[packages/cyrus-sasl] - updated to 2.1.27 - updated nolibs,lt,split-sql,opie,cryptedpw,db,sizes,gssapi-detect,ac-libs,dont
qboosh
qboosh at pld-linux.org
Sat Nov 24 22:27:22 CET 2018
commit 5dd34792af515ff3a027c18a9b212e59a537a658
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sat Nov 24 22:31:38 2018 +0100
- updated to 2.1.27
- updated nolibs,lt,split-sql,opie,cryptedpw,db,sizes,gssapi-detect,ac-libs,dont_use_la_files_for_opening_plugins patches
- removed obsolete gcc4,keytab,parallel-make,pam,gssapi_ext,revert_1.103_revision_to_unbreak_GSSAPI,fix_segfault_in_GSSAPI,fix_dovecot_authentication,stddef,glibc217-crypt,openssl-1.1.0 patches
0030-dont_use_la_files_for_opening_plugins.patch | 16 +-
0032-revert_1.103_revision_to_unbreak_GSSAPI.patch | 15 -
0033-fix_segfault_in_GSSAPI.patch | 27 -
0034-fix_dovecot_authentication.patch | 23 -
cyrus-sasl-2.1.26-glibc217-crypt.diff | 108 --
cyrus-sasl-2.1.27-openssl-1.1.0.patch | 1150 --------------------
cyrus-sasl-ac-libs.patch | 114 +-
cyrus-sasl-cryptedpw.patch | 5 +-
cyrus-sasl-db.patch | 10 +-
cyrus-sasl-gcc4.patch | 27 -
cyrus-sasl-gssapi-detect.patch | 4 +-
cyrus-sasl-gssapi_ext.patch | 13 -
cyrus-sasl-keytab.patch | 38 -
cyrus-sasl-lt.patch | 27 +-
cyrus-sasl-nolibs.patch | 19 +-
cyrus-sasl-opie.patch | 5 +-
cyrus-sasl-pam.patch | 31 -
cyrus-sasl-parallel-make.patch | 59 -
cyrus-sasl-sizes.patch | 8 +-
cyrus-sasl-split-sql.patch | 62 +-
cyrus-sasl-stddef.patch | 12 -
cyrus-sasl.spec | 86 +-
22 files changed, 108 insertions(+), 1751 deletions(-)
---
diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 7730c64..bfda652 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -23,12 +23,12 @@ Summary(pt_BR.UTF-8): Implementação da API SASL
Summary(ru.UTF-8): Библиотека Cyrus SASL
Summary(uk.UTF-8): Бібліотека Cyrus SASL
Name: cyrus-sasl
-Version: 2.1.26
-Release: 8
+Version: 2.1.27
+Release: 1
License: distributable
Group: Libraries
Source0: ftp://ftp.cyrusimap.org/cyrus-sasl/%{name}-%{version}.tar.gz
-# Source0-md5: a7f4e5e559a0e37b3ffc438c9456e425
+# Source0-md5: a33820c66e0622222c5aefafa1581083
Source1: saslauthd.init
Source2: saslauthd.sysconfig
Source3: %{name}.pam
@@ -37,31 +37,20 @@ Patch0: %{name}-nolibs.patch
Patch1: %{name}-lt.patch
Patch2: %{name}-split-sql.patch
Patch3: %{name}-opie.patch
-Patch4: %{name}-gcc4.patch
# Adapted from http://frost.ath.cx/software/cyrus-sasl-patches/dist/2.1.19/cyrus-sasl-2.1.19-checkpw.c+sql.c.patch
Patch5: %{name}-cryptedpw.patch
Patch6: %{name}-md5sum-passwords.patch
Patch7: %{name}-db.patch
-Patch8: %{name}-keytab.patch
Patch9: %{name}-sizes.patch
Patch10: %{name}-nagios-plugin.patch
-Patch11: %{name}-parallel-make.patch
Patch12: %{name}-gssapi-detect.patch
Patch13: %{name}-saslauthd-httpform-urlescape.patch
Patch14: %{name}-ac-libs.patch
-Patch15: %{name}-pam.patch
-Patch16: %{name}-gssapi_ext.patch
-Patch17: 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
-Patch18: 0033-fix_segfault_in_GSSAPI.patch
-Patch19: 0034-fix_dovecot_authentication.patch
Patch20: %{name}-auxprop.patch
Patch21: 0030-dont_use_la_files_for_opening_plugins.patch
-Patch22: %{name}-stddef.patch
-Patch23: http://sourceforge.net/projects/miscellaneouspa/files/glibc217/cyrus-sasl-2.1.26-glibc217-crypt.diff
-Patch24: cyrus-sasl-2.1.27-openssl-1.1.0.patch
URL: http://asg.web.cmu.edu/sasl/
-BuildRequires: autoconf >= 2.54
-BuildRequires: automake >= 1:1.7
+BuildRequires: autoconf >= 2.63
+BuildRequires: automake >= 1:1.11
%{?with_authlib:BuildRequires: courier-authlib-devel}
BuildRequires: db-devel
BuildRequires: ed
@@ -514,38 +503,18 @@ Wtyczka Nagiosa do sprawdzania działania saslauthd.
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%if %{with cryptedpw}
%patch5 -p1
%patch6 -p1
%endif
%patch7 -p1
-%patch8 -p1
%patch9 -p1
%patch10 -p1
-%patch11 -p1
%patch12 -p1
%patch13 -p0
%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
%patch20 -p1
%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-
-cd doc
-echo "cyrus-sasl complies with the following RFCs:" > rfc-compliance
-ls rfc*.txt >> rfc-compliance
-rm -f rfc*.txt
-cd ..
-
-# old version
-%{__rm} config/libtool.m4
# update to our paths
sed -i -e '
@@ -553,48 +522,42 @@ sed -i -e '
s,/etc/saslauthd.conf,%{_sysconfdir}/saslauthd.conf,g
s,/var/run/saslauthd/mux,/var/lib/sasl2/mux,g
s,/var/state/saslauthd,/var/lib/sasl2,g
-' saslauthd/saslauthd.8 saslauthd/saslauthd.mdoc saslauthd/LDAP_SASLAUTHD doc/sysadmin.html
+' saslauthd/saslauthd.8 saslauthd/saslauthd.mdoc saslauthd/LDAP_SASLAUTHD doc/legacy/sysadmin.html
%build
%{__libtoolize}
-%{__aclocal} -I cmulocal -I config
-%{__autoheader}
+%{__aclocal} -I m4
%{__autoconf}
-%{__automake}
-cd saslauthd
-%{__aclocal} -I ../cmulocal -I ../config
%{__autoheader}
-%{__autoconf}
%{__automake}
-cd ..
%configure \
%{?with_cryptedpw: LDFLAGS=-lcrypt} \
- --disable-krb4 \
%{!?with_gssapi:--disable-gssapi} \
%{?with_gssapi:--enable-gssapi --with-gss_impl=heimdal} \
+ --enable-httpform \
+ --disable-krb4 \
+ %{?with_ldap:--enable-ldapdb} \
--enable-login \
+ --enable-passdss \
--enable-sample \
- --enable-httpform \
--enable-sql \
- --enable-passdss \
%{?with_srp:--enable-srp} \
--enable-static \
- --with-plugindir=%{_libdir}/sasl2 \
+ %{?with_authlib:--with-authdaemond=/var/spool/authdaemon/socket} \
--with-configdir=%{_sysconfdir} \
--with-dblib=berkeley \
--with-dbpath=/var/lib/sasl2/sasl.db \
- %{?with_authlib:--with-authdaemond=/var/spool/authdaemon/socket} \
- %{?with_ldap:--with-ldap=%{_prefix}} \
- %{?with_ldap:--enable-ldapdb} \
+ %{?with_ldap:--with-ldap} \
%{?with_mysql:--with-mysql=%{_prefix}} \
%{?with_ntlm:--enable-ntlm} \
- %{?with_pgsql:--with-pgsql=%{_prefix}} \
- %{?with_sqlite:--with-sqlite=%{_prefix}} \
- %{?with_sqlite3:--with-sqlite3=%{_prefix}} \
%{?with_opie:--with-opie=%{_prefix}} \
--with-pam \
+ %{?with_pgsql:--with-pgsql=%{_prefix}} \
+ --with-plugindir=%{_libdir}/sasl2 \
%{?with_pwcheck:--with-pwcheck=/var/lib/sasl2} \
- --with-saslauthd=/var/lib/sasl2
+ --with-saslauthd=/var/lib/sasl2 \
+ %{?with_sqlite:--with-sqlite=%{_prefix}} \
+ %{?with_sqlite3:--with-sqlite3=%{_prefix}}
%{__make}
@@ -602,12 +565,7 @@ cd ..
%{__make} -C saslauthd saslcache
%{__make} -C sample sample-client sample-server
-cd doc
-RFCLIST=$(grep 'rfc.\+\.txt' rfc-compliance)
-for i in $RFCLIST; do
- RFCDIR=../RFC/text/`echo $i | sed -e 's:^rfc::' -e 's:..\.txt$::' `00
- echo -e ',s:'$i':'$RFCDIR/$i'\n,w\nq' | ed index.html
-done
+%{__rm} -rf doc/html/{_sources,objects.inv,.buildinfo}
%install
rm -rf $RPM_BUILD_ROOT
@@ -670,8 +628,7 @@ fi
%files
%defattr(644,root,root,755)
-%doc AUTHORS COPYING ChangeLog NEWS README
-%doc doc/{ONEWS,TODO,*.txt,*.html,*.fig,rfc-compliance}
+%doc AUTHORS COPYING ChangeLog README doc/legacy/{TODO,*.html,*.fig} doc/html
%dir %{_sysconfdir}
%dir %{_libdir}/sasl2
# sample programs to subpackage instead?
@@ -797,8 +754,7 @@ fi
%files saslauthd
%defattr(644,root,root,755)
-%doc cyrus.pam
-%doc saslauthd/{AUTHORS,LDAP_SASLAUTHD}
+%doc cyrus.pam saslauthd/{COPYING,LDAP_SASLAUTHD}
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/saslauthd.conf
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/saslauthd
%attr(755,root,root) %{_sbindir}/saslauthd
diff --git a/0030-dont_use_la_files_for_opening_plugins.patch b/0030-dont_use_la_files_for_opening_plugins.patch
index 14a3224..b2ca061 100644
--- a/0030-dont_use_la_files_for_opening_plugins.patch
+++ b/0030-dont_use_la_files_for_opening_plugins.patch
@@ -1,6 +1,6 @@
---- a/lib/dlopen.c
-+++ b/lib/dlopen.c
-@@ -247,105 +247,6 @@ static int _sasl_plugin_load(char *plugi
+--- cyrus-sasl-2.1.27/lib/dlopen.c.orig 2018-11-08 18:29:57.000000000 +0100
++++ cyrus-sasl-2.1.27/lib/dlopen.c 2018-11-24 18:07:23.001299091 +0100
+@@ -246,113 +246,6 @@ static int _sasl_plugin_load(char *plugi
return result;
}
@@ -28,6 +28,8 @@
- if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) {
- if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) {
- /* check for a .la file */
+- if (strlen(prefix) + strlen(in) + strlen(LA_SUFFIX) + 1 >= MAX_LINE)
+- return SASL_BADPARAM;
- strcpy(line, prefix);
- strcat(line, in);
- length = strlen(line);
@@ -40,11 +42,15 @@
- return SASL_FAIL;
- }
- }
+- if (strlen(prefix) + strlen(in) + 1 >= PATH_MAX)
+- return SASL_BADPARAM;
- strcpy(out, prefix);
- strcat(out, in);
- return SASL_OK;
- }
-
+- if (strlen(prefix) + strlen(in) + 1 >= MAX_LINE)
+- return SASL_BADPARAM;
- strcpy(line, prefix);
- strcat(line, in);
-
@@ -60,6 +66,7 @@
- if(line[strlen(line) - 1] != '\n') {
- _sasl_log(NULL, SASL_LOG_WARN,
- "LA file has too long of a line: %s", in);
+- fclose(file);
- return SASL_BUFOVER;
- }
- if(line[0] == '\n' || line[0] == '#') continue;
@@ -79,6 +86,7 @@
- if(ntmp == end) {
- _sasl_log(NULL, SASL_LOG_DEBUG,
- "dlname is empty in .la file: %s", in);
+- fclose(file);
- return SASL_FAIL;
- }
- strcpy(out, prefix);
@@ -106,7 +114,7 @@
#endif /* DO_DLOPEN */
/* loads a plugin library */
-@@ -499,18 +400,18 @@ int _sasl_load_plugins(const add_plugin_
+@@ -506,18 +399,18 @@ int _sasl_load_plugins(const add_plugin_
if (length + pos>=PATH_MAX) continue; /* too big */
if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)),
diff --git a/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch b/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
deleted file mode 100644
index 852dbc4..0000000
--- a/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/plugins/gssapi.c
-+++ b/plugins/gssapi.c
-@@ -1480,10 +1480,10 @@ static int gssapi_client_mech_step(void
- }
-
- /* Setup req_flags properly */
-- req_flags = GSS_C_INTEG_FLAG;
-+ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
- if (params->props.max_ssf > params->external_ssf) {
- /* We are requesting a security layer */
-- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
-+ req_flags |= GSS_C_INTEG_FLAG;
- /* Any SSF bigger than 1 is confidentiality. */
- /* Let's check if the client of the API requires confidentiality,
- and it wasn't already provided by an external layer */
diff --git a/0033-fix_segfault_in_GSSAPI.patch b/0033-fix_segfault_in_GSSAPI.patch
deleted file mode 100644
index 4c191e9..0000000
--- a/0033-fix_segfault_in_GSSAPI.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- cyrus-sasl-2.1.26/plugins/gssapi.c.orig 2012-11-23 19:03:06.002027748 +0100
-+++ cyrus-sasl-2.1.26/plugins/gssapi.c 2012-11-23 19:06:07.818690625 +0100
-@@ -379,7 +379,7 @@
- }
-
- if (output_token->value && output) {
-- unsigned char * p;
-+ int len;
-
- ret = _plug_buf_alloc(text->utils,
- &(text->encode_buf),
-@@ -393,13 +393,8 @@
- return ret;
- }
-
-- p = (unsigned char *) text->encode_buf;
--
-- p[0] = (output_token->length>>24) & 0xFF;
-- p[1] = (output_token->length>>16) & 0xFF;
-- p[2] = (output_token->length>>8) & 0xFF;
-- p[3] = output_token->length & 0xFF;
--
-+ len = htonl(output_token->length);
-+ memcpy(text->encode_buf, &len, 4);
- memcpy(text->encode_buf + 4, output_token->value, output_token->length);
- }
-
diff --git a/0034-fix_dovecot_authentication.patch b/0034-fix_dovecot_authentication.patch
deleted file mode 100644
index 9af2a7a..0000000
--- a/0034-fix_dovecot_authentication.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/lib/checkpw.c
-+++ b/lib/checkpw.c
-@@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de
- /* Timeout. */
- errno = ETIMEDOUT;
- return -1;
-- case +1:
-- if (FD_ISSET(fd, &rfds)) {
-- /* Success, file descriptor is readable. */
-- return 0;
-- }
-- return -1;
- case -1:
- if (errno == EINTR || errno == EAGAIN)
- continue;
- default:
-+ if (FD_ISSET(fd, &rfds)) {
-+ /* Success, file descriptor is readable. */
-+ return 0;
-+ }
- /* Error catch-all. */
- return -1;
- }
diff --git a/cyrus-sasl-2.1.26-glibc217-crypt.diff b/cyrus-sasl-2.1.26-glibc217-crypt.diff
deleted file mode 100644
index 020e2a0..0000000
--- a/cyrus-sasl-2.1.26-glibc217-crypt.diff
+++ /dev/null
@@ -1,108 +0,0 @@
-From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1 at hush.com>
-Date: Tue, 9 Jul 2013
-Subject: [PATCH] Handle NULL returns from glibc 2.17+ crypt().
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-When using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
----
- pwcheck/pwcheck_getpwnam.c | 3 ++-
- pwcheck/pwcheck_getspnam.c | 3 ++-
- saslauthd/auth_getpwent.c | 3 ++-
- saslauthd/auth_shadow.c | 7 ++-----
- 4 files changed, 8 insertions(+), 8 deletions(-)
-
---- a/pwcheck/pwcheck_getpwnam.c
-+++ b/pwcheck/pwcheck_getpwnam.c
-@@ -32,6 +32,7 @@ extern char *crypt();
- char *password;
- {
- char* r;
-+ char* crpt_passwd;
- struct passwd *pwd;
-
- pwd = getpwnam(userid);
-@@ -41,7 +42,7 @@ char *password;
- else if (pwd->pw_passwd[0] == '*') {
- r = "Account disabled";
- }
-- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
- r = "Incorrect password";
- }
- else {
---- a/pwcheck/pwcheck_getspnam.c
-+++ b/pwcheck/pwcheck_getspnam.c
-@@ -30,6 +30,7 @@ extern char *crypt();
- char *pwcheck(userid, password)
- char *userid;
- char *password;
-+char *crpt_passwd;
- {
- struct spwd *pwd;
-
-@@ -38,7 +39,7 @@ char *password;
- return "Userid not found";
- }
-
-- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
-+ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
- return "Incorrect password";
- }
- else {
---- a/saslauthd/auth_getpwent.c
-+++ b/saslauthd/auth_getpwent.c
-@@ -77,6 +77,7 @@ auth_getpwent (
- {
- /* VARIABLES */
- struct passwd *pw; /* pointer to passwd file entry */
-+ char *crpt_passwd; /* encrypted password */
- int errnum;
- /* END VARIABLES */
-
-@@ -105,7 +106,7 @@ auth_getpwent (
- }
- }
-
-- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- }
---- a/saslauthd/auth_shadow.c
-+++ b/saslauthd/auth_shadow.c
-@@ -210,8 +210,7 @@ auth_shadow (
- RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
- }
-
-- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
-- if (strcmp(sp->sp_pwdp, cpw)) {
-+ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
- if (flags & VERBOSE) {
- /*
- * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -221,10 +220,8 @@ auth_shadow (
- syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- sp->sp_pwdp, cpw);
- }
-- free(cpw);
- RETURN("NO Incorrect password");
- }
-- free(cpw);
-
- /*
- * The following fields will be set to -1 if:
-@@ -286,7 +283,7 @@ auth_shadow (
- RETURN("NO Invalid username");
- }
-
-- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- password, upw->upw_passwd);
diff --git a/cyrus-sasl-2.1.27-openssl-1.1.0.patch b/cyrus-sasl-2.1.27-openssl-1.1.0.patch
deleted file mode 100644
index 59fd2b6..0000000
--- a/cyrus-sasl-2.1.27-openssl-1.1.0.patch
+++ /dev/null
@@ -1,1150 +0,0 @@
-diff -up cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 cyrus-sasl-2.1.26/plugins/ntlm.c
---- cyrus-sasl-2.1.26/plugins/ntlm.c.openssl110 2012-01-28 00:31:36.000000000 +0100
-+++ cyrus-sasl-2.1.26/plugins/ntlm.c 2016-11-07 16:15:57.498259304 +0100
-@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
- return P24;
- }
-
-+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ return HMAC_CTX_new();
-+#else
-+ return utils->malloc(sizeof(HMAC_CTX));
-+#endif
-+}
-+
-+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ HMAC_CTX_free(ctx);
-+#else
-+ HMAC_cleanup(ctx);
-+ utils->free(ctx);
-+#endif
-+}
-+
- static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- const char *authid, const char *target,
- const unsigned char *challenge,
-@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
- const sasl_utils_t *utils,
- char **buf, unsigned *buflen, int *result)
- {
-- HMAC_CTX ctx;
-+ HMAC_CTX *ctx = NULL;
- unsigned char hash[EVP_MAX_MD_SIZE];
- char *upper;
- unsigned int len;
-@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
- SETERROR(utils, "cannot allocate NTLMv2 hash");
- *result = SASL_NOMEM;
- }
-+ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate HMAC CTX");
-+ *result = SASL_NOMEM;
-+ }
- else {
- /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
- P16_nt(hash, passwd, utils, buf, buflen, result);
-@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
- HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
-
- /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
-- HMAC_Init(&ctx, hash, len, EVP_md5());
-- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
-- HMAC_Update(&ctx, blob, bloblen);
-- HMAC_Final(&ctx, V2, &len);
-- HMAC_cleanup(&ctx);
-+ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
-+ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
-+ HMAC_Update(ctx, blob, bloblen);
-+ HMAC_Final(ctx, V2, &len);
-
- /* the blob is concatenated outside of this function */
-
- *result = SASL_OK;
- }
-
-+ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
-+
- return V2;
- }
-
-diff -up cyrus-sasl-2.1.26/plugins/otp.c.openssl110 cyrus-sasl-2.1.26/plugins/otp.c
---- cyrus-sasl-2.1.26/plugins/otp.c.openssl110 2012-10-12 16:05:48.000000000 +0200
-+++ cyrus-sasl-2.1.26/plugins/otp.c 2016-11-07 16:13:54.374327601 +0100
-@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
- {NULL, 0, NULL}
- };
-
-+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ return EVP_MD_CTX_new();
-+#else
-+ return utils->malloc(sizeof(EVP_MD_CTX));
-+#endif
-+}
-+
-+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX_free(ctx);
-+#else
-+ utils->free(ctx);
-+#endif
-+}
-+
- /* Convert the binary data into ASCII hex */
- void bin2hex(unsigned char *bin, int binlen, char *hex)
- {
-@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
- * swabbing bytes if necessary.
- */
- static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
-- unsigned char *out, int swab)
-+ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
- {
-- EVP_MD_CTX mdctx;
-- char hash[EVP_MAX_MD_SIZE];
-+ unsigned char hash[EVP_MAX_MD_SIZE];
- unsigned int i;
- int j;
- unsigned hashlen;
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, in, inlen);
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, in, inlen);
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-
- /* Fold the result into 64 bits */
- for (i = OTP_HASH_SIZE; i < hashlen; i++) {
-@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
- char *secret, char *otp)
- {
- const EVP_MD *md;
-- char *key;
-+ EVP_MD_CTX *mdctx = NULL;
-+ char *key = NULL;
-+ int r = SASL_OK;
-
- if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- utils->seterror(utils->conn, 0,
-@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
- return SASL_FAIL;
- }
-
-+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate MD CTX");
-+ r = SASL_NOMEM;
-+ goto done;
-+ }
-+
- if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
- SETERROR(utils, "cannot allocate OTP key");
-- return SASL_NOMEM;
-+ r = SASL_NOMEM;
-+ goto done;
- }
-
- /* initial step */
- strcpy(key, seed);
- strcat(key, secret);
-- otp_hash(md, key, strlen(key), otp, alg->swab);
-+ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
-
- /* computation step */
- while (seq-- > 0)
-- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
--
-- utils->free(key);
-+ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
-+
-+ done:
-+ if (key) utils->free(key);
-+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-
-- return SASL_OK;
-+ return r;
- }
-
- static int parse_challenge(const sasl_utils_t *utils,
-@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
-
- /* Convert the 6 words into binary data */
- static int word2bin(const sasl_utils_t *utils,
-- char *words, unsigned char *bin, const EVP_MD *md)
-+ char *words, unsigned char *bin, const EVP_MD *md,
-+ EVP_MD_CTX *mdctx)
- {
- int i, j;
- char *c, *word, buf[OTP_RESPONSE_MAX+1];
-@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
-
- /* alternate dictionary */
- if (alt_dict) {
-- EVP_MD_CTX mdctx;
-- char hash[EVP_MAX_MD_SIZE];
-- int hashlen;
-+ unsigned char hash[EVP_MAX_MD_SIZE];
-+ unsigned hashlen;
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, word, strlen(word));
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, word, strlen(word));
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-
- /* use lowest 11 bits */
- x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
-@@ -802,6 +834,7 @@ static int verify_response(server_contex
- char *response)
- {
- const EVP_MD *md;
-+ EVP_MD_CTX *mdctx = NULL;
- char *c;
- int do_init = 0;
- unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
-@@ -815,6 +848,11 @@ static int verify_response(server_contex
- return SASL_FAIL;
- }
-
-+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate MD CTX");
-+ return SASL_NOMEM;
-+ }
-+
- /* eat leading whitespace */
- c = response;
- while (isspace((int) *c)) c++;
-@@ -824,7 +862,7 @@ static int verify_response(server_contex
- r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
- }
- else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
-- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
-+ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
- }
- else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
- strlen(OTP_INIT_HEX_TYPE))) {
-@@ -834,7 +872,7 @@ static int verify_response(server_contex
- else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- strlen(OTP_INIT_WORD_TYPE))) {
- do_init = 1;
-- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
-+ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
- }
- else {
- SETERROR(utils, "unknown OTP extended response type");
-@@ -843,14 +881,15 @@ static int verify_response(server_contex
- }
- else {
- /* standard response, try word first, and then hex */
-- r = word2bin(utils, c, cur_otp, md);
-+ r = word2bin(utils, c, cur_otp, md, mdctx);
- if (r != SASL_OK)
- r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
- }
-
- if (r == SASL_OK) {
- /* do one more hash (previous otp) and compare to stored otp */
-- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
-+ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
-+ prev_otp, text->alg->swab, mdctx);
-
- if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
- /* update the secret with this seq/otp */
-@@ -879,23 +918,28 @@ static int verify_response(server_contex
- *new_resp++ = '\0';
- }
-
-- if (!(new_chal && new_resp))
-- return SASL_BADAUTH;
-+ if (!(new_chal && new_resp)) {
-+ r = SASL_BADAUTH;
-+ goto done;
-+ }
-
- if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
- != SASL_OK) {
-- return r;
-+ goto done;
- }
-
-- if (seq < 1 || !strcasecmp(seed, text->seed))
-- return SASL_BADAUTH;
-+ if (seq < 1 || !strcasecmp(seed, text->seed)) {
-+ r = SASL_BADAUTH;
-+ goto done;
-+ }
-
- /* find the MDA */
- if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- utils->seterror(utils->conn, 0,
- "OTP algorithm %s is not available",
- alg->evp_name);
-- return SASL_BADAUTH;
-+ r = SASL_BADAUTH;
-+ goto done;
- }
-
- if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
-@@ -903,7 +947,7 @@ static int verify_response(server_contex
- }
- else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- strlen(OTP_INIT_WORD_TYPE))) {
-- r = word2bin(utils, new_resp, new_otp, md);
-+ r = word2bin(utils, new_resp, new_otp, md, mdctx);
- }
-
- if (r == SASL_OK) {
-@@ -914,7 +958,10 @@ static int verify_response(server_contex
- memcpy(text->otp, new_otp, OTP_HASH_SIZE);
- }
- }
--
-+
-+ done:
-+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-+
- return r;
- }
-
-diff -up cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 cyrus-sasl-2.1.26/saslauthd/lak.c
---- cyrus-sasl-2.1.26/saslauthd/lak.c.openssl110 2016-11-07 16:13:54.347327616 +0100
-+++ cyrus-sasl-2.1.26/saslauthd/lak.c 2016-11-07 16:18:42.283167898 +0100
-@@ -61,6 +61,35 @@
- #include <sasl.h>
- #include "lak.h"
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+static EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+ return EVP_MD_CTX_create();
-+}
-+static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-+{
-+ if (ctx == NULL)
-+ return;
-+
-+ EVP_MD_CTX_destroy(ctx);
-+}
-+
-+static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
-+{
-+ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
-+
-+ if (ctx != NULL) {
-+ memset(ctx, 0, sizeof(*ctx));
-+ }
-+ return ctx;
-+}
-+static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
-+{
-+ OPENSSL_free(ctx);
-+ return;
-+}
-+#endif
-+
- typedef struct lak_auth_method {
- int method;
- int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
-@@ -1720,20 +1749,28 @@ static int lak_base64_decode(
-
- int rc, i, tlen = 0;
- char *text;
-- EVP_ENCODE_CTX EVP_ctx;
-+ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
-
-- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
- if (text == NULL)
- return LAK_NOMEM;
-
-- EVP_DecodeInit(&EVP_ctx);
-- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
-+ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
-+ if (text == NULL) {
-+ EVP_ENCODE_CTX_free(enc_ctx);
-+ return LAK_NOMEM;
-+ }
-+
-+ EVP_DecodeInit(enc_ctx);
-+ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
- if (rc < 0) {
-+ EVP_ENCODE_CTX_free(enc_ctx);
- free(text);
- return LAK_FAIL;
- }
- tlen += i;
-- EVP_DecodeFinal(&EVP_ctx, text, &i);
-+ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
-+
-+ EVP_ENCODE_CTX_free(enc_ctx);
-
- *ret = text;
- if (rlen != NULL)
-@@ -1749,7 +1786,7 @@ static int lak_check_hashed(
- {
- int rc, clen;
- LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- const EVP_MD *md;
- unsigned char digest[EVP_MAX_MD_SIZE];
- char *cred;
-@@ -1758,17 +1795,24 @@ static int lak_check_hashed(
- if (!md)
- return LAK_FAIL;
-
-+ mdctx = EVP_MD_CTX_new();
-+ if (!mdctx)
-+ return LAK_NOMEM;
-+
- rc = lak_base64_decode(hash, &cred, &clen);
-- if (rc != LAK_OK)
-+ if (rc != LAK_OK) {
-+ EVP_MD_CTX_free(mdctx);
- return rc;
-+ }
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
- if (hrock->salted) {
-- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
-+ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
- clen - EVP_MD_size(md));
- }
-- EVP_DigestFinal(&mdctx, digest, NULL);
-+ EVP_DigestFinal(mdctx, digest, NULL);
-+ EVP_MD_CTX_free(mdctx);
-
- rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
- free(cred);
-diff --git a/plugins/passdss.c b/plugins/passdss.c
-index a55ed60d..2f81d44e 100644
---- a/plugins/passdss.c
-+++ b/plugins/passdss.c
-@@ -108,23 +111,23 @@ typedef struct context {
- const sasl_utils_t *utils;
-
- /* per-step mem management */
-- char *out_buf;
-+ unsigned char *out_buf;
- unsigned out_buf_len;
-
- /* security layer foo */
- unsigned char secmask; /* bitmask of enabled security layers */
- unsigned char padding[EVP_MAX_BLOCK_LENGTH]; /* block of NULs */
-
-- HMAC_CTX hmac_send_ctx;
-- HMAC_CTX hmac_recv_ctx;
-+ HMAC_CTX *hmac_send_ctx;
-+ HMAC_CTX *hmac_recv_ctx;
-
- unsigned char send_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */
- unsigned char recv_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */
- unsigned char *cs_integrity_key; /* ptr to bare key in send/recv key */
- unsigned char *sc_integrity_key; /* ptr to bare key in send/recv key */
-
-- EVP_CIPHER_CTX cipher_enc_ctx;
-- EVP_CIPHER_CTX cipher_dec_ctx;
-+ EVP_CIPHER_CTX *cipher_enc_ctx;
-+ EVP_CIPHER_CTX *cipher_dec_ctx;
- unsigned blk_siz;
-
- unsigned char cs_encryption_iv[EVP_MAX_MD_SIZE];
-@@ -137,7 +140,7 @@ typedef struct context {
- uint32_t pktnum_in;
-
- /* for encoding/decoding mem management */
-- char *encode_buf, *decode_buf, *decode_pkt_buf;
-+ unsigned char *encode_buf, *decode_buf, *decode_pkt_buf;
- unsigned encode_buf_len, decode_buf_len, decode_pkt_buf_len;
-
- /* layers buffering */
-@@ -169,7 +172,7 @@ static int passdss_encode(void *context,
- inputlen += invec[i].iov_len;
-
- /* allocate a buffer for the output */
-- ret = _plug_buf_alloc(text->utils, &text->encode_buf,
-+ ret = _plug_buf_alloc(text->utils, (char **) &text->encode_buf,
- &text->encode_buf_len,
- 4 + /* length */
- inputlen + /* content */
-@@ -184,19 +187,19 @@ static int passdss_encode(void *context,
- memcpy(text->send_integrity_key, &tmpnum, 4);
-
- /* key the HMAC */
-- HMAC_Init_ex(&text->hmac_send_ctx, text->send_integrity_key,
-+ HMAC_Init_ex(text->hmac_send_ctx, text->send_integrity_key,
- 4+SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
-
- /* operate on each iovec */
- for (i = 0; i < numiov; i++) {
- /* hash the content */
-- HMAC_Update(&text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len);
-+ HMAC_Update(text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len);
-
- if (text->secmask & PRIVACY_LAYER_FLAG) {
-- unsigned enclen;
-+ int enclen;
-
- /* encrypt the data into the output buffer */
-- EVP_EncryptUpdate(&text->cipher_enc_ctx,
-+ EVP_EncryptUpdate(text->cipher_enc_ctx,
- text->encode_buf + *outputlen, &enclen,
- invec[i].iov_base, invec[i].iov_len);
- *outputlen += enclen;
-@@ -210,14 +213,14 @@ static int passdss_encode(void *context,
- }
-
- /* calculate the HMAC */
-- HMAC_Final(&text->hmac_send_ctx, hmac, &hmaclen);
-+ HMAC_Final(text->hmac_send_ctx, hmac, &hmaclen);
-
- if (text->secmask & PRIVACY_LAYER_FLAG) {
-- unsigned enclen;
-+ int enclen;
- unsigned char padlen;
-
- /* encrypt the HMAC into the output buffer */
-- EVP_EncryptUpdate(&text->cipher_enc_ctx,
-+ EVP_EncryptUpdate(text->cipher_enc_ctx,
- text->encode_buf + *outputlen, &enclen,
- hmac, hmaclen);
- *outputlen += enclen;
-@@ -225,17 +228,17 @@ static int passdss_encode(void *context,
- /* pad output buffer to multiple of blk_siz
- with padlen-1 as last octet */
- padlen = text->blk_siz - ((inputlen + hmaclen) % text->blk_siz) - 1;
-- EVP_EncryptUpdate(&text->cipher_enc_ctx,
-+ EVP_EncryptUpdate(text->cipher_enc_ctx,
- text->encode_buf + *outputlen, &enclen,
- text->padding, padlen);
- *outputlen += enclen;
-- EVP_EncryptUpdate(&text->cipher_enc_ctx,
-+ EVP_EncryptUpdate(text->cipher_enc_ctx,
- text->encode_buf + *outputlen, &enclen,
- &padlen, 1);
- *outputlen += enclen;
-
- /* encrypt the last block of data into the output buffer */
-- EVP_EncryptFinal_ex(&text->cipher_enc_ctx,
-+ EVP_EncryptFinal_ex(text->cipher_enc_ctx,
- text->encode_buf + *outputlen, &enclen);
- *outputlen += enclen;
- }
-@@ -250,7 +253,7 @@ static int passdss_encode(void *context,
- tmpnum = htonl(tmpnum);
- memcpy(text->encode_buf, &tmpnum, 4);
-
-- *output = text->encode_buf;
-+ *output = (char *) text->encode_buf;
-
- return SASL_OK;
- }
-@@ -269,25 +272,25 @@ static int passdss_decode_packet(void *context,
- int ret;
-
- if (text->secmask & PRIVACY_LAYER_FLAG) {
-- unsigned declen, padlen;
-+ int declen, padlen;
-
- /* allocate a buffer for the output */
-- ret = _plug_buf_alloc(text->utils, &(text->decode_pkt_buf),
-+ ret = _plug_buf_alloc(text->utils, (char **) &(text->decode_pkt_buf),
- &(text->decode_pkt_buf_len), inputlen);
- if (ret != SASL_OK) return ret;
-
- /* decrypt the data into the output buffer */
-- ret = EVP_DecryptUpdate(&text->cipher_dec_ctx,
-+ ret = EVP_DecryptUpdate(text->cipher_dec_ctx,
- text->decode_pkt_buf, &declen,
-- (char *) input, inputlen);
-+ (unsigned char *) input, inputlen);
- if (ret)
-- EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */
-+ EVP_DecryptFinal_ex(text->cipher_dec_ctx, /* should be no output */
- text->decode_pkt_buf + declen, &declen);
- if (!ret) {
- SETERROR(text->utils, "Error decrypting input");
- return SASL_BADPROT;
- }
-- input = text->decode_pkt_buf;
-+ input = (char *) text->decode_pkt_buf;
-
- /* trim padding */
- padlen = text->decode_pkt_buf[inputlen - 1] + 1;
-@@ -303,7 +306,7 @@ static int passdss_decode_packet(void *context,
-
- /* calculate the HMAC */
- HMAC(EVP_sha1(), text->recv_integrity_key, 4+SHA_DIGEST_LENGTH,
-- input, inputlen, hmac, &hmaclen);
-+ (unsigned char *) input, inputlen, hmac, &hmaclen);
-
- /* verify HMAC */
- if (memcmp(hmac, input+inputlen, hmaclen)) {
-@@ -324,12 +327,12 @@ static int passdss_decode(void *context,
- {
- context_t *text = (context_t *) context;
- int ret;
--
-+
- ret = _plug_decode(&text->decode_context, input, inputlen,
-- &text->decode_buf, &text->decode_buf_len, outputlen,
-- passdss_decode_packet, text);
-+ (char **) &text->decode_buf, &text->decode_buf_len,
-+ outputlen, passdss_decode_packet, text);
-
-- *output = text->decode_buf;
-+ *output = (const char *) text->decode_buf;
-
- return ret;
- }
-@@ -340,7 +343,8 @@ static int passdss_decode(void *context,
- /*
- * Create/append to a PASSDSS buffer from the data specified by the fmt string.
- */
--static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset,
-+static int MakeBuffer(const sasl_utils_t *utils,
-+ unsigned char **buf, unsigned offset,
- unsigned *buflen, unsigned *outlen, const char *fmt, ...)
- {
- va_list ap;
-@@ -423,10 +427,10 @@ static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset,
- }
- va_end(ap);
-
-- r = _plug_buf_alloc(utils, buf, buflen, alloclen);
-+ r = _plug_buf_alloc(utils, (char **) buf, buflen, alloclen);
- if (r != SASL_OK) return r;
-
-- out = *buf + offset;
-+ out = (char *) *buf + offset;
-
- /* second pass to fill buffer */
- va_start(ap, fmt);
-@@ -461,7 +465,7 @@ static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset,
- case 'm':
- /* MPI */
- mpi = va_arg(ap, BIGNUM *);
-- len = BN_bn2bin(mpi, out+4);
-+ len = BN_bn2bin(mpi, (unsigned char *) out+4);
- nl = htonl(len);
- memcpy(out, &nl, 4); /* add 4 byte len (network order) */
- out += len + 4;
-@@ -513,7 +517,7 @@ static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset,
- done:
- va_end(ap);
-
-- *outlen = out - *buf;
-+ *outlen = out - (char *) *buf;
-
- return r;
- }
-@@ -598,8 +602,8 @@ static int UnBuffer(const sasl_utils_t *utils, const char *buf,
-
- if (mpi) {
- if (!*mpi) *mpi = BN_new();
-- BN_init(*mpi);
-- BN_bin2bn(buf, len, *mpi);
-+ BN_clear(*mpi);
-+ BN_bin2bn((unsigned char *) buf, len, *mpi);
- }
- break;
-
-@@ -714,16 +718,16 @@ static int UnBuffer(const sasl_utils_t *utils, const char *buf,
- }
-
- #define DOHASH(out, in1, len1, in2, len2, in3, len3) \
-- EVP_DigestInit(&mdctx, EVP_sha1()); \
-- EVP_DigestUpdate(&mdctx, in1, len1); \
-- EVP_DigestUpdate(&mdctx, in2, len2); \
-- EVP_DigestUpdate(&mdctx, in3, len3); \
-- EVP_DigestFinal(&mdctx, out, NULL)
--
--void CalcLayerParams(context_t *text, char *K, unsigned Klen,
-- char *hash, unsigned hashlen)
-+ EVP_DigestInit(mdctx, EVP_sha1()); \
-+ EVP_DigestUpdate(mdctx, in1, len1); \
-+ EVP_DigestUpdate(mdctx, in2, len2); \
-+ EVP_DigestUpdate(mdctx, in3, len3); \
-+ EVP_DigestFinal(mdctx, out, NULL)
-+
-+void CalcLayerParams(context_t *text, unsigned char *K, unsigned Klen,
-+ unsigned char *hash, unsigned hashlen)
- {
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
-
- DOHASH(text->cs_encryption_iv, K, Klen, "A", 1, hash, hashlen);
- DOHASH(text->sc_encryption_iv, K, Klen, "B", 1, hash, hashlen);
-@@ -735,6 +739,8 @@ void CalcLayerParams(context_t *text, char *K, unsigned Klen,
- text->sc_encryption_key, hashlen);
- DOHASH(text->cs_integrity_key, K, Klen, "E", 1, hash, hashlen);
- DOHASH(text->sc_integrity_key, K, Klen, "F", 1, hash, hashlen);
-+
-+ EVP_MD_CTX_free(mdctx);
- }
-
- /*
-@@ -753,11 +759,11 @@ static void passdss_common_mech_dispose(void *conn_context,
-
- if (text->dh) DH_free(text->dh);
-
-- HMAC_CTX_cleanup(&text->hmac_send_ctx);
-- HMAC_CTX_cleanup(&text->hmac_recv_ctx);
-+ HMAC_CTX_free(text->hmac_send_ctx);
-+ HMAC_CTX_free(text->hmac_recv_ctx);
-
-- EVP_CIPHER_CTX_cleanup(&text->cipher_enc_ctx);
-- EVP_CIPHER_CTX_cleanup(&text->cipher_dec_ctx);
-+ EVP_CIPHER_CTX_free(text->cipher_enc_ctx);
-+ EVP_CIPHER_CTX_free(text->cipher_dec_ctx);
-
- _plug_decode_free(&text->decode_context);
-
-@@ -807,15 +813,17 @@ passdss_server_mech_step1(context_t *text,
- unsigned *serveroutlen,
- sasl_out_params_t *oparams __attribute__((unused)))
- {
-- BIGNUM *X = NULL;
-+ BIGNUM *X = NULL, *dh_p = NULL, *dh_g = NULL;
- DSA *dsa = NULL;
-+ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dh_pub_key;
- unsigned char *K = NULL;
- unsigned Klen, hashlen;
- int need, musthave;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- unsigned char hash[EVP_MAX_MD_SIZE];
- DSA_SIG *sig = NULL;
-- int result;
-+ const BIGNUM *sig_r, *sig_s;
-+ int r = 0, result;
-
- /* Expect:
- *
-@@ -833,8 +841,18 @@ passdss_server_mech_step1(context_t *text,
- }
-
- /* Fetch DSA (XXX create one for now) */
-- dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL);
-+ dsa = DSA_new();
- if (!dsa) {
-+ params->utils->log(NULL,
-+ SASL_LOG_ERR, "Error creating DSA\n");
-+ result = SASL_FAIL;
-+ goto cleanup;
-+ }
-+
-+ r = DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL);
-+ if (!r) {
-+ params->utils->log(NULL,
-+ SASL_LOG_ERR, "Error generating DSA parameters\n");
- result = SASL_FAIL;
- goto cleanup;
- }
-@@ -842,8 +860,9 @@ passdss_server_mech_step1(context_t *text,
-
- /* Create Diffie-Hellman parameters */
- text->dh = DH_new();
-- BN_hex2bn(&text->dh->p, N);
-- BN_hex2bn(&text->dh->g, g);
-+ BN_hex2bn(&dh_p, N);
-+ BN_hex2bn(&dh_g, g);
-+ DH_set0_pqg(text->dh, dh_p, NULL, dh_g);
- DH_generate_key(text->dh);
-
- /* Alloc space for shared secret K as mpint */
-@@ -895,10 +914,13 @@ passdss_server_mech_step1(context_t *text,
- */
-
- /* Items (4) - (7) */
-+ DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
-+ DSA_get0_key(dsa, &dsa_pub_key, NULL);
-+ DH_get0_key(text->dh, &dh_pub_key, NULL);
- result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len,
- serveroutlen, "%5a%s%m%m%m%m%m%1o%3u",
-- "ssh-dss", dsa->p, dsa->q, dsa->g, dsa->pub_key,
-- text->dh->pub_key, &text->secmask,
-+ "ssh-dss", dsa_p, dsa_q, dsa_g, dsa_pub_key,
-+ dh_pub_key, &text->secmask,
- (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF :
- params->props.maxbufsize);
- if (result) {
-@@ -907,26 +929,29 @@ passdss_server_mech_step1(context_t *text,
- }
-
- /* Hash (1) - (7) and K */
-- EVP_DigestInit(&mdctx, EVP_sha1());
-+ mdctx = EVP_MD_CTX_new();
-+ EVP_DigestInit(mdctx, EVP_sha1());
- /* (1) - (3) */
-- EVP_DigestUpdate(&mdctx, clientin, clientinlen);
-+ EVP_DigestUpdate(mdctx, clientin, clientinlen);
- /* (4) - (7) */
-- EVP_DigestUpdate(&mdctx, text->out_buf, *serveroutlen);
-+ EVP_DigestUpdate(mdctx, text->out_buf, *serveroutlen);
- /* K */
-- EVP_DigestUpdate(&mdctx, K, Klen);
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestUpdate(mdctx, K, Klen);
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-+ EVP_MD_CTX_free(mdctx);
-
- /* Calculate security layer params */
- CalcLayerParams(text, K, Klen, hash, hashlen);
-
- /* Start cli-hmac */
-- HMAC_CTX_init(&text->hmac_recv_ctx);
-- HMAC_Init_ex(&text->hmac_recv_ctx, text->cs_integrity_key,
-+ text->hmac_recv_ctx = HMAC_CTX_new();
-+ HMAC_CTX_reset(text->hmac_recv_ctx);
-+ HMAC_Init_ex(text->hmac_recv_ctx, text->cs_integrity_key,
- SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
- /* (1) - (3) */
-- HMAC_Update(&text->hmac_recv_ctx, clientin, clientinlen);
-+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) clientin, clientinlen);
- /* (4) - (7) */
-- HMAC_Update(&text->hmac_recv_ctx, text->out_buf, *serveroutlen);
-+ HMAC_Update(text->hmac_recv_ctx, text->out_buf, *serveroutlen);
-
- /* Sign the hash */
- sig = DSA_do_sign(hash, hashlen, dsa);
-@@ -938,14 +963,15 @@ passdss_server_mech_step1(context_t *text,
- }
-
- /* Item (8) */
-+ DSA_SIG_get0(sig, &sig_r, &sig_s);
- result = MakeBuffer(text->utils, &text->out_buf, *serveroutlen,
- &text->out_buf_len, serveroutlen,
-- "%3a%s%m%m", "ssh-dss", sig->r, sig->s);
-+ "%3a%s%m%m", "ssh-dss", sig_r, sig_s);
- if (result) {
- params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n");
- goto cleanup;
- }
-- *serverout = text->out_buf;
-+ *serverout = (char *) text->out_buf;
-
- text->state = 2;
- result = SASL_CONTINUE;
-@@ -969,10 +995,10 @@ passdss_server_mech_step2(context_t *text,
- sasl_out_params_t *oparams)
- {
- char *password = NULL;
-- unsigned declen, hmaclen;
-+ unsigned hmaclen;
- unsigned char *csecmask, *cli_hmac, hmac[EVP_MAX_MD_SIZE];
- uint32_t cbufsiz;
-- int r, result = SASL_OK;
-+ int declen, r, result = SASL_OK;
-
- /* Expect (3DES encrypted):
- *
-@@ -983,7 +1009,7 @@ passdss_server_mech_step2(context_t *text,
- */
-
- /* Alloc space for the decrypted input */
-- result = _plug_buf_alloc(text->utils, &text->decode_pkt_buf,
-+ result = _plug_buf_alloc(text->utils, (char **) &text->decode_pkt_buf,
- &text->decode_pkt_buf_len, clientinlen);
- if (result) {
- params->utils->log(NULL, SASL_LOG_ERR,
-@@ -992,25 +1018,28 @@ passdss_server_mech_step2(context_t *text,
- }
-
- /* Initialize decrypt cipher */
-- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx);
-- EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
-+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx);
-+ EVP_DecryptInit_ex(text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
- text->cs_encryption_key, text->cs_encryption_iv);
-- EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0);
-- text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_dec_ctx);
-+ EVP_CIPHER_CTX_set_padding(text->cipher_dec_ctx, 0);
-+ text->blk_siz = EVP_CIPHER_CTX_block_size(text->cipher_dec_ctx);
-
- /* Decrypt the blob */
-- r = EVP_DecryptUpdate(&text->cipher_dec_ctx, text->decode_pkt_buf, &declen,
-- clientin, clientinlen);
-+ r = EVP_DecryptUpdate(text->cipher_dec_ctx,
-+ text->decode_pkt_buf, &declen,
-+ (unsigned char *) clientin, clientinlen);
- if (r)
-- r = EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */
-- text->decode_pkt_buf + declen, &declen);
-+ r = EVP_DecryptFinal_ex(text->cipher_dec_ctx, /* should be no output */
-+ text->decode_pkt_buf + declen,
-+ &declen);
- if (!r) {
- params->utils->seterror(params->utils->conn, 0,
- "Error decrypting input in step 2");
- result = SASL_BADPROT;
- goto cleanup;
- }
-- clientin = text->decode_pkt_buf;
-+ clientin = (char *) text->decode_pkt_buf;
-
- result = UnBuffer(params->utils, clientin, clientinlen,
- "%-1o%3u%s%-*o%*p", &csecmask, &cbufsiz, &password,
-@@ -1024,8 +1053,8 @@ passdss_server_mech_step2(context_t *text,
- /* Finish cli-hmac */
- /* (1) - (7) hashed in step 1 */
- /* 1st 4 bytes of (9) */
-- HMAC_Update(&text->hmac_recv_ctx, clientin, 4);
-- HMAC_Final(&text->hmac_recv_ctx, hmac, &hmaclen);
-+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) clientin, 4);
-+ HMAC_Final(text->hmac_recv_ctx, hmac, &hmaclen);
-
- /* Verify cli-hmac */
- if (memcmp(cli_hmac, hmac, hmaclen)) {
-@@ -1087,16 +1116,18 @@ passdss_server_mech_step2(context_t *text,
- oparams->decode = &passdss_decode;
- oparams->maxoutbuf = cbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */
-
-- HMAC_CTX_init(&text->hmac_send_ctx);
-+ text->hmac_send_ctx = HMAC_CTX_new();
-+ HMAC_CTX_reset(text->hmac_send_ctx);
-
- if (oparams->mech_ssf > 1) {
- oparams->maxoutbuf -= text->blk_siz-1; /* padding */
-
- /* Initialize encrypt cipher */
-- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx);
-- EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
-+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx);
-+ EVP_EncryptInit_ex(text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
- text->sc_encryption_key, text->sc_encryption_iv);
-- EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0);
-+ EVP_CIPHER_CTX_set_padding(text->cipher_enc_ctx, 0);
- }
-
- _plug_decode_init(&text->decode_context, text->utils,
-@@ -1245,6 +1276,8 @@ passdss_client_mech_step1(context_t *text,
- int auth_result = SASL_OK;
- int pass_result = SASL_OK;
- int result;
-+ BIGNUM *dh_p = NULL, *dh_g = NULL;
-+ const BIGNUM *dh_pub_key;
-
- /* Expect: absolutely nothing */
- if (serverinlen > 0) {
-@@ -1332,8 +1365,9 @@ passdss_client_mech_step1(context_t *text,
-
- /* create Diffie-Hellman parameters */
- text->dh = DH_new();
-- BN_hex2bn(&text->dh->p, N);
-- BN_hex2bn(&text->dh->g, g);
-+ BN_hex2bn(&dh_p, N);
-+ BN_hex2bn(&dh_g, g);
-+ DH_set0_pqg(text->dh, dh_p, NULL, dh_g);
- DH_generate_key(text->dh);
-
-
-@@ -1344,15 +1378,16 @@ passdss_client_mech_step1(context_t *text,
- * (3) mpint X ; Diffie-Hellman parameter X
- */
-
-+ DH_get0_key(text->dh, &dh_pub_key, NULL);
- result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len,
- clientoutlen, "%s%s%m",
- (user && *user) ? (char *) oparams->user : "",
-- (char *) oparams->authid, text->dh->pub_key);
-+ (char *) oparams->authid, dh_pub_key);
- if (result) {
- params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n");
- goto cleanup;
- }
-- *clientout = text->out_buf;
-+ *clientout = (char *) text->out_buf;
-
- text->state = 2;
- result = SASL_CONTINUE;
-@@ -1374,15 +1409,16 @@ passdss_client_mech_step2(context_t *text,
- {
- DSA *dsa = DSA_new();
- DSA_SIG *sig = DSA_SIG_new();
-- BIGNUM *Y = NULL;
-+ BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL;
-+ BIGNUM *Y = NULL, *sig_r = NULL, *sig_s = NULL;
- uint32_t siglen;
- unsigned char *K = NULL;
-- unsigned Klen, hashlen, enclen;
-+ unsigned Klen, hashlen;
- unsigned char *ssecmask;
- uint32_t sbufsiz;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- unsigned char hash[EVP_MAX_MD_SIZE];
-- int need, musthave;
-+ int enclen, need, musthave;
- int result, r;
-
- /* Expect:
-@@ -1404,14 +1440,18 @@ passdss_client_mech_step2(context_t *text,
-
- result = UnBuffer(params->utils, serverin, serverinlen,
- "%u%3p\7ssh-dss%m%m%m%m%m%-1o%3u%u%3p\7ssh-dss%m%m",
-- NULL, &dsa->p, &dsa->q, &dsa->g, &dsa->pub_key,
-- &Y, &ssecmask, &sbufsiz, &siglen, &sig->r, &sig->s);
-+ NULL, &dsa_p, &dsa_q, &dsa_g, &dsa_pub_key,
-+ &Y, &ssecmask, &sbufsiz, &siglen, &sig_r, &sig_s);
- if (result) {
- params->utils->seterror(params->utils->conn, 0,
- "Error UnBuffering input in step 2");
- goto cleanup;
- }
-
-+ DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g);
-+ DSA_set0_key(dsa, dsa_pub_key, NULL);
-+ DSA_SIG_set0(sig, sig_r, sig_s);
-+
- /* XXX Validate server DSA public key */
-
- /* Alloc space for shared secret K as mpint */
-@@ -1430,14 +1470,16 @@ passdss_client_mech_step2(context_t *text,
- Klen += 4;
-
- /* Hash (1) - (7) and K */
-- EVP_DigestInit(&mdctx, EVP_sha1());
-+ mdctx = EVP_MD_CTX_new();
-+ EVP_DigestInit(mdctx, EVP_sha1());
- /* (1) - (3) (output from step 1 still in buffer) */
-- EVP_DigestUpdate(&mdctx, text->out_buf, text->out_buf_len);
-+ EVP_DigestUpdate(mdctx, text->out_buf, text->out_buf_len);
- /* (4) - (7) */
-- EVP_DigestUpdate(&mdctx, serverin, serverinlen - siglen - 4);
-+ EVP_DigestUpdate(mdctx, serverin, serverinlen - siglen - 4);
- /* K */
-- EVP_DigestUpdate(&mdctx, K, Klen);
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestUpdate(mdctx, K, Klen);
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-+ EVP_MD_CTX_free(mdctx);
-
- /* Verify signature on the hash */
- result = DSA_do_verify(hash, hashlen, sig, dsa);
-@@ -1453,11 +1495,12 @@ passdss_client_mech_step2(context_t *text,
- CalcLayerParams(text, K, Klen, hash, hashlen);
-
- /* Initialize encrypt cipher */
-- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx);
-- EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
-+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx);
-+ EVP_EncryptInit_ex(text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
- text->cs_encryption_key, text->cs_encryption_iv);
-- EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0);
-- text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_enc_ctx);
-+ EVP_CIPHER_CTX_set_padding(text->cipher_enc_ctx, 0);
-+ text->blk_siz = EVP_CIPHER_CTX_block_size(text->cipher_enc_ctx);
-
- /* pick a layer */
- if (params->props.maxbufsize < 32) {
-@@ -1488,13 +1531,15 @@ passdss_client_mech_step2(context_t *text,
- }
-
- /* Start cli-hmac */
-- HMAC_CTX_init(&text->hmac_send_ctx);
-- HMAC_Init_ex(&text->hmac_send_ctx, text->cs_integrity_key,
-+ text->hmac_send_ctx = HMAC_CTX_new();
-+ HMAC_CTX_reset(text->hmac_send_ctx);
-+ HMAC_Init_ex(text->hmac_send_ctx, text->cs_integrity_key,
- SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
- /* (1) - (3) (output from step 1 still in buffer) */
-- HMAC_Update(&text->hmac_send_ctx, text->out_buf, text->out_buf_len);
-+ HMAC_Update(text->hmac_send_ctx, text->out_buf, text->out_buf_len);
- /* (4) - (7) */
-- HMAC_Update(&text->hmac_send_ctx, serverin, serverinlen - siglen - 4);
-+ HMAC_Update(text->hmac_send_ctx,
-+ (unsigned char *) serverin, serverinlen - siglen - 4);
-
-
- /* Send out (3DES encrypted):
-@@ -1518,8 +1563,8 @@ passdss_client_mech_step2(context_t *text,
-
- /* Finish cli-hmac */
- /* 1st 4 bytes of (9) */
-- HMAC_Update(&text->hmac_send_ctx, text->out_buf, 4);
-- HMAC_Final(&text->hmac_send_ctx, hash, &hashlen);
-+ HMAC_Update(text->hmac_send_ctx, text->out_buf, 4);
-+ HMAC_Final(text->hmac_send_ctx, hash, &hashlen);
-
- /* Add HMAC and pad to fill no more than current block */
- result = MakeBuffer(text->utils, &text->out_buf, *clientoutlen,
-@@ -1531,7 +1576,7 @@ passdss_client_mech_step2(context_t *text,
- }
-
- /* Alloc space for the encrypted output */
-- result = _plug_buf_alloc(text->utils, &text->encode_buf,
-+ result = _plug_buf_alloc(text->utils, (char **) &text->encode_buf,
- &text->encode_buf_len, *clientoutlen);
- if (result) {
- params->utils->log(NULL, SASL_LOG_ERR,
-@@ -1540,19 +1585,20 @@ passdss_client_mech_step2(context_t *text,
- }
-
- /* Encrypt (9) (here we calculate the exact number of full blocks) */
-- r = EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf,
-- clientoutlen, text->out_buf,
-+ r = EVP_EncryptUpdate(text->cipher_enc_ctx,
-+ text->encode_buf, (int *) clientoutlen, text->out_buf,
- text->blk_siz * (*clientoutlen / text->blk_siz));
- if (r)
-- r = EVP_EncryptFinal_ex(&text->cipher_enc_ctx, /* should be no output */
-- text->encode_buf + *clientoutlen, &enclen);
-+ r = EVP_EncryptFinal_ex(text->cipher_enc_ctx, /* should be no output */
-+ text->encode_buf + *clientoutlen,
-+ &enclen);
- if (!r) {
- params->utils->seterror(params->utils->conn, 0,
- "Error encrypting output in step 2");
- result = SASL_FAIL;
- goto cleanup;
- }
-- *clientout = text->encode_buf;
-+ *clientout = (char *) text->encode_buf;
-
- /* Set oparams */
- oparams->doneflag = 1;
-@@ -1563,16 +1609,18 @@ passdss_client_mech_step2(context_t *text,
- oparams->decode = &passdss_decode;
- oparams->maxoutbuf = sbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */
-
-- HMAC_CTX_init(&text->hmac_recv_ctx);
-+ text->hmac_recv_ctx = HMAC_CTX_new();
-+ HMAC_CTX_reset(text->hmac_recv_ctx);
-
- if (oparams->mech_ssf > 1) {
- oparams->maxoutbuf -= text->blk_siz-1; /* padding */
-
- /* Initialize decrypt cipher */
-- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx);
-- EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
-+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx);
-+ EVP_DecryptInit_ex(text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
- text->sc_encryption_key, text->sc_encryption_iv);
-- EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0);
-+ EVP_CIPHER_CTX_set_padding(text->cipher_dec_ctx, 0);
- }
-
- _plug_decode_init(&text->decode_context, text->utils,
-
diff --git a/cyrus-sasl-ac-libs.patch b/cyrus-sasl-ac-libs.patch
index 2d40de0..689b711 100644
--- a/cyrus-sasl-ac-libs.patch
+++ b/cyrus-sasl-ac-libs.patch
@@ -1,8 +1,8 @@
---- cyrus-sasl-2.1.25/configure.in.orig 2011-09-17 13:55:10.684757015 +0200
-+++ cyrus-sasl-2.1.25/configure.in 2011-09-17 14:01:04.321435523 +0200
-@@ -92,9 +92,6 @@
+--- cyrus-sasl-2.1.27/configure.ac.orig 2018-11-24 13:32:32.178154053 +0100
++++ cyrus-sasl-2.1.27/configure.ac 2018-11-24 17:29:45.091324872 +0100
+@@ -104,9 +104,6 @@
AC_PROG_INSTALL
- CMU_C___ATTRIBUTE__
+ AC_USE_SYSTEM_EXTENSIONS
-dnl check for -R, etc. switch
-CMU_GUESS_RUNPATH_SWITCH
@@ -10,18 +10,7 @@
dnl xxx compatibility
AC_ARG_WITH(staticsasl)
if test "$with_staticsasl" = yes; then
-@@ -271,10 +268,6 @@
- with_pam=$withval,
- with_pam=yes)
- if test "$with_pam" != no; then
-- if test -d $with_pam; then
-- CPPFLAGS="$CPPFLAGS -I${with_pam}/include"
-- LDFLAGS="$LDFLAGS -L${with_pam}/lib"
-- fi
- AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h)
- cmu_save_LIBS="$LIBS"
- AC_CHECK_FUNC(pam_start, :,
-@@ -497,8 +490,7 @@
+@@ -479,8 +476,7 @@
;;
*)
if test -d $with_opie; then
@@ -31,9 +20,9 @@
else
with_opie="no"
fi
-@@ -728,16 +720,6 @@
- no) true;;
- notfound) AC_WARN([MySQL Library not found]); true;;
+@@ -800,16 +796,6 @@
+ LDFLAGS=$save_LDFLAGS
+ ;;
*)
- if test -d ${with_mysql}/lib/mysql; then
- CMU_ADD_LIBPATH_TO(${with_mysql}/lib/mysql, LIB_MYSQL)
@@ -48,9 +37,9 @@
SASL_MECHS="$SASL_MECHS libmysql.la"
SASL_STATIC_OBJS="$SASL_STATIC_OBJS mysql.o"
LIB_MYSQL_DIR=$LIB_MYSQL
-@@ -794,16 +776,6 @@
- no) true;;
- notfound) AC_WARN([PostgreSQL Library not found]); true;;
+@@ -878,16 +864,6 @@
+ LDFLAGS=$save_LDFLAGS
+ ;;
*)
- if test -d ${with_pgsql}/lib/pgsql; then
- CMU_ADD_LIBPATH_TO(${with_pgsql}/lib/pgsql, LIB_PGSQL)
@@ -65,33 +54,31 @@
SASL_MECHS="$SASL_MECHS libpgsql.la"
SASL_STATIC_OBJS="$SASL_STATIC_OBJS pgsql.o"
LIB_PGSQL_DIR=$LIB_PGSQL
-@@ -861,12 +833,6 @@
+@@ -947,11 +923,6 @@
no) true;;
notfound) AC_WARN([SQLite Library not found]); true;;
*)
- if test -d ${with_sqlite}/lib; then
-- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
+- CMU_ADD_LIBPATH_TO(${with_sqlite}/lib, LIB_SQLITE)
- else
-- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
+- CMU_ADD_LIBPATH_TO(${with_sqlite}, LIB_SQLITE)
- fi
--
+
SASL_MECHS="$SASL_MECHS libsqlite.la"
SASL_STATIC_OBJS="$SASL_STATIC_OBJS sqlite.o"
- LIB_SQLITE_DIR=$LIB_SQLITE
-@@ -915,12 +881,6 @@
+@@ -1001,11 +972,6 @@
no) true;;
notfound) AC_WARN([SQLite3 Library not found]); true;;
*)
- if test -d ${with_sqlite3}/lib; then
-- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
+- CMU_ADD_LIBPATH_TO(${with_sqlite3}/lib, LIB_SQLITE3)
- else
-- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
+- CMU_ADD_LIBPATH_TO(${with_sqlite3}, LIB_SQLITE3)
- fi
--
+
SASL_MECHS="$SASL_MECHS libsqlite3.la"
SASL_STATIC_OBJS="$SASL_STATIC_OBJS sqlite3.o"
- LIB_SQLITE3_DIR=$LIB_SQLITE3
-@@ -962,11 +922,6 @@
+@@ -1048,11 +1014,6 @@
save_CPPFLAGS=$CPPFLAGS
save_LDFLAGS=$LDFLAGS
@@ -103,64 +90,3 @@
AC_CHECK_HEADERS(ldap.h lber.h)
if test $ac_cv_header_ldap_h = yes -a $ac_cv_header_lber_h = yes; then
---- cyrus-sasl-2.1.23/cmulocal/ax_path_bdb.m4~ 2005-01-06 21:24:52.000000000 +0100
-+++ cyrus-sasl-2.1.23/cmulocal/ax_path_bdb.m4 2011-08-03 10:49:59.141418659 +0200
-@@ -89,8 +89,6 @@
- # Check for library
- AX_PATH_BDB_NO_OPTIONS([$1], [ENVONLY], [
- ax_path_bdb_ok=yes
-- BDB_CPPFLAGS="-I$ax_path_bdb_INC"
-- BDB_LDFLAGS="-L$ax_path_bdb_LIB"
- ])
- else
- AC_MSG_RESULT([no])
-@@ -240,8 +238,6 @@
- if test "$ax_compare_version" = "true" ; then
- ax_path_bdb_no_options_ok=yes
- BDB_LIBS="-ldb"
-- BDB_CPPFLAGS="-I$ax_path_bdb_path_find_highest_DIR/include"
-- BDB_LDFLAGS="-L$ax_path_bdb_path_find_highest_DIR/lib"
- BDB_VERSION="$ax_path_bdb_path_find_highest_VERSION"
- fi
- fi
-@@ -337,7 +333,6 @@
- LIBS="$LIBS -ldb"
-
- ax_path_bdb_path_get_version_save_LDFLAGS="$LDFLAGS"
-- LDFLAGS="-L$1/lib $LDFLAGS"
-
- # Compile and run a program that compares the version defined in
- # the header file with a version defined in the library function
---- cyrus-sasl-2.1.23/saslauthd/configure.in~ 2011-08-03 11:35:35.854770408 +0200
-+++ cyrus-sasl-2.1.23/saslauthd/configure.in 2011-08-03 11:37:56.047770375 +0200
-@@ -28,7 +28,6 @@
-
- dnl Checks for build foo
- CMU_C___ATTRIBUTE__
--CMU_GUESS_RUNPATH_SWITCH
-
- dnl Checks for libraries.
- CMU_SOCKETS
-@@ -92,10 +91,6 @@
- with_pam=$withval,
- with_pam=yes)
- if test "$with_pam" != no; then
-- if test -d $with_pam; then
-- CPPFLAGS="$CPPFLAGS -I${with_pam}/include"
-- LDFLAGS="$LDFLAGS -L${with_pam}/lib"
-- fi
- cmu_save_LIBS="$LIBS"
- AC_CHECK_LIB(pam, pam_start, [
- AC_CHECK_HEADER(security/pam_appl.h,,
-@@ -132,11 +127,6 @@
- with_ldap=no)
- AC_MSG_RESULT($with_ldap)
-
--if test -d $with_ldap; then
-- CPPFLAGS="$CPPFLAGS -I${with_ldap}/include"
-- CMU_ADD_LIBPATH(${with_ldap}/lib)
--fi
--
- LDAP_LIBS=""
- if test "$with_ldap" != no; then
- AC_CHECK_LIB(ldap, ldap_initialize, [ AC_DEFINE(HAVE_LDAP,[],[Support for LDAP?])
diff --git a/cyrus-sasl-cryptedpw.patch b/cyrus-sasl-cryptedpw.patch
index ed83faf..9a36ede 100644
--- a/cyrus-sasl-cryptedpw.patch
+++ b/cyrus-sasl-cryptedpw.patch
@@ -10,9 +10,8 @@ diff -ur cyrus-sasl-2.1.19.orig/Makefile.in cyrus-sasl-2.1.19/Makefile.in
LIBTOOL = @LIBTOOL@
LIB_CRYPT = @LIB_CRYPT@
LIB_DES = @LIB_DES@
-diff -ruN cyrus-sasl-2.1.20-orig/doc/options.html cyrus-sasl-2.1.20/doc/options.html
---- cyrus-sasl-2.1.20-orig/doc/options.html 2004-05-27 18:02:58.000000000 +0200
-+++ cyrus-sasl-2.1.20/doc/options.html 2005-07-10 17:17:38.000000000 +0200
+--- cyrus-sasl-2.1.27-orig/doc/legacy/options.html 2004-05-27 18:02:58.000000000 +0200
++++ cyrus-sasl-2.1.27/doc/legacy/options.html 2005-07-10 17:17:38.000000000 +0200
@@ -103,6 +103,14 @@
<TD>sasldb_path</TD><TD>sasldb plugin</TD>
<TD>Path to sasldb file</TD><TD><tt>/etc/sasldb2</tt> (system dependant)</TD>
diff --git a/cyrus-sasl-db.patch b/cyrus-sasl-db.patch
index ce9f264..5a6533c 100644
--- a/cyrus-sasl-db.patch
+++ b/cyrus-sasl-db.patch
@@ -1,10 +1,12 @@
---- cyrus-sasl-2.1.26/cmulocal/berkdb.m4.orig 2012-11-23 18:30:01.142069119 +0100
-+++ cyrus-sasl-2.1.26/cmulocal/berkdb.m4 2012-11-23 18:31:46.428733592 +0100
-@@ -214,6 +214,7 @@
+--- cyrus-sasl-2.1.27/m4/berkdb.m4.orig 2016-01-29 18:35:35.000000000 +0100
++++ cyrus-sasl-2.1.27/m4/berkdb.m4 2018-11-24 10:52:48.474930149 +0100
+@@ -214,6 +214,9 @@
saved_LIBS=$LIBS
for dbname in ${with_bdb} \
-+ db-5.3 db5.3 db53 \
++ db-6.1 db6.1 db61 \
++ db-6.0 db6.0 db60 \
++ db-5.3 db5.3 db53 \
db-5.2 db5.2 db52 \
db-5.1 db5.2 db51 \
db-5.0 db5.2 db50 \
diff --git a/cyrus-sasl-gcc4.patch b/cyrus-sasl-gcc4.patch
deleted file mode 100644
index 74b6481..0000000
--- a/cyrus-sasl-gcc4.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- cyrus-sasl-2.1.20/saslauthd/configure.in.orig 2005-04-24 16:39:30.088004312 +0000
-+++ cyrus-sasl-2.1.20/saslauthd/configure.in 2005-04-24 16:40:31.172718024 +0000
-@@ -44,9 +44,10 @@
- SASL_GSSAPI_CHK
-
- if test "$gssapi" != no; then
-- if test "$gss_impl" = "heimdal"; then
-- AC_DEFINE(KRB5_HEIMDAL,[],[Using Heimdal])
-- fi
-+dnl This is taken care of by -DKRB5_HEIMDAL in CPPFLAGS in ../Makefile
-+dnl if test "$gss_impl" = "heimdal"; then
-+dnl AC_DEFINE(KRB5_HEIMDAL,[],[Using Heimdal])
-+dnl fi
- AC_DEFINE(HAVE_GSSAPI,[],[Include GSSAPI/Kerberos 5 Support])
- fi
-
---- cyrus-sasl-2.1.20/saslauthd/saslcache.c.orig 2005-04-24 16:47:45.989615808 +0000
-+++ cyrus-sasl-2.1.20/saslauthd/saslcache.c 2005-04-24 16:50:27.482065224 +0000
-@@ -137,7 +137,7 @@
- }
-
- table_stats = shm_base + 64;
-- (char *)table = (char *)table_stats + 128;
-+ table = (struct bucket*)((char *)table_stats + 128);
-
- if (dump_stat_info == 0 && dump_user_info == 0)
- dump_stat_info = 1;
diff --git a/cyrus-sasl-gssapi-detect.patch b/cyrus-sasl-gssapi-detect.patch
index 74002db..2f7d7b7 100644
--- a/cyrus-sasl-gssapi-detect.patch
+++ b/cyrus-sasl-gssapi-detect.patch
@@ -1,5 +1,5 @@
---- cyrus-sasl-2.1.25/cmulocal/sasl2.m4.orig 2011-09-17 07:31:51.000000000 +0200
-+++ cyrus-sasl-2.1.25/cmulocal/sasl2.m4 2011-09-17 08:24:54.480760162 +0200
+--- cyrus-sasl-2.1.27/m4/sasl2.m4.orig 2011-09-17 07:31:51.000000000 +0200
++++ cyrus-sasl-2.1.27/m4/sasl2.m4 2011-09-17 08:24:54.480760162 +0200
@@ -221,11 +221,25 @@
elif test "$ac_cv_header_gssapi_h" = "yes"; then
AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h,
diff --git a/cyrus-sasl-gssapi_ext.patch b/cyrus-sasl-gssapi_ext.patch
deleted file mode 100644
index 5229d7a..0000000
--- a/cyrus-sasl-gssapi_ext.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- cyrus-sasl-2.1.25/sample/server.c.orig 2010-12-01 15:52:55.000000000 +0100
-+++ cyrus-sasl-2.1.25/sample/server.c 2011-09-17 08:51:22.764146679 +0200
-@@ -85,8 +85,10 @@
-
- #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
- #include <gssapi/gssapi.h>
-+#ifdef HAVE_GSSAPI_GSSAPI_EXT_H
- #include <gssapi/gssapi_ext.h>
- #endif
-+#endif
-
- #include "common.h"
-
diff --git a/cyrus-sasl-keytab.patch b/cyrus-sasl-keytab.patch
deleted file mode 100644
index 7dbecfc..0000000
--- a/cyrus-sasl-keytab.patch
+++ /dev/null
@@ -1,38 +0,0 @@
---- cyrus-sasl-2.1.25/cmulocal/sasl2.m4.orig 2011-09-02 14:58:00.000000000 +0200
-+++ cyrus-sasl-2.1.25/cmulocal/sasl2.m4 2011-09-16 21:53:44.032825454 +0200
-@@ -268,7 +268,21 @@
-
- cmu_save_LIBS="$LIBS"
- LIBS="$LIBS $GSSAPIBASE_LIBS"
-- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
-+ dnl AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
-+ AC_CHECK_HEADER(gssapi/gssapi_krb5.h, AC_DEFINE(HAVE_GSSAPI_GSSAPI_KRB5_H,,[Define if you have the gssapi/gssapi_krb5.h header file]))
-+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-+#ifdef HAVE_GSSAPI_H
-+#include <gssapi.h>
-+#else
-+#include <gssapi/gssapi.h>
-+#endif
-+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
-+#include <gssapi/gssapi_krb5.h>
-+#endif
-+]],[[gsskrb5_register_acceptor_identity("");]])
-+],[AC_DEFINE(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY,,
-+ [Define if your GSSAPI implimentation defines GSSKRB5_REGISTER_ACCEPTOR_IDENTITY])
-+])
- AC_CHECK_FUNCS(gss_decapsulate_token)
- AC_CHECK_FUNCS(gss_encapsulate_token)
- AC_CHECK_FUNCS(gss_oid_equal)
-diff -u -r cyrus-sasl-2.1.21-orig/plugins/gssapi.c cyrus-sasl-2.1.21/plugins/gssapi.c
---- cyrus-sasl-2.1.21-orig/plugins/gssapi.c 2004-07-21 16:39:06.000000000 +0200
-+++ cyrus-sasl-2.1.21/plugins/gssapi.c 2006-08-01 08:30:26.000000000 +0200
-@@ -50,6 +50,9 @@
- #else
- #include <gssapi/gssapi.h>
- #endif
-+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
-+#include <gssapi/gssapi_krb5.h>
-+#endif
-
- #ifdef WIN32
- # include <winsock2.h>
diff --git a/cyrus-sasl-lt.patch b/cyrus-sasl-lt.patch
index 4841417..1d90454 100644
--- a/cyrus-sasl-lt.patch
+++ b/cyrus-sasl-lt.patch
@@ -1,32 +1,13 @@
---- cyrus-sasl-2.1.21/sasldb/Makefile.am.orig 2005-05-07 06:54:18.000000000 +0200
-+++ cyrus-sasl-2.1.21/sasldb/Makefile.am 2005-05-20 22:52:50.027548768 +0200
-@@ -51,7 +51,6 @@
- EXTRA_DIST = NTMakefile
-
- noinst_LTLIBRARIES = libsasldb.la
--noinst_LIBRARIES = libsasldb.a
-
- libsasldb_la_SOURCES = allockey.c sasldb.h
- EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
-@@ -61,8 +60,3 @@
- # Prevent make dist stupidity
- libsasldb_a_SOURCES =
- EXTRA_libsasldb_a_SOURCES =
--
--libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
-- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
--
--
---- cyrus-sasl-2.1.25/lib/Makefile.am.orig 2011-09-05 16:18:10.000000000 +0200
-+++ cyrus-sasl-2.1.25/lib/Makefile.am 2011-09-16 18:57:36.749138290 +0200
-@@ -76,25 +76,6 @@
+--- cyrus-sasl-2.1.27/lib/Makefile.am.orig 2018-11-24 09:23:55.021657715 +0100
++++ cyrus-sasl-2.1.27/lib/Makefile.am 2018-11-24 09:24:00.648324318 +0100
+@@ -96,25 +96,6 @@
install-exec-hook:
endif
-libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
- @echo adding static plugins and dependencies
- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
-- @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
+- @for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
- if test ! -f $$i; then continue; fi; . $$i; \
- for j in $$dependency_libs foo; do \
- case $$j in foo) ;; \
diff --git a/cyrus-sasl-nolibs.patch b/cyrus-sasl-nolibs.patch
index c87a79e..943c1ed 100644
--- a/cyrus-sasl-nolibs.patch
+++ b/cyrus-sasl-nolibs.patch
@@ -1,5 +1,5 @@
---- cyrus-sasl-2.1.10/configure.in.orig Thu Jan 9 20:22:17 2003
-+++ cyrus-sasl-2.1.10/configure.in Thu Jan 9 20:47:17 2003
+--- cyrus-sasl-2.1.27/configure.ac.orig Thu Jan 9 20:22:17 2003
++++ cyrus-sasl-2.1.27/configure.ac Thu Jan 9 20:47:17 2003
@@ -807,7 +807,7 @@
AC_SUBST(LTSNPRINTFOBJS)
@@ -9,8 +9,8 @@
dnl Check for getaddrinfo
GETADDRINFOOBJS=""
---- cyrus-sasl-2.1.25/cmulocal/bsd_sockets.m4.orig 2010-02-18 17:19:17.000000000 +0100
-+++ cyrus-sasl-2.1.25/cmulocal/bsd_sockets.m4 2011-09-16 18:55:17.595800296 +0200
+--- cyrus-sasl-2.1.27/m4/bsd_sockets.m4.orig 2010-02-18 17:19:17.000000000 +0100
++++ cyrus-sasl-2.1.27/m4/bsd_sockets.m4 2011-09-16 18:55:17.595800296 +0200
@@ -30,7 +30,7 @@
u_char ans[1024];
res_search( host, C_IN, T_MX, (u_char *)&ans, sizeof(ans));
@@ -20,14 +20,3 @@
])
LIBS="$LIB_SOCKET $save_LIBS"
AC_CHECK_FUNCS(dn_expand dns_lookup)
---- cyrus-sasl-2.1.10/saslauthd/configure.in.orig Fri Dec 6 17:24:06 2002
-+++ cyrus-sasl-2.1.10/saslauthd/configure.in Thu Jan 9 21:22:46 2003
-@@ -106,7 +106,7 @@
- fi
- AC_SUBST(LIB_PAM)
-
--AC_CHECK_LIB(resolv, inet_aton)
-+AC_SEARCH_LIBS(inet_aton, resolv)
-
- AC_MSG_CHECKING(to include experimental LDAP support)
- AC_ARG_WITH(ldap, [ --with-ldap=DIR use LDAP (in DIR) (experimental) [no] ],
diff --git a/cyrus-sasl-opie.patch b/cyrus-sasl-opie.patch
index 662d5cd..aaddb25 100644
--- a/cyrus-sasl-opie.patch
+++ b/cyrus-sasl-opie.patch
@@ -1,6 +1,5 @@
-diff -urN cyrus-sasl-2.1.20.org/configure.in cyrus-sasl-2.1.20/configure.in
---- cyrus-sasl-2.1.20.org/configure.in 2004-10-24 22:05:13.000000000 +0200
-+++ cyrus-sasl-2.1.20/configure.in 2005-04-04 22:13:49.575508064 +0200
+--- cyrus-sasl-2.1.27.org/configure.ac 2004-10-24 22:05:13.000000000 +0200
++++ cyrus-sasl-2.1.27/configure.ac 2005-04-04 22:13:49.575508064 +0200
@@ -420,7 +420,7 @@
;;
*)
diff --git a/cyrus-sasl-pam.patch b/cyrus-sasl-pam.patch
deleted file mode 100644
index f2d6f91..0000000
--- a/cyrus-sasl-pam.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- cyrus-sasl-2.1.26/configure.in.orig 2012-11-23 18:34:17.205397115 +0100
-+++ cyrus-sasl-2.1.26/configure.in 2012-11-23 19:02:35.208695057 +0100
-@@ -269,27 +269,7 @@
- with_pam=yes)
- if test "$with_pam" != no; then
- AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h)
-- cmu_save_LIBS="$LIBS"
-- AC_CHECK_FUNC(pam_start, :,
-- LIBS="-lpam $LIBS"
-- AC_TRY_LINK([[
--#include <sys/types.h>
--#ifdef HAVE_PAM_PAM_APPL_H
--#include <pam/pam_appl.h>
--#endif
--#ifdef HAVE_SECURITY_PAM_H
--#include <security/pam_appl.h>
--#endif]],[[
--const char *service="foo";
--const char *user="bar";
--pam_handle_t *pamh;
--struct pam_conv *conv;
--int baz;
--baz = pam_start(service, user, conv, &pamh);
--return 0;
--]], LIBPAM="-lpam")
--)
-- LIBS="$cmu_save_LIBS $LIBPAM"
-+ AC_CHECK_LIB(pam, pam_start, LIBS="$LIBS -lpam")
- fi
-
- AC_ARG_WITH(saslauthd, [ --with-saslauthd=DIR enable use of the saslauth daemon using state dir DIR ],
diff --git a/cyrus-sasl-parallel-make.patch b/cyrus-sasl-parallel-make.patch
deleted file mode 100644
index b82353a..0000000
--- a/cyrus-sasl-parallel-make.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-diff -ur cyrus-sasl-2.1.23.orig/plugins/Makefile.am cyrus-sasl-2.1.23/plugins/Makefile.am
---- cyrus-sasl-2.1.23.orig/plugins/Makefile.am 2009-12-09 08:19:06.981152890 +0000
-+++ cyrus-sasl-2.1.23/plugins/Makefile.am 2009-12-09 08:33:41.561911411 +0000
-@@ -186,8 +186,8 @@
-
- CLEANFILES=$(init_src)
-
--${init_src}: $(srcdir)/makeinit.sh
-- $(SHELL) $(srcdir)/makeinit.sh
-+${init_src}: $(srcdir)/makeinit.sh $@
-+ $(SHELL) $(srcdir)/makeinit.sh $@
-
- # Compatibility function build rules (they build in lib/)
- $(COMPAT_OBJS):
---- cyrus-sasl-2.1.25/plugins/makeinit.sh.orig 2011-09-16 21:54:18.916159956 +0200
-+++ cyrus-sasl-2.1.25/plugins/makeinit.sh 2011-09-17 07:31:12.530652281 +0200
-@@ -1,6 +1,9 @@
--# mechanism plugins
--for mech in anonymous crammd5 digestmd5 scram gssapiv2 kerberos4 login ntlm otp passdss plain srp gs2; do
-+plug="${1%_init.c}"
-
-+# mechanism plugins
-+case "$plug" in
-+ anonymous|crammd5|digestmd5|scram|gssapiv2|kerberos4|login|ntlm|otp|passdss|plain|srp|gs2)
-+mech="$plug"
- echo "
- #include <config.h>
-
-@@ -44,11 +47,13 @@
- SASL_CLIENT_PLUG_INIT( $mech )
- SASL_SERVER_PLUG_INIT( $mech )
- " > ${mech}_init.c
--done
-+;;
-+esac
-
- # auxprop plugins
--for auxprop in sasldb mysql pgsql sqlite sqlite3 ldapdb; do
--
-+case "$plug" in
-+ sasldb|mysql|pgsql|sqlite|sqlite3|ldapdb)
-+auxprop=$plug
- echo "
- #include <config.h>
-
-@@ -87,7 +92,12 @@
-
- SASL_AUXPROP_PLUG_INIT( $auxprop )
- " > ${auxprop}_init.c
--done
-+;;
-+esac
-
- # ldapdb is also a canon_user plugin
-+case "$plug" in
-+ ldapdb)
- echo "SASL_CANONUSER_PLUG_INIT( ldapdb )" >> ldapdb_init.c
-+;;
-+esac
diff --git a/cyrus-sasl-sizes.patch b/cyrus-sasl-sizes.patch
index 006962b..1c1c210 100644
--- a/cyrus-sasl-sizes.patch
+++ b/cyrus-sasl-sizes.patch
@@ -1,12 +1,12 @@
Prefer types in <inttypes.h> to our own, because it removes file content
conflicts between 32- and 64-bit architectures. RFEd as #2829.
---- cyrus-sasl-2.1.21/configure.in 2006-05-16 07:37:52.000000000 -0400
-+++ cyrus-sasl-2.1.21/configure.in 2006-05-16 07:37:52.000000000 -0400
-@@ -1083,6 +1083,10 @@
+--- cyrus-sasl-2.1.27/configure.ac.orig 2018-11-24 12:00:08.141550691 +0100
++++ cyrus-sasl-2.1.27/configure.ac 2018-11-24 12:52:23.144848228 +0100
+@@ -1288,6 +1288,10 @@
AC_HEADER_DIRENT
AC_HEADER_SYS_WAIT
- AC_CHECK_HEADERS(des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h)
+ AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
+AC_CHECK_TYPES([long long, int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t, uint64_t],,,[
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
diff --git a/cyrus-sasl-split-sql.patch b/cyrus-sasl-split-sql.patch
index b974b74..408ad23 100644
--- a/cyrus-sasl-split-sql.patch
+++ b/cyrus-sasl-split-sql.patch
@@ -1,5 +1,5 @@
---- cyrus-sasl-2.1.26/configure.in.orig 2012-11-23 18:23:10.112077685 +0100
-+++ cyrus-sasl-2.1.26/configure.in 2012-11-23 18:29:29.238736454 +0100
+--- cyrus-sasl-2.1.27/configure.ac.orig 2012-11-23 18:23:10.112077685 +0100
++++ cyrus-sasl-2.1.27/configure.ac 2012-11-23 18:29:29.238736454 +0100
@@ -691,10 +691,7 @@
AC_MSG_CHECKING(SQL)
if test "$sql" != no; then
@@ -47,46 +47,46 @@
LIB_SQLITE3_DIR=$LIB_SQLITE3
LIB_SQLITE3="$LIB_SQLITE3 -lsqlite3"
---- cyrus-sasl-2.1.25/plugins/Makefile.am.orig 2011-09-05 16:18:10.000000000 +0200
-+++ cyrus-sasl-2.1.25/plugins/Makefile.am 2011-09-16 19:41:32.459226542 +0200
-@@ -66,7 +66,7 @@
- sasl_LTLIBRARIES = @SASL_MECHS@
+--- cyrus-sasl-2.1.27/plugins/Makefile.am.orig 2018-10-05 16:40:16.000000000 +0200
++++ cyrus-sasl-2.1.27/plugins/Makefile.am 2018-11-24 10:25:07.244949119 +0100
+@@ -68,7 +68,7 @@
+
EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \
libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \
- libscram.la libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la
+ libscram.la libntlm.la libpassdss.la libsasldb.la libmysql.la libpgsql.la libsqlite.la libsqlite3.la libldapdb.la
- libplain_la_SOURCES = plain.c plain_init.c $(common_sources)
- libplain_la_DEPENDENCIES = $(COMPAT_OBJS)
-@@ -129,18 +129,51 @@
- libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS)
- libldapdb_la_LIBADD = $(LIB_LDAP) $(COMPAT_OBJS)
+ libplain_la_SOURCES = plain.c plain_init.c
+ libplain_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+@@ -131,18 +131,51 @@
+ libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+ libldapdb_la_LIBADD = $(LIB_LDAP) $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
--libsql_la_SOURCES = sql.c sql_init.c $(common_sources)
+-libsql_la_SOURCES = sql.c sql_init.c
-libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) $(LIB_SQLITE3) \
- $(AM_LDFLAGS)
--libsql_la_DEPENDENCIES = $(COMPAT_OBJS)
--libsql_la_LIBADD = $(COMPAT_OBJS)
+-libsql_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+-libsql_la_LIBADD = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
-
-+libmysql_la_SOURCES = mysql.c mysql_init.c $(common_sources)
++libmysql_la_SOURCES = mysql.c mysql_init.c
+libmysql_la_LDFLAGS = $(LIB_MYSQL) $(AM_LDFLAGS)
-+libmysql_la_DEPENDENCIES = $(COMPAT_OBJS)
-+libmysql_la_LIBADD = $(COMPAT_OBJS)
++libmysql_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
++libmysql_la_LIBADD = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+
-+libpgsql_la_SOURCES = pgsql.c pgsql_init.c $(common_sources)
++libpgsql_la_SOURCES = pgsql.c pgsql_init.c
+libpgsql_la_LDFLAGS = $(LIB_PGSQL) $(AM_LDFLAGS)
-+libpgsql_la_DEPENDENCIES = $(COMPAT_OBJS)
-+libpgsql_la_LIBADD = $(COMPAT_OBJS)
++libpgsql_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
++libpgsql_la_LIBADD = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+
-+libsqlite_la_SOURCES = sqlite.c sqlite_init.c $(common_sources)
++libsqlite_la_SOURCES = sqlite.c sqlite_init.c
+libsqlite_la_LDFLAGS = $(LIB_SQLITE) $(AM_LDFLAGS)
-+libsqlite_la_DEPENDENCIES = $(COMPAT_OBJS)
-+libsqlite_la_LIBADD = $(COMPAT_OBJS)
++libsqlite_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
++libsqlite_la_LIBADD = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+
-+libsqlite3_la_SOURCES = sqlite3.c sqlite3_init.c $(common_sources)
++libsqlite3_la_SOURCES = sqlite3.c sqlite3_init.c
+libsqlite3_la_LDFLAGS = $(LIB_SQLITE3) $(AM_LDFLAGS)
-+libsqlite3_la_DEPENDENCIES = $(COMPAT_OBJS)
-+libsqlite3_la_LIBADD = $(COMPAT_OBJS)
++libsqlite3_la_DEPENDENCIES = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
++libsqlite3_la_LIBADD = $(COMPAT_OBJS) $(PLUGIN_COMMON_OBJS)
+
+mysql.c:
+ sed -e 's#HAVE_PGSQL#HAVE_NO_PGSQL#g' -e 's#HAVE_SQLITE#HAVE_NO_SQLITE#g' \
@@ -117,14 +117,14 @@
CLEANFILES=$(init_src)
---- cyrus-sasl-2.1.25/plugins/makeinit.sh.orig 2011-05-11 21:25:55.000000000 +0200
-+++ cyrus-sasl-2.1.25/plugins/makeinit.sh 2011-09-16 19:42:14.509227950 +0200
-@@ -47,7 +47,7 @@
+--- cyrus-sasl-2.1.27/plugins/makeinit.sh.orig 2018-11-24 09:27:31.358321911 +0100
++++ cyrus-sasl-2.1.27/plugins/makeinit.sh 2018-11-24 10:25:38.331615427 +0100
+@@ -51,7 +51,7 @@
done
# auxprop plugins
-for auxprop in sasldb sql ldapdb; do
+for auxprop in sasldb mysql pgsql sqlite sqlite3 ldapdb; do
+ if [ ${plugin_init} = "${auxprop}_init.c" ];then
- echo "
- #include <config.h>
+ echo "
diff --git a/cyrus-sasl-stddef.patch b/cyrus-sasl-stddef.patch
deleted file mode 100644
index a05d1a6..0000000
--- a/cyrus-sasl-stddef.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- cyrus-sasl-2.1.26/include/sasl.h.orig 2012-10-12 16:05:48.000000000 +0200
-+++ cyrus-sasl-2.1.26/include/sasl.h 2012-11-25 13:51:27.182149131 +0100
-@@ -130,6 +130,9 @@
- #define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\
- (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP)
-
-+/* for size_t */
-+#include <stddef.h>
-+
- #include "prop.h"
-
- /*************
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/cyrus-sasl.git/commitdiff/5dd34792af515ff3a027c18a9b212e59a537a658
More information about the pld-cvs-commit
mailing list