
* Tue Aug 31 2004 choeger@suse.de
- removed update messages and implemented "split-provides"
instead
* Tue Aug 31 2004 choeger@suse.de
- added LDAP support for saslauthd, Bugzilla ID#44051
* Mon Aug 30 2004 choeger@suse.de
- Bugfix Bugzilla ID#44346 - still using /var/adm/notify
now using new update messages mechanism
- added sample/client sample/server to file list
* Thu Jul 15 2004 choeger@suse.de
- update to version 2.1.19
* Tue Jun 15 2004 choeger@suse.de
- bugfix id#39245 - cyrus-sasl includes straycat man page
* Fri Mar 12 2004 choeger@suse.de
- update to version 2.1.18 (Bugfix Release)
* Tue Jan 27 2004 choeger@suse.de
- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath
* Thu Jan 22 2004 choeger@suse.de
- Bugfix Bugzilla ID#34019, notice users about the fact, that
cyrus-sasl has been splitted into subpackages
* Fri Jan 16 2004 kukuk@suse.de
- Add pam-devel to neededforbuild
* Tue Dec 2 2003 choeger@suse.de
- update to version 2.1.17
* Fri Oct 31 2003 choeger@suse.de
- Don't build as root
* Fri Oct 17 2003 kukuk@suse.de
- Remove unused des from neededforbuild
* Tue Sep 16 2003 kukuk@suse.de
- Add missing Provides [Bug #31005]
* Mon Sep 1 2003 choeger@suse.de
- removed "-u root" from startproc as it always failes
- removed link to doc/components.html from doc/index.html as
components.html does not exist (Bugzilla ID#29253)
* Thu Aug 14 2003 choeger@suse.de
- Bugfix Bugzilla ID#28932:
missing activation metadata in sysconfig template
* Wed Jul 30 2003 choeger@suse.de
- new macros for stop/restart of services on rpm update/removal
* Tue Jul 15 2003 choeger@suse.de
- update to version 2.1.15
* Mon Jun 30 2003 choeger@suse.de
- update to version 2.1.14
* Wed Jun 18 2003 ro@suse.de
- use kerberos-devel-packages in neededforbuild
* Fri Jun 13 2003 kukuk@suse.de
- Add missing directory to filelist
* Fri May 9 2003 choeger@suse.de
- use -ldb instead of -ldb-x.y to manually link the
dbconverter
* Tue May 6 2003 choeger@suse.de
- update to version 2.1.13
* Tue Apr 15 2003 ro@suse.de
- added krb4-lib,krb4-devel to neededforbuild
* Mon Apr 7 2003 choeger@suse.de
- renamed to cyrus-sasl
- splitted libraries for the following auth methods into seperate
packages:
- crammd5
- digestmd5
- otp
- plain
this is to prevent from annoying warnings about missing proper
setup of mechanisms we don't use
* Thu Mar 6 2003 choeger@suse.de
- ever used dbconverter-2? Well it is just a shell script
which uses the damn compiled source tree... :-(
manually building dbconverter to let users convert their
/etc/sasldb from v1 to v2 using /usr/sbin/dbconverter
* Thu Mar 6 2003 choeger@suse.de
- as cyrus-sasl is dropped now:
provide cyrus-sasl-*, obsolete cyrus-sasl-*
(Bugzilla ID# 24762)
* Tue Feb 4 2003 choeger@suse.de
- update to cyrus-sasl-2.1.12, bug-fix release.
This release addresses a few minor build and distribution
related issues
* Mon Feb 3 2003 choeger@suse.de
- update to cyrus-sasl-2.1.11, bug-fix release.
It addresses a number of issues in the build system, a
memory leak in the doors IPC method for saslauthd, and fixes the NTLM
server side support to only require one of the LM or NT methods.
* Thu Jan 23 2003 choeger@suse.de
- don't use new libtool macros as cyrus-sasl2 seems to not
work when using them.
- added patch to compile shared libraries on ppc
* Wed Jan 15 2003 kukuk@suse.de
- Remove openldap2 from needed for build
* Tue Jan 14 2003 choeger@suse.de
- do not build the static library anymore
* Wed Dec 11 2002 choeger@suse.de
- added sysconfig metadata to sysconfig templates
* Tue Dec 10 2002 choeger@suse.de
- update to version 2.1.10
This version corrects a number of DIGEST-MD5
interoperability issues, as well as corrects some potential buffer
overflows.
* Wed Oct 30 2002 ro@suse.de
- make it build again
* Tue Oct 29 2002 ro@suse.de
- remove own libtool macros
* Thu Oct 24 2002 choeger@suse.de
- update to latest version 2.1.9
* Thu Sep 12 2002 choeger@suse.de
- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict
with cyrus-sasl2-devel, because they contain files with the
same name
* Mon Aug 19 2002 rhafer@suse.de
- enabled building of the static libsasl.a. It is needed for
cyrus-imap to be usable with nss_ldap (which is linked against
cyrus-sasl1)
* Mon Aug 12 2002 choeger@suse.de
- update to version 2.1.7
* Thu Aug 8 2002 choeger@suse.de
- added .la files to the sasl2 plugin directory
([lt_]dlopen seems to need that)
* Mon Aug 5 2002 choeger@suse.de
- added Prereq
* Sat Jul 27 2002 adrian@suse.de
- add %%run_ldconfig
* Wed Jul 17 2002 choeger@suse.de
- update to version 2.1.6
* Wed Jun 19 2002 choeger@suse.de
- also install dbconverter-2 to be able to migrate from
cyrus-sasl(1)
* Tue Jun 18 2002 choeger@suse.de
- /var/run/sasl2 must be 755 to let non root daemons
connect to unix socket
* Tue Jun 18 2002 choeger@suse.de
- added initscript and sysconfig file for saslauthd
- added docs
* Tue Jun 18 2002 rhafer@suse.de
- added opie to needforbuild
- should build on ppc64 and s390x now
* Mon Jun 17 2002 rhafer@suse.de
- additional autoconf related patches, that were missing at first
check in
* Mon Jun 17 2002 rhafer@suse.de
- Initial checkin of cyrus-sasl-2.1.5
Reference in a new issue View git blame Copy permalink