[packages/cyrus-sasl] - build fixes from Fedora and Debian, disabled cryptedpw bcond, code needs update
hawk
hawk at pld-linux.org
Wed Sep 10 19:40:47 CEST 2025
commit bcbd82f2cb4d19f3b9e912d6beeacadfdfc14bca
Author: Marcin Krol <hawk at tld-linux.org>
Date: Wed Sep 10 19:38:57 2025 +0200
- build fixes from Fedora and Debian, disabled cryptedpw bcond, code needs update
cyrus-sasl.spec | 13 +-
gcc15.patch | 823 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
getsubopt.patch | 85 ++++++
krb5.patch | 35 +++
time.patch | 51 ++++
5 files changed, 1005 insertions(+), 2 deletions(-)
---
diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index cdfdd4c..71f971b 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -1,6 +1,6 @@
#
# Conditional build:
-%bcond_without cryptedpw # if you keep crypted passwords in your *sql
+%bcond_with cryptedpw # if you keep crypted passwords in your *sql
%bcond_without ldap # disable LDAP support for saslauthd
%bcond_without gssapi # do not enable GSSAPI support for saslauthd and build gssapi plugin
%bcond_without mysql # don't build MySQL plugin
@@ -40,6 +40,7 @@ Patch1: %{name}-lt.patch
Patch2: %{name}-split-sql.patch
Patch3: %{name}-opie.patch
# Adapted from http://frost.ath.cx/software/cyrus-sasl-patches/dist/2.1.19/cyrus-sasl-2.1.19-checkpw.c+sql.c.patch
+# Patches 5 and 6 needs update for GCC 15!
Patch5: %{name}-cryptedpw.patch
Patch6: %{name}-md5sum-passwords.patch
Patch7: %{name}-db.patch
@@ -49,6 +50,10 @@ Patch12: %{name}-gssapi-detect.patch
Patch14: %{name}-ac-libs.patch
Patch20: %{name}-auxprop.patch
Patch21: 0030-dont_use_la_files_for_opening_plugins.patch
+Patch22: krb5.patch
+Patch23: getsubopt.patch
+Patch24: time.patch
+Patch25: gcc15.patch
URL: https://www.cyrusimap.org/sasl/
BuildRequires: autoconf >= 2.63
BuildRequires: automake >= 1:1.11
@@ -511,11 +516,15 @@ Wtyczka Nagiosa do sprawdzania działania saslauthd.
%endif
%patch -P7 -p1
%patch -P9 -p1
-%{?with_nagios:%patch10 -p1}
+%{?with_nagios:%patch -P10 -p1}
%patch -P12 -p1
%patch -P14 -p1
%patch -P20 -p1
%patch -P21 -p1
+%patch -P22 -p1
+%patch -P23 -p1
+%patch -P24 -p1
+%patch -P25 -p1
# update to our paths
sed -i -e '
diff --git a/gcc15.patch b/gcc15.patch
new file mode 100644
index 0000000..d214631
--- /dev/null
+++ b/gcc15.patch
@@ -0,0 +1,823 @@
+From 8bb2a1b719c6538589897e3d409a0d2362a8a8b9 Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten at redhat.com>
+Date: Tue, 21 Jan 2025 13:51:24 -0500
+Subject: [PATCH] Add compatibility for gcc 15
+
+Fedora 42 is going to use gcc 15 which changes some warnings into errors. Address the issues raised.
+
+The issues addressed include:
+
+* The RETURN macro is defined differently in two places. Rename one.
+* Both atexit and the sigint and sigterm actions call server_exit().
+ The function arguments differ. Introduce a new generic signal handler
+ to call server_exit() for sigint and sigterm signals.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2340025
+
+Signed-off-by: Rob Crittenden <rcritten at redhat.com>
+---
+ lib/auxprop.c | 2 +-
+ lib/canonusr.c | 6 ++--
+ lib/client.c | 6 ++--
+ lib/common.c | 40 ++++++++++++-------------
+ lib/md5.c | 48 +++++++++---------------------
+ lib/saslint.h | 8 ++---
+ lib/server.c | 32 ++++++++++----------
+ saslauthd/auth_sasldb.c | 4 +--
+ saslauthd/md5.c | 60 ++++++++++++--------------------------
+ saslauthd/saslauthd-main.c | 12 +++++---
+ saslauthd/saslauthd-main.h | 5 ++--
+ saslauthd/saslauthd_md5.h | 9 +++---
+ 12 files changed, 95 insertions(+), 137 deletions(-)
+
+diff --git a/lib/auxprop.c b/lib/auxprop.c
+index 1b0162d..0d465a2 100644
+--- a/lib/auxprop.c
++++ b/lib/auxprop.c
+@@ -780,7 +780,7 @@ int sasl_auxprop_request(sasl_conn_t *conn, const char **propnames)
+ }
+
+ result = prop_request(sconn->sparams->propctx, propnames);
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+
+diff --git a/lib/canonusr.c b/lib/canonusr.c
+index 66f7e11..654a72e 100644
+--- a/lib/canonusr.c
++++ b/lib/canonusr.c
+@@ -192,7 +192,7 @@ int _sasl_canon_user(sasl_conn_t *conn,
+ oparams->user = conn->user_buf;
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* Lookup all properties for authentication and/or authorization identity. */
+@@ -256,7 +256,7 @@ static int _sasl_auxprop_lookup_user_props (sasl_conn_t *conn,
+ }
+ #endif
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* default behavior:
+@@ -285,7 +285,7 @@ int _sasl_canon_user_lookup (sasl_conn_t *conn,
+ oparams);
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ void _sasl_canonuser_free()
+diff --git a/lib/client.c b/lib/client.c
+index 3784bb0..281285b 100644
+--- a/lib/client.c
++++ b/lib/client.c
+@@ -435,7 +435,7 @@ int sasl_client_new(const char *service,
+ &client_idle, serverFQDN,
+ iplocalport, ipremoteport,
+ prompt_supp, &global_callbacks_client);
+- if (result != SASL_OK) RETURN(*pconn, result);
++ if (result != SASL_OK) RETURN_VAL(*pconn, result);
+
+ utils = _sasl_alloc_utils(*pconn, &global_callbacks_client);
+ if (utils == NULL) {
+@@ -879,7 +879,7 @@ int sasl_client_start(sasl_conn_t *conn,
+ done:
+ if (ordered_mechs != NULL)
+ c_conn->cparams->utils->free(ordered_mechs);
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* do a single authentication step.
+@@ -952,7 +952,7 @@ int sasl_client_step(sasl_conn_t *conn,
+ }
+ }
+
+- RETURN(conn,result);
++ RETURN_VAL(conn,result);
+ }
+
+ /* returns the length of all the mechanisms
+diff --git a/lib/common.c b/lib/common.c
+index 5a4fb00..eb642f5 100644
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -303,7 +303,7 @@ int sasl_encode(sasl_conn_t *conn, const char *input,
+
+ result = sasl_encodev(conn, &tmp, 1, output, outputlen);
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* Internal function that doesn't do any verification */
+@@ -389,7 +389,7 @@ _sasl_encodev (sasl_conn_t *conn,
+
+ (*p_num_packets)++;
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* security-encode an iovec */
+@@ -434,7 +434,7 @@ int sasl_encodev(sasl_conn_t *conn,
+ *output = conn->encode_buf->data;
+ *outputlen = (unsigned) conn->encode_buf->curlen;
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* This might be better to check on a per-plugin basis, but I think
+@@ -592,7 +592,7 @@ cleanup:
+ sasl_FREE(cur_invec);
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* output is only valid until next call to sasl_decode */
+@@ -609,7 +609,7 @@ int sasl_decode(sasl_conn_t *conn,
+ if(!conn->props.maxbufsize) {
+ sasl_seterror(conn, 0,
+ "called sasl_decode with application that does not support security layers");
+- RETURN(conn, SASL_TOOWEAK);
++ RETURN_VAL(conn, SASL_TOOWEAK);
+ }
+
+ if(conn->oparams.decode == NULL)
+@@ -623,7 +623,7 @@ int sasl_decode(sasl_conn_t *conn,
+ if(inputlen > conn->props.maxbufsize) {
+ sasl_seterror(conn, 0,
+ "input too large for default sasl_decode");
+- RETURN(conn,SASL_BUFOVER);
++ RETURN_VAL(conn,SASL_BUFOVER);
+ }
+
+ if(!conn->decode_buf)
+@@ -644,7 +644,7 @@ int sasl_decode(sasl_conn_t *conn,
+ /* NULL an empty buffer (for misbehaved applications) */
+ if (*outputlen == 0) *output = NULL;
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ INTERROR(conn, SASL_FAIL);
+@@ -738,11 +738,11 @@ int _sasl_conn_init(sasl_conn_t *conn,
+
+ result = sasl_setprop(conn, SASL_IPLOCALPORT, iplocalport);
+ if(result != SASL_OK)
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+
+ result = sasl_setprop(conn, SASL_IPREMOTEPORT, ipremoteport);
+ if(result != SASL_OK)
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+
+ conn->encode_buf = NULL;
+ conn->context = NULL;
+@@ -787,7 +787,7 @@ int _sasl_conn_init(sasl_conn_t *conn,
+
+ if(result != SASL_OK) MEMERROR( conn );
+
+- RETURN(conn, SASL_OK);
++ RETURN_VAL(conn, SASL_OK);
+ }
+
+ int _sasl_common_init(sasl_global_callbacks_t *global_callbacks)
+@@ -1068,11 +1068,11 @@ int sasl_getprop(sasl_conn_t *conn, int propnum, const void **pvalue)
+ } else if(result == SASL_NOTDONE) {
+ sasl_seterror(conn, SASL_NOLOG,
+ "Information that was requested is not yet available.");
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ } else if(result != SASL_OK) {
+ INTERROR(conn, result);
+ } else
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* set property in SASL connection state
+@@ -1146,7 +1146,7 @@ int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value)
+ if(props->maxbufsize == 0 && props->min_ssf != 0) {
+ sasl_seterror(conn, 0,
+ "Attempt to disable security layers (maxoutbuf == 0) with min_ssf > 0");
+- RETURN(conn, SASL_TOOWEAK);
++ RETURN_VAL(conn, SASL_TOOWEAK);
+ }
+
+ conn->props = *props;
+@@ -1168,7 +1168,7 @@ int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value)
+ } else if (_sasl_ipfromstring(ipremoteport, NULL, 0)
+ != SASL_OK) {
+ sasl_seterror(conn, 0, "Bad IPREMOTEPORT value");
+- RETURN(conn, SASL_BADPARAM);
++ RETURN_VAL(conn, SASL_BADPARAM);
+ } else {
+ strcpy(conn->ipremoteport, ipremoteport);
+ conn->got_ip_remote = 1;
+@@ -1209,7 +1209,7 @@ int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value)
+ } else if (_sasl_ipfromstring(iplocalport, NULL, 0)
+ != SASL_OK) {
+ sasl_seterror(conn, 0, "Bad IPLOCALPORT value");
+- RETURN(conn, SASL_BADPARAM);
++ RETURN_VAL(conn, SASL_BADPARAM);
+ } else {
+ strcpy(conn->iplocalport, iplocalport);
+ conn->got_ip_local = 1;
+@@ -1302,7 +1302,7 @@ int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value)
+ result = SASL_BADPARAM;
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* this is apparently no longer a user function */
+@@ -1708,7 +1708,7 @@ _sasl_proxy_policy(sasl_conn_t *conn,
+ (memcmp(auth_identity, requested_user, rlen) != 0)) {
+ sasl_seterror(conn, 0,
+ "Requested identity not authenticated identity");
+- RETURN(conn, SASL_BADAUTH);
++ RETURN_VAL(conn, SASL_BADAUTH);
+ }
+
+ return SASL_OK;
+@@ -1809,7 +1809,7 @@ int _sasl_getcallback(sasl_conn_t * conn,
+ *pproc = NULL;
+ *pcontext = NULL;
+ sasl_seterror(conn, SASL_NOLOG, "Unable to find a callback: %d", callbackid);
+- RETURN(conn,SASL_FAIL);
++ RETURN_VAL(conn,SASL_FAIL);
+ }
+
+
+@@ -2406,10 +2406,10 @@ int sasl_listmech(sasl_conn_t *conn,
+ if(!conn) {
+ return SASL_BADPARAM;
+ } else if(conn->type == SASL_CONN_SERVER) {
+- RETURN(conn, _sasl_server_listmech(conn, user, prefix, sep, suffix,
++ RETURN_VAL(conn, _sasl_server_listmech(conn, user, prefix, sep, suffix,
+ result, plen, pcount));
+ } else if (conn->type == SASL_CONN_CLIENT) {
+- RETURN(conn, _sasl_client_listmech(conn, prefix, sep, suffix,
++ RETURN_VAL(conn, _sasl_client_listmech(conn, prefix, sep, suffix,
+ result, plen, pcount));
+ }
+
+diff --git a/lib/md5.c b/lib/md5.c
+index fbe7ae8..5a40eb0 100644
+--- a/lib/md5.c
++++ b/lib/md5.c
+@@ -54,13 +54,11 @@ documentation and/or software.
+ #define S43 15
+ #define S44 21
+
+-static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
+-static void Encode PROTO_LIST
+- ((unsigned char *, UINT4 *, unsigned int));
+-static void Decode PROTO_LIST
+- ((UINT4 *, const unsigned char *, unsigned int));
+-static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
+-static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
++static void MD5Transform (UINT4 [4], const unsigned char [64]);
++static void Encode (unsigned char *, UINT4 *, unsigned int);
++static void Decode (UINT4 *, const unsigned char *, unsigned int);
++static void MD5_memcpy (POINTER, POINTER, unsigned int);
++static void MD5_memset (POINTER, int, unsigned int);
+
+ static unsigned char PADDING[64] = {
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+@@ -98,8 +96,7 @@ Rotation is separate from addition to prevent recomputation.
+ /* MD5 initialization. Begins an MD5 operation, writing a new context.
+ */
+
+-void _sasl_MD5Init (context)
+-MD5_CTX *context; /* context */
++void _sasl_MD5Init (MD5_CTX *context)
+ {
+ context->count[0] = context->count[1] = 0;
+
+@@ -114,10 +111,7 @@ MD5_CTX *context; /* context */
+ operation, processing another message block, and updating the context.
+ */
+
+-void _sasl_MD5Update (context, input, inputLen)
+-MD5_CTX *context; /* context */
+-const unsigned char *input; /* input block */
+-unsigned int inputLen; /* length of input block */
++void _sasl_MD5Update (MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
+ {
+ unsigned int i, index, partLen;
+
+@@ -159,9 +153,7 @@ unsigned int inputLen; /* length of input block */
+ the message digest and zeroizing the context.
+ */
+
+-void _sasl_MD5Final (digest, context)
+-unsigned char digest[16]; /* message digest */
+-MD5_CTX *context; /* context */
++void _sasl_MD5Final (unsigned char digest[16], MD5_CTX *context)
+ {
+ unsigned char bits[8];
+ unsigned int index, padLen;
+@@ -186,9 +178,7 @@ MD5_CTX *context; /* context */
+
+ /* MD5 basic transformation. Transforms state based on block. */
+
+-static void MD5Transform (state, block)
+-UINT4 state[4];
+-const unsigned char block[64];
++static void MD5Transform (UINT4 state[4], const unsigned char block[64])
+ {
+ UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+
+@@ -281,10 +271,7 @@ const unsigned char block[64];
+
+ */
+
+-static void Encode (output, input, len)
+-unsigned char *output;
+-UINT4 *input;
+-unsigned int len;
++static void Encode (unsigned char *output, UINT4 *input, unsigned int len)
+ {
+ unsigned int i, j;
+
+@@ -301,10 +288,7 @@ unsigned int len;
+
+ */
+
+-static void Decode (output, input, len)
+-UINT4 *output;
+-const unsigned char *input;
+-unsigned int len;
++static void Decode (UINT4 *output, const unsigned char *input, unsigned int len)
+ {
+ unsigned int i, j;
+
+@@ -317,10 +301,7 @@ unsigned int len;
+
+ */
+
+-static void MD5_memcpy (output, input, len)
+-POINTER output;
+-POINTER input;
+-unsigned int len;
++static void MD5_memcpy (POINTER output, POINTER input, unsigned int len)
+ {
+ unsigned int i;
+
+@@ -331,10 +312,7 @@ unsigned int len;
+ /* Note: Replace "for loop" with standard memset if possible.
+ */
+
+-static void MD5_memset (output, value, len)
+-POINTER output;
+-int value;
+-unsigned int len;
++static void MD5_memset (POINTER output, int value, unsigned int len)
+ {
+ unsigned int i;
+
+diff --git a/lib/saslint.h b/lib/saslint.h
+index ebade78..77fbb1b 100644
+--- a/lib/saslint.h
++++ b/lib/saslint.h
+@@ -74,22 +74,22 @@
+ * memory errors.
+ * -Only errors (error codes < SASL_OK) should be remembered
+ */
+-#define RETURN(conn, val) { if(conn && (val) < SASL_OK) \
++#define RETURN_VAL(conn, val) { if(conn && (val) < SASL_OK) \
+ (conn)->error_code = (val); \
+ return (val); }
+ #define MEMERROR(conn) {\
+ if(conn) sasl_seterror( (conn), 0, \
+ "Out of Memory in " __FILE__ " near line %d", __LINE__ ); \
+- RETURN(conn, SASL_NOMEM) }
++ RETURN_VAL(conn, SASL_NOMEM) }
+ #define PARAMERROR(conn) {\
+ if(conn) sasl_seterror( (conn), SASL_NOLOG, \
+ "Parameter error in " __FILE__ " near line %d", __LINE__ ); \
+- RETURN(conn, SASL_BADPARAM) }
++ RETURN_VAL(conn, SASL_BADPARAM) }
+ #define INTERROR(conn, val) {\
+ if(conn) sasl_seterror( (conn), 0, \
+ "Internal Error %d in " __FILE__ " near line %d", (val),\
+ __LINE__ ); \
+- RETURN(conn, (val)) }
++ RETURN_VAL(conn, (val)) }
+
+ #ifndef PATH_MAX
+ # ifdef WIN32
+diff --git a/lib/server.c b/lib/server.c
+index bff461f..4ea2764 100644
+--- a/lib/server.c
++++ b/lib/server.c
+@@ -155,7 +155,7 @@ int sasl_setpass(sasl_conn_t *conn,
+ (current_mech == NULL) ) {
+ sasl_seterror( conn, SASL_NOLOG,
+ "No current SASL mechanism available");
+- RETURN(conn, SASL_BADPARAM);
++ RETURN_VAL(conn, SASL_BADPARAM);
+ }
+
+ /* Do we want to store SASL_AUX_PASSWORD_PROP (plain text)? and
+@@ -297,7 +297,7 @@ int sasl_setpass(sasl_conn_t *conn,
+ }
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* local mechanism which disposes of server */
+@@ -991,7 +991,7 @@ _sasl_transition(sasl_conn_t * conn,
+ NULL, 0, SASL_SET_CREATE | flags);
+ }
+
+- RETURN(conn,result);
++ RETURN_VAL(conn,result);
+ }
+
+
+@@ -1367,7 +1367,7 @@ static int do_authorization(sasl_server_conn_t *s_conn)
+ (s_conn->user_realm ? (unsigned) strlen(s_conn->user_realm) : 0),
+ s_conn->sparams->propctx);
+
+- RETURN(&s_conn->base, ret);
++ RETURN_VAL(&s_conn->base, ret);
+ }
+
+
+@@ -1484,7 +1484,7 @@ int sasl_server_start(sasl_conn_t *conn,
+
+ if (result != SASL_OK) {
+ /* The library will eventually be freed, don't sweat it */
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+ }
+
+@@ -1573,7 +1573,7 @@ int sasl_server_start(sasl_conn_t *conn,
+ conn->oparams.doneflag = 0;
+ }
+
+- RETURN(conn,result);
++ RETURN_VAL(conn,result);
+ }
+
+
+@@ -1701,7 +1701,7 @@ int sasl_server_step(sasl_conn_t *conn,
+ conn->oparams.doneflag = 0;
+ }
+
+- RETURN(conn, ret);
++ RETURN_VAL(conn, ret);
+ }
+
+ /* returns the length of all the mechanisms
+@@ -1950,7 +1950,7 @@ static int _sasl_checkpass(sasl_conn_t *conn,
+ if (result != SASL_OK)
+ sasl_seterror(conn, SASL_NOLOG, "checkpass failed");
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* check if a plaintext password is valid
+@@ -1990,7 +1990,7 @@ int sasl_checkpass(sasl_conn_t *conn,
+ result = _sasl_canon_user(conn, user, userlen,
+ SASL_CU_AUTHID | SASL_CU_AUTHZID,
+ &(conn->oparams));
+- if(result != SASL_OK) RETURN(conn, result);
++ if(result != SASL_OK) RETURN_VAL(conn, result);
+ user = conn->oparams.user;
+
+ /* Check the password and lookup additional properties */
+@@ -2001,7 +2001,7 @@ int sasl_checkpass(sasl_conn_t *conn,
+ result = do_authorization((sasl_server_conn_t *)conn);
+ }
+
+- RETURN(conn,result);
++ RETURN_VAL(conn,result);
+ }
+
+ /* check if a user exists on server
+@@ -2074,7 +2074,7 @@ int sasl_user_exists(sasl_conn_t *conn,
+ sasl_seterror(conn, SASL_NOLOG, "no plaintext password verifier?");
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* check if an apop exchange is valid
+@@ -2136,7 +2136,7 @@ int sasl_checkapop(sasl_conn_t *conn,
+ if (!user_end || strspn(user_end + 1, "0123456789abcdef") != 32)
+ {
+ sasl_seterror(conn, 0, "Bad Digest");
+- RETURN(conn,SASL_BADPROT);
++ RETURN_VAL(conn,SASL_BADPROT);
+ }
+
+ user_len = (size_t)(user_end - response);
+@@ -2148,7 +2148,7 @@ int sasl_checkapop(sasl_conn_t *conn,
+ if(result != SASL_OK)
+ {
+ sasl_FREE(user);
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ }
+
+ /* erase the plaintext password */
+@@ -2163,7 +2163,7 @@ int sasl_checkapop(sasl_conn_t *conn,
+ &(conn->oparams));
+ sasl_FREE(user);
+
+- if(result != SASL_OK) RETURN(conn, result);
++ if(result != SASL_OK) RETURN_VAL(conn, result);
+
+ /* Do APOP verification */
+ result = _sasl_auxprop_verify_apop(conn, conn->oparams.authid,
+@@ -2178,11 +2178,11 @@ int sasl_checkapop(sasl_conn_t *conn,
+ conn->oparams.authid = NULL;
+ }
+
+- RETURN(conn, result);
++ RETURN_VAL(conn, result);
+ #else /* sasl_checkapop was disabled at compile time */
+ sasl_seterror(conn, SASL_NOLOG,
+ "sasl_checkapop called, but was disabled at compile time");
+- RETURN(conn, SASL_NOMECH);
++ RETURN_VAL(conn, SASL_NOMECH);
+ #endif /* DO_SASL_CHECKAPOP */
+ }
+
+diff --git a/saslauthd/auth_sasldb.c b/saslauthd/auth_sasldb.c
+index b6aaa39..08db189 100644
+--- a/saslauthd/auth_sasldb.c
++++ b/saslauthd/auth_sasldb.c
+@@ -51,9 +51,7 @@
+ #include "../sasldb/sasldb.h"
+
+ static int
+-vf(void *context __attribute__((unused)),
+- char *file __attribute__((unused)),
+- int type __attribute__((unused)))
++vf(void)
+ {
+ /* always say ok */
+ return SASL_OK;
+diff --git a/saslauthd/md5.c b/saslauthd/md5.c
+index d38425d..dd927da 100644
+--- a/saslauthd/md5.c
++++ b/saslauthd/md5.c
+@@ -54,13 +54,11 @@ documentation and/or software.
+ #define S43 15
+ #define S44 21
+
+-static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
+-static void Encode PROTO_LIST
+- ((unsigned char *, UINT4 *, unsigned int));
+-static void Decode PROTO_LIST
+- ((UINT4 *, unsigned char *, unsigned int));
+-static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
+-static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
++static void MD5Transform (UINT4 [4], unsigned char [64]);
++static void Encode (unsigned char *, UINT4 *, unsigned int);
++static void Decode (UINT4 *, unsigned char *, unsigned int);
++static void MD5_memcpy (POINTER, POINTER, unsigned int);
++static void MD5_memset (POINTER, int, unsigned int);
+
+ static unsigned char PADDING[64] = {
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+@@ -98,8 +96,7 @@ Rotation is separate from addition to prevent recomputation.
+ /* MD5 initialization. Begins an MD5 operation, writing a new context.
+ */
+
+-void _saslauthd_MD5Init (context)
+-MD5_CTX *context; /* context */
++void _saslauthd_MD5Init (MD5_CTX *context)
+ {
+ context->count[0] = context->count[1] = 0;
+
+@@ -114,10 +111,7 @@ MD5_CTX *context; /* context */
+ operation, processing another message block, and updating the context.
+ */
+
+-void _saslauthd_MD5Update (context, input, inputLen)
+-MD5_CTX *context; /* context */
+-unsigned char *input; /* input block */
+-unsigned int inputLen; /* length of input block */
++void _saslauthd_MD5Update (MD5_CTX *context, unsigned char *input, unsigned int inputLen)
+ {
+ unsigned int i, index, partLen;
+
+@@ -159,9 +153,7 @@ unsigned int inputLen; /* length of input block */
+ the message digest and zeroizing the context.
+ */
+
+-void _saslauthd_MD5Final (digest, context)
+-unsigned char digest[16]; /* message digest */
+-MD5_CTX *context; /* context */
++void _saslauthd_MD5Final (unsigned char digest[16], MD5_CTX *context)
+ {
+ unsigned char bits[8];
+ unsigned int index, padLen;
+@@ -186,9 +178,7 @@ MD5_CTX *context; /* context */
+
+ /* MD5 basic transformation. Transforms state based on block. */
+
+-static void MD5Transform (state, block)
+-UINT4 state[4];
+-unsigned char block[64];
++static void MD5Transform (UINT4 state[4], unsigned char block[64])
+ {
+ UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+
+@@ -281,10 +271,7 @@ unsigned char block[64];
+
+ */
+
+-static void Encode (output, input, len)
+-unsigned char *output;
+-UINT4 *input;
+-unsigned int len;
++static void Encode (unsigned char *output, UINT4 *input, unsigned int len)
+ {
+ unsigned int i, j;
+
+@@ -301,10 +288,7 @@ unsigned int len;
+
+ */
+
+-static void Decode (output, input, len)
+-UINT4 *output;
+-unsigned char *input;
+-unsigned int len;
++static void Decode (UINT4 *output, unsigned char *input, unsigned int len)
+ {
+ unsigned int i, j;
+
+@@ -317,10 +301,7 @@ unsigned int len;
+
+ */
+
+-static void MD5_memcpy (output, input, len)
+-POINTER output;
+-POINTER input;
+-unsigned int len;
++static void MD5_memcpy (POINTER output, POINTER input, unsigned int len)
+ {
+ unsigned int i;
+
+@@ -331,10 +312,7 @@ unsigned int len;
+ /* Note: Replace "for loop" with standard memset if possible.
+ */
+
+-static void MD5_memset (output, value, len)
+-POINTER output;
+-int value;
+-unsigned int len;
++static void MD5_memset (POINTER output, int value, unsigned int len)
+ {
+ unsigned int i;
+
+@@ -360,7 +338,7 @@ void _saslauthd_hmac_md5_init(HMAC_MD5_CTX *hmac,
+ MD5_CTX tctx;
+
+ _saslauthd_MD5Init(&tctx);
+- _saslauthd_MD5Update(&tctx, key, key_len);
++ _saslauthd_MD5Update(&tctx, (unsigned char *)key, key_len);
+ _saslauthd_MD5Final(tk, &tctx);
+
+ key = tk;
+@@ -397,9 +375,9 @@ void _saslauthd_hmac_md5_init(HMAC_MD5_CTX *hmac,
+ _saslauthd_MD5Update(&hmac->octx, k_opad, 64); /* apply outer pad */
+
+ /* scrub the pads and key context (if used) */
+- MD5_memset(&k_ipad, 0, sizeof(k_ipad));
+- MD5_memset(&k_opad, 0, sizeof(k_opad));
+- MD5_memset(&tk, 0, sizeof(tk));
++ MD5_memset((POINTER)&k_ipad, 0, sizeof(k_ipad));
++ MD5_memset((POINTER)&k_opad, 0, sizeof(k_opad));
++ MD5_memset((POINTER)&tk, 0, sizeof(tk));
+
+ /* and we're done. */
+ }
+@@ -424,7 +402,7 @@ void _saslauthd_hmac_md5_precalc(HMAC_MD5_STATE *state,
+ state->istate[lupe] = htonl(hmac.ictx.state[lupe]);
+ state->ostate[lupe] = htonl(hmac.octx.state[lupe]);
+ }
+- MD5_memset(&hmac, 0, sizeof(hmac));
++ MD5_memset((POINTER)&hmac, 0, sizeof(hmac));
+ }
+
+
+@@ -432,7 +410,7 @@ void _saslauthd_hmac_md5_import(HMAC_MD5_CTX *hmac,
+ HMAC_MD5_STATE *state)
+ {
+ unsigned lupe;
+- MD5_memset(hmac, 0, sizeof(HMAC_MD5_CTX));
++ MD5_memset((POINTER)hmac, 0, sizeof(HMAC_MD5_CTX));
+ for (lupe = 0; lupe < 4; lupe++) {
+ hmac->ictx.state[lupe] = ntohl(state->istate[lupe]);
+ hmac->octx.state[lupe] = ntohl(state->ostate[lupe]);
+diff --git a/saslauthd/saslauthd-main.c b/saslauthd/saslauthd-main.c
+index bf1545b..ead686c 100644
+--- a/saslauthd/saslauthd-main.c
++++ b/saslauthd/saslauthd-main.c
+@@ -593,7 +593,7 @@ void signal_setup() {
+ /**************************************************************
+ * Handler for SIGTERM
+ **************************************************************/
+- act_sigterm.sa_handler = server_exit;
++ act_sigterm.sa_handler = handle_exit;
+ sigemptyset(&act_sigterm.sa_mask);
+
+ if (sigaction(SIGTERM, &act_sigterm, NULL) != 0) {
+@@ -606,7 +606,7 @@ void signal_setup() {
+ /**************************************************************
+ * Handler for SIGINT
+ **************************************************************/
+- act_sigint.sa_handler = server_exit;
++ act_sigint.sa_handler = handle_exit;
+ sigemptyset(&act_sigint.sa_mask);
+
+ if (sigaction(SIGINT, &act_sigint, NULL) != 0) {
+@@ -877,7 +877,7 @@ pid_t have_baby() {
+ /*************************************************************
+ * Reap in all the dead children
+ **************************************************************/
+-void handle_sigchld() {
++void handle_sigchld(__attribute__((unused)) int sig) {
+ pid_t pid;
+
+ while ((pid = waitpid(-1, 0, WNOHANG)) > 0) {
+@@ -889,11 +889,15 @@ void handle_sigchld() {
+ return;
+ }
+
++void handle_exit(__attribute__((unused)) int sig) {
++ server_exit();
++}
++
+
+ /*************************************************************
+ * Do some final cleanup here.
+ **************************************************************/
+-void server_exit() {
++void server_exit(void) {
+
+ /*********************************************************
+ * If we're not the master process, don't do anything
+diff --git a/saslauthd/saslauthd-main.h b/saslauthd/saslauthd-main.h
+index 754626c..29998f0 100644
+--- a/saslauthd/saslauthd-main.h
++++ b/saslauthd/saslauthd-main.h
+@@ -96,8 +96,9 @@ extern void set_mech_option(const char *);
+ extern void set_run_path(const char *);
+ extern void signal_setup();
+ extern void detach_tty();
+-extern void handle_sigchld();
+-extern void server_exit();
++extern void handle_sigchld(int sig);
++extern void handle_exit(int sig);
++extern void server_exit(void);
+ extern pid_t have_baby();
+
+ /* ipc api delcarations */
+diff --git a/saslauthd/saslauthd_md5.h b/saslauthd/saslauthd_md5.h
+index 1d25449..d7fc62d 100644
+--- a/saslauthd/saslauthd_md5.h
++++ b/saslauthd/saslauthd_md5.h
+@@ -29,9 +29,8 @@ typedef struct {
+ unsigned char buffer[64]; /* input buffer */
+ } MD5_CTX;
+
+-void _saslauthd_MD5Init PROTO_LIST ((MD5_CTX *));
+-void _saslauthd_MD5Update PROTO_LIST
+- ((MD5_CTX *, unsigned char *, unsigned int));
+-void _saslauthd_MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
++void _saslauthd_MD5Init (MD5_CTX *);
++void _saslauthd_MD5Update (MD5_CTX *, unsigned char *, unsigned int);
++void _saslauthd_MD5Final (unsigned char [16], MD5_CTX *);
+
+-void _saslauthd_hmac_md5 PROTO_LIST ((unsigned char *, int, unsigned char *, int, caddr_t));
++void _saslauthd_hmac_md5 (unsigned char *, int, unsigned char *, int, caddr_t);
+--
+2.48.1
+
diff --git a/getsubopt.patch b/getsubopt.patch
new file mode 100644
index 0000000..f780e08
--- /dev/null
+++ b/getsubopt.patch
@@ -0,0 +1,85 @@
+From: Bastian Germann <bage at debian.org>
+Date: Wed, 7 Aug 2024 11:41:02 +0200
+Subject: Harmonize getsubopt casts with glibc
+
+---
+diff --git a/sample/sample-server.c b/sample/sample-server.c
+index ee3cfc9..0d57373 100644
+--- a/sample/sample-server.c
++++ b/sample/sample-server.c
+@@ -320,7 +320,7 @@ main(int argc, char *argv[])
+ case 'b':
+ options = optarg;
+ while (*options != '\0')
+- switch(getsubopt(&options, (const char * const *)bit_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)bit_subopts, &value)) {
+ case OPT_MIN:
+ if (! value)
+ errflag = 1;
+@@ -342,7 +342,7 @@ main(int argc, char *argv[])
+ case 'e':
+ options = optarg;
+ while (*options != '\0')
+- switch(getsubopt(&options, (const char * const *)ext_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)ext_subopts, &value)) {
+ case OPT_EXT_SSF:
+ if (! value)
+ errflag = 1;
+@@ -368,7 +368,7 @@ main(int argc, char *argv[])
+ case 'f':
+ options = optarg;
+ while (*options != '\0') {
+- switch(getsubopt(&options, (const char * const *)flag_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)flag_subopts, &value)) {
+ case OPT_NOPLAIN:
+ secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
+ break;
+@@ -402,7 +402,7 @@ main(int argc, char *argv[])
+ case 'i':
+ options = optarg;
+ while (*options != '\0')
+- switch(getsubopt(&options, (const char * const *)ip_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)ip_subopts, &value)) {
+ case OPT_IP_LOCAL:
+ if (! value)
+ errflag = 1;
+diff --git a/sample/sample-client.c b/sample/sample-client.c
+index 4795fa1..1354a17 100644
+--- a/sample/sample-client.c
++++ b/sample/sample-client.c
+@@ -473,7 +473,7 @@ main(int argc, char *argv[])
+ case 'b':
+ options = optarg;
+ while (*options != '\0')
+- switch(getsubopt(&options, (const char * const *)bit_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)bit_subopts, &value)) {
+ case OPT_MIN:
+ if (! value)
+ errflag = 1;
+@@ -503,7 +503,7 @@ main(int argc, char *argv[])
+ case 'e':
+ options = optarg;
+ while (*options != '\0')
+- switch(getsubopt(&options, (const char * const *)ext_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)ext_subopts, &value)) {
+ case OPT_EXT_SSF:
+ if (! value)
+ errflag = 1;
+@@ -529,7 +529,7 @@ main(int argc, char *argv[])
+ case 'f':
+ options = optarg;
+ while (*options != '\0') {
+- switch(getsubopt(&options, (const char * const *)flag_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)flag_subopts, &value)) {
+ case OPT_NOPLAIN:
+ secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
+ break;
+@@ -559,7 +559,7 @@ main(int argc, char *argv[])
+ case 'i':
+ options = optarg;
+ while (*options != '\0')
+- switch(getsubopt(&options, (const char * const *)ip_subopts, &value)) {
++ switch(getsubopt(&options, (char * const *restrict)ip_subopts, &value)) {
+ case OPT_IP_LOCAL:
+ if (! value)
+ errflag = 1;
diff --git a/krb5.patch b/krb5.patch
new file mode 100644
index 0000000..47da079
--- /dev/null
+++ b/krb5.patch
@@ -0,0 +1,35 @@
+Origin: https://github.com/cyrusimap/cyrus-sasl/pull/826
+From: Bastian Germann <bage at debian.org>
+Date: Mon, 18 Mar 2024 23:20:09 +0100
+Subject: sasl2.m4: Check for gssapi_krb5.h before testing a resulting value
+
+When <gssapi/gssapi_krb5.h> stems from Heimdal but
+build-heimdal/config.h doesn't define HAVE_GSSAPI_GSSAPI_KRB5_H,
+<gssapi/gssapi_krb5.h> is not included.
+
+The header file is only checked if gsskrb5_register_acceptor_identity is
+not found.
+
+Move the header check so that it works for both KRB5 and Heimdal.
+
+Link: https://bugs.debian.org/1066214
+Signed-off-by: Bastian Germann <bage at debian.org>
+---
+ m4/sasl2.m4 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/m4/sasl2.m4 b/m4/sasl2.m4
+index 901a1173..98f81ba0 100644
+--- a/m4/sasl2.m4
++++ b/m4/sasl2.m4
+@@ -269,9 +269,9 @@ if test "$gssapi" != no; then
+
+ cmu_save_LIBS="$LIBS"
+ LIBS="$LIBS $GSSAPIBASE_LIBS"
++ AC_CHECK_HEADERS(gssapi/gssapi_krb5.h)
+ AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
+ if test "$ac_cv_func_gsskrb5_register_acceptor_identity" = no ; then
+- AC_CHECK_HEADERS(gssapi/gssapi_krb5.h)
+ if test "$ac_cv_header_gssapi_gssapi_krb5_h" = "yes"; then
+ AC_CHECK_DECL(gsskrb5_register_acceptor_identity,
+ [AC_DEFINE(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY,1,
diff --git a/time.patch b/time.patch
new file mode 100644
index 0000000..23aa877
--- /dev/null
+++ b/time.patch
@@ -0,0 +1,51 @@
+From 266f0acf7f5e029afbb3e263437039e50cd6c262 Mon Sep 17 00:00:00 2001
+From: Sam James <sam at gentoo.org>
+Date: Wed, 23 Feb 2022 00:45:15 +0000
+Subject: Fix <time.h> check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We're conditionally including based on HAVE_TIME_H in a bunch of places,
+but we're not actually checking for time.h, so that's never going to be defined.
+
+While at it, add in a missing include in the cram plugin.
+
+This fixes a bunch of implicit declaration warnings:
+```
+ * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+```
+
+Signed-off-by: Sam James <sam at gentoo.org>
+
+[Edited to apply to Fedora - DJ]
+diff -rup a/configure.ac b/configure.ac
+--- a/configure.ac 2023-04-20 00:31:33.578596460 -0400
++++ b/configure.ac 2023-04-20 01:17:40.877579628 -0400
+@@ -1239,6 +1239,7 @@ AC_CHECK_HEADERS_ONCE([sys/time.h])
+ AC_HEADER_DIRENT
+ AC_HEADER_SYS_WAIT
+ AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
++AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h time.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
+ AC_CHECK_TYPES([long long, int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t, uint64_t],,,[
+ #ifdef HAVE_INTTYPES_H
+ #include <inttypes.h>
+diff -rup a/plugins/cram.c b/plugins/cram.c
+--- a/plugins/cram.c 2022-02-18 16:50:42.000000000 -0500
++++ b/plugins/cram.c 2023-04-20 01:20:12.228312652 -0400
+@@ -53,6 +53,10 @@
+ #endif
+ #include <fcntl.h>
+
++#ifdef HAVE_TIME_H
++#include <time.h>
++#endif
++
+ #include <sasl.h>
+ #include <saslplug.h>
+ #include <saslutil.h>
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/cyrus-sasl.git/commitdiff/bcbd82f2cb4d19f3b9e912d6beeacadfdfc14bca
More information about the pld-cvs-commit
mailing list