packages: cyrus-sasl/cyrus-sasl.spec, cyrus-sasl/0032-revert_1.103_revision...
baggins
baggins at pld-linux.org
Thu Sep 29 11:38:45 CEST 2011
Author: baggins Date: Thu Sep 29 09:38:45 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 3
- gssapi and dovecot auth fixes from debian
---- Files affected:
packages/cyrus-sasl:
cyrus-sasl.spec (1.210 -> 1.211) , 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch (NONE -> 1.1) (NEW), 0033-fix_segfault_in_GSSAPI.patch (NONE -> 1.1) (NEW), 0034-fix_dovecot_authentication.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/cyrus-sasl/cyrus-sasl.spec
diff -u packages/cyrus-sasl/cyrus-sasl.spec:1.210 packages/cyrus-sasl/cyrus-sasl.spec:1.211
--- packages/cyrus-sasl/cyrus-sasl.spec:1.210 Sat Sep 17 14:05:54 2011
+++ packages/cyrus-sasl/cyrus-sasl.spec Thu Sep 29 11:38:40 2011
@@ -26,7 +26,7 @@
Summary(uk.UTF-8): Бібліотека Cyrus SASL
Name: cyrus-sasl
Version: 2.1.25
-Release: 2
+Release: 3
License: distributable
Group: Libraries
Source0: ftp://ftp.cyrusimap.org/cyrus-sasl/%{name}-%{version}.tar.gz
@@ -53,6 +53,9 @@
Patch14: %{name}-ac-libs.patch
Patch15: %{name}-pam.patch
Patch16: %{name}-gssapi_ext.patch
+Patch17: 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
+Patch18: 0033-fix_segfault_in_GSSAPI.patch
+Patch19: 0034-fix_dovecot_authentication.patch
URL: http://asg.web.cmu.edu/sasl/
BuildRequires: autoconf >= 2.54
BuildRequires: automake >= 1:1.7
@@ -483,6 +486,9 @@
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
cd doc
echo "cyrus-sasl complies with the following RFCs:" > rfc-compliance
@@ -749,6 +755,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.211 2011/09/29 09:38:40 baggins
+- rel 3
+- gssapi and dovecot auth fixes from debian
+
Revision 1.210 2011/09/17 12:05:54 qboosh
- updated ac-libs patch wrt. sqlite3 support
- release 2
================================================================
Index: packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
diff -u /dev/null packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch:1.1
--- /dev/null Thu Sep 29 11:38:45 2011
+++ packages/cyrus-sasl/0032-revert_1.103_revision_to_unbreak_GSSAPI.patch Thu Sep 29 11:38:40 2011
@@ -0,0 +1,15 @@
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -1480,10 +1480,10 @@ static int gssapi_client_mech_step(void
+ }
+
+ /* Setup req_flags properly */
+- req_flags = GSS_C_INTEG_FLAG;
++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ if (params->props.max_ssf > params->external_ssf) {
+ /* We are requesting a security layer */
+- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++ req_flags |= GSS_C_INTEG_FLAG;
+ /* Any SSF bigger than 1 is confidentiality. */
+ /* Let's check if the client of the API requires confidentiality,
+ and it wasn't already provided by an external layer */
================================================================
Index: packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch
diff -u /dev/null packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch:1.1
--- /dev/null Thu Sep 29 11:38:45 2011
+++ packages/cyrus-sasl/0033-fix_segfault_in_GSSAPI.patch Thu Sep 29 11:38:40 2011
@@ -0,0 +1,25 @@
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const str
+ }
+
+ if (output_token->value && output) {
+- unsigned char * p = (unsigned char *) text->encode_buf;
++ int len;
+
+ ret = _plug_buf_alloc(text->utils,
+ &(text->encode_buf),
+@@ -384,11 +384,8 @@ sasl_gss_encode(void *context, const str
+ return ret;
+ }
+
+- p[0] = (output_token->length>>24) & 0xFF;
+- p[1] = (output_token->length>>16) & 0xFF;
+- p[2] = (output_token->length>>8) & 0xFF;
+- p[3] = output_token->length & 0xFF;
+-
++ len = htonl(output_token->length);
++ memcpy(text->encode_buf, &len, 4);
+ memcpy(text->encode_buf + 4, output_token->value, output_token->length);
+ }
+
================================================================
Index: packages/cyrus-sasl/0034-fix_dovecot_authentication.patch
diff -u /dev/null packages/cyrus-sasl/0034-fix_dovecot_authentication.patch:1.1
--- /dev/null Thu Sep 29 11:38:45 2011
+++ packages/cyrus-sasl/0034-fix_dovecot_authentication.patch Thu Sep 29 11:38:40 2011
@@ -0,0 +1,92 @@
+--- a/saslauthd/auth_rimap.c
++++ b/saslauthd/auth_rimap.c
+@@ -1,3 +1,4 @@
++
+ /* MODULE: auth_rimap */
+
+ /* COPYRIGHT
+@@ -367,6 +368,30 @@ auth_rimap (
+ alarm(NETWORK_IO_TIMEOUT);
+ rc = read(s, rbuf, sizeof(rbuf));
+ alarm(0);
++ if ( rc>0 ) {
++ /* check if there is more to read */
++ fd_set perm;
++ int fds, ret;
++ struct timeval timeout;
++
++ FD_ZERO(&perm);
++ FD_SET(s, &perm);
++ fds = s +1;
++
++ timeout.tv_sec = 1;
++ timeout.tv_usec = 0;
++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
++ if ( FD_ISSET(s, &perm) ) {
++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
++ if ( ret<0 ) {
++ rc = ret;
++ break;
++ } else {
++ rc += ret;
++ }
++ }
++ }
++ }
+ if (rc == -1) {
+ syslog(LOG_WARNING, "auth_rimap: read (banner): %m");
+ (void) close(s);
+@@ -456,6 +481,30 @@ auth_rimap (
+ alarm(NETWORK_IO_TIMEOUT);
+ rc = read(s, rbuf, sizeof(rbuf));
+ alarm(0);
++ if ( rc>0 ) {
++ /* check if there is more to read */
++ fd_set perm;
++ int fds, ret;
++ struct timeval timeout;
++
++ FD_ZERO(&perm);
++ FD_SET(s, &perm);
++ fds = s +1;
++
++ timeout.tv_sec = 1;
++ timeout.tv_usec = 0;
++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
++ if ( FD_ISSET(s, &perm) ) {
++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
++ if ( ret<0 ) {
++ rc = ret;
++ break;
++ } else {
++ rc += ret;
++ }
++ }
++ }
++ }
+ (void) close(s); /* we're done with the remote */
+ if (rc == -1) {
+ syslog(LOG_WARNING, "auth_rimap: read (response): %m");
+--- a/lib/checkpw.c
++++ b/lib/checkpw.c
+@@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de
+ /* Timeout. */
+ errno = ETIMEDOUT;
+ return -1;
+- case +1:
+- if (FD_ISSET(fd, &rfds)) {
+- /* Success, file descriptor is readable. */
+- return 0;
+- }
+- return -1;
+ case -1:
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+ default:
++ if (FD_ISSET(fd, &rfds)) {
++ /* Success, file descriptor is readable. */
++ return 0;
++ }
+ /* Error catch-all. */
+ return -1;
+ }
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/cyrus-sasl/cyrus-sasl.spec?r1=1.210&r2=1.211&f=u
More information about the pld-cvs-commit
mailing list