packages: cyrus-sasl/cyrus-sasl.spec, cyrus-sasl/0032-revert_1.103_revision...

baggins baggins at pld-linux.org
Thu Sep 29 11:38:45 CEST 2011 

Author: baggins                      Date: Thu Sep 29 09:38:45 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 3
- gssapi and dovecot auth fixes from debian

---- Files affected:
packages/cyrus-sasl:
   cyrus-sasl.spec (1.210 -> 1.211) , 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch (NONE -> 1.1)  (NEW), 0033-fix_segfault_in_GSSAPI.patch (NONE -> 1.1)  (NEW), 0034-fix_dovecot_authentication.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/cyrus-sasl/cyrus-sasl.spec
diff -u packages/cyrus-sasl/cyrus-sasl.spec:1.210 packages/cyrus-sasl/cyrus-sasl.spec:1.211
--- packages/cyrus-sasl/cyrus-sasl.spec:1.210	Sat Sep 17 14:05:54 2011
+++ packages/cyrus-sasl/cyrus-sasl.spec	Thu Sep 29 11:38:40 2011
@@ -26,7 +26,7 @@
 Summary(uk.UTF-8):	Бібліотека Cyrus SASL
 Name:		cyrus-sasl
 Version:	2.1.25
-Release:	2
+Release:	3
 License:	distributable
 Group:		Libraries
 Source0:	ftp://ftp.cyrusimap.org/cyrus-sasl/%{name}-%{version}.tar.gz
@@ -53,6 +53,9 @@
 Patch14:	%{name}-ac-libs.patch
 Patch15:	%{name}-pam.patch
 Patch16:	%{name}-gssapi_ext.patch
+Patch17:	0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
+Patch18:	0033-fix_segfault_in_GSSAPI.patch
+Patch19:	0034-fix_dovecot_authentication.patch
 URL:		http://asg.web.cmu.edu/sasl/
 BuildRequires:	autoconf >= 2.54
 BuildRequires:	automake >= 1:1.7
@@ -483,6 +486,9 @@
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
 
 cd doc
 echo "cyrus-sasl complies with the following RFCs:" > rfc-compliance
@@ -749,6 +755,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.211  2011/09/29 09:38:40  baggins
+- rel 3
+- gssapi and dovecot auth fixes from debian
+
 Revision 1.210  2011/09/17 12:05:54  qboosh
 - updated ac-libs patch wrt. sqlite3 support
 - release 2

================================================================
Index: packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
diff -u /dev/null packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch:1.1
--- /dev/null	Thu Sep 29 11:38:45 2011
+++ packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch	Thu Sep 29 11:38:40 2011
@@ -0,0 +1,15 @@
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -1480,10 +1480,10 @@ static int gssapi_client_mech_step(void
+ 	}
+ 
+ 	/* Setup req_flags properly */
+-	req_flags = GSS_C_INTEG_FLAG;
++	req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ 	if (params->props.max_ssf > params->external_ssf) {
+ 	    /* We are requesting a security layer */
+-	    req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++	    req_flags |= GSS_C_INTEG_FLAG;
+ 	    /* Any SSF bigger than 1 is confidentiality. */
+ 	    /* Let's check if the client of the API requires confidentiality,
+ 	       and it wasn't already provided by an external layer */

================================================================
Index: packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch
diff -u /dev/null packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch:1.1
--- /dev/null	Thu Sep 29 11:38:45 2011
+++ packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch	Thu Sep 29 11:38:40 2011
@@ -0,0 +1,25 @@
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const str
+     }
+     
+     if (output_token->value && output) {
+-	unsigned char * p = (unsigned char *) text->encode_buf;
++	int len;
+ 	
+ 	ret = _plug_buf_alloc(text->utils,
+ 			      &(text->encode_buf),
+@@ -384,11 +384,8 @@ sasl_gss_encode(void *context, const str
+ 	    return ret;
+ 	}
+ 	
+-	p[0] = (output_token->length>>24) & 0xFF;
+-	p[1] = (output_token->length>>16) & 0xFF;
+-	p[2] = (output_token->length>>8) & 0xFF;
+-	p[3] = output_token->length & 0xFF;
+-
++	len = htonl(output_token->length);
++	memcpy(text->encode_buf, &len, 4);
+ 	memcpy(text->encode_buf + 4, output_token->value, output_token->length);
+     }
+     

================================================================
Index: packages/cyrus-sasl/0034-fix_dovecot_authentication.patch
diff -u /dev/null packages/cyrus-sasl/0034-fix_dovecot_authentication.patch:1.1
--- /dev/null	Thu Sep 29 11:38:45 2011
+++ packages/cyrus-sasl/0034-fix_dovecot_authentication.patch	Thu Sep 29 11:38:40 2011
@@ -0,0 +1,92 @@
+--- a/saslauthd/auth_rimap.c
++++ b/saslauthd/auth_rimap.c
+@@ -1,3 +1,4 @@
++
+ /* MODULE: auth_rimap */
+ 
+ /* COPYRIGHT
+@@ -367,6 +368,30 @@ auth_rimap (
+     alarm(NETWORK_IO_TIMEOUT);
+     rc = read(s, rbuf, sizeof(rbuf));
+     alarm(0);
++    if ( rc>0 ) {
++        /* check if there is more to read */
++        fd_set         perm;
++        int            fds, ret;
++        struct timeval timeout;
++
++        FD_ZERO(&perm);
++        FD_SET(s, &perm);
++        fds = s +1;
++
++        timeout.tv_sec  = 1;
++        timeout.tv_usec = 0;
++        while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
++           if ( FD_ISSET(s, &perm) ) {
++              ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
++              if ( ret<0 ) {
++                 rc = ret;
++                 break;
++              } else {
++                 rc += ret;
++              }
++           }
++        }
++    }
+     if (rc == -1) {
+ 	syslog(LOG_WARNING, "auth_rimap: read (banner): %m");
+ 	(void) close(s);
+@@ -456,6 +481,30 @@ auth_rimap (
+     alarm(NETWORK_IO_TIMEOUT);
+     rc = read(s, rbuf, sizeof(rbuf));
+     alarm(0);
++    if ( rc>0 ) {
++        /* check if there is more to read */
++        fd_set         perm;
++        int            fds, ret;
++        struct timeval timeout;
++
++        FD_ZERO(&perm);
++        FD_SET(s, &perm);
++        fds = s +1;
++
++        timeout.tv_sec  = 1;
++        timeout.tv_usec = 0;
++        while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
++           if ( FD_ISSET(s, &perm) ) {
++              ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
++              if ( ret<0 ) {
++                 rc = ret;
++                 break;
++              } else {
++                 rc += ret;
++              }
++           }
++        }
++    }
+     (void) close(s);			/* we're done with the remote */
+     if (rc == -1) {
+ 	syslog(LOG_WARNING, "auth_rimap: read (response): %m");
+--- a/lib/checkpw.c
++++ b/lib/checkpw.c
+@@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de
+ 	    /* Timeout. */
+ 	    errno = ETIMEDOUT;
+ 	    return -1;
+-	case +1:
+-	    if (FD_ISSET(fd, &rfds)) {
+-		/* Success, file descriptor is readable. */
+-		return 0;
+-	    }
+-	    return -1;
+ 	case -1:
+ 	    if (errno == EINTR || errno == EAGAIN)
+ 		continue;
+ 	default:
++	    if (FD_ISSET(fd, &rfds)) {
++		/* Success, file descriptor is readable. */
++		return 0;
++	    }
+ 	    /* Error catch-all. */
+ 	    return -1;
+ 	}
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/cyrus-sasl/cyrus-sasl.spec?r1=1.210&r2=1.211&f=u

More information about the pld-cvs-commit mailing list