packages/cyrus-sasl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:2b2cf93ed20fd6b26dbc25ee0e08f3c8aaa0caa0
Branches Tags
packages:main
...
compare: packages:6f50428c6cff1d445c3d26e7a1f6f821fe9a701d
Branches Tags
packages:main

10 Commits
2b2cf93ed2 ... 6f50428c6c

Author SHA1 Message Date
openeuler-ci-bot
6f50428c6c
!35 【openEuler-22.03-LTS-Next】update to 2.1.28 
From: @yixiangzhike 
Reviewed-by: @zhengxiaoxiaoGitee, @houmingyong, @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2022-10-28 02:47:36 +00:00
yixiangzhike
4b3f7f878a update to 2.1.28 
Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
 2022-10-25 16:58:01 +08:00
openeuler-ci-bot
95731b169b
!34 【openEuler-22.03-LTS-Next】saslauthd always restart with 1s 
From: @yixiangzhike 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2022-09-20 08:19:00 +00:00
yixiangzhike
86dcf878ce saslauthd always restart with 1s 
Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
 2022-09-20 15:33:09 +08:00
openeuler-ci-bot
efcd439cf2
!29 【openEuler-22.03-LTS-Next】compatible with autoconf-2.71 
From: @yixiangzhike 
Reviewed-by: @licihua 
Signed-off-by: @licihua
 2022-05-23 02:05:56 +00:00
yixiangzhike
cedd5cada2 compatible with autoconf-2.71 
Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
 2022-05-20 11:38:43 +08:00
openeuler-ci-bot
3ec9f4b387
!24 【openEuler-22.03-LTS-Next】Fix CVE-2022-24407 
From: @yixiangzhike 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-02-24 04:06:30 +00:00
yixiangzhike
7dc876496d Fix CVE-2022-24407 2022-02-24 10:40:27 +08:00
openeuler-ci-bot
6ca21bc2c7 !15 remove with-bdb=db from configure because libdb deprecated 
From: @panxh_purple
Reviewed-by: @overweight
Signed-off-by: @overweight
 2021-08-26 11:59:15 +00:00
panxiaohe
6c07b52dca remove with-bdb=db from configure because libdb deprecated 2021-08-26 17:59:51 +08:00
8 changed files with 48 additions and 99 deletions
Show Stats Expand all files Collapse all files

34
0003-Prevent-double-free-of-RC4-context.patch
View File

@ -1,34 +0,0 @@
From ca6c587cc9da51235b125a97e841fa786aaad7ff Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 16 Apr 2019 10:18:43 -0400
Subject: [PATCH 3/3] Prevent double free of RC4 context
Signed-off-by: Simo Sorce <simo@redhat.com>
---
plugins/digestmd5.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
index f184c16..df35093 100644
--- a/plugins/digestmd5.c
+++ b/plugins/digestmd5.c
@@ -1224,8 +1224,14 @@ static void free_rc4(context_t *text)
{
/* free rc4 context structures */
- if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context);
- if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context);
+ if (text->cipher_enc_context) {
+ text->utils->free(text->cipher_enc_context);
+ text->cipher_enc_context = NULL;
+ }
+ if (text->cipher_dec_context) {
+ text->utils->free(text->cipher_dec_context);
+ text->cipher_dec_context = NULL;
+ }
}
static int init_rc4(context_t *text,
--
2.7.4

27
backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch Normal file
View File

@ -0,0 +1,27 @@
From 92be047033d56c29473223c44985592b1290a701 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 3 May 2022 16:31:37 +0000
Subject: [PATCH] Fix earlier #554 commit to use fetch_errno instead of
gdbm_errno
Signed-off-by: Quanah Gibson-Mount <quanah@symas.com>
---
sasldb/db_gdbm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
index 5f658ce2..59e8fd74 100644
--- a/sasldb/db_gdbm.c
+++ b/sasldb/db_gdbm.c
@@ -119,7 +119,7 @@ int _sasldb_getdata(const sasl_utils_t *utils,
} else {
utils->seterror(conn, 0,
"Couldn't fetch entry from %s: gdbm_errno=%d",
- path, gdbm_errno);
+ path, fetch_errno);
result = SASL_FAIL;
}
goto cleanup;
--
2.27.0

32
backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
View File

@ -1,32 +0,0 @@
From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
From: Jonas Jelten <jj@sft.mx>
Date: Sat, 2 Feb 2019 20:53:37 +0100
Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
`gdbm_close` also sets gdbm_errno since version 1.17.
This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
the `gdbm_errno` value which is then later used for the error handling.
---
sasldb/db_gdbm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
index ee56a6b..c908808 100644
--- a/sasldb/db_gdbm.c
+++ b/sasldb/db_gdbm.c
@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
gkey.dptr = key;
gkey.dsize = key_len;
gvalue = gdbm_fetch(db, gkey);
+ int fetch_errno = gdbm_errno;
+
gdbm_close(db);
if (! gvalue.dptr) {
- if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
+ if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
utils->seterror(conn, SASL_NOLOG,
"user: %s@%s property: %s not found in %s",
authid, realm, propName, path);
--
1.8.3.1

BIN
cyrus-sasl-2.1.27.tar.gz
View File

Binary file not shown.

BIN
cyrus-sasl-2.1.28.tar.gz Normal file
View File

Binary file not shown.

26
cyrus-sasl.spec
View File

@ -5,19 +5,17 @@
%global bootstrap_cyrus_sasl 0
Name: cyrus-sasl
Version: 2.1.27
Release: 11
Version: 2.1.28
Release: 1
Summary: The Cyrus SASL API Implementation
License: BSD with advertising
URL: https://www.cyrusimap.org/sasl/
Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz
Source0: https://github.com/cyrusimap/cyrus-sasl/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
Source1: saslauthd.service
Source2: saslauthd.sysconfig
Patch0: 0003-Prevent-double-free-of-RC4-context.patch
Patch1: fix-CVE-2019-19906.patch
Patch2: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
Patch1: backport-Fix-earlier-554-commit-to-use-fetch_errno-instead-of.patch
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@ -139,7 +137,6 @@ echo "$LDFLAGS"
--with-gss_impl=mit \
--with-rc4 \
--with-bdb=gdbm \
--with-bdb=db \
--with-saslauthd=/run/saslauthd --without-pwcheck \
%if ! %{bootstrap_cyrus_sasl}
--with-ldap \
@ -261,6 +258,21 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
%changelog
* Tue Oct 25 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.28-1
- update to 2.1.28
* Tue Sep 20 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-15
- saslauthd always restart with 1s
* Fri May 20 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-14
- compatible with autoconf-2.71
* Thu Feb 24 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-13
- fix CVE-2022-24407
* Thu Aug 26 2021 panxiaohe <panxiaohe@huawei.com> - 2.1.27-12
- remove with-bdb=db from configure
* Sat Jun 19 2021 panxiaohe <panxiaohe@huawei.com> - 2.1.27-11
- fix gdbm_errno overlay from gdbm_close
- BuildRequires: replace libdb with gdbm

26
fix-CVE-2019-19906.patch
View File

@ -1,26 +0,0 @@
From 58aa420b5a0f5e7e5e88f2228f318fb12da5bb13 Mon Sep 17 00:00:00 2001
From: guoxiaoqi2 <guoxiaoqi2@huawei.com>
Date: Tue, 21 Jan 2020 17:59:49 -0500
Subject: [PATCH] fix CVE-2019-19906
Signed-off-by: guoxiaoqi2 <guoxiaoqi2@huawei.com>
---
lib/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/common.c b/lib/common.c
index 305311d..445c5d5 100644
--- a/lib/common.c
+++ b/lib/common.c
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
if (add==NULL) add = "(null)";
- addlen=strlen(add); /* only compute once */
+ addlen=strlen(add)+1; /* only compute once */
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
return SASL_NOMEM;
--
1.8.3.1

2
saslauthd.service
View File

@ -6,6 +6,8 @@ Type=forking
EnvironmentFile=/etc/sysconfig/saslauthd
ExecStart=/usr/sbin/saslauthd -m /run/saslauthd -a pam $FLAGS
RuntimeDirectory=saslauthd
Restart=always
RestartSec=1s
[Install]
WantedBy=multi-user.target